/*
* Copyright (c) 1988, 1989, 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997
* The Regents of the University of California. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that: (1) source code distributions
* retain the above copyright notice and this paragraph in its entirety, (2)
* distributions including binary code include the above copyright notice and
* this paragraph in its entirety in the documentation or other materials
* provided with the distribution, and (3) all advertising materials mentioning
* features or use of this software display the following acknowledgement:
* ``This product includes software developed by the University of California,
* Lawrence Berkeley Laboratory and its contributors.'' Neither the name of
* the University nor the names of its contributors may be used to endorse
* or promote products derived from this software without specific prior
* written permission.
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED
* WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
*/
/* \summary: Domain Name System (DNS) printer */
#ifdef HAVE_CONFIG_H
#include <config.h>
#endif
#include "netdissect-stdinc.h"
#include <string.h>
#include "netdissect.h"
#include "addrtoname.h"
#include "addrtostr.h"
#include "extract.h"
#include "nameser.h"
static const char *ns_ops[] = {
"", " inv_q", " stat", " op3", " notify", " update", " op6", " op7",
" op8", " updateA", " updateD", " updateDA",
" updateM", " updateMA", " zoneInit", " zoneRef",
};
static const char *ns_resp[] = {
"", " FormErr", " ServFail", " NXDomain",
" NotImp", " Refused", " YXDomain", " YXRRSet",
" NXRRSet", " NotAuth", " NotZone", " Resp11",
" Resp12", " Resp13", " Resp14", " NoChange",
" BadVers", "Resp17", " Resp18", " Resp19",
" Resp20", "Resp21", " Resp22", " BadCookie",
};
static const char *
ns_rcode(u_int rcode) {
static char buf[sizeof(" Resp4095")];
if (rcode < sizeof(ns_resp)/sizeof(ns_resp[0])) {
return (ns_resp[rcode]);
}
snprintf(buf, sizeof(buf), " Resp%u", rcode & 0xfff);
return (buf);
}
/* skip over a domain name */
static const u_char *
ns_nskip(netdissect_options *ndo,
const u_char *cp)
{
u_char i;
if (!ND_TTEST_1(cp))
return (NULL);
i = GET_U_1(cp);
cp++;
while (i) {
switch (i & TYPE_MASK) {
case TYPE_INDIR:
return (cp + 1);
case TYPE_EDNS0: {
int bitlen, bytelen;
if ((i & ~TYPE_MASK) != EDNS0_ELT_BITLABEL)
return(NULL); /* unknown ELT */
if (!ND_TTEST_1(cp))
return (NULL);
if ((bitlen = GET_U_1(cp)) == 0)
bitlen = 256;
cp++;
bytelen = (bitlen + 7) / 8;
cp += bytelen;
}
break;
case TYPE_RESERVED:
return (NULL);
case TYPE_LABEL:
cp += i;
break;
}
if (!ND_TTEST_1(cp))
return (NULL);
i = GET_U_1(cp);
cp++;
}
return (cp);
}
static const u_char *
blabel_print(netdissect_options *ndo,
const u_char *cp)
{
u_int bitlen, slen, b;
const u_char *bitp, *lim;
uint8_t tc;
if (!ND_TTEST_1(cp))
return(NULL);
if ((bitlen = GET_U_1(cp)) == 0)
bitlen = 256;
slen = (bitlen + 3) / 4;
lim = cp + 1 + slen;
/* print the bit string as a hex string */
ND_PRINT("\\[x");
for (bitp = cp + 1, b = bitlen; bitp < lim && b > 7; b -= 8, bitp++) {
ND_PRINT("%02x", GET_U_1(bitp));
}
if (b > 4) {
tc = GET_U_1(bitp);
bitp++;
ND_PRINT("%02x", tc & (0xff << (8 - b)));
} else if (b > 0) {
tc = GET_U_1(bitp);
bitp++;
ND_PRINT("%1x", ((tc >> 4) & 0x0f) & (0x0f << (4 - b)));
}
ND_PRINT("/%u]", bitlen);
return lim;
}
static int
labellen(netdissect_options *ndo,
const u_char *cp)
{
u_int i;
if (!ND_TTEST_1(cp))
return(-1);
i = GET_U_1(cp);
switch (i & TYPE_MASK) {
case TYPE_EDNS0: {
u_int bitlen, elt;
if ((elt = (i & ~TYPE_MASK)) != EDNS0_ELT_BITLABEL) {
ND_PRINT("<ELT %d>", elt);
return(-1);
}
if (!ND_TTEST_1(cp + 1))
return(-1);
if ((bitlen = GET_U_1(cp + 1)) == 0)
bitlen = 256;
return(((bitlen + 7) / 8) + 1);
}
case TYPE_INDIR:
case TYPE_LABEL:
return(i);
default:
/*
* TYPE_RESERVED, but we use default to suppress compiler
* warnings about falling out of the switch statement.
*/
ND_PRINT("<BAD LABEL TYPE>");
return(-1);
}
}
/* print a <domain-name> */
const u_char *
fqdn_print(netdissect_options *ndo,
const u_char *cp, const u_char *bp)
{
u_int i, l;
const u_char *rp = NULL;
int compress = 0;
u_int elt;
u_int offset, max_offset;
u_int name_chars = 0;
if ((l = labellen(ndo, cp)) == (u_int)-1)
return(NULL);
if (!ND_TTEST_1(cp))
return(NULL);
max_offset = (u_int)(cp - bp);
i = GET_U_1(cp);
cp++;
if ((i & TYPE_MASK) != TYPE_INDIR) {
compress = 0;
rp = cp + l;
}
if (i != 0) {
while (i && cp < ndo->ndo_snapend) {
switch (i & TYPE_MASK) {
case TYPE_INDIR:
if (!compress) {
rp = cp + 1;
compress = 1;
}
if (!ND_TTEST_1(cp))
return(NULL);
offset = (((i << 8) | GET_U_1(cp)) & 0x3fff);
/*
* This must move backwards in the packet.
* No RFC explicitly says that, but BIND's
* name decompression code requires it,
* as a way of preventing infinite loops
* and other bad behavior, and it's probably
* what was intended (compress by pointing
* to domain name suffixes already seen in
* the packet).
*/
if (offset >= max_offset) {
ND_PRINT("<BAD PTR>");
return(NULL);
}
max_offset = offset;
cp = bp + offset;
if (!ND_TTEST_1(cp))
return(NULL);
i = GET_U_1(cp);
if ((l = labellen(ndo, cp)) == (u_int)-1)
return(NULL);
cp++;
continue;
case TYPE_EDNS0:
elt = (i & ~TYPE_MASK);
switch(elt) {
case EDNS0_ELT_BITLABEL:
if (blabel_print(ndo, cp) == NULL)
return (NULL);
break;
default:
/* unknown ELT */
ND_PRINT("<ELT %u>", elt);
return(NULL);
}
break;
case TYPE_RESERVED:
ND_PRINT("<BAD LABEL TYPE>");
return(NULL);
case TYPE_LABEL:
if (name_chars + l <= MAXCDNAME) {
if (nd_printn(ndo, cp, l, ndo->ndo_snapend))
return(NULL);
} else if (name_chars < MAXCDNAME) {
if (nd_printn(ndo, cp,
MAXCDNAME - name_chars, ndo->ndo_snapend))
return(NULL);
}
name_chars += l;
break;
}
cp += l;
if (name_chars <= MAXCDNAME)
ND_PRINT(".");
name_chars++;
if (!ND_TTEST_1(cp))
return(NULL);
i = GET_U_1(cp);
if ((l = labellen(ndo, cp)) == (u_int)-1)
return(NULL);
cp++;
if (!compress)
rp += l + 1;
}
if (name_chars > MAXCDNAME)
ND_PRINT("<DOMAIN NAME TOO LONG>");
} else
ND_PRINT(".");
return (rp);
}
/* print a <character-string> */
static const u_char *
ns_cprint(netdissect_options *ndo,
const u_char *cp)
{
u_int i;
if (!ND_TTEST_1(cp))
return (NULL);
i = GET_U_1(cp);
cp++;
if (nd_printn(ndo, cp, i, ndo->ndo_snapend))
return (NULL);
return (cp + i);
}
static void
print_eopt_ecs(netdissect_options *ndo, const u_char *cp,
u_int data_len)
{
u_int family, addr_bits, src_len, scope_len;
u_char padded[32];
char addr[INET6_ADDRSTRLEN];
/* ecs option must at least contain family, src len, and scope len */
if (data_len < 4) {
nd_print_invalid(ndo);
return;
}
family = GET_BE_U_2(cp);
cp += 2;
src_len = GET_U_1(cp);
cp += 1;
scope_len = GET_U_1(cp);
cp += 1;
if (family == 1)
addr_bits = 32;
else if (family == 2)
addr_bits = 128;
else {
nd_print_invalid(ndo);
return;
}
if (data_len - 4 > (addr_bits / 8)) {
nd_print_invalid(ndo);
return;
}
/* checks for invalid ecs scope or source length */
if (src_len > addr_bits || scope_len > addr_bits || ((src_len + 7) / 8) != (data_len - 4)) {
nd_print_invalid(ndo);
return;
}
/* pad the truncated address from ecs with zeros */
memset(padded, 0, sizeof(padded));
memcpy(padded, cp, data_len - 4);
if (family == 1)
ND_PRINT("%s/%d/%d", addrtostr(padded, addr, INET_ADDRSTRLEN),
src_len, scope_len);
else
ND_PRINT("%s/%d/%d", addrtostr6(padded, addr, INET6_ADDRSTRLEN),
src_len, scope_len);
}
extern const struct tok edns_opt2str[];
extern const struct tok dau_alg2str[];
extern const struct tok dhu_alg2str[];
extern const struct tok n3u_alg2str[];
/* print an <EDNS-option> */
static const u_char *
eopt_print(netdissect_options *ndo,
const u_char *cp)
{
u_int opt, data_len, i;
if (!ND_TTEST_2(cp))
return (NULL);
opt = GET_BE_U_2(cp);
cp += 2;
ND_PRINT("%s", tok2str(edns_opt2str, "Opt%u", opt));
if (!ND_TTEST_2(cp))
return (NULL);
data_len = GET_BE_U_2(cp);
cp += 2;
ND_TCHECK_LEN(cp, data_len);
if (data_len > 0) {
ND_PRINT(" ");
switch (opt) {
case E_ECS:
print_eopt_ecs(ndo, cp, data_len);
break;
case E_COOKIE:
if (data_len < 8 || (data_len > 8 && data_len < 16) || data_len > 40)
nd_print_invalid(ndo);
else {
for (i = 0; i < data_len; ++i) {
/* split client and server cookie */
if (i == 8)
ND_PRINT(" ");
ND_PRINT("%02x", GET_U_1(cp + i));
}
}
break;
case E_KEEPALIVE:
if (data_len != 2)
nd_print_invalid(ndo);
else
/* keepalive is in increments of 100ms. Convert to seconds */
ND_PRINT("%0.1f sec", (GET_BE_U_2(cp) / 10.0));
break;
case E_EXPIRE:
if (data_len != 4)
nd_print_invalid(ndo);
else
ND_PRINT("%u sec", GET_BE_U_4(cp));
break;
case E_PADDING:
/* ignore contents and just print length */
ND_PRINT("(%u)", data_len);
break;
case E_KEYTAG:
if (data_len % 2 != 0)
nd_print_invalid(ndo);
else
for (i = 0; i < data_len; i += 2) {
if (i > 0)
ND_PRINT(" ");
ND_PRINT("%u", GET_BE_U_2(cp + i));
}
break;
case E_DAU:
for (i = 0; i < data_len; ++i) {
if (i > 0)
ND_PRINT(" ");
ND_PRINT("%s", tok2str(dau_alg2str, "Alg_%u", GET_U_1(cp + i)));
}
break;
case E_DHU:
for (i = 0; i < data_len; ++i) {
if (i > 0)
ND_PRINT(" ");
ND_PRINT("%s", tok2str(dhu_alg2str, "Alg_%u", GET_U_1(cp + i)));
}
break;
case E_N3U:
for (i = 0; i < data_len; ++i) {
if (i > 0)
ND_PRINT(" ");
ND_PRINT("%s", tok2str(n3u_alg2str, "Alg_%u", GET_U_1(cp + i)));
}
break;
case E_CHAIN:
fqdn_print(ndo, cp, cp + data_len);
break;
case E_NSID:
/* intentional fall-through. NSID is an undefined byte string */
default:
for (i = 0; i < data_len; ++i)
ND_PRINT("%02x", GET_U_1(cp + i));
break;
}
}
return (cp + data_len);
trunc:
return (NULL);
}
extern const struct tok ns_type2str[];
/* https://www.iana.org/assignments/dns-parameters */
const struct tok ns_type2str[] = {
{ T_A, "A" }, /* RFC 1035 */
{ T_NS, "NS" }, /* RFC 1035 */
{ T_MD, "MD" }, /* RFC 1035 */
{ T_MF, "MF" }, /* RFC 1035 */
{ T_CNAME, "CNAME" }, /* RFC 1035 */
{ T_SOA, "SOA" }, /* RFC 1035 */
{ T_MB, "MB" }, /* RFC 1035 */
{ T_MG, "MG" }, /* RFC 1035 */
{ T_MR, "MR" }, /* RFC 1035 */
{ T_NULL, "NULL" }, /* RFC 1035 */
{ T_WKS, "WKS" }, /* RFC 1035 */
{ T_PTR, "PTR" }, /* RFC 1035 */
{ T_HINFO, "HINFO" }, /* RFC 1035 */
{ T_MINFO, "MINFO" }, /* RFC 1035 */
{ T_MX, "MX" }, /* RFC 1035 */
{ T_TXT, "TXT" }, /* RFC 1035 */
{ T_RP, "RP" }, /* RFC 1183 */
{ T_AFSDB, "AFSDB" }, /* RFC 1183 */
{ T_X25, "X25" }, /* RFC 1183 */
{ T_ISDN, "ISDN" }, /* RFC 1183 */
{ T_RT, "RT" }, /* RFC 1183 */
{ T_NSAP, "NSAP" }, /* RFC 1706 */
{ T_NSAP_PTR, "NSAP_PTR" },
{ T_SIG, "SIG" }, /* RFC 2535 */
{ T_KEY, "KEY" }, /* RFC 2535 */
{ T_PX, "PX" }, /* RFC 2163 */
{ T_GPOS, "GPOS" }, /* RFC 1712 */
{ T_AAAA, "AAAA" }, /* RFC 1886 */
{ T_LOC, "LOC" }, /* RFC 1876 */
{ T_NXT, "NXT" }, /* RFC 2535 */
{ T_EID, "EID" }, /* Nimrod */
{ T_NIMLOC, "NIMLOC" }, /* Nimrod */
{ T_SRV, "SRV" }, /* RFC 2782 */
{ T_ATMA, "ATMA" }, /* ATM Forum */
{ T_NAPTR, "NAPTR" }, /* RFC 2168, RFC 2915 */
{ T_KX, "KX" }, /* RFC 2230 */
{ T_CERT, "CERT" }, /* RFC 2538 */
{ T_A6, "A6" }, /* RFC 2874 */
{ T_DNAME, "DNAME" }, /* RFC 2672 */
{ T_SINK, "SINK" },
{ T_OPT, "OPT" }, /* RFC 2671 */
{ T_APL, "APL" }, /* RFC 3123 */
{ T_DS, "DS" }, /* RFC 4034 */
{ T_SSHFP, "SSHFP" }, /* RFC 4255 */
{ T_IPSECKEY, "IPSECKEY" }, /* RFC 4025 */
{ T_RRSIG, "RRSIG" }, /* RFC 4034 */
{ T_NSEC, "NSEC" }, /* RFC 4034 */
{ T_DNSKEY, "DNSKEY" }, /* RFC 4034 */
{ T_SPF, "SPF" }, /* RFC-schlitt-spf-classic-02.txt */
{ T_UINFO, "UINFO" },
{ T_UID, "UID" },
{ T_GID, "GID" },
{ T_UNSPEC, "UNSPEC" },
{ T_UNSPECA, "UNSPECA" },
{ T_TKEY, "TKEY" }, /* RFC 2930 */
{ T_TSIG, "TSIG" }, /* RFC 2845 */
{ T_IXFR, "IXFR" }, /* RFC 1995 */
{ T_AXFR, "AXFR" }, /* RFC 1035 */
{ T_MAILB, "MAILB" }, /* RFC 1035 */
{ T_MAILA, "MAILA" }, /* RFC 1035 */
{ T_ANY, "ANY" },
{ T_URI, "URI" }, /* RFC 7553 */
{ 0, NULL }
};
extern const struct tok ns_class2str[];
const struct tok ns_class2str[] = {
{ C_IN, "IN" }, /* Not used */
{ C_CHAOS, "CHAOS" },
{ C_HS, "HS" },
{ C_ANY, "ANY" },
{ 0, NULL }
};
const struct tok edns_opt2str[] = {
{ E_LLQ, "LLQ" },
{ E_UL, "UL" },
{ E_NSID, "NSID" },
{ E_DAU, "DAU" },
{ E_DHU, "DHU" },
{ E_N3U, "N3U" },
{ E_ECS, "ECS" },
{ E_EXPIRE, "EXPIRE" },
{ E_COOKIE, "COOKIE" },
{ E_KEEPALIVE, "KEEPALIVE" },
{ E_PADDING, "PADDING" },
{ E_CHAIN, "CHAIN" },
{ E_KEYTAG, "KEY-TAG" },
{ E_CLIENTTAG, "CLIENT-TAG" },
{ E_SERVERTAG, "SERVER-TAG" },
{ 0, NULL }
};
const struct tok dau_alg2str[] = {
{ A_DELETE, "DELETE" },
{ A_RSAMD5, "RSAMD5" },
{ A_DH, "DH" },
{ A_DSA, "DS" },
{ A_RSASHA1, "RSASHA1" },
{ A_DSA_NSEC3_SHA1, "DSA-NSEC3-SHA1" },
{ A_RSASHA1_NSEC3_SHA1, "RSASHA1-NSEC3-SHA1" },
{ A_RSASHA256, "RSASHA256" },
{ A_RSASHA512, "RSASHA512" },
{ A_ECC_GOST, "ECC-GOST" },
{ A_ECDSAP256SHA256, "ECDSAP256SHA256" },
{ A_ECDSAP384SHA384, "ECDSAP384SHA384" },
{ A_ED25519, "ED25519" },
{ A_ED448, "ED448" },
{ A_INDIRECT, "INDIRECT" },
{ A_PRIVATEDNS, "PRIVATEDNS" },
{ A_PRIVATEOID, "PRIVATEOID" },
{ 0, NULL }
};
const struct tok dhu_alg2str[] = {
{ DS_SHA1, "SHA-1" },
{ DS_SHA256,"SHA-256" },
{ DS_GOST, "GOST_R_34.11-94" },
{ DS_SHA384,"SHA-384" },
{ 0, NULL }
};
const struct tok n3u_alg2str[] = {
{ NSEC_SHA1,"SHA-1" },
{ 0, NULL }
};
/* print a query */
static const u_char *
ns_qprint(netdissect_options *ndo,
const u_char *cp, const u_char *bp, int is_mdns)
{
const u_char *np = cp;
u_int i, class;
cp = ns_nskip(ndo, cp);
if (cp == NULL || !ND_TTEST_4(cp))
return(NULL);
/* print the qtype */
i = GET_BE_U_2(cp);
cp += 2;
ND_PRINT(" %s", tok2str(ns_type2str, "Type%u", i));
/* print the qclass (if it's not IN) */
i = GET_BE_U_2(cp);
cp += 2;
if (is_mdns)
class = (i & ~C_QU);
else
class = i;
if (class != C_IN)
ND_PRINT(" %s", tok2str(ns_class2str, "(Class %u)", class));
if (is_mdns) {
ND_PRINT(i & C_QU ? " (QU)" : " (QM)");
}
ND_PRINT("? ");
cp = fqdn_print(ndo, np, bp);
return(cp ? cp + 4 : NULL);
}
/* print a reply */
static const u_char *
ns_rprint(netdissect_options *ndo,
const u_char *cp, const u_char *bp, int is_mdns)
{
u_int i, class, opt_flags = 0;
u_short typ, len;
const u_char *rp;
if (ndo->ndo_vflag) {
ND_PRINT(" ");
if ((cp = fqdn_print(ndo, cp, bp)) == NULL)
return NULL;
} else
cp = ns_nskip(ndo, cp);
if (cp == NULL || !ND_TTEST_LEN(cp, 10))
return (ndo->ndo_snapend);
/* print the type/qtype */
typ = GET_BE_U_2(cp);
cp += 2;
/* print the class (if it's not IN and the type isn't OPT) */
i = GET_BE_U_2(cp);
cp += 2;
if (is_mdns)
class = (i & ~C_CACHE_FLUSH);
else
class = i;
if (class != C_IN && typ != T_OPT)
ND_PRINT(" %s", tok2str(ns_class2str, "(Class %u)", class));
if (is_mdns) {
if (i & C_CACHE_FLUSH)
ND_PRINT(" (Cache flush)");
}
if (typ == T_OPT) {
/* get opt flags */
cp += 2;
opt_flags = GET_BE_U_2(cp);
/* ignore rest of ttl field */
cp += 2;
} else if (ndo->ndo_vflag > 2) {
/* print ttl */
ND_PRINT(" [");
unsigned_relts_print(ndo, GET_BE_U_4(cp));
ND_PRINT("]");
cp += 4;
} else {
/* ignore ttl */
cp += 4;
}
len = GET_BE_U_2(cp);
cp += 2;
rp = cp + len;
ND_PRINT(" %s", tok2str(ns_type2str, "Type%u", typ));
if (rp > ndo->ndo_snapend)
return(NULL);
switch (typ) {
case T_A:
if (!ND_TTEST_LEN(cp, sizeof(nd_ipv4)))
return(NULL);
ND_PRINT(" %s", intoa(GET_IPV4_TO_NETWORK_ORDER(cp)));
break;
case T_NS:
case T_CNAME:
case T_PTR:
case T_DNAME:
ND_PRINT(" ");
if (fqdn_print(ndo, cp, bp) == NULL)
return(NULL);
break;
case T_SOA:
if (!ndo->ndo_vflag)
break;
ND_PRINT(" ");
if ((cp = fqdn_print(ndo, cp, bp)) == NULL)
return(NULL);
ND_PRINT(" ");
if ((cp = fqdn_print(ndo, cp, bp)) == NULL)
return(NULL);
if (!ND_TTEST_LEN(cp, 5 * 4))
return(NULL);
ND_PRINT(" %u", GET_BE_U_4(cp));
cp += 4;
ND_PRINT(" %u", GET_BE_U_4(cp));
cp += 4;
ND_PRINT(" %u", GET_BE_U_4(cp));
cp += 4;
ND_PRINT(" %u", GET_BE_U_4(cp));
cp += 4;
ND_PRINT(" %u", GET_BE_U_4(cp));
cp += 4;
break;
case T_MX:
ND_PRINT(" ");
if (!ND_TTEST_2(cp))
return(NULL);
if (fqdn_print(ndo, cp + 2, bp) == NULL)
return(NULL);
ND_PRINT(" %u", GET_BE_U_2(cp));
break;
case T_TXT:
while (cp < rp) {
ND_PRINT(" \"");
cp = ns_cprint(ndo, cp);
if (cp == NULL)
return(NULL);
ND_PRINT("\"");
}
break;
case T_SRV:
ND_PRINT(" ");
if (!ND_TTEST_6(cp))
return(NULL);
if (fqdn_print(ndo, cp + 6, bp) == NULL)
return(NULL);
ND_PRINT(":%u %u %u", GET_BE_U_2(cp + 4),
GET_BE_U_2(cp), GET_BE_U_2(cp + 2));
break;
case T_AAAA:
{
char ntop_buf[INET6_ADDRSTRLEN];
if (!ND_TTEST_LEN(cp, sizeof(nd_ipv6)))
return(NULL);
ND_PRINT(" %s",
addrtostr6(cp, ntop_buf, sizeof(ntop_buf)));
break;
}
case T_A6:
{
nd_ipv6 a;
int pbit, pbyte;
char ntop_buf[INET6_ADDRSTRLEN];
if (!ND_TTEST_1(cp))
return(NULL);
pbit = GET_U_1(cp);
pbyte = (pbit & ~7) / 8;
if (pbit > 128) {
ND_PRINT(" %u(bad plen)", pbit);
break;
} else if (pbit < 128) {
memset(a, 0, sizeof(a));
GET_CPY_BYTES(a + pbyte, cp + 1, sizeof(a) - pbyte);
ND_PRINT(" %u %s", pbit,
addrtostr6(&a, ntop_buf, sizeof(ntop_buf)));
}
if (pbit > 0) {
ND_PRINT(" ");
if (fqdn_print(ndo, cp + 1 + sizeof(a) - pbyte, bp) == NULL)
return(NULL);
}
break;
}
case T_URI:
if (!ND_TTEST_LEN(cp, len))
return(NULL);
ND_PRINT(" %u %u ", GET_BE_U_2(cp), GET_BE_U_2(cp + 2));
if (nd_printn(ndo, cp + 4, len - 4, ndo->ndo_snapend))
return(NULL);
break;
case T_OPT:
ND_PRINT(" UDPsize=%u", class);
if (opt_flags & 0x8000)
ND_PRINT(" DO");
if (cp < rp) {
ND_PRINT(" [");
while (cp < rp) {
cp = eopt_print(ndo, cp);
if (cp == NULL)
return(NULL);
if (cp < rp)
ND_PRINT(",");
}
ND_PRINT("]");
}
break;
case T_UNSPECA: /* One long string */
if (!ND_TTEST_LEN(cp, len))
return(NULL);
if (nd_printn(ndo, cp, len, ndo->ndo_snapend))
return(NULL);
break;
case T_TSIG:
{
if (cp + len > ndo->ndo_snapend)
return(NULL);
if (!ndo->ndo_vflag)
break;
ND_PRINT(" ");
if ((cp = fqdn_print(ndo, cp, bp)) == NULL)
return(NULL);
cp += 6;
if (!ND_TTEST_2(cp))
return(NULL);
ND_PRINT(" fudge=%u", GET_BE_U_2(cp));
cp += 2;
if (!ND_TTEST_2(cp))
return(NULL);
ND_PRINT(" maclen=%u", GET_BE_U_2(cp));
cp += 2 + GET_BE_U_2(cp);
if (!ND_TTEST_2(cp))
return(NULL);
ND_PRINT(" origid=%u", GET_BE_U_2(cp));
cp += 2;
if (!ND_TTEST_2(cp))
return(NULL);
ND_PRINT(" error=%u", GET_BE_U_2(cp));
cp += 2;
if (!ND_TTEST_2(cp))
return(NULL);
ND_PRINT(" otherlen=%u", GET_BE_U_2(cp));
cp += 2;
}
}
return (rp); /* XXX This isn't always right */
}
void
domain_print(netdissect_options *ndo,
const u_char *bp, u_int length, int over_tcp, int is_mdns)
{
const dns_header_t *np;
uint16_t flags, rcode, rdlen, type;
u_int qdcount, ancount, nscount, arcount;
u_int i;
const u_char *cp;
uint16_t b2;
ndo->ndo_protocol = "domain";
if (over_tcp) {
/*
* The message is prefixed with a two byte length field
* which gives the message length, excluding the two byte
* length field. (RFC 1035 - 4.2.2. TCP usage)
*/
if (length < 2) {
ND_PRINT(" [DNS over TCP: length %u < 2]", length);
nd_print_invalid(ndo);
return;
} else {
length -= 2; /* excluding the two byte length field */
if (GET_BE_U_2(bp) != length) {
ND_PRINT(" [prefix length(%u) != length(%u)]",
GET_BE_U_2(bp), length);
nd_print_invalid(ndo);
return;
} else {
bp += 2;
/* in over TCP case, we need to prepend a space
* (not needed in over UDP case)
*/
ND_PRINT(" ");
}
}
}
np = (const dns_header_t *)bp;
if(length < sizeof(*np)) {
nd_print_protocol(ndo);
ND_PRINT(" [length %u < %zu]", length, sizeof(*np));
nd_print_invalid(ndo);
return;
}
ND_TCHECK_SIZE(np);
flags = GET_BE_U_2(np->flags);
/* get the byte-order right */
qdcount = GET_BE_U_2(np->qdcount);
ancount = GET_BE_U_2(np->ancount);
nscount = GET_BE_U_2(np->nscount);
arcount = GET_BE_U_2(np->arcount);
/* find the opt record to extract extended rcode */
cp = (const u_char *)(np + 1);
rcode = DNS_RCODE(flags);
for (i = 0; i < qdcount; i++) {
if ((cp = ns_nskip(ndo, cp)) == NULL)
goto print;
cp += 4; /* skip QTYPE and QCLASS */
if (cp >= ndo->ndo_snapend)
goto print;
}
for (i = 0; i < ancount + nscount; i++) {
if ((cp = ns_nskip(ndo, cp)) == NULL)
goto print;
cp += 8; /* skip TYPE, CLASS and TTL */
if (cp + 2 > ndo->ndo_snapend)
goto print;
rdlen = GET_BE_U_2(cp);
cp += 2 + rdlen;
if (cp >= ndo->ndo_snapend)
goto print;
}
for (i = 0; i < arcount; i++) {
if ((cp = ns_nskip(ndo, cp)) == NULL)
goto print;
if (cp + 2 > ndo->ndo_snapend)
goto print;
type = GET_BE_U_2(cp);
cp += 4; /* skip TYPE and CLASS */
if (cp + 1 > ndo->ndo_snapend)
goto print;
if (type == T_OPT) {
rcode |= (GET_U_1(cp) << 4);
goto print;
}
cp += 4;
if (cp + 2 > ndo->ndo_snapend)
goto print;
rdlen = GET_BE_U_2(cp);
cp += 2 + rdlen;
if (cp >= ndo->ndo_snapend)
goto print;
}
print:
if (DNS_QR(flags)) {
/* this is a response */
ND_PRINT("%u%s%s%s%s%s%s",
GET_BE_U_2(np->id),
ns_ops[DNS_OPCODE(flags)],
ns_rcode(rcode),
DNS_AA(flags)? "*" : "",
DNS_RA(flags)? "" : "-",
DNS_TC(flags)? "|" : "",
DNS_AD(flags)? "$" : "");
if (qdcount != 1)
ND_PRINT(" [%uq]", qdcount);
/* Print QUESTION section on -vv */
cp = (const u_char *)(np + 1);
for (i = 0; i < qdcount; i++) {
if (i != 0)
ND_PRINT(",");
if (ndo->ndo_vflag > 1) {
ND_PRINT(" q:");
if ((cp = ns_qprint(ndo, cp, bp, is_mdns)) == NULL)
goto trunc;
} else {
if ((cp = ns_nskip(ndo, cp)) == NULL)
goto trunc;
cp += 4; /* skip QTYPE and QCLASS */
}
}
ND_PRINT(" %u/%u/%u", ancount, nscount, arcount);
if (ancount) {
if ((cp = ns_rprint(ndo, cp, bp, is_mdns)) == NULL)
goto trunc;
ancount--;
while (cp < ndo->ndo_snapend && ancount) {
ND_PRINT(",");
if ((cp = ns_rprint(ndo, cp, bp, is_mdns)) == NULL)
goto trunc;
ancount--;
}
}
if (ancount)
goto trunc;
/* Print NS and AR sections on -vv */
if (ndo->ndo_vflag > 1) {
if (cp < ndo->ndo_snapend && nscount) {
ND_PRINT(" ns:");
if ((cp = ns_rprint(ndo, cp, bp, is_mdns)) == NULL)
goto trunc;
nscount--;
while (cp < ndo->ndo_snapend && nscount) {
ND_PRINT(",");
if ((cp = ns_rprint(ndo, cp, bp, is_mdns)) == NULL)
goto trunc;
nscount--;
}
}
if (nscount)
goto trunc;
if (cp < ndo->ndo_snapend && arcount) {
ND_PRINT(" ar:");
if ((cp = ns_rprint(ndo, cp, bp, is_mdns)) == NULL)
goto trunc;
arcount--;
while (cp < ndo->ndo_snapend && arcount) {
ND_PRINT(",");
if ((cp = ns_rprint(ndo, cp, bp, is_mdns)) == NULL)
goto trunc;
arcount--;
}
}
if (arcount)
goto trunc;
}
}
else {
/* this is a request */
ND_PRINT("%u%s%s%s", GET_BE_U_2(np->id),
ns_ops[DNS_OPCODE(flags)],
DNS_RD(flags) ? "+" : "",
DNS_CD(flags) ? "%" : "");
/* any weirdness? */
b2 = GET_BE_U_2(((const u_short *)np) + 1);
if (b2 & 0x6cf)
ND_PRINT(" [b2&3=0x%x]", b2);
if (DNS_OPCODE(flags) == IQUERY) {
if (qdcount)
ND_PRINT(" [%uq]", qdcount);
if (ancount != 1)
ND_PRINT(" [%ua]", ancount);
}
else {
if (ancount)
ND_PRINT(" [%ua]", ancount);
if (qdcount != 1)
ND_PRINT(" [%uq]", qdcount);
}
if (nscount)
ND_PRINT(" [%un]", nscount);
if (arcount)
ND_PRINT(" [%uau]", arcount);
cp = (const u_char *)(np + 1);
if (qdcount) {
cp = ns_qprint(ndo, cp, (const u_char *)np, is_mdns);
if (!cp)
goto trunc;
qdcount--;
while (cp < ndo->ndo_snapend && qdcount) {
cp = ns_qprint(ndo, (const u_char *)cp,
(const u_char *)np,
is_mdns);
if (!cp)
goto trunc;
qdcount--;
}
}
if (qdcount)
goto trunc;
/* Print remaining sections on -vv */
if (ndo->ndo_vflag > 1) {
if (ancount) {
if ((cp = ns_rprint(ndo, cp, bp, is_mdns)) == NULL)
goto trunc;
ancount--;
while (cp < ndo->ndo_snapend && ancount) {
ND_PRINT(",");
if ((cp = ns_rprint(ndo, cp, bp, is_mdns)) == NULL)
goto trunc;
ancount--;
}
}
if (ancount)
goto trunc;
if (cp < ndo->ndo_snapend && nscount) {
ND_PRINT(" ns:");
if ((cp = ns_rprint(ndo, cp, bp, is_mdns)) == NULL)
goto trunc;
nscount--;
while (cp < ndo->ndo_snapend && nscount) {
ND_PRINT(",");
if ((cp = ns_rprint(ndo, cp, bp, is_mdns)) == NULL)
goto trunc;
nscount--;
}
}
if (nscount > 0)
goto trunc;
if (cp < ndo->ndo_snapend && arcount) {
ND_PRINT(" ar:");
if ((cp = ns_rprint(ndo, cp, bp, is_mdns)) == NULL)
goto trunc;
arcount--;
while (cp < ndo->ndo_snapend && arcount) {
ND_PRINT(",");
if ((cp = ns_rprint(ndo, cp, bp, is_mdns)) == NULL)
goto trunc;
arcount--;
}
}
if (arcount)
goto trunc;
}
}
ND_PRINT(" (%u)", length);
return;
trunc:
nd_print_trunc(ndo);
}