From: Casey Deccio Date: Fri, 3 May 2019 14:16:20 +0000 (-0600) Subject: DNS: Add printing the EDNS options X-Git-Tag: tcpdump-4.99-bp~461 X-Git-Url: https://git.tcpdump.org/tcpdump/commitdiff_plain/27bf32ee31ea4ad2575756ce6f8e04b118604f83 DNS: Add printing the EDNS options (pull request #762) --- diff --git a/nameser.h b/nameser.h index 820458c2..1e8692e7 100644 --- a/nameser.h +++ b/nameser.h @@ -198,6 +198,22 @@ #define C_QU 0x8000 /* mDNS QU flag in queries */ #define C_CACHE_FLUSH 0x8000 /* mDNS cache flush flag in replies */ +/* + * Values for EDNS option types + */ + +#define E_NSID 3 /* name server identifier */ +#define E_DAU 5 /* signal DNSSEC algorithm understood */ +#define E_DHU 6 /* signal DS hash understood */ +#define E_N3U 7 /* signal NSEC3 hash understood */ +#define E_ECS 8 /* EDNS client subnet */ +#define E_EXPIRE 9 /* zone expiration */ +#define E_COOKIE 10 /* DNS cookies */ +#define E_KEEPALIVE 11 /* TCP keepalive */ +#define E_PADDING 12 /* pad DNS messages */ +#define E_CHAIN 13 /* chain DNS queries */ +#define E_KEYTAG 14 /* EDNS key tag */ + /* * Status return codes for T_UNSPEC conversion routines */ diff --git a/print-domain.c b/print-domain.c index fcd49520..01270098 100644 --- a/print-domain.c +++ b/print-domain.c @@ -267,6 +267,27 @@ ns_cprint(netdissect_options *ndo, return (cp + i); } +extern const struct tok edns_opt2str[]; + +/* print an */ +static const u_char * +eopt_print(netdissect_options *ndo, + const u_char *cp) +{ + u_int i; + + if (!ND_TTEST_2(cp)) + return (NULL); + i = GET_BE_U_2(cp); + cp += 2; + ND_PRINT(" %s", tok2str(edns_opt2str, "Opt%u", i)); + if (!ND_TTEST_2(cp)) + return (NULL); + i = GET_BE_U_2(cp); + cp += 2; + return (cp + i); +} + extern const struct tok ns_type2str[]; /* https://www.iana.org/assignments/dns-parameters */ @@ -346,6 +367,23 @@ const struct tok ns_class2str[] = { { 0, NULL } }; +extern const struct tok edns_opt2str[]; + +const struct tok edns_opt2str[] = { + { E_NSID, "NSID" }, + { E_DAU, "DAU" }, + { E_DHU, "DHU" }, + { E_N3U, "N3U" }, + { E_ECS, "ECS" }, + { E_EXPIRE, "EXPIRE" }, + { E_COOKIE, "COOKIE" }, + { E_KEEPALIVE, "KEEPALIVE" }, + { E_PADDING, "PADDING" }, + { E_CHAIN, "CHAIN" }, + { E_KEYTAG, "KEYTAG" }, + { 0, NULL } +}; + /* print a query */ static const u_char * ns_qprint(netdissect_options *ndo, @@ -565,6 +603,11 @@ ns_rprint(netdissect_options *ndo, ND_PRINT(" UDPsize=%u", class); if (opt_flags & 0x8000) ND_PRINT(" DO"); + while (cp < rp) { + cp = eopt_print(ndo, cp); + if (cp == NULL) + return(NULL); + } break; case T_UNSPECA: /* One long string */ diff --git a/tests/TESTLIST b/tests/TESTLIST index c178f24f..78f4f738 100644 --- a/tests/TESTLIST +++ b/tests/TESTLIST @@ -778,3 +778,8 @@ ldp_tlv_print-oobr ldp_tlv_print-oobr.pcap ldp_tlv_print-oobr.out -v #someip tests someip1 someip1.pcap someip1.out someip2 someip2.pcap someip2.out + +# EDNS Options +edns-opts edns-opts.pcap edns-opts.out +edns-opts-v edns-opts.pcap edns-opts-v.out -v +edns-opts-vv edns-opts.pcap edns-opts-vv.out -vv diff --git a/tests/edns-opts-v.out b/tests/edns-opts-v.out new file mode 100644 index 00000000..054ae380 --- /dev/null +++ b/tests/edns-opts-v.out @@ -0,0 +1,10 @@ + 1 15:51:13.645135 IP6 (flowlabel 0x59ab7, hlim 64, next-header UDP (17) payload length: 48) ::1.39913 > ::1.53: [bad udp cksum 0x0043 -> 0xd3c1!] 45044+ [1au] A? example.com. (40) + 2 15:51:13.645368 IP6 (flowlabel 0x407db, hlim 64, next-header UDP (17) payload length: 200) ::1.53 > ::1.39913: [bad udp cksum 0x00db -> 0x47f8!] 45044 1/2/5 example.com. A 93.184.216.34 (192) + 3 15:51:41.824299 IP6 (flowlabel 0x6cf0a, hlim 64, next-header UDP (17) payload length: 60) ::1.40241 > ::1.53: [bad udp cksum 0x004f -> 0x8d32!] 25196+ [1au] A? example.com. (52) + 4 15:51:41.824510 IP6 (flowlabel 0x35b0b, hlim 64, next-header UDP (17) payload length: 228) ::1.53 > ::1.40241: [bad udp cksum 0x00f7 -> 0x7d0f!] 25196 1/2/5 example.com. A 93.184.216.34 (220) + 5 15:51:58.952626 IP6 (flowlabel 0xf9ade, hlim 64, next-header UDP (17) payload length: 64) ::1.52325 > ::1.53: [bad udp cksum 0x0053 -> 0xfe45!] 1171+ [1au] A? example.com. (56) + 6 15:51:58.952934 IP6 (flowlabel 0x3185a, hlim 64, next-header UDP (17) payload length: 228) ::1.53 > ::1.52325: [bad udp cksum 0x00f7 -> 0x8e9d!] 1171 1/2/5 example.com. A 93.184.216.34 (220) + 7 15:52:09.278001 IP6 (flowlabel 0xb5cae, hlim 64, next-header UDP (17) payload length: 75) ::1.45845 > ::1.53: [bad udp cksum 0x005e -> 0xcc5b!] 24578+ [1au] A? example.com. (67) + 8 15:52:09.278215 IP6 (flowlabel 0x3e25d, hlim 64, next-header UDP (17) payload length: 239) ::1.53 > ::1.45845: [bad udp cksum 0x0102 -> 0xb15e!] 24578 1/2/5 example.com. A 93.184.216.34 (231) + 9 15:52:21.041837 IP6 (flowlabel 0xc2911, hlim 64, next-header UDP (17) payload length: 79) ::1.55361 > ::1.53: [bad udp cksum 0x0062 -> 0x13aa!] 11702+ [1au] A? example.com. (71) + 10 15:52:21.042080 IP6 (flowlabel 0x5d5a9, hlim 64, next-header UDP (17) payload length: 239) ::1.53 > ::1.55361: [bad udp cksum 0x0102 -> 0x966c!] 11702 1/2/5 example.com. A 93.184.216.34 (231) diff --git a/tests/edns-opts-vv.out b/tests/edns-opts-vv.out new file mode 100644 index 00000000..889d1e77 --- /dev/null +++ b/tests/edns-opts-vv.out @@ -0,0 +1,10 @@ + 1 15:51:13.645135 IP6 (flowlabel 0x59ab7, hlim 64, next-header UDP (17) payload length: 48) ::1.39913 > ::1.53: [bad udp cksum 0x0043 -> 0xd3c1!] 45044+ [1au] A? example.com. ar: . OPT UDPsize=4096 (40) + 2 15:51:13.645368 IP6 (flowlabel 0x407db, hlim 64, next-header UDP (17) payload length: 200) ::1.53 > ::1.39913: [bad udp cksum 0x00db -> 0x47f8!] 45044 q: A? example.com. 1/2/5 example.com. A 93.184.216.34 ns: example.com. NS a.iana-servers.net., example.com. NS b.iana-servers.net. ar: a.iana-servers.net. AAAA 2001:500:8f::53, b.iana-servers.net. AAAA 2001:500:8d::53, a.iana-servers.net. A 199.43.135.53, b.iana-servers.net. A 199.43.133.53, . OPT UDPsize=4096 (192) + 3 15:51:41.824299 IP6 (flowlabel 0x6cf0a, hlim 64, next-header UDP (17) payload length: 60) ::1.40241 > ::1.53: [bad udp cksum 0x004f -> 0x8d32!] 25196+ [1au] A? example.com. ar: . OPT UDPsize=4096 COOKIE (52) + 4 15:51:41.824510 IP6 (flowlabel 0x35b0b, hlim 64, next-header UDP (17) payload length: 228) ::1.53 > ::1.40241: [bad udp cksum 0x00f7 -> 0x7d0f!] 25196 q: A? example.com. 1/2/5 example.com. A 93.184.216.34 ns: example.com. NS a.iana-servers.net., example.com. NS b.iana-servers.net. ar: a.iana-servers.net. AAAA 2001:500:8f::53, b.iana-servers.net. AAAA 2001:500:8d::53, a.iana-servers.net. A 199.43.135.53, b.iana-servers.net. A 199.43.133.53, . OPT UDPsize=4096 COOKIE (220) + 5 15:51:58.952626 IP6 (flowlabel 0xf9ade, hlim 64, next-header UDP (17) payload length: 64) ::1.52325 > ::1.53: [bad udp cksum 0x0053 -> 0xfe45!] 1171+ [1au] A? example.com. ar: . OPT UDPsize=4096 NSID COOKIE (56) + 6 15:51:58.952934 IP6 (flowlabel 0x3185a, hlim 64, next-header UDP (17) payload length: 228) ::1.53 > ::1.52325: [bad udp cksum 0x00f7 -> 0x8e9d!] 1171 q: A? example.com. 1/2/5 example.com. A 93.184.216.34 ns: example.com. NS b.iana-servers.net., example.com. NS a.iana-servers.net. ar: a.iana-servers.net. AAAA 2001:500:8f::53, b.iana-servers.net. AAAA 2001:500:8d::53, a.iana-servers.net. A 199.43.135.53, b.iana-servers.net. A 199.43.133.53, . OPT UDPsize=4096 COOKIE (220) + 7 15:52:09.278001 IP6 (flowlabel 0xb5cae, hlim 64, next-header UDP (17) payload length: 75) ::1.45845 > ::1.53: [bad udp cksum 0x005e -> 0xcc5b!] 24578+ [1au] A? example.com. ar: . OPT UDPsize=4096 NSID ECS COOKIE (67) + 8 15:52:09.278215 IP6 (flowlabel 0x3e25d, hlim 64, next-header UDP (17) payload length: 239) ::1.53 > ::1.45845: [bad udp cksum 0x0102 -> 0xb15e!] 24578 q: A? example.com. 1/2/5 example.com. A 93.184.216.34 ns: example.com. NS a.iana-servers.net., example.com. NS b.iana-servers.net. ar: a.iana-servers.net. AAAA 2001:500:8f::53, b.iana-servers.net. AAAA 2001:500:8d::53, a.iana-servers.net. A 199.43.135.53, b.iana-servers.net. A 199.43.133.53, . OPT UDPsize=4096 COOKIE ECS (231) + 9 15:52:21.041837 IP6 (flowlabel 0xc2911, hlim 64, next-header UDP (17) payload length: 79) ::1.55361 > ::1.53: [bad udp cksum 0x0062 -> 0x13aa!] 11702+ [1au] A? example.com. ar: . OPT UDPsize=4096 NSID ECS COOKIE Opt16 (71) + 10 15:52:21.042080 IP6 (flowlabel 0x5d5a9, hlim 64, next-header UDP (17) payload length: 239) ::1.53 > ::1.55361: [bad udp cksum 0x0102 -> 0x966c!] 11702 q: A? example.com. 1/2/5 example.com. A 93.184.216.34 ns: example.com. NS a.iana-servers.net., example.com. NS b.iana-servers.net. ar: a.iana-servers.net. AAAA 2001:500:8f::53, b.iana-servers.net. AAAA 2001:500:8d::53, a.iana-servers.net. A 199.43.135.53, b.iana-servers.net. A 199.43.133.53, . OPT UDPsize=4096 COOKIE ECS (231) diff --git a/tests/edns-opts.out b/tests/edns-opts.out new file mode 100644 index 00000000..9c9caa5e --- /dev/null +++ b/tests/edns-opts.out @@ -0,0 +1,10 @@ + 1 15:51:13.645135 IP6 ::1.39913 > ::1.53: 45044+ [1au] A? example.com. (40) + 2 15:51:13.645368 IP6 ::1.53 > ::1.39913: 45044 1/2/5 A 93.184.216.34 (192) + 3 15:51:41.824299 IP6 ::1.40241 > ::1.53: 25196+ [1au] A? example.com. (52) + 4 15:51:41.824510 IP6 ::1.53 > ::1.40241: 25196 1/2/5 A 93.184.216.34 (220) + 5 15:51:58.952626 IP6 ::1.52325 > ::1.53: 1171+ [1au] A? example.com. (56) + 6 15:51:58.952934 IP6 ::1.53 > ::1.52325: 1171 1/2/5 A 93.184.216.34 (220) + 7 15:52:09.278001 IP6 ::1.45845 > ::1.53: 24578+ [1au] A? example.com. (67) + 8 15:52:09.278215 IP6 ::1.53 > ::1.45845: 24578 1/2/5 A 93.184.216.34 (231) + 9 15:52:21.041837 IP6 ::1.55361 > ::1.53: 11702+ [1au] A? example.com. (71) + 10 15:52:21.042080 IP6 ::1.53 > ::1.55361: 11702 1/2/5 A 93.184.216.34 (231) diff --git a/tests/edns-opts.pcap b/tests/edns-opts.pcap new file mode 100644 index 00000000..862c51c6 Binary files /dev/null and b/tests/edns-opts.pcap differ