diff options
author | Jaap Keuter <jaap.keuter@xs4all.nl> | 2010-02-05 22:39:14 +0000 |
---|---|---|
committer | Jaap Keuter <jaap.keuter@xs4all.nl> | 2010-02-05 22:39:14 +0000 |
commit | c084355412fe3ed21df57c938bf938141511b333 (patch) | |
tree | b5f4f4218e76696438a0fc49907ea502003519d3 | |
parent | ac07c187eef1692361d7962bb47e452012fceaf5 (diff) | |
download | wireshark-c084355412fe3ed21df57c938bf938141511b333.tar.gz |
From Chris Maynard:
Take into account PIM protocol specifics with regards to TTL when colorizing packets.
svn path=/trunk/; revision=31807
-rw-r--r-- | colorfilters | 2 | ||||
-rw-r--r-- | epan/dissectors/packet-ip.c | 5 |
2 files changed, 4 insertions, 3 deletions
diff --git a/colorfilters b/colorfilters index 799afef792..fd95600ac0 100644 --- a/colorfilters +++ b/colorfilters @@ -7,7 +7,7 @@ @ARP@arp@[55011,59486,65534][0,0,0] @ICMP@icmp || icmpv6@[49680,49737,65535][0,0,0] @TCP RST@tcp.flags.reset eq 1@[37008,0,0][65535,63121,32911] -@TTL low or unexpected@( ! ip.dst == 224.0.0.0/4 && ip.ttl < 5) || (ip.dst == 224.0.0.0/24 && ip.ttl != 1)@[37008,0,0][65535,65535,65535] +@TTL low or unexpected@( ! ip.dst == 224.0.0.0/4 && ip.ttl < 5 && !pim) || (ip.dst == 224.0.0.0/24 && ip.ttl != 1)@[37008,0,0][65535,65535,65535] @Checksum Errors@cdp.checksum_bad==1 || edp.checksum_bad==1 || ip.checksum_bad==1 || tcp.checksum_bad==1 || udp.checksum_bad==1 || mstp.checksum_bad==1@[0,0,0][65535,24383,24383] @SMB@smb || nbss || nbns || nbipx || ipxsap || netbios@[65534,64008,39339][0,0,0] @HTTP@http || tcp.port == 80@[36107,65535,32590][0,0,0] diff --git a/epan/dissectors/packet-ip.c b/epan/dissectors/packet-ip.c index f6012f9070..97e89250c0 100644 --- a/epan/dissectors/packet-ip.c +++ b/epan/dissectors/packet-ip.c @@ -1563,7 +1563,8 @@ dissect_ip(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree) * be expected to be 1. (see RFC 3171) Flag a TTL greater than 1. * * Flag a low TTL if the packet is not destined for a multicast address - * (e.g. 224.0.0.0/4). + * (e.g. 224.0.0.0/4) ... and the payload isn't protocol 103 (PIM). + * (see http://tools.ietf.org/html/rfc3973#section-4.7). */ if (is_a_local_network_control_block_addr(dst32)) { ttl = local_network_control_block_addr_valid_ttl(dst32); @@ -1571,7 +1572,7 @@ dissect_ip(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree) expert_add_info_format(pinfo, ttl_item, PI_SEQUENCE, PI_NOTE, "\"Time To Live\" != %d for a packet sent to the Local Network Control Block (see RFC 3171)", ttl); } - } else if (!is_a_multicast_addr(dst32) && iph->ip_ttl < 5) { + } else if (!is_a_multicast_addr(dst32) && iph->ip_ttl < 5 && (iph->ip_p != IP_PROTO_PIM)) { expert_add_info_format(pinfo, ttl_item, PI_SEQUENCE, PI_NOTE, "\"Time To Live\" only %u", iph->ip_ttl); } |