diff options
author | jake <jake@f5534014-38df-0310-8fa8-9805f1628bb7> | 2009-11-10 21:46:14 +0000 |
---|---|---|
committer | jake <jake@f5534014-38df-0310-8fa8-9805f1628bb7> | 2009-11-10 21:46:14 +0000 |
commit | 6665ced3a3ec4b39f6ef3f7568f4ebc12f8f2cff (patch) | |
tree | 1a299049911d4e7bc1e5b382f8b9c5fe6eca6f79 /epan/dissectors/packet-ip.c | |
parent | 58661444f375203f1b85c8d207a3846b9237156d (diff) |
Implement RFC 3514.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@30926 f5534014-38df-0310-8fa8-9805f1628bb7
Diffstat (limited to 'epan/dissectors/packet-ip.c')
-rw-r--r-- | epan/dissectors/packet-ip.c | 28 |
1 files changed, 27 insertions, 1 deletions
diff --git a/epan/dissectors/packet-ip.c b/epan/dissectors/packet-ip.c index 4c21e10120..0ddb403649 100644 --- a/epan/dissectors/packet-ip.c +++ b/epan/dissectors/packet-ip.c @@ -84,6 +84,9 @@ static gboolean ip_tso_supported = FALSE; static gboolean ip_use_geoip = FALSE; #endif /* HAVE_GEOIP */ +/* Interpret the reserved flag as security flag (RFC 3514) */ +static gboolean ip_security_flag = FALSE; + static int proto_ip = -1; static int hf_ip_version = -1; static int hf_ip_hdr_len = -1; @@ -106,6 +109,7 @@ static int hf_ip_src_host = -1; static int hf_ip_addr = -1; static int hf_ip_host = -1; static int hf_ip_flags = -1; +static int hf_ip_flags_sf = -1; static int hf_ip_flags_rf = -1; static int hf_ip_flags_df = -1; static int hf_ip_flags_mf = -1; @@ -1286,6 +1290,11 @@ static const true_false_string tos_set_high = { "Normal" }; +static const true_false_string flags_sf_set_evil = { + "Evil", + "Not evil" +}; + guint16 ip_checksum(const guint8 *ptr, int len) { vec_t cksum_vec[1]; @@ -1437,7 +1446,16 @@ dissect_ip(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree) flags = (iph->ip_off & (IP_RF | IP_DF | IP_MF)) >> IP_OFFSET_WIDTH; tf = proto_tree_add_uint(ip_tree, hf_ip_flags, tvb, offset + 6, 1, flags); field_tree = proto_item_add_subtree(tf, ett_ip_off); - proto_tree_add_boolean(field_tree, hf_ip_flags_rf, tvb, offset + 6, 1, flags); + if (ip_security_flag) { + proto_item *sf; + sf = proto_tree_add_boolean(field_tree, hf_ip_flags_sf, tvb, offset + 6, 1, flags); + if (flags & (IP_RF >> IP_OFFSET_WIDTH)) { + proto_item_append_text(tf, " (Evil packet!)"); + expert_add_info_format(pinfo, sf, /* PI_SECURITY */ 0, PI_WARN, "This is an Evil packet (RFC 3514)"); + } + } else { + proto_tree_add_boolean(field_tree, hf_ip_flags_rf, tvb, offset + 6, 1, flags); + } if (flags & (IP_DF >> IP_OFFSET_WIDTH)) proto_item_append_text(tf, " (Don't Fragment)"); proto_tree_add_boolean(field_tree, hf_ip_flags_df, tvb, offset + 6, 1, flags); if (flags & (IP_MF >> IP_OFFSET_WIDTH)) proto_item_append_text(tf, " (More Fragments)"); @@ -1852,6 +1870,10 @@ proto_register_ip(void) { "Flags", "ip.flags", FT_UINT8, BASE_HEX, NULL, 0x0, NULL, HFILL }}, + { &hf_ip_flags_sf, + { "Security flag", "ip.flags.sf", FT_BOOLEAN, IP_FLAGS_WIDTH, TFS(&flags_sf_set_evil), + IP_RF >> IP_OFFSET_WIDTH, "Security flag (RFC 3514)", HFILL }}, + { &hf_ip_flags_rf, { "Reserved bit", "ip.flags.rb", FT_BOOLEAN, IP_FLAGS_WIDTH, TFS(&tfs_set_notset), IP_RF >> IP_OFFSET_WIDTH, NULL, HFILL }}, @@ -1975,6 +1997,10 @@ proto_register_ip(void) "Whether to look up IP addresses in each GeoIP database we have loaded", &ip_use_geoip); #endif /* HAVE_GEOIP */ + prefs_register_bool_preference(ip_module, "security_flag" , + "Interpret Reserved flag as Security flag (RFC 3514)", + "Whether to interpret the originally reserved flag as security flag", + &ip_security_flag); register_dissector("ip", dissect_ip, proto_ip); register_init_routine(ip_defragment_init); |