int
icmp_error(struct nm_if *nmif, char *buf, int len, int type, int code)
{
char *nbuf;
int err;
struct icmp *icmp;
struct ip *ip, *oip;
unsigned int icmplen, icmpelen, nlen, oiphlen;
if (type > ICMP_MAXTYPE) {
DPRINTF("%s: invalid ICMP type: %d\n", __func__, type);
return (-1);
}
oip = (struct ip *)buf;
if (oip->ip_off & htons(~(IP_MF|IP_DF)))
return (0);
oiphlen = oip->ip_hl << 2;
if (oiphlen + 8 > len)
return (0);
if (oip->ip_p == IPPROTO_ICMP && type != ICMP_REDIRECT &&
len >= oiphlen + ICMP_MINLEN &&
!ICMP_INFOTYPE(((struct icmp *)((caddr_t)oip + oiphlen))->icmp_type)) {
pktcnt.icmp_old++;
return (0);
}
icmpelen = MAX(8, MIN(ICMP_QUOTELEN, ntohs(oip->ip_len) - oiphlen));
icmplen = MIN(oiphlen + icmpelen, len);
if (icmplen < sizeof(struct ip))
return (0);
nlen = sizeof(struct ip) + ICMP_MINLEN + icmplen;
nbuf = (char *)malloc(nlen);
if (nbuf == NULL)
return (ENOMEM);
memset(nbuf, 0, nlen);
/* Copy old IP header (without options). */
memcpy(nbuf, buf, sizeof(struct ip));
ip = (struct ip *)nbuf;
ip->ip_len = htons(sizeof(struct ip) + ICMP_MINLEN + icmplen);
ip->ip_v = IPVERSION;
ip->ip_hl = 5;
ip->ip_p = IPPROTO_ICMP;
ip->ip_tos = 0;
ip->ip_off = 0;
icmp = (struct icmp *)(nbuf + (ip->ip_hl << 2));
// inc_icmp[type];
icmp->icmp_type = type;
icmp->icmp_code = code;
/* Copy the quotation into ICMP message. */
memcpy(&icmp->icmp_ip, buf, icmplen);
pktcnt.icmp_error++;
err = icmp_reflect(nmif, nbuf, nlen);
free(nbuf);
return (err);
}
void
RaProcessThisRecord (struct ArgusParserStruct *parser, struct ArgusRecordStruct *argus)
{
struct ArgusAggregatorStruct *agg = parser->ArgusAggregator;
struct ArgusHashStruct *hstruct = NULL;
int found = 0;
while (agg && !found) {
int retn = 0, fretn = -1, lretn = -1;
if (agg->filterstr) {
struct nff_insn *fcode = agg->filter.bf_insns;
fretn = ArgusFilterRecord (fcode, argus);
}
if (agg->labelstr) {
struct ArgusLabelStruct *label;
if (((label = (void *)argus->dsrs[ARGUS_LABEL_INDEX]) != NULL)) {
if (regexec(&agg->lpreg, label->l_un.label, 0, NULL, 0))
lretn = 0;
else
lretn = 1;
} else
lretn = 0;
}
retn = (lretn < 0) ? ((fretn < 0) ? 1 : fretn) : ((fretn < 0) ? lretn : (lretn && fretn));
if (retn != 0) {
struct ArgusRecordStruct *tns, *ns = ArgusCopyRecordStruct(argus);
if ((agg->rap = RaFlowModelOverRides(agg, ns)) == NULL)
agg->rap = agg->drap;
ArgusGenerateNewFlow(agg, ns);
if ((hstruct = ArgusGenerateHashStruct(agg, ns, (struct ArgusFlow *)&agg->fstruct)) == NULL)
ArgusLog (LOG_ERR, "RaProcessThisRecord: ArgusGenerateHashStruct error %s", strerror(errno));
if ((tns = ArgusFindRecord(agg->htable, hstruct)) == NULL) {
struct ArgusFlow *flow = (struct ArgusFlow *) ns->dsrs[ARGUS_FLOW_INDEX];
if (!parser->RaMonMode && parser->ArgusReverse) {
int tryreverse = 0;
if (flow != NULL) {
if (agg->correct != NULL)
tryreverse = 1;
switch (flow->hdr.argus_dsrvl8.qual & 0x1F) {
case ARGUS_TYPE_IPV4: {
switch (flow->ip_flow.ip_p) {
case IPPROTO_ESP:
tryreverse = 0;
break;
}
break;
}
case ARGUS_TYPE_IPV6: {
switch (flow->ipv6_flow.ip_p) {
case IPPROTO_ESP:
tryreverse = 0;
break;
}
break;
}
}
} else
tryreverse = 0;
if (tryreverse) {
if ((hstruct = ArgusGenerateReverseHashStruct(agg, ns, (struct ArgusFlow *)&agg->fstruct)) == NULL)
ArgusLog (LOG_ERR, "RaProcessThisRecord: ArgusGenerateHashStruct error %s", strerror(errno));
if ((tns = ArgusFindRecord(agg->htable, hstruct)) == NULL) {
switch (flow->hdr.argus_dsrvl8.qual & 0x1F) {
case ARGUS_TYPE_IPV4: {
switch (flow->ip_flow.ip_p) {
case IPPROTO_ICMP: {
struct ArgusICMPFlow *icmpFlow = &flow->flow_un.icmp;
if (ICMP_INFOTYPE(icmpFlow->type)) {
switch (icmpFlow->type) {
case ICMP_ECHO:
case ICMP_ECHOREPLY:
icmpFlow->type = (icmpFlow->type == ICMP_ECHO) ? ICMP_ECHOREPLY : ICMP_ECHO;
if ((hstruct = ArgusGenerateReverseHashStruct(agg, ns, (struct ArgusFlow *)&agg->fstruct)) != NULL)
tns = ArgusFindRecord(agg->htable, hstruct);
icmpFlow->type = (icmpFlow->type == ICMP_ECHO) ? ICMP_ECHOREPLY : ICMP_ECHO;
if (tns)
ArgusReverseRecord (ns);
break;
case ICMP_ROUTERADVERT:
case ICMP_ROUTERSOLICIT:
icmpFlow->type = (icmpFlow->type == ICMP_ROUTERADVERT) ? ICMP_ROUTERSOLICIT : ICMP_ROUTERADVERT;
if ((hstruct = ArgusGenerateReverseHashStruct(agg, ns, (struct ArgusFlow *)&agg->fstruct)) != NULL)
tns = ArgusFindRecord(agg->htable, hstruct);
icmpFlow->type = (icmpFlow->type == ICMP_ROUTERADVERT) ? ICMP_ROUTERSOLICIT : ICMP_ROUTERADVERT;
if (tns)
ArgusReverseRecord (ns);
break;
case ICMP_TSTAMP:
case ICMP_TSTAMPREPLY:
icmpFlow->type = (icmpFlow->type == ICMP_TSTAMP) ? ICMP_TSTAMPREPLY : ICMP_TSTAMP;
if ((hstruct = ArgusGenerateReverseHashStruct(agg, ns, (struct ArgusFlow *)&agg->fstruct)) != NULL)
tns = ArgusFindRecord(agg->htable, hstruct);
icmpFlow->type = (icmpFlow->type == ICMP_TSTAMP) ? ICMP_TSTAMPREPLY : ICMP_TSTAMP;
if (tns)
ArgusReverseRecord (ns);
break;
case ICMP_IREQ:
case ICMP_IREQREPLY:
icmpFlow->type = (icmpFlow->type == ICMP_IREQ) ? ICMP_IREQREPLY : ICMP_IREQ;
if ((hstruct = ArgusGenerateReverseHashStruct(agg, ns, (struct ArgusFlow *)&agg->fstruct)) != NULL)
tns = ArgusFindRecord(agg->htable, hstruct);
icmpFlow->type = (icmpFlow->type == ICMP_IREQ) ? ICMP_IREQREPLY : ICMP_IREQ;
if (tns)
ArgusReverseRecord (ns);
break;
case ICMP_MASKREQ:
case ICMP_MASKREPLY:
icmpFlow->type = (icmpFlow->type == ICMP_MASKREQ) ? ICMP_MASKREPLY : ICMP_MASKREQ;
if ((hstruct = ArgusGenerateReverseHashStruct(agg, ns, (struct ArgusFlow *)&agg->fstruct)) != NULL)
tns = ArgusFindRecord(agg->htable, hstruct);
icmpFlow->type = (icmpFlow->type == ICMP_MASKREQ) ? ICMP_MASKREPLY : ICMP_MASKREQ;
if (tns)
ArgusReverseRecord (ns);
break;
}
}
break;
}
}
}
}
if ((hstruct = ArgusGenerateHashStruct(agg, ns, (struct ArgusFlow *)&agg->fstruct)) == NULL)
ArgusLog (LOG_ERR, "RaProcessThisRecord: ArgusGenerateHashStruct error %s", strerror(errno));
} else {
switch (flow->hdr.argus_dsrvl8.qual & 0x1F) {
case ARGUS_TYPE_IPV4: {
switch (flow->ip_flow.ip_p) {
case IPPROTO_TCP: {
struct ArgusTCPObject *tcp = (struct ArgusTCPObject *)ns->dsrs[ARGUS_NETWORK_INDEX];
if (tcp != NULL) {
struct ArgusTCPObject *ttcp = (struct ArgusTCPObject *)tns->dsrs[ARGUS_NETWORK_INDEX];
if (ttcp != NULL) {
if ((tcp->status & ARGUS_SAW_SYN) && !(ttcp->status & ARGUS_SAW_SYN)) {
ArgusReverseRecord (tns);
} else
ArgusReverseRecord (ns);
} else
ArgusReverseRecord (ns);
} else
ArgusReverseRecord (ns);
break;
}
default:
ArgusReverseRecord (ns);
break;
}
}
break;
case ARGUS_TYPE_IPV6: {
switch (flow->ipv6_flow.ip_p) {
case IPPROTO_TCP: {
struct ArgusTCPObject *tcp = (struct ArgusTCPObject *)ns->dsrs[ARGUS_NETWORK_INDEX];
if (tcp != NULL) {
struct ArgusTCPObject *ttcp = (struct ArgusTCPObject *)tns->dsrs[ARGUS_NETWORK_INDEX];
if (ttcp != NULL) {
if ((tcp->status & ARGUS_SAW_SYN) && !(ttcp->status & ARGUS_SAW_SYN)) {
ArgusReverseRecord (tns);
} else
ArgusReverseRecord (ns);
} else
ArgusReverseRecord (ns);
} else
ArgusReverseRecord (ns);
break;
}
default:
ArgusReverseRecord (ns);
break;
}
}
break;
default:
ArgusReverseRecord (ns);
}
}
}
}
}
if (tns != NULL) {
if (parser->Aflag) {
if ((tns->status & RA_SVCTEST) != (ns->status & RA_SVCTEST)) {
RaSendArgusRecord(tns);
tns->status &= ~(RA_SVCTEST);
tns->status |= (ns->status & RA_SVCTEST);
}
}
if (tns->status & ARGUS_RECORD_WRITTEN) {
ArgusZeroRecord (tns);
} else {
if (agg->statusint || agg->idleint) {
double dur, nsst, tnsst, nslt, tnslt;
nsst = ArgusFetchStartTime(ns);
tnsst = ArgusFetchStartTime(tns);
nslt = ArgusFetchLastTime(ns);
tnslt = ArgusFetchLastTime(tns);
dur = ((tnslt > nslt) ? tnslt : nslt) - ((nsst < tnsst) ? nsst : tnsst);
if (agg->statusint && (dur >= agg->statusint)) {
RaSendArgusRecord(tns);
ArgusZeroRecord(tns);
} else {
dur = ((nslt < tnsst) ? (tnsst - nslt) : ((tnslt < nsst) ? (nsst - tnslt) : 0.0));
if (agg->idleint && (dur >= agg->idleint)) {
RaSendArgusRecord(tns);
ArgusZeroRecord(tns);
}
}
}
}
ArgusMergeRecords (agg, tns, ns);
ArgusRemoveFromQueue (agg->queue, &tns->qhdr, ARGUS_NOLOCK);
ArgusAddToQueue (agg->queue, &tns->qhdr, ARGUS_NOLOCK);
ArgusDeleteRecordStruct(parser, ns);
agg->status |= ARGUS_AGGREGATOR_DIRTY;
} else {
tns = ns;
tns->htblhdr = ArgusAddHashEntry (agg->htable, tns, hstruct);
ArgusAddToQueue (agg->queue, &tns->qhdr, ARGUS_NOLOCK);
agg->status |= ARGUS_AGGREGATOR_DIRTY;
}
if (agg->cont)
agg = agg->nxt;
else
found++;
} else
agg = agg->nxt;
}
}
void
icmp_print(const u_char *bp, u_int plen, const u_char *bp2, int fragmented)
{
char *cp;
const struct icmp *dp;
const struct icmp_ext_t *ext_dp;
const struct ip *ip;
const char *str, *fmt;
const struct ip *oip;
const struct udphdr *ouh;
const u_int8_t *obj_tptr;
u_int32_t raw_label;
const u_char *snapend_save;
const struct icmp_mpls_ext_object_header_t *icmp_mpls_ext_object_header;
u_int hlen, dport, mtu, obj_tlen, obj_class_num, obj_ctype;
char buf[MAXHOSTNAMELEN + 100];
dp = (struct icmp *)bp;
ext_dp = (struct icmp_ext_t *)bp;
ip = (struct ip *)bp2;
str = buf;
TCHECK(dp->icmp_code);
switch (dp->icmp_type) {
case ICMP_ECHO:
case ICMP_ECHOREPLY:
TCHECK(dp->icmp_seq);
(void)snprintf(buf, sizeof(buf), "echo %s, id %u, seq %u",
dp->icmp_type == ICMP_ECHO ?
"request" : "reply",
EXTRACT_16BITS(&dp->icmp_id),
EXTRACT_16BITS(&dp->icmp_seq));
break;
case ICMP_UNREACH:
TCHECK(dp->icmp_ip.ip_dst);
switch (dp->icmp_code) {
case ICMP_UNREACH_PROTOCOL:
TCHECK(dp->icmp_ip.ip_p);
(void)snprintf(buf, sizeof(buf),
"%s protocol %d unreachable",
ipaddr_string(&dp->icmp_ip.ip_dst),
dp->icmp_ip.ip_p);
break;
case ICMP_UNREACH_PORT:
TCHECK(dp->icmp_ip.ip_p);
oip = &dp->icmp_ip;
hlen = IP_HL(oip) * 4;
ouh = (struct udphdr *)(((u_char *)oip) + hlen);
TCHECK(ouh->uh_dport);
dport = EXTRACT_16BITS(&ouh->uh_dport);
switch (oip->ip_p) {
case IPPROTO_TCP:
(void)snprintf(buf, sizeof(buf),
"%s tcp port %s unreachable",
ipaddr_string(&oip->ip_dst),
tcpport_string(dport));
break;
case IPPROTO_UDP:
(void)snprintf(buf, sizeof(buf),
"%s udp port %s unreachable",
ipaddr_string(&oip->ip_dst),
udpport_string(dport));
break;
default:
(void)snprintf(buf, sizeof(buf),
"%s protocol %d port %d unreachable",
ipaddr_string(&oip->ip_dst),
oip->ip_p, dport);
break;
}
break;
case ICMP_UNREACH_NEEDFRAG:
{
register const struct mtu_discovery *mp;
mp = (struct mtu_discovery *)(u_char *)&dp->icmp_void;
mtu = EXTRACT_16BITS(&mp->nexthopmtu);
if (mtu) {
(void)snprintf(buf, sizeof(buf),
"%s unreachable - need to frag (mtu %d)",
ipaddr_string(&dp->icmp_ip.ip_dst), mtu);
} else {
(void)snprintf(buf, sizeof(buf),
"%s unreachable - need to frag",
ipaddr_string(&dp->icmp_ip.ip_dst));
}
}
break;
default:
fmt = tok2str(unreach2str, "#%d %%s unreachable",
dp->icmp_code);
(void)snprintf(buf, sizeof(buf), fmt,
ipaddr_string(&dp->icmp_ip.ip_dst));
break;
}
break;
case ICMP_REDIRECT:
TCHECK(dp->icmp_ip.ip_dst);
fmt = tok2str(type2str, "redirect-#%d %%s to net %%s",
dp->icmp_code);
(void)snprintf(buf, sizeof(buf), fmt,
ipaddr_string(&dp->icmp_ip.ip_dst),
ipaddr_string(&dp->icmp_gwaddr));
break;
case ICMP_ROUTERADVERT:
{
register const struct ih_rdiscovery *ihp;
register const struct id_rdiscovery *idp;
u_int lifetime, num, size;
(void)snprintf(buf, sizeof(buf), "router advertisement");
cp = buf + strlen(buf);
ihp = (struct ih_rdiscovery *)&dp->icmp_void;
TCHECK(*ihp);
(void)strncpy(cp, " lifetime ", sizeof(buf) - (cp - buf));
cp = buf + strlen(buf);
lifetime = EXTRACT_16BITS(&ihp->ird_lifetime);
if (lifetime < 60) {
(void)snprintf(cp, sizeof(buf) - (cp - buf), "%u",
lifetime);
} else if (lifetime < 60 * 60) {
(void)snprintf(cp, sizeof(buf) - (cp - buf), "%u:%02u",
lifetime / 60, lifetime % 60);
} else {
(void)snprintf(cp, sizeof(buf) - (cp - buf),
"%u:%02u:%02u",
lifetime / 3600,
(lifetime % 3600) / 60,
lifetime % 60);
}
cp = buf + strlen(buf);
num = ihp->ird_addrnum;
(void)snprintf(cp, sizeof(buf) - (cp - buf), " %d:", num);
cp = buf + strlen(buf);
size = ihp->ird_addrsiz;
if (size != 2) {
(void)snprintf(cp, sizeof(buf) - (cp - buf),
" [size %d]", size);
break;
}
idp = (struct id_rdiscovery *)&dp->icmp_data;
while (num-- > 0) {
TCHECK(*idp);
(void)snprintf(cp, sizeof(buf) - (cp - buf), " {%s %u}",
ipaddr_string(&idp->ird_addr),
EXTRACT_32BITS(&idp->ird_pref));
cp = buf + strlen(buf);
++idp;
}
}
break;
case ICMP_TIMXCEED:
TCHECK(dp->icmp_ip.ip_dst);
switch (dp->icmp_code) {
case ICMP_TIMXCEED_INTRANS:
str = "time exceeded in-transit";
break;
case ICMP_TIMXCEED_REASS:
str = "ip reassembly time exceeded";
break;
default:
(void)snprintf(buf, sizeof(buf), "time exceeded-#%d",
dp->icmp_code);
break;
}
break;
case ICMP_PARAMPROB:
if (dp->icmp_code)
(void)snprintf(buf, sizeof(buf),
"parameter problem - code %d", dp->icmp_code);
else {
TCHECK(dp->icmp_pptr);
(void)snprintf(buf, sizeof(buf),
"parameter problem - octet %d", dp->icmp_pptr);
}
break;
case ICMP_MASKREPLY:
TCHECK(dp->icmp_mask);
(void)snprintf(buf, sizeof(buf), "address mask is 0x%08x",
EXTRACT_32BITS(&dp->icmp_mask));
break;
case ICMP_TSTAMP:
TCHECK(dp->icmp_seq);
(void)snprintf(buf, sizeof(buf),
"time stamp query id %u seq %u",
EXTRACT_16BITS(&dp->icmp_id),
EXTRACT_16BITS(&dp->icmp_seq));
break;
case ICMP_TSTAMPREPLY:
TCHECK(dp->icmp_ttime);
(void)snprintf(buf, sizeof(buf),
"time stamp reply id %u seq %u: org %s",
EXTRACT_16BITS(&dp->icmp_id),
EXTRACT_16BITS(&dp->icmp_seq),
icmp_tstamp_print(EXTRACT_32BITS(&dp->icmp_otime)));
(void)snprintf(buf+strlen(buf),sizeof(buf)-strlen(buf),", recv %s",
icmp_tstamp_print(EXTRACT_32BITS(&dp->icmp_rtime)));
(void)snprintf(buf+strlen(buf),sizeof(buf)-strlen(buf),", xmit %s",
icmp_tstamp_print(EXTRACT_32BITS(&dp->icmp_ttime)));
break;
default:
str = tok2str(icmp2str, "type-#%d", dp->icmp_type);
break;
}
(void)printf("ICMP %s, length %u", str, plen);
if (vflag && !fragmented) { /* don't attempt checksumming if this is a frag */
u_int16_t sum, icmp_sum;
if (TTEST2(*bp, plen)) {
sum = in_cksum((u_short*)dp, plen, 0);
if (sum != 0) {
icmp_sum = EXTRACT_16BITS(&dp->icmp_cksum);
(void)printf(" (wrong icmp cksum %x (->%x)!)",
icmp_sum,
in_cksum_shouldbe(icmp_sum, sum));
}
}
}
/*
* print the remnants of the IP packet.
* save the snaplength as this may get overidden in the IP printer.
*/
if (vflag >= 1 && !ICMP_INFOTYPE(dp->icmp_type)) {
bp += 8;
(void)printf("\n\t");
ip = (struct ip *)bp;
snaplen = snapend - bp;
snapend_save = snapend;
ip_print(gndo, bp, EXTRACT_16BITS(&ip->ip_len));
snapend = snapend_save;
}
/*
* Attempt to decode the MPLS extensions only for some ICMP types.
*/
if (vflag >= 1 && plen > ICMP_EXTD_MINLEN && ICMP_MPLS_EXT_TYPE(dp->icmp_type)) {
TCHECK(*ext_dp);
/*
* Check first if the mpls extension header shows a non-zero length.
* If the length field is not set then silently verify the checksum
* to check if an extension header is present. This is expedient,
* however not all implementations set the length field proper.
*/
if (!ext_dp->icmp_length &&
in_cksum((const u_short *)&ext_dp->icmp_ext_version_res,
plen - ICMP_EXTD_MINLEN, 0)) {
return;
}
printf("\n\tMPLS extension v%u",
ICMP_MPLS_EXT_EXTRACT_VERSION(*(ext_dp->icmp_ext_version_res)));
/*
* Sanity checking of the header.
*/
if (ICMP_MPLS_EXT_EXTRACT_VERSION(*(ext_dp->icmp_ext_version_res)) !=
ICMP_MPLS_EXT_VERSION) {
printf(" packet not supported");
return;
}
hlen = plen - ICMP_EXTD_MINLEN;
printf(", checksum 0x%04x (%scorrect), length %u",
EXTRACT_16BITS(ext_dp->icmp_ext_checksum),
in_cksum((const u_short *)&ext_dp->icmp_ext_version_res,
plen - ICMP_EXTD_MINLEN, 0) ? "in" : "",
hlen);
hlen -= 4; /* subtract common header size */
obj_tptr = (u_int8_t *)ext_dp->icmp_ext_data;
while (hlen > sizeof(struct icmp_mpls_ext_object_header_t)) {
icmp_mpls_ext_object_header = (struct icmp_mpls_ext_object_header_t *)obj_tptr;
TCHECK(*icmp_mpls_ext_object_header);
obj_tlen = EXTRACT_16BITS(icmp_mpls_ext_object_header->length);
obj_class_num = icmp_mpls_ext_object_header->class_num;
obj_ctype = icmp_mpls_ext_object_header->ctype;
obj_tptr += sizeof(struct icmp_mpls_ext_object_header_t);
printf("\n\t %s Object (%u), Class-Type: %u, length %u",
tok2str(icmp_mpls_ext_obj_values,"unknown",obj_class_num),
obj_class_num,
obj_ctype,
obj_tlen);
hlen-=sizeof(struct icmp_mpls_ext_object_header_t); /* length field includes tlv header */
/* infinite loop protection */
if ((obj_class_num == 0) ||
(obj_tlen < sizeof(struct icmp_mpls_ext_object_header_t))) {
return;
}
obj_tlen-=sizeof(struct icmp_mpls_ext_object_header_t);
switch (obj_class_num) {
case 1:
switch(obj_ctype) {
case 1:
TCHECK2(*obj_tptr, 4);
raw_label = EXTRACT_32BITS(obj_tptr);
printf("\n\t label %u, exp %u", MPLS_LABEL(raw_label), MPLS_EXP(raw_label));
if (MPLS_STACK(raw_label))
printf(", [S]");
printf(", ttl %u", MPLS_TTL(raw_label));
break;
default:
print_unknown_data(obj_tptr, "\n\t ", obj_tlen);
}
break;
/*
* FIXME those are the defined objects that lack a decoder
* you are welcome to contribute code ;-)
*/
case 2:
default:
print_unknown_data(obj_tptr, "\n\t ", obj_tlen);
break;
}
if (hlen < obj_tlen)
break;
hlen -= obj_tlen;
obj_tptr += obj_tlen;
}
}
return;
trunc:
fputs("[|icmp]", stdout);
}
void
icmp_print(const u_char *bp, u_int length, const u_char *bp2)
{
const struct icmp *dp;
const struct ip *ip;
const char *str, *fmt;
const struct ip *oip;
const struct udphdr *ouh;
u_int hlen, dport, mtu;
char buf[MAXHOSTNAMELEN+256];
char buf2[MAXHOSTNAMELEN+256];
dp = (struct icmp *)bp;
ip = (struct ip *)bp2;
str = buf;
(void)printf("%s > %s: ",
ipaddr_string(&ip->ip_src),
ipaddr_string(&ip->ip_dst));
TCHECK(dp->icmp_code);
if (qflag)
(void) snprintf(buf, sizeof buf, "%u %u", dp->icmp_type,
dp->icmp_code);
else switch (dp->icmp_type) {
case ICMP_ECHOREPLY:
case ICMP_ECHO:
if (vflag) {
TCHECK(dp->icmp_seq);
(void)snprintf(buf, sizeof buf,
"echo %s (id:%04x seq:%u)",
(dp->icmp_type == ICMP_ECHO)?
"request": "reply",
ntohs(dp->icmp_id),
ntohs(dp->icmp_seq));
} else
str = tok2str(icmp2str, "type-#%u", dp->icmp_type);
break;
case ICMP_UNREACH:
TCHECK(dp->icmp_ip.ip_dst);
switch (dp->icmp_code) {
case ICMP_UNREACH_PROTOCOL:
TCHECK(dp->icmp_ip.ip_p);
(void)snprintf(buf, sizeof buf,
"%s protocol %u unreachable",
ipaddr_string(&dp->icmp_ip.ip_dst),
dp->icmp_ip.ip_p);
break;
case ICMP_UNREACH_PORT:
TCHECK(dp->icmp_ip.ip_p);
oip = &dp->icmp_ip;
hlen = oip->ip_hl * 4;
ouh = (struct udphdr *)(((u_char *)oip) + hlen);
TCHECK(ouh->uh_dport);
dport = ntohs(ouh->uh_dport);
switch (oip->ip_p) {
case IPPROTO_TCP:
(void)snprintf(buf, sizeof buf,
"%s tcp port %s unreachable",
ipaddr_string(&oip->ip_dst),
tcpport_string(dport));
break;
case IPPROTO_UDP:
(void)snprintf(buf, sizeof buf,
"%s udp port %s unreachable",
ipaddr_string(&oip->ip_dst),
udpport_string(dport));
break;
default:
(void)snprintf(buf, sizeof buf,
"%s protocol %u port %u unreachable",
ipaddr_string(&oip->ip_dst),
oip->ip_p, dport);
break;
}
break;
case ICMP_UNREACH_NEEDFRAG:
{
const struct mtu_discovery *mp;
mp = (struct mtu_discovery *)&dp->icmp_void;
mtu = EXTRACT_16BITS(&mp->nexthopmtu);
if (mtu)
(void)snprintf(buf, sizeof buf,
"%s unreachable - need to frag (mtu %u)",
ipaddr_string(&dp->icmp_ip.ip_dst), mtu);
else
(void)snprintf(buf, sizeof buf,
"%s unreachable - need to frag",
ipaddr_string(&dp->icmp_ip.ip_dst));
}
break;
default:
fmt = tok2str(unreach2str, "#%u %%s unreachable",
dp->icmp_code);
(void)snprintf(buf, sizeof buf, fmt,
ipaddr_string(&dp->icmp_ip.ip_dst));
break;
}
break;
case ICMP_REDIRECT:
TCHECK(dp->icmp_ip.ip_dst);
fmt = tok2str(type2str, "redirect-#%u %%s to net %%s",
dp->icmp_code);
(void)snprintf(buf, sizeof buf, fmt,
ipaddr_string(&dp->icmp_ip.ip_dst),
ipaddr_string(&dp->icmp_gwaddr));
break;
case ICMP_ROUTERADVERT:
{
const struct ih_rdiscovery *ihp;
const struct id_rdiscovery *idp;
u_int lifetime, num, size;
(void)strlcpy(buf, "router advertisement", sizeof(buf));
ihp = (struct ih_rdiscovery *)&dp->icmp_void;
TCHECK(*ihp);
(void)strlcat(buf, " lifetime ", sizeof(buf));
lifetime = EXTRACT_16BITS(&ihp->ird_lifetime);
if (lifetime < 60)
(void)snprintf(buf2, sizeof(buf2), "%u", lifetime);
else if (lifetime < 60 * 60)
(void)snprintf(buf2, sizeof(buf2), "%u:%02u",
lifetime / 60, lifetime % 60);
else
(void)snprintf(buf2, sizeof(buf2), "%u:%02u:%02u",
lifetime / 3600, (lifetime % 3600) / 60,
lifetime % 60);
strlcat(buf, buf2, sizeof(buf));
num = ihp->ird_addrnum;
(void)snprintf(buf2, sizeof(buf2), " %u:", num);
strlcat(buf, buf2, sizeof(buf));
size = ihp->ird_addrsiz;
if (size != 2) {
(void)snprintf(buf2, sizeof(buf2), " [size %u]", size);
strlcat(buf, buf2, sizeof(buf));
break;
}
idp = (struct id_rdiscovery *)&dp->icmp_data;
while (num-- > 0) {
TCHECK(*idp);
(void)snprintf(buf2, sizeof(buf2), " {%s %u}",
ipaddr_string(&idp->ird_addr),
EXTRACT_32BITS(&idp->ird_pref));
strlcat(buf, buf2, sizeof(buf));
}
}
break;
case ICMP_TIMXCEED:
TCHECK(dp->icmp_ip.ip_dst);
switch (dp->icmp_code) {
case ICMP_TIMXCEED_INTRANS:
str = "time exceeded in-transit";
break;
case ICMP_TIMXCEED_REASS:
str = "ip reassembly time exceeded";
break;
default:
(void)snprintf(buf, sizeof buf,
"time exceeded-#%u", dp->icmp_code);
break;
}
break;
case ICMP_PARAMPROB:
switch (dp->icmp_code) {
case ICMP_PARAMPROB_OPTABSENT:
str = "requested option absent";
break;
case ICMP_PARAMPROB_LENGTH:
snprintf(buf, sizeof buf, "bad length %u", dp->icmp_pptr);
break;
default:
TCHECK(dp->icmp_pptr);
(void)snprintf(buf, sizeof buf,
"parameter problem - octet %u",
dp->icmp_pptr);
break;
}
break;
case ICMP_MASKREPLY:
TCHECK(dp->icmp_mask);
(void)snprintf(buf, sizeof buf, "address mask is 0x%08x",
(u_int32_t)ntohl(dp->icmp_mask));
break;
default:
str = tok2str(icmp2str, "type-#%u", dp->icmp_type);
break;
}
(void)printf("icmp: %s", str);
if (vflag) {
u_int16_t sum;
if (TTEST2(dp->icmp_type, length)) {
sum = in_cksum((const u_short *)dp, length, 0);
if (sum != 0)
(void)printf(" [bad icmp cksum %x!]", sum);
else
(void)printf(" [icmp cksum ok]");
}
}
if (vflag > 1 && !ICMP_INFOTYPE(dp->icmp_type) &&
TTEST(dp->icmp_ip)) {
(void)printf(" for ");
oip = &dp->icmp_ip;
ip_print((u_char *)oip, ntohs(oip->ip_len));
}
return;
trunc:
fputs("[|icmp]", stdout);
}