Try to fixup the mess of mdoc(7)/man(7) mixture as created by the merge.
[netbsd-mini2440.git] / dist / tcpdump / print-ip.c
blob775f93510a5499d7e6923870c12ff26c6d23ca30
1 /* $NetBSD: print-ip.c,v 1.7 2007/07/24 11:53:44 drochner Exp $ */
3 /*
4 * Copyright (c) 1988, 1989, 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997
5 * The Regents of the University of California. All rights reserved.
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that: (1) source code distributions
9 * retain the above copyright notice and this paragraph in its entirety, (2)
10 * distributions including binary code include the above copyright notice and
11 * this paragraph in its entirety in the documentation or other materials
12 * provided with the distribution, and (3) all advertising materials mentioning
13 * features or use of this software display the following acknowledgement:
14 * ``This product includes software developed by the University of California,
15 * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of
16 * the University nor the names of its contributors may be used to endorse
17 * or promote products derived from this software without specific prior
18 * written permission.
19 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED
20 * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
21 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
24 #include <sys/cdefs.h>
25 #ifndef lint
26 #if 0
27 static const char rcsid[] _U_ =
28 "@(#) Header: /tcpdump/master/tcpdump/print-ip.c,v 1.149.2.8 2007/01/29 20:57:47 guy Exp (LBL)";
29 #else
30 __RCSID("$NetBSD: print-ip.c,v 1.7 2007/07/24 11:53:44 drochner Exp $");
31 #endif
32 #endif
34 #ifdef HAVE_CONFIG_H
35 #include "config.h"
36 #endif
38 #include <tcpdump-stdinc.h>
40 #include <stdio.h>
41 #include <stdlib.h>
42 #include <string.h>
44 #include "addrtoname.h"
45 #include "interface.h"
46 #include "extract.h" /* must come after interface.h */
48 #include "ip.h"
49 #include "ipproto.h"
51 struct tok ip_option_values[] = {
52 { IPOPT_EOL, "EOL" },
53 { IPOPT_NOP, "NOP" },
54 { IPOPT_TS, "timestamp" },
55 { IPOPT_SECURITY, "security" },
56 { IPOPT_RR, "RR" },
57 { IPOPT_SSRR, "SSRR" },
58 { IPOPT_LSRR, "LSRR" },
59 { IPOPT_RA, "RA" },
60 { 0, NULL }
64 * print the recorded route in an IP RR, LSRR or SSRR option.
66 static void
67 ip_printroute(register const u_char *cp, u_int length)
69 register u_int ptr;
70 register u_int len;
72 if (length < 3) {
73 printf(" [bad length %u]", length);
74 return;
76 if ((length + 1) & 3)
77 printf(" [bad length %u]", length);
78 ptr = cp[2] - 1;
79 if (ptr < 3 || ((ptr + 1) & 3) || ptr > length + 1)
80 printf(" [bad ptr %u]", cp[2]);
82 for (len = 3; len < length; len += 4) {
83 printf(" %s", ipaddr_string(&cp[len]));
84 if (ptr > len)
85 printf(",");
90 * If source-routing is present and valid, return the final destination.
91 * Otherwise, return IP destination.
93 * This is used for UDP and TCP pseudo-header in the checksum
94 * calculation.
96 u_int32_t
97 ip_finddst(const struct ip *ip)
99 int length;
100 int len;
101 const u_char *cp;
102 u_int32_t retval;
104 cp = (const u_char *)(ip + 1);
105 length = (IP_HL(ip) << 2) - sizeof(struct ip);
107 for (; length > 0; cp += len, length -= len) {
108 int tt;
110 TCHECK(*cp);
111 tt = *cp;
112 if (tt == IPOPT_EOL)
113 break;
114 else if (tt == IPOPT_NOP)
115 len = 1;
116 else {
117 TCHECK(cp[1]);
118 len = cp[1];
119 if (len < 2)
120 break;
122 TCHECK2(*cp, len);
123 switch (tt) {
125 case IPOPT_SSRR:
126 case IPOPT_LSRR:
127 if (len < 7)
128 break;
129 memcpy(&retval, cp + len - 4, 4);
130 return retval;
133 trunc:
134 memcpy(&retval, &ip->ip_dst.s_addr, sizeof(u_int32_t));
135 return retval;
138 static void
139 ip_printts(register const u_char *cp, u_int length)
141 register u_int ptr;
142 register u_int len;
143 int hoplen;
144 const char *type;
146 if (length < 4) {
147 printf("[bad length %u]", length);
148 return;
150 printf(" TS{");
151 hoplen = ((cp[3]&0xF) != IPOPT_TS_TSONLY) ? 8 : 4;
152 if ((length - 4) & (hoplen-1))
153 printf("[bad length %u]", length);
154 ptr = cp[2] - 1;
155 len = 0;
156 if (ptr < 4 || ((ptr - 4) & (hoplen-1)) || ptr > length + 1)
157 printf("[bad ptr %u]", cp[2]);
158 switch (cp[3]&0xF) {
159 case IPOPT_TS_TSONLY:
160 printf("TSONLY");
161 break;
162 case IPOPT_TS_TSANDADDR:
163 printf("TS+ADDR");
164 break;
166 * prespecified should really be 3, but some ones might send 2
167 * instead, and the IPOPT_TS_PRESPEC constant can apparently
168 * have both values, so we have to hard-code it here.
171 case 2:
172 printf("PRESPEC2.0");
173 break;
174 case 3: /* IPOPT_TS_PRESPEC */
175 printf("PRESPEC");
176 break;
177 default:
178 printf("[bad ts type %d]", cp[3]&0xF);
179 goto done;
182 type = " ";
183 for (len = 4; len < length; len += hoplen) {
184 if (ptr == len)
185 type = " ^ ";
186 printf("%s%d@%s", type, EXTRACT_32BITS(&cp[len+hoplen-4]),
187 hoplen!=8 ? "" : ipaddr_string(&cp[len]));
188 type = " ";
191 done:
192 printf("%s", ptr == len ? " ^ " : "");
194 if (cp[3]>>4)
195 printf(" [%d hops not recorded]} ", cp[3]>>4);
196 else
197 printf("}");
201 * print IP options.
203 static void
204 ip_optprint(register const u_char *cp, u_int length)
206 register u_int option_len;
207 const char *sep = "";
209 for (; length > 0; cp += option_len, length -= option_len) {
210 u_int option_code;
212 printf("%s", sep);
213 sep = ",";
215 TCHECK(*cp);
216 option_code = *cp;
218 printf("%s",
219 tok2str(ip_option_values,"unknown %u",option_code));
221 if (option_code == IPOPT_NOP ||
222 option_code == IPOPT_EOL)
223 option_len = 1;
225 else {
226 TCHECK(cp[1]);
227 option_len = cp[1];
228 if (option_len < 2) {
229 printf(" [bad length %u]", option_len);
230 return;
234 if (option_len > length) {
235 printf(" [bad length %u]", option_len);
236 return;
239 TCHECK2(*cp, option_len);
241 switch (option_code) {
242 case IPOPT_EOL:
243 return;
245 case IPOPT_TS:
246 ip_printts(cp, option_len);
247 break;
249 case IPOPT_RR: /* fall through */
250 case IPOPT_SSRR:
251 case IPOPT_LSRR:
252 ip_printroute(cp, option_len);
253 break;
255 case IPOPT_RA:
256 if (option_len < 4) {
257 printf(" [bad length %u]", option_len);
258 break;
260 TCHECK(cp[3]);
261 if (EXTRACT_16BITS(&cp[2]) != 0)
262 printf(" value %u", EXTRACT_16BITS(&cp[2]));
263 break;
265 case IPOPT_NOP: /* nothing to print - fall through */
266 case IPOPT_SECURITY:
267 default:
268 break;
271 return;
273 trunc:
274 printf("[|ip]");
278 * compute an IP header checksum.
279 * don't modifiy the packet.
281 u_short
282 in_cksum(const u_short *addr, register u_int len, int csum)
284 int nleft = len;
285 const u_short *w = addr;
286 u_short answer;
287 int sum = csum;
290 * Our algorithm is simple, using a 32 bit accumulator (sum),
291 * we add sequential 16 bit words to it, and at the end, fold
292 * back all the carry bits from the top 16 bits into the lower
293 * 16 bits.
295 while (nleft > 1) {
296 sum += *w++;
297 nleft -= 2;
299 if (nleft == 1)
300 sum += htons(*(u_char *)w<<8);
303 * add back carry outs from top 16 bits to low 16 bits
305 sum = (sum >> 16) + (sum & 0xffff); /* add hi 16 to low 16 */
306 sum += (sum >> 16); /* add carry */
307 answer = ~sum; /* truncate to 16 bits */
308 return (answer);
312 * Given the host-byte-order value of the checksum field in a packet
313 * header, and the network-byte-order computed checksum of the data
314 * that the checksum covers (including the checksum itself), compute
315 * what the checksum field *should* have been.
317 u_int16_t
318 in_cksum_shouldbe(u_int16_t sum, u_int16_t computed_sum)
320 u_int32_t shouldbe;
323 * The value that should have gone into the checksum field
324 * is the negative of the value gotten by summing up everything
325 * *but* the checksum field.
327 * We can compute that by subtracting the value of the checksum
328 * field from the sum of all the data in the packet, and then
329 * computing the negative of that value.
331 * "sum" is the value of the checksum field, and "computed_sum"
332 * is the negative of the sum of all the data in the packets,
333 * so that's -(-computed_sum - sum), or (sum + computed_sum).
335 * All the arithmetic in question is one's complement, so the
336 * addition must include an end-around carry; we do this by
337 * doing the arithmetic in 32 bits (with no sign-extension),
338 * and then adding the upper 16 bits of the sum, which contain
339 * the carry, to the lower 16 bits of the sum, and then do it
340 * again in case *that* sum produced a carry.
342 * As RFC 1071 notes, the checksum can be computed without
343 * byte-swapping the 16-bit words; summing 16-bit words
344 * on a big-endian machine gives a big-endian checksum, which
345 * can be directly stuffed into the big-endian checksum fields
346 * in protocol headers, and summing words on a little-endian
347 * machine gives a little-endian checksum, which must be
348 * byte-swapped before being stuffed into a big-endian checksum
349 * field.
351 * "computed_sum" is a network-byte-order value, so we must put
352 * it in host byte order before subtracting it from the
353 * host-byte-order value from the header; the adjusted checksum
354 * will be in host byte order, which is what we'll return.
356 shouldbe = sum;
357 shouldbe += ntohs(computed_sum);
358 shouldbe = (shouldbe & 0xFFFF) + (shouldbe >> 16);
359 shouldbe = (shouldbe & 0xFFFF) + (shouldbe >> 16);
360 return shouldbe;
363 #define IP_RES 0x8000
365 static struct tok ip_frag_values[] = {
366 { IP_MF, "+" },
367 { IP_DF, "DF" },
368 { IP_RES, "rsvd" }, /* The RFC3514 evil ;-) bit */
369 { 0, NULL }
372 struct ip_print_demux_state {
373 const struct ip *ip;
374 const u_char *cp;
375 u_int len, off;
376 u_char nh;
377 int advance;
380 static void
381 ip_print_demux(netdissect_options *ndo,
382 struct ip_print_demux_state *ipds)
384 struct protoent *proto;
386 again:
387 switch (ipds->nh) {
389 case IPPROTO_AH:
390 ipds->nh = *ipds->cp;
391 ipds->advance = ah_print(ipds->cp);
392 if (ipds->advance <= 0)
393 break;
394 ipds->cp += ipds->advance;
395 ipds->len -= ipds->advance;
396 goto again;
398 case IPPROTO_ESP:
400 int enh, padlen;
401 ipds->advance = esp_print(ndo, ipds->cp, ipds->len,
402 (const u_char *)ipds->ip,
403 &enh, &padlen);
404 if (ipds->advance <= 0)
405 break;
406 ipds->cp += ipds->advance;
407 ipds->len -= ipds->advance + padlen;
408 ipds->nh = enh & 0xff;
409 goto again;
412 case IPPROTO_IPCOMP:
414 int enh;
415 ipds->advance = ipcomp_print(ipds->cp, &enh);
416 if (ipds->advance <= 0)
417 break;
418 ipds->cp += ipds->advance;
419 ipds->len -= ipds->advance;
420 ipds->nh = enh & 0xff;
421 goto again;
424 case IPPROTO_SCTP:
425 sctp_print(ipds->cp, (const u_char *)ipds->ip, ipds->len);
426 break;
428 case IPPROTO_DCCP:
429 dccp_print(ipds->cp, (const u_char *)ipds->ip, ipds->len);
430 break;
432 case IPPROTO_TCP:
433 /* pass on the MF bit plus the offset to detect fragments */
434 tcp_print(ipds->cp, ipds->len, (const u_char *)ipds->ip,
435 ipds->off & (IP_MF|IP_OFFMASK));
436 break;
438 case IPPROTO_UDP:
439 /* pass on the MF bit plus the offset to detect fragments */
440 udp_print(ipds->cp, ipds->len, (const u_char *)ipds->ip,
441 ipds->off & (IP_MF|IP_OFFMASK));
442 break;
444 case IPPROTO_ICMP:
445 /* pass on the MF bit plus the offset to detect fragments */
446 icmp_print(ipds->cp, ipds->len, (const u_char *)ipds->ip,
447 ipds->off & (IP_MF|IP_OFFMASK));
448 break;
450 case IPPROTO_PIGP:
452 * XXX - the current IANA protocol number assignments
453 * page lists 9 as "any private interior gateway
454 * (used by Cisco for their IGRP)" and 88 as
455 * "EIGRP" from Cisco.
457 * Recent BSD <netinet/in.h> headers define
458 * IP_PROTO_PIGP as 9 and IP_PROTO_IGRP as 88.
459 * We define IP_PROTO_PIGP as 9 and
460 * IP_PROTO_EIGRP as 88; those names better
461 * match was the current protocol number
462 * assignments say.
464 igrp_print(ipds->cp, ipds->len, (const u_char *)ipds->ip);
465 break;
467 case IPPROTO_EIGRP:
468 eigrp_print(ipds->cp, ipds->len);
469 break;
471 case IPPROTO_ND:
472 ND_PRINT((ndo, " nd %d", ipds->len));
473 break;
475 case IPPROTO_EGP:
476 egp_print(ipds->cp, ipds->len);
477 break;
479 case IPPROTO_OSPF:
480 ospf_print(ipds->cp, ipds->len, (const u_char *)ipds->ip);
481 break;
483 case IPPROTO_IGMP:
484 igmp_print(ipds->cp, ipds->len);
485 break;
487 case IPPROTO_IPV4:
488 /* DVMRP multicast tunnel (ip-in-ip encapsulation) */
489 ip_print(gndo, ipds->cp, ipds->len);
490 if (! vflag) {
491 ND_PRINT((ndo, " (ipip-proto-4)"));
492 return;
494 break;
496 #ifdef INET6
497 case IPPROTO_IPV6:
498 /* ip6-in-ip encapsulation */
499 ip6_print(ipds->cp, ipds->len);
500 break;
501 #endif /*INET6*/
503 case IPPROTO_RSVP:
504 rsvp_print(ipds->cp, ipds->len);
505 break;
507 case IPPROTO_GRE:
508 /* do it */
509 gre_print(ipds->cp, ipds->len);
510 break;
512 case IPPROTO_MOBILE:
513 mobile_print(ipds->cp, ipds->len);
514 break;
516 case IPPROTO_PIM:
517 pim_print(ipds->cp, ipds->len);
518 break;
520 case IPPROTO_VRRP:
521 vrrp_print(ipds->cp, ipds->len, ipds->ip->ip_ttl);
522 break;
524 case IPPROTO_PGM:
525 pgm_print(ipds->cp, ipds->len, (const u_char *)ipds->ip);
526 break;
528 case IPPROTO_PFSYNC:
529 pfsync_ip_print(ipds->cp, ipds->len, (const u_char *)ipds->ip);
530 break;
532 default:
533 if ((proto = getprotobynumber(ipds->nh)) != NULL)
534 ND_PRINT((ndo, " %s", proto->p_name));
535 else
536 ND_PRINT((ndo, " ip-proto-%d", ipds->nh));
537 ND_PRINT((ndo, " %d", ipds->len));
538 break;
542 void
543 ip_print_inner(netdissect_options *ndo,
544 const u_char *bp,
545 u_int length, u_int nh,
546 const u_char *bp2)
548 struct ip_print_demux_state ipd;
550 ipd.ip = (const struct ip *)bp2;
551 ipd.cp = bp;
552 ipd.len = length;
553 ipd.off = 0;
554 ipd.nh = nh;
555 ipd.advance = 0;
557 ip_print_demux(ndo, &ipd);
562 * print an IP datagram.
564 void
565 ip_print(netdissect_options *ndo,
566 const u_char *bp,
567 u_int length)
569 struct ip_print_demux_state ipd;
570 struct ip_print_demux_state *ipds=&ipd;
571 const u_char *ipend;
572 u_int hlen;
573 u_int16_t sum, ip_sum;
574 struct protoent *proto;
576 ipds->ip = (const struct ip *)bp;
577 if (IP_V(ipds->ip) != 4) { /* print version if != 4 */
578 printf("IP%u ", IP_V(ipds->ip));
579 if (IP_V(ipds->ip) == 6)
580 printf(", wrong link-layer encapsulation");
582 else if (!eflag)
583 printf("IP ");
585 if ((u_char *)(ipds->ip + 1) > snapend) {
586 printf("[|ip]");
587 return;
589 if (length < sizeof (struct ip)) {
590 (void)printf("truncated-ip %u", length);
591 return;
593 hlen = IP_HL(ipds->ip) * 4;
594 if (hlen < sizeof (struct ip)) {
595 (void)printf("bad-hlen %u", hlen);
596 return;
599 ipds->len = EXTRACT_16BITS(&ipds->ip->ip_len);
600 if (length < ipds->len)
601 (void)printf("truncated-ip - %u bytes missing! ",
602 ipds->len - length);
603 if (ipds->len < hlen) {
604 #ifdef GUESS_TSO
605 if (ipds->len) {
606 (void)printf("bad-len %u", ipds->len);
607 return;
609 else {
610 /* we guess that it is a TSO send */
611 ipds->len = length;
613 #else
614 (void)printf("bad-len %u", ipds->len);
615 return;
616 #endif /* GUESS_TSO */
620 * Cut off the snapshot length to the end of the IP payload.
622 ipend = bp + ipds->len;
623 if (ipend < snapend)
624 snapend = ipend;
626 ipds->len -= hlen;
628 ipds->off = EXTRACT_16BITS(&ipds->ip->ip_off);
630 if (vflag) {
631 (void)printf("(tos 0x%x", (int)ipds->ip->ip_tos);
632 /* ECN bits */
633 if (ipds->ip->ip_tos & 0x03) {
634 switch (ipds->ip->ip_tos & 0x03) {
635 case 1:
636 (void)printf(",ECT(1)");
637 break;
638 case 2:
639 (void)printf(",ECT(0)");
640 break;
641 case 3:
642 (void)printf(",CE");
646 if (ipds->ip->ip_ttl >= 1)
647 (void)printf(", ttl %u", ipds->ip->ip_ttl);
650 * for the firewall guys, print id, offset.
651 * On all but the last stick a "+" in the flags portion.
652 * For unfragmented datagrams, note the don't fragment flag.
655 (void)printf(", id %u, offset %u, flags [%s], proto %s (%u)",
656 EXTRACT_16BITS(&ipds->ip->ip_id),
657 (ipds->off & 0x1fff) * 8,
658 bittok2str(ip_frag_values, "none", ipds->off&0xe000),
659 tok2str(ipproto_values,"unknown",ipds->ip->ip_p),
660 ipds->ip->ip_p);
662 (void)printf(", length %u", EXTRACT_16BITS(&ipds->ip->ip_len));
664 if ((hlen - sizeof(struct ip)) > 0) {
665 printf(", options (");
666 ip_optprint((u_char *)(ipds->ip + 1), hlen - sizeof(struct ip));
667 printf(")");
670 if ((u_char *)ipds->ip + hlen <= snapend) {
671 sum = in_cksum((const u_short *)ipds->ip, hlen, 0);
672 if (sum != 0) {
673 ip_sum = EXTRACT_16BITS(&ipds->ip->ip_sum);
674 (void)printf(", bad cksum %x (->%x)!", ip_sum,
675 in_cksum_shouldbe(ip_sum, sum));
679 printf(") ");
683 * If this is fragment zero, hand it to the next higher
684 * level protocol.
686 if ((ipds->off & 0x1fff) == 0) {
687 ipds->cp = (const u_char *)ipds->ip + hlen;
688 ipds->nh = ipds->ip->ip_p;
690 if (ipds->nh != IPPROTO_TCP && ipds->nh != IPPROTO_UDP &&
691 ipds->nh != IPPROTO_SCTP && ipds->nh != IPPROTO_DCCP) {
692 (void)printf("%s > %s: ",
693 ipaddr_string(&ipds->ip->ip_src),
694 ipaddr_string(&ipds->ip->ip_dst));
696 ip_print_demux(ndo, ipds);
697 } else {
698 /* Ultra quiet now means that all this stuff should be suppressed */
699 if (qflag > 1) return;
702 * if this isn't the first frag, we're missing the
703 * next level protocol header. print the ip addr
704 * and the protocol.
706 if (ipds->off & 0x1fff) {
707 (void)printf("%s > %s:", ipaddr_string(&ipds->ip->ip_src),
708 ipaddr_string(&ipds->ip->ip_dst));
709 if ((proto = getprotobynumber(ipds->ip->ip_p)) != NULL)
710 (void)printf(" %s", proto->p_name);
711 else
712 (void)printf(" ip-proto-%d", ipds->ip->ip_p);
717 void
718 ipN_print(register const u_char *bp, register u_int length)
720 struct ip *ip, hdr;
722 ip = (struct ip *)bp;
723 if (length < 4) {
724 (void)printf("truncated-ip %d", length);
725 return;
727 memcpy (&hdr, (char *)ip, 4);
728 switch (IP_V(&hdr)) {
729 case 4:
730 ip_print (gndo, bp, length);
731 return;
732 #ifdef INET6
733 case 6:
734 ip6_print (bp, length);
735 return;
736 #endif
737 default:
738 (void)printf("unknown ip %d", IP_V(&hdr));
739 return;
744 * Local Variables:
745 * c-style: whitesmith
746 * c-basic-offset: 8
747 * End: