#ifndef lint
static const char rcsid[] =
- "@(#) $Header: /tcpdump/master/tcpdump/print-ip.c,v 1.99 2001-08-20 17:52:39 fenner Exp $ (LBL)";
+ "@(#) $Header: /tcpdump/master/tcpdump/print-ip.c,v 1.125 2003-05-21 08:39:57 hannes Exp $ (LBL)";
#endif
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
-#include <sys/param.h>
-#include <sys/time.h>
-#include <sys/socket.h>
-
-#include <netinet/in.h>
+#include <tcpdump-stdinc.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
-#include <unistd.h>
#include "addrtoname.h"
#include "interface.h"
printf("%s}", ptr == len? "#" : "");
}
+/*
+ * If source-routing is present, return the final destination.
+ * Otherwise, return IP destination.
+ *
+ * This is used for UDP and TCP pseudo-header in the checksum
+ * calculation.
+ */
+u_int32_t
+ip_finddst(const struct ip *ip)
+{
+ int length;
+ int len;
+ const u_char *cp;
+ u_int32_t retval;
+
+ cp = (const u_char *)(ip + 1);
+ length = (IP_HL(ip) << 2) - sizeof(struct ip);
+
+ for (; length > 0; cp += len, length -= len) {
+ int tt = *cp;
+
+ if (tt == IPOPT_NOP || tt == IPOPT_EOL)
+ len = 1;
+ else {
+ if (&cp[1] >= snapend) {
+ return 0;
+ }
+ len = cp[1];
+ }
+ if (len <= 0) {
+ return 0;
+ }
+ if (&cp[1] >= snapend || cp + len > snapend) {
+ return 0;
+ }
+ switch (tt) {
+
+ case IPOPT_SSRR:
+ case IPOPT_LSRR:
+ memcpy(&retval, cp + len - 4, 4);
+ return retval;
+ }
+ }
+ return ip->ip_dst.s_addr;
+}
+
static void
ip_printts(register const u_char *cp, u_int length)
{
register u_int ptr = cp[2] - 1;
register u_int len = 0;
int hoplen;
- char *type;
+ const char *type;
printf(" TS{");
hoplen = ((cp[3]&0xF) != IPOPT_TS_TSONLY) ? 8 : 4;
case 3: /* IPOPT_TS_PRESPEC */
printf("PRESPEC");
break;
- default:
+ default:
printf("[bad ts type %d]", cp[3]&0xF);
goto done;
}
* don't modifiy the packet.
*/
u_short
-in_cksum(const u_short *addr, register int len, int csum)
+in_cksum(const u_short *addr, register u_int len, int csum)
{
int nleft = len;
const u_short *w = addr;
u_short answer;
int sum = csum;
- /*
+ /*
* Our algorithm is simple, using a 32 bit accumulator (sum),
* we add sequential 16 bit words to it, and at the end, fold
* back all the carry bits from the top 16 bits into the lower
* 16 bits.
- */
+ */
while (nleft > 1) {
sum += *w++;
nleft -= 2;
return (answer);
}
+/*
+ * Given the host-byte-order value of the checksum field in a packet
+ * header, and the network-byte-order computed checksum of the data
+ * that the checksum covers (including the checksum itself), compute
+ * what the checksum field *should* have been.
+ */
+u_int16_t
+in_cksum_shouldbe(u_int16_t sum, u_int16_t computed_sum)
+{
+ u_int32_t shouldbe;
+
+ /*
+ * The value that should have gone into the checksum field
+ * is the negative of the value gotten by summing up everything
+ * *but* the checksum field.
+ *
+ * We can compute that by subtracting the value of the checksum
+ * field from the sum of all the data in the packet, and then
+ * computing the negative of that value.
+ *
+ * "sum" is the value of the checksum field, and "computed_sum"
+ * is the negative of the sum of all the data in the packets,
+ * so that's -(-computed_sum - sum), or (sum + computed_sum).
+ *
+ * All the arithmetic in question is one's complement, so the
+ * addition must include an end-around carry; we do this by
+ * doing the arithmetic in 32 bits (with no sign-extension),
+ * and then adding the upper 16 bits of the sum, which contain
+ * the carry, to the lower 16 bits of the sum, and then do it
+ * again in case *that* sum produced a carry.
+ *
+ * As RFC 1071 notes, the checksum can be computed without
+ * byte-swapping the 16-bit words; summing 16-bit words
+ * on a big-endian machine gives a big-endian checksum, which
+ * can be directly stuffed into the big-endian checksum fields
+ * in protocol headers, and summing words on a little-endian
+ * machine gives a little-endian checksum, which must be
+ * byte-swapped before being stuffed into a big-endian checksum
+ * field.
+ *
+ * "computed_sum" is a network-byte-order value, so we must put
+ * it in host byte order before subtracting it from the
+ * host-byte-order value from the header; the adjusted checksum
+ * will be in host byte order, which is what we'll return.
+ */
+ shouldbe = sum;
+ shouldbe += ntohs(computed_sum);
+ shouldbe = (shouldbe & 0xFFFF) + (shouldbe >> 16);
+ shouldbe = (shouldbe & 0xFFFF) + (shouldbe >> 16);
+ return shouldbe;
+}
+
+#ifndef IP_MF
+#define IP_MF 0x2000
+#endif /* IP_MF */
+#ifndef IP_DF
+#define IP_DF 0x4000
+#endif /* IP_DF */
+#define IP_RES 0x8000
+
+static struct tok ip_frag_values[] = {
+ { IP_MF, "+" },
+ { IP_DF, "DF" },
+ { IP_RES, "rsvd" }, /* The RFC3514 evil ;-) bit */
+ { 0, NULL }
+};
+
/*
* print an IP datagram.
*/
register const u_char *cp;
u_char nh;
int advance;
+ struct protoent *proto;
+ u_int16_t sum, ip_sum;
+ const char *sep = "";
+
+ printf("IP%s ", (((*bp >> 4) & 0xf) == 4) ? "" : "%u", (*bp >> 4) & 0xf); /* print version if != 4 */
ip = (const struct ip *)bp;
-#ifdef LBL_ALIGN
- /*
- * If the IP header is not aligned, copy into abuf.
- * This will never happen with BPF. It does happen raw packet
- * dumps from -r.
- */
- if ((long)ip & 3) {
- static u_char *abuf = NULL;
- static int didwarn = 0;
-
- if (abuf == NULL) {
- abuf = (u_char *)malloc(snaplen);
- if (abuf == NULL)
- error("ip_print: malloc");
- }
- memcpy((char *)abuf, (char *)ip, min(length, snaplen));
- snapend += abuf - (u_char *)ip;
- packetp = abuf;
- ip = (struct ip *)abuf;
- /* We really want libpcap to give us aligned packets */
- if (!didwarn) {
- warning("compensating for unaligned libpcap packets");
- ++didwarn;
- }
- }
-#endif
if ((u_char *)(ip + 1) > snapend) {
printf("[|ip]");
return;
return;
}
- len = ntohs(ip->ip_len);
+ len = EXTRACT_16BITS(&ip->ip_len);
if (length < len)
(void)printf("truncated-ip - %d bytes missing! ",
len - length);
len -= hlen;
len0 = len;
+ off = EXTRACT_16BITS(&ip->ip_off);
+
+ if (vflag) {
+ (void)printf("(tos 0x%x", (int)ip->ip_tos);
+ /* ECN bits */
+ if (ip->ip_tos & 0x03) {
+ switch (ip->ip_tos & 0x03) {
+ case 1:
+ (void)printf(",ECT(1)");
+ break;
+ case 2:
+ (void)printf(",ECT(0)");
+ break;
+ case 3:
+ (void)printf(",CE");
+ }
+ }
+
+ if (ip->ip_ttl >= 1)
+ (void)printf(", ttl %3u", ip->ip_ttl);
+
+ /*
+ * for the firewall guys, print id, offset.
+ * On all but the last stick a "+" in the flags portion.
+ * For unfragmented datagrams, note the don't fragment flag.
+ */
+
+ (void)printf(", id %u, offset %u, flags [%s]",
+ EXTRACT_16BITS(&ip->ip_id),
+ (off & 0x1fff) * 8,
+ bittok2str(ip_frag_values, "none", off & 0xe000 ));
+
+ (void)printf(", length: %u", EXTRACT_16BITS(&ip->ip_len));
+
+ if ((hlen - sizeof(struct ip)) > 0) {
+ (void)printf(", optlength: %u (", hlen - (u_int)sizeof(struct ip));
+ ip_optprint((u_char *)(ip + 1), hlen - sizeof(struct ip));
+ printf(" )");
+ }
+
+ if ((u_char *)ip + hlen <= snapend) {
+ sum = in_cksum((const u_short *)ip, hlen, 0);
+ if (sum != 0) {
+ ip_sum = EXTRACT_16BITS(&ip->ip_sum);
+ (void)printf("%sbad cksum %x (->%x)!", sep,
+ ip_sum,
+ in_cksum_shouldbe(ip_sum, sum));
+ sep = ", ";
+ }
+ }
+
+ printf(") ");
+ }
+
/*
* If this is fragment zero, hand it to the next higher
* level protocol.
*/
- off = ntohs(ip->ip_off);
if ((off & 0x1fff) == 0) {
cp = (const u_char *)ip + hlen;
nh = ip->ip_p;
#endif
case IPPROTO_AH:
nh = *cp;
- advance = ah_print(cp, (const u_char *)ip);
+ advance = ah_print(cp);
cp += advance;
len -= advance;
goto again;
case IPPROTO_IPCOMP:
{
int enh;
- advance = ipcomp_print(cp, (const u_char *)ip, &enh);
+ advance = ipcomp_print(cp, &enh);
cp += advance;
len -= advance;
if (enh < 0)
}
case IPPROTO_SCTP:
- sctp_print(cp, (const u_char *)ip, len);
+ sctp_print(cp, (const u_char *)ip, len);
break;
case IPPROTO_TCP:
break;
case IPPROTO_ICMP:
- icmp_print(cp, len, (const u_char *)ip);
+ /* pass on the MF bit plus the offset to detect fragments */
+ icmp_print(cp, len, (const u_char *)ip, (off & 0x3fff));
break;
#ifndef IPPROTO_IGRP
break;
case IPPROTO_EGP:
- egp_print(cp, len, (const u_char *)ip);
+ egp_print(cp);
break;
#ifndef IPPROTO_OSPF
#define IPPROTO_IGMP 2
#endif
case IPPROTO_IGMP:
- igmp_print(cp, len, (const u_char *)ip);
+ igmp_print(cp, len);
break;
case 4:
break;
#endif /*INET6*/
+#ifndef IPPROTO_RSVP
+#define IPPROTO_RSVP 46
+#endif
+ case IPPROTO_RSVP:
+ rsvp_print(cp, len);
+ break;
#ifndef IPPROTO_GRE
#define IPPROTO_GRE 47
break;
default:
- (void)printf(" ip-proto-%d %d", nh, len);
+ if ((proto = getprotobynumber(nh)) != NULL)
+ (void)printf(" %s", proto->p_name);
+ else
+ (void)printf(" ip-proto-%d", nh);
+ printf(" %d", len);
break;
}
- }
-
- /* Ultra quiet now means that all this stuff should be suppressed */
- /* res 3-Nov-98 */
- if (qflag > 1) return;
-
-
- /*
- * for fragmented datagrams, print id:size@offset. On all
- * but the last stick a "+". For unfragmented datagrams, note
- * the don't fragment flag.
- */
- len = len0; /* get the original length */
- if (off & 0x3fff) {
- /*
- * if this isn't the first frag, we're missing the
- * next level protocol header. print the ip addr.
- */
- if (off & 0x1fff)
- (void)printf("%s > %s:", ipaddr_string(&ip->ip_src),
- ipaddr_string(&ip->ip_dst));
-#ifndef IP_MF
-#define IP_MF 0x2000
-#endif /* IP_MF */
-#ifndef IP_DF
-#define IP_DF 0x4000
-#endif /* IP_DF */
- (void)printf(" (frag %d:%u@%d%s)", ntohs(ip->ip_id), len,
- (off & 0x1fff) * 8,
- (off & IP_MF)? "+" : "");
-
- } else if (off & IP_DF)
- (void)printf(" (DF)");
-
- if (ip->ip_tos) {
- (void)printf(" [tos 0x%x", (int)ip->ip_tos);
- /* ECN bits */
- if (ip->ip_tos & 0x03) {
- switch (ip->ip_tos & 0x03) {
- case 1:
- (void)printf(",ECT(1)");
- break;
- case 2:
- (void)printf(",ECT(0)");
- break;
- case 3:
- (void)printf(",CE");
- }
- }
- (void)printf("] ");
- }
-
- if (ip->ip_ttl <= 1)
- (void)printf(" [ttl %d]", (int)ip->ip_ttl);
-
- if (vflag) {
- int sum;
- char *sep = "";
-
- printf(" (");
- if (ip->ip_ttl > 1) {
- (void)printf("%sttl %d", sep, (int)ip->ip_ttl);
- sep = ", ";
- }
- if ((off & 0x3fff) == 0) {
- (void)printf("%sid %d", sep, (int)ntohs(ip->ip_id));
- sep = ", ";
- }
- (void)printf("%slen %d", sep, (int)ntohs(ip->ip_len));
- sep = ", ";
- if ((u_char *)ip + hlen <= snapend) {
- sum = in_cksum((const u_short *)ip, hlen, 0);
- if (sum != 0) {
- (void)printf("%sbad cksum %x!", sep,
- ntohs(ip->ip_sum));
- sep = ", ";
- }
- }
- if ((hlen -= sizeof(struct ip)) > 0) {
- (void)printf("%soptlen=%d", sep, hlen);
- ip_optprint((u_char *)(ip + 1), hlen);
- }
- printf(")");
+ } else {
+ /* Ultra quiet now means that all this stuff should be suppressed */
+ if (qflag > 1) return;
+
+ /*
+ * if this isn't the first frag, we're missing the
+ * next level protocol header. print the ip addr
+ * and the protocol.
+ */
+ if (off & 0x1fff) {
+ (void)printf("%s > %s:", ipaddr_string(&ip->ip_src),
+ ipaddr_string(&ip->ip_dst));
+ if ((proto = getprotobynumber(ip->ip_p)) != NULL)
+ (void)printf(" %s", proto->p_name);
+ else
+ (void)printf(" ip-proto-%d", ip->ip_p);
+ }
}
}
return;
}
}
+
+
+
projects / tcpdump / blobdiff