]> The Tcpdump Group git mirrors - tcpdump/blob - print-domain.c
projects / tcpdump / blob
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Revert partially the commit 21b1273
[tcpdump] / print-domain.c
1 /*
2 * Copyright (c) 1988, 1989, 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997
3 * The Regents of the University of California. All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that: (1) source code distributions
7 * retain the above copyright notice and this paragraph in its entirety, (2)
8 * distributions including binary code include the above copyright notice and
9 * this paragraph in its entirety in the documentation or other materials
10 * provided with the distribution, and (3) all advertising materials mentioning
11 * features or use of this software display the following acknowledgement:
12 * ``This product includes software developed by the University of California,
13 * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of
14 * the University nor the names of its contributors may be used to endorse
15 * or promote products derived from this software without specific prior
16 * written permission.
17 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED
18 * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
19 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
20 */
21
22 /* \summary: Domain Name System (DNS) printer */
23
24 #ifdef HAVE_CONFIG_H
25 #include <config.h>
26 #endif
27
28 #include "netdissect-stdinc.h"
29
30 #include <string.h>
31
32 #include "netdissect.h"
33 #include "addrtoname.h"
34 #include "addrtostr.h"
35 #include "extract.h"
36
37 #include "nameser.h"
38
39 static const char *ns_ops[] = {
40 "", " inv_q", " stat", " op3", " notify", " update", " op6", " op7",
41 " op8", " updateA", " updateD", " updateDA",
42 " updateM", " updateMA", " zoneInit", " zoneRef",
43 };
44
45 static const char *ns_resp[] = {
46 "", " FormErr", " ServFail", " NXDomain",
47 " NotImp", " Refused", " YXDomain", " YXRRSet",
48 " NXRRSet", " NotAuth", " NotZone", " Resp11",
49 " Resp12", " Resp13", " Resp14", " NoChange",
50 " BadVers", "Resp17", " Resp18", " Resp19",
51 " Resp20", "Resp21", " Resp22", " BadCookie",
52 };
53
54 static const char *
55 ns_rcode(u_int rcode) {
56 static char buf[sizeof(" Resp4095")];
57
58 if (rcode < sizeof(ns_resp)/sizeof(ns_resp[0])) {
59 return (ns_resp[rcode]);
60 }
61 snprintf(buf, sizeof(buf), " Resp%u", rcode & 0xfff);
62 return (buf);
63 }
64
65 /* skip over a domain name */
66 static const u_char *
67 ns_nskip(netdissect_options *ndo,
68 const u_char *cp)
69 {
70 u_char i;
71
72 if (!ND_TTEST_1(cp))
73 return (NULL);
74 i = GET_U_1(cp);
75 cp++;
76 while (i) {
77 if ((i & INDIR_MASK) == INDIR_MASK)
78 return (cp + 1);
79 if ((i & INDIR_MASK) == EDNS0_MASK) {
80 int bitlen, bytelen;
81
82 if ((i & ~INDIR_MASK) != EDNS0_ELT_BITLABEL)
83 return(NULL); /* unknown ELT */
84 if (!ND_TTEST_1(cp))
85 return (NULL);
86 if ((bitlen = GET_U_1(cp)) == 0)
87 bitlen = 256;
88 cp++;
89 bytelen = (bitlen + 7) / 8;
90 cp += bytelen;
91 } else
92 cp += i;
93 if (!ND_TTEST_1(cp))
94 return (NULL);
95 i = GET_U_1(cp);
96 cp++;
97 }
98 return (cp);
99 }
100
101 static const u_char *
102 blabel_print(netdissect_options *ndo,
103 const u_char *cp)
104 {
105 u_int bitlen, slen, b;
106 const u_char *bitp, *lim;
107 uint8_t tc;
108
109 if (!ND_TTEST_1(cp))
110 return(NULL);
111 if ((bitlen = GET_U_1(cp)) == 0)
112 bitlen = 256;
113 slen = (bitlen + 3) / 4;
114 lim = cp + 1 + slen;
115
116 /* print the bit string as a hex string */
117 ND_PRINT("\\[x");
118 for (bitp = cp + 1, b = bitlen; bitp < lim && b > 7; b -= 8, bitp++) {
119 ND_PRINT("%02x", GET_U_1(bitp));
120 }
121 if (b > 4) {
122 tc = GET_U_1(bitp);
123 bitp++;
124 ND_PRINT("%02x", tc & (0xff << (8 - b)));
125 } else if (b > 0) {
126 tc = GET_U_1(bitp);
127 bitp++;
128 ND_PRINT("%1x", ((tc >> 4) & 0x0f) & (0x0f << (4 - b)));
129 }
130 ND_PRINT("/%u]", bitlen);
131 return lim;
132 }
133
134 static int
135 labellen(netdissect_options *ndo,
136 const u_char *cp)
137 {
138 u_int i;
139
140 if (!ND_TTEST_1(cp))
141 return(-1);
142 i = GET_U_1(cp);
143 if ((i & INDIR_MASK) == EDNS0_MASK) {
144 u_int bitlen, elt;
145 if ((elt = (i & ~INDIR_MASK)) != EDNS0_ELT_BITLABEL) {
146 ND_PRINT("<ELT %d>", elt);
147 return(-1);
148 }
149 if (!ND_TTEST_1(cp + 1))
150 return(-1);
151 if ((bitlen = GET_U_1(cp + 1)) == 0)
152 bitlen = 256;
153 return(((bitlen + 7) / 8) + 1);
154 } else
155 return(i);
156 }
157
158 /* print a <domain-name> */
159 const u_char *
160 fqdn_print(netdissect_options *ndo,
161 const u_char *cp, const u_char *bp)
162 {
163 u_int i, l;
164 const u_char *rp = NULL;
165 int compress = 0;
166 u_int elt;
167 u_int offset, max_offset;
168
169 if ((l = labellen(ndo, cp)) == (u_int)-1)
170 return(NULL);
171 if (!ND_TTEST_1(cp))
172 return(NULL);
173 max_offset = (u_int)(cp - bp);
174 i = GET_U_1(cp);
175 cp++;
176 if ((i & INDIR_MASK) != INDIR_MASK) {
177 compress = 0;
178 rp = cp + l;
179 }
180
181 if (i != 0)
182 while (i && cp < ndo->ndo_snapend) {
183 if ((i & INDIR_MASK) == INDIR_MASK) {
184 if (!compress) {
185 rp = cp + 1;
186 compress = 1;
187 }
188 if (!ND_TTEST_1(cp))
189 return(NULL);
190 offset = (((i << 8) | GET_U_1(cp)) & 0x3fff);
191 /*
192 * This must move backwards in the packet.
193 * No RFC explicitly says that, but BIND's
194 * name decompression code requires it,
195 * as a way of preventing infinite loops
196 * and other bad behavior, and it's probably
197 * what was intended (compress by pointing
198 * to domain name suffixes already seen in
199 * the packet).
200 */
201 if (offset >= max_offset) {
202 ND_PRINT("<BAD PTR>");
203 return(NULL);
204 }
205 max_offset = offset;
206 cp = bp + offset;
207 if ((l = labellen(ndo, cp)) == (u_int)-1)
208 return(NULL);
209 if (!ND_TTEST_1(cp))
210 return(NULL);
211 i = GET_U_1(cp);
212 cp++;
213 continue;
214 }
215 if ((i & INDIR_MASK) == EDNS0_MASK) {
216 elt = (i & ~INDIR_MASK);
217 switch(elt) {
218 case EDNS0_ELT_BITLABEL:
219 if (blabel_print(ndo, cp) == NULL)
220 return (NULL);
221 break;
222 default:
223 /* unknown ELT */
224 ND_PRINT("<ELT %u>", elt);
225 return(NULL);
226 }
227 } else {
228 if (nd_printn(ndo, cp, l, ndo->ndo_snapend))
229 return(NULL);
230 }
231
232 cp += l;
233 ND_PRINT(".");
234 if ((l = labellen(ndo, cp)) == (u_int)-1)
235 return(NULL);
236 if (!ND_TTEST_1(cp))
237 return(NULL);
238 i = GET_U_1(cp);
239 cp++;
240 if (!compress)
241 rp += l + 1;
242 }
243 else
244 ND_PRINT(".");
245 return (rp);
246 }
247
248 /* print a <character-string> */
249 static const u_char *
250 ns_cprint(netdissect_options *ndo,
251 const u_char *cp)
252 {
253 u_int i;
254
255 if (!ND_TTEST_1(cp))
256 return (NULL);
257 i = GET_U_1(cp);
258 cp++;
259 if (nd_printn(ndo, cp, i, ndo->ndo_snapend))
260 return (NULL);
261 return (cp + i);
262 }
263
264 static void
265 print_eopt_ecs(netdissect_options *ndo, const u_char *cp,
266 u_int data_len)
267 {
268 u_int family, addr_bits, src_len, scope_len;
269
270 u_char padded[32];
271 char addr[INET6_ADDRSTRLEN];
272
273 /* ecs option must at least contain family, src len, and scope len */
274 if (data_len < 4) {
275 nd_print_invalid(ndo);
276 return;
277 }
278
279 family = GET_BE_U_2(cp);
280 cp += 2;
281 src_len = GET_U_1(cp);
282 cp += 1;
283 scope_len = GET_U_1(cp);
284 cp += 1;
285
286 if (family == 1)
287 addr_bits = 32;
288 else if (family == 2)
289 addr_bits = 128;
290 else {
291 nd_print_invalid(ndo);
292 return;
293 }
294
295 if (data_len - 4 > (addr_bits / 8)) {
296 nd_print_invalid(ndo);
297 return;
298 }
299 /* checks for invalid ecs scope or source length */
300 if (src_len > addr_bits || scope_len > addr_bits || ((src_len + 7) / 8) != (data_len - 4)) {
301 nd_print_invalid(ndo);
302 return;
303 }
304
305 /* pad the truncated address from ecs with zeros */
306 memset(padded, 0, sizeof(padded));
307 memcpy(padded, cp, data_len - 4);
308
309
310 if (family == 1)
311 ND_PRINT("%s/%d/%d", addrtostr(padded, addr, INET_ADDRSTRLEN),
312 src_len, scope_len);
313 else
314 ND_PRINT("%s/%d/%d", addrtostr6(padded, addr, INET6_ADDRSTRLEN),
315 src_len, scope_len);
316
317 }
318
319 extern const struct tok edns_opt2str[];
320 extern const struct tok dau_alg2str[];
321 extern const struct tok dhu_alg2str[];
322 extern const struct tok n3u_alg2str[];
323
324
325 /* print an <EDNS-option> */
326 static const u_char *
327 eopt_print(netdissect_options *ndo,
328 const u_char *cp)
329 {
330 u_int opt, data_len, i;
331
332 if (!ND_TTEST_2(cp))
333 return (NULL);
334 opt = GET_BE_U_2(cp);
335 cp += 2;
336 ND_PRINT("%s", tok2str(edns_opt2str, "Opt%u", opt));
337 if (!ND_TTEST_2(cp))
338 return (NULL);
339 data_len = GET_BE_U_2(cp);
340 cp += 2;
341
342 ND_TCHECK_LEN(cp, data_len);
343
344 if (data_len > 0) {
345 ND_PRINT(" ");
346 switch (opt) {
347
348 case E_ECS:
349 print_eopt_ecs(ndo, cp, data_len);
350 break;
351 case E_COOKIE:
352 if (data_len < 8 || (data_len > 8 && data_len < 16) || data_len > 40)
353 nd_print_invalid(ndo);
354 else {
355 for (i = 0; i < data_len; ++i) {
356 /* split client and server cookie */
357 if (i == 8)
358 ND_PRINT(" ");
359 ND_PRINT("%02x", GET_U_1(cp + i));
360 }
361 }
362 break;
363 case E_KEEPALIVE:
364 if (data_len != 2)
365 nd_print_invalid(ndo);
366 else
367 /* keepalive is in increments of 100ms. Convert to seconds */
368 ND_PRINT("%0.1f sec", (GET_BE_U_2(cp) / 10.0));
369 break;
370 case E_EXPIRE:
371 if (data_len != 4)
372 nd_print_invalid(ndo);
373 else
374 ND_PRINT("%u sec", GET_BE_U_4(cp));
375 break;
376 case E_PADDING:
377 /* ignore contents and just print length */
378 ND_PRINT("(%u)", data_len);
379 break;
380 case E_KEYTAG:
381 if (data_len % 2 != 0)
382 nd_print_invalid(ndo);
383 else
384 for (i = 0; i < data_len; i += 2) {
385 if (i > 0)
386 ND_PRINT(" ");
387 ND_PRINT("%u", GET_BE_U_2(cp + i));
388 }
389 break;
390 case E_DAU:
391 for (i = 0; i < data_len; ++i) {
392 if (i > 0)
393 ND_PRINT(" ");
394 ND_PRINT("%s", tok2str(dau_alg2str, "Alg_%u", GET_U_1(cp + i)));
395 }
396 break;
397 case E_DHU:
398 for (i = 0; i < data_len; ++i) {
399 if (i > 0)
400 ND_PRINT(" ");
401 ND_PRINT("%s", tok2str(dhu_alg2str, "Alg_%u", GET_U_1(cp + i)));
402 }
403 break;
404 case E_N3U:
405 for (i = 0; i < data_len; ++i) {
406 if (i > 0)
407 ND_PRINT(" ");
408 ND_PRINT("%s", tok2str(n3u_alg2str, "Alg_%u", GET_U_1(cp + i)));
409 }
410 break;
411 case E_CHAIN:
412 fqdn_print(ndo, cp, cp + data_len);
413 break;
414 case E_NSID:
415 /* intentional fall-through. NSID is an undefined byte string */
416 default:
417 for (i = 0; i < data_len; ++i)
418 ND_PRINT("%02x", GET_U_1(cp + i));
419 break;
420 }
421 }
422 return (cp + data_len);
423
424 trunc:
425 return (NULL);
426
427 }
428
429
430
431 extern const struct tok ns_type2str[];
432
433 /* https://www.iana.org/assignments/dns-parameters */
434 const struct tok ns_type2str[] = {
435 { T_A, "A" }, /* RFC 1035 */
436 { T_NS, "NS" }, /* RFC 1035 */
437 { T_MD, "MD" }, /* RFC 1035 */
438 { T_MF, "MF" }, /* RFC 1035 */
439 { T_CNAME, "CNAME" }, /* RFC 1035 */
440 { T_SOA, "SOA" }, /* RFC 1035 */
441 { T_MB, "MB" }, /* RFC 1035 */
442 { T_MG, "MG" }, /* RFC 1035 */
443 { T_MR, "MR" }, /* RFC 1035 */
444 { T_NULL, "NULL" }, /* RFC 1035 */
445 { T_WKS, "WKS" }, /* RFC 1035 */
446 { T_PTR, "PTR" }, /* RFC 1035 */
447 { T_HINFO, "HINFO" }, /* RFC 1035 */
448 { T_MINFO, "MINFO" }, /* RFC 1035 */
449 { T_MX, "MX" }, /* RFC 1035 */
450 { T_TXT, "TXT" }, /* RFC 1035 */
451 { T_RP, "RP" }, /* RFC 1183 */
452 { T_AFSDB, "AFSDB" }, /* RFC 1183 */
453 { T_X25, "X25" }, /* RFC 1183 */
454 { T_ISDN, "ISDN" }, /* RFC 1183 */
455 { T_RT, "RT" }, /* RFC 1183 */
456 { T_NSAP, "NSAP" }, /* RFC 1706 */
457 { T_NSAP_PTR, "NSAP_PTR" },
458 { T_SIG, "SIG" }, /* RFC 2535 */
459 { T_KEY, "KEY" }, /* RFC 2535 */
460 { T_PX, "PX" }, /* RFC 2163 */
461 { T_GPOS, "GPOS" }, /* RFC 1712 */
462 { T_AAAA, "AAAA" }, /* RFC 1886 */
463 { T_LOC, "LOC" }, /* RFC 1876 */
464 { T_NXT, "NXT" }, /* RFC 2535 */
465 { T_EID, "EID" }, /* Nimrod */
466 { T_NIMLOC, "NIMLOC" }, /* Nimrod */
467 { T_SRV, "SRV" }, /* RFC 2782 */
468 { T_ATMA, "ATMA" }, /* ATM Forum */
469 { T_NAPTR, "NAPTR" }, /* RFC 2168, RFC 2915 */
470 { T_KX, "KX" }, /* RFC 2230 */
471 { T_CERT, "CERT" }, /* RFC 2538 */
472 { T_A6, "A6" }, /* RFC 2874 */
473 { T_DNAME, "DNAME" }, /* RFC 2672 */
474 { T_SINK, "SINK" },
475 { T_OPT, "OPT" }, /* RFC 2671 */
476 { T_APL, "APL" }, /* RFC 3123 */
477 { T_DS, "DS" }, /* RFC 4034 */
478 { T_SSHFP, "SSHFP" }, /* RFC 4255 */
479 { T_IPSECKEY, "IPSECKEY" }, /* RFC 4025 */
480 { T_RRSIG, "RRSIG" }, /* RFC 4034 */
481 { T_NSEC, "NSEC" }, /* RFC 4034 */
482 { T_DNSKEY, "DNSKEY" }, /* RFC 4034 */
483 { T_SPF, "SPF" }, /* RFC-schlitt-spf-classic-02.txt */
484 { T_UINFO, "UINFO" },
485 { T_UID, "UID" },
486 { T_GID, "GID" },
487 { T_UNSPEC, "UNSPEC" },
488 { T_UNSPECA, "UNSPECA" },
489 { T_TKEY, "TKEY" }, /* RFC 2930 */
490 { T_TSIG, "TSIG" }, /* RFC 2845 */
491 { T_IXFR, "IXFR" }, /* RFC 1995 */
492 { T_AXFR, "AXFR" }, /* RFC 1035 */
493 { T_MAILB, "MAILB" }, /* RFC 1035 */
494 { T_MAILA, "MAILA" }, /* RFC 1035 */
495 { T_ANY, "ANY" },
496 { T_URI, "URI" }, /* RFC 7553 */
497 { 0, NULL }
498 };
499
500 extern const struct tok ns_class2str[];
501
502 const struct tok ns_class2str[] = {
503 { C_IN, "IN" }, /* Not used */
504 { C_CHAOS, "CHAOS" },
505 { C_HS, "HS" },
506 { C_ANY, "ANY" },
507 { 0, NULL }
508 };
509
510 const struct tok edns_opt2str[] = {
511 { E_LLQ, "LLQ" },
512 { E_UL, "UL" },
513 { E_NSID, "NSID" },
514 { E_DAU, "DAU" },
515 { E_DHU, "DHU" },
516 { E_N3U, "N3U" },
517 { E_ECS, "ECS" },
518 { E_EXPIRE, "EXPIRE" },
519 { E_COOKIE, "COOKIE" },
520 { E_KEEPALIVE, "KEEPALIVE" },
521 { E_PADDING, "PADDING" },
522 { E_CHAIN, "CHAIN" },
523 { E_KEYTAG, "KEY-TAG" },
524 { E_CLIENTTAG, "CLIENT-TAG" },
525 { E_SERVERTAG, "SERVER-TAG" },
526 { 0, NULL }
527 };
528
529 const struct tok dau_alg2str[] = {
530 { A_DELETE, "DELETE" },
531 { A_RSAMD5, "RSAMD5" },
532 { A_DH, "DH" },
533 { A_DSA, "DS" },
534 { A_RSASHA1, "RSASHA1" },
535 { A_DSA_NSEC3_SHA1, "DSA-NSEC3-SHA1" },
536 { A_RSASHA1_NSEC3_SHA1, "RSASHA1-NSEC3-SHA1" },
537 { A_RSASHA256, "RSASHA256" },
538 { A_RSASHA512, "RSASHA512" },
539 { A_ECC_GOST, "ECC-GOST" },
540 { A_ECDSAP256SHA256, "ECDSAP256SHA256" },
541 { A_ECDSAP384SHA384, "ECDSAP384SHA384" },
542 { A_ED25519, "ED25519" },
543 { A_ED448, "ED448" },
544 { A_INDIRECT, "INDIRECT" },
545 { A_PRIVATEDNS, "PRIVATEDNS" },
546 { A_PRIVATEOID, "PRIVATEOID" },
547 { 0, NULL }
548 };
549
550 const struct tok dhu_alg2str[] = {
551 { DS_SHA1, "SHA-1" },
552 { DS_SHA256,"SHA-256" },
553 { DS_GOST, "GOST_R_34.11-94" },
554 { DS_SHA384,"SHA-384" },
555 { 0, NULL }
556 };
557
558 const struct tok n3u_alg2str[] = {
559 { NSEC_SHA1,"SHA-1" },
560 { 0, NULL }
561 };
562
563 /* print a query */
564 static const u_char *
565 ns_qprint(netdissect_options *ndo,
566 const u_char *cp, const u_char *bp, int is_mdns)
567 {
568 const u_char *np = cp;
569 u_int i, class;
570
571 cp = ns_nskip(ndo, cp);
572
573 if (cp == NULL || !ND_TTEST_4(cp))
574 return(NULL);
575
576 /* print the qtype */
577 i = GET_BE_U_2(cp);
578 cp += 2;
579 ND_PRINT(" %s", tok2str(ns_type2str, "Type%u", i));
580 /* print the qclass (if it's not IN) */
581 i = GET_BE_U_2(cp);
582 cp += 2;
583 if (is_mdns)
584 class = (i & ~C_QU);
585 else
586 class = i;
587 if (class != C_IN)
588 ND_PRINT(" %s", tok2str(ns_class2str, "(Class %u)", class));
589 if (is_mdns) {
590 ND_PRINT(i & C_QU ? " (QU)" : " (QM)");
591 }
592
593 ND_PRINT("? ");
594 cp = fqdn_print(ndo, np, bp);
595 return(cp ? cp + 4 : NULL);
596 }
597
598 /* print a reply */
599 static const u_char *
600 ns_rprint(netdissect_options *ndo,
601 const u_char *cp, const u_char *bp, int is_mdns)
602 {
603 u_int i, class, opt_flags = 0;
604 u_short typ, len;
605 const u_char *rp;
606
607 if (ndo->ndo_vflag) {
608 ND_PRINT(" ");
609 if ((cp = fqdn_print(ndo, cp, bp)) == NULL)
610 return NULL;
611 } else
612 cp = ns_nskip(ndo, cp);
613
614 if (cp == NULL || !ND_TTEST_LEN(cp, 10))
615 return (ndo->ndo_snapend);
616
617 /* print the type/qtype */
618 typ = GET_BE_U_2(cp);
619 cp += 2;
620 /* print the class (if it's not IN and the type isn't OPT) */
621 i = GET_BE_U_2(cp);
622 cp += 2;
623 if (is_mdns)
624 class = (i & ~C_CACHE_FLUSH);
625 else
626 class = i;
627 if (class != C_IN && typ != T_OPT)
628 ND_PRINT(" %s", tok2str(ns_class2str, "(Class %u)", class));
629 if (is_mdns) {
630 if (i & C_CACHE_FLUSH)
631 ND_PRINT(" (Cache flush)");
632 }
633
634 if (typ == T_OPT) {
635 /* get opt flags */
636 cp += 2;
637 opt_flags = GET_BE_U_2(cp);
638 /* ignore rest of ttl field */
639 cp += 2;
640 } else if (ndo->ndo_vflag > 2) {
641 /* print ttl */
642 ND_PRINT(" [");
643 unsigned_relts_print(ndo, GET_BE_U_4(cp));
644 ND_PRINT("]");
645 cp += 4;
646 } else {
647 /* ignore ttl */
648 cp += 4;
649 }
650
651 len = GET_BE_U_2(cp);
652 cp += 2;
653
654 rp = cp + len;
655
656 ND_PRINT(" %s", tok2str(ns_type2str, "Type%u", typ));
657 if (rp > ndo->ndo_snapend)
658 return(NULL);
659
660 switch (typ) {
661 case T_A:
662 if (!ND_TTEST_LEN(cp, sizeof(nd_ipv4)))
663 return(NULL);
664 ND_PRINT(" %s", intoa(GET_IPV4_TO_NETWORK_ORDER(cp)));
665 break;
666
667 case T_NS:
668 case T_CNAME:
669 case T_PTR:
670 #ifdef T_DNAME
671 case T_DNAME:
672 #endif
673 ND_PRINT(" ");
674 if (fqdn_print(ndo, cp, bp) == NULL)
675 return(NULL);
676 break;
677
678 case T_SOA:
679 if (!ndo->ndo_vflag)
680 break;
681 ND_PRINT(" ");
682 if ((cp = fqdn_print(ndo, cp, bp)) == NULL)
683 return(NULL);
684 ND_PRINT(" ");
685 if ((cp = fqdn_print(ndo, cp, bp)) == NULL)
686 return(NULL);
687 if (!ND_TTEST_LEN(cp, 5 * 4))
688 return(NULL);
689 ND_PRINT(" %u", GET_BE_U_4(cp));
690 cp += 4;
691 ND_PRINT(" %u", GET_BE_U_4(cp));
692 cp += 4;
693 ND_PRINT(" %u", GET_BE_U_4(cp));
694 cp += 4;
695 ND_PRINT(" %u", GET_BE_U_4(cp));
696 cp += 4;
697 ND_PRINT(" %u", GET_BE_U_4(cp));
698 cp += 4;
699 break;
700 case T_MX:
701 ND_PRINT(" ");
702 if (!ND_TTEST_2(cp))
703 return(NULL);
704 if (fqdn_print(ndo, cp + 2, bp) == NULL)
705 return(NULL);
706 ND_PRINT(" %u", GET_BE_U_2(cp));
707 break;
708
709 case T_TXT:
710 while (cp < rp) {
711 ND_PRINT(" \"");
712 cp = ns_cprint(ndo, cp);
713 if (cp == NULL)
714 return(NULL);
715 ND_PRINT("\"");
716 }
717 break;
718
719 case T_SRV:
720 ND_PRINT(" ");
721 if (!ND_TTEST_6(cp))
722 return(NULL);
723 if (fqdn_print(ndo, cp + 6, bp) == NULL)
724 return(NULL);
725 ND_PRINT(":%u %u %u", GET_BE_U_2(cp + 4),
726 GET_BE_U_2(cp), GET_BE_U_2(cp + 2));
727 break;
728
729 case T_AAAA:
730 {
731 char ntop_buf[INET6_ADDRSTRLEN];
732
733 if (!ND_TTEST_LEN(cp, sizeof(nd_ipv6)))
734 return(NULL);
735 ND_PRINT(" %s",
736 addrtostr6(cp, ntop_buf, sizeof(ntop_buf)));
737
738 break;
739 }
740
741 case T_A6:
742 {
743 nd_ipv6 a;
744 int pbit, pbyte;
745 char ntop_buf[INET6_ADDRSTRLEN];
746
747 if (!ND_TTEST_1(cp))
748 return(NULL);
749 pbit = GET_U_1(cp);
750 pbyte = (pbit & ~7) / 8;
751 if (pbit > 128) {
752 ND_PRINT(" %u(bad plen)", pbit);
753 break;
754 } else if (pbit < 128) {
755 if (!ND_TTEST_LEN(cp + 1, sizeof(a) - pbyte))
756 return(NULL);
757 memset(a, 0, sizeof(a));
758 memcpy(a + pbyte, cp + 1, sizeof(a) - pbyte);
759 ND_PRINT(" %u %s", pbit,
760 addrtostr6(&a, ntop_buf, sizeof(ntop_buf)));
761 }
762 if (pbit > 0) {
763 ND_PRINT(" ");
764 if (fqdn_print(ndo, cp + 1 + sizeof(a) - pbyte, bp) == NULL)
765 return(NULL);
766 }
767 break;
768 }
769
770 case T_URI:
771 if (!ND_TTEST_LEN(cp, len))
772 return(NULL);
773 ND_PRINT(" %u %u ", GET_BE_U_2(cp), GET_BE_U_2(cp + 2));
774 if (nd_printn(ndo, cp + 4, len - 4, ndo->ndo_snapend))
775 return(NULL);
776 break;
777
778 case T_OPT:
779 ND_PRINT(" UDPsize=%u", class);
780 if (opt_flags & 0x8000)
781 ND_PRINT(" DO");
782 if (cp < rp) {
783 ND_PRINT(" [");
784 while (cp < rp) {
785 cp = eopt_print(ndo, cp);
786 if (cp == NULL)
787 return(NULL);
788 if (cp < rp)
789 ND_PRINT(",");
790 }
791 ND_PRINT("]");
792 }
793 break;
794
795 case T_UNSPECA: /* One long string */
796 if (!ND_TTEST_LEN(cp, len))
797 return(NULL);
798 if (nd_printn(ndo, cp, len, ndo->ndo_snapend))
799 return(NULL);
800 break;
801
802 case T_TSIG:
803 {
804 if (cp + len > ndo->ndo_snapend)
805 return(NULL);
806 if (!ndo->ndo_vflag)
807 break;
808 ND_PRINT(" ");
809 if ((cp = fqdn_print(ndo, cp, bp)) == NULL)
810 return(NULL);
811 cp += 6;
812 if (!ND_TTEST_2(cp))
813 return(NULL);
814 ND_PRINT(" fudge=%u", GET_BE_U_2(cp));
815 cp += 2;
816 if (!ND_TTEST_2(cp))
817 return(NULL);
818 ND_PRINT(" maclen=%u", GET_BE_U_2(cp));
819 cp += 2 + GET_BE_U_2(cp);
820 if (!ND_TTEST_2(cp))
821 return(NULL);
822 ND_PRINT(" origid=%u", GET_BE_U_2(cp));
823 cp += 2;
824 if (!ND_TTEST_2(cp))
825 return(NULL);
826 ND_PRINT(" error=%u", GET_BE_U_2(cp));
827 cp += 2;
828 if (!ND_TTEST_2(cp))
829 return(NULL);
830 ND_PRINT(" otherlen=%u", GET_BE_U_2(cp));
831 cp += 2;
832 }
833 }
834 return (rp); /* XXX This isn't always right */
835 }
836
837 void
838 domain_print(netdissect_options *ndo,
839 const u_char *bp, u_int length, int over_tcp, int is_mdns)
840 {
841 const dns_header_t *np;
842 uint16_t flags, rcode, rdlen, type;
843 u_int qdcount, ancount, nscount, arcount;
844 u_int i;
845 const u_char *cp;
846 uint16_t b2;
847
848 ndo->ndo_protocol = "domain";
849
850 if (over_tcp) {
851 /*
852 * The message is prefixed with a two byte length field
853 * which gives the message length, excluding the two byte
854 * length field. (RFC 1035 - 4.2.2. TCP usage)
855 */
856 if (length < 2) {
857 ND_PRINT(" [DNS over TCP: length %u < 2]", length);
858 nd_print_invalid(ndo);
859 return;
860 } else {
861 length -= 2; /* excluding the two byte length field */
862 if (GET_BE_U_2(bp) != length) {
863 ND_PRINT(" [prefix length(%u) != length(%u)]",
864 GET_BE_U_2(bp), length);
865 nd_print_invalid(ndo);
866 return;
867 } else {
868 bp += 2;
869 /* in over TCP case, we need to prepend a space
870 * (not needed in over UDP case)
871 */
872 ND_PRINT(" ");
873 }
874 }
875 }
876
877 np = (const dns_header_t *)bp;
878
879 if(length < sizeof(*np)) {
880 nd_print_protocol(ndo);
881 ND_PRINT(" [length %u < %zu]", length, sizeof(*np));
882 nd_print_invalid(ndo);
883 return;
884 }
885
886 ND_TCHECK_SIZE(np);
887 flags = GET_BE_U_2(np->flags);
888 /* get the byte-order right */
889 qdcount = GET_BE_U_2(np->qdcount);
890 ancount = GET_BE_U_2(np->ancount);
891 nscount = GET_BE_U_2(np->nscount);
892 arcount = GET_BE_U_2(np->arcount);
893
894 /* find the opt record to extract extended rcode */
895 cp = (const u_char *)(np + 1);
896 rcode = DNS_RCODE(flags);
897 for (i = 0; i < qdcount; i++) {
898 if ((cp = ns_nskip(ndo, cp)) == NULL)
899 goto print;
900 cp += 4; /* skip QTYPE and QCLASS */
901 if (cp >= ndo->ndo_snapend)
902 goto print;
903 }
904 for (i = 0; i < ancount + nscount; i++) {
905 if ((cp = ns_nskip(ndo, cp)) == NULL)
906 goto print;
907 cp += 8; /* skip TYPE, CLASS and TTL */
908 if (cp + 2 > ndo->ndo_snapend)
909 goto print;
910 rdlen = GET_BE_U_2(cp);
911 cp += 2 + rdlen;
912 if (cp >= ndo->ndo_snapend)
913 goto print;
914 }
915 for (i = 0; i < arcount; i++) {
916 if ((cp = ns_nskip(ndo, cp)) == NULL)
917 goto print;
918 if (cp + 2 > ndo->ndo_snapend)
919 goto print;
920 type = GET_BE_U_2(cp);
921 cp += 4; /* skip TYPE and CLASS */
922 if (cp + 1 > ndo->ndo_snapend)
923 goto print;
924 if (type == T_OPT) {
925 rcode |= (GET_U_1(cp) << 4);
926 goto print;
927 }
928 cp += 4;
929 if (cp + 2 > ndo->ndo_snapend)
930 goto print;
931 rdlen = GET_BE_U_2(cp);
932 cp += 2 + rdlen;
933 if (cp >= ndo->ndo_snapend)
934 goto print;
935 }
936
937 print:
938 if (DNS_QR(flags)) {
939 /* this is a response */
940 ND_PRINT("%u%s%s%s%s%s%s",
941 GET_BE_U_2(np->id),
942 ns_ops[DNS_OPCODE(flags)],
943 ns_rcode(rcode),
944 DNS_AA(flags)? "*" : "",
945 DNS_RA(flags)? "" : "-",
946 DNS_TC(flags)? "|" : "",
947 DNS_AD(flags)? "$" : "");
948
949 if (qdcount != 1)
950 ND_PRINT(" [%uq]", qdcount);
951 /* Print QUESTION section on -vv */
952 cp = (const u_char *)(np + 1);
953 for (i = 0; i < qdcount; i++) {
954 if (i != 0)
955 ND_PRINT(",");
956 if (ndo->ndo_vflag > 1) {
957 ND_PRINT(" q:");
958 if ((cp = ns_qprint(ndo, cp, bp, is_mdns)) == NULL)
959 goto trunc;
960 } else {
961 if ((cp = ns_nskip(ndo, cp)) == NULL)
962 goto trunc;
963 cp += 4; /* skip QTYPE and QCLASS */
964 }
965 }
966 ND_PRINT(" %u/%u/%u", ancount, nscount, arcount);
967 if (ancount) {
968 if ((cp = ns_rprint(ndo, cp, bp, is_mdns)) == NULL)
969 goto trunc;
970 ancount--;
971 while (cp < ndo->ndo_snapend && ancount) {
972 ND_PRINT(",");
973 if ((cp = ns_rprint(ndo, cp, bp, is_mdns)) == NULL)
974 goto trunc;
975 ancount--;
976 }
977 }
978 if (ancount)
979 goto trunc;
980 /* Print NS and AR sections on -vv */
981 if (ndo->ndo_vflag > 1) {
982 if (cp < ndo->ndo_snapend && nscount) {
983 ND_PRINT(" ns:");
984 if ((cp = ns_rprint(ndo, cp, bp, is_mdns)) == NULL)
985 goto trunc;
986 nscount--;
987 while (cp < ndo->ndo_snapend && nscount) {
988 ND_PRINT(",");
989 if ((cp = ns_rprint(ndo, cp, bp, is_mdns)) == NULL)
990 goto trunc;
991 nscount--;
992 }
993 }
994 if (nscount)
995 goto trunc;
996 if (cp < ndo->ndo_snapend && arcount) {
997 ND_PRINT(" ar:");
998 if ((cp = ns_rprint(ndo, cp, bp, is_mdns)) == NULL)
999 goto trunc;
1000 arcount--;
1001 while (cp < ndo->ndo_snapend && arcount) {
1002 ND_PRINT(",");
1003 if ((cp = ns_rprint(ndo, cp, bp, is_mdns)) == NULL)
1004 goto trunc;
1005 arcount--;
1006 }
1007 }
1008 if (arcount)
1009 goto trunc;
1010 }
1011 }
1012 else {
1013 /* this is a request */
1014 ND_PRINT("%u%s%s%s", GET_BE_U_2(np->id),
1015 ns_ops[DNS_OPCODE(flags)],
1016 DNS_RD(flags) ? "+" : "",
1017 DNS_CD(flags) ? "%" : "");
1018
1019 /* any weirdness? */
1020 b2 = GET_BE_U_2(((const u_short *)np) + 1);
1021 if (b2 & 0x6cf)
1022 ND_PRINT(" [b2&3=0x%x]", b2);
1023
1024 if (DNS_OPCODE(flags) == IQUERY) {
1025 if (qdcount)
1026 ND_PRINT(" [%uq]", qdcount);
1027 if (ancount != 1)
1028 ND_PRINT(" [%ua]", ancount);
1029 }
1030 else {
1031 if (ancount)
1032 ND_PRINT(" [%ua]", ancount);
1033 if (qdcount != 1)
1034 ND_PRINT(" [%uq]", qdcount);
1035 }
1036 if (nscount)
1037 ND_PRINT(" [%un]", nscount);
1038 if (arcount)
1039 ND_PRINT(" [%uau]", arcount);
1040
1041 cp = (const u_char *)(np + 1);
1042 if (qdcount) {
1043 cp = ns_qprint(ndo, cp, (const u_char *)np, is_mdns);
1044 if (!cp)
1045 goto trunc;
1046 qdcount--;
1047 while (cp < ndo->ndo_snapend && qdcount) {
1048 cp = ns_qprint(ndo, (const u_char *)cp,
1049 (const u_char *)np,
1050 is_mdns);
1051 if (!cp)
1052 goto trunc;
1053 qdcount--;
1054 }
1055 }
1056 if (qdcount)
1057 goto trunc;
1058
1059 /* Print remaining sections on -vv */
1060 if (ndo->ndo_vflag > 1) {
1061 if (ancount) {
1062 if ((cp = ns_rprint(ndo, cp, bp, is_mdns)) == NULL)
1063 goto trunc;
1064 ancount--;
1065 while (cp < ndo->ndo_snapend && ancount) {
1066 ND_PRINT(",");
1067 if ((cp = ns_rprint(ndo, cp, bp, is_mdns)) == NULL)
1068 goto trunc;
1069 ancount--;
1070 }
1071 }
1072 if (ancount)
1073 goto trunc;
1074 if (cp < ndo->ndo_snapend && nscount) {
1075 ND_PRINT(" ns:");
1076 if ((cp = ns_rprint(ndo, cp, bp, is_mdns)) == NULL)
1077 goto trunc;
1078 nscount--;
1079 while (cp < ndo->ndo_snapend && nscount) {
1080 ND_PRINT(",");
1081 if ((cp = ns_rprint(ndo, cp, bp, is_mdns)) == NULL)
1082 goto trunc;
1083 nscount--;
1084 }
1085 }
1086 if (nscount > 0)
1087 goto trunc;
1088 if (cp < ndo->ndo_snapend && arcount) {
1089 ND_PRINT(" ar:");
1090 if ((cp = ns_rprint(ndo, cp, bp, is_mdns)) == NULL)
1091 goto trunc;
1092 arcount--;
1093 while (cp < ndo->ndo_snapend && arcount) {
1094 ND_PRINT(",");
1095 if ((cp = ns_rprint(ndo, cp, bp, is_mdns)) == NULL)
1096 goto trunc;
1097 arcount--;
1098 }
1099 }
1100 if (arcount)
1101 goto trunc;
1102 }
1103 }
1104 ND_PRINT(" (%u)", length);
1105 return;
1106
1107 trunc:
1108 nd_print_trunc(ndo);
1109 }
[mirror] the TCPdump network dissector