print-domain.c revision 127675
1/* 2 * Copyright (c) 1988, 1989, 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997 3 * The Regents of the University of California. All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that: (1) source code distributions 7 * retain the above copyright notice and this paragraph in its entirety, (2) 8 * distributions including binary code include the above copyright notice and 9 * this paragraph in its entirety in the documentation or other materials 10 * provided with the distribution, and (3) all advertising materials mentioning 11 * features or use of this software display the following acknowledgement: 12 * ``This product includes software developed by the University of California, 13 * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of 14 * the University nor the names of its contributors may be used to endorse 15 * or promote products derived from this software without specific prior 16 * written permission. 17 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED 18 * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF 19 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. 20 * 21 * $FreeBSD: head/contrib/tcpdump/print-domain.c 127675 2004-03-31 14:57:24Z bms $ 22 */ 23 24#ifndef lint 25static const char rcsid[] _U_ = 26 "@(#) $Header: /tcpdump/master/tcpdump/print-domain.c,v 1.86.2.3 2004/03/28 20:54:00 fenner Exp $ (LBL)"; 27#endif 28 29#ifdef HAVE_CONFIG_H 30#include "config.h" 31#endif 32 33#include <tcpdump-stdinc.h> 34 35#include "nameser.h" 36 37#include <stdio.h> 38#include <string.h> 39 40#include "interface.h" 41#include "addrtoname.h" 42#include "extract.h" /* must come after interface.h */ 43 44static const char *ns_ops[] = { 45 "", " inv_q", " stat", " op3", " notify", " update", " op6", " op7", 46 " op8", " updataA", " updateD", " updateDA", 47 " updateM", " updateMA", " zoneInit", " zoneRef", 48}; 49 50static const char *ns_resp[] = { 51 "", " FormErr", " ServFail", " NXDomain", 52 " NotImp", " Refused", " YXDomain", " YXRRSet", 53 " NXRRSet", " NotAuth", " NotZone", " Resp11", 54 " Resp12", " Resp13", " Resp14", " NoChange", 55}; 56 57/* skip over a domain name */ 58static const u_char * 59ns_nskip(register const u_char *cp) 60{ 61 register u_char i; 62 63 if (!TTEST2(*cp, 1)) 64 return (NULL); 65 i = *cp++; 66 while (i) { 67 if ((i & INDIR_MASK) == INDIR_MASK) 68 return (cp + 1); 69 if ((i & INDIR_MASK) == EDNS0_MASK) { 70 int bitlen, bytelen; 71 72 if ((i & ~INDIR_MASK) != EDNS0_ELT_BITLABEL) 73 return(NULL); /* unknown ELT */ 74 if (!TTEST2(*cp, 1)) 75 return (NULL); 76 if ((bitlen = *cp++) == 0) 77 bitlen = 256; 78 bytelen = (bitlen + 7) / 8; 79 cp += bytelen; 80 } else 81 cp += i; 82 if (!TTEST2(*cp, 1)) 83 return (NULL); 84 i = *cp++; 85 } 86 return (cp); 87} 88 89/* print a <domain-name> */ 90static const u_char * 91blabel_print(const u_char *cp) 92{ 93 int bitlen, slen, b; 94 const u_char *bitp, *lim; 95 char tc; 96 97 if (!TTEST2(*cp, 1)) 98 return(NULL); 99 if ((bitlen = *cp) == 0) 100 bitlen = 256; 101 slen = (bitlen + 3) / 4; 102 lim = cp + 1 + slen; 103 104 /* print the bit string as a hex string */ 105 printf("\\[x"); 106 for (bitp = cp + 1, b = bitlen; bitp < lim && b > 7; b -= 8, bitp++) { 107 TCHECK(*bitp); 108 printf("%02x", *bitp); 109 } 110 if (b > 4) { 111 TCHECK(*bitp); 112 tc = *bitp++; 113 printf("%02x", tc & (0xff << (8 - b))); 114 } else if (b > 0) { 115 TCHECK(*bitp); 116 tc = *bitp++; 117 printf("%1x", ((tc >> 4) & 0x0f) & (0x0f << (4 - b))); 118 } 119 printf("/%d]", bitlen); 120 return lim; 121trunc: 122 printf(".../%d]", bitlen); 123 return NULL; 124} 125 126static int 127labellen(const u_char *cp) 128{ 129 register u_int i; 130 131 if (!TTEST2(*cp, 1)) 132 return(-1); 133 i = *cp; 134 if ((i & INDIR_MASK) == EDNS0_MASK) { 135 int bitlen, elt; 136 137 if ((elt = (i & ~INDIR_MASK)) != EDNS0_ELT_BITLABEL) 138 return(-1); 139 if (!TTEST2(*(cp + 1), 1)) 140 return(-1); 141 if ((bitlen = *(cp + 1)) == 0) 142 bitlen = 256; 143 return(((bitlen + 7) / 8) + 1); 144 } else 145 return(i); 146} 147 148static const u_char * 149ns_nprint(register const u_char *cp, register const u_char *bp) 150{ 151 register u_int i, l; 152 register const u_char *rp = NULL; 153 register int compress = 0; 154 int chars_processed; 155 int elt; 156 int data_size = snapend - bp; 157 158 if ((l = labellen(cp)) == (u_int)-1) 159 return(NULL); 160 if (!TTEST2(*cp, 1)) 161 return(NULL); 162 chars_processed = 1; 163 if (((i = *cp++) & INDIR_MASK) != INDIR_MASK) { 164 compress = 0; 165 rp = cp + l; 166 } 167 168 if (i != 0) 169 while (i && cp < snapend) { 170 if ((i & INDIR_MASK) == INDIR_MASK) { 171 if (!compress) { 172 rp = cp + 1; 173 compress = 1; 174 } 175 if (!TTEST2(*cp, 1)) 176 return(NULL); 177 cp = bp + (((i << 8) | *cp) & 0x3fff); 178 if ((l = labellen(cp)) == (u_int)-1) 179 return(NULL); 180 if (!TTEST2(*cp, 1)) 181 return(NULL); 182 i = *cp++; 183 chars_processed++; 184 185 /* 186 * If we've looked at every character in 187 * the message, this pointer will make 188 * us look at some character again, 189 * which means we're looping. 190 */ 191 if (chars_processed >= data_size) { 192 printf("<LOOP>"); 193 return (NULL); 194 } 195 continue; 196 } 197 if ((i & INDIR_MASK) == EDNS0_MASK) { 198 elt = (i & ~INDIR_MASK); 199 switch(elt) { 200 case EDNS0_ELT_BITLABEL: 201 if (blabel_print(cp) == NULL) 202 return (NULL); 203 break; 204 default: 205 /* unknown ELT */ 206 printf("<ELT %d>", elt); 207 return(NULL); 208 } 209 } else { 210 if (fn_printn(cp, l, snapend)) 211 return(NULL); 212 } 213 214 cp += l; 215 chars_processed += l; 216 putchar('.'); 217 if ((l = labellen(cp)) == (u_int)-1) 218 return(NULL); 219 if (!TTEST2(*cp, 1)) 220 return(NULL); 221 i = *cp++; 222 chars_processed++; 223 if (!compress) 224 rp += l + 1; 225 } 226 else 227 putchar('.'); 228 return (rp); 229} 230 231/* print a <character-string> */ 232static const u_char * 233ns_cprint(register const u_char *cp) 234{ 235 register u_int i; 236 237 if (!TTEST2(*cp, 1)) 238 return (NULL); 239 i = *cp++; 240 if (fn_printn(cp, i, snapend)) 241 return (NULL); 242 return (cp + i); 243} 244 245/* http://www.iana.org/assignments/dns-parameters */ 246struct tok ns_type2str[] = { 247 { T_A, "A" }, /* RFC 1035 */ 248 { T_NS, "NS" }, /* RFC 1035 */ 249 { T_MD, "MD" }, /* RFC 1035 */ 250 { T_MF, "MF" }, /* RFC 1035 */ 251 { T_CNAME, "CNAME" }, /* RFC 1035 */ 252 { T_SOA, "SOA" }, /* RFC 1035 */ 253 { T_MB, "MB" }, /* RFC 1035 */ 254 { T_MG, "MG" }, /* RFC 1035 */ 255 { T_MR, "MR" }, /* RFC 1035 */ 256 { T_NULL, "NULL" }, /* RFC 1035 */ 257 { T_WKS, "WKS" }, /* RFC 1035 */ 258 { T_PTR, "PTR" }, /* RFC 1035 */ 259 { T_HINFO, "HINFO" }, /* RFC 1035 */ 260 { T_MINFO, "MINFO" }, /* RFC 1035 */ 261 { T_MX, "MX" }, /* RFC 1035 */ 262 { T_TXT, "TXT" }, /* RFC 1035 */ 263 { T_RP, "RP" }, /* RFC 1183 */ 264 { T_AFSDB, "AFSDB" }, /* RFC 1183 */ 265 { T_X25, "X25" }, /* RFC 1183 */ 266 { T_ISDN, "ISDN" }, /* RFC 1183 */ 267 { T_RT, "RT" }, /* RFC 1183 */ 268 { T_NSAP, "NSAP" }, /* RFC 1706 */ 269 { T_NSAP_PTR, "NSAP_PTR" }, 270 { T_SIG, "SIG" }, /* RFC 2535 */ 271 { T_KEY, "KEY" }, /* RFC 2535 */ 272 { T_PX, "PX" }, /* RFC 2163 */ 273 { T_GPOS, "GPOS" }, /* RFC 1712 */ 274 { T_AAAA, "AAAA" }, /* RFC 1886 */ 275 { T_LOC, "LOC" }, /* RFC 1876 */ 276 { T_NXT, "NXT" }, /* RFC 2535 */ 277 { T_EID, "EID" }, /* Nimrod */ 278 { T_NIMLOC, "NIMLOC" }, /* Nimrod */ 279 { T_SRV, "SRV" }, /* RFC 2782 */ 280 { T_ATMA, "ATMA" }, /* ATM Forum */ 281 { T_NAPTR, "NAPTR" }, /* RFC 2168, RFC 2915 */ 282 { T_A6, "A6" }, /* RFC 2874 */ 283 { T_DNAME, "DNAME" }, /* RFC 2672 */ 284 { T_OPT, "OPT" }, /* RFC 2671 */ 285 { T_UINFO, "UINFO" }, 286 { T_UID, "UID" }, 287 { T_GID, "GID" }, 288 { T_UNSPEC, "UNSPEC" }, 289 { T_UNSPECA, "UNSPECA" }, 290 { T_TKEY, "TKEY" }, /* RFC 2930 */ 291 { T_TSIG, "TSIG" }, /* RFC 2845 */ 292 { T_IXFR, "IXFR" }, /* RFC 1995 */ 293 { T_AXFR, "AXFR" }, /* RFC 1035 */ 294 { T_MAILB, "MAILB" }, /* RFC 1035 */ 295 { T_MAILA, "MAILA" }, /* RFC 1035 */ 296 { T_ANY, "ANY" }, 297 { 0, NULL } 298}; 299 300struct tok ns_class2str[] = { 301 { C_IN, "IN" }, /* Not used */ 302 { C_CHAOS, "CHAOS" }, 303 { C_HS, "HS" }, 304 { C_ANY, "ANY" }, 305 { 0, NULL } 306}; 307 308/* print a query */ 309static const u_char * 310ns_qprint(register const u_char *cp, register const u_char *bp, int is_mdns) 311{ 312 register const u_char *np = cp; 313 register u_int i; 314 315 cp = ns_nskip(cp); 316 317 if (cp == NULL || !TTEST2(*cp, 4)) 318 return(NULL); 319 320 /* print the qtype and qclass (if it's not IN) */ 321 i = EXTRACT_16BITS(cp); 322 cp += 2; 323 printf(" %s", tok2str(ns_type2str, "Type%d", i)); 324 i = EXTRACT_16BITS(cp); 325 cp += 2; 326 if (is_mdns && i == (C_IN|C_CACHE_FLUSH)) 327 printf(" (Cache flush)"); 328 else if (i != C_IN) 329 printf(" %s", tok2str(ns_class2str, "(Class %d)", i)); 330 331 fputs("? ", stdout); 332 cp = ns_nprint(np, bp); 333 return(cp ? cp + 4 : NULL); 334} 335 336/* print a reply */ 337static const u_char * 338ns_rprint(register const u_char *cp, register const u_char *bp, int is_mdns) 339{ 340 register u_int class; 341 register u_short typ, len; 342 register const u_char *rp; 343 344 if (vflag) { 345 putchar(' '); 346 if ((cp = ns_nprint(cp, bp)) == NULL) 347 return NULL; 348 } else 349 cp = ns_nskip(cp); 350 351 if (cp == NULL || !TTEST2(*cp, 10)) 352 return (snapend); 353 354 /* print the type/qtype and class (if it's not IN) */ 355 typ = EXTRACT_16BITS(cp); 356 cp += 2; 357 class = EXTRACT_16BITS(cp); 358 cp += 2; 359 if (is_mdns && class == (C_IN|C_CACHE_FLUSH)) 360 printf(" (Cache flush)"); 361 else if (class != C_IN && typ != T_OPT) 362 printf(" %s", tok2str(ns_class2str, "(Class %d)", class)); 363 364 /* ignore ttl */ 365 cp += 4; 366 367 len = EXTRACT_16BITS(cp); 368 cp += 2; 369 370 rp = cp + len; 371 372 printf(" %s", tok2str(ns_type2str, "Type%d", typ)); 373 if (rp > snapend) 374 return(NULL); 375 376 switch (typ) { 377 case T_A: 378 if (!TTEST2(*cp, sizeof(struct in_addr))) 379 return(NULL); 380 printf(" %s", ipaddr_string(cp)); 381 break; 382 383 case T_NS: 384 case T_CNAME: 385 case T_PTR: 386#ifdef T_DNAME 387 case T_DNAME: 388#endif 389 putchar(' '); 390 if (ns_nprint(cp, bp) == NULL) 391 return(NULL); 392 break; 393 394 case T_SOA: 395 if (!vflag) 396 break; 397 putchar(' '); 398 if ((cp = ns_nprint(cp, bp)) == NULL) 399 return(NULL); 400 putchar(' '); 401 if ((cp = ns_nprint(cp, bp)) == NULL) 402 return(NULL); 403 if (!TTEST2(*cp, 5 * 4)) 404 return(NULL); 405 printf(" %u", EXTRACT_32BITS(cp)); 406 cp += 4; 407 printf(" %u", EXTRACT_32BITS(cp)); 408 cp += 4; 409 printf(" %u", EXTRACT_32BITS(cp)); 410 cp += 4; 411 printf(" %u", EXTRACT_32BITS(cp)); 412 cp += 4; 413 printf(" %u", EXTRACT_32BITS(cp)); 414 cp += 4; 415 break; 416 case T_MX: 417 putchar(' '); 418 if (!TTEST2(*cp, 2)) 419 return(NULL); 420 if (ns_nprint(cp + 2, bp) == NULL) 421 return(NULL); 422 printf(" %d", EXTRACT_16BITS(cp)); 423 break; 424 425 case T_TXT: 426 while (cp < rp) { 427 printf(" \""); 428 cp = ns_cprint(cp); 429 if (cp == NULL) 430 return(NULL); 431 putchar('"'); 432 } 433 break; 434 435 case T_SRV: 436 putchar(' '); 437 if (!TTEST2(*cp, 6)) 438 return(NULL); 439 if (ns_nprint(cp + 6, bp) == NULL) 440 return(NULL); 441 printf(":%d %d %d", EXTRACT_16BITS(cp + 4), 442 EXTRACT_16BITS(cp), EXTRACT_16BITS(cp + 2)); 443 break; 444 445#ifdef INET6 446 case T_AAAA: 447 if (!TTEST2(*cp, sizeof(struct in6_addr))) 448 return(NULL); 449 printf(" %s", ip6addr_string(cp)); 450 break; 451 452 case T_A6: 453 { 454 struct in6_addr a; 455 int pbit, pbyte; 456 457 if (!TTEST2(*cp, 1)) 458 return(NULL); 459 pbit = *cp; 460 pbyte = (pbit & ~7) / 8; 461 if (pbit > 128) { 462 printf(" %u(bad plen)", pbit); 463 break; 464 } else if (pbit < 128) { 465 if (!TTEST2(*(cp + 1), sizeof(a) - pbyte)) 466 return(NULL); 467 memset(&a, 0, sizeof(a)); 468 memcpy(&a.s6_addr[pbyte], cp + 1, sizeof(a) - pbyte); 469 printf(" %u %s", pbit, ip6addr_string(&a)); 470 } 471 if (pbit > 0) { 472 putchar(' '); 473 if (ns_nprint(cp + 1 + sizeof(a) - pbyte, bp) == NULL) 474 return(NULL); 475 } 476 break; 477 } 478#endif /*INET6*/ 479 480 case T_OPT: 481 printf(" UDPsize=%u", class); 482 break; 483 484 case T_UNSPECA: /* One long string */ 485 if (!TTEST2(*cp, len)) 486 return(NULL); 487 if (fn_printn(cp, len, snapend)) 488 return(NULL); 489 break; 490 491 case T_TSIG: 492 { 493 if (cp + len > snapend) 494 return(NULL); 495 if (!vflag) 496 break; 497 putchar(' '); 498 if ((cp = ns_nprint(cp, bp)) == NULL) 499 return(NULL); 500 cp += 6; 501 if (!TTEST2(*cp, 2)) 502 return(NULL); 503 printf(" fudge=%u", EXTRACT_16BITS(cp)); 504 cp += 2; 505 if (!TTEST2(*cp, 2)) 506 return(NULL); 507 printf(" maclen=%u", EXTRACT_16BITS(cp)); 508 cp += 2 + EXTRACT_16BITS(cp); 509 if (!TTEST2(*cp, 2)) 510 return(NULL); 511 printf(" origid=%u", EXTRACT_16BITS(cp)); 512 cp += 2; 513 if (!TTEST2(*cp, 2)) 514 return(NULL); 515 printf(" error=%u", EXTRACT_16BITS(cp)); 516 cp += 2; 517 if (!TTEST2(*cp, 2)) 518 return(NULL); 519 printf(" otherlen=%u", EXTRACT_16BITS(cp)); 520 cp += 2; 521 } 522 } 523 return (rp); /* XXX This isn't always right */ 524} 525 526void 527ns_print(register const u_char *bp, u_int length, int is_mdns) 528{ 529 register const HEADER *np; 530 register int qdcount, ancount, nscount, arcount; 531 register const u_char *cp; 532 u_int16_t b2; 533 534 np = (const HEADER *)bp; 535 TCHECK(*np); 536 /* get the byte-order right */ 537 qdcount = EXTRACT_16BITS(&np->qdcount); 538 ancount = EXTRACT_16BITS(&np->ancount); 539 nscount = EXTRACT_16BITS(&np->nscount); 540 arcount = EXTRACT_16BITS(&np->arcount); 541 542 if (DNS_QR(np)) { 543 /* this is a response */ 544 printf(" %d%s%s%s%s%s%s", 545 EXTRACT_16BITS(&np->id), 546 ns_ops[DNS_OPCODE(np)], 547 ns_resp[DNS_RCODE(np)], 548 DNS_AA(np)? "*" : "", 549 DNS_RA(np)? "" : "-", 550 DNS_TC(np)? "|" : "", 551 DNS_AD(np)? "$" : ""); 552 553 if (qdcount != 1) 554 printf(" [%dq]", qdcount); 555 /* Print QUESTION section on -vv */ 556 cp = (const u_char *)(np + 1); 557 while (qdcount--) { 558 if (qdcount < EXTRACT_16BITS(&np->qdcount) - 1) 559 putchar(','); 560 if (vflag > 1) { 561 fputs(" q:", stdout); 562 if ((cp = ns_qprint(cp, bp, is_mdns)) == NULL) 563 goto trunc; 564 } else { 565 if ((cp = ns_nskip(cp)) == NULL) 566 goto trunc; 567 cp += 4; /* skip QTYPE and QCLASS */ 568 } 569 } 570 printf(" %d/%d/%d", ancount, nscount, arcount); 571 if (ancount--) { 572 if ((cp = ns_rprint(cp, bp, is_mdns)) == NULL) 573 goto trunc; 574 while (cp < snapend && ancount--) { 575 putchar(','); 576 if ((cp = ns_rprint(cp, bp, is_mdns)) == NULL) 577 goto trunc; 578 } 579 } 580 if (ancount > 0) 581 goto trunc; 582 /* Print NS and AR sections on -vv */ 583 if (vflag > 1) { 584 if (cp < snapend && nscount--) { 585 fputs(" ns:", stdout); 586 if ((cp = ns_rprint(cp, bp, is_mdns)) == NULL) 587 goto trunc; 588 while (cp < snapend && nscount--) { 589 putchar(','); 590 if ((cp = ns_rprint(cp, bp, is_mdns)) == NULL) 591 goto trunc; 592 } 593 } 594 if (nscount > 0) 595 goto trunc; 596 if (cp < snapend && arcount--) { 597 fputs(" ar:", stdout); 598 if ((cp = ns_rprint(cp, bp, is_mdns)) == NULL) 599 goto trunc; 600 while (cp < snapend && arcount--) { 601 putchar(','); 602 if ((cp = ns_rprint(cp, bp, is_mdns)) == NULL) 603 goto trunc; 604 } 605 } 606 if (arcount > 0) 607 goto trunc; 608 } 609 } 610 else { 611 /* this is a request */ 612 printf(" %d%s%s%s", EXTRACT_16BITS(&np->id), ns_ops[DNS_OPCODE(np)], 613 DNS_RD(np) ? "+" : "", 614 DNS_CD(np) ? "%" : ""); 615 616 /* any weirdness? */ 617 b2 = EXTRACT_16BITS(((u_short *)np)+1); 618 if (b2 & 0x6cf) 619 printf(" [b2&3=0x%x]", b2); 620 621 if (DNS_OPCODE(np) == IQUERY) { 622 if (qdcount) 623 printf(" [%dq]", qdcount); 624 if (ancount != 1) 625 printf(" [%da]", ancount); 626 } 627 else { 628 if (ancount) 629 printf(" [%da]", ancount); 630 if (qdcount != 1) 631 printf(" [%dq]", qdcount); 632 } 633 if (nscount) 634 printf(" [%dn]", nscount); 635 if (arcount) 636 printf(" [%dau]", arcount); 637 638 cp = (const u_char *)(np + 1); 639 if (qdcount--) { 640 cp = ns_qprint(cp, (const u_char *)np, is_mdns); 641 if (!cp) 642 goto trunc; 643 while (cp < snapend && qdcount--) { 644 cp = ns_qprint((const u_char *)cp, 645 (const u_char *)np, 646 is_mdns); 647 if (!cp) 648 goto trunc; 649 } 650 } 651 if (qdcount > 0) 652 goto trunc; 653 654 /* Print remaining sections on -vv */ 655 if (vflag > 1) { 656 if (ancount--) { 657 if ((cp = ns_rprint(cp, bp, is_mdns)) == NULL) 658 goto trunc; 659 while (cp < snapend && ancount--) { 660 putchar(','); 661 if ((cp = ns_rprint(cp, bp, is_mdns)) == NULL) 662 goto trunc; 663 } 664 } 665 if (ancount > 0) 666 goto trunc; 667 if (cp < snapend && nscount--) { 668 fputs(" ns:", stdout); 669 if ((cp = ns_rprint(cp, bp, is_mdns)) == NULL) 670 goto trunc; 671 while (nscount-- && cp < snapend) { 672 putchar(','); 673 if ((cp = ns_rprint(cp, bp, is_mdns)) == NULL) 674 goto trunc; 675 } 676 } 677 if (nscount > 0) 678 goto trunc; 679 if (cp < snapend && arcount--) { 680 fputs(" ar:", stdout); 681 if ((cp = ns_rprint(cp, bp, is_mdns)) == NULL) 682 goto trunc; 683 while (cp < snapend && arcount--) { 684 putchar(','); 685 if ((cp = ns_rprint(cp, bp, is_mdns)) == NULL) 686 goto trunc; 687 } 688 } 689 if (arcount > 0) 690 goto trunc; 691 } 692 } 693 printf(" (%d)", length); 694 return; 695 696 trunc: 697 printf("[|domain]"); 698 return; 699} 700