27#endif 28 29#ifdef HAVE_CONFIG_H 30#include "config.h" 31#endif 32 33#include <tcpdump-stdinc.h> 34 35#include "nameser.h" 36 37#include <stdio.h> 38#include <string.h> 39 40#include "interface.h" 41#include "addrtoname.h" 42#include "extract.h" /* must come after interface.h */ 43 44static const char *ns_ops[] = { 45 "", " inv_q", " stat", " op3", " notify", " update", " op6", " op7", 46 " op8", " updataA", " updateD", " updateDA", 47 " updateM", " updateMA", " zoneInit", " zoneRef", 48}; 49 50static const char *ns_resp[] = { 51 "", " FormErr", " ServFail", " NXDomain", 52 " NotImp", " Refused", " YXDomain", " YXRRSet", 53 " NXRRSet", " NotAuth", " NotZone", " Resp11", 54 " Resp12", " Resp13", " Resp14", " NoChange", 55}; 56 57/* skip over a domain name */ 58static const u_char * 59ns_nskip(register const u_char *cp) 60{ 61 register u_char i; 62 63 if (!TTEST2(*cp, 1)) 64 return (NULL); 65 i = *cp++; 66 while (i) { 67 if ((i & INDIR_MASK) == INDIR_MASK) 68 return (cp + 1); 69 if ((i & INDIR_MASK) == EDNS0_MASK) { 70 int bitlen, bytelen; 71 72 if ((i & ~INDIR_MASK) != EDNS0_ELT_BITLABEL) 73 return(NULL); /* unknown ELT */ 74 if (!TTEST2(*cp, 1)) 75 return (NULL); 76 if ((bitlen = *cp++) == 0) 77 bitlen = 256; 78 bytelen = (bitlen + 7) / 8; 79 cp += bytelen; 80 } else 81 cp += i; 82 if (!TTEST2(*cp, 1)) 83 return (NULL); 84 i = *cp++; 85 } 86 return (cp); 87} 88 89/* print a <domain-name> */ 90static const u_char * 91blabel_print(const u_char *cp) 92{ 93 int bitlen, slen, b; 94 const u_char *bitp, *lim; 95 char tc; 96 97 if (!TTEST2(*cp, 1)) 98 return(NULL); 99 if ((bitlen = *cp) == 0) 100 bitlen = 256; 101 slen = (bitlen + 3) / 4; 102 lim = cp + 1 + slen; 103 104 /* print the bit string as a hex string */ 105 printf("\\[x"); 106 for (bitp = cp + 1, b = bitlen; bitp < lim && b > 7; b -= 8, bitp++) { 107 TCHECK(*bitp); 108 printf("%02x", *bitp); 109 } 110 if (b > 4) { 111 TCHECK(*bitp); 112 tc = *bitp++; 113 printf("%02x", tc & (0xff << (8 - b))); 114 } else if (b > 0) { 115 TCHECK(*bitp); 116 tc = *bitp++; 117 printf("%1x", ((tc >> 4) & 0x0f) & (0x0f << (4 - b))); 118 } 119 printf("/%d]", bitlen); 120 return lim; 121trunc: 122 printf(".../%d]", bitlen); 123 return NULL; 124} 125 126static int 127labellen(const u_char *cp) 128{ 129 register u_int i; 130 131 if (!TTEST2(*cp, 1)) 132 return(-1); 133 i = *cp; 134 if ((i & INDIR_MASK) == EDNS0_MASK) { 135 int bitlen, elt;
| 27#endif 28 29#ifdef HAVE_CONFIG_H 30#include "config.h" 31#endif 32 33#include <tcpdump-stdinc.h> 34 35#include "nameser.h" 36 37#include <stdio.h> 38#include <string.h> 39 40#include "interface.h" 41#include "addrtoname.h" 42#include "extract.h" /* must come after interface.h */ 43 44static const char *ns_ops[] = { 45 "", " inv_q", " stat", " op3", " notify", " update", " op6", " op7", 46 " op8", " updataA", " updateD", " updateDA", 47 " updateM", " updateMA", " zoneInit", " zoneRef", 48}; 49 50static const char *ns_resp[] = { 51 "", " FormErr", " ServFail", " NXDomain", 52 " NotImp", " Refused", " YXDomain", " YXRRSet", 53 " NXRRSet", " NotAuth", " NotZone", " Resp11", 54 " Resp12", " Resp13", " Resp14", " NoChange", 55}; 56 57/* skip over a domain name */ 58static const u_char * 59ns_nskip(register const u_char *cp) 60{ 61 register u_char i; 62 63 if (!TTEST2(*cp, 1)) 64 return (NULL); 65 i = *cp++; 66 while (i) { 67 if ((i & INDIR_MASK) == INDIR_MASK) 68 return (cp + 1); 69 if ((i & INDIR_MASK) == EDNS0_MASK) { 70 int bitlen, bytelen; 71 72 if ((i & ~INDIR_MASK) != EDNS0_ELT_BITLABEL) 73 return(NULL); /* unknown ELT */ 74 if (!TTEST2(*cp, 1)) 75 return (NULL); 76 if ((bitlen = *cp++) == 0) 77 bitlen = 256; 78 bytelen = (bitlen + 7) / 8; 79 cp += bytelen; 80 } else 81 cp += i; 82 if (!TTEST2(*cp, 1)) 83 return (NULL); 84 i = *cp++; 85 } 86 return (cp); 87} 88 89/* print a <domain-name> */ 90static const u_char * 91blabel_print(const u_char *cp) 92{ 93 int bitlen, slen, b; 94 const u_char *bitp, *lim; 95 char tc; 96 97 if (!TTEST2(*cp, 1)) 98 return(NULL); 99 if ((bitlen = *cp) == 0) 100 bitlen = 256; 101 slen = (bitlen + 3) / 4; 102 lim = cp + 1 + slen; 103 104 /* print the bit string as a hex string */ 105 printf("\\[x"); 106 for (bitp = cp + 1, b = bitlen; bitp < lim && b > 7; b -= 8, bitp++) { 107 TCHECK(*bitp); 108 printf("%02x", *bitp); 109 } 110 if (b > 4) { 111 TCHECK(*bitp); 112 tc = *bitp++; 113 printf("%02x", tc & (0xff << (8 - b))); 114 } else if (b > 0) { 115 TCHECK(*bitp); 116 tc = *bitp++; 117 printf("%1x", ((tc >> 4) & 0x0f) & (0x0f << (4 - b))); 118 } 119 printf("/%d]", bitlen); 120 return lim; 121trunc: 122 printf(".../%d]", bitlen); 123 return NULL; 124} 125 126static int 127labellen(const u_char *cp) 128{ 129 register u_int i; 130 131 if (!TTEST2(*cp, 1)) 132 return(-1); 133 i = *cp; 134 if ((i & INDIR_MASK) == EDNS0_MASK) { 135 int bitlen, elt;
|
139 if (!TTEST2(*(cp + 1), 1)) 140 return(-1); 141 if ((bitlen = *(cp + 1)) == 0) 142 bitlen = 256; 143 return(((bitlen + 7) / 8) + 1); 144 } else 145 return(i); 146} 147 148static const u_char * 149ns_nprint(register const u_char *cp, register const u_char *bp) 150{ 151 register u_int i, l; 152 register const u_char *rp = NULL; 153 register int compress = 0; 154 int chars_processed; 155 int elt; 156 int data_size = snapend - bp; 157 158 if ((l = labellen(cp)) == (u_int)-1) 159 return(NULL); 160 if (!TTEST2(*cp, 1)) 161 return(NULL); 162 chars_processed = 1; 163 if (((i = *cp++) & INDIR_MASK) != INDIR_MASK) { 164 compress = 0; 165 rp = cp + l; 166 } 167 168 if (i != 0) 169 while (i && cp < snapend) { 170 if ((i & INDIR_MASK) == INDIR_MASK) { 171 if (!compress) { 172 rp = cp + 1; 173 compress = 1; 174 } 175 if (!TTEST2(*cp, 1)) 176 return(NULL); 177 cp = bp + (((i << 8) | *cp) & 0x3fff); 178 if ((l = labellen(cp)) == (u_int)-1) 179 return(NULL); 180 if (!TTEST2(*cp, 1)) 181 return(NULL); 182 i = *cp++; 183 chars_processed++; 184 185 /* 186 * If we've looked at every character in 187 * the message, this pointer will make 188 * us look at some character again, 189 * which means we're looping. 190 */ 191 if (chars_processed >= data_size) { 192 printf("<LOOP>"); 193 return (NULL); 194 } 195 continue; 196 } 197 if ((i & INDIR_MASK) == EDNS0_MASK) { 198 elt = (i & ~INDIR_MASK); 199 switch(elt) { 200 case EDNS0_ELT_BITLABEL: 201 if (blabel_print(cp) == NULL) 202 return (NULL); 203 break; 204 default: 205 /* unknown ELT */ 206 printf("<ELT %d>", elt); 207 return(NULL); 208 } 209 } else { 210 if (fn_printn(cp, l, snapend)) 211 return(NULL); 212 } 213 214 cp += l; 215 chars_processed += l; 216 putchar('.'); 217 if ((l = labellen(cp)) == (u_int)-1) 218 return(NULL); 219 if (!TTEST2(*cp, 1)) 220 return(NULL); 221 i = *cp++; 222 chars_processed++; 223 if (!compress) 224 rp += l + 1; 225 } 226 else 227 putchar('.'); 228 return (rp); 229} 230 231/* print a <character-string> */ 232static const u_char * 233ns_cprint(register const u_char *cp) 234{ 235 register u_int i; 236 237 if (!TTEST2(*cp, 1)) 238 return (NULL); 239 i = *cp++; 240 if (fn_printn(cp, i, snapend)) 241 return (NULL); 242 return (cp + i); 243} 244 245/* http://www.iana.org/assignments/dns-parameters */ 246struct tok ns_type2str[] = { 247 { T_A, "A" }, /* RFC 1035 */ 248 { T_NS, "NS" }, /* RFC 1035 */ 249 { T_MD, "MD" }, /* RFC 1035 */ 250 { T_MF, "MF" }, /* RFC 1035 */ 251 { T_CNAME, "CNAME" }, /* RFC 1035 */ 252 { T_SOA, "SOA" }, /* RFC 1035 */ 253 { T_MB, "MB" }, /* RFC 1035 */ 254 { T_MG, "MG" }, /* RFC 1035 */ 255 { T_MR, "MR" }, /* RFC 1035 */ 256 { T_NULL, "NULL" }, /* RFC 1035 */ 257 { T_WKS, "WKS" }, /* RFC 1035 */ 258 { T_PTR, "PTR" }, /* RFC 1035 */ 259 { T_HINFO, "HINFO" }, /* RFC 1035 */ 260 { T_MINFO, "MINFO" }, /* RFC 1035 */ 261 { T_MX, "MX" }, /* RFC 1035 */ 262 { T_TXT, "TXT" }, /* RFC 1035 */ 263 { T_RP, "RP" }, /* RFC 1183 */ 264 { T_AFSDB, "AFSDB" }, /* RFC 1183 */ 265 { T_X25, "X25" }, /* RFC 1183 */ 266 { T_ISDN, "ISDN" }, /* RFC 1183 */ 267 { T_RT, "RT" }, /* RFC 1183 */ 268 { T_NSAP, "NSAP" }, /* RFC 1706 */ 269 { T_NSAP_PTR, "NSAP_PTR" }, 270 { T_SIG, "SIG" }, /* RFC 2535 */ 271 { T_KEY, "KEY" }, /* RFC 2535 */ 272 { T_PX, "PX" }, /* RFC 2163 */ 273 { T_GPOS, "GPOS" }, /* RFC 1712 */ 274 { T_AAAA, "AAAA" }, /* RFC 1886 */ 275 { T_LOC, "LOC" }, /* RFC 1876 */ 276 { T_NXT, "NXT" }, /* RFC 2535 */ 277 { T_EID, "EID" }, /* Nimrod */ 278 { T_NIMLOC, "NIMLOC" }, /* Nimrod */ 279 { T_SRV, "SRV" }, /* RFC 2782 */ 280 { T_ATMA, "ATMA" }, /* ATM Forum */ 281 { T_NAPTR, "NAPTR" }, /* RFC 2168, RFC 2915 */ 282 { T_A6, "A6" }, /* RFC 2874 */ 283 { T_DNAME, "DNAME" }, /* RFC 2672 */ 284 { T_OPT, "OPT" }, /* RFC 2671 */ 285 { T_UINFO, "UINFO" }, 286 { T_UID, "UID" }, 287 { T_GID, "GID" }, 288 { T_UNSPEC, "UNSPEC" }, 289 { T_UNSPECA, "UNSPECA" }, 290 { T_TKEY, "TKEY" }, /* RFC 2930 */ 291 { T_TSIG, "TSIG" }, /* RFC 2845 */ 292 { T_IXFR, "IXFR" }, /* RFC 1995 */ 293 { T_AXFR, "AXFR" }, /* RFC 1035 */ 294 { T_MAILB, "MAILB" }, /* RFC 1035 */ 295 { T_MAILA, "MAILA" }, /* RFC 1035 */ 296 { T_ANY, "ANY" }, 297 { 0, NULL } 298}; 299 300struct tok ns_class2str[] = { 301 { C_IN, "IN" }, /* Not used */ 302 { C_CHAOS, "CHAOS" }, 303 { C_HS, "HS" }, 304 { C_ANY, "ANY" }, 305 { 0, NULL } 306}; 307 308/* print a query */ 309static const u_char * 310ns_qprint(register const u_char *cp, register const u_char *bp, int is_mdns) 311{ 312 register const u_char *np = cp; 313 register u_int i; 314 315 cp = ns_nskip(cp); 316 317 if (cp == NULL || !TTEST2(*cp, 4)) 318 return(NULL); 319 320 /* print the qtype and qclass (if it's not IN) */ 321 i = EXTRACT_16BITS(cp); 322 cp += 2; 323 printf(" %s", tok2str(ns_type2str, "Type%d", i)); 324 i = EXTRACT_16BITS(cp); 325 cp += 2; 326 if (is_mdns && i == (C_IN|C_CACHE_FLUSH)) 327 printf(" (Cache flush)"); 328 else if (i != C_IN) 329 printf(" %s", tok2str(ns_class2str, "(Class %d)", i)); 330 331 fputs("? ", stdout); 332 cp = ns_nprint(np, bp); 333 return(cp ? cp + 4 : NULL); 334} 335 336/* print a reply */ 337static const u_char * 338ns_rprint(register const u_char *cp, register const u_char *bp, int is_mdns) 339{ 340 register u_int class; 341 register u_short typ, len; 342 register const u_char *rp; 343 344 if (vflag) { 345 putchar(' '); 346 if ((cp = ns_nprint(cp, bp)) == NULL) 347 return NULL; 348 } else 349 cp = ns_nskip(cp); 350 351 if (cp == NULL || !TTEST2(*cp, 10)) 352 return (snapend); 353 354 /* print the type/qtype and class (if it's not IN) */ 355 typ = EXTRACT_16BITS(cp); 356 cp += 2; 357 class = EXTRACT_16BITS(cp); 358 cp += 2; 359 if (is_mdns && class == (C_IN|C_CACHE_FLUSH)) 360 printf(" (Cache flush)"); 361 else if (class != C_IN && typ != T_OPT) 362 printf(" %s", tok2str(ns_class2str, "(Class %d)", class)); 363 364 /* ignore ttl */ 365 cp += 4; 366 367 len = EXTRACT_16BITS(cp); 368 cp += 2; 369 370 rp = cp + len; 371 372 printf(" %s", tok2str(ns_type2str, "Type%d", typ)); 373 if (rp > snapend) 374 return(NULL); 375 376 switch (typ) { 377 case T_A: 378 if (!TTEST2(*cp, sizeof(struct in_addr))) 379 return(NULL); 380 printf(" %s", ipaddr_string(cp)); 381 break; 382 383 case T_NS: 384 case T_CNAME: 385 case T_PTR: 386#ifdef T_DNAME 387 case T_DNAME: 388#endif 389 putchar(' '); 390 if (ns_nprint(cp, bp) == NULL) 391 return(NULL); 392 break; 393 394 case T_SOA: 395 if (!vflag) 396 break; 397 putchar(' '); 398 if ((cp = ns_nprint(cp, bp)) == NULL) 399 return(NULL); 400 putchar(' '); 401 if ((cp = ns_nprint(cp, bp)) == NULL) 402 return(NULL); 403 if (!TTEST2(*cp, 5 * 4)) 404 return(NULL); 405 printf(" %u", EXTRACT_32BITS(cp)); 406 cp += 4; 407 printf(" %u", EXTRACT_32BITS(cp)); 408 cp += 4; 409 printf(" %u", EXTRACT_32BITS(cp)); 410 cp += 4; 411 printf(" %u", EXTRACT_32BITS(cp)); 412 cp += 4; 413 printf(" %u", EXTRACT_32BITS(cp)); 414 cp += 4; 415 break; 416 case T_MX: 417 putchar(' '); 418 if (!TTEST2(*cp, 2)) 419 return(NULL); 420 if (ns_nprint(cp + 2, bp) == NULL) 421 return(NULL); 422 printf(" %d", EXTRACT_16BITS(cp)); 423 break; 424 425 case T_TXT: 426 while (cp < rp) { 427 printf(" \""); 428 cp = ns_cprint(cp); 429 if (cp == NULL) 430 return(NULL); 431 putchar('"'); 432 } 433 break; 434 435 case T_SRV: 436 putchar(' '); 437 if (!TTEST2(*cp, 6)) 438 return(NULL); 439 if (ns_nprint(cp + 6, bp) == NULL) 440 return(NULL); 441 printf(":%d %d %d", EXTRACT_16BITS(cp + 4), 442 EXTRACT_16BITS(cp), EXTRACT_16BITS(cp + 2)); 443 break; 444 445#ifdef INET6 446 case T_AAAA: 447 if (!TTEST2(*cp, sizeof(struct in6_addr))) 448 return(NULL); 449 printf(" %s", ip6addr_string(cp)); 450 break; 451 452 case T_A6: 453 { 454 struct in6_addr a; 455 int pbit, pbyte; 456 457 if (!TTEST2(*cp, 1)) 458 return(NULL); 459 pbit = *cp; 460 pbyte = (pbit & ~7) / 8; 461 if (pbit > 128) { 462 printf(" %u(bad plen)", pbit); 463 break; 464 } else if (pbit < 128) { 465 if (!TTEST2(*(cp + 1), sizeof(a) - pbyte)) 466 return(NULL); 467 memset(&a, 0, sizeof(a)); 468 memcpy(&a.s6_addr[pbyte], cp + 1, sizeof(a) - pbyte); 469 printf(" %u %s", pbit, ip6addr_string(&a)); 470 } 471 if (pbit > 0) { 472 putchar(' '); 473 if (ns_nprint(cp + 1 + sizeof(a) - pbyte, bp) == NULL) 474 return(NULL); 475 } 476 break; 477 } 478#endif /*INET6*/ 479 480 case T_OPT: 481 printf(" UDPsize=%u", class); 482 break; 483 484 case T_UNSPECA: /* One long string */ 485 if (!TTEST2(*cp, len)) 486 return(NULL); 487 if (fn_printn(cp, len, snapend)) 488 return(NULL); 489 break; 490 491 case T_TSIG: 492 { 493 if (cp + len > snapend) 494 return(NULL); 495 if (!vflag) 496 break; 497 putchar(' '); 498 if ((cp = ns_nprint(cp, bp)) == NULL) 499 return(NULL); 500 cp += 6; 501 if (!TTEST2(*cp, 2)) 502 return(NULL); 503 printf(" fudge=%u", EXTRACT_16BITS(cp)); 504 cp += 2; 505 if (!TTEST2(*cp, 2)) 506 return(NULL); 507 printf(" maclen=%u", EXTRACT_16BITS(cp)); 508 cp += 2 + EXTRACT_16BITS(cp); 509 if (!TTEST2(*cp, 2)) 510 return(NULL); 511 printf(" origid=%u", EXTRACT_16BITS(cp)); 512 cp += 2; 513 if (!TTEST2(*cp, 2)) 514 return(NULL); 515 printf(" error=%u", EXTRACT_16BITS(cp)); 516 cp += 2; 517 if (!TTEST2(*cp, 2)) 518 return(NULL); 519 printf(" otherlen=%u", EXTRACT_16BITS(cp)); 520 cp += 2; 521 } 522 } 523 return (rp); /* XXX This isn't always right */ 524} 525 526void 527ns_print(register const u_char *bp, u_int length, int is_mdns) 528{ 529 register const HEADER *np; 530 register int qdcount, ancount, nscount, arcount; 531 register const u_char *cp; 532 u_int16_t b2; 533 534 np = (const HEADER *)bp; 535 TCHECK(*np); 536 /* get the byte-order right */ 537 qdcount = EXTRACT_16BITS(&np->qdcount); 538 ancount = EXTRACT_16BITS(&np->ancount); 539 nscount = EXTRACT_16BITS(&np->nscount); 540 arcount = EXTRACT_16BITS(&np->arcount); 541 542 if (DNS_QR(np)) { 543 /* this is a response */ 544 printf(" %d%s%s%s%s%s%s", 545 EXTRACT_16BITS(&np->id), 546 ns_ops[DNS_OPCODE(np)], 547 ns_resp[DNS_RCODE(np)], 548 DNS_AA(np)? "*" : "", 549 DNS_RA(np)? "" : "-", 550 DNS_TC(np)? "|" : "", 551 DNS_AD(np)? "$" : ""); 552 553 if (qdcount != 1) 554 printf(" [%dq]", qdcount); 555 /* Print QUESTION section on -vv */ 556 cp = (const u_char *)(np + 1); 557 while (qdcount--) { 558 if (qdcount < EXTRACT_16BITS(&np->qdcount) - 1) 559 putchar(','); 560 if (vflag > 1) { 561 fputs(" q:", stdout); 562 if ((cp = ns_qprint(cp, bp, is_mdns)) == NULL) 563 goto trunc; 564 } else { 565 if ((cp = ns_nskip(cp)) == NULL) 566 goto trunc; 567 cp += 4; /* skip QTYPE and QCLASS */ 568 } 569 } 570 printf(" %d/%d/%d", ancount, nscount, arcount); 571 if (ancount--) { 572 if ((cp = ns_rprint(cp, bp, is_mdns)) == NULL) 573 goto trunc; 574 while (cp < snapend && ancount--) { 575 putchar(','); 576 if ((cp = ns_rprint(cp, bp, is_mdns)) == NULL) 577 goto trunc; 578 } 579 } 580 if (ancount > 0) 581 goto trunc; 582 /* Print NS and AR sections on -vv */ 583 if (vflag > 1) { 584 if (cp < snapend && nscount--) { 585 fputs(" ns:", stdout); 586 if ((cp = ns_rprint(cp, bp, is_mdns)) == NULL) 587 goto trunc; 588 while (cp < snapend && nscount--) { 589 putchar(','); 590 if ((cp = ns_rprint(cp, bp, is_mdns)) == NULL) 591 goto trunc; 592 } 593 } 594 if (nscount > 0) 595 goto trunc; 596 if (cp < snapend && arcount--) { 597 fputs(" ar:", stdout); 598 if ((cp = ns_rprint(cp, bp, is_mdns)) == NULL) 599 goto trunc; 600 while (cp < snapend && arcount--) { 601 putchar(','); 602 if ((cp = ns_rprint(cp, bp, is_mdns)) == NULL) 603 goto trunc; 604 } 605 } 606 if (arcount > 0) 607 goto trunc; 608 } 609 } 610 else { 611 /* this is a request */ 612 printf(" %d%s%s%s", EXTRACT_16BITS(&np->id), ns_ops[DNS_OPCODE(np)], 613 DNS_RD(np) ? "+" : "", 614 DNS_CD(np) ? "%" : ""); 615 616 /* any weirdness? */ 617 b2 = EXTRACT_16BITS(((u_short *)np)+1); 618 if (b2 & 0x6cf) 619 printf(" [b2&3=0x%x]", b2); 620 621 if (DNS_OPCODE(np) == IQUERY) { 622 if (qdcount) 623 printf(" [%dq]", qdcount); 624 if (ancount != 1) 625 printf(" [%da]", ancount); 626 } 627 else { 628 if (ancount) 629 printf(" [%da]", ancount); 630 if (qdcount != 1) 631 printf(" [%dq]", qdcount); 632 } 633 if (nscount) 634 printf(" [%dn]", nscount); 635 if (arcount) 636 printf(" [%dau]", arcount); 637 638 cp = (const u_char *)(np + 1); 639 if (qdcount--) { 640 cp = ns_qprint(cp, (const u_char *)np, is_mdns); 641 if (!cp) 642 goto trunc; 643 while (cp < snapend && qdcount--) { 644 cp = ns_qprint((const u_char *)cp, 645 (const u_char *)np, 646 is_mdns); 647 if (!cp) 648 goto trunc; 649 } 650 } 651 if (qdcount > 0) 652 goto trunc; 653 654 /* Print remaining sections on -vv */ 655 if (vflag > 1) { 656 if (ancount--) { 657 if ((cp = ns_rprint(cp, bp, is_mdns)) == NULL) 658 goto trunc; 659 while (cp < snapend && ancount--) { 660 putchar(','); 661 if ((cp = ns_rprint(cp, bp, is_mdns)) == NULL) 662 goto trunc; 663 } 664 } 665 if (ancount > 0) 666 goto trunc; 667 if (cp < snapend && nscount--) { 668 fputs(" ns:", stdout); 669 if ((cp = ns_rprint(cp, bp, is_mdns)) == NULL) 670 goto trunc; 671 while (nscount-- && cp < snapend) { 672 putchar(','); 673 if ((cp = ns_rprint(cp, bp, is_mdns)) == NULL) 674 goto trunc; 675 } 676 } 677 if (nscount > 0) 678 goto trunc; 679 if (cp < snapend && arcount--) { 680 fputs(" ar:", stdout); 681 if ((cp = ns_rprint(cp, bp, is_mdns)) == NULL) 682 goto trunc; 683 while (cp < snapend && arcount--) { 684 putchar(','); 685 if ((cp = ns_rprint(cp, bp, is_mdns)) == NULL) 686 goto trunc; 687 } 688 } 689 if (arcount > 0) 690 goto trunc; 691 } 692 } 693 printf(" (%d)", length); 694 return; 695 696 trunc: 697 printf("[|domain]"); 698 return; 699}
| 140 if (!TTEST2(*(cp + 1), 1)) 141 return(-1); 142 if ((bitlen = *(cp + 1)) == 0) 143 bitlen = 256; 144 return(((bitlen + 7) / 8) + 1); 145 } else 146 return(i); 147} 148 149static const u_char * 150ns_nprint(register const u_char *cp, register const u_char *bp) 151{ 152 register u_int i, l; 153 register const u_char *rp = NULL; 154 register int compress = 0; 155 int chars_processed; 156 int elt; 157 int data_size = snapend - bp; 158 159 if ((l = labellen(cp)) == (u_int)-1) 160 return(NULL); 161 if (!TTEST2(*cp, 1)) 162 return(NULL); 163 chars_processed = 1; 164 if (((i = *cp++) & INDIR_MASK) != INDIR_MASK) { 165 compress = 0; 166 rp = cp + l; 167 } 168 169 if (i != 0) 170 while (i && cp < snapend) { 171 if ((i & INDIR_MASK) == INDIR_MASK) { 172 if (!compress) { 173 rp = cp + 1; 174 compress = 1; 175 } 176 if (!TTEST2(*cp, 1)) 177 return(NULL); 178 cp = bp + (((i << 8) | *cp) & 0x3fff); 179 if ((l = labellen(cp)) == (u_int)-1) 180 return(NULL); 181 if (!TTEST2(*cp, 1)) 182 return(NULL); 183 i = *cp++; 184 chars_processed++; 185 186 /* 187 * If we've looked at every character in 188 * the message, this pointer will make 189 * us look at some character again, 190 * which means we're looping. 191 */ 192 if (chars_processed >= data_size) { 193 printf("<LOOP>"); 194 return (NULL); 195 } 196 continue; 197 } 198 if ((i & INDIR_MASK) == EDNS0_MASK) { 199 elt = (i & ~INDIR_MASK); 200 switch(elt) { 201 case EDNS0_ELT_BITLABEL: 202 if (blabel_print(cp) == NULL) 203 return (NULL); 204 break; 205 default: 206 /* unknown ELT */ 207 printf("<ELT %d>", elt); 208 return(NULL); 209 } 210 } else { 211 if (fn_printn(cp, l, snapend)) 212 return(NULL); 213 } 214 215 cp += l; 216 chars_processed += l; 217 putchar('.'); 218 if ((l = labellen(cp)) == (u_int)-1) 219 return(NULL); 220 if (!TTEST2(*cp, 1)) 221 return(NULL); 222 i = *cp++; 223 chars_processed++; 224 if (!compress) 225 rp += l + 1; 226 } 227 else 228 putchar('.'); 229 return (rp); 230} 231 232/* print a <character-string> */ 233static const u_char * 234ns_cprint(register const u_char *cp) 235{ 236 register u_int i; 237 238 if (!TTEST2(*cp, 1)) 239 return (NULL); 240 i = *cp++; 241 if (fn_printn(cp, i, snapend)) 242 return (NULL); 243 return (cp + i); 244} 245 246/* http://www.iana.org/assignments/dns-parameters */ 247struct tok ns_type2str[] = { 248 { T_A, "A" }, /* RFC 1035 */ 249 { T_NS, "NS" }, /* RFC 1035 */ 250 { T_MD, "MD" }, /* RFC 1035 */ 251 { T_MF, "MF" }, /* RFC 1035 */ 252 { T_CNAME, "CNAME" }, /* RFC 1035 */ 253 { T_SOA, "SOA" }, /* RFC 1035 */ 254 { T_MB, "MB" }, /* RFC 1035 */ 255 { T_MG, "MG" }, /* RFC 1035 */ 256 { T_MR, "MR" }, /* RFC 1035 */ 257 { T_NULL, "NULL" }, /* RFC 1035 */ 258 { T_WKS, "WKS" }, /* RFC 1035 */ 259 { T_PTR, "PTR" }, /* RFC 1035 */ 260 { T_HINFO, "HINFO" }, /* RFC 1035 */ 261 { T_MINFO, "MINFO" }, /* RFC 1035 */ 262 { T_MX, "MX" }, /* RFC 1035 */ 263 { T_TXT, "TXT" }, /* RFC 1035 */ 264 { T_RP, "RP" }, /* RFC 1183 */ 265 { T_AFSDB, "AFSDB" }, /* RFC 1183 */ 266 { T_X25, "X25" }, /* RFC 1183 */ 267 { T_ISDN, "ISDN" }, /* RFC 1183 */ 268 { T_RT, "RT" }, /* RFC 1183 */ 269 { T_NSAP, "NSAP" }, /* RFC 1706 */ 270 { T_NSAP_PTR, "NSAP_PTR" }, 271 { T_SIG, "SIG" }, /* RFC 2535 */ 272 { T_KEY, "KEY" }, /* RFC 2535 */ 273 { T_PX, "PX" }, /* RFC 2163 */ 274 { T_GPOS, "GPOS" }, /* RFC 1712 */ 275 { T_AAAA, "AAAA" }, /* RFC 1886 */ 276 { T_LOC, "LOC" }, /* RFC 1876 */ 277 { T_NXT, "NXT" }, /* RFC 2535 */ 278 { T_EID, "EID" }, /* Nimrod */ 279 { T_NIMLOC, "NIMLOC" }, /* Nimrod */ 280 { T_SRV, "SRV" }, /* RFC 2782 */ 281 { T_ATMA, "ATMA" }, /* ATM Forum */ 282 { T_NAPTR, "NAPTR" }, /* RFC 2168, RFC 2915 */ 283 { T_A6, "A6" }, /* RFC 2874 */ 284 { T_DNAME, "DNAME" }, /* RFC 2672 */ 285 { T_OPT, "OPT" }, /* RFC 2671 */ 286 { T_UINFO, "UINFO" }, 287 { T_UID, "UID" }, 288 { T_GID, "GID" }, 289 { T_UNSPEC, "UNSPEC" }, 290 { T_UNSPECA, "UNSPECA" }, 291 { T_TKEY, "TKEY" }, /* RFC 2930 */ 292 { T_TSIG, "TSIG" }, /* RFC 2845 */ 293 { T_IXFR, "IXFR" }, /* RFC 1995 */ 294 { T_AXFR, "AXFR" }, /* RFC 1035 */ 295 { T_MAILB, "MAILB" }, /* RFC 1035 */ 296 { T_MAILA, "MAILA" }, /* RFC 1035 */ 297 { T_ANY, "ANY" }, 298 { 0, NULL } 299}; 300 301struct tok ns_class2str[] = { 302 { C_IN, "IN" }, /* Not used */ 303 { C_CHAOS, "CHAOS" }, 304 { C_HS, "HS" }, 305 { C_ANY, "ANY" }, 306 { 0, NULL } 307}; 308 309/* print a query */ 310static const u_char * 311ns_qprint(register const u_char *cp, register const u_char *bp, int is_mdns) 312{ 313 register const u_char *np = cp; 314 register u_int i; 315 316 cp = ns_nskip(cp); 317 318 if (cp == NULL || !TTEST2(*cp, 4)) 319 return(NULL); 320 321 /* print the qtype and qclass (if it's not IN) */ 322 i = EXTRACT_16BITS(cp); 323 cp += 2; 324 printf(" %s", tok2str(ns_type2str, "Type%d", i)); 325 i = EXTRACT_16BITS(cp); 326 cp += 2; 327 if (is_mdns && i == (C_IN|C_CACHE_FLUSH)) 328 printf(" (Cache flush)"); 329 else if (i != C_IN) 330 printf(" %s", tok2str(ns_class2str, "(Class %d)", i)); 331 332 fputs("? ", stdout); 333 cp = ns_nprint(np, bp); 334 return(cp ? cp + 4 : NULL); 335} 336 337/* print a reply */ 338static const u_char * 339ns_rprint(register const u_char *cp, register const u_char *bp, int is_mdns) 340{ 341 register u_int class; 342 register u_short typ, len; 343 register const u_char *rp; 344 345 if (vflag) { 346 putchar(' '); 347 if ((cp = ns_nprint(cp, bp)) == NULL) 348 return NULL; 349 } else 350 cp = ns_nskip(cp); 351 352 if (cp == NULL || !TTEST2(*cp, 10)) 353 return (snapend); 354 355 /* print the type/qtype and class (if it's not IN) */ 356 typ = EXTRACT_16BITS(cp); 357 cp += 2; 358 class = EXTRACT_16BITS(cp); 359 cp += 2; 360 if (is_mdns && class == (C_IN|C_CACHE_FLUSH)) 361 printf(" (Cache flush)"); 362 else if (class != C_IN && typ != T_OPT) 363 printf(" %s", tok2str(ns_class2str, "(Class %d)", class)); 364 365 /* ignore ttl */ 366 cp += 4; 367 368 len = EXTRACT_16BITS(cp); 369 cp += 2; 370 371 rp = cp + len; 372 373 printf(" %s", tok2str(ns_type2str, "Type%d", typ)); 374 if (rp > snapend) 375 return(NULL); 376 377 switch (typ) { 378 case T_A: 379 if (!TTEST2(*cp, sizeof(struct in_addr))) 380 return(NULL); 381 printf(" %s", ipaddr_string(cp)); 382 break; 383 384 case T_NS: 385 case T_CNAME: 386 case T_PTR: 387#ifdef T_DNAME 388 case T_DNAME: 389#endif 390 putchar(' '); 391 if (ns_nprint(cp, bp) == NULL) 392 return(NULL); 393 break; 394 395 case T_SOA: 396 if (!vflag) 397 break; 398 putchar(' '); 399 if ((cp = ns_nprint(cp, bp)) == NULL) 400 return(NULL); 401 putchar(' '); 402 if ((cp = ns_nprint(cp, bp)) == NULL) 403 return(NULL); 404 if (!TTEST2(*cp, 5 * 4)) 405 return(NULL); 406 printf(" %u", EXTRACT_32BITS(cp)); 407 cp += 4; 408 printf(" %u", EXTRACT_32BITS(cp)); 409 cp += 4; 410 printf(" %u", EXTRACT_32BITS(cp)); 411 cp += 4; 412 printf(" %u", EXTRACT_32BITS(cp)); 413 cp += 4; 414 printf(" %u", EXTRACT_32BITS(cp)); 415 cp += 4; 416 break; 417 case T_MX: 418 putchar(' '); 419 if (!TTEST2(*cp, 2)) 420 return(NULL); 421 if (ns_nprint(cp + 2, bp) == NULL) 422 return(NULL); 423 printf(" %d", EXTRACT_16BITS(cp)); 424 break; 425 426 case T_TXT: 427 while (cp < rp) { 428 printf(" \""); 429 cp = ns_cprint(cp); 430 if (cp == NULL) 431 return(NULL); 432 putchar('"'); 433 } 434 break; 435 436 case T_SRV: 437 putchar(' '); 438 if (!TTEST2(*cp, 6)) 439 return(NULL); 440 if (ns_nprint(cp + 6, bp) == NULL) 441 return(NULL); 442 printf(":%d %d %d", EXTRACT_16BITS(cp + 4), 443 EXTRACT_16BITS(cp), EXTRACT_16BITS(cp + 2)); 444 break; 445 446#ifdef INET6 447 case T_AAAA: 448 if (!TTEST2(*cp, sizeof(struct in6_addr))) 449 return(NULL); 450 printf(" %s", ip6addr_string(cp)); 451 break; 452 453 case T_A6: 454 { 455 struct in6_addr a; 456 int pbit, pbyte; 457 458 if (!TTEST2(*cp, 1)) 459 return(NULL); 460 pbit = *cp; 461 pbyte = (pbit & ~7) / 8; 462 if (pbit > 128) { 463 printf(" %u(bad plen)", pbit); 464 break; 465 } else if (pbit < 128) { 466 if (!TTEST2(*(cp + 1), sizeof(a) - pbyte)) 467 return(NULL); 468 memset(&a, 0, sizeof(a)); 469 memcpy(&a.s6_addr[pbyte], cp + 1, sizeof(a) - pbyte); 470 printf(" %u %s", pbit, ip6addr_string(&a)); 471 } 472 if (pbit > 0) { 473 putchar(' '); 474 if (ns_nprint(cp + 1 + sizeof(a) - pbyte, bp) == NULL) 475 return(NULL); 476 } 477 break; 478 } 479#endif /*INET6*/ 480 481 case T_OPT: 482 printf(" UDPsize=%u", class); 483 break; 484 485 case T_UNSPECA: /* One long string */ 486 if (!TTEST2(*cp, len)) 487 return(NULL); 488 if (fn_printn(cp, len, snapend)) 489 return(NULL); 490 break; 491 492 case T_TSIG: 493 { 494 if (cp + len > snapend) 495 return(NULL); 496 if (!vflag) 497 break; 498 putchar(' '); 499 if ((cp = ns_nprint(cp, bp)) == NULL) 500 return(NULL); 501 cp += 6; 502 if (!TTEST2(*cp, 2)) 503 return(NULL); 504 printf(" fudge=%u", EXTRACT_16BITS(cp)); 505 cp += 2; 506 if (!TTEST2(*cp, 2)) 507 return(NULL); 508 printf(" maclen=%u", EXTRACT_16BITS(cp)); 509 cp += 2 + EXTRACT_16BITS(cp); 510 if (!TTEST2(*cp, 2)) 511 return(NULL); 512 printf(" origid=%u", EXTRACT_16BITS(cp)); 513 cp += 2; 514 if (!TTEST2(*cp, 2)) 515 return(NULL); 516 printf(" error=%u", EXTRACT_16BITS(cp)); 517 cp += 2; 518 if (!TTEST2(*cp, 2)) 519 return(NULL); 520 printf(" otherlen=%u", EXTRACT_16BITS(cp)); 521 cp += 2; 522 } 523 } 524 return (rp); /* XXX This isn't always right */ 525} 526 527void 528ns_print(register const u_char *bp, u_int length, int is_mdns) 529{ 530 register const HEADER *np; 531 register int qdcount, ancount, nscount, arcount; 532 register const u_char *cp; 533 u_int16_t b2; 534 535 np = (const HEADER *)bp; 536 TCHECK(*np); 537 /* get the byte-order right */ 538 qdcount = EXTRACT_16BITS(&np->qdcount); 539 ancount = EXTRACT_16BITS(&np->ancount); 540 nscount = EXTRACT_16BITS(&np->nscount); 541 arcount = EXTRACT_16BITS(&np->arcount); 542 543 if (DNS_QR(np)) { 544 /* this is a response */ 545 printf(" %d%s%s%s%s%s%s", 546 EXTRACT_16BITS(&np->id), 547 ns_ops[DNS_OPCODE(np)], 548 ns_resp[DNS_RCODE(np)], 549 DNS_AA(np)? "*" : "", 550 DNS_RA(np)? "" : "-", 551 DNS_TC(np)? "|" : "", 552 DNS_AD(np)? "$" : ""); 553 554 if (qdcount != 1) 555 printf(" [%dq]", qdcount); 556 /* Print QUESTION section on -vv */ 557 cp = (const u_char *)(np + 1); 558 while (qdcount--) { 559 if (qdcount < EXTRACT_16BITS(&np->qdcount) - 1) 560 putchar(','); 561 if (vflag > 1) { 562 fputs(" q:", stdout); 563 if ((cp = ns_qprint(cp, bp, is_mdns)) == NULL) 564 goto trunc; 565 } else { 566 if ((cp = ns_nskip(cp)) == NULL) 567 goto trunc; 568 cp += 4; /* skip QTYPE and QCLASS */ 569 } 570 } 571 printf(" %d/%d/%d", ancount, nscount, arcount); 572 if (ancount--) { 573 if ((cp = ns_rprint(cp, bp, is_mdns)) == NULL) 574 goto trunc; 575 while (cp < snapend && ancount--) { 576 putchar(','); 577 if ((cp = ns_rprint(cp, bp, is_mdns)) == NULL) 578 goto trunc; 579 } 580 } 581 if (ancount > 0) 582 goto trunc; 583 /* Print NS and AR sections on -vv */ 584 if (vflag > 1) { 585 if (cp < snapend && nscount--) { 586 fputs(" ns:", stdout); 587 if ((cp = ns_rprint(cp, bp, is_mdns)) == NULL) 588 goto trunc; 589 while (cp < snapend && nscount--) { 590 putchar(','); 591 if ((cp = ns_rprint(cp, bp, is_mdns)) == NULL) 592 goto trunc; 593 } 594 } 595 if (nscount > 0) 596 goto trunc; 597 if (cp < snapend && arcount--) { 598 fputs(" ar:", stdout); 599 if ((cp = ns_rprint(cp, bp, is_mdns)) == NULL) 600 goto trunc; 601 while (cp < snapend && arcount--) { 602 putchar(','); 603 if ((cp = ns_rprint(cp, bp, is_mdns)) == NULL) 604 goto trunc; 605 } 606 } 607 if (arcount > 0) 608 goto trunc; 609 } 610 } 611 else { 612 /* this is a request */ 613 printf(" %d%s%s%s", EXTRACT_16BITS(&np->id), ns_ops[DNS_OPCODE(np)], 614 DNS_RD(np) ? "+" : "", 615 DNS_CD(np) ? "%" : ""); 616 617 /* any weirdness? */ 618 b2 = EXTRACT_16BITS(((u_short *)np)+1); 619 if (b2 & 0x6cf) 620 printf(" [b2&3=0x%x]", b2); 621 622 if (DNS_OPCODE(np) == IQUERY) { 623 if (qdcount) 624 printf(" [%dq]", qdcount); 625 if (ancount != 1) 626 printf(" [%da]", ancount); 627 } 628 else { 629 if (ancount) 630 printf(" [%da]", ancount); 631 if (qdcount != 1) 632 printf(" [%dq]", qdcount); 633 } 634 if (nscount) 635 printf(" [%dn]", nscount); 636 if (arcount) 637 printf(" [%dau]", arcount); 638 639 cp = (const u_char *)(np + 1); 640 if (qdcount--) { 641 cp = ns_qprint(cp, (const u_char *)np, is_mdns); 642 if (!cp) 643 goto trunc; 644 while (cp < snapend && qdcount--) { 645 cp = ns_qprint((const u_char *)cp, 646 (const u_char *)np, 647 is_mdns); 648 if (!cp) 649 goto trunc; 650 } 651 } 652 if (qdcount > 0) 653 goto trunc; 654 655 /* Print remaining sections on -vv */ 656 if (vflag > 1) { 657 if (ancount--) { 658 if ((cp = ns_rprint(cp, bp, is_mdns)) == NULL) 659 goto trunc; 660 while (cp < snapend && ancount--) { 661 putchar(','); 662 if ((cp = ns_rprint(cp, bp, is_mdns)) == NULL) 663 goto trunc; 664 } 665 } 666 if (ancount > 0) 667 goto trunc; 668 if (cp < snapend && nscount--) { 669 fputs(" ns:", stdout); 670 if ((cp = ns_rprint(cp, bp, is_mdns)) == NULL) 671 goto trunc; 672 while (nscount-- && cp < snapend) { 673 putchar(','); 674 if ((cp = ns_rprint(cp, bp, is_mdns)) == NULL) 675 goto trunc; 676 } 677 } 678 if (nscount > 0) 679 goto trunc; 680 if (cp < snapend && arcount--) { 681 fputs(" ar:", stdout); 682 if ((cp = ns_rprint(cp, bp, is_mdns)) == NULL) 683 goto trunc; 684 while (cp < snapend && arcount--) { 685 putchar(','); 686 if ((cp = ns_rprint(cp, bp, is_mdns)) == NULL) 687 goto trunc; 688 } 689 } 690 if (arcount > 0) 691 goto trunc; 692 } 693 } 694 printf(" (%d)", length); 695 return; 696 697 trunc: 698 printf("[|domain]"); 699 return; 700}
|