1 /* packet-ip.c
2 * Routines for IP and miscellaneous IP protocol packet disassembly
3 *
4 * Wireshark - Network traffic analyzer
5 * By Gerald Combs <gerald@wireshark.org>
6 * Copyright 1998 Gerald Combs
7 *
8 * Wednesday, January 17, 2006
9 * Support for the CIPSO IPv4 option
10 * (http://sourceforge.net/docman/display_doc.php?docid=34650&group_id=174379)
11 * by Paul Moore <paul.moore@hp.com>
12 *
13 * SPDX-License-Identifier: GPL-2.0-or-later
14 */
15
16 #include "config.h"
17
18 #include <epan/packet.h>
19 #include <epan/capture_dissectors.h>
20 #include <epan/addr_resolv.h>
21 #include <epan/maxmind_db.h>
populate_name(const char * prefix,char * buffer)22 #include <epan/ipproto.h>
23 #include <epan/expert.h>
24 #include <epan/ip_opts.h>
25 #include <epan/prefs.h>
26 #include <epan/conversation_table.h>
27 #include <epan/conversation_filter.h>
28 #include <epan/reassemble.h>
29 #include <epan/etypes.h>
30 #include <epan/ppptypes.h>
31 #include <epan/llcsaps.h>
32 #include <epan/aftypes.h>
33 #include <epan/arcnet_pids.h>
34 #include <epan/in_cksum.h>
35 #include <epan/nlpid.h>
36 #include <epan/ax25_pids.h>
37 #include <epan/decode_as.h>
38 #include <epan/proto_data.h>
39
40 #include <wiretap/erf_record.h>
41 #include <wsutil/str_util.h>
42
43 #include "packet-ip.h"
44 #include "packet-juniper.h"
45 #include "packet-sflow.h"
46 #include "packet-gre.h"
47 #include "packet-l2tp.h"
48 #include "packet-vxlan.h"
49 #include "packet-mpls.h"
50 #include "packet-nsh.h"
51
52 void proto_register_ip(void);
53 void proto_reg_handoff_ip(void);
54
55 static int ip_tap = -1;
56
57 /* Decode the old IPv4 TOS field as the DiffServ DS Field (RFC2474/2475) */
58 static gboolean g_ip_dscp_actif = TRUE;
59
60 /* Defragment fragmented IP datagrams */
61 static gboolean ip_defragment = TRUE;
62
63 /* Place IP summary in proto tree */
64 static gboolean ip_summary_in_tree = TRUE;
65
66 /* Perform IP checksum */
67 static gboolean ip_check_checksum = FALSE;
68
69 /* Assume TSO and correct zero-length IP packets */
70 static gboolean ip_tso_supported = TRUE;
71
72 /* Use heuristics to determine subdissector */
73 static gboolean try_heuristic_first = FALSE;
74
75 /* Look up addresses via mmdbresolve */
76 static gboolean ip_use_geoip = TRUE;
77
78 /* Interpret the reserved flag as security flag (RFC 3514) */
79 static gboolean ip_security_flag = FALSE;
80
81 static int proto_ip = -1;
82
83 static int proto_ip_option_eol = -1;
84 static int proto_ip_option_nop = -1;
85 static int proto_ip_option_security = -1;
86 static int proto_ip_option_route = -1;
87 static int proto_ip_option_timestamp = -1;
88 static int proto_ip_option_ext_security = -1;
89 static int proto_ip_option_cipso = -1;
90 static int proto_ip_option_record_route = -1;
91 static int proto_ip_option_sid = -1;
92 static int proto_ip_option_source_route = -1;
93 static int proto_ip_option_mtu_probe = -1;
94 static int proto_ip_option_mtu_reply = -1;
95 static int proto_ip_option_traceroute = -1;
96 static int proto_ip_option_routeralert = -1;
97 static int proto_ip_option_sdb = -1;
98 static int proto_ip_option_qs = -1;
99 static int hf_ip_version = -1;
100 static int hf_ip_hdr_len = -1;
verify_code(gcc_jit_context * ctxt,gcc_jit_result * result)101 static int hf_ip_dsfield = -1;
102 static int hf_ip_dsfield_dscp = -1;
103 static int hf_ip_dsfield_ecn = -1;
104 static int hf_ip_tos = -1;
105 static int hf_ip_tos_precedence = -1;
106 static int hf_ip_tos_delay = -1;
107 static int hf_ip_tos_throughput = -1;
108 static int hf_ip_tos_reliability = -1;
109 static int hf_ip_tos_cost = -1;
110 static int hf_ip_len = -1;
111 static int hf_ip_id = -1;
112 static int hf_ip_dst = -1;
113 static int hf_ip_dst_host = -1;
114 static int hf_ip_src = -1;
115 static int hf_ip_src_host = -1;
116 static int hf_ip_addr = -1;
117 static int hf_ip_host = -1;
118 static int hf_ip_flags = -1;
119 static int hf_ip_flags_sf = -1;
120 static int hf_ip_flags_rf = -1;
121 static int hf_ip_flags_df = -1;
122 static int hf_ip_flags_mf = -1;
123 static int hf_ip_frag_offset = -1;
124 static int hf_ip_ttl = -1;
125 static int hf_ip_proto = -1;
126 static int hf_ip_checksum = -1;
127 static int hf_ip_checksum_calculated = -1;
128 static int hf_ip_checksum_status = -1;
129
130 /* IP option fields */
131 static int hf_ip_opt_type = -1;
132 static int hf_ip_opt_type_copy = -1;
133 static int hf_ip_opt_type_class = -1;
134 static int hf_ip_opt_type_number = -1;
135 static int hf_ip_opt_len = -1;
136 static int hf_ip_opt_ptr = -1;
137 static int hf_ip_opt_sid = -1;
138 static int hf_ip_opt_mtu = -1;
139 static int hf_ip_opt_id_number = -1;
140 static int hf_ip_opt_ohc = -1;
141 static int hf_ip_opt_rhc = -1;
142 static int hf_ip_opt_originator = -1;
143 static int hf_ip_opt_ra = -1;
144 static int hf_ip_opt_addr = -1;
145 static int hf_ip_opt_padding = -1;
146 static int hf_ip_opt_qs_func = -1;
147 static int hf_ip_opt_qs_rate = -1;
148 static int hf_ip_opt_qs_ttl = -1;
149 static int hf_ip_opt_qs_ttl_diff = -1;
150 static int hf_ip_opt_qs_unused = -1;
151 static int hf_ip_opt_qs_nonce = -1;
152 static int hf_ip_opt_qs_reserved = -1;
153 static int hf_ip_opt_sec_rfc791_sec = -1;
154 static int hf_ip_opt_sec_rfc791_comp = -1;
155 static int hf_ip_opt_sec_rfc791_hr = -1;
156 static int hf_ip_opt_sec_rfc791_tcc = -1;
157 static int hf_ip_opt_sec_cl = -1;
158 static int hf_ip_opt_sec_prot_auth_flags = -1;
159 static int hf_ip_opt_sec_prot_auth_genser = -1;
160 static int hf_ip_opt_sec_prot_auth_siop_esi = -1;
161 static int hf_ip_opt_sec_prot_auth_sci = -1;
162 static int hf_ip_opt_sec_prot_auth_nsa = -1;
163 static int hf_ip_opt_sec_prot_auth_doe = -1;
164 static int hf_ip_opt_sec_prot_auth_unassigned = -1;
165 static int hf_ip_opt_sec_prot_auth_unassigned2 = -1;
166 static int hf_ip_opt_sec_prot_auth_fti = -1;
167 static int hf_ip_opt_ext_sec_add_sec_info_format_code = -1;
168 static int hf_ip_opt_ext_sec_add_sec_info = -1;
169 static int hf_ip_rec_rt = -1;
170 static int hf_ip_rec_rt_host = -1;
171 static int hf_ip_cur_rt = -1;
172 static int hf_ip_cur_rt_host = -1;
173 static int hf_ip_src_rt = -1;
174 static int hf_ip_src_rt_host = -1;
175 static int hf_ip_empty_rt = -1;
176 static int hf_ip_empty_rt_host = -1;
177 static int hf_ip_cipso_tag_type = -1;
178
179 static int hf_ip_fragments = -1;
180 static int hf_ip_fragment = -1;
181 static int hf_ip_fragment_overlap = -1;
182 static int hf_ip_fragment_overlap_conflict = -1;
183 static int hf_ip_fragment_multiple_tails = -1;
184 static int hf_ip_fragment_too_long_fragment = -1;
185 static int hf_ip_fragment_error = -1;
186 static int hf_ip_fragment_count = -1;
187 static int hf_ip_reassembled_in = -1;
188 static int hf_ip_reassembled_length = -1;
189 static int hf_ip_reassembled_data = -1;
190
191 /* Generated from convert_proto_tree_add_text.pl */
192 static int hf_ip_opt_flag = -1;
193 static int hf_ip_opt_overflow = -1;
194 static int hf_ip_cipso_tag_data = -1;
195 static int hf_ip_cipso_sensitivity_level = -1;
196 static int hf_ip_cipso_categories = -1;
197 static int hf_ip_cipso_doi = -1;
198 static int hf_ip_opt_time_stamp = -1;
199 static int hf_ip_opt_time_stamp_addr = -1;
200
201 static int hf_geoip_country = -1;
202 static int hf_geoip_country_iso = -1;
203 static int hf_geoip_city = -1;
204 static int hf_geoip_as_number = -1;
205 static int hf_geoip_as_org = -1;
206 static int hf_geoip_latitude = -1;
207 static int hf_geoip_longitude = -1;
208 static int hf_geoip_src_summary = -1;
209 static int hf_geoip_src_country = -1;
210 static int hf_geoip_src_country_iso = -1;
211 static int hf_geoip_src_city = -1;
212 static int hf_geoip_src_as_number = -1;
213 static int hf_geoip_src_as_org = -1;
214 static int hf_geoip_src_latitude = -1;
215 static int hf_geoip_src_longitude = -1;
216 static int hf_geoip_dst_summary = -1;
217 static int hf_geoip_dst_country = -1;
218 static int hf_geoip_dst_country_iso = -1;
219 static int hf_geoip_dst_city = -1;
220 static int hf_geoip_dst_as_number = -1;
221 static int hf_geoip_dst_as_org = -1;
222 static int hf_geoip_dst_latitude = -1;
223 static int hf_geoip_dst_longitude = -1;
224
225 static gint ett_ip = -1;
226 static gint ett_ip_dsfield = -1;
227 static gint ett_ip_tos = -1;
228 static gint ett_ip_flags = -1;
229 static gint ett_ip_options = -1;
230 static gint ett_ip_option_eool = -1;
231 static gint ett_ip_option_nop = -1;
232 static gint ett_ip_option_sec = -1;
233 static gint ett_ip_option_route = -1;
234 static gint ett_ip_option_timestamp = -1;
235 static gint ett_ip_option_ext_security = -1;
236 static gint ett_ip_option_cipso = -1;
237 static gint ett_ip_option_sid = -1;
238 static gint ett_ip_option_mtu = -1;
239 static gint ett_ip_option_tr = -1;
240 static gint ett_ip_option_ra = -1;
241 static gint ett_ip_option_sdb = -1;
242 static gint ett_ip_option_qs = -1;
243 static gint ett_ip_option_other = -1;
244 static gint ett_ip_fragments = -1;
245 static gint ett_ip_fragment = -1;
246 static gint ett_ip_opt_type = -1;
247 static gint ett_ip_opt_sec_prot_auth_flags = -1;
248 static gint ett_ip_unknown_opt = -1;
249
250 static expert_field ei_ip_opt_len_invalid = EI_INIT;
251 static expert_field ei_ip_opt_sec_prot_auth_fti = EI_INIT;
252 static expert_field ei_ip_extraneous_data = EI_INIT;
253 static expert_field ei_ip_opt_ptr_before_address = EI_INIT;
254 static expert_field ei_ip_opt_ptr_middle_address = EI_INIT;
255 static expert_field ei_ip_subopt_too_long = EI_INIT;
256 static expert_field ei_ip_nop = EI_INIT;
257 static expert_field ei_ip_bogus_ip_length = EI_INIT;
258 static expert_field ei_ip_evil_packet = EI_INIT;
259 static expert_field ei_ip_checksum_bad = EI_INIT;
260 static expert_field ei_ip_ttl_lncb = EI_INIT;
261 static expert_field ei_ip_ttl_too_small = EI_INIT;
262 static expert_field ei_ip_cipso_tag = EI_INIT;
263 static expert_field ei_ip_bogus_ip_version = EI_INIT;
264 static expert_field ei_ip_bogus_header_length = EI_INIT;
265
266 static dissector_handle_t ip_handle;
267 static dissector_table_t ip_option_table;
268
269 static gint ett_geoip_info = -1;
270
271 static const fragment_items ip_frag_items = {
272 &ett_ip_fragment,
273 &ett_ip_fragments,
274 &hf_ip_fragments,
275 &hf_ip_fragment,
276 &hf_ip_fragment_overlap,
277 &hf_ip_fragment_overlap_conflict,
278 &hf_ip_fragment_multiple_tails,
279 &hf_ip_fragment_too_long_fragment,
280 &hf_ip_fragment_error,
281 &hf_ip_fragment_count,
282 &hf_ip_reassembled_in,
283 &hf_ip_reassembled_length,
284 &hf_ip_reassembled_data,
285 "IPv4 fragments"
286 };
287
288 static heur_dissector_list_t heur_subdissector_list;
289
290 static dissector_table_t ip_dissector_table;
291
292 static dissector_handle_t ipv6_handle;
293 static capture_dissector_handle_t ip_cap_handle;
294
295
296 /* IP structs and definitions */
297
298 const value_string ip_version_vals[] = {
299 { IP_VERSION_NUM_RESERVED, "Reserved" },
300 { IP_VERSION_NUM_INET, "IPv4" },
301 { IP_VERSION_NUM_ST, "ST Datagram" },
302 { IP_VERSION_NUM_INET6, "IPv6" },
303 { IP_VERSION_NUM_TPIX, "TP/IX" },
304 { IP_VERSION_NUM_PIP, "PIP" },
305 { IP_VERSION_NUM_TUBA, "TUBA" },
306 { 0, NULL },
307 };
308
309 /* Offsets of fields within an IP header. */
310 #define IPH_V_HL 0
311 #define IPH_TOS 1
312 #define IPH_LEN 2
313 #define IPH_ID 4
314 #define IPH_TTL 6
315 #define IPH_OFF 8
316 #define IPH_P 9
317 #define IPH_SUM 10
318 #define IPH_SRC 12
319 #define IPH_DST 16
320
321 /* Minimum IP header length. */
322 #define IPH_MIN_LEN 20
323
324 /* IP flags. */
325 #define IP_RF 0x8000 /* Flag: "Reserved bit" */
326 #define IP_DF 0x4000 /* Flag: "Don't Fragment" */
327 #define IP_MF 0x2000 /* Flag: "More Fragments" */
328 #define IP_OFFSET 0x1FFF /* "Fragment Offset" part */
329
330 /* Differentiated Services Field. See RFCs 2474, 2597, 2598 and 3168. */
331 #define IPDSFIELD_DSCP_DEFAULT 0x00
332 #define IPDSFIELD_DSCP_LE 0x01
333 #define IPDSFIELD_DSCP_CS1 0x08
334 #define IPDSFIELD_DSCP_AF11 0x0A
335 #define IPDSFIELD_DSCP_AF12 0x0C
336 #define IPDSFIELD_DSCP_AF13 0x0E
337 #define IPDSFIELD_DSCP_CS2 0x10
338 #define IPDSFIELD_DSCP_AF21 0x12
339 #define IPDSFIELD_DSCP_AF22 0x14
340 #define IPDSFIELD_DSCP_AF23 0x16
341 #define IPDSFIELD_DSCP_CS3 0x18
342 #define IPDSFIELD_DSCP_AF31 0x1A
343 #define IPDSFIELD_DSCP_AF32 0x1C
344 #define IPDSFIELD_DSCP_AF33 0x1E
345 #define IPDSFIELD_DSCP_CS4 0x20
346 #define IPDSFIELD_DSCP_AF41 0x22
347 #define IPDSFIELD_DSCP_AF42 0x24
348 #define IPDSFIELD_DSCP_AF43 0x26
349 #define IPDSFIELD_DSCP_CS5 0x28
350 #define IPDSFIELD_DSCP_EF 0x2E
351 #define IPDSFIELD_DSCP_CS6 0x30
352 #define IPDSFIELD_DSCP_CS7 0x38
353
354 #define IPDSFIELD_ECT_NOT 0x00
355 #define IPDSFIELD_ECT_1 0x01
356 #define IPDSFIELD_ECT_0 0x02
357 #define IPDSFIELD_CE 0x03
358
359 /* IP TOS, superseded by the DS Field, RFC 2474. */
360 #define IPTOS_TOS_MASK 0x1E
361 #define IPTOS_TOS(tos) ((tos) & IPTOS_TOS_MASK)
362 #define IPTOS_NONE 0x00
363 #define IPTOS_LOWCOST 0x02
364 #define IPTOS_RELIABILITY 0x04
365 #define IPTOS_THROUGHPUT 0x08
366 #define IPTOS_LOWDELAY 0x10
367 #define IPTOS_SECURITY 0x1E
368
369 #define IPTOS_PREC_MASK 0xE0
370 #define IPTOS_PREC_SHIFT 5
371 #define IPTOS_PREC(tos) (((tos)&IPTOS_PREC_MASK)>>IPTOS_PREC_SHIFT)
372 #define IPTOS_PREC_NETCONTROL 7
373 #define IPTOS_PREC_INTERNETCONTROL 6
374 #define IPTOS_PREC_CRITIC_ECP 5
375 #define IPTOS_PREC_FLASHOVERRIDE 4
376 #define IPTOS_PREC_FLASH 3
377 #define IPTOS_PREC_IMMEDIATE 2
378 #define IPTOS_PREC_PRIORITY 1
379 #define IPTOS_PREC_ROUTINE 0
380
381 /* IP options */
382 #define IPOPT_COPY 0x80
383
384 #define IPOPT_CONTROL 0x00
385 #define IPOPT_RESERVED1 0x20
386 #define IPOPT_MEASUREMENT 0x40
387 #define IPOPT_RESERVED2 0x60
388
389 /* REF: http://www.iana.org/assignments/ip-parameters */
390 /* TODO: Not all of these are implemented. */
391 #define IPOPT_EOOL (0 |IPOPT_CONTROL)
392 #define IPOPT_NOP (1 |IPOPT_CONTROL)
393 #define IPOPT_SEC (2 |IPOPT_COPY|IPOPT_CONTROL) /* RFC 791/1108 */
394 #define IPOPT_LSR (3 |IPOPT_COPY|IPOPT_CONTROL)
395 #define IPOPT_TS (4 |IPOPT_MEASUREMENT)
396 #define IPOPT_ESEC (5 |IPOPT_COPY|IPOPT_CONTROL) /* RFC 1108 */
397 #define IPOPT_CIPSO (6 |IPOPT_COPY|IPOPT_CONTROL) /* draft-ietf-cipso-ipsecurity-01 */
398 #define IPOPT_RR (7 |IPOPT_CONTROL)
399 #define IPOPT_SID (8 |IPOPT_COPY|IPOPT_CONTROL)
400 #define IPOPT_SSR (9 |IPOPT_COPY|IPOPT_CONTROL)
401 #define IPOPT_ZSU (10|IPOPT_CONTROL) /* Zsu */
402 #define IPOPT_MTUP (11|IPOPT_CONTROL) /* RFC 1063 */
403 #define IPOPT_MTUR (12|IPOPT_CONTROL) /* RFC 1063 */
404 #define IPOPT_FINN (13|IPOPT_COPY|IPOPT_MEASUREMENT) /* Finn */
405 #define IPOPT_VISA (14|IPOPT_COPY|IPOPT_CONTROL) /* Estrin */
406 #define IPOPT_ENCODE (15|IPOPT_CONTROL) /* VerSteeg */
407 #define IPOPT_IMITD (16|IPOPT_COPY|IPOPT_CONTROL) /* Lee */
408 #define IPOPT_EIP (17|IPOPT_COPY|IPOPT_CONTROL) /* RFC 1385 */
409 #define IPOPT_TR (18|IPOPT_MEASUREMENT) /* RFC 1393 */
410 #define IPOPT_ADDEXT (19|IPOPT_COPY|IPOPT_CONTROL) /* Ullmann IPv7 */
411 #define IPOPT_RTRALT (20|IPOPT_COPY|IPOPT_CONTROL) /* RFC 2113 */
412 #define IPOPT_SDB (21|IPOPT_COPY|IPOPT_CONTROL) /* RFC 1770 Graff */
413 #define IPOPT_UN (22|IPOPT_COPY|IPOPT_CONTROL) /* Released 18-Oct-2005 */
414 #define IPOPT_DPS (23|IPOPT_COPY|IPOPT_CONTROL) /* Malis */
415 #define IPOPT_UMP (24|IPOPT_COPY|IPOPT_CONTROL) /* Farinacci */
416 #define IPOPT_QS (25|IPOPT_CONTROL) /* RFC 4782 */
417 #define IPOPT_EXP (30|IPOPT_CONTROL) /* RFC 4727 */
418
419
420 /* IP option lengths */
421 #define IPOLEN_SEC_MIN 3
422 #define IPOLEN_LSR_MIN 3
423 #define IPOLEN_TS_MIN 4
424 #define IPOLEN_ESEC_MIN 3
425 #define IPOLEN_CIPSO_MIN 10
426 #define IPOLEN_RR_MIN 3
427 #define IPOLEN_SID 4
428 #define IPOLEN_SSR_MIN 3
429 #define IPOLEN_MTU 4
430 #define IPOLEN_TR 12
431 #define IPOLEN_RA 4
432 #define IPOLEN_SDB_MIN 6
433 #define IPOLEN_QS 8
434 #define IPOLEN_MAX 40
435
436 #define IPSEC_RFC791_UNCLASSIFIED 0x0000
437 #define IPSEC_RFC791_CONFIDENTIAL 0xF135
438 #define IPSEC_RFC791_EFTO 0x789A
439 #define IPSEC_RFC791_MMMM 0xBC4D
440 #define IPSEC_RFC791_PROG 0x5E26
441 #define IPSEC_RFC791_RESTRICTED 0xAF13
442 #define IPSEC_RFC791_SECRET 0xD788
443 #define IPSEC_RFC791_TOPSECRET 0x6BC5
444 #define IPSEC_RFC791_RESERVED1 0x35E2
445 #define IPSEC_RFC791_RESERVED2 0x9AF1
446 #define IPSEC_RFC791_RESERVED3 0x4D78
447 #define IPSEC_RFC791_RESERVED4 0x24BD
448 #define IPSEC_RFC791_RESERVED5 0x135E
449 #define IPSEC_RFC791_RESERVED6 0x89AF
450 #define IPSEC_RFC791_RESERVED7 0xC4D6
451 #define IPSEC_RFC791_RESERVED8 0xE26B
452
453 #define IPSEC_RESERVED4 0x01
454 #define IPSEC_TOPSECRET 0x3D
455 #define IPSEC_SECRET 0x5A
456 #define IPSEC_CONFIDENTIAL 0x96
457 #define IPSEC_RESERVED3 0x66
458 #define IPSEC_RESERVED2 0xCC
459 #define IPSEC_UNCLASSIFIED 0xAB
460 #define IPSEC_RESERVED1 0xF1
461
462 #define IPOPT_TS_TSONLY 0 /* timestamps only */
463 #define IPOPT_TS_TSANDADDR 1 /* timestamps and addresses */
464 #define IPOPT_TS_PRESPEC 3 /* specified modules only */
465
466 #define IPLOCAL_NETWRK_CTRL_BLK_VRRP_ADDR 0xE0000012
467 #define IPLOCAL_NETWRK_CTRL_BLK_VRRP_TTL 0xFF
468 #define IPLOCAL_NETWRK_CTRL_BLK_GLPB_ADDR 0xE0000066
469 #define IPLOCAL_NETWRK_CTRL_BLK_GLPB_TTL 0XFF
470 #define IPLOCAL_NETWRK_CTRL_BLK_MDNS_ADDR 0xE00000FB
471 #define IPLOCAL_NETWRK_CTRL_BLK_MDNS_TTL 0XFF
472 #define IPLOCAL_NETWRK_CTRL_BLK_LLMNR_ADDR 0xE00000FC
473
474 #define IPLOCAL_NETWRK_CTRL_BLK_ANY_TTL 0x1000 /* larger than max ttl */
475 #define IPLOCAL_NETWRK_CTRL_BLK_DEFAULT_TTL 0X01
476
477 static void ip_prompt(packet_info *pinfo, gchar* result)
478 {
479 g_snprintf(result, MAX_DECODE_AS_PROMPT_LEN, "IP protocol %u as",
480 GPOINTER_TO_UINT(p_get_proto_data(pinfo->pool, pinfo, proto_ip, pinfo->curr_layer_num)));
481 }
482
483 static gpointer ip_value(packet_info *pinfo)
484 {
485 return p_get_proto_data(pinfo->pool, pinfo, proto_ip, pinfo->curr_layer_num);
486 }
487
488 static const char* ip_conv_get_filter_type(conv_item_t* conv, conv_filter_type_e filter)
489 {
490 if ((filter == CONV_FT_SRC_ADDRESS) && (conv->src_address.type == AT_IPv4))
491 return "ip.src";
492
493 if ((filter == CONV_FT_DST_ADDRESS) && (conv->dst_address.type == AT_IPv4))
494 return "ip.dst";
495
496 if ((filter == CONV_FT_ANY_ADDRESS) && (conv->src_address.type == AT_IPv4))
497 return "ip.addr";
498
499 return CONV_FILTER_INVALID;
500 }
501
502 static ct_dissector_info_t ip_ct_dissector_info = {&ip_conv_get_filter_type};
503
504 static tap_packet_status
505 ip_conversation_packet(void *pct, packet_info *pinfo, epan_dissect_t *edt _U_, const void *vip)
506 {
507 conv_hash_t *hash = (conv_hash_t*) pct;
508 const ws_ip4 *iph=(const ws_ip4 *)vip;
509
510 add_conversation_table_data(hash, &iph->ip_src, &iph->ip_dst, 0, 0, 1, pinfo->fd->pkt_len, &pinfo->rel_ts, &pinfo->abs_ts, &ip_ct_dissector_info, ENDPOINT_NONE);
511
512 return TAP_PACKET_REDRAW;
513 }
514
515 static const char* ip_host_get_filter_type(hostlist_talker_t* host, conv_filter_type_e filter)
516 {
517 if ((filter == CONV_FT_ANY_ADDRESS) && (host->myaddress.type == AT_IPv4))
518 return "ip.addr";
519
520 return CONV_FILTER_INVALID;
521 }
522
523 static hostlist_dissector_info_t ip_host_dissector_info = {&ip_host_get_filter_type};
524
525 static tap_packet_status
526 ip_hostlist_packet(void *pit, packet_info *pinfo, epan_dissect_t *edt _U_, const void *vip)
527 {
528 conv_hash_t *hash = (conv_hash_t*) pit;
529 const ws_ip4 *iph=(const ws_ip4 *)vip;
530
531 /* Take two "add" passes per packet, adding for each direction, ensures that all
532 packets are counted properly (even if address is sending to itself)
533 XXX - this could probably be done more efficiently inside hostlist_table */
534 add_hostlist_table_data(hash, &iph->ip_src, 0, TRUE, 1, pinfo->fd->pkt_len, &ip_host_dissector_info, ENDPOINT_NONE);
535 add_hostlist_table_data(hash, &iph->ip_dst, 0, FALSE, 1, pinfo->fd->pkt_len, &ip_host_dissector_info, ENDPOINT_NONE);
536 return TAP_PACKET_REDRAW;
537 }
538
539 static gboolean
540 ip_filter_valid(packet_info *pinfo)
541 {
542 return proto_is_frame_protocol(pinfo->layers, "ip");
543 }
544
545 static gchar*
546 ip_build_filter(packet_info *pinfo)
547 {
548 return g_strdup_printf("ip.addr eq %s and ip.addr eq %s",
549 address_to_str(pinfo->pool, &pinfo->net_src),
550 address_to_str(pinfo->pool, &pinfo->net_dst));
551 }
552
553 /*
554 * defragmentation of IPv4
555 */
556 static reassembly_table ip_reassembly_table;
557
558 static gboolean
559 capture_ip(const guchar *pd, int offset, int len, capture_packet_info_t *cpinfo, const union wtap_pseudo_header *pseudo_header _U_) {
560 if (!BYTES_ARE_IN_FRAME(offset, len, IPH_MIN_LEN))
561 return FALSE;
562
563 capture_dissector_increment_count(cpinfo, proto_ip);
564 return try_capture_dissector("ip.proto", pd[offset + 9], pd, offset+IPH_MIN_LEN, len, cpinfo, pseudo_header);
565 }
566
567 static void
568 add_geoip_info_entry(proto_tree *tree, packet_info *pinfo, tvbuff_t *tvb, gint offset, ws_in4_addr ip, int isdst)
569 {
570 const mmdb_lookup_t *lookup = maxmind_db_lookup_ipv4(&ip);
571 if (!lookup->found) return;
572
573 wmem_strbuf_t *summary = wmem_strbuf_new(pinfo->pool, "");
574 if (lookup->city) {
575 wmem_strbuf_append(summary, lookup->city);
576 }
577 if (lookup->country_iso) {
578 if (wmem_strbuf_get_len(summary) > 0) wmem_strbuf_append(summary, ", ");
579 wmem_strbuf_append(summary, lookup->country_iso);
580 } else if (lookup->country) {
581 if (wmem_strbuf_get_len(summary) > 0) wmem_strbuf_append(summary, ", ");
582 wmem_strbuf_append(summary, lookup->country);
583 }
584 if (lookup->as_number > 0) {
585 if (wmem_strbuf_get_len(summary) > 0) wmem_strbuf_append(summary, ", ");
586 wmem_strbuf_append_printf(summary, "ASN %u", lookup->as_number);
587 }
588 if (lookup->as_org) {
589 if (wmem_strbuf_get_len(summary) > 0) wmem_strbuf_append(summary, ", ");
590 wmem_strbuf_append(summary, lookup->as_org);
591 }
592
593 int addr_offset = offset + isdst ? IPH_DST : IPH_SRC;
594 int dir_hf = isdst ? hf_geoip_dst_summary : hf_geoip_src_summary;
595 proto_item *geoip_info_item = proto_tree_add_string(tree, dir_hf, tvb, addr_offset, 4, wmem_strbuf_finalize(summary));
596 proto_item_set_generated(geoip_info_item);
597 proto_tree *geoip_info_tree = proto_item_add_subtree(geoip_info_item, ett_geoip_info);
598
599 proto_item *item;
600
601 if (lookup->city) {
602 dir_hf = isdst ? hf_geoip_dst_city : hf_geoip_src_city;
603 item = proto_tree_add_string(geoip_info_tree, dir_hf, tvb, addr_offset, 4, lookup->city);
604 proto_item_set_generated(item);
605 item = proto_tree_add_string(geoip_info_tree, hf_geoip_city, tvb, addr_offset, 4, lookup->city);
606 proto_item_set_generated(item);
607 }
608
609 if (lookup->country) {
610 dir_hf = isdst ? hf_geoip_dst_country : hf_geoip_src_country;
611 item = proto_tree_add_string(geoip_info_tree, dir_hf, tvb, addr_offset, 4, lookup->country);
612 proto_item_set_generated(item);
613 item = proto_tree_add_string(geoip_info_tree, hf_geoip_country, tvb, addr_offset, 4, lookup->country);
614 proto_item_set_generated(item);
615 }
616
617 if (lookup->country_iso) {
618 dir_hf = isdst ? hf_geoip_dst_country_iso : hf_geoip_src_country_iso;
619 item = proto_tree_add_string(geoip_info_tree, dir_hf, tvb, addr_offset, 4, lookup->country_iso);
620 proto_item_set_generated(item);
621 item = proto_tree_add_string(geoip_info_tree, hf_geoip_country_iso, tvb, addr_offset, 4, lookup->country_iso);
622 proto_item_set_generated(item);
623 }
624
625 if (lookup->as_number > 0) {
626 dir_hf = isdst ? hf_geoip_dst_as_number : hf_geoip_src_as_number;
627 item = proto_tree_add_uint(geoip_info_tree, dir_hf, tvb, addr_offset, 4, lookup->as_number);
628 proto_item_set_generated(item);
629 item = proto_tree_add_uint(geoip_info_tree, hf_geoip_as_number, tvb, addr_offset, 4, lookup->as_number);
630 proto_item_set_generated(item);
631 }
632
633 if (lookup->as_org) {
634 dir_hf = isdst ? hf_geoip_dst_as_org : hf_geoip_src_as_org;
635 item = proto_tree_add_string(geoip_info_tree, dir_hf, tvb, addr_offset, 4, lookup->as_org);
636 proto_item_set_generated(item);
637 item = proto_tree_add_string(geoip_info_tree, hf_geoip_as_org, tvb, addr_offset, 4, lookup->as_org);
638 proto_item_set_generated(item);
639 }
640
641 if (lookup->latitude >= -90.0 && lookup->latitude <= 90.0) {
642 dir_hf = isdst ? hf_geoip_dst_latitude : hf_geoip_src_latitude;
643 item = proto_tree_add_double(geoip_info_tree, dir_hf, tvb, addr_offset, 4, lookup->latitude);
644 proto_item_set_generated(item);
645 item = proto_tree_add_double(geoip_info_tree, hf_geoip_latitude, tvb, addr_offset, 4, lookup->latitude);
646 proto_item_set_generated(item);
647 }
648
649 if (lookup->longitude >= -180.0 && lookup->longitude <= 180.0) {
650 dir_hf = isdst ? hf_geoip_dst_longitude : hf_geoip_src_longitude;
651 item = proto_tree_add_double(geoip_info_tree, dir_hf, tvb, addr_offset, 4, lookup->longitude);
652 proto_item_set_generated(item);
653 item = proto_tree_add_double(geoip_info_tree, hf_geoip_longitude, tvb, addr_offset, 4, lookup->longitude);
654 proto_item_set_generated(item);
655 }
656 }
657
658 static void
659 add_geoip_info(proto_tree *tree, packet_info *pinfo, tvbuff_t *tvb, gint offset, guint32 src32,
660 guint32 dst32)
661 {
662 add_geoip_info_entry(tree, pinfo, tvb, offset, g_htonl(src32), FALSE);
663 add_geoip_info_entry(tree, pinfo, tvb, offset, g_htonl(dst32), TRUE);
664 }
665
666 const value_string ipopt_type_class_vals[] = {
667 {(IPOPT_CONTROL & IPOPT_CLASS_MASK) >> 5, "Control"},
668 {(IPOPT_RESERVED1 & IPOPT_CLASS_MASK) >> 5, "Reserved for future use"},
669 {(IPOPT_MEASUREMENT & IPOPT_CLASS_MASK) >> 5, "Debugging and measurement"},
670 {(IPOPT_RESERVED2 & IPOPT_CLASS_MASK) >> 5, "Reserved for future use"},
671 {0, NULL}
672 };
673
674 const value_string ipopt_type_number_vals[] = {
675 {IPOPT_EOOL & IPOPT_NUMBER_MASK, "End of Option List (EOL)"},
676 {IPOPT_NOP & IPOPT_NUMBER_MASK, "No-Operation (NOP)"},
677 {IPOPT_SEC & IPOPT_NUMBER_MASK, "Security"},
678 {IPOPT_LSR & IPOPT_NUMBER_MASK, "Loose source route"},
679 {IPOPT_TS & IPOPT_NUMBER_MASK, "Time stamp"},
680 {IPOPT_ESEC & IPOPT_NUMBER_MASK, "Extended security"},
681 {IPOPT_CIPSO & IPOPT_NUMBER_MASK, "Commercial IP security option"},
682 {IPOPT_RR & IPOPT_NUMBER_MASK, "Record route"},
683 {IPOPT_SID & IPOPT_NUMBER_MASK, "Stream identifier"},
684 {IPOPT_SSR & IPOPT_NUMBER_MASK, "Strict source route"},
685 {IPOPT_ZSU & IPOPT_NUMBER_MASK, "Experimental Measurement"},
686 {IPOPT_MTUP & IPOPT_NUMBER_MASK, "MTU probe"},
687 {IPOPT_MTUR & IPOPT_NUMBER_MASK, "MTU Reply"},
688 {IPOPT_FINN & IPOPT_NUMBER_MASK, "Experimental Flow Control"},
689 {IPOPT_VISA & IPOPT_NUMBER_MASK, "Experimental Access Control"},
690 {IPOPT_ENCODE & IPOPT_NUMBER_MASK, "Ask Estrin"},
691 {IPOPT_IMITD & IPOPT_NUMBER_MASK, "IMI Traffic Descriptor"},
692 {IPOPT_EIP & IPOPT_NUMBER_MASK, "Extended Internet Protocol"},
693 {IPOPT_TR & IPOPT_NUMBER_MASK, "Traceroute"},
694 {IPOPT_ADDEXT & IPOPT_NUMBER_MASK, "Address Extension"},
695 {IPOPT_RTRALT & IPOPT_NUMBER_MASK, "Router Alert"},
696 {IPOPT_SDB & IPOPT_NUMBER_MASK, "Selective Directed Broadcast"},
697 {IPOPT_UN & IPOPT_NUMBER_MASK, "Unassigned"},
698 {IPOPT_DPS & IPOPT_NUMBER_MASK, "Dynamic Packet State"},
699 {IPOPT_UMP & IPOPT_NUMBER_MASK, "Upstream Multicast Packet"},
700 {IPOPT_QS & IPOPT_NUMBER_MASK, "Quick-Start"},
701 {IPOPT_EXP & IPOPT_NUMBER_MASK, "RFC 3692-style experiment"},
702 {0, NULL}
703 };
704
705 static void
706 dissect_ipopt_type(tvbuff_t *tvb, int offset, proto_tree *tree)
707 {
708 proto_tree *type_tree;
709 proto_item *ti;
710
711 ti = proto_tree_add_item(tree, hf_ip_opt_type, tvb, offset, 1, ENC_NA);
712 type_tree = proto_item_add_subtree(ti, ett_ip_opt_type);
713 proto_tree_add_item(type_tree, hf_ip_opt_type_copy, tvb, offset, 1, ENC_NA);
714 proto_tree_add_item(type_tree, hf_ip_opt_type_class, tvb, offset, 1, ENC_NA);
715 proto_tree_add_item(type_tree, hf_ip_opt_type_number, tvb, offset, 1, ENC_NA);
716 }
717
718 static proto_tree*
719 ip_fixed_option_header(proto_tree* tree, packet_info *pinfo, tvbuff_t *tvb, int proto, int ett, proto_item** ti, guint len, guint optlen)
720 {
721 proto_tree *field_tree;
722 proto_item *tf;
723
724 *ti = proto_tree_add_item(tree, proto, tvb, 0, optlen, ENC_NA);
725 field_tree = proto_item_add_subtree(*ti, ett);
726 proto_item_append_text(*ti, " (%u bytes)", len);
727
728 dissect_ipopt_type(tvb, 0, field_tree);
729 tf = proto_tree_add_item(field_tree, hf_ip_opt_len, tvb, 1, 1, ENC_NA);
730
731 if (len != optlen) {
732 /* Bogus - option length isn't what it's supposed to be for this option. */
733 expert_add_info_format(pinfo, tf, &ei_ip_opt_len_invalid,
734 "%s (with option length = %u byte%s; should be %u)",
735 proto_get_protocol_short_name(find_protocol_by_id(proto)),
736 optlen, plurality(optlen, "", "s"), len);
737 }
738
739 return field_tree;
740 }
741
742 static proto_tree*
743 ip_var_option_header(proto_tree* tree, packet_info *pinfo, tvbuff_t *tvb, int proto, int ett, proto_item** ti, guint optlen)
744 {
745 proto_tree *field_tree;
746 proto_item *tf;
747
748 *ti = proto_tree_add_item(tree, proto, tvb, 0, optlen, ENC_NA);
749 field_tree = proto_item_add_subtree(*ti, ett);
750 proto_item_append_text(*ti, " (%u bytes)", optlen);
751
752 dissect_ipopt_type(tvb, 0, field_tree);
753 tf = proto_tree_add_item(field_tree, hf_ip_opt_len, tvb, 1, 1, ENC_NA);
754 if (optlen > IPOLEN_MAX)
755 expert_add_info(pinfo, tf, &ei_ip_opt_len_invalid);
756
757 return field_tree;
758 }
759
760 static const value_string secl_rfc791_vals[] = {
761 {IPSEC_RFC791_UNCLASSIFIED, "Unclassified"},
762 {IPSEC_RFC791_CONFIDENTIAL, "Confidential"},
763 {IPSEC_RFC791_EFTO, "EFTO" },
764 {IPSEC_RFC791_MMMM, "MMMM" },
765 {IPSEC_RFC791_PROG, "PROG" },
766 {IPSEC_RFC791_RESTRICTED, "Restricted" },
767 {IPSEC_RFC791_SECRET, "Secret" },
768 {IPSEC_RFC791_TOPSECRET, "Top secret" },
769 {IPSEC_RFC791_RESERVED1, "Reserved" },
770 {IPSEC_RFC791_RESERVED2, "Reserved" },
771 {IPSEC_RFC791_RESERVED3, "Reserved" },
772 {IPSEC_RFC791_RESERVED4, "Reserved" },
773 {IPSEC_RFC791_RESERVED5, "Reserved" },
774 {IPSEC_RFC791_RESERVED6, "Reserved" },
775 {IPSEC_RFC791_RESERVED7, "Reserved" },
776 {IPSEC_RFC791_RESERVED8, "Reserved" },
777 {0, NULL }
778 };
779
780 static const value_string sec_cl_vals[] = {
781 {IPSEC_RESERVED4, "Reserved 4" },
782 {IPSEC_TOPSECRET, "Top secret" },
783 {IPSEC_SECRET, "Secret" },
784 {IPSEC_CONFIDENTIAL, "Confidential"},
785 {IPSEC_RESERVED3, "Reserved 3" },
786 {IPSEC_RESERVED2, "Reserved 2" },
787 {IPSEC_UNCLASSIFIED, "Unclassified"},
788 {IPSEC_RESERVED1, "Reserved 1" },
789 {0, NULL }
790 };
791
792 static const true_false_string ip_opt_sec_prot_auth_flag_tfs = {
793 "Datagram protected in accordance with its rules",
794 "Datagram not protected in accordance with its rules"
795 };
796
797 static const true_false_string ip_opt_sec_prot_auth_fti_tfs = {
798 "Additional octet present",
799 "Final octet"
800 };
801
802 static int * const ip_opt_sec_prot_auth_fields_byte_1[] = {
803 &hf_ip_opt_sec_prot_auth_genser,
804 &hf_ip_opt_sec_prot_auth_siop_esi,
805 &hf_ip_opt_sec_prot_auth_sci,
806 &hf_ip_opt_sec_prot_auth_nsa,
807 &hf_ip_opt_sec_prot_auth_doe,
808 &hf_ip_opt_sec_prot_auth_unassigned,
809 &hf_ip_opt_sec_prot_auth_fti,
810 NULL
811 };
812
813 static int * const ip_opt_sec_prot_auth_fields_byte_n[] = {
814 &hf_ip_opt_sec_prot_auth_unassigned2,
815 &hf_ip_opt_sec_prot_auth_fti,
816 NULL
817 };
818 static int
819 dissect_ipopt_security(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void * data _U_)
820 {
821 proto_tree *field_tree;
822 proto_item *tf;
823 guint val;
824 guint curr_offset = 2;
825 guint optlen = tvb_reported_length(tvb);
826
827 field_tree = ip_var_option_header(tree, pinfo, tvb, proto_ip_option_security, ett_ip_option_sec, &tf, optlen);
828
829 if (optlen == 11) {
830 /* Analyze payload start to decide whether it should be dissected
831 according to RFC 791 or RFC 1108 */
832 val = tvb_get_ntohs(tvb, curr_offset);
833 if (try_val_to_str(val, secl_rfc791_vals)) {
834 /* Dissect as RFC 791 */
835 proto_tree_add_item(field_tree, hf_ip_opt_sec_rfc791_sec,
836 tvb, curr_offset, 2, ENC_BIG_ENDIAN);
837 curr_offset += 2;
838 proto_tree_add_item(field_tree, hf_ip_opt_sec_rfc791_comp,
839 tvb, curr_offset, 2, ENC_BIG_ENDIAN);
840 curr_offset += 2;
841 proto_tree_add_item(field_tree, hf_ip_opt_sec_rfc791_hr,
842 tvb, curr_offset, 2, ENC_ASCII|ENC_NA);
843 curr_offset += 2;
844 proto_tree_add_item(field_tree, hf_ip_opt_sec_rfc791_tcc,
845 tvb, curr_offset, 3, ENC_ASCII|ENC_NA);
846 return curr_offset;
847 }
848 }
849
850 /* Dissect as RFC 108 */
851 proto_tree_add_item(field_tree, hf_ip_opt_sec_cl, tvb, curr_offset, 1, ENC_BIG_ENDIAN);
852 curr_offset++;
853 if (curr_offset >= optlen) {
854 return curr_offset;
855 }
856 val = tvb_get_guint8(tvb, curr_offset);
857 proto_tree_add_bitmask(field_tree, tvb, curr_offset, hf_ip_opt_sec_prot_auth_flags,
858 ett_ip_opt_sec_prot_auth_flags, ip_opt_sec_prot_auth_fields_byte_1,
859 ENC_BIG_ENDIAN);
860 curr_offset++;
861 while (val & 0x01) {
862 if ((val & 0x01) && (curr_offset == optlen)) {
863 expert_add_info(pinfo, tf, &ei_ip_opt_sec_prot_auth_fti);
864 break;
865 }
866 val = tvb_get_guint8(tvb, curr_offset);
867 proto_tree_add_bitmask(field_tree, tvb, curr_offset, hf_ip_opt_sec_prot_auth_flags,
868 ett_ip_opt_sec_prot_auth_flags, ip_opt_sec_prot_auth_fields_byte_n,
869 ENC_BIG_ENDIAN);
870 curr_offset++;
871 }
872 if (curr_offset < optlen) {
873 expert_add_info(pinfo, tf, &ei_ip_extraneous_data);
874 }
875
876 return curr_offset;
877 }
878
879 static int
880 dissect_ipopt_ext_security(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void * data _U_)
881 {
882 proto_tree *field_tree;
883 proto_item *tf;
884 guint curr_offset = 2;
885 gint remaining;
886 gint optlen = tvb_reported_length(tvb);
887
888 field_tree = ip_var_option_header(tree, pinfo, tvb, proto_ip_option_ext_security, ett_ip_option_ext_security, &tf, optlen);
889
890 proto_tree_add_item(field_tree, hf_ip_opt_ext_sec_add_sec_info_format_code, tvb, curr_offset, 1, ENC_BIG_ENDIAN);
891 curr_offset++;
892 remaining = optlen - curr_offset;
893 if (remaining > 0) {
894 proto_tree_add_item(field_tree, hf_ip_opt_ext_sec_add_sec_info, tvb, curr_offset, remaining, ENC_NA);
895 }
896
897 return tvb_captured_length(tvb);
898 }
899
900 /* USHRT_MAX can hold at most 5 (base 10) digits (6 for the NULL byte) */
901 #define USHRT_MAX_STRLEN 6
902
903 /* Maximum CIPSO tag length:
904 * (IP hdr max)60 - (IPv4 hdr std)20 - (CIPSO base)6 = 34 */
905 #define CIPSO_TAG_LEN_MAX 34
906
907 /* The Commercial IP Security Option (CIPSO) is defined in IETF draft
908 * draft-ietf-cipso-ipsecurity-01.txt and FIPS 188, a copy of both documents
909 * can be found at the NetLabel project page, http://netlabel.sf.net or at
910 * https://tools.ietf.org/html/draft-ietf-cipso-ipsecurity-01 */
911 static const value_string cipso_tag_type_vals[] = {
912 {0, "Padding"},
913 {1, "Restrictive Category Bitmap"},
914 {2, "Enumerated Categories"},
915 {5, "Ranged Categories"},
916 {6, "Permissive Categories"},
917 {7, "Free Form"},
918
919 { 0, NULL }
920 };
921
922 static int
923 dissect_ipopt_cipso(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void * data _U_)
924 {
925 proto_tree *field_tree;
926 proto_item *tf, *tag_item;
927 guint tagtype, taglen;
928 gint offset = 2,
929 optlen = tvb_reported_length(tvb);
930 int offset_max = optlen;
931
932 field_tree = ip_var_option_header(tree, pinfo, tvb, proto_ip_option_cipso, ett_ip_option_cipso, &tf, optlen);
933
934 proto_tree_add_item(field_tree, hf_ip_cipso_doi, tvb, offset, 4, ENC_BIG_ENDIAN);
935 offset += 4;
936
937 /* loop through all of the tags in the CIPSO option */
938 while (offset < offset_max) {
939 tagtype = tvb_get_guint8(tvb, offset);
940 tag_item = proto_tree_add_item(field_tree, hf_ip_cipso_tag_type, tvb, offset, 1, ENC_NA);
941
942 if ((offset + 1) < offset_max)
943 taglen = tvb_get_guint8(tvb, offset + 1);
944 else
945 taglen = 1;
946
947 switch (tagtype) {
948 case 0:
949 /* padding - skip this tag */
950 offset += 1;
951 continue;
952 case 1:
953 /* restrictive bitmap, see CIPSO draft section 3.4.2 for tag format */
954 if ((taglen < 4) || (taglen > CIPSO_TAG_LEN_MAX) ||
955 ((offset + (int)taglen - 1) > offset_max)) {
956 expert_add_info(pinfo, tag_item, &ei_ip_cipso_tag);
957 return offset;
958 }
959
960 /* skip past alignment octet */
961 offset += 3;
962
963 proto_tree_add_item(field_tree, hf_ip_cipso_sensitivity_level, tvb, offset, 1, ENC_NA);
964 offset += 1;
965
966 if (taglen > 4) {
967 guint bit_spot = 0;
968 guint byte_spot = 0;
969 unsigned char bitmask;
970 char *cat_str;
971 char *cat_str_tmp = (char *)wmem_alloc(pinfo->pool, USHRT_MAX_STRLEN);
972 size_t cat_str_len;
973 const guint8 *val_ptr = tvb_get_ptr(tvb, offset, taglen - 4);
974
975 /* this is just a guess regarding string size, but we grow it below
976 * if needed */
977 cat_str_len = 256;
978 cat_str = (char *)wmem_alloc0(pinfo->pool, cat_str_len);
979
980 /* we checked the length above so the highest category value
981 * possible here is 240 */
982 while (byte_spot < (taglen - 4)) {
983 bitmask = 0x80;
984 bit_spot = 0;
985 while (bit_spot < 8) {
986 if (val_ptr[byte_spot] & bitmask) {
987 g_snprintf(cat_str_tmp, USHRT_MAX_STRLEN, "%u",
988 byte_spot * 8 + bit_spot);
989 if (cat_str_len < (strlen(cat_str) + 2 + USHRT_MAX_STRLEN)) {
990 char *cat_str_new;
991
992 while (cat_str_len < (strlen(cat_str) + 2 + USHRT_MAX_STRLEN))
993 cat_str_len += cat_str_len;
994 cat_str_new = (char *)wmem_alloc(pinfo->pool, cat_str_len);
995 (void) g_strlcpy(cat_str_new, cat_str, cat_str_len);
996 cat_str_new[cat_str_len - 1] = '\0';
997 cat_str = cat_str_new;
998 }
999 if (cat_str[0] != '\0')
1000 (void) g_strlcat(cat_str, ",", cat_str_len);
1001 (void) g_strlcat(cat_str, cat_str_tmp, cat_str_len);
1002 }
1003 bit_spot++;
1004 bitmask >>= 1;
1005 }
1006 byte_spot++;
1007 }
1008
1009 if (cat_str)
1010 proto_tree_add_string(field_tree, hf_ip_cipso_categories, tvb, offset, taglen - 4, cat_str);
1011 else
1012 proto_tree_add_string(field_tree, hf_ip_cipso_categories, tvb, offset, taglen - 4, "ERROR PARSING CATEGORIES");
1013 offset += taglen - 4;
1014 }
1015 break;
1016 case 2:
1017 /* enumerated categories, see CIPSO draft section 3.4.3 for tag format */
1018 if ((taglen < 4) || (taglen > CIPSO_TAG_LEN_MAX) ||
1019 ((offset + (int)taglen - 1) > offset_max)) {
1020 expert_add_info(pinfo, tag_item, &ei_ip_cipso_tag);
1021 return offset;
1022 }
1023
1024 /* skip past alignment octet */
1025 offset += 3;
1026
1027 /* sensitivity level */
1028 proto_tree_add_item(field_tree, hf_ip_cipso_sensitivity_level, tvb, offset, 1, ENC_NA);
1029 offset += 1;
1030
1031 if (taglen > 4) {
1032 int offset_max_cat = offset + taglen - 4;
1033 char *cat_str = (char *)wmem_alloc0(pinfo->pool, USHRT_MAX_STRLEN * 15);
1034 char *cat_str_tmp = (char *)wmem_alloc(pinfo->pool, USHRT_MAX_STRLEN);
1035
1036 while ((offset + 2) <= offset_max_cat) {
1037 g_snprintf(cat_str_tmp, USHRT_MAX_STRLEN, "%u",
1038 tvb_get_ntohs(tvb, offset));
1039 offset += 2;
1040 if (cat_str[0] != '\0')
1041 (void) g_strlcat(cat_str, ",", USHRT_MAX_STRLEN * 15);
1042 (void) g_strlcat(cat_str, cat_str_tmp, USHRT_MAX_STRLEN * 15);
1043 }
1044
1045 proto_tree_add_string(field_tree, hf_ip_cipso_categories, tvb, offset - taglen + 4, taglen - 4, cat_str);
1046 }
1047 break;
1048 case 5:
1049 /* ranged categories, see CIPSO draft section 3.4.4 for tag format */
1050 if ((taglen < 4) || (taglen > CIPSO_TAG_LEN_MAX) ||
1051 ((offset + (int)taglen - 1) > offset_max)) {
1052 expert_add_info(pinfo, tag_item, &ei_ip_cipso_tag);
1053 return offset;
1054 }
1055
1056 /* skip past alignment octet */
1057 offset += 3;
1058
1059 /* sensitivity level */
1060 proto_tree_add_item(field_tree, hf_ip_cipso_sensitivity_level, tvb, offset, 1, ENC_NA);
1061 offset += 1;
1062
1063 if (taglen > 4) {
1064 guint16 cat_low, cat_high;
1065 int offset_max_cat = offset + taglen - 4;
1066 char *cat_str = (char *)wmem_alloc0(pinfo->pool, USHRT_MAX_STRLEN * 16);
1067 char *cat_str_tmp = (char *)wmem_alloc(pinfo->pool, USHRT_MAX_STRLEN * 2);
1068
1069 while ((offset + 2) <= offset_max_cat) {
1070 cat_high = tvb_get_ntohs(tvb, offset);
1071 if ((offset + 4) <= offset_max_cat) {
1072 cat_low = tvb_get_ntohs(tvb, offset + 2);
1073 offset += 4;
1074 } else {
1075 cat_low = 0;
1076 offset += 2;
1077 }
1078 if (cat_low != cat_high)
1079 g_snprintf(cat_str_tmp, USHRT_MAX_STRLEN * 2, "%u-%u",
1080 cat_high, cat_low);
1081 else
1082 g_snprintf(cat_str_tmp, USHRT_MAX_STRLEN * 2, "%u", cat_high);
1083
1084 if (cat_str[0] != '\0')
1085 (void) g_strlcat(cat_str, ",", USHRT_MAX_STRLEN * 16);
1086 (void) g_strlcat(cat_str, cat_str_tmp, USHRT_MAX_STRLEN * 16);
1087 }
1088
1089 proto_tree_add_string(field_tree, hf_ip_cipso_categories, tvb, offset - taglen + 4, taglen - 4, cat_str);
1090 }
1091 break;
1092 case 6:
1093 /* permissive categories, see FIPS 188 section 6.9 for tag format */
1094 if ((taglen < 4) || (taglen > CIPSO_TAG_LEN_MAX) ||
1095 ((offset + (int)taglen - 1) > offset_max)) {
1096 expert_add_info(pinfo, tag_item, &ei_ip_cipso_tag);
1097 return offset;
1098 }
1099
1100 proto_tree_add_item(field_tree, hf_ip_cipso_tag_data, tvb, offset + 2, taglen - 2, ENC_NA);
1101 offset += taglen;
1102 break;
1103 case 7:
1104 /* free form, see FIPS 188 section 6.10 for tag format */
1105 if ((taglen < 2) || (taglen > CIPSO_TAG_LEN_MAX) ||
1106 ((offset + (int)taglen - 1) > offset_max)) {
1107 expert_add_info(pinfo, tag_item, &ei_ip_cipso_tag);
1108 return offset;
1109 }
1110
1111 proto_tree_add_item(field_tree, hf_ip_cipso_tag_data, tvb, offset + 2, taglen - 2, ENC_NA);
1112 offset += taglen;
1113 break;
1114 default:
1115 /* unknown tag - stop parsing this IPv4 option */
1116 if ((offset + 1) <= offset_max) {
1117 taglen = tvb_get_guint8(tvb, offset + 1);
1118 proto_item_append_text(tag_item, " (%u bytes)", taglen);
1119 return offset;
1120 }
1121 return offset;
1122 }
1123 }
1124
1125 return offset;
1126 }
1127
1128 static void
1129 dissect_option_route(proto_tree *tree, tvbuff_t *tvb, int offset, int hf,
1130 int hf_host, gboolean next)
1131 {
1132 proto_item *ti;
1133 guint32 route;
1134
1135 route = tvb_get_ipv4(tvb, offset);
1136 if (next)
1137 proto_tree_add_ipv4_format_value(tree, hf, tvb, offset, 4, route,
1138 "%s <- (next)",
1139 tvb_ip_to_str(wmem_packet_scope(), tvb, offset));
1140 else
1141 proto_tree_add_ipv4(tree, hf, tvb, offset, 4, route);
1142 ti = proto_tree_add_string(tree, hf_host, tvb, offset, 4, get_hostname(route));
1143 proto_item_set_generated(ti);
1144 proto_item_set_hidden(ti);
1145 }
1146
1147 static int
1148 dissect_ipopt_route(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int proto, int optlen_min)
1149 {
1150 proto_tree *field_tree;
1151 proto_item *tf;
1152 guint8 len, ptr;
1153 int optoffset = 0;
1154 gint offset = 0,
1155 optlen = tvb_reported_length(tvb);
1156
1157 field_tree = ip_var_option_header(tree, pinfo, tvb, proto, ett_ip_option_route, &tf, optlen);
1158
1159 ptr = tvb_get_guint8(tvb, offset + 2);
1160 tf = proto_tree_add_item(field_tree, hf_ip_opt_ptr, tvb, offset + 2, 1, ENC_NA);
1161 if ((ptr < (optlen_min + 1)) || (ptr & 3)) {
1162 if (ptr < (optlen_min + 1)) {
1163 expert_add_info(pinfo, tf, &ei_ip_opt_ptr_before_address);
1164 }
1165 else {
1166 expert_add_info(pinfo, tf, &ei_ip_opt_ptr_middle_address);
1167 }
1168 return optlen_min;
1169 }
1170
1171 len = optlen;
1172 optoffset = 3; /* skip past type, length and pointer */
1173 for (optlen -= 3; optlen > 0; optlen -= 4, optoffset += 4) {
1174 if (optlen < 4) {
1175 expert_add_info(pinfo, tf, &ei_ip_subopt_too_long);
1176 break;
1177 }
1178
1179 if (ptr > len) {
1180 /* This is a recorded route */
1181 dissect_option_route(field_tree, tvb, offset + optoffset, hf_ip_rec_rt,
1182 hf_ip_rec_rt_host, FALSE);
1183 } else if (optoffset == (len - 4)) {
1184 /* This is the the destination */
1185 proto_item *item;
1186 guint32 addr;
1187 const char *dst_host;
1188
1189 addr = tvb_get_ipv4(tvb, offset + optoffset);
1190 dst_host = get_hostname(addr);
1191 proto_tree_add_ipv4(field_tree, hf_ip_dst, tvb,
1192 offset + optoffset, 4, addr);
1193 item = proto_tree_add_ipv4(field_tree, hf_ip_addr, tvb,
1194 offset + optoffset, 4, addr);
1195 proto_item_set_hidden(item);
1196 item = proto_tree_add_string(field_tree, hf_ip_dst_host, tvb,
1197 offset + optoffset, 4, dst_host);
1198 proto_item_set_generated(item);
1199 proto_item_set_hidden(item);
1200 item = proto_tree_add_string(field_tree, hf_ip_host, tvb,
1201 offset + optoffset, 4, dst_host);
1202 proto_item_set_generated(item);
1203 proto_item_set_hidden(item);
1204 } else if ((optoffset + 1) < ptr) {
1205 /* This is also a recorded route */
1206 dissect_option_route(field_tree, tvb, offset + optoffset, hf_ip_rec_rt,
1207 hf_ip_rec_rt_host, FALSE);
1208 } else if ((optoffset + 1) == ptr) {
1209 /* This is the next source route. TODO: Should we use separate hf's
1210 * for this, such as hf_ip_next_rt and hf_ip_next_rt_host and avoid
1211 * having to pass TRUE/FALSE to dissect_option_route()? */
1212 dissect_option_route(field_tree, tvb, offset + optoffset, hf_ip_src_rt,
1213 hf_ip_src_rt_host, TRUE);
1214 } else {
1215 /* This must be a source route */
1216 dissect_option_route(field_tree, tvb, offset + optoffset, hf_ip_src_rt,
1217 hf_ip_src_rt_host, FALSE);
1218 }
1219 }
1220
1221 return tvb_captured_length(tvb);
1222 }
1223
1224 static int
1225 dissect_ipopt_loose_route(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void * data _U_)
1226 {
1227 return dissect_ipopt_route(tvb, pinfo, tree, proto_ip_option_route, IPOLEN_LSR_MIN);
1228 }
1229
1230 static int
1231 dissect_ipopt_source_route(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void * data _U_)
1232 {
1233 return dissect_ipopt_route(tvb, pinfo, tree, proto_ip_option_source_route, IPOLEN_SSR_MIN);
1234
1235 }
1236
1237 static int
1238 dissect_ipopt_record_route(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void * data _U_)
1239 {
1240 proto_tree *field_tree;
1241 proto_item *tf;
1242 guint8 len, ptr;
1243 int optoffset = 0;
1244 gint offset = 0,
1245 optlen = tvb_reported_length(tvb);
1246
1247 field_tree = ip_var_option_header(tree, pinfo, tvb, proto_ip_option_record_route, ett_ip_option_route, &tf, optlen);
1248
1249 ptr = tvb_get_guint8(tvb, offset + 2);
1250 tf = proto_tree_add_item(field_tree, hf_ip_opt_ptr, tvb, offset + 2, 1, ENC_NA);
1251
1252 if ((ptr < (IPOLEN_RR_MIN + 1)) || (ptr & 3)) {
1253 if (ptr < (IPOLEN_RR_MIN + 1)) {
1254 expert_add_info(pinfo, tf, &ei_ip_opt_ptr_before_address);
1255 }
1256 else {
1257 expert_add_info(pinfo, tf, &ei_ip_opt_ptr_middle_address);
1258 }
1259 return IPOLEN_RR_MIN;
1260 }
1261
1262 len = optlen;
1263 optoffset = 3; /* skip past type, length and pointer */
1264 for (optlen -= 3; optlen > 0; optlen -= 4, optoffset += 4) {
1265 if (optlen < 4) {
1266 expert_add_info(pinfo, tf, &ei_ip_subopt_too_long);
1267 break;
1268 }
1269
1270 if (ptr > len) {
1271 /* The recorded route data area is full. */
1272 dissect_option_route(field_tree, tvb, offset + optoffset, hf_ip_rec_rt,
1273 hf_ip_rec_rt_host, FALSE);
1274 } else if ((optoffset + 1) < ptr) {
1275 /* This is a recorded route */
1276 dissect_option_route(field_tree, tvb, offset + optoffset, hf_ip_rec_rt,
1277 hf_ip_rec_rt_host, FALSE);
1278 } else if ((optoffset + 1) == ptr) {
1279 /* This is the next available slot. TODO: Should we use separate hf's
1280 * for this, such as hf_ip_next_rt and hf_ip_next_rt_host and avoid
1281 * having to pass TRUE/FALSE to dissect_option_route()? */
1282 dissect_option_route(field_tree, tvb, offset + optoffset, hf_ip_empty_rt,
1283 hf_ip_empty_rt_host, TRUE);
1284 } else {
1285 /* This must be an available slot too. */
1286 dissect_option_route(field_tree, tvb, offset + optoffset, hf_ip_empty_rt,
1287 hf_ip_empty_rt_host, FALSE);
1288 }
1289 }
1290
1291 return tvb_captured_length(tvb);
1292 }
1293
1294 /* Stream Identifier */
1295 static int
1296 dissect_ipopt_sid(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void * data _U_)
1297 {
1298 proto_tree *field_tree;
1299 proto_item *tf;
1300
1301 field_tree = ip_fixed_option_header(tree, pinfo, tvb, proto_ip_option_sid, ett_ip_option_sid, &tf, IPOLEN_SID, tvb_reported_length(tvb));
1302
1303 proto_tree_add_item(field_tree, hf_ip_opt_sid, tvb, 2, 2, ENC_BIG_ENDIAN);
1304 return tvb_captured_length(tvb);
1305 }
1306
1307 /* RFC 1063: MTU Probe and MTU Reply */
1308 static int
1309 dissect_ipopt_mtu(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int proto)
1310 {
1311 proto_tree *field_tree;
1312 proto_item *tf;
1313
1314 field_tree = ip_fixed_option_header(tree, pinfo, tvb, proto, ett_ip_option_mtu, &tf, IPOLEN_MTU, tvb_reported_length(tvb));
1315
1316 proto_tree_add_item(field_tree, hf_ip_opt_mtu, tvb, 2, 2, ENC_BIG_ENDIAN);
1317 return tvb_captured_length(tvb);
1318 }
1319
1320 static int
1321 dissect_ipopt_mtu_probe(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _U_)
1322 {
1323 return dissect_ipopt_mtu(tvb, pinfo, tree, proto_ip_option_mtu_probe);
1324 }
1325
1326 static int
1327 dissect_ipopt_mtu_reply(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _U_)
1328 {
1329 return dissect_ipopt_mtu(tvb, pinfo, tree, proto_ip_option_mtu_reply);
1330 }
1331
1332 /* RFC 1393: Traceroute */
1333 static int
1334 dissect_ipopt_tr(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void * data _U_)
1335 {
1336 proto_tree *field_tree;
1337 proto_item *tf;
1338 gint offset = 2;
1339
1340 field_tree = ip_fixed_option_header(tree, pinfo, tvb, proto_ip_option_traceroute, ett_ip_option_tr, &tf, IPOLEN_TR, tvb_reported_length(tvb));
1341
1342 proto_tree_add_item(field_tree, hf_ip_opt_id_number, tvb, offset, 2, ENC_BIG_ENDIAN);
1343 proto_tree_add_item(field_tree, hf_ip_opt_ohc, tvb, offset + 2, 2, ENC_BIG_ENDIAN);
1344 proto_tree_add_item(field_tree, hf_ip_opt_rhc, tvb, offset + 4, 2, ENC_BIG_ENDIAN);
1345 proto_tree_add_item(field_tree, hf_ip_opt_originator, tvb, offset + 6, 4, ENC_BIG_ENDIAN);
1346 return tvb_captured_length(tvb);
1347 }
1348
1349 static const value_string ipopt_timestamp_flag_vals[] = {
1350 {IPOPT_TS_TSONLY, "Time stamps only" },
1351 {IPOPT_TS_TSANDADDR, "Time stamp and address" },
1352 {IPOPT_TS_PRESPEC, "Time stamps for prespecified addresses"},
1353 {0, NULL }};
1354
1355 static int
1356 dissect_ipopt_timestamp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void * data _U_)
1357 {
1358 proto_tree *field_tree;
1359 proto_item *tf;
1360 int ptr;
1361 int optoffset = 0;
1362 int flg;
1363 guint32 addr;
1364 gint offset = 0,
1365 optlen = tvb_reported_length(tvb);
1366
1367 field_tree = ip_var_option_header(tree, pinfo, tvb, proto_ip_option_timestamp, ett_ip_option_timestamp, &tf, optlen);
1368
1369 optoffset += 2; /* skip past type and length */
1370 optlen -= 2; /* subtract size of type and length */
1371
1372 ptr = tvb_get_guint8(tvb, offset + optoffset);
1373 proto_tree_add_uint_format_value(field_tree, hf_ip_opt_ptr, tvb, offset + optoffset, 1, ptr, "%d%s",
1374 ptr, ((ptr == 1) ? " (header is full)" :
1375 (ptr < 5) ? " (points before first address)" :
1376 (((ptr - 1) & 3) ? " (points to middle of field)" : "")));
1377 optoffset++;
1378 optlen--;
1379 ptr--; /* ptr is 1-origin */
1380
1381 flg = tvb_get_guint8(tvb, offset + optoffset);
1382 proto_tree_add_item(field_tree, hf_ip_opt_overflow, tvb, offset + optoffset, 1, ENC_NA);
1383 flg &= 0xF;
1384 proto_tree_add_item(field_tree, hf_ip_opt_flag, tvb, offset + optoffset, 1, ENC_NA);
1385 optoffset++;
1386 optlen--;
1387
1388 while (optlen > 0) {
1389 if (flg == IPOPT_TS_TSANDADDR || flg == IPOPT_TS_PRESPEC) {
1390 if (optlen < 8) {
1391 proto_tree_add_expert(field_tree, pinfo, &ei_ip_subopt_too_long, tvb, offset + optoffset, optlen);
1392 break;
1393 }
1394 addr = tvb_get_ipv4(tvb, offset + optoffset);
1395 proto_tree_add_ipv4_format_value(field_tree, hf_ip_opt_time_stamp_addr, tvb, offset + optoffset, 4, addr,
1396 "%s", ((addr == 0) ? "-" : get_hostname(addr)));
1397 optoffset += 4;
1398 optlen -= 4;
1399
1400 proto_tree_add_item(field_tree, hf_ip_opt_time_stamp, tvb, offset + optoffset, 4, ENC_BIG_ENDIAN);
1401 optoffset += 4;
1402 optlen -= 4;
1403 } else {
1404 if (optlen < 4) {
1405 proto_tree_add_expert(field_tree, pinfo, &ei_ip_subopt_too_long, tvb, offset + optoffset, optlen);
1406 break;
1407 }
1408 proto_tree_add_item(field_tree, hf_ip_opt_time_stamp, tvb, offset + optoffset, 4, ENC_BIG_ENDIAN);
1409 optoffset += 4;
1410 optlen -= 4;
1411 }
1412 }
1413
1414 return tvb_captured_length(tvb);
1415 }
1416
1417 /* Router Alert */
1418 static const range_string ra_rvals[] = {
1419 {0, 0, "Router shall examine packet"},
1420 {1, 65535, "Reserved"},
1421 {0, 0, NULL}
1422 };
1423
1424 static int
1425 dissect_ipopt_ra(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void * data _U_)
1426 {
1427 /* Router-Alert, as defined by RFC2113 */
1428 proto_tree *field_tree;
1429 proto_item *tf;
1430 guint32 value;
1431
1432 field_tree = ip_fixed_option_header(tree, pinfo, tvb, proto_ip_option_routeralert, ett_ip_option_ra, &tf, IPOLEN_RA, tvb_reported_length(tvb));
1433
1434 proto_tree_add_item_ret_uint(field_tree, hf_ip_opt_ra, tvb, 2, 2, ENC_BIG_ENDIAN, &value);
1435 proto_item_append_text(tf, ": %s (%u)", rval_to_str(value, ra_rvals, "Unknown (%u)"), value);
1436 return tvb_captured_length(tvb);
1437 }
1438
1439 /* RFC 1770: Selective Directed Broadcast */
1440 static int
1441 dissect_ipopt_sdb(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void * data _U_)
1442 {
1443 proto_tree *field_tree;
1444 proto_item *tf;
1445 gint offset = 0,
1446 optlen = tvb_reported_length(tvb);
1447
1448 field_tree = ip_var_option_header(tree, pinfo, tvb, proto_ip_option_sdb, ett_ip_option_sdb, &tf, optlen);
1449
1450 for (offset += 2, optlen -= 2; optlen >= 4; offset += 4, optlen -= 4)
1451 proto_tree_add_item(field_tree, hf_ip_opt_addr, tvb, offset, 4, ENC_BIG_ENDIAN);
1452
1453 if (optlen > 0)
1454 proto_tree_add_item(field_tree, hf_ip_opt_padding, tvb, offset, optlen, ENC_NA);
1455
1456 return tvb_captured_length(tvb);
1457 }
1458
1459 const value_string qs_func_vals[] = {
1460 {QS_RATE_REQUEST, "Rate request"},
1461 {QS_RATE_REPORT, "Rate report"},
1462 {0, NULL}
1463 };
1464
1465 static const value_string qs_rate_vals[] = {
1466 { 0, "0 bit/s"},
1467 { 1, "80 Kbit/s"},
1468 { 2, "160 Kbit/s"},
1469 { 3, "320 Kbit/s"},
1470 { 4, "640 Kbit/s"},
1471 { 5, "1.28 Mbit/s"},
1472 { 6, "2.56 Mbit/s"},
1473 { 7, "5.12 Mbit/s"},
1474 { 8, "10.24 Mbit/s"},
1475 { 9, "20.48 Mbit/s"},
1476 {10, "40.96 Mbit/s"},
1477 {11, "81.92 Mbit/s"},
1478 {12, "163.84 Mbit/s"},
1479 {13, "327.68 Mbit/s"},
1480 {14, "655.36 Mbit/s"},
1481 {15, "1.31072 Gbit/s"},
1482 {0, NULL}
1483 };
1484 value_string_ext qs_rate_vals_ext = VALUE_STRING_EXT_INIT(qs_rate_vals);
1485
1486 static int
1487 dissect_ipopt_qs(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void * data)
1488 {
1489 proto_tree *field_tree;
1490 proto_item *tf;
1491 proto_item *ti;
1492 ws_ip4 *iph = (ws_ip4 *)data;
1493 gint offset = 2;
1494
1495 guint8 command = tvb_get_guint8(tvb, offset);
1496 guint8 function = command >> 4;
1497 guint8 rate = command & QS_RATE_MASK;
1498 guint8 ttl_diff;
1499
1500 field_tree = ip_fixed_option_header(tree, pinfo, tvb, proto_ip_option_qs, ett_ip_option_qs, &tf, IPOLEN_QS, tvb_reported_length(tvb));
1501 proto_item_append_text(tf, ": %s (%u)", val_to_str(function, qs_func_vals, "Unknown (%u)"), function);
1502
1503 proto_tree_add_item(field_tree, hf_ip_opt_qs_func, tvb, offset, 1, ENC_NA);
1504
1505 if (function == QS_RATE_REQUEST) {
1506 proto_tree_add_item(field_tree, hf_ip_opt_qs_rate, tvb, offset, 1, ENC_NA);
1507 proto_tree_add_item(field_tree, hf_ip_opt_qs_ttl, tvb, offset + 1, 1, ENC_NA);
1508 ttl_diff = (iph->ip_ttl - tvb_get_guint8(tvb, offset + 1) % 256);
1509 ti = proto_tree_add_uint(field_tree, hf_ip_opt_qs_ttl_diff,
1510 tvb, offset + 1, 1, ttl_diff);
1511 proto_item_set_generated(ti);
1512 proto_item_append_text(tf, ", %s, QS TTL %u, QS TTL diff %u",
1513 val_to_str_ext(rate, &qs_rate_vals_ext, "Unknown (%u)"),
1514 tvb_get_guint8(tvb, offset + 1), ttl_diff);
1515 proto_tree_add_item(field_tree, hf_ip_opt_qs_nonce, tvb, offset + 2, 4, ENC_BIG_ENDIAN);
1516 proto_tree_add_item(field_tree, hf_ip_opt_qs_reserved, tvb, offset + 2, 4, ENC_BIG_ENDIAN);
1517 } else if (function == QS_RATE_REPORT) {
1518 proto_tree_add_item(field_tree, hf_ip_opt_qs_rate, tvb, offset, 1, ENC_NA);
1519 proto_item_append_text(tf, ", %s",
1520 val_to_str_ext(rate, &qs_rate_vals_ext, "Unknown (%u)"));
1521 proto_tree_add_item(field_tree, hf_ip_opt_qs_unused, tvb, offset + 1, 1, ENC_NA);
1522 proto_tree_add_item(field_tree, hf_ip_opt_qs_nonce, tvb, offset + 2, 4, ENC_BIG_ENDIAN);
1523 proto_tree_add_item(field_tree, hf_ip_opt_qs_reserved, tvb, offset + 2, 4, ENC_BIG_ENDIAN);
1524 }
1525
1526 return tvb_captured_length(tvb);
1527 }
1528
1529 static void
1530 dissect_ip_options(tvbuff_t *tvb, int offset, guint length,
1531 packet_info *pinfo, proto_tree *opt_tree,
1532 proto_item *opt_item, void * data)
1533 {
1534 guchar opt;
1535 unsigned int optlen;
1536 proto_tree *field_tree;
1537 const char *name;
1538 dissector_handle_t option_dissector;
1539 guint nop_count = 0;
1540 tvbuff_t *next_tvb;
1541
1542 while (length > 0) {
1543 opt = tvb_get_guint8(tvb, offset);
1544 --length; /* account for type byte */
1545
1546 if ((opt == IPOPT_EOOL) || (opt == IPOPT_NOP)) {
1547 int local_proto;
1548 proto_item* field_item;
1549 /* We assume that the only options with no length are EOL and NOP options,
1550 so that we can treat unknown options as having a minimum length of 2,
1551 and at least be able to move on to the next option by using the length in the option. */
1552
1553 if (opt == IPOPT_EOOL)
1554 {
1555 local_proto = proto_ip_option_eol;
1556 } else {
1557 /* i.e. opt is IPOPT_NOP */
1558 local_proto = proto_ip_option_nop;
1559
1560 if (opt_item && (nop_count == 0 || offset % 4)) {
1561 /* Count number of NOP in a row within a uint32 */
1562 nop_count++;
1563
1564 if (nop_count == 4) {
1565 expert_add_info(pinfo, opt_item, &ei_ip_nop);
1566 }
1567 } else {
1568 nop_count = 0;
1569 }
1570 }
1571
1572 field_item = proto_tree_add_item(opt_tree, local_proto, tvb, offset, 1, ENC_NA);
1573 field_tree = proto_item_add_subtree(field_item, ett_ip_option_other);
1574
1575 dissect_ipopt_type(tvb, offset, field_tree);
1576 offset++;
1577
1578 } else {
1579 option_dissector = dissector_get_uint_handle(ip_option_table, opt);
1580 if (option_dissector == NULL) {
1581 name = wmem_strdup_printf(pinfo->pool, "Unknown (0x%02x)", opt);
1582 } else {
1583 name = dissector_handle_get_short_name(option_dissector);
1584 }
1585
1586 /* Option has a length. Is it in the packet? */
1587 if (length == 0) {
1588 /* Bogus - packet must at least include option code byte and
1589 length byte! */
1590 proto_tree_add_expert_format(opt_tree, pinfo, &ei_ip_opt_len_invalid, tvb, offset, 1,
1591 "%s (length byte past end of options)", name);
1592 return;
1593 }
1594
1595 optlen = tvb_get_guint8(tvb, offset + 1); /* total including type, len */
1596 --length; /* account for length byte */
1597
1598 if (optlen < 2) {
1599 /* Bogus - option length is too short to include option code and option length. */
1600 proto_tree_add_expert_format(opt_tree, pinfo, &ei_ip_opt_len_invalid, tvb, offset, 2,
1601 "%s (with too-short option length = %u byte%s)",
1602 name, optlen, plurality(optlen, "", "s"));
1603 return;
1604 } else if (optlen - 2 > length) {
1605 /* Bogus - option goes past the end of the header. */
1606 proto_tree_add_expert_format(opt_tree, pinfo, &ei_ip_opt_len_invalid, tvb, offset, length,
1607 "%s (option length = %u byte%s says option goes past end of options)",
1608 name, optlen, plurality(optlen, "", "s"));
1609 return;
1610 }
1611
1612 if (option_dissector == NULL) {
1613 proto_tree_add_subtree_format(opt_tree, tvb, offset, optlen, ett_ip_unknown_opt, NULL, "%s (%u byte%s)",
1614 name, optlen, plurality(optlen, "", "s"));
1615 } else {
1616 next_tvb = tvb_new_subset_length(tvb, offset, optlen);
1617 call_dissector_with_data(option_dissector, next_tvb, pinfo, opt_tree, data);
1618 proto_item_append_text(proto_tree_get_parent(opt_tree), ", %s", name);
1619 }
1620
1621 offset += optlen;
1622 length -= (optlen-2); //already accounted for type and len bytes
1623 }
1624
1625 if (opt == IPOPT_EOOL)
1626 break;
1627 }
1628 }
1629
1630 /* This function searches the IP options for either a loose or strict source
1631 * route option, then returns the offset to the destination address if the
1632 * pointer is still valid or zero if the pointer is greater than the length.
1633 *
1634 * The guts of this function was taken from dissect_ip_tcp_options().
1635 */
1636 static int
1637 get_dst_offset(tvbuff_t *tvb, int offset, guint length)
1638 {
1639 guchar opt;
1640 guint len;
1641 int orig_offset = offset;
1642
1643 while (length > 0) {
1644 opt = tvb_get_guint8(tvb, offset);
1645 --length; /* account for type byte */
1646
1647 if ((opt != IPOPT_EOOL) && (opt != IPOPT_NOP)) {
1648 /* Option has a length. Is it in the packet? */
1649 if (length == 0) {
1650 /* Bogus - packet must at least include option code byte and
1651 length byte! */
1652 return 0;
1653 }
1654 len = tvb_get_guint8(tvb, offset + 1); /* total including type, len */
1655 --length; /* account for length byte */
1656 if (len < 2) {
1657 /* Bogus - option length is too short to include option code and
1658 option length. */
1659 return 0;
1660 } else if (len - 2 > length) {
1661 /* Bogus - option goes past the end of the header. */
1662 return 0;
1663 }
1664
1665 if (opt == IPOPT_SSR || opt == IPOPT_LSR) {
1666 /* Hmm, what if you have both options? */
1667 guint8 ptr;
1668
1669 ptr = tvb_get_guint8(tvb, offset + 2);
1670 if (ptr < 4 || (ptr & 3) || (ptr > len)) {
1671 return 0;
1672 }
1673 return (offset - orig_offset) + 4 + (len - 4);
1674 }
1675
1676 offset += len;
1677 length -= (len-2); /* subtract size of type and length */
1678 } else {
1679 offset += 1;
1680 }
1681 if (opt == IPOPT_EOOL)
1682 return 0;
1683 }
1684
1685 return 0;
1686 }
1687
1688 /* Returns the valid ttl for the group address */
1689 static guint16
1690 local_network_control_block_addr_valid_ttl(guint32 addr)
1691 {
1692 /* An exception list, as some protocols seem to insist on
1693 * doing differently:
1694 */
1695
1696 /* IETF's VRRP (rfc3768) */
1697 if (IPLOCAL_NETWRK_CTRL_BLK_VRRP_ADDR == addr)
1698 return IPLOCAL_NETWRK_CTRL_BLK_VRRP_TTL;
1699 /* Cisco's GLPB */
1700 if (IPLOCAL_NETWRK_CTRL_BLK_GLPB_ADDR == addr)
1701 return IPLOCAL_NETWRK_CTRL_BLK_GLPB_TTL;
1702 /* mDNS (draft-cheshire-dnsext-multicastdns-07) */
1703 if (IPLOCAL_NETWRK_CTRL_BLK_MDNS_ADDR == addr)
1704 return IPLOCAL_NETWRK_CTRL_BLK_MDNS_TTL;
1705 /* LLMNR (rfc4795) */
1706 if (IPLOCAL_NETWRK_CTRL_BLK_LLMNR_ADDR == addr)
1707 return IPLOCAL_NETWRK_CTRL_BLK_ANY_TTL;
1708 return IPLOCAL_NETWRK_CTRL_BLK_DEFAULT_TTL;
1709 }
1710
1711 static const value_string dscp_short_vals[] = {
1712 { IPDSFIELD_DSCP_DEFAULT, "CS0" },
1713 { IPDSFIELD_DSCP_LE, "LE" },
1714 { IPDSFIELD_DSCP_CS1, "CS1" },
1715 { IPDSFIELD_DSCP_AF11, "AF11" },
1716 { IPDSFIELD_DSCP_AF12, "AF12" },
1717 { IPDSFIELD_DSCP_AF13, "AF13" },
1718 { IPDSFIELD_DSCP_CS2, "CS2" },
1719 { IPDSFIELD_DSCP_AF21, "AF21" },
1720 { IPDSFIELD_DSCP_AF22, "AF22" },
1721 { IPDSFIELD_DSCP_AF23, "AF23" },
1722 { IPDSFIELD_DSCP_CS3, "CS3" },
1723 { IPDSFIELD_DSCP_AF31, "AF31" },
1724 { IPDSFIELD_DSCP_AF32, "AF32" },
1725 { IPDSFIELD_DSCP_AF33, "AF33" },
1726 { IPDSFIELD_DSCP_CS4, "CS4" },
1727 { IPDSFIELD_DSCP_AF41, "AF41" },
1728 { IPDSFIELD_DSCP_AF42, "AF42" },
1729 { IPDSFIELD_DSCP_AF43, "AF43" },
1730 { IPDSFIELD_DSCP_CS5, "CS5" },
1731 { IPDSFIELD_DSCP_EF, "EF PHB" },
1732 { IPDSFIELD_DSCP_CS6, "CS6" },
1733 { IPDSFIELD_DSCP_CS7, "CS7" },
1734 { 0, NULL }};
1735 value_string_ext dscp_short_vals_ext = VALUE_STRING_EXT_INIT(dscp_short_vals);
1736
1737
1738 static const value_string dscp_vals[] = {
1739 { IPDSFIELD_DSCP_DEFAULT, "Default" },
1740 { IPDSFIELD_DSCP_LE, "Lower Effort" },
1741 { IPDSFIELD_DSCP_CS1, "Class Selector 1" },
1742 { IPDSFIELD_DSCP_AF11, "Assured Forwarding 11" },
1743 { IPDSFIELD_DSCP_AF12, "Assured Forwarding 12" },
1744 { IPDSFIELD_DSCP_AF13, "Assured Forwarding 13" },
1745 { IPDSFIELD_DSCP_CS2, "Class Selector 2" },
1746 { IPDSFIELD_DSCP_AF21, "Assured Forwarding 21" },
1747 { IPDSFIELD_DSCP_AF22, "Assured Forwarding 22" },
1748 { IPDSFIELD_DSCP_AF23, "Assured Forwarding 23" },
1749 { IPDSFIELD_DSCP_CS3, "Class Selector 3" },
1750 { IPDSFIELD_DSCP_AF31, "Assured Forwarding 31" },
1751 { IPDSFIELD_DSCP_AF32, "Assured Forwarding 32" },
1752 { IPDSFIELD_DSCP_AF33, "Assured Forwarding 33" },
1753 { IPDSFIELD_DSCP_CS4, "Class Selector 4" },
1754 { IPDSFIELD_DSCP_AF41, "Assured Forwarding 41" },
1755 { IPDSFIELD_DSCP_AF42, "Assured Forwarding 42" },
1756 { IPDSFIELD_DSCP_AF43, "Assured Forwarding 43" },
1757 { IPDSFIELD_DSCP_CS5, "Class Selector 5" },
1758 { IPDSFIELD_DSCP_EF, "Expedited Forwarding" },
1759 { IPDSFIELD_DSCP_CS6, "Class Selector 6" },
1760 { IPDSFIELD_DSCP_CS7, "Class Selector 7" },
1761 { 0, NULL }};
1762 value_string_ext dscp_vals_ext = VALUE_STRING_EXT_INIT(dscp_vals);
1763
1764 static const value_string ecn_short_vals[] = {
1765 { IPDSFIELD_ECT_NOT, "Not-ECT" },
1766 { IPDSFIELD_ECT_1, "ECT(1)" },
1767 { IPDSFIELD_ECT_0, "ECT(0)" },
1768 { IPDSFIELD_CE, "CE" },
1769 { 0, NULL }};
1770 value_string_ext ecn_short_vals_ext = VALUE_STRING_EXT_INIT(ecn_short_vals);
1771
1772 static const value_string ecn_vals[] = {
1773 { IPDSFIELD_ECT_NOT, "Not ECN-Capable Transport" },
1774 { IPDSFIELD_ECT_1, "ECN-Capable Transport codepoint '01'" },
1775 { IPDSFIELD_ECT_0, "ECN-Capable Transport codepoint '10'" },
1776 { IPDSFIELD_CE, "Congestion Experienced" },
1777 { 0, NULL }};
1778 value_string_ext ecn_vals_ext = VALUE_STRING_EXT_INIT(ecn_vals);
1779
1780 static const value_string precedence_vals[] = {
1781 { IPTOS_PREC_ROUTINE, "routine" },
1782 { IPTOS_PREC_PRIORITY, "priority" },
1783 { IPTOS_PREC_IMMEDIATE, "immediate" },
1784 { IPTOS_PREC_FLASH, "flash" },
1785 { IPTOS_PREC_FLASHOVERRIDE, "flash override" },
1786 { IPTOS_PREC_CRITIC_ECP, "CRITIC/ECP" },
1787 { IPTOS_PREC_INTERNETCONTROL, "internetwork control" },
1788 { IPTOS_PREC_NETCONTROL, "network control" },
1789 { 0, NULL }};
1790
1791 static const value_string iptos_vals[] = {
1792 { IPTOS_NONE, "None" },
1793 { IPTOS_LOWCOST, "Minimize cost" },
1794 { IPTOS_RELIABILITY, "Maximize reliability" },
1795 { IPTOS_THROUGHPUT, "Maximize throughput" },
1796 { IPTOS_LOWDELAY, "Minimize delay" },
1797 { IPTOS_SECURITY, "Maximize security" },
1798 { 0, NULL }
1799 };
1800
1801 static const true_false_string flags_sf_set_evil = {
1802 "Evil",
1803 "Not evil"
1804 };
1805
1806 gboolean
1807 ip_try_dissect(gboolean heur_first, guint nxt, tvbuff_t *tvb, packet_info *pinfo,
1808 proto_tree *tree, void *iph)
1809 {
1810 heur_dtbl_entry_t *hdtbl_entry;
1811
1812 if ((heur_first) && (dissector_try_heuristic(heur_subdissector_list, tvb,
1813 pinfo, tree, &hdtbl_entry, iph))) {
1814 return TRUE;
1815 }
1816
1817 if (dissector_try_uint_new(ip_dissector_table, nxt, tvb, pinfo,
1818 tree, TRUE, iph)) {
1819 return TRUE;
1820 }
1821
1822 if ((!heur_first) && (dissector_try_heuristic(heur_subdissector_list, tvb,
1823 pinfo, tree, &hdtbl_entry,
1824 iph))) {
1825 return TRUE;
1826 }
1827
1828 return FALSE;
1829 }
1830
1831 static int
1832 dissect_ip_v4(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree, void* data _U_)
1833 {
1834 proto_tree *ip_tree, *field_tree = NULL;
1835 proto_item *ti, *tf;
1836 guint32 addr;
1837 int offset = 0, dst_off;
1838 guint hlen, optlen;
1839 guint16 ipsum;
1840 fragment_head *ipfd_head = NULL;
1841 tvbuff_t *next_tvb;
1842 gboolean update_col_info = TRUE;
1843 gboolean save_fragmented;
1844 ws_ip4 *iph;
1845 guint32 src32, dst32;
1846 proto_tree *tree;
1847 proto_item *item = NULL, *ttl_item;
1848 guint16 ttl_valid;
1849
1850 tree = parent_tree;
1851 iph = wmem_new0(pinfo->pool, ws_ip4);
1852
1853 col_set_str(pinfo->cinfo, COL_PROTOCOL, "IPv4");
1854 col_clear(pinfo->cinfo, COL_INFO);
1855
1856 iph->ip_ver = tvb_get_bits8(tvb, 0, 4);
1857
1858 hlen = tvb_get_bits8(tvb, 4, 4) * 4; /* IP header length, in bytes */
1859
1860 ti = proto_tree_add_item(tree, proto_ip, tvb, offset, hlen, ENC_NA);
1861 ip_tree = proto_item_add_subtree(ti, ett_ip);
1862
1863 tf = proto_tree_add_bits_item(ip_tree, hf_ip_version, tvb, 0, 4, ENC_NA);
1864 if (iph->ip_ver != 4) {
1865 col_add_fstr(pinfo->cinfo, COL_INFO,
1866 "Bogus IPv4 version (%u, must be 4)", iph->ip_ver);
1867 expert_add_info_format(pinfo, tf, &ei_ip_bogus_ip_version, "Bogus IPv4 version");
1868 /* I have a Linux cooked capture with ethertype IPv4 containing an IPv6 packet, continnue dissection in that case*/
1869 if (iph->ip_ver == 6) {
1870 call_dissector(ipv6_handle, tvb, pinfo, tree);
1871 }
1872
1873 return tvb_captured_length(tvb);
1874 }
1875
1876 /* if IP is not referenced from any filters we don't need to worry about
1877 generating any tree items. We must do this after we created the actual
1878 protocol above so that proto hier stat still works though.
1879 XXX: Note that because of the following optimization expert items must
1880 not be generated inside of an 'if (tree) ...'
1881 so that Analyze ! Expert ... will work.
1882 */
1883 if (!proto_field_is_referenced(parent_tree, proto_ip)) {
1884 tree = NULL;
1885 }
1886
1887 if (hlen < IPH_MIN_LEN) {
1888 col_add_fstr(pinfo->cinfo, COL_INFO,
1889 "Bogus IP header length (%u, must be at least %u)",
1890 hlen, IPH_MIN_LEN);
1891 tf = proto_tree_add_uint_bits_format_value(ip_tree, hf_ip_hdr_len, tvb, (offset<<3)+4, 4, hlen,
1892 ENC_BIG_ENDIAN, "%u bytes (%u)", hlen, hlen>>2);
1893 expert_add_info_format(pinfo, tf, &ei_ip_bogus_header_length,
1894 "Bogus IP header length (%u, must be at least %u)", hlen, IPH_MIN_LEN);
1895 return tvb_captured_length(tvb);
1896 }
1897
1898 // This should be consistent with tcp.hdr_len.
1899 proto_tree_add_uint_bits_format_value(ip_tree, hf_ip_hdr_len, tvb, (offset<<3)+4, 4, hlen,
1900 ENC_BIG_ENDIAN, "%u bytes (%u)", hlen, hlen>>2);
1901
1902 iph->ip_tos = tvb_get_guint8(tvb, offset + 1);
1903 if (g_ip_dscp_actif) {
1904 col_add_str(pinfo->cinfo, COL_DSCP_VALUE,
1905 val_to_str_ext(IPDSFIELD_DSCP(iph->ip_tos), &dscp_short_vals_ext, "%u"));
1906 }
1907
1908 if (tree) {
1909 if (g_ip_dscp_actif) {
1910 tf = proto_tree_add_item(ip_tree, hf_ip_dsfield, tvb, offset + 1, 1, ENC_NA);
1911 proto_item_append_text(tf, " (DSCP: %s, ECN: %s)",
1912 val_to_str_ext_const(IPDSFIELD_DSCP(iph->ip_tos), &dscp_short_vals_ext, "Unknown"),
1913 val_to_str_ext_const(IPDSFIELD_ECN(iph->ip_tos), &ecn_short_vals_ext, "Unknown"));
1914
1915 field_tree = proto_item_add_subtree(tf, ett_ip_dsfield);
1916 proto_tree_add_item(field_tree, hf_ip_dsfield_dscp, tvb, offset + 1, 1, ENC_NA);
1917 proto_tree_add_item(field_tree, hf_ip_dsfield_ecn, tvb, offset + 1, 1, ENC_NA);
1918 } else {
1919 tf = proto_tree_add_uint_format_value(ip_tree, hf_ip_tos, tvb, offset + 1, 1,
1920 iph->ip_tos,
1921 "0x%02x (%s)",
1922 iph->ip_tos,
1923 val_to_str_const(IPTOS_TOS(iph->ip_tos),
1924 iptos_vals, "Unknown"));
1925
1926 field_tree = proto_item_add_subtree(tf, ett_ip_tos);
1927 proto_tree_add_item(field_tree, hf_ip_tos_precedence, tvb, offset + 1, 1, ENC_NA);
1928 proto_tree_add_item(field_tree, hf_ip_tos_delay, tvb, offset + 1, 1, ENC_NA);
1929 proto_tree_add_item(field_tree, hf_ip_tos_throughput, tvb, offset + 1, 1, ENC_NA);
1930 proto_tree_add_item(field_tree, hf_ip_tos_reliability, tvb, offset + 1, 1, ENC_NA);
1931 proto_tree_add_item(field_tree, hf_ip_tos_cost, tvb, offset + 1, 1, ENC_NA);
1932 }
1933 }
1934
1935 /* Length of IP datagram.
1936 XXX - what if this is greater than the reported length of the
1937 tvbuff? This could happen, for example, in an IP datagram
1938 inside an ICMP datagram; we need to somehow let the
1939 dissector we call know that, as it might want to avoid
1940 doing its checksumming. */
1941 iph->ip_len = tvb_get_ntohs(tvb, offset + 2);
1942
1943 if (iph->ip_len < hlen) {
1944 if (ip_tso_supported && !iph->ip_len) {
1945 /* TSO support enabled, and zero length. Assume the zero length is
1946 * the result of TSO, and use the reported length instead. Note that
1947 * we need to use the frame/reported length instead of the actually-
1948 * available length, just in case a snaplen was used on capture. */
1949 iph->ip_len = tvb_reported_length(tvb);
1950 if (tree) {
1951 tf = proto_tree_add_uint_format_value(ip_tree, hf_ip_len, tvb, offset + 2, 2,
1952 iph->ip_len,
1953 "%u bytes (reported as 0, presumed to be because of \"TCP segmentation offload\" (TSO))",
1954 iph->ip_len);
1955 proto_item_set_generated(tf);
1956 }
1957 } else {
1958 /* TSO support not enabled, or non-zero length, so treat it as an error. */
1959 col_add_fstr(pinfo->cinfo, COL_INFO,
1960 "Bogus IP length (%u, less than header length %u)",
1961 iph->ip_len, hlen);
1962 tf = proto_tree_add_uint_format_value(ip_tree, hf_ip_len, tvb, offset + 2, 2,
1963 iph->ip_len,
1964 "%u bytes (bogus, less than header length %u)",
1965 iph->ip_len, hlen);
1966 expert_add_info(pinfo, tf, &ei_ip_bogus_ip_length);
1967 /* Can't dissect any further */
1968 return tvb_captured_length(tvb);
1969 }
1970 } else {
1971 tf = proto_tree_add_uint(ip_tree, hf_ip_len, tvb, offset + 2, 2, iph->ip_len);
1972 if (iph->ip_len > tvb_reported_length(tvb)) {
1973 /*
1974 * Length runs past the data we're given.
1975 * Note that if not in a ICMP error packet.
1976 */
1977 if (!pinfo->flags.in_error_pkt) {
1978 expert_add_info_format(pinfo, tf, &ei_ip_bogus_ip_length,
1979 "IPv4 total length exceeds packet length (%u bytes)",
1980 tvb_reported_length(tvb));
1981 }
1982 } else {
1983 /*
1984 * Now that we know that the total length of this IP datagram isn't
1985 * obviously bogus, adjust the length of this tvbuff to include only
1986 * the IP datagram.
1987 */
1988 set_actual_length(tvb, iph->ip_len);
1989 }
1990 }
1991
1992 iph->ip_id = tvb_get_ntohs(tvb, offset + 4);
1993 if (tree)
1994 proto_tree_add_uint(ip_tree, hf_ip_id, tvb, offset + 4, 2, iph->ip_id);
1995
1996 iph->ip_off = tvb_get_ntohs(tvb, offset + 6);
1997
1998 if (ip_security_flag) {
1999 /* RFC 3514 - The Security Flag in the IPv4 Header (April Fool's joke) */
2000 static int * const ip_flags_evil[] = {
2001 &hf_ip_flags_sf,
2002 &hf_ip_flags_df,
2003 &hf_ip_flags_mf,
2004 NULL
2005 };
2006
2007 tf = proto_tree_add_bitmask_with_flags(ip_tree, tvb, offset + 6, hf_ip_flags,
2008 ett_ip_flags, ip_flags_evil, ENC_BIG_ENDIAN, BMT_NO_FALSE | BMT_NO_TFS | BMT_NO_INT);
2009 if (iph->ip_off & IP_RF) {
2010 expert_add_info(pinfo, tf, &ei_ip_evil_packet);
2011 }
2012 } else {
2013 static int * const ip_flags[] = {
2014 &hf_ip_flags_rf,
2015 &hf_ip_flags_df,
2016 &hf_ip_flags_mf,
2017 NULL
2018 };
2019 tf = proto_tree_add_bitmask_with_flags(ip_tree, tvb, offset + 6, hf_ip_flags,
2020 ett_ip_flags, ip_flags, ENC_BIG_ENDIAN, BMT_NO_FALSE | BMT_NO_TFS | BMT_NO_INT);
2021 }
2022
2023 tf = proto_tree_add_uint(ip_tree, hf_ip_frag_offset, tvb, offset + 6, 2, (iph->ip_off & IP_OFFSET)*8);
2024
2025 iph->ip_ttl = tvb_get_guint8(tvb, offset + 8);
2026 ttl_item = proto_tree_add_item(ip_tree, hf_ip_ttl, tvb, offset + 8, 1, ENC_BIG_ENDIAN);
2027
2028 iph->ip_proto = tvb_get_guint8(tvb, offset + 9);
2029 if (tree) {
2030 proto_tree_add_item(ip_tree, hf_ip_proto, tvb, offset + 9, 1, ENC_BIG_ENDIAN);
2031 }
2032
2033 iph->ip_sum = tvb_get_ntohs(tvb, offset + 10);
2034
2035 /*
2036 * If checksum checking is enabled, and we have the entire IP header
2037 * available, check the checksum.
2038 */
2039 if (ip_check_checksum && tvb_bytes_exist(tvb, offset, hlen)) {
2040 ipsum = ip_checksum_tvb(tvb, offset, hlen);
2041 item = proto_tree_add_checksum(ip_tree, tvb, offset + 10, hf_ip_checksum, hf_ip_checksum_status, &ei_ip_checksum_bad, pinfo, ipsum,
2042 ENC_BIG_ENDIAN, PROTO_CHECKSUM_VERIFY|PROTO_CHECKSUM_IN_CKSUM);
2043 /*
2044 * ip_checksum_tvb() should never return 0xFFFF here, because, to
2045 * quote RFC 1624 section 3 "Discussion":
2046 *
2047 * In one's complement, there are two representations of
2048 * zero: the all zero and the all one bit values, often
2049 * referred to as +0 and -0. One's complement addition
2050 * of non-zero inputs can produce -0 as a result, but
2051 * never +0. Since there is guaranteed to be at least
2052 * one non-zero field in the IP header, and the checksum
2053 * field in the protocol header is the complement of the
2054 * sum, the checksum field can never contain ~(+0), which
2055 * is -0 (0xFFFF). It can, however, contain ~(-0), which
2056 * is +0 (0x0000).
2057 *
2058 * ip_checksum_tvb() checksums the IPv4 header, where the "version"
2059 * field is 4, ensuring that, in a valid IPv4 header, there is at
2060 * least one non-zero field. We've already verified that the
2061 * version is 4.
2062 *
2063 * ip_checksum_tvb() returns the negation of the one's-complement
2064 * sum of all the data handed to it, and that data won't be
2065 * all zero, so the sum won't be 0 (+0), and thus the negation
2066 * won't be -0, i.e. won't be 0xFFFF.
2067 */
2068 if (ipsum == 0) {
2069 /* XXX - Keeping hf_ip_checksum_calculated field for now. Doesn't fit into the
2070 proto_tree_add_checksum design, but IP is a popular enough dissector that somebody
2071 may have a legitimate reason for wanting it filtered */
2072 item = proto_tree_add_uint(ip_tree, hf_ip_checksum_calculated, tvb,
2073 offset + 10, 2, iph->ip_sum);
2074 proto_item_set_generated(item);
2075 } else {
2076 proto_item_append_text(item, "(may be caused by \"IP checksum offload\"?)");
2077
2078 item = proto_tree_add_uint(ip_tree, hf_ip_checksum_calculated, tvb,
2079 offset + 10, 2, in_cksum_shouldbe(iph->ip_sum, ipsum));
2080 proto_item_set_generated(item);
2081 }
2082 } else {
2083 ipsum = 0;
2084 proto_tree_add_uint_format_value(ip_tree, hf_ip_checksum, tvb,
2085 offset + 10, 2, iph->ip_sum,
2086 "0x%04x [%s]",
2087 iph->ip_sum,
2088 ip_check_checksum ?
2089 "not all data available" :
2090 "validation disabled");
2091 item = proto_tree_add_uint(ip_tree, hf_ip_checksum_status, tvb,
2092 offset + 10, 0, PROTO_CHECKSUM_E_UNVERIFIED);
2093 proto_item_set_generated(item);
2094 }
2095 src32 = tvb_get_ntohl(tvb, offset + IPH_SRC);
2096 set_address_tvb(&pinfo->net_src, AT_IPv4, 4, tvb, offset + IPH_SRC);
2097 copy_address_shallow(&pinfo->src, &pinfo->net_src);
2098 copy_address_shallow(&iph->ip_src, &pinfo->src);
2099 if (tree) {
2100 const char *src_host;
2101
2102 memcpy(&addr, iph->ip_src.data, 4);
2103 src_host = get_hostname(addr);
2104 if (ip_summary_in_tree) {
2105 proto_item_append_text(ti, ", Src: %s", address_with_resolution_to_str(pinfo->pool, &iph->ip_src));
2106 }
2107 proto_tree_add_ipv4(ip_tree, hf_ip_src, tvb, offset + 12, 4, addr);
2108 item = proto_tree_add_ipv4(ip_tree, hf_ip_addr, tvb, offset + 12, 4, addr);
2109 proto_item_set_hidden(item);
2110 item = proto_tree_add_string(ip_tree, hf_ip_src_host, tvb, offset + 12, 4,
2111 src_host);
2112 proto_item_set_generated(item);
2113 proto_item_set_hidden(item);
2114 item = proto_tree_add_string(ip_tree, hf_ip_host, tvb, offset + 12, 4,
2115 src_host);
2116 proto_item_set_generated(item);
2117 proto_item_set_hidden(item);
2118 }
2119
2120 /* If there's an IP strict or loose source routing option, then the final
2121 * L3 IP destination address will be the last entry in the routing header
2122 * EXCEPT when the table is exhausted (pointer is greater than the length).
2123 * In this case, the final L3 IP destination address is the one in the L3
2124 * header. (REF: https://tools.ietf.org/html/rfc791#section-3.1)
2125 */
2126 if (hlen > IPH_MIN_LEN) {
2127 /* There's more than just the fixed-length header. See if we've got
2128 * either a strict or loose source route option and if so, return the
2129 * offset into the tvb to where the real destination IP address is located.
2130 */
2131 dst_off = get_dst_offset(tvb, offset + 20, hlen - IPH_MIN_LEN);
2132 }
2133 else
2134 dst_off = 0;
2135
2136 dst32 = tvb_get_ntohl(tvb, offset + IPH_DST + dst_off);
2137 set_address_tvb(&pinfo->net_dst, AT_IPv4, 4, tvb, offset + IPH_DST + dst_off);
2138 copy_address_shallow(&pinfo->dst, &pinfo->net_dst);
2139 copy_address_shallow(&iph->ip_dst, &pinfo->net_dst);
2140
2141 /* If an IP is destined for an IP address in the Local Network Control Block
2142 * (e.g. 224.0.0.0/24), the packet should never be routed and the TTL would
2143 * be expected to be 1. (see RFC 3171) Flag a TTL greater than 1.
2144 *
2145 * Flag a low TTL if the packet is not destined for a multicast address
2146 * (e.g. 224.0.0.0/4) ... and the payload isn't protocol 103 (PIM).
2147 * (see https://tools.ietf.org/html/rfc3973#section-4.7).
2148 */
2149 if (in4_addr_is_local_network_control_block(dst32)) {
2150 if (iph->ip_proto == IP_PROTO_IGMP)
2151 ttl_valid = IPLOCAL_NETWRK_CTRL_BLK_DEFAULT_TTL;
2152 else
2153 ttl_valid = local_network_control_block_addr_valid_ttl(dst32);
2154 if (iph->ip_ttl != ttl_valid && ttl_valid != IPLOCAL_NETWRK_CTRL_BLK_ANY_TTL) {
2155 expert_add_info_format(pinfo, ttl_item, &ei_ip_ttl_lncb, "\"Time To Live\" != %d for a packet sent to the "
2156 "Local Network Control Block (see RFC 3171)",
2157 ttl_valid);
2158 }
2159 } else if (iph->ip_ttl < 5 && !in4_addr_is_multicast(dst32) &&
2160 /* At least BGP should appear here as well */
2161 iph->ip_proto != IP_PROTO_PIM &&
2162 iph->ip_proto != IP_PROTO_OSPF) {
2163 expert_add_info_format(pinfo, ttl_item, &ei_ip_ttl_too_small, "\"Time To Live\" only %u", iph->ip_ttl);
2164 }
2165
2166 if (tree) {
2167 const char *dst_host;
2168
2169 memcpy(&addr, iph->ip_dst.data, 4);
2170 dst_host = get_hostname(addr);
2171 if (ip_summary_in_tree) {
2172 proto_item_append_text(ti, ", Dst: %s", address_with_resolution_to_str(pinfo->pool, &iph->ip_dst));
2173 }
2174
2175 if (dst_off) {
2176 guint32 cur_rt;
2177
2178 cur_rt = tvb_get_ipv4(tvb, offset + 16);
2179 if (ip_summary_in_tree) {
2180 proto_item_append_text(ti, ", Via: %s",
2181 tvb_address_with_resolution_to_str(pinfo->pool, tvb, AT_IPv4, offset + 16));
2182 }
2183 proto_tree_add_ipv4(ip_tree, hf_ip_cur_rt, tvb, offset + 16, 4, cur_rt);
2184 item = proto_tree_add_string(ip_tree, hf_ip_cur_rt_host, tvb,
2185 offset + 16, 4, get_hostname(cur_rt));
2186 proto_item_set_generated(item);
2187 proto_item_set_hidden(item);
2188 }
2189 else {
2190 proto_tree_add_ipv4(ip_tree, hf_ip_dst, tvb, offset + 16, 4, addr);
2191 item = proto_tree_add_ipv4(ip_tree, hf_ip_addr, tvb, offset + 16, 4,
2192 addr);
2193 proto_item_set_hidden(item);
2194 item = proto_tree_add_string(ip_tree, hf_ip_dst_host, tvb, offset + 16,
2195 4, dst_host);
2196 proto_item_set_generated(item);
2197 proto_item_set_hidden(item);
2198 item = proto_tree_add_string(ip_tree, hf_ip_host, tvb,
2199 offset + 16 + dst_off, 4, dst_host);
2200 proto_item_set_generated(item);
2201 proto_item_set_hidden(item);
2202 }
2203
2204 if (ip_use_geoip) {
2205 add_geoip_info(ip_tree, pinfo, tvb, offset, src32, dst32);
2206 }
2207 }
2208
2209 /* Decode IP options, if any. */
2210 if (hlen > IPH_MIN_LEN) {
2211 /* There's more than just the fixed-length header. Decode the options. */
2212 optlen = hlen - IPH_MIN_LEN; /* length of options, in bytes */
2213 field_tree = proto_tree_add_subtree_format(ip_tree, tvb, offset + 20, optlen,
2214 ett_ip_options, &tf, "Options: (%u bytes)", optlen);
2215 dissect_ip_options(tvb, offset + 20, optlen, pinfo, field_tree, tf, iph);
2216 }
2217
2218 p_add_proto_data(pinfo->pool, pinfo, proto_ip, pinfo->curr_layer_num, GUINT_TO_POINTER((guint)iph->ip_proto));
2219 tap_queue_packet(ip_tap, pinfo, iph);
2220
2221 /* Skip over header + options */
2222 offset += hlen;
2223
2224 /* If ip_defragment is on, this is a fragment, we have all the data
2225 * in the fragment, and the header checksum is valid, then just add
2226 * the fragment to the hashtable.
2227 */
2228 save_fragmented = pinfo->fragmented;
2229 if (ip_defragment && (iph->ip_off & (IP_MF|IP_OFFSET)) &&
2230 iph->ip_len > hlen &&
2231 tvb_bytes_exist(tvb, offset, iph->ip_len - hlen) &&
2232 ipsum == 0) {
2233 guint32 frag_id;
2234 frag_id = iph->ip_proto ^ iph->ip_id ^ src32 ^ dst32;
2235 /* XXX: Should there be a way to force the VLAN ID not to
2236 * be taken into account for reassembly even with non publicly
2237 * routable IP addresses?
2238 */
2239 if (in4_addr_is_private(dst32) || in4_addr_is_private(src32) ||
2240 in4_addr_is_link_local(dst32) || in4_addr_is_link_local(src32) ||
2241 prefs.strict_conversation_tracking_heuristics) {
2242 frag_id ^= pinfo->vlan_id;
2243 }
2244 ipfd_head = fragment_add_check(&ip_reassembly_table, tvb, offset,
2245 pinfo,
2246 frag_id,
2247 NULL,
2248 (iph->ip_off & IP_OFFSET) * 8,
2249 iph->ip_len - hlen,
2250 iph->ip_off & IP_MF);
2251
2252 next_tvb = process_reassembled_data(tvb, offset, pinfo, "Reassembled IPv4",
2253 ipfd_head, &ip_frag_items,
2254 &update_col_info, ip_tree);
2255 } else {
2256 /* If this is the first fragment, dissect its contents, otherwise
2257 just show it as a fragment.
2258
2259 XXX - if we eventually don't save the reassembled contents of all
2260 fragmented datagrams, we may want to always reassemble. */
2261 if (iph->ip_off & IP_OFFSET) {
2262 /* Not the first fragment - don't dissect it. */
2263 next_tvb = NULL;
2264 } else {
2265 /* First fragment, or not fragmented. Dissect what we have here. */
2266
2267 /* Get a tvbuff for the payload. */
2268 next_tvb = tvb_new_subset_remaining(tvb, offset);
2269
2270 /*
2271 * If this is the first fragment, but not the only fragment,
2272 * tell the next protocol that.
2273 */
2274 if (iph->ip_off & IP_MF)
2275 pinfo->fragmented = TRUE;
2276 else
2277 pinfo->fragmented = FALSE;
2278 }
2279 }
2280
2281 if (next_tvb == NULL) {
2282 /* Just show this as a fragment. */
2283 col_add_fstr(pinfo->cinfo, COL_INFO,
2284 "Fragmented IP protocol (proto=%s %u, off=%u, ID=%04x)",
2285 ipprotostr(iph->ip_proto), iph->ip_proto,
2286 (iph->ip_off & IP_OFFSET) * 8, iph->ip_id);
2287 if ( ipfd_head && ipfd_head->reassembled_in != pinfo->num ) {
2288 col_append_frame_number(pinfo, COL_INFO, " [Reassembled in #%u]",
2289 ipfd_head->reassembled_in);
2290 }
2291
2292 call_data_dissector(tvb_new_subset_remaining(tvb, offset), pinfo,
2293 parent_tree);
2294 pinfo->fragmented = save_fragmented;
2295 return tvb_captured_length(tvb);
2296 }
2297
2298 if (tvb_reported_length(next_tvb) > 0) {
2299 /* Hand off to the next protocol.
2300
2301 XXX - setting the columns only after trying various dissectors means
2302 that if one of those dissectors throws an exception, the frame won't
2303 even be labeled as an IP frame; ideally, if a frame being dissected
2304 throws an exception, it'll be labeled as a mangled frame of the
2305 type in question. */
2306 if (!ip_try_dissect(try_heuristic_first, iph->ip_proto, next_tvb, pinfo,
2307 parent_tree, iph)) {
2308 /* Unknown protocol */
2309 if (update_col_info) {
2310 col_add_fstr(pinfo->cinfo, COL_INFO, "%s (%u)",
2311 ipprotostr(iph->ip_proto), iph->ip_proto);
2312 }
2313 call_data_dissector(next_tvb, pinfo, parent_tree);
2314 }
2315 }
2316 pinfo->fragmented = save_fragmented;
2317 return tvb_captured_length(tvb);
2318 }
2319
2320 static int
2321 dissect_ip(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _U_)
2322 {
2323 proto_tree *ip_tree;
2324 proto_item *ti, *tf;
2325 guint8 version;
2326
2327 version = tvb_get_guint8(tvb, 0) >> 4;
2328
2329 if(version == 4){
2330 return dissect_ip_v4(tvb, pinfo, tree, data);
2331 }
2332 if(version == 6){
2333 return call_dissector(ipv6_handle, tvb, pinfo, tree);
2334 }
2335
2336 /* Bogus IP version */
2337 ti = proto_tree_add_protocol_format(tree, proto_ip, tvb, 0, 1, "Internet Protocol, bogus version (%u)", version);
2338 col_set_str(pinfo->cinfo, COL_PROTOCOL, "IP");
2339 col_clear(pinfo->cinfo, COL_INFO);
2340 col_add_fstr(pinfo->cinfo, COL_INFO, "Bogus IP version (%u)", version);
2341 ip_tree = proto_item_add_subtree(ti, ett_ip);
2342 tf = proto_tree_add_bits_item(ip_tree, hf_ip_version, tvb, 0, 4, ENC_NA);
2343 expert_add_info(pinfo, tf, &ei_ip_bogus_ip_version);
2344 return 1;
2345 }
2346
2347 static gboolean
2348 dissect_ip_heur(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data _U_)
2349 {
2350 int length, tot_length;
2351 guint8 oct, version, ihl;
2352
2353 /*
2354 0 1 2 3
2355 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
2356 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
2357 |Version| IHL |Type of Service| Total Length |
2358 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
2359
2360 */
2361 length = tvb_captured_length(tvb);
2362 if(length<4){
2363 /* Need at least 4 bytes to make some sort of decision */
2364 return FALSE;
2365 }
2366 oct = tvb_get_guint8(tvb,0);
2367 ihl = oct & 0x0f;
2368 version = oct >> 4;
2369 if(version == 6){
2370 /*
2371 3. IPv6 Header Format
2372
2373 0 1 2 3
2374 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
2375 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
2376 |Version| Traffic Class | Flow Label |
2377 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
2378 | Payload Length | Next Header | Hop Limit |
2379 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
2380 | |
2381 + +
2382 | |
2383 + Source Address +
2384 | |
2385 + +
2386 | |
2387 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
2388 | |
2389 + +
2390 | |
2391 + Destination Address +
2392 | |
2393 + +
2394 | |
2395 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
2396
2397 Version 4-bit Internet Protocol version number = 6.
2398
2399 Traffic Class 8-bit traffic class field. See section 7.
2400
2401 Flow Label 20-bit flow label. See section 6.
2402
2403 Payload Length 16-bit unsigned integer. Length of the IPv6
2404 payload, i.e., the rest of the packet following
2405 this IPv6 header, in octets. (Note that any
2406 extension headers [section 4] present are
2407 considered part of the payload, i.e., included
2408 in the length count.)
2409
2410
2411 */
2412 if(length<8){
2413 /* Need at least 8 bytes to make a decision */
2414 return FALSE;
2415 }
2416 tot_length = tvb_get_ntohs(tvb,4);
2417 if((tot_length + 40) != (int)tvb_reported_length(tvb)){
2418 return FALSE;
2419 }
2420 call_dissector(ipv6_handle, tvb, pinfo, tree);
2421 return TRUE;
2422 }
2423 /* version == IPv4 , the minimum value for a correct header is 5 */
2424 if((version != 4)|| (ihl < 5)){
2425 return FALSE;
2426 }
2427 /* Total Length is the length of the datagram, measured in octets,
2428 * including internet header and data.
2429 */
2430 tot_length = tvb_get_ntohs(tvb,2);
2431
2432 if(tot_length != (int)tvb_reported_length(tvb)){
2433 return FALSE;
2434 }
2435
2436 dissect_ip_v4(tvb, pinfo, tree, data);
2437 return TRUE;
2438 }
2439
2440 void
2441 proto_register_ip(void)
2442 {
2443 static hf_register_info hf[] = {
2444 { &hf_ip_version,
2445 { "Version", "ip.version", FT_UINT8, BASE_DEC,
2446 NULL, 0x00, NULL, HFILL }},
2447
2448 // "IHL" in https://tools.ietf.org/html/rfc791#section-3.1 and
2449 // https://en.wikipedia.org/wiki/IPv4#Header
2450 { &hf_ip_hdr_len,
2451 { "Header Length", "ip.hdr_len", FT_UINT8, BASE_DEC,
2452 NULL, 0x0, "Header length in 32-bit words", HFILL }},
2453
2454 { &hf_ip_dsfield,
2455 { "Differentiated Services Field", "ip.dsfield", FT_UINT8, BASE_HEX,
2456 NULL, 0x0, NULL, HFILL }},
2457
2458 { &hf_ip_dsfield_dscp,
2459 { "Differentiated Services Codepoint", "ip.dsfield.dscp", FT_UINT8, BASE_DEC | BASE_EXT_STRING,
2460 &dscp_vals_ext, IPDSFIELD_DSCP_MASK, NULL, HFILL }},
2461
2462 { &hf_ip_dsfield_ecn,
2463 { "Explicit Congestion Notification", "ip.dsfield.ecn", FT_UINT8, BASE_DEC | BASE_EXT_STRING,
2464 &ecn_vals_ext, IPDSFIELD_ECN_MASK, NULL, HFILL }},
2465
2466 { &hf_ip_tos,
2467 { "Type of Service", "ip.tos", FT_UINT8, BASE_DEC,
2468 NULL, 0x0, NULL, HFILL }},
2469
2470 { &hf_ip_tos_precedence,
2471 { "Precedence", "ip.tos.precedence", FT_UINT8, BASE_DEC,
2472 VALS(precedence_vals), IPTOS_PREC_MASK, NULL, HFILL }},
2473
2474 { &hf_ip_tos_delay,
2475 { "Delay", "ip.tos.delay", FT_BOOLEAN, 8,
2476 TFS(&tfs_low_normal), IPTOS_LOWDELAY, NULL, HFILL }},
2477
2478 { &hf_ip_tos_throughput,
2479 { "Throughput", "ip.tos.throughput", FT_BOOLEAN, 8,
2480 TFS(&tfs_high_normal), IPTOS_THROUGHPUT, NULL, HFILL }},
2481
2482 { &hf_ip_tos_reliability,
2483 { "Reliability", "ip.tos.reliability", FT_BOOLEAN, 8,
2484 TFS(&tfs_high_normal), IPTOS_RELIABILITY, NULL, HFILL }},
2485
2486 { &hf_ip_tos_cost,
2487 { "Cost", "ip.tos.cost", FT_BOOLEAN, 8,
2488 TFS(&tfs_low_normal), IPTOS_LOWCOST, NULL, HFILL }},
2489
2490 { &hf_ip_len,
2491 { "Total Length", "ip.len", FT_UINT16, BASE_DEC,
2492 NULL, 0x0, NULL, HFILL }},
2493
2494 { &hf_ip_id,
2495 { "Identification", "ip.id", FT_UINT16, BASE_HEX_DEC,
2496 NULL, 0x0, NULL, HFILL }},
2497
2498 { &hf_ip_dst,
2499 { "Destination Address", "ip.dst", FT_IPv4, BASE_NONE,
2500 NULL, 0x0, NULL, HFILL }},
2501
2502 { &hf_ip_dst_host,
2503 { "Destination Host", "ip.dst_host", FT_STRING, BASE_NONE,
2504 NULL, 0x0, NULL, HFILL }},
2505
2506 { &hf_ip_src,
2507 { "Source Address", "ip.src", FT_IPv4, BASE_NONE,
2508 NULL, 0x0, NULL, HFILL }},
2509
2510 { &hf_ip_src_host,
2511 { "Source Host", "ip.src_host", FT_STRING, BASE_NONE,
2512 NULL, 0x0, NULL, HFILL }},
2513
2514 { &hf_ip_addr,
2515 { "Source or Destination Address", "ip.addr", FT_IPv4, BASE_NONE,
2516 NULL, 0x0, NULL, HFILL }},
2517
2518 { &hf_ip_host,
2519 { "Source or Destination Host", "ip.host", FT_STRING, BASE_NONE,
2520 NULL, 0x0, NULL, HFILL }},
2521
2522 { &hf_geoip_country,
2523 { "Source or Destination GeoIP Country", "ip.geoip.country",
2524 FT_STRING, STR_UNICODE, NULL, 0x0, NULL, HFILL }},
2525 { &hf_geoip_country_iso,
2526 { "Source or Destination GeoIP ISO Two Letter Country Code", "ip.geoip.country_iso",
2527 FT_STRING, STR_UNICODE, NULL, 0x0, NULL, HFILL }},
2528 { &hf_geoip_city,
2529 { "Source or Destination GeoIP City", "ip.geoip.city",
2530 FT_STRING, STR_UNICODE, NULL, 0x0, NULL, HFILL }},
2531 { &hf_geoip_as_number,
2532 { "Source or Destination GeoIP AS Number", "ip.geoip.asnum",
2533 FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }},
2534 { &hf_geoip_as_org,
2535 { "Source or Destination GeoIP AS Organization", "ip.geoip.org",
2536 FT_STRING, STR_UNICODE, NULL, 0x0, NULL, HFILL }},
2537 { &hf_geoip_latitude,
2538 { "Source or Destination GeoIP Latitude", "ip.geoip.lat",
2539 FT_DOUBLE, BASE_NONE, NULL, 0x0, NULL, HFILL }},
2540 { &hf_geoip_longitude,
2541 { "Source or Destination GeoIP Longitude", "ip.geoip.lon",
2542 FT_DOUBLE, BASE_NONE, NULL, 0x0, NULL, HFILL }},
2543 { &hf_geoip_src_summary,
2544 { "Source GeoIP", "ip.geoip.src_summary",
2545 FT_STRING, STR_UNICODE, NULL, 0x0, NULL, HFILL }},
2546 { &hf_geoip_src_country,
2547 { "Source GeoIP Country", "ip.geoip.src_country",
2548 FT_STRING, STR_UNICODE, NULL, 0x0, NULL, HFILL }},
2549 { &hf_geoip_src_country_iso,
2550 { "Source GeoIP ISO Two Letter Country Code", "ip.geoip.src_country_iso",
2551 FT_STRING, STR_UNICODE, NULL, 0x0, NULL, HFILL }},
2552 { &hf_geoip_src_city,
2553 { "Source GeoIP City", "ip.geoip.src_city",
2554 FT_STRING, STR_UNICODE, NULL, 0x0, NULL, HFILL }},
2555 { &hf_geoip_src_as_number,
2556 { "Source GeoIP AS Number", "ip.geoip.src_asnum",
2557 FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }},
2558 { &hf_geoip_src_as_org,
2559 { "Source GeoIP AS Organization", "ip.geoip.src_org",
2560 FT_STRING, STR_UNICODE, NULL, 0x0, NULL, HFILL }},
2561 { &hf_geoip_src_latitude,
2562 { "Source GeoIP Latitude", "ip.geoip.src_lat",
2563 FT_DOUBLE, BASE_NONE, NULL, 0x0, NULL, HFILL }},
2564 { &hf_geoip_src_longitude,
2565 { "Source GeoIP Longitude", "ip.geoip.src_lon",
2566 FT_DOUBLE, BASE_NONE, NULL, 0x0, NULL, HFILL }},
2567 { &hf_geoip_dst_summary,
2568 { "Destination GeoIP", "ip.geoip.dst_summary",
2569 FT_STRING, STR_UNICODE, NULL, 0x0, NULL, HFILL }},
2570 { &hf_geoip_dst_country,
2571 { "Destination GeoIP Country", "ip.geoip.dst_country",
2572 FT_STRING, STR_UNICODE, NULL, 0x0, NULL, HFILL }},
2573 { &hf_geoip_dst_country_iso,
2574 { "Destination GeoIP ISO Two Letter Country Code", "ip.geoip.dst_country_iso",
2575 FT_STRING, STR_UNICODE, NULL, 0x0, NULL, HFILL }},
2576 { &hf_geoip_dst_city,
2577 { "Destination GeoIP City", "ip.geoip.dst_city",
2578 FT_STRING, STR_UNICODE, NULL, 0x0, NULL, HFILL }},
2579 { &hf_geoip_dst_as_number,
2580 { "Destination GeoIP AS Number", "ip.geoip.dst_asnum",
2581 FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }},
2582 { &hf_geoip_dst_as_org,
2583 { "Destination GeoIP AS Organization", "ip.geoip.dst_org",
2584 FT_STRING, STR_UNICODE, NULL, 0x0, NULL, HFILL }},
2585 { &hf_geoip_dst_latitude,
2586 { "Destination GeoIP Latitude", "ip.geoip.dst_lat",
2587 FT_DOUBLE, BASE_NONE, NULL, 0x0, NULL, HFILL }},
2588 { &hf_geoip_dst_longitude,
2589 { "Destination GeoIP Longitude", "ip.geoip.dst_lon",
2590 FT_DOUBLE, BASE_NONE, NULL, 0x0, NULL, HFILL }},
2591
2592 { &hf_ip_flags,
2593 { "Flags", "ip.flags", FT_UINT8, BASE_HEX,
2594 NULL, 0x0, "Flags (3 bits)", HFILL }},
2595
2596 { &hf_ip_flags_sf,
2597 { "Security flag", "ip.flags.sf", FT_BOOLEAN, 8,
2598 TFS(&flags_sf_set_evil), 0x80, "Security flag (RFC 3514)", HFILL }},
2599
2600 { &hf_ip_flags_rf,
2601 { "Reserved bit", "ip.flags.rb", FT_BOOLEAN, 8,
2602 TFS(&tfs_set_notset), 0x80, NULL, HFILL }},
2603
2604 { &hf_ip_flags_df,
2605 { "Don't fragment", "ip.flags.df", FT_BOOLEAN, 8,
2606 TFS(&tfs_set_notset), 0x40, NULL, HFILL }},
2607
2608 { &hf_ip_flags_mf,
2609 { "More fragments", "ip.flags.mf", FT_BOOLEAN, 8,
2610 TFS(&tfs_set_notset), 0x20, NULL, HFILL }},
2611
2612 { &hf_ip_frag_offset,
2613 { "Fragment Offset", "ip.frag_offset", FT_UINT16, BASE_DEC,
2614 NULL, IP_OFFSET, "Fragment offset (13 bits)", HFILL }},
2615
2616 { &hf_ip_ttl,
2617 { "Time to Live", "ip.ttl", FT_UINT8, BASE_DEC,
2618 NULL, 0x0, NULL, HFILL }},
2619
2620 { &hf_ip_proto,
2621 { "Protocol", "ip.proto", FT_UINT8, BASE_DEC | BASE_EXT_STRING,
2622 &ipproto_val_ext, 0x0, NULL, HFILL }},
2623
2624 { &hf_ip_checksum,
2625 { "Header Checksum", "ip.checksum", FT_UINT16, BASE_HEX,
2626 NULL, 0x0, NULL, HFILL }},
2627
2628 { &hf_ip_checksum_calculated,
2629 { "Calculated Checksum", "ip.checksum_calculated", FT_UINT16, BASE_HEX, NULL, 0x0,
2630 "The expected IP checksum field as calculated from the IP datagram", HFILL }},
2631
2632 { &hf_ip_checksum_status,
2633 { "Header checksum status", "ip.checksum.status", FT_UINT8, BASE_NONE, VALS(proto_checksum_vals), 0x0,
2634 NULL, HFILL }},
2635
2636 /* IP options related fields */
2637 { &hf_ip_opt_type,
2638 { "Type", "ip.opt.type", FT_UINT8, BASE_DEC,
2639 NULL, 0x0, NULL, HFILL }},
2640
2641 { &hf_ip_opt_type_copy,
2642 { "Copy on fragmentation", "ip.opt.type.copy", FT_BOOLEAN, 8,
2643 TFS(&tfs_yes_no), IPOPT_COPY_MASK, NULL, HFILL }},
2644
2645 { &hf_ip_opt_type_class,
2646 { "Class", "ip.opt.type.class", FT_UINT8, BASE_DEC,
2647 VALS(ipopt_type_class_vals), IPOPT_CLASS_MASK, NULL, HFILL }},
2648
2649 { &hf_ip_opt_type_number,
2650 { "Number", "ip.opt.type.number", FT_UINT8, BASE_DEC,
2651 VALS(ipopt_type_number_vals), IPOPT_NUMBER_MASK, NULL, HFILL }},
2652
2653 { &hf_ip_opt_len,
2654 { "Length", "ip.opt.len", FT_UINT8, BASE_DEC,
2655 NULL, 0x0, NULL, HFILL }},
2656
2657 { &hf_ip_opt_ptr,
2658 { "Pointer", "ip.opt.ptr", FT_UINT8, BASE_DEC,
2659 NULL, 0x0, NULL, HFILL }},
2660
2661 { &hf_ip_opt_sid,
2662 { "Stream Identifier", "ip.opt.sid", FT_UINT16, BASE_DEC,
2663 NULL, 0x0, "SATNET stream identifier", HFILL }},
2664
2665 { &hf_ip_opt_mtu,
2666 { "MTU", "ip.opt.mtu", FT_UINT16, BASE_DEC,
2667 NULL, 0x0, NULL, HFILL }},
2668
2669 { &hf_ip_opt_id_number,
2670 { "ID Number", "ip.opt.id_number", FT_UINT16, BASE_DEC,
2671 NULL, 0x0, NULL, HFILL }},
2672
2673 { &hf_ip_opt_ohc,
2674 { "Outbound Hop Count", "ip.opt.ohc", FT_UINT16, BASE_DEC,
2675 NULL, 0x0, NULL, HFILL }},
2676
2677 { &hf_ip_opt_rhc,
2678 { "Return Hop Count", "ip.opt.rhc", FT_UINT16, BASE_DEC,
2679 NULL, 0x0, NULL, HFILL }},
2680
2681 { &hf_ip_opt_originator,
2682 { "Originator IP Address", "ip.opt.originator", FT_IPv4, BASE_NONE,
2683 NULL, 0x0, NULL, HFILL }},
2684
2685 { &hf_ip_opt_ra,
2686 { "Router Alert", "ip.opt.ra", FT_UINT16, BASE_DEC | BASE_RANGE_STRING,
2687 RVALS(ra_rvals), 0x0, NULL, HFILL }},
2688
2689 { &hf_ip_opt_addr,
2690 { "IP Address", "ip.opt.addr", FT_IPv4, BASE_NONE,
2691 NULL, 0x0, NULL, HFILL }},
2692
2693 { &hf_ip_opt_padding,
2694 { "Padding", "ip.opt.padding", FT_BYTES, BASE_NONE,
2695 NULL, 0x0, NULL, HFILL }},
2696
2697 { &hf_ip_opt_qs_func,
2698 { "Function", "ip.opt.qs_func", FT_UINT8, BASE_DEC,
2699 VALS(qs_func_vals), QS_FUNC_MASK, NULL, HFILL }},
2700
2701 { &hf_ip_opt_qs_rate,
2702 { "Rate", "ip.opt.qs_rate", FT_UINT8, BASE_DEC | BASE_EXT_STRING,
2703 &qs_rate_vals_ext, QS_RATE_MASK, NULL, HFILL }},
2704
2705 { &hf_ip_opt_qs_ttl,
2706 { "QS TTL", "ip.opt.qs_ttl", FT_UINT8, BASE_DEC,
2707 NULL, 0x0, NULL, HFILL }},
2708
2709 { &hf_ip_opt_qs_ttl_diff,
2710 { "TTL Diff", "ip.opt.qs_ttl_diff", FT_UINT8, BASE_DEC,
2711 NULL, 0x0, NULL, HFILL }},
2712
2713 { &hf_ip_opt_qs_unused,
2714 { "Not Used", "ip.opt.qs_unused", FT_UINT8, BASE_DEC,
2715 NULL, 0x0, NULL, HFILL }},
2716
2717 { &hf_ip_opt_qs_nonce,
2718 { "QS Nonce", "ip.opt.qs_nonce", FT_UINT32, BASE_HEX,
2719 NULL, 0xFFFFFFFC, NULL, HFILL }},
2720
2721 { &hf_ip_opt_qs_reserved,
2722 { "Reserved", "ip.opt.qs_reserved", FT_UINT32, BASE_HEX,
2723 NULL, 0x00000003, NULL, HFILL }},
2724
2725 { &hf_ip_opt_sec_rfc791_sec,
2726 { "Security", "ip.opt.sec_rfc791_sec", FT_UINT8, BASE_HEX,
2727 VALS(secl_rfc791_vals), 0x0, NULL, HFILL }},
2728
2729 { &hf_ip_opt_sec_rfc791_comp,
2730 { "Compartments", "ip.opt.sec_rfc791_comp", FT_UINT16, BASE_DEC,
2731 NULL, 0x0, NULL, HFILL }},
2732
2733 { &hf_ip_opt_sec_rfc791_hr,
2734 { "Handling Restrictions", "ip.opt.sec_rfc791_hr", FT_STRING, BASE_NONE,
2735 NULL, 0x0, NULL, HFILL }},
2736
2737 { &hf_ip_opt_sec_rfc791_tcc,
2738 { "Transmission Control Code", "ip.opt.sec_rfc791_tcc", FT_STRING, BASE_NONE,
2739 NULL, 0x0, NULL, HFILL }},
2740
2741 { &hf_ip_opt_sec_cl,
2742 { "Classification Level", "ip.opt.sec_cl", FT_UINT8, BASE_HEX,
2743 VALS(sec_cl_vals), 0x0, NULL, HFILL }},
2744
2745 { &hf_ip_opt_sec_prot_auth_flags,
2746 { "Protection Authority Flags", "ip.opt.sec_prot_auth_flags", FT_UINT8, BASE_HEX,
2747 NULL, 0x0, NULL, HFILL }},
2748
2749 { &hf_ip_opt_sec_prot_auth_genser,
2750 { "GENSER", "ip.opt.sec_prot_auth_genser", FT_BOOLEAN, 8,
2751 TFS(&ip_opt_sec_prot_auth_flag_tfs), 0x80, NULL, HFILL }},
2752
2753 { &hf_ip_opt_sec_prot_auth_siop_esi,
2754 { "SIOP-ESI", "ip.opt.sec_prot_auth_siop_esi", FT_BOOLEAN, 8,
2755 TFS(&ip_opt_sec_prot_auth_flag_tfs), 0x40, NULL, HFILL }},
2756
2757 { &hf_ip_opt_sec_prot_auth_sci,
2758 { "SCI", "ip.opt.sec_prot_auth_sci", FT_BOOLEAN, 8,
2759 TFS(&ip_opt_sec_prot_auth_flag_tfs), 0x20, NULL, HFILL }},
2760
2761 { &hf_ip_opt_sec_prot_auth_nsa,
2762 { "NSA", "ip.opt.sec_prot_auth_nsa", FT_BOOLEAN, 8,
2763 TFS(&ip_opt_sec_prot_auth_flag_tfs), 0x10, NULL, HFILL }},
2764
2765 { &hf_ip_opt_sec_prot_auth_doe,
2766 { "DOE", "ip.opt.sec_prot_auth_doe", FT_BOOLEAN, 8,
2767 TFS(&ip_opt_sec_prot_auth_flag_tfs), 0x08, NULL, HFILL }},
2768
2769 { &hf_ip_opt_sec_prot_auth_unassigned,
2770 { "Unassigned", "ip.opt.sec_prot_auth_unassigned", FT_UINT8, BASE_HEX,
2771 NULL, 0x06, NULL, HFILL }},
2772
2773 { &hf_ip_opt_sec_prot_auth_unassigned2,
2774 { "Unassigned", "ip.opt.sec_prot_auth_unassigned", FT_UINT8, BASE_HEX,
2775 NULL, 0xFE, NULL, HFILL }},
2776
2777 { &hf_ip_opt_sec_prot_auth_fti,
2778 { "Field Termination Indicator", "ip.opt.sec_prot_auth_fti", FT_BOOLEAN, 8,
2779 TFS(&ip_opt_sec_prot_auth_fti_tfs), 0x01, NULL, HFILL }},
2780
2781 { &hf_ip_opt_ext_sec_add_sec_info_format_code,
2782 { "Additional Security Info Format Code", "ip.opt.ext_sec_add_sec_info_format_code", FT_UINT8, BASE_HEX,
2783 NULL, 0x0, NULL, HFILL }},
2784
2785 { &hf_ip_opt_ext_sec_add_sec_info,
2786 { "Additional Security Info", "ip.opt.ext_sec_add_sec_info", FT_BYTES, BASE_NONE,
2787 NULL, 0x0, NULL, HFILL }},
2788
2789 { &hf_ip_rec_rt,
2790 { "Recorded Route", "ip.rec_rt", FT_IPv4, BASE_NONE, NULL, 0x0,
2791 NULL, HFILL }},
2792
2793 { &hf_ip_rec_rt_host,
2794 { "Recorded Route Host", "ip.rec_rt_host", FT_STRING, BASE_NONE,
2795 NULL, 0x0, NULL, HFILL }},
2796
2797 { &hf_ip_cur_rt,
2798 { "Current Route", "ip.cur_rt", FT_IPv4, BASE_NONE, NULL, 0x0,
2799 NULL, HFILL }},
2800
2801 { &hf_ip_cur_rt_host,
2802 { "Current Route Host", "ip.cur_rt_host", FT_STRING, BASE_NONE,
2803 NULL, 0x0, NULL, HFILL }},
2804
2805 { &hf_ip_src_rt,
2806 { "Source Route", "ip.src_rt", FT_IPv4, BASE_NONE, NULL, 0x0,
2807 NULL, HFILL }},
2808
2809 { &hf_ip_src_rt_host,
2810 { "Source Route Host", "ip.src_rt_host", FT_STRING, BASE_NONE,
2811 NULL, 0x0, NULL, HFILL }},
2812
2813 { &hf_ip_empty_rt,
2814 { "Empty Route", "ip.empty_rt", FT_IPv4, BASE_NONE, NULL, 0x0,
2815 NULL, HFILL }},
2816
2817 { &hf_ip_empty_rt_host,
2818 { "Empty Route Host", "ip.empty_rt_host", FT_STRING, BASE_NONE,
2819 NULL, 0x0, NULL, HFILL }},
2820
2821 { &hf_ip_cipso_tag_type,
2822 { "Tag Type", "ip.cipso.tag_type", FT_UINT8, BASE_DEC,
2823 VALS(cipso_tag_type_vals), 0x0, NULL, HFILL }},
2824
2825
2826 { &hf_ip_fragment_overlap,
2827 { "Fragment overlap", "ip.fragment.overlap", FT_BOOLEAN, BASE_NONE,
2828 NULL, 0x0, "Fragment overlaps with other fragments", HFILL }},
2829
2830 { &hf_ip_fragment_overlap_conflict,
2831 { "Conflicting data in fragment overlap", "ip.fragment.overlap.conflict",
2832 FT_BOOLEAN, BASE_NONE, NULL, 0x0,
2833 "Overlapping fragments contained conflicting data", HFILL }},
2834
2835 { &hf_ip_fragment_multiple_tails,
2836 { "Multiple tail fragments found", "ip.fragment.multipletails",
2837 FT_BOOLEAN, BASE_NONE, NULL, 0x0,
2838 "Several tails were found when defragmenting the packet", HFILL }},
2839
2840 { &hf_ip_fragment_too_long_fragment,
2841 { "Fragment too long", "ip.fragment.toolongfragment",
2842 FT_BOOLEAN, BASE_NONE, NULL, 0x0,
2843 "Fragment contained data past end of packet", HFILL }},
2844
2845 { &hf_ip_fragment_error,
2846 { "Defragmentation error", "ip.fragment.error", FT_FRAMENUM, BASE_NONE,
2847 NULL, 0x0, "Defragmentation error due to illegal fragments", HFILL }},
2848
2849 { &hf_ip_fragment_count,
2850 { "Fragment count", "ip.fragment.count", FT_UINT32, BASE_DEC,
2851 NULL, 0x0, NULL, HFILL }},
2852
2853 { &hf_ip_fragment,
2854 { "IPv4 Fragment", "ip.fragment", FT_FRAMENUM, BASE_NONE,
2855 NULL, 0x0, NULL, HFILL }},
2856
2857 { &hf_ip_fragments,
2858 { "IPv4 Fragments", "ip.fragments", FT_BYTES, BASE_NONE,
2859 NULL, 0x0, NULL, HFILL }},
2860
2861 { &hf_ip_reassembled_in,
2862 { "Reassembled IPv4 in frame", "ip.reassembled_in", FT_FRAMENUM, BASE_NONE,
2863 NULL, 0x0, "This IPv4 packet is reassembled in this frame", HFILL }},
2864
2865 { &hf_ip_reassembled_length,
2866 { "Reassembled IPv4 length", "ip.reassembled.length", FT_UINT32, BASE_DEC,
2867 NULL, 0x0, "The total length of the reassembled payload", HFILL }},
2868
2869 { &hf_ip_reassembled_data,
2870 { "Reassembled IPv4 data", "ip.reassembled.data", FT_BYTES, BASE_NONE,
2871 NULL, 0x0, "The reassembled payload", HFILL }},
2872
2873 /* Generated from convert_proto_tree_add_text.pl */
2874 { &hf_ip_cipso_doi, { "DOI", "ip.cipso.doi", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }},
2875 { &hf_ip_cipso_sensitivity_level, { "Sensitivity Level", "ip.cipso.sensitivity_level", FT_UINT8, BASE_DEC, NULL, 0x0, NULL, HFILL }},
2876 { &hf_ip_cipso_categories, { "Categories", "ip.cipso.categories", FT_STRING, BASE_NONE, NULL, 0x0, NULL, HFILL }},
2877 { &hf_ip_cipso_tag_data, { "Tag data", "ip.cipso.tag_data", FT_BYTES, BASE_NONE, NULL, 0x0, NULL, HFILL }},
2878 { &hf_ip_opt_overflow, { "Overflow", "ip.opt.overflow", FT_UINT8, BASE_DEC, NULL, 0xF0, NULL, HFILL }},
2879 { &hf_ip_opt_flag, { "Flag", "ip.opt.flag", FT_UINT8, BASE_HEX, VALS(ipopt_timestamp_flag_vals), 0x0F, NULL, HFILL }},
2880 { &hf_ip_opt_time_stamp, { "Time stamp", "ip.opt.time_stamp", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }},
2881 { &hf_ip_opt_time_stamp_addr, { "Address", "ip.opt.time_stamp_addr", FT_IPv4, BASE_NONE, NULL, 0x0, NULL, HFILL }},
2882
2883 };
2884
2885 static gint *ett[] = {
2886 &ett_ip,
2887 &ett_ip_dsfield,
2888 &ett_ip_tos,
2889 &ett_ip_flags,
2890 &ett_ip_options,
2891 &ett_ip_option_eool,
2892 &ett_ip_option_nop,
2893 &ett_ip_option_sec,
2894 &ett_ip_option_route,
2895 &ett_ip_option_timestamp,
2896 &ett_ip_option_ext_security,
2897 &ett_ip_option_cipso,
2898 &ett_ip_option_sid,
2899 &ett_ip_option_mtu,
2900 &ett_ip_option_tr,
2901 &ett_ip_option_ra,
2902 &ett_ip_option_sdb,
2903 &ett_ip_option_qs,
2904 &ett_ip_option_other,
2905 &ett_ip_fragments,
2906 &ett_ip_fragment,
2907 &ett_ip_opt_type,
2908 &ett_ip_opt_sec_prot_auth_flags,
2909 &ett_ip_unknown_opt,
2910 &ett_geoip_info
2911 };
2912 static ei_register_info ei[] = {
2913 { &ei_ip_opt_len_invalid, { "ip.opt.len.invalid", PI_PROTOCOL, PI_WARN, "Invalid length for option", EXPFILL }},
2914 { &ei_ip_opt_sec_prot_auth_fti, { "ip.opt.len.invalid", PI_PROTOCOL, PI_WARN, "Field Termination Indicator set to 1 for last byte of option", EXPFILL }},
2915 { &ei_ip_extraneous_data, { "ip.opt.len.invalid", PI_PROTOCOL, PI_WARN, "Extraneous data in option", EXPFILL }},
2916 { &ei_ip_opt_ptr_before_address, { "ip.opt.ptr.before_address", PI_PROTOCOL, PI_WARN, "Pointer points before first address", EXPFILL }},
2917 { &ei_ip_opt_ptr_middle_address, { "ip.opt.ptr.middle_address", PI_PROTOCOL, PI_WARN, "Pointer points to middle of address", EXPFILL }},
2918 { &ei_ip_subopt_too_long, { "ip.subopt_too_long", PI_PROTOCOL, PI_WARN, "Suboption would go past end of option", EXPFILL }},
2919 { &ei_ip_nop, { "ip.nop", PI_PROTOCOL, PI_WARN, "4 NOP in a row - a router may have removed some options", EXPFILL }},
2920 { &ei_ip_bogus_ip_length, { "ip.bogus_ip_length", PI_PROTOCOL, PI_ERROR, "Bogus IP length", EXPFILL }},
2921 { &ei_ip_evil_packet, { "ip.evil_packet", PI_PROTOCOL, PI_WARN, "Packet has evil intent", EXPFILL }},
2922 { &ei_ip_checksum_bad, { "ip.checksum_bad.expert", PI_CHECKSUM, PI_ERROR, "Bad checksum", EXPFILL }},
2923 { &ei_ip_ttl_lncb, { "ip.ttl.lncb", PI_SEQUENCE, PI_NOTE, "Time To Live", EXPFILL }},
2924 { &ei_ip_ttl_too_small, { "ip.ttl.too_small", PI_SEQUENCE, PI_NOTE, "Time To Live", EXPFILL }},
2925 { &ei_ip_cipso_tag, { "ip.cipso.malformed", PI_SEQUENCE, PI_ERROR, "Malformed CIPSO tag", EXPFILL }},
2926 { &ei_ip_bogus_ip_version, { "ip.bogus_ip_version", PI_PROTOCOL, PI_ERROR, "Bogus IP version", EXPFILL }},
2927 { &ei_ip_bogus_header_length, { "ip.bogus_header_length", PI_PROTOCOL, PI_ERROR, "Bogus IP header length", EXPFILL }},
2928 };
2929
2930 /* Decode As handling */
2931 static build_valid_func ip_da_build_value[1] = {ip_value};
2932 static decode_as_value_t ip_da_values = {ip_prompt, 1, ip_da_build_value};
2933 static decode_as_t ip_da = {"ip", "ip.proto", 1, 0, &ip_da_values, NULL, NULL,
2934 decode_as_default_populate_list, decode_as_default_reset, decode_as_default_change, NULL};
2935
2936 module_t *ip_module;
2937 expert_module_t* expert_ip;
2938
2939 proto_ip = proto_register_protocol("Internet Protocol Version 4", "IPv4", "ip");
2940 proto_register_field_array(proto_ip, hf, array_length(hf));
2941 proto_register_subtree_array(ett, array_length(ett));
2942 expert_ip = expert_register_protocol(proto_ip);
2943 expert_register_field_array(expert_ip, ei, array_length(ei));
2944
2945 /* subdissector code */
2946 ip_dissector_table = register_dissector_table("ip.proto", "IP protocol",
2947 proto_ip, FT_UINT8, BASE_DEC);
2948 ip_option_table = register_dissector_table("ip.option", "IP Options",
2949 proto_ip, FT_UINT8, BASE_DEC);
2950 heur_subdissector_list = register_heur_dissector_list("ip", proto_ip);
2951 register_capture_dissector_table("ip.proto", "IP protocol");
2952
2953 /* Register configuration options */
2954 ip_module = prefs_register_protocol(proto_ip, NULL);
2955 prefs_register_bool_preference(ip_module, "decode_tos_as_diffserv",
2956 "Decode IPv4 TOS field as DiffServ field",
2957 "Whether the IPv4 type-of-service field should be decoded as a "
2958 "Differentiated Services field (see RFC2474/RFC2475)", &g_ip_dscp_actif);
2959 prefs_register_bool_preference(ip_module, "defragment",
2960 "Reassemble fragmented IPv4 datagrams",
2961 "Whether fragmented IPv4 datagrams should be reassembled", &ip_defragment);
2962 prefs_register_bool_preference(ip_module, "summary_in_tree",
2963 "Show IPv4 summary in protocol tree",
2964 "Whether the IPv4 summary line should be shown in the protocol tree",
2965 &ip_summary_in_tree);
2966 prefs_register_bool_preference(ip_module, "check_checksum",
2967 "Validate the IPv4 checksum if possible",
2968 "Whether to validate the IPv4 checksum", &ip_check_checksum);
2969 prefs_register_bool_preference(ip_module, "tso_support",
2970 "Support packet-capture from IP TSO-enabled hardware",
2971 "Whether to correct for TSO-enabled (TCP segmentation offload) hardware "
2972 "captures, such as spoofing the IP packet length", &ip_tso_supported);
2973 prefs_register_bool_preference(ip_module, "use_geoip",
2974 "Enable IPv4 geolocation",
2975 "Whether to look up IP addresses in each MaxMind database we have loaded",
2976 &ip_use_geoip);
2977 prefs_register_bool_preference(ip_module, "security_flag" ,
2978 "Interpret Reserved flag as Security flag (RFC 3514)",
2979 "Whether to interpret the originally reserved flag as security flag",
2980 &ip_security_flag);
2981 prefs_register_bool_preference(ip_module, "try_heuristic_first",
2982 "Try heuristic sub-dissectors first",
2983 "Try to decode a packet using an heuristic sub-dissector before using a sub-dissector registered to a specific port",
2984 &try_heuristic_first);
2985
2986 ip_handle = register_dissector("ip", dissect_ip, proto_ip);
2987 reassembly_table_register(&ip_reassembly_table,
2988 &addresses_reassembly_table_functions);
2989 ip_tap = register_tap("ip");
2990
2991 register_decode_as(&ip_da);
2992 register_conversation_table(proto_ip, TRUE, ip_conversation_packet, ip_hostlist_packet);
2993 register_conversation_filter("ip", "IPv4", ip_filter_valid, ip_build_filter);
2994
2995 ip_cap_handle = register_capture_dissector("ip", capture_ip, proto_ip);
2996
2997 /* Register IP options as their own protocols so we can get the name of the option */
2998 proto_ip_option_eol = proto_register_protocol_in_name_only("IP Option - End of Options List (EOL)", "End of Options List (EOL)", "ip.options.eol", proto_ip, FT_BYTES);
2999 proto_ip_option_nop = proto_register_protocol_in_name_only("IP Option - No-Operation (NOP)", "No Operation (NOP)", "ip.options.nop", proto_ip, FT_BYTES);
3000 proto_ip_option_security = proto_register_protocol_in_name_only("IP Option - Security", "Security", "ip.options.security", proto_ip, FT_BYTES);
3001 proto_ip_option_route = proto_register_protocol_in_name_only("IP Option - Loose Source Route", "Loose Source Route", "ip.options.route", proto_ip, FT_BYTES);
3002 proto_ip_option_timestamp = proto_register_protocol_in_name_only("IP Option - Time Stamp", "Time Stamp", "ip.options.timestamp", proto_ip, FT_BYTES);
3003 proto_ip_option_ext_security = proto_register_protocol_in_name_only("IP Option - Extended Security", "Extended Security", "ip.options.ext_security", proto_ip, FT_BYTES);
3004 proto_ip_option_cipso = proto_register_protocol_in_name_only("IP Option - Commercial Security", "Commercial Security", "ip.options.cipso", proto_ip, FT_BYTES);
3005 proto_ip_option_record_route = proto_register_protocol_in_name_only("IP Option - Record Route", "Record Route", "ip.options.record_route", proto_ip, FT_BYTES);
3006 proto_ip_option_sid = proto_register_protocol_in_name_only("IP Option - Stream ID", "Stream ID", "ip.options.sid", proto_ip, FT_BYTES);
3007 proto_ip_option_source_route = proto_register_protocol_in_name_only("IP Option - Strict Source Route", "Strict Source Route", "ip.options.source_route", proto_ip, FT_BYTES);
3008 proto_ip_option_mtu_probe = proto_register_protocol_in_name_only("IP Option - MTU Probe", "MTU Probe", "ip.options.mtu_probe", proto_ip, FT_BYTES);
3009 proto_ip_option_mtu_reply = proto_register_protocol_in_name_only("IP Option - MTU Reply", "MTU Reply", "ip.options.mtu_reply", proto_ip, FT_BYTES);
3010 proto_ip_option_traceroute = proto_register_protocol_in_name_only("IP Option - Traceroute", "Traceroute", "ip.options.traceroute", proto_ip, FT_BYTES);
3011 proto_ip_option_routeralert = proto_register_protocol_in_name_only("IP Option - Router Alert", "Router Alert", "ip.options.routeralert", proto_ip, FT_BYTES);
3012 proto_ip_option_sdb = proto_register_protocol_in_name_only("IP Option - Selective Directed Broadcast", "Selective Directed Broadcast", "ip.options.sdb", proto_ip, FT_BYTES);
3013 proto_ip_option_qs = proto_register_protocol_in_name_only("IP Option - Quick-Start", "Quick-Start", "ip.options.qs", proto_ip, FT_BYTES);
3014 }
3015
3016 void
3017 proto_reg_handoff_ip(void)
3018 {
3019 dissector_handle_t ipv4_handle;
3020 capture_dissector_handle_t clip_cap_handle;
3021 int proto_clip;
3022
3023 ipv6_handle = find_dissector("ipv6");
3024 ipv4_handle = create_dissector_handle(dissect_ip_v4, proto_ip);
3025
3026 dissector_add_uint("ethertype", ETHERTYPE_IP, ipv4_handle);
3027 dissector_add_uint("erf.types.type", ERF_TYPE_IPV4, ip_handle);
3028 dissector_add_uint("ppp.protocol", PPP_IP, ip_handle);
3029 dissector_add_uint("ppp.protocol", ETHERTYPE_IP, ip_handle);
3030 dissector_add_uint("gre.proto", ETHERTYPE_IP, ip_handle);
3031 dissector_add_uint("gre.proto", GRE_WCCP, ip_handle);
3032 dissector_add_uint("llc.dsap", SAP_IP, ip_handle);
3033 dissector_add_uint("ip.proto", IP_PROTO_IPIP, ip_handle);
3034 dissector_add_uint("null.type", BSD_AF_INET, ip_handle);
3035 dissector_add_uint("chdlc.protocol", ETHERTYPE_IP, ip_handle);
3036 dissector_add_uint("osinl.excl", NLPID_IP, ip_handle);
3037 dissector_add_uint("fr.nlpid", NLPID_IP, ip_handle);
3038 dissector_add_uint("x.25.spi", NLPID_IP, ip_handle);
3039 dissector_add_uint("arcnet.protocol_id", ARCNET_PROTO_IP_1051, ip_handle);
3040 dissector_add_uint("arcnet.protocol_id", ARCNET_PROTO_IP_1201, ip_handle);
3041 dissector_add_uint("ax25.pid", AX25_P_IP, ip_handle);
3042 dissector_add_uint("juniper.proto", JUNIPER_PROTO_IP, ip_handle);
3043 dissector_add_uint("juniper.proto", JUNIPER_PROTO_MPLS_IP, ip_handle);
3044 dissector_add_uint("pwach.channel_type", PW_ACH_TYPE_IPV4, ip_handle);
3045 dissector_add_uint("mcc.proto", PW_ACH_TYPE_IPV4, ip_handle);
3046 dissector_add_uint("sflow_245.header_protocol", SFLOW_245_HEADER_IPv4, ip_handle);
3047 dissector_add_uint("l2tp.pw_type", L2TPv3_PROTOCOL_IP, ip_handle);
3048 dissector_add_for_decode_as_with_preference("udp.port", ip_handle);
3049 dissector_add_for_decode_as("pcli.payload", ip_handle);
3050 dissector_add_uint("wtap_encap", WTAP_ENCAP_RAW_IP4, ip_handle);
3051 dissector_add_uint("enc", BSD_AF_INET, ip_handle);
3052 dissector_add_uint("vxlan.next_proto", VXLAN_IPV4, ip_handle);
3053 dissector_add_uint("nsh.next_proto", NSH_IPV4, ip_handle);
3054
3055 heur_dissector_add("tipc", dissect_ip_heur, "IP over TIPC", "ip_tipc", proto_ip, HEURISTIC_ENABLE);
3056 heur_dissector_add("zbee_zcl_se.tun", dissect_ip_heur, "IP over ZigBee SE Tunneling", "ip_zbee_zcl_se.tun", proto_ip, HEURISTIC_ENABLE);
3057
3058 capture_dissector_add_uint("ethertype", ETHERTYPE_IP, ip_cap_handle);
3059 capture_dissector_add_uint("ax25.pid", AX25_P_IP, ip_cap_handle);
3060 capture_dissector_add_uint("enc", BSD_AF_INET, ip_cap_handle);
3061 capture_dissector_add_uint("ppp_hdlc", PPP_IP, ip_cap_handle);
3062 capture_dissector_add_uint("llc.dsap", SAP_IP, ip_cap_handle);
3063 capture_dissector_add_uint("null.bsd", BSD_AF_INET, ip_cap_handle);
3064 capture_dissector_add_uint("fr.nlpid", NLPID_IP, ip_cap_handle);
3065
3066 /* Create dissection function handles for all IP options */
3067 dissector_add_uint("ip.option", IPOPT_SEC, create_dissector_handle( dissect_ipopt_security, proto_ip_option_security ));
3068 dissector_add_uint("ip.option", IPOPT_LSR, create_dissector_handle( dissect_ipopt_loose_route, proto_ip_option_route ));
3069 dissector_add_uint("ip.option", IPOPT_TS, create_dissector_handle( dissect_ipopt_timestamp, proto_ip_option_timestamp ));
3070 dissector_add_uint("ip.option", IPOPT_ESEC, create_dissector_handle( dissect_ipopt_ext_security, proto_ip_option_ext_security ));
3071 dissector_add_uint("ip.option", IPOPT_CIPSO, create_dissector_handle( dissect_ipopt_cipso, proto_ip_option_cipso ));
3072 dissector_add_uint("ip.option", IPOPT_RR, create_dissector_handle( dissect_ipopt_record_route, proto_ip_option_record_route ));
3073 dissector_add_uint("ip.option", IPOPT_SID, create_dissector_handle( dissect_ipopt_sid, proto_ip_option_sid ));
3074 dissector_add_uint("ip.option", IPOPT_SSR, create_dissector_handle( dissect_ipopt_source_route, proto_ip_option_source_route ));
3075 dissector_add_uint("ip.option", IPOPT_MTUP, create_dissector_handle( dissect_ipopt_mtu_probe, proto_ip_option_mtu_probe ));
3076 dissector_add_uint("ip.option", IPOPT_MTUR, create_dissector_handle( dissect_ipopt_mtu_reply, proto_ip_option_mtu_reply ));
3077 dissector_add_uint("ip.option", IPOPT_TR, create_dissector_handle( dissect_ipopt_tr, proto_ip_option_traceroute ));
3078 dissector_add_uint("ip.option", IPOPT_RTRALT, create_dissector_handle( dissect_ipopt_ra, proto_ip_option_routeralert ));
3079 dissector_add_uint("ip.option", IPOPT_SDB, create_dissector_handle( dissect_ipopt_sdb, proto_ip_option_sdb ));
3080 dissector_add_uint("ip.option", IPOPT_QS, create_dissector_handle( dissect_ipopt_qs, proto_ip_option_qs ));
3081
3082 /* Classic IP uses the same capture function, but wants its own
3083 protocol associated with it. To eliminate linking dependencies,
3084 just add it here */
3085 proto_clip = proto_get_id_by_filter_name( "clip" );
3086 clip_cap_handle = register_capture_dissector("clip", capture_ip, proto_clip);
3087 capture_dissector_add_uint("wtap_encap", WTAP_ENCAP_LINUX_ATM_CLIP, clip_cap_handle);
3088 }
3089
3090 /*
3091 * Editor modelines - https://www.wireshark.org/tools/modelines.html
3092 *
3093 * Local variables:
3094 * c-basic-offset: 2
3095 * tab-width: 8
3096 * indent-tabs-mode: nil
3097 * End:
3098 *
3099 * vi: set shiftwidth=2 tabstop=8 expandtab:
3100 * :indentSize=2:tabSize=8:noTabs=true:
3101 */
3102