1 /* 2 * Copyright (c) 1988, 1989, 1990, 1991, 1992, 1993, 1994, 1995, 1996 3 * The Regents of the University of California. All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that: (1) source code distributions 7 * retain the above copyright notice and this paragraph in its entirety, (2) 8 * distributions including binary code include the above copyright notice and 9 * this paragraph in its entirety in the documentation or other materials 10 * provided with the distribution, and (3) all advertising materials mentioning 11 * features or use of this software display the following acknowledgement: 12 * ``This product includes software developed by the University of California, 13 * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of 14 * the University nor the names of its contributors may be used to endorse 15 * or promote products derived from this software without specific prior 16 * written permission. 17 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED 18 * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF 19 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. 20 */ 21 22 #ifndef lint 23 static const char rcsid[] = 24 "@(#) $Header: /home/cvs/src/usr.sbin/tcpdump/print-udp.c,v 1.8 1998/06/25 19:42:47 mickey Exp $ (LBL)"; 25 #endif 26 27 #include <sys/param.h> 28 #include <sys/time.h> 29 #include <sys/socket.h> 30 31 #include <netinet/in.h> 32 #include <netinet/in_systm.h> 33 #include <netinet/ip.h> 34 #include <netinet/ip_var.h> 35 #include <netinet/udp.h> 36 #include <netinet/udp_var.h> 37 38 #undef NOERROR /* Solaris sucks */ 39 #undef T_UNSPEC /* SINIX does too */ 40 #include <arpa/nameser.h> 41 #include <arpa/tftp.h> 42 43 #include <rpc/rpc.h> 44 45 #include <stdio.h> 46 47 #include "interface.h" 48 #include "addrtoname.h" 49 #include "appletalk.h" 50 51 #include "nfsv2.h" 52 #include "bootp.h" 53 54 struct rtcphdr { 55 u_short rh_flags; /* T:2 P:1 CNT:5 PT:8 */ 56 u_short rh_len; /* length of message (in words) */ 57 u_int rh_ssrc; /* synchronization src id */ 58 }; 59 60 typedef struct { 61 u_int upper; /* more significant 32 bits */ 62 u_int lower; /* less significant 32 bits */ 63 } ntp64; 64 65 /* 66 * Sender report. 67 */ 68 struct rtcp_sr { 69 ntp64 sr_ntp; /* 64-bit ntp timestamp */ 70 u_int sr_ts; /* reference media timestamp */ 71 u_int sr_np; /* no. packets sent */ 72 u_int sr_nb; /* no. bytes sent */ 73 }; 74 75 /* 76 * Receiver report. 77 * Time stamps are middle 32-bits of ntp timestamp. 78 */ 79 struct rtcp_rr { 80 u_int rr_srcid; /* sender being reported */ 81 u_int rr_nl; /* no. packets lost */ 82 u_int rr_ls; /* extended last seq number received */ 83 u_int rr_dv; /* jitter (delay variance) */ 84 u_int rr_lsr; /* orig. ts from last rr from this src */ 85 u_int rr_dlsr; /* time from recpt of last rr to xmit time */ 86 }; 87 88 /*XXX*/ 89 #define RTCP_PT_SR 200 90 #define RTCP_PT_RR 201 91 #define RTCP_PT_SDES 202 92 #define RTCP_SDES_CNAME 1 93 #define RTCP_SDES_NAME 2 94 #define RTCP_SDES_EMAIL 3 95 #define RTCP_SDES_PHONE 4 96 #define RTCP_SDES_LOC 5 97 #define RTCP_SDES_TOOL 6 98 #define RTCP_SDES_NOTE 7 99 #define RTCP_SDES_PRIV 8 100 #define RTCP_PT_BYE 203 101 #define RTCP_PT_APP 204 102 103 static void 104 vat_print(const void *hdr, u_int len, register const struct udphdr *up) 105 { 106 /* vat/vt audio */ 107 u_int ts = *(u_short *)hdr; 108 if ((ts & 0xf060) != 0) { 109 /* probably vt */ 110 (void)printf(" udp/vt %u %d / %d", 111 (u_int32_t)(ntohs(up->uh_ulen) - sizeof(*up)), 112 ts & 0x3ff, ts >> 10); 113 } else { 114 /* probably vat */ 115 u_int i0 = ntohl(((u_int *)hdr)[0]); 116 u_int i1 = ntohl(((u_int *)hdr)[1]); 117 printf(" udp/vat %u c%d %u%s", 118 (u_int32_t)(ntohs(up->uh_ulen) - sizeof(*up) - 8), 119 i0 & 0xffff, 120 i1, i0 & 0x800000? "*" : ""); 121 /* audio format */ 122 if (i0 & 0x1f0000) 123 printf(" f%d", (i0 >> 16) & 0x1f); 124 if (i0 & 0x3f000000) 125 printf(" s%d", (i0 >> 24) & 0x3f); 126 } 127 } 128 129 static void 130 rtp_print(const void *hdr, u_int len, register const struct udphdr *up) 131 { 132 /* rtp v1 or v2 */ 133 u_int *ip = (u_int *)hdr; 134 u_int hasopt, hasext, contype, hasmarker; 135 u_int i0 = ntohl(((u_int *)hdr)[0]); 136 u_int i1 = ntohl(((u_int *)hdr)[1]); 137 u_int dlen = ntohs(up->uh_ulen) - sizeof(*up) - 8; 138 const char * ptype; 139 140 ip += 2; 141 len >>= 2; 142 len -= 2; 143 hasopt = 0; 144 hasext = 0; 145 if ((i0 >> 30) == 1) { 146 /* rtp v1 */ 147 hasopt = i0 & 0x800000; 148 contype = (i0 >> 16) & 0x3f; 149 hasmarker = i0 & 0x400000; 150 ptype = "rtpv1"; 151 } else { 152 /* rtp v2 */ 153 hasext = i0 & 0x10000000; 154 contype = (i0 >> 16) & 0x7f; 155 hasmarker = i0 & 0x800000; 156 dlen -= 4; 157 ptype = "rtp"; 158 ip += 1; 159 len -= 1; 160 } 161 printf(" udp/%s %d c%d %s%s %d %u", 162 ptype, 163 dlen, 164 contype, 165 (hasopt || hasext)? "+" : "", 166 hasmarker? "*" : "", 167 i0 & 0xffff, 168 i1); 169 if (vflag) { 170 printf(" %u", i1); 171 if (hasopt) { 172 u_int i2, optlen; 173 do { 174 i2 = ip[0]; 175 optlen = (i2 >> 16) & 0xff; 176 if (optlen == 0 || optlen > len) { 177 printf(" !opt"); 178 return; 179 } 180 ip += optlen; 181 len -= optlen; 182 } while ((int)i2 >= 0); 183 } 184 if (hasext) { 185 u_int i2, extlen; 186 i2 = ip[0]; 187 extlen = (i2 & 0xffff) + 1; 188 if (extlen > len) { 189 printf(" !ext"); 190 return; 191 } 192 ip += extlen; 193 } 194 if (contype == 0x1f) /*XXX H.261 */ 195 printf(" 0x%04x", ip[0] >> 16); 196 } 197 } 198 199 static const u_char * 200 rtcp_print(const u_char *hdr, const u_char *ep) 201 { 202 /* rtp v2 control (rtcp) */ 203 struct rtcp_rr *rr = 0; 204 struct rtcp_sr *sr; 205 struct rtcphdr *rh = (struct rtcphdr *)hdr; 206 u_int len; 207 u_short flags; 208 int cnt; 209 double ts, dts; 210 if ((u_char *)(rh + 1) > ep) { 211 printf(" [|rtcp]"); 212 return (ep); 213 } 214 len = (ntohs(rh->rh_len) + 1) * 4; 215 flags = ntohs(rh->rh_flags); 216 cnt = (flags >> 8) & 0x1f; 217 switch (flags & 0xff) { 218 case RTCP_PT_SR: 219 sr = (struct rtcp_sr *)(rh + 1); 220 printf(" sr"); 221 if (len != cnt * sizeof(*rr) + sizeof(*sr) + sizeof(*rh)) 222 printf(" [%d]", len); 223 if (vflag) 224 printf(" %u", (u_int32_t)ntohl(rh->rh_ssrc)); 225 if ((u_char *)(sr + 1) > ep) { 226 printf(" [|rtcp]"); 227 return (ep); 228 } 229 ts = (double)((u_int32_t)ntohl(sr->sr_ntp.upper)) + 230 ((double)((u_int32_t)ntohl(sr->sr_ntp.lower)) / 231 4294967296.0); 232 printf(" @%.2f %u %up %ub", ts, (u_int32_t)ntohl(sr->sr_ts), 233 (u_int32_t)ntohl(sr->sr_np), (u_int32_t)ntohl(sr->sr_nb)); 234 rr = (struct rtcp_rr *)(sr + 1); 235 break; 236 case RTCP_PT_RR: 237 printf(" rr"); 238 if (len != cnt * sizeof(*rr) + sizeof(*rh)) 239 printf(" [%d]", len); 240 rr = (struct rtcp_rr *)(rh + 1); 241 if (vflag) 242 printf(" %u", (u_int32_t)ntohl(rh->rh_ssrc)); 243 break; 244 case RTCP_PT_SDES: 245 printf(" sdes %d", len); 246 if (vflag) 247 printf(" %u", (u_int32_t)ntohl(rh->rh_ssrc)); 248 cnt = 0; 249 break; 250 case RTCP_PT_BYE: 251 printf(" bye %d", len); 252 if (vflag) 253 printf(" %u", (u_int32_t)ntohl(rh->rh_ssrc)); 254 cnt = 0; 255 break; 256 default: 257 printf(" type-0x%x %d", flags & 0xff, len); 258 cnt = 0; 259 break; 260 } 261 if (cnt > 1) 262 printf(" c%d", cnt); 263 while (--cnt >= 0) { 264 if ((u_char *)(rr + 1) > ep) { 265 printf(" [|rtcp]"); 266 return (ep); 267 } 268 if (vflag) 269 printf(" %u", (u_int32_t)ntohl(rr->rr_srcid)); 270 ts = (double)((u_int32_t)ntohl(rr->rr_lsr)) / 65536.; 271 dts = (double)((u_int32_t)ntohl(rr->rr_dlsr)) / 65536.; 272 printf(" %ul %us %uj @%.2f+%.2f", 273 (u_int32_t)ntohl(rr->rr_nl) & 0x00ffffff, 274 (u_int32_t)ntohl(rr->rr_ls), 275 (u_int32_t)ntohl(rr->rr_dv), ts, dts); 276 } 277 return (hdr + len); 278 } 279 280 /* XXX probably should use getservbyname() and cache answers */ 281 #define TFTP_PORT 69 /*XXX*/ 282 #define KERBEROS_PORT 88 /*XXX*/ 283 #define SUNRPC_PORT 111 /*XXX*/ 284 #define SNMP_PORT 161 /*XXX*/ 285 #define NTP_PORT 123 /*XXX*/ 286 #define SNMPTRAP_PORT 162 /*XXX*/ 287 #define RIP_PORT 520 /*XXX*/ 288 #define KERBEROS_SEC_PORT 750 /*XXX*/ 289 #define OLD_RADIUS_AUTH_PORT 1645 290 #define OLD_RADIUS_ACCT_PORT 1646 291 #define RADIUS_AUTH_PORT 1812 292 #define RADIUS_ACCT_PORT 1813 293 294 295 void 296 udp_print(register const u_char *bp, u_int length, register const u_char *bp2) 297 { 298 register const struct udphdr *up; 299 register const struct ip *ip; 300 register const u_char *cp; 301 register const u_char *ep = bp + length; 302 u_short sport, dport, ulen; 303 304 if (ep > snapend) 305 ep = snapend; 306 up = (struct udphdr *)bp; 307 ip = (struct ip *)bp2; 308 cp = (u_char *)(up + 1); 309 if (cp > snapend) { 310 printf("[|udp]"); 311 return; 312 } 313 if (length < sizeof(struct udphdr)) { 314 (void)printf(" truncated-udp %d", length); 315 return; 316 } 317 length -= sizeof(struct udphdr); 318 319 sport = ntohs(up->uh_sport); 320 dport = ntohs(up->uh_dport); 321 ulen = ntohs(up->uh_ulen); 322 if (packettype) { 323 register struct rpc_msg *rp; 324 enum msg_type direction; 325 326 switch (packettype) { 327 328 case PT_VAT: 329 (void)printf("%s.%s > %s.%s:", 330 ipaddr_string(&ip->ip_src), 331 udpport_string(sport), 332 ipaddr_string(&ip->ip_dst), 333 udpport_string(dport)); 334 vat_print((void *)(up + 1), length, up); 335 break; 336 337 case PT_WB: 338 (void)printf("%s.%s > %s.%s:", 339 ipaddr_string(&ip->ip_src), 340 udpport_string(sport), 341 ipaddr_string(&ip->ip_dst), 342 udpport_string(dport)); 343 wb_print((void *)(up + 1), length); 344 break; 345 346 case PT_RPC: 347 rp = (struct rpc_msg *)(up + 1); 348 direction = (enum msg_type)ntohl(rp->rm_direction); 349 if (direction == CALL) 350 sunrpcrequest_print((u_char *)rp, length, 351 (u_char *)ip); 352 else 353 nfsreply_print((u_char *)rp, length, 354 (u_char *)ip); /*XXX*/ 355 break; 356 357 case PT_RTP: 358 (void)printf("%s.%s > %s.%s:", 359 ipaddr_string(&ip->ip_src), 360 udpport_string(sport), 361 ipaddr_string(&ip->ip_dst), 362 udpport_string(dport)); 363 rtp_print((void *)(up + 1), length, up); 364 break; 365 366 case PT_RTCP: 367 (void)printf("%s.%s > %s.%s:", 368 ipaddr_string(&ip->ip_src), 369 udpport_string(sport), 370 ipaddr_string(&ip->ip_dst), 371 udpport_string(dport)); 372 while (cp < ep) 373 cp = rtcp_print(cp, ep); 374 break; 375 case PT_CNFP: 376 cnfp_print(cp, length, ip); 377 break; 378 } 379 return; 380 } 381 382 if (!qflag) { 383 register struct rpc_msg *rp; 384 enum msg_type direction; 385 386 rp = (struct rpc_msg *)(up + 1); 387 if (TTEST(rp->rm_direction)) { 388 direction = (enum msg_type)ntohl(rp->rm_direction); 389 if (dport == NFS_PORT && direction == CALL) { 390 nfsreq_print((u_char *)rp, length, 391 (u_char *)ip); 392 return; 393 } 394 if (sport == NFS_PORT && direction == REPLY) { 395 nfsreply_print((u_char *)rp, length, 396 (u_char *)ip); 397 return; 398 } 399 #ifdef notdef 400 if (dport == SUNRPC_PORT && direction == CALL) { 401 sunrpcrequest_print((u_char *)rp, length, (u_char *)ip); 402 return; 403 } 404 #endif 405 } 406 if (TTEST(((struct LAP *)cp)->type) && 407 ((struct LAP *)cp)->type == lapDDP && 408 (atalk_port(sport) || atalk_port(dport))) { 409 if (vflag) 410 fputs("kip ", stdout); 411 atalk_print_llap(cp, length); 412 return; 413 } 414 } 415 (void)printf("%s.%s > %s.%s:", 416 ipaddr_string(&ip->ip_src), udpport_string(sport), 417 ipaddr_string(&ip->ip_dst), udpport_string(dport)); 418 419 if (!qflag) { 420 #define ISPORT(p) (dport == (p) || sport == (p)) 421 if (ISPORT(NAMESERVER_PORT)) 422 ns_print((const u_char *)(up + 1), length); 423 else if (ISPORT(TFTP_PORT)) 424 tftp_print((const u_char *)(up + 1), length); 425 else if (ISPORT(IPPORT_BOOTPC) || ISPORT(IPPORT_BOOTPS)) 426 bootp_print((const u_char *)(up + 1), length, 427 sport, dport); 428 else if (ISPORT(RIP_PORT)) 429 rip_print((const u_char *)(up + 1), length); 430 else if (ISPORT(SNMP_PORT) || ISPORT(SNMPTRAP_PORT)) 431 snmp_print((const u_char *)(up + 1), length); 432 else if (ISPORT(NTP_PORT)) 433 ntp_print((const u_char *)(up + 1), length); 434 else if (ISPORT(KERBEROS_PORT) || ISPORT(KERBEROS_SEC_PORT)) 435 krb_print((const void *)(up + 1), length); 436 else if (ISPORT(OLD_RADIUS_AUTH_PORT) || 437 ISPORT(OLD_RADIUS_ACCT_PORT) || 438 ISPORT(RADIUS_AUTH_PORT) || 439 ISPORT(RADIUS_ACCT_PORT)) 440 radius_print((const u_char *)(up + 1), length); 441 else if (dport == 3456) 442 vat_print((const void *)(up + 1), length, up); 443 /* 444 * Kludge in test for whiteboard packets. 445 */ 446 else if (dport == 4567) 447 wb_print((const void *)(up + 1), length); 448 else 449 (void)printf(" udp %u", 450 (u_int32_t)(ulen - sizeof(*up))); 451 #undef ISPORT 452 } else 453 (void)printf(" udp %u", (u_int32_t)(ulen - sizeof(*up))); 454 } 455