1 /*
   2  * CDDL HEADER START
   3  *
   4  * The contents of this file are subject to the terms of the
   5  * Common Development and Distribution License (the "License").
   6  * You may not use this file except in compliance with the License.
   7  *
   8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
   9  * or http://www.opensolaris.org/os/licensing.
  10  * See the License for the specific language governing permissions
  11  * and limitations under the License.
  12  *
  13  * When distributing Covered Code, include this CDDL HEADER in each
  14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
  15  * If applicable, add the following below this CDDL HEADER, with the
  16  * fields enclosed by brackets "[]" replaced with your own identifying
  17  * information: Portions Copyright [yyyy] [name of copyright owner]
  18  *
  19  * CDDL HEADER END
  20  */
  21 /*
  22  * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
  23  * Use is subject to license terms.
  24  */
  25 
  26 #include <stdio.h>
  27 #include <stdlib.h>
  28 #include <ctype.h>
  29 #include <string.h>
  30 #include <fcntl.h>
  31 #include <string.h>
  32 #include <strings.h>
  33 #include <sys/types.h>
  34 #include <sys/sysmacros.h>
  35 #include <sys/time.h>
  36 
  37 #include <sys/socket.h>
  38 #include <sys/sockio.h>
  39 #include <net/if.h>
  40 #include <netinet/in_systm.h>
  41 #include <netinet/in.h>
  42 #include <netinet/ip.h>
  43 #include <netinet/ip_icmp.h>
  44 #include <netinet/icmp6.h>
  45 #include <netinet/if_ether.h>
  46 #include <inet/ipsecesp.h>
  47 #include <inet/ipsecah.h>
  48 #include "snoop.h"
  49 
  50 /* ARGSUSED */
  51 int
  52 interpret_esp(int flags, uint8_t *hdr, int iplen, int fraglen)
  53 {
  54         /* LINTED: alignment */
  55         esph_t *esph = (esph_t *)hdr;
  56         esph_t *aligned_esph;
  57         esph_t storage; /* In case hdr isn't aligned. */
  58         char *line;
  59 
  60         if (fraglen < sizeof (esph_t))
  61                 return (fraglen);       /* incomplete header */
  62 
  63         if (!IS_P2ALIGNED(hdr, 4)) {
  64                 aligned_esph = &storage;
  65                 bcopy(hdr, aligned_esph, sizeof (esph_t));
  66         } else {
  67                 aligned_esph = esph;
  68         }
  69 
  70         if (flags & F_SUM) {
  71                 line = (char *)get_sum_line();
  72                 /*
  73                  * sprintf() is safe because line guarantees us 80 columns,
  74                  * and SPI and replay certainly won't exceed that.
  75                  */
  76                 (void) sprintf(line, "ESP SPI=0x%x Replay=%u",
  77                     ntohl(aligned_esph->esph_spi),
  78                     ntohl(aligned_esph->esph_replay));
  79                 line += strlen(line);
  80         }
  81 
  82         if (flags & F_DTAIL) {
  83                 show_header("ESP:  ", "Encapsulating Security Payload",
  84                     sizeof (esph_t));
  85                 show_space();
  86                 /*
  87                  * sprintf() is safe because get_line guarantees us 80 columns,
  88                  * and SPI and replay certainly won't exceed that.
  89                  */
  90                 (void) sprintf(get_line((char *)&esph->esph_spi - dlc_header,
  91                     4), "SPI = 0x%x", ntohl(aligned_esph->esph_spi));
  92                 (void) sprintf(get_line((char *)&esph->esph_replay -
  93                     dlc_header, 4), "Replay = %u",
  94                     ntohl(aligned_esph->esph_replay));
  95                 (void) sprintf(get_line((char *)(esph + 1) - dlc_header,
  96                     4), "   ....ENCRYPTED DATA....");
  97         }
  98 
  99         return (sizeof (esph_t));
 100 }
 101 
 102 int
 103 interpret_ah(int flags, uint8_t *hdr, int iplen, int fraglen)
 104 {
 105         /* LINTED: alignment */
 106         ah_t *ah = (ah_t *)hdr;
 107         ah_t *aligned_ah;
 108         ah_t storage;   /* In case hdr isn't aligned. */
 109         char *line, *buff;
 110         uint_t ahlen, auth_data_len;
 111         uint8_t *auth_data, *data;
 112         int new_iplen;
 113         uint8_t proto;
 114 
 115         if (fraglen < sizeof (ah_t))
 116                 return (fraglen);               /* incomplete header */
 117 
 118         if (!IS_P2ALIGNED(hdr, 4)) {
 119                 aligned_ah = (ah_t *)&storage;
 120                 bcopy(hdr, &storage, sizeof (ah_t));
 121         } else {
 122                 aligned_ah = ah;
 123         }
 124 
 125         /*
 126          * "+ 8" is for the "constant" part that's not included in the AH
 127          * length.
 128          *
 129          * The AH RFC specifies the length field in "length in 4-byte units,
 130          * not counting the first 8 bytes".  So if an AH is 24 bytes long,
 131          * the length field will contain "4".  (4 * 4 + 8 == 24).
 132          */
 133         ahlen = (aligned_ah->ah_length << 2) + 8;
 134         fraglen -= ahlen;
 135         if (fraglen < 0)
 136                 return (fraglen + ahlen);       /* incomplete header */
 137 
 138         auth_data_len = ahlen - sizeof (ah_t);
 139         auth_data = (uint8_t *)(ah + 1);
 140         data = auth_data + auth_data_len;
 141 
 142         if (flags & F_SUM) {
 143                 line = (char *)get_sum_line();
 144                 (void) sprintf(line, "AH SPI=0x%x Replay=%u",
 145                     ntohl(aligned_ah->ah_spi), ntohl(aligned_ah->ah_replay));
 146                 line += strlen(line);
 147         }
 148 
 149         if (flags & F_DTAIL) {
 150                 show_header("AH:  ", "Authentication Header", ahlen);
 151                 show_space();
 152                 (void) sprintf(get_line((char *)&ah->ah_nexthdr - dlc_header,
 153                     1), "Next header = %d (%s)", aligned_ah->ah_nexthdr,
 154                     getproto(aligned_ah->ah_nexthdr));
 155                 (void) sprintf(get_line((char *)&ah->ah_length - dlc_header, 1),
 156                     "AH length = %d (%d bytes)", aligned_ah->ah_length, ahlen);
 157                 (void) sprintf(get_line((char *)&ah->ah_reserved - dlc_header,
 158                     2), "<Reserved field = 0x%x>",
 159                     ntohs(aligned_ah->ah_reserved));
 160                 (void) sprintf(get_line((char *)&ah->ah_spi - dlc_header, 4),
 161                     "SPI = 0x%x", ntohl(aligned_ah->ah_spi));
 162                 (void) sprintf(get_line((char *)&ah->ah_replay - dlc_header, 4),
 163                     "Replay = %u", ntohl(aligned_ah->ah_replay));
 164 
 165                 /*
 166                  * 2 for two hex digits per auth_data byte
 167                  * plus one byte for trailing null byte.
 168                  */
 169                 buff = malloc(auth_data_len * 2 + 1);
 170                 if (buff != NULL) {
 171                         int i;
 172 
 173                         for (i = 0; i < auth_data_len; i++)
 174                                 sprintf(buff + i * 2, "%02x", auth_data[i]);
 175                 }
 176 
 177                 (void) sprintf(get_line((char *)auth_data - dlc_header,
 178                     auth_data_len), "ICV = %s",
 179                     (buff == NULL) ? "<out of memory>" : buff);
 180 
 181                 /* malloc(3c) says I can call free even if buff == NULL */
 182                 free(buff);
 183 
 184                 show_space();
 185         }
 186 
 187         new_iplen = iplen - ahlen;
 188         proto = aligned_ah->ah_nexthdr;
 189 
 190         /*
 191          * Print IPv6 Extension Headers, or skip them in the summary case.
 192          */
 193         if (proto == IPPROTO_HOPOPTS || proto == IPPROTO_DSTOPTS ||
 194             proto == IPPROTO_ROUTING || proto == IPPROTO_FRAGMENT) {
 195                 (void) print_ipv6_extensions(flags, &data, &proto, &iplen,
 196                     &fraglen);
 197         }
 198 
 199         if (fraglen > 0)
 200                 switch (proto) {
 201                         case IPPROTO_ENCAP:
 202                                 /* LINTED: alignment */
 203                                 (void) interpret_ip(flags, (struct ip *)data,
 204                                     new_iplen);
 205                                 break;
 206                         case IPPROTO_IPV6:
 207                                 (void) interpret_ipv6(flags, (ip6_t *)data,
 208                                     new_iplen);
 209                                 break;
 210                         case IPPROTO_ICMP:
 211                                 (void) interpret_icmp(flags,
 212                                     /* LINTED: alignment */
 213                                     (struct icmp *)data, new_iplen, fraglen);
 214                                 break;
 215                         case IPPROTO_ICMPV6:
 216                                 /* LINTED: alignment */
 217                                 (void) interpret_icmpv6(flags, (icmp6_t *)data,
 218                                     new_iplen, fraglen);
 219                                 break;
 220                         case IPPROTO_TCP:
 221                                 (void) interpret_tcp(flags,
 222                                     (struct tcphdr *)data, new_iplen, fraglen);
 223                                 break;
 224 
 225                         case IPPROTO_ESP:
 226                                 (void) interpret_esp(flags, data, new_iplen,
 227                                     fraglen);
 228                                 break;
 229 
 230                         case IPPROTO_AH:
 231                                 (void) interpret_ah(flags, data, new_iplen,
 232                                     fraglen);
 233                                 break;
 234 
 235                         case IPPROTO_UDP:
 236                                 (void) interpret_udp(flags,
 237                                     (struct udphdr *)data, new_iplen, fraglen);
 238                                 break;
 239                         case IPPROTO_DCCP:
 240                                 (void) interpret_dccp(flags,
 241                                     (struct dccphdr *)data, new_iplen, fraglen);
 242                                 break;
 243                         /* default case is to not print anything else */
 244                 }
 245 
 246         return (ahlen);
 247 }