1 /* 2 * Copyright (c) 1988, 1989, 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997 3 * The Regents of the University of California. All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that: (1) source code distributions 7 * retain the above copyright notice and this paragraph in its entirety, (2) 8 * distributions including binary code include the above copyright notice and 9 * this paragraph in its entirety in the documentation or other materials 10 * provided with the distribution, and (3) all advertising materials mentioning 11 * features or use of this software display the following acknowledgement: 12 * ``This product includes software developed by the University of California, 13 * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of 14 * the University nor the names of its contributors may be used to endorse 15 * or promote products derived from this software without specific prior 16 * written permission. 17 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED 18 * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF 19 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. 20 */ 21 22 #include <sys/cdefs.h> 23 #ifndef lint 24 __RCSID("$NetBSD: print-domain.c,v 1.9 2019/10/01 16:06:16 christos Exp $"); 25 #endif 26 27 /* \summary: Domain Name System (DNS) printer */ 28 29 #ifdef HAVE_CONFIG_H 30 #include "config.h" 31 #endif 32 33 #include <netdissect-stdinc.h> 34 35 #include "nameser.h" 36 37 #include <string.h> 38 39 #include "netdissect.h" 40 #include "addrtoname.h" 41 #include "addrtostr.h" 42 #include "extract.h" 43 44 static const char *ns_ops[] = { 45 "", " inv_q", " stat", " op3", " notify", " update", " op6", " op7", 46 " op8", " updateA", " updateD", " updateDA", 47 " updateM", " updateMA", " zoneInit", " zoneRef", 48 }; 49 50 static const char *ns_resp[] = { 51 "", " FormErr", " ServFail", " NXDomain", 52 " NotImp", " Refused", " YXDomain", " YXRRSet", 53 " NXRRSet", " NotAuth", " NotZone", " Resp11", 54 " Resp12", " Resp13", " Resp14", " NoChange", 55 }; 56 57 /* skip over a domain name */ 58 static const u_char * 59 ns_nskip(netdissect_options *ndo, 60 register const u_char *cp) 61 { 62 register u_char i; 63 64 if (!ND_TTEST2(*cp, 1)) 65 return (NULL); 66 i = *cp++; 67 while (i) { 68 if ((i & INDIR_MASK) == INDIR_MASK) 69 return (cp + 1); 70 if ((i & INDIR_MASK) == EDNS0_MASK) { 71 int bitlen, bytelen; 72 73 if ((i & ~INDIR_MASK) != EDNS0_ELT_BITLABEL) 74 return(NULL); /* unknown ELT */ 75 if (!ND_TTEST2(*cp, 1)) 76 return (NULL); 77 if ((bitlen = *cp++) == 0) 78 bitlen = 256; 79 bytelen = (bitlen + 7) / 8; 80 cp += bytelen; 81 } else 82 cp += i; 83 if (!ND_TTEST2(*cp, 1)) 84 return (NULL); 85 i = *cp++; 86 } 87 return (cp); 88 } 89 90 /* print a <domain-name> */ 91 static const u_char * 92 blabel_print(netdissect_options *ndo, 93 const u_char *cp) 94 { 95 int bitlen, slen, b; 96 const u_char *bitp, *lim; 97 char tc; 98 99 if (!ND_TTEST2(*cp, 1)) 100 return(NULL); 101 if ((bitlen = *cp) == 0) 102 bitlen = 256; 103 slen = (bitlen + 3) / 4; 104 lim = cp + 1 + slen; 105 106 /* print the bit string as a hex string */ 107 ND_PRINT((ndo, "\\[x")); 108 for (bitp = cp + 1, b = bitlen; bitp < lim && b > 7; b -= 8, bitp++) { 109 ND_TCHECK(*bitp); 110 ND_PRINT((ndo, "%02x", *bitp)); 111 } 112 if (b > 4) { 113 ND_TCHECK(*bitp); 114 tc = *bitp++; 115 ND_PRINT((ndo, "%02x", tc & (0xff << (8 - b)))); 116 } else if (b > 0) { 117 ND_TCHECK(*bitp); 118 tc = *bitp++; 119 ND_PRINT((ndo, "%1x", ((tc >> 4) & 0x0f) & (0x0f << (4 - b)))); 120 } 121 ND_PRINT((ndo, "/%d]", bitlen)); 122 return lim; 123 trunc: 124 ND_PRINT((ndo, ".../%d]", bitlen)); 125 return NULL; 126 } 127 128 static int 129 labellen(netdissect_options *ndo, 130 const u_char *cp) 131 { 132 register u_int i; 133 134 if (!ND_TTEST2(*cp, 1)) 135 return(-1); 136 i = *cp; 137 if ((i & INDIR_MASK) == EDNS0_MASK) { 138 int bitlen, elt; 139 if ((elt = (i & ~INDIR_MASK)) != EDNS0_ELT_BITLABEL) { 140 ND_PRINT((ndo, "<ELT %d>", elt)); 141 return(-1); 142 } 143 if (!ND_TTEST2(*(cp + 1), 1)) 144 return(-1); 145 if ((bitlen = *(cp + 1)) == 0) 146 bitlen = 256; 147 return(((bitlen + 7) / 8) + 1); 148 } else 149 return(i); 150 } 151 152 const u_char * 153 ns_nprint(netdissect_options *ndo, 154 register const u_char *cp, register const u_char *bp) 155 { 156 register u_int i, l; 157 register const u_char *rp = NULL; 158 register int compress = 0; 159 int elt; 160 u_int offset, max_offset; 161 162 if ((l = labellen(ndo, cp)) == (u_int)-1) 163 return(NULL); 164 if (!ND_TTEST2(*cp, 1)) 165 return(NULL); 166 max_offset = (u_int)(cp - bp); 167 if (((i = *cp++) & INDIR_MASK) != INDIR_MASK) { 168 compress = 0; 169 rp = cp + l; 170 } 171 172 if (i != 0) 173 while (i && cp < ndo->ndo_snapend) { 174 if ((i & INDIR_MASK) == INDIR_MASK) { 175 if (!compress) { 176 rp = cp + 1; 177 compress = 1; 178 } 179 if (!ND_TTEST2(*cp, 1)) 180 return(NULL); 181 offset = (((i << 8) | *cp) & 0x3fff); 182 /* 183 * This must move backwards in the packet. 184 * No RFC explicitly says that, but BIND's 185 * name decompression code requires it, 186 * as a way of preventing infinite loops 187 * and other bad behavior, and it's probably 188 * what was intended (compress by pointing 189 * to domain name suffixes already seen in 190 * the packet). 191 */ 192 if (offset >= max_offset) { 193 ND_PRINT((ndo, "<BAD PTR>")); 194 return(NULL); 195 } 196 max_offset = offset; 197 cp = bp + offset; 198 if ((l = labellen(ndo, cp)) == (u_int)-1) 199 return(NULL); 200 if (!ND_TTEST2(*cp, 1)) 201 return(NULL); 202 i = *cp++; 203 continue; 204 } 205 if ((i & INDIR_MASK) == EDNS0_MASK) { 206 elt = (i & ~INDIR_MASK); 207 switch(elt) { 208 case EDNS0_ELT_BITLABEL: 209 if (blabel_print(ndo, cp) == NULL) 210 return (NULL); 211 break; 212 default: 213 /* unknown ELT */ 214 ND_PRINT((ndo, "<ELT %d>", elt)); 215 return(NULL); 216 } 217 } else { 218 if (fn_printn(ndo, cp, l, ndo->ndo_snapend)) 219 return(NULL); 220 } 221 222 cp += l; 223 ND_PRINT((ndo, ".")); 224 if ((l = labellen(ndo, cp)) == (u_int)-1) 225 return(NULL); 226 if (!ND_TTEST2(*cp, 1)) 227 return(NULL); 228 i = *cp++; 229 if (!compress) 230 rp += l + 1; 231 } 232 else 233 ND_PRINT((ndo, ".")); 234 return (rp); 235 } 236 237 /* print a <character-string> */ 238 static const u_char * 239 ns_cprint(netdissect_options *ndo, 240 register const u_char *cp) 241 { 242 register u_int i; 243 244 if (!ND_TTEST2(*cp, 1)) 245 return (NULL); 246 i = *cp++; 247 if (fn_printn(ndo, cp, i, ndo->ndo_snapend)) 248 return (NULL); 249 return (cp + i); 250 } 251 252 /* http://www.iana.org/assignments/dns-parameters */ 253 const struct tok ns_type2str[] = { 254 { T_A, "A" }, /* RFC 1035 */ 255 { T_NS, "NS" }, /* RFC 1035 */ 256 { T_MD, "MD" }, /* RFC 1035 */ 257 { T_MF, "MF" }, /* RFC 1035 */ 258 { T_CNAME, "CNAME" }, /* RFC 1035 */ 259 { T_SOA, "SOA" }, /* RFC 1035 */ 260 { T_MB, "MB" }, /* RFC 1035 */ 261 { T_MG, "MG" }, /* RFC 1035 */ 262 { T_MR, "MR" }, /* RFC 1035 */ 263 { T_NULL, "NULL" }, /* RFC 1035 */ 264 { T_WKS, "WKS" }, /* RFC 1035 */ 265 { T_PTR, "PTR" }, /* RFC 1035 */ 266 { T_HINFO, "HINFO" }, /* RFC 1035 */ 267 { T_MINFO, "MINFO" }, /* RFC 1035 */ 268 { T_MX, "MX" }, /* RFC 1035 */ 269 { T_TXT, "TXT" }, /* RFC 1035 */ 270 { T_RP, "RP" }, /* RFC 1183 */ 271 { T_AFSDB, "AFSDB" }, /* RFC 1183 */ 272 { T_X25, "X25" }, /* RFC 1183 */ 273 { T_ISDN, "ISDN" }, /* RFC 1183 */ 274 { T_RT, "RT" }, /* RFC 1183 */ 275 { T_NSAP, "NSAP" }, /* RFC 1706 */ 276 { T_NSAP_PTR, "NSAP_PTR" }, 277 { T_SIG, "SIG" }, /* RFC 2535 */ 278 { T_KEY, "KEY" }, /* RFC 2535 */ 279 { T_PX, "PX" }, /* RFC 2163 */ 280 { T_GPOS, "GPOS" }, /* RFC 1712 */ 281 { T_AAAA, "AAAA" }, /* RFC 1886 */ 282 { T_LOC, "LOC" }, /* RFC 1876 */ 283 { T_NXT, "NXT" }, /* RFC 2535 */ 284 { T_EID, "EID" }, /* Nimrod */ 285 { T_NIMLOC, "NIMLOC" }, /* Nimrod */ 286 { T_SRV, "SRV" }, /* RFC 2782 */ 287 { T_ATMA, "ATMA" }, /* ATM Forum */ 288 { T_NAPTR, "NAPTR" }, /* RFC 2168, RFC 2915 */ 289 { T_KX, "KX" }, /* RFC 2230 */ 290 { T_CERT, "CERT" }, /* RFC 2538 */ 291 { T_A6, "A6" }, /* RFC 2874 */ 292 { T_DNAME, "DNAME" }, /* RFC 2672 */ 293 { T_SINK, "SINK" }, 294 { T_OPT, "OPT" }, /* RFC 2671 */ 295 { T_APL, "APL" }, /* RFC 3123 */ 296 { T_DS, "DS" }, /* RFC 4034 */ 297 { T_SSHFP, "SSHFP" }, /* RFC 4255 */ 298 { T_IPSECKEY, "IPSECKEY" }, /* RFC 4025 */ 299 { T_RRSIG, "RRSIG" }, /* RFC 4034 */ 300 { T_NSEC, "NSEC" }, /* RFC 4034 */ 301 { T_DNSKEY, "DNSKEY" }, /* RFC 4034 */ 302 { T_SPF, "SPF" }, /* RFC-schlitt-spf-classic-02.txt */ 303 { T_UINFO, "UINFO" }, 304 { T_UID, "UID" }, 305 { T_GID, "GID" }, 306 { T_UNSPEC, "UNSPEC" }, 307 { T_UNSPECA, "UNSPECA" }, 308 { T_TKEY, "TKEY" }, /* RFC 2930 */ 309 { T_TSIG, "TSIG" }, /* RFC 2845 */ 310 { T_IXFR, "IXFR" }, /* RFC 1995 */ 311 { T_AXFR, "AXFR" }, /* RFC 1035 */ 312 { T_MAILB, "MAILB" }, /* RFC 1035 */ 313 { T_MAILA, "MAILA" }, /* RFC 1035 */ 314 { T_ANY, "ANY" }, 315 { 0, NULL } 316 }; 317 318 const struct tok ns_class2str[] = { 319 { C_IN, "IN" }, /* Not used */ 320 { C_CHAOS, "CHAOS" }, 321 { C_HS, "HS" }, 322 { C_ANY, "ANY" }, 323 { 0, NULL } 324 }; 325 326 /* print a query */ 327 static const u_char * 328 ns_qprint(netdissect_options *ndo, 329 register const u_char *cp, register const u_char *bp, int is_mdns) 330 { 331 register const u_char *np = cp; 332 register u_int i, class; 333 334 cp = ns_nskip(ndo, cp); 335 336 if (cp == NULL || !ND_TTEST2(*cp, 4)) 337 return(NULL); 338 339 /* print the qtype */ 340 i = EXTRACT_16BITS(cp); 341 cp += 2; 342 ND_PRINT((ndo, " %s", tok2str(ns_type2str, "Type%d", i))); 343 /* print the qclass (if it's not IN) */ 344 i = EXTRACT_16BITS(cp); 345 cp += 2; 346 if (is_mdns) 347 class = (i & ~C_QU); 348 else 349 class = i; 350 if (class != C_IN) 351 ND_PRINT((ndo, " %s", tok2str(ns_class2str, "(Class %d)", class))); 352 if (is_mdns) { 353 ND_PRINT((ndo, i & C_QU ? " (QU)" : " (QM)")); 354 } 355 356 ND_PRINT((ndo, "? ")); 357 cp = ns_nprint(ndo, np, bp); 358 return(cp ? cp + 4 : NULL); 359 } 360 361 /* print a reply */ 362 static const u_char * 363 ns_rprint(netdissect_options *ndo, 364 register const u_char *cp, register const u_char *bp, int is_mdns) 365 { 366 register u_int i, class, opt_flags = 0; 367 register u_short typ, len; 368 register const u_char *rp; 369 370 if (ndo->ndo_vflag) { 371 ND_PRINT((ndo, " ")); 372 if ((cp = ns_nprint(ndo, cp, bp)) == NULL) 373 return NULL; 374 } else 375 cp = ns_nskip(ndo, cp); 376 377 if (cp == NULL || !ND_TTEST2(*cp, 10)) 378 return (ndo->ndo_snapend); 379 380 /* print the type/qtype */ 381 typ = EXTRACT_16BITS(cp); 382 cp += 2; 383 /* print the class (if it's not IN and the type isn't OPT) */ 384 i = EXTRACT_16BITS(cp); 385 cp += 2; 386 if (is_mdns) 387 class = (i & ~C_CACHE_FLUSH); 388 else 389 class = i; 390 if (class != C_IN && typ != T_OPT) 391 ND_PRINT((ndo, " %s", tok2str(ns_class2str, "(Class %d)", class))); 392 if (is_mdns) { 393 if (i & C_CACHE_FLUSH) 394 ND_PRINT((ndo, " (Cache flush)")); 395 } 396 397 if (typ == T_OPT) { 398 /* get opt flags */ 399 cp += 2; 400 opt_flags = EXTRACT_16BITS(cp); 401 /* ignore rest of ttl field */ 402 cp += 2; 403 } else if (ndo->ndo_vflag > 2) { 404 /* print ttl */ 405 ND_PRINT((ndo, " [")); 406 unsigned_relts_print(ndo, EXTRACT_32BITS(cp)); 407 ND_PRINT((ndo, "]")); 408 cp += 4; 409 } else { 410 /* ignore ttl */ 411 cp += 4; 412 } 413 414 len = EXTRACT_16BITS(cp); 415 cp += 2; 416 417 rp = cp + len; 418 419 ND_PRINT((ndo, " %s", tok2str(ns_type2str, "Type%d", typ))); 420 if (rp > ndo->ndo_snapend) 421 return(NULL); 422 423 switch (typ) { 424 case T_A: 425 if (!ND_TTEST2(*cp, sizeof(struct in_addr))) 426 return(NULL); 427 ND_PRINT((ndo, " %s", intoa(htonl(EXTRACT_32BITS(cp))))); 428 break; 429 430 case T_NS: 431 case T_CNAME: 432 case T_PTR: 433 #ifdef T_DNAME 434 case T_DNAME: 435 #endif 436 ND_PRINT((ndo, " ")); 437 if (ns_nprint(ndo, cp, bp) == NULL) 438 return(NULL); 439 break; 440 441 case T_SOA: 442 if (!ndo->ndo_vflag) 443 break; 444 ND_PRINT((ndo, " ")); 445 if ((cp = ns_nprint(ndo, cp, bp)) == NULL) 446 return(NULL); 447 ND_PRINT((ndo, " ")); 448 if ((cp = ns_nprint(ndo, cp, bp)) == NULL) 449 return(NULL); 450 if (!ND_TTEST2(*cp, 5 * 4)) 451 return(NULL); 452 ND_PRINT((ndo, " %u", EXTRACT_32BITS(cp))); 453 cp += 4; 454 ND_PRINT((ndo, " %u", EXTRACT_32BITS(cp))); 455 cp += 4; 456 ND_PRINT((ndo, " %u", EXTRACT_32BITS(cp))); 457 cp += 4; 458 ND_PRINT((ndo, " %u", EXTRACT_32BITS(cp))); 459 cp += 4; 460 ND_PRINT((ndo, " %u", EXTRACT_32BITS(cp))); 461 cp += 4; 462 break; 463 case T_MX: 464 ND_PRINT((ndo, " ")); 465 if (!ND_TTEST2(*cp, 2)) 466 return(NULL); 467 if (ns_nprint(ndo, cp + 2, bp) == NULL) 468 return(NULL); 469 ND_PRINT((ndo, " %d", EXTRACT_16BITS(cp))); 470 break; 471 472 case T_TXT: 473 while (cp < rp) { 474 ND_PRINT((ndo, " \"")); 475 cp = ns_cprint(ndo, cp); 476 if (cp == NULL) 477 return(NULL); 478 ND_PRINT((ndo, "\"")); 479 } 480 break; 481 482 case T_SRV: 483 ND_PRINT((ndo, " ")); 484 if (!ND_TTEST2(*cp, 6)) 485 return(NULL); 486 if (ns_nprint(ndo, cp + 6, bp) == NULL) 487 return(NULL); 488 ND_PRINT((ndo, ":%d %d %d", EXTRACT_16BITS(cp + 4), 489 EXTRACT_16BITS(cp), EXTRACT_16BITS(cp + 2))); 490 break; 491 492 case T_AAAA: 493 { 494 char ntop_buf[INET6_ADDRSTRLEN]; 495 496 if (!ND_TTEST2(*cp, sizeof(struct in6_addr))) 497 return(NULL); 498 ND_PRINT((ndo, " %s", 499 addrtostr6(cp, ntop_buf, sizeof(ntop_buf)))); 500 501 break; 502 } 503 504 case T_A6: 505 { 506 struct in6_addr a; 507 int pbit, pbyte; 508 char ntop_buf[INET6_ADDRSTRLEN]; 509 510 if (!ND_TTEST2(*cp, 1)) 511 return(NULL); 512 pbit = *cp; 513 pbyte = (pbit & ~7) / 8; 514 if (pbit > 128) { 515 ND_PRINT((ndo, " %u(bad plen)", pbit)); 516 break; 517 } else if (pbit < 128) { 518 if (!ND_TTEST2(*(cp + 1), sizeof(a) - pbyte)) 519 return(NULL); 520 memset(&a, 0, sizeof(a)); 521 memcpy(&a.s6_addr[pbyte], cp + 1, sizeof(a) - pbyte); 522 ND_PRINT((ndo, " %u %s", pbit, 523 addrtostr6(&a, ntop_buf, sizeof(ntop_buf)))); 524 } 525 if (pbit > 0) { 526 ND_PRINT((ndo, " ")); 527 if (ns_nprint(ndo, cp + 1 + sizeof(a) - pbyte, bp) == NULL) 528 return(NULL); 529 } 530 break; 531 } 532 533 case T_OPT: 534 ND_PRINT((ndo, " UDPsize=%u", class)); 535 if (opt_flags & 0x8000) 536 ND_PRINT((ndo, " DO")); 537 break; 538 539 case T_UNSPECA: /* One long string */ 540 if (!ND_TTEST2(*cp, len)) 541 return(NULL); 542 if (fn_printn(ndo, cp, len, ndo->ndo_snapend)) 543 return(NULL); 544 break; 545 546 case T_TSIG: 547 { 548 if (cp + len > ndo->ndo_snapend) 549 return(NULL); 550 if (!ndo->ndo_vflag) 551 break; 552 ND_PRINT((ndo, " ")); 553 if ((cp = ns_nprint(ndo, cp, bp)) == NULL) 554 return(NULL); 555 cp += 6; 556 if (!ND_TTEST2(*cp, 2)) 557 return(NULL); 558 ND_PRINT((ndo, " fudge=%u", EXTRACT_16BITS(cp))); 559 cp += 2; 560 if (!ND_TTEST2(*cp, 2)) 561 return(NULL); 562 ND_PRINT((ndo, " maclen=%u", EXTRACT_16BITS(cp))); 563 cp += 2 + EXTRACT_16BITS(cp); 564 if (!ND_TTEST2(*cp, 2)) 565 return(NULL); 566 ND_PRINT((ndo, " origid=%u", EXTRACT_16BITS(cp))); 567 cp += 2; 568 if (!ND_TTEST2(*cp, 2)) 569 return(NULL); 570 ND_PRINT((ndo, " error=%u", EXTRACT_16BITS(cp))); 571 cp += 2; 572 if (!ND_TTEST2(*cp, 2)) 573 return(NULL); 574 ND_PRINT((ndo, " otherlen=%u", EXTRACT_16BITS(cp))); 575 cp += 2; 576 } 577 } 578 return (rp); /* XXX This isn't always right */ 579 } 580 581 void 582 ns_print(netdissect_options *ndo, 583 register const u_char *bp, u_int length, int is_mdns) 584 { 585 register const HEADER *np; 586 register int qdcount, ancount, nscount, arcount; 587 register const u_char *cp; 588 uint16_t b2; 589 590 if(length < sizeof(*np)) { 591 ND_PRINT((ndo, "domain")); 592 ND_PRINT((ndo, " [length %u < %zu]", length, sizeof(*np))); 593 ND_PRINT((ndo, " (invalid)")); 594 return; 595 } 596 597 np = (const HEADER *)bp; 598 ND_TCHECK(*np); 599 /* get the byte-order right */ 600 qdcount = EXTRACT_16BITS(&np->qdcount); 601 ancount = EXTRACT_16BITS(&np->ancount); 602 nscount = EXTRACT_16BITS(&np->nscount); 603 arcount = EXTRACT_16BITS(&np->arcount); 604 605 if (DNS_QR(np)) { 606 /* this is a response */ 607 ND_PRINT((ndo, "%d%s%s%s%s%s%s", 608 EXTRACT_16BITS(&np->id), 609 ns_ops[DNS_OPCODE(np)], 610 ns_resp[DNS_RCODE(np)], 611 DNS_AA(np)? "*" : "", 612 DNS_RA(np)? "" : "-", 613 DNS_TC(np)? "|" : "", 614 DNS_AD(np)? "$" : "")); 615 616 if (qdcount != 1) 617 ND_PRINT((ndo, " [%dq]", qdcount)); 618 /* Print QUESTION section on -vv */ 619 cp = (const u_char *)(np + 1); 620 while (qdcount--) { 621 if (qdcount < EXTRACT_16BITS(&np->qdcount) - 1) 622 ND_PRINT((ndo, ",")); 623 if (ndo->ndo_vflag > 1) { 624 ND_PRINT((ndo, " q:")); 625 if ((cp = ns_qprint(ndo, cp, bp, is_mdns)) == NULL) 626 goto trunc; 627 } else { 628 if ((cp = ns_nskip(ndo, cp)) == NULL) 629 goto trunc; 630 cp += 4; /* skip QTYPE and QCLASS */ 631 } 632 } 633 ND_PRINT((ndo, " %d/%d/%d", ancount, nscount, arcount)); 634 if (ancount--) { 635 if ((cp = ns_rprint(ndo, cp, bp, is_mdns)) == NULL) 636 goto trunc; 637 while (cp < ndo->ndo_snapend && ancount--) { 638 ND_PRINT((ndo, ",")); 639 if ((cp = ns_rprint(ndo, cp, bp, is_mdns)) == NULL) 640 goto trunc; 641 } 642 } 643 if (ancount > 0) 644 goto trunc; 645 /* Print NS and AR sections on -vv */ 646 if (ndo->ndo_vflag > 1) { 647 if (cp < ndo->ndo_snapend && nscount--) { 648 ND_PRINT((ndo, " ns:")); 649 if ((cp = ns_rprint(ndo, cp, bp, is_mdns)) == NULL) 650 goto trunc; 651 while (cp < ndo->ndo_snapend && nscount--) { 652 ND_PRINT((ndo, ",")); 653 if ((cp = ns_rprint(ndo, cp, bp, is_mdns)) == NULL) 654 goto trunc; 655 } 656 } 657 if (nscount > 0) 658 goto trunc; 659 if (cp < ndo->ndo_snapend && arcount--) { 660 ND_PRINT((ndo, " ar:")); 661 if ((cp = ns_rprint(ndo, cp, bp, is_mdns)) == NULL) 662 goto trunc; 663 while (cp < ndo->ndo_snapend && arcount--) { 664 ND_PRINT((ndo, ",")); 665 if ((cp = ns_rprint(ndo, cp, bp, is_mdns)) == NULL) 666 goto trunc; 667 } 668 } 669 if (arcount > 0) 670 goto trunc; 671 } 672 } 673 else { 674 /* this is a request */ 675 ND_PRINT((ndo, "%d%s%s%s", EXTRACT_16BITS(&np->id), ns_ops[DNS_OPCODE(np)], 676 DNS_RD(np) ? "+" : "", 677 DNS_CD(np) ? "%" : "")); 678 679 /* any weirdness? */ 680 b2 = EXTRACT_16BITS(((const u_short *)np)+1); 681 if (b2 & 0x6cf) 682 ND_PRINT((ndo, " [b2&3=0x%x]", b2)); 683 684 if (DNS_OPCODE(np) == IQUERY) { 685 if (qdcount) 686 ND_PRINT((ndo, " [%dq]", qdcount)); 687 if (ancount != 1) 688 ND_PRINT((ndo, " [%da]", ancount)); 689 } 690 else { 691 if (ancount) 692 ND_PRINT((ndo, " [%da]", ancount)); 693 if (qdcount != 1) 694 ND_PRINT((ndo, " [%dq]", qdcount)); 695 } 696 if (nscount) 697 ND_PRINT((ndo, " [%dn]", nscount)); 698 if (arcount) 699 ND_PRINT((ndo, " [%dau]", arcount)); 700 701 cp = (const u_char *)(np + 1); 702 if (qdcount--) { 703 cp = ns_qprint(ndo, cp, (const u_char *)np, is_mdns); 704 if (!cp) 705 goto trunc; 706 while (cp < ndo->ndo_snapend && qdcount--) { 707 cp = ns_qprint(ndo, (const u_char *)cp, 708 (const u_char *)np, 709 is_mdns); 710 if (!cp) 711 goto trunc; 712 } 713 } 714 if (qdcount > 0) 715 goto trunc; 716 717 /* Print remaining sections on -vv */ 718 if (ndo->ndo_vflag > 1) { 719 if (ancount--) { 720 if ((cp = ns_rprint(ndo, cp, bp, is_mdns)) == NULL) 721 goto trunc; 722 while (cp < ndo->ndo_snapend && ancount--) { 723 ND_PRINT((ndo, ",")); 724 if ((cp = ns_rprint(ndo, cp, bp, is_mdns)) == NULL) 725 goto trunc; 726 } 727 } 728 if (ancount > 0) 729 goto trunc; 730 if (cp < ndo->ndo_snapend && nscount--) { 731 ND_PRINT((ndo, " ns:")); 732 if ((cp = ns_rprint(ndo, cp, bp, is_mdns)) == NULL) 733 goto trunc; 734 while (nscount-- && cp < ndo->ndo_snapend) { 735 ND_PRINT((ndo, ",")); 736 if ((cp = ns_rprint(ndo, cp, bp, is_mdns)) == NULL) 737 goto trunc; 738 } 739 } 740 if (nscount > 0) 741 goto trunc; 742 if (cp < ndo->ndo_snapend && arcount--) { 743 ND_PRINT((ndo, " ar:")); 744 if ((cp = ns_rprint(ndo, cp, bp, is_mdns)) == NULL) 745 goto trunc; 746 while (cp < ndo->ndo_snapend && arcount--) { 747 ND_PRINT((ndo, ",")); 748 if ((cp = ns_rprint(ndo, cp, bp, is_mdns)) == NULL) 749 goto trunc; 750 } 751 } 752 if (arcount > 0) 753 goto trunc; 754 } 755 } 756 ND_PRINT((ndo, " (%d)", length)); 757 return; 758 759 trunc: 760 ND_PRINT((ndo, "[|domain]")); 761 } 762