diff options
| author | stig <stig@f5534014-38df-0310-8fa8-9805f1628bb7> | 2010-06-20 16:22:51 +0000 |
|---|---|---|
| committer | stig <stig@f5534014-38df-0310-8fa8-9805f1628bb7> | 2010-06-20 16:22:51 +0000 |
| commit | e9b73a01cb1ff322e17f871ac557a9b2bf7ecba2 (patch) | |
| tree | 1041241ef6661b0cd07b32643e0be8026e491b7a /epan/dissectors/packet-ip.c | |
| parent | 185a10a2c863d19b46d704806e63e9ca5fef4242 (diff) | |
Added an expert info for "4 NOP in a row" in IP and TCP.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@33265 f5534014-38df-0310-8fa8-9805f1628bb7
Diffstat (limited to 'epan/dissectors/packet-ip.c')
| -rw-r--r-- | epan/dissectors/packet-ip.c | 17 |
1 files changed, 14 insertions, 3 deletions
diff --git a/epan/dissectors/packet-ip.c b/epan/dissectors/packet-ip.c index 2bd1af106b..8c41f01a7d 100644 --- a/epan/dissectors/packet-ip.c +++ b/epan/dissectors/packet-ip.c @@ -1115,7 +1115,7 @@ static const ip_tcp_opt ipopts[] = { void dissect_ip_tcp_options(tvbuff_t *tvb, int offset, guint length, const ip_tcp_opt *opttab, int nopts, int eol, - packet_info *pinfo, proto_tree *opt_tree) + packet_info *pinfo, proto_tree *opt_tree, proto_item *opt_item) { guchar opt; const ip_tcp_opt *optp; @@ -1124,7 +1124,7 @@ dissect_ip_tcp_options(tvbuff_t *tvb, int offset, guint length, const char *name; void (*dissect)(const struct ip_tcp_opt *, tvbuff_t *, int, guint, packet_info *, proto_tree *); - guint len; + guint len, nop_count = 0; while (length > 0) { opt = tvb_get_guint8(tvb, offset); @@ -1142,11 +1142,18 @@ dissect_ip_tcp_options(tvbuff_t *tvb, int offset, guint length, optlen = 2; name = ep_strdup_printf("Unknown (0x%02x)", opt); dissect = NULL; + nop_count = 0; } else { len_type = optp->len_type; optlen = optp->optlen; name = optp->name; dissect = optp->dissect; + if (opt_item && len_type == NO_LENGTH && optlen == 0 && opt == 1) { /* 1 = NOP in both IP and TCP */ + /* Count number of NOP in a row */ + nop_count++; + } else { + nop_count = 0; + } } --length; /* account for type byte */ if (len_type != NO_LENGTH) { @@ -1207,6 +1214,10 @@ dissect_ip_tcp_options(tvbuff_t *tvb, int offset, guint length, } else { proto_tree_add_text(opt_tree, tvb, offset, 1, "%s", name); offset += 1; + + if (nop_count == 4 && strcmp (name, "NOP") == 0) { + expert_add_info_format(pinfo, opt_item, PI_PROTOCOL, PI_WARN, "4 NOP in a row"); + } } if (opt == eol) break; @@ -1612,7 +1623,7 @@ dissect_ip(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree) "Options: (%u bytes)", optlen); field_tree = proto_item_add_subtree(tf, ett_ip_options); dissect_ip_tcp_options(tvb, offset + 20, optlen, - ipopts, N_IP_OPTS, IPOPT_END, pinfo, field_tree); + ipopts, N_IP_OPTS, IPOPT_END, pinfo, field_tree, tf); } } |