xref: /openbsd-src/usr.sbin/tcpdump/print-ip.c (revision b725ae7711052a2233e31a66fefb8a752c388d7a) 
1 /*	$OpenBSD: print-ip.c,v 1.26 2004/05/08 01:01:35 mcbride Exp $	*/
2 
3 /*
4  * Copyright (c) 1988, 1989, 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997
5  *	The Regents of the University of California.  All rights reserved.
6  *
7  * Redistribution and use in source and binary forms, with or without
8  * modification, are permitted provided that: (1) source code distributions
9  * retain the above copyright notice and this paragraph in its entirety, (2)
10  * distributions including binary code include the above copyright notice and
11  * this paragraph in its entirety in the documentation or other materials
12  * provided with the distribution, and (3) all advertising materials mentioning
13  * features or use of this software display the following acknowledgement:
14  * ``This product includes software developed by the University of California,
15  * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of
16  * the University nor the names of its contributors may be used to endorse
17  * or promote products derived from this software without specific prior
18  * written permission.
19  * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED
20  * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
21  * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
22  */
23 
24 #ifndef lint
25 static const char rcsid[] =
26     "@(#) $Header: /home/cvs/src/usr.sbin/tcpdump/print-ip.c,v 1.26 2004/05/08 01:01:35 mcbride Exp $ (LBL)";
27 #endif
28 
29 #include <sys/param.h>
30 #include <sys/time.h>
31 #include <sys/socket.h>
32 
33 #include <netinet/in.h>
34 #include <netinet/in_systm.h>
35 #include <netinet/ip.h>
36 #include <netinet/ip_var.h>
37 #include <netinet/udp.h>
38 #include <netinet/udp_var.h>
39 #include <netinet/tcp.h>
40 #include <netinet/tcpip.h>
41 
42 #include <inttypes.h>
43 #include <stdio.h>
44 #include <stdlib.h>
45 #include <string.h>
46 #include <unistd.h>
47 
48 #include "addrtoname.h"
49 #include "interface.h"
50 #include "extract.h"			/* must come after interface.h */
51 
52 /* Compatibility */
53 #ifndef	IPPROTO_ND
54 #define	IPPROTO_ND	77
55 #endif
56 
57 #ifndef IN_CLASSD
58 #define IN_CLASSD(i) (((int32_t)(i) & 0xf0000000) == 0xe0000000)
59 #endif
60 
61 /* Definitions required for ECN
62    for use if the OS running tcpdump does not have ECN */
63 #ifndef IPTOS_ECT
64 #define IPTOS_ECT	0x02	/* ECN Capable Transport in IP header*/
65 #endif
66 #ifndef IPTOS_CE
67 #define IPTOS_CE	0x01	/* ECN Cong. Experienced in IP header*/
68 #endif
69 
70 /* (following from ipmulti/mrouted/prune.h) */
71 
72 /*
73  * The packet format for a traceroute request.
74  */
75 struct tr_query {
76 	u_int  tr_src;			/* traceroute source */
77 	u_int  tr_dst;			/* traceroute destination */
78 	u_int  tr_raddr;		/* traceroute response address */
79 #if BYTE_ORDER == BIG_ENDIAN
80 	struct {
81 		u_int   ttl : 8;	/* traceroute response ttl */
82 		u_int   qid : 24;	/* traceroute query id */
83 	} q;
84 #else
85 	struct {
86 		u_int	qid : 24;	/* traceroute query id */
87 		u_int	ttl : 8;	/* traceroute response ttl */
88 	} q;
89 #endif
90 };
91 
92 #define tr_rttl q.ttl
93 #define tr_qid  q.qid
94 
95 /*
96  * Traceroute response format.  A traceroute response has a tr_query at the
97  * beginning, followed by one tr_resp for each hop taken.
98  */
99 struct tr_resp {
100 	u_int tr_qarr;			/* query arrival time */
101 	u_int tr_inaddr;		/* incoming interface address */
102 	u_int tr_outaddr;		/* outgoing interface address */
103 	u_int tr_rmtaddr;		/* parent address in source tree */
104 	u_int tr_vifin;			/* input packet count on interface */
105 	u_int tr_vifout;		/* output packet count on interface */
106 	u_int tr_pktcnt;		/* total incoming packets for src-grp */
107 	u_char  tr_rproto;		/* routing proto deployed on router */
108 	u_char  tr_fttl;		/* ttl required to forward on outvif */
109 	u_char  tr_smask;		/* subnet mask for src addr */
110 	u_char  tr_rflags;		/* forwarding error codes */
111 };
112 
113 /* defs within mtrace */
114 #define TR_QUERY 1
115 #define TR_RESP	2
116 
117 /* fields for tr_rflags (forwarding error codes) */
118 #define TR_NO_ERR	0
119 #define TR_WRONG_IF	1
120 #define TR_PRUNED	2
121 #define TR_OPRUNED	3
122 #define TR_SCOPED	4
123 #define TR_NO_RTE	5
124 #define TR_NO_FWD	7
125 #define TR_NO_SPACE	0x81
126 #define TR_OLD_ROUTER	0x82
127 
128 /* fields for tr_rproto (routing protocol) */
129 #define TR_PROTO_DVMRP	1
130 #define TR_PROTO_MOSPF	2
131 #define TR_PROTO_PIM	3
132 #define TR_PROTO_CBT	4
133 
134 static void print_mtrace(register const u_char *bp, register u_int len)
135 {
136 	register struct tr_query *tr = (struct tr_query *)(bp + 8);
137 
138 	printf("mtrace %d: %s to %s reply-to %s", tr->tr_qid,
139 		ipaddr_string(&tr->tr_src), ipaddr_string(&tr->tr_dst),
140 		ipaddr_string(&tr->tr_raddr));
141 	if (IN_CLASSD(ntohl(tr->tr_raddr)))
142 		printf(" with-ttl %d", tr->tr_rttl);
143 }
144 
145 static void print_mresp(register const u_char *bp, register u_int len)
146 {
147 	register struct tr_query *tr = (struct tr_query *)(bp + 8);
148 
149 	printf("mresp %d: %s to %s reply-to %s", tr->tr_qid,
150 		ipaddr_string(&tr->tr_src), ipaddr_string(&tr->tr_dst),
151 		ipaddr_string(&tr->tr_raddr));
152 	if (IN_CLASSD(ntohl(tr->tr_raddr)))
153 		printf(" with-ttl %d", tr->tr_rttl);
154 }
155 
156 static void
157 igmp_print(register const u_char *bp, register u_int len,
158 	   register const u_char *bp2)
159 {
160 	register const struct ip *ip;
161 
162 	ip = (const struct ip *)bp2;
163         (void)printf("%s > %s: ",
164 		ipaddr_string(&ip->ip_src),
165 		ipaddr_string(&ip->ip_dst));
166 
167 	TCHECK2(bp[0], 8);
168 	switch (bp[0]) {
169 	case 0x11:
170 		(void)printf("igmp query");
171 		if (*(int *)&bp[4])
172 			(void)printf(" [gaddr %s]", ipaddr_string(&bp[4]));
173 		if (len != 8)
174 			(void)printf(" [len %d]", len);
175 		break;
176 	case 0x12:
177 		(void)printf("igmp report %s", ipaddr_string(&bp[4]));
178 		if (len != 8)
179 			(void)printf(" [len %d]", len);
180 		break;
181 	case 0x16:
182 		(void)printf("igmp nreport %s", ipaddr_string(&bp[4]));
183 		break;
184 	case 0x17:
185 		(void)printf("igmp leave %s", ipaddr_string(&bp[4]));
186 		break;
187 	case 0x13:
188 		(void)printf("igmp dvmrp");
189 		if (len < 8)
190 			(void)printf(" [len %d]", len);
191 		else
192 			dvmrp_print(bp, len);
193 		break;
194 	case 0x14:
195 		(void)printf("igmp pim");
196 		pim_print(bp, len);
197   		break;
198 	case 0x1e:
199 		print_mresp(bp, len);
200 		break;
201 	case 0x1f:
202 		print_mtrace(bp, len);
203 		break;
204 	default:
205 		(void)printf("igmp-%d", bp[0] & 0xf);
206 		break;
207 	}
208 	if ((bp[0] >> 4) != 1)
209 		(void)printf(" [v%d]", bp[0] >> 4);
210 
211 	TCHECK2(bp[0], len);
212 	if (vflag) {
213 		/* Check the IGMP checksum */
214 		u_int32_t sum = 0;
215 		int count;
216 		const u_short *sp = (u_short *)bp;
217 
218 		for (count = len / 2; --count >= 0; )
219 			sum += *sp++;
220 		if (len & 1)
221 			sum += ntohs(*(u_char *) sp << 8);
222 		while (sum >> 16)
223 			sum = (sum & 0xffff) + (sum >> 16);
224 		sum = 0xffff & ~sum;
225 		if (sum != 0)
226 			printf(" bad igmp cksum %x!", EXTRACT_16BITS(&bp[2]));
227 	}
228 	return;
229 trunc:
230 	fputs("[|igmp]", stdout);
231 }
232 
233 /*
234  * print the recorded route in an IP RR, LSRR or SSRR option.
235  */
236 static void
237 ip_printroute(const char *type, register const u_char *cp, u_int length)
238 {
239 	register u_int ptr = cp[2] - 1;
240 	register u_int len;
241 
242 	printf(" %s{", type);
243 	if ((length + 1) & 3)
244 		printf(" [bad length %d]", length);
245 	if (ptr < 3 || ((ptr + 1) & 3) || ptr > length + 1)
246 		printf(" [bad ptr %d]", cp[2]);
247 
248 	type = "";
249 	for (len = 3; len < length; len += 4) {
250 		if (ptr == len)
251 			type = "#";
252 		printf("%s%s", type, ipaddr_string(&cp[len]));
253 		type = " ";
254 	}
255 	printf("%s}", ptr == len? "#" : "");
256 }
257 
258 /*
259  * print IP options.
260  */
261 static void
262 ip_optprint(register const u_char *cp, u_int length)
263 {
264 	register u_int len;
265 
266 	for (; length > 0; cp += len, length -= len) {
267 		int tt = *cp;
268 
269 		len = (tt == IPOPT_NOP || tt == IPOPT_EOL) ? 1 : cp[1];
270 		if (len <= 0) {
271 			printf("[|ip op len %d]", len);
272 			return;
273 		}
274 		if (&cp[1] >= snapend || cp + len > snapend) {
275 			printf("[|ip]");
276 			return;
277 		}
278 		switch (tt) {
279 
280 		case IPOPT_EOL:
281 			printf(" EOL");
282 			if (length > 1)
283 				printf("-%d", length - 1);
284 			return;
285 
286 		case IPOPT_NOP:
287 			printf(" NOP");
288 			break;
289 
290 		case IPOPT_TS:
291 			printf(" TS{%d}", len);
292 			break;
293 
294 		case IPOPT_SECURITY:
295 			printf(" SECURITY{%d}", len);
296 			break;
297 
298 		case IPOPT_RR:
299 			printf(" RR{%d}=", len);
300 			ip_printroute("RR", cp, len);
301 			break;
302 
303 		case IPOPT_SSRR:
304 			ip_printroute("SSRR", cp, len);
305 			break;
306 
307 		case IPOPT_LSRR:
308 			ip_printroute("LSRR", cp, len);
309 			break;
310 
311 		default:
312 			printf(" IPOPT-%d{%d}", cp[0], len);
313 			break;
314 		}
315 	}
316 }
317 
318 /*
319  * compute an IP header checksum.
320  * don't modifiy the packet.
321  */
322 u_short
323 in_cksum(const u_short *addr, register int len, u_short csum)
324 {
325 	int nleft = len;
326 	const u_short *w = addr;
327 	u_short answer;
328 	int sum = csum;
329 
330  	/*
331 	 *  Our algorithm is simple, using a 32 bit accumulator (sum),
332 	 *  we add sequential 16 bit words to it, and at the end, fold
333 	 *  back all the carry bits from the top 16 bits into the lower
334 	 *  16 bits.
335  	 */
336 	while (nleft > 1)  {
337 		sum += *w++;
338 		nleft -= 2;
339 	}
340 	if (nleft == 1)
341 		sum += htons(*(u_char *)w<<8);
342 
343 	/*
344 	 * add back carry outs from top 16 bits to low 16 bits
345 	 */
346 	sum = (sum >> 16) + (sum & 0xffff);	/* add hi 16 to low 16 */
347 	sum += (sum >> 16);			/* add carry */
348 	answer = ~sum;				/* truncate to 16 bits */
349 	return (answer);
350 }
351 
352 /*
353  * print an IP datagram.
354  */
355 void
356 ip_print(register const u_char *bp, register u_int length)
357 {
358 	register const struct ip *ip;
359 	register u_int hlen, len, off;
360 	register const u_char *cp;
361 
362 	ip = (const struct ip *)bp;
363 	/*
364 	 * If the IP header is not aligned, copy into abuf.
365 	 * This will never happen with BPF.  It does happen with raw packet
366 	 * dumps from -r.
367 	 */
368 	if ((intptr_t)ip & (sizeof(long)-1)) {
369 		static u_char *abuf = NULL;
370 		static int didwarn = 0;
371 
372 		if (abuf == NULL) {
373 			abuf = (u_char *)malloc(snaplen);
374 			if (abuf == NULL)
375 				error("ip_print: malloc");
376 		}
377 		memcpy((char *)abuf, (char *)ip, min(length, snaplen));
378 		snapend += abuf - (u_char *)ip;
379 		packetp = abuf;
380 		ip = (struct ip *)abuf;
381 		/* We really want libpcap to give us aligned packets */
382 		if (!didwarn) {
383 			warning("compensating for unaligned libpcap packets");
384 			++didwarn;
385 		}
386 	}
387 
388 	if ((u_char *)(ip + 1) > snapend) {
389 		printf("[|ip]");
390 		return;
391 	}
392 	if (length < sizeof (struct ip)) {
393 		(void)printf("truncated-ip %d", length);
394 		return;
395 	}
396 	hlen = ip->ip_hl * 4;
397 	if (hlen < sizeof(struct ip)) {
398 		(void)printf("bad-hlen %d", hlen);
399 		return;
400 	}
401 
402 	len = ntohs(ip->ip_len);
403 	if (length < len)
404 		(void)printf("truncated-ip - %d bytes missing!",
405 			len - length);
406 	len -= hlen;
407 
408 	/*
409 	 * If this is fragment zero, hand it to the next higher
410 	 * level protocol.
411 	 */
412 	off = ntohs(ip->ip_off);
413 	if ((off & 0x1fff) == 0) {
414 		cp = (const u_char *)ip + hlen;
415 		switch (ip->ip_p) {
416 
417 		case IPPROTO_TCP:
418 			tcp_print(cp, len, (const u_char *)ip);
419 			break;
420 
421 		case IPPROTO_UDP:
422 			udp_print(cp, len, (const u_char *)ip);
423 			break;
424 
425 		case IPPROTO_ICMP:
426 			icmp_print(cp, (const u_char *)ip);
427 			break;
428 
429 #ifndef IPPROTO_IGRP
430 #define IPPROTO_IGRP 9
431 #endif
432 		case IPPROTO_IGRP:
433 			igrp_print(cp, len, (const u_char *)ip);
434 			break;
435 
436 		case IPPROTO_ND:
437 			(void)printf("%s > %s:", ipaddr_string(&ip->ip_src),
438 				ipaddr_string(&ip->ip_dst));
439 			(void)printf(" nd %d", len);
440 			break;
441 
442 #ifndef IPPROTO_OSPF
443 #define IPPROTO_OSPF 89
444 #endif
445 		case IPPROTO_OSPF:
446 			ospf_print(cp, len, (const u_char *)ip);
447 			break;
448 
449 #ifndef IPPROTO_IGMP
450 #define IPPROTO_IGMP 2
451 #endif
452 		case IPPROTO_IGMP:
453 			igmp_print(cp, len, (const u_char *)ip);
454 			break;
455 
456 #ifndef IPPROTO_IPIP
457 #define IPPROTO_IPIP 4
458 #endif
459 		case IPPROTO_IPIP:
460 			/* ip-in-ip encapsulation */
461 			if (vflag)
462 				(void)printf("%s > %s: ",
463 					     ipaddr_string(&ip->ip_src),
464 					     ipaddr_string(&ip->ip_dst));
465 			ip_print(cp, len);
466 			if (! vflag) {
467 				printf(" (encap)");
468 				return;
469 			}
470 			break;
471 
472 #ifdef INET6
473 #ifndef IPPROTO_IPV6
474 #define IPPROTO_IPV6
475 #endif
476 		case IPPROTO_IPV6:
477 			/* ip6-in-ip encapsulation */
478 			if (vflag)
479 				(void)printf("%s > %s: ",
480 					     ipaddr_string(&ip->ip_src),
481 					     ipaddr_string(&ip->ip_dst));
482 			ip6_print(cp, len);
483 			if (! vflag) {
484  				printf(" (encap)");
485  				return;
486  			}
487  			break;
488 #endif /*INET6*/
489 
490 #ifndef IPPROTO_GRE
491 #define IPPROTO_GRE 47
492 #endif
493 		case IPPROTO_GRE:
494 			if (vflag)
495 				(void)printf("gre %s > %s: ",
496 					     ipaddr_string(&ip->ip_src),
497 					     ipaddr_string(&ip->ip_dst));
498 			/* do it */
499 			gre_print(cp, len);
500 			if (! vflag) {
501 				printf(" (gre encap)");
502 				return;
503   			}
504   			break;
505 
506 #ifndef IPPROTO_ESP
507 #define IPPROTO_ESP 50
508 #endif
509 		case IPPROTO_ESP:
510 			esp_print(cp, len, (const u_char *)ip);
511 			break;
512 
513 #ifndef IPPROTO_AH
514 #define IPPROTO_AH 51
515 #endif
516 		case IPPROTO_AH:
517 			ah_print(cp, len, (const u_char *)ip);
518 			break;
519 
520 #ifndef IPPROTO_MOBILE
521 #define IPPROTO_MOBILE 55
522 #endif
523 		case IPPROTO_MOBILE:
524 			if (vflag)
525 				(void)printf("mobile %s > %s: ",
526 					     ipaddr_string(&ip->ip_src),
527 					     ipaddr_string(&ip->ip_dst));
528 			mobile_print(cp, len);
529 			if (! vflag) {
530 				printf(" (mobile encap)");
531 				return;
532 			}
533 			break;
534 
535 #ifndef IPPROTO_ETHERIP
536 #define IPPROTO_ETHERIP	97
537 #endif
538 		case IPPROTO_ETHERIP:
539 			etherip_print(cp, len, (const u_char *)ip);
540 			break;
541 
542 #ifndef	IPPROTO_IPCOMP
543 #define	IPPROTO_IPCOMP	108
544 #endif
545 		case IPPROTO_IPCOMP:
546 			ipcomp_print(cp, len, (const u_char *)ip);
547 			break;
548 
549 #ifndef IPPROTO_CARP
550 #define IPPROTO_CARP 112
551 #endif
552 		case IPPROTO_CARP:
553 			if (packettype == PT_VRRP) {
554 				if (vflag)
555 					(void)printf("vrrp %s > %s: ",
556 					     ipaddr_string(&ip->ip_src),
557 					     ipaddr_string(&ip->ip_dst));
558 				vrrp_print(cp, len, ip->ip_ttl);
559 			} else {
560 				if (vflag)
561 					(void)printf("carp %s > %s: ",
562 					     ipaddr_string(&ip->ip_src),
563 					     ipaddr_string(&ip->ip_dst));
564 				carp_print(cp, len, ip->ip_ttl);
565 			}
566 			break;
567 
568 #ifndef IPPROTO_PFSYNC
569 #define IPPROTO_PFSYNC 240
570 #endif
571 		case IPPROTO_PFSYNC:
572 			pfsync_ip_print(cp,
573 			    (int)(snapend - (u_char *)ip) - hlen,
574 			    (const u_char *)ip);
575 			break;
576 
577 		default:
578 			(void)printf("%s > %s:", ipaddr_string(&ip->ip_src),
579 				ipaddr_string(&ip->ip_dst));
580 			(void)printf(" ip-proto-%d %d", ip->ip_p, len);
581 			break;
582 		}
583 	}
584 	/*
585 	 * for fragmented datagrams, print id:size@offset.  On all
586 	 * but the last stick a "+".  For unfragmented datagrams, note
587 	 * the don't fragment flag.
588 	 */
589 	if (off & 0x3fff) {
590 		/*
591 		 * if this isn't the first frag, we're missing the
592 		 * next level protocol header.  print the ip addr.
593 		 */
594 		if (off & 0x1fff)
595 			(void)printf("%s > %s:", ipaddr_string(&ip->ip_src),
596 				      ipaddr_string(&ip->ip_dst));
597 		(void)printf(" (frag %d:%d@%d%s)", ntohs(ip->ip_id), len,
598 			(off & 0x1fff) * 8,
599 			(off & IP_MF)? "+" : "");
600 	}
601 	if (off & IP_DF)
602 		(void)printf(" (DF)");
603 
604 	if (ip->ip_tos) {
605 		(void)printf(" [tos 0x%x", (int)ip->ip_tos);
606 		if (ip->ip_tos & (IPTOS_CE|IPTOS_ECT)) {
607 			(void)printf(" (");
608 			if (ip->ip_tos & IPTOS_ECT) {
609 				/* ECN-capable transport */
610 				putchar('E');
611 			}
612 			if (ip->ip_tos & IPTOS_CE) {
613 				/* _C_ongestion experienced (ECN) */
614 				putchar('C');
615 			}
616 			(void)printf(")");
617   		}
618 		(void)printf("]");
619 	}
620 
621 	if (ip->ip_ttl <= 1)
622 		(void)printf(" [ttl %d]", (int)ip->ip_ttl);
623 
624 	if (vflag) {
625 		int sum;
626 		char *sep = "";
627 
628 		printf(" (");
629 		if (ip->ip_ttl > 1) {
630 			(void)printf("%sttl %d", sep, (int)ip->ip_ttl);
631 			sep = ", ";
632 		}
633 		if ((off & 0x3fff) == 0) {
634 			(void)printf("%sid %d", sep, (int)ntohs(ip->ip_id));
635 			sep = ", ";
636 		}
637 		if ((u_char *)ip + hlen <= snapend) {
638 			sum = in_cksum((const u_short *)ip, hlen, 0);
639 			if (sum != 0) {
640 				(void)printf("%sbad cksum %x!", sep,
641 					     ntohs(ip->ip_sum));
642 				sep = ", ";
643 			}
644 		}
645 		if ((hlen -= sizeof(struct ip)) > 0) {
646 			(void)printf("%soptlen=%d", sep, hlen);
647 			ip_optprint((u_char *)(ip + 1), hlen);
648 		}
649 		printf(")");
650 	}
651 }
652