1 /* $OpenBSD: print-ip.c,v 1.15 2001/02/15 16:16:48 niklas Exp $ */ 2 3 /* 4 * Copyright (c) 1988, 1989, 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997 5 * The Regents of the University of California. All rights reserved. 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that: (1) source code distributions 9 * retain the above copyright notice and this paragraph in its entirety, (2) 10 * distributions including binary code include the above copyright notice and 11 * this paragraph in its entirety in the documentation or other materials 12 * provided with the distribution, and (3) all advertising materials mentioning 13 * features or use of this software display the following acknowledgement: 14 * ``This product includes software developed by the University of California, 15 * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of 16 * the University nor the names of its contributors may be used to endorse 17 * or promote products derived from this software without specific prior 18 * written permission. 19 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED 20 * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF 21 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. 22 */ 23 24 #ifndef lint 25 static const char rcsid[] = 26 "@(#) $Header: /home/cvs/src/usr.sbin/tcpdump/print-ip.c,v 1.15 2001/02/15 16:16:48 niklas Exp $ (LBL)"; 27 #endif 28 29 #include <sys/param.h> 30 #include <sys/time.h> 31 #include <sys/socket.h> 32 33 #include <netinet/in.h> 34 #include <netinet/in_systm.h> 35 #include <netinet/ip.h> 36 #include <netinet/ip_var.h> 37 #include <netinet/udp.h> 38 #include <netinet/udp_var.h> 39 #include <netinet/tcp.h> 40 #include <netinet/tcpip.h> 41 42 #include <stdio.h> 43 #include <stdlib.h> 44 #include <string.h> 45 #include <unistd.h> 46 47 #include "addrtoname.h" 48 #include "interface.h" 49 #include "extract.h" /* must come after interface.h */ 50 51 /* Compatibility */ 52 #ifndef IPPROTO_ND 53 #define IPPROTO_ND 77 54 #endif 55 56 #ifndef IN_CLASSD 57 #define IN_CLASSD(i) (((int32_t)(i) & 0xf0000000) == 0xe0000000) 58 #endif 59 60 /* Definitions required for ECN 61 for use if the OS running tcpdump does not have ECN */ 62 #ifndef IPTOS_ECT 63 #define IPTOS_ECT 0x02 /* ECN Capable Transport in IP header*/ 64 #endif 65 #ifndef IPTOS_CE 66 #define IPTOS_CE 0x01 /* ECN Cong. Experienced in IP header*/ 67 #endif 68 69 /* (following from ipmulti/mrouted/prune.h) */ 70 71 /* 72 * The packet format for a traceroute request. 73 */ 74 struct tr_query { 75 u_int tr_src; /* traceroute source */ 76 u_int tr_dst; /* traceroute destination */ 77 u_int tr_raddr; /* traceroute response address */ 78 #if BYTE_ORDER == BIG_ENDIAN 79 struct { 80 u_int ttl : 8; /* traceroute response ttl */ 81 u_int qid : 24; /* traceroute query id */ 82 } q; 83 #else 84 struct { 85 u_int qid : 24; /* traceroute query id */ 86 u_int ttl : 8; /* traceroute response ttl */ 87 } q; 88 #endif 89 }; 90 91 #define tr_rttl q.ttl 92 #define tr_qid q.qid 93 94 /* 95 * Traceroute response format. A traceroute response has a tr_query at the 96 * beginning, followed by one tr_resp for each hop taken. 97 */ 98 struct tr_resp { 99 u_int tr_qarr; /* query arrival time */ 100 u_int tr_inaddr; /* incoming interface address */ 101 u_int tr_outaddr; /* outgoing interface address */ 102 u_int tr_rmtaddr; /* parent address in source tree */ 103 u_int tr_vifin; /* input packet count on interface */ 104 u_int tr_vifout; /* output packet count on interface */ 105 u_int tr_pktcnt; /* total incoming packets for src-grp */ 106 u_char tr_rproto; /* routing proto deployed on router */ 107 u_char tr_fttl; /* ttl required to forward on outvif */ 108 u_char tr_smask; /* subnet mask for src addr */ 109 u_char tr_rflags; /* forwarding error codes */ 110 }; 111 112 /* defs within mtrace */ 113 #define TR_QUERY 1 114 #define TR_RESP 2 115 116 /* fields for tr_rflags (forwarding error codes) */ 117 #define TR_NO_ERR 0 118 #define TR_WRONG_IF 1 119 #define TR_PRUNED 2 120 #define TR_OPRUNED 3 121 #define TR_SCOPED 4 122 #define TR_NO_RTE 5 123 #define TR_NO_FWD 7 124 #define TR_NO_SPACE 0x81 125 #define TR_OLD_ROUTER 0x82 126 127 /* fields for tr_rproto (routing protocol) */ 128 #define TR_PROTO_DVMRP 1 129 #define TR_PROTO_MOSPF 2 130 #define TR_PROTO_PIM 3 131 #define TR_PROTO_CBT 4 132 133 static void print_mtrace(register const u_char *bp, register u_int len) 134 { 135 register struct tr_query *tr = (struct tr_query *)(bp + 8); 136 137 printf("mtrace %d: %s to %s reply-to %s", tr->tr_qid, 138 ipaddr_string(&tr->tr_src), ipaddr_string(&tr->tr_dst), 139 ipaddr_string(&tr->tr_raddr)); 140 if (IN_CLASSD(ntohl(tr->tr_raddr))) 141 printf(" with-ttl %d", tr->tr_rttl); 142 } 143 144 static void print_mresp(register const u_char *bp, register u_int len) 145 { 146 register struct tr_query *tr = (struct tr_query *)(bp + 8); 147 148 printf("mresp %d: %s to %s reply-to %s", tr->tr_qid, 149 ipaddr_string(&tr->tr_src), ipaddr_string(&tr->tr_dst), 150 ipaddr_string(&tr->tr_raddr)); 151 if (IN_CLASSD(ntohl(tr->tr_raddr))) 152 printf(" with-ttl %d", tr->tr_rttl); 153 } 154 155 static void 156 igmp_print(register const u_char *bp, register u_int len, 157 register const u_char *bp2) 158 { 159 register const struct ip *ip; 160 161 ip = (const struct ip *)bp2; 162 (void)printf("%s > %s: ", 163 ipaddr_string(&ip->ip_src), 164 ipaddr_string(&ip->ip_dst)); 165 166 TCHECK2(bp[0], 8); 167 switch (bp[0]) { 168 case 0x11: 169 (void)printf("igmp query"); 170 if (*(int *)&bp[4]) 171 (void)printf(" [gaddr %s]", ipaddr_string(&bp[4])); 172 if (len != 8) 173 (void)printf(" [len %d]", len); 174 break; 175 case 0x12: 176 (void)printf("igmp report %s", ipaddr_string(&bp[4])); 177 if (len != 8) 178 (void)printf(" [len %d]", len); 179 break; 180 case 0x16: 181 (void)printf("igmp nreport %s", ipaddr_string(&bp[4])); 182 break; 183 case 0x17: 184 (void)printf("igmp leave %s", ipaddr_string(&bp[4])); 185 break; 186 case 0x13: 187 (void)printf("igmp dvmrp"); 188 if (len < 8) 189 (void)printf(" [len %d]", len); 190 else 191 dvmrp_print(bp, len); 192 break; 193 case 0x14: 194 (void)printf("igmp pim"); 195 pim_print(bp, len); 196 break; 197 case 0x1e: 198 print_mresp(bp, len); 199 break; 200 case 0x1f: 201 print_mtrace(bp, len); 202 break; 203 default: 204 (void)printf("igmp-%d", bp[0] & 0xf); 205 break; 206 } 207 if ((bp[0] >> 4) != 1) 208 (void)printf(" [v%d]", bp[0] >> 4); 209 210 TCHECK2(bp[0], len); 211 if (vflag) { 212 /* Check the IGMP checksum */ 213 u_int32_t sum = 0; 214 int count; 215 const u_short *sp = (u_short *)bp; 216 217 for (count = len / 2; --count >= 0; ) 218 sum += *sp++; 219 if (len & 1) 220 sum += ntohs(*(u_char *) sp << 8); 221 while (sum >> 16) 222 sum = (sum & 0xffff) + (sum >> 16); 223 sum = 0xffff & ~sum; 224 if (sum != 0) 225 printf(" bad igmp cksum %x!", EXTRACT_16BITS(&bp[2])); 226 } 227 return; 228 trunc: 229 fputs("[|igmp]", stdout); 230 } 231 232 /* 233 * print the recorded route in an IP RR, LSRR or SSRR option. 234 */ 235 static void 236 ip_printroute(const char *type, register const u_char *cp, u_int length) 237 { 238 register u_int ptr = cp[2] - 1; 239 register u_int len; 240 241 printf(" %s{", type); 242 if ((length + 1) & 3) 243 printf(" [bad length %d]", length); 244 if (ptr < 3 || ((ptr + 1) & 3) || ptr > length + 1) 245 printf(" [bad ptr %d]", cp[2]); 246 247 type = ""; 248 for (len = 3; len < length; len += 4) { 249 if (ptr == len) 250 type = "#"; 251 printf("%s%s", type, ipaddr_string(&cp[len])); 252 type = " "; 253 } 254 printf("%s}", ptr == len? "#" : ""); 255 } 256 257 /* 258 * print IP options. 259 */ 260 static void 261 ip_optprint(register const u_char *cp, u_int length) 262 { 263 register u_int len; 264 265 for (; length > 0; cp += len, length -= len) { 266 int tt = *cp; 267 268 len = (tt == IPOPT_NOP || tt == IPOPT_EOL) ? 1 : cp[1]; 269 if (len <= 0) { 270 printf("[|ip op len %d]", len); 271 return; 272 } 273 if (&cp[1] >= snapend || cp + len > snapend) { 274 printf("[|ip]"); 275 return; 276 } 277 switch (tt) { 278 279 case IPOPT_EOL: 280 printf(" EOL"); 281 if (length > 1) 282 printf("-%d", length - 1); 283 return; 284 285 case IPOPT_NOP: 286 printf(" NOP"); 287 break; 288 289 case IPOPT_TS: 290 printf(" TS{%d}", len); 291 break; 292 293 case IPOPT_SECURITY: 294 printf(" SECURITY{%d}", len); 295 break; 296 297 case IPOPT_RR: 298 printf(" RR{%d}=", len); 299 ip_printroute("RR", cp, len); 300 break; 301 302 case IPOPT_SSRR: 303 ip_printroute("SSRR", cp, len); 304 break; 305 306 case IPOPT_LSRR: 307 ip_printroute("LSRR", cp, len); 308 break; 309 310 default: 311 printf(" IPOPT-%d{%d}", cp[0], len); 312 break; 313 } 314 } 315 } 316 317 /* 318 * compute an IP header checksum. 319 * don't modifiy the packet. 320 */ 321 u_short 322 in_cksum(const u_short *addr, register int len, u_short csum) 323 { 324 int nleft = len; 325 const u_short *w = addr; 326 u_short answer; 327 int sum = csum; 328 329 /* 330 * Our algorithm is simple, using a 32 bit accumulator (sum), 331 * we add sequential 16 bit words to it, and at the end, fold 332 * back all the carry bits from the top 16 bits into the lower 333 * 16 bits. 334 */ 335 while (nleft > 1) { 336 sum += *w++; 337 nleft -= 2; 338 } 339 if (nleft == 1) 340 sum += htons(*(u_char *)w<<8); 341 342 /* 343 * add back carry outs from top 16 bits to low 16 bits 344 */ 345 sum = (sum >> 16) + (sum & 0xffff); /* add hi 16 to low 16 */ 346 sum += (sum >> 16); /* add carry */ 347 answer = ~sum; /* truncate to 16 bits */ 348 return (answer); 349 } 350 351 /* 352 * print an IP datagram. 353 */ 354 void 355 ip_print(register const u_char *bp, register u_int length) 356 { 357 register const struct ip *ip; 358 register u_int hlen, len, off; 359 register const u_char *cp; 360 361 ip = (const struct ip *)bp; 362 #ifdef LBL_ALIGN 363 /* 364 * If the IP header is not aligned, copy into abuf. 365 * This will never happen with BPF. It does happen raw packet 366 * dumps from -r. 367 */ 368 if ((long)ip & 3) { 369 static u_char *abuf = NULL; 370 static int didwarn = 0; 371 372 if (abuf == NULL) { 373 abuf = (u_char *)malloc(snaplen); 374 if (abuf == NULL) 375 error("ip_print: malloc"); 376 } 377 memcpy((char *)abuf, (char *)ip, min(length, snaplen)); 378 snapend += abuf - (u_char *)ip; 379 packetp = abuf; 380 ip = (struct ip *)abuf; 381 /* We really want libpcap to give us aligned packets */ 382 if (!didwarn) { 383 warning("compensating for unaligned libpcap packets"); 384 ++didwarn; 385 } 386 } 387 #endif 388 if ((u_char *)(ip + 1) > snapend) { 389 printf("[|ip]"); 390 return; 391 } 392 if (length < sizeof (struct ip)) { 393 (void)printf("truncated-ip %d", length); 394 return; 395 } 396 hlen = ip->ip_hl * 4; 397 398 len = ntohs(ip->ip_len); 399 if (length < len) 400 (void)printf("truncated-ip - %d bytes missing!", 401 len - length); 402 len -= hlen; 403 404 /* 405 * If this is fragment zero, hand it to the next higher 406 * level protocol. 407 */ 408 off = ntohs(ip->ip_off); 409 if ((off & 0x1fff) == 0) { 410 cp = (const u_char *)ip + hlen; 411 switch (ip->ip_p) { 412 413 case IPPROTO_TCP: 414 tcp_print(cp, len, (const u_char *)ip); 415 break; 416 417 case IPPROTO_UDP: 418 udp_print(cp, len, (const u_char *)ip); 419 break; 420 421 case IPPROTO_ICMP: 422 icmp_print(cp, (const u_char *)ip); 423 break; 424 425 #ifndef IPPROTO_IGRP 426 #define IPPROTO_IGRP 9 427 #endif 428 case IPPROTO_IGRP: 429 igrp_print(cp, len, (const u_char *)ip); 430 break; 431 432 case IPPROTO_ND: 433 (void)printf("%s > %s:", ipaddr_string(&ip->ip_src), 434 ipaddr_string(&ip->ip_dst)); 435 (void)printf(" nd %d", len); 436 break; 437 438 case IPPROTO_EGP: 439 egp_print(cp, len, (const u_char *)ip); 440 break; 441 442 #ifndef IPPROTO_OSPF 443 #define IPPROTO_OSPF 89 444 #endif 445 case IPPROTO_OSPF: 446 ospf_print(cp, len, (const u_char *)ip); 447 break; 448 449 #ifndef IPPROTO_IGMP 450 #define IPPROTO_IGMP 2 451 #endif 452 case IPPROTO_IGMP: 453 igmp_print(cp, len, (const u_char *)ip); 454 break; 455 456 #ifndef IPPROTO_IPIP 457 #define IPPROTO_IPIP 4 458 #endif 459 case IPPROTO_IPIP: 460 /* ip-in-ip encapsulation */ 461 if (vflag) 462 (void)printf("%s > %s: ", 463 ipaddr_string(&ip->ip_src), 464 ipaddr_string(&ip->ip_dst)); 465 ip_print(cp, len); 466 if (! vflag) { 467 printf(" (encap)"); 468 return; 469 } 470 break; 471 472 #ifdef INET6 473 #ifndef IPPROTO_IPV6 474 #define IPPROTO_IPV6 475 #endif 476 case IPPROTO_IPV6: 477 /* ip6-in-ip encapsulation */ 478 if (vflag) 479 (void)printf("%s > %s: ", 480 ipaddr_string(&ip->ip_src), 481 ipaddr_string(&ip->ip_dst)); 482 ip6_print(cp, len); 483 if (! vflag) { 484 printf(" (encap)"); 485 return; 486 } 487 break; 488 #endif /*INET6*/ 489 490 #ifndef IPPROTO_GRE 491 #define IPPROTO_GRE 47 492 #endif 493 case IPPROTO_GRE: 494 if (vflag) 495 (void)printf("gre %s > %s: ", 496 ipaddr_string(&ip->ip_src), 497 ipaddr_string(&ip->ip_dst)); 498 /* do it */ 499 gre_print(cp, len); 500 if (! vflag) { 501 printf(" (gre encap)"); 502 return; 503 } 504 break; 505 506 #ifndef IPPROTO_ESP 507 #define IPPROTO_ESP 50 508 #endif 509 case IPPROTO_ESP: 510 esp_print(cp, len, (const u_char *)ip); 511 break; 512 513 #ifndef IPPROTO_AH 514 #define IPPROTO_AH 51 515 #endif 516 case IPPROTO_AH: 517 ah_print(cp, len, (const u_char *)ip); 518 break; 519 520 #ifndef IPPROTO_MOBILE 521 #define IPPROTO_MOBILE 55 522 #endif 523 case IPPROTO_MOBILE: 524 if (vflag) 525 (void)printf("mobile %s > %s: ", 526 ipaddr_string(&ip->ip_src), 527 ipaddr_string(&ip->ip_dst)); 528 mobile_print(cp, len); 529 if (! vflag) { 530 printf(" (mobile encap)"); 531 return; 532 } 533 break; 534 535 #ifndef IPPROTO_ETHERIP 536 #define IPPROTO_ETHERIP 97 537 #endif 538 case IPPROTO_ETHERIP: 539 etherip_print(cp, len, (const u_char *)ip); 540 break; 541 542 #ifndef IPPROTO_VRRP 543 #define IPPROTO_VRRP 112 544 #endif 545 case IPPROTO_VRRP: 546 if (vflag) 547 (void)printf("vrrp %s > %s: ", 548 ipaddr_string(&ip->ip_src), 549 ipaddr_string(&ip->ip_dst)); 550 vrrp_print(cp, len, ip->ip_ttl); 551 break; 552 553 default: 554 (void)printf("%s > %s:", ipaddr_string(&ip->ip_src), 555 ipaddr_string(&ip->ip_dst)); 556 (void)printf(" ip-proto-%d %d", ip->ip_p, len); 557 break; 558 } 559 } 560 /* 561 * for fragmented datagrams, print id:size@offset. On all 562 * but the last stick a "+". For unfragmented datagrams, note 563 * the don't fragment flag. 564 */ 565 if (off & 0x3fff) { 566 /* 567 * if this isn't the first frag, we're missing the 568 * next level protocol header. print the ip addr. 569 */ 570 if (off & 0x1fff) 571 (void)printf("%s > %s:", ipaddr_string(&ip->ip_src), 572 ipaddr_string(&ip->ip_dst)); 573 (void)printf(" (frag %d:%d@%d%s)", ntohs(ip->ip_id), len, 574 (off & 0x1fff) * 8, 575 (off & IP_MF)? "+" : ""); 576 } else if (off & IP_DF) 577 (void)printf(" (DF)"); 578 579 if (ip->ip_tos) { 580 (void)printf(" [tos 0x%x", (int)ip->ip_tos); 581 if (ip->ip_tos & (IPTOS_CE|IPTOS_ECT)) { 582 (void)printf(" ("); 583 if (ip->ip_tos & IPTOS_ECT) { 584 /* ECN-capable transport */ 585 putchar('E'); 586 } 587 if (ip->ip_tos & IPTOS_CE) { 588 /* _C_ongestion experienced (ECN) */ 589 putchar('C'); 590 } 591 (void)printf(")"); 592 } 593 (void)printf("]"); 594 } 595 596 if (ip->ip_ttl <= 1) 597 (void)printf(" [ttl %d]", (int)ip->ip_ttl); 598 599 if (vflag) { 600 int sum; 601 char *sep = ""; 602 603 printf(" ("); 604 if (ip->ip_ttl > 1) { 605 (void)printf("%sttl %d", sep, (int)ip->ip_ttl); 606 sep = ", "; 607 } 608 if ((off & 0x3fff) == 0) { 609 (void)printf("%sid %d", sep, (int)ntohs(ip->ip_id)); 610 sep = ", "; 611 } 612 if ((u_char *)ip + hlen <= snapend) { 613 sum = in_cksum((const u_short *)ip, hlen, 0); 614 if (sum != 0) { 615 (void)printf("%sbad cksum %x!", sep, 616 ntohs(ip->ip_sum)); 617 sep = ", "; 618 } 619 } 620 if ((hlen -= sizeof(struct ip)) > 0) { 621 (void)printf("%soptlen=%d", sep, hlen); 622 ip_optprint((u_char *)(ip + 1), hlen); 623 } 624 printf(")"); 625 } 626 } 627