]> The Tcpdump Group git mirrors - tcpdump/blob - print-domain.c
projects / tcpdump / blob
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
CI: Add warning exemptions for Sun C (suncc-5.14) on Solaris 10
[tcpdump] / print-domain.c
1 /*
2 * Copyright (c) 1988, 1989, 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997
3 * The Regents of the University of California. All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that: (1) source code distributions
7 * retain the above copyright notice and this paragraph in its entirety, (2)
8 * distributions including binary code include the above copyright notice and
9 * this paragraph in its entirety in the documentation or other materials
10 * provided with the distribution, and (3) all advertising materials mentioning
11 * features or use of this software display the following acknowledgement:
12 * ``This product includes software developed by the University of California,
13 * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of
14 * the University nor the names of its contributors may be used to endorse
15 * or promote products derived from this software without specific prior
16 * written permission.
17 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED
18 * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
19 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
20 */
21
22 /* \summary: Domain Name System (DNS) printer */
23
24 #include <config.h>
25
26 #include "netdissect-stdinc.h"
27
28 #include <string.h>
29
30 #include "netdissect.h"
31 #include "addrtoname.h"
32 #include "addrtostr.h"
33 #include "extract.h"
34
35 #include "nameser.h"
36
37 static const char *ns_ops[] = {
38 "", " inv_q", " stat", " op3", " notify", " update", " op6", " op7",
39 " op8", " updateA", " updateD", " updateDA",
40 " updateM", " updateMA", " zoneInit", " zoneRef",
41 };
42
43 static const char *ns_resp[] = {
44 "", " FormErr", " ServFail", " NXDomain",
45 " NotImp", " Refused", " YXDomain", " YXRRSet",
46 " NXRRSet", " NotAuth", " NotZone", " Resp11",
47 " Resp12", " Resp13", " Resp14", " NoChange",
48 " BadVers", "Resp17", " Resp18", " Resp19",
49 " Resp20", "Resp21", " Resp22", " BadCookie",
50 };
51
52 static const char *
53 ns_rcode(u_int rcode) {
54 static char buf[sizeof(" Resp4095")];
55
56 if (rcode < sizeof(ns_resp)/sizeof(ns_resp[0])) {
57 return (ns_resp[rcode]);
58 }
59 snprintf(buf, sizeof(buf), " Resp%u", rcode & 0xfff);
60 return (buf);
61 }
62
63 /* skip over a domain name */
64 static const u_char *
65 ns_nskip(netdissect_options *ndo,
66 const u_char *cp)
67 {
68 u_char i;
69
70 if (!ND_TTEST_1(cp))
71 return (NULL);
72 i = GET_U_1(cp);
73 cp++;
74 while (i) {
75 switch (i & TYPE_MASK) {
76
77 case TYPE_INDIR:
78 return (cp + 1);
79
80 case TYPE_EDNS0: {
81 int bitlen, bytelen;
82
83 if ((i & ~TYPE_MASK) != EDNS0_ELT_BITLABEL)
84 return(NULL); /* unknown ELT */
85 if (!ND_TTEST_1(cp))
86 return (NULL);
87 if ((bitlen = GET_U_1(cp)) == 0)
88 bitlen = 256;
89 cp++;
90 bytelen = (bitlen + 7) / 8;
91 cp += bytelen;
92 }
93 break;
94
95 case TYPE_RESERVED:
96 return (NULL);
97
98 case TYPE_LABEL:
99 cp += i;
100 break;
101 }
102 if (!ND_TTEST_1(cp))
103 return (NULL);
104 i = GET_U_1(cp);
105 cp++;
106 }
107 return (cp);
108 }
109
110 static const u_char *
111 blabel_print(netdissect_options *ndo,
112 const u_char *cp)
113 {
114 u_int bitlen, slen, b;
115 const u_char *bitp, *lim;
116 uint8_t tc;
117
118 if (!ND_TTEST_1(cp))
119 return(NULL);
120 if ((bitlen = GET_U_1(cp)) == 0)
121 bitlen = 256;
122 slen = (bitlen + 3) / 4;
123 lim = cp + 1 + slen;
124
125 /* print the bit string as a hex string */
126 ND_PRINT("\\[x");
127 for (bitp = cp + 1, b = bitlen; bitp < lim && b > 7; b -= 8, bitp++) {
128 ND_PRINT("%02x", GET_U_1(bitp));
129 }
130 if (b > 4) {
131 tc = GET_U_1(bitp);
132 bitp++;
133 ND_PRINT("%02x", tc & (0xff << (8 - b)));
134 } else if (b > 0) {
135 tc = GET_U_1(bitp);
136 bitp++;
137 ND_PRINT("%1x", ((tc >> 4) & 0x0f) & (0x0f << (4 - b)));
138 }
139 ND_PRINT("/%u]", bitlen);
140 return lim;
141 }
142
143 static int
144 labellen(netdissect_options *ndo,
145 const u_char *cp)
146 {
147 u_int i;
148
149 if (!ND_TTEST_1(cp))
150 return(-1);
151 i = GET_U_1(cp);
152 switch (i & TYPE_MASK) {
153
154 case TYPE_EDNS0: {
155 u_int bitlen, elt;
156 if ((elt = (i & ~TYPE_MASK)) != EDNS0_ELT_BITLABEL) {
157 ND_PRINT("<ELT %d>", elt);
158 return(-1);
159 }
160 if (!ND_TTEST_1(cp + 1))
161 return(-1);
162 if ((bitlen = GET_U_1(cp + 1)) == 0)
163 bitlen = 256;
164 return(((bitlen + 7) / 8) + 1);
165 }
166
167 case TYPE_INDIR:
168 case TYPE_LABEL:
169 return(i);
170
171 default:
172 /*
173 * TYPE_RESERVED, but we use default to suppress compiler
174 * warnings about falling out of the switch statement.
175 */
176 ND_PRINT("<BAD LABEL TYPE>");
177 return(-1);
178 }
179 }
180
181 /* print a <domain-name> */
182 const u_char *
183 fqdn_print(netdissect_options *ndo,
184 const u_char *cp, const u_char *bp)
185 {
186 u_int i, l;
187 const u_char *rp = NULL;
188 int compress = 0;
189 u_int elt;
190 u_int offset, max_offset;
191 u_int name_chars = 0;
192
193 if ((l = labellen(ndo, cp)) == (u_int)-1)
194 return(NULL);
195 if (!ND_TTEST_1(cp))
196 return(NULL);
197 max_offset = (u_int)(cp - bp);
198 i = GET_U_1(cp);
199 cp++;
200 if ((i & TYPE_MASK) != TYPE_INDIR) {
201 compress = 0;
202 rp = cp + l;
203 }
204
205 if (i != 0) {
206 while (i && cp < ndo->ndo_snapend) {
207 switch (i & TYPE_MASK) {
208
209 case TYPE_INDIR:
210 if (!compress) {
211 rp = cp + 1;
212 compress = 1;
213 }
214 if (!ND_TTEST_1(cp))
215 return(NULL);
216 offset = (((i << 8) | GET_U_1(cp)) & 0x3fff);
217 /*
218 * This must move backwards in the packet.
219 * No RFC explicitly says that, but BIND's
220 * name decompression code requires it,
221 * as a way of preventing infinite loops
222 * and other bad behavior, and it's probably
223 * what was intended (compress by pointing
224 * to domain name suffixes already seen in
225 * the packet).
226 */
227 if (offset >= max_offset) {
228 ND_PRINT("<BAD PTR>");
229 return(NULL);
230 }
231 max_offset = offset;
232 cp = bp + offset;
233 if (!ND_TTEST_1(cp))
234 return(NULL);
235 i = GET_U_1(cp);
236 if ((l = labellen(ndo, cp)) == (u_int)-1)
237 return(NULL);
238 cp++;
239 continue;
240
241 case TYPE_EDNS0:
242 elt = (i & ~TYPE_MASK);
243 switch(elt) {
244 case EDNS0_ELT_BITLABEL:
245 if (blabel_print(ndo, cp) == NULL)
246 return (NULL);
247 break;
248 default:
249 /* unknown ELT */
250 ND_PRINT("<ELT %u>", elt);
251 return(NULL);
252 }
253 break;
254
255 case TYPE_RESERVED:
256 ND_PRINT("<BAD LABEL TYPE>");
257 return(NULL);
258
259 case TYPE_LABEL:
260 if (name_chars + l <= MAXCDNAME) {
261 if (nd_printn(ndo, cp, l, ndo->ndo_snapend))
262 return(NULL);
263 } else if (name_chars < MAXCDNAME) {
264 if (nd_printn(ndo, cp,
265 MAXCDNAME - name_chars, ndo->ndo_snapend))
266 return(NULL);
267 }
268 name_chars += l;
269 break;
270 }
271
272 cp += l;
273 if (name_chars <= MAXCDNAME)
274 ND_PRINT(".");
275 name_chars++;
276 if (!ND_TTEST_1(cp))
277 return(NULL);
278 i = GET_U_1(cp);
279 if ((l = labellen(ndo, cp)) == (u_int)-1)
280 return(NULL);
281 cp++;
282 if (!compress)
283 rp += l + 1;
284 }
285 if (name_chars > MAXCDNAME)
286 ND_PRINT("<DOMAIN NAME TOO LONG>");
287 } else
288 ND_PRINT(".");
289 return (rp);
290 }
291
292 /* print a <character-string> */
293 static const u_char *
294 ns_cprint(netdissect_options *ndo,
295 const u_char *cp)
296 {
297 u_int i;
298
299 if (!ND_TTEST_1(cp))
300 return (NULL);
301 i = GET_U_1(cp);
302 cp++;
303 if (nd_printn(ndo, cp, i, ndo->ndo_snapend))
304 return (NULL);
305 return (cp + i);
306 }
307
308 static void
309 print_eopt_ecs(netdissect_options *ndo, const u_char *cp,
310 u_int data_len)
311 {
312 u_int family, addr_bits, src_len, scope_len;
313
314 u_char padded[32];
315 char addr[INET6_ADDRSTRLEN];
316
317 /* ecs option must at least contain family, src len, and scope len */
318 if (data_len < 4) {
319 nd_print_invalid(ndo);
320 return;
321 }
322
323 family = GET_BE_U_2(cp);
324 cp += 2;
325 src_len = GET_U_1(cp);
326 cp += 1;
327 scope_len = GET_U_1(cp);
328 cp += 1;
329
330 if (family == 1)
331 addr_bits = 32;
332 else if (family == 2)
333 addr_bits = 128;
334 else {
335 nd_print_invalid(ndo);
336 return;
337 }
338
339 if (data_len - 4 > (addr_bits / 8)) {
340 nd_print_invalid(ndo);
341 return;
342 }
343 /* checks for invalid ecs scope or source length */
344 if (src_len > addr_bits || scope_len > addr_bits || ((src_len + 7) / 8) != (data_len - 4)) {
345 nd_print_invalid(ndo);
346 return;
347 }
348
349 /* pad the truncated address from ecs with zeros */
350 memset(padded, 0, sizeof(padded));
351 memcpy(padded, cp, data_len - 4);
352
353
354 if (family == 1)
355 ND_PRINT("%s/%d/%d", addrtostr(padded, addr, INET_ADDRSTRLEN),
356 src_len, scope_len);
357 else
358 ND_PRINT("%s/%d/%d", addrtostr6(padded, addr, INET6_ADDRSTRLEN),
359 src_len, scope_len);
360
361 }
362
363 extern const struct tok edns_opt2str[];
364 extern const struct tok dau_alg2str[];
365 extern const struct tok dhu_alg2str[];
366 extern const struct tok n3u_alg2str[];
367
368
369 /* print an <EDNS-option> */
370 static const u_char *
371 eopt_print(netdissect_options *ndo,
372 const u_char *cp)
373 {
374 u_int opt, data_len, i;
375
376 if (!ND_TTEST_2(cp))
377 return (NULL);
378 opt = GET_BE_U_2(cp);
379 cp += 2;
380 ND_PRINT("%s", tok2str(edns_opt2str, "Opt%u", opt));
381 if (!ND_TTEST_2(cp))
382 return (NULL);
383 data_len = GET_BE_U_2(cp);
384 cp += 2;
385
386 ND_TCHECK_LEN(cp, data_len);
387
388 if (data_len > 0) {
389 ND_PRINT(" ");
390 switch (opt) {
391
392 case E_ECS:
393 print_eopt_ecs(ndo, cp, data_len);
394 break;
395 case E_COOKIE:
396 if (data_len < 8 || (data_len > 8 && data_len < 16) || data_len > 40)
397 nd_print_invalid(ndo);
398 else {
399 for (i = 0; i < data_len; ++i) {
400 /* split client and server cookie */
401 if (i == 8)
402 ND_PRINT(" ");
403 ND_PRINT("%02x", GET_U_1(cp + i));
404 }
405 }
406 break;
407 case E_KEEPALIVE:
408 if (data_len != 2)
409 nd_print_invalid(ndo);
410 else
411 /* keepalive is in increments of 100ms. Convert to seconds */
412 ND_PRINT("%0.1f sec", (GET_BE_U_2(cp) / 10.0));
413 break;
414 case E_EXPIRE:
415 if (data_len != 4)
416 nd_print_invalid(ndo);
417 else
418 ND_PRINT("%u sec", GET_BE_U_4(cp));
419 break;
420 case E_PADDING:
421 /* ignore contents and just print length */
422 ND_PRINT("(%u)", data_len);
423 break;
424 case E_KEYTAG:
425 if (data_len % 2 != 0)
426 nd_print_invalid(ndo);
427 else
428 for (i = 0; i < data_len; i += 2) {
429 if (i > 0)
430 ND_PRINT(" ");
431 ND_PRINT("%u", GET_BE_U_2(cp + i));
432 }
433 break;
434 case E_DAU:
435 for (i = 0; i < data_len; ++i) {
436 if (i > 0)
437 ND_PRINT(" ");
438 ND_PRINT("%s", tok2str(dau_alg2str, "Alg_%u", GET_U_1(cp + i)));
439 }
440 break;
441 case E_DHU:
442 for (i = 0; i < data_len; ++i) {
443 if (i > 0)
444 ND_PRINT(" ");
445 ND_PRINT("%s", tok2str(dhu_alg2str, "Alg_%u", GET_U_1(cp + i)));
446 }
447 break;
448 case E_N3U:
449 for (i = 0; i < data_len; ++i) {
450 if (i > 0)
451 ND_PRINT(" ");
452 ND_PRINT("%s", tok2str(n3u_alg2str, "Alg_%u", GET_U_1(cp + i)));
453 }
454 break;
455 case E_CHAIN:
456 fqdn_print(ndo, cp, cp + data_len);
457 break;
458 case E_NSID:
459 /* intentional fall-through. NSID is an undefined byte string */
460 default:
461 for (i = 0; i < data_len; ++i)
462 ND_PRINT("%02x", GET_U_1(cp + i));
463 break;
464 }
465 }
466 return (cp + data_len);
467
468 trunc:
469 return (NULL);
470
471 }
472
473
474
475 extern const struct tok ns_type2str[];
476
477 /* https://www.iana.org/assignments/dns-parameters */
478 const struct tok ns_type2str[] = {
479 { T_A, "A" }, /* RFC 1035 */
480 { T_NS, "NS" }, /* RFC 1035 */
481 { T_MD, "MD" }, /* RFC 1035 */
482 { T_MF, "MF" }, /* RFC 1035 */
483 { T_CNAME, "CNAME" }, /* RFC 1035 */
484 { T_SOA, "SOA" }, /* RFC 1035 */
485 { T_MB, "MB" }, /* RFC 1035 */
486 { T_MG, "MG" }, /* RFC 1035 */
487 { T_MR, "MR" }, /* RFC 1035 */
488 { T_NULL, "NULL" }, /* RFC 1035 */
489 { T_WKS, "WKS" }, /* RFC 1035 */
490 { T_PTR, "PTR" }, /* RFC 1035 */
491 { T_HINFO, "HINFO" }, /* RFC 1035 */
492 { T_MINFO, "MINFO" }, /* RFC 1035 */
493 { T_MX, "MX" }, /* RFC 1035 */
494 { T_TXT, "TXT" }, /* RFC 1035 */
495 { T_RP, "RP" }, /* RFC 1183 */
496 { T_AFSDB, "AFSDB" }, /* RFC 5864 */
497 { T_X25, "X25" }, /* RFC 1183 */
498 { T_ISDN, "ISDN" }, /* RFC 1183 */
499 { T_RT, "RT" }, /* RFC 1183 */
500 { T_NSAP, "NSAP" }, /* RFC 1706 */
501 { T_NSAP_PTR, "NSAP_PTR" }, /* RFC 1706 */
502 { T_SIG, "SIG" }, /* RFC 3008 */
503 { T_KEY, "KEY" }, /* RFC 3110 */
504 { T_PX, "PX" }, /* RFC 2163 */
505 { T_GPOS, "GPOS" }, /* RFC 1712 */
506 { T_AAAA, "AAAA" }, /* RFC 3596 */
507 { T_LOC, "LOC" }, /* RFC 1876 */
508 { T_NXT, "NXT" }, /* RFC 3755 */
509 { T_EID, "EID" }, /* Nimrod */
510 { T_NIMLOC, "NIMLOC" }, /* Nimrod */
511 { T_SRV, "SRV" }, /* RFC 2782 */
512 { T_ATMA, "ATMA" }, /* ATM Forum */
513 { T_NAPTR, "NAPTR" }, /* RFC 3403 */
514 { T_KX, "KX" }, /* RFC 2230 */
515 { T_CERT, "CERT" }, /* RFC 4398 */
516 { T_A6, "A6" }, /* RFC 6563 */
517 { T_DNAME, "DNAME" }, /* RFC 6672 */
518 { T_SINK, "SINK" },
519 { T_OPT, "OPT" }, /* RFC 6891 */
520 { T_APL, "APL" }, /* RFC 3123 */
521 { T_DS, "DS" }, /* RFC 4034 */
522 { T_SSHFP, "SSHFP" }, /* RFC 4255 */
523 { T_IPSECKEY, "IPSECKEY" }, /* RFC 4025 */
524 { T_RRSIG, "RRSIG" }, /* RFC 4034 */
525 { T_NSEC, "NSEC" }, /* RFC 4034 */
526 { T_DNSKEY, "DNSKEY" }, /* RFC 4034 */
527 { T_DHCID, "DHCID" }, /* RFC 4071 */
528 { T_NSEC3, "NSEC3" }, /* RFC 5155 */
529 { T_NSEC3PARAM, "NSEC3PARAM" }, /* RFC 5155 */
530 { T_TLSA, "TLSA" }, /* RFC 6698 */
531 { T_SMIMEA, "SMIMEA" }, /* RFC 8162 */
532 { T_HIP, "HIP" }, /* RFC 8005 */
533 { T_NINFO, "NINFO" },
534 { T_RKEY, "RKEY" },
535 { T_TALINK, "TALINK" },
536 { T_CDS, "CDS" }, /* RFC 7344 */
537 { T_CDNSKEY, "CDNSKEY" }, /* RFC 7344 */
538 { T_OPENPGPKEY, "OPENPGPKEY" }, /* RFC 7929 */
539 { T_CSYNC, "CSYNC" }, /* RFC 7477 */
540 { T_ZONEMD, "ZONEMD" }, /* RFC 8976 */
541 { T_SVCB, "SVCB" },
542 { T_HTTPS, "HTTPS" },
543 { T_SPF, "SPF" }, /* RFC 7208 */
544 { T_UINFO, "UINFO" },
545 { T_UID, "UID" },
546 { T_GID, "GID" },
547 { T_UNSPEC, "UNSPEC" },
548 { T_NID, "NID" }, /* RFC 6742 */
549 { T_L32, "L32" }, /* RFC 6742 */
550 { T_L64, "L64" }, /* RFC 6742 */
551 { T_LP, "LP" }, /* RFC 6742 */
552 { T_EUI48, "EUI48" }, /* RFC 7043 */
553 { T_EUI64, "EUI64" }, /* RFC 7043 */
554 { T_TKEY, "TKEY" }, /* RFC 2930 */
555 { T_TSIG, "TSIG" }, /* RFC 8945 */
556 { T_IXFR, "IXFR" }, /* RFC 1995 */
557 { T_AXFR, "AXFR" }, /* RFC 5936 */
558 { T_MAILB, "MAILB" }, /* RFC 1035 */
559 { T_MAILA, "MAILA" }, /* RFC 1035 */
560 { T_ANY, "ANY" }, /* RFC 8482 */
561 { T_URI, "URI" }, /* RFC 7553 */
562 { T_CAA, "CAA" }, /* RFC 8659 */
563 { T_AVC, "AVC" },
564 { T_DOA, "DOA" },
565 { T_AMTRELAY, "AMTRELAY" }, /* RFC 8777 */
566 { T_TA, "TA" },
567 { T_DLV, "DLV" }, /* RFC 8749 */
568 { 0, NULL }
569 };
570
571 extern const struct tok ns_class2str[];
572
573 const struct tok ns_class2str[] = {
574 { C_IN, "IN" }, /* Not used */
575 { C_CHAOS, "CHAOS" },
576 { C_HS, "HS" },
577 { C_ANY, "ANY" },
578 { 0, NULL }
579 };
580
581 const struct tok edns_opt2str[] = {
582 { E_LLQ, "LLQ" },
583 { E_UL, "UL" },
584 { E_NSID, "NSID" },
585 { E_DAU, "DAU" },
586 { E_DHU, "DHU" },
587 { E_N3U, "N3U" },
588 { E_ECS, "ECS" },
589 { E_EXPIRE, "EXPIRE" },
590 { E_COOKIE, "COOKIE" },
591 { E_KEEPALIVE, "KEEPALIVE" },
592 { E_PADDING, "PADDING" },
593 { E_CHAIN, "CHAIN" },
594 { E_KEYTAG, "KEY-TAG" },
595 { E_CLIENTTAG, "CLIENT-TAG" },
596 { E_SERVERTAG, "SERVER-TAG" },
597 { 0, NULL }
598 };
599
600 const struct tok dau_alg2str[] = {
601 { A_DELETE, "DELETE" },
602 { A_RSAMD5, "RSAMD5" },
603 { A_DH, "DH" },
604 { A_DSA, "DS" },
605 { A_RSASHA1, "RSASHA1" },
606 { A_DSA_NSEC3_SHA1, "DSA-NSEC3-SHA1" },
607 { A_RSASHA1_NSEC3_SHA1, "RSASHA1-NSEC3-SHA1" },
608 { A_RSASHA256, "RSASHA256" },
609 { A_RSASHA512, "RSASHA512" },
610 { A_ECC_GOST, "ECC-GOST" },
611 { A_ECDSAP256SHA256, "ECDSAP256SHA256" },
612 { A_ECDSAP384SHA384, "ECDSAP384SHA384" },
613 { A_ED25519, "ED25519" },
614 { A_ED448, "ED448" },
615 { A_INDIRECT, "INDIRECT" },
616 { A_PRIVATEDNS, "PRIVATEDNS" },
617 { A_PRIVATEOID, "PRIVATEOID" },
618 { 0, NULL }
619 };
620
621 const struct tok dhu_alg2str[] = {
622 { DS_SHA1, "SHA-1" },
623 { DS_SHA256,"SHA-256" },
624 { DS_GOST, "GOST_R_34.11-94" },
625 { DS_SHA384,"SHA-384" },
626 { 0, NULL }
627 };
628
629 const struct tok n3u_alg2str[] = {
630 { NSEC_SHA1,"SHA-1" },
631 { 0, NULL }
632 };
633
634 /* print a query */
635 static const u_char *
636 ns_qprint(netdissect_options *ndo,
637 const u_char *cp, const u_char *bp, int is_mdns)
638 {
639 const u_char *np = cp;
640 u_int i, class;
641
642 cp = ns_nskip(ndo, cp);
643
644 if (cp == NULL || !ND_TTEST_4(cp))
645 return(NULL);
646
647 /* print the qtype */
648 i = GET_BE_U_2(cp);
649 cp += 2;
650 ND_PRINT(" %s", tok2str(ns_type2str, "Type%u", i));
651 /* print the qclass (if it's not IN) */
652 i = GET_BE_U_2(cp);
653 cp += 2;
654 if (is_mdns)
655 class = (i & ~C_QU);
656 else
657 class = i;
658 if (class != C_IN)
659 ND_PRINT(" %s", tok2str(ns_class2str, "(Class %u)", class));
660 if (is_mdns) {
661 ND_PRINT(i & C_QU ? " (QU)" : " (QM)");
662 }
663
664 ND_PRINT("? ");
665 cp = fqdn_print(ndo, np, bp);
666 return(cp ? cp + 4 : NULL);
667 }
668
669 /* print a reply */
670 static const u_char *
671 ns_rprint(netdissect_options *ndo,
672 const u_char *cp, const u_char *bp, int is_mdns)
673 {
674 u_int i, class, opt_flags = 0;
675 u_short typ, len;
676 const u_char *rp;
677
678 if (ndo->ndo_vflag) {
679 ND_PRINT(" ");
680 if ((cp = fqdn_print(ndo, cp, bp)) == NULL)
681 return NULL;
682 } else
683 cp = ns_nskip(ndo, cp);
684
685 if (cp == NULL || !ND_TTEST_LEN(cp, 10))
686 return (ndo->ndo_snapend);
687
688 /* print the type/qtype */
689 typ = GET_BE_U_2(cp);
690 cp += 2;
691 /* print the class (if it's not IN and the type isn't OPT) */
692 i = GET_BE_U_2(cp);
693 cp += 2;
694 if (is_mdns)
695 class = (i & ~C_CACHE_FLUSH);
696 else
697 class = i;
698 if (class != C_IN && typ != T_OPT)
699 ND_PRINT(" %s", tok2str(ns_class2str, "(Class %u)", class));
700 if (is_mdns) {
701 if (i & C_CACHE_FLUSH)
702 ND_PRINT(" (Cache flush)");
703 }
704
705 if (typ == T_OPT) {
706 /* get opt flags */
707 cp += 2;
708 opt_flags = GET_BE_U_2(cp);
709 /* ignore rest of ttl field */
710 cp += 2;
711 } else if (ndo->ndo_vflag > 2) {
712 /* print ttl */
713 ND_PRINT(" [");
714 unsigned_relts_print(ndo, GET_BE_U_4(cp));
715 ND_PRINT("]");
716 cp += 4;
717 } else {
718 /* ignore ttl */
719 cp += 4;
720 }
721
722 len = GET_BE_U_2(cp);
723 cp += 2;
724
725 ND_PRINT(" %s", tok2str(ns_type2str, "Type%u", typ));
726
727 ND_TCHECK_LEN(cp, len);
728 rp = cp + len;
729
730 switch (typ) {
731 case T_A:
732 if (!ND_TTEST_LEN(cp, sizeof(nd_ipv4)))
733 return(NULL);
734 ND_PRINT(" %s", intoa(GET_IPV4_TO_NETWORK_ORDER(cp)));
735 break;
736
737 case T_NS:
738 case T_CNAME:
739 case T_PTR:
740 case T_DNAME:
741 ND_PRINT(" ");
742 if (fqdn_print(ndo, cp, bp) == NULL)
743 return(NULL);
744 break;
745
746 case T_SOA:
747 if (!ndo->ndo_vflag)
748 break;
749 ND_PRINT(" ");
750 if ((cp = fqdn_print(ndo, cp, bp)) == NULL)
751 return(NULL);
752 ND_PRINT(" ");
753 if ((cp = fqdn_print(ndo, cp, bp)) == NULL)
754 return(NULL);
755 if (!ND_TTEST_LEN(cp, 5 * 4))
756 return(NULL);
757 ND_PRINT(" %u", GET_BE_U_4(cp));
758 cp += 4;
759 ND_PRINT(" %u", GET_BE_U_4(cp));
760 cp += 4;
761 ND_PRINT(" %u", GET_BE_U_4(cp));
762 cp += 4;
763 ND_PRINT(" %u", GET_BE_U_4(cp));
764 cp += 4;
765 ND_PRINT(" %u", GET_BE_U_4(cp));
766 cp += 4;
767 break;
768 case T_MX:
769 ND_PRINT(" ");
770 if (!ND_TTEST_2(cp))
771 return(NULL);
772 if (fqdn_print(ndo, cp + 2, bp) == NULL)
773 return(NULL);
774 ND_PRINT(" %u", GET_BE_U_2(cp));
775 break;
776
777 case T_TXT:
778 while (cp < rp) {
779 ND_PRINT(" \"");
780 cp = ns_cprint(ndo, cp);
781 if (cp == NULL)
782 return(NULL);
783 ND_PRINT("\"");
784 }
785 break;
786
787 case T_SRV:
788 ND_PRINT(" ");
789 if (!ND_TTEST_6(cp))
790 return(NULL);
791 if (fqdn_print(ndo, cp + 6, bp) == NULL)
792 return(NULL);
793 ND_PRINT(":%u %u %u", GET_BE_U_2(cp + 4),
794 GET_BE_U_2(cp), GET_BE_U_2(cp + 2));
795 break;
796
797 case T_AAAA:
798 {
799 char ntop_buf[INET6_ADDRSTRLEN];
800
801 if (!ND_TTEST_LEN(cp, sizeof(nd_ipv6)))
802 return(NULL);
803 ND_PRINT(" %s",
804 addrtostr6(cp, ntop_buf, sizeof(ntop_buf)));
805
806 break;
807 }
808
809 case T_A6:
810 {
811 nd_ipv6 a;
812 int pbit, pbyte;
813 char ntop_buf[INET6_ADDRSTRLEN];
814
815 if (!ND_TTEST_1(cp))
816 return(NULL);
817 pbit = GET_U_1(cp);
818 pbyte = (pbit & ~7) / 8;
819 if (pbit > 128) {
820 ND_PRINT(" %u(bad plen)", pbit);
821 break;
822 } else if (pbit < 128) {
823 memset(a, 0, sizeof(a));
824 GET_CPY_BYTES(a + pbyte, cp + 1, sizeof(a) - pbyte);
825 ND_PRINT(" %u %s", pbit,
826 addrtostr6(&a, ntop_buf, sizeof(ntop_buf)));
827 }
828 if (pbit > 0) {
829 ND_PRINT(" ");
830 if (fqdn_print(ndo, cp + 1 + sizeof(a) - pbyte, bp) == NULL)
831 return(NULL);
832 }
833 break;
834 }
835
836 case T_URI:
837 if (!ND_TTEST_LEN(cp, len))
838 return(NULL);
839 if (len < 4) {
840 ND_PRINT(" len %u is too short (< 4)", len);
841 break;
842 }
843 ND_PRINT(" %u %u ", GET_BE_U_2(cp), GET_BE_U_2(cp + 2));
844 if (nd_printn(ndo, cp + 4, len - 4, ndo->ndo_snapend))
845 return(NULL);
846 break;
847
848 case T_OPT:
849 ND_PRINT(" UDPsize=%u", class);
850 if (opt_flags & 0x8000)
851 ND_PRINT(" DO");
852 if (cp < rp) {
853 ND_PRINT(" [");
854 while (cp < rp) {
855 cp = eopt_print(ndo, cp);
856 if (cp == NULL)
857 return(NULL);
858 if (cp < rp)
859 ND_PRINT(",");
860 }
861 ND_PRINT("]");
862 }
863 break;
864
865 case T_TSIG:
866 {
867 if (cp + len > ndo->ndo_snapend)
868 return(NULL);
869 if (!ndo->ndo_vflag)
870 break;
871 ND_PRINT(" ");
872 if ((cp = fqdn_print(ndo, cp, bp)) == NULL)
873 return(NULL);
874 cp += 6;
875 if (!ND_TTEST_2(cp))
876 return(NULL);
877 ND_PRINT(" fudge=%u", GET_BE_U_2(cp));
878 cp += 2;
879 if (!ND_TTEST_2(cp))
880 return(NULL);
881 ND_PRINT(" maclen=%u", GET_BE_U_2(cp));
882 cp += 2 + GET_BE_U_2(cp);
883 if (!ND_TTEST_2(cp))
884 return(NULL);
885 ND_PRINT(" origid=%u", GET_BE_U_2(cp));
886 cp += 2;
887 if (!ND_TTEST_2(cp))
888 return(NULL);
889 ND_PRINT(" error=%u", GET_BE_U_2(cp));
890 cp += 2;
891 if (!ND_TTEST_2(cp))
892 return(NULL);
893 ND_PRINT(" otherlen=%u", GET_BE_U_2(cp));
894 cp += 2;
895 }
896 }
897 return (rp); /* XXX This isn't always right */
898
899 trunc:
900 return(NULL);
901 }
902
903 void
904 domain_print(netdissect_options *ndo,
905 const u_char *bp, u_int length, int over_tcp, int is_mdns)
906 {
907 const dns_header_t *np;
908 uint16_t flags, rcode, rdlen, type;
909 u_int qdcount, ancount, nscount, arcount;
910 u_int i;
911 const u_char *cp;
912 uint16_t b2;
913
914 ndo->ndo_protocol = "domain";
915
916 if (over_tcp) {
917 /*
918 * The message is prefixed with a two byte length field
919 * which gives the message length, excluding the two byte
920 * length field. (RFC 1035 - 4.2.2. TCP usage)
921 */
922 if (length < 2) {
923 ND_PRINT(" [DNS over TCP: length %u < 2]", length);
924 nd_print_invalid(ndo);
925 return;
926 } else {
927 length -= 2; /* excluding the two byte length field */
928 if (GET_BE_U_2(bp) != length) {
929 ND_PRINT(" [prefix length(%u) != length(%u)]",
930 GET_BE_U_2(bp), length);
931 nd_print_invalid(ndo);
932 return;
933 } else {
934 bp += 2;
935 /* in over TCP case, we need to prepend a space
936 * (not needed in over UDP case)
937 */
938 ND_PRINT(" ");
939 }
940 }
941 }
942
943 np = (const dns_header_t *)bp;
944
945 if(length < sizeof(*np)) {
946 nd_print_protocol(ndo);
947 ND_PRINT(" [length %u < %zu]", length, sizeof(*np));
948 nd_print_invalid(ndo);
949 return;
950 }
951
952 ND_TCHECK_SIZE(np);
953 flags = GET_BE_U_2(np->flags);
954 /* get the byte-order right */
955 qdcount = GET_BE_U_2(np->qdcount);
956 ancount = GET_BE_U_2(np->ancount);
957 nscount = GET_BE_U_2(np->nscount);
958 arcount = GET_BE_U_2(np->arcount);
959
960 /* find the opt record to extract extended rcode */
961 cp = (const u_char *)(np + 1);
962 rcode = DNS_RCODE(flags);
963 for (i = 0; i < qdcount; i++) {
964 if ((cp = ns_nskip(ndo, cp)) == NULL)
965 goto print;
966 cp += 4; /* skip QTYPE and QCLASS */
967 if (cp >= ndo->ndo_snapend)
968 goto print;
969 }
970 for (i = 0; i < ancount + nscount; i++) {
971 if ((cp = ns_nskip(ndo, cp)) == NULL)
972 goto print;
973 cp += 8; /* skip TYPE, CLASS and TTL */
974 if (cp + 2 > ndo->ndo_snapend)
975 goto print;
976 rdlen = GET_BE_U_2(cp);
977 cp += 2 + rdlen;
978 if (cp >= ndo->ndo_snapend)
979 goto print;
980 }
981 for (i = 0; i < arcount; i++) {
982 if ((cp = ns_nskip(ndo, cp)) == NULL)
983 goto print;
984 if (cp + 2 > ndo->ndo_snapend)
985 goto print;
986 type = GET_BE_U_2(cp);
987 cp += 4; /* skip TYPE and CLASS */
988 if (cp + 1 > ndo->ndo_snapend)
989 goto print;
990 if (type == T_OPT) {
991 rcode |= (GET_U_1(cp) << 4);
992 goto print;
993 }
994 cp += 4;
995 if (cp + 2 > ndo->ndo_snapend)
996 goto print;
997 rdlen = GET_BE_U_2(cp);
998 cp += 2 + rdlen;
999 if (cp >= ndo->ndo_snapend)
1000 goto print;
1001 }
1002
1003 print:
1004 if (DNS_QR(flags)) {
1005 /* this is a response */
1006 ND_PRINT("%u%s%s%s%s%s%s",
1007 GET_BE_U_2(np->id),
1008 ns_ops[DNS_OPCODE(flags)],
1009 ns_rcode(rcode),
1010 DNS_AA(flags)? "*" : "",
1011 DNS_RA(flags)? "" : "-",
1012 DNS_TC(flags)? "|" : "",
1013 DNS_AD(flags)? "$" : "");
1014
1015 if (qdcount != 1)
1016 ND_PRINT(" [%uq]", qdcount);
1017 /* Print QUESTION section on -vv */
1018 cp = (const u_char *)(np + 1);
1019 for (i = 0; i < qdcount; i++) {
1020 if (i != 0)
1021 ND_PRINT(",");
1022 if (ndo->ndo_vflag > 1) {
1023 ND_PRINT(" q:");
1024 if ((cp = ns_qprint(ndo, cp, bp, is_mdns)) == NULL)
1025 goto trunc;
1026 } else {
1027 if ((cp = ns_nskip(ndo, cp)) == NULL)
1028 goto trunc;
1029 cp += 4; /* skip QTYPE and QCLASS */
1030 }
1031 }
1032 ND_PRINT(" %u/%u/%u", ancount, nscount, arcount);
1033 if (ancount) {
1034 if ((cp = ns_rprint(ndo, cp, bp, is_mdns)) == NULL)
1035 goto trunc;
1036 ancount--;
1037 while (cp < ndo->ndo_snapend && ancount) {
1038 ND_PRINT(",");
1039 if ((cp = ns_rprint(ndo, cp, bp, is_mdns)) == NULL)
1040 goto trunc;
1041 ancount--;
1042 }
1043 }
1044 if (ancount)
1045 goto trunc;
1046 /* Print NS and AR sections on -vv */
1047 if (ndo->ndo_vflag > 1) {
1048 if (cp < ndo->ndo_snapend && nscount) {
1049 ND_PRINT(" ns:");
1050 if ((cp = ns_rprint(ndo, cp, bp, is_mdns)) == NULL)
1051 goto trunc;
1052 nscount--;
1053 while (cp < ndo->ndo_snapend && nscount) {
1054 ND_PRINT(",");
1055 if ((cp = ns_rprint(ndo, cp, bp, is_mdns)) == NULL)
1056 goto trunc;
1057 nscount--;
1058 }
1059 }
1060 if (nscount)
1061 goto trunc;
1062 if (cp < ndo->ndo_snapend && arcount) {
1063 ND_PRINT(" ar:");
1064 if ((cp = ns_rprint(ndo, cp, bp, is_mdns)) == NULL)
1065 goto trunc;
1066 arcount--;
1067 while (cp < ndo->ndo_snapend && arcount) {
1068 ND_PRINT(",");
1069 if ((cp = ns_rprint(ndo, cp, bp, is_mdns)) == NULL)
1070 goto trunc;
1071 arcount--;
1072 }
1073 }
1074 if (arcount)
1075 goto trunc;
1076 }
1077 } else {
1078 /* this is a request */
1079 ND_PRINT("%u%s%s%s", GET_BE_U_2(np->id),
1080 ns_ops[DNS_OPCODE(flags)],
1081 DNS_RD(flags) ? "+" : "",
1082 DNS_CD(flags) ? "%" : "");
1083
1084 /* any weirdness? */
1085 b2 = GET_BE_U_2(((const u_short *)np) + 1);
1086 if (b2 & 0x6cf)
1087 ND_PRINT(" [b2&3=0x%x]", b2);
1088
1089 if (DNS_OPCODE(flags) == IQUERY) {
1090 if (qdcount)
1091 ND_PRINT(" [%uq]", qdcount);
1092 if (ancount != 1)
1093 ND_PRINT(" [%ua]", ancount);
1094 } else {
1095 if (ancount)
1096 ND_PRINT(" [%ua]", ancount);
1097 if (qdcount != 1)
1098 ND_PRINT(" [%uq]", qdcount);
1099 }
1100 if (nscount)
1101 ND_PRINT(" [%un]", nscount);
1102 if (arcount)
1103 ND_PRINT(" [%uau]", arcount);
1104
1105 cp = (const u_char *)(np + 1);
1106 if (qdcount) {
1107 cp = ns_qprint(ndo, cp, (const u_char *)np, is_mdns);
1108 if (!cp)
1109 goto trunc;
1110 qdcount--;
1111 while (cp < ndo->ndo_snapend && qdcount) {
1112 cp = ns_qprint(ndo, (const u_char *)cp,
1113 (const u_char *)np,
1114 is_mdns);
1115 if (!cp)
1116 goto trunc;
1117 qdcount--;
1118 }
1119 }
1120 if (qdcount)
1121 goto trunc;
1122
1123 /* Print remaining sections on -vv */
1124 if (ndo->ndo_vflag > 1) {
1125 if (ancount) {
1126 if ((cp = ns_rprint(ndo, cp, bp, is_mdns)) == NULL)
1127 goto trunc;
1128 ancount--;
1129 while (cp < ndo->ndo_snapend && ancount) {
1130 ND_PRINT(",");
1131 if ((cp = ns_rprint(ndo, cp, bp, is_mdns)) == NULL)
1132 goto trunc;
1133 ancount--;
1134 }
1135 }
1136 if (ancount)
1137 goto trunc;
1138 if (cp < ndo->ndo_snapend && nscount) {
1139 ND_PRINT(" ns:");
1140 if ((cp = ns_rprint(ndo, cp, bp, is_mdns)) == NULL)
1141 goto trunc;
1142 nscount--;
1143 while (cp < ndo->ndo_snapend && nscount) {
1144 ND_PRINT(",");
1145 if ((cp = ns_rprint(ndo, cp, bp, is_mdns)) == NULL)
1146 goto trunc;
1147 nscount--;
1148 }
1149 }
1150 if (nscount > 0)
1151 goto trunc;
1152 if (cp < ndo->ndo_snapend && arcount) {
1153 ND_PRINT(" ar:");
1154 if ((cp = ns_rprint(ndo, cp, bp, is_mdns)) == NULL)
1155 goto trunc;
1156 arcount--;
1157 while (cp < ndo->ndo_snapend && arcount) {
1158 ND_PRINT(",");
1159 if ((cp = ns_rprint(ndo, cp, bp, is_mdns)) == NULL)
1160 goto trunc;
1161 arcount--;
1162 }
1163 }
1164 if (arcount)
1165 goto trunc;
1166 }
1167 }
1168 ND_PRINT(" (%u)", length);
1169 return;
1170
1171 trunc:
1172 nd_print_trunc(ndo);
1173 }
[mirror] the TCPdump network dissector