1/*	$OpenBSD: print-udp.c,v 1.56 2020/08/17 06:29:29 dlg Exp $	*/
2
3/*
4 * Copyright (c) 1988, 1989, 1990, 1991, 1992, 1993, 1994, 1995, 1996
5 *	The Regents of the University of California.  All rights reserved.
6 *
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that: (1) source code distributions
9 * retain the above copyright notice and this paragraph in its entirety, (2)
10 * distributions including binary code include the above copyright notice and
11 * this paragraph in its entirety in the documentation or other materials
12 * provided with the distribution, and (3) all advertising materials mentioning
13 * features or use of this software display the following acknowledgement:
14 * ``This product includes software developed by the University of California,
15 * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of
16 * the University nor the names of its contributors may be used to endorse
17 * or promote products derived from this software without specific prior
18 * written permission.
19 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED
20 * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
21 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
22 */
23
24#include <sys/time.h>
25#include <sys/socket.h>
26
27#include <netinet/in.h>
28#include <netinet/ip.h>
29#include <netinet/ip6.h>
30#include <netinet/ip_var.h>
31#include <netinet/udp.h>
32#include <netinet/udp_var.h>
33
34#include <net80211/ieee80211.h>
35
36#ifdef NOERROR
37#undef NOERROR					/* Solaris sucks */
38#endif
39#ifdef T_UNSPEC
40#undef T_UNSPEC					/* SINIX does too */
41#endif
42#include <arpa/nameser.h>
43#ifdef SEGSIZE
44#undef SEGSIZE
45#endif
46#include <arpa/tftp.h>
47
48#include <rpc/rpc.h>
49
50#include <stdio.h>
51#include <string.h>
52
53#include "interface.h"
54#include "addrtoname.h"
55#include "extract.h"
56#include "appletalk.h"
57
58#include "nfsv2.h"
59#include "bootp.h"
60#include "iapp.h"
61
62struct rtcphdr {
63	u_short rh_flags;	/* T:2 P:1 CNT:5 PT:8 */
64	u_short rh_len;		/* length of message (in words) */
65	u_int rh_ssrc;		/* synchronization src id */
66};
67
68typedef struct {
69	u_int upper;		/* more significant 32 bits */
70	u_int lower;		/* less significant 32 bits */
71} ntp64;
72
73/*
74 * Sender report.
75 */
76struct rtcp_sr {
77	ntp64 sr_ntp;		/* 64-bit ntp timestamp */
78	u_int sr_ts;		/* reference media timestamp */
79	u_int sr_np;		/* no. packets sent */
80	u_int sr_nb;		/* no. bytes sent */
81};
82
83/*
84 * Receiver report.
85 * Time stamps are middle 32-bits of ntp timestamp.
86 */
87struct rtcp_rr {
88	u_int rr_srcid;		/* sender being reported */
89	u_int rr_nl;		/* no. packets lost */
90	u_int rr_ls;		/* extended last seq number received */
91	u_int rr_dv;		/* jitter (delay variance) */
92	u_int rr_lsr;		/* orig. ts from last rr from this src  */
93	u_int rr_dlsr;		/* time from recpt of last rr to xmit time */
94};
95
96/*XXX*/
97#define RTCP_PT_SR	200
98#define RTCP_PT_RR	201
99#define RTCP_PT_SDES	202
100#define 	RTCP_SDES_CNAME	1
101#define 	RTCP_SDES_NAME	2
102#define 	RTCP_SDES_EMAIL	3
103#define 	RTCP_SDES_PHONE	4
104#define 	RTCP_SDES_LOC	5
105#define 	RTCP_SDES_TOOL	6
106#define 	RTCP_SDES_NOTE	7
107#define 	RTCP_SDES_PRIV	8
108#define RTCP_PT_BYE	203
109#define RTCP_PT_APP	204
110
111static void
112vat_print(const void *hdr, u_int len, const struct udphdr *up)
113{
114	/* vat/vt audio */
115	u_int ts = *(u_short *)hdr;
116	if ((ts & 0xf060) != 0) {
117		/* probably vt */
118		printf("udp/vt %u %d / %d",
119		    (u_int32_t)(ntohs(up->uh_ulen) - sizeof(*up)),
120		    ts & 0x3ff, ts >> 10);
121	} else {
122		/* probably vat */
123		u_int i0 = ntohl(((u_int *)hdr)[0]);
124		u_int i1 = ntohl(((u_int *)hdr)[1]);
125		printf("udp/vat %u c%d %u%s",
126		    (u_int32_t)(ntohs(up->uh_ulen) - sizeof(*up) - 8),
127		    i0 & 0xffff,
128		    i1, i0 & 0x800000? "*" : "");
129		/* audio format */
130		if (i0 & 0x1f0000)
131			printf(" f%d", (i0 >> 16) & 0x1f);
132		if (i0 & 0x3f000000)
133			printf(" s%d", (i0 >> 24) & 0x3f);
134	}
135}
136
137static void
138rtp_print(const void *hdr, u_int len, const struct udphdr *up)
139{
140	/* rtp v1 or v2 */
141	u_int *ip = (u_int *)hdr;
142	u_int hasopt, hasext, contype, hasmarker;
143	u_int i0 = ntohl(((u_int *)hdr)[0]);
144	u_int i1 = ntohl(((u_int *)hdr)[1]);
145	u_int dlen = ntohs(up->uh_ulen) - sizeof(*up) - 8;
146	const char * ptype;
147
148	ip += 2;
149	len >>= 2;
150	len -= 2;
151	hasopt = 0;
152	hasext = 0;
153	if ((i0 >> 30) == 1) {
154		/* rtp v1 */
155		hasopt = i0 & 0x800000;
156		contype = (i0 >> 16) & 0x3f;
157		hasmarker = i0 & 0x400000;
158		ptype = "rtpv1";
159	} else {
160		/* rtp v2 */
161		hasext = i0 & 0x10000000;
162		contype = (i0 >> 16) & 0x7f;
163		hasmarker = i0 & 0x800000;
164		dlen -= 4;
165		ptype = "rtp";
166		ip += 1;
167		len -= 1;
168	}
169	printf(" udp/%s %d c%d %s%s %d %u",
170	    ptype, dlen, contype, (hasopt || hasext)? "+" : "",
171	    hasmarker? "*" : "", i0 & 0xffff, i1);
172	if (vflag) {
173		printf(" %u", i1);
174		if (hasopt) {
175			u_int i2, optlen;
176			do {
177				i2 = ip[0];
178				optlen = (i2 >> 16) & 0xff;
179				if (optlen == 0 || optlen > len) {
180					printf(" !opt");
181					return;
182				}
183				ip += optlen;
184				len -= optlen;
185			} while ((int)i2 >= 0);
186		}
187		if (hasext) {
188			u_int i2, extlen;
189			i2 = ip[0];
190			extlen = (i2 & 0xffff) + 1;
191			if (extlen > len) {
192				printf(" !ext");
193				return;
194			}
195			ip += extlen;
196		}
197		if (contype == 0x1f) /*XXX H.261 */
198			printf(" 0x%04x", ip[0] >> 16);
199	}
200}
201
202static const u_char *
203rtcp_print(const u_char *hdr, const u_char *ep)
204{
205	/* rtp v2 control (rtcp) */
206	struct rtcp_rr *rr = NULL;
207	struct rtcp_sr *sr;
208	struct rtcphdr *rh = (struct rtcphdr *)hdr;
209	u_int len;
210	u_short flags;
211	int cnt;
212	double ts, dts;
213	if ((u_char *)(rh + 1) > ep) {
214		printf(" [|rtcp]");
215		return (ep);
216	}
217	len = (ntohs(rh->rh_len) + 1) * 4;
218	flags = ntohs(rh->rh_flags);
219	cnt = (flags >> 8) & 0x1f;
220	switch (flags & 0xff) {
221	case RTCP_PT_SR:
222		sr = (struct rtcp_sr *)(rh + 1);
223		printf(" sr");
224		if (len != cnt * sizeof(*rr) + sizeof(*sr) + sizeof(*rh))
225			printf(" [%d]", len);
226		if (vflag)
227			printf(" %u", (u_int32_t)ntohl(rh->rh_ssrc));
228		if ((u_char *)(sr + 1) > ep) {
229			printf(" [|rtcp]");
230			return (ep);
231		}
232		ts = (double)((u_int32_t)ntohl(sr->sr_ntp.upper)) +
233		    ((double)((u_int32_t)ntohl(sr->sr_ntp.lower)) /
234		    4294967296.0);
235		printf(" @%.2f %u %up %ub", ts, (u_int32_t)ntohl(sr->sr_ts),
236		    (u_int32_t)ntohl(sr->sr_np), (u_int32_t)ntohl(sr->sr_nb));
237		rr = (struct rtcp_rr *)(sr + 1);
238		break;
239	case RTCP_PT_RR:
240		printf(" rr");
241		if (len != cnt * sizeof(*rr) + sizeof(*rh))
242			printf(" [%d]", len);
243		rr = (struct rtcp_rr *)(rh + 1);
244		if (vflag)
245			printf(" %u", (u_int32_t)ntohl(rh->rh_ssrc));
246		break;
247	case RTCP_PT_SDES:
248		printf(" sdes %d", len);
249		if (vflag)
250			printf(" %u", (u_int32_t)ntohl(rh->rh_ssrc));
251		cnt = 0;
252		break;
253	case RTCP_PT_BYE:
254		printf(" bye %d", len);
255		if (vflag)
256			printf(" %u", (u_int32_t)ntohl(rh->rh_ssrc));
257		cnt = 0;
258		break;
259	default:
260		printf(" type-0x%x %d", flags & 0xff, len);
261		cnt = 0;
262		break;
263	}
264	if (cnt > 1)
265		printf(" c%d", cnt);
266	while (--cnt >= 0) {
267		if ((u_char *)(rr + 1) > ep) {
268			printf(" [|rtcp]");
269			return (ep);
270		}
271		if (vflag)
272			printf(" %u", (u_int32_t)ntohl(rr->rr_srcid));
273		ts = (double)((u_int32_t)ntohl(rr->rr_lsr)) / 65536.;
274		dts = (double)((u_int32_t)ntohl(rr->rr_dlsr)) / 65536.;
275		printf(" %ul %us %uj @%.2f+%.2f",
276		    (u_int32_t)ntohl(rr->rr_nl) & 0x00ffffff,
277		    (u_int32_t)ntohl(rr->rr_ls),
278		    (u_int32_t)ntohl(rr->rr_dv), ts, dts);
279	}
280	return (hdr + len);
281}
282
283/* XXX probably should use getservbyname() and cache answers */
284#define TFTP_PORT		69		/*XXX*/
285#define KERBEROS_PORT		88		/*XXX*/
286#define SUNRPC_PORT		111		/*XXX*/
287#define NTP_PORT		123		/*XXX*/
288#define NETBIOS_NS_PORT		137		/*XXX*/
289#define NETBIOS_DGRAM_PORT	138		/*XXX*/
290#define SNMP_PORT		161		/*XXX*/
291#define SNMPTRAP_PORT		162		/*XXX*/
292#define ISAKMP_PORT		500		/*XXX*/
293#define RIP_PORT		520		/*XXX*/
294#define TIMED_PORT		525		/*XXX*/
295#define KERBEROS_SEC_PORT	750		/*XXX*/
296#define LWRES_PORT		921
297#define VQP_PORT		1589
298#define OLD_RADIUS_AUTH_PORT	1645
299#define OLD_RADIUS_ACCT_PORT	1646
300#define L2TP_PORT		1701		/*XXX*/
301#define RADIUS_AUTH_PORT	1812
302#define RADIUS_ACCT_PORT	1813
303#define HSRP_PORT		1985		/*XXX*/
304#define GTP_C_PORT		2123
305#define GTP_U_PORT		2152
306#define GTP_PRIME_PORT		3386
307#define UDPENCAP_PORT		4500		/*XXX*/
308#define GRE_PORT		4754
309#define VXLAN_PORT		4789
310#define VXLAN_GPE_PORT		4790
311#define GENEVE_PORT		6081
312#define MULTICASTDNS_PORT	5353
313#define MPLS_PORT		6635
314
315#define RIPNG_PORT		521		/*XXX*/
316#define DHCP6_PORT1		546		/*XXX*/
317#define DHCP6_PORT2		547		/*XXX*/
318
319void
320udp_print(const u_char *bp, u_int length, const void *iph)
321{
322	const struct udphdr *up;
323	const u_char *cp;
324	const u_char *ep = bp + length;
325	u_int16_t sport, dport, ulen;
326	const char *ipsrc = NULL, *ipdst = NULL;
327	unsigned int ipv = 0;
328	uint32_t cksum = 0;
329
330	if (ep > snapend)
331		ep = snapend;
332
333	if (iph != NULL) {
334		const struct ip *ip = iph;
335		ipv = ip->ip_v;
336
337		switch (ipv) {
338		case 6: {
339			const struct ip6_hdr *ip6 = iph;
340
341			ipsrc = ip6addr_string(&ip6->ip6_src);
342			ipdst = ip6addr_string(&ip6->ip6_dst);
343
344			cksum = in_cksum_add(&ip6->ip6_src,
345			    sizeof(ip6->ip6_src), cksum);
346			cksum = in_cksum_add(&ip6->ip6_dst,
347			    sizeof(ip6->ip6_dst), cksum);
348			break;
349		}
350		case 4:
351			ipsrc = ipaddr_string(&ip->ip_src);
352			ipdst = ipaddr_string(&ip->ip_dst);
353
354			cksum = in_cksum_add(&ip->ip_src,
355			    sizeof(ip->ip_src), cksum);
356			cksum = in_cksum_add(&ip->ip_dst,
357			    sizeof(ip->ip_dst), cksum);
358			break;
359		}
360	}
361
362	up = (const struct udphdr *)bp;
363	cp = (const u_char *)(up + 1);
364
365	/* check if the udp header was captured */
366	if (cp > snapend) {
367		if (ipv)
368			printf("%s > %s: ", ipsrc, ipdst);
369
370		printf("[|udp]");
371		return;
372	}
373
374	/* check if the packet payload is long enough */
375	if (length < sizeof(*up)) {
376		if (ipv)
377			printf("%s > %s: ", ipsrc, ipdst);
378
379		printf("truncated-udp %u", length);
380		return;
381	}
382
383	sport = ntohs(up->uh_sport);
384	dport = ntohs(up->uh_dport);
385
386	if (ipv) {
387		printf("%s.%s > %s.%s",
388		    ipsrc, udpport_string(sport),
389		    ipdst, udpport_string(dport));
390	} else {
391		printf("udp %s > %s",
392		    udpport_string(sport),
393		    udpport_string(dport));
394	}
395
396	printf(": ");
397
398	cksum += htons(length);
399
400	ulen = ntohs(up->uh_ulen);
401	if (length < ulen)
402		printf(" truncated-udp - %u bytes missing!", ulen - length);
403
404	length -= sizeof(*up);
405
406	if (vflag && ipv && TTEST2(cp[0], length)) {
407		uint16_t sum, usum = up->uh_sum;
408
409		if (usum == 0) {
410			if (ipv == 4)
411				printf("[no udp cksum] ");
412			else
413				printf("[invalid udp cksum 0] ");
414		} else {
415			cksum += htons(IPPROTO_UDP);
416			cksum += up->uh_sport;
417			cksum += up->uh_dport;
418			cksum += up->uh_ulen;
419
420			sum = in_cksum(cp, length, cksum);
421
422			if (sum == usum)
423				printf("[udp sum ok] ");
424			else {
425				printf("[bad udp cksum %04x! -> %04x] ",
426				    usum, sum);
427			}
428		}
429	}
430
431	if (packettype) {
432		struct rpc_msg *rp;
433		enum msg_type direction;
434
435		switch (packettype) {
436		case PT_VAT:
437			vat_print(cp, length, up);
438			break;
439
440		case PT_WB:
441			wb_print(cp, length);
442			break;
443
444		case PT_RPC:
445			rp = (struct rpc_msg *)cp;
446			direction = (enum msg_type)ntohl(rp->rm_direction);
447			if (direction == CALL)
448				sunrpcrequest_print(cp, length, iph);
449			else
450				nfsreply_print(cp, length, iph);
451			break;
452
453		case PT_RTP:
454			rtp_print(cp, length, up);
455			break;
456
457		case PT_RTCP:
458			while (cp < ep)
459				cp = rtcp_print(cp, ep);
460			break;
461		case PT_CNFP:
462			cnfp_print(cp, length);
463			break;
464		case PT_GRE:
465			gre_print(cp, length);
466			break;
467		case PT_VXLAN:
468			vxlan_print(cp, length);
469			break;
470		case PT_GENEVE:
471			geneve_print(cp, length);
472			break;
473		case PT_MPLS:
474			mpls_print(cp, length);
475			break;
476		case PT_TFTP:
477			tftp_print(cp, length);
478			break;
479		case PT_WIREGUARD:
480			wg_print(cp, length);
481			break;
482		}
483		return;
484	}
485
486	if (!qflag) {
487		struct rpc_msg *rp;
488		enum msg_type direction;
489
490		rp = (struct rpc_msg *)cp;
491		if (TTEST(rp->rm_direction)) {
492			direction = (enum msg_type)ntohl(rp->rm_direction);
493			if (dport == NFS_PORT && direction == CALL) {
494				nfsreq_print(cp, length, iph);
495				return;
496			}
497			if (sport == NFS_PORT && direction == REPLY) {
498				nfsreply_print(cp, length, iph);
499				return;
500			}
501#ifdef notdef
502			if (dport == SUNRPC_PORT && direction == CALL) {
503				sunrpcrequest_print(cp, length, iph);
504				return;
505			}
506#endif
507		}
508		if (TTEST(((struct LAP *)cp)->type) &&
509		    ((struct LAP *)cp)->type == lapDDP &&
510		    (atalk_port(sport) || atalk_port(dport))) {
511			if (vflag)
512				printf("kip ");
513			atalk_print_llap(cp, length);
514			return;
515		}
516	}
517
518	if (!qflag) {
519#define ISPORT(p) (dport == (p) || sport == (p))
520		if (ISPORT(NAMESERVER_PORT))
521			ns_print(cp, length, 0);
522		else if (ISPORT(MULTICASTDNS_PORT))
523			ns_print(cp, length, 1);
524		else if (ISPORT(LWRES_PORT))
525			lwres_print(cp, length);
526		else if (ISPORT(TIMED_PORT))
527			timed_print(cp, length);
528		else if (ISPORT(TFTP_PORT))
529			tftp_print(cp, length);
530		else if (ISPORT(IPPORT_BOOTPC) || ISPORT(IPPORT_BOOTPS))
531			bootp_print(cp, length, sport, dport);
532		else if (ISPORT(RIP_PORT))
533			rip_print(cp, length);
534		else if (ISPORT(SNMP_PORT) || ISPORT(SNMPTRAP_PORT))
535			snmp_print(cp, length);
536		else if (ISPORT(NTP_PORT))
537			ntp_print(cp, length);
538		else if (ISPORT(KERBEROS_PORT) || ISPORT(KERBEROS_SEC_PORT))
539			krb_print(cp, length);
540		else if (ISPORT(L2TP_PORT))
541			l2tp_print(cp, length);
542		else if (ISPORT(UDPENCAP_PORT))
543			udpencap_print(cp, length, iph);
544		else if (ISPORT(ISAKMP_PORT))
545			ike_print(cp, length);
546#if 0
547		else if (ISPORT(NETBIOS_NS_PORT))
548			nbt_udp137_print(cp, length);
549		else if (ISPORT(NETBIOS_DGRAM_PORT))
550			nbt_udp138_print(cp, length);
551#endif
552                else if (ISPORT(OLD_RADIUS_AUTH_PORT) ||
553                         ISPORT(OLD_RADIUS_ACCT_PORT) ||
554                         ISPORT(RADIUS_AUTH_PORT)     ||
555                         ISPORT(RADIUS_ACCT_PORT))
556                        radius_print(cp, length);
557		else if (dport == 3456)
558			vat_print(cp, length, up);
559		else if (ISPORT(IAPP_PORT) || ISPORT(IAPP_OLD_PORT))
560			iapp_print(cp, length);
561		else if (ISPORT(VQP_PORT))
562			vqp_print(cp, length);
563		else if (ISPORT(GRE_PORT))
564			gre_print(cp, length);
565		else if (ISPORT(VXLAN_PORT) || ISPORT(VXLAN_GPE_PORT))
566			vxlan_print(cp, length);
567		else if (ISPORT(GENEVE_PORT))
568			geneve_print(cp, length);
569		else if (ISPORT(MPLS_PORT))
570			mpls_print(cp, length);
571		else if (ISPORT(RIPNG_PORT))
572			ripng_print(cp, length);
573		else if (ISPORT(DHCP6_PORT1) || ISPORT(DHCP6_PORT2))
574			dhcp6_print(cp, length);
575		else if (ISPORT(GTP_C_PORT) || ISPORT(GTP_U_PORT) ||
576		    ISPORT(GTP_PRIME_PORT))
577			gtp_print(cp, length, sport, dport);
578		/*
579		 * Kludge in test for whiteboard packets.
580		 */
581		else if (dport == 4567)
582			wb_print(cp, length);
583		else if (dport == HSRP_PORT)
584			hsrp_print(cp, length);
585		else if (wg_match(cp, length))
586			wg_print(cp, length);
587		else
588			printf("udp %u", length);
589#undef ISPORT
590	} else
591		printf("udp %u", length);
592}
593