]> The Tcpdump Group git mirrors - tcpdump/blob - print-domain.c
projects / tcpdump / blob
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
don't pass on src & dst MAC adresses to the isoclns decoder as MAC adresses
[tcpdump] / print-domain.c
1 /*
2 * Copyright (c) 1988, 1989, 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997
3 * The Regents of the University of California. All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that: (1) source code distributions
7 * retain the above copyright notice and this paragraph in its entirety, (2)
8 * distributions including binary code include the above copyright notice and
9 * this paragraph in its entirety in the documentation or other materials
10 * provided with the distribution, and (3) all advertising materials mentioning
11 * features or use of this software display the following acknowledgement:
12 * ``This product includes software developed by the University of California,
13 * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of
14 * the University nor the names of its contributors may be used to endorse
15 * or promote products derived from this software without specific prior
16 * written permission.
17 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED
18 * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
19 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
20 */
21
22 #ifndef lint
23 static const char rcsid[] =
24 "@(#) $Header: /tcpdump/master/tcpdump/print-domain.c,v 1.84 2003-04-04 03:49:25 fenner Exp $ (LBL)";
25 #endif
26
27 #ifdef HAVE_CONFIG_H
28 #include "config.h"
29 #endif
30
31 #include <tcpdump-stdinc.h>
32
33 #include "nameser.h"
34
35 #include <stdio.h>
36 #include <string.h>
37
38 #include "interface.h"
39 #include "addrtoname.h"
40 #include "extract.h" /* must come after interface.h */
41
42 static const char *ns_ops[] = {
43 "", " inv_q", " stat", " op3", " notify", " update", " op6", " op7",
44 " op8", " updataA", " updateD", " updateDA",
45 " updateM", " updateMA", " zoneInit", " zoneRef",
46 };
47
48 static const char *ns_resp[] = {
49 "", " FormErr", " ServFail", " NXDomain",
50 " NotImp", " Refused", " YXDomain", " YXRRSet",
51 " NXRRSet", " NotAuth", " NotZone", " Resp11",
52 " Resp12", " Resp13", " Resp14", " NoChange",
53 };
54
55 /* skip over a domain name */
56 static const u_char *
57 ns_nskip(register const u_char *cp)
58 {
59 register u_char i;
60
61 if (!TTEST2(*cp, 1))
62 return (NULL);
63 i = *cp++;
64 while (i) {
65 if ((i & INDIR_MASK) == INDIR_MASK)
66 return (cp + 1);
67 if ((i & INDIR_MASK) == EDNS0_MASK) {
68 int bitlen, bytelen;
69
70 if ((i & ~INDIR_MASK) != EDNS0_ELT_BITLABEL)
71 return(NULL); /* unknown ELT */
72 if (!TTEST2(*cp, 1))
73 return (NULL);
74 if ((bitlen = *cp++) == 0)
75 bitlen = 256;
76 bytelen = (bitlen + 7) / 8;
77 cp += bytelen;
78 } else
79 cp += i;
80 if (!TTEST2(*cp, 1))
81 return (NULL);
82 i = *cp++;
83 }
84 return (cp);
85 }
86
87 /* print a <domain-name> */
88 static const u_char *
89 blabel_print(const u_char *cp)
90 {
91 int bitlen, slen, b;
92 int truncated = 0;
93 const u_char *bitp, *lim;
94 char tc;
95
96 if (!TTEST2(*cp, 1))
97 return(NULL);
98 if ((bitlen = *cp) == 0)
99 bitlen = 256;
100 slen = (bitlen + 3) / 4;
101 if ((lim = cp + 1 + slen) > snapend) {
102 truncated = 1;
103 lim = snapend;
104 }
105
106 /* print the bit string as a hex string */
107 printf("\\[x");
108 for (bitp = cp + 1, b = bitlen; bitp < lim && b > 7; b -= 8, bitp++)
109 printf("%02x", *bitp);
110 if (bitp == lim)
111 printf("...");
112 else if (b > 4) {
113 tc = *bitp++;
114 printf("%02x", tc & (0xff << (8 - b)));
115 } else if (b > 0) {
116 tc = *bitp++;
117 printf("%1x", ((tc >> 4) & 0x0f) & (0x0f << (4 - b)));
118 }
119 printf("/%d]", bitlen);
120
121 return(truncated ? NULL : lim);
122 }
123
124 static int
125 labellen(const u_char *cp)
126 {
127 register u_int i;
128
129 if (!TTEST2(*cp, 1))
130 return(-1);
131 i = *cp;
132 if ((i & INDIR_MASK) == EDNS0_MASK) {
133 int bitlen, elt;
134
135 if ((elt = (i & ~INDIR_MASK)) != EDNS0_ELT_BITLABEL)
136 return(-1);
137 if (!TTEST2(*(cp + 1), 1))
138 return(-1);
139 if ((bitlen = *(cp + 1)) == 0)
140 bitlen = 256;
141 return(((bitlen + 7) / 8) + 1);
142 } else
143 return(i);
144 }
145
146 static const u_char *
147 ns_nprint(register const u_char *cp, register const u_char *bp)
148 {
149 register u_int i, l;
150 register const u_char *rp = NULL;
151 register int compress = 0;
152 int chars_processed;
153 int elt;
154 int data_size = snapend - bp;
155
156 if ((l = labellen(cp)) == (u_int)-1)
157 return(NULL);
158 if (!TTEST2(*cp, 1))
159 return(NULL);
160 chars_processed = 1;
161 if (((i = *cp++) & INDIR_MASK) != INDIR_MASK) {
162 compress = 0;
163 rp = cp + l;
164 }
165
166 if (i != 0)
167 while (i && cp < snapend) {
168 if ((i & INDIR_MASK) == INDIR_MASK) {
169 if (!compress) {
170 rp = cp + 1;
171 compress = 1;
172 }
173 if (!TTEST2(*cp, 1))
174 return(NULL);
175 cp = bp + (((i << 8) | *cp) & 0x3fff);
176 if ((l = labellen(cp)) == (u_int)-1)
177 return(NULL);
178 if (!TTEST2(*cp, 1))
179 return(NULL);
180 i = *cp++;
181 chars_processed++;
182
183 /*
184 * If we've looked at every character in
185 * the message, this pointer will make
186 * us look at some character again,
187 * which means we're looping.
188 */
189 if (chars_processed >= data_size) {
190 printf("<LOOP>");
191 return (NULL);
192 }
193 continue;
194 }
195 if ((i & INDIR_MASK) == EDNS0_MASK) {
196 elt = (i & ~INDIR_MASK);
197 switch(elt) {
198 case EDNS0_ELT_BITLABEL:
199 if (blabel_print(cp) == NULL)
200 return (NULL);
201 break;
202 default:
203 /* unknown ELT */
204 printf("<ELT %d>", elt);
205 return(NULL);
206 }
207 } else {
208 if (fn_printn(cp, l, snapend))
209 return(NULL);
210 }
211
212 cp += l;
213 chars_processed += l;
214 putchar('.');
215 if ((l = labellen(cp)) == (u_int)-1)
216 return(NULL);
217 if (!TTEST2(*cp, 1))
218 return(NULL);
219 i = *cp++;
220 chars_processed++;
221 if (!compress)
222 rp += l + 1;
223 }
224 else
225 putchar('.');
226 return (rp);
227 }
228
229 /* print a <character-string> */
230 static const u_char *
231 ns_cprint(register const u_char *cp)
232 {
233 register u_int i;
234
235 if (!TTEST2(*cp, 1))
236 return (NULL);
237 i = *cp++;
238 if (fn_printn(cp, i, snapend))
239 return (NULL);
240 return (cp + i);
241 }
242
243 /* http://www.iana.org/assignments/dns-parameters */
244 struct tok ns_type2str[] = {
245 { T_A, "A" }, /* RFC 1035 */
246 { T_NS, "NS" }, /* RFC 1035 */
247 { T_MD, "MD" }, /* RFC 1035 */
248 { T_MF, "MF" }, /* RFC 1035 */
249 { T_CNAME, "CNAME" }, /* RFC 1035 */
250 { T_SOA, "SOA" }, /* RFC 1035 */
251 { T_MB, "MB" }, /* RFC 1035 */
252 { T_MG, "MG" }, /* RFC 1035 */
253 { T_MR, "MR" }, /* RFC 1035 */
254 { T_NULL, "NULL" }, /* RFC 1035 */
255 { T_WKS, "WKS" }, /* RFC 1035 */
256 { T_PTR, "PTR" }, /* RFC 1035 */
257 { T_HINFO, "HINFO" }, /* RFC 1035 */
258 { T_MINFO, "MINFO" }, /* RFC 1035 */
259 { T_MX, "MX" }, /* RFC 1035 */
260 { T_TXT, "TXT" }, /* RFC 1035 */
261 { T_RP, "RP" }, /* RFC 1183 */
262 { T_AFSDB, "AFSDB" }, /* RFC 1183 */
263 { T_X25, "X25" }, /* RFC 1183 */
264 { T_ISDN, "ISDN" }, /* RFC 1183 */
265 { T_RT, "RT" }, /* RFC 1183 */
266 { T_NSAP, "NSAP" }, /* RFC 1706 */
267 { T_NSAP_PTR, "NSAP_PTR" },
268 { T_SIG, "SIG" }, /* RFC 2535 */
269 { T_KEY, "KEY" }, /* RFC 2535 */
270 { T_PX, "PX" }, /* RFC 2163 */
271 { T_GPOS, "GPOS" }, /* RFC 1712 */
272 { T_AAAA, "AAAA" }, /* RFC 1886 */
273 { T_LOC, "LOC" }, /* RFC 1876 */
274 { T_NXT, "NXT" }, /* RFC 2535 */
275 { T_EID, "EID" }, /* Nimrod */
276 { T_NIMLOC, "NIMLOC" }, /* Nimrod */
277 { T_SRV, "SRV" }, /* RFC 2782 */
278 { T_ATMA, "ATMA" }, /* ATM Forum */
279 { T_NAPTR, "NAPTR" }, /* RFC 2168, RFC 2915 */
280 { T_A6, "A6" }, /* RFC 2874 */
281 { T_DNAME, "DNAME" }, /* RFC 2672 */
282 { T_OPT, "OPT" }, /* RFC 2671 */
283 { T_UINFO, "UINFO" },
284 { T_UID, "UID" },
285 { T_GID, "GID" },
286 { T_UNSPEC, "UNSPEC" },
287 { T_UNSPECA, "UNSPECA" },
288 { T_TKEY, "TKEY" }, /* RFC 2930 */
289 { T_TSIG, "TSIG" }, /* RFC 2845 */
290 { T_IXFR, "IXFR" }, /* RFC 1995 */
291 { T_AXFR, "AXFR" }, /* RFC 1035 */
292 { T_MAILB, "MAILB" }, /* RFC 1035 */
293 { T_MAILA, "MAILA" }, /* RFC 1035 */
294 { T_ANY, "ANY" },
295 { 0, NULL }
296 };
297
298 struct tok ns_class2str[] = {
299 { C_IN, "IN" }, /* Not used */
300 { C_CHAOS, "CHAOS" },
301 { C_HS, "HS" },
302 { C_ANY, "ANY" },
303 { 0, NULL }
304 };
305
306 /* print a query */
307 static const u_char *
308 ns_qprint(register const u_char *cp, register const u_char *bp)
309 {
310 register const u_char *np = cp;
311 register u_int i;
312
313 cp = ns_nskip(cp);
314
315 if (cp == NULL || !TTEST2(*cp, 4))
316 return(NULL);
317
318 /* print the qtype and qclass (if it's not IN) */
319 i = EXTRACT_16BITS(cp);
320 cp += 2;
321 printf(" %s", tok2str(ns_type2str, "Type%d", i));
322 i = EXTRACT_16BITS(cp);
323 cp += 2;
324 if (i != C_IN)
325 printf(" %s", tok2str(ns_class2str, "(Class %d)", i));
326
327 fputs("? ", stdout);
328 cp = ns_nprint(np, bp);
329 return(cp ? cp + 4 : NULL);
330 }
331
332 /* print a reply */
333 static const u_char *
334 ns_rprint(register const u_char *cp, register const u_char *bp)
335 {
336 register u_int class;
337 register u_short typ, len;
338 register const u_char *rp;
339
340 if (vflag) {
341 putchar(' ');
342 if ((cp = ns_nprint(cp, bp)) == NULL)
343 return NULL;
344 } else
345 cp = ns_nskip(cp);
346
347 if (cp == NULL || !TTEST2(*cp, 10))
348 return (snapend);
349
350 /* print the type/qtype and class (if it's not IN) */
351 typ = EXTRACT_16BITS(cp);
352 cp += 2;
353 class = EXTRACT_16BITS(cp);
354 cp += 2;
355 if (class != C_IN && typ != T_OPT)
356 printf(" %s", tok2str(ns_class2str, "(Class %d)", class));
357
358 /* ignore ttl */
359 cp += 4;
360
361 len = EXTRACT_16BITS(cp);
362 cp += 2;
363
364 rp = cp + len;
365
366 printf(" %s", tok2str(ns_type2str, "Type%d", typ));
367 if (rp > snapend)
368 return(NULL);
369
370 switch (typ) {
371 case T_A:
372 if (!TTEST2(*cp, sizeof(struct in_addr)))
373 return(NULL);
374 printf(" %s", ipaddr_string(cp));
375 break;
376
377 case T_NS:
378 case T_CNAME:
379 case T_PTR:
380 #ifdef T_DNAME
381 case T_DNAME:
382 #endif
383 putchar(' ');
384 if (ns_nprint(cp, bp) == NULL)
385 return(NULL);
386 break;
387
388 case T_SOA:
389 if (!vflag)
390 break;
391 putchar(' ');
392 if ((cp = ns_nprint(cp, bp)) == NULL)
393 return(NULL);
394 putchar(' ');
395 if ((cp = ns_nprint(cp, bp)) == NULL)
396 return(NULL);
397 if (!TTEST2(*cp, 5 * 4))
398 return(NULL);
399 printf(" %u", EXTRACT_32BITS(cp));
400 cp += 4;
401 printf(" %u", EXTRACT_32BITS(cp));
402 cp += 4;
403 printf(" %u", EXTRACT_32BITS(cp));
404 cp += 4;
405 printf(" %u", EXTRACT_32BITS(cp));
406 cp += 4;
407 printf(" %u", EXTRACT_32BITS(cp));
408 cp += 4;
409 break;
410 case T_MX:
411 putchar(' ');
412 if (!TTEST2(*cp, 2))
413 return(NULL);
414 if (ns_nprint(cp + 2, bp) == NULL)
415 return(NULL);
416 printf(" %d", EXTRACT_16BITS(cp));
417 break;
418
419 case T_TXT:
420 while (cp < rp) {
421 printf(" \"");
422 cp = ns_cprint(cp);
423 if (cp == NULL)
424 return(NULL);
425 putchar('"');
426 }
427 break;
428
429 case T_SRV:
430 putchar(' ');
431 if (!TTEST2(*cp, 6))
432 return(NULL);
433 if (ns_nprint(cp + 6, bp) == NULL)
434 return(NULL);
435 printf(":%d %d %d", EXTRACT_16BITS(cp + 4),
436 EXTRACT_16BITS(cp), EXTRACT_16BITS(cp + 2));
437 break;
438
439 #ifdef INET6
440 case T_AAAA:
441 if (!TTEST2(*cp, sizeof(struct in6_addr)))
442 return(NULL);
443 printf(" %s", ip6addr_string(cp));
444 break;
445
446 case T_A6:
447 {
448 struct in6_addr a;
449 int pbit, pbyte;
450
451 if (!TTEST2(*cp, 1))
452 return(NULL);
453 pbit = *cp;
454 pbyte = (pbit & ~7) / 8;
455 if (pbit > 128) {
456 printf(" %u(bad plen)", pbit);
457 break;
458 } else if (pbit < 128) {
459 if (!TTEST2(*(cp + 1), sizeof(a) - pbyte))
460 return(NULL);
461 memset(&a, 0, sizeof(a));
462 memcpy(&a.s6_addr[pbyte], cp + 1, sizeof(a) - pbyte);
463 printf(" %u %s", pbit, ip6addr_string(&a));
464 }
465 if (pbit > 0) {
466 putchar(' ');
467 if (ns_nprint(cp + 1 + sizeof(a) - pbyte, bp) == NULL)
468 return(NULL);
469 }
470 break;
471 }
472 #endif /*INET6*/
473
474 case T_OPT:
475 printf(" UDPsize=%u", class);
476 break;
477
478 case T_UNSPECA: /* One long string */
479 if (!TTEST2(*cp, len))
480 return(NULL);
481 if (fn_printn(cp, len, snapend))
482 return(NULL);
483 break;
484
485 case T_TSIG:
486 {
487 if (cp + len > snapend)
488 return(NULL);
489 if (!vflag)
490 break;
491 putchar(' ');
492 if ((cp = ns_nprint(cp, bp)) == NULL)
493 return(NULL);
494 cp += 6;
495 if (!TTEST2(*cp, 2))
496 return(NULL);
497 printf(" fudge=%u", EXTRACT_16BITS(cp));
498 cp += 2;
499 if (!TTEST2(*cp, 2))
500 return(NULL);
501 printf(" maclen=%u", EXTRACT_16BITS(cp));
502 cp += 2 + EXTRACT_16BITS(cp);
503 if (!TTEST2(*cp, 2))
504 return(NULL);
505 printf(" origid=%u", EXTRACT_16BITS(cp));
506 cp += 2;
507 if (!TTEST2(*cp, 2))
508 return(NULL);
509 printf(" error=%u", EXTRACT_16BITS(cp));
510 cp += 2;
511 if (!TTEST2(*cp, 2))
512 return(NULL);
513 printf(" otherlen=%u", EXTRACT_16BITS(cp));
514 cp += 2;
515 }
516 }
517 return (rp); /* XXX This isn't always right */
518 }
519
520 void
521 ns_print(register const u_char *bp, u_int length)
522 {
523 register const HEADER *np;
524 register int qdcount, ancount, nscount, arcount;
525 register const u_char *cp;
526 u_int16_t b2;
527
528 np = (const HEADER *)bp;
529 TCHECK(*np);
530 /* get the byte-order right */
531 qdcount = EXTRACT_16BITS(&np->qdcount);
532 ancount = EXTRACT_16BITS(&np->ancount);
533 nscount = EXTRACT_16BITS(&np->nscount);
534 arcount = EXTRACT_16BITS(&np->arcount);
535
536 if (DNS_QR(np)) {
537 /* this is a response */
538 printf(" %d%s%s%s%s%s%s",
539 EXTRACT_16BITS(&np->id),
540 ns_ops[DNS_OPCODE(np)],
541 ns_resp[DNS_RCODE(np)],
542 DNS_AA(np)? "*" : "",
543 DNS_RA(np)? "" : "-",
544 DNS_TC(np)? "|" : "",
545 DNS_CD(np)? "%" : "");
546
547 if (qdcount != 1)
548 printf(" [%dq]", qdcount);
549 /* Print QUESTION section on -vv */
550 cp = (const u_char *)(np + 1);
551 while (qdcount--) {
552 if (qdcount < EXTRACT_16BITS(&np->qdcount) - 1)
553 putchar(',');
554 if (vflag > 1) {
555 fputs(" q:", stdout);
556 if ((cp = ns_qprint(cp, bp)) == NULL)
557 goto trunc;
558 } else {
559 if ((cp = ns_nskip(cp)) == NULL)
560 goto trunc;
561 cp += 4; /* skip QTYPE and QCLASS */
562 }
563 }
564 printf(" %d/%d/%d", ancount, nscount, arcount);
565 if (ancount--) {
566 if ((cp = ns_rprint(cp, bp)) == NULL)
567 goto trunc;
568 while (cp < snapend && ancount--) {
569 putchar(',');
570 if ((cp = ns_rprint(cp, bp)) == NULL)
571 goto trunc;
572 }
573 }
574 if (ancount > 0)
575 goto trunc;
576 /* Print NS and AR sections on -vv */
577 if (vflag > 1) {
578 if (cp < snapend && nscount--) {
579 fputs(" ns:", stdout);
580 if ((cp = ns_rprint(cp, bp)) == NULL)
581 goto trunc;
582 while (cp < snapend && nscount--) {
583 putchar(',');
584 if ((cp = ns_rprint(cp, bp)) == NULL)
585 goto trunc;
586 }
587 }
588 if (nscount > 0)
589 goto trunc;
590 if (cp < snapend && arcount--) {
591 fputs(" ar:", stdout);
592 if ((cp = ns_rprint(cp, bp)) == NULL)
593 goto trunc;
594 while (cp < snapend && arcount--) {
595 putchar(',');
596 if ((cp = ns_rprint(cp, bp)) == NULL)
597 goto trunc;
598 }
599 }
600 if (arcount > 0)
601 goto trunc;
602 }
603 }
604 else {
605 /* this is a request */
606 printf(" %d%s%s%s", EXTRACT_16BITS(&np->id), ns_ops[DNS_OPCODE(np)],
607 DNS_RD(np) ? "+" : "",
608 DNS_AD(np) ? "$" : "");
609
610 /* any weirdness? */
611 b2 = EXTRACT_16BITS(((u_short *)np)+1);
612 if (b2 & 0x6cf)
613 printf(" [b2&3=0x%x]", b2);
614
615 if (DNS_OPCODE(np) == IQUERY) {
616 if (qdcount)
617 printf(" [%dq]", qdcount);
618 if (ancount != 1)
619 printf(" [%da]", ancount);
620 }
621 else {
622 if (ancount)
623 printf(" [%da]", ancount);
624 if (qdcount != 1)
625 printf(" [%dq]", qdcount);
626 }
627 if (nscount)
628 printf(" [%dn]", nscount);
629 if (arcount)
630 printf(" [%dau]", arcount);
631
632 cp = (const u_char *)(np + 1);
633 if (qdcount--) {
634 cp = ns_qprint(cp, (const u_char *)np);
635 if (!cp)
636 goto trunc;
637 while (cp < snapend && qdcount--) {
638 cp = ns_qprint((const u_char *)cp,
639 (const u_char *)np);
640 if (!cp)
641 goto trunc;
642 }
643 }
644 if (qdcount > 0)
645 goto trunc;
646
647 /* Print remaining sections on -vv */
648 if (vflag > 1) {
649 if (ancount--) {
650 if ((cp = ns_rprint(cp, bp)) == NULL)
651 goto trunc;
652 while (cp < snapend && ancount--) {
653 putchar(',');
654 if ((cp = ns_rprint(cp, bp)) == NULL)
655 goto trunc;
656 }
657 }
658 if (ancount > 0)
659 goto trunc;
660 if (cp < snapend && nscount--) {
661 fputs(" ns:", stdout);
662 if ((cp = ns_rprint(cp, bp)) == NULL)
663 goto trunc;
664 while (nscount-- && cp < snapend) {
665 putchar(',');
666 if ((cp = ns_rprint(cp, bp)) == NULL)
667 goto trunc;
668 }
669 }
670 if (nscount > 0)
671 goto trunc;
672 if (cp < snapend && arcount--) {
673 fputs(" ar:", stdout);
674 if ((cp = ns_rprint(cp, bp)) == NULL)
675 goto trunc;
676 while (cp < snapend && arcount--) {
677 putchar(',');
678 if ((cp = ns_rprint(cp, bp)) == NULL)
679 goto trunc;
680 }
681 }
682 if (arcount > 0)
683 goto trunc;
684 }
685 }
686 printf(" (%d)", length);
687 return;
688
689 trunc:
690 printf("[|domain]");
691 return;
692 }
[mirror] the TCPdump network dissector