print-icmp.c revision 1.13.2.1
1 /* 2 * Copyright (c) 1988, 1989, 1990, 1991, 1993, 1994, 1995, 1996 3 * The Regents of the University of California. All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that: (1) source code distributions 7 * retain the above copyright notice and this paragraph in its entirety, (2) 8 * distributions including binary code include the above copyright notice and 9 * this paragraph in its entirety in the documentation or other materials 10 * provided with the distribution, and (3) all advertising materials mentioning 11 * features or use of this software display the following acknowledgement: 12 * ``This product includes software developed by the University of California, 13 * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of 14 * the University nor the names of its contributors may be used to endorse 15 * or promote products derived from this software without specific prior 16 * written permission. 17 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED 18 * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF 19 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. 20 */ 21 22 #include <sys/cdefs.h> 23 #ifndef lint 24 __RCSID("$NetBSD: print-icmp.c,v 1.13.2.1 2025/08/02 05:23:23 perseant Exp $"); 25 #endif 26 27 /* \summary: Internet Control Message Protocol (ICMP) printer */ 28 29 #include <config.h> 30 31 #include "netdissect-stdinc.h" 32 33 #include <stdio.h> 34 #include <string.h> 35 36 #include "netdissect.h" 37 #include "addrtoname.h" 38 #include "extract.h" 39 40 #include "ip.h" 41 #include "udp.h" 42 #include "ipproto.h" 43 #include "mpls.h" 44 45 /* 46 * Interface Control Message Protocol Definitions. 47 * Per RFC 792, September 1981. 48 */ 49 50 /* 51 * Structure of an icmp header. 52 */ 53 struct icmp { 54 nd_uint8_t icmp_type; /* type of message, see below */ 55 nd_uint8_t icmp_code; /* type sub code */ 56 nd_uint16_t icmp_cksum; /* ones complement cksum of struct */ 57 union { 58 nd_uint8_t ih_pptr; /* ICMP_PARAMPROB */ 59 nd_ipv4 ih_gwaddr; /* ICMP_REDIRECT */ 60 struct ih_idseq { 61 nd_uint16_t icd_id; 62 nd_uint16_t icd_seq; 63 } ih_idseq; 64 nd_uint32_t ih_void; 65 } icmp_hun; 66 #define icmp_pptr icmp_hun.ih_pptr 67 #define icmp_gwaddr icmp_hun.ih_gwaddr 68 #define icmp_id icmp_hun.ih_idseq.icd_id 69 #define icmp_seq icmp_hun.ih_idseq.icd_seq 70 #define icmp_void icmp_hun.ih_void 71 union { 72 struct id_ts { 73 nd_uint32_t its_otime; 74 nd_uint32_t its_rtime; 75 nd_uint32_t its_ttime; 76 } id_ts; 77 struct id_ip { 78 struct ip idi_ip; 79 /* options and then 64 bits of data */ 80 } id_ip; 81 nd_uint32_t id_mask; 82 nd_byte id_data[1]; 83 } icmp_dun; 84 #define icmp_otime icmp_dun.id_ts.its_otime 85 #define icmp_rtime icmp_dun.id_ts.its_rtime 86 #define icmp_ttime icmp_dun.id_ts.its_ttime 87 #define icmp_ip icmp_dun.id_ip.idi_ip 88 #define icmp_mask icmp_dun.id_mask 89 #define icmp_data icmp_dun.id_data 90 } UNALIGNED; 91 92 /* 93 * Lower bounds on packet lengths for various types. 94 * For the error advice packets must first insure that the 95 * packet is large enough to contain the returned ip header. 96 * Only then can we do the check to see if 64 bits of packet 97 * data have been returned, since we need to check the returned 98 * ip header length. 99 */ 100 #define ICMP_MINLEN 8 /* abs minimum */ 101 #define ICMP_EXTD_MINLEN (156 - sizeof (struct ip)) /* draft-bonica-internet-icmp-08 */ 102 #define ICMP_TSLEN (8 + 3 * sizeof (uint32_t)) /* timestamp */ 103 #define ICMP_MASKLEN 12 /* address mask */ 104 #define ICMP_ADVLENMIN (8 + sizeof (struct ip) + 8) /* min */ 105 #define ICMP_ADVLEN(p) (8 + (IP_HL(&(p)->icmp_ip) << 2) + 8) 106 /* N.B.: must separately check that ip_hl >= 5 */ 107 108 /* 109 * Definition of type and code field values. 110 */ 111 #define ICMP_ECHOREPLY 0 /* echo reply */ 112 #define ICMP_UNREACH 3 /* dest unreachable, codes: */ 113 #define ICMP_UNREACH_NET 0 /* bad net */ 114 #define ICMP_UNREACH_HOST 1 /* bad host */ 115 #define ICMP_UNREACH_PROTOCOL 2 /* bad protocol */ 116 #define ICMP_UNREACH_PORT 3 /* bad port */ 117 #define ICMP_UNREACH_NEEDFRAG 4 /* IP_DF caused drop */ 118 #define ICMP_UNREACH_SRCFAIL 5 /* src route failed */ 119 #define ICMP_UNREACH_NET_UNKNOWN 6 /* unknown net */ 120 #define ICMP_UNREACH_HOST_UNKNOWN 7 /* unknown host */ 121 #define ICMP_UNREACH_ISOLATED 8 /* src host isolated */ 122 #define ICMP_UNREACH_NET_PROHIB 9 /* prohibited access */ 123 #define ICMP_UNREACH_HOST_PROHIB 10 /* ditto */ 124 #define ICMP_UNREACH_TOSNET 11 /* bad tos for net */ 125 #define ICMP_UNREACH_TOSHOST 12 /* bad tos for host */ 126 #define ICMP_SOURCEQUENCH 4 /* packet lost, slow down */ 127 #define ICMP_REDIRECT 5 /* shorter route, codes: */ 128 #define ICMP_REDIRECT_NET 0 /* for network */ 129 #define ICMP_REDIRECT_HOST 1 /* for host */ 130 #define ICMP_REDIRECT_TOSNET 2 /* for tos and net */ 131 #define ICMP_REDIRECT_TOSHOST 3 /* for tos and host */ 132 #define ICMP_ECHO 8 /* echo service */ 133 #define ICMP_ROUTERADVERT 9 /* router advertisement */ 134 #define ICMP_ROUTERSOLICIT 10 /* router solicitation */ 135 #define ICMP_TIMXCEED 11 /* time exceeded, code: */ 136 #define ICMP_TIMXCEED_INTRANS 0 /* ttl==0 in transit */ 137 #define ICMP_TIMXCEED_REASS 1 /* ttl==0 in reass */ 138 #define ICMP_PARAMPROB 12 /* ip header bad */ 139 #define ICMP_PARAMPROB_OPTABSENT 1 /* req. opt. absent */ 140 #define ICMP_TSTAMP 13 /* timestamp request */ 141 #define ICMP_TSTAMPREPLY 14 /* timestamp reply */ 142 #define ICMP_IREQ 15 /* information request */ 143 #define ICMP_IREQREPLY 16 /* information reply */ 144 #define ICMP_MASKREQ 17 /* address mask request */ 145 #define ICMP_MASKREPLY 18 /* address mask reply */ 146 147 #define ICMP_MAXTYPE 18 148 149 #define ICMP_ERRTYPE(type) \ 150 ((type) == ICMP_UNREACH || (type) == ICMP_SOURCEQUENCH || \ 151 (type) == ICMP_REDIRECT || (type) == ICMP_TIMXCEED || \ 152 (type) == ICMP_PARAMPROB) 153 #define ICMP_MULTIPART_EXT_TYPE(type) \ 154 ((type) == ICMP_UNREACH || \ 155 (type) == ICMP_TIMXCEED || \ 156 (type) == ICMP_PARAMPROB) 157 /* rfc1700 */ 158 #ifndef ICMP_UNREACH_NET_UNKNOWN 159 #define ICMP_UNREACH_NET_UNKNOWN 6 /* destination net unknown */ 160 #endif 161 #ifndef ICMP_UNREACH_HOST_UNKNOWN 162 #define ICMP_UNREACH_HOST_UNKNOWN 7 /* destination host unknown */ 163 #endif 164 #ifndef ICMP_UNREACH_ISOLATED 165 #define ICMP_UNREACH_ISOLATED 8 /* source host isolated */ 166 #endif 167 #ifndef ICMP_UNREACH_NET_PROHIB 168 #define ICMP_UNREACH_NET_PROHIB 9 /* admin prohibited net */ 169 #endif 170 #ifndef ICMP_UNREACH_HOST_PROHIB 171 #define ICMP_UNREACH_HOST_PROHIB 10 /* admin prohibited host */ 172 #endif 173 #ifndef ICMP_UNREACH_TOSNET 174 #define ICMP_UNREACH_TOSNET 11 /* tos prohibited net */ 175 #endif 176 #ifndef ICMP_UNREACH_TOSHOST 177 #define ICMP_UNREACH_TOSHOST 12 /* tos prohibited host */ 178 #endif 179 180 /* rfc1716 */ 181 #ifndef ICMP_UNREACH_FILTER_PROHIB 182 #define ICMP_UNREACH_FILTER_PROHIB 13 /* admin prohibited filter */ 183 #endif 184 #ifndef ICMP_UNREACH_HOST_PRECEDENCE 185 #define ICMP_UNREACH_HOST_PRECEDENCE 14 /* host precedence violation */ 186 #endif 187 #ifndef ICMP_UNREACH_PRECEDENCE_CUTOFF 188 #define ICMP_UNREACH_PRECEDENCE_CUTOFF 15 /* precedence cutoff */ 189 #endif 190 191 /* Most of the icmp types */ 192 static const struct tok icmp2str[] = { 193 { ICMP_ECHOREPLY, "echo reply" }, 194 { ICMP_SOURCEQUENCH, "source quench" }, 195 { ICMP_ECHO, "echo request" }, 196 { ICMP_ROUTERSOLICIT, "router solicitation" }, 197 { ICMP_TSTAMP, "time stamp request" }, 198 { ICMP_TSTAMPREPLY, "time stamp reply" }, 199 { ICMP_IREQ, "information request" }, 200 { ICMP_IREQREPLY, "information reply" }, 201 { ICMP_MASKREQ, "address mask request" }, 202 { 0, NULL } 203 }; 204 205 /* rfc1191 */ 206 struct mtu_discovery { 207 nd_uint16_t unused; 208 nd_uint16_t nexthopmtu; 209 }; 210 211 /* rfc1256 */ 212 struct ih_rdiscovery { 213 nd_uint8_t ird_addrnum; 214 nd_uint8_t ird_addrsiz; 215 nd_uint16_t ird_lifetime; 216 }; 217 218 struct id_rdiscovery { 219 nd_uint32_t ird_addr; 220 nd_uint32_t ird_pref; 221 }; 222 223 /* 224 * RFC 4884 - Extended ICMP to Support Multi-Part Messages 225 * 226 * This is a general extension mechanism, based on the mechanism 227 * in draft-bonica-icmp-mpls-02 ICMP Extensions for MultiProtocol 228 * Label Switching. 229 * 230 * The Destination Unreachable, Time Exceeded 231 * and Parameter Problem messages are slightly changed as per 232 * the above RFC. A new Length field gets added to give 233 * the caller an idea about the length of the piggybacked 234 * IP packet before the extension header starts. 235 * 236 * The Length field represents length of the padded "original datagram" 237 * field measured in 32-bit words. 238 * 239 * 0 1 2 3 240 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 241 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 242 * | Type | Code | Checksum | 243 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 244 * | unused | Length | unused | 245 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 246 * | Internet Header + leading octets of original datagram | 247 * | | 248 * | // | 249 * | | 250 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 251 */ 252 253 struct icmp_ext_t { 254 nd_uint8_t icmp_type; 255 nd_uint8_t icmp_code; 256 nd_uint16_t icmp_checksum; 257 nd_byte icmp_reserved; 258 nd_uint8_t icmp_length; 259 nd_byte icmp_reserved2[2]; 260 nd_byte icmp_ext_legacy_header[128]; /* extension header starts 128 bytes after ICMP header */ 261 nd_byte icmp_ext_version_res[2]; 262 nd_uint16_t icmp_ext_checksum; 263 nd_byte icmp_ext_data[1]; 264 }; 265 266 /* 267 * Extract version from the first octet of icmp_ext_version_res. 268 */ 269 #define ICMP_EXT_EXTRACT_VERSION(x) (((x)&0xf0)>>4) 270 271 /* 272 * Current version. 273 */ 274 #define ICMP_EXT_VERSION 2 275 276 /* 277 * Extension object class numbers. 278 * 279 * Class 1 dates back to draft-bonica-icmp-mpls-02. 280 */ 281 282 /* rfc4950 */ 283 #define MPLS_STACK_ENTRY_OBJECT_CLASS 1 284 285 struct icmp_multipart_ext_object_header_t { 286 nd_uint16_t length; 287 nd_uint8_t class_num; 288 nd_uint8_t ctype; 289 }; 290 291 static const struct tok icmp_multipart_ext_obj_values[] = { 292 { 1, "MPLS Stack Entry" }, 293 { 2, "Interface Identification" }, 294 { 0, NULL} 295 }; 296 297 /* prototypes */ 298 const char *icmp_tstamp_print(u_int); 299 300 /* print the milliseconds since midnight UTC */ 301 const char * 302 icmp_tstamp_print(u_int tstamp) 303 { 304 u_int msec,sec,min,hrs; 305 306 static char buf[64]; 307 308 msec = tstamp % 1000; 309 sec = tstamp / 1000; 310 min = sec / 60; sec -= min * 60; 311 hrs = min / 60; min -= hrs * 60; 312 snprintf(buf, sizeof(buf), "%02u:%02u:%02u.%03u",hrs,min,sec,msec); 313 return buf; 314 } 315 316 UNALIGNED_OK 317 void 318 icmp_print(netdissect_options *ndo, const u_char *bp, u_int plen, const u_char *bp2, 319 int fragmented) 320 { 321 char *cp; 322 const struct icmp *dp; 323 uint8_t icmp_type, icmp_code; 324 const struct icmp_ext_t *ext_dp; 325 const struct ip *ip; 326 const char *str; 327 const struct ip *oip; 328 uint8_t ip_proto; 329 const struct udphdr *ouh; 330 const uint8_t *obj_tptr; 331 uint32_t raw_label; 332 const struct icmp_multipart_ext_object_header_t *icmp_multipart_ext_object_header; 333 u_int hlen, mtu, obj_tlen, obj_class_num, obj_ctype; 334 uint16_t dport; 335 char buf[MAXHOSTNAMELEN + 100]; 336 struct cksum_vec vec[1]; 337 338 ndo->ndo_protocol = "icmp"; 339 dp = (const struct icmp *)bp; 340 ext_dp = (const struct icmp_ext_t *)bp; 341 ip = (const struct ip *)bp2; 342 str = buf; 343 344 icmp_type = GET_U_1(dp->icmp_type); 345 icmp_code = GET_U_1(dp->icmp_code); 346 switch (icmp_type) { 347 348 case ICMP_ECHO: 349 case ICMP_ECHOREPLY: 350 (void)snprintf(buf, sizeof(buf), "echo %s, id %u, seq %u", 351 icmp_type == ICMP_ECHO ? 352 "request" : "reply", 353 GET_BE_U_2(dp->icmp_id), 354 GET_BE_U_2(dp->icmp_seq)); 355 break; 356 357 case ICMP_UNREACH: 358 switch (icmp_code) { 359 360 case ICMP_UNREACH_NET: 361 (void)snprintf(buf, sizeof(buf), 362 "net %s unreachable", 363 GET_IPADDR_STRING(dp->icmp_ip.ip_dst)); 364 break; 365 366 case ICMP_UNREACH_HOST: 367 (void)snprintf(buf, sizeof(buf), 368 "host %s unreachable", 369 GET_IPADDR_STRING(dp->icmp_ip.ip_dst)); 370 break; 371 372 case ICMP_UNREACH_PROTOCOL: 373 (void)snprintf(buf, sizeof(buf), 374 "%s protocol %u unreachable", 375 GET_IPADDR_STRING(dp->icmp_ip.ip_dst), 376 GET_U_1(dp->icmp_ip.ip_p)); 377 break; 378 379 case ICMP_UNREACH_PORT: 380 ND_TCHECK_1(dp->icmp_ip.ip_p); 381 oip = &dp->icmp_ip; 382 hlen = IP_HL(oip) * 4; 383 ouh = (const struct udphdr *)(((const u_char *)oip) + hlen); 384 dport = GET_BE_U_2(ouh->uh_dport); 385 ip_proto = GET_U_1(oip->ip_p); 386 switch (ip_proto) { 387 388 case IPPROTO_TCP: 389 (void)snprintf(buf, sizeof(buf), 390 "%s tcp port %s unreachable", 391 GET_IPADDR_STRING(oip->ip_dst), 392 tcpport_string(ndo, dport)); 393 break; 394 395 case IPPROTO_UDP: 396 (void)snprintf(buf, sizeof(buf), 397 "%s udp port %s unreachable", 398 GET_IPADDR_STRING(oip->ip_dst), 399 udpport_string(ndo, dport)); 400 break; 401 402 default: 403 (void)snprintf(buf, sizeof(buf), 404 "%s protocol %u port %u unreachable", 405 GET_IPADDR_STRING(oip->ip_dst), 406 ip_proto, dport); 407 break; 408 } 409 break; 410 411 case ICMP_UNREACH_NEEDFRAG: 412 { 413 const struct mtu_discovery *mp; 414 mp = (const struct mtu_discovery *)(const u_char *)&dp->icmp_void; 415 mtu = GET_BE_U_2(mp->nexthopmtu); 416 if (mtu) { 417 (void)snprintf(buf, sizeof(buf), 418 "%s unreachable - need to frag (mtu %u)", 419 GET_IPADDR_STRING(dp->icmp_ip.ip_dst), mtu); 420 } else { 421 (void)snprintf(buf, sizeof(buf), 422 "%s unreachable - need to frag", 423 GET_IPADDR_STRING(dp->icmp_ip.ip_dst)); 424 } 425 } 426 break; 427 428 case ICMP_UNREACH_SRCFAIL: 429 (void)snprintf(buf, sizeof(buf), 430 "%s unreachable - source route failed", 431 GET_IPADDR_STRING(dp->icmp_ip.ip_dst)); 432 break; 433 434 case ICMP_UNREACH_NET_UNKNOWN: 435 (void)snprintf(buf, sizeof(buf), 436 "net %s unreachable - unknown", 437 GET_IPADDR_STRING(dp->icmp_ip.ip_dst)); 438 break; 439 440 case ICMP_UNREACH_HOST_UNKNOWN: 441 (void)snprintf(buf, sizeof(buf), 442 "host %s unreachable - unknown", 443 GET_IPADDR_STRING(dp->icmp_ip.ip_dst)); 444 break; 445 446 case ICMP_UNREACH_ISOLATED: 447 (void)snprintf(buf, sizeof(buf), 448 "%s unreachable - source host isolated", 449 GET_IPADDR_STRING(dp->icmp_ip.ip_dst)); 450 break; 451 452 case ICMP_UNREACH_NET_PROHIB: 453 (void)snprintf(buf, sizeof(buf), 454 "net %s unreachable - admin prohibited", 455 GET_IPADDR_STRING(dp->icmp_ip.ip_dst)); 456 break; 457 458 case ICMP_UNREACH_HOST_PROHIB: 459 (void)snprintf(buf, sizeof(buf), 460 "host %s unreachable - admin prohibited", 461 GET_IPADDR_STRING(dp->icmp_ip.ip_dst)); 462 break; 463 464 case ICMP_UNREACH_TOSNET: 465 (void)snprintf(buf, sizeof(buf), 466 "net %s unreachable - tos prohibited", 467 GET_IPADDR_STRING(dp->icmp_ip.ip_dst)); 468 break; 469 470 case ICMP_UNREACH_TOSHOST: 471 (void)snprintf(buf, sizeof(buf), 472 "host %s unreachable - tos prohibited", 473 GET_IPADDR_STRING(dp->icmp_ip.ip_dst)); 474 break; 475 476 case ICMP_UNREACH_FILTER_PROHIB: 477 (void)snprintf(buf, sizeof(buf), 478 "host %s unreachable - admin prohibited filter", 479 GET_IPADDR_STRING(dp->icmp_ip.ip_dst)); 480 break; 481 482 case ICMP_UNREACH_HOST_PRECEDENCE: 483 (void)snprintf(buf, sizeof(buf), 484 "host %s unreachable - host precedence violation", 485 GET_IPADDR_STRING(dp->icmp_ip.ip_dst)); 486 break; 487 488 case ICMP_UNREACH_PRECEDENCE_CUTOFF: 489 (void)snprintf(buf, sizeof(buf), 490 "host %s unreachable - precedence cutoff", 491 GET_IPADDR_STRING(dp->icmp_ip.ip_dst)); 492 break; 493 494 default: 495 (void)snprintf(buf, sizeof(buf), 496 "%s unreachable - #%u", 497 GET_IPADDR_STRING(dp->icmp_ip.ip_dst), 498 icmp_code); 499 break; 500 } 501 break; 502 503 case ICMP_REDIRECT: 504 switch (icmp_code) { 505 506 case ICMP_REDIRECT_NET: 507 (void)snprintf(buf, sizeof(buf), 508 "redirect %s to net %s", 509 GET_IPADDR_STRING(dp->icmp_ip.ip_dst), 510 GET_IPADDR_STRING(dp->icmp_gwaddr)); 511 break; 512 513 case ICMP_REDIRECT_HOST: 514 (void)snprintf(buf, sizeof(buf), 515 "redirect %s to host %s", 516 GET_IPADDR_STRING(dp->icmp_ip.ip_dst), 517 GET_IPADDR_STRING(dp->icmp_gwaddr)); 518 break; 519 520 case ICMP_REDIRECT_TOSNET: 521 (void)snprintf(buf, sizeof(buf), 522 "redirect-tos %s to net %s", 523 GET_IPADDR_STRING(dp->icmp_ip.ip_dst), 524 GET_IPADDR_STRING(dp->icmp_gwaddr)); 525 break; 526 527 case ICMP_REDIRECT_TOSHOST: 528 (void)snprintf(buf, sizeof(buf), 529 "redirect-tos %s to host %s", 530 GET_IPADDR_STRING(dp->icmp_ip.ip_dst), 531 GET_IPADDR_STRING(dp->icmp_gwaddr)); 532 break; 533 534 default: 535 (void)snprintf(buf, sizeof(buf), 536 "redirect-#%u %s to %s", icmp_code, 537 GET_IPADDR_STRING(dp->icmp_ip.ip_dst), 538 GET_IPADDR_STRING(dp->icmp_gwaddr)); 539 break; 540 } 541 break; 542 543 case ICMP_ROUTERADVERT: 544 { 545 const struct ih_rdiscovery *ihp; 546 const struct id_rdiscovery *idp; 547 u_int lifetime, num, size; 548 549 (void)snprintf(buf, sizeof(buf), "router advertisement"); 550 cp = buf + strlen(buf); 551 552 ihp = (const struct ih_rdiscovery *)&dp->icmp_void; 553 ND_TCHECK_SIZE(ihp); 554 (void)strncpy(cp, " lifetime ", sizeof(buf) - (cp - buf)); 555 cp = buf + strlen(buf); 556 lifetime = GET_BE_U_2(ihp->ird_lifetime); 557 if (lifetime < 60) { 558 (void)snprintf(cp, sizeof(buf) - (cp - buf), "%u", 559 lifetime); 560 } else if (lifetime < 60 * 60) { 561 (void)snprintf(cp, sizeof(buf) - (cp - buf), "%u:%02u", 562 lifetime / 60, lifetime % 60); 563 } else { 564 (void)snprintf(cp, sizeof(buf) - (cp - buf), 565 "%u:%02u:%02u", 566 lifetime / 3600, 567 (lifetime % 3600) / 60, 568 lifetime % 60); 569 } 570 cp = buf + strlen(buf); 571 572 num = GET_U_1(ihp->ird_addrnum); 573 (void)snprintf(cp, sizeof(buf) - (cp - buf), " %u:", num); 574 cp = buf + strlen(buf); 575 576 size = GET_U_1(ihp->ird_addrsiz); 577 if (size != 2) { 578 (void)snprintf(cp, sizeof(buf) - (cp - buf), 579 " [size %u]", size); 580 break; 581 } 582 idp = (const struct id_rdiscovery *)&dp->icmp_data; 583 while (num > 0) { 584 ND_TCHECK_SIZE(idp); 585 (void)snprintf(cp, sizeof(buf) - (cp - buf), " {%s %u}", 586 GET_IPADDR_STRING(idp->ird_addr), 587 GET_BE_U_4(idp->ird_pref)); 588 cp = buf + strlen(buf); 589 ++idp; 590 num--; 591 } 592 } 593 break; 594 595 case ICMP_TIMXCEED: 596 ND_TCHECK_4(dp->icmp_ip.ip_dst); 597 switch (icmp_code) { 598 599 case ICMP_TIMXCEED_INTRANS: 600 str = "time exceeded in-transit"; 601 break; 602 603 case ICMP_TIMXCEED_REASS: 604 str = "ip reassembly time exceeded"; 605 break; 606 607 default: 608 (void)snprintf(buf, sizeof(buf), "time exceeded-#%u", 609 icmp_code); 610 break; 611 } 612 break; 613 614 case ICMP_PARAMPROB: 615 if (icmp_code) 616 (void)snprintf(buf, sizeof(buf), 617 "parameter problem - code %u", icmp_code); 618 else { 619 (void)snprintf(buf, sizeof(buf), 620 "parameter problem - octet %u", 621 GET_U_1(dp->icmp_pptr)); 622 } 623 break; 624 625 case ICMP_MASKREPLY: 626 (void)snprintf(buf, sizeof(buf), "address mask is 0x%08x", 627 GET_BE_U_4(dp->icmp_mask)); 628 break; 629 630 case ICMP_TSTAMP: 631 (void)snprintf(buf, sizeof(buf), 632 "time stamp query id %u seq %u", 633 GET_BE_U_2(dp->icmp_id), 634 GET_BE_U_2(dp->icmp_seq)); 635 break; 636 637 case ICMP_TSTAMPREPLY: 638 ND_TCHECK_4(dp->icmp_ttime); 639 (void)snprintf(buf, sizeof(buf), 640 "time stamp reply id %u seq %u: org %s", 641 GET_BE_U_2(dp->icmp_id), 642 GET_BE_U_2(dp->icmp_seq), 643 icmp_tstamp_print(GET_BE_U_4(dp->icmp_otime))); 644 645 (void)snprintf(buf+strlen(buf),sizeof(buf)-strlen(buf),", recv %s", 646 icmp_tstamp_print(GET_BE_U_4(dp->icmp_rtime))); 647 (void)snprintf(buf+strlen(buf),sizeof(buf)-strlen(buf),", xmit %s", 648 icmp_tstamp_print(GET_BE_U_4(dp->icmp_ttime))); 649 break; 650 651 default: 652 str = tok2str(icmp2str, "type-#%u", icmp_type); 653 break; 654 } 655 ND_PRINT("ICMP %s, length %u", str, plen); 656 if (ndo->ndo_vflag && !fragmented) { /* don't attempt checksumming if this is a frag */ 657 if (ND_TTEST_LEN(bp, plen)) { 658 uint16_t sum; 659 660 vec[0].ptr = (const uint8_t *)(const void *)dp; 661 vec[0].len = plen; 662 sum = in_cksum(vec, 1); 663 if (sum != 0) { 664 uint16_t icmp_sum = GET_BE_U_2(dp->icmp_cksum); 665 ND_PRINT(" (wrong icmp cksum %x (->%x)!)", 666 icmp_sum, 667 in_cksum_shouldbe(icmp_sum, sum)); 668 } 669 } 670 } 671 672 /* 673 * print the remnants of the IP packet. 674 * save the snaplength as this may get overridden in the IP printer. 675 */ 676 if (ndo->ndo_vflag >= 1 && ICMP_ERRTYPE(icmp_type)) { 677 const u_char *snapend_save; 678 679 bp += 8; 680 ND_PRINT("\n\t"); 681 ip = (const struct ip *)bp; 682 snapend_save = ndo->ndo_snapend; 683 /* 684 * Update the snapend because extensions (MPLS, ...) may be 685 * present after the IP packet. In this case the current 686 * (outer) packet's snapend is not what ip_print() needs to 687 * decode an IP packet nested in the middle of an ICMP payload. 688 * 689 * This prevents that, in ip_print(), for the nested IP packet, 690 * the remaining length < remaining caplen. 691 */ 692 ndo->ndo_snapend = ND_MIN(bp + GET_BE_U_2(ip->ip_len), 693 ndo->ndo_snapend); 694 ip_print(ndo, bp, GET_BE_U_2(ip->ip_len)); 695 ndo->ndo_snapend = snapend_save; 696 } 697 698 /* ndo_protocol reassignment after ip_print() call */ 699 ndo->ndo_protocol = "icmp"; 700 701 /* 702 * Attempt to decode multi-part message extensions (rfc4884) only for some ICMP types. 703 */ 704 if (ndo->ndo_vflag >= 1 && plen > ICMP_EXTD_MINLEN && ICMP_MULTIPART_EXT_TYPE(icmp_type)) { 705 706 ND_TCHECK_SIZE(ext_dp); 707 708 /* 709 * Check first if the multi-part extension header shows a non-zero length. 710 * If the length field is not set then silently verify the checksum 711 * to check if an extension header is present. This is expedient, 712 * however not all implementations set the length field proper. 713 */ 714 if (GET_U_1(ext_dp->icmp_length) == 0 && 715 ND_TTEST_LEN(ext_dp->icmp_ext_version_res, plen - ICMP_EXTD_MINLEN)) { 716 vec[0].ptr = (const uint8_t *)(const void *)&ext_dp->icmp_ext_version_res; 717 vec[0].len = plen - ICMP_EXTD_MINLEN; 718 if (in_cksum(vec, 1)) { 719 return; 720 } 721 } 722 723 ND_PRINT("\n\tICMP Multi-Part extension v%u", 724 ICMP_EXT_EXTRACT_VERSION(*(ext_dp->icmp_ext_version_res))); 725 726 /* 727 * Sanity checking of the header. 728 */ 729 if (ICMP_EXT_EXTRACT_VERSION(*(ext_dp->icmp_ext_version_res)) != 730 ICMP_EXT_VERSION) { 731 ND_PRINT(" packet not supported"); 732 return; 733 } 734 735 hlen = plen - ICMP_EXTD_MINLEN; 736 if (ND_TTEST_LEN(ext_dp->icmp_ext_version_res, hlen)) { 737 vec[0].ptr = (const uint8_t *)(const void *)&ext_dp->icmp_ext_version_res; 738 vec[0].len = hlen; 739 ND_PRINT(", checksum 0x%04x (%scorrect), length %u", 740 GET_BE_U_2(ext_dp->icmp_ext_checksum), 741 in_cksum(vec, 1) ? "in" : "", 742 hlen); 743 } 744 745 hlen -= 4; /* subtract common header size */ 746 obj_tptr = (const uint8_t *)ext_dp->icmp_ext_data; 747 748 while (hlen > sizeof(struct icmp_multipart_ext_object_header_t)) { 749 750 icmp_multipart_ext_object_header = (const struct icmp_multipart_ext_object_header_t *)obj_tptr; 751 ND_TCHECK_SIZE(icmp_multipart_ext_object_header); 752 obj_tlen = GET_BE_U_2(icmp_multipart_ext_object_header->length); 753 obj_class_num = GET_U_1(icmp_multipart_ext_object_header->class_num); 754 obj_ctype = GET_U_1(icmp_multipart_ext_object_header->ctype); 755 obj_tptr += sizeof(struct icmp_multipart_ext_object_header_t); 756 757 ND_PRINT("\n\t %s Object (%u), Class-Type: %u, length %u", 758 tok2str(icmp_multipart_ext_obj_values,"unknown",obj_class_num), 759 obj_class_num, 760 obj_ctype, 761 obj_tlen); 762 763 hlen-=sizeof(struct icmp_multipart_ext_object_header_t); /* length field includes tlv header */ 764 765 /* infinite loop protection */ 766 if ((obj_class_num == 0) || 767 (obj_tlen < sizeof(struct icmp_multipart_ext_object_header_t))) { 768 return; 769 } 770 obj_tlen-=sizeof(struct icmp_multipart_ext_object_header_t); 771 772 switch (obj_class_num) { 773 case MPLS_STACK_ENTRY_OBJECT_CLASS: 774 switch(obj_ctype) { 775 case 1: 776 raw_label = GET_BE_U_4(obj_tptr); 777 ND_PRINT("\n\t label %u, tc %u", MPLS_LABEL(raw_label), MPLS_TC(raw_label)); 778 if (MPLS_STACK(raw_label)) 779 ND_PRINT(", [S]"); 780 ND_PRINT(", ttl %u", MPLS_TTL(raw_label)); 781 break; 782 default: 783 print_unknown_data(ndo, obj_tptr, "\n\t ", obj_tlen); 784 } 785 break; 786 787 default: 788 print_unknown_data(ndo, obj_tptr, "\n\t ", obj_tlen); 789 break; 790 } 791 if (hlen < obj_tlen) 792 break; 793 hlen -= obj_tlen; 794 obj_tptr += obj_tlen; 795 } 796 } 797 798 return; 799 trunc: 800 nd_print_trunc(ndo); 801 } 802
Indexes created Mon Jun 29 00:24:49 UTC 2026