1 /* 2 * Copyright (c) 1988, 1989, 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997 3 * The Regents of the University of California. All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that: (1) source code distributions 7 * retain the above copyright notice and this paragraph in its entirety, (2) 8 * distributions including binary code include the above copyright notice and 9 * this paragraph in its entirety in the documentation or other materials 10 * provided with the distribution, and (3) all advertising materials mentioning 11 * features or use of this software display the following acknowledgement: 12 * ``This product includes software developed by the University of California, 13 * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of 14 * the University nor the names of its contributors may be used to endorse 15 * or promote products derived from this software without specific prior 16 * written permission. 17 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED 18 * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF 19 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. 20 * 21 * $FreeBSD$ 22 */ 23 24 #define NETDISSECT_REWORKED 25 #ifdef HAVE_CONFIG_H 26 #include "config.h" 27 #endif 28 29 #include <tcpdump-stdinc.h> 30 31 #include "nameser.h" 32 33 #include <string.h> 34 35 #include "interface.h" 36 #include "addrtoname.h" 37 #include "extract.h" /* must come after interface.h */ 38 39 static const char *ns_ops[] = { 40 "", " inv_q", " stat", " op3", " notify", " update", " op6", " op7", 41 " op8", " updateA", " updateD", " updateDA", 42 " updateM", " updateMA", " zoneInit", " zoneRef", 43 }; 44 45 static const char *ns_resp[] = { 46 "", " FormErr", " ServFail", " NXDomain", 47 " NotImp", " Refused", " YXDomain", " YXRRSet", 48 " NXRRSet", " NotAuth", " NotZone", " Resp11", 49 " Resp12", " Resp13", " Resp14", " NoChange", 50 }; 51 52 /* skip over a domain name */ 53 static const u_char * 54 ns_nskip(netdissect_options *ndo, 55 register const u_char *cp) 56 { 57 register u_char i; 58 59 if (!ND_TTEST2(*cp, 1)) 60 return (NULL); 61 i = *cp++; 62 while (i) { 63 if ((i & INDIR_MASK) == INDIR_MASK) 64 return (cp + 1); 65 if ((i & INDIR_MASK) == EDNS0_MASK) { 66 int bitlen, bytelen; 67 68 if ((i & ~INDIR_MASK) != EDNS0_ELT_BITLABEL) 69 return(NULL); /* unknown ELT */ 70 if (!ND_TTEST2(*cp, 1)) 71 return (NULL); 72 if ((bitlen = *cp++) == 0) 73 bitlen = 256; 74 bytelen = (bitlen + 7) / 8; 75 cp += bytelen; 76 } else 77 cp += i; 78 if (!ND_TTEST2(*cp, 1)) 79 return (NULL); 80 i = *cp++; 81 } 82 return (cp); 83 } 84 85 /* print a <domain-name> */ 86 static const u_char * 87 blabel_print(netdissect_options *ndo, 88 const u_char *cp) 89 { 90 int bitlen, slen, b; 91 const u_char *bitp, *lim; 92 char tc; 93 94 if (!ND_TTEST2(*cp, 1)) 95 return(NULL); 96 if ((bitlen = *cp) == 0) 97 bitlen = 256; 98 slen = (bitlen + 3) / 4; 99 lim = cp + 1 + slen; 100 101 /* print the bit string as a hex string */ 102 ND_PRINT((ndo, "\\[x")); 103 for (bitp = cp + 1, b = bitlen; bitp < lim && b > 7; b -= 8, bitp++) { 104 ND_TCHECK(*bitp); 105 ND_PRINT((ndo, "%02x", *bitp)); 106 } 107 if (b > 4) { 108 ND_TCHECK(*bitp); 109 tc = *bitp++; 110 ND_PRINT((ndo, "%02x", tc & (0xff << (8 - b)))); 111 } else if (b > 0) { 112 ND_TCHECK(*bitp); 113 tc = *bitp++; 114 ND_PRINT((ndo, "%1x", ((tc >> 4) & 0x0f) & (0x0f << (4 - b)))); 115 } 116 ND_PRINT((ndo, "/%d]", bitlen)); 117 return lim; 118 trunc: 119 ND_PRINT((ndo, ".../%d]", bitlen)); 120 return NULL; 121 } 122 123 static int 124 labellen(netdissect_options *ndo, 125 const u_char *cp) 126 { 127 register u_int i; 128 129 if (!ND_TTEST2(*cp, 1)) 130 return(-1); 131 i = *cp; 132 if ((i & INDIR_MASK) == EDNS0_MASK) { 133 int bitlen, elt; 134 if ((elt = (i & ~INDIR_MASK)) != EDNS0_ELT_BITLABEL) { 135 ND_PRINT((ndo, "<ELT %d>", elt)); 136 return(-1); 137 } 138 if (!ND_TTEST2(*(cp + 1), 1)) 139 return(-1); 140 if ((bitlen = *(cp + 1)) == 0) 141 bitlen = 256; 142 return(((bitlen + 7) / 8) + 1); 143 } else 144 return(i); 145 } 146 147 const u_char * 148 ns_nprint(netdissect_options *ndo, 149 register const u_char *cp, register const u_char *bp) 150 { 151 register u_int i, l; 152 register const u_char *rp = NULL; 153 register int compress = 0; 154 int chars_processed; 155 int elt; 156 int data_size = ndo->ndo_snapend - bp; 157 158 if ((l = labellen(ndo, cp)) == (u_int)-1) 159 return(NULL); 160 if (!ND_TTEST2(*cp, 1)) 161 return(NULL); 162 chars_processed = 1; 163 if (((i = *cp++) & INDIR_MASK) != INDIR_MASK) { 164 compress = 0; 165 rp = cp + l; 166 } 167 168 if (i != 0) 169 while (i && cp < ndo->ndo_snapend) { 170 if ((i & INDIR_MASK) == INDIR_MASK) { 171 if (!compress) { 172 rp = cp + 1; 173 compress = 1; 174 } 175 if (!ND_TTEST2(*cp, 1)) 176 return(NULL); 177 cp = bp + (((i << 8) | *cp) & 0x3fff); 178 if ((l = labellen(ndo, cp)) == (u_int)-1) 179 return(NULL); 180 if (!ND_TTEST2(*cp, 1)) 181 return(NULL); 182 i = *cp++; 183 chars_processed++; 184 185 /* 186 * If we've looked at every character in 187 * the message, this pointer will make 188 * us look at some character again, 189 * which means we're looping. 190 */ 191 if (chars_processed >= data_size) { 192 ND_PRINT((ndo, "<LOOP>")); 193 return (NULL); 194 } 195 continue; 196 } 197 if ((i & INDIR_MASK) == EDNS0_MASK) { 198 elt = (i & ~INDIR_MASK); 199 switch(elt) { 200 case EDNS0_ELT_BITLABEL: 201 if (blabel_print(ndo, cp) == NULL) 202 return (NULL); 203 break; 204 default: 205 /* unknown ELT */ 206 ND_PRINT((ndo, "<ELT %d>", elt)); 207 return(NULL); 208 } 209 } else { 210 if (fn_printn(ndo, cp, l, ndo->ndo_snapend)) 211 return(NULL); 212 } 213 214 cp += l; 215 chars_processed += l; 216 ND_PRINT((ndo, ".")); 217 if ((l = labellen(ndo, cp)) == (u_int)-1) 218 return(NULL); 219 if (!ND_TTEST2(*cp, 1)) 220 return(NULL); 221 i = *cp++; 222 chars_processed++; 223 if (!compress) 224 rp += l + 1; 225 } 226 else 227 ND_PRINT((ndo, ".")); 228 return (rp); 229 } 230 231 /* print a <character-string> */ 232 static const u_char * 233 ns_cprint(netdissect_options *ndo, 234 register const u_char *cp) 235 { 236 register u_int i; 237 238 if (!ND_TTEST2(*cp, 1)) 239 return (NULL); 240 i = *cp++; 241 if (fn_printn(ndo, cp, i, ndo->ndo_snapend)) 242 return (NULL); 243 return (cp + i); 244 } 245 246 /* http://www.iana.org/assignments/dns-parameters */ 247 const struct tok ns_type2str[] = { 248 { T_A, "A" }, /* RFC 1035 */ 249 { T_NS, "NS" }, /* RFC 1035 */ 250 { T_MD, "MD" }, /* RFC 1035 */ 251 { T_MF, "MF" }, /* RFC 1035 */ 252 { T_CNAME, "CNAME" }, /* RFC 1035 */ 253 { T_SOA, "SOA" }, /* RFC 1035 */ 254 { T_MB, "MB" }, /* RFC 1035 */ 255 { T_MG, "MG" }, /* RFC 1035 */ 256 { T_MR, "MR" }, /* RFC 1035 */ 257 { T_NULL, "NULL" }, /* RFC 1035 */ 258 { T_WKS, "WKS" }, /* RFC 1035 */ 259 { T_PTR, "PTR" }, /* RFC 1035 */ 260 { T_HINFO, "HINFO" }, /* RFC 1035 */ 261 { T_MINFO, "MINFO" }, /* RFC 1035 */ 262 { T_MX, "MX" }, /* RFC 1035 */ 263 { T_TXT, "TXT" }, /* RFC 1035 */ 264 { T_RP, "RP" }, /* RFC 1183 */ 265 { T_AFSDB, "AFSDB" }, /* RFC 1183 */ 266 { T_X25, "X25" }, /* RFC 1183 */ 267 { T_ISDN, "ISDN" }, /* RFC 1183 */ 268 { T_RT, "RT" }, /* RFC 1183 */ 269 { T_NSAP, "NSAP" }, /* RFC 1706 */ 270 { T_NSAP_PTR, "NSAP_PTR" }, 271 { T_SIG, "SIG" }, /* RFC 2535 */ 272 { T_KEY, "KEY" }, /* RFC 2535 */ 273 { T_PX, "PX" }, /* RFC 2163 */ 274 { T_GPOS, "GPOS" }, /* RFC 1712 */ 275 { T_AAAA, "AAAA" }, /* RFC 1886 */ 276 { T_LOC, "LOC" }, /* RFC 1876 */ 277 { T_NXT, "NXT" }, /* RFC 2535 */ 278 { T_EID, "EID" }, /* Nimrod */ 279 { T_NIMLOC, "NIMLOC" }, /* Nimrod */ 280 { T_SRV, "SRV" }, /* RFC 2782 */ 281 { T_ATMA, "ATMA" }, /* ATM Forum */ 282 { T_NAPTR, "NAPTR" }, /* RFC 2168, RFC 2915 */ 283 { T_KX, "KX" }, /* RFC 2230 */ 284 { T_CERT, "CERT" }, /* RFC 2538 */ 285 { T_A6, "A6" }, /* RFC 2874 */ 286 { T_DNAME, "DNAME" }, /* RFC 2672 */ 287 { T_SINK, "SINK" }, 288 { T_OPT, "OPT" }, /* RFC 2671 */ 289 { T_APL, "APL" }, /* RFC 3123 */ 290 { T_DS, "DS" }, /* RFC 4034 */ 291 { T_SSHFP, "SSHFP" }, /* RFC 4255 */ 292 { T_IPSECKEY, "IPSECKEY" }, /* RFC 4025 */ 293 { T_RRSIG, "RRSIG" }, /* RFC 4034 */ 294 { T_NSEC, "NSEC" }, /* RFC 4034 */ 295 { T_DNSKEY, "DNSKEY" }, /* RFC 4034 */ 296 { T_SPF, "SPF" }, /* RFC-schlitt-spf-classic-02.txt */ 297 { T_UINFO, "UINFO" }, 298 { T_UID, "UID" }, 299 { T_GID, "GID" }, 300 { T_UNSPEC, "UNSPEC" }, 301 { T_UNSPECA, "UNSPECA" }, 302 { T_TKEY, "TKEY" }, /* RFC 2930 */ 303 { T_TSIG, "TSIG" }, /* RFC 2845 */ 304 { T_IXFR, "IXFR" }, /* RFC 1995 */ 305 { T_AXFR, "AXFR" }, /* RFC 1035 */ 306 { T_MAILB, "MAILB" }, /* RFC 1035 */ 307 { T_MAILA, "MAILA" }, /* RFC 1035 */ 308 { T_ANY, "ANY" }, 309 { 0, NULL } 310 }; 311 312 const struct tok ns_class2str[] = { 313 { C_IN, "IN" }, /* Not used */ 314 { C_CHAOS, "CHAOS" }, 315 { C_HS, "HS" }, 316 { C_ANY, "ANY" }, 317 { 0, NULL } 318 }; 319 320 /* print a query */ 321 static const u_char * 322 ns_qprint(netdissect_options *ndo, 323 register const u_char *cp, register const u_char *bp, int is_mdns) 324 { 325 register const u_char *np = cp; 326 register u_int i, class; 327 328 cp = ns_nskip(ndo, cp); 329 330 if (cp == NULL || !ND_TTEST2(*cp, 4)) 331 return(NULL); 332 333 /* print the qtype */ 334 i = EXTRACT_16BITS(cp); 335 cp += 2; 336 ND_PRINT((ndo, " %s", tok2str(ns_type2str, "Type%d", i))); 337 /* print the qclass (if it's not IN) */ 338 i = EXTRACT_16BITS(cp); 339 cp += 2; 340 if (is_mdns) 341 class = (i & ~C_QU); 342 else 343 class = i; 344 if (class != C_IN) 345 ND_PRINT((ndo, " %s", tok2str(ns_class2str, "(Class %d)", class))); 346 if (is_mdns) { 347 ND_PRINT((ndo, i & C_QU ? " (QU)" : " (QM)")); 348 } 349 350 ND_PRINT((ndo, "? ")); 351 cp = ns_nprint(ndo, np, bp); 352 return(cp ? cp + 4 : NULL); 353 } 354 355 /* print a reply */ 356 static const u_char * 357 ns_rprint(netdissect_options *ndo, 358 register const u_char *cp, register const u_char *bp, int is_mdns) 359 { 360 register u_int i, class, opt_flags = 0; 361 register u_short typ, len; 362 register const u_char *rp; 363 364 if (ndo->ndo_vflag) { 365 ND_PRINT((ndo, " ")); 366 if ((cp = ns_nprint(ndo, cp, bp)) == NULL) 367 return NULL; 368 } else 369 cp = ns_nskip(ndo, cp); 370 371 if (cp == NULL || !ND_TTEST2(*cp, 10)) 372 return (ndo->ndo_snapend); 373 374 /* print the type/qtype */ 375 typ = EXTRACT_16BITS(cp); 376 cp += 2; 377 /* print the class (if it's not IN and the type isn't OPT) */ 378 i = EXTRACT_16BITS(cp); 379 cp += 2; 380 if (is_mdns) 381 class = (i & ~C_CACHE_FLUSH); 382 else 383 class = i; 384 if (class != C_IN && typ != T_OPT) 385 ND_PRINT((ndo, " %s", tok2str(ns_class2str, "(Class %d)", class))); 386 if (is_mdns) { 387 if (i & C_CACHE_FLUSH) 388 ND_PRINT((ndo, " (Cache flush)")); 389 } 390 391 if (typ == T_OPT) { 392 /* get opt flags */ 393 cp += 2; 394 opt_flags = EXTRACT_16BITS(cp); 395 /* ignore rest of ttl field */ 396 cp += 2; 397 } else if (ndo->ndo_vflag > 2) { 398 /* print ttl */ 399 ND_PRINT((ndo, " [")); 400 relts_print(ndo, EXTRACT_32BITS(cp)); 401 ND_PRINT((ndo, "]")); 402 cp += 4; 403 } else { 404 /* ignore ttl */ 405 cp += 4; 406 } 407 408 len = EXTRACT_16BITS(cp); 409 cp += 2; 410 411 rp = cp + len; 412 413 ND_PRINT((ndo, " %s", tok2str(ns_type2str, "Type%d", typ))); 414 if (rp > ndo->ndo_snapend) 415 return(NULL); 416 417 switch (typ) { 418 case T_A: 419 if (!ND_TTEST2(*cp, sizeof(struct in_addr))) 420 return(NULL); 421 ND_PRINT((ndo, " %s", intoa(htonl(EXTRACT_32BITS(cp))))); 422 break; 423 424 case T_NS: 425 case T_CNAME: 426 case T_PTR: 427 #ifdef T_DNAME 428 case T_DNAME: 429 #endif 430 ND_PRINT((ndo, " ")); 431 if (ns_nprint(ndo, cp, bp) == NULL) 432 return(NULL); 433 break; 434 435 case T_SOA: 436 if (!ndo->ndo_vflag) 437 break; 438 ND_PRINT((ndo, " ")); 439 if ((cp = ns_nprint(ndo, cp, bp)) == NULL) 440 return(NULL); 441 ND_PRINT((ndo, " ")); 442 if ((cp = ns_nprint(ndo, cp, bp)) == NULL) 443 return(NULL); 444 if (!ND_TTEST2(*cp, 5 * 4)) 445 return(NULL); 446 ND_PRINT((ndo, " %u", EXTRACT_32BITS(cp))); 447 cp += 4; 448 ND_PRINT((ndo, " %u", EXTRACT_32BITS(cp))); 449 cp += 4; 450 ND_PRINT((ndo, " %u", EXTRACT_32BITS(cp))); 451 cp += 4; 452 ND_PRINT((ndo, " %u", EXTRACT_32BITS(cp))); 453 cp += 4; 454 ND_PRINT((ndo, " %u", EXTRACT_32BITS(cp))); 455 cp += 4; 456 break; 457 case T_MX: 458 ND_PRINT((ndo, " ")); 459 if (!ND_TTEST2(*cp, 2)) 460 return(NULL); 461 if (ns_nprint(ndo, cp + 2, bp) == NULL) 462 return(NULL); 463 ND_PRINT((ndo, " %d", EXTRACT_16BITS(cp))); 464 break; 465 466 case T_TXT: 467 while (cp < rp) { 468 ND_PRINT((ndo, " \"")); 469 cp = ns_cprint(ndo, cp); 470 if (cp == NULL) 471 return(NULL); 472 ND_PRINT((ndo, "\"")); 473 } 474 break; 475 476 case T_SRV: 477 ND_PRINT((ndo, " ")); 478 if (!ND_TTEST2(*cp, 6)) 479 return(NULL); 480 if (ns_nprint(ndo, cp + 6, bp) == NULL) 481 return(NULL); 482 ND_PRINT((ndo, ":%d %d %d", EXTRACT_16BITS(cp + 4), 483 EXTRACT_16BITS(cp), EXTRACT_16BITS(cp + 2))); 484 break; 485 486 #ifdef INET6 487 case T_AAAA: 488 { 489 struct in6_addr addr; 490 char ntop_buf[INET6_ADDRSTRLEN]; 491 492 if (!ND_TTEST2(*cp, sizeof(struct in6_addr))) 493 return(NULL); 494 memcpy(&addr, cp, sizeof(struct in6_addr)); 495 ND_PRINT((ndo, " %s", 496 inet_ntop(AF_INET6, &addr, ntop_buf, sizeof(ntop_buf)))); 497 498 break; 499 } 500 501 case T_A6: 502 { 503 struct in6_addr a; 504 int pbit, pbyte; 505 char ntop_buf[INET6_ADDRSTRLEN]; 506 507 if (!ND_TTEST2(*cp, 1)) 508 return(NULL); 509 pbit = *cp; 510 pbyte = (pbit & ~7) / 8; 511 if (pbit > 128) { 512 ND_PRINT((ndo, " %u(bad plen)", pbit)); 513 break; 514 } else if (pbit < 128) { 515 if (!ND_TTEST2(*(cp + 1), sizeof(a) - pbyte)) 516 return(NULL); 517 memset(&a, 0, sizeof(a)); 518 memcpy(&a.s6_addr[pbyte], cp + 1, sizeof(a) - pbyte); 519 ND_PRINT((ndo, " %u %s", pbit, 520 inet_ntop(AF_INET6, &a, ntop_buf, sizeof(ntop_buf)))); 521 } 522 if (pbit > 0) { 523 ND_PRINT((ndo, " ")); 524 if (ns_nprint(ndo, cp + 1 + sizeof(a) - pbyte, bp) == NULL) 525 return(NULL); 526 } 527 break; 528 } 529 #endif /*INET6*/ 530 531 case T_OPT: 532 ND_PRINT((ndo, " UDPsize=%u", class)); 533 if (opt_flags & 0x8000) 534 ND_PRINT((ndo, " OK")); 535 break; 536 537 case T_UNSPECA: /* One long string */ 538 if (!ND_TTEST2(*cp, len)) 539 return(NULL); 540 if (fn_printn(ndo, cp, len, ndo->ndo_snapend)) 541 return(NULL); 542 break; 543 544 case T_TSIG: 545 { 546 if (cp + len > ndo->ndo_snapend) 547 return(NULL); 548 if (!ndo->ndo_vflag) 549 break; 550 ND_PRINT((ndo, " ")); 551 if ((cp = ns_nprint(ndo, cp, bp)) == NULL) 552 return(NULL); 553 cp += 6; 554 if (!ND_TTEST2(*cp, 2)) 555 return(NULL); 556 ND_PRINT((ndo, " fudge=%u", EXTRACT_16BITS(cp))); 557 cp += 2; 558 if (!ND_TTEST2(*cp, 2)) 559 return(NULL); 560 ND_PRINT((ndo, " maclen=%u", EXTRACT_16BITS(cp))); 561 cp += 2 + EXTRACT_16BITS(cp); 562 if (!ND_TTEST2(*cp, 2)) 563 return(NULL); 564 ND_PRINT((ndo, " origid=%u", EXTRACT_16BITS(cp))); 565 cp += 2; 566 if (!ND_TTEST2(*cp, 2)) 567 return(NULL); 568 ND_PRINT((ndo, " error=%u", EXTRACT_16BITS(cp))); 569 cp += 2; 570 if (!ND_TTEST2(*cp, 2)) 571 return(NULL); 572 ND_PRINT((ndo, " otherlen=%u", EXTRACT_16BITS(cp))); 573 cp += 2; 574 } 575 } 576 return (rp); /* XXX This isn't always right */ 577 } 578 579 void 580 ns_print(netdissect_options *ndo, 581 register const u_char *bp, u_int length, int is_mdns) 582 { 583 register const HEADER *np; 584 register int qdcount, ancount, nscount, arcount; 585 register const u_char *cp; 586 uint16_t b2; 587 588 np = (const HEADER *)bp; 589 ND_TCHECK(*np); 590 /* get the byte-order right */ 591 qdcount = EXTRACT_16BITS(&np->qdcount); 592 ancount = EXTRACT_16BITS(&np->ancount); 593 nscount = EXTRACT_16BITS(&np->nscount); 594 arcount = EXTRACT_16BITS(&np->arcount); 595 596 if (DNS_QR(np)) { 597 /* this is a response */ 598 ND_PRINT((ndo, "%d%s%s%s%s%s%s", 599 EXTRACT_16BITS(&np->id), 600 ns_ops[DNS_OPCODE(np)], 601 ns_resp[DNS_RCODE(np)], 602 DNS_AA(np)? "*" : "", 603 DNS_RA(np)? "" : "-", 604 DNS_TC(np)? "|" : "", 605 DNS_AD(np)? "$" : "")); 606 607 if (qdcount != 1) 608 ND_PRINT((ndo, " [%dq]", qdcount)); 609 /* Print QUESTION section on -vv */ 610 cp = (const u_char *)(np + 1); 611 while (qdcount--) { 612 if (qdcount < EXTRACT_16BITS(&np->qdcount) - 1) 613 ND_PRINT((ndo, ",")); 614 if (ndo->ndo_vflag > 1) { 615 ND_PRINT((ndo, " q:")); 616 if ((cp = ns_qprint(ndo, cp, bp, is_mdns)) == NULL) 617 goto trunc; 618 } else { 619 if ((cp = ns_nskip(ndo, cp)) == NULL) 620 goto trunc; 621 cp += 4; /* skip QTYPE and QCLASS */ 622 } 623 } 624 ND_PRINT((ndo, " %d/%d/%d", ancount, nscount, arcount)); 625 if (ancount--) { 626 if ((cp = ns_rprint(ndo, cp, bp, is_mdns)) == NULL) 627 goto trunc; 628 while (cp < ndo->ndo_snapend && ancount--) { 629 ND_PRINT((ndo, ",")); 630 if ((cp = ns_rprint(ndo, cp, bp, is_mdns)) == NULL) 631 goto trunc; 632 } 633 } 634 if (ancount > 0) 635 goto trunc; 636 /* Print NS and AR sections on -vv */ 637 if (ndo->ndo_vflag > 1) { 638 if (cp < ndo->ndo_snapend && nscount--) { 639 ND_PRINT((ndo, " ns:")); 640 if ((cp = ns_rprint(ndo, cp, bp, is_mdns)) == NULL) 641 goto trunc; 642 while (cp < ndo->ndo_snapend && nscount--) { 643 ND_PRINT((ndo, ",")); 644 if ((cp = ns_rprint(ndo, cp, bp, is_mdns)) == NULL) 645 goto trunc; 646 } 647 } 648 if (nscount > 0) 649 goto trunc; 650 if (cp < ndo->ndo_snapend && arcount--) { 651 ND_PRINT((ndo, " ar:")); 652 if ((cp = ns_rprint(ndo, cp, bp, is_mdns)) == NULL) 653 goto trunc; 654 while (cp < ndo->ndo_snapend && arcount--) { 655 ND_PRINT((ndo, ",")); 656 if ((cp = ns_rprint(ndo, cp, bp, is_mdns)) == NULL) 657 goto trunc; 658 } 659 } 660 if (arcount > 0) 661 goto trunc; 662 } 663 } 664 else { 665 /* this is a request */ 666 ND_PRINT((ndo, "%d%s%s%s", EXTRACT_16BITS(&np->id), ns_ops[DNS_OPCODE(np)], 667 DNS_RD(np) ? "+" : "", 668 DNS_CD(np) ? "%" : "")); 669 670 /* any weirdness? */ 671 b2 = EXTRACT_16BITS(((u_short *)np)+1); 672 if (b2 & 0x6cf) 673 ND_PRINT((ndo, " [b2&3=0x%x]", b2)); 674 675 if (DNS_OPCODE(np) == IQUERY) { 676 if (qdcount) 677 ND_PRINT((ndo, " [%dq]", qdcount)); 678 if (ancount != 1) 679 ND_PRINT((ndo, " [%da]", ancount)); 680 } 681 else { 682 if (ancount) 683 ND_PRINT((ndo, " [%da]", ancount)); 684 if (qdcount != 1) 685 ND_PRINT((ndo, " [%dq]", qdcount)); 686 } 687 if (nscount) 688 ND_PRINT((ndo, " [%dn]", nscount)); 689 if (arcount) 690 ND_PRINT((ndo, " [%dau]", arcount)); 691 692 cp = (const u_char *)(np + 1); 693 if (qdcount--) { 694 cp = ns_qprint(ndo, cp, (const u_char *)np, is_mdns); 695 if (!cp) 696 goto trunc; 697 while (cp < ndo->ndo_snapend && qdcount--) { 698 cp = ns_qprint(ndo, (const u_char *)cp, 699 (const u_char *)np, 700 is_mdns); 701 if (!cp) 702 goto trunc; 703 } 704 } 705 if (qdcount > 0) 706 goto trunc; 707 708 /* Print remaining sections on -vv */ 709 if (ndo->ndo_vflag > 1) { 710 if (ancount--) { 711 if ((cp = ns_rprint(ndo, cp, bp, is_mdns)) == NULL) 712 goto trunc; 713 while (cp < ndo->ndo_snapend && ancount--) { 714 ND_PRINT((ndo, ",")); 715 if ((cp = ns_rprint(ndo, cp, bp, is_mdns)) == NULL) 716 goto trunc; 717 } 718 } 719 if (ancount > 0) 720 goto trunc; 721 if (cp < ndo->ndo_snapend && nscount--) { 722 ND_PRINT((ndo, " ns:")); 723 if ((cp = ns_rprint(ndo, cp, bp, is_mdns)) == NULL) 724 goto trunc; 725 while (nscount-- && cp < ndo->ndo_snapend) { 726 ND_PRINT((ndo, ",")); 727 if ((cp = ns_rprint(ndo, cp, bp, is_mdns)) == NULL) 728 goto trunc; 729 } 730 } 731 if (nscount > 0) 732 goto trunc; 733 if (cp < ndo->ndo_snapend && arcount--) { 734 ND_PRINT((ndo, " ar:")); 735 if ((cp = ns_rprint(ndo, cp, bp, is_mdns)) == NULL) 736 goto trunc; 737 while (cp < ndo->ndo_snapend && arcount--) { 738 ND_PRINT((ndo, ",")); 739 if ((cp = ns_rprint(ndo, cp, bp, is_mdns)) == NULL) 740 goto trunc; 741 } 742 } 743 if (arcount > 0) 744 goto trunc; 745 } 746 } 747 ND_PRINT((ndo, " (%d)", length)); 748 return; 749 750 trunc: 751 ND_PRINT((ndo, "[|domain]")); 752 } 753