X-Git-Url: https://git.tcpdump.org/tcpdump/blobdiff_plain/740e55c20bb4b80dbd3e7d87a403bf7a8e6e58d5..8f94d68a09e1103353cc7d1133d6dfdf7d5a920d:/print-ip.c diff --git a/print-ip.c b/print-ip.c index 62c70342..f3471c50 100644 --- a/print-ip.c +++ b/print-ip.c @@ -21,24 +21,18 @@ #ifndef lint static const char rcsid[] = - "@(#) $Header: /tcpdump/master/tcpdump/print-ip.c,v 1.101 2001-10-27 07:42:46 guy Exp $ (LBL)"; + "@(#) $Header: /tcpdump/master/tcpdump/print-ip.c,v 1.125 2003-05-21 08:39:57 hannes Exp $ (LBL)"; #endif #ifdef HAVE_CONFIG_H #include "config.h" #endif -#include -#include -#include +#include -#include - -#include #include #include #include -#include #include "addrtoname.h" #include "interface.h" @@ -76,13 +70,59 @@ ip_printroute(const char *type, register const u_char *cp, u_int length) printf("%s}", ptr == len? "#" : ""); } +/* + * If source-routing is present, return the final destination. + * Otherwise, return IP destination. + * + * This is used for UDP and TCP pseudo-header in the checksum + * calculation. + */ +u_int32_t +ip_finddst(const struct ip *ip) +{ + int length; + int len; + const u_char *cp; + u_int32_t retval; + + cp = (const u_char *)(ip + 1); + length = (IP_HL(ip) << 2) - sizeof(struct ip); + + for (; length > 0; cp += len, length -= len) { + int tt = *cp; + + if (tt == IPOPT_NOP || tt == IPOPT_EOL) + len = 1; + else { + if (&cp[1] >= snapend) { + return 0; + } + len = cp[1]; + } + if (len <= 0) { + return 0; + } + if (&cp[1] >= snapend || cp + len > snapend) { + return 0; + } + switch (tt) { + + case IPOPT_SSRR: + case IPOPT_LSRR: + memcpy(&retval, cp + len - 4, 4); + return retval; + } + } + return ip->ip_dst.s_addr; +} + static void ip_printts(register const u_char *cp, u_int length) { register u_int ptr = cp[2] - 1; register u_int len = 0; int hoplen; - char *type; + const char *type; printf(" TS{"); hoplen = ((cp[3]&0xF) != IPOPT_TS_TSONLY) ? 8 : 4; @@ -109,7 +149,7 @@ ip_printts(register const u_char *cp, u_int length) case 3: /* IPOPT_TS_PRESPEC */ printf("PRESPEC"); break; - default: + default: printf("[bad ts type %d]", cp[3]&0xF); goto done; } @@ -225,12 +265,12 @@ in_cksum(const u_short *addr, register u_int len, int csum) u_short answer; int sum = csum; - /* + /* * Our algorithm is simple, using a 32 bit accumulator (sum), * we add sequential 16 bit words to it, and at the end, fold * back all the carry bits from the top 16 bits into the lower * 16 bits. - */ + */ while (nleft > 1) { sum += *w++; nleft -= 2; @@ -247,6 +287,73 @@ in_cksum(const u_short *addr, register u_int len, int csum) return (answer); } +/* + * Given the host-byte-order value of the checksum field in a packet + * header, and the network-byte-order computed checksum of the data + * that the checksum covers (including the checksum itself), compute + * what the checksum field *should* have been. + */ +u_int16_t +in_cksum_shouldbe(u_int16_t sum, u_int16_t computed_sum) +{ + u_int32_t shouldbe; + + /* + * The value that should have gone into the checksum field + * is the negative of the value gotten by summing up everything + * *but* the checksum field. + * + * We can compute that by subtracting the value of the checksum + * field from the sum of all the data in the packet, and then + * computing the negative of that value. + * + * "sum" is the value of the checksum field, and "computed_sum" + * is the negative of the sum of all the data in the packets, + * so that's -(-computed_sum - sum), or (sum + computed_sum). + * + * All the arithmetic in question is one's complement, so the + * addition must include an end-around carry; we do this by + * doing the arithmetic in 32 bits (with no sign-extension), + * and then adding the upper 16 bits of the sum, which contain + * the carry, to the lower 16 bits of the sum, and then do it + * again in case *that* sum produced a carry. + * + * As RFC 1071 notes, the checksum can be computed without + * byte-swapping the 16-bit words; summing 16-bit words + * on a big-endian machine gives a big-endian checksum, which + * can be directly stuffed into the big-endian checksum fields + * in protocol headers, and summing words on a little-endian + * machine gives a little-endian checksum, which must be + * byte-swapped before being stuffed into a big-endian checksum + * field. + * + * "computed_sum" is a network-byte-order value, so we must put + * it in host byte order before subtracting it from the + * host-byte-order value from the header; the adjusted checksum + * will be in host byte order, which is what we'll return. + */ + shouldbe = sum; + shouldbe += ntohs(computed_sum); + shouldbe = (shouldbe & 0xFFFF) + (shouldbe >> 16); + shouldbe = (shouldbe & 0xFFFF) + (shouldbe >> 16); + return shouldbe; +} + +#ifndef IP_MF +#define IP_MF 0x2000 +#endif /* IP_MF */ +#ifndef IP_DF +#define IP_DF 0x4000 +#endif /* IP_DF */ +#define IP_RES 0x8000 + +static struct tok ip_frag_values[] = { + { IP_MF, "+" }, + { IP_DF, "DF" }, + { IP_RES, "rsvd" }, /* The RFC3514 evil ;-) bit */ + { 0, NULL } +}; + /* * print an IP datagram. */ @@ -259,34 +366,12 @@ ip_print(register const u_char *bp, register u_int length) u_char nh; int advance; struct protoent *proto; + u_int16_t sum, ip_sum; + const char *sep = ""; + + printf("IP%s ", (((*bp >> 4) & 0xf) == 4) ? "" : "%u", (*bp >> 4) & 0xf); /* print version if != 4 */ ip = (const struct ip *)bp; -#ifdef LBL_ALIGN - /* - * If the IP header is not aligned, copy into abuf. - * This will never happen with BPF. It does happen raw packet - * dumps from -r. - */ - if ((long)ip & 3) { - static u_char *abuf = NULL; - static int didwarn = 0; - - if (abuf == NULL) { - abuf = (u_char *)malloc(snaplen); - if (abuf == NULL) - error("ip_print: malloc"); - } - memcpy((char *)abuf, (char *)ip, min(length, snaplen)); - snapend += abuf - (u_char *)ip; - packetp = abuf; - ip = (struct ip *)abuf; - /* We really want libpcap to give us aligned packets */ - if (!didwarn) { - warning("compensating for unaligned libpcap packets"); - ++didwarn; - } - } -#endif if ((u_char *)(ip + 1) > snapend) { printf("[|ip]"); return; @@ -301,18 +386,71 @@ ip_print(register const u_char *bp, register u_int length) return; } - len = ntohs(ip->ip_len); + len = EXTRACT_16BITS(&ip->ip_len); if (length < len) (void)printf("truncated-ip - %d bytes missing! ", len - length); len -= hlen; len0 = len; + off = EXTRACT_16BITS(&ip->ip_off); + + if (vflag) { + (void)printf("(tos 0x%x", (int)ip->ip_tos); + /* ECN bits */ + if (ip->ip_tos & 0x03) { + switch (ip->ip_tos & 0x03) { + case 1: + (void)printf(",ECT(1)"); + break; + case 2: + (void)printf(",ECT(0)"); + break; + case 3: + (void)printf(",CE"); + } + } + + if (ip->ip_ttl >= 1) + (void)printf(", ttl %3u", ip->ip_ttl); + + /* + * for the firewall guys, print id, offset. + * On all but the last stick a "+" in the flags portion. + * For unfragmented datagrams, note the don't fragment flag. + */ + + (void)printf(", id %u, offset %u, flags [%s]", + EXTRACT_16BITS(&ip->ip_id), + (off & 0x1fff) * 8, + bittok2str(ip_frag_values, "none", off & 0xe000 )); + + (void)printf(", length: %u", EXTRACT_16BITS(&ip->ip_len)); + + if ((hlen - sizeof(struct ip)) > 0) { + (void)printf(", optlength: %u (", hlen - (u_int)sizeof(struct ip)); + ip_optprint((u_char *)(ip + 1), hlen - sizeof(struct ip)); + printf(" )"); + } + + if ((u_char *)ip + hlen <= snapend) { + sum = in_cksum((const u_short *)ip, hlen, 0); + if (sum != 0) { + ip_sum = EXTRACT_16BITS(&ip->ip_sum); + (void)printf("%sbad cksum %x (->%x)!", sep, + ip_sum, + in_cksum_shouldbe(ip_sum, sum)); + sep = ", "; + } + } + + printf(") "); + } + /* * If this is fragment zero, hand it to the next higher * level protocol. */ - off = ntohs(ip->ip_off); if ((off & 0x1fff) == 0) { cp = (const u_char *)ip + hlen; nh = ip->ip_p; @@ -333,7 +471,7 @@ again: #endif case IPPROTO_AH: nh = *cp; - advance = ah_print(cp, (const u_char *)ip); + advance = ah_print(cp); cp += advance; len -= advance; goto again; @@ -359,7 +497,7 @@ again: case IPPROTO_IPCOMP: { int enh; - advance = ipcomp_print(cp, (const u_char *)ip, &enh); + advance = ipcomp_print(cp, &enh); cp += advance; len -= advance; if (enh < 0) @@ -369,7 +507,7 @@ again: } case IPPROTO_SCTP: - sctp_print(cp, (const u_char *)ip, len); + sctp_print(cp, (const u_char *)ip, len); break; case IPPROTO_TCP: @@ -381,7 +519,8 @@ again: break; case IPPROTO_ICMP: - icmp_print(cp, len, (const u_char *)ip); + /* pass on the MF bit plus the offset to detect fragments */ + icmp_print(cp, len, (const u_char *)ip, (off & 0x3fff)); break; #ifndef IPPROTO_IGRP @@ -396,7 +535,7 @@ again: break; case IPPROTO_EGP: - egp_print(cp, len, (const u_char *)ip); + egp_print(cp); break; #ifndef IPPROTO_OSPF @@ -432,6 +571,12 @@ again: break; #endif /*INET6*/ +#ifndef IPPROTO_RSVP +#define IPPROTO_RSVP 46 +#endif + case IPPROTO_RSVP: + rsvp_print(cp, len); + break; #ifndef IPPROTO_GRE #define IPPROTO_GRE 47 @@ -470,95 +615,23 @@ again: printf(" %d", len); break; } - } - - /* Ultra quiet now means that all this stuff should be suppressed */ - /* res 3-Nov-98 */ - if (qflag > 1) return; - - - /* - * for fragmented datagrams, print id:size@offset. On all - * but the last stick a "+". For unfragmented datagrams, note - * the don't fragment flag. - */ - len = len0; /* get the original length */ - if (off & 0x3fff) { - /* - * if this isn't the first frag, we're missing the - * next level protocol header. print the ip addr - * and the protocol. - */ - if (off & 0x1fff) { - (void)printf("%s > %s:", ipaddr_string(&ip->ip_src), - ipaddr_string(&ip->ip_dst)); - if ((proto = getprotobynumber(ip->ip_p)) != NULL) - (void)printf(" %s", proto->p_name); - else - (void)printf(" ip-proto-%d", ip->ip_p); - } -#ifndef IP_MF -#define IP_MF 0x2000 -#endif /* IP_MF */ -#ifndef IP_DF -#define IP_DF 0x4000 -#endif /* IP_DF */ - (void)printf(" (frag %d:%u@%d%s)", ntohs(ip->ip_id), len, - (off & 0x1fff) * 8, - (off & IP_MF)? "+" : ""); - - } else if (off & IP_DF) - (void)printf(" (DF)"); - - if (ip->ip_tos) { - (void)printf(" [tos 0x%x", (int)ip->ip_tos); - /* ECN bits */ - if (ip->ip_tos & 0x03) { - switch (ip->ip_tos & 0x03) { - case 1: - (void)printf(",ECT(1)"); - break; - case 2: - (void)printf(",ECT(0)"); - break; - case 3: - (void)printf(",CE"); - } - } - (void)printf("] "); - } - - if (ip->ip_ttl <= 1) - (void)printf(" [ttl %d]", (int)ip->ip_ttl); - - if (vflag) { - int sum; - char *sep = ""; - - printf(" ("); - if (ip->ip_ttl > 1) { - (void)printf("%sttl %d", sep, (int)ip->ip_ttl); - sep = ", "; - } - if ((off & 0x3fff) == 0) { - (void)printf("%sid %d", sep, (int)ntohs(ip->ip_id)); - sep = ", "; - } - (void)printf("%slen %d", sep, (int)ntohs(ip->ip_len)); - sep = ", "; - if ((u_char *)ip + hlen <= snapend) { - sum = in_cksum((const u_short *)ip, hlen, 0); - if (sum != 0) { - (void)printf("%sbad cksum %x!", sep, - ntohs(ip->ip_sum)); - sep = ", "; - } - } - if ((hlen -= sizeof(struct ip)) > 0) { - (void)printf("%soptlen=%d", sep, hlen); - ip_optprint((u_char *)(ip + 1), hlen); - } - printf(")"); + } else { + /* Ultra quiet now means that all this stuff should be suppressed */ + if (qflag > 1) return; + + /* + * if this isn't the first frag, we're missing the + * next level protocol header. print the ip addr + * and the protocol. + */ + if (off & 0x1fff) { + (void)printf("%s > %s:", ipaddr_string(&ip->ip_src), + ipaddr_string(&ip->ip_dst)); + if ((proto = getprotobynumber(ip->ip_p)) != NULL) + (void)printf(" %s", proto->p_name); + else + (void)printf(" ip-proto-%d", ip->ip_p); + } } } @@ -587,3 +660,6 @@ ipN_print(register const u_char *bp, register u_int length) return; } } + + +