]> The Tcpdump Group git mirrors - tcpdump/blob - print-ip.c
projects / tcpdump / blob
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Add a new "ipproto.h" header file, with definitions of IP protocol type
[tcpdump] / print-ip.c
1 /*
2 * Copyright (c) 1988, 1989, 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997
3 * The Regents of the University of California. All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that: (1) source code distributions
7 * retain the above copyright notice and this paragraph in its entirety, (2)
8 * distributions including binary code include the above copyright notice and
9 * this paragraph in its entirety in the documentation or other materials
10 * provided with the distribution, and (3) all advertising materials mentioning
11 * features or use of this software display the following acknowledgement:
12 * ``This product includes software developed by the University of California,
13 * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of
14 * the University nor the names of its contributors may be used to endorse
15 * or promote products derived from this software without specific prior
16 * written permission.
17 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED
18 * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
19 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
20 */
21
22 #ifndef lint
23 static const char rcsid[] =
24 "@(#) $Header: /tcpdump/master/tcpdump/print-ip.c,v 1.127 2003-06-07 11:57:53 guy Exp $ (LBL)";
25 #endif
26
27 #ifdef HAVE_CONFIG_H
28 #include "config.h"
29 #endif
30
31 #include <tcpdump-stdinc.h>
32
33 #include <stdio.h>
34 #include <stdlib.h>
35 #include <string.h>
36
37 #include "addrtoname.h"
38 #include "interface.h"
39 #include "extract.h" /* must come after interface.h */
40
41 #include "ip.h"
42 #include "ipproto.h"
43
44 /*
45 * print the recorded route in an IP RR, LSRR or SSRR option.
46 */
47 static void
48 ip_printroute(const char *type, register const u_char *cp, u_int length)
49 {
50 register u_int ptr = cp[2] - 1;
51 register u_int len;
52
53 printf(" %s{", type);
54 if ((length + 1) & 3)
55 printf(" [bad length %d]", length);
56 if (ptr < 3 || ((ptr + 1) & 3) || ptr > length + 1)
57 printf(" [bad ptr %d]", cp[2]);
58
59 type = "";
60 for (len = 3; len < length; len += 4) {
61 if (ptr == len)
62 type = "#";
63 printf("%s%s", type, ipaddr_string(&cp[len]));
64 type = " ";
65 }
66 printf("%s}", ptr == len? "#" : "");
67 }
68
69 /*
70 * If source-routing is present, return the final destination.
71 * Otherwise, return IP destination.
72 *
73 * This is used for UDP and TCP pseudo-header in the checksum
74 * calculation.
75 */
76 u_int32_t
77 ip_finddst(const struct ip *ip)
78 {
79 int length;
80 int len;
81 const u_char *cp;
82 u_int32_t retval;
83
84 cp = (const u_char *)(ip + 1);
85 length = (IP_HL(ip) << 2) - sizeof(struct ip);
86
87 for (; length > 0; cp += len, length -= len) {
88 int tt = *cp;
89
90 if (tt == IPOPT_NOP || tt == IPOPT_EOL)
91 len = 1;
92 else {
93 if (&cp[1] >= snapend) {
94 return 0;
95 }
96 len = cp[1];
97 }
98 if (len <= 0) {
99 return 0;
100 }
101 if (&cp[1] >= snapend || cp + len > snapend) {
102 return 0;
103 }
104 switch (tt) {
105
106 case IPOPT_SSRR:
107 case IPOPT_LSRR:
108 memcpy(&retval, cp + len - 4, 4);
109 return retval;
110 }
111 }
112 return ip->ip_dst.s_addr;
113 }
114
115 static void
116 ip_printts(register const u_char *cp, u_int length)
117 {
118 register u_int ptr = cp[2] - 1;
119 register u_int len = 0;
120 int hoplen;
121 const char *type;
122
123 printf(" TS{");
124 hoplen = ((cp[3]&0xF) != IPOPT_TS_TSONLY) ? 8 : 4;
125 if ((length - 4) & (hoplen-1))
126 printf("[bad length %d]", length);
127 if (ptr < 4 || ((ptr - 4) & (hoplen-1)) || ptr > length + 1)
128 printf("[bad ptr %d]", cp[2]);
129 switch (cp[3]&0xF) {
130 case IPOPT_TS_TSONLY:
131 printf("TSONLY");
132 break;
133 case IPOPT_TS_TSANDADDR:
134 printf("TS+ADDR");
135 break;
136 /*
137 * prespecified should really be 3, but some ones might send 2
138 * instead, and the IPOPT_TS_PRESPEC constant can apparently
139 * have both values, so we have to hard-code it here.
140 */
141
142 case 2:
143 printf("PRESPEC2.0");
144 break;
145 case 3: /* IPOPT_TS_PRESPEC */
146 printf("PRESPEC");
147 break;
148 default:
149 printf("[bad ts type %d]", cp[3]&0xF);
150 goto done;
151 }
152
153 type = " ";
154 for (len = 4; len < length; len += hoplen) {
155 if (ptr == len)
156 type = " ^ ";
157 printf("%s%d@%s", type, EXTRACT_32BITS(&cp[len+hoplen-4]),
158 hoplen!=8 ? "" : ipaddr_string(&cp[len]));
159 type = " ";
160 }
161
162 done:
163 printf("%s", ptr == len ? " ^ " : "");
164
165 if (cp[3]>>4)
166 printf(" [%d hops not recorded]} ", cp[3]>>4);
167 else
168 printf("}");
169 }
170
171 /*
172 * print IP options.
173 */
174 static void
175 ip_optprint(register const u_char *cp, u_int length)
176 {
177 register u_int len;
178
179 for (; length > 0; cp += len, length -= len) {
180 int tt = *cp;
181
182 if (tt == IPOPT_NOP || tt == IPOPT_EOL)
183 len = 1;
184 else {
185 if (&cp[1] >= snapend) {
186 printf("[|ip]");
187 return;
188 }
189 len = cp[1];
190 }
191 if (len <= 0) {
192 printf("[|ip op len %d]", len);
193 return;
194 }
195 if (&cp[1] >= snapend || cp + len > snapend) {
196 printf("[|ip]");
197 return;
198 }
199 switch (tt) {
200
201 case IPOPT_EOL:
202 printf(" EOL");
203 if (length > 1)
204 printf("-%d", length - 1);
205 return;
206
207 case IPOPT_NOP:
208 printf(" NOP");
209 break;
210
211 case IPOPT_TS:
212 ip_printts(cp, len);
213 break;
214
215 #ifndef IPOPT_SECURITY
216 #define IPOPT_SECURITY 130
217 #endif /* IPOPT_SECURITY */
218 case IPOPT_SECURITY:
219 printf(" SECURITY{%d}", len);
220 break;
221
222 case IPOPT_RR:
223 ip_printroute("RR", cp, len);
224 break;
225
226 case IPOPT_SSRR:
227 ip_printroute("SSRR", cp, len);
228 break;
229
230 case IPOPT_LSRR:
231 ip_printroute("LSRR", cp, len);
232 break;
233
234 #ifndef IPOPT_RA
235 #define IPOPT_RA 148 /* router alert */
236 #endif
237 case IPOPT_RA:
238 printf(" RA");
239 if (len != 4)
240 printf("{%d}", len);
241 else if (cp[2] || cp[3])
242 printf("%d.%d", cp[2], cp[3]);
243 break;
244
245 default:
246 printf(" IPOPT-%d{%d}", cp[0], len);
247 break;
248 }
249 }
250 }
251
252 /*
253 * compute an IP header checksum.
254 * don't modifiy the packet.
255 */
256 u_short
257 in_cksum(const u_short *addr, register u_int len, int csum)
258 {
259 int nleft = len;
260 const u_short *w = addr;
261 u_short answer;
262 int sum = csum;
263
264 /*
265 * Our algorithm is simple, using a 32 bit accumulator (sum),
266 * we add sequential 16 bit words to it, and at the end, fold
267 * back all the carry bits from the top 16 bits into the lower
268 * 16 bits.
269 */
270 while (nleft > 1) {
271 sum += *w++;
272 nleft -= 2;
273 }
274 if (nleft == 1)
275 sum += htons(*(u_char *)w<<8);
276
277 /*
278 * add back carry outs from top 16 bits to low 16 bits
279 */
280 sum = (sum >> 16) + (sum & 0xffff); /* add hi 16 to low 16 */
281 sum += (sum >> 16); /* add carry */
282 answer = ~sum; /* truncate to 16 bits */
283 return (answer);
284 }
285
286 /*
287 * Given the host-byte-order value of the checksum field in a packet
288 * header, and the network-byte-order computed checksum of the data
289 * that the checksum covers (including the checksum itself), compute
290 * what the checksum field *should* have been.
291 */
292 u_int16_t
293 in_cksum_shouldbe(u_int16_t sum, u_int16_t computed_sum)
294 {
295 u_int32_t shouldbe;
296
297 /*
298 * The value that should have gone into the checksum field
299 * is the negative of the value gotten by summing up everything
300 * *but* the checksum field.
301 *
302 * We can compute that by subtracting the value of the checksum
303 * field from the sum of all the data in the packet, and then
304 * computing the negative of that value.
305 *
306 * "sum" is the value of the checksum field, and "computed_sum"
307 * is the negative of the sum of all the data in the packets,
308 * so that's -(-computed_sum - sum), or (sum + computed_sum).
309 *
310 * All the arithmetic in question is one's complement, so the
311 * addition must include an end-around carry; we do this by
312 * doing the arithmetic in 32 bits (with no sign-extension),
313 * and then adding the upper 16 bits of the sum, which contain
314 * the carry, to the lower 16 bits of the sum, and then do it
315 * again in case *that* sum produced a carry.
316 *
317 * As RFC 1071 notes, the checksum can be computed without
318 * byte-swapping the 16-bit words; summing 16-bit words
319 * on a big-endian machine gives a big-endian checksum, which
320 * can be directly stuffed into the big-endian checksum fields
321 * in protocol headers, and summing words on a little-endian
322 * machine gives a little-endian checksum, which must be
323 * byte-swapped before being stuffed into a big-endian checksum
324 * field.
325 *
326 * "computed_sum" is a network-byte-order value, so we must put
327 * it in host byte order before subtracting it from the
328 * host-byte-order value from the header; the adjusted checksum
329 * will be in host byte order, which is what we'll return.
330 */
331 shouldbe = sum;
332 shouldbe += ntohs(computed_sum);
333 shouldbe = (shouldbe & 0xFFFF) + (shouldbe >> 16);
334 shouldbe = (shouldbe & 0xFFFF) + (shouldbe >> 16);
335 return shouldbe;
336 }
337
338 #ifndef IP_MF
339 #define IP_MF 0x2000
340 #endif /* IP_MF */
341 #ifndef IP_DF
342 #define IP_DF 0x4000
343 #endif /* IP_DF */
344 #define IP_RES 0x8000
345
346 static struct tok ip_frag_values[] = {
347 { IP_MF, "+" },
348 { IP_DF, "DF" },
349 { IP_RES, "rsvd" }, /* The RFC3514 evil ;-) bit */
350 { 0, NULL }
351 };
352
353 /*
354 * print an IP datagram.
355 */
356 void
357 ip_print(register const u_char *bp, register u_int length)
358 {
359 register const struct ip *ip;
360 register u_int hlen, len, len0, off;
361 register const u_char *cp;
362 u_char nh;
363 int advance;
364 struct protoent *proto;
365 u_int16_t sum, ip_sum;
366 const char *sep = "";
367
368 ip = (const struct ip *)bp;
369 if (IP_V(ip) != 4) { /* print version if != 4 */
370 printf("IP%u ", IP_V(ip));
371 if (IP_V(ip) == 6)
372 printf(", wrong link-layer encapsulation");
373 }
374 else
375 printf("IP ");
376
377 if ((u_char *)(ip + 1) > snapend) {
378 printf("[|ip]");
379 return;
380 }
381 if (length < sizeof (struct ip)) {
382 (void)printf("truncated-ip %d", length);
383 return;
384 }
385 hlen = IP_HL(ip) * 4;
386 if (hlen < sizeof (struct ip)) {
387 (void)printf("bad-hlen %d", hlen);
388 return;
389 }
390
391 len = EXTRACT_16BITS(&ip->ip_len);
392 if (length < len)
393 (void)printf("truncated-ip - %d bytes missing! ",
394 len - length);
395 len -= hlen;
396 len0 = len;
397
398 off = EXTRACT_16BITS(&ip->ip_off);
399
400 if (vflag) {
401 (void)printf("(tos 0x%x", (int)ip->ip_tos);
402 /* ECN bits */
403 if (ip->ip_tos & 0x03) {
404 switch (ip->ip_tos & 0x03) {
405 case 1:
406 (void)printf(",ECT(1)");
407 break;
408 case 2:
409 (void)printf(",ECT(0)");
410 break;
411 case 3:
412 (void)printf(",CE");
413 }
414 }
415
416 if (ip->ip_ttl >= 1)
417 (void)printf(", ttl %3u", ip->ip_ttl);
418
419 /*
420 * for the firewall guys, print id, offset.
421 * On all but the last stick a "+" in the flags portion.
422 * For unfragmented datagrams, note the don't fragment flag.
423 */
424
425 (void)printf(", id %u, offset %u, flags [%s]",
426 EXTRACT_16BITS(&ip->ip_id),
427 (off & 0x1fff) * 8,
428 bittok2str(ip_frag_values, "none", off & 0xe000 ));
429
430 (void)printf(", length: %u", EXTRACT_16BITS(&ip->ip_len));
431
432 if ((hlen - sizeof(struct ip)) > 0) {
433 (void)printf(", optlength: %u (", hlen - (u_int)sizeof(struct ip));
434 ip_optprint((u_char *)(ip + 1), hlen - sizeof(struct ip));
435 printf(" )");
436 }
437
438 if ((u_char *)ip + hlen <= snapend) {
439 sum = in_cksum((const u_short *)ip, hlen, 0);
440 if (sum != 0) {
441 ip_sum = EXTRACT_16BITS(&ip->ip_sum);
442 (void)printf("%sbad cksum %x (->%x)!", sep,
443 ip_sum,
444 in_cksum_shouldbe(ip_sum, sum));
445 sep = ", ";
446 }
447 }
448
449 printf(") ");
450 }
451
452 /*
453 * If this is fragment zero, hand it to the next higher
454 * level protocol.
455 */
456 if ((off & 0x1fff) == 0) {
457 cp = (const u_char *)ip + hlen;
458 nh = ip->ip_p;
459
460 if (nh != IPPROTO_TCP && nh != IPPROTO_UDP &&
461 nh != IPPROTO_SCTP) {
462 (void)printf("%s > %s: ", ipaddr_string(&ip->ip_src),
463 ipaddr_string(&ip->ip_dst));
464 }
465 again:
466 switch (nh) {
467
468 case IPPROTO_AH:
469 nh = *cp;
470 advance = ah_print(cp);
471 cp += advance;
472 len -= advance;
473 goto again;
474
475 case IPPROTO_ESP:
476 {
477 int enh, padlen;
478 advance = esp_print(cp, (const u_char *)ip, &enh, &padlen);
479 cp += advance;
480 len -= advance + padlen;
481 if (enh < 0)
482 break;
483 nh = enh & 0xff;
484 goto again;
485 }
486
487 case IPPROTO_IPCOMP:
488 {
489 int enh;
490 advance = ipcomp_print(cp, &enh);
491 cp += advance;
492 len -= advance;
493 if (enh < 0)
494 break;
495 nh = enh & 0xff;
496 goto again;
497 }
498
499 case IPPROTO_SCTP:
500 sctp_print(cp, (const u_char *)ip, len);
501 break;
502
503 case IPPROTO_TCP:
504 tcp_print(cp, len, (const u_char *)ip, (off &~ 0x6000));
505 break;
506
507 case IPPROTO_UDP:
508 udp_print(cp, len, (const u_char *)ip, (off &~ 0x6000));
509 break;
510
511 case IPPROTO_ICMP:
512 /* pass on the MF bit plus the offset to detect fragments */
513 icmp_print(cp, len, (const u_char *)ip, (off & 0x3fff));
514 break;
515
516 case IPPROTO_IGRP:
517 igrp_print(cp, len, (const u_char *)ip);
518 break;
519
520 case IPPROTO_ND:
521 (void)printf(" nd %d", len);
522 break;
523
524 case IPPROTO_EGP:
525 egp_print(cp);
526 break;
527
528 case IPPROTO_OSPF:
529 ospf_print(cp, len, (const u_char *)ip);
530 break;
531
532 case IPPROTO_IGMP:
533 igmp_print(cp, len);
534 break;
535
536 case IPPROTO_IPV4:
537 /* DVMRP multicast tunnel (ip-in-ip encapsulation) */
538 ip_print(cp, len);
539 if (! vflag) {
540 printf(" (ipip-proto-4)");
541 return;
542 }
543 break;
544
545 #ifdef INET6
546 case IPPROTO_IPV6:
547 /* ip6-in-ip encapsulation */
548 ip6_print(cp, len);
549 break;
550 #endif /*INET6*/
551
552 case IPPROTO_RSVP:
553 rsvp_print(cp, len);
554 break;
555
556 case IPPROTO_GRE:
557 /* do it */
558 gre_print(cp, len);
559 break;
560
561 case IPPROTO_MOBILE:
562 mobile_print(cp, len);
563 break;
564
565 case IPPROTO_PIM:
566 pim_print(cp, len);
567 break;
568
569 case IPPROTO_VRRP:
570 vrrp_print(cp, len, ip->ip_ttl);
571 break;
572
573 default:
574 if ((proto = getprotobynumber(nh)) != NULL)
575 (void)printf(" %s", proto->p_name);
576 else
577 (void)printf(" ip-proto-%d", nh);
578 printf(" %d", len);
579 break;
580 }
581 } else {
582 /* Ultra quiet now means that all this stuff should be suppressed */
583 if (qflag > 1) return;
584
585 /*
586 * if this isn't the first frag, we're missing the
587 * next level protocol header. print the ip addr
588 * and the protocol.
589 */
590 if (off & 0x1fff) {
591 (void)printf("%s > %s:", ipaddr_string(&ip->ip_src),
592 ipaddr_string(&ip->ip_dst));
593 if ((proto = getprotobynumber(ip->ip_p)) != NULL)
594 (void)printf(" %s", proto->p_name);
595 else
596 (void)printf(" ip-proto-%d", ip->ip_p);
597 }
598 }
599 }
600
601 void
602 ipN_print(register const u_char *bp, register u_int length)
603 {
604 struct ip *ip, hdr;
605
606 ip = (struct ip *)bp;
607 if (length < 4) {
608 (void)printf("truncated-ip %d", length);
609 return;
610 }
611 memcpy (&hdr, (char *)ip, 4);
612 switch (IP_V(&hdr)) {
613 case 4:
614 ip_print (bp, length);
615 return;
616 #ifdef INET6
617 case 6:
618 ip6_print (bp, length);
619 return;
620 #endif
621 default:
622 (void)printf("unknown ip %d", IP_V(&hdr));
623 return;
624 }
625 }
626
627
628
[mirror] the TCPdump network dissector