xref: /openbsd-src/usr.sbin/tcpdump/print-ip.c (revision e5157e49389faebcb42b7237d55fbf096d9c2523) 
1 /*	$OpenBSD: print-ip.c,v 1.39 2014/08/14 12:44:44 mpi Exp $	*/
2 
3 /*
4  * Copyright (c) 1988, 1989, 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997
5  *	The Regents of the University of California.  All rights reserved.
6  *
7  * Redistribution and use in source and binary forms, with or without
8  * modification, are permitted provided that: (1) source code distributions
9  * retain the above copyright notice and this paragraph in its entirety, (2)
10  * distributions including binary code include the above copyright notice and
11  * this paragraph in its entirety in the documentation or other materials
12  * provided with the distribution, and (3) all advertising materials mentioning
13  * features or use of this software display the following acknowledgement:
14  * ``This product includes software developed by the University of California,
15  * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of
16  * the University nor the names of its contributors may be used to endorse
17  * or promote products derived from this software without specific prior
18  * written permission.
19  * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED
20  * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
21  * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
22  */
23 
24 #include <sys/param.h>
25 #include <sys/time.h>
26 #include <sys/socket.h>
27 
28 #include <netinet/in.h>
29 #include <netinet/ip.h>
30 #include <netinet/ip_var.h>
31 #include <netinet/udp.h>
32 #include <netinet/udp_var.h>
33 #include <netinet/tcp.h>
34 
35 #include <inttypes.h>
36 #include <stdio.h>
37 #include <stdlib.h>
38 #include <string.h>
39 #include <unistd.h>
40 
41 #include "addrtoname.h"
42 #include "interface.h"
43 #include "extract.h"			/* must come after interface.h */
44 
45 /* Compatibility */
46 #ifndef	IPPROTO_ND
47 #define	IPPROTO_ND	77
48 #endif
49 
50 #ifndef IN_CLASSD
51 #define IN_CLASSD(i) (((int32_t)(i) & 0xf0000000) == 0xe0000000)
52 #endif
53 
54 /* Definitions required for ECN
55    for use if the OS running tcpdump does not have ECN */
56 #ifndef IPTOS_ECT
57 #define IPTOS_ECT	0x02	/* ECN Capable Transport in IP header*/
58 #endif
59 #ifndef IPTOS_CE
60 #define IPTOS_CE	0x01	/* ECN Cong. Experienced in IP header*/
61 #endif
62 
63 /* (following from ipmulti/mrouted/prune.h) */
64 
65 /*
66  * The packet format for a traceroute request.
67  */
68 struct tr_query {
69 	u_int  tr_src;			/* traceroute source */
70 	u_int  tr_dst;			/* traceroute destination */
71 	u_int  tr_raddr;		/* traceroute response address */
72 #if BYTE_ORDER == BIG_ENDIAN
73 	struct {
74 		u_int   ttl : 8;	/* traceroute response ttl */
75 		u_int   qid : 24;	/* traceroute query id */
76 	} q;
77 #else
78 	struct {
79 		u_int	qid : 24;	/* traceroute query id */
80 		u_int	ttl : 8;	/* traceroute response ttl */
81 	} q;
82 #endif
83 };
84 
85 #define tr_rttl q.ttl
86 #define tr_qid  q.qid
87 
88 /*
89  * Traceroute response format.  A traceroute response has a tr_query at the
90  * beginning, followed by one tr_resp for each hop taken.
91  */
92 struct tr_resp {
93 	u_int tr_qarr;			/* query arrival time */
94 	u_int tr_inaddr;		/* incoming interface address */
95 	u_int tr_outaddr;		/* outgoing interface address */
96 	u_int tr_rmtaddr;		/* parent address in source tree */
97 	u_int tr_vifin;			/* input packet count on interface */
98 	u_int tr_vifout;		/* output packet count on interface */
99 	u_int tr_pktcnt;		/* total incoming packets for src-grp */
100 	u_char  tr_rproto;		/* routing proto deployed on router */
101 	u_char  tr_fttl;		/* ttl required to forward on outvif */
102 	u_char  tr_smask;		/* subnet mask for src addr */
103 	u_char  tr_rflags;		/* forwarding error codes */
104 };
105 
106 /* defs within mtrace */
107 #define TR_QUERY 1
108 #define TR_RESP	2
109 
110 /* fields for tr_rflags (forwarding error codes) */
111 #define TR_NO_ERR	0
112 #define TR_WRONG_IF	1
113 #define TR_PRUNED	2
114 #define TR_OPRUNED	3
115 #define TR_SCOPED	4
116 #define TR_NO_RTE	5
117 #define TR_NO_FWD	7
118 #define TR_NO_SPACE	0x81
119 #define TR_OLD_ROUTER	0x82
120 
121 /* fields for tr_rproto (routing protocol) */
122 #define TR_PROTO_DVMRP	1
123 #define TR_PROTO_MOSPF	2
124 #define TR_PROTO_PIM	3
125 #define TR_PROTO_CBT	4
126 
127 static void print_mtrace(register const u_char *bp, register u_int len)
128 {
129 	register struct tr_query *tr = (struct tr_query *)(bp + 8);
130 
131 	printf("mtrace %d: %s to %s reply-to %s", tr->tr_qid,
132 		ipaddr_string(&tr->tr_src), ipaddr_string(&tr->tr_dst),
133 		ipaddr_string(&tr->tr_raddr));
134 	if (IN_CLASSD(ntohl(tr->tr_raddr)))
135 		printf(" with-ttl %d", tr->tr_rttl);
136 }
137 
138 static void print_mresp(register const u_char *bp, register u_int len)
139 {
140 	register struct tr_query *tr = (struct tr_query *)(bp + 8);
141 
142 	printf("mresp %d: %s to %s reply-to %s", tr->tr_qid,
143 		ipaddr_string(&tr->tr_src), ipaddr_string(&tr->tr_dst),
144 		ipaddr_string(&tr->tr_raddr));
145 	if (IN_CLASSD(ntohl(tr->tr_raddr)))
146 		printf(" with-ttl %d", tr->tr_rttl);
147 }
148 
149 static void
150 igmp_print(register const u_char *bp, register u_int len,
151 	   register const u_char *bp2)
152 {
153 	register const struct ip *ip;
154 
155 	ip = (const struct ip *)bp2;
156         (void)printf("%s > %s: ",
157 		ipaddr_string(&ip->ip_src),
158 		ipaddr_string(&ip->ip_dst));
159 
160 	TCHECK2(bp[0], 8);
161 	switch (bp[0]) {
162 	case 0x11:
163 		(void)printf("igmp query");
164 		if (*(int *)&bp[4])
165 			(void)printf(" [gaddr %s]", ipaddr_string(&bp[4]));
166 		if (len != 8)
167 			(void)printf(" [len %d]", len);
168 		break;
169 	case 0x12:
170 		(void)printf("igmp report %s", ipaddr_string(&bp[4]));
171 		if (len != 8)
172 			(void)printf(" [len %d]", len);
173 		break;
174 	case 0x16:
175 		(void)printf("igmp nreport %s", ipaddr_string(&bp[4]));
176 		break;
177 	case 0x17:
178 		(void)printf("igmp leave %s", ipaddr_string(&bp[4]));
179 		break;
180 	case 0x13:
181 		(void)printf("igmp dvmrp");
182 		if (len < 8)
183 			(void)printf(" [len %d]", len);
184 		else
185 			dvmrp_print(bp, len);
186 		break;
187 	case 0x14:
188 		(void)printf("igmp pim");
189 		pim_print(bp, len);
190   		break;
191 	case 0x1e:
192 		print_mresp(bp, len);
193 		break;
194 	case 0x1f:
195 		print_mtrace(bp, len);
196 		break;
197 	default:
198 		(void)printf("igmp-%d", bp[0] & 0xf);
199 		break;
200 	}
201 	if ((bp[0] >> 4) != 1)
202 		(void)printf(" [v%d]", bp[0] >> 4);
203 
204 	TCHECK2(bp[0], len);
205 	if (vflag) {
206 		/* Check the IGMP checksum */
207 		u_int32_t sum = 0;
208 		int count;
209 		const u_short *sp = (u_short *)bp;
210 
211 		for (count = len / 2; --count >= 0; )
212 			sum += *sp++;
213 		if (len & 1)
214 			sum += ntohs(*(u_char *) sp << 8);
215 		while (sum >> 16)
216 			sum = (sum & 0xffff) + (sum >> 16);
217 		sum = 0xffff & ~sum;
218 		if (sum != 0)
219 			printf(" bad igmp cksum %x!", EXTRACT_16BITS(&bp[2]));
220 	}
221 	return;
222 trunc:
223 	fputs("[|igmp]", stdout);
224 }
225 
226 /*
227  * print the recorded route in an IP RR, LSRR or SSRR option.
228  */
229 static void
230 ip_printroute(const char *type, register const u_char *cp, u_int length)
231 {
232 	register u_int ptr = cp[2] - 1;
233 	register u_int len;
234 
235 	printf(" %s{", type);
236 	if ((length + 1) & 3)
237 		printf(" [bad length %d]", length);
238 	if (ptr < 3 || ((ptr + 1) & 3) || ptr > length + 1)
239 		printf(" [bad ptr %d]", cp[2]);
240 
241 	type = "";
242 	for (len = 3; len < length; len += 4) {
243 		if (ptr == len)
244 			type = "#";
245 		printf("%s%s", type, ipaddr_string(&cp[len]));
246 		type = " ";
247 	}
248 	printf("%s}", ptr == len? "#" : "");
249 }
250 
251 /*
252  * print IP options.
253  */
254 static void
255 ip_optprint(register const u_char *cp, u_int length)
256 {
257 	register u_int len;
258 	int tt;
259 
260 	for (; length > 0; cp += len, length -= len) {
261 		TCHECK(cp[1]);
262 		tt = *cp;
263 		len = (tt == IPOPT_NOP || tt == IPOPT_EOL) ? 1 : cp[1];
264 		if (len <= 0) {
265 			printf("[|ip op len %d]", len);
266 			return;
267 		}
268 		if (&cp[1] >= snapend || cp + len > snapend) {
269 			printf("[|ip]");
270 			return;
271 		}
272 		switch (tt) {
273 
274 		case IPOPT_EOL:
275 			printf(" EOL");
276 			if (length > 1)
277 				printf("-%d", length - 1);
278 			return;
279 
280 		case IPOPT_NOP:
281 			printf(" NOP");
282 			break;
283 
284 		case IPOPT_TS:
285 			printf(" TS{%d}", len);
286 			break;
287 
288 		case IPOPT_SECURITY:
289 			printf(" SECURITY{%d}", len);
290 			break;
291 
292 		case IPOPT_RR:
293 			printf(" RR{%d}=", len);
294 			ip_printroute("RR", cp, len);
295 			break;
296 
297 		case IPOPT_SSRR:
298 			ip_printroute("SSRR", cp, len);
299 			break;
300 
301 		case IPOPT_LSRR:
302 			ip_printroute("LSRR", cp, len);
303 			break;
304 
305 		default:
306 			printf(" IPOPT-%d{%d}", cp[0], len);
307 			break;
308 		}
309 	}
310 	return;
311 
312 trunc:
313 	printf("[|ip]");
314 }
315 
316 /*
317  * compute an IP header checksum.
318  * don't modifiy the packet.
319  */
320 u_short
321 in_cksum(const u_short *addr, register int len, int csum)
322 {
323 	int nleft = len;
324 	const u_short *w = addr;
325 	u_short answer;
326 	int sum = csum;
327 
328  	/*
329 	 *  Our algorithm is simple, using a 32 bit accumulator (sum),
330 	 *  we add sequential 16 bit words to it, and at the end, fold
331 	 *  back all the carry bits from the top 16 bits into the lower
332 	 *  16 bits.
333  	 */
334 	while (nleft > 1)  {
335 		sum += *w++;
336 		nleft -= 2;
337 	}
338 	if (nleft == 1)
339 		sum += htons(*(u_char *)w<<8);
340 
341 	/*
342 	 * add back carry outs from top 16 bits to low 16 bits
343 	 */
344 	sum = (sum >> 16) + (sum & 0xffff);	/* add hi 16 to low 16 */
345 	sum += (sum >> 16);			/* add carry */
346 	answer = ~sum;				/* truncate to 16 bits */
347 	return (answer);
348 }
349 
350 /*
351  * print an IP datagram.
352  */
353 void
354 ip_print(register const u_char *bp, register u_int length)
355 {
356 	register const struct ip *ip;
357 	register u_int hlen, len, off;
358 	register const u_char *cp;
359 
360 	ip = (const struct ip *)bp;
361 	/*
362 	 * If the IP header is not aligned, copy into abuf.
363 	 * This will never happen with BPF.  It does happen with raw packet
364 	 * dumps from -r.
365 	 */
366 	if ((intptr_t)ip & (sizeof(long)-1)) {
367 		static u_char *abuf = NULL;
368 		static int didwarn = 0;
369 		int clen = snapend - bp;
370 
371 		if (clen > snaplen)
372 			clen = snaplen;
373 		if (abuf == NULL) {
374 			abuf = (u_char *)malloc(snaplen);
375 			if (abuf == NULL)
376 				error("ip_print: malloc");
377 		}
378 		memmove((char *)abuf, (char *)ip, min(length, clen));
379 		snapend = abuf + clen;
380 		packetp = abuf;
381 		ip = (struct ip *)abuf;
382 		/* We really want libpcap to give us aligned packets */
383 		if (!didwarn) {
384 			warning("compensating for unaligned libpcap packets");
385 			++didwarn;
386 		}
387 	}
388 
389 	TCHECK(*ip);
390 	if (ip->ip_v != IPVERSION) {
391 		(void)printf("bad-ip-version %u", ip->ip_v);
392 		return;
393 	}
394 
395 	len = ntohs(ip->ip_len);
396 	if (length < len) {
397 		(void)printf("truncated-ip - %d bytes missing!",
398 			len - length);
399 		len = length;
400 	}
401 
402 	hlen = ip->ip_hl * 4;
403 	if (hlen < sizeof(struct ip) || hlen > len) {
404 		(void)printf("bad-hlen %d", hlen);
405 		return;
406 	}
407 
408 	len -= hlen;
409 
410 	/*
411 	 * If this is fragment zero, hand it to the next higher
412 	 * level protocol.
413 	 */
414 	off = ntohs(ip->ip_off);
415 	if ((off & 0x1fff) == 0) {
416 		cp = (const u_char *)ip + hlen;
417 		switch (ip->ip_p) {
418 
419 		case IPPROTO_TCP:
420 			tcp_print(cp, len, (const u_char *)ip);
421 			break;
422 
423 		case IPPROTO_UDP:
424 			udp_print(cp, len, (const u_char *)ip);
425 			break;
426 
427 		case IPPROTO_ICMP:
428 			icmp_print(cp, len, (const u_char *)ip);
429 			break;
430 
431 #ifndef IPPROTO_IGRP
432 #define IPPROTO_IGRP 9
433 #endif
434 		case IPPROTO_IGRP:
435 			igrp_print(cp, len, (const u_char *)ip);
436 			break;
437 
438 		case IPPROTO_ND:
439 			(void)printf("%s > %s:", ipaddr_string(&ip->ip_src),
440 				ipaddr_string(&ip->ip_dst));
441 			(void)printf(" nd %d", len);
442 			break;
443 
444 #ifndef IPPROTO_OSPF
445 #define IPPROTO_OSPF 89
446 #endif
447 		case IPPROTO_OSPF:
448 			ospf_print(cp, len, (const u_char *)ip);
449 			break;
450 
451 #ifndef IPPROTO_IGMP
452 #define IPPROTO_IGMP 2
453 #endif
454 		case IPPROTO_IGMP:
455 			igmp_print(cp, len, (const u_char *)ip);
456 			break;
457 
458 #ifndef IPPROTO_IPIP
459 #define IPPROTO_IPIP 4
460 #endif
461 		case IPPROTO_IPIP:
462 			/* ip-in-ip encapsulation */
463 			if (vflag)
464 				(void)printf("%s > %s: ",
465 					     ipaddr_string(&ip->ip_src),
466 					     ipaddr_string(&ip->ip_dst));
467 			ip_print(cp, len);
468 			if (! vflag) {
469 				printf(" (encap)");
470 				return;
471 			}
472 			break;
473 
474 #ifdef INET6
475 #ifndef IPPROTO_IPV6
476 #define IPPROTO_IPV6
477 #endif
478 		case IPPROTO_IPV6:
479 			/* ip6-in-ip encapsulation */
480 			if (vflag)
481 				(void)printf("%s > %s: ",
482 					     ipaddr_string(&ip->ip_src),
483 					     ipaddr_string(&ip->ip_dst));
484 			ip6_print(cp, len);
485 			if (! vflag) {
486  				printf(" (encap)");
487  				return;
488  			}
489  			break;
490 #endif /*INET6*/
491 
492 #ifndef IPPROTO_GRE
493 #define IPPROTO_GRE 47
494 #endif
495 		case IPPROTO_GRE:
496 			if (vflag)
497 				(void)printf("gre %s > %s: ",
498 					     ipaddr_string(&ip->ip_src),
499 					     ipaddr_string(&ip->ip_dst));
500 			/* do it */
501 			gre_print(cp, len);
502 			if (! vflag) {
503 				printf(" (gre encap)");
504 				return;
505   			}
506   			break;
507 
508 #ifndef IPPROTO_ESP
509 #define IPPROTO_ESP 50
510 #endif
511 		case IPPROTO_ESP:
512 			esp_print(cp, len, (const u_char *)ip);
513 			break;
514 
515 #ifndef IPPROTO_AH
516 #define IPPROTO_AH 51
517 #endif
518 		case IPPROTO_AH:
519 			ah_print(cp, len, (const u_char *)ip);
520 			break;
521 
522 #ifndef IPPROTO_MOBILE
523 #define IPPROTO_MOBILE 55
524 #endif
525 		case IPPROTO_MOBILE:
526 			if (vflag)
527 				(void)printf("mobile %s > %s: ",
528 					     ipaddr_string(&ip->ip_src),
529 					     ipaddr_string(&ip->ip_dst));
530 			mobile_print(cp, len);
531 			if (! vflag) {
532 				printf(" (mobile encap)");
533 				return;
534 			}
535 			break;
536 
537 #ifndef IPPROTO_ETHERIP
538 #define IPPROTO_ETHERIP	97
539 #endif
540 		case IPPROTO_ETHERIP:
541 			etherip_print(cp, snapend - cp, len,
542 			    (const u_char *)ip);
543 			break;
544 
545 #ifndef	IPPROTO_IPCOMP
546 #define	IPPROTO_IPCOMP	108
547 #endif
548 		case IPPROTO_IPCOMP:
549 			ipcomp_print(cp, len, (const u_char *)ip);
550 			break;
551 
552 #ifndef IPPROTO_CARP
553 #define IPPROTO_CARP 112
554 #endif
555 		case IPPROTO_CARP:
556 			if (packettype == PT_VRRP) {
557 				if (vflag)
558 					(void)printf("vrrp %s > %s: ",
559 					     ipaddr_string(&ip->ip_src),
560 					     ipaddr_string(&ip->ip_dst));
561 				vrrp_print(cp, len, ip->ip_ttl);
562 			} else {
563 				if (vflag)
564 					(void)printf("carp %s > %s: ",
565 					     ipaddr_string(&ip->ip_src),
566 					     ipaddr_string(&ip->ip_dst));
567 				carp_print(cp, len, ip->ip_ttl);
568 			}
569 			break;
570 
571 #ifndef IPPROTO_PFSYNC
572 #define IPPROTO_PFSYNC 240
573 #endif
574 		case IPPROTO_PFSYNC:
575 			pfsync_ip_print(cp,
576 			    (int)(snapend - (u_char *)ip) - hlen,
577 			    (const u_char *)ip);
578 			break;
579 
580 		default:
581 			(void)printf("%s > %s:", ipaddr_string(&ip->ip_src),
582 				ipaddr_string(&ip->ip_dst));
583 			(void)printf(" ip-proto-%d %d", ip->ip_p, len);
584 			break;
585 		}
586 	}
587 	/*
588 	 * for fragmented datagrams, print id:size@offset.  On all
589 	 * but the last stick a "+".  For unfragmented datagrams, note
590 	 * the don't fragment flag.
591 	 */
592 	if (off & 0x3fff) {
593 		/*
594 		 * if this isn't the first frag, we're missing the
595 		 * next level protocol header.  print the ip addr.
596 		 */
597 		if (off & 0x1fff)
598 			(void)printf("%s > %s:", ipaddr_string(&ip->ip_src),
599 				      ipaddr_string(&ip->ip_dst));
600 		(void)printf(" (frag %d:%d@%d%s)", ntohs(ip->ip_id), len,
601 			(off & 0x1fff) * 8,
602 			(off & IP_MF)? "+" : "");
603 	}
604 	if (off & IP_DF)
605 		(void)printf(" (DF)");
606 
607 	if (ip->ip_tos) {
608 		(void)printf(" [tos 0x%x", (int)ip->ip_tos);
609 		if (ip->ip_tos & (IPTOS_CE|IPTOS_ECT)) {
610 			(void)printf(" (");
611 			if (ip->ip_tos & IPTOS_ECT) {
612 				/* ECN-capable transport */
613 				putchar('E');
614 			}
615 			if (ip->ip_tos & IPTOS_CE) {
616 				/* _C_ongestion experienced (ECN) */
617 				putchar('C');
618 			}
619 			(void)printf(")");
620   		}
621 		(void)printf("]");
622 	}
623 
624 	if (ip->ip_ttl <= 1)
625 		(void)printf(" [ttl %d]", (int)ip->ip_ttl);
626 
627 	if (vflag) {
628 		char *sep = "";
629 
630 		printf(" (");
631 		if (ip->ip_ttl > 1) {
632 			(void)printf("%sttl %d", sep, (int)ip->ip_ttl);
633 			sep = ", ";
634 		}
635 		if ((off & 0x3fff) == 0) {
636 			(void)printf("%sid %d", sep, (int)ntohs(ip->ip_id));
637 			sep = ", ";
638 		}
639 		(void)printf("%slen %u", sep, ntohs(ip->ip_len));
640 		sep = ", ";
641 		if ((u_char *)ip + hlen <= snapend) {
642 			u_int16_t sum, ip_sum;
643 			sum = in_cksum((const u_short *)ip, hlen, 0);
644 			if (sum != 0) {
645 				ip_sum = EXTRACT_16BITS(&ip->ip_sum);
646 				(void)printf("%sbad ip cksum %x! -> %x", sep, ip_sum,
647 					     in_cksum_shouldbe(ip_sum, sum));
648 				sep = ", ";
649 			}
650 		}
651 		if (hlen > sizeof(struct ip)) {
652 			hlen -= sizeof(struct ip);
653 			(void)printf("%soptlen=%d", sep, hlen);
654 			ip_optprint((u_char *)(ip + 1), hlen);
655 		}
656 		printf(")");
657 	}
658 	return;
659 
660 trunc:
661 	printf("[|ip]");
662 }
663