X-Git-Url: https://git.tcpdump.org/tcpdump/blobdiff_plain/c9d84d15c5c4dc8eca7594101fe5026080ed641e..f5877da285f3e030d59a28236295573f27e344bc:/print-ip.c diff --git a/print-ip.c b/print-ip.c index 9ae000e7..5edc6221 100644 --- a/print-ip.c +++ b/print-ip.c @@ -19,597 +19,510 @@ * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. */ -#ifndef lint -static const char rcsid[] = - "@(#) $Header: /tcpdump/master/tcpdump/print-ip.c,v 1.70 1999-10-30 05:11:14 itojun Exp $ (LBL)"; -#endif - -#include -#include -#include - -#include -#include -#include -#include -#include -#include -#include - -#ifdef HAVE_MALLOC_H -#include -#endif -#include -#include -#include -#include +/* \summary: IP printer */ -#include "addrtoname.h" -#include "interface.h" -#include "extract.h" /* must come after interface.h */ - -/* Compatibility */ -#ifndef IPPROTO_ND -#define IPPROTO_ND 77 -#endif +#include -#ifndef IN_CLASSD -#define IN_CLASSD(i) (((int32_t)(i) & 0xf0000000) == 0xe0000000) -#endif +#include "netdissect-stdinc.h" -/* (following from ipmulti/mrouted/prune.h) */ +#include "netdissect.h" +#include "addrtoname.h" +#include "extract.h" + +#include "ip.h" +#include "ipproto.h" + + +static const struct tok ip_option_values[] = { + { IPOPT_EOL, "EOL" }, + { IPOPT_NOP, "NOP" }, + { IPOPT_TS, "timestamp" }, + { IPOPT_SECURITY, "security" }, + { IPOPT_RR, "RR" }, + { IPOPT_SSRR, "SSRR" }, + { IPOPT_LSRR, "LSRR" }, + { IPOPT_RA, "RA" }, + { IPOPT_RFC1393, "traceroute" }, + { 0, NULL } +}; /* - * The packet format for a traceroute request. + * print the recorded route in an IP RR, LSRR or SSRR option. */ -struct tr_query { - u_int tr_src; /* traceroute source */ - u_int tr_dst; /* traceroute destination */ - u_int tr_raddr; /* traceroute response address */ -#if defined(WORDS_BIGENDIAN) || (defined(BYTE_ORDER) && (BYTE_ORDER == BIG_ENDIAN)) - struct { - u_int ttl : 8; /* traceroute response ttl */ - u_int qid : 24; /* traceroute query id */ - } q; -#else - struct { - u_int qid : 24; /* traceroute query id */ - u_int ttl : 8; /* traceroute response ttl */ - } q; -#endif -}; +static int +ip_printroute(netdissect_options *ndo, + const u_char *cp, u_int length) +{ + u_int ptr; + u_int len; + + if (length < 3) { + ND_PRINT(" [bad length %u]", length); + return (0); + } + if ((length + 1) & 3) + ND_PRINT(" [bad length %u]", length); + ptr = GET_U_1(cp + 2) - 1; + if (ptr < 3 || ((ptr + 1) & 3) || ptr > length + 1) + ND_PRINT(" [bad ptr %u]", GET_U_1(cp + 2)); + + for (len = 3; len < length; len += 4) { + ND_TCHECK_4(cp + len); /* Needed to print the IP addresses */ + ND_PRINT(" %s", GET_IPADDR_STRING(cp + len)); + if (ptr > len) + ND_PRINT(","); + } + return (0); -#define tr_rttl q.ttl -#define tr_qid q.qid +trunc: + return (-1); +} /* - * Traceroute response format. A traceroute response has a tr_query at the - * beginning, followed by one tr_resp for each hop taken. + * If source-routing is present and valid, return the final destination. + * Otherwise, return IP destination. + * + * This is used for UDP and TCP pseudo-header in the checksum + * calculation. */ -struct tr_resp { - u_int tr_qarr; /* query arrival time */ - u_int tr_inaddr; /* incoming interface address */ - u_int tr_outaddr; /* outgoing interface address */ - u_int tr_rmtaddr; /* parent address in source tree */ - u_int tr_vifin; /* input packet count on interface */ - u_int tr_vifout; /* output packet count on interface */ - u_int tr_pktcnt; /* total incoming packets for src-grp */ - u_char tr_rproto; /* routing proto deployed on router */ - u_char tr_fttl; /* ttl required to forward on outvif */ - u_char tr_smask; /* subnet mask for src addr */ - u_char tr_rflags; /* forwarding error codes */ -}; - -/* defs within mtrace */ -#define TR_QUERY 1 -#define TR_RESP 2 - -/* fields for tr_rflags (forwarding error codes) */ -#define TR_NO_ERR 0 -#define TR_WRONG_IF 1 -#define TR_PRUNED 2 -#define TR_OPRUNED 3 -#define TR_SCOPED 4 -#define TR_NO_RTE 5 -#define TR_NO_FWD 7 -#define TR_NO_SPACE 0x81 -#define TR_OLD_ROUTER 0x82 - -/* fields for tr_rproto (routing protocol) */ -#define TR_PROTO_DVMRP 1 -#define TR_PROTO_MOSPF 2 -#define TR_PROTO_PIM 3 -#define TR_PROTO_CBT 4 - -static void print_mtrace(register const u_char *bp, register u_int len) +static uint32_t +ip_finddst(netdissect_options *ndo, + const struct ip *ip) { - register struct tr_query *tr = (struct tr_query *)(bp + 8); + u_int length; + u_int len; + const u_char *cp; - printf("mtrace %d: %s to %s reply-to %s", tr->tr_qid, - ipaddr_string(&tr->tr_src), ipaddr_string(&tr->tr_dst), - ipaddr_string(&tr->tr_raddr)); - if (IN_CLASSD(ntohl(tr->tr_raddr))) - printf(" with-ttl %d", tr->tr_rttl); -} + cp = (const u_char *)(ip + 1); + length = IP_HL(ip) * 4; + if (length < sizeof(struct ip)) + goto trunc; + length -= sizeof(struct ip); -static void print_mresp(register const u_char *bp, register u_int len) -{ - register struct tr_query *tr = (struct tr_query *)(bp + 8); + for (; length != 0; cp += len, length -= len) { + int tt; - printf("mresp %d: %s to %s reply-to %s", tr->tr_qid, - ipaddr_string(&tr->tr_src), ipaddr_string(&tr->tr_dst), - ipaddr_string(&tr->tr_raddr)); - if (IN_CLASSD(ntohl(tr->tr_raddr))) - printf(" with-ttl %d", tr->tr_rttl); -} + tt = GET_U_1(cp); + if (tt == IPOPT_EOL) + break; + else if (tt == IPOPT_NOP) + len = 1; + else { + len = GET_U_1(cp + 1); + if (len < 2) + break; + } + if (length < len) + goto trunc; + ND_TCHECK_LEN(cp, len); + switch (tt) { -static void -igmp_print(register const u_char *bp, register u_int len, - register const u_char *bp2) -{ - register const struct ip *ip; - - ip = (const struct ip *)bp2; - (void)printf("%s > %s: ", - ipaddr_string(&ip->ip_src), - ipaddr_string(&ip->ip_dst)); - - TCHECK2(bp[0], 8); - switch (bp[0]) { - case 0x11: - (void)printf("igmp query"); - if (*(int *)&bp[4]) - (void)printf(" [gaddr %s]", ipaddr_string(&bp[4])); - if (len != 8) - (void)printf(" [len %d]", len); - break; - case 0x12: - (void)printf("igmp report %s", ipaddr_string(&bp[4])); - if (len != 8) - (void)printf(" [len %d]", len); - break; - case 0x16: - (void)printf("igmp nreport %s", ipaddr_string(&bp[4])); - break; - case 0x17: - (void)printf("igmp leave %s", ipaddr_string(&bp[4])); - break; - case 0x13: - (void)printf("igmp dvmrp"); - if (len < 8) - (void)printf(" [len %d]", len); - else - dvmrp_print(bp, len); - break; - case 0x14: - (void)printf("igmp pim"); - igmp_pim_print(bp, len); - break; - case 0x1e: - print_mresp(bp, len); - break; - case 0x1f: - print_mtrace(bp, len); - break; - default: - (void)printf("igmp-%d", bp[0] & 0xf); - break; - } - if ((bp[0] >> 4) != 1) - (void)printf(" [v%d]", bp[0] >> 4); - - TCHECK2(bp[0], len); - if (vflag) { - /* Check the IGMP checksum */ - u_int32_t sum = 0; - int count; - const u_short *sp = (u_short *)bp; - - for (count = len / 2; --count >= 0; ) - sum += *sp++; - if (len & 1) - sum += ntohs(*(u_char *) sp << 8); - while (sum >> 16) - sum = (sum & 0xffff) + (sum >> 16); - sum = 0xffff & ~sum; - if (sum != 0) - printf(" bad igmp cksum %x!", EXTRACT_16BITS(&bp[2])); + case IPOPT_SSRR: + case IPOPT_LSRR: + if (len < 7) + break; + return (GET_IPV4_TO_NETWORK_ORDER(cp + len - 4)); + } } - return; trunc: - fputs("[|igmp]", stdout); + return (GET_IPV4_TO_NETWORK_ORDER(ip->ip_dst)); } /* - * print the recorded route in an IP RR, LSRR or SSRR option. + * Compute a V4-style checksum by building a pseudoheader. */ -static void -ip_printroute(const char *type, register const u_char *cp, u_int length) +uint16_t +nextproto4_cksum(netdissect_options *ndo, + const struct ip *ip, const uint8_t *data, + u_int len, u_int covlen, uint8_t next_proto) { - register u_int ptr = cp[2] - 1; - register u_int len; + struct phdr { + uint32_t src; + uint32_t dst; + uint8_t mbz; + uint8_t proto; + uint16_t len; + } ph; + struct cksum_vec vec[2]; + + /* pseudo-header.. */ + ph.len = htons((uint16_t)len); + ph.mbz = 0; + ph.proto = next_proto; + ph.src = GET_IPV4_TO_NETWORK_ORDER(ip->ip_src); + if (IP_HL(ip) == 5) + ph.dst = GET_IPV4_TO_NETWORK_ORDER(ip->ip_dst); + else + ph.dst = ip_finddst(ndo, ip); + + vec[0].ptr = (const uint8_t *)(void *)&ph; + vec[0].len = sizeof(ph); + vec[1].ptr = data; + vec[1].len = covlen; + return (in_cksum(vec, 2)); +} - printf(" %s{", type); - if ((length + 1) & 3) - printf(" [bad length %d]", length); - if (ptr < 3 || ((ptr + 1) & 3) || ptr > length + 1) - printf(" [bad ptr %d]", cp[2]); +static int +ip_printts(netdissect_options *ndo, + const u_char *cp, u_int length) +{ + u_int ptr; + u_int len; + u_int hoplen; + const char *type; + + if (length < 4) { + ND_PRINT("[bad length %u]", length); + return (0); + } + ND_PRINT(" TS{"); + hoplen = ((GET_U_1(cp + 3) & 0xF) != IPOPT_TS_TSONLY) ? 8 : 4; + if ((length - 4) & (hoplen-1)) + ND_PRINT("[bad length %u]", length); + ptr = GET_U_1(cp + 2) - 1; + len = 0; + if (ptr < 4 || ((ptr - 4) & (hoplen-1)) || ptr > length + 1) + ND_PRINT("[bad ptr %u]", GET_U_1(cp + 2)); + switch (GET_U_1(cp + 3)&0xF) { + case IPOPT_TS_TSONLY: + ND_PRINT("TSONLY"); + break; + case IPOPT_TS_TSANDADDR: + ND_PRINT("TS+ADDR"); + break; + case IPOPT_TS_PRESPEC: + ND_PRINT("PRESPEC"); + break; + default: + ND_PRINT("[bad ts type %u]", GET_U_1(cp + 3)&0xF); + goto done; + } - type = ""; - for (len = 3; len < length; len += 4) { + type = " "; + for (len = 4; len < length; len += hoplen) { if (ptr == len) - type = "#"; - printf("%s%s", type, ipaddr_string(&cp[len])); + type = " ^ "; + ND_TCHECK_LEN(cp + len, hoplen); + ND_PRINT("%s%u@%s", type, GET_BE_U_4(cp + len + hoplen - 4), + hoplen!=8 ? "" : GET_IPADDR_STRING(cp + len)); type = " "; } - printf("%s}", ptr == len? "#" : ""); + +done: + ND_PRINT("%s", ptr == len ? " ^ " : ""); + + if (GET_U_1(cp + 3) >> 4) + ND_PRINT(" [%u hops not recorded]} ", GET_U_1(cp + 3)>>4); + else + ND_PRINT("}"); + return (0); + +trunc: + return (-1); } /* * print IP options. + If truncated return -1, else 0. */ -static void -ip_optprint(register const u_char *cp, u_int length) +static int +ip_optprint(netdissect_options *ndo, + const u_char *cp, u_int length) { - register u_int len; + u_int option_len; + const char *sep = ""; - for (; length > 0; cp += len, length -= len) { - int tt = *cp; + for (; length > 0; cp += option_len, length -= option_len) { + u_int option_code; - len = (tt == IPOPT_NOP || tt == IPOPT_EOL) ? 1 : cp[1]; - if (len <= 0) { - printf("[|ip op len %d]", len); - return; + ND_PRINT("%s", sep); + sep = ","; + + option_code = GET_U_1(cp); + + ND_PRINT("%s", + tok2str(ip_option_values,"unknown %u",option_code)); + + if (option_code == IPOPT_NOP || + option_code == IPOPT_EOL) + option_len = 1; + + else { + option_len = GET_U_1(cp + 1); + if (option_len < 2) { + ND_PRINT(" [bad length %u]", option_len); + return 0; + } } - if (&cp[1] >= snapend || cp + len > snapend) { - printf("[|ip]"); - return; + + if (option_len > length) { + ND_PRINT(" [bad length %u]", option_len); + return 0; } - switch (tt) { - case IPOPT_EOL: - printf(" EOL"); - if (length > 1) - printf("-%d", length - 1); - return; + ND_TCHECK_LEN(cp, option_len); - case IPOPT_NOP: - printf(" NOP"); - break; + switch (option_code) { + case IPOPT_EOL: + return 0; case IPOPT_TS: - printf(" TS{%d}", len); - break; - - case IPOPT_SECURITY: - printf(" SECURITY{%d}", len); - break; - - case IPOPT_RR: - printf(" RR{%d}=", len); - ip_printroute("RR", cp, len); + if (ip_printts(ndo, cp, option_len) == -1) + goto trunc; break; + case IPOPT_RR: /* fall through */ case IPOPT_SSRR: - ip_printroute("SSRR", cp, len); + case IPOPT_LSRR: + if (ip_printroute(ndo, cp, option_len) == -1) + goto trunc; break; - case IPOPT_LSRR: - ip_printroute("LSRR", cp, len); + case IPOPT_RA: + if (option_len < 4) { + ND_PRINT(" [bad length %u]", option_len); + break; + } + ND_TCHECK_1(cp + 3); + if (GET_BE_U_2(cp + 2) != 0) + ND_PRINT(" value %u", GET_BE_U_2(cp + 2)); break; + case IPOPT_NOP: /* nothing to print - fall through */ + case IPOPT_SECURITY: default: - printf(" IPOPT-%d{%d}", cp[0], len); break; } } + return 0; + +trunc: + return -1; } -/* - * compute an IP header checksum. - * don't modifiy the packet. - */ -static int -in_cksum(const struct ip *ip) -{ - register const u_short *sp = (u_short *)ip; - register u_int32_t sum = 0; - register int count; +#define IP_RES 0x8000 - /* - * No need for endian conversions. - */ - for (count = ip->ip_hl * 2; --count >= 0; ) - sum += *sp++; - while (sum > 0xffff) - sum = (sum & 0xffff) + (sum >> 16); - sum = ~sum & 0xffff; +static const struct tok ip_frag_values[] = { + { IP_MF, "+" }, + { IP_DF, "DF" }, + { IP_RES, "rsvd" }, /* The RFC3514 evil ;-) bit */ + { 0, NULL } +}; - return (sum); -} /* * print an IP datagram. */ void -ip_print(register const u_char *bp, register u_int length) +ip_print(netdissect_options *ndo, + const u_char *bp, + const u_int length) { - register const struct ip *ip; - register u_int hlen, len, len0, off; - register const u_char *cp; - u_char nh; - int advance; - + const struct ip *ip; + u_int off; + u_int hlen; + u_int len; + struct cksum_vec vec[1]; + uint8_t ip_tos, ip_ttl, ip_proto; + uint16_t sum, ip_sum; + const char *p_name; + int truncated = 0; + int presumed_tso = 0; + + ndo->ndo_protocol = "ip"; ip = (const struct ip *)bp; -#ifdef LBL_ALIGN - /* - * If the IP header is not aligned, copy into abuf. - * This will never happen with BPF. It does happen raw packet - * dumps from -r. - */ - if ((long)ip & 3) { - static u_char *abuf = NULL; - static int didwarn = 0; - - if (abuf == NULL) { - abuf = (u_char *)malloc(snaplen); - if (abuf == NULL) - error("ip_print: malloc"); - } - memcpy((char *)abuf, (char *)ip, min(length, snaplen)); - snapend += abuf - (u_char *)ip; - packetp = abuf; - ip = (struct ip *)abuf; - /* We really want libpcap to give us aligned packets */ - if (!didwarn) { - warning("compensating for unaligned libpcap packets"); - ++didwarn; - } - } -#endif - if ((u_char *)(ip + 1) > snapend) { - printf("[|ip]"); - return; - } - if (length < sizeof (struct ip)) { - (void)printf("truncated-ip %d", length); - return; + + if (!ndo->ndo_eflag) { + nd_print_protocol_caps(ndo); + ND_PRINT(" "); } - hlen = ip->ip_hl * 4; - len = ntohs(ip->ip_len); - if (length < len) - (void)printf("truncated-ip - %d bytes missing!", - len - length); - len -= hlen; - len0 = len; + ND_ICHECK_ZU(length, <, sizeof (struct ip)); + ND_ICHECKMSG_U("version", IP_V(ip), !=, 4); + hlen = IP_HL(ip) * 4; + ND_ICHECKMSG_ZU("header length", hlen, <, sizeof (struct ip)); + + len = GET_BE_U_2(ip->ip_len); + if (len > length) { + ND_PRINT("[total length %u > length %u]", len, length); + nd_print_invalid(ndo); + ND_PRINT(" "); + } + if (len == 0) { + /* we guess that it is a TSO send */ + len = length; + presumed_tso = 1; + } else + ND_ICHECKMSG_U("total length", len, <, hlen); + + ND_TCHECK_SIZE(ip); /* - * If this is fragment zero, hand it to the next higher - * level protocol. + * Cut off the snapshot length to the end of the IP payload. */ - off = ntohs(ip->ip_off); - if ((off & 0x1fff) == 0) { - cp = (const u_char *)ip + hlen; - nh = ip->ip_p; - - if (nh != IPPROTO_TCP && nh != IPPROTO_UDP) { - (void)printf("%s > %s: ", ipaddr_string(&ip->ip_src), - ipaddr_string(&ip->ip_dst)); - } -again: - switch (nh) { - - case IPPROTO_AH: - nh = *cp; - advance = ah_print(cp, (const u_char *)ip); - cp += advance; - len -= advance; - goto again; - - case IPPROTO_ESP: - { - int enh; - advance = esp_print(cp, (const u_char *)ip, &enh); - cp += advance; - len -= advance; - if (enh < 0) - break; - nh = enh & 0xff; - goto again; - } - -#ifndef IPPROTO_IPCOMP -#define IPPROTO_IPCOMP 108 -#endif - case IPPROTO_IPCOMP: - { - int enh; - advance = ipcomp_print(cp, (const u_char *)ip, &enh); - cp += advance; - len -= advance; - if (enh < 0) - break; - nh = enh & 0xff; - goto again; - } - - case IPPROTO_TCP: - tcp_print(cp, len, (const u_char *)ip); - break; - - case IPPROTO_UDP: - udp_print(cp, len, (const u_char *)ip); - break; - - case IPPROTO_ICMP: - icmp_print(cp, (const u_char *)ip); - break; - -#ifndef IPPROTO_IGRP -#define IPPROTO_IGRP 9 -#endif - case IPPROTO_IGRP: - igrp_print(cp, len, (const u_char *)ip); - break; - - case IPPROTO_ND: -#if 0 - (void)printf("%s > %s:", ipaddr_string(&ip->ip_src), - ipaddr_string(&ip->ip_dst)); -#endif - (void)printf(" nd %d", len); - break; - - case IPPROTO_EGP: - egp_print(cp, len, (const u_char *)ip); - break; - -#ifndef IPPROTO_OSPF -#define IPPROTO_OSPF 89 -#endif - case IPPROTO_OSPF: - ospf_print(cp, len, (const u_char *)ip); - break; - -#ifndef IPPROTO_IGMP -#define IPPROTO_IGMP 2 -#endif - case IPPROTO_IGMP: - igmp_print(cp, len, (const u_char *)ip); - break; - - case 4: - /* DVMRP multicast tunnel (ip-in-ip encapsulation) */ -#if 0 - if (vflag) - (void)printf("%s > %s: ", - ipaddr_string(&ip->ip_src), - ipaddr_string(&ip->ip_dst)); -#endif - ip_print(cp, len); - if (! vflag) { - printf(" (ipip)"); - return; - } - break; - -#ifdef INET6 -#ifndef IP6PROTO_ENCAP -#define IP6PROTO_ENCAP 41 -#endif - case IP6PROTO_ENCAP: - /* ip6-in-ip encapsulation */ -#if 0 - if (vflag) - (void)printf("%s > %s: ", - ipaddr_string(&ip->ip_src), - ipaddr_string(&ip->ip_dst)); -#endif - ip6_print(cp, len); - if (! vflag) { - printf(" (encap)"); - return; - } - break; -#endif /*INET6*/ - - -#ifndef IPPROTO_GRE -#define IPPROTO_GRE 47 -#endif - case IPPROTO_GRE: - if (vflag) - (void)printf("gre %s > %s: ", - ipaddr_string(&ip->ip_src), - ipaddr_string(&ip->ip_dst)); - /* do it */ - gre_print(cp, len); - if (! vflag) { - printf(" (gre encap)"); - return; - } - break; - -#ifndef IPPROTO_MOBILE -#define IPPROTO_MOBILE 55 -#endif - case IPPROTO_MOBILE: - if (vflag) - (void)printf("mobile %s > %s: ", - ipaddr_string(&ip->ip_src), - ipaddr_string(&ip->ip_dst)); - mobile_print(cp, len); - if (! vflag) { - printf(" (mobile encap)"); - return; - } - break; + if (!nd_push_snaplen(ndo, bp, len)) { + (*ndo->ndo_error)(ndo, S_ERR_ND_MEM_ALLOC, + "%s: can't push snaplen on buffer stack", __func__); + } - case IPPROTO_PIM: - pim_print(cp, len); - break; + len -= hlen; - default: -#if 0 - (void)printf("%s > %s:", ipaddr_string(&ip->ip_src), - ipaddr_string(&ip->ip_dst)); -#endif - (void)printf(" ip-proto-%d %d", nh, len); - break; + off = GET_BE_U_2(ip->ip_off); + + ip_proto = GET_U_1(ip->ip_p); + + if (ndo->ndo_vflag) { + ip_tos = GET_U_1(ip->ip_tos); + ND_PRINT("(tos 0x%x", ip_tos); + /* ECN bits */ + switch (ip_tos & 0x03) { + + case 0: + break; + + case 1: + ND_PRINT(",ECT(1)"); + break; + + case 2: + ND_PRINT(",ECT(0)"); + break; + + case 3: + ND_PRINT(",CE"); + break; + } + + ip_ttl = GET_U_1(ip->ip_ttl); + if (ip_ttl >= 1) + ND_PRINT(", ttl %u", ip_ttl); + + /* + * for the firewall guys, print id, offset. + * On all but the last stick a "+" in the flags portion. + * For unfragmented datagrams, note the don't fragment flag. + */ + ND_PRINT(", id %u, offset %u, flags [%s], proto %s (%u)", + GET_BE_U_2(ip->ip_id), + (off & IP_OFFMASK) * 8, + bittok2str(ip_frag_values, "none", off & (IP_RES|IP_DF|IP_MF)), + tok2str(ipproto_values, "unknown", ip_proto), + ip_proto); + + if (presumed_tso) + ND_PRINT(", length %u [was 0, presumed TSO]", length); + else + ND_PRINT(", length %u", GET_BE_U_2(ip->ip_len)); + + if ((hlen - sizeof(struct ip)) > 0) { + ND_PRINT(", options ("); + if (ip_optprint(ndo, (const u_char *)(ip + 1), + hlen - sizeof(struct ip)) == -1) { + ND_PRINT(" [truncated-option]"); + truncated = 1; + } + ND_PRINT(")"); + } + + if (!ndo->ndo_Kflag && (const u_char *)ip + hlen <= ndo->ndo_snapend) { + vec[0].ptr = (const uint8_t *)(const void *)ip; + vec[0].len = hlen; + sum = in_cksum(vec, 1); + if (sum != 0) { + ip_sum = GET_BE_U_2(ip->ip_sum); + ND_PRINT(", bad cksum %x (->%x)!", ip_sum, + in_cksum_shouldbe(ip_sum, sum)); } + } + + ND_PRINT(")\n "); + if (truncated) { + ND_PRINT("%s > %s: ", + GET_IPADDR_STRING(ip->ip_src), + GET_IPADDR_STRING(ip->ip_dst)); + nd_print_trunc(ndo); + nd_pop_packet_info(ndo); + return; + } } /* - * for fragmented datagrams, print id:size@offset. On all - * but the last stick a "+". For unfragmented datagrams, note - * the don't fragment flag. + * If this is fragment zero, hand it to the next higher + * level protocol. Let them know whether there are more + * fragments. */ - len = len0; /* get the original length */ - if (off & 0x3fff) { + if ((off & IP_OFFMASK) == 0) { + uint8_t nh = GET_U_1(ip->ip_p); + + if (nh != IPPROTO_TCP && nh != IPPROTO_UDP && + nh != IPPROTO_SCTP && nh != IPPROTO_DCCP) { + ND_PRINT("%s > %s: ", + GET_IPADDR_STRING(ip->ip_src), + GET_IPADDR_STRING(ip->ip_dst)); + } /* - * if this isn't the first frag, we're missing the - * next level protocol header. print the ip addr. + * Do a bounds check before calling ip_demux_print(). + * At least the header data is required. */ - if (off & 0x1fff) - (void)printf("%s > %s:", ipaddr_string(&ip->ip_src), - ipaddr_string(&ip->ip_dst)); - (void)printf(" (frag %d:%u@%d%s)", ntohs(ip->ip_id), len, - (off & 0x1fff) * 8, - (off & IP_MF)? "+" : ""); - } else if (off & IP_DF) - (void)printf(" (DF)"); - - if (ip->ip_tos) - (void)printf(" [tos 0x%x]", (int)ip->ip_tos); - if (ip->ip_ttl <= 1) - (void)printf(" [ttl %d]", (int)ip->ip_ttl); - - if (vflag) { - int sum; - char *sep = ""; - - printf(" ("); - if (ip->ip_ttl > 1) { - (void)printf("%sttl %d", sep, (int)ip->ip_ttl); - sep = ", "; - } - if ((off & 0x3fff) == 0) { - (void)printf("%sid %d", sep, (int)ntohs(ip->ip_id)); - sep = ", "; + if (!ND_TTEST_LEN((const u_char *)ip, hlen)) { + ND_PRINT(" [remaining caplen(%u) < header length(%u)]", + ND_BYTES_AVAILABLE_AFTER((const u_char *)ip), + hlen); + nd_trunc_longjmp(ndo); } - if ((u_char *)ip + hlen <= snapend) { - sum = in_cksum(ip); - if (sum != 0) { - (void)printf("%sbad cksum %x!", sep, - ntohs(ip->ip_sum)); - sep = ", "; - } - } - if ((hlen -= sizeof(struct ip)) > 0) { - (void)printf("%soptlen=%d", sep, hlen); - ip_optprint((u_char *)(ip + 1), hlen); + ip_demux_print(ndo, (const u_char *)ip + hlen, len, 4, + off & IP_MF, GET_U_1(ip->ip_ttl), nh, bp); + } else { + /* + * Ultra quiet now means that all this stuff should be + * suppressed. + */ + if (ndo->ndo_qflag > 1) { + nd_pop_packet_info(ndo); + return; } - printf(")"); + + /* + * This isn't the first frag, so we're missing the + * next level protocol header. print the ip addr + * and the protocol. + */ + ND_PRINT("%s > %s:", GET_IPADDR_STRING(ip->ip_src), + GET_IPADDR_STRING(ip->ip_dst)); + if (!ndo->ndo_nflag && (p_name = netdb_protoname(ip_proto)) != NULL) + ND_PRINT(" %s", p_name); + else + ND_PRINT(" ip-proto-%u", ip_proto); + } + nd_pop_packet_info(ndo); + return; + +trunc: + nd_print_trunc(ndo); + return; + +invalid: + nd_print_invalid(ndo); +} + +void +ipN_print(netdissect_options *ndo, const u_char *bp, u_int length) +{ + ndo->ndo_protocol = "ipn"; + if (length < 1) { + ND_PRINT("truncated-ip %u", length); + return; + } + + switch (GET_U_1(bp) & 0xF0) { + case 0x40: + ip_print(ndo, bp, length); + break; + case 0x60: + ip6_print(ndo, bp, length); + break; + default: + ND_PRINT("unknown ip %u", (GET_U_1(bp) & 0xF0) >> 4); + break; } }