xref: /openbsd-src/usr.sbin/tcpdump/print-ip.c (revision 0b7734b3d77bb9b21afec6f4621cae6c805dbd45) 
1 /*	$OpenBSD: print-ip.c,v 1.45 2015/11/16 00:16:39 mmcc Exp $	*/
2 
3 /*
4  * Copyright (c) 1988, 1989, 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997
5  *	The Regents of the University of California.  All rights reserved.
6  *
7  * Redistribution and use in source and binary forms, with or without
8  * modification, are permitted provided that: (1) source code distributions
9  * retain the above copyright notice and this paragraph in its entirety, (2)
10  * distributions including binary code include the above copyright notice and
11  * this paragraph in its entirety in the documentation or other materials
12  * provided with the distribution, and (3) all advertising materials mentioning
13  * features or use of this software display the following acknowledgement:
14  * ``This product includes software developed by the University of California,
15  * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of
16  * the University nor the names of its contributors may be used to endorse
17  * or promote products derived from this software without specific prior
18  * written permission.
19  * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED
20  * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
21  * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
22  */
23 
24 #include <sys/time.h>
25 #include <sys/socket.h>
26 
27 #include <netinet/in.h>
28 #include <netinet/ip.h>
29 #include <netinet/ip_var.h>
30 #include <netinet/udp.h>
31 #include <netinet/udp_var.h>
32 #include <netinet/tcp.h>
33 
34 #include <inttypes.h>
35 #include <stdio.h>
36 #include <stdlib.h>
37 #include <string.h>
38 #include <unistd.h>
39 
40 #include "addrtoname.h"
41 #include "interface.h"
42 #include "extract.h"			/* must come after interface.h */
43 
44 /* Compatibility */
45 #ifndef	IPPROTO_ND
46 #define	IPPROTO_ND	77
47 #endif
48 
49 #ifndef IN_CLASSD
50 #define IN_CLASSD(i) (((int32_t)(i) & 0xf0000000) == 0xe0000000)
51 #endif
52 
53 /* Definitions required for ECN
54    for use if the OS running tcpdump does not have ECN */
55 #ifndef IPTOS_ECT
56 #define IPTOS_ECT	0x02	/* ECN Capable Transport in IP header*/
57 #endif
58 #ifndef IPTOS_CE
59 #define IPTOS_CE	0x01	/* ECN Cong. Experienced in IP header*/
60 #endif
61 
62 /* (following from ipmulti/mrouted/prune.h) */
63 
64 /*
65  * The packet format for a traceroute request.
66  */
67 struct tr_query {
68 	u_int  tr_src;			/* traceroute source */
69 	u_int  tr_dst;			/* traceroute destination */
70 	u_int  tr_raddr;		/* traceroute response address */
71 #if BYTE_ORDER == BIG_ENDIAN
72 	struct {
73 		u_int   ttl : 8;	/* traceroute response ttl */
74 		u_int   qid : 24;	/* traceroute query id */
75 	} q;
76 #else
77 	struct {
78 		u_int	qid : 24;	/* traceroute query id */
79 		u_int	ttl : 8;	/* traceroute response ttl */
80 	} q;
81 #endif
82 };
83 
84 #define tr_rttl q.ttl
85 #define tr_qid  q.qid
86 
87 /*
88  * Traceroute response format.  A traceroute response has a tr_query at the
89  * beginning, followed by one tr_resp for each hop taken.
90  */
91 struct tr_resp {
92 	u_int tr_qarr;			/* query arrival time */
93 	u_int tr_inaddr;		/* incoming interface address */
94 	u_int tr_outaddr;		/* outgoing interface address */
95 	u_int tr_rmtaddr;		/* parent address in source tree */
96 	u_int tr_vifin;			/* input packet count on interface */
97 	u_int tr_vifout;		/* output packet count on interface */
98 	u_int tr_pktcnt;		/* total incoming packets for src-grp */
99 	u_char  tr_rproto;		/* routing proto deployed on router */
100 	u_char  tr_fttl;		/* ttl required to forward on outvif */
101 	u_char  tr_smask;		/* subnet mask for src addr */
102 	u_char  tr_rflags;		/* forwarding error codes */
103 };
104 
105 /* defs within mtrace */
106 #define TR_QUERY 1
107 #define TR_RESP	2
108 
109 /* fields for tr_rflags (forwarding error codes) */
110 #define TR_NO_ERR	0
111 #define TR_WRONG_IF	1
112 #define TR_PRUNED	2
113 #define TR_OPRUNED	3
114 #define TR_SCOPED	4
115 #define TR_NO_RTE	5
116 #define TR_NO_FWD	7
117 #define TR_NO_SPACE	0x81
118 #define TR_OLD_ROUTER	0x82
119 
120 /* fields for tr_rproto (routing protocol) */
121 #define TR_PROTO_DVMRP	1
122 #define TR_PROTO_MOSPF	2
123 #define TR_PROTO_PIM	3
124 #define TR_PROTO_CBT	4
125 
126 static void print_mtrace(const u_char *bp, u_int len)
127 {
128 	struct tr_query *tr = (struct tr_query *)(bp + 8);
129 
130 	printf("mtrace %d: %s to %s reply-to %s", tr->tr_qid,
131 		ipaddr_string(&tr->tr_src), ipaddr_string(&tr->tr_dst),
132 		ipaddr_string(&tr->tr_raddr));
133 	if (IN_CLASSD(ntohl(tr->tr_raddr)))
134 		printf(" with-ttl %d", tr->tr_rttl);
135 }
136 
137 static void print_mresp(const u_char *bp, u_int len)
138 {
139 	struct tr_query *tr = (struct tr_query *)(bp + 8);
140 
141 	printf("mresp %d: %s to %s reply-to %s", tr->tr_qid,
142 		ipaddr_string(&tr->tr_src), ipaddr_string(&tr->tr_dst),
143 		ipaddr_string(&tr->tr_raddr));
144 	if (IN_CLASSD(ntohl(tr->tr_raddr)))
145 		printf(" with-ttl %d", tr->tr_rttl);
146 }
147 
148 static void
149 igmp_print(const u_char *bp, u_int len, const u_char *bp2)
150 {
151 	const struct ip *ip;
152 
153 	ip = (const struct ip *)bp2;
154         (void)printf("%s > %s: ",
155 		ipaddr_string(&ip->ip_src),
156 		ipaddr_string(&ip->ip_dst));
157 
158 	TCHECK2(bp[0], 8);
159 	switch (bp[0]) {
160 	case 0x11:
161 		(void)printf("igmp query");
162 		if (*(int *)&bp[4])
163 			(void)printf(" [gaddr %s]", ipaddr_string(&bp[4]));
164 		if (len != 8)
165 			(void)printf(" [len %d]", len);
166 		break;
167 	case 0x12:
168 		(void)printf("igmp report %s", ipaddr_string(&bp[4]));
169 		if (len != 8)
170 			(void)printf(" [len %d]", len);
171 		break;
172 	case 0x16:
173 		(void)printf("igmp nreport %s", ipaddr_string(&bp[4]));
174 		break;
175 	case 0x17:
176 		(void)printf("igmp leave %s", ipaddr_string(&bp[4]));
177 		break;
178 	case 0x13:
179 		(void)printf("igmp dvmrp");
180 		if (len < 8)
181 			(void)printf(" [len %d]", len);
182 		else
183 			dvmrp_print(bp, len);
184 		break;
185 	case 0x14:
186 		(void)printf("igmp pim");
187 		pim_print(bp, len);
188   		break;
189 	case 0x1e:
190 		print_mresp(bp, len);
191 		break;
192 	case 0x1f:
193 		print_mtrace(bp, len);
194 		break;
195 	default:
196 		(void)printf("igmp-%d", bp[0] & 0xf);
197 		break;
198 	}
199 	if ((bp[0] >> 4) != 1)
200 		(void)printf(" [v%d]", bp[0] >> 4);
201 
202 	TCHECK2(bp[0], len);
203 	if (vflag) {
204 		/* Check the IGMP checksum */
205 		u_int32_t sum = 0;
206 		int count;
207 		const u_short *sp = (u_short *)bp;
208 
209 		for (count = len / 2; --count >= 0; )
210 			sum += *sp++;
211 		if (len & 1)
212 			sum += ntohs(*(u_char *) sp << 8);
213 		while (sum >> 16)
214 			sum = (sum & 0xffff) + (sum >> 16);
215 		sum = 0xffff & ~sum;
216 		if (sum != 0)
217 			printf(" bad igmp cksum %x!", EXTRACT_16BITS(&bp[2]));
218 	}
219 	return;
220 trunc:
221 	fputs("[|igmp]", stdout);
222 }
223 
224 /*
225  * print the recorded route in an IP RR, LSRR or SSRR option.
226  */
227 static void
228 ip_printroute(const char *type, const u_char *cp, u_int length)
229 {
230 	u_int ptr = cp[2] - 1;
231 	u_int len;
232 
233 	printf(" %s{", type);
234 	if ((length + 1) & 3)
235 		printf(" [bad length %d]", length);
236 	if (ptr < 3 || ((ptr + 1) & 3) || ptr > length + 1)
237 		printf(" [bad ptr %d]", cp[2]);
238 
239 	type = "";
240 	for (len = 3; len < length; len += 4) {
241 		if (ptr == len)
242 			type = "#";
243 		printf("%s%s", type, ipaddr_string(&cp[len]));
244 		type = " ";
245 	}
246 	printf("%s}", ptr == len? "#" : "");
247 }
248 
249 /*
250  * print IP options.
251  */
252 static void
253 ip_optprint(const u_char *cp, u_int length)
254 {
255 	u_int len;
256 	int tt;
257 
258 	for (; length > 0; cp += len, length -= len) {
259 		TCHECK(cp[1]);
260 		tt = *cp;
261 		len = (tt == IPOPT_NOP || tt == IPOPT_EOL) ? 1 : cp[1];
262 		if (len <= 0) {
263 			printf("[|ip op len %d]", len);
264 			return;
265 		}
266 		if (&cp[1] >= snapend || cp + len > snapend) {
267 			printf("[|ip]");
268 			return;
269 		}
270 		switch (tt) {
271 
272 		case IPOPT_EOL:
273 			printf(" EOL");
274 			if (length > 1)
275 				printf("-%d", length - 1);
276 			return;
277 
278 		case IPOPT_NOP:
279 			printf(" NOP");
280 			break;
281 
282 		case IPOPT_TS:
283 			printf(" TS{%d}", len);
284 			break;
285 
286 		case IPOPT_SECURITY:
287 			printf(" SECURITY{%d}", len);
288 			break;
289 
290 		case IPOPT_RR:
291 			printf(" RR{%d}=", len);
292 			ip_printroute("RR", cp, len);
293 			break;
294 
295 		case IPOPT_SSRR:
296 			ip_printroute("SSRR", cp, len);
297 			break;
298 
299 		case IPOPT_LSRR:
300 			ip_printroute("LSRR", cp, len);
301 			break;
302 
303 		default:
304 			printf(" IPOPT-%d{%d}", cp[0], len);
305 			break;
306 		}
307 	}
308 	return;
309 
310 trunc:
311 	printf("[|ip]");
312 }
313 
314 /*
315  * compute an IP header checksum.
316  * don't modifiy the packet.
317  */
318 u_short
319 in_cksum(const u_short *addr, int len, int csum)
320 {
321 	int nleft = len;
322 	const u_short *w = addr;
323 	u_short answer;
324 	int sum = csum;
325 
326  	/*
327 	 *  Our algorithm is simple, using a 32 bit accumulator (sum),
328 	 *  we add sequential 16 bit words to it, and at the end, fold
329 	 *  back all the carry bits from the top 16 bits into the lower
330 	 *  16 bits.
331  	 */
332 	while (nleft > 1)  {
333 		sum += *w++;
334 		nleft -= 2;
335 	}
336 	if (nleft == 1)
337 		sum += htons(*(u_char *)w<<8);
338 
339 	/*
340 	 * add back carry outs from top 16 bits to low 16 bits
341 	 */
342 	sum = (sum >> 16) + (sum & 0xffff);	/* add hi 16 to low 16 */
343 	sum += (sum >> 16);			/* add carry */
344 	answer = ~sum;				/* truncate to 16 bits */
345 	return (answer);
346 }
347 
348 /*
349  * print an IP datagram.
350  */
351 void
352 ip_print(const u_char *bp, u_int length)
353 {
354 	const struct ip *ip;
355 	u_int hlen, len, off;
356 	const u_char *cp;
357 	const u_char *pktp = packetp;
358 	const u_char *send = snapend;
359 
360 	ip = (const struct ip *)bp;
361 	if ((u_char *)(ip + 1) > snapend) {
362 		printf("[|ip]");
363 		return;
364 	}
365 
366 	/*
367 	 * If the IP header is not aligned, copy into abuf.
368 	 * This will never happen with BPF.  It does happen with raw packet
369 	 * dumps from -r.
370 	 */
371 	if ((intptr_t)ip & (sizeof(u_int32_t)-1)) {
372 		static u_char *abuf = NULL;
373 		static int didwarn = 0;
374 		int clen = snapend - bp;
375 
376 		if (clen > snaplen)
377 			clen = snaplen;
378 		if (abuf == NULL) {
379 			abuf = malloc(snaplen);
380 			if (abuf == NULL)
381 				error("ip_print: malloc");
382 		}
383 		memmove((char *)abuf, (char *)ip, min(length, clen));
384 		snapend = abuf + clen;
385 		packetp = abuf;
386 		ip = (struct ip *)abuf;
387 		/* We really want libpcap to give us aligned packets */
388 		if (!didwarn) {
389 			warning("compensating for unaligned libpcap packets");
390 			++didwarn;
391 		}
392 	}
393 
394 	TCHECK(*ip);
395 	if (ip->ip_v != IPVERSION) {
396 		(void)printf("bad-ip-version %u", ip->ip_v);
397 		goto out;
398 	}
399 
400 	len = ntohs(ip->ip_len);
401 	if (length < len) {
402 		(void)printf("truncated-ip - %d bytes missing!",
403 			len - length);
404 		len = length;
405 	}
406 
407 	hlen = ip->ip_hl * 4;
408 	if (hlen < sizeof(struct ip) || hlen > len) {
409 		(void)printf("bad-hlen %d", hlen);
410 		goto out;
411 	}
412 
413 	len -= hlen;
414 
415 	/*
416 	 * If this is fragment zero, hand it to the next higher
417 	 * level protocol.
418 	 */
419 	off = ntohs(ip->ip_off);
420 	if ((off & 0x1fff) == 0) {
421 		cp = (const u_char *)ip + hlen;
422 		switch (ip->ip_p) {
423 
424 		case IPPROTO_TCP:
425 			tcp_print(cp, len, (const u_char *)ip);
426 			break;
427 
428 		case IPPROTO_UDP:
429 			udp_print(cp, len, (const u_char *)ip);
430 			break;
431 
432 		case IPPROTO_ICMP:
433 			icmp_print(cp, len, (const u_char *)ip);
434 			break;
435 
436 #ifndef IPPROTO_IGRP
437 #define IPPROTO_IGRP 9
438 #endif
439 		case IPPROTO_IGRP:
440 			igrp_print(cp, len, (const u_char *)ip);
441 			break;
442 
443 		case IPPROTO_ND:
444 			(void)printf("%s > %s:", ipaddr_string(&ip->ip_src),
445 				ipaddr_string(&ip->ip_dst));
446 			(void)printf(" nd %d", len);
447 			break;
448 
449 #ifndef IPPROTO_OSPF
450 #define IPPROTO_OSPF 89
451 #endif
452 		case IPPROTO_OSPF:
453 			ospf_print(cp, len, (const u_char *)ip);
454 			break;
455 
456 #ifndef IPPROTO_IGMP
457 #define IPPROTO_IGMP 2
458 #endif
459 		case IPPROTO_IGMP:
460 			igmp_print(cp, len, (const u_char *)ip);
461 			break;
462 
463 #ifndef IPPROTO_IPIP
464 #define IPPROTO_IPIP 4
465 #endif
466 		case IPPROTO_IPIP:
467 			/* ip-in-ip encapsulation */
468 			if (vflag)
469 				(void)printf("%s > %s: ",
470 					     ipaddr_string(&ip->ip_src),
471 					     ipaddr_string(&ip->ip_dst));
472 			ip_print(cp, len);
473 			if (! vflag) {
474 				printf(" (encap)");
475 				goto out;
476 			}
477 			break;
478 
479 #ifdef INET6
480 #ifndef IPPROTO_IPV6
481 #define IPPROTO_IPV6
482 #endif
483 		case IPPROTO_IPV6:
484 			/* ip6-in-ip encapsulation */
485 			if (vflag)
486 				(void)printf("%s > %s: ",
487 					     ipaddr_string(&ip->ip_src),
488 					     ipaddr_string(&ip->ip_dst));
489 			ip6_print(cp, len);
490 			if (! vflag) {
491  				printf(" (encap)");
492 				goto out;
493  			}
494  			break;
495 #endif /*INET6*/
496 
497 #ifndef IPPROTO_GRE
498 #define IPPROTO_GRE 47
499 #endif
500 		case IPPROTO_GRE:
501 			if (vflag)
502 				(void)printf("gre %s > %s: ",
503 					     ipaddr_string(&ip->ip_src),
504 					     ipaddr_string(&ip->ip_dst));
505 			/* do it */
506 			gre_print(cp, len);
507 			if (! vflag) {
508 				printf(" (gre encap)");
509 				goto out;
510   			}
511   			break;
512 
513 #ifndef IPPROTO_ESP
514 #define IPPROTO_ESP 50
515 #endif
516 		case IPPROTO_ESP:
517 			esp_print(cp, len, (const u_char *)ip);
518 			break;
519 
520 #ifndef IPPROTO_AH
521 #define IPPROTO_AH 51
522 #endif
523 		case IPPROTO_AH:
524 			ah_print(cp, len, (const u_char *)ip);
525 			break;
526 
527 #ifndef IPPROTO_MOBILE
528 #define IPPROTO_MOBILE 55
529 #endif
530 		case IPPROTO_MOBILE:
531 			if (vflag)
532 				(void)printf("mobile %s > %s: ",
533 					     ipaddr_string(&ip->ip_src),
534 					     ipaddr_string(&ip->ip_dst));
535 			mobile_print(cp, len);
536 			if (! vflag) {
537 				printf(" (mobile encap)");
538 				goto out;
539 			}
540 			break;
541 
542 #ifndef IPPROTO_ETHERIP
543 #define IPPROTO_ETHERIP	97
544 #endif
545 		case IPPROTO_ETHERIP:
546 			etherip_print(cp, snapend - cp, len,
547 			    (const u_char *)ip);
548 			break;
549 
550 #ifndef	IPPROTO_IPCOMP
551 #define	IPPROTO_IPCOMP	108
552 #endif
553 		case IPPROTO_IPCOMP:
554 			ipcomp_print(cp, len, (const u_char *)ip);
555 			break;
556 
557 #ifndef IPPROTO_CARP
558 #define IPPROTO_CARP 112
559 #endif
560 		case IPPROTO_CARP:
561 			if (packettype == PT_VRRP) {
562 				if (vflag)
563 					(void)printf("vrrp %s > %s: ",
564 					     ipaddr_string(&ip->ip_src),
565 					     ipaddr_string(&ip->ip_dst));
566 				vrrp_print(cp, len, ip->ip_ttl);
567 			} else {
568 				if (vflag)
569 					(void)printf("carp %s > %s: ",
570 					     ipaddr_string(&ip->ip_src),
571 					     ipaddr_string(&ip->ip_dst));
572 				carp_print(cp, len, ip->ip_ttl);
573 			}
574 			break;
575 
576 #ifndef IPPROTO_PFSYNC
577 #define IPPROTO_PFSYNC 240
578 #endif
579 		case IPPROTO_PFSYNC:
580 			pfsync_ip_print(cp,
581 			    (int)(snapend - (u_char *)ip) - hlen,
582 			    (const u_char *)ip);
583 			break;
584 
585 		default:
586 			(void)printf("%s > %s:", ipaddr_string(&ip->ip_src),
587 				ipaddr_string(&ip->ip_dst));
588 			(void)printf(" ip-proto-%d %d", ip->ip_p, len);
589 			break;
590 		}
591 	}
592 	/*
593 	 * for fragmented datagrams, print id:size@offset.  On all
594 	 * but the last stick a "+".  For unfragmented datagrams, note
595 	 * the don't fragment flag.
596 	 */
597 	if (off & 0x3fff) {
598 		/*
599 		 * if this isn't the first frag, we're missing the
600 		 * next level protocol header.  print the ip addr.
601 		 */
602 		if (off & 0x1fff)
603 			(void)printf("%s > %s:", ipaddr_string(&ip->ip_src),
604 				      ipaddr_string(&ip->ip_dst));
605 		(void)printf(" (frag %d:%d@%d%s)", ntohs(ip->ip_id), len,
606 			(off & 0x1fff) * 8,
607 			(off & IP_MF)? "+" : "");
608 	}
609 	if (off & IP_DF)
610 		(void)printf(" (DF)");
611 
612 	if (ip->ip_tos) {
613 		(void)printf(" [tos 0x%x", (int)ip->ip_tos);
614 		if (ip->ip_tos & (IPTOS_CE|IPTOS_ECT)) {
615 			(void)printf(" (");
616 			if (ip->ip_tos & IPTOS_ECT) {
617 				/* ECN-capable transport */
618 				putchar('E');
619 			}
620 			if (ip->ip_tos & IPTOS_CE) {
621 				/* _C_ongestion experienced (ECN) */
622 				putchar('C');
623 			}
624 			(void)printf(")");
625   		}
626 		(void)printf("]");
627 	}
628 
629 	if (ip->ip_ttl <= 1)
630 		(void)printf(" [ttl %d]", (int)ip->ip_ttl);
631 
632 	if (vflag) {
633 		char *sep = "";
634 
635 		printf(" (");
636 		if (ip->ip_ttl > 1) {
637 			(void)printf("%sttl %d", sep, (int)ip->ip_ttl);
638 			sep = ", ";
639 		}
640 		if ((off & 0x3fff) == 0) {
641 			(void)printf("%sid %d", sep, (int)ntohs(ip->ip_id));
642 			sep = ", ";
643 		}
644 		(void)printf("%slen %u", sep, ntohs(ip->ip_len));
645 		sep = ", ";
646 		if ((u_char *)ip + hlen <= snapend) {
647 			u_int16_t sum, ip_sum;
648 			sum = in_cksum((const u_short *)ip, hlen, 0);
649 			if (sum != 0) {
650 				ip_sum = EXTRACT_16BITS(&ip->ip_sum);
651 				(void)printf("%sbad ip cksum %x! -> %x", sep, ip_sum,
652 					     in_cksum_shouldbe(ip_sum, sum));
653 				sep = ", ";
654 			}
655 		}
656 		if (hlen > sizeof(struct ip)) {
657 			hlen -= sizeof(struct ip);
658 			(void)printf("%soptlen=%d", sep, hlen);
659 			ip_optprint((u_char *)(ip + 1), hlen);
660 		}
661 		printf(")");
662 	}
663 out:
664 	packetp = pktp;
665 	snapend = send;
666 	return;
667 
668 trunc:
669 	printf("[|ip]");
670 }
671