]> The Tcpdump Group git mirrors - tcpdump/blob - print-ip6.c
projects / tcpdump / blob
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Remove some now redundant ND_TCHECK_LEN(e, sizeof(nd_ipv6)) calls
[tcpdump] / print-ip6.c
1 /*
2 * Copyright (c) 1988, 1989, 1990, 1991, 1992, 1993, 1994
3 * The Regents of the University of California. All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that: (1) source code distributions
7 * retain the above copyright notice and this paragraph in its entirety, (2)
8 * distributions including binary code include the above copyright notice and
9 * this paragraph in its entirety in the documentation or other materials
10 * provided with the distribution, and (3) all advertising materials mentioning
11 * features or use of this software display the following acknowledgement:
12 * ``This product includes software developed by the University of California,
13 * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of
14 * the University nor the names of its contributors may be used to endorse
15 * or promote products derived from this software without specific prior
16 * written permission.
17 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED
18 * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
19 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
20 */
21
22 /* \summary: IPv6 printer */
23
24 #ifdef HAVE_CONFIG_H
25 #include <config.h>
26 #endif
27
28 #include "netdissect-stdinc.h"
29
30 #include <string.h>
31
32 #include "netdissect.h"
33 #include "addrtoname.h"
34 #include "extract.h"
35
36 #include "ip6.h"
37 #include "ipproto.h"
38
39 /*
40 * If routing headers are presend and valid, set dst to the final destination.
41 * Otherwise, set it to the IPv6 destination.
42 *
43 * This is used for UDP and TCP pseudo-header in the checksum
44 * calculation.
45 */
46 static void
47 ip6_finddst(netdissect_options *ndo, nd_ipv6 *dst,
48 const struct ip6_hdr *ip6)
49 {
50 const u_char *cp;
51 u_int advance;
52 u_int nh;
53 const void *dst_addr;
54 const struct ip6_rthdr *dp;
55 const struct ip6_rthdr0 *dp0;
56 const struct ip6_srh *srh;
57 const u_char *p;
58 int i, len;
59
60 cp = (const u_char *)ip6;
61 advance = sizeof(struct ip6_hdr);
62 nh = GET_U_1(ip6->ip6_nxt);
63 dst_addr = (const void *)ip6->ip6_dst;
64
65 while (cp < ndo->ndo_snapend) {
66 cp += advance;
67
68 switch (nh) {
69
70 case IPPROTO_HOPOPTS:
71 case IPPROTO_DSTOPTS:
72 case IPPROTO_MOBILITY_OLD:
73 case IPPROTO_MOBILITY:
74 /*
75 * These have a header length byte, following
76 * the next header byte, giving the length of
77 * the header, in units of 8 octets, excluding
78 * the first 8 octets.
79 */
80 ND_TCHECK_2(cp);
81 advance = (GET_U_1(cp + 1) + 1) << 3;
82 nh = GET_U_1(cp);
83 break;
84
85 case IPPROTO_FRAGMENT:
86 /*
87 * The byte following the next header byte is
88 * marked as reserved, and the header is always
89 * the same size.
90 */
91 advance = sizeof(struct ip6_frag);
92 nh = GET_U_1(cp);
93 break;
94
95 case IPPROTO_ROUTING:
96 /*
97 * OK, we found it.
98 */
99 dp = (const struct ip6_rthdr *)cp;
100 ND_TCHECK_SIZE(dp);
101 len = GET_U_1(dp->ip6r_len);
102 switch (GET_U_1(dp->ip6r_type)) {
103
104 case IPV6_RTHDR_TYPE_0:
105 case IPV6_RTHDR_TYPE_2: /* Mobile IPv6 ID-20 */
106 dp0 = (const struct ip6_rthdr0 *)dp;
107 if (len % 2 == 1)
108 goto trunc;
109 len >>= 1;
110 p = (const u_char *) dp0->ip6r0_addr;
111 for (i = 0; i < len; i++) {
112 ND_TCHECK_16(p);
113 dst_addr = (const void *)p;
114 p += 16;
115 }
116 break;
117 case IPV6_RTHDR_TYPE_4:
118 /* IPv6 Segment Routing Header (SRH) */
119 srh = (const struct ip6_srh *)dp;
120 if (len % 2 == 1)
121 goto trunc;
122 p = (const u_char *) srh->srh_segments;
123 /*
124 * The list of segments are encoded in the reverse order.
125 * Accordingly, the final DA is encoded in srh_segments[0]
126 */
127 ND_TCHECK_16(p);
128 dst_addr = (const void *)p;
129 break;
130
131 default:
132 break;
133 }
134
135 /*
136 * Only one routing header to a customer.
137 */
138 goto done;
139
140 case IPPROTO_AH:
141 case IPPROTO_ESP:
142 case IPPROTO_IPCOMP:
143 default:
144 /*
145 * AH and ESP are, in the RFCs that describe them,
146 * described as being "viewed as an end-to-end
147 * payload" "in the IPv6 context, so that they
148 * "should appear after hop-by-hop, routing, and
149 * fragmentation extension headers". We assume
150 * that's the case, and stop as soon as we see
151 * one. (We can't handle an ESP header in
152 * the general case anyway, as its length depends
153 * on the encryption algorithm.)
154 *
155 * IPComp is also "viewed as an end-to-end
156 * payload" "in the IPv6 context".
157 *
158 * All other protocols are assumed to be the final
159 * protocol.
160 */
161 goto done;
162 }
163 }
164
165 done:
166 trunc:
167 GET_CPY_BYTES(dst, dst_addr, sizeof(nd_ipv6));
168 }
169
170 /*
171 * Compute a V6-style checksum by building a pseudoheader.
172 */
173 uint16_t
174 nextproto6_cksum(netdissect_options *ndo,
175 const struct ip6_hdr *ip6, const uint8_t *data,
176 u_int len, u_int covlen, uint8_t next_proto)
177 {
178 struct {
179 nd_ipv6 ph_src;
180 nd_ipv6 ph_dst;
181 uint32_t ph_len;
182 uint8_t ph_zero[3];
183 uint8_t ph_nxt;
184 } ph;
185 struct cksum_vec vec[2];
186 u_int nh;
187
188 /* pseudo-header */
189 memset(&ph, 0, sizeof(ph));
190 GET_CPY_BYTES(&ph.ph_src, ip6->ip6_src, sizeof(nd_ipv6));
191 nh = GET_U_1(ip6->ip6_nxt);
192 switch (nh) {
193
194 case IPPROTO_HOPOPTS:
195 case IPPROTO_DSTOPTS:
196 case IPPROTO_MOBILITY_OLD:
197 case IPPROTO_MOBILITY:
198 case IPPROTO_FRAGMENT:
199 case IPPROTO_ROUTING:
200 /*
201 * The next header is either a routing header or a header
202 * after which there might be a routing header, so scan
203 * for a routing header.
204 */
205 ip6_finddst(ndo, &ph.ph_dst, ip6);
206 break;
207
208 default:
209 GET_CPY_BYTES(&ph.ph_dst, ip6->ip6_dst, sizeof(nd_ipv6));
210 break;
211 }
212 ph.ph_len = htonl(len);
213 ph.ph_nxt = next_proto;
214
215 vec[0].ptr = (const uint8_t *)(void *)&ph;
216 vec[0].len = sizeof(ph);
217 vec[1].ptr = data;
218 vec[1].len = covlen;
219
220 return in_cksum(vec, 2);
221 }
222
223 /*
224 * print an IP6 datagram.
225 */
226 void
227 ip6_print(netdissect_options *ndo, const u_char *bp, u_int length)
228 {
229 const struct ip6_hdr *ip6;
230 int advance;
231 u_int len;
232 u_int total_advance;
233 const u_char *cp;
234 uint32_t payload_len;
235 uint8_t nh;
236 int fragmented = 0;
237 u_int flow;
238 int found_extension_header;
239 int found_jumbo;
240
241 ndo->ndo_protocol = "ip6";
242 ip6 = (const struct ip6_hdr *)bp;
243
244 ND_TCHECK_SIZE(ip6);
245 if (length < sizeof (struct ip6_hdr)) {
246 ND_PRINT("truncated-ip6 %u", length);
247 return;
248 }
249
250 if (!ndo->ndo_eflag)
251 ND_PRINT("IP6 ");
252
253 if (IP6_VERSION(ip6) != 6) {
254 ND_PRINT("version error: %u != 6", IP6_VERSION(ip6));
255 return;
256 }
257
258 payload_len = GET_BE_U_2(ip6->ip6_plen);
259 /*
260 * RFC 1883 says:
261 *
262 * The Payload Length field in the IPv6 header must be set to zero
263 * in every packet that carries the Jumbo Payload option. If a
264 * packet is received with a valid Jumbo Payload option present and
265 * a non-zero IPv6 Payload Length field, an ICMP Parameter Problem
266 * message, Code 0, should be sent to the packet's source, pointing
267 * to the Option Type field of the Jumbo Payload option.
268 *
269 * Later versions of the IPv6 spec don't discuss the Jumbo Payload
270 * option.
271 *
272 * If the payload length is 0, we temporarily just set the total
273 * length to the remaining data in the packet (which, for Ethernet,
274 * could include frame padding, but if it's a Jumbo Payload frame,
275 * it shouldn't even be sendable over Ethernet, so we don't worry
276 * about that), so we can process the extension headers in order
277 * to *find* a Jumbo Payload hop-by-hop option and, when we've
278 * processed all the extension headers, check whether we found
279 * a Jumbo Payload option, and fail if we haven't.
280 */
281 if (payload_len != 0) {
282 len = payload_len + sizeof(struct ip6_hdr);
283 if (length < len)
284 ND_PRINT("truncated-ip6 - %u bytes missing!",
285 len - length);
286 } else
287 len = length + sizeof(struct ip6_hdr);
288
289 nh = GET_U_1(ip6->ip6_nxt);
290 if (ndo->ndo_vflag) {
291 flow = GET_BE_U_4(ip6->ip6_flow);
292 ND_PRINT("(");
293 #if 0
294 /* rfc1883 */
295 if (flow & 0x0f000000)
296 ND_PRINT("pri 0x%02x, ", (flow & 0x0f000000) >> 24);
297 if (flow & 0x00ffffff)
298 ND_PRINT("flowlabel 0x%06x, ", flow & 0x00ffffff);
299 #else
300 /* RFC 2460 */
301 if (flow & 0x0ff00000)
302 ND_PRINT("class 0x%02x, ", (flow & 0x0ff00000) >> 20);
303 if (flow & 0x000fffff)
304 ND_PRINT("flowlabel 0x%05x, ", flow & 0x000fffff);
305 #endif
306
307 ND_PRINT("hlim %u, next-header %s (%u) payload length: %u) ",
308 GET_U_1(ip6->ip6_hlim),
309 tok2str(ipproto_values,"unknown",nh),
310 nh,
311 payload_len);
312 }
313
314 /*
315 * Cut off the snapshot length to the end of the IP payload.
316 */
317 nd_push_snapend(ndo, bp + len);
318
319 cp = (const u_char *)ip6;
320 advance = sizeof(struct ip6_hdr);
321 total_advance = 0;
322 /* Process extension headers */
323 found_extension_header = 0;
324 found_jumbo = 0;
325 while (cp < ndo->ndo_snapend && advance > 0) {
326 if (len < (u_int)advance)
327 goto trunc;
328 cp += advance;
329 len -= advance;
330 total_advance += advance;
331
332 if (cp == (const u_char *)(ip6 + 1) &&
333 nh != IPPROTO_TCP && nh != IPPROTO_UDP &&
334 nh != IPPROTO_DCCP && nh != IPPROTO_SCTP) {
335 ND_PRINT("%s > %s: ", GET_IP6ADDR_STRING(ip6->ip6_src),
336 GET_IP6ADDR_STRING(ip6->ip6_dst));
337 }
338
339 switch (nh) {
340
341 case IPPROTO_HOPOPTS:
342 advance = hbhopt_process(ndo, cp, &found_jumbo, &payload_len);
343 if (advance < 0) {
344 nd_pop_packet_info(ndo);
345 return;
346 }
347 found_extension_header = 1;
348 nh = GET_U_1(cp);
349 break;
350
351 case IPPROTO_DSTOPTS:
352 advance = dstopt_process(ndo, cp);
353 if (advance < 0) {
354 nd_pop_packet_info(ndo);
355 return;
356 }
357 found_extension_header = 1;
358 nh = GET_U_1(cp);
359 break;
360
361 case IPPROTO_FRAGMENT:
362 advance = frag6_print(ndo, cp, (const u_char *)ip6);
363 if (advance < 0 || ndo->ndo_snapend <= cp + advance) {
364 nd_pop_packet_info(ndo);
365 return;
366 }
367 found_extension_header = 1;
368 nh = GET_U_1(cp);
369 fragmented = 1;
370 break;
371
372 case IPPROTO_MOBILITY_OLD:
373 case IPPROTO_MOBILITY:
374 /*
375 * XXX - we don't use "advance"; RFC 3775 says that
376 * the next header field in a mobility header
377 * should be IPPROTO_NONE, but speaks of
378 * the possiblity of a future extension in
379 * which payload can be piggybacked atop a
380 * mobility header.
381 */
382 advance = mobility_print(ndo, cp, (const u_char *)ip6);
383 if (advance < 0) {
384 nd_pop_packet_info(ndo);
385 return;
386 }
387 found_extension_header = 1;
388 nh = GET_U_1(cp);
389 nd_pop_packet_info(ndo);
390 return;
391
392 case IPPROTO_ROUTING:
393 ND_TCHECK_1(cp);
394 advance = rt6_print(ndo, cp, (const u_char *)ip6);
395 if (advance < 0) {
396 nd_pop_packet_info(ndo);
397 return;
398 }
399 found_extension_header = 1;
400 nh = GET_U_1(cp);
401 break;
402
403 default:
404 /*
405 * Not an extension header; hand off to the
406 * IP protocol demuxer.
407 */
408 if (found_jumbo) {
409 /*
410 * We saw a Jumbo Payload option.
411 * Set the length to the payload length
412 * plus the IPv6 header length, and
413 * change the snapshot length accordingly.
414 *
415 * But make sure it's not shorter than
416 * the total number of bytes we've
417 * processed so far.
418 */
419 len = payload_len + sizeof(struct ip6_hdr);
420 if (len < total_advance)
421 goto trunc;
422 if (length < len)
423 ND_PRINT("truncated-ip6 - %u bytes missing!",
424 len - length);
425 nd_change_snapend(ndo, bp + len);
426
427 /*
428 * Now subtract the length of the IPv6
429 * header plus extension headers to get
430 * the payload length.
431 */
432 len -= total_advance;
433 } else {
434 /*
435 * We didn't see a Jumbo Payload option;
436 * was the payload length zero?
437 */
438 if (payload_len == 0) {
439 /*
440 * Yes. If we found an extension
441 * header, treat that as a truncated
442 * packet header, as there was
443 * no payload to contain an
444 * extension header.
445 */
446 if (found_extension_header)
447 goto trunc;
448
449 /*
450 * OK, we didn't see any extnesion
451 * header, but that means we have
452 * no payload, so set the length
453 * to the IPv6 header length,
454 * and change the snapshot length
455 * accordingly.
456 */
457 len = sizeof(struct ip6_hdr);
458 nd_change_snapend(ndo, bp + len);
459
460 /*
461 * Now subtract the length of
462 * the IPv6 header plus extension
463 * headers (there weren't any, so
464 * that's just the IPv6 header
465 * length) to get the payload length.
466 */
467 len -= total_advance;
468 }
469 }
470 ip_demux_print(ndo, cp, len, 6, fragmented,
471 GET_U_1(ip6->ip6_hlim), nh, bp);
472 nd_pop_packet_info(ndo);
473 return;
474 }
475
476 /* ndo_protocol reassignment after xxx_print() calls */
477 ndo->ndo_protocol = "ip6";
478 }
479
480 nd_pop_packet_info(ndo);
481 return;
482 trunc:
483 nd_print_trunc(ndo);
484 }
[mirror] the TCPdump network dissector