xref: /freebsd/usr.sbin/traceroute6/traceroute6.c (revision dc318a4ffabcbfa23bb56a33403aad36e6de30af)
1 /*	$KAME: traceroute6.c,v 1.68 2004/01/25 11:16:12 suz Exp $	*/
2 
3 /*-
4  * SPDX-License-Identifier: BSD-3-Clause
5  *
6  * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
7  * All rights reserved.
8  *
9  * Redistribution and use in source and binary forms, with or without
10  * modification, are permitted provided that the following conditions
11  * are met:
12  * 1. Redistributions of source code must retain the above copyright
13  *    notice, this list of conditions and the following disclaimer.
14  * 2. Redistributions in binary form must reproduce the above copyright
15  *    notice, this list of conditions and the following disclaimer in the
16  *    documentation and/or other materials provided with the distribution.
17  * 3. Neither the name of the project nor the names of its contributors
18  *    may be used to endorse or promote products derived from this software
19  *    without specific prior written permission.
20  *
21  * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
22  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24  * ARE DISCLAIMED.  IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
25  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31  * SUCH DAMAGE.
32  */
33 
34 /*-
35  * Copyright (c) 1990, 1993
36  *	The Regents of the University of California.  All rights reserved.
37  *
38  * This code is derived from software contributed to Berkeley by
39  * Van Jacobson.
40  *
41  * Redistribution and use in source and binary forms, with or without
42  * modification, are permitted provided that the following conditions
43  * are met:
44  * 1. Redistributions of source code must retain the above copyright
45  *    notice, this list of conditions and the following disclaimer.
46  * 2. Redistributions in binary form must reproduce the above copyright
47  *    notice, this list of conditions and the following disclaimer in the
48  *    documentation and/or other materials provided with the distribution.
49  * 3. Neither the name of the University nor the names of its contributors
50  *    may be used to endorse or promote products derived from this software
51  *    without specific prior written permission.
52  *
53  * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
54  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
55  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
56  * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
57  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
58  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
59  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
60  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
61  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
62  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
63  * SUCH DAMAGE.
64  */
65 
66 #ifndef lint
67 static const char copyright[] =
68 "@(#) Copyright (c) 1990, 1993\n\
69 	The Regents of the University of California.  All rights reserved.\n";
70 #endif /* not lint */
71 
72 #ifndef lint
73 #if 0
74 static char sccsid[] = "@(#)traceroute.c	8.1 (Berkeley) 6/6/93";
75 #endif
76 static const char rcsid[] =
77   "$FreeBSD$";
78 #endif /* not lint */
79 
80 /*
81  * traceroute host  - trace the route ip packets follow going to "host".
82  *
83  * Attempt to trace the route an ip packet would follow to some
84  * internet host.  We find out intermediate hops by launching probe
85  * packets with a small ttl (time to live) then listening for an
86  * icmp "time exceeded" reply from a gateway.  We start our probes
87  * with a ttl of one and increase by one until we get an icmp "port
88  * unreachable" (which means we got to "host") or hit a max (which
89  * defaults to 30 hops & can be changed with the -m flag).  Three
90  * probes (change with -q flag) are sent at each ttl setting and a
91  * line is printed showing the ttl, address of the gateway and
92  * round trip time of each probe.  If the probe answers come from
93  * different gateways, the address of each responding system will
94  * be printed.  If there is no response within a 5 sec. timeout
95  * interval (changed with the -w flag), a "*" is printed for that
96  * probe.
97  *
98  * Probe packets are UDP format.  We don't want the destination
99  * host to process them so the destination port is set to an
100  * unlikely value (if some clod on the destination is using that
101  * value, it can be changed with the -p flag).
102  *
103  * A sample use might be:
104  *
105  *     [yak 71]% traceroute nis.nsf.net.
106  *     traceroute to nis.nsf.net (35.1.1.48), 30 hops max, 56 byte packet
107  *      1  helios.ee.lbl.gov (128.3.112.1)  19 ms  19 ms  0 ms
108  *      2  lilac-dmc.Berkeley.EDU (128.32.216.1)  39 ms  39 ms  19 ms
109  *      3  lilac-dmc.Berkeley.EDU (128.32.216.1)  39 ms  39 ms  19 ms
110  *      4  ccngw-ner-cc.Berkeley.EDU (128.32.136.23)  39 ms  40 ms  39 ms
111  *      5  ccn-nerif22.Berkeley.EDU (128.32.168.22)  39 ms  39 ms  39 ms
112  *      6  128.32.197.4 (128.32.197.4)  40 ms  59 ms  59 ms
113  *      7  131.119.2.5 (131.119.2.5)  59 ms  59 ms  59 ms
114  *      8  129.140.70.13 (129.140.70.13)  99 ms  99 ms  80 ms
115  *      9  129.140.71.6 (129.140.71.6)  139 ms  239 ms  319 ms
116  *     10  129.140.81.7 (129.140.81.7)  220 ms  199 ms  199 ms
117  *     11  nic.merit.edu (35.1.1.48)  239 ms  239 ms  239 ms
118  *
119  * Note that lines 2 & 3 are the same.  This is due to a buggy
120  * kernel on the 2nd hop system -- lbl-csam.arpa -- that forwards
121  * packets with a zero ttl.
122  *
123  * A more interesting example is:
124  *
125  *     [yak 72]% traceroute allspice.lcs.mit.edu.
126  *     traceroute to allspice.lcs.mit.edu (18.26.0.115), 30 hops max
127  *      1  helios.ee.lbl.gov (128.3.112.1)  0 ms  0 ms  0 ms
128  *      2  lilac-dmc.Berkeley.EDU (128.32.216.1)  19 ms  19 ms  19 ms
129  *      3  lilac-dmc.Berkeley.EDU (128.32.216.1)  39 ms  19 ms  19 ms
130  *      4  ccngw-ner-cc.Berkeley.EDU (128.32.136.23)  19 ms  39 ms  39 ms
131  *      5  ccn-nerif22.Berkeley.EDU (128.32.168.22)  20 ms  39 ms  39 ms
132  *      6  128.32.197.4 (128.32.197.4)  59 ms  119 ms  39 ms
133  *      7  131.119.2.5 (131.119.2.5)  59 ms  59 ms  39 ms
134  *      8  129.140.70.13 (129.140.70.13)  80 ms  79 ms  99 ms
135  *      9  129.140.71.6 (129.140.71.6)  139 ms  139 ms  159 ms
136  *     10  129.140.81.7 (129.140.81.7)  199 ms  180 ms  300 ms
137  *     11  129.140.72.17 (129.140.72.17)  300 ms  239 ms  239 ms
138  *     12  * * *
139  *     13  128.121.54.72 (128.121.54.72)  259 ms  499 ms  279 ms
140  *     14  * * *
141  *     15  * * *
142  *     16  * * *
143  *     17  * * *
144  *     18  ALLSPICE.LCS.MIT.EDU (18.26.0.115)  339 ms  279 ms  279 ms
145  *
146  * (I start to see why I'm having so much trouble with mail to
147  * MIT.)  Note that the gateways 12, 14, 15, 16 & 17 hops away
148  * either don't send ICMP "time exceeded" messages or send them
149  * with a ttl too small to reach us.  14 - 17 are running the
150  * MIT C Gateway code that doesn't send "time exceeded"s.  God
151  * only knows what's going on with 12.
152  *
153  * The silent gateway 12 in the above may be the result of a bug in
154  * the 4.[23]BSD network code (and its derivatives):  4.x (x <= 3)
155  * sends an unreachable message using whatever ttl remains in the
156  * original datagram.  Since, for gateways, the remaining ttl is
157  * zero, the icmp "time exceeded" is guaranteed to not make it back
158  * to us.  The behavior of this bug is slightly more interesting
159  * when it appears on the destination system:
160  *
161  *      1  helios.ee.lbl.gov (128.3.112.1)  0 ms  0 ms  0 ms
162  *      2  lilac-dmc.Berkeley.EDU (128.32.216.1)  39 ms  19 ms  39 ms
163  *      3  lilac-dmc.Berkeley.EDU (128.32.216.1)  19 ms  39 ms  19 ms
164  *      4  ccngw-ner-cc.Berkeley.EDU (128.32.136.23)  39 ms  40 ms  19 ms
165  *      5  ccn-nerif35.Berkeley.EDU (128.32.168.35)  39 ms  39 ms  39 ms
166  *      6  csgw.Berkeley.EDU (128.32.133.254)  39 ms  59 ms  39 ms
167  *      7  * * *
168  *      8  * * *
169  *      9  * * *
170  *     10  * * *
171  *     11  * * *
172  *     12  * * *
173  *     13  rip.Berkeley.EDU (128.32.131.22)  59 ms !  39 ms !  39 ms !
174  *
175  * Notice that there are 12 "gateways" (13 is the final
176  * destination) and exactly the last half of them are "missing".
177  * What's really happening is that rip (a Sun-3 running Sun OS3.5)
178  * is using the ttl from our arriving datagram as the ttl in its
179  * icmp reply.  So, the reply will time out on the return path
180  * (with no notice sent to anyone since icmp's aren't sent for
181  * icmp's) until we probe with a ttl that's at least twice the path
182  * length.  I.e., rip is really only 7 hops away.  A reply that
183  * returns with a ttl of 1 is a clue this problem exists.
184  * Traceroute prints a "!" after the time if the ttl is <= 1.
185  * Since vendors ship a lot of obsolete (DEC's Ultrix, Sun 3.x) or
186  * non-standard (HPUX) software, expect to see this problem
187  * frequently and/or take care picking the target host of your
188  * probes.
189  *
190  * Other possible annotations after the time are !H, !N, !P (got a host,
191  * network or protocol unreachable, respectively), !S or !F (source
192  * route failed or fragmentation needed -- neither of these should
193  * ever occur and the associated gateway is busted if you see one).  If
194  * almost all the probes result in some kind of unreachable, traceroute
195  * will give up and exit.
196  *
197  * Notes
198  * -----
199  * This program must be run by root or be setuid.  (I suggest that
200  * you *don't* make it setuid -- casual use could result in a lot
201  * of unnecessary traffic on our poor, congested nets.)
202  *
203  * This program requires a kernel mod that does not appear in any
204  * system available from Berkeley:  A raw ip socket using proto
205  * IPPROTO_RAW must interpret the data sent as an ip datagram (as
206  * opposed to data to be wrapped in an ip datagram).  See the README
207  * file that came with the source to this program for a description
208  * of the mods I made to /sys/netinet/raw_ip.c.  Your mileage may
209  * vary.  But, again, ANY 4.x (x < 4) BSD KERNEL WILL HAVE TO BE
210  * MODIFIED TO RUN THIS PROGRAM.
211  *
212  * The udp port usage may appear bizarre (well, ok, it is bizarre).
213  * The problem is that an icmp message only contains 8 bytes of
214  * data from the original datagram.  8 bytes is the size of a udp
215  * header so, if we want to associate replies with the original
216  * datagram, the necessary information must be encoded into the
217  * udp header (the ip id could be used but there's no way to
218  * interlock with the kernel's assignment of ip id's and, anyway,
219  * it would have taken a lot more kernel hacking to allow this
220  * code to set the ip id).  So, to allow two or more users to
221  * use traceroute simultaneously, we use this task's pid as the
222  * source port (the high bit is set to move the port number out
223  * of the "likely" range).  To keep track of which probe is being
224  * replied to (so times and/or hop counts don't get confused by a
225  * reply that was delayed in transit), we increment the destination
226  * port number before each probe.
227  *
228  * Don't use this as a coding example.  I was trying to find a
229  * routing problem and this code sort-of popped out after 48 hours
230  * without sleep.  I was amazed it ever compiled, much less ran.
231  *
232  * I stole the idea for this program from Steve Deering.  Since
233  * the first release, I've learned that had I attended the right
234  * IETF working group meetings, I also could have stolen it from Guy
235  * Almes or Matt Mathis.  I don't know (or care) who came up with
236  * the idea first.  I envy the originators' perspicacity and I'm
237  * glad they didn't keep the idea a secret.
238  *
239  * Tim Seaver, Ken Adelman and C. Philip Wood provided bug fixes and/or
240  * enhancements to the original distribution.
241  *
242  * I've hacked up a round-trip-route version of this that works by
243  * sending a loose-source-routed udp datagram through the destination
244  * back to yourself.  Unfortunately, SO many gateways botch source
245  * routing, the thing is almost worthless.  Maybe one day...
246  *
247  *  -- Van Jacobson (van@helios.ee.lbl.gov)
248  *     Tue Dec 20 03:50:13 PST 1988
249  */
250 
251 #include <sys/param.h>
252 #include <sys/capsicum.h>
253 #include <sys/time.h>
254 #include <sys/socket.h>
255 #include <sys/uio.h>
256 #include <sys/file.h>
257 #include <sys/ioctl.h>
258 #include <sys/sysctl.h>
259 
260 #include <netinet/in.h>
261 
262 #include <arpa/inet.h>
263 
264 #include <libcasper.h>
265 #include <casper/cap_dns.h>
266 #include <capsicum_helpers.h>
267 
268 #include <netdb.h>
269 #include <stdio.h>
270 #include <err.h>
271 #ifdef HAVE_POLL
272 #include <poll.h>
273 #endif
274 #include <errno.h>
275 #include <stdlib.h>
276 #include <string.h>
277 #include <unistd.h>
278 
279 #include <netinet/ip6.h>
280 #include <netinet/icmp6.h>
281 #include <netinet/sctp.h>
282 #include <netinet/sctp_header.h>
283 #include <netinet/tcp.h>
284 #include <netinet/udp.h>
285 
286 #ifdef IPSEC
287 #include <net/route.h>
288 #include <netipsec/ipsec.h>
289 #endif
290 
291 #include "as.h"
292 
293 #define DUMMY_PORT 10010
294 
295 #define	MAXPACKET	65535	/* max ip packet size */
296 
297 static u_char	packet[512];		/* last inbound (icmp) packet */
298 static char 	*outpacket;		/* last output packet */
299 
300 int	main(int, char *[]);
301 int	wait_for_reply(int, struct msghdr *);
302 #if defined(IPSEC) && defined(IPSEC_POLICY_IPSEC)
303 int	setpolicy(int so, char *policy);
304 #endif
305 void	send_probe(int, u_long);
306 void	*get_uphdr(struct ip6_hdr *, u_char *);
307 void	capdns_open(void);
308 int	get_hoplim(struct msghdr *);
309 double	deltaT(struct timeval *, struct timeval *);
310 const char *pr_type(int);
311 int	packet_ok(struct msghdr *, int, int, u_char *, u_char *);
312 void	print(struct msghdr *, int);
313 const char *inetname(struct sockaddr *);
314 u_int32_t sctp_crc32c(void *, u_int32_t);
315 u_int16_t in_cksum(u_int16_t *addr, int);
316 u_int16_t udp_cksum(struct sockaddr_in6 *, struct sockaddr_in6 *,
317     void *, u_int32_t);
318 u_int16_t tcp_chksum(struct sockaddr_in6 *, struct sockaddr_in6 *,
319     void *, u_int32_t);
320 void	usage(void);
321 
322 static int rcvsock;			/* receive (icmp) socket file descriptor */
323 static int sndsock;			/* send (raw/udp) socket file descriptor */
324 
325 static struct msghdr rcvmhdr;
326 static struct iovec rcviov[2];
327 static int rcvhlim;
328 static struct in6_pktinfo *rcvpktinfo;
329 
330 static struct sockaddr_in6 Src, Dst, Rcv;
331 static u_long datalen = 20;			/* How much data */
332 #define	ICMP6ECHOLEN	8
333 /* XXX: 2064 = 127(max hops in type 0 rthdr) * sizeof(ip6_hdr) + 16(margin) */
334 static char rtbuf[2064];
335 static struct ip6_rthdr *rth;
336 static struct cmsghdr *cmsg;
337 
338 static char *source = NULL;
339 static char *hostname;
340 
341 static cap_channel_t *capdns;
342 
343 static u_long nprobes = 3;
344 static u_long first_hop = 1;
345 static u_long max_hops = 30;
346 static u_int16_t srcport;
347 static u_int16_t port = 32768+666;	/* start udp dest port # for probe packets */
348 static u_int16_t ident;
349 static int tclass = -1;
350 static int options;			/* socket options */
351 static int verbose;
352 static int waittime = 5;		/* time to wait for response (in seconds) */
353 static int nflag;			/* print addresses numerically */
354 static int useproto = IPPROTO_UDP;	/* protocol to use to send packet */
355 static int lflag;			/* print both numerical address & hostname */
356 static int as_path;			/* print as numbers for each hop */
357 static char *as_server = NULL;
358 static void *asn;
359 
360 int
361 main(int argc, char *argv[])
362 {
363 	int mib[4] = { CTL_NET, PF_INET6, IPPROTO_IPV6, IPV6CTL_DEFHLIM };
364 	char hbuf[NI_MAXHOST], src0[NI_MAXHOST], *ep;
365 	int ch, i, on = 1, seq, rcvcmsglen, error;
366 	struct addrinfo hints, *res;
367 	static u_char *rcvcmsgbuf;
368 	u_long probe, hops, lport, ltclass;
369 	struct hostent *hp;
370 	size_t size, minlen;
371 	uid_t uid;
372 	u_char type, code;
373 #if defined(IPSEC) && defined(IPSEC_POLICY_IPSEC)
374 	char ipsec_inpolicy[] = "in bypass";
375 	char ipsec_outpolicy[] = "out bypass";
376 #endif
377 	cap_rights_t rights;
378 
379 	capdns_open();
380 
381 	/*
382 	 * Receive ICMP
383 	 */
384 	if ((rcvsock = socket(AF_INET6, SOCK_RAW, IPPROTO_ICMPV6)) < 0) {
385 		perror("socket(ICMPv6)");
386 		exit(5);
387 	}
388 
389 	size = sizeof(i);
390 	(void) sysctl(mib, sizeof(mib)/sizeof(mib[0]), &i, &size, NULL, 0);
391 	max_hops = i;
392 
393 	/* specify to tell receiving interface */
394 #ifdef IPV6_RECVPKTINFO
395 	if (setsockopt(rcvsock, IPPROTO_IPV6, IPV6_RECVPKTINFO, &on,
396 	    sizeof(on)) < 0)
397 		err(1, "setsockopt(IPV6_RECVPKTINFO)");
398 #else  /* old adv. API */
399 	if (setsockopt(rcvsock, IPPROTO_IPV6, IPV6_PKTINFO, &on,
400 	    sizeof(on)) < 0)
401 		err(1, "setsockopt(IPV6_PKTINFO)");
402 #endif
403 
404 	/* specify to tell value of hoplimit field of received IP6 hdr */
405 #ifdef IPV6_RECVHOPLIMIT
406 	if (setsockopt(rcvsock, IPPROTO_IPV6, IPV6_RECVHOPLIMIT, &on,
407 	    sizeof(on)) < 0)
408 		err(1, "setsockopt(IPV6_RECVHOPLIMIT)");
409 #else  /* old adv. API */
410 	if (setsockopt(rcvsock, IPPROTO_IPV6, IPV6_HOPLIMIT, &on,
411 	    sizeof(on)) < 0)
412 		err(1, "setsockopt(IPV6_HOPLIMIT)");
413 #endif
414 
415 	seq = 0;
416 	ident = htons(getpid() & 0xffff); /* same as ping6 */
417 
418 	while ((ch = getopt(argc, argv, "aA:df:g:Ilm:nNp:q:rs:St:TUvw:")) != -1)
419 		switch (ch) {
420 		case 'a':
421 			as_path = 1;
422 			break;
423 		case 'A':
424 			as_path = 1;
425 			as_server = optarg;
426 			break;
427 		case 'd':
428 			options |= SO_DEBUG;
429 			break;
430 		case 'f':
431 			ep = NULL;
432 			errno = 0;
433 			first_hop = strtoul(optarg, &ep, 0);
434 			if (errno || !*optarg || *ep || first_hop > 255) {
435 				fprintf(stderr,
436 				    "traceroute6: invalid min hoplimit.\n");
437 				exit(1);
438 			}
439 			break;
440 		case 'g':
441 			/* XXX use after capability mode is entered */
442 			hp = getipnodebyname(optarg, AF_INET6, 0, &h_errno);
443 			if (hp == NULL) {
444 				fprintf(stderr,
445 				    "traceroute6: unknown host %s\n", optarg);
446 				exit(1);
447 			}
448 			if (rth == NULL) {
449 				/*
450 				 * XXX: We can't detect the number of
451 				 * intermediate nodes yet.
452 				 */
453 				if ((rth = inet6_rth_init((void *)rtbuf,
454 				    sizeof(rtbuf), IPV6_RTHDR_TYPE_0,
455 				    0)) == NULL) {
456 					fprintf(stderr,
457 					    "inet6_rth_init failed.\n");
458 					exit(1);
459 				}
460 			}
461 			if (inet6_rth_add((void *)rth,
462 			    (struct in6_addr *)hp->h_addr)) {
463 				fprintf(stderr,
464 				    "inet6_rth_add failed for %s\n",
465 				    optarg);
466 				exit(1);
467 			}
468 			freehostent(hp);
469 			break;
470 		case 'I':
471 			useproto = IPPROTO_ICMPV6;
472 			break;
473 		case 'l':
474 			lflag++;
475 			break;
476 		case 'm':
477 			ep = NULL;
478 			errno = 0;
479 			max_hops = strtoul(optarg, &ep, 0);
480 			if (errno || !*optarg || *ep || max_hops > 255) {
481 				fprintf(stderr,
482 				    "traceroute6: invalid max hoplimit.\n");
483 				exit(1);
484 			}
485 			break;
486 		case 'n':
487 			nflag++;
488 			break;
489 		case 'N':
490 			useproto = IPPROTO_NONE;
491 			break;
492 		case 'p':
493 			ep = NULL;
494 			errno = 0;
495 			lport = strtoul(optarg, &ep, 0);
496 			if (errno || !*optarg || *ep) {
497 				fprintf(stderr, "traceroute6: invalid port.\n");
498 				exit(1);
499 			}
500 			if (lport == 0 || lport != (lport & 0xffff)) {
501 				fprintf(stderr,
502 				    "traceroute6: port out of range.\n");
503 				exit(1);
504 			}
505 			port = lport & 0xffff;
506 			break;
507 		case 'q':
508 			ep = NULL;
509 			errno = 0;
510 			nprobes = strtoul(optarg, &ep, 0);
511 			if (errno || !*optarg || *ep) {
512 				fprintf(stderr,
513 				    "traceroute6: invalid nprobes.\n");
514 				exit(1);
515 			}
516 			if (nprobes < 1) {
517 				fprintf(stderr,
518 				    "traceroute6: nprobes must be >0.\n");
519 				exit(1);
520 			}
521 			break;
522 		case 'r':
523 			options |= SO_DONTROUTE;
524 			break;
525 		case 's':
526 			/*
527 			 * set the ip source address of the outbound
528 			 * probe (e.g., on a multi-homed host).
529 			 */
530 			source = optarg;
531 			break;
532 		case 'S':
533 			useproto = IPPROTO_SCTP;
534 			break;
535 		case 't':
536 			ep = NULL;
537 			errno = 0;
538 			ltclass = strtoul(optarg, &ep, 0);
539 			if (errno || !*optarg || *ep || ltclass > 255) {
540 				fprintf(stderr,
541 				    "traceroute6: invalid traffic class.\n");
542 				exit(1);
543 			}
544 			tclass = (int)ltclass;
545 			break;
546 		case 'T':
547 			useproto = IPPROTO_TCP;
548 			break;
549 		case 'U':
550 			useproto = IPPROTO_UDP;
551 			break;
552 		case 'v':
553 			verbose++;
554 			break;
555 		case 'w':
556 			ep = NULL;
557 			errno = 0;
558 			waittime = strtoul(optarg, &ep, 0);
559 			if (errno || !*optarg || *ep) {
560 				fprintf(stderr,
561 				    "traceroute6: invalid wait time.\n");
562 				exit(1);
563 			}
564 			if (waittime < 1) {
565 				fprintf(stderr,
566 				    "traceroute6: wait must be >= 1 sec.\n");
567 				exit(1);
568 			}
569 			break;
570 		default:
571 			usage();
572 		}
573 	argc -= optind;
574 	argv += optind;
575 
576 	/*
577 	 * Open socket to send probe packets.
578 	 */
579 	switch (useproto) {
580 	case IPPROTO_ICMPV6:
581 	case IPPROTO_NONE:
582 	case IPPROTO_SCTP:
583 	case IPPROTO_TCP:
584 	case IPPROTO_UDP:
585 		if ((sndsock = socket(AF_INET6, SOCK_RAW, useproto)) < 0) {
586 			perror("socket(SOCK_RAW)");
587 			exit(5);
588 		}
589 		break;
590 	default:
591 		fprintf(stderr, "traceroute6: unknown probe protocol %d\n",
592 		    useproto);
593 		exit(5);
594 	}
595 	if (max_hops < first_hop) {
596 		fprintf(stderr,
597 		    "traceroute6: max hoplimit must be larger than first hoplimit.\n");
598 		exit(1);
599 	}
600 
601 	/* revoke privs */
602 	uid = getuid();
603 	if (setresuid(uid, uid, uid) == -1) {
604 		perror("setresuid");
605 		exit(1);
606 	}
607 
608 	if (tclass != -1) {
609 		if (setsockopt(sndsock, IPPROTO_IPV6, IPV6_TCLASS, &tclass,
610 		    sizeof(int)) == -1) {
611 			perror("setsockopt(IPV6_TCLASS)");
612 			exit(7);
613 		}
614 	}
615 
616 	if (argc < 1 || argc > 2)
617 		usage();
618 
619 #if 1
620 	setvbuf(stdout, NULL, _IOLBF, BUFSIZ);
621 #else
622 	setlinebuf(stdout);
623 #endif
624 
625 	memset(&hints, 0, sizeof(hints));
626 	hints.ai_family = PF_INET6;
627 	hints.ai_socktype = SOCK_RAW;
628 	hints.ai_protocol = IPPROTO_ICMPV6;
629 	hints.ai_flags = AI_CANONNAME;
630 
631 	error = cap_getaddrinfo(capdns, *argv, NULL, &hints, &res);
632 
633 	if (error) {
634 		fprintf(stderr,
635 		    "traceroute6: %s\n", gai_strerror(error));
636 		exit(1);
637 	}
638 	if (res->ai_addrlen != sizeof(Dst)) {
639 		fprintf(stderr,
640 		    "traceroute6: size of sockaddr mismatch\n");
641 		exit(1);
642 	}
643 	memcpy(&Dst, res->ai_addr, res->ai_addrlen);
644 	hostname = res->ai_canonname ? strdup(res->ai_canonname) : *argv;
645 	if (!hostname) {
646 		fprintf(stderr, "traceroute6: not enough core\n");
647 		exit(1);
648 	}
649 	if (res->ai_next) {
650 		if (cap_getnameinfo(capdns, res->ai_addr, res->ai_addrlen, hbuf,
651 		    sizeof(hbuf), NULL, 0, NI_NUMERICHOST) != 0)
652 			strlcpy(hbuf, "?", sizeof(hbuf));
653 		fprintf(stderr, "traceroute6: Warning: %s has multiple "
654 		    "addresses; using %s\n", hostname, hbuf);
655 	}
656 	freeaddrinfo(res);
657 	if (*++argv) {
658 		ep = NULL;
659 		errno = 0;
660 		datalen = strtoul(*argv, &ep, 0);
661 		if (errno || *ep) {
662 			fprintf(stderr,
663 			    "traceroute6: invalid packet length.\n");
664 			exit(1);
665 		}
666 	}
667 	switch (useproto) {
668 	case IPPROTO_ICMPV6:
669 		minlen = ICMP6ECHOLEN;
670 		break;
671 	case IPPROTO_UDP:
672 		minlen = sizeof(struct udphdr);
673 		break;
674 	case IPPROTO_NONE:
675 		minlen = 0;
676 		datalen = 0;
677 		break;
678 	case IPPROTO_SCTP:
679 		minlen = sizeof(struct sctphdr);
680 		break;
681 	case IPPROTO_TCP:
682 		minlen = sizeof(struct tcphdr);
683 		break;
684 	default:
685 		fprintf(stderr, "traceroute6: unknown probe protocol %d.\n",
686 		    useproto);
687 		exit(1);
688 	}
689 	if (datalen < minlen)
690 		datalen = minlen;
691 	else if (datalen >= MAXPACKET) {
692 		fprintf(stderr,
693 		    "traceroute6: packet size must be %zu <= s < %d.\n",
694 		    minlen, MAXPACKET);
695 		exit(1);
696 	}
697 	if ((useproto == IPPROTO_SCTP) && (datalen & 3)) {
698 		fprintf(stderr,
699 		    "traceroute6: packet size must be a multiple of 4.\n");
700 		exit(1);
701 	}
702 	outpacket = malloc(datalen);
703 	if (!outpacket) {
704 		perror("malloc");
705 		exit(1);
706 	}
707 	(void) bzero((char *)outpacket, datalen);
708 
709 	/* initialize msghdr for receiving packets */
710 	rcviov[0].iov_base = (caddr_t)packet;
711 	rcviov[0].iov_len = sizeof(packet);
712 	rcvmhdr.msg_name = (caddr_t)&Rcv;
713 	rcvmhdr.msg_namelen = sizeof(Rcv);
714 	rcvmhdr.msg_iov = rcviov;
715 	rcvmhdr.msg_iovlen = 1;
716 	rcvcmsglen = CMSG_SPACE(sizeof(struct in6_pktinfo)) +
717 	    CMSG_SPACE(sizeof(int));
718 	if ((rcvcmsgbuf = malloc(rcvcmsglen)) == NULL) {
719 		fprintf(stderr, "traceroute6: malloc failed\n");
720 		exit(1);
721 	}
722 	rcvmhdr.msg_control = (caddr_t) rcvcmsgbuf;
723 	rcvmhdr.msg_controllen = rcvcmsglen;
724 
725 	if (options & SO_DEBUG)
726 		(void) setsockopt(rcvsock, SOL_SOCKET, SO_DEBUG,
727 		    (char *)&on, sizeof(on));
728 	if (options & SO_DONTROUTE)
729 		(void) setsockopt(rcvsock, SOL_SOCKET, SO_DONTROUTE,
730 		    (char *)&on, sizeof(on));
731 #if defined(IPSEC) && defined(IPSEC_POLICY_IPSEC)
732 	/*
733 	 * do not raise error even if setsockopt fails, kernel may have ipsec
734 	 * turned off.
735 	 */
736 	if (setpolicy(rcvsock, ipsec_inpolicy) < 0)
737 		errx(1, "%s", ipsec_strerror());
738 	if (setpolicy(rcvsock, ipsec_outpolicy) < 0)
739 		errx(1, "%s", ipsec_strerror());
740 #else
741     {
742 	int level = IPSEC_LEVEL_NONE;
743 
744 	(void)setsockopt(rcvsock, IPPROTO_IPV6, IPV6_ESP_TRANS_LEVEL, &level,
745 	    sizeof(level));
746 	(void)setsockopt(rcvsock, IPPROTO_IPV6, IPV6_ESP_NETWORK_LEVEL, &level,
747 	    sizeof(level));
748 #ifdef IP_AUTH_TRANS_LEVEL
749 	(void)setsockopt(rcvsock, IPPROTO_IPV6, IPV6_AUTH_TRANS_LEVEL, &level,
750 	    sizeof(level));
751 #else
752 	(void)setsockopt(rcvsock, IPPROTO_IPV6, IPV6_AUTH_LEVEL, &level,
753 	    sizeof(level));
754 #endif
755 #ifdef IP_AUTH_NETWORK_LEVEL
756 	(void)setsockopt(rcvsock, IPPROTO_IPV6, IPV6_AUTH_NETWORK_LEVEL, &level,
757 	    sizeof(level));
758 #endif
759     }
760 #endif /* !(IPSEC && IPSEC_POLICY_IPSEC) */
761 
762 #ifdef SO_SNDBUF
763 	i = datalen;
764 	if (i == 0)
765 		i = 1;
766 	if (setsockopt(sndsock, SOL_SOCKET, SO_SNDBUF, (char *)&i,
767 	    sizeof(i)) < 0) {
768 		perror("setsockopt(SO_SNDBUF)");
769 		exit(6);
770 	}
771 #endif /* SO_SNDBUF */
772 	if (options & SO_DEBUG)
773 		(void) setsockopt(sndsock, SOL_SOCKET, SO_DEBUG,
774 		    (char *)&on, sizeof(on));
775 	if (options & SO_DONTROUTE)
776 		(void) setsockopt(sndsock, SOL_SOCKET, SO_DONTROUTE,
777 		    (char *)&on, sizeof(on));
778 	if (rth) {/* XXX: there is no library to finalize the header... */
779 		rth->ip6r_len = rth->ip6r_segleft * 2;
780 		if (setsockopt(sndsock, IPPROTO_IPV6, IPV6_RTHDR,
781 		    (void *)rth, (rth->ip6r_len + 1) << 3)) {
782 			fprintf(stderr, "setsockopt(IPV6_RTHDR): %s\n",
783 			    strerror(errno));
784 			exit(1);
785 		}
786 	}
787 #if defined(IPSEC) && defined(IPSEC_POLICY_IPSEC)
788 	/*
789 	 * do not raise error even if setsockopt fails, kernel may have ipsec
790 	 * turned off.
791 	 */
792 	if (setpolicy(sndsock, ipsec_inpolicy) < 0)
793 		errx(1, "%s", ipsec_strerror());
794 	if (setpolicy(sndsock, ipsec_outpolicy) < 0)
795 		errx(1, "%s", ipsec_strerror());
796 #else
797     {
798 	int level = IPSEC_LEVEL_BYPASS;
799 
800 	(void)setsockopt(sndsock, IPPROTO_IPV6, IPV6_ESP_TRANS_LEVEL, &level,
801 	    sizeof(level));
802 	(void)setsockopt(sndsock, IPPROTO_IPV6, IPV6_ESP_NETWORK_LEVEL, &level,
803 	    sizeof(level));
804 #ifdef IP_AUTH_TRANS_LEVEL
805 	(void)setsockopt(sndsock, IPPROTO_IPV6, IPV6_AUTH_TRANS_LEVEL, &level,
806 	    sizeof(level));
807 #else
808 	(void)setsockopt(sndsock, IPPROTO_IPV6, IPV6_AUTH_LEVEL, &level,
809 	    sizeof(level));
810 #endif
811 #ifdef IP_AUTH_NETWORK_LEVEL
812 	(void)setsockopt(sndsock, IPPROTO_IPV6, IPV6_AUTH_NETWORK_LEVEL, &level,
813 	    sizeof(level));
814 #endif
815     }
816 #endif /* !(IPSEC && IPSEC_POLICY_IPSEC) */
817 
818 	/*
819 	 * Source selection
820 	 */
821 	bzero(&Src, sizeof(Src));
822 	if (source) {
823 		memset(&hints, 0, sizeof(hints));
824 		hints.ai_family = AF_INET6;
825 		hints.ai_socktype = SOCK_DGRAM;	/*dummy*/
826 		hints.ai_flags = AI_NUMERICHOST;
827 		error = cap_getaddrinfo(capdns, source, "0", &hints, &res);
828 		if (error) {
829 			printf("traceroute6: %s: %s\n", source,
830 			    gai_strerror(error));
831 			exit(1);
832 		}
833 		if (res->ai_addrlen > sizeof(Src)) {
834 			printf("traceroute6: %s: %s\n", source,
835 			    gai_strerror(error));
836 			exit(1);
837 		}
838 		memcpy(&Src, res->ai_addr, res->ai_addrlen);
839 		freeaddrinfo(res);
840 	} else {
841 		struct sockaddr_in6 Nxt;
842 		int dummy;
843 		socklen_t len;
844 
845 		Nxt = Dst;
846 		Nxt.sin6_port = htons(DUMMY_PORT);
847 		if (cmsg != NULL)
848 			bcopy(inet6_rthdr_getaddr(cmsg, 1), &Nxt.sin6_addr,
849 			    sizeof(Nxt.sin6_addr));
850 		if ((dummy = socket(AF_INET6, SOCK_DGRAM, 0)) < 0) {
851 			perror("socket");
852 			exit(1);
853 		}
854 		if (connect(dummy, (struct sockaddr *)&Nxt, Nxt.sin6_len) < 0) {
855 			perror("connect");
856 			exit(1);
857 		}
858 		len = sizeof(Src);
859 		if (getsockname(dummy, (struct sockaddr *)&Src, &len) < 0) {
860 			perror("getsockname");
861 			exit(1);
862 		}
863 		if (cap_getnameinfo(capdns, (struct sockaddr *)&Src, Src.sin6_len,
864 		    src0, sizeof(src0), NULL, 0, NI_NUMERICHOST)) {
865 			fprintf(stderr, "getnameinfo failed for source\n");
866 			exit(1);
867 		}
868 		source = src0;
869 		close(dummy);
870 	}
871 
872 	Src.sin6_port = htons(0);
873 	if (bind(sndsock, (struct sockaddr *)&Src, Src.sin6_len) < 0) {
874 		perror("bind");
875 		exit(1);
876 	}
877 
878 	{
879 		socklen_t len;
880 
881 		len = sizeof(Src);
882 		if (getsockname(sndsock, (struct sockaddr *)&Src, &len) < 0) {
883 			perror("getsockname");
884 			exit(1);
885 		}
886 		srcport = ntohs(Src.sin6_port);
887 	}
888 
889 	if (as_path) {
890 		asn = as_setup(as_server);
891 		if (asn == NULL) {
892 			fprintf(stderr,
893 			    "traceroute6: as_setup failed, AS# lookups"
894 			    " disabled\n");
895 			(void)fflush(stderr);
896 			as_path = 0;
897 		}
898 	}
899 
900 	/*
901 	 * Message to users
902 	 */
903 	if (cap_getnameinfo(capdns, (struct sockaddr *)&Dst, Dst.sin6_len, hbuf,
904 	    sizeof(hbuf), NULL, 0, NI_NUMERICHOST))
905 		strlcpy(hbuf, "(invalid)", sizeof(hbuf));
906 	fprintf(stderr, "traceroute6");
907 	fprintf(stderr, " to %s (%s)", hostname, hbuf);
908 	if (source)
909 		fprintf(stderr, " from %s", source);
910 	fprintf(stderr, ", %lu hops max, %lu byte packets\n",
911 	    max_hops,
912 	    datalen + ((useproto == IPPROTO_UDP) ? sizeof(struct udphdr) : 0));
913 	(void) fflush(stderr);
914 
915 	if (first_hop > 1)
916 		printf("Skipping %lu intermediate hops\n", first_hop - 1);
917 
918 	if (connect(sndsock, (struct sockaddr *)&Dst,
919 	    sizeof(Dst)) != 0) {
920 		fprintf(stderr, "connect: %s\n", strerror(errno));
921 		exit(1);
922 	}
923 
924 	/*
925 	 * Here we enter capability mode. Further down access to global
926 	 * namespaces (e.g filesystem) is restricted (see capsicum(4)).
927 	 * We must connect(2) our socket before this point.
928 	 */
929 	if (caph_enter_casper() < 0) {
930 		fprintf(stderr, "caph_enter_casper: %s\n", strerror(errno));
931 		exit(1);
932 	}
933 
934 	cap_rights_init(&rights, CAP_SEND, CAP_SETSOCKOPT);
935 	if (caph_rights_limit(sndsock, &rights) < 0) {
936 		fprintf(stderr, "caph_rights_limit sndsock: %s\n",
937 		    strerror(errno));
938 		exit(1);
939 	}
940 	cap_rights_init(&rights, CAP_RECV);
941 	if (caph_rights_limit(rcvsock, &rights) < 0) {
942 		fprintf(stderr, "caph_rights_limit rcvsock: %s\n",
943 		    strerror(errno));
944 		exit(1);
945 	}
946 
947 	/*
948 	 * Main loop
949 	 */
950 	for (hops = first_hop; hops <= max_hops; ++hops) {
951 		struct in6_addr lastaddr;
952 		int got_there = 0;
953 		unsigned unreachable = 0;
954 
955 		printf("%2lu ", hops);
956 		bzero(&lastaddr, sizeof(lastaddr));
957 		for (probe = 0; probe < nprobes; ++probe) {
958 			int cc;
959 			struct timeval t1, t2;
960 
961 			(void) gettimeofday(&t1, NULL);
962 			send_probe(++seq, hops);
963 			while ((cc = wait_for_reply(rcvsock, &rcvmhdr))) {
964 				(void) gettimeofday(&t2, NULL);
965 				if (packet_ok(&rcvmhdr, cc, seq, &type, &code)) {
966 					if (!IN6_ARE_ADDR_EQUAL(&Rcv.sin6_addr,
967 					    &lastaddr)) {
968 						if (probe > 0)
969 							fputs("\n   ", stdout);
970 						print(&rcvmhdr, cc);
971 						lastaddr = Rcv.sin6_addr;
972 					}
973 					printf("  %.3f ms", deltaT(&t1, &t2));
974 					if (type == ICMP6_DST_UNREACH) {
975 						switch (code) {
976 						case ICMP6_DST_UNREACH_NOROUTE:
977 							++unreachable;
978 							printf(" !N");
979 							break;
980 						case ICMP6_DST_UNREACH_ADMIN:
981 							++unreachable;
982 							printf(" !P");
983 							break;
984 						case ICMP6_DST_UNREACH_NOTNEIGHBOR:
985 							++unreachable;
986 							printf(" !S");
987 							break;
988 						case ICMP6_DST_UNREACH_ADDR:
989 							++unreachable;
990 							printf(" !A");
991 							break;
992 						case ICMP6_DST_UNREACH_NOPORT:
993 							if (rcvhlim >= 0 &&
994 							    rcvhlim <= 1)
995 								printf(" !");
996 							++got_there;
997 							break;
998 						}
999 					} else if (type == ICMP6_PARAM_PROB &&
1000 					    code == ICMP6_PARAMPROB_NEXTHEADER) {
1001 						printf(" !H");
1002 						++got_there;
1003 					} else if (type == ICMP6_ECHO_REPLY) {
1004 						if (rcvhlim >= 0 &&
1005 						    rcvhlim <= 1)
1006 							printf(" !");
1007 						++got_there;
1008 					}
1009 					break;
1010 				} else if (deltaT(&t1, &t2) > waittime * 1000) {
1011 					cc = 0;
1012 					break;
1013 				}
1014 			}
1015 			if (cc == 0)
1016 				printf(" *");
1017 			(void) fflush(stdout);
1018 		}
1019 		putchar('\n');
1020 		if (got_there ||
1021 		    (unreachable > 0 && unreachable >= ((nprobes + 1) / 2))) {
1022 			exit(0);
1023 		}
1024 	}
1025 	if (as_path)
1026 		as_shutdown(asn);
1027 
1028 	exit(0);
1029 }
1030 
1031 int
1032 wait_for_reply(int sock, struct msghdr *mhdr)
1033 {
1034 #ifdef HAVE_POLL
1035 	struct pollfd pfd[1];
1036 	int cc = 0;
1037 
1038 	pfd[0].fd = sock;
1039 	pfd[0].events = POLLIN;
1040 	pfd[0].revents = 0;
1041 
1042 	if (poll(pfd, 1, waittime * 1000) > 0)
1043 		cc = recvmsg(rcvsock, mhdr, 0);
1044 
1045 	return (cc);
1046 #else
1047 	fd_set *fdsp;
1048 	struct timeval wait;
1049 	int cc = 0, fdsn;
1050 
1051 	fdsn = howmany(sock + 1, NFDBITS) * sizeof(fd_mask);
1052 	if ((fdsp = (fd_set *)malloc(fdsn)) == NULL)
1053 		err(1, "malloc");
1054 	memset(fdsp, 0, fdsn);
1055 	FD_SET(sock, fdsp);
1056 	wait.tv_sec = waittime; wait.tv_usec = 0;
1057 
1058 	if (select(sock+1, fdsp, (fd_set *)0, (fd_set *)0, &wait) > 0)
1059 		cc = recvmsg(rcvsock, mhdr, 0);
1060 
1061 	free(fdsp);
1062 	return (cc);
1063 #endif
1064 }
1065 
1066 #if defined(IPSEC) && defined(IPSEC_POLICY_IPSEC)
1067 int
1068 setpolicy(int so, char *policy)
1069 {
1070 	char *buf;
1071 
1072 	buf = ipsec_set_policy(policy, strlen(policy));
1073 	if (buf == NULL) {
1074 		warnx("%s", ipsec_strerror());
1075 		return -1;
1076 	}
1077 	(void)setsockopt(so, IPPROTO_IPV6, IPV6_IPSEC_POLICY,
1078 	    buf, ipsec_get_policylen(buf));
1079 
1080 	free(buf);
1081 
1082 	return 0;
1083 }
1084 #endif
1085 
1086 void
1087 send_probe(int seq, u_long hops)
1088 {
1089 	struct icmp6_hdr *icp;
1090 	struct sctphdr *sctp;
1091 	struct udphdr *outudp;
1092 	struct sctp_chunkhdr *chk;
1093 	struct sctp_init_chunk *init;
1094 	struct sctp_paramhdr *param;
1095 	struct tcphdr *tcp;
1096 	int i;
1097 
1098 	i = hops;
1099 	if (setsockopt(sndsock, IPPROTO_IPV6, IPV6_UNICAST_HOPS,
1100 	    (char *)&i, sizeof(i)) < 0) {
1101 		perror("setsockopt IPV6_UNICAST_HOPS");
1102 	}
1103 
1104 	Dst.sin6_port = htons(port + seq);
1105 
1106 	switch (useproto) {
1107 	case IPPROTO_ICMPV6:
1108 		icp = (struct icmp6_hdr *)outpacket;
1109 
1110 		icp->icmp6_type = ICMP6_ECHO_REQUEST;
1111 		icp->icmp6_code = 0;
1112 		icp->icmp6_cksum = 0;
1113 		icp->icmp6_id = ident;
1114 		icp->icmp6_seq = htons(seq);
1115 		break;
1116 	case IPPROTO_UDP:
1117 		outudp = (struct udphdr *) outpacket;
1118 		outudp->uh_sport = htons(ident);
1119 		outudp->uh_dport = htons(port+seq);
1120 		outudp->uh_ulen = htons(datalen);
1121 		outudp->uh_sum = 0;
1122 		outudp->uh_sum = udp_cksum(&Src, &Dst, outpacket, datalen);
1123 		break;
1124 	case IPPROTO_NONE:
1125 		/* No space for anything. No harm as seq/tv32 are decorative. */
1126 		break;
1127 	case IPPROTO_SCTP:
1128 		sctp = (struct sctphdr *)outpacket;
1129 
1130 		sctp->src_port = htons(ident);
1131 		sctp->dest_port = htons(port + seq);
1132 		if (datalen >= (u_long)(sizeof(struct sctphdr) +
1133 		    sizeof(struct sctp_init_chunk))) {
1134 			sctp->v_tag = 0;
1135 		} else {
1136 			sctp->v_tag = (sctp->src_port << 16) | sctp->dest_port;
1137 		}
1138 		sctp->checksum = htonl(0);
1139 		if (datalen >= (u_long)(sizeof(struct sctphdr) +
1140 		    sizeof(struct sctp_init_chunk))) {
1141 			/*
1142 			 * Send a packet containing an INIT chunk. This works
1143 			 * better in case of firewalls on the path, but
1144 			 * results in a probe packet containing at least
1145 			 * 32 bytes of payload. For shorter payloads, use
1146 			 * SHUTDOWN-ACK chunks.
1147 			 */
1148 			init = (struct sctp_init_chunk *)(sctp + 1);
1149 			init->ch.chunk_type = SCTP_INITIATION;
1150 			init->ch.chunk_flags = 0;
1151 			init->ch.chunk_length = htons((u_int16_t)(datalen -
1152 			    sizeof(struct sctphdr)));
1153 			init->init.initiate_tag = (sctp->src_port << 16) |
1154 			    sctp->dest_port;
1155 			init->init.a_rwnd = htonl(1500);
1156 			init->init.num_outbound_streams = htons(1);
1157 			init->init.num_inbound_streams = htons(1);
1158 			init->init.initial_tsn = htonl(0);
1159 			if (datalen >= (u_long)(sizeof(struct sctphdr) +
1160 			    sizeof(struct sctp_init_chunk) +
1161 			    sizeof(struct sctp_paramhdr))) {
1162 				param = (struct sctp_paramhdr *)(init + 1);
1163 				param->param_type = htons(SCTP_PAD);
1164 				param->param_length =
1165 				    htons((u_int16_t)(datalen -
1166 				    sizeof(struct sctphdr) -
1167 				    sizeof(struct sctp_init_chunk)));
1168 			}
1169 		} else {
1170 			/*
1171 			 * Send a packet containing a SHUTDOWN-ACK chunk,
1172 			 * possibly followed by a PAD chunk.
1173 			 */
1174 			if (datalen >= (u_long)(sizeof(struct sctphdr) +
1175 			    sizeof(struct sctp_chunkhdr))) {
1176 				chk = (struct sctp_chunkhdr *)(sctp + 1);
1177 				chk->chunk_type = SCTP_SHUTDOWN_ACK;
1178 				chk->chunk_flags = 0;
1179 				chk->chunk_length = htons(4);
1180 			}
1181 			if (datalen >= (u_long)(sizeof(struct sctphdr) +
1182 			    2 * sizeof(struct sctp_chunkhdr))) {
1183 				chk = chk + 1;
1184 				chk->chunk_type = SCTP_PAD_CHUNK;
1185 				chk->chunk_flags = 0;
1186 				chk->chunk_length = htons((u_int16_t)(datalen -
1187 				    sizeof(struct sctphdr) -
1188 				    sizeof(struct sctp_chunkhdr)));
1189 			}
1190 		}
1191 		sctp->checksum = sctp_crc32c(outpacket, datalen);
1192 		break;
1193 	case IPPROTO_TCP:
1194 		tcp = (struct tcphdr *)outpacket;
1195 
1196 		tcp->th_sport = htons(ident);
1197 		tcp->th_dport = htons(port + seq);
1198 		tcp->th_seq = (tcp->th_sport << 16) | tcp->th_dport;
1199 		tcp->th_ack = 0;
1200 		tcp->th_off = 5;
1201 		tcp->th_flags = TH_SYN;
1202 		tcp->th_sum = 0;
1203 		tcp->th_sum = tcp_chksum(&Src, &Dst, outpacket, datalen);
1204 		break;
1205 	default:
1206 		fprintf(stderr, "Unknown probe protocol %d.\n", useproto);
1207 		exit(1);
1208 	}
1209 
1210 	i = send(sndsock, (char *)outpacket, datalen, 0);
1211 	if (i < 0 || (u_long)i != datalen)  {
1212 		if (i < 0)
1213 			perror("send");
1214 		printf("traceroute6: wrote %s %lu chars, ret=%d\n",
1215 		    hostname, datalen, i);
1216 		(void) fflush(stdout);
1217 	}
1218 }
1219 
1220 int
1221 get_hoplim(struct msghdr *mhdr)
1222 {
1223 	struct cmsghdr *cm;
1224 
1225 	for (cm = (struct cmsghdr *)CMSG_FIRSTHDR(mhdr); cm;
1226 	    cm = (struct cmsghdr *)CMSG_NXTHDR(mhdr, cm)) {
1227 		if (cm->cmsg_level == IPPROTO_IPV6 &&
1228 		    cm->cmsg_type == IPV6_HOPLIMIT &&
1229 		    cm->cmsg_len == CMSG_LEN(sizeof(int)))
1230 			return (*(int *)CMSG_DATA(cm));
1231 	}
1232 
1233 	return (-1);
1234 }
1235 
1236 double
1237 deltaT(struct timeval *t1p, struct timeval *t2p)
1238 {
1239 	double dt;
1240 
1241 	dt = (double)(t2p->tv_sec - t1p->tv_sec) * 1000.0 +
1242 	    (double)(t2p->tv_usec - t1p->tv_usec) / 1000.0;
1243 	return (dt);
1244 }
1245 
1246 /*
1247  * Convert an ICMP "type" field to a printable string.
1248  */
1249 const char *
1250 pr_type(int t0)
1251 {
1252 	u_char t = t0 & 0xff;
1253 	const char *cp;
1254 
1255 	switch (t) {
1256 	case ICMP6_DST_UNREACH:
1257 		cp = "Destination Unreachable";
1258 		break;
1259 	case ICMP6_PACKET_TOO_BIG:
1260 		cp = "Packet Too Big";
1261 		break;
1262 	case ICMP6_TIME_EXCEEDED:
1263 		cp = "Time Exceeded";
1264 		break;
1265 	case ICMP6_PARAM_PROB:
1266 		cp = "Parameter Problem";
1267 		break;
1268 	case ICMP6_ECHO_REQUEST:
1269 		cp = "Echo Request";
1270 		break;
1271 	case ICMP6_ECHO_REPLY:
1272 		cp = "Echo Reply";
1273 		break;
1274 	case ICMP6_MEMBERSHIP_QUERY:
1275 		cp = "Group Membership Query";
1276 		break;
1277 	case ICMP6_MEMBERSHIP_REPORT:
1278 		cp = "Group Membership Report";
1279 		break;
1280 	case ICMP6_MEMBERSHIP_REDUCTION:
1281 		cp = "Group Membership Reduction";
1282 		break;
1283 	case ND_ROUTER_SOLICIT:
1284 		cp = "Router Solicitation";
1285 		break;
1286 	case ND_ROUTER_ADVERT:
1287 		cp = "Router Advertisement";
1288 		break;
1289 	case ND_NEIGHBOR_SOLICIT:
1290 		cp = "Neighbor Solicitation";
1291 		break;
1292 	case ND_NEIGHBOR_ADVERT:
1293 		cp = "Neighbor Advertisement";
1294 		break;
1295 	case ND_REDIRECT:
1296 		cp = "Redirect";
1297 		break;
1298 	default:
1299 		cp = "Unknown";
1300 		break;
1301 	}
1302 	return cp;
1303 }
1304 
1305 int
1306 packet_ok(struct msghdr *mhdr, int cc, int seq, u_char *type, u_char *code)
1307 {
1308 	struct icmp6_hdr *icp;
1309 	struct sockaddr_in6 *from = (struct sockaddr_in6 *)mhdr->msg_name;
1310 	char *buf = (char *)mhdr->msg_iov[0].iov_base;
1311 	struct cmsghdr *cm;
1312 	int *hlimp;
1313 	char hbuf[NI_MAXHOST];
1314 
1315 #ifdef OLDRAWSOCKET
1316 	int hlen;
1317 	struct ip6_hdr *ip;
1318 #endif
1319 
1320 #ifdef OLDRAWSOCKET
1321 	ip = (struct ip6_hdr *) buf;
1322 	hlen = sizeof(struct ip6_hdr);
1323 	if (cc < hlen + sizeof(struct icmp6_hdr)) {
1324 		if (verbose) {
1325 			if (cap_getnameinfo(capdns, (struct sockaddr *)from, from->sin6_len,
1326 			    hbuf, sizeof(hbuf), NULL, 0, NI_NUMERICHOST) != 0)
1327 				strlcpy(hbuf, "invalid", sizeof(hbuf));
1328 			printf("packet too short (%d bytes) from %s\n", cc,
1329 			    hbuf);
1330 		}
1331 		return (0);
1332 	}
1333 	cc -= hlen;
1334 	icp = (struct icmp6_hdr *)(buf + hlen);
1335 #else
1336 	if (cc < (int)sizeof(struct icmp6_hdr)) {
1337 		if (verbose) {
1338 			if (cap_getnameinfo(capdns, (struct sockaddr *)from, from->sin6_len,
1339 			    hbuf, sizeof(hbuf), NULL, 0, NI_NUMERICHOST) != 0)
1340 				strlcpy(hbuf, "invalid", sizeof(hbuf));
1341 			printf("data too short (%d bytes) from %s\n", cc, hbuf);
1342 		}
1343 		return (0);
1344 	}
1345 	icp = (struct icmp6_hdr *)buf;
1346 #endif
1347 	/* get optional information via advanced API */
1348 	rcvpktinfo = NULL;
1349 	hlimp = NULL;
1350 	for (cm = (struct cmsghdr *)CMSG_FIRSTHDR(mhdr); cm;
1351 	    cm = (struct cmsghdr *)CMSG_NXTHDR(mhdr, cm)) {
1352 		if (cm->cmsg_level == IPPROTO_IPV6 &&
1353 		    cm->cmsg_type == IPV6_PKTINFO &&
1354 		    cm->cmsg_len ==
1355 		    CMSG_LEN(sizeof(struct in6_pktinfo)))
1356 			rcvpktinfo = (struct in6_pktinfo *)(CMSG_DATA(cm));
1357 
1358 		if (cm->cmsg_level == IPPROTO_IPV6 &&
1359 		    cm->cmsg_type == IPV6_HOPLIMIT &&
1360 		    cm->cmsg_len == CMSG_LEN(sizeof(int)))
1361 			hlimp = (int *)CMSG_DATA(cm);
1362 	}
1363 	if (rcvpktinfo == NULL || hlimp == NULL) {
1364 		warnx("failed to get received hop limit or packet info");
1365 #if 0
1366 		return (0);
1367 #else
1368 		rcvhlim = 0;	/*XXX*/
1369 #endif
1370 	}
1371 	else
1372 		rcvhlim = *hlimp;
1373 
1374 	*type = icp->icmp6_type;
1375 	*code = icp->icmp6_code;
1376 	if ((*type == ICMP6_TIME_EXCEEDED &&
1377 	    *code == ICMP6_TIME_EXCEED_TRANSIT) ||
1378 	    (*type == ICMP6_DST_UNREACH) ||
1379 	    (*type == ICMP6_PARAM_PROB &&
1380 	    *code == ICMP6_PARAMPROB_NEXTHEADER)) {
1381 		struct ip6_hdr *hip;
1382 		struct icmp6_hdr *icmp;
1383 		struct sctp_init_chunk *init;
1384 		struct sctphdr *sctp;
1385 		struct tcphdr *tcp;
1386 		struct udphdr *udp;
1387 		void *up;
1388 
1389 		hip = (struct ip6_hdr *)(icp + 1);
1390 		if ((up = get_uphdr(hip, (u_char *)(buf + cc))) == NULL) {
1391 			if (verbose)
1392 				warnx("failed to get upper layer header");
1393 			return (0);
1394 		}
1395 		switch (useproto) {
1396 		case IPPROTO_ICMPV6:
1397 			icmp = (struct icmp6_hdr *)up;
1398 			if (icmp->icmp6_id == ident &&
1399 			    icmp->icmp6_seq == htons(seq))
1400 				return (1);
1401 			break;
1402 		case IPPROTO_UDP:
1403 			udp = (struct udphdr *)up;
1404 			if (udp->uh_sport == htons(ident) &&
1405 			    udp->uh_dport == htons(port + seq))
1406 				return (1);
1407 			break;
1408 		case IPPROTO_SCTP:
1409 			sctp = (struct sctphdr *)up;
1410 			if (sctp->src_port != htons(ident) ||
1411 			    sctp->dest_port != htons(port + seq)) {
1412 				break;
1413 			}
1414 			if (datalen >= (u_long)(sizeof(struct sctphdr) +
1415 			    sizeof(struct sctp_init_chunk))) {
1416 				if (sctp->v_tag != 0) {
1417 					break;
1418 				}
1419 				init = (struct sctp_init_chunk *)(sctp + 1);
1420 				/* Check the initiate tag, if available. */
1421 				if ((char *)&init->init.a_rwnd > buf + cc) {
1422 					return (1);
1423 				}
1424 				if (init->init.initiate_tag == (u_int32_t)
1425 				    ((sctp->src_port << 16) | sctp->dest_port)) {
1426 					return (1);
1427 				}
1428 			} else {
1429 				if (sctp->v_tag ==
1430 				    (u_int32_t)((sctp->src_port << 16) |
1431 				    sctp->dest_port)) {
1432 					return (1);
1433 				}
1434 			}
1435 			break;
1436 		case IPPROTO_TCP:
1437 			tcp = (struct tcphdr *)up;
1438 			if (tcp->th_sport == htons(ident) &&
1439 			    tcp->th_dport == htons(port + seq) &&
1440 			    tcp->th_seq ==
1441 			    (tcp_seq)((tcp->th_sport << 16) | tcp->th_dport))
1442 				return (1);
1443 			break;
1444 		case IPPROTO_NONE:
1445 			return (1);
1446 		default:
1447 			fprintf(stderr, "Unknown probe proto %d.\n", useproto);
1448 			break;
1449 		}
1450 	} else if (useproto == IPPROTO_ICMPV6 && *type == ICMP6_ECHO_REPLY) {
1451 		if (icp->icmp6_id == ident &&
1452 		    icp->icmp6_seq == htons(seq))
1453 			return (1);
1454 	}
1455 	if (verbose) {
1456 		char sbuf[NI_MAXHOST+1], dbuf[INET6_ADDRSTRLEN];
1457 		u_int8_t *p;
1458 		int i;
1459 
1460 		if (cap_getnameinfo(capdns, (struct sockaddr *)from, from->sin6_len,
1461 		    sbuf, sizeof(sbuf), NULL, 0, NI_NUMERICHOST) != 0)
1462 			strlcpy(sbuf, "invalid", sizeof(sbuf));
1463 		printf("\n%d bytes from %s to %s", cc, sbuf,
1464 		    rcvpktinfo ? inet_ntop(AF_INET6, &rcvpktinfo->ipi6_addr,
1465 		    dbuf, sizeof(dbuf)) : "?");
1466 		printf(": icmp type %d (%s) code %d\n", *type, pr_type(*type),
1467 		    *code);
1468 		p = (u_int8_t *)(icp + 1);
1469 #define WIDTH	16
1470 		for (i = 0; i < cc; i++) {
1471 			if (i % WIDTH == 0)
1472 				printf("%04x:", i);
1473 			if (i % 4 == 0)
1474 				printf(" ");
1475 			printf("%02x", p[i]);
1476 			if (i % WIDTH == WIDTH - 1)
1477 				printf("\n");
1478 		}
1479 		if (cc % WIDTH != 0)
1480 			printf("\n");
1481 	}
1482 	return (0);
1483 }
1484 
1485 /*
1486  * Increment pointer until find the UDP or ICMP header.
1487  */
1488 void *
1489 get_uphdr(struct ip6_hdr *ip6, u_char *lim)
1490 {
1491 	u_char *cp = (u_char *)ip6, nh;
1492 	int hlen;
1493 	static u_char none_hdr[1]; /* Fake pointer for IPPROTO_NONE. */
1494 
1495 	if (cp + sizeof(*ip6) > lim)
1496 		return (NULL);
1497 
1498 	nh = ip6->ip6_nxt;
1499 	cp += sizeof(struct ip6_hdr);
1500 
1501 	while (lim - cp >= (nh == IPPROTO_NONE ? 0 : 8)) {
1502 		switch (nh) {
1503 		case IPPROTO_ESP:
1504 			return (NULL);
1505 		case IPPROTO_ICMPV6:
1506 			return (useproto == nh ? cp : NULL);
1507 		case IPPROTO_SCTP:
1508 		case IPPROTO_TCP:
1509 		case IPPROTO_UDP:
1510 			return (useproto == nh ? cp : NULL);
1511 		case IPPROTO_NONE:
1512 			return (useproto == nh ? none_hdr : NULL);
1513 		case IPPROTO_FRAGMENT:
1514 			hlen = sizeof(struct ip6_frag);
1515 			nh = ((struct ip6_frag *)cp)->ip6f_nxt;
1516 			break;
1517 		case IPPROTO_AH:
1518 			hlen = (((struct ip6_ext *)cp)->ip6e_len + 2) << 2;
1519 			nh = ((struct ip6_ext *)cp)->ip6e_nxt;
1520 			break;
1521 		default:
1522 			hlen = (((struct ip6_ext *)cp)->ip6e_len + 1) << 3;
1523 			nh = ((struct ip6_ext *)cp)->ip6e_nxt;
1524 			break;
1525 		}
1526 
1527 		cp += hlen;
1528 	}
1529 
1530 	return (NULL);
1531 }
1532 
1533 void
1534 capdns_open(void)
1535 {
1536 #ifdef	WITH_CASPER
1537 	const char *types[] = { "NAME", "ADDR" };
1538 	int families[1];
1539 	cap_channel_t *casper;
1540 
1541 	casper = cap_init();
1542 	if (casper == NULL)
1543 		errx(1, "unable to create casper process");
1544 	capdns = cap_service_open(casper, "system.dns");
1545 	if (capdns == NULL)
1546 		errx(1, "unable to open system.dns service");
1547 	if (cap_dns_type_limit(capdns, types, nitems(types)) < 0)
1548 		errx(1, "unable to limit access to system.dns service");
1549 	families[0] = AF_INET6;
1550 	if (cap_dns_family_limit(capdns, families, nitems(families)) < 0)
1551 		errx(1, "unable to limit access to system.dns service");
1552 	cap_close(casper);
1553 #endif	/* WITH_CASPER */
1554 }
1555 
1556 void
1557 print(struct msghdr *mhdr, int cc)
1558 {
1559 	struct sockaddr_in6 *from = (struct sockaddr_in6 *)mhdr->msg_name;
1560 	char hbuf[NI_MAXHOST];
1561 
1562 	if (cap_getnameinfo(capdns, (struct sockaddr *)from, from->sin6_len,
1563 	    hbuf, sizeof(hbuf), NULL, 0, NI_NUMERICHOST) != 0)
1564 		strlcpy(hbuf, "invalid", sizeof(hbuf));
1565 	if (as_path)
1566 		printf(" [AS%u]", as_lookup(asn, hbuf, AF_INET6));
1567 	if (nflag)
1568 		printf(" %s", hbuf);
1569 	else if (lflag)
1570 		printf(" %s (%s)", inetname((struct sockaddr *)from), hbuf);
1571 	else
1572 		printf(" %s", inetname((struct sockaddr *)from));
1573 
1574 	if (verbose) {
1575 #ifdef OLDRAWSOCKET
1576 		printf(" %d bytes to %s", cc,
1577 		    rcvpktinfo ? inet_ntop(AF_INET6, &rcvpktinfo->ipi6_addr,
1578 		    hbuf, sizeof(hbuf)) : "?");
1579 #else
1580 		printf(" %d bytes of data to %s", cc,
1581 		    rcvpktinfo ?  inet_ntop(AF_INET6, &rcvpktinfo->ipi6_addr,
1582 		    hbuf, sizeof(hbuf)) : "?");
1583 #endif
1584 	}
1585 }
1586 
1587 /*
1588  * Construct an Internet address representation.
1589  * If the nflag has been supplied, give
1590  * numeric value, otherwise try for symbolic name.
1591  */
1592 const char *
1593 inetname(struct sockaddr *sa)
1594 {
1595 	static char line[NI_MAXHOST], domain[MAXHOSTNAMELEN + 1];
1596 	static int first = 1;
1597 	char *cp;
1598 
1599 	if (first && !nflag) {
1600 		first = 0;
1601 		if (gethostname(domain, sizeof(domain)) == 0 &&
1602 		    (cp = strchr(domain, '.')))
1603 			(void) strlcpy(domain, cp + 1, sizeof(domain));
1604 		else
1605 			domain[0] = 0;
1606 	}
1607 	cp = NULL;
1608 	if (!nflag) {
1609 		if (cap_getnameinfo(capdns, sa, sa->sa_len, line, sizeof(line), NULL, 0,
1610 		    NI_NAMEREQD) == 0) {
1611 			if ((cp = strchr(line, '.')) &&
1612 			    !strcmp(cp + 1, domain))
1613 				*cp = 0;
1614 			cp = line;
1615 		}
1616 	}
1617 	if (cp)
1618 		return cp;
1619 
1620 	if (cap_getnameinfo(capdns, sa, sa->sa_len, line, sizeof(line), NULL, 0,
1621 	    NI_NUMERICHOST) != 0)
1622 		strlcpy(line, "invalid", sizeof(line));
1623 	return line;
1624 }
1625 
1626 /*
1627  * CRC32C routine for the Stream Control Transmission Protocol
1628  */
1629 
1630 #define CRC32C(c, d) (c = (c>>8) ^ crc_c[(c^(d))&0xFF])
1631 
1632 static u_int32_t crc_c[256] = {
1633 	0x00000000, 0xF26B8303, 0xE13B70F7, 0x1350F3F4,
1634 	0xC79A971F, 0x35F1141C, 0x26A1E7E8, 0xD4CA64EB,
1635 	0x8AD958CF, 0x78B2DBCC, 0x6BE22838, 0x9989AB3B,
1636 	0x4D43CFD0, 0xBF284CD3, 0xAC78BF27, 0x5E133C24,
1637 	0x105EC76F, 0xE235446C, 0xF165B798, 0x030E349B,
1638 	0xD7C45070, 0x25AFD373, 0x36FF2087, 0xC494A384,
1639 	0x9A879FA0, 0x68EC1CA3, 0x7BBCEF57, 0x89D76C54,
1640 	0x5D1D08BF, 0xAF768BBC, 0xBC267848, 0x4E4DFB4B,
1641 	0x20BD8EDE, 0xD2D60DDD, 0xC186FE29, 0x33ED7D2A,
1642 	0xE72719C1, 0x154C9AC2, 0x061C6936, 0xF477EA35,
1643 	0xAA64D611, 0x580F5512, 0x4B5FA6E6, 0xB93425E5,
1644 	0x6DFE410E, 0x9F95C20D, 0x8CC531F9, 0x7EAEB2FA,
1645 	0x30E349B1, 0xC288CAB2, 0xD1D83946, 0x23B3BA45,
1646 	0xF779DEAE, 0x05125DAD, 0x1642AE59, 0xE4292D5A,
1647 	0xBA3A117E, 0x4851927D, 0x5B016189, 0xA96AE28A,
1648 	0x7DA08661, 0x8FCB0562, 0x9C9BF696, 0x6EF07595,
1649 	0x417B1DBC, 0xB3109EBF, 0xA0406D4B, 0x522BEE48,
1650 	0x86E18AA3, 0x748A09A0, 0x67DAFA54, 0x95B17957,
1651 	0xCBA24573, 0x39C9C670, 0x2A993584, 0xD8F2B687,
1652 	0x0C38D26C, 0xFE53516F, 0xED03A29B, 0x1F682198,
1653 	0x5125DAD3, 0xA34E59D0, 0xB01EAA24, 0x42752927,
1654 	0x96BF4DCC, 0x64D4CECF, 0x77843D3B, 0x85EFBE38,
1655 	0xDBFC821C, 0x2997011F, 0x3AC7F2EB, 0xC8AC71E8,
1656 	0x1C661503, 0xEE0D9600, 0xFD5D65F4, 0x0F36E6F7,
1657 	0x61C69362, 0x93AD1061, 0x80FDE395, 0x72966096,
1658 	0xA65C047D, 0x5437877E, 0x4767748A, 0xB50CF789,
1659 	0xEB1FCBAD, 0x197448AE, 0x0A24BB5A, 0xF84F3859,
1660 	0x2C855CB2, 0xDEEEDFB1, 0xCDBE2C45, 0x3FD5AF46,
1661 	0x7198540D, 0x83F3D70E, 0x90A324FA, 0x62C8A7F9,
1662 	0xB602C312, 0x44694011, 0x5739B3E5, 0xA55230E6,
1663 	0xFB410CC2, 0x092A8FC1, 0x1A7A7C35, 0xE811FF36,
1664 	0x3CDB9BDD, 0xCEB018DE, 0xDDE0EB2A, 0x2F8B6829,
1665 	0x82F63B78, 0x709DB87B, 0x63CD4B8F, 0x91A6C88C,
1666 	0x456CAC67, 0xB7072F64, 0xA457DC90, 0x563C5F93,
1667 	0x082F63B7, 0xFA44E0B4, 0xE9141340, 0x1B7F9043,
1668 	0xCFB5F4A8, 0x3DDE77AB, 0x2E8E845F, 0xDCE5075C,
1669 	0x92A8FC17, 0x60C37F14, 0x73938CE0, 0x81F80FE3,
1670 	0x55326B08, 0xA759E80B, 0xB4091BFF, 0x466298FC,
1671 	0x1871A4D8, 0xEA1A27DB, 0xF94AD42F, 0x0B21572C,
1672 	0xDFEB33C7, 0x2D80B0C4, 0x3ED04330, 0xCCBBC033,
1673 	0xA24BB5A6, 0x502036A5, 0x4370C551, 0xB11B4652,
1674 	0x65D122B9, 0x97BAA1BA, 0x84EA524E, 0x7681D14D,
1675 	0x2892ED69, 0xDAF96E6A, 0xC9A99D9E, 0x3BC21E9D,
1676 	0xEF087A76, 0x1D63F975, 0x0E330A81, 0xFC588982,
1677 	0xB21572C9, 0x407EF1CA, 0x532E023E, 0xA145813D,
1678 	0x758FE5D6, 0x87E466D5, 0x94B49521, 0x66DF1622,
1679 	0x38CC2A06, 0xCAA7A905, 0xD9F75AF1, 0x2B9CD9F2,
1680 	0xFF56BD19, 0x0D3D3E1A, 0x1E6DCDEE, 0xEC064EED,
1681 	0xC38D26C4, 0x31E6A5C7, 0x22B65633, 0xD0DDD530,
1682 	0x0417B1DB, 0xF67C32D8, 0xE52CC12C, 0x1747422F,
1683 	0x49547E0B, 0xBB3FFD08, 0xA86F0EFC, 0x5A048DFF,
1684 	0x8ECEE914, 0x7CA56A17, 0x6FF599E3, 0x9D9E1AE0,
1685 	0xD3D3E1AB, 0x21B862A8, 0x32E8915C, 0xC083125F,
1686 	0x144976B4, 0xE622F5B7, 0xF5720643, 0x07198540,
1687 	0x590AB964, 0xAB613A67, 0xB831C993, 0x4A5A4A90,
1688 	0x9E902E7B, 0x6CFBAD78, 0x7FAB5E8C, 0x8DC0DD8F,
1689 	0xE330A81A, 0x115B2B19, 0x020BD8ED, 0xF0605BEE,
1690 	0x24AA3F05, 0xD6C1BC06, 0xC5914FF2, 0x37FACCF1,
1691 	0x69E9F0D5, 0x9B8273D6, 0x88D28022, 0x7AB90321,
1692 	0xAE7367CA, 0x5C18E4C9, 0x4F48173D, 0xBD23943E,
1693 	0xF36E6F75, 0x0105EC76, 0x12551F82, 0xE03E9C81,
1694 	0x34F4F86A, 0xC69F7B69, 0xD5CF889D, 0x27A40B9E,
1695 	0x79B737BA, 0x8BDCB4B9, 0x988C474D, 0x6AE7C44E,
1696 	0xBE2DA0A5, 0x4C4623A6, 0x5F16D052, 0xAD7D5351
1697 };
1698 
1699 u_int32_t
1700 sctp_crc32c(void *pack, u_int32_t len)
1701 {
1702 	u_int32_t i, crc32c;
1703 	u_int8_t byte0, byte1, byte2, byte3;
1704 	u_int8_t *buf = (u_int8_t *)pack;
1705 
1706 	crc32c = ~0;
1707 	for (i = 0; i < len; i++)
1708 		CRC32C(crc32c, buf[i]);
1709 	crc32c = ~crc32c;
1710 	byte0  = crc32c & 0xff;
1711 	byte1  = (crc32c>>8) & 0xff;
1712 	byte2  = (crc32c>>16) & 0xff;
1713 	byte3  = (crc32c>>24) & 0xff;
1714 	crc32c = ((byte0 << 24) | (byte1 << 16) | (byte2 << 8) | byte3);
1715 	return htonl(crc32c);
1716 }
1717 
1718 u_int16_t
1719 in_cksum(u_int16_t *addr, int len)
1720 {
1721 	int nleft = len;
1722 	u_int16_t *w = addr;
1723 	u_int16_t answer;
1724 	int sum = 0;
1725 
1726 	/*
1727 	 *  Our algorithm is simple, using a 32 bit accumulator (sum),
1728 	 *  we add sequential 16 bit words to it, and at the end, fold
1729 	 *  back all the carry bits from the top 16 bits into the lower
1730 	 *  16 bits.
1731 	 */
1732 	while (nleft > 1)  {
1733 		sum += *w++;
1734 		nleft -= 2;
1735 	}
1736 
1737 	/* mop up an odd byte, if necessary */
1738 	if (nleft == 1)
1739 		sum += *(u_char *)w;
1740 
1741 	/*
1742 	 * add back carry outs from top 16 bits to low 16 bits
1743 	 */
1744 	sum = (sum >> 16) + (sum & 0xffff);	/* add hi 16 to low 16 */
1745 	sum += (sum >> 16);			/* add carry */
1746 	answer = ~sum;				/* truncate to 16 bits */
1747 	return (answer);
1748 }
1749 
1750 u_int16_t
1751 udp_cksum(struct sockaddr_in6 *src, struct sockaddr_in6 *dst,
1752     void *payload, u_int32_t len)
1753 {
1754 	struct {
1755 		struct in6_addr src;
1756 		struct in6_addr dst;
1757 		u_int32_t len;
1758 		u_int8_t zero[3];
1759 		u_int8_t next;
1760 	} pseudo_hdr;
1761 	u_int16_t sum[2];
1762 
1763 	pseudo_hdr.src = src->sin6_addr;
1764 	pseudo_hdr.dst = dst->sin6_addr;
1765 	pseudo_hdr.len = htonl(len);
1766 	pseudo_hdr.zero[0] = 0;
1767 	pseudo_hdr.zero[1] = 0;
1768 	pseudo_hdr.zero[2] = 0;
1769 	pseudo_hdr.next = IPPROTO_UDP;
1770 
1771 	sum[1] = in_cksum((u_int16_t *)&pseudo_hdr, sizeof(pseudo_hdr));
1772 	sum[0] = in_cksum(payload, len);
1773 
1774 	return (~in_cksum(sum, sizeof(sum)));
1775 }
1776 
1777 u_int16_t
1778 tcp_chksum(struct sockaddr_in6 *src, struct sockaddr_in6 *dst,
1779     void *payload, u_int32_t len)
1780 {
1781 	struct {
1782 		struct in6_addr src;
1783 		struct in6_addr dst;
1784 		u_int32_t len;
1785 		u_int8_t zero[3];
1786 		u_int8_t next;
1787 	} pseudo_hdr;
1788 	u_int16_t sum[2];
1789 
1790 	pseudo_hdr.src = src->sin6_addr;
1791 	pseudo_hdr.dst = dst->sin6_addr;
1792 	pseudo_hdr.len = htonl(len);
1793 	pseudo_hdr.zero[0] = 0;
1794 	pseudo_hdr.zero[1] = 0;
1795 	pseudo_hdr.zero[2] = 0;
1796 	pseudo_hdr.next = IPPROTO_TCP;
1797 
1798 	sum[1] = in_cksum((u_int16_t *)&pseudo_hdr, sizeof(pseudo_hdr));
1799 	sum[0] = in_cksum(payload, len);
1800 
1801 	return (~in_cksum(sum, sizeof(sum)));
1802 }
1803 
1804 void
1805 usage(void)
1806 {
1807 
1808 	fprintf(stderr,
1809 "usage: traceroute6 [-adIlnNrSTUv] [-A as_server] [-f firsthop] [-g gateway]\n"
1810 "       [-m hoplimit] [-p port] [-q probes] [-s src] [-w waittime] target\n"
1811 "       [datalen]\n");
1812 	exit(1);
1813 }
1814