int printIPPacket(gpacket_t *msg)
{
ip_packet_t *ip_pkt;
char tmpbuf[MAX_TMPBUF_LEN];
int tos;
ip_pkt = (ip_packet_t *)msg->data.data;
printf("IP: ----- IP Header -----\n");
printf("IP: Version : %d\n", ip_pkt->ip_version);
printf("IP: Header Length : %d Bytes\n", ip_pkt->ip_hdr_len*4);
printf("IP: Total Length : %d Bytes\n", ntohs(ip_pkt->ip_pkt_len));
printf("IP: Type of Service: 0x%02X\n", ip_pkt->ip_tos);
printf("IP: xxx. .... = 0x%02X (Precedence)\n", IPTOS_PREC(ip_pkt->ip_tos));
tos = IPTOS_TOS(ip_pkt->ip_tos);
if (tos == IPTOS_LOWDELAY)
printf("IP: ...1 .... = Minimize Delay\n");
else
printf("IP: ...0 .... = Normal Delay\n");
if (tos == IPTOS_THROUGHPUT)
printf("IP: .... 1... = Maximize Throughput\n");
else
printf("IP: .... 0... = Normal Throughput\n");
if (tos == IPTOS_RELIABILITY)
printf("IP: .... .1.. = Maximize Reliability\n");
else
printf("IP: .... .0.. = Normal Reliability\n");
if (tos == IPTOS_MINCOST)
printf("IP: .... ..1. = Minimize Cost\n");
else
printf("IP: .... ..0. = Normal Cost\n");
printf("IP: Identification : %d\n", ntohs(ip_pkt->ip_identifier));
printf("IP: Flags : 0x%02X\n", ((ntohs(ip_pkt->ip_frag_off) & ~IP_OFFMASK)>>13));
if ((ntohs(ip_pkt->ip_frag_off) & IP_DF) == IP_DF)
printf("IP: .1.. .... = do not fragment\n");
else
printf("IP: .0.. .... = can fragment\n");
if ((ntohs(ip_pkt->ip_frag_off) & IP_MF) == IP_MF)
printf("IP: ..1. .... = more fragment\n");
else
printf("IP: ..0. .... = last fragment\n");
printf("IP: Fragment Offset: %d Bytes\n", (ntohs(ip_pkt->ip_frag_off) & IP_OFFMASK));
printf("IP: Time to Live : %d sec/hops\n", ip_pkt->ip_ttl);
printf("IP: Protocol : %d", ip_pkt->ip_prot);
printf("IP: Checksum : 0x%X\n", ntohs(ip_pkt->ip_cksum));
printf("IP: Source : %s", IP2Dot(tmpbuf, gNtohl((tmpbuf+20), ip_pkt->ip_src)));
printf("IP: Destination : %s", IP2Dot(tmpbuf, gNtohl((tmpbuf+20), ip_pkt->ip_dst)));
return ip_pkt->ip_prot;
}
/**
* nfq_pkt_snprintf_ip - print IPv4 header into buffer in iptables LOG format
* \param buf: pointer to buffer that will be used to print the header
* \param size: size of the buffer (or remaining room in it)
* \param ip: pointer to a valid IPv4 header
*
* This function returns the number of bytes that would have been written in
* case that there is enough room in the buffer. Read snprintf manpage for more
* information to know more about this strange behaviour.
*/
int nfq_ip_snprintf(char *buf, size_t size, const struct iphdr *iph)
{
int ret;
struct in_addr src = { iph->saddr };
struct in_addr dst = { iph->daddr };
ret = snprintf(buf, size, "SRC=%s DST=%s LEN=%u TOS=0x%X "
"PREC=0x%X TTL=%u ID=%u PROTO=%u ",
inet_ntoa(src), inet_ntoa(dst),
ntohs(iph->tot_len), IPTOS_TOS(iph->tos),
IPTOS_PREC(iph->tos), iph->ttl, ntohs(iph->id),
iph->protocol);
return ret;
}
void
os_socket_set_olsr_options(struct interface * ifs, int sock, union olsr_sockaddr *mcast) {
/* Set TOS */
int data = IPTOS_PREC(olsr_cnf->tos);
if (setsockopt(sock, SOL_SOCKET, SO_PRIORITY, (char *)&data, sizeof(data)) < 0) {
OLSR_WARN(LOG_INTERFACE, "setsockopt(SO_PRIORITY) error %s", strerror(errno));
}
data = IPTOS_TOS(olsr_cnf->tos);
if (setsockopt(sock, SOL_IP, IP_TOS, (char *)&data, sizeof(data)) < 0) {
OLSR_WARN(LOG_INTERFACE, "setsockopt(IP_TOS) error %s", strerror(errno));
}
if (mcast) {
join_mcast(ifs, sock, mcast);
}
}
/*
* Main IP Receive routine.
*/
int ip_rcv(struct sk_buff *skb, struct device *dev, struct packet_type *pt)
{
struct iphdr *iph = skb->nh.iph;
/*
* When the interface is in promisc. mode, drop all the crap
* that it receives, do not try to analyse it.
*/
if (skb->pkt_type == PACKET_OTHERHOST)
goto drop;
ip_statistics.IpInReceives++;
/*
* RFC1122: 3.1.2.2 MUST silently discard any IP frame that fails the checksum.
*
* Is the datagram acceptable?
*
* 1. Length at least the size of an ip header
* 2. Version of 4
* 3. Checksums correctly. [Speed optimisation for later, skip loopback checksums]
* 4. Doesn't have a bogus length
*/
if (skb->len < sizeof(struct iphdr))
goto inhdr_error;
if (iph->ihl < 5 || iph->version != 4 || ip_fast_csum((u8 *)iph, iph->ihl) != 0)
goto inhdr_error;
{
__u32 len = ntohs(iph->tot_len);
if (skb->len < len)
goto inhdr_error;
/*
* Our transport medium may have padded the buffer out. Now we know it
* is IP we can trim to the true length of the frame.
* Note this now means skb->len holds ntohs(iph->tot_len).
*/
__skb_trim(skb, len);
}
/*
* Initialise the virtual path cache for the packet. It describes
* how the packet travels inside Linux networking.
*/
if (skb->dst == NULL) {
if (ip_route_input(skb, iph->daddr, iph->saddr, iph->tos, dev))
goto drop;
#ifdef CONFIG_CPU_IS_SLOW
if (net_cpu_congestion > 10 && !(iph->tos&IPTOS_RELIABILITY) &&
IPTOS_PREC(iph->tos) < IPTOS_PREC_INTERNETCONTROL) {
goto drop;
}
#endif
}
#ifdef CONFIG_IP_ALWAYS_DEFRAG
if (iph->frag_off & htons(IP_MF|IP_OFFSET)) {
skb = ip_defrag(skb);
if (!skb)
return 0;
iph = skb->nh.iph;
ip_send_check(iph);
}
#endif
if (iph->ihl > 5) {
struct ip_options *opt;
/* It looks as overkill, because not all
IP options require packet mangling.
But it is the easiest for now, especially taking
into account that combination of IP options
and running sniffer is extremely rare condition.
--ANK (980813)
*/
skb = skb_cow(skb, skb_headroom(skb));
if (skb == NULL)
return 0;
iph = skb->nh.iph;
skb->ip_summed = 0;
if (ip_options_compile(NULL, skb))
goto inhdr_error;
opt = &(IPCB(skb)->opt);
if (opt->srr) {
struct in_device *in_dev = dev->ip_ptr;
if (in_dev && !IN_DEV_SOURCE_ROUTE(in_dev)) {
if (IN_DEV_LOG_MARTIANS(in_dev) && net_ratelimit())
printk(KERN_INFO "source route option %d.%d.%d.%d -> %d.%d.%d.%d\n",
NIPQUAD(iph->saddr), NIPQUAD(iph->daddr));
goto drop;
}
if (ip_options_rcv_srr(skb))
goto drop;
}
}
/*
* See if the firewall wants to dispose of the packet.
*
* Note: the current standard firewall code expects that the
* destination address was already checked against the interface
* address lists.
*
* If this code is ever moved in front of ip_route_input() you need
* to fix the fw code [moving it might be a good idea anyways,
* so that we can firewall against potentially bugs in the options
* or routing code]
*/
#ifdef CONFIG_FIREWALL
{
int fwres;
u16 rport;
#ifdef CONFIG_IP_ROUTE_TOS
u8 tos = iph->tos;
#endif
if ((fwres=call_in_firewall(PF_INET, skb->dev, iph, &rport, &skb))<FW_ACCEPT) {
if (fwres==FW_REJECT)
icmp_send(skb, ICMP_DEST_UNREACH, ICMP_PORT_UNREACH, 0);
goto drop;
}
#ifdef CONFIG_IP_TRANSPARENT_PROXY
if (fwres==FW_REDIRECT && (IPCB(skb)->redirport = rport) != 0)
return ip_local_deliver(skb);
#endif
#ifdef CONFIG_IP_ROUTE_TOS
/* It is for 2.2 only. Firewalling should make smart
rerouting itself, ideally, but now it is too late
to teach it. --ANK (980905)
*/
if (iph->tos != tos && ((struct rtable*)skb->dst)->rt_type == RTN_UNICAST) {
dst_release(skb->dst);
skb->dst = NULL;
if (ip_route_input(skb, iph->daddr, iph->saddr, iph->tos, dev))
goto drop;
}
#endif
}
#endif
return skb->dst->input(skb);
inhdr_error:
ip_statistics.IpInHdrErrors++;
drop:
kfree_skb(skb);
return(0);
}
