]> The Tcpdump Group git mirrors - tcpdump/blob - print-ip.c
projects / tcpdump / blob
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
per George Bakos' suggestion:
[tcpdump] / print-ip.c
1 /*
2 * Copyright (c) 1988, 1989, 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997
3 * The Regents of the University of California. All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that: (1) source code distributions
7 * retain the above copyright notice and this paragraph in its entirety, (2)
8 * distributions including binary code include the above copyright notice and
9 * this paragraph in its entirety in the documentation or other materials
10 * provided with the distribution, and (3) all advertising materials mentioning
11 * features or use of this software display the following acknowledgement:
12 * ``This product includes software developed by the University of California,
13 * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of
14 * the University nor the names of its contributors may be used to endorse
15 * or promote products derived from this software without specific prior
16 * written permission.
17 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED
18 * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
19 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
20 */
21
22 #ifndef lint
23 static const char rcsid[] =
24 "@(#) $Header: /tcpdump/master/tcpdump/print-ip.c,v 1.121 2003-04-24 12:51:35 hannes Exp $ (LBL)";
25 #endif
26
27 #ifdef HAVE_CONFIG_H
28 #include "config.h"
29 #endif
30
31 #include <tcpdump-stdinc.h>
32
33 #include <stdio.h>
34 #include <stdlib.h>
35 #include <string.h>
36
37 #include "addrtoname.h"
38 #include "interface.h"
39 #include "extract.h" /* must come after interface.h */
40
41 #include "ip.h"
42
43 /* Compatibility */
44 #ifndef IPPROTO_ND
45 #define IPPROTO_ND 77
46 #endif
47
48 /*
49 * print the recorded route in an IP RR, LSRR or SSRR option.
50 */
51 static void
52 ip_printroute(const char *type, register const u_char *cp, u_int length)
53 {
54 register u_int ptr = cp[2] - 1;
55 register u_int len;
56
57 printf(" %s{", type);
58 if ((length + 1) & 3)
59 printf(" [bad length %d]", length);
60 if (ptr < 3 || ((ptr + 1) & 3) || ptr > length + 1)
61 printf(" [bad ptr %d]", cp[2]);
62
63 type = "";
64 for (len = 3; len < length; len += 4) {
65 if (ptr == len)
66 type = "#";
67 printf("%s%s", type, ipaddr_string(&cp[len]));
68 type = " ";
69 }
70 printf("%s}", ptr == len? "#" : "");
71 }
72
73 /*
74 * If source-routing is present, return the final destination.
75 * Otherwise, return IP destination.
76 *
77 * This is used for UDP and TCP pseudo-header in the checksum
78 * calculation.
79 */
80 u_int32_t
81 ip_finddst(const struct ip *ip)
82 {
83 int length;
84 int len;
85 const u_char *cp;
86 u_int32_t retval;
87
88 cp = (const u_char *)(ip + 1);
89 length = (IP_HL(ip) << 2) - sizeof(struct ip);
90
91 for (; length > 0; cp += len, length -= len) {
92 int tt = *cp;
93
94 if (tt == IPOPT_NOP || tt == IPOPT_EOL)
95 len = 1;
96 else {
97 if (&cp[1] >= snapend) {
98 return 0;
99 }
100 len = cp[1];
101 }
102 if (len <= 0) {
103 return 0;
104 }
105 if (&cp[1] >= snapend || cp + len > snapend) {
106 return 0;
107 }
108 switch (tt) {
109
110 case IPOPT_SSRR:
111 case IPOPT_LSRR:
112 memcpy(&retval, cp + len - 4, 4);
113 return retval;
114 }
115 }
116 return ip->ip_dst.s_addr;
117 }
118
119 static void
120 ip_printts(register const u_char *cp, u_int length)
121 {
122 register u_int ptr = cp[2] - 1;
123 register u_int len = 0;
124 int hoplen;
125 const char *type;
126
127 printf(" TS{");
128 hoplen = ((cp[3]&0xF) != IPOPT_TS_TSONLY) ? 8 : 4;
129 if ((length - 4) & (hoplen-1))
130 printf("[bad length %d]", length);
131 if (ptr < 4 || ((ptr - 4) & (hoplen-1)) || ptr > length + 1)
132 printf("[bad ptr %d]", cp[2]);
133 switch (cp[3]&0xF) {
134 case IPOPT_TS_TSONLY:
135 printf("TSONLY");
136 break;
137 case IPOPT_TS_TSANDADDR:
138 printf("TS+ADDR");
139 break;
140 /*
141 * prespecified should really be 3, but some ones might send 2
142 * instead, and the IPOPT_TS_PRESPEC constant can apparently
143 * have both values, so we have to hard-code it here.
144 */
145
146 case 2:
147 printf("PRESPEC2.0");
148 break;
149 case 3: /* IPOPT_TS_PRESPEC */
150 printf("PRESPEC");
151 break;
152 default:
153 printf("[bad ts type %d]", cp[3]&0xF);
154 goto done;
155 }
156
157 type = " ";
158 for (len = 4; len < length; len += hoplen) {
159 if (ptr == len)
160 type = " ^ ";
161 printf("%s%d@%s", type, EXTRACT_32BITS(&cp[len+hoplen-4]),
162 hoplen!=8 ? "" : ipaddr_string(&cp[len]));
163 type = " ";
164 }
165
166 done:
167 printf("%s", ptr == len ? " ^ " : "");
168
169 if (cp[3]>>4)
170 printf(" [%d hops not recorded]} ", cp[3]>>4);
171 else
172 printf("}");
173 }
174
175 /*
176 * print IP options.
177 */
178 static void
179 ip_optprint(register const u_char *cp, u_int length)
180 {
181 register u_int len;
182
183 for (; length > 0; cp += len, length -= len) {
184 int tt = *cp;
185
186 if (tt == IPOPT_NOP || tt == IPOPT_EOL)
187 len = 1;
188 else {
189 if (&cp[1] >= snapend) {
190 printf("[|ip]");
191 return;
192 }
193 len = cp[1];
194 }
195 if (len <= 0) {
196 printf("[|ip op len %d]", len);
197 return;
198 }
199 if (&cp[1] >= snapend || cp + len > snapend) {
200 printf("[|ip]");
201 return;
202 }
203 switch (tt) {
204
205 case IPOPT_EOL:
206 printf(" EOL");
207 if (length > 1)
208 printf("-%d", length - 1);
209 return;
210
211 case IPOPT_NOP:
212 printf(" NOP");
213 break;
214
215 case IPOPT_TS:
216 ip_printts(cp, len);
217 break;
218
219 #ifndef IPOPT_SECURITY
220 #define IPOPT_SECURITY 130
221 #endif /* IPOPT_SECURITY */
222 case IPOPT_SECURITY:
223 printf(" SECURITY{%d}", len);
224 break;
225
226 case IPOPT_RR:
227 ip_printroute("RR", cp, len);
228 break;
229
230 case IPOPT_SSRR:
231 ip_printroute("SSRR", cp, len);
232 break;
233
234 case IPOPT_LSRR:
235 ip_printroute("LSRR", cp, len);
236 break;
237
238 #ifndef IPOPT_RA
239 #define IPOPT_RA 148 /* router alert */
240 #endif
241 case IPOPT_RA:
242 printf(" RA");
243 if (len != 4)
244 printf("{%d}", len);
245 else if (cp[2] || cp[3])
246 printf("%d.%d", cp[2], cp[3]);
247 break;
248
249 default:
250 printf(" IPOPT-%d{%d}", cp[0], len);
251 break;
252 }
253 }
254 }
255
256 /*
257 * compute an IP header checksum.
258 * don't modifiy the packet.
259 */
260 u_short
261 in_cksum(const u_short *addr, register u_int len, int csum)
262 {
263 int nleft = len;
264 const u_short *w = addr;
265 u_short answer;
266 int sum = csum;
267
268 /*
269 * Our algorithm is simple, using a 32 bit accumulator (sum),
270 * we add sequential 16 bit words to it, and at the end, fold
271 * back all the carry bits from the top 16 bits into the lower
272 * 16 bits.
273 */
274 while (nleft > 1) {
275 sum += *w++;
276 nleft -= 2;
277 }
278 if (nleft == 1)
279 sum += htons(*(u_char *)w<<8);
280
281 /*
282 * add back carry outs from top 16 bits to low 16 bits
283 */
284 sum = (sum >> 16) + (sum & 0xffff); /* add hi 16 to low 16 */
285 sum += (sum >> 16); /* add carry */
286 answer = ~sum; /* truncate to 16 bits */
287 return (answer);
288 }
289
290 /*
291 * Given the host-byte-order value of the checksum field in a packet
292 * header, and the network-byte-order computed checksum of the data
293 * that the checksum covers (including the checksum itself), compute
294 * what the checksum field *should* have been.
295 */
296 u_int16_t
297 in_cksum_shouldbe(u_int16_t sum, u_int16_t computed_sum)
298 {
299 u_int32_t shouldbe;
300
301 /*
302 * The value that should have gone into the checksum field
303 * is the negative of the value gotten by summing up everything
304 * *but* the checksum field.
305 *
306 * We can compute that by subtracting the value of the checksum
307 * field from the sum of all the data in the packet, and then
308 * computing the negative of that value.
309 *
310 * "sum" is the value of the checksum field, and "computed_sum"
311 * is the negative of the sum of all the data in the packets,
312 * so that's -(-computed_sum - sum), or (sum + computed_sum).
313 *
314 * All the arithmetic in question is one's complement, so the
315 * addition must include an end-around carry; we do this by
316 * doing the arithmetic in 32 bits (with no sign-extension),
317 * and then adding the upper 16 bits of the sum, which contain
318 * the carry, to the lower 16 bits of the sum, and then do it
319 * again in case *that* sum produced a carry.
320 *
321 * As RFC 1071 notes, the checksum can be computed without
322 * byte-swapping the 16-bit words; summing 16-bit words
323 * on a big-endian machine gives a big-endian checksum, which
324 * can be directly stuffed into the big-endian checksum fields
325 * in protocol headers, and summing words on a little-endian
326 * machine gives a little-endian checksum, which must be
327 * byte-swapped before being stuffed into a big-endian checksum
328 * field.
329 *
330 * "computed_sum" is a network-byte-order value, so we must put
331 * it in host byte order before subtracting it from the
332 * host-byte-order value from the header; the adjusted checksum
333 * will be in host byte order, which is what we'll return.
334 */
335 shouldbe = sum;
336 shouldbe += ntohs(computed_sum);
337 shouldbe = (shouldbe & 0xFFFF) + (shouldbe >> 16);
338 shouldbe = (shouldbe & 0xFFFF) + (shouldbe >> 16);
339 return shouldbe;
340 }
341
342 #ifndef IP_MF
343 #define IP_MF 0x2000
344 #endif /* IP_MF */
345 #ifndef IP_DF
346 #define IP_DF 0x4000
347 #endif /* IP_DF */
348 #define IP_RES 0x8000
349
350 static struct tok ip_frag_values[] = {
351 { IP_MF, "+" },
352 { IP_DF, "DF" },
353 { IP_RES, "rsvd" }, /* The RFC3514 evil ;-) bit */
354 { 0, NULL }
355 };
356
357 /*
358 * print an IP datagram.
359 */
360 void
361 ip_print(register const u_char *bp, register u_int length)
362 {
363 register const struct ip *ip;
364 register u_int hlen, len, len0, off;
365 register const u_char *cp;
366 u_char nh;
367 int advance;
368 struct protoent *proto;
369 u_int16_t sum, ip_sum;
370 const char *sep = "";
371
372 ip = (const struct ip *)bp;
373 if ((u_char *)(ip + 1) > snapend) {
374 printf("[|ip]");
375 return;
376 }
377 if (length < sizeof (struct ip)) {
378 (void)printf("truncated-ip %d", length);
379 return;
380 }
381 hlen = IP_HL(ip) * 4;
382 if (hlen < sizeof (struct ip)) {
383 (void)printf("bad-hlen %d", hlen);
384 return;
385 }
386
387 len = EXTRACT_16BITS(&ip->ip_len);
388 if (length < len)
389 (void)printf("truncated-ip - %d bytes missing! ",
390 len - length);
391 len -= hlen;
392 len0 = len;
393
394 off = EXTRACT_16BITS(&ip->ip_off);
395
396 if (vflag) {
397 (void)printf("(tos 0x%x", (int)ip->ip_tos);
398 /* ECN bits */
399 if (ip->ip_tos & 0x03) {
400 switch (ip->ip_tos & 0x03) {
401 case 1:
402 (void)printf(",ECT(1)");
403 break;
404 case 2:
405 (void)printf(",ECT(0)");
406 break;
407 case 3:
408 (void)printf(",CE");
409 }
410 }
411
412 if (ip->ip_ttl >= 1)
413 (void)printf(", ttl %u", ip->ip_ttl);
414
415 /*
416 * for the firewall guys, print id, offset.
417 * On all but the last stick a "+" in the flags portion.
418 * For unfragmented datagrams, note the don't fragment flag.
419 */
420
421 (void)printf(", id %u, offset %u, flags [%s]",
422 EXTRACT_16BITS(&ip->ip_id),
423 (off & 0x1fff) * 8,
424 bittok2str(ip_frag_values, "none", off & 0xe000 ));
425
426 (void)printf(", length: %u", EXTRACT_16BITS(&ip->ip_len));
427
428 if ((hlen - sizeof(struct ip)) > 0) {
429 (void)printf(", optlength: %u (", hlen - (u_int)sizeof(struct ip));
430 ip_optprint((u_char *)(ip + 1), hlen - sizeof(struct ip));
431 printf(" )");
432 }
433
434 if ((u_char *)ip + hlen <= snapend) {
435 sum = in_cksum((const u_short *)ip, hlen, 0);
436 if (sum != 0) {
437 ip_sum = EXTRACT_16BITS(&ip->ip_sum);
438 (void)printf("%sbad cksum %x (->%x)!", sep,
439 ip_sum,
440 in_cksum_shouldbe(ip_sum, sum));
441 sep = ", ";
442 }
443 }
444
445 printf(") ");
446 }
447
448 /*
449 * If this is fragment zero, hand it to the next higher
450 * level protocol.
451 */
452 if ((off & 0x1fff) == 0) {
453 cp = (const u_char *)ip + hlen;
454 nh = ip->ip_p;
455
456 #ifndef IPPROTO_SCTP
457 #define IPPROTO_SCTP 132
458 #endif
459 if (nh != IPPROTO_TCP && nh != IPPROTO_UDP &&
460 nh != IPPROTO_SCTP) {
461 (void)printf("%s > %s: ", ipaddr_string(&ip->ip_src),
462 ipaddr_string(&ip->ip_dst));
463 }
464 again:
465 switch (nh) {
466
467 #ifndef IPPROTO_AH
468 #define IPPROTO_AH 51
469 #endif
470 case IPPROTO_AH:
471 nh = *cp;
472 advance = ah_print(cp);
473 cp += advance;
474 len -= advance;
475 goto again;
476
477 #ifndef IPPROTO_ESP
478 #define IPPROTO_ESP 50
479 #endif
480 case IPPROTO_ESP:
481 {
482 int enh, padlen;
483 advance = esp_print(cp, (const u_char *)ip, &enh, &padlen);
484 cp += advance;
485 len -= advance + padlen;
486 if (enh < 0)
487 break;
488 nh = enh & 0xff;
489 goto again;
490 }
491
492 #ifndef IPPROTO_IPCOMP
493 #define IPPROTO_IPCOMP 108
494 #endif
495 case IPPROTO_IPCOMP:
496 {
497 int enh;
498 advance = ipcomp_print(cp, &enh);
499 cp += advance;
500 len -= advance;
501 if (enh < 0)
502 break;
503 nh = enh & 0xff;
504 goto again;
505 }
506
507 case IPPROTO_SCTP:
508 sctp_print(cp, (const u_char *)ip, len);
509 break;
510
511 case IPPROTO_TCP:
512 tcp_print(cp, len, (const u_char *)ip, (off &~ 0x6000));
513 break;
514
515 case IPPROTO_UDP:
516 udp_print(cp, len, (const u_char *)ip, (off &~ 0x6000));
517 break;
518
519 case IPPROTO_ICMP:
520 icmp_print(cp, len, (const u_char *)ip);
521 break;
522
523 #ifndef IPPROTO_IGRP
524 #define IPPROTO_IGRP 9
525 #endif
526 case IPPROTO_IGRP:
527 igrp_print(cp, len, (const u_char *)ip);
528 break;
529
530 case IPPROTO_ND:
531 (void)printf(" nd %d", len);
532 break;
533
534 case IPPROTO_EGP:
535 egp_print(cp);
536 break;
537
538 #ifndef IPPROTO_OSPF
539 #define IPPROTO_OSPF 89
540 #endif
541 case IPPROTO_OSPF:
542 ospf_print(cp, len, (const u_char *)ip);
543 break;
544
545 #ifndef IPPROTO_IGMP
546 #define IPPROTO_IGMP 2
547 #endif
548 case IPPROTO_IGMP:
549 igmp_print(cp, len);
550 break;
551
552 case 4:
553 /* DVMRP multicast tunnel (ip-in-ip encapsulation) */
554 ip_print(cp, len);
555 if (! vflag) {
556 printf(" (ipip-proto-4)");
557 return;
558 }
559 break;
560
561 #ifdef INET6
562 #ifndef IP6PROTO_ENCAP
563 #define IP6PROTO_ENCAP 41
564 #endif
565 case IP6PROTO_ENCAP:
566 /* ip6-in-ip encapsulation */
567 ip6_print(cp, len);
568 break;
569 #endif /*INET6*/
570
571 #ifndef IPPROTO_RSVP
572 #define IPPROTO_RSVP 46
573 #endif
574 case IPPROTO_RSVP:
575 rsvp_print(cp, len);
576 break;
577
578 #ifndef IPPROTO_GRE
579 #define IPPROTO_GRE 47
580 #endif
581 case IPPROTO_GRE:
582 /* do it */
583 gre_print(cp, len);
584 break;
585
586 #ifndef IPPROTO_MOBILE
587 #define IPPROTO_MOBILE 55
588 #endif
589 case IPPROTO_MOBILE:
590 mobile_print(cp, len);
591 break;
592
593 #ifndef IPPROTO_PIM
594 #define IPPROTO_PIM 103
595 #endif
596 case IPPROTO_PIM:
597 pim_print(cp, len);
598 break;
599
600 #ifndef IPPROTO_VRRP
601 #define IPPROTO_VRRP 112
602 #endif
603 case IPPROTO_VRRP:
604 vrrp_print(cp, len, ip->ip_ttl);
605 break;
606
607 default:
608 if ((proto = getprotobynumber(nh)) != NULL)
609 (void)printf(" %s", proto->p_name);
610 else
611 (void)printf(" ip-proto-%d", nh);
612 printf(" %d", len);
613 break;
614 }
615 } else {
616 /* Ultra quiet now means that all this stuff should be suppressed */
617 if (qflag > 1) return;
618
619 /*
620 * if this isn't the first frag, we're missing the
621 * next level protocol header. print the ip addr
622 * and the protocol.
623 */
624 if (off & 0x1fff) {
625 (void)printf("%s > %s:", ipaddr_string(&ip->ip_src),
626 ipaddr_string(&ip->ip_dst));
627 if ((proto = getprotobynumber(ip->ip_p)) != NULL)
628 (void)printf(" %s", proto->p_name);
629 else
630 (void)printf(" ip-proto-%d", ip->ip_p);
631 }
632 }
633 }
634
635 void
636 ipN_print(register const u_char *bp, register u_int length)
637 {
638 struct ip *ip, hdr;
639
640 ip = (struct ip *)bp;
641 if (length < 4) {
642 (void)printf("truncated-ip %d", length);
643 return;
644 }
645 memcpy (&hdr, (char *)ip, 4);
646 switch (IP_V(&hdr)) {
647 case 4:
648 ip_print (bp, length);
649 return;
650 #ifdef INET6
651 case 6:
652 ip6_print (bp, length);
653 return;
654 #endif
655 default:
656 (void)printf("unknown ip %d", IP_V(&hdr));
657 return;
658 }
659 }
660
661
662
[mirror] the TCPdump network dissector