]> The Tcpdump Group git mirrors - tcpdump/blobdiff - print-domain.c
projects / tcpdump / blobdiff
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Revert partially the commit 21b1273
[tcpdump] / print-domain.c
diff --git a/print-domain.c b/print-domain.c
index 63c541a81a7de7f08b065a15942f5e0e87d3d962..ad08073f129c51d0468f4d8cfd85dbb38c399dcd 100644 (file)
--- a/print-domain.c
+++ b/print-domain.c
@@ -116,25 +116,19 @@ blabel_print(netdissect_options *ndo,
        /* print the bit string as a hex string */
        ND_PRINT("\\[x");
        for (bitp = cp + 1, b = bitlen; bitp < lim && b > 7; b -= 8, bitp++) {
-               ND_TCHECK_1(bitp);
                ND_PRINT("%02x", GET_U_1(bitp));
        }
        if (b > 4) {
-               ND_TCHECK_1(bitp);
                tc = GET_U_1(bitp);
                bitp++;
                ND_PRINT("%02x", tc & (0xff << (8 - b)));
        } else if (b > 0) {
-               ND_TCHECK_1(bitp);
                tc = GET_U_1(bitp);
                bitp++;
                ND_PRINT("%1x", ((tc >> 4) & 0x0f) & (0x0f << (4 - b)));
        }
        ND_PRINT("/%u]", bitlen);
        return lim;
-trunc:
-       ND_PRINT(".../%u]", bitlen);
-       return NULL;
 }
 
 static int
@@ -267,9 +261,176 @@ ns_cprint(netdissect_options *ndo,
        return (cp + i);
 }
 
+static void
+print_eopt_ecs(netdissect_options *ndo, const u_char *cp,
+               u_int data_len)
+{
+    u_int family, addr_bits, src_len, scope_len;
+
+    u_char padded[32];
+    char addr[INET6_ADDRSTRLEN];
+
+    /* ecs option must at least contain family, src len, and scope len */
+    if (data_len < 4) {
+        nd_print_invalid(ndo);
+        return;
+    }
+
+    family = GET_BE_U_2(cp);
+    cp += 2;
+    src_len = GET_U_1(cp);
+    cp += 1;
+    scope_len = GET_U_1(cp);
+    cp += 1;
+
+    if (family == 1)
+        addr_bits = 32;
+    else if (family == 2)
+        addr_bits = 128;
+    else {
+        nd_print_invalid(ndo);
+        return;
+    }
+
+    if (data_len - 4 > (addr_bits / 8)) {
+        nd_print_invalid(ndo);
+        return;
+    }
+    /* checks for invalid ecs scope or source length */
+    if (src_len > addr_bits || scope_len > addr_bits || ((src_len + 7) / 8) != (data_len - 4)) {
+        nd_print_invalid(ndo);
+        return;
+    }
+
+    /* pad the truncated address from ecs with zeros */
+    memset(padded, 0, sizeof(padded));
+    memcpy(padded, cp, data_len - 4);
+
+
+    if (family == 1)
+        ND_PRINT("%s/%d/%d", addrtostr(padded, addr, INET_ADDRSTRLEN),
+                src_len, scope_len);
+    else
+        ND_PRINT("%s/%d/%d", addrtostr6(padded, addr, INET6_ADDRSTRLEN),
+                src_len, scope_len);
+
+}
+
+extern const struct tok edns_opt2str[];
+extern const struct tok dau_alg2str[];
+extern const struct tok dhu_alg2str[];
+extern const struct tok n3u_alg2str[];
+
+
+/* print an <EDNS-option> */
+static const u_char *
+eopt_print(netdissect_options *ndo,
+          const u_char *cp)
+{
+    u_int opt, data_len, i;
+
+    if (!ND_TTEST_2(cp))
+        return (NULL);
+    opt = GET_BE_U_2(cp);
+    cp += 2;
+    ND_PRINT("%s", tok2str(edns_opt2str, "Opt%u", opt));
+    if (!ND_TTEST_2(cp))
+        return (NULL);
+    data_len = GET_BE_U_2(cp);
+    cp += 2;
+
+    ND_TCHECK_LEN(cp, data_len);
+
+    if (data_len > 0) {
+        ND_PRINT(" ");
+        switch (opt) {
+
+        case E_ECS:
+            print_eopt_ecs(ndo, cp, data_len);
+            break;
+        case E_COOKIE:
+            if (data_len < 8 || (data_len > 8 && data_len < 16) || data_len > 40)
+                nd_print_invalid(ndo);
+            else {
+                for (i = 0; i < data_len; ++i) {
+                    /* split client and server cookie */
+                    if (i == 8)
+                        ND_PRINT(" ");
+                    ND_PRINT("%02x", GET_U_1(cp + i));
+                }
+            }
+            break;
+        case E_KEEPALIVE:
+            if (data_len != 2)
+                nd_print_invalid(ndo);
+            else
+                /* keepalive is in increments of 100ms. Convert to seconds */
+                ND_PRINT("%0.1f sec", (GET_BE_U_2(cp) / 10.0));
+            break;
+        case E_EXPIRE:
+            if (data_len != 4)
+                nd_print_invalid(ndo);
+            else
+                ND_PRINT("%u sec", GET_BE_U_4(cp));
+            break;
+        case E_PADDING:
+            /* ignore contents and just print length */
+            ND_PRINT("(%u)", data_len);
+            break;
+        case E_KEYTAG:
+            if (data_len % 2 != 0)
+                nd_print_invalid(ndo);
+            else
+                for (i = 0; i < data_len; i += 2) {
+                    if (i > 0)
+                        ND_PRINT(" ");
+                    ND_PRINT("%u", GET_BE_U_2(cp + i));
+                }
+            break;
+        case E_DAU:
+            for (i = 0; i < data_len; ++i) {
+                if (i > 0)
+                    ND_PRINT(" ");
+                ND_PRINT("%s", tok2str(dau_alg2str, "Alg_%u", GET_U_1(cp + i)));
+            }
+            break;
+        case E_DHU:
+            for (i = 0; i < data_len; ++i) {
+                if (i > 0)
+                    ND_PRINT(" ");
+                ND_PRINT("%s", tok2str(dhu_alg2str, "Alg_%u", GET_U_1(cp + i)));
+            }
+            break;
+        case E_N3U:
+            for (i = 0; i < data_len; ++i) {
+                if (i > 0)
+                    ND_PRINT(" ");
+                ND_PRINT("%s", tok2str(n3u_alg2str, "Alg_%u", GET_U_1(cp + i)));
+            }
+            break;
+        case E_CHAIN:
+            fqdn_print(ndo, cp, cp + data_len);
+            break;
+        case E_NSID:
+            /* intentional fall-through. NSID is an undefined byte string */
+        default:
+            for (i = 0; i < data_len; ++i)
+                ND_PRINT("%02x", GET_U_1(cp + i));
+            break;
+        }
+    }
+    return (cp + data_len);
+
+  trunc:
+    return (NULL);
+
+}
+
+
+
 extern const struct tok ns_type2str[];
 
-/* http://www.iana.org/assignments/dns-parameters */
+/* https://www.iana.org/assignments/dns-parameters */
 const struct tok ns_type2str[] = {
        { T_A,          "A" },                  /* RFC 1035 */
        { T_NS,         "NS" },                 /* RFC 1035 */
@@ -332,6 +493,7 @@ const struct tok ns_type2str[] = {
        { T_MAILB,      "MAILB" },              /* RFC 1035 */
        { T_MAILA,      "MAILA" },              /* RFC 1035 */
        { T_ANY,        "ANY" },
+       { T_URI,        "URI" },                /* RFC 7553 */
        { 0,            NULL }
 };
 
@@ -345,6 +507,59 @@ const struct tok ns_class2str[] = {
        { 0,            NULL }
 };
 
+const struct tok edns_opt2str[] = {
+    { E_LLQ,        "LLQ" },
+    { E_UL,         "UL" },
+    { E_NSID,       "NSID" },
+    { E_DAU,        "DAU" },
+    { E_DHU,        "DHU" },
+    { E_N3U,        "N3U" },
+    { E_ECS,        "ECS" },
+    { E_EXPIRE,     "EXPIRE" },
+    { E_COOKIE,     "COOKIE" },
+    { E_KEEPALIVE,  "KEEPALIVE" },
+    { E_PADDING,    "PADDING" },
+    { E_CHAIN,      "CHAIN" },
+    { E_KEYTAG,     "KEY-TAG" },
+    { E_CLIENTTAG,  "CLIENT-TAG" },
+    { E_SERVERTAG,  "SERVER-TAG" },
+    { 0,            NULL }
+};
+
+const struct tok dau_alg2str[] = {
+    { A_DELETE,             "DELETE" },
+    { A_RSAMD5,             "RSAMD5" },
+    { A_DH,                 "DH" },
+    { A_DSA,                "DS" },
+    { A_RSASHA1,            "RSASHA1" },
+    { A_DSA_NSEC3_SHA1,     "DSA-NSEC3-SHA1" },
+    { A_RSASHA1_NSEC3_SHA1, "RSASHA1-NSEC3-SHA1" },
+    { A_RSASHA256,          "RSASHA256" },
+    { A_RSASHA512,          "RSASHA512" },
+    { A_ECC_GOST,           "ECC-GOST" },
+    { A_ECDSAP256SHA256,    "ECDSAP256SHA256" },
+    { A_ECDSAP384SHA384,    "ECDSAP384SHA384" },
+    { A_ED25519,            "ED25519" },
+    { A_ED448,              "ED448" },
+    { A_INDIRECT,           "INDIRECT" },
+    { A_PRIVATEDNS,         "PRIVATEDNS" },
+    { A_PRIVATEOID,         "PRIVATEOID" },
+    { 0,                NULL }
+};
+
+const struct tok dhu_alg2str[] = {
+    { DS_SHA1,  "SHA-1" },
+    { DS_SHA256,"SHA-256" },
+    { DS_GOST,  "GOST_R_34.11-94" },
+    { DS_SHA384,"SHA-384" },
+    { 0,    NULL }
+};
+
+const struct tok n3u_alg2str[] = {
+    { NSEC_SHA1,"SHA-1" },
+    { 0,    NULL }
+};
+
 /* print a query */
 static const u_char *
 ns_qprint(netdissect_options *ndo,
@@ -525,7 +740,7 @@ ns_rprint(netdissect_options *ndo,
 
        case T_A6:
            {
-               struct in6_addr a;
+               nd_ipv6 a;
                int pbit, pbyte;
                char ntop_buf[INET6_ADDRSTRLEN];
 
@@ -539,8 +754,8 @@ ns_rprint(netdissect_options *ndo,
                } else if (pbit < 128) {
                        if (!ND_TTEST_LEN(cp + 1, sizeof(a) - pbyte))
                                return(NULL);
-                       memset(&a, 0, sizeof(a));
-                       memcpy(&a.s6_addr[pbyte], cp + 1, sizeof(a) - pbyte);
+                       memset(a, 0, sizeof(a));
+                       memcpy(a + pbyte, cp + 1, sizeof(a) - pbyte);
                        ND_PRINT(" %u %s", pbit,
                            addrtostr6(&a, ntop_buf, sizeof(ntop_buf)));
                }
@@ -552,10 +767,29 @@ ns_rprint(netdissect_options *ndo,
                break;
            }
 
+       case T_URI:
+               if (!ND_TTEST_LEN(cp, len))
+                       return(NULL);
+               ND_PRINT(" %u %u ", GET_BE_U_2(cp), GET_BE_U_2(cp + 2));
+               if (nd_printn(ndo, cp + 4, len - 4, ndo->ndo_snapend))
+                       return(NULL);
+               break;
+
        case T_OPT:
                ND_PRINT(" UDPsize=%u", class);
                if (opt_flags & 0x8000)
                        ND_PRINT(" DO");
+        if (cp < rp) {
+            ND_PRINT(" [");
+            while (cp < rp) {
+                cp = eopt_print(ndo, cp);
+                if (cp == NULL)
+                    return(NULL);
+                if (cp < rp)
+                    ND_PRINT(",");
+            }
+            ND_PRINT("]");
+        }
                break;
 
        case T_UNSPECA:         /* One long string */
@@ -602,7 +836,7 @@ ns_rprint(netdissect_options *ndo,
 
 void
 domain_print(netdissect_options *ndo,
-         const u_char *bp, u_int length, int is_mdns)
+             const u_char *bp, u_int length, int over_tcp, int is_mdns)
 {
        const dns_header_t *np;
        uint16_t flags, rcode, rdlen, type;
@@ -612,7 +846,43 @@ domain_print(netdissect_options *ndo,
        uint16_t b2;
 
        ndo->ndo_protocol = "domain";
+
+       if (over_tcp) {
+               /*
+                * The message is prefixed with a two byte length field
+                * which gives the message length, excluding the two byte
+                * length field. (RFC 1035 - 4.2.2. TCP usage)
+                */
+               if (length < 2) {
+                       ND_PRINT(" [DNS over TCP: length %u < 2]", length);
+                       nd_print_invalid(ndo);
+                       return;
+               } else {
+                       length -= 2; /* excluding the two byte length field */
+                       if (GET_BE_U_2(bp) != length) {
+                               ND_PRINT(" [prefix length(%u) != length(%u)]",
+                                        GET_BE_U_2(bp), length);
+                               nd_print_invalid(ndo);
+                               return;
+                       } else {
+                               bp += 2;
+                               /* in over TCP case, we need to prepend a space
+                                * (not needed in over UDP case)
+                                */
+                               ND_PRINT(" ");
+                       }
+               }
+       }
+
        np = (const dns_header_t *)bp;
+
+       if(length < sizeof(*np)) {
+               nd_print_protocol(ndo);
+               ND_PRINT(" [length %u < %zu]", length, sizeof(*np));
+               nd_print_invalid(ndo);
+               return;
+       }
+
        ND_TCHECK_SIZE(np);
        flags = GET_BE_U_2(np->flags);
        /* get the byte-order right */
@@ -652,7 +922,7 @@ domain_print(netdissect_options *ndo,
                if (cp + 1 > ndo->ndo_snapend)
                        goto print;
                if (type == T_OPT) {
-                       rcode |= (*cp << 4);
+                       rcode |= (GET_U_1(cp) << 4);
                        goto print;
                }
                cp += 4;
[mirror] the TCPdump network dissector