diff options
| author | Jörg Mayer <jmayer@loplof.de> | 2009-08-10 14:55:47 +0000 |
|---|---|---|
| committer | Jörg Mayer <jmayer@loplof.de> | 2009-08-10 14:55:47 +0000 |
| commit | 1e7031f1c06f94507e6a174bd8570079c2983646 (patch) | |
| tree | c557f13ae6425b767f9bbb7e61585341da9ca581 /epan/dissectors/packet-ip.c | |
| parent | 3f4f8b0b9451def1ad6d589916a4d220a2a980e3 (diff) | |
Ivan Sy <ivan_jr@yahoo.com> via bug 3814
TTL-Check for local network group addresses: Normally the
only valid TTL is 1. Add a check for VRRP and GLBP, where
the only valid TTL is 255.
Me: change the logic so the funtion returns the valid ttl
instead of true/false.
svn path=/trunk/; revision=29362
Diffstat (limited to 'epan/dissectors/packet-ip.c')
| -rw-r--r-- | epan/dissectors/packet-ip.c | 38 |
1 files changed, 29 insertions, 9 deletions
diff --git a/epan/dissectors/packet-ip.c b/epan/dissectors/packet-ip.c index 77e2e53309..2d5b4ca444 100644 --- a/epan/dissectors/packet-ip.c +++ b/epan/dissectors/packet-ip.c @@ -312,6 +312,12 @@ static dissector_handle_t tapa_handle; #define IPOPT_TS_TSANDADDR 1 /* timestamps and addresses */ #define IPOPT_TS_PRESPEC 3 /* specified modules only */ +#define IPLOCAL_NETWRK_CTRL_BLK_VRRP_ADDR 0xE0000012 +#define IPLOCAL_NETWRK_CTRL_BLK_VRRP_TTL 0xFF +#define IPLOCAL_NETWRK_CTRL_BLK_GLPB_ADDR 0xE0000066 +#define IPLOCAL_NETWRK_CTRL_BLK_GLPB_TTL 0XFF +#define IPLOCAL_NETWRK_CTRL_BLK_DEFAULT_TTL 0X01 + /* Return true if the address is in the 224.0.0.0/24 network block */ #define is_a_local_network_control_block_addr(addr) \ ((addr & 0xffffff00) == 0xe0000000) @@ -1193,6 +1199,25 @@ dissect_ip_tcp_options(tvbuff_t *tvb, int offset, guint length, } } +/* Returns the valid ttl for the group address */ +guint8 +local_network_control_block_addr_valid_ttl(addr) +{ + /* An exception list, as Some protocols seem to insist on + * doing differently: + * - IETF's VRRP (rfc3768) always uses 224.0.0.18 with 255 + * - Cisco's GLPB always uses 224.0.0.102 with 255 + * Even more, VRRP and GLBP should probably be flagged as an error, if + * seen with any TTL except 255. + */ + + if (IPLOCAL_NETWRK_CTRL_BLK_VRRP_ADDR == addr) + return IPLOCAL_NETWRK_CTRL_BLK_VRRP_TTL; + if (IPLOCAL_NETWRK_CTRL_BLK_GLPB_ADDR == addr) + return IPLOCAL_NETWRK_CTRL_BLK_GLPB_TTL; + return IPLOCAL_NETWRK_CTRL_BLK_DEFAULT_TTL; +} + const value_string dscp_vals[] = { { IPDSFIELD_DSCP_DEFAULT, "Default" }, { IPDSFIELD_DSCP_CS1, "Class Selector 1" }, @@ -1278,6 +1303,7 @@ dissect_ip(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree) proto_tree *tree; proto_item *item, *ttl_item; proto_tree *checksum_tree; + guint8 ttl; tree=parent_tree; @@ -1501,18 +1527,12 @@ dissect_ip(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree) * * Flag a low TTL if the packet is not destined for a multicast address * (e.g. 224.0.0.0/4). - * - * FIXME: Add an exception list, as Some protocols seem to insist on - * doing differently: - * - IETF's VRRP (rfc3768) always uses 224.0.0.18 with 255 - * - Cisco's GLPB always uses 224.0.0.102 with 255 - * Even more, VRRP and GLBP should probably be flagged as an error, if - * seen with any TTL except 255. */ if (is_a_local_network_control_block_addr(dst32)) { - if (iph->ip_ttl != 1) { + ttl = local_network_control_block_addr_valid_ttl(dst32); + if (ttl != iph->ip_ttl) { expert_add_info_format(pinfo, ttl_item, PI_SEQUENCE, PI_NOTE, - "\"Time To Live\" > 1 for a packet sent to the Local Network Control Block (see RFC 3171)"); + "\"Time To Live\" != %d for a packet sent to the Local Network Control Block (see RFC 3171)", ttl); } } else if (!is_a_multicast_addr(dst32) && iph->ip_ttl < 5) { expert_add_info_format(pinfo, ttl_item, PI_SEQUENCE, PI_NOTE, "\"Time To Live\" only %u", iph->ip_ttl); |