1 /* 2 * Copyright (c) 1988, 1989, 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997 3 * The Regents of the University of California. All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that: (1) source code distributions 7 * retain the above copyright notice and this paragraph in its entirety, (2) 8 * distributions including binary code include the above copyright notice and 9 * this paragraph in its entirety in the documentation or other materials 10 * provided with the distribution, and (3) all advertising materials mentioning 11 * features or use of this software display the following acknowledgement: 12 * ``This product includes software developed by the University of California, 13 * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of 14 * the University nor the names of its contributors may be used to endorse 15 * or promote products derived from this software without specific prior 16 * written permission. 17 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED 18 * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF 19 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. 20 * 21 * $FreeBSD$ 22 */ 23 24 #ifndef lint 25 static const char rcsid[] _U_ = 26 "@(#) $Header: /tcpdump/master/tcpdump/print-ip.c,v 1.128.2.6 2004/03/24 09:01:39 guy Exp $ (LBL)"; 27 #endif 28 29 #ifdef HAVE_CONFIG_H 30 #include "config.h" 31 #endif 32 33 #include <tcpdump-stdinc.h> 34 35 #include <stdio.h> 36 #include <stdlib.h> 37 #include <string.h> 38 39 #include "addrtoname.h" 40 #include "interface.h" 41 #include "extract.h" /* must come after interface.h */ 42 43 #include "ip.h" 44 #include "ipproto.h" 45 46 /* 47 * print the recorded route in an IP RR, LSRR or SSRR option. 48 */ 49 static void 50 ip_printroute(const char *type, register const u_char *cp, u_int length) 51 { 52 register u_int ptr; 53 register u_int len; 54 55 if (length < 3) { 56 printf(" [bad length %u]", length); 57 return; 58 } 59 printf(" %s{", type); 60 if ((length + 1) & 3) 61 printf(" [bad length %u]", length); 62 ptr = cp[2] - 1; 63 if (ptr < 3 || ((ptr + 1) & 3) || ptr > length + 1) 64 printf(" [bad ptr %u]", cp[2]); 65 66 type = ""; 67 for (len = 3; len < length; len += 4) { 68 if (ptr == len) 69 type = "#"; 70 printf("%s%s", type, ipaddr_string(&cp[len])); 71 type = " "; 72 } 73 printf("%s}", ptr == len? "#" : ""); 74 } 75 76 /* 77 * If source-routing is present, return the final destination. 78 * Otherwise, return IP destination. 79 * 80 * This is used for UDP and TCP pseudo-header in the checksum 81 * calculation. 82 */ 83 u_int32_t 84 ip_finddst(const struct ip *ip) 85 { 86 int length; 87 int len; 88 const u_char *cp; 89 u_int32_t retval; 90 91 cp = (const u_char *)(ip + 1); 92 length = (IP_HL(ip) << 2) - sizeof(struct ip); 93 94 for (; length > 0; cp += len, length -= len) { 95 int tt; 96 97 TCHECK(*cp); 98 tt = *cp; 99 if (tt == IPOPT_NOP || tt == IPOPT_EOL) 100 len = 1; 101 else { 102 TCHECK(cp[1]); 103 len = cp[1]; 104 } 105 if (len < 2) { 106 return 0; 107 } 108 TCHECK2(*cp, len); 109 switch (tt) { 110 111 case IPOPT_SSRR: 112 case IPOPT_LSRR: 113 if (len < 7) 114 return 0; 115 memcpy(&retval, cp + len - 4, 4); 116 return retval; 117 } 118 } 119 return ip->ip_dst.s_addr; 120 121 trunc: 122 return 0; 123 } 124 125 static void 126 ip_printts(register const u_char *cp, u_int length) 127 { 128 register u_int ptr; 129 register u_int len; 130 int hoplen; 131 const char *type; 132 133 if (length < 4) { 134 printf("[bad length %d]", length); 135 return; 136 } 137 printf(" TS{"); 138 hoplen = ((cp[3]&0xF) != IPOPT_TS_TSONLY) ? 8 : 4; 139 if ((length - 4) & (hoplen-1)) 140 printf("[bad length %d]", length); 141 ptr = cp[2] - 1; 142 len = 0; 143 if (ptr < 4 || ((ptr - 4) & (hoplen-1)) || ptr > length + 1) 144 printf("[bad ptr %d]", cp[2]); 145 switch (cp[3]&0xF) { 146 case IPOPT_TS_TSONLY: 147 printf("TSONLY"); 148 break; 149 case IPOPT_TS_TSANDADDR: 150 printf("TS+ADDR"); 151 break; 152 /* 153 * prespecified should really be 3, but some ones might send 2 154 * instead, and the IPOPT_TS_PRESPEC constant can apparently 155 * have both values, so we have to hard-code it here. 156 */ 157 158 case 2: 159 printf("PRESPEC2.0"); 160 break; 161 case 3: /* IPOPT_TS_PRESPEC */ 162 printf("PRESPEC"); 163 break; 164 default: 165 printf("[bad ts type %d]", cp[3]&0xF); 166 goto done; 167 } 168 169 type = " "; 170 for (len = 4; len < length; len += hoplen) { 171 if (ptr == len) 172 type = " ^ "; 173 printf("%s%d@%s", type, EXTRACT_32BITS(&cp[len+hoplen-4]), 174 hoplen!=8 ? "" : ipaddr_string(&cp[len])); 175 type = " "; 176 } 177 178 done: 179 printf("%s", ptr == len ? " ^ " : ""); 180 181 if (cp[3]>>4) 182 printf(" [%d hops not recorded]} ", cp[3]>>4); 183 else 184 printf("}"); 185 } 186 187 /* 188 * print IP options. 189 */ 190 static void 191 ip_optprint(register const u_char *cp, u_int length) 192 { 193 register u_int len; 194 195 for (; length > 0; cp += len, length -= len) { 196 int tt; 197 198 TCHECK(*cp); 199 tt = *cp; 200 if (tt == IPOPT_NOP || tt == IPOPT_EOL) 201 len = 1; 202 else { 203 TCHECK(cp[1]); 204 len = cp[1]; 205 if (len < 2) { 206 printf("[|ip op len %d]", len); 207 return; 208 } 209 TCHECK2(*cp, len); 210 } 211 switch (tt) { 212 213 case IPOPT_EOL: 214 printf(" EOL"); 215 if (length > 1) 216 printf("-%d", length - 1); 217 return; 218 219 case IPOPT_NOP: 220 printf(" NOP"); 221 break; 222 223 case IPOPT_TS: 224 ip_printts(cp, len); 225 break; 226 227 #ifndef IPOPT_SECURITY 228 #define IPOPT_SECURITY 130 229 #endif /* IPOPT_SECURITY */ 230 case IPOPT_SECURITY: 231 printf(" SECURITY{%d}", len); 232 break; 233 234 case IPOPT_RR: 235 ip_printroute("RR", cp, len); 236 break; 237 238 case IPOPT_SSRR: 239 ip_printroute("SSRR", cp, len); 240 break; 241 242 case IPOPT_LSRR: 243 ip_printroute("LSRR", cp, len); 244 break; 245 246 #ifndef IPOPT_RA 247 #define IPOPT_RA 148 /* router alert */ 248 #endif 249 case IPOPT_RA: 250 printf(" RA"); 251 if (len != 4) 252 printf("{%d}", len); 253 else { 254 TCHECK(cp[3]); 255 if (cp[2] || cp[3]) 256 printf("%d.%d", cp[2], cp[3]); 257 } 258 break; 259 260 default: 261 printf(" IPOPT-%d{%d}", cp[0], len); 262 break; 263 } 264 } 265 return; 266 267 trunc: 268 printf("[|ip]"); 269 } 270 271 /* 272 * compute an IP header checksum. 273 * don't modifiy the packet. 274 */ 275 u_short 276 in_cksum(const u_short *addr, register u_int len, int csum) 277 { 278 int nleft = len; 279 const u_short *w = addr; 280 u_short answer; 281 int sum = csum; 282 283 /* 284 * Our algorithm is simple, using a 32 bit accumulator (sum), 285 * we add sequential 16 bit words to it, and at the end, fold 286 * back all the carry bits from the top 16 bits into the lower 287 * 16 bits. 288 */ 289 while (nleft > 1) { 290 sum += *w++; 291 nleft -= 2; 292 } 293 if (nleft == 1) 294 sum += htons(*(u_char *)w<<8); 295 296 /* 297 * add back carry outs from top 16 bits to low 16 bits 298 */ 299 sum = (sum >> 16) + (sum & 0xffff); /* add hi 16 to low 16 */ 300 sum += (sum >> 16); /* add carry */ 301 answer = ~sum; /* truncate to 16 bits */ 302 return (answer); 303 } 304 305 /* 306 * Given the host-byte-order value of the checksum field in a packet 307 * header, and the network-byte-order computed checksum of the data 308 * that the checksum covers (including the checksum itself), compute 309 * what the checksum field *should* have been. 310 */ 311 u_int16_t 312 in_cksum_shouldbe(u_int16_t sum, u_int16_t computed_sum) 313 { 314 u_int32_t shouldbe; 315 316 /* 317 * The value that should have gone into the checksum field 318 * is the negative of the value gotten by summing up everything 319 * *but* the checksum field. 320 * 321 * We can compute that by subtracting the value of the checksum 322 * field from the sum of all the data in the packet, and then 323 * computing the negative of that value. 324 * 325 * "sum" is the value of the checksum field, and "computed_sum" 326 * is the negative of the sum of all the data in the packets, 327 * so that's -(-computed_sum - sum), or (sum + computed_sum). 328 * 329 * All the arithmetic in question is one's complement, so the 330 * addition must include an end-around carry; we do this by 331 * doing the arithmetic in 32 bits (with no sign-extension), 332 * and then adding the upper 16 bits of the sum, which contain 333 * the carry, to the lower 16 bits of the sum, and then do it 334 * again in case *that* sum produced a carry. 335 * 336 * As RFC 1071 notes, the checksum can be computed without 337 * byte-swapping the 16-bit words; summing 16-bit words 338 * on a big-endian machine gives a big-endian checksum, which 339 * can be directly stuffed into the big-endian checksum fields 340 * in protocol headers, and summing words on a little-endian 341 * machine gives a little-endian checksum, which must be 342 * byte-swapped before being stuffed into a big-endian checksum 343 * field. 344 * 345 * "computed_sum" is a network-byte-order value, so we must put 346 * it in host byte order before subtracting it from the 347 * host-byte-order value from the header; the adjusted checksum 348 * will be in host byte order, which is what we'll return. 349 */ 350 shouldbe = sum; 351 shouldbe += ntohs(computed_sum); 352 shouldbe = (shouldbe & 0xFFFF) + (shouldbe >> 16); 353 shouldbe = (shouldbe & 0xFFFF) + (shouldbe >> 16); 354 return shouldbe; 355 } 356 357 #ifndef IP_MF 358 #define IP_MF 0x2000 359 #endif /* IP_MF */ 360 #ifndef IP_DF 361 #define IP_DF 0x4000 362 #endif /* IP_DF */ 363 #define IP_RES 0x8000 364 365 static struct tok ip_frag_values[] = { 366 { IP_MF, "+" }, 367 { IP_DF, "DF" }, 368 { IP_RES, "rsvd" }, /* The RFC3514 evil ;-) bit */ 369 { 0, NULL } 370 }; 371 372 /* 373 * print an IP datagram. 374 */ 375 void 376 ip_print(register const u_char *bp, register u_int length) 377 { 378 register const struct ip *ip; 379 register u_int hlen, len, len0, off; 380 const u_char *ipend; 381 register const u_char *cp; 382 u_char nh; 383 int advance; 384 struct protoent *proto; 385 u_int16_t sum, ip_sum; 386 387 ip = (const struct ip *)bp; 388 if (IP_V(ip) != 4) { /* print version if != 4 */ 389 printf("IP%u ", IP_V(ip)); 390 if (IP_V(ip) == 6) 391 printf(", wrong link-layer encapsulation"); 392 } 393 else 394 printf("IP "); 395 396 if ((u_char *)(ip + 1) > snapend) { 397 printf("[|ip]"); 398 return; 399 } 400 if (length < sizeof (struct ip)) { 401 (void)printf("truncated-ip %d", length); 402 return; 403 } 404 hlen = IP_HL(ip) * 4; 405 if (hlen < sizeof (struct ip)) { 406 (void)printf("bad-hlen %u", hlen); 407 return; 408 } 409 410 len = EXTRACT_16BITS(&ip->ip_len); 411 if (length < len) 412 (void)printf("truncated-ip - %u bytes missing! ", 413 len - length); 414 if (len < hlen) { 415 (void)printf("bad-len %u", len); 416 return; 417 } 418 419 /* 420 * Cut off the snapshot length to the end of the IP payload. 421 */ 422 ipend = bp + len; 423 if (ipend < snapend) 424 snapend = ipend; 425 426 len -= hlen; 427 len0 = len; 428 429 off = EXTRACT_16BITS(&ip->ip_off); 430 431 if (vflag) { 432 (void)printf("(tos 0x%x", (int)ip->ip_tos); 433 /* ECN bits */ 434 if (ip->ip_tos & 0x03) { 435 switch (ip->ip_tos & 0x03) { 436 case 1: 437 (void)printf(",ECT(1)"); 438 break; 439 case 2: 440 (void)printf(",ECT(0)"); 441 break; 442 case 3: 443 (void)printf(",CE"); 444 } 445 } 446 447 if (ip->ip_ttl >= 1) 448 (void)printf(", ttl %3u", ip->ip_ttl); 449 450 /* 451 * for the firewall guys, print id, offset. 452 * On all but the last stick a "+" in the flags portion. 453 * For unfragmented datagrams, note the don't fragment flag. 454 */ 455 456 (void)printf(", id %u, offset %u, flags [%s]", 457 EXTRACT_16BITS(&ip->ip_id), 458 (off & 0x1fff) * 8, 459 bittok2str(ip_frag_values, "none", off & 0xe000 )); 460 461 (void)printf(", length: %u", EXTRACT_16BITS(&ip->ip_len)); 462 463 if ((hlen - sizeof(struct ip)) > 0) { 464 (void)printf(", optlength: %u (", hlen - (u_int)sizeof(struct ip)); 465 ip_optprint((u_char *)(ip + 1), hlen - sizeof(struct ip)); 466 printf(" )"); 467 } 468 469 if ((u_char *)ip + hlen <= snapend) { 470 sum = in_cksum((const u_short *)ip, hlen, 0); 471 if (sum != 0) { 472 ip_sum = EXTRACT_16BITS(&ip->ip_sum); 473 (void)printf(", bad cksum %x (->%x)!", ip_sum, 474 in_cksum_shouldbe(ip_sum, sum)); 475 } 476 } 477 478 printf(") "); 479 } 480 481 /* 482 * If this is fragment zero, hand it to the next higher 483 * level protocol. 484 */ 485 if ((off & 0x1fff) == 0) { 486 cp = (const u_char *)ip + hlen; 487 nh = ip->ip_p; 488 489 if (nh != IPPROTO_TCP && nh != IPPROTO_UDP && 490 nh != IPPROTO_SCTP) { 491 (void)printf("%s > %s: ", ipaddr_string(&ip->ip_src), 492 ipaddr_string(&ip->ip_dst)); 493 } 494 again: 495 switch (nh) { 496 497 case IPPROTO_AH: 498 nh = *cp; 499 advance = ah_print(cp); 500 if (advance <= 0) 501 break; 502 cp += advance; 503 len -= advance; 504 goto again; 505 506 case IPPROTO_ESP: 507 { 508 int enh, padlen; 509 advance = esp_print(cp, (const u_char *)ip, &enh, &padlen); 510 if (advance <= 0) 511 break; 512 cp += advance; 513 len -= advance + padlen; 514 nh = enh & 0xff; 515 goto again; 516 } 517 518 case IPPROTO_IPCOMP: 519 { 520 int enh; 521 advance = ipcomp_print(cp, &enh); 522 if (advance <= 0) 523 break; 524 cp += advance; 525 len -= advance; 526 nh = enh & 0xff; 527 goto again; 528 } 529 530 case IPPROTO_SCTP: 531 sctp_print(cp, (const u_char *)ip, len); 532 break; 533 534 case IPPROTO_TCP: 535 tcp_print(cp, len, (const u_char *)ip, (off &~ 0x6000)); 536 break; 537 538 case IPPROTO_UDP: 539 udp_print(cp, len, (const u_char *)ip, (off &~ 0x6000)); 540 break; 541 542 case IPPROTO_ICMP: 543 /* pass on the MF bit plus the offset to detect fragments */ 544 icmp_print(cp, len, (const u_char *)ip, (off & 0x3fff)); 545 break; 546 547 case IPPROTO_IGRP: 548 igrp_print(cp, len, (const u_char *)ip); 549 break; 550 551 case IPPROTO_ND: 552 (void)printf(" nd %d", len); 553 break; 554 555 case IPPROTO_EGP: 556 egp_print(cp); 557 break; 558 559 case IPPROTO_OSPF: 560 ospf_print(cp, len, (const u_char *)ip); 561 break; 562 563 case IPPROTO_IGMP: 564 igmp_print(cp, len); 565 break; 566 567 case IPPROTO_IPV4: 568 /* DVMRP multicast tunnel (ip-in-ip encapsulation) */ 569 ip_print(cp, len); 570 if (! vflag) { 571 printf(" (ipip-proto-4)"); 572 return; 573 } 574 break; 575 576 #ifdef INET6 577 case IPPROTO_IPV6: 578 /* ip6-in-ip encapsulation */ 579 ip6_print(cp, len); 580 break; 581 #endif /*INET6*/ 582 583 case IPPROTO_RSVP: 584 rsvp_print(cp, len); 585 break; 586 587 case IPPROTO_GRE: 588 /* do it */ 589 gre_print(cp, len); 590 break; 591 592 case IPPROTO_MOBILE: 593 mobile_print(cp, len); 594 break; 595 596 case IPPROTO_PIM: 597 pim_print(cp, len); 598 break; 599 600 case IPPROTO_VRRP: 601 vrrp_print(cp, len, ip->ip_ttl); 602 break; 603 604 default: 605 if ((proto = getprotobynumber(nh)) != NULL) 606 (void)printf(" %s", proto->p_name); 607 else 608 (void)printf(" ip-proto-%d", nh); 609 printf(" %d", len); 610 break; 611 } 612 } else { 613 /* Ultra quiet now means that all this stuff should be suppressed */ 614 if (qflag > 1) return; 615 616 /* 617 * if this isn't the first frag, we're missing the 618 * next level protocol header. print the ip addr 619 * and the protocol. 620 */ 621 if (off & 0x1fff) { 622 (void)printf("%s > %s:", ipaddr_string(&ip->ip_src), 623 ipaddr_string(&ip->ip_dst)); 624 if ((proto = getprotobynumber(ip->ip_p)) != NULL) 625 (void)printf(" %s", proto->p_name); 626 else 627 (void)printf(" ip-proto-%d", ip->ip_p); 628 } 629 } 630 } 631 632 void 633 ipN_print(register const u_char *bp, register u_int length) 634 { 635 struct ip *ip, hdr; 636 637 ip = (struct ip *)bp; 638 if (length < 4) { 639 (void)printf("truncated-ip %d", length); 640 return; 641 } 642 memcpy (&hdr, (char *)ip, 4); 643 switch (IP_V(&hdr)) { 644 case 4: 645 ip_print (bp, length); 646 return; 647 #ifdef INET6 648 case 6: 649 ip6_print (bp, length); 650 return; 651 #endif 652 default: 653 (void)printf("unknown ip %d", IP_V(&hdr)); 654 return; 655 } 656 } 657 658 659 660