1 /* 2 * Copyright (c) 1988, 1989, 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997 3 * The Regents of the University of California. All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that: (1) source code distributions 7 * retain the above copyright notice and this paragraph in its entirety, (2) 8 * distributions including binary code include the above copyright notice and 9 * this paragraph in its entirety in the documentation or other materials 10 * provided with the distribution, and (3) all advertising materials mentioning 11 * features or use of this software display the following acknowledgement: 12 * ``This product includes software developed by the University of California, 13 * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of 14 * the University nor the names of its contributors may be used to endorse 15 * or promote products derived from this software without specific prior 16 * written permission. 17 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED 18 * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF 19 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. 20 * 21 * $FreeBSD$ 22 */ 23 24 #ifndef lint 25 static const char rcsid[] = 26 "@(#) $Header: /tcpdump/master/tcpdump/print-domain.c,v 1.78 2001/10/19 09:00:48 guy Exp $ (LBL)"; 27 #endif 28 29 #ifdef HAVE_CONFIG_H 30 #include "config.h" 31 #endif 32 33 #include <sys/param.h> 34 #include <sys/time.h> 35 36 #include <netinet/in.h> 37 38 #include "nameser.h" 39 40 #include <stdio.h> 41 #include <string.h> 42 43 #include "interface.h" 44 #include "addrtoname.h" 45 #include "extract.h" /* must come after interface.h */ 46 47 static const char *ns_ops[] = { 48 "", " inv_q", " stat", " op3", " notify", " update", " op6", " op7", 49 " op8", " updataA", " updateD", " updateDA", 50 " updateM", " updateMA", " zoneInit", " zoneRef", 51 }; 52 53 static const char *ns_resp[] = { 54 "", " FormErr", " ServFail", " NXDomain", 55 " NotImp", " Refused", " YXDomain", " YXRRSet", 56 " NXRRSet", " NotAuth", " NotZone", " Resp11", 57 " Resp12", " Resp13", " Resp14", " NoChange", 58 }; 59 60 /* skip over a domain name */ 61 static const u_char * 62 ns_nskip(register const u_char *cp, register const u_char *bp) 63 { 64 register u_char i; 65 66 if (!TTEST2(*cp, 1)) 67 return (NULL); 68 if (((i = *cp++) & INDIR_MASK) == INDIR_MASK) 69 return (cp + 1); 70 while (i) { 71 if ((i & INDIR_MASK) == EDNS0_MASK) { 72 int bitlen, bytelen; 73 74 if ((i & ~INDIR_MASK) != EDNS0_ELT_BITLABEL) 75 return(NULL); /* unknown ELT */ 76 if (!TTEST2(*cp, 1)) 77 return (NULL); 78 if ((bitlen = *cp++) == 0) 79 bitlen = 256; 80 bytelen = (bitlen + 7) / 8; 81 cp += bytelen; 82 } else 83 cp += i; 84 if (!TTEST2(*cp, 1)) 85 return (NULL); 86 i = *cp++; 87 } 88 return (cp); 89 } 90 91 /* print a <domain-name> */ 92 static const u_char * 93 blabel_print(const u_char *cp) 94 { 95 int bitlen, slen, b; 96 int truncated = 0; 97 const u_char *bitp, *lim; 98 char tc; 99 100 if (!TTEST2(*cp, 1)) 101 return(NULL); 102 if ((bitlen = *cp) == 0) 103 bitlen = 256; 104 slen = (bitlen + 3) / 4; 105 if ((lim = cp + 1 + slen) > snapend) { 106 truncated = 1; 107 lim = snapend; 108 } 109 110 /* print the bit string as a hex string */ 111 printf("\\[x"); 112 for (bitp = cp + 1, b = bitlen; bitp < lim && b > 7; b -= 8, bitp++) 113 printf("%02x", *bitp); 114 if (bitp == lim) 115 printf("..."); 116 else if (b > 4) { 117 tc = *bitp++; 118 printf("%02x", tc & (0xff << (8 - b))); 119 } else if (b > 0) { 120 tc = *bitp++; 121 printf("%1x", ((tc >> 4) & 0x0f) & (0x0f << (4 - b))); 122 } 123 printf("/%d]", bitlen); 124 125 return(truncated ? NULL : lim); 126 } 127 128 static int 129 labellen(const u_char *cp) 130 { 131 register u_int i; 132 133 if (!TTEST2(*cp, 1)) 134 return(-1); 135 i = *cp; 136 if ((i & INDIR_MASK) == EDNS0_MASK) { 137 int bitlen, elt; 138 139 if ((elt = (i & ~INDIR_MASK)) != EDNS0_ELT_BITLABEL) 140 return(-1); 141 if (!TTEST2(*(cp + 1), 1)) 142 return(-1); 143 if ((bitlen = *(cp + 1)) == 0) 144 bitlen = 256; 145 return(((bitlen + 7) / 8) + 1); 146 } else 147 return(i); 148 } 149 150 static const u_char * 151 ns_nprint(register const u_char *cp, register const u_char *bp) 152 { 153 register u_int i, l; 154 register const u_char *rp = NULL; 155 register int compress = 0; 156 int chars_processed; 157 int elt; 158 int data_size = snapend - bp; 159 160 if ((l = labellen(cp)) < 0) 161 return(NULL); 162 if (!TTEST2(*cp, 1)) 163 return(NULL); 164 chars_processed = 1; 165 if (((i = *cp++) & INDIR_MASK) != INDIR_MASK) { 166 compress = 0; 167 rp = cp + l; 168 } 169 170 if (i != 0) 171 while (i && cp < snapend) { 172 if ((i & INDIR_MASK) == INDIR_MASK) { 173 if (!compress) { 174 rp = cp + 1; 175 compress = 1; 176 } 177 if (!TTEST2(*cp, 1)) 178 return(NULL); 179 cp = bp + (((i << 8) | *cp) & 0x3fff); 180 if ((l = labellen(cp)) < 0) 181 return(NULL); 182 if (!TTEST2(*cp, 1)) 183 return(NULL); 184 i = *cp++; 185 chars_processed++; 186 187 /* 188 * If we've looked at every character in 189 * the message, this pointer will make 190 * us look at some character again, 191 * which means we're looping. 192 */ 193 if (chars_processed >= data_size) { 194 printf("<LOOP>"); 195 return (NULL); 196 } 197 continue; 198 } 199 if ((i & INDIR_MASK) == EDNS0_MASK) { 200 elt = (i & ~INDIR_MASK); 201 switch(elt) { 202 case EDNS0_ELT_BITLABEL: 203 if (blabel_print(cp) == NULL) 204 return (NULL); 205 break; 206 default: 207 /* unknown ELT */ 208 printf("<ELT %d>", elt); 209 return(NULL); 210 } 211 } else { 212 if (fn_printn(cp, l, snapend)) 213 return(NULL); 214 } 215 216 cp += l; 217 chars_processed += l; 218 putchar('.'); 219 if ((l = labellen(cp)) < 0) 220 return(NULL); 221 if (!TTEST2(*cp, 1)) 222 return(NULL); 223 i = *cp++; 224 chars_processed++; 225 if (!compress) 226 rp += l + 1; 227 } 228 else 229 putchar('.'); 230 return (rp); 231 } 232 233 /* print a <character-string> */ 234 static const u_char * 235 ns_cprint(register const u_char *cp, register const u_char *bp) 236 { 237 register u_int i; 238 239 if (!TTEST2(*cp, 1)) 240 return (NULL); 241 i = *cp++; 242 if (fn_printn(cp, i, snapend)) 243 return (NULL); 244 return (cp + i); 245 } 246 247 struct tok ns_type2str[] = { 248 { T_A, "A" }, 249 { T_NS, "NS" }, 250 { T_MD, "MD" }, 251 { T_MF, "MF" }, 252 { T_CNAME, "CNAME" }, 253 { T_SOA, "SOA" }, 254 { T_MB, "MB" }, 255 { T_MG, "MG" }, 256 { T_MR, "MR" }, 257 { T_NULL, "NULL" }, 258 { T_WKS, "WKS" }, 259 { T_PTR, "PTR" }, 260 { T_HINFO, "HINFO" }, 261 { T_MINFO, "MINFO" }, 262 { T_MX, "MX" }, 263 { T_TXT, "TXT" }, 264 { T_RP, "RP" }, 265 { T_AFSDB, "AFSDB" }, 266 { T_X25, "X25" }, 267 { T_ISDN, "ISDN" }, 268 { T_RT, "RT" }, 269 { T_NSAP, "NSAP" }, 270 { T_NSAP_PTR, "NSAP_PTR" }, 271 { T_SIG, "SIG" }, 272 { T_KEY, "KEY" }, 273 { T_PX, "PX" }, 274 { T_GPOS, "GPOS" }, 275 { T_AAAA, "AAAA" }, 276 { T_LOC, "LOC" }, 277 { T_NXT, "NXT" }, 278 { T_EID, "EID" }, 279 { T_NIMLOC, "NIMLOC" }, 280 { T_SRV, "SRV" }, 281 { T_ATMA, "ATMA" }, 282 { T_NAPTR, "NAPTR" }, 283 { T_A6, "A6" }, 284 { T_DNAME, "DNAME" }, 285 { T_OPT, "OPT" }, 286 { T_UINFO, "UINFO" }, 287 { T_UID, "UID" }, 288 { T_GID, "GID" }, 289 { T_UNSPEC, "UNSPEC" }, 290 { T_UNSPECA, "UNSPECA" }, 291 { T_TKEY, "TKEY" }, 292 { T_TSIG, "TSIG" }, 293 { T_IXFR, "IXFR" }, 294 { T_AXFR, "AXFR" }, 295 { T_MAILB, "MAILB" }, 296 { T_MAILA, "MAILA" }, 297 { T_ANY, "ANY" }, 298 { 0, NULL } 299 }; 300 301 struct tok ns_class2str[] = { 302 { C_IN, "IN" }, /* Not used */ 303 { C_CHAOS, "CHAOS" }, 304 { C_HS, "HS" }, 305 { C_ANY, "ANY" }, 306 { 0, NULL } 307 }; 308 309 /* print a query */ 310 static const u_char * 311 ns_qprint(register const u_char *cp, register const u_char *bp) 312 { 313 register const u_char *np = cp; 314 register u_int i; 315 316 cp = ns_nskip(cp, bp); 317 318 if (cp == NULL || !TTEST2(*cp, 4)) 319 return(NULL); 320 321 /* print the qtype and qclass (if it's not IN) */ 322 i = *cp++ << 8; 323 i |= *cp++; 324 printf(" %s", tok2str(ns_type2str, "Type%d", i)); 325 i = *cp++ << 8; 326 i |= *cp++; 327 if (i != C_IN) 328 printf(" %s", tok2str(ns_class2str, "(Class %d)", i)); 329 330 fputs("? ", stdout); 331 cp = ns_nprint(np, bp); 332 return(cp ? cp + 4 : NULL); 333 } 334 335 /* print a reply */ 336 static const u_char * 337 ns_rprint(register const u_char *cp, register const u_char *bp) 338 { 339 register u_int class; 340 register u_short typ, len; 341 register const u_char *rp; 342 343 if (vflag) { 344 putchar(' '); 345 if ((cp = ns_nprint(cp, bp)) == NULL) 346 return NULL; 347 } else 348 cp = ns_nskip(cp, bp); 349 350 if (cp == NULL || !TTEST2(*cp, 10)) 351 return (snapend); 352 353 /* print the type/qtype and class (if it's not IN) */ 354 typ = *cp++ << 8; 355 typ |= *cp++; 356 class = *cp++ << 8; 357 class |= *cp++; 358 if (class != C_IN && typ != T_OPT) 359 printf(" %s", tok2str(ns_class2str, "(Class %d)", class)); 360 361 /* ignore ttl */ 362 cp += 4; 363 364 len = *cp++ << 8; 365 len |= *cp++; 366 367 rp = cp + len; 368 369 printf(" %s", tok2str(ns_type2str, "Type%d", typ)); 370 if (rp > snapend) 371 return(NULL); 372 373 switch (typ) { 374 case T_A: 375 if (!TTEST2(*cp, sizeof(struct in_addr))) 376 return(NULL); 377 printf(" %s", ipaddr_string(cp)); 378 break; 379 380 case T_NS: 381 case T_CNAME: 382 case T_PTR: 383 #ifdef T_DNAME 384 case T_DNAME: 385 #endif 386 putchar(' '); 387 if (ns_nprint(cp, bp) == NULL) 388 return(NULL); 389 break; 390 391 case T_SOA: 392 if (!vflag) 393 break; 394 putchar(' '); 395 if ((cp = ns_nprint(cp, bp)) == NULL) 396 return(NULL); 397 putchar(' '); 398 if ((cp = ns_nprint(cp, bp)) == NULL) 399 return(NULL); 400 if (!TTEST2(*cp, 5 * 4)) 401 return(NULL); 402 printf(" %u", EXTRACT_32BITS(cp)); 403 cp += 4; 404 printf(" %u", EXTRACT_32BITS(cp)); 405 cp += 4; 406 printf(" %u", EXTRACT_32BITS(cp)); 407 cp += 4; 408 printf(" %u", EXTRACT_32BITS(cp)); 409 cp += 4; 410 printf(" %u", EXTRACT_32BITS(cp)); 411 cp += 4; 412 break; 413 case T_MX: 414 putchar(' '); 415 if (!TTEST2(*cp, 2)) 416 return(NULL); 417 if (ns_nprint(cp + 2, bp) == NULL) 418 return(NULL); 419 printf(" %d", EXTRACT_16BITS(cp)); 420 break; 421 422 case T_TXT: 423 putchar(' '); 424 (void)ns_cprint(cp, bp); 425 break; 426 427 #ifdef INET6 428 case T_AAAA: 429 if (!TTEST2(*cp, sizeof(struct in6_addr))) 430 return(NULL); 431 printf(" %s", ip6addr_string(cp)); 432 break; 433 434 case T_A6: 435 { 436 struct in6_addr a; 437 int pbit, pbyte; 438 439 if (!TTEST2(*cp, 1)) 440 return(NULL); 441 pbit = *cp; 442 pbyte = (pbit & ~7) / 8; 443 if (pbit > 128) { 444 printf(" %u(bad plen)", pbit); 445 break; 446 } else if (pbit < 128) { 447 if (!TTEST2(*(cp + 1), sizeof(a) - pbyte)) 448 return(NULL); 449 memset(&a, 0, sizeof(a)); 450 memcpy(&a.s6_addr[pbyte], cp + 1, sizeof(a) - pbyte); 451 printf(" %u %s", pbit, ip6addr_string(&a)); 452 } 453 if (pbit > 0) { 454 putchar(' '); 455 if (ns_nprint(cp + 1 + sizeof(a) - pbyte, bp) == NULL) 456 return(NULL); 457 } 458 break; 459 } 460 #endif /*INET6*/ 461 462 case T_OPT: 463 printf(" UDPsize=%u", class); 464 break; 465 466 case T_UNSPECA: /* One long string */ 467 if (!TTEST2(*cp, len)) 468 return(NULL); 469 if (fn_printn(cp, len, snapend)) 470 return(NULL); 471 break; 472 473 case T_TSIG: 474 { 475 if (cp + len > snapend) 476 return(NULL); 477 if (!vflag) 478 break; 479 putchar(' '); 480 if ((cp = ns_nprint(cp, bp)) == NULL) 481 return(NULL); 482 cp += 6; 483 if (!TTEST2(*cp, 2)) 484 return(NULL); 485 printf(" fudge=%u", EXTRACT_16BITS(cp)); 486 cp += 2; 487 if (!TTEST2(*cp, 2)) 488 return(NULL); 489 printf(" maclen=%u", EXTRACT_16BITS(cp)); 490 cp += 2 + EXTRACT_16BITS(cp); 491 if (!TTEST2(*cp, 2)) 492 return(NULL); 493 printf(" origid=%u", EXTRACT_16BITS(cp)); 494 cp += 2; 495 if (!TTEST2(*cp, 2)) 496 return(NULL); 497 printf(" error=%u", EXTRACT_16BITS(cp)); 498 cp += 2; 499 if (!TTEST2(*cp, 2)) 500 return(NULL); 501 printf(" otherlen=%u", EXTRACT_16BITS(cp)); 502 cp += 2; 503 } 504 } 505 return (rp); /* XXX This isn't always right */ 506 } 507 508 void 509 ns_print(register const u_char *bp, u_int length) 510 { 511 register const HEADER *np; 512 register int qdcount, ancount, nscount, arcount; 513 register const u_char *cp; 514 515 np = (const HEADER *)bp; 516 TCHECK(*np); 517 /* get the byte-order right */ 518 qdcount = ntohs(np->qdcount); 519 ancount = ntohs(np->ancount); 520 nscount = ntohs(np->nscount); 521 arcount = ntohs(np->arcount); 522 523 if (DNS_QR(np)) { 524 /* this is a response */ 525 printf(" %d%s%s%s%s%s%s", 526 ntohs(np->id), 527 ns_ops[DNS_OPCODE(np)], 528 ns_resp[DNS_RCODE(np)], 529 DNS_AA(np)? "*" : "", 530 DNS_RA(np)? "" : "-", 531 DNS_TC(np)? "|" : "", 532 DNS_CD(np)? "%" : ""); 533 534 if (qdcount != 1) 535 printf(" [%dq]", qdcount); 536 /* Print QUESTION section on -vv */ 537 cp = (const u_char *)(np + 1); 538 while (qdcount--) { 539 if (qdcount < ntohs(np->qdcount) - 1) 540 putchar(','); 541 if (vflag > 1) { 542 fputs(" q:", stdout); 543 if ((cp = ns_qprint(cp, bp)) == NULL) 544 goto trunc; 545 } else { 546 if ((cp = ns_nskip(cp, bp)) == NULL) 547 goto trunc; 548 cp += 4; /* skip QTYPE and QCLASS */ 549 } 550 } 551 printf(" %d/%d/%d", ancount, nscount, arcount); 552 if (ancount--) { 553 if ((cp = ns_rprint(cp, bp)) == NULL) 554 goto trunc; 555 while (cp < snapend && ancount--) { 556 putchar(','); 557 if ((cp = ns_rprint(cp, bp)) == NULL) 558 goto trunc; 559 } 560 } 561 if (ancount > 0) 562 goto trunc; 563 /* Print NS and AR sections on -vv */ 564 if (vflag > 1) { 565 if (cp < snapend && nscount--) { 566 fputs(" ns:", stdout); 567 if ((cp = ns_rprint(cp, bp)) == NULL) 568 goto trunc; 569 while (cp < snapend && nscount--) { 570 putchar(','); 571 if ((cp = ns_rprint(cp, bp)) == NULL) 572 goto trunc; 573 } 574 } 575 if (nscount > 0) 576 goto trunc; 577 if (cp < snapend && arcount--) { 578 fputs(" ar:", stdout); 579 if ((cp = ns_rprint(cp, bp)) == NULL) 580 goto trunc; 581 while (cp < snapend && arcount--) { 582 putchar(','); 583 if ((cp = ns_rprint(cp, bp)) == NULL) 584 goto trunc; 585 } 586 } 587 if (arcount > 0) 588 goto trunc; 589 } 590 } 591 else { 592 /* this is a request */ 593 printf(" %d%s%s%s", ntohs(np->id), ns_ops[DNS_OPCODE(np)], 594 DNS_RD(np) ? "+" : "", 595 DNS_AD(np) ? "$" : ""); 596 597 /* any weirdness? */ 598 if (*(((u_short *)np)+1) & htons(0x6cf)) 599 printf(" [b2&3=0x%x]", ntohs(*(((u_short *)np)+1))); 600 601 if (DNS_OPCODE(np) == IQUERY) { 602 if (qdcount) 603 printf(" [%dq]", qdcount); 604 if (ancount != 1) 605 printf(" [%da]", ancount); 606 } 607 else { 608 if (ancount) 609 printf(" [%da]", ancount); 610 if (qdcount != 1) 611 printf(" [%dq]", qdcount); 612 } 613 if (nscount) 614 printf(" [%dn]", nscount); 615 if (arcount) 616 printf(" [%dau]", arcount); 617 618 cp = (const u_char *)(np + 1); 619 if (qdcount--) { 620 cp = ns_qprint(cp, (const u_char *)np); 621 if (!cp) 622 goto trunc; 623 while (cp < snapend && qdcount--) { 624 cp = ns_qprint((const u_char *)cp, 625 (const u_char *)np); 626 if (!cp) 627 goto trunc; 628 } 629 } 630 if (qdcount > 0) 631 goto trunc; 632 633 /* Print remaining sections on -vv */ 634 if (vflag > 1) { 635 if (ancount--) { 636 if ((cp = ns_rprint(cp, bp)) == NULL) 637 goto trunc; 638 while (cp < snapend && ancount--) { 639 putchar(','); 640 if ((cp = ns_rprint(cp, bp)) == NULL) 641 goto trunc; 642 } 643 } 644 if (ancount > 0) 645 goto trunc; 646 if (cp < snapend && nscount--) { 647 fputs(" ns:", stdout); 648 if ((cp = ns_rprint(cp, bp)) == NULL) 649 goto trunc; 650 while (nscount-- && cp < snapend) { 651 putchar(','); 652 if ((cp = ns_rprint(cp, bp)) == NULL) 653 goto trunc; 654 } 655 } 656 if (nscount > 0) 657 goto trunc; 658 if (cp < snapend && arcount--) { 659 fputs(" ar:", stdout); 660 if ((cp = ns_rprint(cp, bp)) == NULL) 661 goto trunc; 662 while (cp < snapend && arcount--) { 663 putchar(','); 664 if ((cp = ns_rprint(cp, bp)) == NULL) 665 goto trunc; 666 } 667 } 668 if (arcount > 0) 669 goto trunc; 670 } 671 } 672 printf(" (%d)", length); 673 return; 674 675 trunc: 676 printf("[|domain]"); 677 return; 678 } 679