X-Git-Url: https://git.tcpdump.org/tcpdump/blobdiff_plain/2d86b23ecde8e2e815ace35e5060856fa61a7e36..refs/heads/tcpdump-3.8:/print-ip.c diff --git a/print-ip.c b/print-ip.c index 2951875e..745ab3c3 100644 --- a/print-ip.c +++ b/print-ip.c @@ -1,7 +1,5 @@ -/* $NetBSD: print-ip.c,v 1.4 1995/04/24 13:27:43 cgd Exp $ */ - /* - * Copyright (c) 1988, 1989, 1990, 1991, 1992, 1993, 1994 + * Copyright (c) 1988, 1989, 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997 * The Regents of the University of California. All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -22,123 +20,191 @@ */ #ifndef lint -static const char rcsid[] = - "@(#) $Header: /tcpdump/master/tcpdump/print-ip.c,v 1.68 1999-10-17 21:56:54 mcr Exp $ (LBL)"; +static const char rcsid[] _U_ = + "@(#) $Header: /tcpdump/master/tcpdump/print-ip.c,v 1.128.2.9 2005-01-12 11:27:07 hannes Exp $ (LBL)"; #endif -#include -#include -#include -#include +#ifdef HAVE_CONFIG_H +#include "config.h" +#endif -#include -#include -#include -#include -#include +#include #include -#ifdef __STDC__ #include -#endif -#include +#include -#include "interface.h" #include "addrtoname.h" +#include "interface.h" +#include "extract.h" /* must come after interface.h */ -static void -igmp_print(register const u_char *bp, register int len, - register const u_char *bp2) -{ - register const struct ip *ip; - register const u_char *ep; - - ip = (const struct ip *)bp2; - ep = (const u_char *)snapend; - (void)printf("%s > %s: ", - ipaddr_string(&ip->ip_src), - ipaddr_string(&ip->ip_dst)); - - if (bp + 7 > ep) { - (void)printf("[|igmp]"); - return; - } - switch (bp[0] & 0xf) { - case 1: - (void)printf("igmp query"); - if (*(int *)&bp[4]) - (void)printf(" [gaddr %s]", ipaddr_string(&bp[4])); - if (len != 8) - (void)printf(" [len %d]", len); - break; - case 2: - (void)printf("igmp report %s", ipaddr_string(&bp[4])); - if (len != 8) - (void)printf(" [len %d]", len); - break; - case 3: - (void)printf("igmp dvmrp %s", ipaddr_string(&bp[4])); - if (len < 8) - (void)printf(" [len %d]", len); - break; - default: - (void)printf("igmp-%d", bp[0] & 0xf); - break; - } - if ((bp[0] >> 4) != 1) - (void)printf(" [v%d]", bp[0] >> 4); - if (bp[1]) - (void)printf(" [b1=0x%x]", bp[1]); -} +#include "ip.h" +#include "ipproto.h" /* * print the recorded route in an IP RR, LSRR or SSRR option. */ static void -ip_printroute(const char *type, register const u_char *cp, int length) +ip_printroute(const char *type, register const u_char *cp, u_int length) { - int ptr = cp[2] - 1; - int len; + register u_int ptr; + register u_int len; + if (length < 3) { + printf(" [bad length %u]", length); + return; + } printf(" %s{", type); if ((length + 1) & 3) - printf(" [bad length %d]", length); + printf(" [bad length %u]", length); + ptr = cp[2] - 1; if (ptr < 3 || ((ptr + 1) & 3) || ptr > length + 1) - printf(" [bad ptr %d]", cp[2]); + printf(" [bad ptr %u]", cp[2]); type = ""; for (len = 3; len < length; len += 4) { if (ptr == len) type = "#"; -#ifdef TCPDUMP_ALIGN - { - struct in_addr addr; - bcopy((char *)&cp[len], (char *)&addr, sizeof(addr)); - printf("%s%s", type, ipaddr_string(&addr)); - } -#else printf("%s%s", type, ipaddr_string(&cp[len])); -#endif type = " "; } printf("%s}", ptr == len? "#" : ""); } /* - * print IP options. + * If source-routing is present and valid, return the final destination. + * Otherwise, return IP destination. + * + * This is used for UDP and TCP pseudo-header in the checksum + * calculation. */ -static void -ip_optprint(register const u_char *cp, int length) +u_int32_t +ip_finddst(const struct ip *ip) { + int length; int len; + const u_char *cp; + u_int32_t retval; + + cp = (const u_char *)(ip + 1); + length = (IP_HL(ip) << 2) - sizeof(struct ip); for (; length > 0; cp += len, length -= len) { - int tt = *cp; + int tt; - len = (tt == IPOPT_NOP || tt == IPOPT_EOL) ? 1 : cp[1]; - if (&cp[1] >= snapend || cp + len > snapend) { - printf("[|ip]"); - return; + TCHECK(*cp); + tt = *cp; + if (tt == IPOPT_EOL) + break; + else if (tt == IPOPT_NOP) + len = 1; + else { + TCHECK(cp[1]); + len = cp[1]; + if (len < 2) + break; + } + TCHECK2(*cp, len); + switch (tt) { + + case IPOPT_SSRR: + case IPOPT_LSRR: + if (len < 7) + break; + memcpy(&retval, cp + len - 4, 4); + return retval; + } + } +trunc: + memcpy(&retval, &ip->ip_dst.s_addr, sizeof(u_int32_t)); + return retval; +} + +static void +ip_printts(register const u_char *cp, u_int length) +{ + register u_int ptr; + register u_int len; + int hoplen; + const char *type; + + if (length < 4) { + printf("[bad length %d]", length); + return; + } + printf(" TS{"); + hoplen = ((cp[3]&0xF) != IPOPT_TS_TSONLY) ? 8 : 4; + if ((length - 4) & (hoplen-1)) + printf("[bad length %d]", length); + ptr = cp[2] - 1; + len = 0; + if (ptr < 4 || ((ptr - 4) & (hoplen-1)) || ptr > length + 1) + printf("[bad ptr %d]", cp[2]); + switch (cp[3]&0xF) { + case IPOPT_TS_TSONLY: + printf("TSONLY"); + break; + case IPOPT_TS_TSANDADDR: + printf("TS+ADDR"); + break; + /* + * prespecified should really be 3, but some ones might send 2 + * instead, and the IPOPT_TS_PRESPEC constant can apparently + * have both values, so we have to hard-code it here. + */ + + case 2: + printf("PRESPEC2.0"); + break; + case 3: /* IPOPT_TS_PRESPEC */ + printf("PRESPEC"); + break; + default: + printf("[bad ts type %d]", cp[3]&0xF); + goto done; + } + + type = " "; + for (len = 4; len < length; len += hoplen) { + if (ptr == len) + type = " ^ "; + printf("%s%d@%s", type, EXTRACT_32BITS(&cp[len+hoplen-4]), + hoplen!=8 ? "" : ipaddr_string(&cp[len])); + type = " "; + } + +done: + printf("%s", ptr == len ? " ^ " : ""); + + if (cp[3]>>4) + printf(" [%d hops not recorded]} ", cp[3]>>4); + else + printf("}"); +} + +/* + * print IP options. + */ +static void +ip_optprint(register const u_char *cp, u_int length) +{ + register u_int len; + + for (; length > 0; cp += len, length -= len) { + int tt; + + TCHECK(*cp); + tt = *cp; + if (tt == IPOPT_NOP || tt == IPOPT_EOL) + len = 1; + else { + TCHECK(cp[1]); + len = cp[1]; + if (len < 2) { + printf("[|ip op len %d]", len); + return; + } + TCHECK2(*cp, len); } switch (tt) { @@ -153,15 +219,17 @@ ip_optprint(register const u_char *cp, int length) break; case IPOPT_TS: - printf(" TS{%d}", len); + ip_printts(cp, len); break; +#ifndef IPOPT_SECURITY +#define IPOPT_SECURITY 130 +#endif /* IPOPT_SECURITY */ case IPOPT_SECURITY: printf(" SECURITY{%d}", len); break; case IPOPT_RR: - printf(" RR{%d}=", len); ip_printroute("RR", cp, len); break; @@ -173,211 +241,417 @@ ip_optprint(register const u_char *cp, int length) ip_printroute("LSRR", cp, len); break; +#ifndef IPOPT_RA +#define IPOPT_RA 148 /* router alert */ +#endif + case IPOPT_RA: + printf(" RA"); + if (len != 4) + printf("{%d}", len); + else { + TCHECK(cp[3]); + if (cp[2] || cp[3]) + printf("%d.%d", cp[2], cp[3]); + } + break; + default: printf(" IPOPT-%d{%d}", cp[0], len); break; } } + return; + +trunc: + printf("[|ip]"); } /* * compute an IP header checksum. * don't modifiy the packet. */ -static int -in_cksum(const struct ip *ip) +u_short +in_cksum(const u_short *addr, register u_int len, int csum) { - register const u_short *sp = (u_short *)ip; - register u_int32 sum = 0; - register int count; + int nleft = len; + const u_short *w = addr; + u_short answer; + int sum = csum; /* - * No need for endian conversions. + * Our algorithm is simple, using a 32 bit accumulator (sum), + * we add sequential 16 bit words to it, and at the end, fold + * back all the carry bits from the top 16 bits into the lower + * 16 bits. */ - for (count = ip->ip_hl * 2; --count >= 0; ) - sum += *sp++; - while (sum > 0xffff) - sum = (sum & 0xffff) + (sum >> 16); - sum = ~sum & 0xffff; + while (nleft > 1) { + sum += *w++; + nleft -= 2; + } + if (nleft == 1) + sum += htons(*(u_char *)w<<8); - return (sum); + /* + * add back carry outs from top 16 bits to low 16 bits + */ + sum = (sum >> 16) + (sum & 0xffff); /* add hi 16 to low 16 */ + sum += (sum >> 16); /* add carry */ + answer = ~sum; /* truncate to 16 bits */ + return (answer); } - -void -print_ipproto(u_int proto, const struct ip *ip, - const u_char *cp, int len) +/* + * Given the host-byte-order value of the checksum field in a packet + * header, and the network-byte-order computed checksum of the data + * that the checksum covers (including the checksum itself), compute + * what the checksum field *should* have been. + */ +u_int16_t +in_cksum_shouldbe(u_int16_t sum, u_int16_t computed_sum) { - switch (proto) { - case IPPROTO_TCP: - tcp_print(cp, len, (const u_char *)ip); - break; - case IPPROTO_UDP: - udp_print(cp, len, (const u_char *)ip); - break; - case IPPROTO_ICMP: - icmp_print(cp, (const u_char *)ip); - break; - case IPPROTO_ND: - (void)printf("%s > %s:", ipaddr_string(&ip->ip_src), - ipaddr_string(&ip->ip_dst)); - (void)printf(" nd %d", len); - break; - case IPPROTO_EGP: - egp_print(cp, len, (const u_char *)ip); - break; -#ifndef IPPROTO_OSPF -#define IPPROTO_OSPF 89 -#endif - case IPPROTO_OSPF: - ospf_print(cp, len, (const u_char *)ip); - break; -#ifndef IPPROTO_IGMP -#define IPPROTO_IGMP 2 -#endif - case IPPROTO_IGMP: - igmp_print(cp, len, (const u_char *)ip); - break; -#ifndef IPPROTO_ENCAP -#define IPPROTO_ENCAP 4 -#endif - case IPPROTO_ENCAP: - /* ip-in-ip encapsulation */ - if (vflag) - (void)printf("%s > %s: ", - ipaddr_string(&ip->ip_src), - ipaddr_string(&ip->ip_dst)); - ip_print(cp, len); - if (! vflag) { - printf(" (encap)"); - return; - } - break; - -#ifndef IPPROTO_ESP -#define IPPROTO_ESP 50 -#endif - case IPPROTO_ESP: - esp_print(cp, len, (const u_char *)ip); - break; + u_int32_t shouldbe; -#ifndef IPPROTO_AH -#define IPPROTO_AH 51 -#endif - case IPPROTO_AH: - ah_print(cp, len, (const u_char *)ip); - break; - - default: - (void)printf("%s > %s:", ipaddr_string(&ip->ip_src), - ipaddr_string(&ip->ip_dst)); - (void)printf(" ip-proto-%d %d", proto, len); - break; - } + /* + * The value that should have gone into the checksum field + * is the negative of the value gotten by summing up everything + * *but* the checksum field. + * + * We can compute that by subtracting the value of the checksum + * field from the sum of all the data in the packet, and then + * computing the negative of that value. + * + * "sum" is the value of the checksum field, and "computed_sum" + * is the negative of the sum of all the data in the packets, + * so that's -(-computed_sum - sum), or (sum + computed_sum). + * + * All the arithmetic in question is one's complement, so the + * addition must include an end-around carry; we do this by + * doing the arithmetic in 32 bits (with no sign-extension), + * and then adding the upper 16 bits of the sum, which contain + * the carry, to the lower 16 bits of the sum, and then do it + * again in case *that* sum produced a carry. + * + * As RFC 1071 notes, the checksum can be computed without + * byte-swapping the 16-bit words; summing 16-bit words + * on a big-endian machine gives a big-endian checksum, which + * can be directly stuffed into the big-endian checksum fields + * in protocol headers, and summing words on a little-endian + * machine gives a little-endian checksum, which must be + * byte-swapped before being stuffed into a big-endian checksum + * field. + * + * "computed_sum" is a network-byte-order value, so we must put + * it in host byte order before subtracting it from the + * host-byte-order value from the header; the adjusted checksum + * will be in host byte order, which is what we'll return. + */ + shouldbe = sum; + shouldbe += ntohs(computed_sum); + shouldbe = (shouldbe & 0xFFFF) + (shouldbe >> 16); + shouldbe = (shouldbe & 0xFFFF) + (shouldbe >> 16); + return shouldbe; } +#ifndef IP_MF +#define IP_MF 0x2000 +#endif /* IP_MF */ +#ifndef IP_DF +#define IP_DF 0x4000 +#endif /* IP_DF */ +#define IP_RES 0x8000 + +static struct tok ip_frag_values[] = { + { IP_MF, "+" }, + { IP_DF, "DF" }, + { IP_RES, "rsvd" }, /* The RFC3514 evil ;-) bit */ + { 0, NULL } +}; + /* * print an IP datagram. */ void -ip_print(register const u_char *bp, register int length) +ip_print(register const u_char *bp, register u_int length) { register const struct ip *ip; - register int hlen; - register int len; - register int off; + register u_int hlen, len, len0, off; + const u_char *ipend; register const u_char *cp; + u_char nh; + int advance; + struct protoent *proto; + u_int16_t sum, ip_sum; ip = (const struct ip *)bp; -#ifdef TCPDUMP_ALIGN - /* - * The IP header is not word aligned, so copy into abuf. - * This will never happen with BPF. It does happen raw packet - * dumps from -r. - */ - if ((long)ip & (sizeof(long)-1)) { - static u_char *abuf; - - if (abuf == 0) - abuf = (u_char *)malloc(snaplen); - bcopy((char *)ip, (char *)abuf, min(length, snaplen)); - snapend += abuf - (u_char *)ip; - packetp = abuf; - ip = (struct ip *)abuf; + if (IP_V(ip) != 4) { /* print version if != 4 */ + printf("IP%u ", IP_V(ip)); + if (IP_V(ip) == 6) + printf(", wrong link-layer encapsulation"); } -#endif + else + printf("IP "); + if ((u_char *)(ip + 1) > snapend) { printf("[|ip]"); return; } if (length < sizeof (struct ip)) { - (void)printf("truncated-ip %d", length); + (void)printf("truncated-ip %u", length); + return; + } + hlen = IP_HL(ip) * 4; + if (hlen < sizeof (struct ip)) { + (void)printf("bad-hlen %u", hlen); return; } - hlen = ip->ip_hl * 4; - len = ntohs(ip->ip_len); + len = EXTRACT_16BITS(&ip->ip_len); if (length < len) - (void)printf("truncated-ip - %d bytes missing!", + (void)printf("truncated-ip - %u bytes missing! ", len - length); + if (len < hlen) { + (void)printf("bad-len %u", len); + return; + } + + /* + * Cut off the snapshot length to the end of the IP payload. + */ + ipend = bp + len; + if (ipend < snapend) + snapend = ipend; + len -= hlen; + len0 = len; + + off = EXTRACT_16BITS(&ip->ip_off); + + if (vflag) { + (void)printf("(tos 0x%x", (int)ip->ip_tos); + /* ECN bits */ + if (ip->ip_tos & 0x03) { + switch (ip->ip_tos & 0x03) { + case 1: + (void)printf(",ECT(1)"); + break; + case 2: + (void)printf(",ECT(0)"); + break; + case 3: + (void)printf(",CE"); + } + } + + if (ip->ip_ttl >= 1) + (void)printf(", ttl %3u", ip->ip_ttl); + + /* + * for the firewall guys, print id, offset. + * On all but the last stick a "+" in the flags portion. + * For unfragmented datagrams, note the don't fragment flag. + */ + + (void)printf(", id %u, offset %u, flags [%s]", + EXTRACT_16BITS(&ip->ip_id), + (off & 0x1fff) * 8, + bittok2str(ip_frag_values, "none", off & 0xe000 )); + + (void)printf(", length: %u", EXTRACT_16BITS(&ip->ip_len)); + + if ((hlen - sizeof(struct ip)) > 0) { + (void)printf(", optlength: %u (", hlen - (u_int)sizeof(struct ip)); + ip_optprint((u_char *)(ip + 1), hlen - sizeof(struct ip)); + printf(" )"); + } + + if ((u_char *)ip + hlen <= snapend) { + sum = in_cksum((const u_short *)ip, hlen, 0); + if (sum != 0) { + ip_sum = EXTRACT_16BITS(&ip->ip_sum); + (void)printf(", bad cksum %x (->%x)!", ip_sum, + in_cksum_shouldbe(ip_sum, sum)); + } + } + + printf(") "); + } /* * If this is fragment zero, hand it to the next higher * level protocol. */ - off = ntohs(ip->ip_off); if ((off & 0x1fff) == 0) { cp = (const u_char *)ip + hlen; - print_ipproto(ip->ip_p, ip, cp, len); - } - /* - * for fragmented datagrams, print id:size@offset. On all - * but the last stick a "+". For unfragmented datagrams, note - * the don't fragment flag. - */ - if (off & 0x3fff) { - /* - * if this isn't the first frag, we're missing the - * next level protocol header. print the ip addr. - */ - if (off & 0x1fff) - (void)printf("%s > %s:", ipaddr_string(&ip->ip_src), - ipaddr_string(&ip->ip_dst)); - (void)printf(" (frag %d:%d@%d%s)", ntohs(ip->ip_id), len, - (off & 0x1fff) * 8, - (off & IP_MF)? "+" : ""); - } else if (off & IP_DF) - (void)printf(" (DF)"); - - if (ip->ip_tos) - (void)printf(" [tos 0x%x]", (int)ip->ip_tos); - if (ip->ip_ttl <= 1) - (void)printf(" [ttl %d]", (int)ip->ip_ttl); - - if (vflag) { - int sum; - char *sep = ""; - - printf(" ("); - if (ip->ip_ttl > 1) { - (void)printf("%sttl %d", sep, (int)ip->ip_ttl); - sep = ", "; - } - if ((off & 0x3fff) == 0) { - (void)printf("%sid %d", sep, (int)ntohs(ip->ip_id)); - sep = ", "; - } - sum = in_cksum(ip); - if (sum != 0) { - (void)printf("%sbad cksum %x!", sep, - ntohs(ip->ip_sum)); - sep = ", "; + nh = ip->ip_p; + + if (nh != IPPROTO_TCP && nh != IPPROTO_UDP && + nh != IPPROTO_SCTP) { + (void)printf("%s > %s: ", ipaddr_string(&ip->ip_src), + ipaddr_string(&ip->ip_dst)); } - if ((hlen -= sizeof(struct ip)) > 0) { - (void)printf("%soptlen=%d", sep, hlen); - ip_optprint((u_char *)(ip + 1), hlen); +again: + switch (nh) { + + case IPPROTO_AH: + nh = *cp; + advance = ah_print(cp); + if (advance <= 0) + break; + cp += advance; + len -= advance; + goto again; + + case IPPROTO_ESP: + { + int enh, padlen; + advance = esp_print(cp, (const u_char *)ip, &enh, &padlen); + if (advance <= 0) + break; + cp += advance; + len -= advance + padlen; + nh = enh & 0xff; + goto again; + } + + case IPPROTO_IPCOMP: + { + int enh; + advance = ipcomp_print(cp, &enh); + if (advance <= 0) + break; + cp += advance; + len -= advance; + nh = enh & 0xff; + goto again; + } + + case IPPROTO_SCTP: + sctp_print(cp, (const u_char *)ip, len); + break; + + case IPPROTO_TCP: + tcp_print(cp, len, (const u_char *)ip, (off &~ 0x6000)); + break; + + case IPPROTO_UDP: + udp_print(cp, len, (const u_char *)ip, (off &~ 0x6000)); + break; + + case IPPROTO_ICMP: + /* pass on the MF bit plus the offset to detect fragments */ + icmp_print(cp, len, (const u_char *)ip, (off & 0x3fff)); + break; + + case IPPROTO_IGRP: + igrp_print(cp, len, (const u_char *)ip); + break; + + case IPPROTO_ND: + (void)printf(" nd %d", len); + break; + + case IPPROTO_EGP: + egp_print(cp, len); + break; + + case IPPROTO_OSPF: + ospf_print(cp, len, (const u_char *)ip); + break; + + case IPPROTO_IGMP: + igmp_print(cp, len); + break; + + case IPPROTO_IPV4: + /* DVMRP multicast tunnel (ip-in-ip encapsulation) */ + ip_print(cp, len); + if (! vflag) { + printf(" (ipip-proto-4)"); + return; + } + break; + +#ifdef INET6 + case IPPROTO_IPV6: + /* ip6-in-ip encapsulation */ + ip6_print(cp, len); + break; +#endif /*INET6*/ + + case IPPROTO_RSVP: + rsvp_print(cp, len); + break; + + case IPPROTO_GRE: + /* do it */ + gre_print(cp, len); + break; + + case IPPROTO_MOBILE: + mobile_print(cp, len); + break; + + case IPPROTO_PIM: + pim_print(cp, len); + break; + + case IPPROTO_VRRP: + vrrp_print(cp, len, ip->ip_ttl); + break; + + default: + if ((proto = getprotobynumber(nh)) != NULL) + (void)printf(" %s", proto->p_name); + else + (void)printf(" ip-proto-%d", nh); + printf(" %d", len); + break; } - printf(")"); + } else { + /* Ultra quiet now means that all this stuff should be suppressed */ + if (qflag > 1) return; + + /* + * if this isn't the first frag, we're missing the + * next level protocol header. print the ip addr + * and the protocol. + */ + if (off & 0x1fff) { + (void)printf("%s > %s:", ipaddr_string(&ip->ip_src), + ipaddr_string(&ip->ip_dst)); + if ((proto = getprotobynumber(ip->ip_p)) != NULL) + (void)printf(" %s", proto->p_name); + else + (void)printf(" ip-proto-%d", ip->ip_p); + } + } +} + +void +ipN_print(register const u_char *bp, register u_int length) +{ + struct ip *ip, hdr; + + ip = (struct ip *)bp; + if (length < 4) { + (void)printf("truncated-ip %d", length); + return; + } + memcpy (&hdr, (char *)ip, 4); + switch (IP_V(&hdr)) { + case 4: + ip_print (bp, length); + return; +#ifdef INET6 + case 6: + ip6_print (bp, length); + return; +#endif + default: + (void)printf("unknown ip %d", IP_V(&hdr)); + return; } } + + +