1 /* $OpenBSD: print-icmp.c,v 1.27 2021/12/01 18:28:46 deraadt Exp $ */
2
3 /*
4 * Copyright (c) 1988, 1989, 1990, 1991, 1993, 1994, 1995, 1996
5 * The Regents of the University of California. All rights reserved.
6 *
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that: (1) source code distributions
9 * retain the above copyright notice and this paragraph in its entirety, (2)
10 * distributions including binary code include the above copyright notice and
11 * this paragraph in its entirety in the documentation or other materials
12 * provided with the distribution, and (3) all advertising materials mentioning
13 * features or use of this software display the following acknowledgement:
14 * ``This product includes software developed by the University of California,
15 * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of
16 * the University nor the names of its contributors may be used to endorse
17 * or promote products derived from this software without specific prior
18 * written permission.
19 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED
20 * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
21 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
22 */
23
24 #include <sys/time.h>
25 #include <sys/socket.h>
26
27 #include <net/if.h>
28
29 #include <netinet/in.h>
30 #include <netinet/if_ether.h>
31 #include <netinet/ip.h>
32 #include <netinet/ip_icmp.h>
33 #include <netinet/ip_var.h>
34 #include <netinet/udp.h>
35 #include <netinet/udp_var.h>
36 #include <netinet/tcp.h>
37
38 #include <stdio.h>
39 #include <string.h>
40 #include <limits.h>
41
42 #include "interface.h"
43 #include "addrtoname.h"
44 #include "extract.h" /* must come after interface.h */
45
46 /* rfc1700 */
47 #ifndef ICMP_UNREACH_NET_UNKNOWN
48 #define ICMP_UNREACH_NET_UNKNOWN 6 /* destination net unknown */
49 #endif
50 #ifndef ICMP_UNREACH_HOST_UNKNOWN
51 #define ICMP_UNREACH_HOST_UNKNOWN 7 /* destination host unknown */
52 #endif
53 #ifndef ICMP_UNREACH_ISOLATED
54 #define ICMP_UNREACH_ISOLATED 8 /* source host isolated */
55 #endif
56 #ifndef ICMP_UNREACH_NET_PROHIB
57 #define ICMP_UNREACH_NET_PROHIB 9 /* admin prohibited net */
58 #endif
59 #ifndef ICMP_UNREACH_HOST_PROHIB
60 #define ICMP_UNREACH_HOST_PROHIB 10 /* admin prohibited host */
61 #endif
62 #ifndef ICMP_UNREACH_TOSNET
63 #define ICMP_UNREACH_TOSNET 11 /* tos prohibited net */
64 #endif
65 #ifndef ICMP_UNREACH_TOSHOST
66 #define ICMP_UNREACH_TOSHOST 12 /* tos prohibited host */
67 #endif
68
69 /* rfc1716 */
70 #ifndef ICMP_UNREACH_FILTER_PROHIB
71 #define ICMP_UNREACH_FILTER_PROHIB 13 /* admin prohibited filter */
72 #endif
73 #ifndef ICMP_UNREACH_HOST_PRECEDENCE
74 #define ICMP_UNREACH_HOST_PRECEDENCE 14 /* host precedence violation */
75 #endif
76 #ifndef ICMP_UNREACH_PRECEDENCE_CUTOFF
77 #define ICMP_UNREACH_PRECEDENCE_CUTOFF 15 /* precedence cutoff */
78 #endif
79
80 /* rfc1256 */
81 #ifndef ICMP_ROUTERADVERT
82 #define ICMP_ROUTERADVERT 9 /* router advertisement */
83 #endif
84 #ifndef ICMP_ROUTERSOLICIT
85 #define ICMP_ROUTERSOLICIT 10 /* router solicitation */
86 #endif
87
88 #define ICMP_INFOTYPE(type) \
89 ((type) == ICMP_ECHOREPLY || (type) == ICMP_ECHO || \
90 (type) == ICMP_ROUTERADVERT || (type) == ICMP_ROUTERSOLICIT || \
91 (type) == ICMP_TSTAMP || (type) == ICMP_TSTAMPREPLY || \
92 (type) == ICMP_IREQ || (type) == ICMP_IREQREPLY || \
93 (type) == ICMP_MASKREQ || (type) == ICMP_MASKREPLY)
94
95 /* Most of the icmp types */
96 static struct tok icmp2str[] = {
97 { ICMP_ECHOREPLY, "echo reply" },
98 { ICMP_SOURCEQUENCH, "source quench" },
99 { ICMP_ECHO, "echo request" },
100 { ICMP_ROUTERSOLICIT, "router solicitation" },
101 { ICMP_TSTAMP, "time stamp request" },
102 { ICMP_TSTAMPREPLY, "time stamp reply" },
103 { ICMP_IREQ, "information request" },
104 { ICMP_IREQREPLY, "information reply" },
105 { ICMP_MASKREQ, "address mask request" },
106 { 0, NULL }
107 };
108
109 /* Formats for most of the ICMP_UNREACH codes */
110 static struct tok unreach2str[] = {
111 { ICMP_UNREACH_NET, "net %s unreachable" },
112 { ICMP_UNREACH_HOST, "host %s unreachable" },
113 { ICMP_UNREACH_SRCFAIL,
114 "%s unreachable - source route failed" },
115 { ICMP_UNREACH_NET_UNKNOWN, "net %s unreachable - unknown" },
116 { ICMP_UNREACH_HOST_UNKNOWN, "host %s unreachable - unknown" },
117 { ICMP_UNREACH_ISOLATED,
118 "%s unreachable - source host isolated" },
119 { ICMP_UNREACH_NET_PROHIB,
120 "net %s unreachable - admin prohibited" },
121 { ICMP_UNREACH_HOST_PROHIB,
122 "host %s unreachable - admin prohibited" },
123 { ICMP_UNREACH_TOSNET,
124 "net %s unreachable - tos prohibited" },
125 { ICMP_UNREACH_TOSHOST,
126 "host %s unreachable - tos prohibited" },
127 { ICMP_UNREACH_FILTER_PROHIB,
128 "host %s unreachable - admin prohibited filter" },
129 { ICMP_UNREACH_HOST_PRECEDENCE,
130 "host %s unreachable - host precedence violation" },
131 { ICMP_UNREACH_PRECEDENCE_CUTOFF,
132 "host %s unreachable - precedence cutoff" },
133 { 0, NULL }
134 };
135
136 /* Formats for the ICMP_REDIRECT codes */
137 static struct tok type2str[] = {
138 { ICMP_REDIRECT_NET, "redirect %s to net %s" },
139 { ICMP_REDIRECT_HOST, "redirect %s to host %s" },
140 { ICMP_REDIRECT_TOSNET, "redirect-tos %s to net %s" },
141 { ICMP_REDIRECT_TOSHOST, "redirect-tos %s to net %s" },
142 { 0, NULL }
143 };
144
145 /* rfc1191 */
146 struct mtu_discovery {
147 short unused;
148 short nexthopmtu;
149 };
150
151 /* rfc1256 */
152 struct ih_rdiscovery {
153 u_char ird_addrnum;
154 u_char ird_addrsiz;
155 u_short ird_lifetime;
156 };
157
158 struct id_rdiscovery {
159 u_int32_t ird_addr;
160 u_int32_t ird_pref;
161 };
162
163 void
icmp_print(const u_char * bp,u_int length,const u_char * bp2)164 icmp_print(const u_char *bp, u_int length, const u_char *bp2)
165 {
166 const struct icmp *dp;
167 const struct ip *ip;
168 const char *str, *fmt;
169 const struct ip *oip;
170 const struct udphdr *ouh;
171 u_int hlen, dport, mtu;
172 char buf[HOST_NAME_MAX+1+256];
173 char buf2[HOST_NAME_MAX+1+256];
174
175 dp = (struct icmp *)bp;
176 ip = (struct ip *)bp2;
177 str = buf;
178
179 printf("%s > %s: ",
180 ipaddr_string(&ip->ip_src),
181 ipaddr_string(&ip->ip_dst));
182
183 TCHECK(dp->icmp_code);
184 if (qflag)
185 (void) snprintf(buf, sizeof buf, "%u %u", dp->icmp_type,
186 dp->icmp_code);
187 else switch (dp->icmp_type) {
188
189 case ICMP_ECHOREPLY:
190 case ICMP_ECHO:
191 if (vflag) {
192 TCHECK(dp->icmp_seq);
193 (void)snprintf(buf, sizeof buf,
194 "echo %s (id:%04x seq:%u)",
195 (dp->icmp_type == ICMP_ECHO)?
196 "request": "reply",
197 ntohs(dp->icmp_id),
198 ntohs(dp->icmp_seq));
199 } else
200 str = tok2str(icmp2str, "type-#%u", dp->icmp_type);
201 break;
202
203 case ICMP_UNREACH:
204 TCHECK(dp->icmp_ip.ip_dst);
205 switch (dp->icmp_code) {
206
207 case ICMP_UNREACH_PROTOCOL:
208 TCHECK(dp->icmp_ip.ip_p);
209 (void)snprintf(buf, sizeof buf,
210 "%s protocol %u unreachable",
211 ipaddr_string(&dp->icmp_ip.ip_dst),
212 dp->icmp_ip.ip_p);
213 break;
214
215 case ICMP_UNREACH_PORT:
216 TCHECK(dp->icmp_ip.ip_p);
217 oip = &dp->icmp_ip;
218 hlen = oip->ip_hl * 4;
219 ouh = (struct udphdr *)(((u_char *)oip) + hlen);
220 TCHECK(ouh->uh_dport);
221 dport = ntohs(ouh->uh_dport);
222 switch (oip->ip_p) {
223
224 case IPPROTO_TCP:
225 (void)snprintf(buf, sizeof buf,
226 "%s tcp port %s unreachable",
227 ipaddr_string(&oip->ip_dst),
228 tcpport_string(dport));
229 break;
230
231 case IPPROTO_UDP:
232 (void)snprintf(buf, sizeof buf,
233 "%s udp port %s unreachable",
234 ipaddr_string(&oip->ip_dst),
235 udpport_string(dport));
236 break;
237
238 default:
239 (void)snprintf(buf, sizeof buf,
240 "%s protocol %u port %u unreachable",
241 ipaddr_string(&oip->ip_dst),
242 oip->ip_p, dport);
243 break;
244 }
245 break;
246
247 case ICMP_UNREACH_NEEDFRAG:
248 {
249 const struct mtu_discovery *mp;
250
251 mp = (struct mtu_discovery *)&dp->icmp_void;
252 mtu = EXTRACT_16BITS(&mp->nexthopmtu);
253 if (mtu)
254 (void)snprintf(buf, sizeof buf,
255 "%s unreachable - need to frag (mtu %u)",
256 ipaddr_string(&dp->icmp_ip.ip_dst), mtu);
257 else
258 (void)snprintf(buf, sizeof buf,
259 "%s unreachable - need to frag",
260 ipaddr_string(&dp->icmp_ip.ip_dst));
261 }
262 break;
263
264 default:
265 fmt = tok2str(unreach2str, "#%u %%s unreachable",
266 dp->icmp_code);
267 (void)snprintf(buf, sizeof buf, fmt,
268 ipaddr_string(&dp->icmp_ip.ip_dst));
269 break;
270 }
271 break;
272
273 case ICMP_REDIRECT:
274 TCHECK(dp->icmp_ip.ip_dst);
275 fmt = tok2str(type2str, "redirect-#%u %%s to net %%s",
276 dp->icmp_code);
277 (void)snprintf(buf, sizeof buf, fmt,
278 ipaddr_string(&dp->icmp_ip.ip_dst),
279 ipaddr_string(&dp->icmp_gwaddr));
280 break;
281
282 case ICMP_ROUTERADVERT:
283 {
284 const struct ih_rdiscovery *ihp;
285 const struct id_rdiscovery *idp;
286 u_int lifetime, num, size;
287
288 (void)strlcpy(buf, "router advertisement", sizeof(buf));
289
290 ihp = (struct ih_rdiscovery *)&dp->icmp_void;
291 TCHECK(*ihp);
292 (void)strlcat(buf, " lifetime ", sizeof(buf));
293 lifetime = EXTRACT_16BITS(&ihp->ird_lifetime);
294 if (lifetime < 60)
295 (void)snprintf(buf2, sizeof(buf2), "%u", lifetime);
296 else if (lifetime < 60 * 60)
297 (void)snprintf(buf2, sizeof(buf2), "%u:%02u",
298 lifetime / 60, lifetime % 60);
299 else
300 (void)snprintf(buf2, sizeof(buf2), "%u:%02u:%02u",
301 lifetime / 3600, (lifetime % 3600) / 60,
302 lifetime % 60);
303 strlcat(buf, buf2, sizeof(buf));
304
305 num = ihp->ird_addrnum;
306 (void)snprintf(buf2, sizeof(buf2), " %u:", num);
307 strlcat(buf, buf2, sizeof(buf));
308
309 size = ihp->ird_addrsiz;
310 if (size != 2) {
311 (void)snprintf(buf2, sizeof(buf2), " [size %u]", size);
312 strlcat(buf, buf2, sizeof(buf));
313 break;
314 }
315 idp = (struct id_rdiscovery *)&dp->icmp_data;
316 while (num-- > 0) {
317 TCHECK(*idp);
318 (void)snprintf(buf2, sizeof(buf2), " {%s %u}",
319 ipaddr_string(&idp->ird_addr),
320 EXTRACT_32BITS(&idp->ird_pref));
321 strlcat(buf, buf2, sizeof(buf));
322 }
323 }
324 break;
325
326 case ICMP_TIMXCEED:
327 TCHECK(dp->icmp_ip.ip_dst);
328 switch (dp->icmp_code) {
329
330 case ICMP_TIMXCEED_INTRANS:
331 str = "time exceeded in-transit";
332 break;
333
334 case ICMP_TIMXCEED_REASS:
335 str = "ip reassembly time exceeded";
336 break;
337
338 default:
339 (void)snprintf(buf, sizeof buf,
340 "time exceeded-#%u", dp->icmp_code);
341 break;
342 }
343 break;
344
345 case ICMP_PARAMPROB:
346 switch (dp->icmp_code) {
347 case ICMP_PARAMPROB_OPTABSENT:
348 str = "requested option absent";
349 break;
350 case ICMP_PARAMPROB_LENGTH:
351 snprintf(buf, sizeof buf, "bad length %u", dp->icmp_pptr);
352 break;
353 default:
354 TCHECK(dp->icmp_pptr);
355 (void)snprintf(buf, sizeof buf,
356 "parameter problem - octet %u",
357 dp->icmp_pptr);
358 break;
359 }
360 break;
361
362 case ICMP_MASKREPLY:
363 TCHECK(dp->icmp_mask);
364 (void)snprintf(buf, sizeof buf, "address mask is 0x%08x",
365 (u_int32_t)ntohl(dp->icmp_mask));
366 break;
367
368 default:
369 str = tok2str(icmp2str, "type-#%u", dp->icmp_type);
370 break;
371 }
372 printf("icmp: %s", str);
373 if (vflag) {
374 if (TTEST2(dp->icmp_type, length)) {
375 u_int16_t sum, icmp_sum;
376 sum = in_cksum((const u_short *)dp, length, 0);
377 if (sum != 0) {
378 icmp_sum = EXTRACT_16BITS(&dp->icmp_cksum);
379 printf(" [bad icmp cksum %x! -> %x]", icmp_sum,
380 in_cksum_shouldbe(icmp_sum, sum));
381 }
382 else
383 printf(" [icmp cksum ok]");
384 }
385 }
386 if (vflag > 1 && !ICMP_INFOTYPE(dp->icmp_type) &&
387 TTEST(dp->icmp_ip)) {
388 printf(" for ");
389 oip = &dp->icmp_ip;
390 ip_print((u_char *)oip, ntohs(oip->ip_len));
391 }
392 return;
393 trunc:
394 printf("[|icmp]");
395 }
396