]> The Tcpdump Group git mirrors - tcpdump/blob - print-ip.c
projects / tcpdump / blob


b47d39a9b55490732f0593a5ad3bd0ae2ff96b05
[tcpdump] / print-ip.c
1 /*
2 * Copyright (c) 1988, 1989, 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997
3 * The Regents of the University of California. All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that: (1) source code distributions
7 * retain the above copyright notice and this paragraph in its entirety, (2)
8 * distributions including binary code include the above copyright notice and
9 * this paragraph in its entirety in the documentation or other materials
10 * provided with the distribution, and (3) all advertising materials mentioning
11 * features or use of this software display the following acknowledgement:
12 * ``This product includes software developed by the University of California,
13 * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of
14 * the University nor the names of its contributors may be used to endorse
15 * or promote products derived from this software without specific prior
16 * written permission.
17 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED
18 * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
19 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
20 */
21
22 /* \summary: IP printer */
23
24 #ifdef HAVE_CONFIG_H
25 #include <config.h>
26 #endif
27
28 #include "netdissect-stdinc.h"
29
30 #include <string.h>
31
32 #include "netdissect.h"
33 #include "addrtoname.h"
34 #include "extract.h"
35
36 #include "ip.h"
37 #include "ipproto.h"
38
39
40 static const struct tok ip_option_values[] = {
41 { IPOPT_EOL, "EOL" },
42 { IPOPT_NOP, "NOP" },
43 { IPOPT_TS, "timestamp" },
44 { IPOPT_SECURITY, "security" },
45 { IPOPT_RR, "RR" },
46 { IPOPT_SSRR, "SSRR" },
47 { IPOPT_LSRR, "LSRR" },
48 { IPOPT_RA, "RA" },
49 { IPOPT_RFC1393, "traceroute" },
50 { 0, NULL }
51 };
52
53 /*
54 * print the recorded route in an IP RR, LSRR or SSRR option.
55 */
56 static int
57 ip_printroute(netdissect_options *ndo,
58 const u_char *cp, u_int length)
59 {
60 u_int ptr;
61 u_int len;
62
63 if (length < 3) {
64 ND_PRINT(" [bad length %u]", length);
65 return (0);
66 }
67 if ((length + 1) & 3)
68 ND_PRINT(" [bad length %u]", length);
69 ND_TCHECK_1(cp + 2);
70 ptr = GET_U_1(cp + 2) - 1;
71 if (ptr < 3 || ((ptr + 1) & 3) || ptr > length + 1)
72 ND_PRINT(" [bad ptr %u]", GET_U_1(cp + 2));
73
74 for (len = 3; len < length; len += 4) {
75 ND_TCHECK_4(cp + len);
76 ND_PRINT(" %s", ipaddr_string(ndo, cp + len));
77 if (ptr > len)
78 ND_PRINT(",");
79 }
80 return (0);
81
82 trunc:
83 return (-1);
84 }
85
86 /*
87 * If source-routing is present and valid, return the final destination.
88 * Otherwise, return IP destination.
89 *
90 * This is used for UDP and TCP pseudo-header in the checksum
91 * calculation.
92 */
93 static uint32_t
94 ip_finddst(netdissect_options *ndo,
95 const struct ip *ip)
96 {
97 u_int length;
98 u_int len;
99 const u_char *cp;
100
101 cp = (const u_char *)(ip + 1);
102 length = IP_HL(ip) * 4;
103 if (length < sizeof(struct ip))
104 goto trunc;
105 length -= sizeof(struct ip);
106
107 for (; length != 0; cp += len, length -= len) {
108 int tt;
109
110 ND_TCHECK_1(cp);
111 tt = GET_U_1(cp);
112 if (tt == IPOPT_EOL)
113 break;
114 else if (tt == IPOPT_NOP)
115 len = 1;
116 else {
117 ND_TCHECK_1(cp + 1);
118 len = GET_U_1(cp + 1);
119 if (len < 2)
120 break;
121 }
122 if (length < len)
123 goto trunc;
124 ND_TCHECK_LEN(cp, len);
125 switch (tt) {
126
127 case IPOPT_SSRR:
128 case IPOPT_LSRR:
129 if (len < 7)
130 break;
131 return (GET_IPV4_TO_NETWORK_ORDER(cp + len - 4));
132 }
133 }
134 trunc:
135 return (GET_IPV4_TO_NETWORK_ORDER(ip->ip_dst));
136 }
137
138 /*
139 * Compute a V4-style checksum by building a pseudoheader.
140 */
141 uint16_t
142 nextproto4_cksum(netdissect_options *ndo,
143 const struct ip *ip, const uint8_t *data,
144 u_int len, u_int covlen, u_int next_proto)
145 {
146 struct phdr {
147 uint32_t src;
148 uint32_t dst;
149 u_char mbz;
150 u_char proto;
151 uint16_t len;
152 } ph;
153 struct cksum_vec vec[2];
154
155 /* pseudo-header.. */
156 ph.len = htons((uint16_t)len);
157 ph.mbz = 0;
158 ph.proto = next_proto;
159 ph.src = GET_IPV4_TO_NETWORK_ORDER(ip->ip_src);
160 if (IP_HL(ip) == 5)
161 ph.dst = GET_IPV4_TO_NETWORK_ORDER(ip->ip_dst);
162 else
163 ph.dst = ip_finddst(ndo, ip);
164
165 vec[0].ptr = (const uint8_t *)(void *)&ph;
166 vec[0].len = sizeof(ph);
167 vec[1].ptr = data;
168 vec[1].len = covlen;
169 return (in_cksum(vec, 2));
170 }
171
172 static int
173 ip_printts(netdissect_options *ndo,
174 const u_char *cp, u_int length)
175 {
176 u_int ptr;
177 u_int len;
178 u_int hoplen;
179 const char *type;
180
181 if (length < 4) {
182 ND_PRINT("[bad length %u]", length);
183 return (0);
184 }
185 ND_PRINT(" TS{");
186 ND_TCHECK_1(cp + 3);
187 hoplen = ((GET_U_1(cp + 3) & 0xF) != IPOPT_TS_TSONLY) ? 8 : 4;
188 if ((length - 4) & (hoplen-1))
189 ND_PRINT("[bad length %u]", length);
190 ND_TCHECK_1(cp + 2);
191 ptr = GET_U_1(cp + 2) - 1;
192 len = 0;
193 if (ptr < 4 || ((ptr - 4) & (hoplen-1)) || ptr > length + 1)
194 ND_PRINT("[bad ptr %u]", GET_U_1(cp + 2));
195 ND_TCHECK_1(cp + 3);
196 switch (GET_U_1(cp + 3)&0xF) {
197 case IPOPT_TS_TSONLY:
198 ND_PRINT("TSONLY");
199 break;
200 case IPOPT_TS_TSANDADDR:
201 ND_PRINT("TS+ADDR");
202 break;
203 /*
204 * prespecified should really be 3, but some ones might send 2
205 * instead, and the IPOPT_TS_PRESPEC constant can apparently
206 * have both values, so we have to hard-code it here.
207 */
208
209 case 2:
210 ND_PRINT("PRESPEC2.0");
211 break;
212 case 3: /* IPOPT_TS_PRESPEC */
213 ND_PRINT("PRESPEC");
214 break;
215 default:
216 ND_PRINT("[bad ts type %u]", GET_U_1(cp + 3)&0xF);
217 goto done;
218 }
219
220 type = " ";
221 for (len = 4; len < length; len += hoplen) {
222 if (ptr == len)
223 type = " ^ ";
224 ND_TCHECK_LEN(cp + len, hoplen);
225 ND_PRINT("%s%u@%s", type, GET_BE_U_4(cp + len + hoplen - 4),
226 hoplen!=8 ? "" : ipaddr_string(ndo, cp + len));
227 type = " ";
228 }
229
230 done:
231 ND_PRINT("%s", ptr == len ? " ^ " : "");
232
233 if (GET_U_1(cp + 3) >> 4)
234 ND_PRINT(" [%u hops not recorded]} ", GET_U_1(cp + 3)>>4);
235 else
236 ND_PRINT("}");
237 return (0);
238
239 trunc:
240 return (-1);
241 }
242
243 /*
244 * print IP options.
245 If truncated return -1, else 0.
246 */
247 static int
248 ip_optprint(netdissect_options *ndo,
249 const u_char *cp, u_int length)
250 {
251 u_int option_len;
252 const char *sep = "";
253
254 for (; length > 0; cp += option_len, length -= option_len) {
255 u_int option_code;
256
257 ND_PRINT("%s", sep);
258 sep = ",";
259
260 ND_TCHECK_1(cp);
261 option_code = GET_U_1(cp);
262
263 ND_PRINT("%s",
264 tok2str(ip_option_values,"unknown %u",option_code));
265
266 if (option_code == IPOPT_NOP ||
267 option_code == IPOPT_EOL)
268 option_len = 1;
269
270 else {
271 ND_TCHECK_1(cp + 1);
272 option_len = GET_U_1(cp + 1);
273 if (option_len < 2) {
274 ND_PRINT(" [bad length %u]", option_len);
275 return 0;
276 }
277 }
278
279 if (option_len > length) {
280 ND_PRINT(" [bad length %u]", option_len);
281 return 0;
282 }
283
284 ND_TCHECK_LEN(cp, option_len);
285
286 switch (option_code) {
287 case IPOPT_EOL:
288 return 0;
289
290 case IPOPT_TS:
291 if (ip_printts(ndo, cp, option_len) == -1)
292 goto trunc;
293 break;
294
295 case IPOPT_RR: /* fall through */
296 case IPOPT_SSRR:
297 case IPOPT_LSRR:
298 if (ip_printroute(ndo, cp, option_len) == -1)
299 goto trunc;
300 break;
301
302 case IPOPT_RA:
303 if (option_len < 4) {
304 ND_PRINT(" [bad length %u]", option_len);
305 break;
306 }
307 ND_TCHECK_1(cp + 3);
308 if (GET_BE_U_2(cp + 2) != 0)
309 ND_PRINT(" value %u", GET_BE_U_2(cp + 2));
310 break;
311
312 case IPOPT_NOP: /* nothing to print - fall through */
313 case IPOPT_SECURITY:
314 default:
315 break;
316 }
317 }
318 return 0;
319
320 trunc:
321 return -1;
322 }
323
324 #define IP_RES 0x8000
325
326 static const struct tok ip_frag_values[] = {
327 { IP_MF, "+" },
328 { IP_DF, "DF" },
329 { IP_RES, "rsvd" }, /* The RFC3514 evil ;-) bit */
330 { 0, NULL }
331 };
332
333 struct ip_print_demux_state {
334 const struct ip *ip;
335 const u_char *cp;
336 u_int len, off;
337 u_char nh;
338 int advance;
339 };
340
341 static void
342 ip_print_demux(netdissect_options *ndo,
343 struct ip_print_demux_state *ipds)
344 {
345 const char *p_name;
346
347 again:
348 switch (ipds->nh) {
349
350 case IPPROTO_AH:
351 if (!ND_TTEST_1(ipds->cp)) {
352 ndo->ndo_protocol = "ah";
353 nd_print_trunc(ndo);
354 break;
355 }
356 ipds->nh = GET_U_1(ipds->cp);
357 ipds->advance = ah_print(ndo, ipds->cp);
358 if (ipds->advance <= 0)
359 break;
360 ipds->cp += ipds->advance;
361 ipds->len -= ipds->advance;
362 goto again;
363
364 case IPPROTO_ESP:
365 {
366 u_int enh, padlen;
367 ipds->advance = esp_print(ndo, ipds->cp, ipds->len,
368 (const u_char *)ipds->ip,
369 &enh, &padlen);
370 if (ipds->advance <= 0)
371 break;
372 ipds->cp += ipds->advance;
373 ipds->len -= ipds->advance + padlen;
374 ipds->nh = enh & 0xff;
375 goto again;
376 }
377
378 case IPPROTO_IPCOMP:
379 {
380 ipcomp_print(ndo, ipds->cp);
381 /*
382 * Either this has decompressed the payload and
383 * printed it, in which case there's nothing more
384 * to do, or it hasn't, in which case there's
385 * nothing more to do.
386 */
387 break;
388 }
389
390 case IPPROTO_SCTP:
391 sctp_print(ndo, ipds->cp, (const u_char *)ipds->ip, ipds->len);
392 break;
393
394 case IPPROTO_DCCP:
395 dccp_print(ndo, ipds->cp, (const u_char *)ipds->ip, ipds->len);
396 break;
397
398 case IPPROTO_TCP:
399 /* pass on the MF bit plus the offset to detect fragments */
400 tcp_print(ndo, ipds->cp, ipds->len, (const u_char *)ipds->ip,
401 ipds->off & (IP_MF|IP_OFFMASK));
402 break;
403
404 case IPPROTO_UDP:
405 /* pass on the MF bit plus the offset to detect fragments */
406 udp_print(ndo, ipds->cp, ipds->len, (const u_char *)ipds->ip,
407 ipds->off & (IP_MF|IP_OFFMASK));
408 break;
409
410 case IPPROTO_ICMP:
411 /* pass on the MF bit plus the offset to detect fragments */
412 icmp_print(ndo, ipds->cp, ipds->len, (const u_char *)ipds->ip,
413 ipds->off & (IP_MF|IP_OFFMASK));
414 break;
415
416 case IPPROTO_PIGP:
417 /*
418 * XXX - the current IANA protocol number assignments
419 * page lists 9 as "any private interior gateway
420 * (used by Cisco for their IGRP)" and 88 as
421 * "EIGRP" from Cisco.
422 *
423 * Recent BSD <netinet/in.h> headers define
424 * IP_PROTO_PIGP as 9 and IP_PROTO_IGRP as 88.
425 * We define IP_PROTO_PIGP as 9 and
426 * IP_PROTO_EIGRP as 88; those names better
427 * match was the current protocol number
428 * assignments say.
429 */
430 igrp_print(ndo, ipds->cp, ipds->len);
431 break;
432
433 case IPPROTO_EIGRP:
434 eigrp_print(ndo, ipds->cp, ipds->len);
435 break;
436
437 case IPPROTO_ND:
438 ND_PRINT(" nd %u", ipds->len);
439 break;
440
441 case IPPROTO_EGP:
442 egp_print(ndo, ipds->cp, ipds->len);
443 break;
444
445 case IPPROTO_OSPF:
446 ospf_print(ndo, ipds->cp, ipds->len, (const u_char *)ipds->ip);
447 break;
448
449 case IPPROTO_IGMP:
450 igmp_print(ndo, ipds->cp, ipds->len);
451 break;
452
453 case IPPROTO_IPV4:
454 /* DVMRP multicast tunnel (ip-in-ip encapsulation) */
455 ip_print(ndo, ipds->cp, ipds->len);
456 if (! ndo->ndo_vflag) {
457 ND_PRINT(" (ipip-proto-4)");
458 return;
459 }
460 break;
461
462 case IPPROTO_IPV6:
463 /* ip6-in-ip encapsulation */
464 ip6_print(ndo, ipds->cp, ipds->len);
465 break;
466
467 case IPPROTO_RSVP:
468 rsvp_print(ndo, ipds->cp, ipds->len);
469 break;
470
471 case IPPROTO_GRE:
472 /* do it */
473 gre_print(ndo, ipds->cp, ipds->len);
474 break;
475
476 case IPPROTO_MOBILE:
477 mobile_print(ndo, ipds->cp, ipds->len);
478 break;
479
480 case IPPROTO_PIM:
481 pim_print(ndo, ipds->cp, ipds->len, (const u_char *)ipds->ip);
482 break;
483
484 case IPPROTO_VRRP:
485 if (ndo->ndo_packettype == PT_CARP) {
486 carp_print(ndo, ipds->cp, ipds->len,
487 GET_U_1(ipds->ip->ip_ttl));
488 } else {
489 vrrp_print(ndo, ipds->cp, ipds->len,
490 (const u_char *)ipds->ip,
491 GET_U_1(ipds->ip->ip_ttl));
492 }
493 break;
494
495 case IPPROTO_PGM:
496 pgm_print(ndo, ipds->cp, ipds->len, (const u_char *)ipds->ip);
497 break;
498
499 default:
500 if (ndo->ndo_nflag==0 && (p_name = netdb_protoname(ipds->nh)) != NULL)
501 ND_PRINT(" %s", p_name);
502 else
503 ND_PRINT(" ip-proto-%u", ipds->nh);
504 ND_PRINT(" %u", ipds->len);
505 break;
506 }
507 }
508
509 void
510 ip_inner_print(netdissect_options *ndo,
511 const u_char *bp,
512 u_int length, u_int nh,
513 const u_char *bp2)
514 {
515 struct ip_print_demux_state ipd;
516
517 ipd.ip = (const struct ip *)bp2;
518 ipd.cp = bp;
519 ipd.len = length;
520 ipd.off = 0;
521 ipd.nh = nh;
522 ipd.advance = 0;
523
524 ip_print_demux(ndo, &ipd);
525 }
526
527
528 /*
529 * print an IP datagram.
530 */
531 void
532 ip_print(netdissect_options *ndo,
533 const u_char *bp,
534 u_int length)
535 {
536 struct ip_print_demux_state ipd;
537 struct ip_print_demux_state *ipds=&ipd;
538 const u_char *ipend;
539 u_int hlen;
540 struct cksum_vec vec[1];
541 uint8_t ip_tos, ip_ttl, ip_proto;
542 uint16_t sum, ip_sum;
543 const char *p_name;
544 int truncated = 0;
545
546 ndo->ndo_protocol = "ip";
547 ipds->ip = (const struct ip *)bp;
548 ND_TCHECK_1(ipds->ip->ip_vhl);
549 if (IP_V(ipds->ip) != 4) { /* print version and fail if != 4 */
550 if (IP_V(ipds->ip) == 6)
551 ND_PRINT("IP6, wrong link-layer encapsulation");
552 else
553 ND_PRINT("IP%u", IP_V(ipds->ip));
554 nd_print_invalid(ndo);
555 return;
556 }
557 if (!ndo->ndo_eflag)
558 ND_PRINT("IP ");
559
560 ND_TCHECK_SIZE(ipds->ip);
561 if (length < sizeof (struct ip)) {
562 ND_PRINT("truncated-ip %u", length);
563 return;
564 }
565 hlen = IP_HL(ipds->ip) * 4;
566 if (hlen < sizeof (struct ip)) {
567 ND_PRINT("bad-hlen %u", hlen);
568 return;
569 }
570
571 ipds->len = GET_BE_U_2(ipds->ip->ip_len);
572 if (length < ipds->len)
573 ND_PRINT("truncated-ip - %u bytes missing! ",
574 ipds->len - length);
575 if (ipds->len < hlen) {
576 #ifdef GUESS_TSO
577 if (ipds->len) {
578 ND_PRINT("bad-len %u", ipds->len);
579 return;
580 }
581 else {
582 /* we guess that it is a TSO send */
583 ipds->len = length;
584 }
585 #else
586 ND_PRINT("bad-len %u", ipds->len);
587 return;
588 #endif /* GUESS_TSO */
589 }
590
591 /*
592 * Cut off the snapshot length to the end of the IP payload.
593 */
594 ipend = bp + ipds->len;
595 if (ipend < ndo->ndo_snapend)
596 ndo->ndo_snapend = ipend;
597
598 ipds->len -= hlen;
599
600 ipds->off = GET_BE_U_2(ipds->ip->ip_off);
601
602 ip_proto = GET_U_1(ipds->ip->ip_p);
603
604 if (ndo->ndo_vflag) {
605 ip_tos = GET_U_1(ipds->ip->ip_tos);
606 ND_PRINT("(tos 0x%x", ip_tos);
607 /* ECN bits */
608 switch (ip_tos & 0x03) {
609
610 case 0:
611 break;
612
613 case 1:
614 ND_PRINT(",ECT(1)");
615 break;
616
617 case 2:
618 ND_PRINT(",ECT(0)");
619 break;
620
621 case 3:
622 ND_PRINT(",CE");
623 break;
624 }
625
626 ip_ttl = GET_U_1(ipds->ip->ip_ttl);
627 if (ip_ttl >= 1)
628 ND_PRINT(", ttl %u", ip_ttl);
629
630 /*
631 * for the firewall guys, print id, offset.
632 * On all but the last stick a "+" in the flags portion.
633 * For unfragmented datagrams, note the don't fragment flag.
634 */
635 ND_PRINT(", id %u, offset %u, flags [%s], proto %s (%u)",
636 GET_BE_U_2(ipds->ip->ip_id),
637 (ipds->off & 0x1fff) * 8,
638 bittok2str(ip_frag_values, "none", ipds->off&0xe000),
639 tok2str(ipproto_values, "unknown", ip_proto),
640 ip_proto);
641
642 ND_PRINT(", length %u", GET_BE_U_2(ipds->ip->ip_len));
643
644 if ((hlen - sizeof(struct ip)) > 0) {
645 ND_PRINT(", options (");
646 if (ip_optprint(ndo, (const u_char *)(ipds->ip + 1),
647 hlen - sizeof(struct ip)) == -1) {
648 ND_PRINT(" [truncated-option]");
649 truncated = 1;
650 }
651 ND_PRINT(")");
652 }
653
654 if (!ndo->ndo_Kflag && (const u_char *)ipds->ip + hlen <= ndo->ndo_snapend) {
655 vec[0].ptr = (const uint8_t *)(const void *)ipds->ip;
656 vec[0].len = hlen;
657 sum = in_cksum(vec, 1);
658 if (sum != 0) {
659 ip_sum = GET_BE_U_2(ipds->ip->ip_sum);
660 ND_PRINT(", bad cksum %x (->%x)!", ip_sum,
661 in_cksum_shouldbe(ip_sum, sum));
662 }
663 }
664
665 ND_PRINT(")\n ");
666 if (truncated) {
667 ND_PRINT("%s > %s: ",
668 ipaddr_string(ndo, ipds->ip->ip_src),
669 ipaddr_string(ndo, ipds->ip->ip_dst));
670 goto trunc;
671 }
672 }
673
674 /*
675 * If this is fragment zero, hand it to the next higher
676 * level protocol.
677 */
678 if ((ipds->off & 0x1fff) == 0) {
679 ipds->cp = (const u_char *)ipds->ip + hlen;
680 ipds->nh = GET_U_1(ipds->ip->ip_p);
681
682 if (ipds->nh != IPPROTO_TCP && ipds->nh != IPPROTO_UDP &&
683 ipds->nh != IPPROTO_SCTP && ipds->nh != IPPROTO_DCCP) {
684 ND_PRINT("%s > %s: ",
685 ipaddr_string(ndo, ipds->ip->ip_src),
686 ipaddr_string(ndo, ipds->ip->ip_dst));
687 }
688 ip_print_demux(ndo, ipds);
689 } else {
690 /*
691 * Ultra quiet now means that all this stuff should be
692 * suppressed.
693 */
694 if (ndo->ndo_qflag > 1)
695 return;
696
697 /*
698 * This isn't the first frag, so we're missing the
699 * next level protocol header. print the ip addr
700 * and the protocol.
701 */
702 ND_PRINT("%s > %s:", ipaddr_string(ndo, ipds->ip->ip_src),
703 ipaddr_string(ndo, ipds->ip->ip_dst));
704 if (!ndo->ndo_nflag && (p_name = netdb_protoname(ip_proto)) != NULL)
705 ND_PRINT(" %s", p_name);
706 else
707 ND_PRINT(" ip-proto-%u", ip_proto);
708 }
709 return;
710
711 trunc:
712 nd_print_trunc(ndo);
713 return;
714 }
715
716 void
717 ipN_print(netdissect_options *ndo, const u_char *bp, u_int length)
718 {
719 ndo->ndo_protocol = "ipN";
720 if (length < 1) {
721 ND_PRINT("truncated-ip %u", length);
722 return;
723 }
724
725 ND_TCHECK_1(bp);
726 switch (GET_U_1(bp) & 0xF0) {
727 case 0x40:
728 ip_print(ndo, bp, length);
729 break;
730 case 0x60:
731 ip6_print(ndo, bp, length);
732 break;
733 default:
734 ND_PRINT("unknown ip %u", (GET_U_1(bp) & 0xF0) >> 4);
735 break;
736 }
737 return;
738
739 trunc:
740 nd_print_trunc(ndo);
741 return;
742 }
[mirror] the TCPdump network dissector