]> The Tcpdump Group git mirrors - tcpdump/blob - print-domain.c
projects / tcpdump / blob
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Handle very large -f files by rejecting them.
[tcpdump] / print-domain.c
1 /*
2 * Copyright (c) 1988, 1989, 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997
3 * The Regents of the University of California. All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that: (1) source code distributions
7 * retain the above copyright notice and this paragraph in its entirety, (2)
8 * distributions including binary code include the above copyright notice and
9 * this paragraph in its entirety in the documentation or other materials
10 * provided with the distribution, and (3) all advertising materials mentioning
11 * features or use of this software display the following acknowledgement:
12 * ``This product includes software developed by the University of California,
13 * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of
14 * the University nor the names of its contributors may be used to endorse
15 * or promote products derived from this software without specific prior
16 * written permission.
17 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED
18 * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
19 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
20 */
21
22 /* \summary: Domain Name System (DNS) printer */
23
24 #ifdef HAVE_CONFIG_H
25 #include "config.h"
26 #endif
27
28 #include <netdissect-stdinc.h>
29
30 #include "nameser.h"
31
32 #include <string.h>
33
34 #include "netdissect.h"
35 #include "addrtoname.h"
36 #include "addrtostr.h"
37 #include "extract.h"
38
39 static const char *ns_ops[] = {
40 "", " inv_q", " stat", " op3", " notify", " update", " op6", " op7",
41 " op8", " updateA", " updateD", " updateDA",
42 " updateM", " updateMA", " zoneInit", " zoneRef",
43 };
44
45 static const char *ns_resp[] = {
46 "", " FormErr", " ServFail", " NXDomain",
47 " NotImp", " Refused", " YXDomain", " YXRRSet",
48 " NXRRSet", " NotAuth", " NotZone", " Resp11",
49 " Resp12", " Resp13", " Resp14", " NoChange",
50 };
51
52 /* skip over a domain name */
53 static const u_char *
54 ns_nskip(netdissect_options *ndo,
55 register const u_char *cp)
56 {
57 register u_char i;
58
59 if (!ND_TTEST2(*cp, 1))
60 return (NULL);
61 i = *cp++;
62 while (i) {
63 switch (i & TYPE_MASK) {
64
65 case TYPE_INDIR:
66 return (cp + 1);
67
68 case TYPE_EDNS0: {
69 int bitlen, bytelen;
70
71 if ((i & ~TYPE_MASK) != EDNS0_ELT_BITLABEL)
72 return(NULL); /* unknown ELT */
73 if (!ND_TTEST2(*cp, 1))
74 return (NULL);
75 if ((bitlen = *cp++) == 0)
76 bitlen = 256;
77 bytelen = (bitlen + 7) / 8;
78 cp += bytelen;
79 }
80 break;
81
82 case TYPE_RESERVED:
83 return (NULL);
84
85 case TYPE_LABEL:
86 cp += i;
87 break;
88 }
89 if (!ND_TTEST2(*cp, 1))
90 return (NULL);
91 i = *cp++;
92 }
93 return (cp);
94 }
95
96 /* print a <domain-name> */
97 static const u_char *
98 blabel_print(netdissect_options *ndo,
99 const u_char *cp)
100 {
101 int bitlen, slen, b;
102 const u_char *bitp, *lim;
103 char tc;
104
105 if (!ND_TTEST2(*cp, 1))
106 return(NULL);
107 if ((bitlen = *cp) == 0)
108 bitlen = 256;
109 slen = (bitlen + 3) / 4;
110 lim = cp + 1 + slen;
111
112 /* print the bit string as a hex string */
113 ND_PRINT((ndo, "\\[x"));
114 for (bitp = cp + 1, b = bitlen; bitp < lim && b > 7; b -= 8, bitp++) {
115 ND_TCHECK(*bitp);
116 ND_PRINT((ndo, "%02x", *bitp));
117 }
118 if (b > 4) {
119 ND_TCHECK(*bitp);
120 tc = *bitp++;
121 ND_PRINT((ndo, "%02x", tc & (0xff << (8 - b))));
122 } else if (b > 0) {
123 ND_TCHECK(*bitp);
124 tc = *bitp++;
125 ND_PRINT((ndo, "%1x", ((tc >> 4) & 0x0f) & (0x0f << (4 - b))));
126 }
127 ND_PRINT((ndo, "/%d]", bitlen));
128 return lim;
129 trunc:
130 ND_PRINT((ndo, ".../%d]", bitlen));
131 return NULL;
132 }
133
134 static int
135 labellen(netdissect_options *ndo,
136 const u_char *cp)
137 {
138 register u_int i;
139
140 if (!ND_TTEST2(*cp, 1))
141 return(-1);
142 i = *cp;
143 switch (i & TYPE_MASK) {
144
145 case TYPE_EDNS0: {
146 u_int bitlen, elt;
147 if ((elt = (i & ~TYPE_MASK)) != EDNS0_ELT_BITLABEL) {
148 ND_PRINT((ndo, "<ELT %d>", elt));
149 return(-1);
150 }
151 if (!ND_TTEST2(*(cp + 1), 1))
152 return(-1);
153 if ((bitlen = *(cp + 1)) == 0)
154 bitlen = 256;
155 return(((bitlen + 7) / 8) + 1);
156 }
157
158 case TYPE_INDIR:
159 case TYPE_LABEL:
160 return(i);
161
162 default:
163 /*
164 * TYPE_RESERVED, but we use default to suppress compiler
165 * warnings about falling out of the switch statement.
166 */
167 ND_PRINT((ndo, "<BAD LABEL TYPE>"));
168 return(-1);
169 }
170 }
171
172 const u_char *
173 ns_nprint(netdissect_options *ndo,
174 register const u_char *cp, register const u_char *bp)
175 {
176 register u_int i, l;
177 register const u_char *rp = NULL;
178 register int compress = 0;
179 int elt;
180 u_int offset, max_offset;
181 u_int name_chars = 0;
182
183 if ((l = labellen(ndo, cp)) == (u_int)-1)
184 return(NULL);
185 if (!ND_TTEST2(*cp, 1))
186 return(NULL);
187 max_offset = (u_int)(cp - bp);
188 if (((i = *cp++) & TYPE_MASK) != TYPE_INDIR) {
189 compress = 0;
190 rp = cp + l;
191 }
192
193 if (i != 0) {
194 while (i && cp < ndo->ndo_snapend) {
195 switch (i & TYPE_MASK) {
196
197 case TYPE_INDIR:
198 if (!compress) {
199 rp = cp + 1;
200 compress = 1;
201 }
202 if (!ND_TTEST2(*cp, 1))
203 return(NULL);
204 offset = (((i << 8) | *cp) & 0x3fff);
205 /*
206 * This must move backwards in the packet.
207 * No RFC explicitly says that, but BIND's
208 * name decompression code requires it,
209 * as a way of preventing infinite loops
210 * and other bad behavior, and it's probably
211 * what was intended (compress by pointing
212 * to domain name suffixes already seen in
213 * the packet).
214 */
215 if (offset >= max_offset) {
216 ND_PRINT((ndo, "<BAD PTR>"));
217 return(NULL);
218 }
219 max_offset = offset;
220 cp = bp + offset;
221 if (!ND_TTEST2(*cp, 1))
222 return(NULL);
223 if ((l = labellen(ndo, cp)) == (u_int)-1)
224 return(NULL);
225 i = *cp++;
226 continue;
227
228 case TYPE_EDNS0:
229 elt = (i & ~TYPE_MASK);
230 switch(elt) {
231 case EDNS0_ELT_BITLABEL:
232 if (blabel_print(ndo, cp) == NULL)
233 return (NULL);
234 break;
235 default:
236 /* unknown ELT */
237 ND_PRINT((ndo, "<ELT %d>", elt));
238 return(NULL);
239 }
240 break;
241
242 case TYPE_RESERVED:
243 ND_PRINT((ndo, "<BAD LABEL TYPE>"));
244 return(NULL);
245
246 case TYPE_LABEL:
247 if (name_chars + l <= MAXCDNAME) {
248 if (fn_printn(ndo, cp, l, ndo->ndo_snapend))
249 return(NULL);
250 } else if (name_chars < MAXCDNAME) {
251 if (fn_printn(ndo, cp,
252 MAXCDNAME - name_chars, ndo->ndo_snapend))
253 return(NULL);
254 }
255 name_chars += l;
256 break;
257 }
258
259 cp += l;
260 if (name_chars <= MAXCDNAME)
261 ND_PRINT((ndo, "."));
262 name_chars++;
263 if (!ND_TTEST2(*cp, 1))
264 return(NULL);
265 if ((l = labellen(ndo, cp)) == (u_int)-1)
266 return(NULL);
267 i = *cp++;
268 if (!compress)
269 rp += l + 1;
270 }
271 if (name_chars > MAXCDNAME)
272 ND_PRINT((ndo, "<DOMAIN NAME TOO LONG>"));
273 } else
274 ND_PRINT((ndo, "."));
275 return (rp);
276 }
277
278 /* print a <character-string> */
279 static const u_char *
280 ns_cprint(netdissect_options *ndo,
281 register const u_char *cp)
282 {
283 register u_int i;
284
285 if (!ND_TTEST2(*cp, 1))
286 return (NULL);
287 i = *cp++;
288 if (fn_printn(ndo, cp, i, ndo->ndo_snapend))
289 return (NULL);
290 return (cp + i);
291 }
292
293 /* http://www.iana.org/assignments/dns-parameters */
294 const struct tok ns_type2str[] = {
295 { T_A, "A" }, /* RFC 1035 */
296 { T_NS, "NS" }, /* RFC 1035 */
297 { T_MD, "MD" }, /* RFC 1035 */
298 { T_MF, "MF" }, /* RFC 1035 */
299 { T_CNAME, "CNAME" }, /* RFC 1035 */
300 { T_SOA, "SOA" }, /* RFC 1035 */
301 { T_MB, "MB" }, /* RFC 1035 */
302 { T_MG, "MG" }, /* RFC 1035 */
303 { T_MR, "MR" }, /* RFC 1035 */
304 { T_NULL, "NULL" }, /* RFC 1035 */
305 { T_WKS, "WKS" }, /* RFC 1035 */
306 { T_PTR, "PTR" }, /* RFC 1035 */
307 { T_HINFO, "HINFO" }, /* RFC 1035 */
308 { T_MINFO, "MINFO" }, /* RFC 1035 */
309 { T_MX, "MX" }, /* RFC 1035 */
310 { T_TXT, "TXT" }, /* RFC 1035 */
311 { T_RP, "RP" }, /* RFC 1183 */
312 { T_AFSDB, "AFSDB" }, /* RFC 1183 */
313 { T_X25, "X25" }, /* RFC 1183 */
314 { T_ISDN, "ISDN" }, /* RFC 1183 */
315 { T_RT, "RT" }, /* RFC 1183 */
316 { T_NSAP, "NSAP" }, /* RFC 1706 */
317 { T_NSAP_PTR, "NSAP_PTR" },
318 { T_SIG, "SIG" }, /* RFC 2535 */
319 { T_KEY, "KEY" }, /* RFC 2535 */
320 { T_PX, "PX" }, /* RFC 2163 */
321 { T_GPOS, "GPOS" }, /* RFC 1712 */
322 { T_AAAA, "AAAA" }, /* RFC 1886 */
323 { T_LOC, "LOC" }, /* RFC 1876 */
324 { T_NXT, "NXT" }, /* RFC 2535 */
325 { T_EID, "EID" }, /* Nimrod */
326 { T_NIMLOC, "NIMLOC" }, /* Nimrod */
327 { T_SRV, "SRV" }, /* RFC 2782 */
328 { T_ATMA, "ATMA" }, /* ATM Forum */
329 { T_NAPTR, "NAPTR" }, /* RFC 2168, RFC 2915 */
330 { T_KX, "KX" }, /* RFC 2230 */
331 { T_CERT, "CERT" }, /* RFC 2538 */
332 { T_A6, "A6" }, /* RFC 2874 */
333 { T_DNAME, "DNAME" }, /* RFC 2672 */
334 { T_SINK, "SINK" },
335 { T_OPT, "OPT" }, /* RFC 2671 */
336 { T_APL, "APL" }, /* RFC 3123 */
337 { T_DS, "DS" }, /* RFC 4034 */
338 { T_SSHFP, "SSHFP" }, /* RFC 4255 */
339 { T_IPSECKEY, "IPSECKEY" }, /* RFC 4025 */
340 { T_RRSIG, "RRSIG" }, /* RFC 4034 */
341 { T_NSEC, "NSEC" }, /* RFC 4034 */
342 { T_DNSKEY, "DNSKEY" }, /* RFC 4034 */
343 { T_SPF, "SPF" }, /* RFC-schlitt-spf-classic-02.txt */
344 { T_UINFO, "UINFO" },
345 { T_UID, "UID" },
346 { T_GID, "GID" },
347 { T_UNSPEC, "UNSPEC" },
348 { T_UNSPECA, "UNSPECA" },
349 { T_TKEY, "TKEY" }, /* RFC 2930 */
350 { T_TSIG, "TSIG" }, /* RFC 2845 */
351 { T_IXFR, "IXFR" }, /* RFC 1995 */
352 { T_AXFR, "AXFR" }, /* RFC 1035 */
353 { T_MAILB, "MAILB" }, /* RFC 1035 */
354 { T_MAILA, "MAILA" }, /* RFC 1035 */
355 { T_ANY, "ANY" },
356 { 0, NULL }
357 };
358
359 const struct tok ns_class2str[] = {
360 { C_IN, "IN" }, /* Not used */
361 { C_CHAOS, "CHAOS" },
362 { C_HS, "HS" },
363 { C_ANY, "ANY" },
364 { 0, NULL }
365 };
366
367 /* print a query */
368 static const u_char *
369 ns_qprint(netdissect_options *ndo,
370 register const u_char *cp, register const u_char *bp, int is_mdns)
371 {
372 register const u_char *np = cp;
373 register u_int i, class;
374
375 cp = ns_nskip(ndo, cp);
376
377 if (cp == NULL || !ND_TTEST2(*cp, 4))
378 return(NULL);
379
380 /* print the qtype */
381 i = EXTRACT_16BITS(cp);
382 cp += 2;
383 ND_PRINT((ndo, " %s", tok2str(ns_type2str, "Type%d", i)));
384 /* print the qclass (if it's not IN) */
385 i = EXTRACT_16BITS(cp);
386 cp += 2;
387 if (is_mdns)
388 class = (i & ~C_QU);
389 else
390 class = i;
391 if (class != C_IN)
392 ND_PRINT((ndo, " %s", tok2str(ns_class2str, "(Class %d)", class)));
393 if (is_mdns) {
394 ND_PRINT((ndo, i & C_QU ? " (QU)" : " (QM)"));
395 }
396
397 ND_PRINT((ndo, "? "));
398 cp = ns_nprint(ndo, np, bp);
399 return(cp ? cp + 4 : NULL);
400 }
401
402 /* print a reply */
403 static const u_char *
404 ns_rprint(netdissect_options *ndo,
405 register const u_char *cp, register const u_char *bp, int is_mdns)
406 {
407 register u_int i, class, opt_flags = 0;
408 register u_short typ, len;
409 register const u_char *rp;
410
411 if (ndo->ndo_vflag) {
412 ND_PRINT((ndo, " "));
413 if ((cp = ns_nprint(ndo, cp, bp)) == NULL)
414 return NULL;
415 } else
416 cp = ns_nskip(ndo, cp);
417
418 if (cp == NULL || !ND_TTEST2(*cp, 10))
419 return (ndo->ndo_snapend);
420
421 /* print the type/qtype */
422 typ = EXTRACT_16BITS(cp);
423 cp += 2;
424 /* print the class (if it's not IN and the type isn't OPT) */
425 i = EXTRACT_16BITS(cp);
426 cp += 2;
427 if (is_mdns)
428 class = (i & ~C_CACHE_FLUSH);
429 else
430 class = i;
431 if (class != C_IN && typ != T_OPT)
432 ND_PRINT((ndo, " %s", tok2str(ns_class2str, "(Class %d)", class)));
433 if (is_mdns) {
434 if (i & C_CACHE_FLUSH)
435 ND_PRINT((ndo, " (Cache flush)"));
436 }
437
438 if (typ == T_OPT) {
439 /* get opt flags */
440 cp += 2;
441 opt_flags = EXTRACT_16BITS(cp);
442 /* ignore rest of ttl field */
443 cp += 2;
444 } else if (ndo->ndo_vflag > 2) {
445 /* print ttl */
446 ND_PRINT((ndo, " ["));
447 unsigned_relts_print(ndo, EXTRACT_32BITS(cp));
448 ND_PRINT((ndo, "]"));
449 cp += 4;
450 } else {
451 /* ignore ttl */
452 cp += 4;
453 }
454
455 len = EXTRACT_16BITS(cp);
456 cp += 2;
457
458 rp = cp + len;
459
460 ND_PRINT((ndo, " %s", tok2str(ns_type2str, "Type%d", typ)));
461 if (rp > ndo->ndo_snapend)
462 return(NULL);
463
464 switch (typ) {
465 case T_A:
466 if (!ND_TTEST2(*cp, sizeof(struct in_addr)))
467 return(NULL);
468 ND_PRINT((ndo, " %s", intoa(htonl(EXTRACT_32BITS(cp)))));
469 break;
470
471 case T_NS:
472 case T_CNAME:
473 case T_PTR:
474 #ifdef T_DNAME
475 case T_DNAME:
476 #endif
477 ND_PRINT((ndo, " "));
478 if (ns_nprint(ndo, cp, bp) == NULL)
479 return(NULL);
480 break;
481
482 case T_SOA:
483 if (!ndo->ndo_vflag)
484 break;
485 ND_PRINT((ndo, " "));
486 if ((cp = ns_nprint(ndo, cp, bp)) == NULL)
487 return(NULL);
488 ND_PRINT((ndo, " "));
489 if ((cp = ns_nprint(ndo, cp, bp)) == NULL)
490 return(NULL);
491 if (!ND_TTEST2(*cp, 5 * 4))
492 return(NULL);
493 ND_PRINT((ndo, " %u", EXTRACT_32BITS(cp)));
494 cp += 4;
495 ND_PRINT((ndo, " %u", EXTRACT_32BITS(cp)));
496 cp += 4;
497 ND_PRINT((ndo, " %u", EXTRACT_32BITS(cp)));
498 cp += 4;
499 ND_PRINT((ndo, " %u", EXTRACT_32BITS(cp)));
500 cp += 4;
501 ND_PRINT((ndo, " %u", EXTRACT_32BITS(cp)));
502 cp += 4;
503 break;
504 case T_MX:
505 ND_PRINT((ndo, " "));
506 if (!ND_TTEST2(*cp, 2))
507 return(NULL);
508 if (ns_nprint(ndo, cp + 2, bp) == NULL)
509 return(NULL);
510 ND_PRINT((ndo, " %d", EXTRACT_16BITS(cp)));
511 break;
512
513 case T_TXT:
514 while (cp < rp) {
515 ND_PRINT((ndo, " \""));
516 cp = ns_cprint(ndo, cp);
517 if (cp == NULL)
518 return(NULL);
519 ND_PRINT((ndo, "\""));
520 }
521 break;
522
523 case T_SRV:
524 ND_PRINT((ndo, " "));
525 if (!ND_TTEST2(*cp, 6))
526 return(NULL);
527 if (ns_nprint(ndo, cp + 6, bp) == NULL)
528 return(NULL);
529 ND_PRINT((ndo, ":%d %d %d", EXTRACT_16BITS(cp + 4),
530 EXTRACT_16BITS(cp), EXTRACT_16BITS(cp + 2)));
531 break;
532
533 case T_AAAA:
534 {
535 char ntop_buf[INET6_ADDRSTRLEN];
536
537 if (!ND_TTEST2(*cp, sizeof(struct in6_addr)))
538 return(NULL);
539 ND_PRINT((ndo, " %s",
540 addrtostr6(cp, ntop_buf, sizeof(ntop_buf))));
541
542 break;
543 }
544
545 case T_A6:
546 {
547 struct in6_addr a;
548 int pbit, pbyte;
549 char ntop_buf[INET6_ADDRSTRLEN];
550
551 if (!ND_TTEST2(*cp, 1))
552 return(NULL);
553 pbit = *cp;
554 pbyte = (pbit & ~7) / 8;
555 if (pbit > 128) {
556 ND_PRINT((ndo, " %u(bad plen)", pbit));
557 break;
558 } else if (pbit < 128) {
559 if (!ND_TTEST2(*(cp + 1), sizeof(a) - pbyte))
560 return(NULL);
561 memset(&a, 0, sizeof(a));
562 memcpy(&a.s6_addr[pbyte], cp + 1, sizeof(a) - pbyte);
563 ND_PRINT((ndo, " %u %s", pbit,
564 addrtostr6(&a, ntop_buf, sizeof(ntop_buf))));
565 }
566 if (pbit > 0) {
567 ND_PRINT((ndo, " "));
568 if (ns_nprint(ndo, cp + 1 + sizeof(a) - pbyte, bp) == NULL)
569 return(NULL);
570 }
571 break;
572 }
573
574 case T_OPT:
575 ND_PRINT((ndo, " UDPsize=%u", class));
576 if (opt_flags & 0x8000)
577 ND_PRINT((ndo, " DO"));
578 break;
579
580 case T_UNSPECA: /* One long string */
581 if (!ND_TTEST2(*cp, len))
582 return(NULL);
583 if (fn_printn(ndo, cp, len, ndo->ndo_snapend))
584 return(NULL);
585 break;
586
587 case T_TSIG:
588 {
589 if (cp + len > ndo->ndo_snapend)
590 return(NULL);
591 if (!ndo->ndo_vflag)
592 break;
593 ND_PRINT((ndo, " "));
594 if ((cp = ns_nprint(ndo, cp, bp)) == NULL)
595 return(NULL);
596 cp += 6;
597 if (!ND_TTEST2(*cp, 2))
598 return(NULL);
599 ND_PRINT((ndo, " fudge=%u", EXTRACT_16BITS(cp)));
600 cp += 2;
601 if (!ND_TTEST2(*cp, 2))
602 return(NULL);
603 ND_PRINT((ndo, " maclen=%u", EXTRACT_16BITS(cp)));
604 cp += 2 + EXTRACT_16BITS(cp);
605 if (!ND_TTEST2(*cp, 2))
606 return(NULL);
607 ND_PRINT((ndo, " origid=%u", EXTRACT_16BITS(cp)));
608 cp += 2;
609 if (!ND_TTEST2(*cp, 2))
610 return(NULL);
611 ND_PRINT((ndo, " error=%u", EXTRACT_16BITS(cp)));
612 cp += 2;
613 if (!ND_TTEST2(*cp, 2))
614 return(NULL);
615 ND_PRINT((ndo, " otherlen=%u", EXTRACT_16BITS(cp)));
616 cp += 2;
617 }
618 }
619 return (rp); /* XXX This isn't always right */
620 }
621
622 void
623 ns_print(netdissect_options *ndo,
624 register const u_char *bp, u_int length, int is_mdns)
625 {
626 register const HEADER *np;
627 register int qdcount, ancount, nscount, arcount;
628 register const u_char *cp;
629 uint16_t b2;
630
631 if(length < sizeof(*np)) {
632 ND_PRINT((ndo, "domain"));
633 ND_PRINT((ndo, " [length %u < %zu]", length, sizeof(*np)));
634 ND_PRINT((ndo, " (invalid)"));
635 return;
636 }
637
638 np = (const HEADER *)bp;
639 ND_TCHECK(*np);
640 /* get the byte-order right */
641 qdcount = EXTRACT_16BITS(&np->qdcount);
642 ancount = EXTRACT_16BITS(&np->ancount);
643 nscount = EXTRACT_16BITS(&np->nscount);
644 arcount = EXTRACT_16BITS(&np->arcount);
645
646 if (DNS_QR(np)) {
647 /* this is a response */
648 ND_PRINT((ndo, "%d%s%s%s%s%s%s",
649 EXTRACT_16BITS(&np->id),
650 ns_ops[DNS_OPCODE(np)],
651 ns_resp[DNS_RCODE(np)],
652 DNS_AA(np)? "*" : "",
653 DNS_RA(np)? "" : "-",
654 DNS_TC(np)? "|" : "",
655 DNS_AD(np)? "$" : ""));
656
657 if (qdcount != 1)
658 ND_PRINT((ndo, " [%dq]", qdcount));
659 /* Print QUESTION section on -vv */
660 cp = (const u_char *)(np + 1);
661 while (qdcount--) {
662 if (qdcount < EXTRACT_16BITS(&np->qdcount) - 1)
663 ND_PRINT((ndo, ","));
664 if (ndo->ndo_vflag > 1) {
665 ND_PRINT((ndo, " q:"));
666 if ((cp = ns_qprint(ndo, cp, bp, is_mdns)) == NULL)
667 goto trunc;
668 } else {
669 if ((cp = ns_nskip(ndo, cp)) == NULL)
670 goto trunc;
671 cp += 4; /* skip QTYPE and QCLASS */
672 }
673 }
674 ND_PRINT((ndo, " %d/%d/%d", ancount, nscount, arcount));
675 if (ancount--) {
676 if ((cp = ns_rprint(ndo, cp, bp, is_mdns)) == NULL)
677 goto trunc;
678 while (cp < ndo->ndo_snapend && ancount--) {
679 ND_PRINT((ndo, ","));
680 if ((cp = ns_rprint(ndo, cp, bp, is_mdns)) == NULL)
681 goto trunc;
682 }
683 }
684 if (ancount > 0)
685 goto trunc;
686 /* Print NS and AR sections on -vv */
687 if (ndo->ndo_vflag > 1) {
688 if (cp < ndo->ndo_snapend && nscount--) {
689 ND_PRINT((ndo, " ns:"));
690 if ((cp = ns_rprint(ndo, cp, bp, is_mdns)) == NULL)
691 goto trunc;
692 while (cp < ndo->ndo_snapend && nscount--) {
693 ND_PRINT((ndo, ","));
694 if ((cp = ns_rprint(ndo, cp, bp, is_mdns)) == NULL)
695 goto trunc;
696 }
697 }
698 if (nscount > 0)
699 goto trunc;
700 if (cp < ndo->ndo_snapend && arcount--) {
701 ND_PRINT((ndo, " ar:"));
702 if ((cp = ns_rprint(ndo, cp, bp, is_mdns)) == NULL)
703 goto trunc;
704 while (cp < ndo->ndo_snapend && arcount--) {
705 ND_PRINT((ndo, ","));
706 if ((cp = ns_rprint(ndo, cp, bp, is_mdns)) == NULL)
707 goto trunc;
708 }
709 }
710 if (arcount > 0)
711 goto trunc;
712 }
713 }
714 else {
715 /* this is a request */
716 ND_PRINT((ndo, "%d%s%s%s", EXTRACT_16BITS(&np->id), ns_ops[DNS_OPCODE(np)],
717 DNS_RD(np) ? "+" : "",
718 DNS_CD(np) ? "%" : ""));
719
720 /* any weirdness? */
721 b2 = EXTRACT_16BITS(((const u_short *)np)+1);
722 if (b2 & 0x6cf)
723 ND_PRINT((ndo, " [b2&3=0x%x]", b2));
724
725 if (DNS_OPCODE(np) == IQUERY) {
726 if (qdcount)
727 ND_PRINT((ndo, " [%dq]", qdcount));
728 if (ancount != 1)
729 ND_PRINT((ndo, " [%da]", ancount));
730 }
731 else {
732 if (ancount)
733 ND_PRINT((ndo, " [%da]", ancount));
734 if (qdcount != 1)
735 ND_PRINT((ndo, " [%dq]", qdcount));
736 }
737 if (nscount)
738 ND_PRINT((ndo, " [%dn]", nscount));
739 if (arcount)
740 ND_PRINT((ndo, " [%dau]", arcount));
741
742 cp = (const u_char *)(np + 1);
743 if (qdcount--) {
744 cp = ns_qprint(ndo, cp, (const u_char *)np, is_mdns);
745 if (!cp)
746 goto trunc;
747 while (cp < ndo->ndo_snapend && qdcount--) {
748 cp = ns_qprint(ndo, (const u_char *)cp,
749 (const u_char *)np,
750 is_mdns);
751 if (!cp)
752 goto trunc;
753 }
754 }
755 if (qdcount > 0)
756 goto trunc;
757
758 /* Print remaining sections on -vv */
759 if (ndo->ndo_vflag > 1) {
760 if (ancount--) {
761 if ((cp = ns_rprint(ndo, cp, bp, is_mdns)) == NULL)
762 goto trunc;
763 while (cp < ndo->ndo_snapend && ancount--) {
764 ND_PRINT((ndo, ","));
765 if ((cp = ns_rprint(ndo, cp, bp, is_mdns)) == NULL)
766 goto trunc;
767 }
768 }
769 if (ancount > 0)
770 goto trunc;
771 if (cp < ndo->ndo_snapend && nscount--) {
772 ND_PRINT((ndo, " ns:"));
773 if ((cp = ns_rprint(ndo, cp, bp, is_mdns)) == NULL)
774 goto trunc;
775 while (nscount-- && cp < ndo->ndo_snapend) {
776 ND_PRINT((ndo, ","));
777 if ((cp = ns_rprint(ndo, cp, bp, is_mdns)) == NULL)
778 goto trunc;
779 }
780 }
781 if (nscount > 0)
782 goto trunc;
783 if (cp < ndo->ndo_snapend && arcount--) {
784 ND_PRINT((ndo, " ar:"));
785 if ((cp = ns_rprint(ndo, cp, bp, is_mdns)) == NULL)
786 goto trunc;
787 while (cp < ndo->ndo_snapend && arcount--) {
788 ND_PRINT((ndo, ","));
789 if ((cp = ns_rprint(ndo, cp, bp, is_mdns)) == NULL)
790 goto trunc;
791 }
792 }
793 if (arcount > 0)
794 goto trunc;
795 }
796 }
797 ND_PRINT((ndo, " (%d)", length));
798 return;
799
800 trunc:
801 ND_PRINT((ndo, "[|domain]"));
802 }
[mirror] the TCPdump network dissector