1 /*
2  * Copyright (c) 1988, 1989, 1990, 1991, 1992, 1993, 1994
3  *	The Regents of the University of California.  All rights reserved.
4  *
5  * Redistribution and use in source and binary forms, with or without
6  * modification, are permitted provided that: (1) source code distributions
7  * retain the above copyright notice and this paragraph in its entirety, (2)
8  * distributions including binary code include the above copyright notice and
9  * this paragraph in its entirety in the documentation or other materials
10  * provided with the distribution, and (3) all advertising materials mentioning
11  * features or use of this software display the following acknowledgement:
12  * ``This product includes software developed by the University of California,
13  * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of
14  * the University nor the names of its contributors may be used to endorse
15  * or promote products derived from this software without specific prior
16  * written permission.
17  * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED
18  * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
19  * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
20  */
21 
22 /* \summary: IPv6 printer */
23 
24 #ifdef HAVE_CONFIG_H
25 #include "config.h"
26 #endif
27 
28 #include <netdissect-stdinc.h>
29 
30 #include <string.h>
31 
32 #include "netdissect.h"
33 #include "addrtoname.h"
34 #include "extract.h"
35 
36 #include "ip6.h"
37 #include "ipproto.h"
38 
39 /*
40  * If routing headers are presend and valid, set dst to the final destination.
41  * Otherwise, set it to the IPv6 destination.
42  *
43  * This is used for UDP and TCP pseudo-header in the checksum
44  * calculation.
45  */
46 static void
ip6_finddst(netdissect_options * ndo,struct in6_addr * dst,const struct ip6_hdr * ip6)47 ip6_finddst(netdissect_options *ndo, struct in6_addr *dst,
48             const struct ip6_hdr *ip6)
49 {
50 	const u_char *cp;
51 	int advance;
52 	u_int nh;
53 	const struct in6_addr *dst_addr;
54 	const struct ip6_rthdr *dp;
55 	const struct ip6_rthdr0 *dp0;
56 	const struct in6_addr *addr;
57 	int i, len;
58 
59 	cp = (const u_char *)ip6;
60 	advance = sizeof(struct ip6_hdr);
61 	nh = ip6->ip6_nxt;
62 	dst_addr = &ip6->ip6_dst;
63 
64 	while (cp < ndo->ndo_snapend) {
65 		cp += advance;
66 
67 		switch (nh) {
68 
69 		case IPPROTO_HOPOPTS:
70 		case IPPROTO_DSTOPTS:
71 		case IPPROTO_MOBILITY_OLD:
72 		case IPPROTO_MOBILITY:
73 			/*
74 			 * These have a header length byte, following
75 			 * the next header byte, giving the length of
76 			 * the header, in units of 8 octets, excluding
77 			 * the first 8 octets.
78 			 */
79 			ND_TCHECK2(*cp, 2);
80 			advance = (int)((*(cp + 1) + 1) << 3);
81 			nh = *cp;
82 			break;
83 
84 		case IPPROTO_FRAGMENT:
85 			/*
86 			 * The byte following the next header byte is
87 			 * marked as reserved, and the header is always
88 			 * the same size.
89 			 */
90 			ND_TCHECK2(*cp, 1);
91 			advance = sizeof(struct ip6_frag);
92 			nh = *cp;
93 			break;
94 
95 		case IPPROTO_ROUTING:
96 			/*
97 			 * OK, we found it.
98 			 */
99 			dp = (const struct ip6_rthdr *)cp;
100 			ND_TCHECK(*dp);
101 			len = dp->ip6r_len;
102 			switch (dp->ip6r_type) {
103 
104 			case IPV6_RTHDR_TYPE_0:
105 			case IPV6_RTHDR_TYPE_2:		/* Mobile IPv6 ID-20 */
106 				dp0 = (const struct ip6_rthdr0 *)dp;
107 				if (len % 2 == 1)
108 					goto trunc;
109 				len >>= 1;
110 				addr = &dp0->ip6r0_addr[0];
111 				for (i = 0; i < len; i++) {
112 					if ((const u_char *)(addr + 1) > ndo->ndo_snapend)
113 						goto trunc;
114 
115 					dst_addr = addr;
116 					addr++;
117 				}
118 				break;
119 
120 			default:
121 				break;
122 			}
123 
124 			/*
125 			 * Only one routing header to a customer.
126 			 */
127 			goto done;
128 
129 		case IPPROTO_AH:
130 		case IPPROTO_ESP:
131 		case IPPROTO_IPCOMP:
132 		default:
133 			/*
134 			 * AH and ESP are, in the RFCs that describe them,
135 			 * described as being "viewed as an end-to-end
136 			 * payload" "in the IPv6 context, so that they
137 			 * "should appear after hop-by-hop, routing, and
138 			 * fragmentation extension headers".  We assume
139 			 * that's the case, and stop as soon as we see
140 			 * one.  (We can't handle an ESP header in
141 			 * the general case anyway, as its length depends
142 			 * on the encryption algorithm.)
143 			 *
144 			 * IPComp is also "viewed as an end-to-end
145 			 * payload" "in the IPv6 context".
146 			 *
147 			 * All other protocols are assumed to be the final
148 			 * protocol.
149 			 */
150 			goto done;
151 		}
152 	}
153 
154 done:
155 trunc:
156 	UNALIGNED_MEMCPY(dst, dst_addr, sizeof(struct in6_addr));
157 }
158 
159 /*
160  * Compute a V6-style checksum by building a pseudoheader.
161  */
162 int
nextproto6_cksum(netdissect_options * ndo,const struct ip6_hdr * ip6,const uint8_t * data,u_int len,u_int covlen,u_int next_proto)163 nextproto6_cksum(netdissect_options *ndo,
164                  const struct ip6_hdr *ip6, const uint8_t *data,
165 		 u_int len, u_int covlen, u_int next_proto)
166 {
167         struct {
168                 struct in6_addr ph_src;
169                 struct in6_addr ph_dst;
170                 uint32_t       ph_len;
171                 uint8_t        ph_zero[3];
172                 uint8_t        ph_nxt;
173         } ph;
174         struct cksum_vec vec[2];
175 
176         /* pseudo-header */
177         memset(&ph, 0, sizeof(ph));
178         UNALIGNED_MEMCPY(&ph.ph_src, &ip6->ip6_src, sizeof (struct in6_addr));
179         switch (ip6->ip6_nxt) {
180 
181         case IPPROTO_HOPOPTS:
182         case IPPROTO_DSTOPTS:
183         case IPPROTO_MOBILITY_OLD:
184         case IPPROTO_MOBILITY:
185         case IPPROTO_FRAGMENT:
186         case IPPROTO_ROUTING:
187                 /*
188                  * The next header is either a routing header or a header
189                  * after which there might be a routing header, so scan
190                  * for a routing header.
191                  */
192                 ip6_finddst(ndo, &ph.ph_dst, ip6);
193                 break;
194 
195         default:
196                 UNALIGNED_MEMCPY(&ph.ph_dst, &ip6->ip6_dst, sizeof (struct in6_addr));
197                 break;
198         }
199         ph.ph_len = htonl(len);
200         ph.ph_nxt = next_proto;
201 
202         vec[0].ptr = (const uint8_t *)(void *)&ph;
203         vec[0].len = sizeof(ph);
204         vec[1].ptr = data;
205         vec[1].len = covlen;
206 
207         return in_cksum(vec, 2);
208 }
209 
210 /*
211  * print an IP6 datagram.
212  */
213 void
ip6_print(netdissect_options * ndo,const u_char * bp,u_int length)214 ip6_print(netdissect_options *ndo, const u_char *bp, u_int length)
215 {
216 	register const struct ip6_hdr *ip6;
217 	register int advance;
218 	u_int len;
219 	const u_char *ipend;
220 	register const u_char *cp;
221 	register u_int payload_len;
222 	int nh;
223 	int fragmented = 0;
224 	u_int flow;
225 
226 	ip6 = (const struct ip6_hdr *)bp;
227 
228 	ND_TCHECK(*ip6);
229 	if (length < sizeof (struct ip6_hdr)) {
230 		ND_PRINT((ndo, "truncated-ip6 %u", length));
231 		return;
232 	}
233 
234         if (!ndo->ndo_eflag)
235             ND_PRINT((ndo, "IP6 "));
236 
237 	if (IP6_VERSION(ip6) != 6) {
238           ND_PRINT((ndo,"version error: %u != 6", IP6_VERSION(ip6)));
239           return;
240 	}
241 
242 	payload_len = EXTRACT_16BITS(&ip6->ip6_plen);
243 	len = payload_len + sizeof(struct ip6_hdr);
244 	if (length < len)
245 		ND_PRINT((ndo, "truncated-ip6 - %u bytes missing!",
246 			len - length));
247 
248         if (ndo->ndo_vflag) {
249             flow = EXTRACT_32BITS(&ip6->ip6_flow);
250             ND_PRINT((ndo, "("));
251 #if 0
252             /* rfc1883 */
253             if (flow & 0x0f000000)
254 		ND_PRINT((ndo, "pri 0x%02x, ", (flow & 0x0f000000) >> 24));
255             if (flow & 0x00ffffff)
256 		ND_PRINT((ndo, "flowlabel 0x%06x, ", flow & 0x00ffffff));
257 #else
258             /* RFC 2460 */
259             if (flow & 0x0ff00000)
260 		ND_PRINT((ndo, "class 0x%02x, ", (flow & 0x0ff00000) >> 20));
261             if (flow & 0x000fffff)
262 		ND_PRINT((ndo, "flowlabel 0x%05x, ", flow & 0x000fffff));
263 #endif
264 
265             ND_PRINT((ndo, "hlim %u, next-header %s (%u) payload length: %u) ",
266                          ip6->ip6_hlim,
267                          tok2str(ipproto_values,"unknown",ip6->ip6_nxt),
268                          ip6->ip6_nxt,
269                          payload_len));
270         }
271 
272 	/*
273 	 * Cut off the snapshot length to the end of the IP payload.
274 	 */
275 	ipend = bp + len;
276 	if (ipend < ndo->ndo_snapend)
277 		ndo->ndo_snapend = ipend;
278 
279 	cp = (const u_char *)ip6;
280 	advance = sizeof(struct ip6_hdr);
281 	nh = ip6->ip6_nxt;
282 	while (cp < ndo->ndo_snapend && advance > 0) {
283 		if (len < (u_int)advance)
284 			goto trunc;
285 		cp += advance;
286 		len -= advance;
287 
288 		if (cp == (const u_char *)(ip6 + 1) &&
289 		    nh != IPPROTO_TCP && nh != IPPROTO_UDP &&
290 		    nh != IPPROTO_DCCP && nh != IPPROTO_SCTP) {
291 			ND_PRINT((ndo, "%s > %s: ", ip6addr_string(ndo, &ip6->ip6_src),
292 				     ip6addr_string(ndo, &ip6->ip6_dst)));
293 		}
294 
295 		switch (nh) {
296 		case IPPROTO_HOPOPTS:
297 			advance = hbhopt_print(ndo, cp);
298 			if (advance < 0)
299 				return;
300 			nh = *cp;
301 			break;
302 		case IPPROTO_DSTOPTS:
303 			advance = dstopt_print(ndo, cp);
304 			if (advance < 0)
305 				return;
306 			nh = *cp;
307 			break;
308 		case IPPROTO_FRAGMENT:
309 			advance = frag6_print(ndo, cp, (const u_char *)ip6);
310 			if (advance < 0 || ndo->ndo_snapend <= cp + advance)
311 				return;
312 			nh = *cp;
313 			fragmented = 1;
314 			break;
315 
316 		case IPPROTO_MOBILITY_OLD:
317 		case IPPROTO_MOBILITY:
318 			/*
319 			 * XXX - we don't use "advance"; RFC 3775 says that
320 			 * the next header field in a mobility header
321 			 * should be IPPROTO_NONE, but speaks of
322 			 * the possiblity of a future extension in
323 			 * which payload can be piggybacked atop a
324 			 * mobility header.
325 			 */
326 			advance = mobility_print(ndo, cp, (const u_char *)ip6);
327 			if (advance < 0)
328 				return;
329 			nh = *cp;
330 			return;
331 		case IPPROTO_ROUTING:
332 			ND_TCHECK(*cp);
333 			advance = rt6_print(ndo, cp, (const u_char *)ip6);
334 			if (advance < 0)
335 				return;
336 			nh = *cp;
337 			break;
338 		case IPPROTO_SCTP:
339 			sctp_print(ndo, cp, (const u_char *)ip6, len);
340 			return;
341 		case IPPROTO_DCCP:
342 			dccp_print(ndo, cp, (const u_char *)ip6, len);
343 			return;
344 		case IPPROTO_TCP:
345 			tcp_print(ndo, cp, len, (const u_char *)ip6, fragmented);
346 			return;
347 		case IPPROTO_UDP:
348 			udp_print(ndo, cp, len, (const u_char *)ip6, fragmented);
349 			return;
350 		case IPPROTO_ICMPV6:
351 			icmp6_print(ndo, cp, len, (const u_char *)ip6, fragmented);
352 			return;
353 		case IPPROTO_AH:
354 			advance = ah_print(ndo, cp);
355 			if (advance < 0)
356 				return;
357 			nh = *cp;
358 			break;
359 		case IPPROTO_ESP:
360 		    {
361 			int enh, padlen;
362 			advance = esp_print(ndo, cp, len, (const u_char *)ip6, &enh, &padlen);
363 			if (advance < 0)
364 				return;
365 			nh = enh & 0xff;
366 			len -= padlen;
367 			break;
368 		    }
369 		case IPPROTO_IPCOMP:
370 		    {
371 			ipcomp_print(ndo, cp);
372 			/*
373 			 * Either this has decompressed the payload and
374 			 * printed it, in which case there's nothing more
375 			 * to do, or it hasn't, in which case there's
376 			 * nothing more to do.
377 			 */
378 			advance = -1;
379 			break;
380 		    }
381 
382 		case IPPROTO_PIM:
383 			pim_print(ndo, cp, len, (const u_char *)ip6);
384 			return;
385 
386 		case IPPROTO_OSPF:
387 			ospf6_print(ndo, cp, len);
388 			return;
389 
390 		case IPPROTO_IPV6:
391 			ip6_print(ndo, cp, len);
392 			return;
393 
394 		case IPPROTO_IPV4:
395 		        ip_print(ndo, cp, len);
396 			return;
397 
398                 case IPPROTO_PGM:
399                         pgm_print(ndo, cp, len, (const u_char *)ip6);
400                         return;
401 
402 		case IPPROTO_GRE:
403 			gre_print(ndo, cp, len);
404 			return;
405 
406 		case IPPROTO_RSVP:
407 			rsvp_print(ndo, cp, len);
408 			return;
409 
410 		case IPPROTO_NONE:
411 			ND_PRINT((ndo, "no next header"));
412 			return;
413 
414 		default:
415 			ND_PRINT((ndo, "ip-proto-%d %d", nh, len));
416 			return;
417 		}
418 	}
419 
420 	return;
421 trunc:
422 	ND_PRINT((ndo, "[|ip6]"));
423 }
424