]> The Tcpdump Group git mirrors - tcpdump/blob - print-domain.c
projects / tcpdump / blob
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
IEEE 802.15.4: Remove trailing "_if" from a protocol name
[tcpdump] / print-domain.c
1 /*
2 * Copyright (c) 1988, 1989, 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997
3 * The Regents of the University of California. All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that: (1) source code distributions
7 * retain the above copyright notice and this paragraph in its entirety, (2)
8 * distributions including binary code include the above copyright notice and
9 * this paragraph in its entirety in the documentation or other materials
10 * provided with the distribution, and (3) all advertising materials mentioning
11 * features or use of this software display the following acknowledgement:
12 * ``This product includes software developed by the University of California,
13 * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of
14 * the University nor the names of its contributors may be used to endorse
15 * or promote products derived from this software without specific prior
16 * written permission.
17 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED
18 * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
19 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
20 */
21
22 /* \summary: Domain Name System (DNS) printer */
23
24 #ifdef HAVE_CONFIG_H
25 #include <config.h>
26 #endif
27
28 #include "netdissect-stdinc.h"
29
30 #include <string.h>
31
32 #include "netdissect.h"
33 #include "addrtoname.h"
34 #include "addrtostr.h"
35 #include "extract.h"
36
37 #include "nameser.h"
38
39 static const char *ns_ops[] = {
40 "", " inv_q", " stat", " op3", " notify", " update", " op6", " op7",
41 " op8", " updateA", " updateD", " updateDA",
42 " updateM", " updateMA", " zoneInit", " zoneRef",
43 };
44
45 static const char *ns_resp[] = {
46 "", " FormErr", " ServFail", " NXDomain",
47 " NotImp", " Refused", " YXDomain", " YXRRSet",
48 " NXRRSet", " NotAuth", " NotZone", " Resp11",
49 " Resp12", " Resp13", " Resp14", " NoChange",
50 " BadVers", "Resp17", " Resp18", " Resp19",
51 " Resp20", "Resp21", " Resp22", " BadCookie",
52 };
53
54 static const char *
55 ns_rcode(u_int rcode) {
56 static char buf[sizeof(" Resp4095")];
57
58 if (rcode < sizeof(ns_resp)/sizeof(ns_resp[0])) {
59 return (ns_resp[rcode]);
60 }
61 snprintf(buf, sizeof(buf), " Resp%u", rcode & 0xfff);
62 return (buf);
63 }
64
65 /* skip over a domain name */
66 static const u_char *
67 ns_nskip(netdissect_options *ndo,
68 const u_char *cp)
69 {
70 u_char i;
71
72 if (!ND_TTEST_1(cp))
73 return (NULL);
74 i = GET_U_1(cp);
75 cp++;
76 while (i) {
77 if ((i & INDIR_MASK) == INDIR_MASK)
78 return (cp + 1);
79 if ((i & INDIR_MASK) == EDNS0_MASK) {
80 int bitlen, bytelen;
81
82 if ((i & ~INDIR_MASK) != EDNS0_ELT_BITLABEL)
83 return(NULL); /* unknown ELT */
84 if (!ND_TTEST_1(cp))
85 return (NULL);
86 if ((bitlen = GET_U_1(cp)) == 0)
87 bitlen = 256;
88 cp++;
89 bytelen = (bitlen + 7) / 8;
90 cp += bytelen;
91 } else
92 cp += i;
93 if (!ND_TTEST_1(cp))
94 return (NULL);
95 i = GET_U_1(cp);
96 cp++;
97 }
98 return (cp);
99 }
100
101 static const u_char *
102 blabel_print(netdissect_options *ndo,
103 const u_char *cp)
104 {
105 u_int bitlen, slen, b;
106 const u_char *bitp, *lim;
107 uint8_t tc;
108
109 if (!ND_TTEST_1(cp))
110 return(NULL);
111 if ((bitlen = GET_U_1(cp)) == 0)
112 bitlen = 256;
113 slen = (bitlen + 3) / 4;
114 lim = cp + 1 + slen;
115
116 /* print the bit string as a hex string */
117 ND_PRINT("\\[x");
118 for (bitp = cp + 1, b = bitlen; bitp < lim && b > 7; b -= 8, bitp++) {
119 ND_TCHECK_1(bitp);
120 ND_PRINT("%02x", GET_U_1(bitp));
121 }
122 if (b > 4) {
123 ND_TCHECK_1(bitp);
124 tc = GET_U_1(bitp);
125 bitp++;
126 ND_PRINT("%02x", tc & (0xff << (8 - b)));
127 } else if (b > 0) {
128 ND_TCHECK_1(bitp);
129 tc = GET_U_1(bitp);
130 bitp++;
131 ND_PRINT("%1x", ((tc >> 4) & 0x0f) & (0x0f << (4 - b)));
132 }
133 ND_PRINT("/%u]", bitlen);
134 return lim;
135 trunc:
136 ND_PRINT(".../%u]", bitlen);
137 return NULL;
138 }
139
140 static int
141 labellen(netdissect_options *ndo,
142 const u_char *cp)
143 {
144 u_int i;
145
146 if (!ND_TTEST_1(cp))
147 return(-1);
148 i = GET_U_1(cp);
149 if ((i & INDIR_MASK) == EDNS0_MASK) {
150 u_int bitlen, elt;
151 if ((elt = (i & ~INDIR_MASK)) != EDNS0_ELT_BITLABEL) {
152 ND_PRINT("<ELT %d>", elt);
153 return(-1);
154 }
155 if (!ND_TTEST_1(cp + 1))
156 return(-1);
157 if ((bitlen = GET_U_1(cp + 1)) == 0)
158 bitlen = 256;
159 return(((bitlen + 7) / 8) + 1);
160 } else
161 return(i);
162 }
163
164 /* print a <domain-name> */
165 const u_char *
166 fqdn_print(netdissect_options *ndo,
167 const u_char *cp, const u_char *bp)
168 {
169 u_int i, l;
170 const u_char *rp = NULL;
171 int compress = 0;
172 u_int elt;
173 u_int offset, max_offset;
174
175 if ((l = labellen(ndo, cp)) == (u_int)-1)
176 return(NULL);
177 if (!ND_TTEST_1(cp))
178 return(NULL);
179 max_offset = (u_int)(cp - bp);
180 i = GET_U_1(cp);
181 cp++;
182 if ((i & INDIR_MASK) != INDIR_MASK) {
183 compress = 0;
184 rp = cp + l;
185 }
186
187 if (i != 0)
188 while (i && cp < ndo->ndo_snapend) {
189 if ((i & INDIR_MASK) == INDIR_MASK) {
190 if (!compress) {
191 rp = cp + 1;
192 compress = 1;
193 }
194 if (!ND_TTEST_1(cp))
195 return(NULL);
196 offset = (((i << 8) | GET_U_1(cp)) & 0x3fff);
197 /*
198 * This must move backwards in the packet.
199 * No RFC explicitly says that, but BIND's
200 * name decompression code requires it,
201 * as a way of preventing infinite loops
202 * and other bad behavior, and it's probably
203 * what was intended (compress by pointing
204 * to domain name suffixes already seen in
205 * the packet).
206 */
207 if (offset >= max_offset) {
208 ND_PRINT("<BAD PTR>");
209 return(NULL);
210 }
211 max_offset = offset;
212 cp = bp + offset;
213 if ((l = labellen(ndo, cp)) == (u_int)-1)
214 return(NULL);
215 if (!ND_TTEST_1(cp))
216 return(NULL);
217 i = GET_U_1(cp);
218 cp++;
219 continue;
220 }
221 if ((i & INDIR_MASK) == EDNS0_MASK) {
222 elt = (i & ~INDIR_MASK);
223 switch(elt) {
224 case EDNS0_ELT_BITLABEL:
225 if (blabel_print(ndo, cp) == NULL)
226 return (NULL);
227 break;
228 default:
229 /* unknown ELT */
230 ND_PRINT("<ELT %u>", elt);
231 return(NULL);
232 }
233 } else {
234 if (nd_printn(ndo, cp, l, ndo->ndo_snapend))
235 return(NULL);
236 }
237
238 cp += l;
239 ND_PRINT(".");
240 if ((l = labellen(ndo, cp)) == (u_int)-1)
241 return(NULL);
242 if (!ND_TTEST_1(cp))
243 return(NULL);
244 i = GET_U_1(cp);
245 cp++;
246 if (!compress)
247 rp += l + 1;
248 }
249 else
250 ND_PRINT(".");
251 return (rp);
252 }
253
254 /* print a <character-string> */
255 static const u_char *
256 ns_cprint(netdissect_options *ndo,
257 const u_char *cp)
258 {
259 u_int i;
260
261 if (!ND_TTEST_1(cp))
262 return (NULL);
263 i = GET_U_1(cp);
264 cp++;
265 if (nd_printn(ndo, cp, i, ndo->ndo_snapend))
266 return (NULL);
267 return (cp + i);
268 }
269
270 static void
271 print_eopt_ecs(netdissect_options *ndo, const u_char *cp,
272 u_int data_len)
273 {
274 u_int family, addr_bits, src_len, scope_len;
275
276 u_char padded[32];
277 char addr[INET6_ADDRSTRLEN];
278
279 /* ecs option must at least contain family, src len, and scope len */
280 if (data_len < 4) {
281 nd_print_invalid(ndo);
282 return;
283 }
284
285 family = GET_BE_U_2(cp);
286 cp += 2;
287 src_len = GET_U_1(cp);
288 cp += 1;
289 scope_len = GET_U_1(cp);
290 cp += 1;
291
292 if (family == 1)
293 addr_bits = 32;
294 else if (family == 2)
295 addr_bits = 128;
296 else {
297 nd_print_invalid(ndo);
298 return;
299 }
300
301 if (data_len - 4 > (addr_bits / 8)) {
302 nd_print_invalid(ndo);
303 return;
304 }
305 /* checks for invalid ecs scope or source length */
306 if (src_len > addr_bits || scope_len > addr_bits || ((src_len + 7) / 8) != (data_len - 4)) {
307 nd_print_invalid(ndo);
308 return;
309 }
310
311 /* pad the truncated address from ecs with zeros */
312 memset(padded, 0, sizeof(padded));
313 memcpy(padded, cp, data_len - 4);
314
315
316 if (family == 1)
317 ND_PRINT("%s/%d/%d", addrtostr(padded, addr, INET_ADDRSTRLEN),
318 src_len, scope_len);
319 else
320 ND_PRINT("%s/%d/%d", addrtostr6(padded, addr, INET6_ADDRSTRLEN),
321 src_len, scope_len);
322
323 }
324
325 extern const struct tok edns_opt2str[];
326 extern const struct tok dau_alg2str[];
327 extern const struct tok dhu_alg2str[];
328 extern const struct tok n3u_alg2str[];
329
330
331 /* print an <EDNS-option> */
332 static const u_char *
333 eopt_print(netdissect_options *ndo,
334 const u_char *cp)
335 {
336 u_int opt, data_len, i;
337
338 if (!ND_TTEST_2(cp))
339 return (NULL);
340 opt = GET_BE_U_2(cp);
341 cp += 2;
342 ND_PRINT("%s", tok2str(edns_opt2str, "Opt%u", opt));
343 if (!ND_TTEST_2(cp))
344 return (NULL);
345 data_len = GET_BE_U_2(cp);
346 cp += 2;
347
348 ND_TCHECK_LEN(cp, data_len);
349
350 if (data_len > 0) {
351 ND_PRINT(" ");
352 switch (opt) {
353
354 case E_ECS:
355 print_eopt_ecs(ndo, cp, data_len);
356 break;
357 case E_COOKIE:
358 if (data_len < 8 || (data_len > 8 && data_len < 16) || data_len > 40)
359 nd_print_invalid(ndo);
360 else {
361 for (i = 0; i < data_len; ++i) {
362 /* split client and server cookie */
363 if (i == 8)
364 ND_PRINT(" ");
365 ND_PRINT("%02x", GET_U_1(cp + i));
366 }
367 }
368 break;
369 case E_KEEPALIVE:
370 if (data_len != 2)
371 nd_print_invalid(ndo);
372 else
373 /* keepalive is in increments of 100ms. Convert to seconds */
374 ND_PRINT("%0.1f sec", (GET_BE_U_2(cp) / 10.0));
375 break;
376 case E_EXPIRE:
377 if (data_len != 4)
378 nd_print_invalid(ndo);
379 else
380 ND_PRINT("%u sec", GET_BE_U_4(cp));
381 break;
382 case E_PADDING:
383 /* ignore contents and just print length */
384 ND_PRINT("(%u)", data_len);
385 break;
386 case E_KEYTAG:
387 if (data_len % 2 != 0)
388 nd_print_invalid(ndo);
389 else
390 for (i = 0; i < data_len; i += 2) {
391 if (i > 0)
392 ND_PRINT(" ");
393 ND_PRINT("%u", GET_BE_U_2(cp + i));
394 }
395 break;
396 case E_DAU:
397 for (i = 0; i < data_len; ++i) {
398 if (i > 0)
399 ND_PRINT(" ");
400 ND_PRINT("%s", tok2str(dau_alg2str, "Alg_%u", GET_U_1(cp + i)));
401 }
402 break;
403 case E_DHU:
404 for (i = 0; i < data_len; ++i) {
405 if (i > 0)
406 ND_PRINT(" ");
407 ND_PRINT("%s", tok2str(dhu_alg2str, "Alg_%u", GET_U_1(cp + i)));
408 }
409 break;
410 case E_N3U:
411 for (i = 0; i < data_len; ++i) {
412 if (i > 0)
413 ND_PRINT(" ");
414 ND_PRINT("%s", tok2str(n3u_alg2str, "Alg_%u", GET_U_1(cp + i)));
415 }
416 break;
417 case E_CHAIN:
418 fqdn_print(ndo, cp, cp + data_len);
419 break;
420 case E_NSID:
421 /* intentional fall-through. NSID is an undefined byte string */
422 default:
423 for (i = 0; i < data_len; ++i)
424 ND_PRINT("%02x", GET_U_1(cp + i));
425 break;
426 }
427 }
428 return (cp + data_len);
429
430 trunc:
431 return (NULL);
432
433 }
434
435
436
437 extern const struct tok ns_type2str[];
438
439 /* https://www.iana.org/assignments/dns-parameters */
440 const struct tok ns_type2str[] = {
441 { T_A, "A" }, /* RFC 1035 */
442 { T_NS, "NS" }, /* RFC 1035 */
443 { T_MD, "MD" }, /* RFC 1035 */
444 { T_MF, "MF" }, /* RFC 1035 */
445 { T_CNAME, "CNAME" }, /* RFC 1035 */
446 { T_SOA, "SOA" }, /* RFC 1035 */
447 { T_MB, "MB" }, /* RFC 1035 */
448 { T_MG, "MG" }, /* RFC 1035 */
449 { T_MR, "MR" }, /* RFC 1035 */
450 { T_NULL, "NULL" }, /* RFC 1035 */
451 { T_WKS, "WKS" }, /* RFC 1035 */
452 { T_PTR, "PTR" }, /* RFC 1035 */
453 { T_HINFO, "HINFO" }, /* RFC 1035 */
454 { T_MINFO, "MINFO" }, /* RFC 1035 */
455 { T_MX, "MX" }, /* RFC 1035 */
456 { T_TXT, "TXT" }, /* RFC 1035 */
457 { T_RP, "RP" }, /* RFC 1183 */
458 { T_AFSDB, "AFSDB" }, /* RFC 1183 */
459 { T_X25, "X25" }, /* RFC 1183 */
460 { T_ISDN, "ISDN" }, /* RFC 1183 */
461 { T_RT, "RT" }, /* RFC 1183 */
462 { T_NSAP, "NSAP" }, /* RFC 1706 */
463 { T_NSAP_PTR, "NSAP_PTR" },
464 { T_SIG, "SIG" }, /* RFC 2535 */
465 { T_KEY, "KEY" }, /* RFC 2535 */
466 { T_PX, "PX" }, /* RFC 2163 */
467 { T_GPOS, "GPOS" }, /* RFC 1712 */
468 { T_AAAA, "AAAA" }, /* RFC 1886 */
469 { T_LOC, "LOC" }, /* RFC 1876 */
470 { T_NXT, "NXT" }, /* RFC 2535 */
471 { T_EID, "EID" }, /* Nimrod */
472 { T_NIMLOC, "NIMLOC" }, /* Nimrod */
473 { T_SRV, "SRV" }, /* RFC 2782 */
474 { T_ATMA, "ATMA" }, /* ATM Forum */
475 { T_NAPTR, "NAPTR" }, /* RFC 2168, RFC 2915 */
476 { T_KX, "KX" }, /* RFC 2230 */
477 { T_CERT, "CERT" }, /* RFC 2538 */
478 { T_A6, "A6" }, /* RFC 2874 */
479 { T_DNAME, "DNAME" }, /* RFC 2672 */
480 { T_SINK, "SINK" },
481 { T_OPT, "OPT" }, /* RFC 2671 */
482 { T_APL, "APL" }, /* RFC 3123 */
483 { T_DS, "DS" }, /* RFC 4034 */
484 { T_SSHFP, "SSHFP" }, /* RFC 4255 */
485 { T_IPSECKEY, "IPSECKEY" }, /* RFC 4025 */
486 { T_RRSIG, "RRSIG" }, /* RFC 4034 */
487 { T_NSEC, "NSEC" }, /* RFC 4034 */
488 { T_DNSKEY, "DNSKEY" }, /* RFC 4034 */
489 { T_SPF, "SPF" }, /* RFC-schlitt-spf-classic-02.txt */
490 { T_UINFO, "UINFO" },
491 { T_UID, "UID" },
492 { T_GID, "GID" },
493 { T_UNSPEC, "UNSPEC" },
494 { T_UNSPECA, "UNSPECA" },
495 { T_TKEY, "TKEY" }, /* RFC 2930 */
496 { T_TSIG, "TSIG" }, /* RFC 2845 */
497 { T_IXFR, "IXFR" }, /* RFC 1995 */
498 { T_AXFR, "AXFR" }, /* RFC 1035 */
499 { T_MAILB, "MAILB" }, /* RFC 1035 */
500 { T_MAILA, "MAILA" }, /* RFC 1035 */
501 { T_ANY, "ANY" },
502 { T_URI, "URI" }, /* RFC 7553 */
503 { 0, NULL }
504 };
505
506 extern const struct tok ns_class2str[];
507
508 const struct tok ns_class2str[] = {
509 { C_IN, "IN" }, /* Not used */
510 { C_CHAOS, "CHAOS" },
511 { C_HS, "HS" },
512 { C_ANY, "ANY" },
513 { 0, NULL }
514 };
515
516 const struct tok edns_opt2str[] = {
517 { E_LLQ, "LLQ" },
518 { E_UL, "UL" },
519 { E_NSID, "NSID" },
520 { E_DAU, "DAU" },
521 { E_DHU, "DHU" },
522 { E_N3U, "N3U" },
523 { E_ECS, "ECS" },
524 { E_EXPIRE, "EXPIRE" },
525 { E_COOKIE, "COOKIE" },
526 { E_KEEPALIVE, "KEEPALIVE" },
527 { E_PADDING, "PADDING" },
528 { E_CHAIN, "CHAIN" },
529 { E_KEYTAG, "KEY-TAG" },
530 { E_CLIENTTAG, "CLIENT-TAG" },
531 { E_SERVERTAG, "SERVER-TAG" },
532 { 0, NULL }
533 };
534
535 const struct tok dau_alg2str[] = {
536 { A_DELETE, "DELETE" },
537 { A_RSAMD5, "RSAMD5" },
538 { A_DH, "DH" },
539 { A_DSA, "DS" },
540 { A_RSASHA1, "RSASHA1" },
541 { A_DSA_NSEC3_SHA1, "DSA-NSEC3-SHA1" },
542 { A_RSASHA1_NSEC3_SHA1, "RSASHA1-NSEC3-SHA1" },
543 { A_RSASHA256, "RSASHA256" },
544 { A_RSASHA512, "RSASHA512" },
545 { A_ECC_GOST, "ECC-GOST" },
546 { A_ECDSAP256SHA256, "ECDSAP256SHA256" },
547 { A_ECDSAP384SHA384, "ECDSAP384SHA384" },
548 { A_ED25519, "ED25519" },
549 { A_ED448, "ED448" },
550 { A_INDIRECT, "INDIRECT" },
551 { A_PRIVATEDNS, "PRIVATEDNS" },
552 { A_PRIVATEOID, "PRIVATEOID" },
553 { 0, NULL }
554 };
555
556 const struct tok dhu_alg2str[] = {
557 { DS_SHA1, "SHA-1" },
558 { DS_SHA256,"SHA-256" },
559 { DS_GOST, "GOST_R_34.11-94" },
560 { DS_SHA384,"SHA-384" },
561 { 0, NULL }
562 };
563
564 const struct tok n3u_alg2str[] = {
565 { NSEC_SHA1,"SHA-1" },
566 { 0, NULL }
567 };
568
569 /* print a query */
570 static const u_char *
571 ns_qprint(netdissect_options *ndo,
572 const u_char *cp, const u_char *bp, int is_mdns)
573 {
574 const u_char *np = cp;
575 u_int i, class;
576
577 cp = ns_nskip(ndo, cp);
578
579 if (cp == NULL || !ND_TTEST_4(cp))
580 return(NULL);
581
582 /* print the qtype */
583 i = GET_BE_U_2(cp);
584 cp += 2;
585 ND_PRINT(" %s", tok2str(ns_type2str, "Type%u", i));
586 /* print the qclass (if it's not IN) */
587 i = GET_BE_U_2(cp);
588 cp += 2;
589 if (is_mdns)
590 class = (i & ~C_QU);
591 else
592 class = i;
593 if (class != C_IN)
594 ND_PRINT(" %s", tok2str(ns_class2str, "(Class %u)", class));
595 if (is_mdns) {
596 ND_PRINT(i & C_QU ? " (QU)" : " (QM)");
597 }
598
599 ND_PRINT("? ");
600 cp = fqdn_print(ndo, np, bp);
601 return(cp ? cp + 4 : NULL);
602 }
603
604 /* print a reply */
605 static const u_char *
606 ns_rprint(netdissect_options *ndo,
607 const u_char *cp, const u_char *bp, int is_mdns)
608 {
609 u_int i, class, opt_flags = 0;
610 u_short typ, len;
611 const u_char *rp;
612
613 if (ndo->ndo_vflag) {
614 ND_PRINT(" ");
615 if ((cp = fqdn_print(ndo, cp, bp)) == NULL)
616 return NULL;
617 } else
618 cp = ns_nskip(ndo, cp);
619
620 if (cp == NULL || !ND_TTEST_LEN(cp, 10))
621 return (ndo->ndo_snapend);
622
623 /* print the type/qtype */
624 typ = GET_BE_U_2(cp);
625 cp += 2;
626 /* print the class (if it's not IN and the type isn't OPT) */
627 i = GET_BE_U_2(cp);
628 cp += 2;
629 if (is_mdns)
630 class = (i & ~C_CACHE_FLUSH);
631 else
632 class = i;
633 if (class != C_IN && typ != T_OPT)
634 ND_PRINT(" %s", tok2str(ns_class2str, "(Class %u)", class));
635 if (is_mdns) {
636 if (i & C_CACHE_FLUSH)
637 ND_PRINT(" (Cache flush)");
638 }
639
640 if (typ == T_OPT) {
641 /* get opt flags */
642 cp += 2;
643 opt_flags = GET_BE_U_2(cp);
644 /* ignore rest of ttl field */
645 cp += 2;
646 } else if (ndo->ndo_vflag > 2) {
647 /* print ttl */
648 ND_PRINT(" [");
649 unsigned_relts_print(ndo, GET_BE_U_4(cp));
650 ND_PRINT("]");
651 cp += 4;
652 } else {
653 /* ignore ttl */
654 cp += 4;
655 }
656
657 len = GET_BE_U_2(cp);
658 cp += 2;
659
660 rp = cp + len;
661
662 ND_PRINT(" %s", tok2str(ns_type2str, "Type%u", typ));
663 if (rp > ndo->ndo_snapend)
664 return(NULL);
665
666 switch (typ) {
667 case T_A:
668 if (!ND_TTEST_LEN(cp, sizeof(nd_ipv4)))
669 return(NULL);
670 ND_PRINT(" %s", intoa(GET_IPV4_TO_NETWORK_ORDER(cp)));
671 break;
672
673 case T_NS:
674 case T_CNAME:
675 case T_PTR:
676 #ifdef T_DNAME
677 case T_DNAME:
678 #endif
679 ND_PRINT(" ");
680 if (fqdn_print(ndo, cp, bp) == NULL)
681 return(NULL);
682 break;
683
684 case T_SOA:
685 if (!ndo->ndo_vflag)
686 break;
687 ND_PRINT(" ");
688 if ((cp = fqdn_print(ndo, cp, bp)) == NULL)
689 return(NULL);
690 ND_PRINT(" ");
691 if ((cp = fqdn_print(ndo, cp, bp)) == NULL)
692 return(NULL);
693 if (!ND_TTEST_LEN(cp, 5 * 4))
694 return(NULL);
695 ND_PRINT(" %u", GET_BE_U_4(cp));
696 cp += 4;
697 ND_PRINT(" %u", GET_BE_U_4(cp));
698 cp += 4;
699 ND_PRINT(" %u", GET_BE_U_4(cp));
700 cp += 4;
701 ND_PRINT(" %u", GET_BE_U_4(cp));
702 cp += 4;
703 ND_PRINT(" %u", GET_BE_U_4(cp));
704 cp += 4;
705 break;
706 case T_MX:
707 ND_PRINT(" ");
708 if (!ND_TTEST_2(cp))
709 return(NULL);
710 if (fqdn_print(ndo, cp + 2, bp) == NULL)
711 return(NULL);
712 ND_PRINT(" %u", GET_BE_U_2(cp));
713 break;
714
715 case T_TXT:
716 while (cp < rp) {
717 ND_PRINT(" \"");
718 cp = ns_cprint(ndo, cp);
719 if (cp == NULL)
720 return(NULL);
721 ND_PRINT("\"");
722 }
723 break;
724
725 case T_SRV:
726 ND_PRINT(" ");
727 if (!ND_TTEST_6(cp))
728 return(NULL);
729 if (fqdn_print(ndo, cp + 6, bp) == NULL)
730 return(NULL);
731 ND_PRINT(":%u %u %u", GET_BE_U_2(cp + 4),
732 GET_BE_U_2(cp), GET_BE_U_2(cp + 2));
733 break;
734
735 case T_AAAA:
736 {
737 char ntop_buf[INET6_ADDRSTRLEN];
738
739 if (!ND_TTEST_LEN(cp, sizeof(nd_ipv6)))
740 return(NULL);
741 ND_PRINT(" %s",
742 addrtostr6(cp, ntop_buf, sizeof(ntop_buf)));
743
744 break;
745 }
746
747 case T_A6:
748 {
749 nd_ipv6 a;
750 int pbit, pbyte;
751 char ntop_buf[INET6_ADDRSTRLEN];
752
753 if (!ND_TTEST_1(cp))
754 return(NULL);
755 pbit = GET_U_1(cp);
756 pbyte = (pbit & ~7) / 8;
757 if (pbit > 128) {
758 ND_PRINT(" %u(bad plen)", pbit);
759 break;
760 } else if (pbit < 128) {
761 if (!ND_TTEST_LEN(cp + 1, sizeof(a) - pbyte))
762 return(NULL);
763 memset(a, 0, sizeof(a));
764 memcpy(a + pbyte, cp + 1, sizeof(a) - pbyte);
765 ND_PRINT(" %u %s", pbit,
766 addrtostr6(&a, ntop_buf, sizeof(ntop_buf)));
767 }
768 if (pbit > 0) {
769 ND_PRINT(" ");
770 if (fqdn_print(ndo, cp + 1 + sizeof(a) - pbyte, bp) == NULL)
771 return(NULL);
772 }
773 break;
774 }
775
776 case T_URI:
777 if (!ND_TTEST_LEN(cp, len))
778 return(NULL);
779 ND_PRINT(" %u %u ", GET_BE_U_2(cp), GET_BE_U_2(cp + 2));
780 if (nd_printn(ndo, cp + 4, len - 4, ndo->ndo_snapend))
781 return(NULL);
782 break;
783
784 case T_OPT:
785 ND_PRINT(" UDPsize=%u", class);
786 if (opt_flags & 0x8000)
787 ND_PRINT(" DO");
788 if (cp < rp) {
789 ND_PRINT(" [");
790 while (cp < rp) {
791 cp = eopt_print(ndo, cp);
792 if (cp == NULL)
793 return(NULL);
794 if (cp < rp)
795 ND_PRINT(",");
796 }
797 ND_PRINT("]");
798 }
799 break;
800
801 case T_UNSPECA: /* One long string */
802 if (!ND_TTEST_LEN(cp, len))
803 return(NULL);
804 if (nd_printn(ndo, cp, len, ndo->ndo_snapend))
805 return(NULL);
806 break;
807
808 case T_TSIG:
809 {
810 if (cp + len > ndo->ndo_snapend)
811 return(NULL);
812 if (!ndo->ndo_vflag)
813 break;
814 ND_PRINT(" ");
815 if ((cp = fqdn_print(ndo, cp, bp)) == NULL)
816 return(NULL);
817 cp += 6;
818 if (!ND_TTEST_2(cp))
819 return(NULL);
820 ND_PRINT(" fudge=%u", GET_BE_U_2(cp));
821 cp += 2;
822 if (!ND_TTEST_2(cp))
823 return(NULL);
824 ND_PRINT(" maclen=%u", GET_BE_U_2(cp));
825 cp += 2 + GET_BE_U_2(cp);
826 if (!ND_TTEST_2(cp))
827 return(NULL);
828 ND_PRINT(" origid=%u", GET_BE_U_2(cp));
829 cp += 2;
830 if (!ND_TTEST_2(cp))
831 return(NULL);
832 ND_PRINT(" error=%u", GET_BE_U_2(cp));
833 cp += 2;
834 if (!ND_TTEST_2(cp))
835 return(NULL);
836 ND_PRINT(" otherlen=%u", GET_BE_U_2(cp));
837 cp += 2;
838 }
839 }
840 return (rp); /* XXX This isn't always right */
841 }
842
843 void
844 domain_print(netdissect_options *ndo,
845 const u_char *bp, u_int length, int over_tcp, int is_mdns)
846 {
847 const dns_header_t *np;
848 uint16_t flags, rcode, rdlen, type;
849 u_int qdcount, ancount, nscount, arcount;
850 u_int i;
851 const u_char *cp;
852 uint16_t b2;
853
854 ndo->ndo_protocol = "domain";
855
856 if (over_tcp) {
857 /*
858 * The message is prefixed with a two byte length field
859 * which gives the message length, excluding the two byte
860 * length field. (RFC 1035 - 4.2.2. TCP usage)
861 */
862 if (length < 2) {
863 ND_PRINT(" [DNS over TCP: length %u < 2]", length);
864 nd_print_invalid(ndo);
865 return;
866 } else {
867 length -= 2; /* excluding the two byte length field */
868 if (GET_BE_U_2(bp) != length) {
869 ND_PRINT(" [prefix length(%u) != length(%u)]",
870 GET_BE_U_2(bp), length);
871 nd_print_invalid(ndo);
872 return;
873 } else {
874 bp += 2;
875 /* in over TCP case, we need to prepend a space
876 * (not needed in over UDP case)
877 */
878 ND_PRINT(" ");
879 }
880 }
881 }
882
883 np = (const dns_header_t *)bp;
884
885 if(length < sizeof(*np)) {
886 nd_print_protocol(ndo);
887 ND_PRINT(" [length %u < %zu]", length, sizeof(*np));
888 nd_print_invalid(ndo);
889 return;
890 }
891
892 ND_TCHECK_SIZE(np);
893 flags = GET_BE_U_2(np->flags);
894 /* get the byte-order right */
895 qdcount = GET_BE_U_2(np->qdcount);
896 ancount = GET_BE_U_2(np->ancount);
897 nscount = GET_BE_U_2(np->nscount);
898 arcount = GET_BE_U_2(np->arcount);
899
900 /* find the opt record to extract extended rcode */
901 cp = (const u_char *)(np + 1);
902 rcode = DNS_RCODE(flags);
903 for (i = 0; i < qdcount; i++) {
904 if ((cp = ns_nskip(ndo, cp)) == NULL)
905 goto print;
906 cp += 4; /* skip QTYPE and QCLASS */
907 if (cp >= ndo->ndo_snapend)
908 goto print;
909 }
910 for (i = 0; i < ancount + nscount; i++) {
911 if ((cp = ns_nskip(ndo, cp)) == NULL)
912 goto print;
913 cp += 8; /* skip TYPE, CLASS and TTL */
914 if (cp + 2 > ndo->ndo_snapend)
915 goto print;
916 rdlen = GET_BE_U_2(cp);
917 cp += 2 + rdlen;
918 if (cp >= ndo->ndo_snapend)
919 goto print;
920 }
921 for (i = 0; i < arcount; i++) {
922 if ((cp = ns_nskip(ndo, cp)) == NULL)
923 goto print;
924 if (cp + 2 > ndo->ndo_snapend)
925 goto print;
926 type = GET_BE_U_2(cp);
927 cp += 4; /* skip TYPE and CLASS */
928 if (cp + 1 > ndo->ndo_snapend)
929 goto print;
930 if (type == T_OPT) {
931 rcode |= (*cp << 4);
932 goto print;
933 }
934 cp += 4;
935 if (cp + 2 > ndo->ndo_snapend)
936 goto print;
937 rdlen = GET_BE_U_2(cp);
938 cp += 2 + rdlen;
939 if (cp >= ndo->ndo_snapend)
940 goto print;
941 }
942
943 print:
944 if (DNS_QR(flags)) {
945 /* this is a response */
946 ND_PRINT("%u%s%s%s%s%s%s",
947 GET_BE_U_2(np->id),
948 ns_ops[DNS_OPCODE(flags)],
949 ns_rcode(rcode),
950 DNS_AA(flags)? "*" : "",
951 DNS_RA(flags)? "" : "-",
952 DNS_TC(flags)? "|" : "",
953 DNS_AD(flags)? "$" : "");
954
955 if (qdcount != 1)
956 ND_PRINT(" [%uq]", qdcount);
957 /* Print QUESTION section on -vv */
958 cp = (const u_char *)(np + 1);
959 for (i = 0; i < qdcount; i++) {
960 if (i != 0)
961 ND_PRINT(",");
962 if (ndo->ndo_vflag > 1) {
963 ND_PRINT(" q:");
964 if ((cp = ns_qprint(ndo, cp, bp, is_mdns)) == NULL)
965 goto trunc;
966 } else {
967 if ((cp = ns_nskip(ndo, cp)) == NULL)
968 goto trunc;
969 cp += 4; /* skip QTYPE and QCLASS */
970 }
971 }
972 ND_PRINT(" %u/%u/%u", ancount, nscount, arcount);
973 if (ancount) {
974 if ((cp = ns_rprint(ndo, cp, bp, is_mdns)) == NULL)
975 goto trunc;
976 ancount--;
977 while (cp < ndo->ndo_snapend && ancount) {
978 ND_PRINT(",");
979 if ((cp = ns_rprint(ndo, cp, bp, is_mdns)) == NULL)
980 goto trunc;
981 ancount--;
982 }
983 }
984 if (ancount)
985 goto trunc;
986 /* Print NS and AR sections on -vv */
987 if (ndo->ndo_vflag > 1) {
988 if (cp < ndo->ndo_snapend && nscount) {
989 ND_PRINT(" ns:");
990 if ((cp = ns_rprint(ndo, cp, bp, is_mdns)) == NULL)
991 goto trunc;
992 nscount--;
993 while (cp < ndo->ndo_snapend && nscount) {
994 ND_PRINT(",");
995 if ((cp = ns_rprint(ndo, cp, bp, is_mdns)) == NULL)
996 goto trunc;
997 nscount--;
998 }
999 }
1000 if (nscount)
1001 goto trunc;
1002 if (cp < ndo->ndo_snapend && arcount) {
1003 ND_PRINT(" ar:");
1004 if ((cp = ns_rprint(ndo, cp, bp, is_mdns)) == NULL)
1005 goto trunc;
1006 arcount--;
1007 while (cp < ndo->ndo_snapend && arcount) {
1008 ND_PRINT(",");
1009 if ((cp = ns_rprint(ndo, cp, bp, is_mdns)) == NULL)
1010 goto trunc;
1011 arcount--;
1012 }
1013 }
1014 if (arcount)
1015 goto trunc;
1016 }
1017 }
1018 else {
1019 /* this is a request */
1020 ND_PRINT("%u%s%s%s", GET_BE_U_2(np->id),
1021 ns_ops[DNS_OPCODE(flags)],
1022 DNS_RD(flags) ? "+" : "",
1023 DNS_CD(flags) ? "%" : "");
1024
1025 /* any weirdness? */
1026 b2 = GET_BE_U_2(((const u_short *)np) + 1);
1027 if (b2 & 0x6cf)
1028 ND_PRINT(" [b2&3=0x%x]", b2);
1029
1030 if (DNS_OPCODE(flags) == IQUERY) {
1031 if (qdcount)
1032 ND_PRINT(" [%uq]", qdcount);
1033 if (ancount != 1)
1034 ND_PRINT(" [%ua]", ancount);
1035 }
1036 else {
1037 if (ancount)
1038 ND_PRINT(" [%ua]", ancount);
1039 if (qdcount != 1)
1040 ND_PRINT(" [%uq]", qdcount);
1041 }
1042 if (nscount)
1043 ND_PRINT(" [%un]", nscount);
1044 if (arcount)
1045 ND_PRINT(" [%uau]", arcount);
1046
1047 cp = (const u_char *)(np + 1);
1048 if (qdcount) {
1049 cp = ns_qprint(ndo, cp, (const u_char *)np, is_mdns);
1050 if (!cp)
1051 goto trunc;
1052 qdcount--;
1053 while (cp < ndo->ndo_snapend && qdcount) {
1054 cp = ns_qprint(ndo, (const u_char *)cp,
1055 (const u_char *)np,
1056 is_mdns);
1057 if (!cp)
1058 goto trunc;
1059 qdcount--;
1060 }
1061 }
1062 if (qdcount)
1063 goto trunc;
1064
1065 /* Print remaining sections on -vv */
1066 if (ndo->ndo_vflag > 1) {
1067 if (ancount) {
1068 if ((cp = ns_rprint(ndo, cp, bp, is_mdns)) == NULL)
1069 goto trunc;
1070 ancount--;
1071 while (cp < ndo->ndo_snapend && ancount) {
1072 ND_PRINT(",");
1073 if ((cp = ns_rprint(ndo, cp, bp, is_mdns)) == NULL)
1074 goto trunc;
1075 ancount--;
1076 }
1077 }
1078 if (ancount)
1079 goto trunc;
1080 if (cp < ndo->ndo_snapend && nscount) {
1081 ND_PRINT(" ns:");
1082 if ((cp = ns_rprint(ndo, cp, bp, is_mdns)) == NULL)
1083 goto trunc;
1084 nscount--;
1085 while (cp < ndo->ndo_snapend && nscount) {
1086 ND_PRINT(",");
1087 if ((cp = ns_rprint(ndo, cp, bp, is_mdns)) == NULL)
1088 goto trunc;
1089 nscount--;
1090 }
1091 }
1092 if (nscount > 0)
1093 goto trunc;
1094 if (cp < ndo->ndo_snapend && arcount) {
1095 ND_PRINT(" ar:");
1096 if ((cp = ns_rprint(ndo, cp, bp, is_mdns)) == NULL)
1097 goto trunc;
1098 arcount--;
1099 while (cp < ndo->ndo_snapend && arcount) {
1100 ND_PRINT(",");
1101 if ((cp = ns_rprint(ndo, cp, bp, is_mdns)) == NULL)
1102 goto trunc;
1103 arcount--;
1104 }
1105 }
1106 if (arcount)
1107 goto trunc;
1108 }
1109 }
1110 ND_PRINT(" (%u)", length);
1111 return;
1112
1113 trunc:
1114 nd_print_trunc(ndo);
1115 }
[mirror] the TCPdump network dissector