tcpdump/print-ip.c

666 lines
15 KiB
C
Raw Normal View History

1999-10-08 07:47:09 +08:00
/*
1999-10-18 06:18:00 +08:00
* Copyright (c) 1988, 1989, 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997
1999-10-08 07:47:09 +08:00
* The Regents of the University of California. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that: (1) source code distributions
* retain the above copyright notice and this paragraph in its entirety, (2)
* distributions including binary code include the above copyright notice and
* this paragraph in its entirety in the documentation or other materials
* provided with the distribution, and (3) all advertising materials mentioning
* features or use of this software display the following acknowledgement:
* ``This product includes software developed by the University of California,
* Lawrence Berkeley Laboratory and its contributors.'' Neither the name of
* the University nor the names of its contributors may be used to endorse
* or promote products derived from this software without specific prior
* written permission.
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED
* WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
*/
#ifndef lint
static const char rcsid[] =
"@(#) $Header: /tcpdump/master/tcpdump/print-ip.c,v 1.125 2003-05-21 08:39:57 hannes Exp $ (LBL)";
#endif
#ifdef HAVE_CONFIG_H
#include "config.h"
1999-10-08 07:47:09 +08:00
#endif
#include <tcpdump-stdinc.h>
1999-10-08 07:47:09 +08:00
#include <stdio.h>
#include <stdlib.h>
1999-10-18 06:18:00 +08:00
#include <string.h>
1999-10-08 07:47:09 +08:00
#include "addrtoname.h"
1999-10-18 06:18:00 +08:00
#include "interface.h"
#include "extract.h" /* must come after interface.h */
#include "ip.h"
1999-10-18 06:18:00 +08:00
/* Compatibility */
#ifndef IPPROTO_ND
#define IPPROTO_ND 77
#endif
1999-10-08 07:47:09 +08:00
/*
* print the recorded route in an IP RR, LSRR or SSRR option.
*/
static void
1999-10-18 06:18:00 +08:00
ip_printroute(const char *type, register const u_char *cp, u_int length)
1999-10-08 07:47:09 +08:00
{
1999-10-18 06:18:00 +08:00
register u_int ptr = cp[2] - 1;
register u_int len;
1999-10-08 07:47:09 +08:00
printf(" %s{", type);
if ((length + 1) & 3)
printf(" [bad length %d]", length);
if (ptr < 3 || ((ptr + 1) & 3) || ptr > length + 1)
printf(" [bad ptr %d]", cp[2]);
type = "";
for (len = 3; len < length; len += 4) {
if (ptr == len)
type = "#";
printf("%s%s", type, ipaddr_string(&cp[len]));
type = " ";
}
printf("%s}", ptr == len? "#" : "");
}
/*
* If source-routing is present, return the final destination.
* Otherwise, return IP destination.
*
* This is used for UDP and TCP pseudo-header in the checksum
* calculation.
*/
u_int32_t
ip_finddst(const struct ip *ip)
{
int length;
int len;
const u_char *cp;
u_int32_t retval;
cp = (const u_char *)(ip + 1);
length = (IP_HL(ip) << 2) - sizeof(struct ip);
for (; length > 0; cp += len, length -= len) {
int tt = *cp;
if (tt == IPOPT_NOP || tt == IPOPT_EOL)
len = 1;
else {
if (&cp[1] >= snapend) {
return 0;
}
len = cp[1];
}
if (len <= 0) {
return 0;
}
if (&cp[1] >= snapend || cp + len > snapend) {
return 0;
}
switch (tt) {
case IPOPT_SSRR:
case IPOPT_LSRR:
memcpy(&retval, cp + len - 4, 4);
return retval;
}
}
return ip->ip_dst.s_addr;
}
static void
ip_printts(register const u_char *cp, u_int length)
{
register u_int ptr = cp[2] - 1;
register u_int len = 0;
int hoplen;
Add a few more GCC warnings on GCC >= 2 for ".devel" builds. From Neil T. Spring: fixes for many of those warnings: addrtoname.c, configure.in: Linux needs netinet/ether.h for ether_ntohost print-*.c: change char *foo = "bar" to const char *foo = "bar" to appease -Wwrite-strings; should affect no run-time behavior. print-*.c: make some variables unsigned. print-bgp.c: plen ('prefix len') is unsigned, no reason to validate by comparing to zero. print-cnfp.c, print-rx.c: use intoa, provided by addrtoname, instead of inet_ntoa. print-domain.c: unsigned int l; (l=foo()) < 0 is guaranteed to be false, so check for (u_int)-1, which represents failure, explicitly. print-isakmp.c: complete initialization of attrmap objects. print-lwres.c: "if(x); print foo;" seemed much more likely to be intended to be "if(x) { print foo; }". print-smb.c: complete initialization of some structures. In addition, add some fixes for the signed vs. unsigned comparison warnings: extract.h: cast the result of the byte-extraction-and-combining, as, at least for the 16-bit version, C's integral promotions will turn "u_int16_t" into "int" if there are other "int"s nearby. print-*.c: make some more variables unsigned, or add casts to an unsigned type of signed values known not to be negative, or add casts to "int" of unsigned values known to fit in an "int", and make other changes needed to handle the aforementioned variables now being unsigned. print-isakmp.c: clean up the handling of error/status indicators in notify messages. print-ppp.c: get rid of a check that an unsigned quantity is >= 0. print-radius.c: clean up some of the bounds checking. print-smb.c: extract the word count into a "u_int" to avoid the aforementioned problems with C's integral promotions. print-snmp.c: change a check that an unsigned variable is >= 0 to a check that it's != 0. Also, fix some formats to use "%u" rather than "%d" for unsigned quantities.
2002-09-05 08:00:07 +08:00
const char *type;
printf(" TS{");
hoplen = ((cp[3]&0xF) != IPOPT_TS_TSONLY) ? 8 : 4;
if ((length - 4) & (hoplen-1))
printf("[bad length %d]", length);
if (ptr < 4 || ((ptr - 4) & (hoplen-1)) || ptr > length + 1)
printf("[bad ptr %d]", cp[2]);
switch (cp[3]&0xF) {
case IPOPT_TS_TSONLY:
printf("TSONLY");
break;
case IPOPT_TS_TSANDADDR:
printf("TS+ADDR");
break;
/*
* prespecified should really be 3, but some ones might send 2
* instead, and the IPOPT_TS_PRESPEC constant can apparently
* have both values, so we have to hard-code it here.
*/
case 2:
printf("PRESPEC2.0");
break;
case 3: /* IPOPT_TS_PRESPEC */
printf("PRESPEC");
break;
2002-06-12 01:08:37 +08:00
default:
printf("[bad ts type %d]", cp[3]&0xF);
goto done;
}
type = " ";
for (len = 4; len < length; len += hoplen) {
if (ptr == len)
type = " ^ ";
printf("%s%d@%s", type, EXTRACT_32BITS(&cp[len+hoplen-4]),
hoplen!=8 ? "" : ipaddr_string(&cp[len]));
type = " ";
}
done:
printf("%s", ptr == len ? " ^ " : "");
if (cp[3]>>4)
printf(" [%d hops not recorded]} ", cp[3]>>4);
else
printf("}");
}
1999-10-08 07:47:09 +08:00
/*
* print IP options.
*/
static void
1999-10-18 06:18:00 +08:00
ip_optprint(register const u_char *cp, u_int length)
1999-10-08 07:47:09 +08:00
{
1999-10-18 06:18:00 +08:00
register u_int len;
1999-10-08 07:47:09 +08:00
for (; length > 0; cp += len, length -= len) {
int tt = *cp;
if (tt == IPOPT_NOP || tt == IPOPT_EOL)
len = 1;
else {
if (&cp[1] >= snapend) {
printf("[|ip]");
return;
}
len = cp[1];
}
1999-10-18 06:18:00 +08:00
if (len <= 0) {
printf("[|ip op len %d]", len);
return;
}
1999-10-08 07:47:09 +08:00
if (&cp[1] >= snapend || cp + len > snapend) {
printf("[|ip]");
return;
}
switch (tt) {
case IPOPT_EOL:
printf(" EOL");
if (length > 1)
printf("-%d", length - 1);
return;
case IPOPT_NOP:
printf(" NOP");
break;
case IPOPT_TS:
ip_printts(cp, len);
1999-10-08 07:47:09 +08:00
break;
#ifndef IPOPT_SECURITY
#define IPOPT_SECURITY 130
#endif /* IPOPT_SECURITY */
1999-10-08 07:47:09 +08:00
case IPOPT_SECURITY:
printf(" SECURITY{%d}", len);
break;
case IPOPT_RR:
ip_printroute("RR", cp, len);
break;
case IPOPT_SSRR:
ip_printroute("SSRR", cp, len);
break;
case IPOPT_LSRR:
ip_printroute("LSRR", cp, len);
break;
#ifndef IPOPT_RA
#define IPOPT_RA 148 /* router alert */
#endif
case IPOPT_RA:
printf(" RA");
if (len != 4)
printf("{%d}", len);
else if (cp[2] || cp[3])
printf("%d.%d", cp[2], cp[3]);
2001-01-28 16:18:27 +08:00
break;
1999-10-08 07:47:09 +08:00
default:
printf(" IPOPT-%d{%d}", cp[0], len);
break;
}
}
}
/*
* compute an IP header checksum.
* don't modifiy the packet.
*/
u_short
in_cksum(const u_short *addr, register u_int len, int csum)
1999-10-08 07:47:09 +08:00
{
int nleft = len;
const u_short *w = addr;
u_short answer;
int sum = csum;
2002-06-12 01:08:37 +08:00
/*
* Our algorithm is simple, using a 32 bit accumulator (sum),
* we add sequential 16 bit words to it, and at the end, fold
* back all the carry bits from the top 16 bits into the lower
* 16 bits.
2002-06-12 01:08:37 +08:00
*/
while (nleft > 1) {
sum += *w++;
nleft -= 2;
}
if (nleft == 1)
sum += htons(*(u_char *)w<<8);
1999-10-08 07:47:09 +08:00
/*
* add back carry outs from top 16 bits to low 16 bits
1999-10-08 07:47:09 +08:00
*/
sum = (sum >> 16) + (sum & 0xffff); /* add hi 16 to low 16 */
sum += (sum >> 16); /* add carry */
answer = ~sum; /* truncate to 16 bits */
return (answer);
1999-10-08 07:47:09 +08:00
}
/*
* Given the host-byte-order value of the checksum field in a packet
* header, and the network-byte-order computed checksum of the data
* that the checksum covers (including the checksum itself), compute
* what the checksum field *should* have been.
*/
u_int16_t
in_cksum_shouldbe(u_int16_t sum, u_int16_t computed_sum)
{
u_int32_t shouldbe;
/*
* The value that should have gone into the checksum field
* is the negative of the value gotten by summing up everything
* *but* the checksum field.
*
* We can compute that by subtracting the value of the checksum
* field from the sum of all the data in the packet, and then
* computing the negative of that value.
*
* "sum" is the value of the checksum field, and "computed_sum"
* is the negative of the sum of all the data in the packets,
* so that's -(-computed_sum - sum), or (sum + computed_sum).
*
* All the arithmetic in question is one's complement, so the
* addition must include an end-around carry; we do this by
* doing the arithmetic in 32 bits (with no sign-extension),
* and then adding the upper 16 bits of the sum, which contain
* the carry, to the lower 16 bits of the sum, and then do it
* again in case *that* sum produced a carry.
*
* As RFC 1071 notes, the checksum can be computed without
* byte-swapping the 16-bit words; summing 16-bit words
* on a big-endian machine gives a big-endian checksum, which
* can be directly stuffed into the big-endian checksum fields
* in protocol headers, and summing words on a little-endian
* machine gives a little-endian checksum, which must be
* byte-swapped before being stuffed into a big-endian checksum
* field.
*
* "computed_sum" is a network-byte-order value, so we must put
* it in host byte order before subtracting it from the
* host-byte-order value from the header; the adjusted checksum
* will be in host byte order, which is what we'll return.
*/
shouldbe = sum;
shouldbe += ntohs(computed_sum);
shouldbe = (shouldbe & 0xFFFF) + (shouldbe >> 16);
shouldbe = (shouldbe & 0xFFFF) + (shouldbe >> 16);
return shouldbe;
}
#ifndef IP_MF
#define IP_MF 0x2000
#endif /* IP_MF */
#ifndef IP_DF
#define IP_DF 0x4000
#endif /* IP_DF */
#define IP_RES 0x8000
static struct tok ip_frag_values[] = {
{ IP_MF, "+" },
{ IP_DF, "DF" },
{ IP_RES, "rsvd" }, /* The RFC3514 evil ;-) bit */
{ 0, NULL }
};
1999-10-08 07:47:09 +08:00
/*
* print an IP datagram.
*/
void
1999-10-18 06:18:00 +08:00
ip_print(register const u_char *bp, register u_int length)
1999-10-08 07:47:09 +08:00
{
register const struct ip *ip;
register u_int hlen, len, len0, off;
1999-10-08 07:47:09 +08:00
register const u_char *cp;
u_char nh;
int advance;
struct protoent *proto;
u_int16_t sum, ip_sum;
const char *sep = "";
1999-10-08 07:47:09 +08:00
printf("IP%s ", (((*bp >> 4) & 0xf) == 4) ? "" : "%u", (*bp >> 4) & 0xf); /* print version if != 4 */
1999-10-08 07:47:09 +08:00
ip = (const struct ip *)bp;
if ((u_char *)(ip + 1) > snapend) {
printf("[|ip]");
return;
}
if (length < sizeof (struct ip)) {
(void)printf("truncated-ip %d", length);
return;
}
hlen = IP_HL(ip) * 4;
if (hlen < sizeof (struct ip)) {
(void)printf("bad-hlen %d", hlen);
return;
}
1999-10-08 07:47:09 +08:00
len = EXTRACT_16BITS(&ip->ip_len);
1999-10-08 07:47:09 +08:00
if (length < len)
(void)printf("truncated-ip - %d bytes missing! ",
1999-10-08 07:47:09 +08:00
len - length);
len -= hlen;
len0 = len;
1999-10-08 07:47:09 +08:00
off = EXTRACT_16BITS(&ip->ip_off);
2002-07-21 07:37:40 +08:00
if (vflag) {
(void)printf("(tos 0x%x", (int)ip->ip_tos);
/* ECN bits */
if (ip->ip_tos & 0x03) {
switch (ip->ip_tos & 0x03) {
case 1:
(void)printf(",ECT(1)");
break;
case 2:
(void)printf(",ECT(0)");
break;
case 3:
(void)printf(",CE");
}
}
if (ip->ip_ttl >= 1)
(void)printf(", ttl %3u", ip->ip_ttl);
/*
* for the firewall guys, print id, offset.
* On all but the last stick a "+" in the flags portion.
* For unfragmented datagrams, note the don't fragment flag.
*/
(void)printf(", id %u, offset %u, flags [%s]",
EXTRACT_16BITS(&ip->ip_id),
(off & 0x1fff) * 8,
bittok2str(ip_frag_values, "none", off & 0xe000 ));
(void)printf(", length: %u", EXTRACT_16BITS(&ip->ip_len));
if ((hlen - sizeof(struct ip)) > 0) {
2003-01-03 16:37:22 +08:00
(void)printf(", optlength: %u (", hlen - (u_int)sizeof(struct ip));
ip_optprint((u_char *)(ip + 1), hlen - sizeof(struct ip));
printf(" )");
}
if ((u_char *)ip + hlen <= snapend) {
sum = in_cksum((const u_short *)ip, hlen, 0);
if (sum != 0) {
ip_sum = EXTRACT_16BITS(&ip->ip_sum);
(void)printf("%sbad cksum %x (->%x)!", sep,
ip_sum,
in_cksum_shouldbe(ip_sum, sum));
sep = ", ";
}
}
printf(") ");
}
1999-10-08 07:47:09 +08:00
/*
* If this is fragment zero, hand it to the next higher
* level protocol.
*/
if ((off & 0x1fff) == 0) {
cp = (const u_char *)ip + hlen;
nh = ip->ip_p;
#ifndef IPPROTO_SCTP
#define IPPROTO_SCTP 132
#endif
if (nh != IPPROTO_TCP && nh != IPPROTO_UDP &&
nh != IPPROTO_SCTP) {
(void)printf("%s > %s: ", ipaddr_string(&ip->ip_src),
ipaddr_string(&ip->ip_dst));
}
again:
switch (nh) {
#ifndef IPPROTO_AH
#define IPPROTO_AH 51
#endif
case IPPROTO_AH:
nh = *cp;
advance = ah_print(cp);
cp += advance;
len -= advance;
goto again;
#ifndef IPPROTO_ESP
#define IPPROTO_ESP 50
#endif
case IPPROTO_ESP:
{
int enh, padlen;
advance = esp_print(cp, (const u_char *)ip, &enh, &padlen);
cp += advance;
len -= advance + padlen;
if (enh < 0)
break;
nh = enh & 0xff;
goto again;
}
#ifndef IPPROTO_IPCOMP
#define IPPROTO_IPCOMP 108
#endif
case IPPROTO_IPCOMP:
{
int enh;
advance = ipcomp_print(cp, &enh);
cp += advance;
len -= advance;
if (enh < 0)
break;
nh = enh & 0xff;
goto again;
}
1999-10-18 06:18:00 +08:00
case IPPROTO_SCTP:
2002-06-12 01:08:37 +08:00
sctp_print(cp, (const u_char *)ip, len);
break;
1999-10-18 06:18:00 +08:00
case IPPROTO_TCP:
tcp_print(cp, len, (const u_char *)ip, (off &~ 0x6000));
1999-10-18 06:18:00 +08:00
break;
case IPPROTO_UDP:
udp_print(cp, len, (const u_char *)ip, (off &~ 0x6000));
1999-10-18 06:18:00 +08:00
break;
case IPPROTO_ICMP:
/* pass on the MF bit plus the offset to detect fragments */
icmp_print(cp, len, (const u_char *)ip, (off & 0x3fff));
1999-10-18 06:18:00 +08:00
break;
#ifndef IPPROTO_IGRP
#define IPPROTO_IGRP 9
#endif
case IPPROTO_IGRP:
igrp_print(cp, len, (const u_char *)ip);
break;
case IPPROTO_ND:
(void)printf(" nd %d", len);
break;
case IPPROTO_EGP:
egp_print(cp);
1999-10-18 06:18:00 +08:00
break;
#ifndef IPPROTO_OSPF
#define IPPROTO_OSPF 89
#endif
case IPPROTO_OSPF:
ospf_print(cp, len, (const u_char *)ip);
break;
#ifndef IPPROTO_IGMP
#define IPPROTO_IGMP 2
#endif
case IPPROTO_IGMP:
igmp_print(cp, len);
1999-10-18 06:18:00 +08:00
break;
case 4:
/* DVMRP multicast tunnel (ip-in-ip encapsulation) */
ip_print(cp, len);
if (! vflag) {
printf(" (ipip-proto-4)");
1999-10-18 06:18:00 +08:00
return;
}
break;
#ifdef INET6
#ifndef IP6PROTO_ENCAP
#define IP6PROTO_ENCAP 41
#endif
case IP6PROTO_ENCAP:
/* ip6-in-ip encapsulation */
ip6_print(cp, len);
break;
#endif /*INET6*/
#ifndef IPPROTO_RSVP
#define IPPROTO_RSVP 46
#endif
case IPPROTO_RSVP:
rsvp_print(cp, len);
break;
1999-10-18 06:18:00 +08:00
#ifndef IPPROTO_GRE
#define IPPROTO_GRE 47
#endif
case IPPROTO_GRE:
/* do it */
gre_print(cp, len);
2001-01-28 16:18:27 +08:00
break;
1999-10-18 06:18:00 +08:00
#ifndef IPPROTO_MOBILE
#define IPPROTO_MOBILE 55
#endif
case IPPROTO_MOBILE:
mobile_print(cp, len);
break;
#ifndef IPPROTO_PIM
#define IPPROTO_PIM 103
#endif
case IPPROTO_PIM:
pim_print(cp, len);
break;
#ifndef IPPROTO_VRRP
#define IPPROTO_VRRP 112
#endif
case IPPROTO_VRRP:
vrrp_print(cp, len, ip->ip_ttl);
break;
1999-10-18 06:18:00 +08:00
default:
if ((proto = getprotobynumber(nh)) != NULL)
(void)printf(" %s", proto->p_name);
else
(void)printf(" ip-proto-%d", nh);
printf(" %d", len);
1999-10-18 06:18:00 +08:00
break;
}
} else {
/* Ultra quiet now means that all this stuff should be suppressed */
if (qflag > 1) return;
/*
* if this isn't the first frag, we're missing the
* next level protocol header. print the ip addr
* and the protocol.
*/
if (off & 0x1fff) {
(void)printf("%s > %s:", ipaddr_string(&ip->ip_src),
ipaddr_string(&ip->ip_dst));
if ((proto = getprotobynumber(ip->ip_p)) != NULL)
(void)printf(" %s", proto->p_name);
else
(void)printf(" ip-proto-%d", ip->ip_p);
}
1999-10-08 07:47:09 +08:00
}
}
void
ipN_print(register const u_char *bp, register u_int length)
{
struct ip *ip, hdr;
ip = (struct ip *)bp;
if (length < 4) {
(void)printf("truncated-ip %d", length);
return;
}
memcpy (&hdr, (char *)ip, 4);
switch (IP_V(&hdr)) {
case 4:
2001-01-28 16:18:27 +08:00
ip_print (bp, length);
return;
#ifdef INET6
case 6:
2001-01-28 16:18:27 +08:00
ip6_print (bp, length);
return;
#endif
default:
2001-01-28 16:18:27 +08:00
(void)printf("unknown ip %d", IP_V(&hdr));
return;
}
}