search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Revert "TODO epan/dissectors/asn1/kerberos/packet-kerberos-template.c new GSS flags"
[wireshark-sm.git] / epan / dissectors / packet-ip.c
blob2a08209e8067ba5ff34703470f42bcc994515440
1 /* packet-ip.c
2 * Routines for IP and miscellaneous IP protocol packet disassembly
3 *
4 * Wireshark - Network traffic analyzer
5 * By Gerald Combs <gerald@wireshark.org>
6 * Copyright 1998 Gerald Combs
7 *
8 * Wednesday, January 17, 2006
9 * Support for the CIPSO IPv4 option
10 * (http://sourceforge.net/docman/display_doc.php?docid=34650&group_id=174379)
11 * by Paul Moore <paul.moore@hp.com>
12 *
13 * SPDX-License-Identifier: GPL-2.0-or-later
14 */
15
16 #include "config.h"
17
18 #include <epan/packet.h>
19 #include <epan/capture_dissectors.h>
20 #include <epan/addr_resolv.h>
21 #include <epan/maxmind_db.h>
22 #include <epan/ipproto.h>
23 #include <epan/expert.h>
24 #include <epan/ip_opts.h>
25 #include <epan/prefs.h>
26 #include <epan/conversation_table.h>
27 #include <epan/conversation_filter.h>
28 #include <epan/reassemble.h>
29 #include <epan/etypes.h>
30 #include <epan/ppptypes.h>
31 #include <epan/llcsaps.h>
32 #include <epan/aftypes.h>
33 #include <epan/arcnet_pids.h>
34 #include <epan/in_cksum.h>
35 #include <epan/nlpid.h>
36 #include <epan/ax25_pids.h>
37 #include <epan/decode_as.h>
38 #include <epan/proto_data.h>
39 #include <epan/exported_pdu.h>
40 #include <epan/tfs.h>
41 #include <wsutil/array.h>
42 #include <wiretap/erf_record.h>
43 #include <wsutil/str_util.h>
44
45 #include "packet-ip.h"
46 #include "packet-juniper.h"
47 #include "packet-sflow.h"
48 #include "packet-gre.h"
49 #include "packet-l2tp.h"
50 #include "packet-vxlan.h"
51 #include "packet-mpls.h"
52 #include "packet-nsh.h"
53 #include "packet-eth.h"
54
55 void proto_register_ip(void);
56 void proto_reg_handoff_ip(void);
57
58 static int ip_tap;
59
60 static int exported_pdu_tap;
61
62 /* Decode the old IPv4 TOS field as the DiffServ DS Field (RFC2474/2475) */
63 static bool g_ip_dscp_actif = true;
64
65 /* Defragment fragmented IP datagrams */
66 static bool ip_defragment = true;
67
68 /* Place IP summary in proto tree */
69 static bool ip_summary_in_tree = true;
70
71 /* Perform IP checksum */
72 static bool ip_check_checksum;
73
74 /* Assume TSO and correct zero-length IP packets */
75 static bool ip_tso_supported = true;
76
77 /* Use heuristics to determine subdissector */
78 static bool try_heuristic_first;
79
80 /* Interpret the reserved flag as security flag (RFC 3514) */
81 static bool ip_security_flag;
82
83 /* Assign unique stream numbers to each IP conversation. This increases
84 * resource use (CPU and memory) because of having to lookup and create
85 * conversations.
86 */
87 static bool ip_track_conv_id = true;
88
89 /* Aggregate subnets in Statistics Endpoints/Conversations Dialogs
90 * defaults to false to not impact resources
91 */
92 static bool ip_conv_agg_flag = false;
93
94 static int proto_ip;
95
96 static int proto_ip_option_eol;
97 static int proto_ip_option_nop;
98 static int proto_ip_option_security;
99 static int proto_ip_option_route;
100 static int proto_ip_option_timestamp;
101 static int proto_ip_option_ext_security;
102 static int proto_ip_option_cipso;
103 static int proto_ip_option_record_route;
104 static int proto_ip_option_sid;
105 static int proto_ip_option_source_route;
106 static int proto_ip_option_mtu_probe;
107 static int proto_ip_option_mtu_reply;
108 static int proto_ip_option_traceroute;
109 static int proto_ip_option_routeralert;
110 static int proto_ip_option_sdb;
111 static int proto_ip_option_qs;
112 static int hf_ip_version;
113 static int hf_ip_hdr_len;
114 static int hf_ip_dsfield;
115 static int hf_ip_dsfield_dscp;
116 static int hf_ip_dsfield_ecn;
117 static int hf_ip_tos;
118 static int hf_ip_tos_precedence;
119 static int hf_ip_tos_delay;
120 static int hf_ip_tos_throughput;
121 static int hf_ip_tos_reliability;
122 static int hf_ip_tos_cost;
123 static int hf_ip_len;
124 static int hf_ip_id;
125 static int hf_ip_dst;
126 static int hf_ip_dst_host;
127 static int hf_ip_src;
128 static int hf_ip_src_host;
129 static int hf_ip_addr;
130 static int hf_ip_host;
131 static int hf_ip_flags;
132 static int hf_ip_flags_sf;
133 static int hf_ip_flags_rf;
134 static int hf_ip_flags_df;
135 static int hf_ip_flags_mf;
136 static int hf_ip_frag_offset;
137 static int hf_ip_ttl;
138 static int hf_ip_proto;
139 static int hf_ip_checksum;
140 static int hf_ip_checksum_calculated;
141 static int hf_ip_checksum_status;
142 static int hf_ip_stream;
143
144 /* IP option fields */
145 static int hf_ip_opt_type;
146 static int hf_ip_opt_type_copy;
147 static int hf_ip_opt_type_class;
148 static int hf_ip_opt_type_number;
149 static int hf_ip_opt_len;
150 static int hf_ip_opt_ptr;
151 static int hf_ip_opt_sid;
152 static int hf_ip_opt_mtu;
153 static int hf_ip_opt_id_number;
154 static int hf_ip_opt_ohc;
155 static int hf_ip_opt_rhc;
156 static int hf_ip_opt_originator;
157 static int hf_ip_opt_ra;
158 static int hf_ip_opt_addr;
159 static int hf_ip_opt_padding;
160 static int hf_ip_opt_qs_func;
161 static int hf_ip_opt_qs_rate;
162 static int hf_ip_opt_qs_ttl;
163 static int hf_ip_opt_qs_ttl_diff;
164 static int hf_ip_opt_qs_unused;
165 static int hf_ip_opt_qs_nonce;
166 static int hf_ip_opt_qs_reserved;
167 static int hf_ip_opt_sec_rfc791_sec;
168 static int hf_ip_opt_sec_rfc791_comp;
169 static int hf_ip_opt_sec_rfc791_hr;
170 static int hf_ip_opt_sec_rfc791_tcc;
171 static int hf_ip_opt_sec_cl;
172 static int hf_ip_opt_sec_prot_auth_flags;
173 static int hf_ip_opt_sec_prot_auth_genser;
174 static int hf_ip_opt_sec_prot_auth_siop_esi;
175 static int hf_ip_opt_sec_prot_auth_sci;
176 static int hf_ip_opt_sec_prot_auth_nsa;
177 static int hf_ip_opt_sec_prot_auth_doe;
178 static int hf_ip_opt_sec_prot_auth_unassigned;
179 static int hf_ip_opt_sec_prot_auth_unassigned2;
180 static int hf_ip_opt_sec_prot_auth_fti;
181 static int hf_ip_opt_ext_sec_add_sec_info_format_code;
182 static int hf_ip_opt_ext_sec_add_sec_info;
183 static int hf_ip_rec_rt;
184 static int hf_ip_rec_rt_host;
185 static int hf_ip_cur_rt;
186 static int hf_ip_cur_rt_host;
187 static int hf_ip_src_rt;
188 static int hf_ip_src_rt_host;
189 static int hf_ip_empty_rt;
190 static int hf_ip_empty_rt_host;
191 static int hf_ip_cipso_tag_type;
192
193 static int hf_ip_fragments;
194 static int hf_ip_fragment;
195 static int hf_ip_fragment_overlap;
196 static int hf_ip_fragment_overlap_conflict;
197 static int hf_ip_fragment_multiple_tails;
198 static int hf_ip_fragment_too_long_fragment;
199 static int hf_ip_fragment_error;
200 static int hf_ip_fragment_count;
201 static int hf_ip_reassembled_in;
202 static int hf_ip_reassembled_length;
203 static int hf_ip_reassembled_data;
204
205 /* Generated from convert_proto_tree_add_text.pl */
206 static int hf_ip_opt_flag;
207 static int hf_ip_opt_overflow;
208 static int hf_ip_cipso_tag_data;
209 static int hf_ip_cipso_sensitivity_level;
210 static int hf_ip_cipso_categories;
211 static int hf_ip_cipso_doi;
212 static int hf_ip_opt_time_stamp;
213 static int hf_ip_opt_time_stamp_addr;
214
215 static int hf_geoip_country;
216 static int hf_geoip_country_iso;
217 static int hf_geoip_city;
218 static int hf_geoip_as_number;
219 static int hf_geoip_as_org;
220 static int hf_geoip_latitude;
221 static int hf_geoip_longitude;
222 static int hf_geoip_src_summary;
223 static int hf_geoip_src_country;
224 static int hf_geoip_src_country_iso;
225 static int hf_geoip_src_city;
226 static int hf_geoip_src_as_number;
227 static int hf_geoip_src_as_org;
228 static int hf_geoip_src_latitude;
229 static int hf_geoip_src_longitude;
230 static int hf_geoip_dst_summary;
231 static int hf_geoip_dst_country;
232 static int hf_geoip_dst_country_iso;
233 static int hf_geoip_dst_city;
234 static int hf_geoip_dst_as_number;
235 static int hf_geoip_dst_as_org;
236 static int hf_geoip_dst_latitude;
237 static int hf_geoip_dst_longitude;
238
239 static int ett_ip;
240 static int ett_ip_dsfield;
241 static int ett_ip_tos;
242 static int ett_ip_flags;
243 static int ett_ip_options;
244 static int ett_ip_option_eool;
245 static int ett_ip_option_nop;
246 static int ett_ip_option_sec;
247 static int ett_ip_option_route;
248 static int ett_ip_option_timestamp;
249 static int ett_ip_option_ext_security;
250 static int ett_ip_option_cipso;
251 static int ett_ip_option_sid;
252 static int ett_ip_option_mtu;
253 static int ett_ip_option_tr;
254 static int ett_ip_option_ra;
255 static int ett_ip_option_sdb;
256 static int ett_ip_option_qs;
257 static int ett_ip_option_other;
258 static int ett_ip_fragments;
259 static int ett_ip_fragment;
260 static int ett_ip_opt_type;
261 static int ett_ip_opt_sec_prot_auth_flags;
262 static int ett_ip_unknown_opt;
263
264 static expert_field ei_ip_opt_len_invalid;
265 static expert_field ei_ip_opt_deprecated;
266 static expert_field ei_ip_opt_sec_prot_auth_fti;
267 static expert_field ei_ip_extraneous_data;
268 static expert_field ei_ip_opt_ptr_before_address;
269 static expert_field ei_ip_opt_ptr_middle_address;
270 static expert_field ei_ip_subopt_too_long;
271 static expert_field ei_ip_nop;
272 static expert_field ei_ip_bogus_ip_length;
273 static expert_field ei_ip_evil_packet;
274 static expert_field ei_ip_checksum_bad;
275 static expert_field ei_ip_ttl_lncb;
276 static expert_field ei_ip_ttl_too_small;
277 static expert_field ei_ip_cipso_tag;
278 static expert_field ei_ip_bogus_ip_version;
279 static expert_field ei_ip_bogus_header_length;
280
281 static dissector_handle_t ip_handle;
282 static dissector_table_t ip_option_table;
283
284 static int ett_geoip_info;
285
286 static uint32_t ip_stream_count;
287
288 static const fragment_items ip_frag_items = {
289 &ett_ip_fragment,
290 &ett_ip_fragments,
291 &hf_ip_fragments,
292 &hf_ip_fragment,
293 &hf_ip_fragment_overlap,
294 &hf_ip_fragment_overlap_conflict,
295 &hf_ip_fragment_multiple_tails,
296 &hf_ip_fragment_too_long_fragment,
297 &hf_ip_fragment_error,
298 &hf_ip_fragment_count,
299 &hf_ip_reassembled_in,
300 &hf_ip_reassembled_length,
301 &hf_ip_reassembled_data,
302 "IPv4 fragments"
303 };
304
305 static heur_dissector_list_t heur_subdissector_list;
306
307 static dissector_table_t ip_dissector_table;
308
309 static dissector_handle_t ipv6_handle;
310 static capture_dissector_handle_t ip_cap_handle;
311
312
313 /* IP structs and definitions */
314
315 const value_string ip_version_vals[] = {
316 { IP_VERSION_NUM_RESERVED, "Reserved" },
317 { IP_VERSION_NUM_INET, "IPv4" },
318 { IP_VERSION_NUM_ST, "ST Datagram" },
319 { IP_VERSION_NUM_INET6, "IPv6" },
320 { IP_VERSION_NUM_TPIX, "TP/IX" },
321 { IP_VERSION_NUM_PIP, "PIP" },
322 { IP_VERSION_NUM_TUBA, "TUBA" },
323 { 0, NULL },
324 };
325
326 /* Offsets of fields within an IP header. */
327 #define IPH_V_HL 0
328 #define IPH_TOS 1
329 #define IPH_LEN 2
330 #define IPH_ID 4
331 #define IPH_TTL 6
332 #define IPH_OFF 8
333 #define IPH_P 9
334 #define IPH_SUM 10
335 #define IPH_SRC 12
336 #define IPH_DST 16
337
338 /* Minimum IP header length. */
339 #define IPH_MIN_LEN 20
340
341 /* IP flags. */
342 #define IP_RF 0x8000 /* Flag: "Reserved bit" */
343 #define IP_DF 0x4000 /* Flag: "Don't Fragment" */
344 #define IP_MF 0x2000 /* Flag: "More Fragments" */
345 #define IP_OFFSET 0x1FFF /* "Fragment Offset" part */
346
347 /* Differentiated Services Field. See RFCs 2474, 2597, 2598 and 3168. */
348 #define IPDSFIELD_DSCP_DEFAULT 0x00
349 #define IPDSFIELD_DSCP_LE 0x01
350 #define IPDSFIELD_DSCP_CS1 0x08
351 #define IPDSFIELD_DSCP_AF11 0x0A
352 #define IPDSFIELD_DSCP_AF12 0x0C
353 #define IPDSFIELD_DSCP_AF13 0x0E
354 #define IPDSFIELD_DSCP_CS2 0x10
355 #define IPDSFIELD_DSCP_AF21 0x12
356 #define IPDSFIELD_DSCP_AF22 0x14
357 #define IPDSFIELD_DSCP_AF23 0x16
358 #define IPDSFIELD_DSCP_CS3 0x18
359 #define IPDSFIELD_DSCP_AF31 0x1A
360 #define IPDSFIELD_DSCP_AF32 0x1C
361 #define IPDSFIELD_DSCP_AF33 0x1E
362 #define IPDSFIELD_DSCP_CS4 0x20
363 #define IPDSFIELD_DSCP_AF41 0x22
364 #define IPDSFIELD_DSCP_AF42 0x24
365 #define IPDSFIELD_DSCP_AF43 0x26
366 #define IPDSFIELD_DSCP_CS5 0x28
367 #define IPDSFIELD_VOICE_ADMIT 0x2C
368 #define IPDSFIELD_DSCP_EF 0x2E
369 #define IPDSFIELD_DSCP_CS6 0x30
370 #define IPDSFIELD_DSCP_CS7 0x38
371
372 #define IPDSFIELD_ECT_NOT 0x00
373 #define IPDSFIELD_ECT_1 0x01
374 #define IPDSFIELD_ECT_0 0x02
375 #define IPDSFIELD_CE 0x03
376
377 /* IP TOS, superseded by the DS Field, RFC 2474. */
378 #define IPTOS_TOS_MASK 0x1E
379 #define IPTOS_TOS(tos) ((tos) & IPTOS_TOS_MASK)
380 #define IPTOS_NONE 0x00
381 #define IPTOS_LOWCOST 0x02
382 #define IPTOS_RELIABILITY 0x04
383 #define IPTOS_THROUGHPUT 0x08
384 #define IPTOS_LOWDELAY 0x10
385 #define IPTOS_SECURITY 0x1E
386
387 #define IPTOS_PREC_MASK 0xE0
388 #define IPTOS_PREC_SHIFT 5
389 #define IPTOS_PREC(tos) (((tos)&IPTOS_PREC_MASK)>>IPTOS_PREC_SHIFT)
390 #define IPTOS_PREC_NETCONTROL 7
391 #define IPTOS_PREC_INTERNETCONTROL 6
392 #define IPTOS_PREC_CRITIC_ECP 5
393 #define IPTOS_PREC_FLASHOVERRIDE 4
394 #define IPTOS_PREC_FLASH 3
395 #define IPTOS_PREC_IMMEDIATE 2
396 #define IPTOS_PREC_PRIORITY 1
397 #define IPTOS_PREC_ROUTINE 0
398
399 /* IP options */
400 #define IPOPT_COPY 0x80
401
402 #define IPOPT_CONTROL 0x00
403 #define IPOPT_RESERVED1 0x20
404 #define IPOPT_MEASUREMENT 0x40
405 #define IPOPT_RESERVED2 0x60
406
407 /* REF: http://www.iana.org/assignments/ip-parameters */
408 /* TODO: Not all of these are implemented, especially those
409 * deprecated by RFC 6814. */
410 #define IPOPT_EOOL (0 |IPOPT_CONTROL)
411 #define IPOPT_NOP (1 |IPOPT_CONTROL)
412 #define IPOPT_SEC (2 |IPOPT_COPY|IPOPT_CONTROL) /* RFC 791/1108 */
413 #define IPOPT_LSR (3 |IPOPT_COPY|IPOPT_CONTROL)
414 #define IPOPT_TS (4 |IPOPT_MEASUREMENT)
415 #define IPOPT_ESEC (5 |IPOPT_COPY|IPOPT_CONTROL) /* RFC 1108 */
416 #define IPOPT_CIPSO (6 |IPOPT_COPY|IPOPT_CONTROL) /* draft-ietf-cipso-ipsecurity-01 */
417 #define IPOPT_RR (7 |IPOPT_CONTROL)
418 #define IPOPT_SID (8 |IPOPT_COPY|IPOPT_CONTROL) /* Deprecated */
419 #define IPOPT_SSR (9 |IPOPT_COPY|IPOPT_CONTROL)
420 #define IPOPT_ZSU (10|IPOPT_CONTROL) /* Zsu */
421 #define IPOPT_MTUP (11|IPOPT_CONTROL) /* RFC 1063 */
422 #define IPOPT_MTUR (12|IPOPT_CONTROL) /* RFC 1063 */
423 #define IPOPT_FINN (13|IPOPT_COPY|IPOPT_MEASUREMENT) /* Finn */
424 #define IPOPT_VISA (14|IPOPT_COPY|IPOPT_CONTROL) /* Estrin; Deprecated */
425 #define IPOPT_ENCODE (15|IPOPT_CONTROL) /* VerSteeg; Deprecated */
426 #define IPOPT_IMITD (16|IPOPT_COPY|IPOPT_CONTROL) /* Lee */
427 #define IPOPT_EIP (17|IPOPT_COPY|IPOPT_CONTROL) /* RFC 1385; Deprecated */
428 #define IPOPT_TR (18|IPOPT_MEASUREMENT) /* RFC 1393; Deprecated */
429 #define IPOPT_ADDEXT (19|IPOPT_COPY|IPOPT_CONTROL) /* Ullmann IPv7; Deprecated */
430 #define IPOPT_RTRALT (20|IPOPT_COPY|IPOPT_CONTROL) /* RFC 2113 */
431 #define IPOPT_SDB (21|IPOPT_COPY|IPOPT_CONTROL) /* RFC 1770 Graff; Deprecated */
432 #define IPOPT_UN (22|IPOPT_COPY|IPOPT_CONTROL) /* Released 18-Oct-2005 */
433 #define IPOPT_DPS (23|IPOPT_COPY|IPOPT_CONTROL) /* Malis; Deprecated */
434 #define IPOPT_UMP (24|IPOPT_COPY|IPOPT_CONTROL) /* Farinacci; Deprecated */
435 #define IPOPT_QS (25|IPOPT_CONTROL) /* RFC 4782 */
436 #define IPOPT_EXP (30|IPOPT_CONTROL) /* RFC 4727 */
437
438
439 /* IP option lengths */
440 #define IPOLEN_SEC_MIN 3
441 #define IPOLEN_LSR_MIN 3
442 #define IPOLEN_TS_MIN 4
443 #define IPOLEN_ESEC_MIN 3
444 #define IPOLEN_CIPSO_MIN 10
445 #define IPOLEN_RR_MIN 3
446 #define IPOLEN_SID 4
447 #define IPOLEN_SSR_MIN 3
448 #define IPOLEN_MTU 4
449 #define IPOLEN_TR 12
450 #define IPOLEN_RA 4
451 #define IPOLEN_SDB_MIN 6
452 #define IPOLEN_QS 8
453 #define IPOLEN_MAX 40
454
455 #define IPSEC_RFC791_UNCLASSIFIED 0x0000
456 #define IPSEC_RFC791_CONFIDENTIAL 0xF135
457 #define IPSEC_RFC791_EFTO 0x789A
458 #define IPSEC_RFC791_MMMM 0xBC4D
459 #define IPSEC_RFC791_PROG 0x5E26
460 #define IPSEC_RFC791_RESTRICTED 0xAF13
461 #define IPSEC_RFC791_SECRET 0xD788
462 #define IPSEC_RFC791_TOPSECRET 0x6BC5
463 #define IPSEC_RFC791_RESERVED1 0x35E2
464 #define IPSEC_RFC791_RESERVED2 0x9AF1
465 #define IPSEC_RFC791_RESERVED3 0x4D78
466 #define IPSEC_RFC791_RESERVED4 0x24BD
467 #define IPSEC_RFC791_RESERVED5 0x135E
468 #define IPSEC_RFC791_RESERVED6 0x89AF
469 #define IPSEC_RFC791_RESERVED7 0xC4D6
470 #define IPSEC_RFC791_RESERVED8 0xE26B
471
472 #define IPSEC_RESERVED4 0x01
473 #define IPSEC_TOPSECRET 0x3D
474 #define IPSEC_SECRET 0x5A
475 #define IPSEC_CONFIDENTIAL 0x96
476 #define IPSEC_RESERVED3 0x66
477 #define IPSEC_RESERVED2 0xCC
478 #define IPSEC_UNCLASSIFIED 0xAB
479 #define IPSEC_RESERVED1 0xF1
480
481 #define IPOPT_TS_TSONLY 0 /* timestamps only */
482 #define IPOPT_TS_TSANDADDR 1 /* timestamps and addresses */
483 #define IPOPT_TS_PRESPEC 3 /* specified modules only */
484
485 #define IPLOCAL_NETWRK_CTRL_BLK_VRRP_ADDR 0xE0000012
486 #define IPLOCAL_NETWRK_CTRL_BLK_VRRP_TTL 0xFF
487 #define IPLOCAL_NETWRK_CTRL_BLK_GLPB_ADDR 0xE0000066
488 #define IPLOCAL_NETWRK_CTRL_BLK_GLPB_TTL 0XFF
489 #define IPLOCAL_NETWRK_CTRL_BLK_MDNS_ADDR 0xE00000FB
490 #define IPLOCAL_NETWRK_CTRL_BLK_MDNS_TTL 0XFF
491 #define IPLOCAL_NETWRK_CTRL_BLK_LLMNR_ADDR 0xE00000FC
492
493 #define IPLOCAL_NETWRK_CTRL_BLK_ANY_TTL 0x1000 /* larger than max ttl */
494 #define IPLOCAL_NETWRK_CTRL_BLK_DEFAULT_TTL 0X01
495
496 static void ip_prompt(packet_info *pinfo, char* result)
497 {
498 snprintf(result, MAX_DECODE_AS_PROMPT_LEN, "IP protocol %u as",
499 GPOINTER_TO_UINT(p_get_proto_data(pinfo->pool, pinfo, proto_ip, pinfo->curr_layer_num)));
500 }
501
502 static void *ip_value(packet_info *pinfo)
503 {
504 return p_get_proto_data(pinfo->pool, pinfo, proto_ip, pinfo->curr_layer_num);
505 }
506
507 static const char* ip_conv_get_filter_type(conv_item_t* conv, conv_filter_type_e filter)
508 {
509 /* addr type is AT_STRINGZ for subnets, as it is a very flexible format
510 * XXX - create a new type when required, at this moment it's only used in
511 * conversation tables and is not justifed. See #19481.
512 */
513 if ((filter == CONV_FT_SRC_ADDRESS) && ((conv->src_address.type == AT_IPv4) ||
514 (conv->src_address.type == AT_STRINGZ)))
515 return "ip.src";
516
517 if ((filter == CONV_FT_DST_ADDRESS) && ((conv->dst_address.type == AT_IPv4) ||
518 (conv->dst_address.type == AT_STRINGZ)))
519 return "ip.dst";
520
521 if ((filter == CONV_FT_ANY_ADDRESS) && ((conv->src_address.type == AT_IPv4) ||
522 (conv->src_address.type == AT_STRINGZ)))
523 return "ip.addr";
524
525 return CONV_FILTER_INVALID;
526 }
527
528 static ct_dissector_info_t ip_ct_dissector_info = {&ip_conv_get_filter_type};
529
530 static tap_packet_status
531 ip_conversation_packet(void *pct, packet_info *pinfo, epan_dissect_t *edt _U_, const void *vip, tap_flags_t flags)
532 {
533 conv_hash_t *hash = (conv_hash_t*) pct;
534 hash->flags = flags;
535 const ws_ip4 *iph=(const ws_ip4 *)vip;
536
537 /* Try aggregating into subnets if asked so,
538 * if no subnets are found it will still end in calling xxx_with_conv_id()
539 */
540 if (!ip_track_conv_id) {
541 add_conversation_table_data(hash, &iph->ip_src, &iph->ip_dst, 0, 0, 1, pinfo->fd->pkt_len,
542 &pinfo->rel_ts, &pinfo->abs_ts, &ip_ct_dissector_info, CONVERSATION_IP);
543 } else if(ip_conv_agg_flag) {
544 add_conversation_table_data_ipv4_subnet(hash, &iph->ip_src, &iph->ip_dst, 0, 0, (conv_id_t)iph->ip_stream, 1, pinfo->fd->pkt_len,
545 &pinfo->rel_ts, &pinfo->abs_ts, &ip_ct_dissector_info, CONVERSATION_IP);
546 } else {
547 add_conversation_table_data_with_conv_id(hash, &iph->ip_src, &iph->ip_dst, 0, 0, (conv_id_t)iph->ip_stream, 1, pinfo->fd->pkt_len,
548 &pinfo->rel_ts, &pinfo->abs_ts, &ip_ct_dissector_info, CONVERSATION_IP);
549 }
550
551 return TAP_PACKET_REDRAW;
552 }
553
554 static const char* ip_endpoint_get_filter_type(endpoint_item_t* endpoint, conv_filter_type_e filter)
555 {
556 /* subnets: handled similarly to ip_conv_get_filter_type() */
557 if ((filter == CONV_FT_ANY_ADDRESS) && ((endpoint->myaddress.type == AT_IPv4) ||
558 (endpoint->myaddress.type == AT_STRINGZ)))
559 return "ip.addr";
560
561 return CONV_FILTER_INVALID;
562 }
563
564 static et_dissector_info_t ip_endpoint_dissector_info = {&ip_endpoint_get_filter_type};
565
566 static tap_packet_status
567 ip_endpoint_packet(void *pit, packet_info *pinfo, epan_dissect_t *edt _U_, const void *vip, tap_flags_t flags)
568 {
569 conv_hash_t *hash = (conv_hash_t*) pit;
570 hash->flags = flags;
571 const ws_ip4 *iph=(const ws_ip4 *)vip;
572
573 /* Take two "add" passes per packet, adding for each direction, ensures that all
574 packets are counted properly (even if address is sending to itself)
575 XXX - this could probably be done more efficiently inside endpoint_table */
576 if(ip_conv_agg_flag) {
577 add_endpoint_table_data_ipv4_subnet(hash, &iph->ip_src, 0, true, 1, pinfo->fd->pkt_len, &ip_endpoint_dissector_info, ENDPOINT_NONE);
578 add_endpoint_table_data_ipv4_subnet(hash, &iph->ip_dst, 0, false, 1, pinfo->fd->pkt_len, &ip_endpoint_dissector_info, ENDPOINT_NONE);
579 }
580 else {
581 add_endpoint_table_data(hash, &iph->ip_src, 0, true, 1, pinfo->fd->pkt_len, &ip_endpoint_dissector_info, ENDPOINT_NONE);
582 add_endpoint_table_data(hash, &iph->ip_dst, 0, false, 1, pinfo->fd->pkt_len, &ip_endpoint_dissector_info, ENDPOINT_NONE);
583 }
584 return TAP_PACKET_REDRAW;
585 }
586
587 static bool
588 ip_filter_valid(packet_info *pinfo, void *user_data _U_)
589 {
590 return proto_is_frame_protocol(pinfo->layers, "ip");
591 }
592
593 static char*
594 ip_build_filter(packet_info *pinfo, void *user_data _U_)
595 {
596 return ws_strdup_printf("ip.addr eq %s and ip.addr eq %s",
597 address_to_str(pinfo->pool, &pinfo->net_src),
598 address_to_str(pinfo->pool, &pinfo->net_dst));
599 }
600
601 /*
602 * defragmentation of IPv4
603 */
604 static reassembly_table ip_reassembly_table;
605
606 static bool
607 capture_ip(const unsigned char *pd, int offset, int len, capture_packet_info_t *cpinfo, const union wtap_pseudo_header *pseudo_header _U_) {
608 if (!BYTES_ARE_IN_FRAME(offset, len, IPH_MIN_LEN))
609 return false;
610
611 capture_dissector_increment_count(cpinfo, proto_ip);
612 return try_capture_dissector("ip.proto", pd[offset + 9], pd, offset+IPH_MIN_LEN, len, cpinfo, pseudo_header);
613 }
614
615 static void
616 add_geoip_info_entry(proto_tree *tree, packet_info *pinfo, tvbuff_t *tvb, int offset, ws_in4_addr ip, bool isdst)
617 {
618 const mmdb_lookup_t *lookup = maxmind_db_lookup_ipv4(&ip);
619 if (!lookup->found) return;
620
621 wmem_strbuf_t *summary = wmem_strbuf_new(pinfo->pool, "");
622 if (lookup->city) {
623 wmem_strbuf_append(summary, lookup->city);
624 }
625 if (lookup->country_iso) {
626 if (wmem_strbuf_get_len(summary) > 0) wmem_strbuf_append(summary, ", ");
627 wmem_strbuf_append(summary, lookup->country_iso);
628 } else if (lookup->country) {
629 if (wmem_strbuf_get_len(summary) > 0) wmem_strbuf_append(summary, ", ");
630 wmem_strbuf_append(summary, lookup->country);
631 }
632 if (lookup->as_number > 0) {
633 if (wmem_strbuf_get_len(summary) > 0) wmem_strbuf_append(summary, ", ");
634 wmem_strbuf_append_printf(summary, "ASN %u", lookup->as_number);
635 }
636 if (lookup->as_org) {
637 if (wmem_strbuf_get_len(summary) > 0) wmem_strbuf_append(summary, ", ");
638 wmem_strbuf_append(summary, lookup->as_org);
639 }
640
641 int addr_offset = offset + (isdst ? IPH_DST : IPH_SRC);
642 int dir_hf = isdst ? hf_geoip_dst_summary : hf_geoip_src_summary;
643 proto_item *geoip_info_item = proto_tree_add_string(tree, dir_hf, tvb, addr_offset, 4, wmem_strbuf_finalize(summary));
644 proto_item_set_generated(geoip_info_item);
645 proto_tree *geoip_info_tree = proto_item_add_subtree(geoip_info_item, ett_geoip_info);
646
647 proto_item *item;
648
649 if (lookup->city) {
650 dir_hf = isdst ? hf_geoip_dst_city : hf_geoip_src_city;
651 item = proto_tree_add_string(geoip_info_tree, dir_hf, tvb, addr_offset, 4, lookup->city);
652 proto_item_set_generated(item);
653 item = proto_tree_add_string(geoip_info_tree, hf_geoip_city, tvb, addr_offset, 4, lookup->city);
654 proto_item_set_generated(item);
655 }
656
657 if (lookup->country) {
658 dir_hf = isdst ? hf_geoip_dst_country : hf_geoip_src_country;
659 item = proto_tree_add_string(geoip_info_tree, dir_hf, tvb, addr_offset, 4, lookup->country);
660 proto_item_set_generated(item);
661 item = proto_tree_add_string(geoip_info_tree, hf_geoip_country, tvb, addr_offset, 4, lookup->country);
662 proto_item_set_generated(item);
663 }
664
665 if (lookup->country_iso) {
666 dir_hf = isdst ? hf_geoip_dst_country_iso : hf_geoip_src_country_iso;
667 item = proto_tree_add_string(geoip_info_tree, dir_hf, tvb, addr_offset, 4, lookup->country_iso);
668 proto_item_set_generated(item);
669 item = proto_tree_add_string(geoip_info_tree, hf_geoip_country_iso, tvb, addr_offset, 4, lookup->country_iso);
670 proto_item_set_generated(item);
671 }
672
673 if (lookup->as_number > 0) {
674 dir_hf = isdst ? hf_geoip_dst_as_number : hf_geoip_src_as_number;
675 item = proto_tree_add_uint(geoip_info_tree, dir_hf, tvb, addr_offset, 4, lookup->as_number);
676 proto_item_set_generated(item);
677 item = proto_tree_add_uint(geoip_info_tree, hf_geoip_as_number, tvb, addr_offset, 4, lookup->as_number);
678 proto_item_set_generated(item);
679 }
680
681 if (lookup->as_org) {
682 dir_hf = isdst ? hf_geoip_dst_as_org : hf_geoip_src_as_org;
683 item = proto_tree_add_string(geoip_info_tree, dir_hf, tvb, addr_offset, 4, lookup->as_org);
684 proto_item_set_generated(item);
685 item = proto_tree_add_string(geoip_info_tree, hf_geoip_as_org, tvb, addr_offset, 4, lookup->as_org);
686 proto_item_set_generated(item);
687 }
688
689 if (lookup->latitude >= -90.0 && lookup->latitude <= 90.0) {
690 dir_hf = isdst ? hf_geoip_dst_latitude : hf_geoip_src_latitude;
691 item = proto_tree_add_double(geoip_info_tree, dir_hf, tvb, addr_offset, 4, lookup->latitude);
692 proto_item_set_generated(item);
693 item = proto_tree_add_double(geoip_info_tree, hf_geoip_latitude, tvb, addr_offset, 4, lookup->latitude);
694 proto_item_set_generated(item);
695 }
696
697 if (lookup->longitude >= -180.0 && lookup->longitude <= 180.0) {
698 dir_hf = isdst ? hf_geoip_dst_longitude : hf_geoip_src_longitude;
699 item = proto_tree_add_double(geoip_info_tree, dir_hf, tvb, addr_offset, 4, lookup->longitude);
700 proto_item_set_generated(item);
701 item = proto_tree_add_double(geoip_info_tree, hf_geoip_longitude, tvb, addr_offset, 4, lookup->longitude);
702 proto_item_set_generated(item);
703 }
704 }
705
706 static void
707 add_geoip_info(proto_tree *tree, packet_info *pinfo, tvbuff_t *tvb, int offset, uint32_t src32,
708 uint32_t dst32)
709 {
710 add_geoip_info_entry(tree, pinfo, tvb, offset, g_htonl(src32), false);
711 add_geoip_info_entry(tree, pinfo, tvb, offset, g_htonl(dst32), true);
712 }
713
714 const value_string ipopt_type_class_vals[] = {
715 {(IPOPT_CONTROL & IPOPT_CLASS_MASK) >> 5, "Control"},
716 {(IPOPT_RESERVED1 & IPOPT_CLASS_MASK) >> 5, "Reserved for future use"},
717 {(IPOPT_MEASUREMENT & IPOPT_CLASS_MASK) >> 5, "Debugging and measurement"},
718 {(IPOPT_RESERVED2 & IPOPT_CLASS_MASK) >> 5, "Reserved for future use"},
719 {0, NULL}
720 };
721
722 const value_string ipopt_type_number_vals[] = {
723 {IPOPT_EOOL & IPOPT_NUMBER_MASK, "End of Option List (EOL)"},
724 {IPOPT_NOP & IPOPT_NUMBER_MASK, "No-Operation (NOP)"},
725 {IPOPT_SEC & IPOPT_NUMBER_MASK, "Security"},
726 {IPOPT_LSR & IPOPT_NUMBER_MASK, "Loose source route"},
727 {IPOPT_TS & IPOPT_NUMBER_MASK, "Time stamp"},
728 {IPOPT_ESEC & IPOPT_NUMBER_MASK, "Extended security"},
729 {IPOPT_CIPSO & IPOPT_NUMBER_MASK, "Commercial IP security option"},
730 {IPOPT_RR & IPOPT_NUMBER_MASK, "Record route"},
731 {IPOPT_SID & IPOPT_NUMBER_MASK, "Stream identifier"},
732 {IPOPT_SSR & IPOPT_NUMBER_MASK, "Strict source route"},
733 {IPOPT_ZSU & IPOPT_NUMBER_MASK, "Experimental Measurement"},
734 {IPOPT_MTUP & IPOPT_NUMBER_MASK, "MTU probe"},
735 {IPOPT_MTUR & IPOPT_NUMBER_MASK, "MTU Reply"},
736 {IPOPT_FINN & IPOPT_NUMBER_MASK, "Experimental Flow Control"},
737 {IPOPT_VISA & IPOPT_NUMBER_MASK, "Experimental Access Control"},
738 {IPOPT_ENCODE & IPOPT_NUMBER_MASK, "Ask Estrin"},
739 {IPOPT_IMITD & IPOPT_NUMBER_MASK, "IMI Traffic Descriptor"},
740 {IPOPT_EIP & IPOPT_NUMBER_MASK, "Extended Internet Protocol"},
741 {IPOPT_TR & IPOPT_NUMBER_MASK, "Traceroute"},
742 {IPOPT_ADDEXT & IPOPT_NUMBER_MASK, "Address Extension"},
743 {IPOPT_RTRALT & IPOPT_NUMBER_MASK, "Router Alert"},
744 {IPOPT_SDB & IPOPT_NUMBER_MASK, "Selective Directed Broadcast"},
745 {IPOPT_UN & IPOPT_NUMBER_MASK, "Unassigned"},
746 {IPOPT_DPS & IPOPT_NUMBER_MASK, "Dynamic Packet State"},
747 {IPOPT_UMP & IPOPT_NUMBER_MASK, "Upstream Multicast Packet"},
748 {IPOPT_QS & IPOPT_NUMBER_MASK, "Quick-Start"},
749 {IPOPT_EXP & IPOPT_NUMBER_MASK, "RFC 3692-style experiment"},
750 {0, NULL}
751 };
752
753 static void
754 dissect_ipopt_type(tvbuff_t *tvb, int offset, proto_tree *tree)
755 {
756 proto_tree *type_tree;
757 proto_item *ti;
758
759 ti = proto_tree_add_item(tree, hf_ip_opt_type, tvb, offset, 1, ENC_NA);
760 type_tree = proto_item_add_subtree(ti, ett_ip_opt_type);
761 proto_tree_add_item(type_tree, hf_ip_opt_type_copy, tvb, offset, 1, ENC_NA);
762 proto_tree_add_item(type_tree, hf_ip_opt_type_class, tvb, offset, 1, ENC_NA);
763 proto_tree_add_item(type_tree, hf_ip_opt_type_number, tvb, offset, 1, ENC_NA);
764 }
765
766 static proto_tree*
767 ip_fixed_option_header(proto_tree* tree, packet_info *pinfo, tvbuff_t *tvb, int proto, int ett, proto_item** ti, unsigned len, unsigned optlen)
768 {
769 proto_tree *field_tree;
770 proto_item *tf;
771
772 *ti = proto_tree_add_item(tree, proto, tvb, 0, optlen, ENC_NA);
773 field_tree = proto_item_add_subtree(*ti, ett);
774 proto_item_append_text(*ti, " (%u bytes)", len);
775
776 dissect_ipopt_type(tvb, 0, field_tree);
777 tf = proto_tree_add_item(field_tree, hf_ip_opt_len, tvb, 1, 1, ENC_NA);
778
779 if (len != optlen) {
780 /* Bogus - option length isn't what it's supposed to be for this option. */
781 expert_add_info_format(pinfo, tf, &ei_ip_opt_len_invalid,
782 "%s (with option length = %u byte%s; should be %u)",
783 proto_get_protocol_short_name(find_protocol_by_id(proto)),
784 optlen, plurality(optlen, "", "s"), len);
785 }
786
787 return field_tree;
788 }
789
790 static proto_tree*
791 ip_var_option_header(proto_tree* tree, packet_info *pinfo, tvbuff_t *tvb, int proto, int ett, proto_item** ti, unsigned optlen)
792 {
793 proto_tree *field_tree;
794 proto_item *tf;
795
796 *ti = proto_tree_add_item(tree, proto, tvb, 0, optlen, ENC_NA);
797 field_tree = proto_item_add_subtree(*ti, ett);
798 proto_item_append_text(*ti, " (%u bytes)", optlen);
799
800 dissect_ipopt_type(tvb, 0, field_tree);
801 tf = proto_tree_add_item(field_tree, hf_ip_opt_len, tvb, 1, 1, ENC_NA);
802 if (optlen > IPOLEN_MAX)
803 expert_add_info(pinfo, tf, &ei_ip_opt_len_invalid);
804
805 return field_tree;
806 }
807
808 static const value_string secl_rfc791_vals[] = {
809 {IPSEC_RFC791_UNCLASSIFIED, "Unclassified"},
810 {IPSEC_RFC791_CONFIDENTIAL, "Confidential"},
811 {IPSEC_RFC791_EFTO, "EFTO" },
812 {IPSEC_RFC791_MMMM, "MMMM" },
813 {IPSEC_RFC791_PROG, "PROG" },
814 {IPSEC_RFC791_RESTRICTED, "Restricted" },
815 {IPSEC_RFC791_SECRET, "Secret" },
816 {IPSEC_RFC791_TOPSECRET, "Top secret" },
817 {IPSEC_RFC791_RESERVED1, "Reserved" },
818 {IPSEC_RFC791_RESERVED2, "Reserved" },
819 {IPSEC_RFC791_RESERVED3, "Reserved" },
820 {IPSEC_RFC791_RESERVED4, "Reserved" },
821 {IPSEC_RFC791_RESERVED5, "Reserved" },
822 {IPSEC_RFC791_RESERVED6, "Reserved" },
823 {IPSEC_RFC791_RESERVED7, "Reserved" },
824 {IPSEC_RFC791_RESERVED8, "Reserved" },
825 {0, NULL }
826 };
827
828 static const value_string sec_cl_vals[] = {
829 {IPSEC_RESERVED4, "Reserved 4" },
830 {IPSEC_TOPSECRET, "Top secret" },
831 {IPSEC_SECRET, "Secret" },
832 {IPSEC_CONFIDENTIAL, "Confidential"},
833 {IPSEC_RESERVED3, "Reserved 3" },
834 {IPSEC_RESERVED2, "Reserved 2" },
835 {IPSEC_UNCLASSIFIED, "Unclassified"},
836 {IPSEC_RESERVED1, "Reserved 1" },
837 {0, NULL }
838 };
839
840 static const true_false_string ip_opt_sec_prot_auth_flag_tfs = {
841 "Datagram protected in accordance with its rules",
842 "Datagram not protected in accordance with its rules"
843 };
844
845 static const true_false_string ip_opt_sec_prot_auth_fti_tfs = {
846 "Additional octet present",
847 "Final octet"
848 };
849
850 static int * const ip_opt_sec_prot_auth_fields_byte_1[] = {
851 &hf_ip_opt_sec_prot_auth_genser,
852 &hf_ip_opt_sec_prot_auth_siop_esi,
853 &hf_ip_opt_sec_prot_auth_sci,
854 &hf_ip_opt_sec_prot_auth_nsa,
855 &hf_ip_opt_sec_prot_auth_doe,
856 &hf_ip_opt_sec_prot_auth_unassigned,
857 &hf_ip_opt_sec_prot_auth_fti,
858 NULL
859 };
860
861 static int * const ip_opt_sec_prot_auth_fields_byte_n[] = {
862 &hf_ip_opt_sec_prot_auth_unassigned2,
863 &hf_ip_opt_sec_prot_auth_fti,
864 NULL
865 };
866 static int
867 dissect_ipopt_security(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void * data _U_)
868 {
869 proto_tree *field_tree;
870 proto_item *tf;
871 unsigned val;
872 unsigned curr_offset = 2;
873 unsigned optlen = tvb_reported_length(tvb);
874
875 field_tree = ip_var_option_header(tree, pinfo, tvb, proto_ip_option_security, ett_ip_option_sec, &tf, optlen);
876
877 if (optlen == 11) {
878 /* Analyze payload start to decide whether it should be dissected
879 according to RFC 791 or RFC 1108 */
880 val = tvb_get_ntohs(tvb, curr_offset);
881 if (try_val_to_str(val, secl_rfc791_vals)) {
882 /* Dissect as RFC 791 */
883 proto_tree_add_item(field_tree, hf_ip_opt_sec_rfc791_sec,
884 tvb, curr_offset, 2, ENC_BIG_ENDIAN);
885 curr_offset += 2;
886 proto_tree_add_item(field_tree, hf_ip_opt_sec_rfc791_comp,
887 tvb, curr_offset, 2, ENC_BIG_ENDIAN);
888 curr_offset += 2;
889 proto_tree_add_item(field_tree, hf_ip_opt_sec_rfc791_hr,
890 tvb, curr_offset, 2, ENC_ASCII);
891 curr_offset += 2;
892 proto_tree_add_item(field_tree, hf_ip_opt_sec_rfc791_tcc,
893 tvb, curr_offset, 3, ENC_ASCII);
894 return curr_offset;
895 }
896 }
897
898 /* Dissect as RFC 108 */
899 proto_tree_add_item(field_tree, hf_ip_opt_sec_cl, tvb, curr_offset, 1, ENC_BIG_ENDIAN);
900 curr_offset++;
901 if (curr_offset >= optlen) {
902 return curr_offset;
903 }
904 val = tvb_get_uint8(tvb, curr_offset);
905 proto_tree_add_bitmask(field_tree, tvb, curr_offset, hf_ip_opt_sec_prot_auth_flags,
906 ett_ip_opt_sec_prot_auth_flags, ip_opt_sec_prot_auth_fields_byte_1,
907 ENC_BIG_ENDIAN);
908 curr_offset++;
909 while (val & 0x01) {
910 if ((val & 0x01) && (curr_offset == optlen)) {
911 expert_add_info(pinfo, tf, &ei_ip_opt_sec_prot_auth_fti);
912 break;
913 }
914 val = tvb_get_uint8(tvb, curr_offset);
915 proto_tree_add_bitmask(field_tree, tvb, curr_offset, hf_ip_opt_sec_prot_auth_flags,
916 ett_ip_opt_sec_prot_auth_flags, ip_opt_sec_prot_auth_fields_byte_n,
917 ENC_BIG_ENDIAN);
918 curr_offset++;
919 }
920 if (curr_offset < optlen) {
921 expert_add_info(pinfo, tf, &ei_ip_extraneous_data);
922 }
923
924 return curr_offset;
925 }
926
927 static int
928 dissect_ipopt_ext_security(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void * data _U_)
929 {
930 proto_tree *field_tree;
931 proto_item *tf;
932 unsigned curr_offset = 2;
933 int remaining;
934 int optlen = tvb_reported_length(tvb);
935
936 field_tree = ip_var_option_header(tree, pinfo, tvb, proto_ip_option_ext_security, ett_ip_option_ext_security, &tf, optlen);
937
938 proto_tree_add_item(field_tree, hf_ip_opt_ext_sec_add_sec_info_format_code, tvb, curr_offset, 1, ENC_BIG_ENDIAN);
939 curr_offset++;
940 remaining = optlen - curr_offset;
941 if (remaining > 0) {
942 proto_tree_add_item(field_tree, hf_ip_opt_ext_sec_add_sec_info, tvb, curr_offset, remaining, ENC_NA);
943 }
944
945 return tvb_captured_length(tvb);
946 }
947
948 /* USHRT_MAX can hold at most 5 (base 10) digits (6 for the NULL byte) */
949 #define USHRT_MAX_STRLEN 6
950
951 /* Maximum CIPSO tag length:
952 * (IP hdr max)60 - (IPv4 hdr std)20 - (CIPSO base)6 = 34 */
953 #define CIPSO_TAG_LEN_MAX 34
954
955 /* The Commercial IP Security Option (CIPSO) is defined in IETF draft
956 * draft-ietf-cipso-ipsecurity-01.txt and FIPS 188, a copy of both documents
957 * can be found at the NetLabel project page, http://netlabel.sf.net or at
958 * https://tools.ietf.org/html/draft-ietf-cipso-ipsecurity-01 */
959 static const value_string cipso_tag_type_vals[] = {
960 {0, "Padding"},
961 {1, "Restrictive Category Bitmap"},
962 {2, "Enumerated Categories"},
963 {5, "Ranged Categories"},
964 {6, "Permissive Categories"},
965 {7, "Free Form"},
966
967 { 0, NULL }
968 };
969
970 static int
971 dissect_ipopt_cipso(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void * data _U_)
972 {
973 proto_tree *field_tree;
974 proto_item *tf, *tag_item;
975 unsigned tagtype, taglen;
976 int offset = 2,
977 optlen = tvb_reported_length(tvb);
978 int offset_max = optlen;
979
980 field_tree = ip_var_option_header(tree, pinfo, tvb, proto_ip_option_cipso, ett_ip_option_cipso, &tf, optlen);
981
982 proto_tree_add_item(field_tree, hf_ip_cipso_doi, tvb, offset, 4, ENC_BIG_ENDIAN);
983 offset += 4;
984
985 /* loop through all of the tags in the CIPSO option */
986 while (offset < offset_max) {
987 tagtype = tvb_get_uint8(tvb, offset);
988 tag_item = proto_tree_add_item(field_tree, hf_ip_cipso_tag_type, tvb, offset, 1, ENC_NA);
989
990 if ((offset + 1) < offset_max)
991 taglen = tvb_get_uint8(tvb, offset + 1);
992 else
993 taglen = 1;
994
995 switch (tagtype) {
996 case 0:
997 /* padding - skip this tag */
998 offset += 1;
999 continue;
1000 case 1:
1001 /* restrictive bitmap, see CIPSO draft section 3.4.2 for tag format */
1002 if ((taglen < 4) || (taglen > CIPSO_TAG_LEN_MAX) ||
1003 ((offset + (int)taglen - 1) > offset_max)) {
1004 expert_add_info(pinfo, tag_item, &ei_ip_cipso_tag);
1005 return offset;
1006 }
1007
1008 /* skip past alignment octet */
1009 offset += 3;
1010
1011 proto_tree_add_item(field_tree, hf_ip_cipso_sensitivity_level, tvb, offset, 1, ENC_NA);
1012 offset += 1;
1013
1014 if (taglen > 4) {
1015 unsigned bit_spot = 0;
1016 unsigned byte_spot = 0;
1017 unsigned char bitmask;
1018 char *cat_str;
1019 char *cat_str_tmp = (char *)wmem_alloc(pinfo->pool, USHRT_MAX_STRLEN);
1020 size_t cat_str_len;
1021 const uint8_t *val_ptr = tvb_get_ptr(tvb, offset, taglen - 4);
1022
1023 /* this is just a guess regarding string size, but we grow it below
1024 * if needed */
1025 cat_str_len = 256;
1026 cat_str = (char *)wmem_alloc0(pinfo->pool, cat_str_len);
1027
1028 /* we checked the length above so the highest category value
1029 * possible here is 240 */
1030 while (byte_spot < (taglen - 4)) {
1031 bitmask = 0x80;
1032 bit_spot = 0;
1033 while (bit_spot < 8) {
1034 if (val_ptr[byte_spot] & bitmask) {
1035 snprintf(cat_str_tmp, USHRT_MAX_STRLEN, "%u",
1036 byte_spot * 8 + bit_spot);
1037 if (cat_str_len < (strlen(cat_str) + 2 + USHRT_MAX_STRLEN)) {
1038 char *cat_str_new;
1039
1040 while (cat_str_len < (strlen(cat_str) + 2 + USHRT_MAX_STRLEN))
1041 cat_str_len += cat_str_len;
1042 cat_str_new = (char *)wmem_alloc(pinfo->pool, cat_str_len);
1043 (void) g_strlcpy(cat_str_new, cat_str, cat_str_len);
1044 cat_str_new[cat_str_len - 1] = '\0';
1045 cat_str = cat_str_new;
1046 }
1047 if (cat_str[0] != '\0')
1048 (void) g_strlcat(cat_str, ",", cat_str_len);
1049 (void) g_strlcat(cat_str, cat_str_tmp, cat_str_len);
1050 }
1051 bit_spot++;
1052 bitmask >>= 1;
1053 }
1054 byte_spot++;
1055 }
1056
1057 if (cat_str)
1058 proto_tree_add_string(field_tree, hf_ip_cipso_categories, tvb, offset, taglen - 4, cat_str);
1059 else
1060 proto_tree_add_string(field_tree, hf_ip_cipso_categories, tvb, offset, taglen - 4, "ERROR PARSING CATEGORIES");
1061 offset += taglen - 4;
1062 }
1063 break;
1064 case 2:
1065 /* enumerated categories, see CIPSO draft section 3.4.3 for tag format */
1066 if ((taglen < 4) || (taglen > CIPSO_TAG_LEN_MAX) ||
1067 ((offset + (int)taglen - 1) > offset_max)) {
1068 expert_add_info(pinfo, tag_item, &ei_ip_cipso_tag);
1069 return offset;
1070 }
1071
1072 /* skip past alignment octet */
1073 offset += 3;
1074
1075 /* sensitivity level */
1076 proto_tree_add_item(field_tree, hf_ip_cipso_sensitivity_level, tvb, offset, 1, ENC_NA);
1077 offset += 1;
1078
1079 if (taglen > 4) {
1080 int offset_max_cat = offset + taglen - 4;
1081 char *cat_str = (char *)wmem_alloc0(pinfo->pool, USHRT_MAX_STRLEN * 15);
1082 char *cat_str_tmp = (char *)wmem_alloc(pinfo->pool, USHRT_MAX_STRLEN);
1083
1084 while ((offset + 2) <= offset_max_cat) {
1085 snprintf(cat_str_tmp, USHRT_MAX_STRLEN, "%u",
1086 tvb_get_ntohs(tvb, offset));
1087 offset += 2;
1088 if (cat_str[0] != '\0')
1089 (void) g_strlcat(cat_str, ",", USHRT_MAX_STRLEN * 15);
1090 (void) g_strlcat(cat_str, cat_str_tmp, USHRT_MAX_STRLEN * 15);
1091 }
1092
1093 proto_tree_add_string(field_tree, hf_ip_cipso_categories, tvb, offset - taglen + 4, taglen - 4, cat_str);
1094 }
1095 break;
1096 case 5:
1097 /* ranged categories, see CIPSO draft section 3.4.4 for tag format */
1098 if ((taglen < 4) || (taglen > CIPSO_TAG_LEN_MAX) ||
1099 ((offset + (int)taglen - 1) > offset_max)) {
1100 expert_add_info(pinfo, tag_item, &ei_ip_cipso_tag);
1101 return offset;
1102 }
1103
1104 /* skip past alignment octet */
1105 offset += 3;
1106
1107 /* sensitivity level */
1108 proto_tree_add_item(field_tree, hf_ip_cipso_sensitivity_level, tvb, offset, 1, ENC_NA);
1109 offset += 1;
1110
1111 if (taglen > 4) {
1112 uint16_t cat_low, cat_high;
1113 int offset_max_cat = offset + taglen - 4;
1114 char *cat_str = (char *)wmem_alloc0(pinfo->pool, USHRT_MAX_STRLEN * 16);
1115 char *cat_str_tmp = (char *)wmem_alloc(pinfo->pool, USHRT_MAX_STRLEN * 2);
1116
1117 while ((offset + 2) <= offset_max_cat) {
1118 cat_high = tvb_get_ntohs(tvb, offset);
1119 if ((offset + 4) <= offset_max_cat) {
1120 cat_low = tvb_get_ntohs(tvb, offset + 2);
1121 offset += 4;
1122 } else {
1123 cat_low = 0;
1124 offset += 2;
1125 }
1126 if (cat_low != cat_high)
1127 snprintf(cat_str_tmp, USHRT_MAX_STRLEN * 2, "%u-%u",
1128 cat_high, cat_low);
1129 else
1130 snprintf(cat_str_tmp, USHRT_MAX_STRLEN * 2, "%u", cat_high);
1131
1132 if (cat_str[0] != '\0')
1133 (void) g_strlcat(cat_str, ",", USHRT_MAX_STRLEN * 16);
1134 (void) g_strlcat(cat_str, cat_str_tmp, USHRT_MAX_STRLEN * 16);
1135 }
1136
1137 proto_tree_add_string(field_tree, hf_ip_cipso_categories, tvb, offset - taglen + 4, taglen - 4, cat_str);
1138 }
1139 break;
1140 case 6:
1141 /* permissive categories, see FIPS 188 section 6.9 for tag format */
1142 if ((taglen < 4) || (taglen > CIPSO_TAG_LEN_MAX) ||
1143 ((offset + (int)taglen - 1) > offset_max)) {
1144 expert_add_info(pinfo, tag_item, &ei_ip_cipso_tag);
1145 return offset;
1146 }
1147
1148 proto_tree_add_item(field_tree, hf_ip_cipso_tag_data, tvb, offset + 2, taglen - 2, ENC_NA);
1149 offset += taglen;
1150 break;
1151 case 7:
1152 /* free form, see FIPS 188 section 6.10 for tag format */
1153 if ((taglen < 2) || (taglen > CIPSO_TAG_LEN_MAX) ||
1154 ((offset + (int)taglen - 1) > offset_max)) {
1155 expert_add_info(pinfo, tag_item, &ei_ip_cipso_tag);
1156 return offset;
1157 }
1158
1159 proto_tree_add_item(field_tree, hf_ip_cipso_tag_data, tvb, offset + 2, taglen - 2, ENC_NA);
1160 offset += taglen;
1161 break;
1162 default:
1163 /* unknown tag - stop parsing this IPv4 option */
1164 if ((offset + 1) <= offset_max) {
1165 taglen = tvb_get_uint8(tvb, offset + 1);
1166 proto_item_append_text(tag_item, " (%u bytes)", taglen);
1167 return offset;
1168 }
1169 return offset;
1170 }
1171 }
1172
1173 return offset;
1174 }
1175
1176 static void
1177 dissect_option_route(proto_tree *tree, packet_info *pinfo, tvbuff_t *tvb, int offset, int hf,
1178 int hf_host, bool next)
1179 {
1180 proto_item *ti;
1181 uint32_t route;
1182
1183 route = tvb_get_ipv4(tvb, offset);
1184 if (next)
1185 proto_tree_add_ipv4_format_value(tree, hf, tvb, offset, 4, route,
1186 "%s <- (next)",
1187 tvb_ip_to_str(pinfo->pool, tvb, offset));
1188 else
1189 proto_tree_add_ipv4(tree, hf, tvb, offset, 4, route);
1190
1191 if (!proto_field_is_referenced(tree, hf_host)) {
1192 return;
1193 }
1194
1195 ti = proto_tree_add_string(tree, hf_host, tvb, offset, 4, get_hostname_wmem(pinfo->pool, route));
1196 proto_item_set_generated(ti);
1197 proto_item_set_hidden(ti);
1198 }
1199
1200 static int
1201 dissect_ipopt_route(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int proto, int optlen_min)
1202 {
1203 proto_tree *field_tree;
1204 proto_item *tf;
1205 uint8_t len, ptr;
1206 int optoffset = 0;
1207 int offset = 0,
1208 optlen = tvb_reported_length(tvb);
1209
1210 field_tree = ip_var_option_header(tree, pinfo, tvb, proto, ett_ip_option_route, &tf, optlen);
1211
1212 ptr = tvb_get_uint8(tvb, offset + 2);
1213 tf = proto_tree_add_item(field_tree, hf_ip_opt_ptr, tvb, offset + 2, 1, ENC_NA);
1214 if ((ptr < (optlen_min + 1)) || (ptr & 3)) {
1215 if (ptr < (optlen_min + 1)) {
1216 expert_add_info(pinfo, tf, &ei_ip_opt_ptr_before_address);
1217 }
1218 else {
1219 expert_add_info(pinfo, tf, &ei_ip_opt_ptr_middle_address);
1220 }
1221 return optlen_min;
1222 }
1223
1224 len = optlen;
1225 optoffset = 3; /* skip past type, length and pointer */
1226 for (optlen -= 3; optlen > 0; optlen -= 4, optoffset += 4) {
1227 if (optlen < 4) {
1228 expert_add_info(pinfo, tf, &ei_ip_subopt_too_long);
1229 break;
1230 }
1231
1232 if (ptr > len) {
1233 /* This is a recorded route */
1234 dissect_option_route(field_tree, pinfo, tvb, offset + optoffset, hf_ip_rec_rt,
1235 hf_ip_rec_rt_host, false);
1236 } else if (optoffset == (len - 4)) {
1237 /* This is the destination */
1238 proto_item *item;
1239 uint32_t addr;
1240 const char *dst_host;
1241
1242 addr = tvb_get_ipv4(tvb, offset + optoffset);
1243 proto_tree_add_ipv4(field_tree, hf_ip_dst, tvb,
1244 offset + optoffset, 4, addr);
1245 item = proto_tree_add_ipv4(field_tree, hf_ip_addr, tvb,
1246 offset + optoffset, 4, addr);
1247 proto_item_set_hidden(item);
1248 if (proto_field_is_referenced(field_tree, hf_ip_dst_host) || proto_field_is_referenced(field_tree, hf_ip_host)) {
1249 dst_host = get_hostname_wmem(pinfo->pool, addr);
1250 item = proto_tree_add_string(field_tree, hf_ip_dst_host, tvb,
1251 offset + optoffset, 4, dst_host);
1252 proto_item_set_generated(item);
1253 proto_item_set_hidden(item);
1254 item = proto_tree_add_string(field_tree, hf_ip_host, tvb,
1255 offset + optoffset, 4, dst_host);
1256 proto_item_set_generated(item);
1257 proto_item_set_hidden(item);
1258 }
1259 } else if ((optoffset + 1) < ptr) {
1260 /* This is also a recorded route */
1261 dissect_option_route(field_tree, pinfo, tvb, offset + optoffset, hf_ip_rec_rt,
1262 hf_ip_rec_rt_host, false);
1263 } else if ((optoffset + 1) == ptr) {
1264 /* This is the next source route. TODO: Should we use separate hf's
1265 * for this, such as hf_ip_next_rt and hf_ip_next_rt_host and avoid
1266 * having to pass true/false to dissect_option_route()? */
1267 dissect_option_route(field_tree, pinfo, tvb, offset + optoffset, hf_ip_src_rt,
1268 hf_ip_src_rt_host, true);
1269 } else {
1270 /* This must be a source route */
1271 dissect_option_route(field_tree, pinfo, tvb, offset + optoffset, hf_ip_src_rt,
1272 hf_ip_src_rt_host, false);
1273 }
1274 }
1275
1276 return tvb_captured_length(tvb);
1277 }
1278
1279 static int
1280 dissect_ipopt_loose_route(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void * data _U_)
1281 {
1282 return dissect_ipopt_route(tvb, pinfo, tree, proto_ip_option_route, IPOLEN_LSR_MIN);
1283 }
1284
1285 static int
1286 dissect_ipopt_source_route(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void * data _U_)
1287 {
1288 return dissect_ipopt_route(tvb, pinfo, tree, proto_ip_option_source_route, IPOLEN_SSR_MIN);
1289
1290 }
1291
1292 static int
1293 dissect_ipopt_record_route(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void * data _U_)
1294 {
1295 proto_tree *field_tree;
1296 proto_item *tf;
1297 uint8_t len, ptr;
1298 int optoffset = 0;
1299 int offset = 0,
1300 optlen = tvb_reported_length(tvb);
1301
1302 field_tree = ip_var_option_header(tree, pinfo, tvb, proto_ip_option_record_route, ett_ip_option_route, &tf, optlen);
1303
1304 ptr = tvb_get_uint8(tvb, offset + 2);
1305 tf = proto_tree_add_item(field_tree, hf_ip_opt_ptr, tvb, offset + 2, 1, ENC_NA);
1306
1307 if ((ptr < (IPOLEN_RR_MIN + 1)) || (ptr & 3)) {
1308 if (ptr < (IPOLEN_RR_MIN + 1)) {
1309 expert_add_info(pinfo, tf, &ei_ip_opt_ptr_before_address);
1310 }
1311 else {
1312 expert_add_info(pinfo, tf, &ei_ip_opt_ptr_middle_address);
1313 }
1314 return IPOLEN_RR_MIN;
1315 }
1316
1317 len = optlen;
1318 optoffset = 3; /* skip past type, length and pointer */
1319 for (optlen -= 3; optlen > 0; optlen -= 4, optoffset += 4) {
1320 if (optlen < 4) {
1321 expert_add_info(pinfo, tf, &ei_ip_subopt_too_long);
1322 break;
1323 }
1324
1325 if (ptr > len) {
1326 /* The recorded route data area is full. */
1327 dissect_option_route(field_tree, pinfo, tvb, offset + optoffset, hf_ip_rec_rt,
1328 hf_ip_rec_rt_host, false);
1329 } else if ((optoffset + 1) < ptr) {
1330 /* This is a recorded route */
1331 dissect_option_route(field_tree, pinfo, tvb, offset + optoffset, hf_ip_rec_rt,
1332 hf_ip_rec_rt_host, false);
1333 } else if ((optoffset + 1) == ptr) {
1334 /* This is the next available slot. TODO: Should we use separate hf's
1335 * for this, such as hf_ip_next_rt and hf_ip_next_rt_host and avoid
1336 * having to pass true/false to dissect_option_route()? */
1337 dissect_option_route(field_tree, pinfo, tvb, offset + optoffset, hf_ip_empty_rt,
1338 hf_ip_empty_rt_host, true);
1339 } else {
1340 /* This must be an available slot too. */
1341 dissect_option_route(field_tree, pinfo, tvb, offset + optoffset, hf_ip_empty_rt,
1342 hf_ip_empty_rt_host, false);
1343 }
1344 }
1345
1346 return tvb_captured_length(tvb);
1347 }
1348
1349 /* Stream Identifier */
1350 static int
1351 dissect_ipopt_sid(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void * data _U_)
1352 {
1353 proto_tree *field_tree;
1354 proto_item *tf;
1355
1356 field_tree = ip_fixed_option_header(tree, pinfo, tvb, proto_ip_option_sid, ett_ip_option_sid, &tf, IPOLEN_SID, tvb_reported_length(tvb));
1357 expert_add_info(pinfo, tf, &ei_ip_opt_deprecated);
1358
1359 proto_tree_add_item(field_tree, hf_ip_opt_sid, tvb, 2, 2, ENC_BIG_ENDIAN);
1360 return tvb_captured_length(tvb);
1361 }
1362
1363 /* RFC 1063: MTU Probe and MTU Reply */
1364 static int
1365 dissect_ipopt_mtu(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int proto)
1366 {
1367 proto_tree *field_tree;
1368 proto_item *tf;
1369
1370 field_tree = ip_fixed_option_header(tree, pinfo, tvb, proto, ett_ip_option_mtu, &tf, IPOLEN_MTU, tvb_reported_length(tvb));
1371
1372 proto_tree_add_item(field_tree, hf_ip_opt_mtu, tvb, 2, 2, ENC_BIG_ENDIAN);
1373 return tvb_captured_length(tvb);
1374 }
1375
1376 static int
1377 dissect_ipopt_mtu_probe(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _U_)
1378 {
1379 return dissect_ipopt_mtu(tvb, pinfo, tree, proto_ip_option_mtu_probe);
1380 }
1381
1382 static int
1383 dissect_ipopt_mtu_reply(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _U_)
1384 {
1385 return dissect_ipopt_mtu(tvb, pinfo, tree, proto_ip_option_mtu_reply);
1386 }
1387
1388 /* RFC 1393: Traceroute */
1389 static int
1390 dissect_ipopt_tr(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void * data _U_)
1391 {
1392 proto_tree *field_tree;
1393 proto_item *tf;
1394 int offset = 2;
1395
1396 field_tree = ip_fixed_option_header(tree, pinfo, tvb, proto_ip_option_traceroute, ett_ip_option_tr, &tf, IPOLEN_TR, tvb_reported_length(tvb));
1397 expert_add_info(pinfo, tf, &ei_ip_opt_deprecated);
1398
1399 proto_tree_add_item(field_tree, hf_ip_opt_id_number, tvb, offset, 2, ENC_BIG_ENDIAN);
1400 proto_tree_add_item(field_tree, hf_ip_opt_ohc, tvb, offset + 2, 2, ENC_BIG_ENDIAN);
1401 proto_tree_add_item(field_tree, hf_ip_opt_rhc, tvb, offset + 4, 2, ENC_BIG_ENDIAN);
1402 proto_tree_add_item(field_tree, hf_ip_opt_originator, tvb, offset + 6, 4, ENC_BIG_ENDIAN);
1403 return tvb_captured_length(tvb);
1404 }
1405
1406 static const value_string ipopt_timestamp_flag_vals[] = {
1407 {IPOPT_TS_TSONLY, "Time stamps only" },
1408 {IPOPT_TS_TSANDADDR, "Time stamp and address" },
1409 {IPOPT_TS_PRESPEC, "Time stamps for prespecified addresses"},
1410 {0, NULL }};
1411
1412 static int
1413 dissect_ipopt_timestamp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void * data _U_)
1414 {
1415 proto_tree *field_tree;
1416 proto_item *tf;
1417 int ptr;
1418 int optoffset = 0;
1419 int flg;
1420 uint32_t addr;
1421 int offset = 0,
1422 optlen = tvb_reported_length(tvb);
1423
1424 field_tree = ip_var_option_header(tree, pinfo, tvb, proto_ip_option_timestamp, ett_ip_option_timestamp, &tf, optlen);
1425
1426 optoffset += 2; /* skip past type and length */
1427 optlen -= 2; /* subtract size of type and length */
1428
1429 ptr = tvb_get_uint8(tvb, offset + optoffset);
1430 proto_tree_add_uint_format_value(field_tree, hf_ip_opt_ptr, tvb, offset + optoffset, 1, ptr, "%d%s",
1431 ptr, ((ptr == 1) ? " (header is full)" :
1432 (ptr < 5) ? " (points before first address)" :
1433 (((ptr - 1) & 3) ? " (points to middle of field)" : "")));
1434 optoffset++;
1435 optlen--;
1436 ptr--; /* ptr is 1-origin */
1437
1438 flg = tvb_get_uint8(tvb, offset + optoffset);
1439 proto_tree_add_item(field_tree, hf_ip_opt_overflow, tvb, offset + optoffset, 1, ENC_NA);
1440 flg &= 0xF;
1441 proto_tree_add_item(field_tree, hf_ip_opt_flag, tvb, offset + optoffset, 1, ENC_NA);
1442 optoffset++;
1443 optlen--;
1444
1445 while (optlen > 0) {
1446 if (flg == IPOPT_TS_TSANDADDR || flg == IPOPT_TS_PRESPEC) {
1447 if (optlen < 8) {
1448 proto_tree_add_expert(field_tree, pinfo, &ei_ip_subopt_too_long, tvb, offset + optoffset, optlen);
1449 break;
1450 }
1451 addr = tvb_get_ipv4(tvb, offset + optoffset);
1452 if (proto_field_is_referenced(field_tree, hf_ip_opt_time_stamp_addr)) {
1453 proto_tree_add_ipv4_format_value(field_tree, hf_ip_opt_time_stamp_addr, tvb, offset + optoffset, 4, addr,
1454 "%s", ((addr == 0) ? "-" : get_hostname_wmem(pinfo->pool, addr)));
1455 }
1456 optoffset += 4;
1457 optlen -= 4;
1458
1459 proto_tree_add_item(field_tree, hf_ip_opt_time_stamp, tvb, offset + optoffset, 4, ENC_BIG_ENDIAN);
1460 optoffset += 4;
1461 optlen -= 4;
1462 } else {
1463 if (optlen < 4) {
1464 proto_tree_add_expert(field_tree, pinfo, &ei_ip_subopt_too_long, tvb, offset + optoffset, optlen);
1465 break;
1466 }
1467 proto_tree_add_item(field_tree, hf_ip_opt_time_stamp, tvb, offset + optoffset, 4, ENC_BIG_ENDIAN);
1468 optoffset += 4;
1469 optlen -= 4;
1470 }
1471 }
1472
1473 return tvb_captured_length(tvb);
1474 }
1475
1476 /* Router Alert */
1477 static const range_string ra_rvals[] = {
1478 {0, 0, "Router shall examine packet"},
1479 {1, 65535, "Reserved"},
1480 {0, 0, NULL}
1481 };
1482
1483 static int
1484 dissect_ipopt_ra(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void * data _U_)
1485 {
1486 /* Router-Alert, as defined by RFC2113 */
1487 proto_tree *field_tree;
1488 proto_item *tf;
1489 uint32_t value;
1490
1491 field_tree = ip_fixed_option_header(tree, pinfo, tvb, proto_ip_option_routeralert, ett_ip_option_ra, &tf, IPOLEN_RA, tvb_reported_length(tvb));
1492
1493 proto_tree_add_item_ret_uint(field_tree, hf_ip_opt_ra, tvb, 2, 2, ENC_BIG_ENDIAN, &value);
1494 proto_item_append_text(tf, ": %s (%u)", rval_to_str(value, ra_rvals, "Unknown (%u)"), value);
1495 return tvb_captured_length(tvb);
1496 }
1497
1498 /* RFC 1770: Selective Directed Broadcast */
1499 static int
1500 dissect_ipopt_sdb(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void * data _U_)
1501 {
1502 proto_tree *field_tree;
1503 proto_item *tf;
1504 int offset = 0,
1505 optlen = tvb_reported_length(tvb);
1506
1507 field_tree = ip_var_option_header(tree, pinfo, tvb, proto_ip_option_sdb, ett_ip_option_sdb, &tf, optlen);
1508 expert_add_info(pinfo, tf, &ei_ip_opt_deprecated);
1509
1510 for (offset += 2, optlen -= 2; optlen >= 4; offset += 4, optlen -= 4)
1511 proto_tree_add_item(field_tree, hf_ip_opt_addr, tvb, offset, 4, ENC_BIG_ENDIAN);
1512
1513 if (optlen > 0)
1514 proto_tree_add_item(field_tree, hf_ip_opt_padding, tvb, offset, optlen, ENC_NA);
1515
1516 return tvb_captured_length(tvb);
1517 }
1518
1519 const value_string qs_func_vals[] = {
1520 {QS_RATE_REQUEST, "Rate request"},
1521 {QS_RATE_REPORT, "Rate report"},
1522 {0, NULL}
1523 };
1524
1525 static const value_string qs_rate_vals[] = {
1526 { 0, "0 bit/s"},
1527 { 1, "80 Kbit/s"},
1528 { 2, "160 Kbit/s"},
1529 { 3, "320 Kbit/s"},
1530 { 4, "640 Kbit/s"},
1531 { 5, "1.28 Mbit/s"},
1532 { 6, "2.56 Mbit/s"},
1533 { 7, "5.12 Mbit/s"},
1534 { 8, "10.24 Mbit/s"},
1535 { 9, "20.48 Mbit/s"},
1536 {10, "40.96 Mbit/s"},
1537 {11, "81.92 Mbit/s"},
1538 {12, "163.84 Mbit/s"},
1539 {13, "327.68 Mbit/s"},
1540 {14, "655.36 Mbit/s"},
1541 {15, "1.31072 Gbit/s"},
1542 {0, NULL}
1543 };
1544 value_string_ext qs_rate_vals_ext = VALUE_STRING_EXT_INIT(qs_rate_vals);
1545
1546 static int
1547 dissect_ipopt_qs(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void * data)
1548 {
1549 proto_tree *field_tree;
1550 proto_item *tf;
1551 proto_item *ti;
1552 ws_ip4 *iph = (ws_ip4 *)data;
1553 int offset = 2;
1554
1555 uint8_t command = tvb_get_uint8(tvb, offset);
1556 uint8_t function = command >> 4;
1557 uint8_t rate = command & QS_RATE_MASK;
1558 uint8_t ttl_diff;
1559
1560 field_tree = ip_fixed_option_header(tree, pinfo, tvb, proto_ip_option_qs, ett_ip_option_qs, &tf, IPOLEN_QS, tvb_reported_length(tvb));
1561 proto_item_append_text(tf, ": %s (%u)", val_to_str(function, qs_func_vals, "Unknown (%u)"), function);
1562
1563 proto_tree_add_item(field_tree, hf_ip_opt_qs_func, tvb, offset, 1, ENC_NA);
1564
1565 if (function == QS_RATE_REQUEST) {
1566 proto_tree_add_item(field_tree, hf_ip_opt_qs_rate, tvb, offset, 1, ENC_NA);
1567 proto_tree_add_item(field_tree, hf_ip_opt_qs_ttl, tvb, offset + 1, 1, ENC_NA);
1568 ttl_diff = (iph->ip_ttl - tvb_get_uint8(tvb, offset + 1) % 256);
1569 ti = proto_tree_add_uint(field_tree, hf_ip_opt_qs_ttl_diff,
1570 tvb, offset + 1, 1, ttl_diff);
1571 proto_item_set_generated(ti);
1572 proto_item_append_text(tf, ", %s, QS TTL %u, QS TTL diff %u",
1573 val_to_str_ext(rate, &qs_rate_vals_ext, "Unknown (%u)"),
1574 tvb_get_uint8(tvb, offset + 1), ttl_diff);
1575 proto_tree_add_item(field_tree, hf_ip_opt_qs_nonce, tvb, offset + 2, 4, ENC_BIG_ENDIAN);
1576 proto_tree_add_item(field_tree, hf_ip_opt_qs_reserved, tvb, offset + 2, 4, ENC_BIG_ENDIAN);
1577 } else if (function == QS_RATE_REPORT) {
1578 proto_tree_add_item(field_tree, hf_ip_opt_qs_rate, tvb, offset, 1, ENC_NA);
1579 proto_item_append_text(tf, ", %s",
1580 val_to_str_ext(rate, &qs_rate_vals_ext, "Unknown (%u)"));
1581 proto_tree_add_item(field_tree, hf_ip_opt_qs_unused, tvb, offset + 1, 1, ENC_NA);
1582 proto_tree_add_item(field_tree, hf_ip_opt_qs_nonce, tvb, offset + 2, 4, ENC_BIG_ENDIAN);
1583 proto_tree_add_item(field_tree, hf_ip_opt_qs_reserved, tvb, offset + 2, 4, ENC_BIG_ENDIAN);
1584 }
1585
1586 return tvb_captured_length(tvb);
1587 }
1588
1589 static void
1590 dissect_ip_options(tvbuff_t *tvb, int offset, unsigned length,
1591 packet_info *pinfo, proto_tree *opt_tree,
1592 proto_item *opt_item, void * data)
1593 {
1594 unsigned char opt;
1595 unsigned int optlen;
1596 proto_tree *field_tree;
1597 const char *name;
1598 dissector_handle_t option_dissector;
1599 unsigned nop_count = 0;
1600 tvbuff_t *next_tvb;
1601
1602 while (length > 0) {
1603 opt = tvb_get_uint8(tvb, offset);
1604 --length; /* account for type byte */
1605
1606 if ((opt == IPOPT_EOOL) || (opt == IPOPT_NOP)) {
1607 int local_proto;
1608 proto_item* field_item;
1609 /* We assume that the only options with no length are EOL and NOP options,
1610 so that we can treat unknown options as having a minimum length of 2,
1611 and at least be able to move on to the next option by using the length in the option. */
1612
1613 if (opt == IPOPT_EOOL)
1614 {
1615 local_proto = proto_ip_option_eol;
1616 } else {
1617 /* i.e. opt is IPOPT_NOP */
1618 local_proto = proto_ip_option_nop;
1619
1620 if (opt_item && (nop_count == 0 || offset % 4)) {
1621 /* Count number of NOP in a row within a uint32 */
1622 nop_count++;
1623
1624 if (nop_count == 4) {
1625 expert_add_info(pinfo, opt_item, &ei_ip_nop);
1626 }
1627 } else {
1628 nop_count = 0;
1629 }
1630 }
1631
1632 field_item = proto_tree_add_item(opt_tree, local_proto, tvb, offset, 1, ENC_NA);
1633 field_tree = proto_item_add_subtree(field_item, ett_ip_option_other);
1634
1635 dissect_ipopt_type(tvb, offset, field_tree);
1636 offset++;
1637
1638 } else {
1639 option_dissector = dissector_get_uint_handle(ip_option_table, opt);
1640 if (option_dissector == NULL) {
1641 name = wmem_strdup_printf(pinfo->pool, "Unknown (0x%02x)", opt);
1642 } else {
1643 name = dissector_handle_get_protocol_short_name(option_dissector);
1644 }
1645
1646 /* Option has a length. Is it in the packet? */
1647 if (length == 0) {
1648 /* Bogus - packet must at least include option code byte and
1649 length byte! */
1650 proto_tree_add_expert_format(opt_tree, pinfo, &ei_ip_opt_len_invalid, tvb, offset, 1,
1651 "%s (length byte past end of options)", name);
1652 return;
1653 }
1654
1655 optlen = tvb_get_uint8(tvb, offset + 1); /* total including type, len */
1656 --length; /* account for length byte */
1657
1658 if (optlen < 2) {
1659 /* Bogus - option length is too short to include option code and option length. */
1660 proto_tree_add_expert_format(opt_tree, pinfo, &ei_ip_opt_len_invalid, tvb, offset, 2,
1661 "%s (with too-short option length = %u byte%s)",
1662 name, optlen, plurality(optlen, "", "s"));
1663 return;
1664 } else if (optlen - 2 > length) {
1665 /* Bogus - option goes past the end of the header. */
1666 proto_tree_add_expert_format(opt_tree, pinfo, &ei_ip_opt_len_invalid, tvb, offset, length,
1667 "%s (option length = %u byte%s says option goes past end of options)",
1668 name, optlen, plurality(optlen, "", "s"));
1669 return;
1670 }
1671
1672 if (option_dissector == NULL) {
1673 proto_tree_add_subtree_format(opt_tree, tvb, offset, optlen, ett_ip_unknown_opt, NULL, "%s (%u byte%s)",
1674 name, optlen, plurality(optlen, "", "s"));
1675 } else {
1676 next_tvb = tvb_new_subset_length(tvb, offset, optlen);
1677 call_dissector_with_data(option_dissector, next_tvb, pinfo, opt_tree, data);
1678 proto_item_append_text(proto_tree_get_parent(opt_tree), ", %s", name);
1679 }
1680
1681 offset += optlen;
1682 length -= (optlen-2); //already accounted for type and len bytes
1683 }
1684
1685 if (opt == IPOPT_EOOL)
1686 break;
1687 }
1688 }
1689
1690 /* This function searches the IP options for either a loose or strict source
1691 * route option, then returns the offset to the destination address if the
1692 * pointer is still valid or zero if the pointer is greater than the length.
1693 *
1694 * The guts of this function was taken from dissect_ip_tcp_options().
1695 */
1696 static int
1697 get_dst_offset(tvbuff_t *tvb, int offset, unsigned length)
1698 {
1699 unsigned char opt;
1700 unsigned len;
1701 int orig_offset = offset;
1702
1703 while (length > 0) {
1704 opt = tvb_get_uint8(tvb, offset);
1705 --length; /* account for type byte */
1706
1707 if ((opt != IPOPT_EOOL) && (opt != IPOPT_NOP)) {
1708 /* Option has a length. Is it in the packet? */
1709 if (length == 0) {
1710 /* Bogus - packet must at least include option code byte and
1711 length byte! */
1712 return 0;
1713 }
1714 len = tvb_get_uint8(tvb, offset + 1); /* total including type, len */
1715 --length; /* account for length byte */
1716 if (len < 2) {
1717 /* Bogus - option length is too short to include option code and
1718 option length. */
1719 return 0;
1720 } else if (len - 2 > length) {
1721 /* Bogus - option goes past the end of the header. */
1722 return 0;
1723 }
1724
1725 if (opt == IPOPT_SSR || opt == IPOPT_LSR) {
1726 /* Hmm, what if you have both options? */
1727 uint8_t ptr;
1728
1729 ptr = tvb_get_uint8(tvb, offset + 2);
1730 if (ptr < 4 || (ptr & 3) || (ptr > len)) {
1731 return 0;
1732 }
1733 return (offset - orig_offset) + 4 + (len - 4);
1734 }
1735
1736 offset += len;
1737 length -= (len-2); /* subtract size of type and length */
1738 } else {
1739 offset += 1;
1740 }
1741 if (opt == IPOPT_EOOL)
1742 return 0;
1743 }
1744
1745 return 0;
1746 }
1747
1748 /* Returns the valid ttl for the group address */
1749 static uint16_t
1750 local_network_control_block_addr_valid_ttl(uint32_t addr)
1751 {
1752 /* An exception list, as some protocols seem to insist on
1753 * doing differently:
1754 */
1755
1756 /* IETF's VRRP (rfc3768) */
1757 if (IPLOCAL_NETWRK_CTRL_BLK_VRRP_ADDR == addr)
1758 return IPLOCAL_NETWRK_CTRL_BLK_VRRP_TTL;
1759 /* Cisco's GLPB */
1760 if (IPLOCAL_NETWRK_CTRL_BLK_GLPB_ADDR == addr)
1761 return IPLOCAL_NETWRK_CTRL_BLK_GLPB_TTL;
1762 /* mDNS (draft-cheshire-dnsext-multicastdns-07) */
1763 if (IPLOCAL_NETWRK_CTRL_BLK_MDNS_ADDR == addr)
1764 return IPLOCAL_NETWRK_CTRL_BLK_MDNS_TTL;
1765 /* LLMNR (rfc4795) */
1766 if (IPLOCAL_NETWRK_CTRL_BLK_LLMNR_ADDR == addr)
1767 return IPLOCAL_NETWRK_CTRL_BLK_ANY_TTL;
1768 return IPLOCAL_NETWRK_CTRL_BLK_DEFAULT_TTL;
1769 }
1770
1771 static const value_string dscp_short_vals[] = {
1772 { IPDSFIELD_DSCP_DEFAULT, "CS0" },
1773 { IPDSFIELD_DSCP_LE, "LE" },
1774 { IPDSFIELD_DSCP_CS1, "CS1" },
1775 { IPDSFIELD_DSCP_AF11, "AF11" },
1776 { IPDSFIELD_DSCP_AF12, "AF12" },
1777 { IPDSFIELD_DSCP_AF13, "AF13" },
1778 { IPDSFIELD_DSCP_CS2, "CS2" },
1779 { IPDSFIELD_DSCP_AF21, "AF21" },
1780 { IPDSFIELD_DSCP_AF22, "AF22" },
1781 { IPDSFIELD_DSCP_AF23, "AF23" },
1782 { IPDSFIELD_DSCP_CS3, "CS3" },
1783 { IPDSFIELD_DSCP_AF31, "AF31" },
1784 { IPDSFIELD_DSCP_AF32, "AF32" },
1785 { IPDSFIELD_DSCP_AF33, "AF33" },
1786 { IPDSFIELD_DSCP_CS4, "CS4" },
1787 { IPDSFIELD_DSCP_AF41, "AF41" },
1788 { IPDSFIELD_DSCP_AF42, "AF42" },
1789 { IPDSFIELD_DSCP_AF43, "AF43" },
1790 { IPDSFIELD_DSCP_CS5, "CS5" },
1791 { IPDSFIELD_VOICE_ADMIT, "VOICE-ADMIT" },
1792 { IPDSFIELD_DSCP_EF, "EF PHB" },
1793 { IPDSFIELD_DSCP_CS6, "CS6" },
1794 { IPDSFIELD_DSCP_CS7, "CS7" },
1795 { 0, NULL }};
1796 value_string_ext dscp_short_vals_ext = VALUE_STRING_EXT_INIT(dscp_short_vals);
1797
1798
1799 static const value_string dscp_vals[] = {
1800 { IPDSFIELD_DSCP_DEFAULT, "Default" },
1801 { IPDSFIELD_DSCP_LE, "Lower Effort" },
1802 { IPDSFIELD_DSCP_CS1, "Class Selector 1" },
1803 { IPDSFIELD_DSCP_AF11, "Assured Forwarding 11" },
1804 { IPDSFIELD_DSCP_AF12, "Assured Forwarding 12" },
1805 { IPDSFIELD_DSCP_AF13, "Assured Forwarding 13" },
1806 { IPDSFIELD_DSCP_CS2, "Class Selector 2" },
1807 { IPDSFIELD_DSCP_AF21, "Assured Forwarding 21" },
1808 { IPDSFIELD_DSCP_AF22, "Assured Forwarding 22" },
1809 { IPDSFIELD_DSCP_AF23, "Assured Forwarding 23" },
1810 { IPDSFIELD_DSCP_CS3, "Class Selector 3" },
1811 { IPDSFIELD_DSCP_AF31, "Assured Forwarding 31" },
1812 { IPDSFIELD_DSCP_AF32, "Assured Forwarding 32" },
1813 { IPDSFIELD_DSCP_AF33, "Assured Forwarding 33" },
1814 { IPDSFIELD_DSCP_CS4, "Class Selector 4" },
1815 { IPDSFIELD_DSCP_AF41, "Assured Forwarding 41" },
1816 { IPDSFIELD_DSCP_AF42, "Assured Forwarding 42" },
1817 { IPDSFIELD_DSCP_AF43, "Assured Forwarding 43" },
1818 { IPDSFIELD_DSCP_CS5, "Class Selector 5" },
1819 { IPDSFIELD_VOICE_ADMIT, "Voice Admit" },
1820 { IPDSFIELD_DSCP_EF, "Expedited Forwarding" },
1821 { IPDSFIELD_DSCP_CS6, "Class Selector 6" },
1822 { IPDSFIELD_DSCP_CS7, "Class Selector 7" },
1823 { 0, NULL }};
1824 value_string_ext dscp_vals_ext = VALUE_STRING_EXT_INIT(dscp_vals);
1825
1826 static const value_string ecn_short_vals[] = {
1827 { IPDSFIELD_ECT_NOT, "Not-ECT" },
1828 { IPDSFIELD_ECT_1, "ECT(1)" },
1829 { IPDSFIELD_ECT_0, "ECT(0)" },
1830 { IPDSFIELD_CE, "CE" },
1831 { 0, NULL }};
1832 value_string_ext ecn_short_vals_ext = VALUE_STRING_EXT_INIT(ecn_short_vals);
1833
1834 static const value_string ecn_vals[] = {
1835 { IPDSFIELD_ECT_NOT, "Not ECN-Capable Transport" },
1836 { IPDSFIELD_ECT_1, "ECN-Capable Transport codepoint '01'" },
1837 { IPDSFIELD_ECT_0, "ECN-Capable Transport codepoint '10'" },
1838 { IPDSFIELD_CE, "Congestion Experienced" },
1839 { 0, NULL }};
1840 value_string_ext ecn_vals_ext = VALUE_STRING_EXT_INIT(ecn_vals);
1841
1842 static const value_string precedence_vals[] = {
1843 { IPTOS_PREC_ROUTINE, "routine" },
1844 { IPTOS_PREC_PRIORITY, "priority" },
1845 { IPTOS_PREC_IMMEDIATE, "immediate" },
1846 { IPTOS_PREC_FLASH, "flash" },
1847 { IPTOS_PREC_FLASHOVERRIDE, "flash override" },
1848 { IPTOS_PREC_CRITIC_ECP, "CRITIC/ECP" },
1849 { IPTOS_PREC_INTERNETCONTROL, "internetwork control" },
1850 { IPTOS_PREC_NETCONTROL, "network control" },
1851 { 0, NULL }};
1852
1853 static const value_string iptos_vals[] = {
1854 { IPTOS_NONE, "None" },
1855 { IPTOS_LOWCOST, "Minimize cost" },
1856 { IPTOS_RELIABILITY, "Maximize reliability" },
1857 { IPTOS_THROUGHPUT, "Maximize throughput" },
1858 { IPTOS_LOWDELAY, "Minimize delay" },
1859 { IPTOS_SECURITY, "Maximize security" },
1860 { 0, NULL }
1861 };
1862
1863 static const true_false_string flags_sf_set_evil = {
1864 "Evil",
1865 "Not evil"
1866 };
1867
1868 bool
1869 ip_try_dissect(bool heur_first, unsigned nxt, tvbuff_t *tvb, packet_info *pinfo,
1870 proto_tree *tree, void *iph)
1871 {
1872 heur_dtbl_entry_t *hdtbl_entry;
1873
1874 if ((heur_first) && (dissector_try_heuristic(heur_subdissector_list, tvb,
1875 pinfo, tree, &hdtbl_entry, iph))) {
1876 return true;
1877 }
1878
1879 if (dissector_try_uint_with_data(ip_dissector_table, nxt, tvb, pinfo,
1880 tree, true, iph)) {
1881 return true;
1882 }
1883
1884 if ((!heur_first) && (dissector_try_heuristic(heur_subdissector_list, tvb,
1885 pinfo, tree, &hdtbl_entry,
1886 iph))) {
1887 return true;
1888 }
1889
1890 return false;
1891 }
1892
1893 static void
1894 export_pdu(tvbuff_t *tvb, packet_info *pinfo)
1895 {
1896 if (have_tap_listener(exported_pdu_tap)) {
1897 exp_pdu_data_t *exp_pdu_data = wmem_new0(pinfo->pool, exp_pdu_data_t);
1898
1899 exp_pdu_data->tvb_captured_length = tvb_captured_length(tvb);
1900 exp_pdu_data->tvb_reported_length = tvb_reported_length(tvb);
1901 exp_pdu_data->pdu_tvb = tvb;
1902 tap_queue_packet(exported_pdu_tap, pinfo, exp_pdu_data);
1903 }
1904 }
1905
1906 static struct ip_analysis *
1907 init_ip_conversation_data(packet_info *pinfo)
1908 {
1909 struct ip_analysis *ipd;
1910
1911 /* Initialize the ip protocol data structure to add to the ip conversation */
1912 ipd=wmem_new0(wmem_file_scope(), struct ip_analysis);
1913
1914 ipd->initial_frame = pinfo->num;
1915 ipd->stream = 0;
1916 ipd->stream = ip_stream_count++;
1917
1918 return ipd;
1919 }
1920
1921 struct ip_analysis *
1922 get_ip_conversation_data(conversation_t *conv, packet_info *pinfo)
1923 {
1924 struct ip_analysis *ipd;
1925
1926 /* Did the caller supply the conversation pointer? */
1927 if( conv==NULL ) {
1928 return NULL;
1929 }
1930
1931 /* Get the data for this conversation */
1932 ipd=(struct ip_analysis *)conversation_get_proto_data(conv, proto_ip);
1933
1934 if (!ipd) {
1935 ipd = init_ip_conversation_data(pinfo);
1936 conversation_add_proto_data(conv, proto_ip, ipd);
1937 }
1938
1939 if (!ipd) {
1940 return NULL;
1941 }
1942
1943 return ipd;
1944 }
1945
1946 static int
1947 dissect_ip_v4(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree, void* data _U_)
1948 {
1949 proto_tree *ip_tree, *field_tree = NULL;
1950 proto_item *ti, *tf;
1951 uint32_t addr;
1952 int offset = 0, dst_off;
1953 unsigned hlen, optlen;
1954 uint16_t ipsum;
1955 fragment_head *ipfd_head = NULL;
1956 tvbuff_t *next_tvb;
1957 bool update_col_info = true;
1958 bool save_fragmented;
1959 ws_ip4 *iph;
1960 uint32_t src32, dst32;
1961 proto_tree *tree;
1962 proto_item *item = NULL, *ttl_item;
1963 uint16_t ttl_valid;
1964 struct ip_analysis *ipd=NULL;
1965
1966 tree = parent_tree;
1967 iph = wmem_new0(pinfo->pool, ws_ip4);
1968
1969 col_set_str(pinfo->cinfo, COL_PROTOCOL, "IPv4");
1970 col_clear(pinfo->cinfo, COL_INFO);
1971
1972 iph->ip_ver = tvb_get_bits8(tvb, 0, 4);
1973
1974 hlen = tvb_get_bits8(tvb, 4, 4) * 4; /* IP header length, in bytes */
1975
1976 ti = proto_tree_add_item(tree, proto_ip, tvb, offset, hlen, ENC_NA);
1977 ip_tree = proto_item_add_subtree(ti, ett_ip);
1978
1979 tf = proto_tree_add_bits_item(ip_tree, hf_ip_version, tvb, 0, 4, ENC_NA);
1980 if (iph->ip_ver != 4) {
1981 col_add_fstr(pinfo->cinfo, COL_INFO,
1982 "Bogus IPv4 version (%u, must be 4)", iph->ip_ver);
1983 expert_add_info_format(pinfo, tf, &ei_ip_bogus_ip_version, "Bogus IPv4 version");
1984 /* I have a Linux cooked capture with ethertype IPv4 containing an IPv6 packet, continue dissection in that case*/
1985 if (iph->ip_ver == 6) {
1986 call_dissector(ipv6_handle, tvb, pinfo, tree);
1987 }
1988
1989 return tvb_captured_length(tvb);
1990 }
1991
1992 /* if IP is not referenced from any filters we don't need to worry about
1993 generating any tree items. We must do this after we created the actual
1994 protocol above so that proto hier stat still works though.
1995 XXX: Note that because of the following optimization expert items must
1996 not be generated inside of an 'if (tree) ...'
1997 so that Analyze ! Expert ... will work.
1998 */
1999 if (!proto_field_is_referenced(parent_tree, proto_ip)) {
2000 tree = NULL;
2001 }
2002
2003 if (hlen < IPH_MIN_LEN) {
2004 col_add_fstr(pinfo->cinfo, COL_INFO,
2005 "Bogus IP header length (%u, must be at least %u)",
2006 hlen, IPH_MIN_LEN);
2007 tf = proto_tree_add_uint_bits_format_value(ip_tree, hf_ip_hdr_len, tvb, (offset<<3)+4, 4, hlen,
2008 ENC_BIG_ENDIAN, "%u bytes (%u)", hlen, hlen>>2);
2009 expert_add_info_format(pinfo, tf, &ei_ip_bogus_header_length,
2010 "Bogus IP header length (%u, must be at least %u)", hlen, IPH_MIN_LEN);
2011 return tvb_captured_length(tvb);
2012 }
2013
2014 // This should be consistent with tcp.hdr_len.
2015 proto_tree_add_uint_bits_format_value(ip_tree, hf_ip_hdr_len, tvb, (offset<<3)+4, 4, hlen,
2016 ENC_BIG_ENDIAN, "%u bytes (%u)", hlen, hlen>>2);
2017
2018 iph->ip_tos = tvb_get_uint8(tvb, offset + 1);
2019 if (g_ip_dscp_actif) {
2020 col_add_str(pinfo->cinfo, COL_DSCP_VALUE,
2021 val_to_str_ext(IPDSFIELD_DSCP(iph->ip_tos), &dscp_short_vals_ext, "%u"));
2022 }
2023
2024 if (tree) {
2025 if (g_ip_dscp_actif) {
2026 tf = proto_tree_add_item(ip_tree, hf_ip_dsfield, tvb, offset + 1, 1, ENC_NA);
2027 proto_item_append_text(tf, " (DSCP: %s, ECN: %s)",
2028 val_to_str_ext_const(IPDSFIELD_DSCP(iph->ip_tos), &dscp_short_vals_ext, "Unknown"),
2029 val_to_str_ext_const(IPDSFIELD_ECN(iph->ip_tos), &ecn_short_vals_ext, "Unknown"));
2030
2031 field_tree = proto_item_add_subtree(tf, ett_ip_dsfield);
2032 proto_tree_add_item(field_tree, hf_ip_dsfield_dscp, tvb, offset + 1, 1, ENC_NA);
2033 proto_tree_add_item(field_tree, hf_ip_dsfield_ecn, tvb, offset + 1, 1, ENC_NA);
2034 } else {
2035 tf = proto_tree_add_uint_format_value(ip_tree, hf_ip_tos, tvb, offset + 1, 1,
2036 iph->ip_tos,
2037 "0x%02x (%s)",
2038 iph->ip_tos,
2039 val_to_str_const(IPTOS_TOS(iph->ip_tos),
2040 iptos_vals, "Unknown"));
2041
2042 field_tree = proto_item_add_subtree(tf, ett_ip_tos);
2043 proto_tree_add_item(field_tree, hf_ip_tos_precedence, tvb, offset + 1, 1, ENC_NA);
2044 proto_tree_add_item(field_tree, hf_ip_tos_delay, tvb, offset + 1, 1, ENC_NA);
2045 proto_tree_add_item(field_tree, hf_ip_tos_throughput, tvb, offset + 1, 1, ENC_NA);
2046 proto_tree_add_item(field_tree, hf_ip_tos_reliability, tvb, offset + 1, 1, ENC_NA);
2047 proto_tree_add_item(field_tree, hf_ip_tos_cost, tvb, offset + 1, 1, ENC_NA);
2048 }
2049 }
2050
2051 /* Length of IP datagram.
2052 XXX - what if this is greater than the reported length of the
2053 tvbuff? This could happen, for example, in an IP datagram
2054 inside an ICMP datagram; we need to somehow let the
2055 dissector we call know that, as it might want to avoid
2056 doing its checksumming. */
2057 iph->ip_len = tvb_get_ntohs(tvb, offset + 2);
2058
2059 if (iph->ip_len < hlen) {
2060 if (ip_tso_supported && !iph->ip_len) {
2061 /* TSO support enabled, and zero length. Assume the zero length is
2062 * the result of TSO, and use the reported length instead. Note that
2063 * we need to use the frame/reported length instead of the actually-
2064 * available length, just in case a snaplen was used on capture. */
2065 iph->ip_len = tvb_reported_length(tvb);
2066 if (tree) {
2067 tf = proto_tree_add_uint_format_value(ip_tree, hf_ip_len, tvb, offset + 2, 2,
2068 iph->ip_len,
2069 "%u bytes (reported as 0, presumed to be because of \"TCP segmentation offload\" (TSO))",
2070 iph->ip_len);
2071 proto_item_set_generated(tf);
2072 }
2073 } else {
2074 /* TSO support not enabled, or non-zero length, so treat it as an error. */
2075 col_add_fstr(pinfo->cinfo, COL_INFO,
2076 "Bogus IP length (%u, less than header length %u)",
2077 iph->ip_len, hlen);
2078 tf = proto_tree_add_uint_format_value(ip_tree, hf_ip_len, tvb, offset + 2, 2,
2079 iph->ip_len,
2080 "%u bytes (bogus, less than header length %u)",
2081 iph->ip_len, hlen);
2082 expert_add_info(pinfo, tf, &ei_ip_bogus_ip_length);
2083 /* Can't dissect any further */
2084 return tvb_captured_length(tvb);
2085 }
2086 } else {
2087 tf = proto_tree_add_uint(ip_tree, hf_ip_len, tvb, offset + 2, 2, iph->ip_len);
2088 if (iph->ip_len > tvb_reported_length(tvb)) {
2089 /*
2090 * Length runs past the data we're given.
2091 * Note that if not in a ICMP error packet.
2092 */
2093 if (!pinfo->flags.in_error_pkt) {
2094 expert_add_info_format(pinfo, tf, &ei_ip_bogus_ip_length,
2095 "IPv4 total length exceeds packet length (%u bytes)",
2096 tvb_reported_length(tvb));
2097 }
2098 } else {
2099 /*
2100 * Now that we know that the total length of this IP datagram isn't
2101 * obviously bogus, adjust the length of this tvbuff to include only
2102 * the IP datagram.
2103 */
2104 set_actual_length(tvb, iph->ip_len);
2105 }
2106 }
2107
2108 /* Only export after adjusting the length */
2109 export_pdu(tvb, pinfo);
2110
2111 iph->ip_id = tvb_get_ntohs(tvb, offset + 4);
2112 if (tree)
2113 proto_tree_add_uint(ip_tree, hf_ip_id, tvb, offset + 4, 2, iph->ip_id);
2114
2115 iph->ip_off = tvb_get_ntohs(tvb, offset + 6);
2116
2117 if (ip_security_flag) {
2118 /* RFC 3514 - The Security Flag in the IPv4 Header (April Fool's joke) */
2119 static int * const ip_flags_evil[] = {
2120 &hf_ip_flags_sf,
2121 &hf_ip_flags_df,
2122 &hf_ip_flags_mf,
2123 NULL
2124 };
2125
2126 tf = proto_tree_add_bitmask_with_flags(ip_tree, tvb, offset + 6, hf_ip_flags,
2127 ett_ip_flags, ip_flags_evil, ENC_BIG_ENDIAN, BMT_NO_FALSE | BMT_NO_TFS | BMT_NO_INT);
2128 if (iph->ip_off & IP_RF) {
2129 expert_add_info(pinfo, tf, &ei_ip_evil_packet);
2130 }
2131 } else {
2132 static int * const ip_flags[] = {
2133 &hf_ip_flags_rf,
2134 &hf_ip_flags_df,
2135 &hf_ip_flags_mf,
2136 NULL
2137 };
2138 tf = proto_tree_add_bitmask_with_flags(ip_tree, tvb, offset + 6, hf_ip_flags,
2139 ett_ip_flags, ip_flags, ENC_BIG_ENDIAN, BMT_NO_FALSE | BMT_NO_TFS | BMT_NO_INT);
2140 }
2141
2142 tf = proto_tree_add_uint_format_value(ip_tree, hf_ip_frag_offset, tvb, offset + 6, 2,
2143 iph->ip_off, "%u", (iph->ip_off & IP_OFFSET) * 8);
2144
2145 iph->ip_ttl = tvb_get_uint8(tvb, offset + 8);
2146 ttl_item = proto_tree_add_item(ip_tree, hf_ip_ttl, tvb, offset + 8, 1, ENC_BIG_ENDIAN);
2147
2148 iph->ip_proto = tvb_get_uint8(tvb, offset + 9);
2149 if (tree) {
2150 proto_tree_add_item(ip_tree, hf_ip_proto, tvb, offset + 9, 1, ENC_BIG_ENDIAN);
2151 }
2152
2153 iph->ip_sum = tvb_get_ntohs(tvb, offset + 10);
2154
2155 /*
2156 * If checksum checking is enabled, and we have the entire IP header
2157 * available, check the checksum.
2158 */
2159 if (ip_check_checksum && tvb_bytes_exist(tvb, offset, hlen)) {
2160 ipsum = ip_checksum_tvb(tvb, offset, hlen);
2161 item = proto_tree_add_checksum(ip_tree, tvb, offset + 10, hf_ip_checksum, hf_ip_checksum_status, &ei_ip_checksum_bad, pinfo, ipsum,
2162 ENC_BIG_ENDIAN, PROTO_CHECKSUM_VERIFY|PROTO_CHECKSUM_IN_CKSUM);
2163 /*
2164 * ip_checksum_tvb() should never return 0xFFFF here, because, to
2165 * quote RFC 1624 section 3 "Discussion":
2166 *
2167 * In one's complement, there are two representations of
2168 * zero: the all zero and the all one bit values, often
2169 * referred to as +0 and -0. One's complement addition
2170 * of non-zero inputs can produce -0 as a result, but
2171 * never +0. Since there is guaranteed to be at least
2172 * one non-zero field in the IP header, and the checksum
2173 * field in the protocol header is the complement of the
2174 * sum, the checksum field can never contain ~(+0), which
2175 * is -0 (0xFFFF). It can, however, contain ~(-0), which
2176 * is +0 (0x0000).
2177 *
2178 * ip_checksum_tvb() checksums the IPv4 header, where the "version"
2179 * field is 4, ensuring that, in a valid IPv4 header, there is at
2180 * least one non-zero field. We've already verified that the
2181 * version is 4.
2182 *
2183 * ip_checksum_tvb() returns the negation of the one's-complement
2184 * sum of all the data handed to it, and that data won't be
2185 * all zero, so the sum won't be 0 (+0), and thus the negation
2186 * won't be -0, i.e. won't be 0xFFFF.
2187 */
2188 if (ipsum == 0) {
2189 /* XXX - Keeping hf_ip_checksum_calculated field for now. Doesn't fit into the
2190 proto_tree_add_checksum design, but IP is a popular enough dissector that somebody
2191 may have a legitimate reason for wanting it filtered */
2192 item = proto_tree_add_uint(ip_tree, hf_ip_checksum_calculated, tvb,
2193 offset + 10, 2, iph->ip_sum);
2194 proto_item_set_generated(item);
2195 } else {
2196 proto_item_append_text(item, "(may be caused by \"IP checksum offload\"?)");
2197
2198 item = proto_tree_add_uint(ip_tree, hf_ip_checksum_calculated, tvb,
2199 offset + 10, 2, in_cksum_shouldbe(iph->ip_sum, ipsum));
2200 proto_item_set_generated(item);
2201 }
2202 } else {
2203 ipsum = 0;
2204 proto_tree_add_uint_format_value(ip_tree, hf_ip_checksum, tvb,
2205 offset + 10, 2, iph->ip_sum,
2206 "0x%04x [%s]",
2207 iph->ip_sum,
2208 ip_check_checksum ?
2209 "not all data available" :
2210 "validation disabled");
2211 item = proto_tree_add_uint(ip_tree, hf_ip_checksum_status, tvb,
2212 offset + 10, 0, PROTO_CHECKSUM_E_UNVERIFIED);
2213 proto_item_set_generated(item);
2214 }
2215 src32 = tvb_get_ntohl(tvb, offset + IPH_SRC);
2216 set_address_tvb(&pinfo->net_src, AT_IPv4, 4, tvb, offset + IPH_SRC);
2217 copy_address_shallow(&pinfo->src, &pinfo->net_src);
2218 copy_address_shallow(&iph->ip_src, &pinfo->src);
2219 if (tree) {
2220 const char *src_host;
2221
2222 memcpy(&addr, iph->ip_src.data, 4);
2223 if (ip_summary_in_tree) {
2224 proto_item_append_text(ti, ", Src: %s", address_with_resolution_to_str(pinfo->pool, &iph->ip_src));
2225 }
2226 proto_tree_add_ipv4(ip_tree, hf_ip_src, tvb, offset + 12, 4, addr);
2227 item = proto_tree_add_ipv4(ip_tree, hf_ip_addr, tvb, offset + 12, 4, addr);
2228 proto_item_set_hidden(item);
2229 if (proto_field_is_referenced(ip_tree, hf_ip_src_host) || proto_field_is_referenced(ip_tree, hf_ip_host)) {
2230 src_host = get_hostname_wmem(pinfo->pool, addr);
2231 item = proto_tree_add_string(ip_tree, hf_ip_src_host, tvb, offset + 12, 4,
2232 src_host);
2233 proto_item_set_generated(item);
2234 proto_item_set_hidden(item);
2235 item = proto_tree_add_string(ip_tree, hf_ip_host, tvb, offset + 12, 4,
2236 src_host);
2237 proto_item_set_generated(item);
2238 proto_item_set_hidden(item);
2239 }
2240 }
2241
2242 /* If there's an IP strict or loose source routing option, then the final
2243 * L3 IP destination address will be the last entry in the routing header
2244 * EXCEPT when the table is exhausted (pointer is greater than the length).
2245 * In this case, the final L3 IP destination address is the one in the L3
2246 * header. (REF: https://tools.ietf.org/html/rfc791#section-3.1)
2247 */
2248 if (hlen > IPH_MIN_LEN) {
2249 /* There's more than just the fixed-length header. See if we've got
2250 * either a strict or loose source route option and if so, return the
2251 * offset into the tvb to where the real destination IP address is located.
2252 */
2253 dst_off = get_dst_offset(tvb, offset + 20, hlen - IPH_MIN_LEN);
2254 }
2255 else
2256 dst_off = 0;
2257
2258 dst32 = tvb_get_ntohl(tvb, offset + IPH_DST + dst_off);
2259 set_address_tvb(&pinfo->net_dst, AT_IPv4, 4, tvb, offset + IPH_DST + dst_off);
2260 copy_address_shallow(&pinfo->dst, &pinfo->net_dst);
2261 copy_address_shallow(&iph->ip_dst, &pinfo->net_dst);
2262
2263 /* If an IP is destined for an IP address in the Local Network Control Block
2264 * (e.g. 224.0.0.0/24), the packet should never be routed and the TTL would
2265 * be expected to be 1. (see RFC 3171) Flag a TTL greater than 1.
2266 *
2267 * Flag a low TTL if the packet is not destined for a multicast address
2268 * (e.g. 224.0.0.0/4) ... and the payload isn't protocol 103 (PIM).
2269 * (see https://tools.ietf.org/html/rfc3973#section-4.7).
2270 */
2271 if (in4_addr_is_local_network_control_block(dst32)) {
2272 if (iph->ip_proto == IP_PROTO_IGMP)
2273 ttl_valid = IPLOCAL_NETWRK_CTRL_BLK_DEFAULT_TTL;
2274 else
2275 ttl_valid = local_network_control_block_addr_valid_ttl(dst32);
2276 if (iph->ip_ttl != ttl_valid && ttl_valid != IPLOCAL_NETWRK_CTRL_BLK_ANY_TTL) {
2277 expert_add_info_format(pinfo, ttl_item, &ei_ip_ttl_lncb, "\"Time To Live\" != %d for a packet sent to the "
2278 "Local Network Control Block (see RFC 3171)",
2279 ttl_valid);
2280 }
2281 } else if (iph->ip_ttl < 5 && !in4_addr_is_multicast(dst32) &&
2282 /* At least BGP should appear here as well */
2283 iph->ip_proto != IP_PROTO_PIM &&
2284 iph->ip_proto != IP_PROTO_OSPF) {
2285 expert_add_info_format(pinfo, ttl_item, &ei_ip_ttl_too_small, "\"Time To Live\" only %u", iph->ip_ttl);
2286 }
2287
2288 if (tree) {
2289 const char *dst_host;
2290
2291 memcpy(&addr, iph->ip_dst.data, 4);
2292 if (ip_summary_in_tree) {
2293 proto_item_append_text(ti, ", Dst: %s", address_with_resolution_to_str(pinfo->pool, &iph->ip_dst));
2294 }
2295
2296 if (dst_off) {
2297 uint32_t cur_rt;
2298
2299 cur_rt = tvb_get_ipv4(tvb, offset + 16);
2300 if (ip_summary_in_tree) {
2301 proto_item_append_text(ti, ", Via: %s",
2302 tvb_address_with_resolution_to_str(pinfo->pool, tvb, AT_IPv4, offset + 16));
2303 }
2304 proto_tree_add_ipv4(ip_tree, hf_ip_cur_rt, tvb, offset + 16, 4, cur_rt);
2305 if (proto_field_is_referenced(ip_tree, hf_ip_cur_rt_host)) {
2306 item = proto_tree_add_string(ip_tree, hf_ip_cur_rt_host, tvb,
2307 offset + 16, 4, get_hostname_wmem(pinfo->pool, cur_rt));
2308 proto_item_set_generated(item);
2309 proto_item_set_hidden(item);
2310 }
2311 }
2312 else {
2313 proto_tree_add_ipv4(ip_tree, hf_ip_dst, tvb, offset + 16, 4, addr);
2314 item = proto_tree_add_ipv4(ip_tree, hf_ip_addr, tvb, offset + 16, 4,
2315 addr);
2316 proto_item_set_hidden(item);
2317 if (proto_field_is_referenced(ip_tree, hf_ip_dst_host) || proto_field_is_referenced(ip_tree, hf_ip_host)) {
2318 dst_host = get_hostname_wmem(pinfo->pool, addr);
2319 item = proto_tree_add_string(ip_tree, hf_ip_dst_host, tvb, offset + 16,
2320 4, dst_host);
2321 proto_item_set_generated(item);
2322 proto_item_set_hidden(item);
2323 item = proto_tree_add_string(ip_tree, hf_ip_host, tvb,
2324 offset + 16 + dst_off, 4, dst_host);
2325 proto_item_set_generated(item);
2326 proto_item_set_hidden(item);
2327 }
2328 }
2329
2330 if (gbl_resolv_flags.maxmind_geoip) {
2331 add_geoip_info(ip_tree, pinfo, tvb, offset, src32, dst32);
2332 }
2333 }
2334
2335 /* Decode IP options, if any. */
2336 if (hlen > IPH_MIN_LEN) {
2337 /* There's more than just the fixed-length header. Decode the options. */
2338 optlen = hlen - IPH_MIN_LEN; /* length of options, in bytes */
2339 field_tree = proto_tree_add_subtree_format(ip_tree, tvb, offset + 20, optlen,
2340 ett_ip_options, &tf, "Options: (%u bytes)", optlen);
2341 dissect_ip_options(tvb, offset + 20, optlen, pinfo, field_tree, tf, iph);
2342 }
2343
2344 p_add_proto_data(pinfo->pool, pinfo, proto_ip, pinfo->curr_layer_num, GUINT_TO_POINTER((unsigned)iph->ip_proto));
2345 tap_queue_packet(ip_tap, pinfo, iph);
2346
2347 /* Skip over header + options */
2348 offset += hlen;
2349
2350 /* If ip_defragment is on, this is a fragment, we have all the data
2351 * in the fragment, and the header checksum is valid, then just add
2352 * the fragment to the hashtable.
2353 */
2354 save_fragmented = pinfo->fragmented;
2355 if (ip_defragment && (iph->ip_off & (IP_MF|IP_OFFSET)) &&
2356 iph->ip_len > hlen &&
2357 tvb_bytes_exist(tvb, offset, iph->ip_len - hlen) &&
2358 ipsum == 0) {
2359 uint32_t frag_id;
2360 frag_id = iph->ip_proto ^ iph->ip_id ^ src32 ^ dst32;
2361 /* XXX: Should there be a way to force the VLAN ID not to
2362 * be taken into account for reassembly even with non publicly
2363 * routable IP addresses?
2364 */
2365 if (in4_addr_is_private(dst32) || in4_addr_is_private(src32) ||
2366 in4_addr_is_link_local(dst32) || in4_addr_is_link_local(src32) ||
2367 prefs.strict_conversation_tracking_heuristics) {
2368 frag_id ^= pinfo->vlan_id;
2369 }
2370 ipfd_head = fragment_add_check(&ip_reassembly_table, tvb, offset,
2371 pinfo,
2372 frag_id,
2373 NULL,
2374 (iph->ip_off & IP_OFFSET) * 8,
2375 iph->ip_len - hlen,
2376 iph->ip_off & IP_MF);
2377
2378 next_tvb = process_reassembled_data(tvb, offset, pinfo, "Reassembled IPv4",
2379 ipfd_head, &ip_frag_items,
2380 &update_col_info, ip_tree);
2381 } else {
2382 /* If this is the first fragment, dissect its contents, otherwise
2383 just show it as a fragment.
2384
2385 XXX - if we eventually don't save the reassembled contents of all
2386 fragmented datagrams, we may want to always reassemble. */
2387 if (iph->ip_off & IP_OFFSET) {
2388 /* Not the first fragment - don't dissect it. */
2389 next_tvb = NULL;
2390 } else {
2391 /* First fragment, or not fragmented. Dissect what we have here. */
2392
2393 /* Get a tvbuff for the payload. */
2394 next_tvb = tvb_new_subset_remaining(tvb, offset);
2395
2396 /*
2397 * If this is the first fragment, but not the only fragment,
2398 * tell the next protocol that.
2399 */
2400 if (iph->ip_off & IP_MF)
2401 pinfo->fragmented = true;
2402 else
2403 pinfo->fragmented = false;
2404 }
2405 }
2406
2407 #if 0
2408 /* This would be automatic, but have the side effect that the stream IDs
2409 * would depend on the order in which packets were dissected with a visible
2410 * tree (e.g., clicking on them in Wireshark) instead of always being the
2411 * same for a given file, which is probably unexpected.
2412 */
2413 if (proto_field_is_referenced(tree, hf_stream_id) || have_tap_listener(ip_tap)) {
2414 #endif
2415 if (ip_track_conv_id) {
2416 conversation_t *conv;
2417
2418 /* find (and extend) an existing conversation, or create a new one */
2419 conv = find_conversation_strat(pinfo, CONVERSATION_IP, NO_PORT_X);
2420 if(!conv) {
2421 conv=conversation_new_strat(pinfo, CONVERSATION_IP, NO_PORTS);
2422 }
2423 else {
2424 /*
2425 * while not strictly necessary because there is only 1
2426 * conversation between 2 IPs, we still move the last frame
2427 * indicator as being a usual practice.
2428 */
2429 if (!(pinfo->fd->visited)) {
2430 if (pinfo->num > conv->last_frame) {
2431 conv->last_frame = pinfo->num;
2432 }
2433 }
2434 }
2435
2436 ipd = get_ip_conversation_data(conv, pinfo);
2437 if(ipd) {
2438 iph->ip_stream = ipd->stream;
2439
2440 item = proto_tree_add_uint(ip_tree, hf_ip_stream, tvb, offset, 0, ipd->stream);
2441 proto_item_set_generated(item);
2442 }
2443 }
2444
2445 if (next_tvb == NULL) {
2446 /* Just show this as a fragment. */
2447 col_add_fstr(pinfo->cinfo, COL_INFO,
2448 "Fragmented IP protocol (proto=%s %u, off=%u, ID=%04x)",
2449 ipprotostr(iph->ip_proto), iph->ip_proto,
2450 (iph->ip_off & IP_OFFSET) * 8, iph->ip_id);
2451 if ( ipfd_head && ipfd_head->reassembled_in != pinfo->num ) {
2452 col_append_frame_number(pinfo, COL_INFO, " [Reassembled in #%u]",
2453 ipfd_head->reassembled_in);
2454 }
2455
2456 call_data_dissector(tvb_new_subset_remaining(tvb, offset), pinfo,
2457 parent_tree);
2458 pinfo->fragmented = save_fragmented;
2459 return tvb_captured_length(tvb);
2460 }
2461
2462 if (tvb_reported_length(next_tvb) > 0) {
2463 /* Hand off to the next protocol.
2464
2465 XXX - setting the columns only after trying various dissectors means
2466 that if one of those dissectors throws an exception, the frame won't
2467 even be labeled as an IP frame; ideally, if a frame being dissected
2468 throws an exception, it'll be labeled as a mangled frame of the
2469 type in question. */
2470 if (!ip_try_dissect(try_heuristic_first, iph->ip_proto, next_tvb, pinfo,
2471 parent_tree, iph)) {
2472 /* Unknown protocol */
2473 if (update_col_info) {
2474 col_add_fstr(pinfo->cinfo, COL_INFO, "%s (%u)",
2475 ipprotostr(iph->ip_proto), iph->ip_proto);
2476 }
2477 call_data_dissector(next_tvb, pinfo, parent_tree);
2478 }
2479 }
2480 pinfo->fragmented = save_fragmented;
2481 return tvb_captured_length(tvb);
2482 }
2483
2484 static int
2485 dissect_ip(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _U_)
2486 {
2487 proto_tree *ip_tree;
2488 proto_item *ti, *tf;
2489 uint8_t version;
2490
2491 version = tvb_get_uint8(tvb, 0) >> 4;
2492
2493 if(version == 4){
2494 return dissect_ip_v4(tvb, pinfo, tree, data);
2495 }
2496 if(version == 6){
2497 return call_dissector(ipv6_handle, tvb, pinfo, tree);
2498 }
2499
2500 /* Bogus IP version */
2501 ti = proto_tree_add_protocol_format(tree, proto_ip, tvb, 0, 1, "Internet Protocol, bogus version (%u)", version);
2502 col_set_str(pinfo->cinfo, COL_PROTOCOL, "IP");
2503 col_clear(pinfo->cinfo, COL_INFO);
2504 col_add_fstr(pinfo->cinfo, COL_INFO, "Bogus IP version (%u)", version);
2505 ip_tree = proto_item_add_subtree(ti, ett_ip);
2506 tf = proto_tree_add_bits_item(ip_tree, hf_ip_version, tvb, 0, 4, ENC_NA);
2507 expert_add_info(pinfo, tf, &ei_ip_bogus_ip_version);
2508 return 1;
2509 }
2510
2511 static bool
2512 dissect_ip_heur(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data _U_)
2513 {
2514 int length, tot_length;
2515 uint8_t oct, version, ihl;
2516
2517 /*
2518 0 1 2 3
2519 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
2520 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
2521 |Version| IHL |Type of Service| Total Length |
2522 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
2523
2524 */
2525 length = tvb_captured_length(tvb);
2526 if(length<4){
2527 /* Need at least 4 bytes to make some sort of decision */
2528 return false;
2529 }
2530 oct = tvb_get_uint8(tvb,0);
2531 ihl = oct & 0x0f;
2532 version = oct >> 4;
2533 if(version == 6){
2534 /*
2535 3. IPv6 Header Format
2536
2537 0 1 2 3
2538 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
2539 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
2540 |Version| Traffic Class | Flow Label |
2541 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
2542 | Payload Length | Next Header | Hop Limit |
2543 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
2544 | |
2545 + +
2546 | |
2547 + Source Address +
2548 | |
2549 + +
2550 | |
2551 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
2552 | |
2553 + +
2554 | |
2555 + Destination Address +
2556 | |
2557 + +
2558 | |
2559 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
2560
2561 Version 4-bit Internet Protocol version number = 6.
2562
2563 Traffic Class 8-bit traffic class field. See section 7.
2564
2565 Flow Label 20-bit flow label. See section 6.
2566
2567 Payload Length 16-bit unsigned integer. Length of the IPv6
2568 payload, i.e., the rest of the packet following
2569 this IPv6 header, in octets. (Note that any
2570 extension headers [section 4] present are
2571 considered part of the payload, i.e., included
2572 in the length count.)
2573
2574
2575 */
2576 if(length<8){
2577 /* Need at least 8 bytes to make a decision */
2578 return false;
2579 }
2580 tot_length = tvb_get_ntohs(tvb,4);
2581 if((tot_length + 40) != (int)tvb_reported_length(tvb)){
2582 return false;
2583 }
2584 call_dissector(ipv6_handle, tvb, pinfo, tree);
2585 return true;
2586 }
2587 /* version == IPv4 , the minimum value for a correct header is 5 */
2588 if((version != 4)|| (ihl < 5)){
2589 return false;
2590 }
2591 /* Total Length is the length of the datagram, measured in octets,
2592 * including internet header and data.
2593 */
2594 tot_length = tvb_get_ntohs(tvb,2);
2595
2596 if(tot_length != (int)tvb_reported_length(tvb)){
2597 return false;
2598 }
2599
2600 dissect_ip_v4(tvb, pinfo, tree, data);
2601 return true;
2602 }
2603
2604 static void
2605 ip_init(void)
2606 {
2607 ip_stream_count = 0;
2608 }
2609
2610 void
2611 proto_register_ip(void)
2612 {
2613 static hf_register_info hf[] = {
2614 { &hf_ip_version,
2615 { "Version", "ip.version", FT_UINT8, BASE_DEC,
2616 NULL, 0x00, NULL, HFILL }},
2617
2618 // "IHL" in https://tools.ietf.org/html/rfc791#section-3.1 and
2619 // https://en.wikipedia.org/wiki/IPv4#Header
2620 { &hf_ip_hdr_len,
2621 { "Header Length", "ip.hdr_len", FT_UINT8, BASE_DEC,
2622 NULL, 0x0, "Header length in 32-bit words", HFILL }},
2623
2624 { &hf_ip_dsfield,
2625 { "Differentiated Services Field", "ip.dsfield", FT_UINT8, BASE_HEX,
2626 NULL, 0x0, NULL, HFILL }},
2627
2628 { &hf_ip_dsfield_dscp,
2629 { "Differentiated Services Codepoint", "ip.dsfield.dscp", FT_UINT8, BASE_DEC | BASE_EXT_STRING,
2630 &dscp_vals_ext, IPDSFIELD_DSCP_MASK, NULL, HFILL }},
2631
2632 { &hf_ip_dsfield_ecn,
2633 { "Explicit Congestion Notification", "ip.dsfield.ecn", FT_UINT8, BASE_DEC | BASE_EXT_STRING,
2634 &ecn_vals_ext, IPDSFIELD_ECN_MASK, NULL, HFILL }},
2635
2636 { &hf_ip_tos,
2637 { "Type of Service", "ip.tos", FT_UINT8, BASE_DEC,
2638 NULL, 0x0, NULL, HFILL }},
2639
2640 { &hf_ip_tos_precedence,
2641 { "Precedence", "ip.tos.precedence", FT_UINT8, BASE_DEC,
2642 VALS(precedence_vals), IPTOS_PREC_MASK, NULL, HFILL }},
2643
2644 { &hf_ip_tos_delay,
2645 { "Delay", "ip.tos.delay", FT_BOOLEAN, 8,
2646 TFS(&tfs_low_normal), IPTOS_LOWDELAY, NULL, HFILL }},
2647
2648 { &hf_ip_tos_throughput,
2649 { "Throughput", "ip.tos.throughput", FT_BOOLEAN, 8,
2650 TFS(&tfs_high_normal), IPTOS_THROUGHPUT, NULL, HFILL }},
2651
2652 { &hf_ip_tos_reliability,
2653 { "Reliability", "ip.tos.reliability", FT_BOOLEAN, 8,
2654 TFS(&tfs_high_normal), IPTOS_RELIABILITY, NULL, HFILL }},
2655
2656 { &hf_ip_tos_cost,
2657 { "Cost", "ip.tos.cost", FT_BOOLEAN, 8,
2658 TFS(&tfs_low_normal), IPTOS_LOWCOST, NULL, HFILL }},
2659
2660 { &hf_ip_len,
2661 { "Total Length", "ip.len", FT_UINT16, BASE_DEC,
2662 NULL, 0x0, NULL, HFILL }},
2663
2664 { &hf_ip_id,
2665 { "Identification", "ip.id", FT_UINT16, BASE_HEX_DEC,
2666 NULL, 0x0, NULL, HFILL }},
2667
2668 { &hf_ip_dst,
2669 { "Destination Address", "ip.dst", FT_IPv4, BASE_NONE,
2670 NULL, 0x0, NULL, HFILL }},
2671
2672 { &hf_ip_dst_host,
2673 { "Destination Host", "ip.dst_host", FT_STRING, BASE_NONE,
2674 NULL, 0x0, NULL, HFILL }},
2675
2676 { &hf_ip_src,
2677 { "Source Address", "ip.src", FT_IPv4, BASE_NONE,
2678 NULL, 0x0, NULL, HFILL }},
2679
2680 { &hf_ip_src_host,
2681 { "Source Host", "ip.src_host", FT_STRING, BASE_NONE,
2682 NULL, 0x0, NULL, HFILL }},
2683
2684 { &hf_ip_addr,
2685 { "Source or Destination Address", "ip.addr", FT_IPv4, BASE_NONE,
2686 NULL, 0x0, NULL, HFILL }},
2687
2688 { &hf_ip_host,
2689 { "Source or Destination Host", "ip.host", FT_STRING, BASE_NONE,
2690 NULL, 0x0, NULL, HFILL }},
2691
2692 { &hf_ip_stream,
2693 { "Stream index", "ip.stream", FT_UINT32, BASE_DEC,
2694 NULL, 0x0, NULL, HFILL }},
2695
2696 { &hf_geoip_country,
2697 { "Source or Destination GeoIP Country", "ip.geoip.country",
2698 FT_STRING, BASE_NONE, NULL, 0x0, NULL, HFILL }},
2699 { &hf_geoip_country_iso,
2700 { "Source or Destination GeoIP ISO Two Letter Country Code", "ip.geoip.country_iso",
2701 FT_STRING, BASE_NONE, NULL, 0x0, NULL, HFILL }},
2702 { &hf_geoip_city,
2703 { "Source or Destination GeoIP City", "ip.geoip.city",
2704 FT_STRING, BASE_NONE, NULL, 0x0, NULL, HFILL }},
2705 { &hf_geoip_as_number,
2706 { "Source or Destination GeoIP AS Number", "ip.geoip.asnum",
2707 FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }},
2708 { &hf_geoip_as_org,
2709 { "Source or Destination GeoIP AS Organization", "ip.geoip.org",
2710 FT_STRING, BASE_NONE, NULL, 0x0, NULL, HFILL }},
2711 { &hf_geoip_latitude,
2712 { "Source or Destination GeoIP Latitude", "ip.geoip.lat",
2713 FT_DOUBLE, BASE_NONE, NULL, 0x0, NULL, HFILL }},
2714 { &hf_geoip_longitude,
2715 { "Source or Destination GeoIP Longitude", "ip.geoip.lon",
2716 FT_DOUBLE, BASE_NONE, NULL, 0x0, NULL, HFILL }},
2717 { &hf_geoip_src_summary,
2718 { "Source GeoIP", "ip.geoip.src_summary",
2719 FT_STRING, BASE_NONE, NULL, 0x0, NULL, HFILL }},
2720 { &hf_geoip_src_country,
2721 { "Source GeoIP Country", "ip.geoip.src_country",
2722 FT_STRING, BASE_NONE, NULL, 0x0, NULL, HFILL }},
2723 { &hf_geoip_src_country_iso,
2724 { "Source GeoIP ISO Two Letter Country Code", "ip.geoip.src_country_iso",
2725 FT_STRING, BASE_NONE, NULL, 0x0, NULL, HFILL }},
2726 { &hf_geoip_src_city,
2727 { "Source GeoIP City", "ip.geoip.src_city",
2728 FT_STRING, BASE_NONE, NULL, 0x0, NULL, HFILL }},
2729 { &hf_geoip_src_as_number,
2730 { "Source GeoIP AS Number", "ip.geoip.src_asnum",
2731 FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }},
2732 { &hf_geoip_src_as_org,
2733 { "Source GeoIP AS Organization", "ip.geoip.src_org",
2734 FT_STRING, BASE_NONE, NULL, 0x0, NULL, HFILL }},
2735 { &hf_geoip_src_latitude,
2736 { "Source GeoIP Latitude", "ip.geoip.src_lat",
2737 FT_DOUBLE, BASE_NONE, NULL, 0x0, NULL, HFILL }},
2738 { &hf_geoip_src_longitude,
2739 { "Source GeoIP Longitude", "ip.geoip.src_lon",
2740 FT_DOUBLE, BASE_NONE, NULL, 0x0, NULL, HFILL }},
2741 { &hf_geoip_dst_summary,
2742 { "Destination GeoIP", "ip.geoip.dst_summary",
2743 FT_STRING, BASE_NONE, NULL, 0x0, NULL, HFILL }},
2744 { &hf_geoip_dst_country,
2745 { "Destination GeoIP Country", "ip.geoip.dst_country",
2746 FT_STRING, BASE_NONE, NULL, 0x0, NULL, HFILL }},
2747 { &hf_geoip_dst_country_iso,
2748 { "Destination GeoIP ISO Two Letter Country Code", "ip.geoip.dst_country_iso",
2749 FT_STRING, BASE_NONE, NULL, 0x0, NULL, HFILL }},
2750 { &hf_geoip_dst_city,
2751 { "Destination GeoIP City", "ip.geoip.dst_city",
2752 FT_STRING, BASE_NONE, NULL, 0x0, NULL, HFILL }},
2753 { &hf_geoip_dst_as_number,
2754 { "Destination GeoIP AS Number", "ip.geoip.dst_asnum",
2755 FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }},
2756 { &hf_geoip_dst_as_org,
2757 { "Destination GeoIP AS Organization", "ip.geoip.dst_org",
2758 FT_STRING, BASE_NONE, NULL, 0x0, NULL, HFILL }},
2759 { &hf_geoip_dst_latitude,
2760 { "Destination GeoIP Latitude", "ip.geoip.dst_lat",
2761 FT_DOUBLE, BASE_NONE, NULL, 0x0, NULL, HFILL }},
2762 { &hf_geoip_dst_longitude,
2763 { "Destination GeoIP Longitude", "ip.geoip.dst_lon",
2764 FT_DOUBLE, BASE_NONE, NULL, 0x0, NULL, HFILL }},
2765
2766 { &hf_ip_flags,
2767 { "Flags", "ip.flags", FT_UINT8, BASE_HEX,
2768 NULL, 0xE0, NULL, HFILL }},
2769
2770 { &hf_ip_flags_sf,
2771 { "Security flag", "ip.flags.sf", FT_BOOLEAN, 8,
2772 TFS(&flags_sf_set_evil), 0x80, "Security flag (RFC 3514)", HFILL }},
2773
2774 { &hf_ip_flags_rf,
2775 { "Reserved bit", "ip.flags.rb", FT_BOOLEAN, 8,
2776 TFS(&tfs_set_notset), 0x80, NULL, HFILL }},
2777
2778 { &hf_ip_flags_df,
2779 { "Don't fragment", "ip.flags.df", FT_BOOLEAN, 8,
2780 TFS(&tfs_set_notset), 0x40, NULL, HFILL }},
2781
2782 { &hf_ip_flags_mf,
2783 { "More fragments", "ip.flags.mf", FT_BOOLEAN, 8,
2784 TFS(&tfs_set_notset), 0x20, NULL, HFILL }},
2785
2786 { &hf_ip_frag_offset,
2787 { "Fragment Offset", "ip.frag_offset", FT_UINT16, BASE_DEC,
2788 NULL, IP_OFFSET, NULL, HFILL }},
2789
2790 { &hf_ip_ttl,
2791 { "Time to Live", "ip.ttl", FT_UINT8, BASE_DEC,
2792 NULL, 0x0, NULL, HFILL }},
2793
2794 { &hf_ip_proto,
2795 { "Protocol", "ip.proto", FT_UINT8, BASE_DEC | BASE_EXT_STRING,
2796 &ipproto_val_ext, 0x0, NULL, HFILL }},
2797
2798 { &hf_ip_checksum,
2799 { "Header Checksum", "ip.checksum", FT_UINT16, BASE_HEX,
2800 NULL, 0x0, NULL, HFILL }},
2801
2802 { &hf_ip_checksum_calculated,
2803 { "Calculated Checksum", "ip.checksum_calculated", FT_UINT16, BASE_HEX, NULL, 0x0,
2804 "The expected IP checksum field as calculated from the IP datagram", HFILL }},
2805
2806 { &hf_ip_checksum_status,
2807 { "Header checksum status", "ip.checksum.status", FT_UINT8, BASE_NONE, VALS(proto_checksum_vals), 0x0,
2808 NULL, HFILL }},
2809
2810 /* IP options related fields */
2811 { &hf_ip_opt_type,
2812 { "Type", "ip.opt.type", FT_UINT8, BASE_DEC,
2813 NULL, 0x0, NULL, HFILL }},
2814
2815 { &hf_ip_opt_type_copy,
2816 { "Copy on fragmentation", "ip.opt.type.copy", FT_BOOLEAN, 8,
2817 TFS(&tfs_yes_no), IPOPT_COPY_MASK, NULL, HFILL }},
2818
2819 { &hf_ip_opt_type_class,
2820 { "Class", "ip.opt.type.class", FT_UINT8, BASE_DEC,
2821 VALS(ipopt_type_class_vals), IPOPT_CLASS_MASK, NULL, HFILL }},
2822
2823 { &hf_ip_opt_type_number,
2824 { "Number", "ip.opt.type.number", FT_UINT8, BASE_DEC,
2825 VALS(ipopt_type_number_vals), IPOPT_NUMBER_MASK, NULL, HFILL }},
2826
2827 { &hf_ip_opt_len,
2828 { "Length", "ip.opt.len", FT_UINT8, BASE_DEC,
2829 NULL, 0x0, NULL, HFILL }},
2830
2831 { &hf_ip_opt_ptr,
2832 { "Pointer", "ip.opt.ptr", FT_UINT8, BASE_DEC,
2833 NULL, 0x0, NULL, HFILL }},
2834
2835 { &hf_ip_opt_sid,
2836 { "Stream Identifier", "ip.opt.sid", FT_UINT16, BASE_DEC,
2837 NULL, 0x0, "SATNET stream identifier", HFILL }},
2838
2839 { &hf_ip_opt_mtu,
2840 { "MTU", "ip.opt.mtu", FT_UINT16, BASE_DEC,
2841 NULL, 0x0, NULL, HFILL }},
2842
2843 { &hf_ip_opt_id_number,
2844 { "ID Number", "ip.opt.id_number", FT_UINT16, BASE_DEC,
2845 NULL, 0x0, NULL, HFILL }},
2846
2847 { &hf_ip_opt_ohc,
2848 { "Outbound Hop Count", "ip.opt.ohc", FT_UINT16, BASE_DEC,
2849 NULL, 0x0, NULL, HFILL }},
2850
2851 { &hf_ip_opt_rhc,
2852 { "Return Hop Count", "ip.opt.rhc", FT_UINT16, BASE_DEC,
2853 NULL, 0x0, NULL, HFILL }},
2854
2855 { &hf_ip_opt_originator,
2856 { "Originator IP Address", "ip.opt.originator", FT_IPv4, BASE_NONE,
2857 NULL, 0x0, NULL, HFILL }},
2858
2859 { &hf_ip_opt_ra,
2860 { "Router Alert", "ip.opt.ra", FT_UINT16, BASE_DEC | BASE_RANGE_STRING,
2861 RVALS(ra_rvals), 0x0, NULL, HFILL }},
2862
2863 { &hf_ip_opt_addr,
2864 { "IP Address", "ip.opt.addr", FT_IPv4, BASE_NONE,
2865 NULL, 0x0, NULL, HFILL }},
2866
2867 { &hf_ip_opt_padding,
2868 { "Padding", "ip.opt.padding", FT_BYTES, BASE_NONE,
2869 NULL, 0x0, NULL, HFILL }},
2870
2871 { &hf_ip_opt_qs_func,
2872 { "Function", "ip.opt.qs_func", FT_UINT8, BASE_DEC,
2873 VALS(qs_func_vals), QS_FUNC_MASK, NULL, HFILL }},
2874
2875 { &hf_ip_opt_qs_rate,
2876 { "Rate", "ip.opt.qs_rate", FT_UINT8, BASE_DEC | BASE_EXT_STRING,
2877 &qs_rate_vals_ext, QS_RATE_MASK, NULL, HFILL }},
2878
2879 { &hf_ip_opt_qs_ttl,
2880 { "QS TTL", "ip.opt.qs_ttl", FT_UINT8, BASE_DEC,
2881 NULL, 0x0, NULL, HFILL }},
2882
2883 { &hf_ip_opt_qs_ttl_diff,
2884 { "TTL Diff", "ip.opt.qs_ttl_diff", FT_UINT8, BASE_DEC,
2885 NULL, 0x0, NULL, HFILL }},
2886
2887 { &hf_ip_opt_qs_unused,
2888 { "Not Used", "ip.opt.qs_unused", FT_UINT8, BASE_DEC,
2889 NULL, 0x0, NULL, HFILL }},
2890
2891 { &hf_ip_opt_qs_nonce,
2892 { "QS Nonce", "ip.opt.qs_nonce", FT_UINT32, BASE_HEX,
2893 NULL, 0xFFFFFFFC, NULL, HFILL }},
2894
2895 { &hf_ip_opt_qs_reserved,
2896 { "Reserved", "ip.opt.qs_reserved", FT_UINT32, BASE_HEX,
2897 NULL, 0x00000003, NULL, HFILL }},
2898
2899 { &hf_ip_opt_sec_rfc791_sec,
2900 { "Security", "ip.opt.sec_rfc791_sec", FT_UINT16, BASE_HEX,
2901 VALS(secl_rfc791_vals), 0x0, NULL, HFILL }},
2902
2903 { &hf_ip_opt_sec_rfc791_comp,
2904 { "Compartments", "ip.opt.sec_rfc791_comp", FT_UINT16, BASE_DEC,
2905 NULL, 0x0, NULL, HFILL }},
2906
2907 { &hf_ip_opt_sec_rfc791_hr,
2908 { "Handling Restrictions", "ip.opt.sec_rfc791_hr", FT_STRING, BASE_NONE,
2909 NULL, 0x0, NULL, HFILL }},
2910
2911 { &hf_ip_opt_sec_rfc791_tcc,
2912 { "Transmission Control Code", "ip.opt.sec_rfc791_tcc", FT_STRING, BASE_NONE,
2913 NULL, 0x0, NULL, HFILL }},
2914
2915 { &hf_ip_opt_sec_cl,
2916 { "Classification Level", "ip.opt.sec_cl", FT_UINT8, BASE_HEX,
2917 VALS(sec_cl_vals), 0x0, NULL, HFILL }},
2918
2919 { &hf_ip_opt_sec_prot_auth_flags,
2920 { "Protection Authority Flags", "ip.opt.sec_prot_auth_flags", FT_UINT8, BASE_HEX,
2921 NULL, 0x0, NULL, HFILL }},
2922
2923 { &hf_ip_opt_sec_prot_auth_genser,
2924 { "GENSER", "ip.opt.sec_prot_auth_genser", FT_BOOLEAN, 8,
2925 TFS(&ip_opt_sec_prot_auth_flag_tfs), 0x80, NULL, HFILL }},
2926
2927 { &hf_ip_opt_sec_prot_auth_siop_esi,
2928 { "SIOP-ESI", "ip.opt.sec_prot_auth_siop_esi", FT_BOOLEAN, 8,
2929 TFS(&ip_opt_sec_prot_auth_flag_tfs), 0x40, NULL, HFILL }},
2930
2931 { &hf_ip_opt_sec_prot_auth_sci,
2932 { "SCI", "ip.opt.sec_prot_auth_sci", FT_BOOLEAN, 8,
2933 TFS(&ip_opt_sec_prot_auth_flag_tfs), 0x20, NULL, HFILL }},
2934
2935 { &hf_ip_opt_sec_prot_auth_nsa,
2936 { "NSA", "ip.opt.sec_prot_auth_nsa", FT_BOOLEAN, 8,
2937 TFS(&ip_opt_sec_prot_auth_flag_tfs), 0x10, NULL, HFILL }},
2938
2939 { &hf_ip_opt_sec_prot_auth_doe,
2940 { "DOE", "ip.opt.sec_prot_auth_doe", FT_BOOLEAN, 8,
2941 TFS(&ip_opt_sec_prot_auth_flag_tfs), 0x08, NULL, HFILL }},
2942
2943 { &hf_ip_opt_sec_prot_auth_unassigned,
2944 { "Unassigned", "ip.opt.sec_prot_auth_unassigned", FT_UINT8, BASE_HEX,
2945 NULL, 0x06, NULL, HFILL }},
2946
2947 { &hf_ip_opt_sec_prot_auth_unassigned2,
2948 { "Unassigned", "ip.opt.sec_prot_auth_unassigned", FT_UINT8, BASE_HEX,
2949 NULL, 0xFE, NULL, HFILL }},
2950
2951 { &hf_ip_opt_sec_prot_auth_fti,
2952 { "Field Termination Indicator", "ip.opt.sec_prot_auth_fti", FT_BOOLEAN, 8,
2953 TFS(&ip_opt_sec_prot_auth_fti_tfs), 0x01, NULL, HFILL }},
2954
2955 { &hf_ip_opt_ext_sec_add_sec_info_format_code,
2956 { "Additional Security Info Format Code", "ip.opt.ext_sec_add_sec_info_format_code", FT_UINT8, BASE_HEX,
2957 NULL, 0x0, NULL, HFILL }},
2958
2959 { &hf_ip_opt_ext_sec_add_sec_info,
2960 { "Additional Security Info", "ip.opt.ext_sec_add_sec_info", FT_BYTES, BASE_NONE,
2961 NULL, 0x0, NULL, HFILL }},
2962
2963 { &hf_ip_rec_rt,
2964 { "Recorded Route", "ip.rec_rt", FT_IPv4, BASE_NONE, NULL, 0x0,
2965 NULL, HFILL }},
2966
2967 { &hf_ip_rec_rt_host,
2968 { "Recorded Route Host", "ip.rec_rt_host", FT_STRING, BASE_NONE,
2969 NULL, 0x0, NULL, HFILL }},
2970
2971 { &hf_ip_cur_rt,
2972 { "Current Route", "ip.cur_rt", FT_IPv4, BASE_NONE, NULL, 0x0,
2973 NULL, HFILL }},
2974
2975 { &hf_ip_cur_rt_host,
2976 { "Current Route Host", "ip.cur_rt_host", FT_STRING, BASE_NONE,
2977 NULL, 0x0, NULL, HFILL }},
2978
2979 { &hf_ip_src_rt,
2980 { "Source Route", "ip.src_rt", FT_IPv4, BASE_NONE, NULL, 0x0,
2981 NULL, HFILL }},
2982
2983 { &hf_ip_src_rt_host,
2984 { "Source Route Host", "ip.src_rt_host", FT_STRING, BASE_NONE,
2985 NULL, 0x0, NULL, HFILL }},
2986
2987 { &hf_ip_empty_rt,
2988 { "Empty Route", "ip.empty_rt", FT_IPv4, BASE_NONE, NULL, 0x0,
2989 NULL, HFILL }},
2990
2991 { &hf_ip_empty_rt_host,
2992 { "Empty Route Host", "ip.empty_rt_host", FT_STRING, BASE_NONE,
2993 NULL, 0x0, NULL, HFILL }},
2994
2995 { &hf_ip_cipso_tag_type,
2996 { "Tag Type", "ip.cipso.tag_type", FT_UINT8, BASE_DEC,
2997 VALS(cipso_tag_type_vals), 0x0, NULL, HFILL }},
2998
2999
3000 { &hf_ip_fragment_overlap,
3001 { "Fragment overlap", "ip.fragment.overlap", FT_BOOLEAN, BASE_NONE,
3002 NULL, 0x0, "Fragment overlaps with other fragments", HFILL }},
3003
3004 { &hf_ip_fragment_overlap_conflict,
3005 { "Conflicting data in fragment overlap", "ip.fragment.overlap.conflict",
3006 FT_BOOLEAN, BASE_NONE, NULL, 0x0,
3007 "Overlapping fragments contained conflicting data", HFILL }},
3008
3009 { &hf_ip_fragment_multiple_tails,
3010 { "Multiple tail fragments found", "ip.fragment.multipletails",
3011 FT_BOOLEAN, BASE_NONE, NULL, 0x0,
3012 "Several tails were found when defragmenting the packet", HFILL }},
3013
3014 { &hf_ip_fragment_too_long_fragment,
3015 { "Fragment too long", "ip.fragment.toolongfragment",
3016 FT_BOOLEAN, BASE_NONE, NULL, 0x0,
3017 "Fragment contained data past end of packet", HFILL }},
3018
3019 { &hf_ip_fragment_error,
3020 { "Defragmentation error", "ip.fragment.error", FT_FRAMENUM, BASE_NONE,
3021 NULL, 0x0, "Defragmentation error due to illegal fragments", HFILL }},
3022
3023 { &hf_ip_fragment_count,
3024 { "Fragment count", "ip.fragment.count", FT_UINT32, BASE_DEC,
3025 NULL, 0x0, NULL, HFILL }},
3026
3027 { &hf_ip_fragment,
3028 { "IPv4 Fragment", "ip.fragment", FT_FRAMENUM, BASE_NONE,
3029 NULL, 0x0, NULL, HFILL }},
3030
3031 { &hf_ip_fragments,
3032 { "IPv4 Fragments", "ip.fragments", FT_BYTES, BASE_NONE,
3033 NULL, 0x0, NULL, HFILL }},
3034
3035 { &hf_ip_reassembled_in,
3036 { "Reassembled IPv4 in frame", "ip.reassembled_in", FT_FRAMENUM, BASE_NONE,
3037 NULL, 0x0, "This IPv4 packet is reassembled in this frame", HFILL }},
3038
3039 { &hf_ip_reassembled_length,
3040 { "Reassembled IPv4 length", "ip.reassembled.length", FT_UINT32, BASE_DEC,
3041 NULL, 0x0, "The total length of the reassembled payload", HFILL }},
3042
3043 { &hf_ip_reassembled_data,
3044 { "Reassembled IPv4 data", "ip.reassembled.data", FT_BYTES, BASE_NONE,
3045 NULL, 0x0, "The reassembled payload", HFILL }},
3046
3047 /* Generated from convert_proto_tree_add_text.pl */
3048 { &hf_ip_cipso_doi, { "DOI", "ip.cipso.doi", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }},
3049 { &hf_ip_cipso_sensitivity_level, { "Sensitivity Level", "ip.cipso.sensitivity_level", FT_UINT8, BASE_DEC, NULL, 0x0, NULL, HFILL }},
3050 { &hf_ip_cipso_categories, { "Categories", "ip.cipso.categories", FT_STRING, BASE_NONE, NULL, 0x0, NULL, HFILL }},
3051 { &hf_ip_cipso_tag_data, { "Tag data", "ip.cipso.tag_data", FT_BYTES, BASE_NONE, NULL, 0x0, NULL, HFILL }},
3052 { &hf_ip_opt_overflow, { "Overflow", "ip.opt.overflow", FT_UINT8, BASE_DEC, NULL, 0xF0, NULL, HFILL }},
3053 { &hf_ip_opt_flag, { "Flag", "ip.opt.flag", FT_UINT8, BASE_HEX, VALS(ipopt_timestamp_flag_vals), 0x0F, NULL, HFILL }},
3054 { &hf_ip_opt_time_stamp, { "Time stamp", "ip.opt.time_stamp", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }},
3055 { &hf_ip_opt_time_stamp_addr, { "Address", "ip.opt.time_stamp_addr", FT_IPv4, BASE_NONE, NULL, 0x0, NULL, HFILL }},
3056
3057 };
3058
3059 static int *ett[] = {
3060 &ett_ip,
3061 &ett_ip_dsfield,
3062 &ett_ip_tos,
3063 &ett_ip_flags,
3064 &ett_ip_options,
3065 &ett_ip_option_eool,
3066 &ett_ip_option_nop,
3067 &ett_ip_option_sec,
3068 &ett_ip_option_route,
3069 &ett_ip_option_timestamp,
3070 &ett_ip_option_ext_security,
3071 &ett_ip_option_cipso,
3072 &ett_ip_option_sid,
3073 &ett_ip_option_mtu,
3074 &ett_ip_option_tr,
3075 &ett_ip_option_ra,
3076 &ett_ip_option_sdb,
3077 &ett_ip_option_qs,
3078 &ett_ip_option_other,
3079 &ett_ip_fragments,
3080 &ett_ip_fragment,
3081 &ett_ip_opt_type,
3082 &ett_ip_opt_sec_prot_auth_flags,
3083 &ett_ip_unknown_opt,
3084 &ett_geoip_info
3085 };
3086 static ei_register_info ei[] = {
3087 { &ei_ip_opt_len_invalid, { "ip.opt.len.invalid", PI_PROTOCOL, PI_WARN, "Invalid length for option", EXPFILL }},
3088 { &ei_ip_opt_deprecated, { "ip.opt.deprecated", PI_DEPRECATED, PI_NOTE, "Option type is deprecated", EXPFILL }},
3089 { &ei_ip_opt_sec_prot_auth_fti, { "ip.opt.fti_1_last_byte", PI_PROTOCOL, PI_WARN, "Field Termination Indicator set to 1 for last byte of option", EXPFILL }},
3090 { &ei_ip_extraneous_data, { "ip.opt.len.extra_found", PI_PROTOCOL, PI_WARN, "Extraneous data in option", EXPFILL }},
3091 { &ei_ip_opt_ptr_before_address, { "ip.opt.ptr.before_address", PI_PROTOCOL, PI_WARN, "Pointer points before first address", EXPFILL }},
3092 { &ei_ip_opt_ptr_middle_address, { "ip.opt.ptr.middle_address", PI_PROTOCOL, PI_WARN, "Pointer points to middle of address", EXPFILL }},
3093 { &ei_ip_subopt_too_long, { "ip.subopt_too_long", PI_PROTOCOL, PI_WARN, "Suboption would go past end of option", EXPFILL }},
3094 { &ei_ip_nop, { "ip.nop", PI_PROTOCOL, PI_WARN, "4 NOP in a row - a router may have removed some options", EXPFILL }},
3095 { &ei_ip_bogus_ip_length, { "ip.bogus_ip_length", PI_PROTOCOL, PI_ERROR, "Bogus IP length", EXPFILL }},
3096 { &ei_ip_evil_packet, { "ip.evil_packet", PI_PROTOCOL, PI_WARN, "Packet has evil intent", EXPFILL }},
3097 { &ei_ip_checksum_bad, { "ip.checksum_bad.expert", PI_CHECKSUM, PI_ERROR, "Bad checksum", EXPFILL }},
3098 { &ei_ip_ttl_lncb, { "ip.ttl.lncb", PI_SEQUENCE, PI_NOTE, "Time To Live", EXPFILL }},
3099 { &ei_ip_ttl_too_small, { "ip.ttl.too_small", PI_SEQUENCE, PI_NOTE, "Time To Live too small", EXPFILL }},
3100 { &ei_ip_cipso_tag, { "ip.cipso.malformed", PI_SEQUENCE, PI_ERROR, "Malformed CIPSO tag", EXPFILL }},
3101 { &ei_ip_bogus_ip_version, { "ip.bogus_ip_version", PI_PROTOCOL, PI_ERROR, "Bogus IP version", EXPFILL }},
3102 { &ei_ip_bogus_header_length, { "ip.bogus_header_length", PI_PROTOCOL, PI_ERROR, "Bogus IP header length", EXPFILL }},
3103 };
3104
3105 /* Decode As handling */
3106 static build_valid_func ip_da_build_value[1] = {ip_value};
3107 static decode_as_value_t ip_da_values = {ip_prompt, 1, ip_da_build_value};
3108 static decode_as_t ip_da = {"ip", "ip.proto", 1, 0, &ip_da_values, NULL, NULL,
3109 decode_as_default_populate_list, decode_as_default_reset, decode_as_default_change, NULL};
3110
3111 module_t *ip_module;
3112 expert_module_t* expert_ip;
3113
3114 proto_ip = proto_register_protocol("Internet Protocol Version 4", "IPv4", "ip");
3115 proto_register_field_array(proto_ip, hf, array_length(hf));
3116 proto_register_subtree_array(ett, array_length(ett));
3117 expert_ip = expert_register_protocol(proto_ip);
3118 expert_register_field_array(expert_ip, ei, array_length(ei));
3119
3120 /* subdissector code */
3121 ip_dissector_table = register_dissector_table("ip.proto", "IP protocol",
3122 proto_ip, FT_UINT8, BASE_DEC);
3123 ip_option_table = register_dissector_table("ip.option", "IP Options",
3124 proto_ip, FT_UINT8, BASE_DEC);
3125 heur_subdissector_list = register_heur_dissector_list_with_description("ip", "IPv4 heuristic", proto_ip);
3126 register_capture_dissector_table("ip.proto", "IP protocol");
3127
3128 /* Register configuration options */
3129 ip_module = prefs_register_protocol(proto_ip, NULL);
3130 prefs_register_bool_preference(ip_module, "decode_tos_as_diffserv",
3131 "Decode IPv4 TOS field as DiffServ field",
3132 "Whether the IPv4 type-of-service field should be decoded as a "
3133 "Differentiated Services field (see RFC2474/RFC2475)", &g_ip_dscp_actif);
3134 prefs_register_bool_preference(ip_module, "defragment",
3135 "Reassemble fragmented IPv4 datagrams",
3136 "Whether fragmented IPv4 datagrams should be reassembled", &ip_defragment);
3137 prefs_register_bool_preference(ip_module, "summary_in_tree",
3138 "Show IPv4 summary in protocol tree",
3139 "Whether the IPv4 summary line should be shown in the protocol tree",
3140 &ip_summary_in_tree);
3141 prefs_register_bool_preference(ip_module, "check_checksum",
3142 "Validate the IPv4 checksum if possible",
3143 "Whether to validate the IPv4 checksum", &ip_check_checksum);
3144 prefs_register_bool_preference(ip_module, "tso_support",
3145 "Support packet-capture from IP TSO-enabled hardware",
3146 "Whether to correct for TSO-enabled (TCP segmentation offload) hardware "
3147 "captures, such as spoofing the IP packet length", &ip_tso_supported);
3148
3149 prefs_register_obsolete_preference(ip_module, "use_geoip");
3150 prefs_register_bool_preference(ip_module, "security_flag" ,
3151 "Interpret Reserved flag as Security flag (RFC 3514)",
3152 "Whether to interpret the originally reserved flag as security flag",
3153 &ip_security_flag);
3154 prefs_register_bool_preference(ip_module, "try_heuristic_first",
3155 "Try heuristic sub-dissectors first",
3156 "Try to decode a packet using an heuristic sub-dissector before using a sub-dissector registered to a specific port",
3157 &try_heuristic_first);
3158
3159 prefs_register_bool_preference(ip_module, "conv_id",
3160 "Assign IPv4 conversation IDs",
3161 "Whether to assign unique numbers to each IPv4 conversation (increases resource consumption)",
3162 &ip_track_conv_id);
3163
3164 prefs_register_bool_preference(ip_module, "conv_agg_flag" ,
3165 "Aggregate subnets in Statistics Dialogs",
3166 "Whether to group conversations based on the subnets file; requires \"Assign IPv4 conversation IDs\"",
3167 &ip_conv_agg_flag);
3168
3169 prefs_register_static_text_preference(ip_module, "text_use_geoip",
3170 "IP geolocation settings can be changed in the Name Resolution preferences",
3171 "IP geolocation settings can be changed in the Name Resolution preferences");
3172
3173 register_init_routine(ip_init);
3174
3175 ip_handle = register_dissector("ip", dissect_ip, proto_ip);
3176 reassembly_table_register(&ip_reassembly_table,
3177 &addresses_reassembly_table_functions);
3178 ip_tap = register_tap("ip");
3179
3180 /* This needs a different (& more user-friendly) name than the other tap */
3181 exported_pdu_tap = register_export_pdu_tap_with_encap("IP", WTAP_ENCAP_RAW_IP);
3182
3183 register_decode_as(&ip_da);
3184 register_conversation_table(proto_ip, true, ip_conversation_packet, ip_endpoint_packet);
3185 register_conversation_filter("ip", "IPv4", ip_filter_valid, ip_build_filter, NULL);
3186
3187 ip_cap_handle = register_capture_dissector("ip", capture_ip, proto_ip);
3188
3189 /* Register IP options as their own protocols so we can get the name of the option */
3190 proto_ip_option_eol = proto_register_protocol_in_name_only("IP Option - End of Options List (EOL)", "End of Options List (EOL)", "ip.options.eol", proto_ip, FT_BYTES);
3191 proto_ip_option_nop = proto_register_protocol_in_name_only("IP Option - No-Operation (NOP)", "No Operation (NOP)", "ip.options.nop", proto_ip, FT_BYTES);
3192 proto_ip_option_security = proto_register_protocol_in_name_only("IP Option - Security", "Security", "ip.options.security", proto_ip, FT_BYTES);
3193 proto_ip_option_route = proto_register_protocol_in_name_only("IP Option - Loose Source Route", "Loose Source Route", "ip.options.route", proto_ip, FT_BYTES);
3194 proto_ip_option_timestamp = proto_register_protocol_in_name_only("IP Option - Time Stamp", "Time Stamp", "ip.options.timestamp", proto_ip, FT_BYTES);
3195 proto_ip_option_ext_security = proto_register_protocol_in_name_only("IP Option - Extended Security", "Extended Security", "ip.options.ext_security", proto_ip, FT_BYTES);
3196 proto_ip_option_cipso = proto_register_protocol_in_name_only("IP Option - Commercial Security", "Commercial Security", "ip.options.cipso", proto_ip, FT_BYTES);
3197 proto_ip_option_record_route = proto_register_protocol_in_name_only("IP Option - Record Route", "Record Route", "ip.options.record_route", proto_ip, FT_BYTES);
3198 proto_ip_option_sid = proto_register_protocol_in_name_only("IP Option - Stream ID", "Stream ID", "ip.options.sid", proto_ip, FT_BYTES);
3199 proto_ip_option_source_route = proto_register_protocol_in_name_only("IP Option - Strict Source Route", "Strict Source Route", "ip.options.source_route", proto_ip, FT_BYTES);
3200 proto_ip_option_mtu_probe = proto_register_protocol_in_name_only("IP Option - MTU Probe", "MTU Probe", "ip.options.mtu_probe", proto_ip, FT_BYTES);
3201 proto_ip_option_mtu_reply = proto_register_protocol_in_name_only("IP Option - MTU Reply", "MTU Reply", "ip.options.mtu_reply", proto_ip, FT_BYTES);
3202 proto_ip_option_traceroute = proto_register_protocol_in_name_only("IP Option - Traceroute", "Traceroute", "ip.options.traceroute", proto_ip, FT_BYTES);
3203 proto_ip_option_routeralert = proto_register_protocol_in_name_only("IP Option - Router Alert", "Router Alert", "ip.options.routeralert", proto_ip, FT_BYTES);
3204 proto_ip_option_sdb = proto_register_protocol_in_name_only("IP Option - Selective Directed Broadcast", "Selective Directed Broadcast", "ip.options.sdb", proto_ip, FT_BYTES);
3205 proto_ip_option_qs = proto_register_protocol_in_name_only("IP Option - Quick-Start", "Quick-Start", "ip.options.qs", proto_ip, FT_BYTES);
3206 }
3207
3208 void
3209 proto_reg_handoff_ip(void)
3210 {
3211 dissector_handle_t ipv4_handle;
3212 capture_dissector_handle_t clip_cap_handle;
3213 int proto_clip;
3214
3215 ipv6_handle = find_dissector("ipv6");
3216 ipv4_handle = create_dissector_handle(dissect_ip_v4, proto_ip);
3217
3218 dissector_add_uint("ethertype", ETHERTYPE_IP, ipv4_handle);
3219 dissector_add_uint("erf.types.type", ERF_TYPE_IPV4, ip_handle);
3220 dissector_add_uint("ppp.protocol", PPP_IP, ip_handle);
3221 dissector_add_uint("ppp.protocol", ETHERTYPE_IP, ip_handle);
3222 dissector_add_uint("gre.proto", ETHERTYPE_IP, ip_handle);
3223 dissector_add_uint("gre.proto", GRE_WCCP, ip_handle);
3224 dissector_add_uint("llc.dsap", SAP_IP, ip_handle);
3225 dissector_add_uint("ip.proto", IP_PROTO_IPIP, ip_handle);
3226 dissector_add_uint("null.type", BSD_AF_INET, ip_handle);
3227 dissector_add_uint("chdlc.protocol", ETHERTYPE_IP, ip_handle);
3228 dissector_add_uint("osinl.excl", NLPID_IP, ip_handle);
3229 dissector_add_uint("fr.nlpid", NLPID_IP, ip_handle);
3230 dissector_add_uint("x.25.spi", NLPID_IP, ip_handle);
3231 dissector_add_uint("arcnet.protocol_id", ARCNET_PROTO_IP_1051, ip_handle);
3232 dissector_add_uint("arcnet.protocol_id", ARCNET_PROTO_IP_1201, ip_handle);
3233 dissector_add_uint("ax25.pid", AX25_P_IP, ip_handle);
3234 dissector_add_uint("juniper.proto", JUNIPER_PROTO_IP, ip_handle);
3235 dissector_add_uint("juniper.proto", JUNIPER_PROTO_MPLS_IP, ip_handle);
3236 dissector_add_uint("pwach.channel_type", PW_ACH_TYPE_IPV4, ip_handle);
3237 dissector_add_uint("mcc.proto", PW_ACH_TYPE_IPV4, ip_handle);
3238 dissector_add_uint("sflow_245.header_protocol", SFLOW_245_HEADER_IPv4, ip_handle);
3239 dissector_add_uint("l2tp.pw_type", L2TPv3_PW_IP, ip_handle);
3240 dissector_add_for_decode_as_with_preference("udp.port", ip_handle);
3241 dissector_add_for_decode_as("pcli.payload", ip_handle);
3242 dissector_add_uint("wtap_encap", WTAP_ENCAP_RAW_IP4, ip_handle);
3243 dissector_add_uint("enc", BSD_AF_INET, ip_handle);
3244 dissector_add_uint("vxlan.next_proto", VXLAN_IPV4, ip_handle);
3245 dissector_add_uint("nsh.next_proto", NSH_IPV4, ip_handle);
3246
3247 heur_dissector_add("tipc", dissect_ip_heur, "IP over TIPC", "ip_tipc", proto_ip, HEURISTIC_ENABLE);
3248 heur_dissector_add("zbee_zcl_se.tun", dissect_ip_heur, "IP over ZigBee SE Tunneling", "ip_zbee_zcl_se.tun", proto_ip, HEURISTIC_ENABLE);
3249 heur_dissector_add("gtp.tpdu", dissect_ip_heur, "IP over GTP", "ip_gtp.tpdu", proto_ip, HEURISTIC_ENABLE);
3250
3251 capture_dissector_add_uint("ethertype", ETHERTYPE_IP, ip_cap_handle);
3252 capture_dissector_add_uint("ax25.pid", AX25_P_IP, ip_cap_handle);
3253 capture_dissector_add_uint("enc", BSD_AF_INET, ip_cap_handle);
3254 capture_dissector_add_uint("ppp_hdlc", PPP_IP, ip_cap_handle);
3255 capture_dissector_add_uint("llc.dsap", SAP_IP, ip_cap_handle);
3256 capture_dissector_add_uint("null.bsd", BSD_AF_INET, ip_cap_handle);
3257 capture_dissector_add_uint("fr.nlpid", NLPID_IP, ip_cap_handle);
3258
3259 /* Create dissection function handles for all IP options */
3260 dissector_add_uint("ip.option", IPOPT_SEC, create_dissector_handle( dissect_ipopt_security, proto_ip_option_security ));
3261 dissector_add_uint("ip.option", IPOPT_LSR, create_dissector_handle( dissect_ipopt_loose_route, proto_ip_option_route ));
3262 dissector_add_uint("ip.option", IPOPT_TS, create_dissector_handle( dissect_ipopt_timestamp, proto_ip_option_timestamp ));
3263 dissector_add_uint("ip.option", IPOPT_ESEC, create_dissector_handle( dissect_ipopt_ext_security, proto_ip_option_ext_security ));
3264 dissector_add_uint("ip.option", IPOPT_CIPSO, create_dissector_handle( dissect_ipopt_cipso, proto_ip_option_cipso ));
3265 dissector_add_uint("ip.option", IPOPT_RR, create_dissector_handle( dissect_ipopt_record_route, proto_ip_option_record_route ));
3266 dissector_add_uint("ip.option", IPOPT_SID, create_dissector_handle( dissect_ipopt_sid, proto_ip_option_sid ));
3267 dissector_add_uint("ip.option", IPOPT_SSR, create_dissector_handle( dissect_ipopt_source_route, proto_ip_option_source_route ));
3268 dissector_add_uint("ip.option", IPOPT_MTUP, create_dissector_handle( dissect_ipopt_mtu_probe, proto_ip_option_mtu_probe ));
3269 dissector_add_uint("ip.option", IPOPT_MTUR, create_dissector_handle( dissect_ipopt_mtu_reply, proto_ip_option_mtu_reply ));
3270 dissector_add_uint("ip.option", IPOPT_TR, create_dissector_handle( dissect_ipopt_tr, proto_ip_option_traceroute ));
3271 dissector_add_uint("ip.option", IPOPT_RTRALT, create_dissector_handle( dissect_ipopt_ra, proto_ip_option_routeralert ));
3272 dissector_add_uint("ip.option", IPOPT_SDB, create_dissector_handle( dissect_ipopt_sdb, proto_ip_option_sdb ));
3273 dissector_add_uint("ip.option", IPOPT_QS, create_dissector_handle( dissect_ipopt_qs, proto_ip_option_qs ));
3274
3275 /* Classic IP uses the same capture function, but wants its own
3276 protocol associated with it. To eliminate linking dependencies,
3277 just add it here */
3278 proto_clip = proto_get_id_by_filter_name( "clip" );
3279 clip_cap_handle = register_capture_dissector("clip", capture_ip, proto_clip);
3280 capture_dissector_add_uint("wtap_encap", WTAP_ENCAP_LINUX_ATM_CLIP, clip_cap_handle);
3281 }
3282
3283 /*
3284 * Editor modelines - https://www.wireshark.org/tools/modelines.html
3285 *
3286 * Local variables:
3287 * c-basic-offset: 2
3288 * tab-width: 8
3289 * indent-tabs-mode: nil
3290 * End:
3291 *
3292 * vi: set shiftwidth=2 tabstop=8 expandtab:
3293 * :indentSize=2:tabSize=8:noTabs=true:
3294 */
Metzes wireshark repo