]> The Tcpdump Group git mirrors - tcpdump/blob - print-domain.c
projects / tcpdump / blob
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Add support for decoding DNS URI RR (typecode 256, RFC7553)
[tcpdump] / print-domain.c
1 /*
2 * Copyright (c) 1988, 1989, 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997
3 * The Regents of the University of California. All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that: (1) source code distributions
7 * retain the above copyright notice and this paragraph in its entirety, (2)
8 * distributions including binary code include the above copyright notice and
9 * this paragraph in its entirety in the documentation or other materials
10 * provided with the distribution, and (3) all advertising materials mentioning
11 * features or use of this software display the following acknowledgement:
12 * ``This product includes software developed by the University of California,
13 * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of
14 * the University nor the names of its contributors may be used to endorse
15 * or promote products derived from this software without specific prior
16 * written permission.
17 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED
18 * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
19 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
20 */
21
22 /* \summary: Domain Name System (DNS) printer */
23
24 #ifdef HAVE_CONFIG_H
25 #include <config.h>
26 #endif
27
28 #include "netdissect-stdinc.h"
29
30 #include <string.h>
31
32 #include "netdissect.h"
33 #include "addrtoname.h"
34 #include "addrtostr.h"
35 #include "extract.h"
36
37 #include "nameser.h"
38
39 static const char *ns_ops[] = {
40 "", " inv_q", " stat", " op3", " notify", " update", " op6", " op7",
41 " op8", " updateA", " updateD", " updateDA",
42 " updateM", " updateMA", " zoneInit", " zoneRef",
43 };
44
45 static const char *ns_resp[] = {
46 "", " FormErr", " ServFail", " NXDomain",
47 " NotImp", " Refused", " YXDomain", " YXRRSet",
48 " NXRRSet", " NotAuth", " NotZone", " Resp11",
49 " Resp12", " Resp13", " Resp14", " NoChange",
50 " BadVers", "Resp17", " Resp18", " Resp19",
51 " Resp20", "Resp21", " Resp22", " BadCookie",
52 };
53
54 static const char *
55 ns_rcode(u_int rcode) {
56 static char buf[sizeof(" Resp4095")];
57
58 if (rcode < sizeof(ns_resp)/sizeof(ns_resp[0])) {
59 return (ns_resp[rcode]);
60 }
61 snprintf(buf, sizeof(buf), " Resp%u", rcode & 0xfff);
62 return (buf);
63 }
64
65 /* skip over a domain name */
66 static const u_char *
67 ns_nskip(netdissect_options *ndo,
68 const u_char *cp)
69 {
70 u_char i;
71
72 if (!ND_TTEST_1(cp))
73 return (NULL);
74 i = GET_U_1(cp);
75 cp++;
76 while (i) {
77 if ((i & INDIR_MASK) == INDIR_MASK)
78 return (cp + 1);
79 if ((i & INDIR_MASK) == EDNS0_MASK) {
80 int bitlen, bytelen;
81
82 if ((i & ~INDIR_MASK) != EDNS0_ELT_BITLABEL)
83 return(NULL); /* unknown ELT */
84 if (!ND_TTEST_1(cp))
85 return (NULL);
86 if ((bitlen = GET_U_1(cp)) == 0)
87 bitlen = 256;
88 cp++;
89 bytelen = (bitlen + 7) / 8;
90 cp += bytelen;
91 } else
92 cp += i;
93 if (!ND_TTEST_1(cp))
94 return (NULL);
95 i = GET_U_1(cp);
96 cp++;
97 }
98 return (cp);
99 }
100
101 static const u_char *
102 blabel_print(netdissect_options *ndo,
103 const u_char *cp)
104 {
105 u_int bitlen, slen, b;
106 const u_char *bitp, *lim;
107 uint8_t tc;
108
109 if (!ND_TTEST_1(cp))
110 return(NULL);
111 if ((bitlen = GET_U_1(cp)) == 0)
112 bitlen = 256;
113 slen = (bitlen + 3) / 4;
114 lim = cp + 1 + slen;
115
116 /* print the bit string as a hex string */
117 ND_PRINT("\\[x");
118 for (bitp = cp + 1, b = bitlen; bitp < lim && b > 7; b -= 8, bitp++) {
119 ND_TCHECK_1(bitp);
120 ND_PRINT("%02x", GET_U_1(bitp));
121 }
122 if (b > 4) {
123 ND_TCHECK_1(bitp);
124 tc = GET_U_1(bitp);
125 bitp++;
126 ND_PRINT("%02x", tc & (0xff << (8 - b)));
127 } else if (b > 0) {
128 ND_TCHECK_1(bitp);
129 tc = GET_U_1(bitp);
130 bitp++;
131 ND_PRINT("%1x", ((tc >> 4) & 0x0f) & (0x0f << (4 - b)));
132 }
133 ND_PRINT("/%u]", bitlen);
134 return lim;
135 trunc:
136 ND_PRINT(".../%u]", bitlen);
137 return NULL;
138 }
139
140 static int
141 labellen(netdissect_options *ndo,
142 const u_char *cp)
143 {
144 u_int i;
145
146 if (!ND_TTEST_1(cp))
147 return(-1);
148 i = GET_U_1(cp);
149 if ((i & INDIR_MASK) == EDNS0_MASK) {
150 u_int bitlen, elt;
151 if ((elt = (i & ~INDIR_MASK)) != EDNS0_ELT_BITLABEL) {
152 ND_PRINT("<ELT %d>", elt);
153 return(-1);
154 }
155 if (!ND_TTEST_1(cp + 1))
156 return(-1);
157 if ((bitlen = GET_U_1(cp + 1)) == 0)
158 bitlen = 256;
159 return(((bitlen + 7) / 8) + 1);
160 } else
161 return(i);
162 }
163
164 /* print a <domain-name> */
165 const u_char *
166 fqdn_print(netdissect_options *ndo,
167 const u_char *cp, const u_char *bp)
168 {
169 u_int i, l;
170 const u_char *rp = NULL;
171 int compress = 0;
172 u_int elt;
173 u_int offset, max_offset;
174
175 if ((l = labellen(ndo, cp)) == (u_int)-1)
176 return(NULL);
177 if (!ND_TTEST_1(cp))
178 return(NULL);
179 max_offset = (u_int)(cp - bp);
180 i = GET_U_1(cp);
181 cp++;
182 if ((i & INDIR_MASK) != INDIR_MASK) {
183 compress = 0;
184 rp = cp + l;
185 }
186
187 if (i != 0)
188 while (i && cp < ndo->ndo_snapend) {
189 if ((i & INDIR_MASK) == INDIR_MASK) {
190 if (!compress) {
191 rp = cp + 1;
192 compress = 1;
193 }
194 if (!ND_TTEST_1(cp))
195 return(NULL);
196 offset = (((i << 8) | GET_U_1(cp)) & 0x3fff);
197 /*
198 * This must move backwards in the packet.
199 * No RFC explicitly says that, but BIND's
200 * name decompression code requires it,
201 * as a way of preventing infinite loops
202 * and other bad behavior, and it's probably
203 * what was intended (compress by pointing
204 * to domain name suffixes already seen in
205 * the packet).
206 */
207 if (offset >= max_offset) {
208 ND_PRINT("<BAD PTR>");
209 return(NULL);
210 }
211 max_offset = offset;
212 cp = bp + offset;
213 if ((l = labellen(ndo, cp)) == (u_int)-1)
214 return(NULL);
215 if (!ND_TTEST_1(cp))
216 return(NULL);
217 i = GET_U_1(cp);
218 cp++;
219 continue;
220 }
221 if ((i & INDIR_MASK) == EDNS0_MASK) {
222 elt = (i & ~INDIR_MASK);
223 switch(elt) {
224 case EDNS0_ELT_BITLABEL:
225 if (blabel_print(ndo, cp) == NULL)
226 return (NULL);
227 break;
228 default:
229 /* unknown ELT */
230 ND_PRINT("<ELT %u>", elt);
231 return(NULL);
232 }
233 } else {
234 if (nd_printn(ndo, cp, l, ndo->ndo_snapend))
235 return(NULL);
236 }
237
238 cp += l;
239 ND_PRINT(".");
240 if ((l = labellen(ndo, cp)) == (u_int)-1)
241 return(NULL);
242 if (!ND_TTEST_1(cp))
243 return(NULL);
244 i = GET_U_1(cp);
245 cp++;
246 if (!compress)
247 rp += l + 1;
248 }
249 else
250 ND_PRINT(".");
251 return (rp);
252 }
253
254 /* print a <character-string> */
255 static const u_char *
256 ns_cprint(netdissect_options *ndo,
257 const u_char *cp)
258 {
259 u_int i;
260
261 if (!ND_TTEST_1(cp))
262 return (NULL);
263 i = GET_U_1(cp);
264 cp++;
265 if (nd_printn(ndo, cp, i, ndo->ndo_snapend))
266 return (NULL);
267 return (cp + i);
268 }
269
270 extern const struct tok ns_type2str[];
271
272 /* http://www.iana.org/assignments/dns-parameters */
273 const struct tok ns_type2str[] = {
274 { T_A, "A" }, /* RFC 1035 */
275 { T_NS, "NS" }, /* RFC 1035 */
276 { T_MD, "MD" }, /* RFC 1035 */
277 { T_MF, "MF" }, /* RFC 1035 */
278 { T_CNAME, "CNAME" }, /* RFC 1035 */
279 { T_SOA, "SOA" }, /* RFC 1035 */
280 { T_MB, "MB" }, /* RFC 1035 */
281 { T_MG, "MG" }, /* RFC 1035 */
282 { T_MR, "MR" }, /* RFC 1035 */
283 { T_NULL, "NULL" }, /* RFC 1035 */
284 { T_WKS, "WKS" }, /* RFC 1035 */
285 { T_PTR, "PTR" }, /* RFC 1035 */
286 { T_HINFO, "HINFO" }, /* RFC 1035 */
287 { T_MINFO, "MINFO" }, /* RFC 1035 */
288 { T_MX, "MX" }, /* RFC 1035 */
289 { T_TXT, "TXT" }, /* RFC 1035 */
290 { T_RP, "RP" }, /* RFC 1183 */
291 { T_AFSDB, "AFSDB" }, /* RFC 1183 */
292 { T_X25, "X25" }, /* RFC 1183 */
293 { T_ISDN, "ISDN" }, /* RFC 1183 */
294 { T_RT, "RT" }, /* RFC 1183 */
295 { T_NSAP, "NSAP" }, /* RFC 1706 */
296 { T_NSAP_PTR, "NSAP_PTR" },
297 { T_SIG, "SIG" }, /* RFC 2535 */
298 { T_KEY, "KEY" }, /* RFC 2535 */
299 { T_PX, "PX" }, /* RFC 2163 */
300 { T_GPOS, "GPOS" }, /* RFC 1712 */
301 { T_AAAA, "AAAA" }, /* RFC 1886 */
302 { T_LOC, "LOC" }, /* RFC 1876 */
303 { T_NXT, "NXT" }, /* RFC 2535 */
304 { T_EID, "EID" }, /* Nimrod */
305 { T_NIMLOC, "NIMLOC" }, /* Nimrod */
306 { T_SRV, "SRV" }, /* RFC 2782 */
307 { T_ATMA, "ATMA" }, /* ATM Forum */
308 { T_NAPTR, "NAPTR" }, /* RFC 2168, RFC 2915 */
309 { T_KX, "KX" }, /* RFC 2230 */
310 { T_CERT, "CERT" }, /* RFC 2538 */
311 { T_A6, "A6" }, /* RFC 2874 */
312 { T_DNAME, "DNAME" }, /* RFC 2672 */
313 { T_SINK, "SINK" },
314 { T_OPT, "OPT" }, /* RFC 2671 */
315 { T_APL, "APL" }, /* RFC 3123 */
316 { T_DS, "DS" }, /* RFC 4034 */
317 { T_SSHFP, "SSHFP" }, /* RFC 4255 */
318 { T_IPSECKEY, "IPSECKEY" }, /* RFC 4025 */
319 { T_RRSIG, "RRSIG" }, /* RFC 4034 */
320 { T_NSEC, "NSEC" }, /* RFC 4034 */
321 { T_DNSKEY, "DNSKEY" }, /* RFC 4034 */
322 { T_SPF, "SPF" }, /* RFC-schlitt-spf-classic-02.txt */
323 { T_UINFO, "UINFO" },
324 { T_UID, "UID" },
325 { T_GID, "GID" },
326 { T_UNSPEC, "UNSPEC" },
327 { T_UNSPECA, "UNSPECA" },
328 { T_TKEY, "TKEY" }, /* RFC 2930 */
329 { T_TSIG, "TSIG" }, /* RFC 2845 */
330 { T_IXFR, "IXFR" }, /* RFC 1995 */
331 { T_AXFR, "AXFR" }, /* RFC 1035 */
332 { T_MAILB, "MAILB" }, /* RFC 1035 */
333 { T_MAILA, "MAILA" }, /* RFC 1035 */
334 { T_ANY, "ANY" },
335 { T_URI, "URI" }, /* RFC 7553 */
336 { 0, NULL }
337 };
338
339 extern const struct tok ns_class2str[];
340
341 const struct tok ns_class2str[] = {
342 { C_IN, "IN" }, /* Not used */
343 { C_CHAOS, "CHAOS" },
344 { C_HS, "HS" },
345 { C_ANY, "ANY" },
346 { 0, NULL }
347 };
348
349 /* print a query */
350 static const u_char *
351 ns_qprint(netdissect_options *ndo,
352 const u_char *cp, const u_char *bp, int is_mdns)
353 {
354 const u_char *np = cp;
355 u_int i, class;
356
357 cp = ns_nskip(ndo, cp);
358
359 if (cp == NULL || !ND_TTEST_4(cp))
360 return(NULL);
361
362 /* print the qtype */
363 i = GET_BE_U_2(cp);
364 cp += 2;
365 ND_PRINT(" %s", tok2str(ns_type2str, "Type%u", i));
366 /* print the qclass (if it's not IN) */
367 i = GET_BE_U_2(cp);
368 cp += 2;
369 if (is_mdns)
370 class = (i & ~C_QU);
371 else
372 class = i;
373 if (class != C_IN)
374 ND_PRINT(" %s", tok2str(ns_class2str, "(Class %u)", class));
375 if (is_mdns) {
376 ND_PRINT(i & C_QU ? " (QU)" : " (QM)");
377 }
378
379 ND_PRINT("? ");
380 cp = fqdn_print(ndo, np, bp);
381 return(cp ? cp + 4 : NULL);
382 }
383
384 /* print a reply */
385 static const u_char *
386 ns_rprint(netdissect_options *ndo,
387 const u_char *cp, const u_char *bp, int is_mdns)
388 {
389 u_int i, class, opt_flags = 0;
390 u_short typ, len;
391 const u_char *rp;
392
393 if (ndo->ndo_vflag) {
394 ND_PRINT(" ");
395 if ((cp = fqdn_print(ndo, cp, bp)) == NULL)
396 return NULL;
397 } else
398 cp = ns_nskip(ndo, cp);
399
400 if (cp == NULL || !ND_TTEST_LEN(cp, 10))
401 return (ndo->ndo_snapend);
402
403 /* print the type/qtype */
404 typ = GET_BE_U_2(cp);
405 cp += 2;
406 /* print the class (if it's not IN and the type isn't OPT) */
407 i = GET_BE_U_2(cp);
408 cp += 2;
409 if (is_mdns)
410 class = (i & ~C_CACHE_FLUSH);
411 else
412 class = i;
413 if (class != C_IN && typ != T_OPT)
414 ND_PRINT(" %s", tok2str(ns_class2str, "(Class %u)", class));
415 if (is_mdns) {
416 if (i & C_CACHE_FLUSH)
417 ND_PRINT(" (Cache flush)");
418 }
419
420 if (typ == T_OPT) {
421 /* get opt flags */
422 cp += 2;
423 opt_flags = GET_BE_U_2(cp);
424 /* ignore rest of ttl field */
425 cp += 2;
426 } else if (ndo->ndo_vflag > 2) {
427 /* print ttl */
428 ND_PRINT(" [");
429 unsigned_relts_print(ndo, GET_BE_U_4(cp));
430 ND_PRINT("]");
431 cp += 4;
432 } else {
433 /* ignore ttl */
434 cp += 4;
435 }
436
437 len = GET_BE_U_2(cp);
438 cp += 2;
439
440 rp = cp + len;
441
442 ND_PRINT(" %s", tok2str(ns_type2str, "Type%u", typ));
443 if (rp > ndo->ndo_snapend)
444 return(NULL);
445
446 switch (typ) {
447 case T_A:
448 if (!ND_TTEST_LEN(cp, sizeof(nd_ipv4)))
449 return(NULL);
450 ND_PRINT(" %s", intoa(GET_IPV4_TO_NETWORK_ORDER(cp)));
451 break;
452
453 case T_NS:
454 case T_CNAME:
455 case T_PTR:
456 #ifdef T_DNAME
457 case T_DNAME:
458 #endif
459 ND_PRINT(" ");
460 if (fqdn_print(ndo, cp, bp) == NULL)
461 return(NULL);
462 break;
463
464 case T_SOA:
465 if (!ndo->ndo_vflag)
466 break;
467 ND_PRINT(" ");
468 if ((cp = fqdn_print(ndo, cp, bp)) == NULL)
469 return(NULL);
470 ND_PRINT(" ");
471 if ((cp = fqdn_print(ndo, cp, bp)) == NULL)
472 return(NULL);
473 if (!ND_TTEST_LEN(cp, 5 * 4))
474 return(NULL);
475 ND_PRINT(" %u", GET_BE_U_4(cp));
476 cp += 4;
477 ND_PRINT(" %u", GET_BE_U_4(cp));
478 cp += 4;
479 ND_PRINT(" %u", GET_BE_U_4(cp));
480 cp += 4;
481 ND_PRINT(" %u", GET_BE_U_4(cp));
482 cp += 4;
483 ND_PRINT(" %u", GET_BE_U_4(cp));
484 cp += 4;
485 break;
486 case T_MX:
487 ND_PRINT(" ");
488 if (!ND_TTEST_2(cp))
489 return(NULL);
490 if (fqdn_print(ndo, cp + 2, bp) == NULL)
491 return(NULL);
492 ND_PRINT(" %u", GET_BE_U_2(cp));
493 break;
494
495 case T_TXT:
496 while (cp < rp) {
497 ND_PRINT(" \"");
498 cp = ns_cprint(ndo, cp);
499 if (cp == NULL)
500 return(NULL);
501 ND_PRINT("\"");
502 }
503 break;
504
505 case T_SRV:
506 ND_PRINT(" ");
507 if (!ND_TTEST_6(cp))
508 return(NULL);
509 if (fqdn_print(ndo, cp + 6, bp) == NULL)
510 return(NULL);
511 ND_PRINT(":%u %u %u", GET_BE_U_2(cp + 4),
512 GET_BE_U_2(cp), GET_BE_U_2(cp + 2));
513 break;
514
515 case T_AAAA:
516 {
517 char ntop_buf[INET6_ADDRSTRLEN];
518
519 if (!ND_TTEST_LEN(cp, sizeof(nd_ipv6)))
520 return(NULL);
521 ND_PRINT(" %s",
522 addrtostr6(cp, ntop_buf, sizeof(ntop_buf)));
523
524 break;
525 }
526
527 case T_A6:
528 {
529 struct in6_addr a;
530 int pbit, pbyte;
531 char ntop_buf[INET6_ADDRSTRLEN];
532
533 if (!ND_TTEST_1(cp))
534 return(NULL);
535 pbit = GET_U_1(cp);
536 pbyte = (pbit & ~7) / 8;
537 if (pbit > 128) {
538 ND_PRINT(" %u(bad plen)", pbit);
539 break;
540 } else if (pbit < 128) {
541 if (!ND_TTEST_LEN(cp + 1, sizeof(a) - pbyte))
542 return(NULL);
543 memset(&a, 0, sizeof(a));
544 memcpy(&a.s6_addr[pbyte], cp + 1, sizeof(a) - pbyte);
545 ND_PRINT(" %u %s", pbit,
546 addrtostr6(&a, ntop_buf, sizeof(ntop_buf)));
547 }
548 if (pbit > 0) {
549 ND_PRINT(" ");
550 if (fqdn_print(ndo, cp + 1 + sizeof(a) - pbyte, bp) == NULL)
551 return(NULL);
552 }
553 break;
554 }
555
556 case T_URI:
557 if (!ND_TTEST_LEN(cp, len))
558 return(NULL);
559 ND_PRINT(" %u %u ", GET_BE_U_2(cp), GET_BE_U_2(cp + 2));
560 if (nd_printn(ndo, cp + 4, len - 4, ndo->ndo_snapend))
561 return(NULL);
562 break;
563
564 case T_OPT:
565 ND_PRINT(" UDPsize=%u", class);
566 if (opt_flags & 0x8000)
567 ND_PRINT(" DO");
568 break;
569
570 case T_UNSPECA: /* One long string */
571 if (!ND_TTEST_LEN(cp, len))
572 return(NULL);
573 if (nd_printn(ndo, cp, len, ndo->ndo_snapend))
574 return(NULL);
575 break;
576
577 case T_TSIG:
578 {
579 if (cp + len > ndo->ndo_snapend)
580 return(NULL);
581 if (!ndo->ndo_vflag)
582 break;
583 ND_PRINT(" ");
584 if ((cp = fqdn_print(ndo, cp, bp)) == NULL)
585 return(NULL);
586 cp += 6;
587 if (!ND_TTEST_2(cp))
588 return(NULL);
589 ND_PRINT(" fudge=%u", GET_BE_U_2(cp));
590 cp += 2;
591 if (!ND_TTEST_2(cp))
592 return(NULL);
593 ND_PRINT(" maclen=%u", GET_BE_U_2(cp));
594 cp += 2 + GET_BE_U_2(cp);
595 if (!ND_TTEST_2(cp))
596 return(NULL);
597 ND_PRINT(" origid=%u", GET_BE_U_2(cp));
598 cp += 2;
599 if (!ND_TTEST_2(cp))
600 return(NULL);
601 ND_PRINT(" error=%u", GET_BE_U_2(cp));
602 cp += 2;
603 if (!ND_TTEST_2(cp))
604 return(NULL);
605 ND_PRINT(" otherlen=%u", GET_BE_U_2(cp));
606 cp += 2;
607 }
608 }
609 return (rp); /* XXX This isn't always right */
610 }
611
612 void
613 domain_print(netdissect_options *ndo,
614 const u_char *bp, u_int length, int is_mdns)
615 {
616 const dns_header_t *np;
617 uint16_t flags, rcode, rdlen, type;
618 u_int qdcount, ancount, nscount, arcount;
619 u_int i;
620 const u_char *cp;
621 uint16_t b2;
622
623 ndo->ndo_protocol = "domain";
624 np = (const dns_header_t *)bp;
625 ND_TCHECK_SIZE(np);
626 flags = GET_BE_U_2(np->flags);
627 /* get the byte-order right */
628 qdcount = GET_BE_U_2(np->qdcount);
629 ancount = GET_BE_U_2(np->ancount);
630 nscount = GET_BE_U_2(np->nscount);
631 arcount = GET_BE_U_2(np->arcount);
632
633 /* find the opt record to extract extended rcode */
634 cp = (const u_char *)(np + 1);
635 rcode = DNS_RCODE(flags);
636 for (i = 0; i < qdcount; i++) {
637 if ((cp = ns_nskip(ndo, cp)) == NULL)
638 goto print;
639 cp += 4; /* skip QTYPE and QCLASS */
640 if (cp >= ndo->ndo_snapend)
641 goto print;
642 }
643 for (i = 0; i < ancount + nscount; i++) {
644 if ((cp = ns_nskip(ndo, cp)) == NULL)
645 goto print;
646 cp += 8; /* skip TYPE, CLASS and TTL */
647 if (cp + 2 > ndo->ndo_snapend)
648 goto print;
649 rdlen = GET_BE_U_2(cp);
650 cp += 2 + rdlen;
651 if (cp >= ndo->ndo_snapend)
652 goto print;
653 }
654 for (i = 0; i < arcount; i++) {
655 if ((cp = ns_nskip(ndo, cp)) == NULL)
656 goto print;
657 if (cp + 2 > ndo->ndo_snapend)
658 goto print;
659 type = GET_BE_U_2(cp);
660 cp += 4; /* skip TYPE and CLASS */
661 if (cp + 1 > ndo->ndo_snapend)
662 goto print;
663 if (type == T_OPT) {
664 rcode |= (*cp << 4);
665 goto print;
666 }
667 cp += 4;
668 if (cp + 2 > ndo->ndo_snapend)
669 goto print;
670 rdlen = GET_BE_U_2(cp);
671 cp += 2 + rdlen;
672 if (cp >= ndo->ndo_snapend)
673 goto print;
674 }
675
676 print:
677 if (DNS_QR(flags)) {
678 /* this is a response */
679 ND_PRINT("%u%s%s%s%s%s%s",
680 GET_BE_U_2(np->id),
681 ns_ops[DNS_OPCODE(flags)],
682 ns_rcode(rcode),
683 DNS_AA(flags)? "*" : "",
684 DNS_RA(flags)? "" : "-",
685 DNS_TC(flags)? "|" : "",
686 DNS_AD(flags)? "$" : "");
687
688 if (qdcount != 1)
689 ND_PRINT(" [%uq]", qdcount);
690 /* Print QUESTION section on -vv */
691 cp = (const u_char *)(np + 1);
692 for (i = 0; i < qdcount; i++) {
693 if (i != 0)
694 ND_PRINT(",");
695 if (ndo->ndo_vflag > 1) {
696 ND_PRINT(" q:");
697 if ((cp = ns_qprint(ndo, cp, bp, is_mdns)) == NULL)
698 goto trunc;
699 } else {
700 if ((cp = ns_nskip(ndo, cp)) == NULL)
701 goto trunc;
702 cp += 4; /* skip QTYPE and QCLASS */
703 }
704 }
705 ND_PRINT(" %u/%u/%u", ancount, nscount, arcount);
706 if (ancount) {
707 if ((cp = ns_rprint(ndo, cp, bp, is_mdns)) == NULL)
708 goto trunc;
709 ancount--;
710 while (cp < ndo->ndo_snapend && ancount) {
711 ND_PRINT(",");
712 if ((cp = ns_rprint(ndo, cp, bp, is_mdns)) == NULL)
713 goto trunc;
714 ancount--;
715 }
716 }
717 if (ancount)
718 goto trunc;
719 /* Print NS and AR sections on -vv */
720 if (ndo->ndo_vflag > 1) {
721 if (cp < ndo->ndo_snapend && nscount) {
722 ND_PRINT(" ns:");
723 if ((cp = ns_rprint(ndo, cp, bp, is_mdns)) == NULL)
724 goto trunc;
725 nscount--;
726 while (cp < ndo->ndo_snapend && nscount) {
727 ND_PRINT(",");
728 if ((cp = ns_rprint(ndo, cp, bp, is_mdns)) == NULL)
729 goto trunc;
730 nscount--;
731 }
732 }
733 if (nscount)
734 goto trunc;
735 if (cp < ndo->ndo_snapend && arcount) {
736 ND_PRINT(" ar:");
737 if ((cp = ns_rprint(ndo, cp, bp, is_mdns)) == NULL)
738 goto trunc;
739 arcount--;
740 while (cp < ndo->ndo_snapend && arcount) {
741 ND_PRINT(",");
742 if ((cp = ns_rprint(ndo, cp, bp, is_mdns)) == NULL)
743 goto trunc;
744 arcount--;
745 }
746 }
747 if (arcount)
748 goto trunc;
749 }
750 }
751 else {
752 /* this is a request */
753 ND_PRINT("%u%s%s%s", GET_BE_U_2(np->id),
754 ns_ops[DNS_OPCODE(flags)],
755 DNS_RD(flags) ? "+" : "",
756 DNS_CD(flags) ? "%" : "");
757
758 /* any weirdness? */
759 b2 = GET_BE_U_2(((const u_short *)np) + 1);
760 if (b2 & 0x6cf)
761 ND_PRINT(" [b2&3=0x%x]", b2);
762
763 if (DNS_OPCODE(flags) == IQUERY) {
764 if (qdcount)
765 ND_PRINT(" [%uq]", qdcount);
766 if (ancount != 1)
767 ND_PRINT(" [%ua]", ancount);
768 }
769 else {
770 if (ancount)
771 ND_PRINT(" [%ua]", ancount);
772 if (qdcount != 1)
773 ND_PRINT(" [%uq]", qdcount);
774 }
775 if (nscount)
776 ND_PRINT(" [%un]", nscount);
777 if (arcount)
778 ND_PRINT(" [%uau]", arcount);
779
780 cp = (const u_char *)(np + 1);
781 if (qdcount) {
782 cp = ns_qprint(ndo, cp, (const u_char *)np, is_mdns);
783 if (!cp)
784 goto trunc;
785 qdcount--;
786 while (cp < ndo->ndo_snapend && qdcount) {
787 cp = ns_qprint(ndo, (const u_char *)cp,
788 (const u_char *)np,
789 is_mdns);
790 if (!cp)
791 goto trunc;
792 qdcount--;
793 }
794 }
795 if (qdcount)
796 goto trunc;
797
798 /* Print remaining sections on -vv */
799 if (ndo->ndo_vflag > 1) {
800 if (ancount) {
801 if ((cp = ns_rprint(ndo, cp, bp, is_mdns)) == NULL)
802 goto trunc;
803 ancount--;
804 while (cp < ndo->ndo_snapend && ancount) {
805 ND_PRINT(",");
806 if ((cp = ns_rprint(ndo, cp, bp, is_mdns)) == NULL)
807 goto trunc;
808 ancount--;
809 }
810 }
811 if (ancount)
812 goto trunc;
813 if (cp < ndo->ndo_snapend && nscount) {
814 ND_PRINT(" ns:");
815 if ((cp = ns_rprint(ndo, cp, bp, is_mdns)) == NULL)
816 goto trunc;
817 nscount--;
818 while (cp < ndo->ndo_snapend && nscount) {
819 ND_PRINT(",");
820 if ((cp = ns_rprint(ndo, cp, bp, is_mdns)) == NULL)
821 goto trunc;
822 nscount--;
823 }
824 }
825 if (nscount > 0)
826 goto trunc;
827 if (cp < ndo->ndo_snapend && arcount) {
828 ND_PRINT(" ar:");
829 if ((cp = ns_rprint(ndo, cp, bp, is_mdns)) == NULL)
830 goto trunc;
831 arcount--;
832 while (cp < ndo->ndo_snapend && arcount) {
833 ND_PRINT(",");
834 if ((cp = ns_rprint(ndo, cp, bp, is_mdns)) == NULL)
835 goto trunc;
836 arcount--;
837 }
838 }
839 if (arcount)
840 goto trunc;
841 }
842 }
843 ND_PRINT(" (%u)", length);
844 return;
845
846 trunc:
847 nd_print_trunc(ndo);
848 }
[mirror] the TCPdump network dissector