1/* $OpenBSD: print-icmp.c,v 1.27 2021/12/01 18:28:46 deraadt Exp $ */ 2 3/* 4 * Copyright (c) 1988, 1989, 1990, 1991, 1993, 1994, 1995, 1996 5 * The Regents of the University of California. All rights reserved. 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that: (1) source code distributions 9 * retain the above copyright notice and this paragraph in its entirety, (2) 10 * distributions including binary code include the above copyright notice and 11 * this paragraph in its entirety in the documentation or other materials 12 * provided with the distribution, and (3) all advertising materials mentioning 13 * features or use of this software display the following acknowledgement: 14 * ``This product includes software developed by the University of California, 15 * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of 16 * the University nor the names of its contributors may be used to endorse 17 * or promote products derived from this software without specific prior 18 * written permission. 19 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED 20 * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF 21 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. 22 */ 23 24#include <sys/time.h> 25#include <sys/socket.h> 26 27#include <net/if.h> 28 29#include <netinet/in.h> 30#include <netinet/if_ether.h> 31#include <netinet/ip.h> 32#include <netinet/ip_icmp.h> 33#include <netinet/ip_var.h> 34#include <netinet/udp.h> 35#include <netinet/udp_var.h> 36#include <netinet/tcp.h> 37 38#include <stdio.h> 39#include <string.h> 40#include <limits.h> 41 42#include "interface.h" 43#include "addrtoname.h" 44#include "extract.h" /* must come after interface.h */ 45 46/* rfc1700 */ 47#ifndef ICMP_UNREACH_NET_UNKNOWN 48#define ICMP_UNREACH_NET_UNKNOWN 6 /* destination net unknown */ 49#endif 50#ifndef ICMP_UNREACH_HOST_UNKNOWN 51#define ICMP_UNREACH_HOST_UNKNOWN 7 /* destination host unknown */ 52#endif 53#ifndef ICMP_UNREACH_ISOLATED 54#define ICMP_UNREACH_ISOLATED 8 /* source host isolated */ 55#endif 56#ifndef ICMP_UNREACH_NET_PROHIB 57#define ICMP_UNREACH_NET_PROHIB 9 /* admin prohibited net */ 58#endif 59#ifndef ICMP_UNREACH_HOST_PROHIB 60#define ICMP_UNREACH_HOST_PROHIB 10 /* admin prohibited host */ 61#endif 62#ifndef ICMP_UNREACH_TOSNET 63#define ICMP_UNREACH_TOSNET 11 /* tos prohibited net */ 64#endif 65#ifndef ICMP_UNREACH_TOSHOST 66#define ICMP_UNREACH_TOSHOST 12 /* tos prohibited host */ 67#endif 68 69/* rfc1716 */ 70#ifndef ICMP_UNREACH_FILTER_PROHIB 71#define ICMP_UNREACH_FILTER_PROHIB 13 /* admin prohibited filter */ 72#endif 73#ifndef ICMP_UNREACH_HOST_PRECEDENCE 74#define ICMP_UNREACH_HOST_PRECEDENCE 14 /* host precedence violation */ 75#endif 76#ifndef ICMP_UNREACH_PRECEDENCE_CUTOFF 77#define ICMP_UNREACH_PRECEDENCE_CUTOFF 15 /* precedence cutoff */ 78#endif 79 80/* rfc1256 */ 81#ifndef ICMP_ROUTERADVERT 82#define ICMP_ROUTERADVERT 9 /* router advertisement */ 83#endif 84#ifndef ICMP_ROUTERSOLICIT 85#define ICMP_ROUTERSOLICIT 10 /* router solicitation */ 86#endif 87 88#define ICMP_INFOTYPE(type) \ 89 ((type) == ICMP_ECHOREPLY || (type) == ICMP_ECHO || \ 90 (type) == ICMP_ROUTERADVERT || (type) == ICMP_ROUTERSOLICIT || \ 91 (type) == ICMP_TSTAMP || (type) == ICMP_TSTAMPREPLY || \ 92 (type) == ICMP_IREQ || (type) == ICMP_IREQREPLY || \ 93 (type) == ICMP_MASKREQ || (type) == ICMP_MASKREPLY) 94 95/* Most of the icmp types */ 96static struct tok icmp2str[] = { 97 { ICMP_ECHOREPLY, "echo reply" }, 98 { ICMP_SOURCEQUENCH, "source quench" }, 99 { ICMP_ECHO, "echo request" }, 100 { ICMP_ROUTERSOLICIT, "router solicitation" }, 101 { ICMP_TSTAMP, "time stamp request" }, 102 { ICMP_TSTAMPREPLY, "time stamp reply" }, 103 { ICMP_IREQ, "information request" }, 104 { ICMP_IREQREPLY, "information reply" }, 105 { ICMP_MASKREQ, "address mask request" }, 106 { 0, NULL } 107}; 108 109/* Formats for most of the ICMP_UNREACH codes */ 110static struct tok unreach2str[] = { 111 { ICMP_UNREACH_NET, "net %s unreachable" }, 112 { ICMP_UNREACH_HOST, "host %s unreachable" }, 113 { ICMP_UNREACH_SRCFAIL, 114 "%s unreachable - source route failed" }, 115 { ICMP_UNREACH_NET_UNKNOWN, "net %s unreachable - unknown" }, 116 { ICMP_UNREACH_HOST_UNKNOWN, "host %s unreachable - unknown" }, 117 { ICMP_UNREACH_ISOLATED, 118 "%s unreachable - source host isolated" }, 119 { ICMP_UNREACH_NET_PROHIB, 120 "net %s unreachable - admin prohibited" }, 121 { ICMP_UNREACH_HOST_PROHIB, 122 "host %s unreachable - admin prohibited" }, 123 { ICMP_UNREACH_TOSNET, 124 "net %s unreachable - tos prohibited" }, 125 { ICMP_UNREACH_TOSHOST, 126 "host %s unreachable - tos prohibited" }, 127 { ICMP_UNREACH_FILTER_PROHIB, 128 "host %s unreachable - admin prohibited filter" }, 129 { ICMP_UNREACH_HOST_PRECEDENCE, 130 "host %s unreachable - host precedence violation" }, 131 { ICMP_UNREACH_PRECEDENCE_CUTOFF, 132 "host %s unreachable - precedence cutoff" }, 133 { 0, NULL } 134}; 135 136/* Formats for the ICMP_REDIRECT codes */ 137static struct tok type2str[] = { 138 { ICMP_REDIRECT_NET, "redirect %s to net %s" }, 139 { ICMP_REDIRECT_HOST, "redirect %s to host %s" }, 140 { ICMP_REDIRECT_TOSNET, "redirect-tos %s to net %s" }, 141 { ICMP_REDIRECT_TOSHOST, "redirect-tos %s to net %s" }, 142 { 0, NULL } 143}; 144 145/* rfc1191 */ 146struct mtu_discovery { 147 short unused; 148 short nexthopmtu; 149}; 150 151/* rfc1256 */ 152struct ih_rdiscovery { 153 u_char ird_addrnum; 154 u_char ird_addrsiz; 155 u_short ird_lifetime; 156}; 157 158struct id_rdiscovery { 159 u_int32_t ird_addr; 160 u_int32_t ird_pref; 161}; 162 163void 164icmp_print(const u_char *bp, u_int length, const u_char *bp2) 165{ 166 const struct icmp *dp; 167 const struct ip *ip; 168 const char *str, *fmt; 169 const struct ip *oip; 170 const struct udphdr *ouh; 171 u_int hlen, dport, mtu; 172 char buf[HOST_NAME_MAX+1+256]; 173 char buf2[HOST_NAME_MAX+1+256]; 174 175 dp = (struct icmp *)bp; 176 ip = (struct ip *)bp2; 177 str = buf; 178 179 printf("%s > %s: ", 180 ipaddr_string(&ip->ip_src), 181 ipaddr_string(&ip->ip_dst)); 182 183 TCHECK(dp->icmp_code); 184 if (qflag) 185 (void) snprintf(buf, sizeof buf, "%u %u", dp->icmp_type, 186 dp->icmp_code); 187 else switch (dp->icmp_type) { 188 189 case ICMP_ECHOREPLY: 190 case ICMP_ECHO: 191 if (vflag) { 192 TCHECK(dp->icmp_seq); 193 (void)snprintf(buf, sizeof buf, 194 "echo %s (id:%04x seq:%u)", 195 (dp->icmp_type == ICMP_ECHO)? 196 "request": "reply", 197 ntohs(dp->icmp_id), 198 ntohs(dp->icmp_seq)); 199 } else 200 str = tok2str(icmp2str, "type-#%u", dp->icmp_type); 201 break; 202 203 case ICMP_UNREACH: 204 TCHECK(dp->icmp_ip.ip_dst); 205 switch (dp->icmp_code) { 206 207 case ICMP_UNREACH_PROTOCOL: 208 TCHECK(dp->icmp_ip.ip_p); 209 (void)snprintf(buf, sizeof buf, 210 "%s protocol %u unreachable", 211 ipaddr_string(&dp->icmp_ip.ip_dst), 212 dp->icmp_ip.ip_p); 213 break; 214 215 case ICMP_UNREACH_PORT: 216 TCHECK(dp->icmp_ip.ip_p); 217 oip = &dp->icmp_ip; 218 hlen = oip->ip_hl * 4; 219 ouh = (struct udphdr *)(((u_char *)oip) + hlen); 220 TCHECK(ouh->uh_dport); 221 dport = ntohs(ouh->uh_dport); 222 switch (oip->ip_p) { 223 224 case IPPROTO_TCP: 225 (void)snprintf(buf, sizeof buf, 226 "%s tcp port %s unreachable", 227 ipaddr_string(&oip->ip_dst), 228 tcpport_string(dport)); 229 break; 230 231 case IPPROTO_UDP: 232 (void)snprintf(buf, sizeof buf, 233 "%s udp port %s unreachable", 234 ipaddr_string(&oip->ip_dst), 235 udpport_string(dport)); 236 break; 237 238 default: 239 (void)snprintf(buf, sizeof buf, 240 "%s protocol %u port %u unreachable", 241 ipaddr_string(&oip->ip_dst), 242 oip->ip_p, dport); 243 break; 244 } 245 break; 246 247 case ICMP_UNREACH_NEEDFRAG: 248 { 249 const struct mtu_discovery *mp; 250 251 mp = (struct mtu_discovery *)&dp->icmp_void; 252 mtu = EXTRACT_16BITS(&mp->nexthopmtu); 253 if (mtu) 254 (void)snprintf(buf, sizeof buf, 255 "%s unreachable - need to frag (mtu %u)", 256 ipaddr_string(&dp->icmp_ip.ip_dst), mtu); 257 else 258 (void)snprintf(buf, sizeof buf, 259 "%s unreachable - need to frag", 260 ipaddr_string(&dp->icmp_ip.ip_dst)); 261 } 262 break; 263 264 default: 265 fmt = tok2str(unreach2str, "#%u %%s unreachable", 266 dp->icmp_code); 267 (void)snprintf(buf, sizeof buf, fmt, 268 ipaddr_string(&dp->icmp_ip.ip_dst)); 269 break; 270 } 271 break; 272 273 case ICMP_REDIRECT: 274 TCHECK(dp->icmp_ip.ip_dst); 275 fmt = tok2str(type2str, "redirect-#%u %%s to net %%s", 276 dp->icmp_code); 277 (void)snprintf(buf, sizeof buf, fmt, 278 ipaddr_string(&dp->icmp_ip.ip_dst), 279 ipaddr_string(&dp->icmp_gwaddr)); 280 break; 281 282 case ICMP_ROUTERADVERT: 283 { 284 const struct ih_rdiscovery *ihp; 285 const struct id_rdiscovery *idp; 286 u_int lifetime, num, size; 287 288 (void)strlcpy(buf, "router advertisement", sizeof(buf)); 289 290 ihp = (struct ih_rdiscovery *)&dp->icmp_void; 291 TCHECK(*ihp); 292 (void)strlcat(buf, " lifetime ", sizeof(buf)); 293 lifetime = EXTRACT_16BITS(&ihp->ird_lifetime); 294 if (lifetime < 60) 295 (void)snprintf(buf2, sizeof(buf2), "%u", lifetime); 296 else if (lifetime < 60 * 60) 297 (void)snprintf(buf2, sizeof(buf2), "%u:%02u", 298 lifetime / 60, lifetime % 60); 299 else 300 (void)snprintf(buf2, sizeof(buf2), "%u:%02u:%02u", 301 lifetime / 3600, (lifetime % 3600) / 60, 302 lifetime % 60); 303 strlcat(buf, buf2, sizeof(buf)); 304 305 num = ihp->ird_addrnum; 306 (void)snprintf(buf2, sizeof(buf2), " %u:", num); 307 strlcat(buf, buf2, sizeof(buf)); 308 309 size = ihp->ird_addrsiz; 310 if (size != 2) { 311 (void)snprintf(buf2, sizeof(buf2), " [size %u]", size); 312 strlcat(buf, buf2, sizeof(buf)); 313 break; 314 } 315 idp = (struct id_rdiscovery *)&dp->icmp_data; 316 while (num-- > 0) { 317 TCHECK(*idp); 318 (void)snprintf(buf2, sizeof(buf2), " {%s %u}", 319 ipaddr_string(&idp->ird_addr), 320 EXTRACT_32BITS(&idp->ird_pref)); 321 strlcat(buf, buf2, sizeof(buf)); 322 } 323 } 324 break; 325 326 case ICMP_TIMXCEED: 327 TCHECK(dp->icmp_ip.ip_dst); 328 switch (dp->icmp_code) { 329 330 case ICMP_TIMXCEED_INTRANS: 331 str = "time exceeded in-transit"; 332 break; 333 334 case ICMP_TIMXCEED_REASS: 335 str = "ip reassembly time exceeded"; 336 break; 337 338 default: 339 (void)snprintf(buf, sizeof buf, 340 "time exceeded-#%u", dp->icmp_code); 341 break; 342 } 343 break; 344 345 case ICMP_PARAMPROB: 346 switch (dp->icmp_code) { 347 case ICMP_PARAMPROB_OPTABSENT: 348 str = "requested option absent"; 349 break; 350 case ICMP_PARAMPROB_LENGTH: 351 snprintf(buf, sizeof buf, "bad length %u", dp->icmp_pptr); 352 break; 353 default: 354 TCHECK(dp->icmp_pptr); 355 (void)snprintf(buf, sizeof buf, 356 "parameter problem - octet %u", 357 dp->icmp_pptr); 358 break; 359 } 360 break; 361 362 case ICMP_MASKREPLY: 363 TCHECK(dp->icmp_mask); 364 (void)snprintf(buf, sizeof buf, "address mask is 0x%08x", 365 (u_int32_t)ntohl(dp->icmp_mask)); 366 break; 367 368 default: 369 str = tok2str(icmp2str, "type-#%u", dp->icmp_type); 370 break; 371 } 372 printf("icmp: %s", str); 373 if (vflag) { 374 if (TTEST2(dp->icmp_type, length)) { 375 u_int16_t sum, icmp_sum; 376 sum = in_cksum((const u_short *)dp, length, 0); 377 if (sum != 0) { 378 icmp_sum = EXTRACT_16BITS(&dp->icmp_cksum); 379 printf(" [bad icmp cksum %x! -> %x]", icmp_sum, 380 in_cksum_shouldbe(icmp_sum, sum)); 381 } 382 else 383 printf(" [icmp cksum ok]"); 384 } 385 } 386 if (vflag > 1 && !ICMP_INFOTYPE(dp->icmp_type) && 387 TTEST(dp->icmp_ip)) { 388 printf(" for "); 389 oip = &dp->icmp_ip; 390 ip_print((u_char *)oip, ntohs(oip->ip_len)); 391 } 392 return; 393trunc: 394 printf("[|icmp]"); 395} 396