2 * Copyright (c) 1988, 1989, 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997
3 * The Regents of the University of California. All rights reserved.
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that: (1) source code distributions
7 * retain the above copyright notice and this paragraph in its entirety, (2)
8 * distributions including binary code include the above copyright notice and
9 * this paragraph in its entirety in the documentation or other materials
10 * provided with the distribution, and (3) all advertising materials mentioning
11 * features or use of this software display the following acknowledgement:
12 * ``This product includes software developed by the University of California,
13 * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of
14 * the University nor the names of its contributors may be used to endorse
15 * or promote products derived from this software without specific prior
17 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED
18 * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
19 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
25 static const char rcsid[] _U_ =
26 "@(#) $Header: /tcpdump/master/tcpdump/print-ip.c,v 1.128.2.6 2004/03/24 09:01:39 guy Exp $ (LBL)";
33 #include <tcpdump-stdinc.h>
39 #include "addrtoname.h"
40 #include "interface.h"
41 #include "extract.h" /* must come after interface.h */
47 * print the recorded route in an IP RR, LSRR or SSRR option.
50 ip_printroute(const char *type, register const u_char *cp, u_int length)
56 printf(" [bad length %u]", length);
61 printf(" [bad length %u]", length);
63 if (ptr < 3 || ((ptr + 1) & 3) || ptr > length + 1)
64 printf(" [bad ptr %u]", cp[2]);
67 for (len = 3; len < length; len += 4) {
70 printf("%s%s", type, ipaddr_string(&cp[len]));
73 printf("%s}", ptr == len? "#" : "");
77 * If source-routing is present, return the final destination.
78 * Otherwise, return IP destination.
80 * This is used for UDP and TCP pseudo-header in the checksum
84 ip_finddst(const struct ip *ip)
91 cp = (const u_char *)(ip + 1);
92 length = (IP_HL(ip) << 2) - sizeof(struct ip);
94 for (; length > 0; cp += len, length -= len) {
99 if (tt == IPOPT_NOP || tt == IPOPT_EOL)
115 memcpy(&retval, cp + len - 4, 4);
119 return ip->ip_dst.s_addr;
126 ip_printts(register const u_char *cp, u_int length)
134 printf("[bad length %d]", length);
138 hoplen = ((cp[3]&0xF) != IPOPT_TS_TSONLY) ? 8 : 4;
139 if ((length - 4) & (hoplen-1))
140 printf("[bad length %d]", length);
143 if (ptr < 4 || ((ptr - 4) & (hoplen-1)) || ptr > length + 1)
144 printf("[bad ptr %d]", cp[2]);
146 case IPOPT_TS_TSONLY:
149 case IPOPT_TS_TSANDADDR:
153 * prespecified should really be 3, but some ones might send 2
154 * instead, and the IPOPT_TS_PRESPEC constant can apparently
155 * have both values, so we have to hard-code it here.
159 printf("PRESPEC2.0");
161 case 3: /* IPOPT_TS_PRESPEC */
165 printf("[bad ts type %d]", cp[3]&0xF);
170 for (len = 4; len < length; len += hoplen) {
173 printf("%s%d@%s", type, EXTRACT_32BITS(&cp[len+hoplen-4]),
174 hoplen!=8 ? "" : ipaddr_string(&cp[len]));
179 printf("%s", ptr == len ? " ^ " : "");
182 printf(" [%d hops not recorded]} ", cp[3]>>4);
191 ip_optprint(register const u_char *cp, u_int length)
195 for (; length > 0; cp += len, length -= len) {
200 if (tt == IPOPT_NOP || tt == IPOPT_EOL)
206 printf("[|ip op len %d]", len);
216 printf("-%d", length - 1);
227 #ifndef IPOPT_SECURITY
228 #define IPOPT_SECURITY 130
229 #endif /* IPOPT_SECURITY */
231 printf(" SECURITY{%d}", len);
235 ip_printroute("RR", cp, len);
239 ip_printroute("SSRR", cp, len);
243 ip_printroute("LSRR", cp, len);
247 #define IPOPT_RA 148 /* router alert */
256 printf("%d.%d", cp[2], cp[3]);
261 printf(" IPOPT-%d{%d}", cp[0], len);
272 * compute an IP header checksum.
273 * don't modifiy the packet.
276 in_cksum(const u_short *addr, register u_int len, int csum)
279 const u_short *w = addr;
284 * Our algorithm is simple, using a 32 bit accumulator (sum),
285 * we add sequential 16 bit words to it, and at the end, fold
286 * back all the carry bits from the top 16 bits into the lower
294 sum += htons(*(u_char *)w<<8);
297 * add back carry outs from top 16 bits to low 16 bits
299 sum = (sum >> 16) + (sum & 0xffff); /* add hi 16 to low 16 */
300 sum += (sum >> 16); /* add carry */
301 answer = ~sum; /* truncate to 16 bits */
306 * Given the host-byte-order value of the checksum field in a packet
307 * header, and the network-byte-order computed checksum of the data
308 * that the checksum covers (including the checksum itself), compute
309 * what the checksum field *should* have been.
312 in_cksum_shouldbe(u_int16_t sum, u_int16_t computed_sum)
317 * The value that should have gone into the checksum field
318 * is the negative of the value gotten by summing up everything
319 * *but* the checksum field.
321 * We can compute that by subtracting the value of the checksum
322 * field from the sum of all the data in the packet, and then
323 * computing the negative of that value.
325 * "sum" is the value of the checksum field, and "computed_sum"
326 * is the negative of the sum of all the data in the packets,
327 * so that's -(-computed_sum - sum), or (sum + computed_sum).
329 * All the arithmetic in question is one's complement, so the
330 * addition must include an end-around carry; we do this by
331 * doing the arithmetic in 32 bits (with no sign-extension),
332 * and then adding the upper 16 bits of the sum, which contain
333 * the carry, to the lower 16 bits of the sum, and then do it
334 * again in case *that* sum produced a carry.
336 * As RFC 1071 notes, the checksum can be computed without
337 * byte-swapping the 16-bit words; summing 16-bit words
338 * on a big-endian machine gives a big-endian checksum, which
339 * can be directly stuffed into the big-endian checksum fields
340 * in protocol headers, and summing words on a little-endian
341 * machine gives a little-endian checksum, which must be
342 * byte-swapped before being stuffed into a big-endian checksum
345 * "computed_sum" is a network-byte-order value, so we must put
346 * it in host byte order before subtracting it from the
347 * host-byte-order value from the header; the adjusted checksum
348 * will be in host byte order, which is what we'll return.
351 shouldbe += ntohs(computed_sum);
352 shouldbe = (shouldbe & 0xFFFF) + (shouldbe >> 16);
353 shouldbe = (shouldbe & 0xFFFF) + (shouldbe >> 16);
363 #define IP_RES 0x8000
365 static struct tok ip_frag_values[] = {
368 { IP_RES, "rsvd" }, /* The RFC3514 evil ;-) bit */
373 * print an IP datagram.
376 ip_print(register const u_char *bp, register u_int length)
378 register const struct ip *ip;
379 register u_int hlen, len, len0, off;
381 register const u_char *cp;
384 struct protoent *proto;
385 u_int16_t sum, ip_sum;
387 ip = (const struct ip *)bp;
388 if (IP_V(ip) != 4) { /* print version if != 4 */
389 printf("IP%u ", IP_V(ip));
391 printf(", wrong link-layer encapsulation");
396 if ((u_char *)(ip + 1) > snapend) {
400 if (length < sizeof (struct ip)) {
401 (void)printf("truncated-ip %d", length);
404 hlen = IP_HL(ip) * 4;
405 if (hlen < sizeof (struct ip)) {
406 (void)printf("bad-hlen %u", hlen);
410 len = EXTRACT_16BITS(&ip->ip_len);
412 (void)printf("truncated-ip - %u bytes missing! ",
415 (void)printf("bad-len %u", len);
420 * Cut off the snapshot length to the end of the IP payload.
429 off = EXTRACT_16BITS(&ip->ip_off);
432 (void)printf("(tos 0x%x", (int)ip->ip_tos);
434 if (ip->ip_tos & 0x03) {
435 switch (ip->ip_tos & 0x03) {
437 (void)printf(",ECT(1)");
440 (void)printf(",ECT(0)");
448 (void)printf(", ttl %3u", ip->ip_ttl);
451 * for the firewall guys, print id, offset.
452 * On all but the last stick a "+" in the flags portion.
453 * For unfragmented datagrams, note the don't fragment flag.
456 (void)printf(", id %u, offset %u, flags [%s]",
457 EXTRACT_16BITS(&ip->ip_id),
459 bittok2str(ip_frag_values, "none", off & 0xe000 ));
461 (void)printf(", length: %u", EXTRACT_16BITS(&ip->ip_len));
463 if ((hlen - sizeof(struct ip)) > 0) {
464 (void)printf(", optlength: %u (", hlen - (u_int)sizeof(struct ip));
465 ip_optprint((u_char *)(ip + 1), hlen - sizeof(struct ip));
469 if ((u_char *)ip + hlen <= snapend) {
470 sum = in_cksum((const u_short *)ip, hlen, 0);
472 ip_sum = EXTRACT_16BITS(&ip->ip_sum);
473 (void)printf(", bad cksum %x (->%x)!", ip_sum,
474 in_cksum_shouldbe(ip_sum, sum));
482 * If this is fragment zero, hand it to the next higher
485 if ((off & 0x1fff) == 0) {
486 cp = (const u_char *)ip + hlen;
489 if (nh != IPPROTO_TCP && nh != IPPROTO_UDP &&
490 nh != IPPROTO_SCTP) {
491 (void)printf("%s > %s: ", ipaddr_string(&ip->ip_src),
492 ipaddr_string(&ip->ip_dst));
499 advance = ah_print(cp);
509 advance = esp_print(cp, (const u_char *)ip, &enh, &padlen);
513 len -= advance + padlen;
521 advance = ipcomp_print(cp, &enh);
531 sctp_print(cp, (const u_char *)ip, len);
535 tcp_print(cp, len, (const u_char *)ip, (off &~ 0x6000));
539 udp_print(cp, len, (const u_char *)ip, (off &~ 0x6000));
543 /* pass on the MF bit plus the offset to detect fragments */
544 icmp_print(cp, len, (const u_char *)ip, (off & 0x3fff));
548 igrp_print(cp, len, (const u_char *)ip);
552 (void)printf(" nd %d", len);
560 ospf_print(cp, len, (const u_char *)ip);
568 /* DVMRP multicast tunnel (ip-in-ip encapsulation) */
571 printf(" (ipip-proto-4)");
578 /* ip6-in-ip encapsulation */
593 mobile_print(cp, len);
601 vrrp_print(cp, len, ip->ip_ttl);
605 if ((proto = getprotobynumber(nh)) != NULL)
606 (void)printf(" %s", proto->p_name);
608 (void)printf(" ip-proto-%d", nh);
613 /* Ultra quiet now means that all this stuff should be suppressed */
614 if (qflag > 1) return;
617 * if this isn't the first frag, we're missing the
618 * next level protocol header. print the ip addr
622 (void)printf("%s > %s:", ipaddr_string(&ip->ip_src),
623 ipaddr_string(&ip->ip_dst));
624 if ((proto = getprotobynumber(ip->ip_p)) != NULL)
625 (void)printf(" %s", proto->p_name);
627 (void)printf(" ip-proto-%d", ip->ip_p);
633 ipN_print(register const u_char *bp, register u_int length)
637 ip = (struct ip *)bp;
639 (void)printf("truncated-ip %d", length);
642 memcpy (&hdr, (char *)ip, 4);
643 switch (IP_V(&hdr)) {
645 ip_print (bp, length);
649 ip6_print (bp, length);
653 (void)printf("unknown ip %d", IP_V(&hdr));
projects / FreeBSD / FreeBSD.git / blob