1 /* $OpenBSD: print-udp.c,v 1.56 2020/08/17 06:29:29 dlg Exp $ */ 2 3 /* 4 * Copyright (c) 1988, 1989, 1990, 1991, 1992, 1993, 1994, 1995, 1996 5 * The Regents of the University of California. All rights reserved. 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that: (1) source code distributions 9 * retain the above copyright notice and this paragraph in its entirety, (2) 10 * distributions including binary code include the above copyright notice and 11 * this paragraph in its entirety in the documentation or other materials 12 * provided with the distribution, and (3) all advertising materials mentioning 13 * features or use of this software display the following acknowledgement: 14 * ``This product includes software developed by the University of California, 15 * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of 16 * the University nor the names of its contributors may be used to endorse 17 * or promote products derived from this software without specific prior 18 * written permission. 19 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED 20 * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF 21 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. 22 */ 23 24 #include <sys/time.h> 25 #include <sys/socket.h> 26 27 #include <netinet/in.h> 28 #include <netinet/ip.h> 29 #include <netinet/ip6.h> 30 #include <netinet/ip_var.h> 31 #include <netinet/udp.h> 32 #include <netinet/udp_var.h> 33 34 #include <net80211/ieee80211.h> 35 36 #ifdef NOERROR 37 #undef NOERROR /* Solaris sucks */ 38 #endif 39 #ifdef T_UNSPEC 40 #undef T_UNSPEC /* SINIX does too */ 41 #endif 42 #include <arpa/nameser.h> 43 #ifdef SEGSIZE 44 #undef SEGSIZE 45 #endif 46 #include <arpa/tftp.h> 47 48 #include <rpc/rpc.h> 49 50 #include <stdio.h> 51 #include <string.h> 52 53 #include "interface.h" 54 #include "addrtoname.h" 55 #include "extract.h" 56 #include "appletalk.h" 57 58 #include "nfsv2.h" 59 #include "bootp.h" 60 #include "iapp.h" 61 62 struct rtcphdr { 63 u_short rh_flags; /* T:2 P:1 CNT:5 PT:8 */ 64 u_short rh_len; /* length of message (in words) */ 65 u_int rh_ssrc; /* synchronization src id */ 66 }; 67 68 typedef struct { 69 u_int upper; /* more significant 32 bits */ 70 u_int lower; /* less significant 32 bits */ 71 } ntp64; 72 73 /* 74 * Sender report. 75 */ 76 struct rtcp_sr { 77 ntp64 sr_ntp; /* 64-bit ntp timestamp */ 78 u_int sr_ts; /* reference media timestamp */ 79 u_int sr_np; /* no. packets sent */ 80 u_int sr_nb; /* no. bytes sent */ 81 }; 82 83 /* 84 * Receiver report. 85 * Time stamps are middle 32-bits of ntp timestamp. 86 */ 87 struct rtcp_rr { 88 u_int rr_srcid; /* sender being reported */ 89 u_int rr_nl; /* no. packets lost */ 90 u_int rr_ls; /* extended last seq number received */ 91 u_int rr_dv; /* jitter (delay variance) */ 92 u_int rr_lsr; /* orig. ts from last rr from this src */ 93 u_int rr_dlsr; /* time from recpt of last rr to xmit time */ 94 }; 95 96 /*XXX*/ 97 #define RTCP_PT_SR 200 98 #define RTCP_PT_RR 201 99 #define RTCP_PT_SDES 202 100 #define RTCP_SDES_CNAME 1 101 #define RTCP_SDES_NAME 2 102 #define RTCP_SDES_EMAIL 3 103 #define RTCP_SDES_PHONE 4 104 #define RTCP_SDES_LOC 5 105 #define RTCP_SDES_TOOL 6 106 #define RTCP_SDES_NOTE 7 107 #define RTCP_SDES_PRIV 8 108 #define RTCP_PT_BYE 203 109 #define RTCP_PT_APP 204 110 111 static void 112 vat_print(const void *hdr, u_int len, const struct udphdr *up) 113 { 114 /* vat/vt audio */ 115 u_int ts = *(u_short *)hdr; 116 if ((ts & 0xf060) != 0) { 117 /* probably vt */ 118 printf("udp/vt %u %d / %d", 119 (u_int32_t)(ntohs(up->uh_ulen) - sizeof(*up)), 120 ts & 0x3ff, ts >> 10); 121 } else { 122 /* probably vat */ 123 u_int i0 = ntohl(((u_int *)hdr)[0]); 124 u_int i1 = ntohl(((u_int *)hdr)[1]); 125 printf("udp/vat %u c%d %u%s", 126 (u_int32_t)(ntohs(up->uh_ulen) - sizeof(*up) - 8), 127 i0 & 0xffff, 128 i1, i0 & 0x800000? "*" : ""); 129 /* audio format */ 130 if (i0 & 0x1f0000) 131 printf(" f%d", (i0 >> 16) & 0x1f); 132 if (i0 & 0x3f000000) 133 printf(" s%d", (i0 >> 24) & 0x3f); 134 } 135 } 136 137 static void 138 rtp_print(const void *hdr, u_int len, const struct udphdr *up) 139 { 140 /* rtp v1 or v2 */ 141 u_int *ip = (u_int *)hdr; 142 u_int hasopt, hasext, contype, hasmarker; 143 u_int i0 = ntohl(((u_int *)hdr)[0]); 144 u_int i1 = ntohl(((u_int *)hdr)[1]); 145 u_int dlen = ntohs(up->uh_ulen) - sizeof(*up) - 8; 146 const char * ptype; 147 148 ip += 2; 149 len >>= 2; 150 len -= 2; 151 hasopt = 0; 152 hasext = 0; 153 if ((i0 >> 30) == 1) { 154 /* rtp v1 */ 155 hasopt = i0 & 0x800000; 156 contype = (i0 >> 16) & 0x3f; 157 hasmarker = i0 & 0x400000; 158 ptype = "rtpv1"; 159 } else { 160 /* rtp v2 */ 161 hasext = i0 & 0x10000000; 162 contype = (i0 >> 16) & 0x7f; 163 hasmarker = i0 & 0x800000; 164 dlen -= 4; 165 ptype = "rtp"; 166 ip += 1; 167 len -= 1; 168 } 169 printf(" udp/%s %d c%d %s%s %d %u", 170 ptype, dlen, contype, (hasopt || hasext)? "+" : "", 171 hasmarker? "*" : "", i0 & 0xffff, i1); 172 if (vflag) { 173 printf(" %u", i1); 174 if (hasopt) { 175 u_int i2, optlen; 176 do { 177 i2 = ip[0]; 178 optlen = (i2 >> 16) & 0xff; 179 if (optlen == 0 || optlen > len) { 180 printf(" !opt"); 181 return; 182 } 183 ip += optlen; 184 len -= optlen; 185 } while ((int)i2 >= 0); 186 } 187 if (hasext) { 188 u_int i2, extlen; 189 i2 = ip[0]; 190 extlen = (i2 & 0xffff) + 1; 191 if (extlen > len) { 192 printf(" !ext"); 193 return; 194 } 195 ip += extlen; 196 } 197 if (contype == 0x1f) /*XXX H.261 */ 198 printf(" 0x%04x", ip[0] >> 16); 199 } 200 } 201 202 static const u_char * 203 rtcp_print(const u_char *hdr, const u_char *ep) 204 { 205 /* rtp v2 control (rtcp) */ 206 struct rtcp_rr *rr = NULL; 207 struct rtcp_sr *sr; 208 struct rtcphdr *rh = (struct rtcphdr *)hdr; 209 u_int len; 210 u_short flags; 211 int cnt; 212 double ts, dts; 213 if ((u_char *)(rh + 1) > ep) { 214 printf(" [|rtcp]"); 215 return (ep); 216 } 217 len = (ntohs(rh->rh_len) + 1) * 4; 218 flags = ntohs(rh->rh_flags); 219 cnt = (flags >> 8) & 0x1f; 220 switch (flags & 0xff) { 221 case RTCP_PT_SR: 222 sr = (struct rtcp_sr *)(rh + 1); 223 printf(" sr"); 224 if (len != cnt * sizeof(*rr) + sizeof(*sr) + sizeof(*rh)) 225 printf(" [%d]", len); 226 if (vflag) 227 printf(" %u", (u_int32_t)ntohl(rh->rh_ssrc)); 228 if ((u_char *)(sr + 1) > ep) { 229 printf(" [|rtcp]"); 230 return (ep); 231 } 232 ts = (double)((u_int32_t)ntohl(sr->sr_ntp.upper)) + 233 ((double)((u_int32_t)ntohl(sr->sr_ntp.lower)) / 234 4294967296.0); 235 printf(" @%.2f %u %up %ub", ts, (u_int32_t)ntohl(sr->sr_ts), 236 (u_int32_t)ntohl(sr->sr_np), (u_int32_t)ntohl(sr->sr_nb)); 237 rr = (struct rtcp_rr *)(sr + 1); 238 break; 239 case RTCP_PT_RR: 240 printf(" rr"); 241 if (len != cnt * sizeof(*rr) + sizeof(*rh)) 242 printf(" [%d]", len); 243 rr = (struct rtcp_rr *)(rh + 1); 244 if (vflag) 245 printf(" %u", (u_int32_t)ntohl(rh->rh_ssrc)); 246 break; 247 case RTCP_PT_SDES: 248 printf(" sdes %d", len); 249 if (vflag) 250 printf(" %u", (u_int32_t)ntohl(rh->rh_ssrc)); 251 cnt = 0; 252 break; 253 case RTCP_PT_BYE: 254 printf(" bye %d", len); 255 if (vflag) 256 printf(" %u", (u_int32_t)ntohl(rh->rh_ssrc)); 257 cnt = 0; 258 break; 259 default: 260 printf(" type-0x%x %d", flags & 0xff, len); 261 cnt = 0; 262 break; 263 } 264 if (cnt > 1) 265 printf(" c%d", cnt); 266 while (--cnt >= 0) { 267 if ((u_char *)(rr + 1) > ep) { 268 printf(" [|rtcp]"); 269 return (ep); 270 } 271 if (vflag) 272 printf(" %u", (u_int32_t)ntohl(rr->rr_srcid)); 273 ts = (double)((u_int32_t)ntohl(rr->rr_lsr)) / 65536.; 274 dts = (double)((u_int32_t)ntohl(rr->rr_dlsr)) / 65536.; 275 printf(" %ul %us %uj @%.2f+%.2f", 276 (u_int32_t)ntohl(rr->rr_nl) & 0x00ffffff, 277 (u_int32_t)ntohl(rr->rr_ls), 278 (u_int32_t)ntohl(rr->rr_dv), ts, dts); 279 } 280 return (hdr + len); 281 } 282 283 /* XXX probably should use getservbyname() and cache answers */ 284 #define TFTP_PORT 69 /*XXX*/ 285 #define KERBEROS_PORT 88 /*XXX*/ 286 #define SUNRPC_PORT 111 /*XXX*/ 287 #define NTP_PORT 123 /*XXX*/ 288 #define NETBIOS_NS_PORT 137 /*XXX*/ 289 #define NETBIOS_DGRAM_PORT 138 /*XXX*/ 290 #define SNMP_PORT 161 /*XXX*/ 291 #define SNMPTRAP_PORT 162 /*XXX*/ 292 #define ISAKMP_PORT 500 /*XXX*/ 293 #define RIP_PORT 520 /*XXX*/ 294 #define TIMED_PORT 525 /*XXX*/ 295 #define KERBEROS_SEC_PORT 750 /*XXX*/ 296 #define LWRES_PORT 921 297 #define VQP_PORT 1589 298 #define OLD_RADIUS_AUTH_PORT 1645 299 #define OLD_RADIUS_ACCT_PORT 1646 300 #define L2TP_PORT 1701 /*XXX*/ 301 #define RADIUS_AUTH_PORT 1812 302 #define RADIUS_ACCT_PORT 1813 303 #define HSRP_PORT 1985 /*XXX*/ 304 #define GTP_C_PORT 2123 305 #define GTP_U_PORT 2152 306 #define GTP_PRIME_PORT 3386 307 #define UDPENCAP_PORT 4500 /*XXX*/ 308 #define GRE_PORT 4754 309 #define VXLAN_PORT 4789 310 #define VXLAN_GPE_PORT 4790 311 #define GENEVE_PORT 6081 312 #define MULTICASTDNS_PORT 5353 313 #define MPLS_PORT 6635 314 315 #define RIPNG_PORT 521 /*XXX*/ 316 #define DHCP6_PORT1 546 /*XXX*/ 317 #define DHCP6_PORT2 547 /*XXX*/ 318 319 void 320 udp_print(const u_char *bp, u_int length, const void *iph) 321 { 322 const struct udphdr *up; 323 const u_char *cp; 324 const u_char *ep = bp + length; 325 u_int16_t sport, dport, ulen; 326 const char *ipsrc = NULL, *ipdst = NULL; 327 unsigned int ipv = 0; 328 uint32_t cksum = 0; 329 330 if (ep > snapend) 331 ep = snapend; 332 333 if (iph != NULL) { 334 const struct ip *ip = iph; 335 ipv = ip->ip_v; 336 337 switch (ipv) { 338 case 6: { 339 const struct ip6_hdr *ip6 = iph; 340 341 ipsrc = ip6addr_string(&ip6->ip6_src); 342 ipdst = ip6addr_string(&ip6->ip6_dst); 343 344 cksum = in_cksum_add(&ip6->ip6_src, 345 sizeof(ip6->ip6_src), cksum); 346 cksum = in_cksum_add(&ip6->ip6_dst, 347 sizeof(ip6->ip6_dst), cksum); 348 break; 349 } 350 case 4: 351 ipsrc = ipaddr_string(&ip->ip_src); 352 ipdst = ipaddr_string(&ip->ip_dst); 353 354 cksum = in_cksum_add(&ip->ip_src, 355 sizeof(ip->ip_src), cksum); 356 cksum = in_cksum_add(&ip->ip_dst, 357 sizeof(ip->ip_dst), cksum); 358 break; 359 } 360 } 361 362 up = (const struct udphdr *)bp; 363 cp = (const u_char *)(up + 1); 364 365 /* check if the udp header was captured */ 366 if (cp > snapend) { 367 if (ipv) 368 printf("%s > %s: ", ipsrc, ipdst); 369 370 printf("[|udp]"); 371 return; 372 } 373 374 /* check if the packet payload is long enough */ 375 if (length < sizeof(*up)) { 376 if (ipv) 377 printf("%s > %s: ", ipsrc, ipdst); 378 379 printf("truncated-udp %u", length); 380 return; 381 } 382 383 sport = ntohs(up->uh_sport); 384 dport = ntohs(up->uh_dport); 385 386 if (ipv) { 387 printf("%s.%s > %s.%s", 388 ipsrc, udpport_string(sport), 389 ipdst, udpport_string(dport)); 390 } else { 391 printf("udp %s > %s", 392 udpport_string(sport), 393 udpport_string(dport)); 394 } 395 396 printf(": "); 397 398 cksum += htons(length); 399 400 ulen = ntohs(up->uh_ulen); 401 if (length < ulen) 402 printf(" truncated-udp - %u bytes missing!", ulen - length); 403 404 length -= sizeof(*up); 405 406 if (vflag && ipv && TTEST2(cp[0], length)) { 407 uint16_t sum, usum = up->uh_sum; 408 409 if (usum == 0) { 410 if (ipv == 4) 411 printf("[no udp cksum] "); 412 else 413 printf("[invalid udp cksum 0] "); 414 } else { 415 cksum += htons(IPPROTO_UDP); 416 cksum += up->uh_sport; 417 cksum += up->uh_dport; 418 cksum += up->uh_ulen; 419 420 sum = in_cksum(cp, length, cksum); 421 422 if (sum == usum) 423 printf("[udp sum ok] "); 424 else { 425 printf("[bad udp cksum %04x! -> %04x] ", 426 usum, sum); 427 } 428 } 429 } 430 431 if (packettype) { 432 struct rpc_msg *rp; 433 enum msg_type direction; 434 435 switch (packettype) { 436 case PT_VAT: 437 vat_print(cp, length, up); 438 break; 439 440 case PT_WB: 441 wb_print(cp, length); 442 break; 443 444 case PT_RPC: 445 rp = (struct rpc_msg *)cp; 446 direction = (enum msg_type)ntohl(rp->rm_direction); 447 if (direction == CALL) 448 sunrpcrequest_print(cp, length, iph); 449 else 450 nfsreply_print(cp, length, iph); 451 break; 452 453 case PT_RTP: 454 rtp_print(cp, length, up); 455 break; 456 457 case PT_RTCP: 458 while (cp < ep) 459 cp = rtcp_print(cp, ep); 460 break; 461 case PT_CNFP: 462 cnfp_print(cp, length); 463 break; 464 case PT_GRE: 465 gre_print(cp, length); 466 break; 467 case PT_VXLAN: 468 vxlan_print(cp, length); 469 break; 470 case PT_GENEVE: 471 geneve_print(cp, length); 472 break; 473 case PT_MPLS: 474 mpls_print(cp, length); 475 break; 476 case PT_TFTP: 477 tftp_print(cp, length); 478 break; 479 case PT_WIREGUARD: 480 wg_print(cp, length); 481 break; 482 } 483 return; 484 } 485 486 if (!qflag) { 487 struct rpc_msg *rp; 488 enum msg_type direction; 489 490 rp = (struct rpc_msg *)cp; 491 if (TTEST(rp->rm_direction)) { 492 direction = (enum msg_type)ntohl(rp->rm_direction); 493 if (dport == NFS_PORT && direction == CALL) { 494 nfsreq_print(cp, length, iph); 495 return; 496 } 497 if (sport == NFS_PORT && direction == REPLY) { 498 nfsreply_print(cp, length, iph); 499 return; 500 } 501 #ifdef notdef 502 if (dport == SUNRPC_PORT && direction == CALL) { 503 sunrpcrequest_print(cp, length, iph); 504 return; 505 } 506 #endif 507 } 508 if (TTEST(((struct LAP *)cp)->type) && 509 ((struct LAP *)cp)->type == lapDDP && 510 (atalk_port(sport) || atalk_port(dport))) { 511 if (vflag) 512 printf("kip "); 513 atalk_print_llap(cp, length); 514 return; 515 } 516 } 517 518 if (!qflag) { 519 #define ISPORT(p) (dport == (p) || sport == (p)) 520 if (ISPORT(NAMESERVER_PORT)) 521 ns_print(cp, length, 0); 522 else if (ISPORT(MULTICASTDNS_PORT)) 523 ns_print(cp, length, 1); 524 else if (ISPORT(LWRES_PORT)) 525 lwres_print(cp, length); 526 else if (ISPORT(TIMED_PORT)) 527 timed_print(cp, length); 528 else if (ISPORT(TFTP_PORT)) 529 tftp_print(cp, length); 530 else if (ISPORT(IPPORT_BOOTPC) || ISPORT(IPPORT_BOOTPS)) 531 bootp_print(cp, length, sport, dport); 532 else if (ISPORT(RIP_PORT)) 533 rip_print(cp, length); 534 else if (ISPORT(SNMP_PORT) || ISPORT(SNMPTRAP_PORT)) 535 snmp_print(cp, length); 536 else if (ISPORT(NTP_PORT)) 537 ntp_print(cp, length); 538 else if (ISPORT(KERBEROS_PORT) || ISPORT(KERBEROS_SEC_PORT)) 539 krb_print(cp, length); 540 else if (ISPORT(L2TP_PORT)) 541 l2tp_print(cp, length); 542 else if (ISPORT(UDPENCAP_PORT)) 543 udpencap_print(cp, length, iph); 544 else if (ISPORT(ISAKMP_PORT)) 545 ike_print(cp, length); 546 #if 0 547 else if (ISPORT(NETBIOS_NS_PORT)) 548 nbt_udp137_print(cp, length); 549 else if (ISPORT(NETBIOS_DGRAM_PORT)) 550 nbt_udp138_print(cp, length); 551 #endif 552 else if (ISPORT(OLD_RADIUS_AUTH_PORT) || 553 ISPORT(OLD_RADIUS_ACCT_PORT) || 554 ISPORT(RADIUS_AUTH_PORT) || 555 ISPORT(RADIUS_ACCT_PORT)) 556 radius_print(cp, length); 557 else if (dport == 3456) 558 vat_print(cp, length, up); 559 else if (ISPORT(IAPP_PORT) || ISPORT(IAPP_OLD_PORT)) 560 iapp_print(cp, length); 561 else if (ISPORT(VQP_PORT)) 562 vqp_print(cp, length); 563 else if (ISPORT(GRE_PORT)) 564 gre_print(cp, length); 565 else if (ISPORT(VXLAN_PORT) || ISPORT(VXLAN_GPE_PORT)) 566 vxlan_print(cp, length); 567 else if (ISPORT(GENEVE_PORT)) 568 geneve_print(cp, length); 569 else if (ISPORT(MPLS_PORT)) 570 mpls_print(cp, length); 571 else if (ISPORT(RIPNG_PORT)) 572 ripng_print(cp, length); 573 else if (ISPORT(DHCP6_PORT1) || ISPORT(DHCP6_PORT2)) 574 dhcp6_print(cp, length); 575 else if (ISPORT(GTP_C_PORT) || ISPORT(GTP_U_PORT) || 576 ISPORT(GTP_PRIME_PORT)) 577 gtp_print(cp, length, sport, dport); 578 /* 579 * Kludge in test for whiteboard packets. 580 */ 581 else if (dport == 4567) 582 wb_print(cp, length); 583 else if (dport == HSRP_PORT) 584 hsrp_print(cp, length); 585 else if (wg_match(cp, length)) 586 wg_print(cp, length); 587 else 588 printf("udp %u", length); 589 #undef ISPORT 590 } else 591 printf("udp %u", length); 592 } 593