1 /* 2 * Copyright (c) 1988, 1989, 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997 3 * The Regents of the University of California. All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that: (1) source code distributions 7 * retain the above copyright notice and this paragraph in its entirety, (2) 8 * distributions including binary code include the above copyright notice and 9 * this paragraph in its entirety in the documentation or other materials 10 * provided with the distribution, and (3) all advertising materials mentioning 11 * features or use of this software display the following acknowledgement: 12 * ``This product includes software developed by the University of California, 13 * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of 14 * the University nor the names of its contributors may be used to endorse 15 * or promote products derived from this software without specific prior 16 * written permission. 17 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED 18 * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF 19 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. 20 */ 21 22 /* \summary: Domain Name System (DNS) printer */ 23 24 #ifdef HAVE_CONFIG_H 25 #include "config.h" 26 #endif 27 28 #include <netdissect-stdinc.h> 29 30 #include "nameser.h" 31 32 #include <string.h> 33 34 #include "netdissect.h" 35 #include "addrtoname.h" 36 #include "addrtostr.h" 37 #include "extract.h" 38 39 static const char *ns_ops[] = { 40 "", " inv_q", " stat", " op3", " notify", " update", " op6", " op7", 41 " op8", " updateA", " updateD", " updateDA", 42 " updateM", " updateMA", " zoneInit", " zoneRef", 43 }; 44 45 static const char *ns_resp[] = { 46 "", " FormErr", " ServFail", " NXDomain", 47 " NotImp", " Refused", " YXDomain", " YXRRSet", 48 " NXRRSet", " NotAuth", " NotZone", " Resp11", 49 " Resp12", " Resp13", " Resp14", " NoChange", 50 }; 51 52 /* skip over a domain name */ 53 static const u_char * 54 ns_nskip(netdissect_options *ndo, 55 register const u_char *cp) 56 { 57 register u_char i; 58 59 if (!ND_TTEST2(*cp, 1)) 60 return (NULL); 61 i = *cp++; 62 while (i) { 63 if ((i & INDIR_MASK) == INDIR_MASK) 64 return (cp + 1); 65 if ((i & INDIR_MASK) == EDNS0_MASK) { 66 int bitlen, bytelen; 67 68 if ((i & ~INDIR_MASK) != EDNS0_ELT_BITLABEL) 69 return(NULL); /* unknown ELT */ 70 if (!ND_TTEST2(*cp, 1)) 71 return (NULL); 72 if ((bitlen = *cp++) == 0) 73 bitlen = 256; 74 bytelen = (bitlen + 7) / 8; 75 cp += bytelen; 76 } else 77 cp += i; 78 if (!ND_TTEST2(*cp, 1)) 79 return (NULL); 80 i = *cp++; 81 } 82 return (cp); 83 } 84 85 /* print a <domain-name> */ 86 static const u_char * 87 blabel_print(netdissect_options *ndo, 88 const u_char *cp) 89 { 90 int bitlen, slen, b; 91 const u_char *bitp, *lim; 92 char tc; 93 94 if (!ND_TTEST2(*cp, 1)) 95 return(NULL); 96 if ((bitlen = *cp) == 0) 97 bitlen = 256; 98 slen = (bitlen + 3) / 4; 99 lim = cp + 1 + slen; 100 101 /* print the bit string as a hex string */ 102 ND_PRINT((ndo, "\\[x")); 103 for (bitp = cp + 1, b = bitlen; bitp < lim && b > 7; b -= 8, bitp++) { 104 ND_TCHECK(*bitp); 105 ND_PRINT((ndo, "%02x", *bitp)); 106 } 107 if (b > 4) { 108 ND_TCHECK(*bitp); 109 tc = *bitp++; 110 ND_PRINT((ndo, "%02x", tc & (0xff << (8 - b)))); 111 } else if (b > 0) { 112 ND_TCHECK(*bitp); 113 tc = *bitp++; 114 ND_PRINT((ndo, "%1x", ((tc >> 4) & 0x0f) & (0x0f << (4 - b)))); 115 } 116 ND_PRINT((ndo, "/%d]", bitlen)); 117 return lim; 118 trunc: 119 ND_PRINT((ndo, ".../%d]", bitlen)); 120 return NULL; 121 } 122 123 static int 124 labellen(netdissect_options *ndo, 125 const u_char *cp) 126 { 127 register u_int i; 128 129 if (!ND_TTEST2(*cp, 1)) 130 return(-1); 131 i = *cp; 132 if ((i & INDIR_MASK) == EDNS0_MASK) { 133 int bitlen, elt; 134 if ((elt = (i & ~INDIR_MASK)) != EDNS0_ELT_BITLABEL) { 135 ND_PRINT((ndo, "<ELT %d>", elt)); 136 return(-1); 137 } 138 if (!ND_TTEST2(*(cp + 1), 1)) 139 return(-1); 140 if ((bitlen = *(cp + 1)) == 0) 141 bitlen = 256; 142 return(((bitlen + 7) / 8) + 1); 143 } else 144 return(i); 145 } 146 147 const u_char * 148 ns_nprint(netdissect_options *ndo, 149 register const u_char *cp, register const u_char *bp) 150 { 151 register u_int i, l; 152 register const u_char *rp = NULL; 153 register int compress = 0; 154 int elt; 155 u_int offset, max_offset; 156 157 if ((l = labellen(ndo, cp)) == (u_int)-1) 158 return(NULL); 159 if (!ND_TTEST2(*cp, 1)) 160 return(NULL); 161 max_offset = (u_int)(cp - bp); 162 if (((i = *cp++) & INDIR_MASK) != INDIR_MASK) { 163 compress = 0; 164 rp = cp + l; 165 } 166 167 if (i != 0) 168 while (i && cp < ndo->ndo_snapend) { 169 if ((i & INDIR_MASK) == INDIR_MASK) { 170 if (!compress) { 171 rp = cp + 1; 172 compress = 1; 173 } 174 if (!ND_TTEST2(*cp, 1)) 175 return(NULL); 176 offset = (((i << 8) | *cp) & 0x3fff); 177 /* 178 * This must move backwards in the packet. 179 * No RFC explicitly says that, but BIND's 180 * name decompression code requires it, 181 * as a way of preventing infinite loops 182 * and other bad behavior, and it's probably 183 * what was intended (compress by pointing 184 * to domain name suffixes already seen in 185 * the packet). 186 */ 187 if (offset >= max_offset) { 188 ND_PRINT((ndo, "<BAD PTR>")); 189 return(NULL); 190 } 191 max_offset = offset; 192 cp = bp + offset; 193 if ((l = labellen(ndo, cp)) == (u_int)-1) 194 return(NULL); 195 if (!ND_TTEST2(*cp, 1)) 196 return(NULL); 197 i = *cp++; 198 continue; 199 } 200 if ((i & INDIR_MASK) == EDNS0_MASK) { 201 elt = (i & ~INDIR_MASK); 202 switch(elt) { 203 case EDNS0_ELT_BITLABEL: 204 if (blabel_print(ndo, cp) == NULL) 205 return (NULL); 206 break; 207 default: 208 /* unknown ELT */ 209 ND_PRINT((ndo, "<ELT %d>", elt)); 210 return(NULL); 211 } 212 } else { 213 if (fn_printn(ndo, cp, l, ndo->ndo_snapend)) 214 return(NULL); 215 } 216 217 cp += l; 218 ND_PRINT((ndo, ".")); 219 if ((l = labellen(ndo, cp)) == (u_int)-1) 220 return(NULL); 221 if (!ND_TTEST2(*cp, 1)) 222 return(NULL); 223 i = *cp++; 224 if (!compress) 225 rp += l + 1; 226 } 227 else 228 ND_PRINT((ndo, ".")); 229 return (rp); 230 } 231 232 /* print a <character-string> */ 233 static const u_char * 234 ns_cprint(netdissect_options *ndo, 235 register const u_char *cp) 236 { 237 register u_int i; 238 239 if (!ND_TTEST2(*cp, 1)) 240 return (NULL); 241 i = *cp++; 242 if (fn_printn(ndo, cp, i, ndo->ndo_snapend)) 243 return (NULL); 244 return (cp + i); 245 } 246 247 /* http://www.iana.org/assignments/dns-parameters */ 248 const struct tok ns_type2str[] = { 249 { T_A, "A" }, /* RFC 1035 */ 250 { T_NS, "NS" }, /* RFC 1035 */ 251 { T_MD, "MD" }, /* RFC 1035 */ 252 { T_MF, "MF" }, /* RFC 1035 */ 253 { T_CNAME, "CNAME" }, /* RFC 1035 */ 254 { T_SOA, "SOA" }, /* RFC 1035 */ 255 { T_MB, "MB" }, /* RFC 1035 */ 256 { T_MG, "MG" }, /* RFC 1035 */ 257 { T_MR, "MR" }, /* RFC 1035 */ 258 { T_NULL, "NULL" }, /* RFC 1035 */ 259 { T_WKS, "WKS" }, /* RFC 1035 */ 260 { T_PTR, "PTR" }, /* RFC 1035 */ 261 { T_HINFO, "HINFO" }, /* RFC 1035 */ 262 { T_MINFO, "MINFO" }, /* RFC 1035 */ 263 { T_MX, "MX" }, /* RFC 1035 */ 264 { T_TXT, "TXT" }, /* RFC 1035 */ 265 { T_RP, "RP" }, /* RFC 1183 */ 266 { T_AFSDB, "AFSDB" }, /* RFC 1183 */ 267 { T_X25, "X25" }, /* RFC 1183 */ 268 { T_ISDN, "ISDN" }, /* RFC 1183 */ 269 { T_RT, "RT" }, /* RFC 1183 */ 270 { T_NSAP, "NSAP" }, /* RFC 1706 */ 271 { T_NSAP_PTR, "NSAP_PTR" }, 272 { T_SIG, "SIG" }, /* RFC 2535 */ 273 { T_KEY, "KEY" }, /* RFC 2535 */ 274 { T_PX, "PX" }, /* RFC 2163 */ 275 { T_GPOS, "GPOS" }, /* RFC 1712 */ 276 { T_AAAA, "AAAA" }, /* RFC 1886 */ 277 { T_LOC, "LOC" }, /* RFC 1876 */ 278 { T_NXT, "NXT" }, /* RFC 2535 */ 279 { T_EID, "EID" }, /* Nimrod */ 280 { T_NIMLOC, "NIMLOC" }, /* Nimrod */ 281 { T_SRV, "SRV" }, /* RFC 2782 */ 282 { T_ATMA, "ATMA" }, /* ATM Forum */ 283 { T_NAPTR, "NAPTR" }, /* RFC 2168, RFC 2915 */ 284 { T_KX, "KX" }, /* RFC 2230 */ 285 { T_CERT, "CERT" }, /* RFC 2538 */ 286 { T_A6, "A6" }, /* RFC 2874 */ 287 { T_DNAME, "DNAME" }, /* RFC 2672 */ 288 { T_SINK, "SINK" }, 289 { T_OPT, "OPT" }, /* RFC 2671 */ 290 { T_APL, "APL" }, /* RFC 3123 */ 291 { T_DS, "DS" }, /* RFC 4034 */ 292 { T_SSHFP, "SSHFP" }, /* RFC 4255 */ 293 { T_IPSECKEY, "IPSECKEY" }, /* RFC 4025 */ 294 { T_RRSIG, "RRSIG" }, /* RFC 4034 */ 295 { T_NSEC, "NSEC" }, /* RFC 4034 */ 296 { T_DNSKEY, "DNSKEY" }, /* RFC 4034 */ 297 { T_SPF, "SPF" }, /* RFC-schlitt-spf-classic-02.txt */ 298 { T_UINFO, "UINFO" }, 299 { T_UID, "UID" }, 300 { T_GID, "GID" }, 301 { T_UNSPEC, "UNSPEC" }, 302 { T_UNSPECA, "UNSPECA" }, 303 { T_TKEY, "TKEY" }, /* RFC 2930 */ 304 { T_TSIG, "TSIG" }, /* RFC 2845 */ 305 { T_IXFR, "IXFR" }, /* RFC 1995 */ 306 { T_AXFR, "AXFR" }, /* RFC 1035 */ 307 { T_MAILB, "MAILB" }, /* RFC 1035 */ 308 { T_MAILA, "MAILA" }, /* RFC 1035 */ 309 { T_ANY, "ANY" }, 310 { 0, NULL } 311 }; 312 313 const struct tok ns_class2str[] = { 314 { C_IN, "IN" }, /* Not used */ 315 { C_CHAOS, "CHAOS" }, 316 { C_HS, "HS" }, 317 { C_ANY, "ANY" }, 318 { 0, NULL } 319 }; 320 321 /* print a query */ 322 static const u_char * 323 ns_qprint(netdissect_options *ndo, 324 register const u_char *cp, register const u_char *bp, int is_mdns) 325 { 326 register const u_char *np = cp; 327 register u_int i, class; 328 329 cp = ns_nskip(ndo, cp); 330 331 if (cp == NULL || !ND_TTEST2(*cp, 4)) 332 return(NULL); 333 334 /* print the qtype */ 335 i = EXTRACT_16BITS(cp); 336 cp += 2; 337 ND_PRINT((ndo, " %s", tok2str(ns_type2str, "Type%d", i))); 338 /* print the qclass (if it's not IN) */ 339 i = EXTRACT_16BITS(cp); 340 cp += 2; 341 if (is_mdns) 342 class = (i & ~C_QU); 343 else 344 class = i; 345 if (class != C_IN) 346 ND_PRINT((ndo, " %s", tok2str(ns_class2str, "(Class %d)", class))); 347 if (is_mdns) { 348 ND_PRINT((ndo, i & C_QU ? " (QU)" : " (QM)")); 349 } 350 351 ND_PRINT((ndo, "? ")); 352 cp = ns_nprint(ndo, np, bp); 353 return(cp ? cp + 4 : NULL); 354 } 355 356 /* print a reply */ 357 static const u_char * 358 ns_rprint(netdissect_options *ndo, 359 register const u_char *cp, register const u_char *bp, int is_mdns) 360 { 361 register u_int i, class, opt_flags = 0; 362 register u_short typ, len; 363 register const u_char *rp; 364 365 if (ndo->ndo_vflag) { 366 ND_PRINT((ndo, " ")); 367 if ((cp = ns_nprint(ndo, cp, bp)) == NULL) 368 return NULL; 369 } else 370 cp = ns_nskip(ndo, cp); 371 372 if (cp == NULL || !ND_TTEST2(*cp, 10)) 373 return (ndo->ndo_snapend); 374 375 /* print the type/qtype */ 376 typ = EXTRACT_16BITS(cp); 377 cp += 2; 378 /* print the class (if it's not IN and the type isn't OPT) */ 379 i = EXTRACT_16BITS(cp); 380 cp += 2; 381 if (is_mdns) 382 class = (i & ~C_CACHE_FLUSH); 383 else 384 class = i; 385 if (class != C_IN && typ != T_OPT) 386 ND_PRINT((ndo, " %s", tok2str(ns_class2str, "(Class %d)", class))); 387 if (is_mdns) { 388 if (i & C_CACHE_FLUSH) 389 ND_PRINT((ndo, " (Cache flush)")); 390 } 391 392 if (typ == T_OPT) { 393 /* get opt flags */ 394 cp += 2; 395 opt_flags = EXTRACT_16BITS(cp); 396 /* ignore rest of ttl field */ 397 cp += 2; 398 } else if (ndo->ndo_vflag > 2) { 399 /* print ttl */ 400 ND_PRINT((ndo, " [")); 401 unsigned_relts_print(ndo, EXTRACT_32BITS(cp)); 402 ND_PRINT((ndo, "]")); 403 cp += 4; 404 } else { 405 /* ignore ttl */ 406 cp += 4; 407 } 408 409 len = EXTRACT_16BITS(cp); 410 cp += 2; 411 412 rp = cp + len; 413 414 ND_PRINT((ndo, " %s", tok2str(ns_type2str, "Type%d", typ))); 415 if (rp > ndo->ndo_snapend) 416 return(NULL); 417 418 switch (typ) { 419 case T_A: 420 if (!ND_TTEST2(*cp, sizeof(struct in_addr))) 421 return(NULL); 422 ND_PRINT((ndo, " %s", intoa(htonl(EXTRACT_32BITS(cp))))); 423 break; 424 425 case T_NS: 426 case T_CNAME: 427 case T_PTR: 428 #ifdef T_DNAME 429 case T_DNAME: 430 #endif 431 ND_PRINT((ndo, " ")); 432 if (ns_nprint(ndo, cp, bp) == NULL) 433 return(NULL); 434 break; 435 436 case T_SOA: 437 if (!ndo->ndo_vflag) 438 break; 439 ND_PRINT((ndo, " ")); 440 if ((cp = ns_nprint(ndo, cp, bp)) == NULL) 441 return(NULL); 442 ND_PRINT((ndo, " ")); 443 if ((cp = ns_nprint(ndo, cp, bp)) == NULL) 444 return(NULL); 445 if (!ND_TTEST2(*cp, 5 * 4)) 446 return(NULL); 447 ND_PRINT((ndo, " %u", EXTRACT_32BITS(cp))); 448 cp += 4; 449 ND_PRINT((ndo, " %u", EXTRACT_32BITS(cp))); 450 cp += 4; 451 ND_PRINT((ndo, " %u", EXTRACT_32BITS(cp))); 452 cp += 4; 453 ND_PRINT((ndo, " %u", EXTRACT_32BITS(cp))); 454 cp += 4; 455 ND_PRINT((ndo, " %u", EXTRACT_32BITS(cp))); 456 cp += 4; 457 break; 458 case T_MX: 459 ND_PRINT((ndo, " ")); 460 if (!ND_TTEST2(*cp, 2)) 461 return(NULL); 462 if (ns_nprint(ndo, cp + 2, bp) == NULL) 463 return(NULL); 464 ND_PRINT((ndo, " %d", EXTRACT_16BITS(cp))); 465 break; 466 467 case T_TXT: 468 while (cp < rp) { 469 ND_PRINT((ndo, " \"")); 470 cp = ns_cprint(ndo, cp); 471 if (cp == NULL) 472 return(NULL); 473 ND_PRINT((ndo, "\"")); 474 } 475 break; 476 477 case T_SRV: 478 ND_PRINT((ndo, " ")); 479 if (!ND_TTEST2(*cp, 6)) 480 return(NULL); 481 if (ns_nprint(ndo, cp + 6, bp) == NULL) 482 return(NULL); 483 ND_PRINT((ndo, ":%d %d %d", EXTRACT_16BITS(cp + 4), 484 EXTRACT_16BITS(cp), EXTRACT_16BITS(cp + 2))); 485 break; 486 487 case T_AAAA: 488 { 489 char ntop_buf[INET6_ADDRSTRLEN]; 490 491 if (!ND_TTEST2(*cp, sizeof(struct in6_addr))) 492 return(NULL); 493 ND_PRINT((ndo, " %s", 494 addrtostr6(cp, ntop_buf, sizeof(ntop_buf)))); 495 496 break; 497 } 498 499 case T_A6: 500 { 501 struct in6_addr a; 502 int pbit, pbyte; 503 char ntop_buf[INET6_ADDRSTRLEN]; 504 505 if (!ND_TTEST2(*cp, 1)) 506 return(NULL); 507 pbit = *cp; 508 pbyte = (pbit & ~7) / 8; 509 if (pbit > 128) { 510 ND_PRINT((ndo, " %u(bad plen)", pbit)); 511 break; 512 } else if (pbit < 128) { 513 if (!ND_TTEST2(*(cp + 1), sizeof(a) - pbyte)) 514 return(NULL); 515 memset(&a, 0, sizeof(a)); 516 memcpy(&a.s6_addr[pbyte], cp + 1, sizeof(a) - pbyte); 517 ND_PRINT((ndo, " %u %s", pbit, 518 addrtostr6(&a, ntop_buf, sizeof(ntop_buf)))); 519 } 520 if (pbit > 0) { 521 ND_PRINT((ndo, " ")); 522 if (ns_nprint(ndo, cp + 1 + sizeof(a) - pbyte, bp) == NULL) 523 return(NULL); 524 } 525 break; 526 } 527 528 case T_OPT: 529 ND_PRINT((ndo, " UDPsize=%u", class)); 530 if (opt_flags & 0x8000) 531 ND_PRINT((ndo, " DO")); 532 break; 533 534 case T_UNSPECA: /* One long string */ 535 if (!ND_TTEST2(*cp, len)) 536 return(NULL); 537 if (fn_printn(ndo, cp, len, ndo->ndo_snapend)) 538 return(NULL); 539 break; 540 541 case T_TSIG: 542 { 543 if (cp + len > ndo->ndo_snapend) 544 return(NULL); 545 if (!ndo->ndo_vflag) 546 break; 547 ND_PRINT((ndo, " ")); 548 if ((cp = ns_nprint(ndo, cp, bp)) == NULL) 549 return(NULL); 550 cp += 6; 551 if (!ND_TTEST2(*cp, 2)) 552 return(NULL); 553 ND_PRINT((ndo, " fudge=%u", EXTRACT_16BITS(cp))); 554 cp += 2; 555 if (!ND_TTEST2(*cp, 2)) 556 return(NULL); 557 ND_PRINT((ndo, " maclen=%u", EXTRACT_16BITS(cp))); 558 cp += 2 + EXTRACT_16BITS(cp); 559 if (!ND_TTEST2(*cp, 2)) 560 return(NULL); 561 ND_PRINT((ndo, " origid=%u", EXTRACT_16BITS(cp))); 562 cp += 2; 563 if (!ND_TTEST2(*cp, 2)) 564 return(NULL); 565 ND_PRINT((ndo, " error=%u", EXTRACT_16BITS(cp))); 566 cp += 2; 567 if (!ND_TTEST2(*cp, 2)) 568 return(NULL); 569 ND_PRINT((ndo, " otherlen=%u", EXTRACT_16BITS(cp))); 570 cp += 2; 571 } 572 } 573 return (rp); /* XXX This isn't always right */ 574 } 575 576 void 577 ns_print(netdissect_options *ndo, 578 register const u_char *bp, u_int length, int is_mdns) 579 { 580 register const HEADER *np; 581 register int qdcount, ancount, nscount, arcount; 582 register const u_char *cp; 583 uint16_t b2; 584 585 if(length < sizeof(*np)) { 586 ND_PRINT((ndo, "domain")); 587 ND_PRINT((ndo, " [length %u < %zu]", length, sizeof(*np))); 588 ND_PRINT((ndo, " (invalid)")); 589 return; 590 } 591 592 np = (const HEADER *)bp; 593 ND_TCHECK(*np); 594 /* get the byte-order right */ 595 qdcount = EXTRACT_16BITS(&np->qdcount); 596 ancount = EXTRACT_16BITS(&np->ancount); 597 nscount = EXTRACT_16BITS(&np->nscount); 598 arcount = EXTRACT_16BITS(&np->arcount); 599 600 if (DNS_QR(np)) { 601 /* this is a response */ 602 ND_PRINT((ndo, "%d%s%s%s%s%s%s", 603 EXTRACT_16BITS(&np->id), 604 ns_ops[DNS_OPCODE(np)], 605 ns_resp[DNS_RCODE(np)], 606 DNS_AA(np)? "*" : "", 607 DNS_RA(np)? "" : "-", 608 DNS_TC(np)? "|" : "", 609 DNS_AD(np)? "$" : "")); 610 611 if (qdcount != 1) 612 ND_PRINT((ndo, " [%dq]", qdcount)); 613 /* Print QUESTION section on -vv */ 614 cp = (const u_char *)(np + 1); 615 while (qdcount--) { 616 if (qdcount < EXTRACT_16BITS(&np->qdcount) - 1) 617 ND_PRINT((ndo, ",")); 618 if (ndo->ndo_vflag > 1) { 619 ND_PRINT((ndo, " q:")); 620 if ((cp = ns_qprint(ndo, cp, bp, is_mdns)) == NULL) 621 goto trunc; 622 } else { 623 if ((cp = ns_nskip(ndo, cp)) == NULL) 624 goto trunc; 625 cp += 4; /* skip QTYPE and QCLASS */ 626 } 627 } 628 ND_PRINT((ndo, " %d/%d/%d", ancount, nscount, arcount)); 629 if (ancount--) { 630 if ((cp = ns_rprint(ndo, cp, bp, is_mdns)) == NULL) 631 goto trunc; 632 while (cp < ndo->ndo_snapend && ancount--) { 633 ND_PRINT((ndo, ",")); 634 if ((cp = ns_rprint(ndo, cp, bp, is_mdns)) == NULL) 635 goto trunc; 636 } 637 } 638 if (ancount > 0) 639 goto trunc; 640 /* Print NS and AR sections on -vv */ 641 if (ndo->ndo_vflag > 1) { 642 if (cp < ndo->ndo_snapend && nscount--) { 643 ND_PRINT((ndo, " ns:")); 644 if ((cp = ns_rprint(ndo, cp, bp, is_mdns)) == NULL) 645 goto trunc; 646 while (cp < ndo->ndo_snapend && nscount--) { 647 ND_PRINT((ndo, ",")); 648 if ((cp = ns_rprint(ndo, cp, bp, is_mdns)) == NULL) 649 goto trunc; 650 } 651 } 652 if (nscount > 0) 653 goto trunc; 654 if (cp < ndo->ndo_snapend && arcount--) { 655 ND_PRINT((ndo, " ar:")); 656 if ((cp = ns_rprint(ndo, cp, bp, is_mdns)) == NULL) 657 goto trunc; 658 while (cp < ndo->ndo_snapend && arcount--) { 659 ND_PRINT((ndo, ",")); 660 if ((cp = ns_rprint(ndo, cp, bp, is_mdns)) == NULL) 661 goto trunc; 662 } 663 } 664 if (arcount > 0) 665 goto trunc; 666 } 667 } 668 else { 669 /* this is a request */ 670 ND_PRINT((ndo, "%d%s%s%s", EXTRACT_16BITS(&np->id), ns_ops[DNS_OPCODE(np)], 671 DNS_RD(np) ? "+" : "", 672 DNS_CD(np) ? "%" : "")); 673 674 /* any weirdness? */ 675 b2 = EXTRACT_16BITS(((const u_short *)np)+1); 676 if (b2 & 0x6cf) 677 ND_PRINT((ndo, " [b2&3=0x%x]", b2)); 678 679 if (DNS_OPCODE(np) == IQUERY) { 680 if (qdcount) 681 ND_PRINT((ndo, " [%dq]", qdcount)); 682 if (ancount != 1) 683 ND_PRINT((ndo, " [%da]", ancount)); 684 } 685 else { 686 if (ancount) 687 ND_PRINT((ndo, " [%da]", ancount)); 688 if (qdcount != 1) 689 ND_PRINT((ndo, " [%dq]", qdcount)); 690 } 691 if (nscount) 692 ND_PRINT((ndo, " [%dn]", nscount)); 693 if (arcount) 694 ND_PRINT((ndo, " [%dau]", arcount)); 695 696 cp = (const u_char *)(np + 1); 697 if (qdcount--) { 698 cp = ns_qprint(ndo, cp, (const u_char *)np, is_mdns); 699 if (!cp) 700 goto trunc; 701 while (cp < ndo->ndo_snapend && qdcount--) { 702 cp = ns_qprint(ndo, (const u_char *)cp, 703 (const u_char *)np, 704 is_mdns); 705 if (!cp) 706 goto trunc; 707 } 708 } 709 if (qdcount > 0) 710 goto trunc; 711 712 /* Print remaining sections on -vv */ 713 if (ndo->ndo_vflag > 1) { 714 if (ancount--) { 715 if ((cp = ns_rprint(ndo, cp, bp, is_mdns)) == NULL) 716 goto trunc; 717 while (cp < ndo->ndo_snapend && ancount--) { 718 ND_PRINT((ndo, ",")); 719 if ((cp = ns_rprint(ndo, cp, bp, is_mdns)) == NULL) 720 goto trunc; 721 } 722 } 723 if (ancount > 0) 724 goto trunc; 725 if (cp < ndo->ndo_snapend && nscount--) { 726 ND_PRINT((ndo, " ns:")); 727 if ((cp = ns_rprint(ndo, cp, bp, is_mdns)) == NULL) 728 goto trunc; 729 while (nscount-- && cp < ndo->ndo_snapend) { 730 ND_PRINT((ndo, ",")); 731 if ((cp = ns_rprint(ndo, cp, bp, is_mdns)) == NULL) 732 goto trunc; 733 } 734 } 735 if (nscount > 0) 736 goto trunc; 737 if (cp < ndo->ndo_snapend && arcount--) { 738 ND_PRINT((ndo, " ar:")); 739 if ((cp = ns_rprint(ndo, cp, bp, is_mdns)) == NULL) 740 goto trunc; 741 while (cp < ndo->ndo_snapend && arcount--) { 742 ND_PRINT((ndo, ",")); 743 if ((cp = ns_rprint(ndo, cp, bp, is_mdns)) == NULL) 744 goto trunc; 745 } 746 } 747 if (arcount > 0) 748 goto trunc; 749 } 750 } 751 ND_PRINT((ndo, " (%d)", length)); 752 return; 753 754 trunc: 755 ND_PRINT((ndo, "[|domain]")); 756 } 757