static void dissect_igmp_v2(struct pkt_buff *pkt) { char addr[INET_ADDRSTRLEN]; uint16_t csum; struct igmp_v2_msg *msg = (struct igmp_v2_msg *) pkt_pull(pkt, sizeof(*msg)); if (msg == NULL) return; switch (msg->type) { case RGMP_HELLO: case RGMP_BYE: case RGMP_JOIN_GROUP: case RGMP_LEAVE_GROUP: tprintf(" [ IGMPv2 (RGMP)"); break; default: tprintf(" [ IGMPv2"); break; } PRINT_FRIENDLY_NAMED_MSG_TYPE(msg->type); tprintf(", Max Resp Time (%u)", msg->max_resp_time); csum = calc_csum(msg, sizeof(*msg) + pkt_len(pkt), 0); tprintf(", CSum (0x%.4x) is %s", ntohs(msg->checksum), csum ? colorize_start_full(black, red) "bogus (!)" colorize_end() : "ok"); if (csum) tprintf(" - %s should be %x%s", colorize_start_full(black, red), csum_expected(msg->checksum, csum), colorize_end()); inet_ntop(AF_INET, &msg->group_address, addr, sizeof(addr)); tprintf(", Group Addr (%s)", addr); tprintf(" ]\n"); }
static void dissect_igmp_v3_membership_query(struct pkt_buff *pkt) { char addr[INET_ADDRSTRLEN]; size_t n; uint16_t csum; uint32_t *src_addr; struct igmp_v3_membership_query *msg = (struct igmp_v3_membership_query *) pkt_pull(pkt, sizeof(*msg)); if (msg == NULL) return; tprintf(" [ IGMPv3"); PRINT_FRIENDLY_NAMED_MSG_TYPE(msg->type); tprintf(", Max Resp Code (0x%.2x => %u)", msg->max_resp_code, DECODE_MAX_RESP_CODE(msg->max_resp_code)); csum = calc_csum(msg, sizeof(*msg) + pkt_len(pkt), 0); tprintf(", CSum (0x%.4x) is %s", ntohs(msg->checksum), csum ? colorize_start_full(black, red) "bogus (!)" colorize_end() : "ok"); if (csum) tprintf(" - %s should be %x%s", colorize_start_full(black, red), csum_expected(msg->checksum, csum), colorize_end()); inet_ntop(AF_INET, &msg->group_address, addr, sizeof(addr)); /* S Flag (Suppress Router-Side Processing) */ tprintf(", Suppress (%u)", msg->s_flag ? 1 : 0); /* QRV (Querier's Robustness Variable) */ tprintf(", QRV (%u)", msg->qrv); /* QQIC (Querier's Query Interval Code) */ tprintf(", QQIC (0x%.2x => %u)", msg->qqic, DECODE_QQIC(msg->qqic)); tprintf(", Group Addr (%s)", addr); n = ntohs(msg->number_of_sources); tprintf(", Num Src (%zu)", n); if (n--) { src_addr = (uint32_t *) pkt_pull(pkt, sizeof(*src_addr)); if (src_addr != NULL) { inet_ntop(AF_INET, src_addr, addr, sizeof(addr)); tprintf(", Src Addr (%s", addr); while (n--) { src_addr = (uint32_t *) pkt_pull(pkt, sizeof(*src_addr)); if (src_addr == NULL) break; inet_ntop(AF_INET, src_addr, addr, sizeof(addr)); tprintf(", %s", addr); } tprintf(")"); } } tprintf(" ]\n"); }
static void auth_hdr(struct pkt_buff *pkt) { ssize_t hdr_len; struct auth_hdr *auth_ops; auth_ops = (struct auth_hdr *) pkt_pull(pkt, sizeof(*auth_ops)); if (auth_ops == NULL) return; hdr_len = (auth_ops->h_payload_len * 4) + 8; tprintf(" [ Authentication Header "); tprintf("NextHdr (%u), ", auth_ops->h_next_header); if (hdr_len > pkt_len(pkt) || hdr_len < 0){ tprintf("HdrLen (%u, %zd Bytes %s), ", auth_ops->h_payload_len, hdr_len, colorize_start_full(black, red) "invalid" colorize_end()); return; } tprintf("HdrLen (%u, %zd Bytes), ",auth_ops->h_payload_len, hdr_len); tprintf("Reserved (0x%x), ", ntohs(auth_ops->h_reserved)); /* TODO * Upgrade for Extended (64-bit) Sequence Number * http://tools.ietf.org/html/rfc4302#section-2.5.1 */ tprintf("SPI (0x%x), ", ntohl(auth_ops->h_spi)); tprintf("SNF (0x%x), ", ntohl(auth_ops->h_snf)); tprintf("ICV 0x"); for (size_t i = sizeof(struct auth_hdr); i < hdr_len; i++) tprintf("%02x", *pkt_pull(pkt, 1)); tprintf(" ]\n"); pkt_set_proto(pkt, ð_lay3, auth_ops->h_next_header); }
static void hop_by_hop(struct pkt_buff *pkt) { uint16_t hdr_ext_len; ssize_t opt_len; struct hop_by_hophdr *hop_ops; hop_ops = (struct hop_by_hophdr *) pkt_pull(pkt, sizeof(*hop_ops)); if (hop_ops == NULL) return; /* Total Header Length in Bytes */ hdr_ext_len = (hop_ops->hdr_len + 1) * 8; /* Options length in Bytes */ opt_len = hdr_ext_len - sizeof(*hop_ops); tprintf("\t [ Hop-by-Hop Options "); tprintf("NextHdr (%u), ", hop_ops->h_next_header); if (opt_len > pkt_len(pkt) || opt_len < 0){ tprintf("HdrExtLen (%u, %u Bytes, %s)", hop_ops->hdr_len, hdr_ext_len, colorize_start_full(black, red) "invalid" colorize_end()); return; } tprintf("HdrExtLen (%u, %u Bytes)", hop_ops->hdr_len, hdr_ext_len); dissect_opt_hop(pkt, &opt_len); tprintf(" ]\n"); pkt_pull(pkt, opt_len); pkt_set_proto(pkt, ð_lay3, hop_ops->h_next_header); }
static void dissect_igmp_v1(struct pkt_buff *pkt) { char addr[INET_ADDRSTRLEN]; uint16_t csum; struct igmp_v1_msg *msg = (struct igmp_v1_msg *) pkt_pull(pkt, sizeof(*msg)); if (msg == NULL) return; tprintf(" [ IGMPv1"); PRINT_FRIENDLY_NAMED_MSG_TYPE(msg->version__type); csum = calc_csum(msg, sizeof(*msg) + pkt_len(pkt), 0); tprintf(", CSum (0x%.4x) is %s", ntohs(msg->checksum), csum ? colorize_start_full(black, red) "bogus (!)" colorize_end() : "ok"); if (csum) tprintf(" - %s should be %x%s", colorize_start_full(black, red), csum_expected(msg->checksum, csum), colorize_end()); inet_ntop(AF_INET, &msg->group_address, addr, sizeof(addr)); tprintf(", Group Addr (%s)", addr); tprintf(" ]\n"); }
static void routing(struct pkt_buff *pkt) { uint16_t hdr_ext_len; ssize_t data_len; struct routinghdr *routing; routing = (struct routinghdr *) pkt_pull(pkt, sizeof(*routing)); if (routing == NULL) return; /* Total Header Length in Bytes */ hdr_ext_len = (routing->h_hdr_ext_len + 1) * 8; /* Data length in Bytes */ data_len = hdr_ext_len - sizeof(*routing); tprintf("\t [ Routing "); tprintf("NextHdr (%u), ", routing->h_next_header); if (data_len > pkt_len(pkt) || data_len < 0){ tprintf("HdrExtLen (%u, %u Bytes %s), ", routing->h_hdr_ext_len, hdr_ext_len, colorize_start_full(black, red) "invalid" colorize_end()); return; } tprintf("HdrExtLen (%u, %u Bytes), ", routing->h_hdr_ext_len, hdr_ext_len); tprintf("Type (%u), ", routing->h_routing_type); tprintf("Left (%u), ", routing->h_segments_left); switch (routing->h_routing_type) { case ROUTING_HEADER_TYPE_0: dissect_routinghdr_type_0_norm(pkt, &data_len); break; default: tprintf("Type %u is unknown", routing->h_routing_type); } tprintf(" ]\n"); if (data_len > pkt_len(pkt) || data_len < 0) return; pkt_pull(pkt, data_len); pkt_set_proto(pkt, ð_lay3, routing->h_next_header); }
static void mobility(struct pkt_buff *pkt) { uint16_t hdr_ext_len; ssize_t message_data_len; struct mobilityhdr *mobility; mobility = (struct mobilityhdr *) pkt_pull(pkt, sizeof(*mobility)); if (mobility == NULL) return; /* Total Header Length in Bytes */ hdr_ext_len = (mobility->hdr_len + 1) * 8; /* Total Message Data length in Bytes*/ message_data_len = (hdr_ext_len - sizeof(*mobility)); tprintf("\t [ Mobility "); tprintf("NextHdr (%u), ", mobility->payload_proto); if (message_data_len > pkt_len(pkt) || message_data_len < 0){ tprintf("HdrExtLen (%u, %u Bytes %s), ", mobility->hdr_len, hdr_ext_len, colorize_start_full(black, red) "invalid" colorize_end()); return; } tprintf("HdrExtLen (%u, %u Bytes), ", mobility->hdr_len, hdr_ext_len); tprintf("MH Type (%u), ", mobility->MH_type); tprintf("Res (0x%x), ", mobility->reserved); tprintf("Chks (0x%x), ", ntohs(mobility->chksum)); tprintf("MH Data "); get_mh_type(pkt, &message_data_len, &mobility->MH_type); tprintf(" ]\n"); if (message_data_len > pkt_len(pkt) || message_data_len < 0) return; pkt_pull(pkt, message_data_len); pkt_set_proto(pkt, ð_lay3, mobility->payload_proto); }
static void udp(struct pkt_buff *pkt) { struct udphdr *udp = (struct udphdr *) pkt_pull(pkt, sizeof(*udp)); ssize_t len; uint16_t src, dest; char *src_name, *dest_name; if (udp == NULL) return; len = ntohs(udp->len) - sizeof(*udp); src = ntohs(udp->source); dest = ntohs(udp->dest); src_name = lookup_port_udp(src); dest_name = lookup_port_udp(dest); tprintf(" [ UDP "); tprintf("Port (%u", src); if (src_name) tprintf(" (%s%s%s)", colorize_start(bold), src_name, colorize_end()); tprintf(" => %u", dest); if (dest_name) tprintf(" (%s%s%s)", colorize_start(bold), dest_name, colorize_end()); tprintf("), "); if(len > pkt_len(pkt) || len < 0){ tprintf("Len (%u) %s, ", ntohs(udp->len), colorize_start_full(black, red) "invalid" colorize_end()); } tprintf("Len (%u Bytes, %zd Bytes Data), ", ntohs(udp->len), len); tprintf("CSum (0x%.4x)", ntohs(udp->check)); tprintf(" ]\n"); }
static void ipv4(struct pkt_buff *pkt) { uint16_t csum, frag_off, h_tot_len; char src_ip[INET_ADDRSTRLEN]; char dst_ip[INET_ADDRSTRLEN]; struct ipv4hdr *ip = (struct ipv4hdr *) pkt_pull(pkt, sizeof(*ip)); uint8_t *opt, *trailer; unsigned int trailer_len = 0; ssize_t opts_len, opt_len; struct sockaddr_in sas, sad; const char *city, *region, *country; if (!ip) return; frag_off = ntohs(ip->h_frag_off); h_tot_len = ntohs(ip->h_tot_len); csum = calc_csum(ip, ip->h_ihl * 4, 0); inet_ntop(AF_INET, &ip->h_saddr, src_ip, sizeof(src_ip)); inet_ntop(AF_INET, &ip->h_daddr, dst_ip, sizeof(dst_ip)); if ((pkt_len(pkt) + sizeof(*ip)) > h_tot_len) { trailer_len = pkt_len(pkt) + sizeof(*ip) - h_tot_len; trailer = pkt->data + h_tot_len + trailer_len; } if (trailer_len) { tprintf(" [ Eth trailer "); while (trailer_len--) { tprintf("%x", *(trailer - trailer_len)); } tprintf(" ]\n"); } tprintf(" [ IPv4 "); tprintf("Addr (%s => %s), ", src_ip, dst_ip); tprintf("Proto (%u), ", ip->h_protocol); tprintf("TTL (%u), ", ip->h_ttl); tprintf("TOS (%u), ", ip->h_tos); tprintf("Ver (%u), ", ip->h_version); tprintf("IHL (%u), ", ip->h_ihl); tprintf("Tlen (%u), ", ntohs(ip->h_tot_len)); tprintf("ID (%u), ", ntohs(ip->h_id)); tprintf("Res (%u), NoFrag (%u), MoreFrag (%u), FragOff (%u), ", FRAG_OFF_RESERVED_FLAG(frag_off) ? 1 : 0, FRAG_OFF_NO_FRAGMENT_FLAG(frag_off) ? 1 : 0, FRAG_OFF_MORE_FRAGMENT_FLAG(frag_off) ? 1 : 0, FRAG_OFF_FRAGMENT_OFFSET(frag_off)); tprintf("CSum (0x%.4x) is %s", ntohs(ip->h_check), csum ? colorize_start_full(black, red) "bogus (!)" colorize_end() : "ok"); if (csum) tprintf("%s should be 0x%.4x%s", colorize_start_full(black, red), csum_expected(ip->h_check, csum), colorize_end()); tprintf(" ]\n"); memset(&sas, 0, sizeof(sas)); sas.sin_family = PF_INET; sas.sin_addr.s_addr = ip->h_saddr; memset(&sad, 0, sizeof(sad)); sad.sin_family = PF_INET; sad.sin_addr.s_addr = ip->h_daddr; if (geoip_working()) { tprintf("\t[ Geo ("); if ((country = geoip4_country_name(sas))) { tprintf("%s", country); if ((region = geoip4_region_name(sas))) tprintf(" / %s", region); if ((city = geoip4_city_name(sas))) tprintf(" / %s", city); } else { tprintf("local"); } tprintf(" => "); if ((country = geoip4_country_name(sad))) { tprintf("%s", country); if ((region = geoip4_region_name(sad))) tprintf(" / %s", region); if ((city = geoip4_city_name(sad))) tprintf(" / %s", city); } else { tprintf("local"); } tprintf(") ]\n"); } opts_len = max((uint8_t) ip->h_ihl, sizeof(*ip) / sizeof(uint32_t)) * sizeof(uint32_t) - sizeof(*ip); for (opt = pkt_pull(pkt, opts_len); opt && opts_len > 0; opt++) { tprintf(" [ Option Copied (%u), Class (%u), Number (%u)", IP_OPT_COPIED_FLAG(*opt) ? 1 : 0, IP_OPT_CLASS(*opt), IP_OPT_NUMBER(*opt)); switch (*opt) { case IP_OPT_EOOL: case IP_OPT_NOP: tprintf(" ]\n"); opts_len--; break; default: /* * Assuming that EOOL and NOP are the only single-byte * options, treat all other options as variable in * length with a minimum of 2. * * TODO: option length might be incorrect in malformed packets, * check and handle that */ opt_len = *(++opt); if (opt_len > opts_len) { tprintf(", Len (%zd, invalid) ]\n", opt_len); goto out; } else tprintf(", Len (%zd) ]\n", opt_len); opts_len -= opt_len; tprintf(" [ Data hex "); for (opt_len -= 2; opt_len > 0; opt_len--) tprintf(" %.2x", *(++opt)); tprintf(" ]\n"); break; } } out: /* cut off everything that is not part of IPv4 payload */ /* XXX there could still be an Ethernet trailer included or others */ pkt_trim(pkt, pkt_len(pkt) - min(pkt_len(pkt), (ntohs(ip->h_tot_len) - ip->h_ihl * sizeof(uint32_t)))); pkt_set_proto(pkt, ð_lay3, ip->h_protocol); }
static void dissect_igmp_v3_membership_report(struct pkt_buff *pkt) { char addr[INET_ADDRSTRLEN]; size_t m, n; uint16_t csum; uint32_t *src_addr; struct igmp_v3_group_record *rec; struct igmp_v3_membership_report *msg = (struct igmp_v3_membership_report *) pkt_pull(pkt, sizeof(*msg)); if (msg == NULL) return; tprintf(" [ IGMPv3"); PRINT_FRIENDLY_NAMED_MSG_TYPE(msg->type); csum = calc_csum(msg, sizeof(*msg) + pkt_len(pkt), 0); tprintf(", CSum (0x%.4x) is %s", ntohs(msg->checksum), csum ? colorize_start_full(black, red) "bogus (!)" colorize_end() : "ok"); if (csum) tprintf(" - %s should be %x%s", colorize_start_full(black, red), csum_expected(msg->checksum, csum), colorize_end()); m = ntohs(msg->number_of_group_records); tprintf(", Num Group Rec (%zu)", m); tprintf(" ]\n"); while (m--) { rec = (struct igmp_v3_group_record *) pkt_pull(pkt, sizeof(*rec)); if (rec == NULL) break; tprintf(" [ Group Record"); if (friendly_group_rec_type_name(rec->record_type)) tprintf(" Type (%u, %s)", rec->record_type, friendly_group_rec_type_name(rec->record_type)); else tprintf(" Type (%u)", rec->record_type); n = ntohs(rec->number_of_sources); tprintf(", Num Src (%zu)", n); inet_ntop(AF_INET, &rec->multicast_address, addr, sizeof(addr)); tprintf(", Multicast Addr (%s)", addr); if (n--) { src_addr = (uint32_t *) pkt_pull(pkt, sizeof(*src_addr)); if (src_addr != NULL) { inet_ntop(AF_INET, src_addr, addr, sizeof(addr)); tprintf(", Src Addr (%s", addr); while (n--) { src_addr = (uint32_t *) pkt_pull(pkt, sizeof(*src_addr)); if (src_addr == NULL) break; inet_ntop(AF_INET, src_addr, addr, sizeof(addr)); tprintf(", %s", addr); } tprintf(")"); } } tprintf(" ]\n"); } tprintf("\n"); }
static void dissect_igmp_v0(struct pkt_buff *pkt) { char addr[INET_ADDRSTRLEN]; uint16_t csum; static const char *reply_codes[] = { "Request Granted", "Request Denied, No Resources", "Request Denied, Invalid Code", "Request Denied, Invalid Group Address", "Request Denied, Invalid Access Key" }; struct igmp_v0_msg *msg = (struct igmp_v0_msg *) pkt_pull(pkt, sizeof(*msg)); if (msg == NULL) return; tprintf(" [ IGMPv0"); PRINT_FRIENDLY_NAMED_MSG_TYPE(msg->type); switch (msg->type) { case IGMP_V0_CREATE_GROUP_REQUEST: switch (msg->code) { case 0: tprintf(", Code (%u, %s)", msg->code, "Public"); break; case 1: tprintf(", Code (%u, %s)", msg->code, "Private"); break; default: tprintf(", Code (%u)", msg->code); } break; case IGMP_V0_CREATE_GROUP_REPLY: case IGMP_V0_JOIN_GROUP_REPLY: case IGMP_V0_LEAVE_GROUP_REPLY: case IGMP_V0_CONFIRM_GROUP_REPLY: if (msg->code < 5) tprintf(", Code (%u, %s)", msg->code, reply_codes[msg->code]); else tprintf(", Code (%u, Request Pending, Retry In %u Seconds)", msg->code, msg->code); break; default: tprintf(", Code (%u)", msg->code); } csum = calc_csum(msg, sizeof(*msg) + pkt_len(pkt), 0); tprintf(", CSum (0x%.4x) is %s", ntohs(msg->checksum), csum ? colorize_start_full(black, red) "bogus (!)" colorize_end() : "ok"); if (csum) tprintf(" - %s should be %x%s", colorize_start_full(black, red), csum_expected(msg->checksum, csum), colorize_end()); tprintf(", Id (%u)", ntohs(msg->identifier)); inet_ntop(AF_INET, &msg->group_address, addr, sizeof(addr)); tprintf(", Group Addr (%s)", addr); tprintf(", Access Key (0x%.16lx)", msg->access_key); tprintf(" ]\n"); }