2 * Copyright (c) 1988, 1989, 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997
3 * The Regents of the University of California. All rights reserved.
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that: (1) source code distributions
7 * retain the above copyright notice and this paragraph in its entirety, (2)
8 * distributions including binary code include the above copyright notice and
9 * this paragraph in its entirety in the documentation or other materials
10 * provided with the distribution, and (3) all advertising materials mentioning
11 * features or use of this software display the following acknowledgement:
12 * ``This product includes software developed by the University of California,
13 * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of
14 * the University nor the names of its contributors may be used to endorse
15 * or promote products derived from this software without specific prior
17 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED
18 * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
19 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
22 /* \summary: Domain Name System (DNS) printer */
28 #include "netdissect-stdinc.h"
32 #include "netdissect.h"
33 #include "addrtoname.h"
34 #include "addrtostr.h"
39 static const char *ns_ops[] = {
40 "", " inv_q", " stat", " op3", " notify", " update", " op6", " op7",
41 " op8", " updateA", " updateD", " updateDA",
42 " updateM", " updateMA", " zoneInit", " zoneRef",
45 static const char *ns_resp[] = {
46 "", " FormErr", " ServFail", " NXDomain",
47 " NotImp", " Refused", " YXDomain", " YXRRSet",
48 " NXRRSet", " NotAuth", " NotZone", " Resp11",
49 " Resp12", " Resp13", " Resp14", " NoChange",
50 " BadVers", "Resp17", " Resp18", " Resp19",
51 " Resp20", "Resp21", " Resp22", " BadCookie",
55 ns_rcode(u_int rcode) {
56 static char buf[sizeof(" Resp4095")];
58 if (rcode < sizeof(ns_resp)/sizeof(ns_resp[0])) {
59 return (ns_resp[rcode]);
61 snprintf(buf, sizeof(buf), " Resp%u", rcode & 0xfff);
65 /* skip over a domain name */
67 ns_nskip(netdissect_options *ndo,
77 switch (i & TYPE_MASK) {
85 if ((i & ~TYPE_MASK) != EDNS0_ELT_BITLABEL)
86 return(NULL); /* unknown ELT */
89 if ((bitlen = GET_U_1(cp)) == 0)
92 bytelen = (bitlen + 7) / 8;
112 static const u_char *
113 blabel_print(netdissect_options *ndo,
116 u_int bitlen, slen, b;
117 const u_char *bitp, *lim;
122 if ((bitlen = GET_U_1(cp)) == 0)
124 slen = (bitlen + 3) / 4;
127 /* print the bit string as a hex string */
129 for (bitp = cp + 1, b = bitlen; bitp < lim && b > 7; b -= 8, bitp++) {
130 ND_PRINT("%02x", GET_U_1(bitp));
135 ND_PRINT("%02x", tc & (0xff << (8 - b)));
139 ND_PRINT("%1x", ((tc >> 4) & 0x0f) & (0x0f << (4 - b)));
141 ND_PRINT("/%u]", bitlen);
146 labellen(netdissect_options *ndo,
154 switch (i & TYPE_MASK) {
158 if ((elt = (i & ~TYPE_MASK)) != EDNS0_ELT_BITLABEL) {
159 ND_PRINT("<ELT %d>", elt);
162 if (!ND_TTEST_1(cp + 1))
164 if ((bitlen = GET_U_1(cp + 1)) == 0)
166 return(((bitlen + 7) / 8) + 1);
175 * TYPE_RESERVED, but we use default to suppress compiler
176 * warnings about falling out of the switch statement.
178 ND_PRINT("<BAD LABEL TYPE>");
183 /* print a <domain-name> */
185 fqdn_print(netdissect_options *ndo,
186 const u_char *cp, const u_char *bp)
189 const u_char *rp = NULL;
192 u_int offset, max_offset;
193 u_int name_chars = 0;
195 if ((l = labellen(ndo, cp)) == (u_int)-1)
199 max_offset = (u_int)(cp - bp);
202 if ((i & TYPE_MASK) != TYPE_INDIR) {
208 while (i && cp < ndo->ndo_snapend) {
209 switch (i & TYPE_MASK) {
218 offset = (((i << 8) | GET_U_1(cp)) & 0x3fff);
220 * This must move backwards in the packet.
221 * No RFC explicitly says that, but BIND's
222 * name decompression code requires it,
223 * as a way of preventing infinite loops
224 * and other bad behavior, and it's probably
225 * what was intended (compress by pointing
226 * to domain name suffixes already seen in
229 if (offset >= max_offset) {
230 ND_PRINT("<BAD PTR>");
238 if ((l = labellen(ndo, cp)) == (u_int)-1)
244 elt = (i & ~TYPE_MASK);
246 case EDNS0_ELT_BITLABEL:
247 if (blabel_print(ndo, cp) == NULL)
252 ND_PRINT("<ELT %u>", elt);
258 ND_PRINT("<BAD LABEL TYPE>");
262 if (name_chars + l <= MAXCDNAME) {
263 if (nd_printn(ndo, cp, l, ndo->ndo_snapend))
265 } else if (name_chars < MAXCDNAME) {
266 if (nd_printn(ndo, cp,
267 MAXCDNAME - name_chars, ndo->ndo_snapend))
275 if (name_chars <= MAXCDNAME)
281 if ((l = labellen(ndo, cp)) == (u_int)-1)
287 if (name_chars > MAXCDNAME)
288 ND_PRINT("<DOMAIN NAME TOO LONG>");
294 /* print a <character-string> */
295 static const u_char *
296 ns_cprint(netdissect_options *ndo,
305 if (nd_printn(ndo, cp, i, ndo->ndo_snapend))
311 print_eopt_ecs(netdissect_options *ndo, const u_char *cp,
314 u_int family, addr_bits, src_len, scope_len;
317 char addr[INET6_ADDRSTRLEN];
319 /* ecs option must at least contain family, src len, and scope len */
321 nd_print_invalid(ndo);
325 family = GET_BE_U_2(cp);
327 src_len = GET_U_1(cp);
329 scope_len = GET_U_1(cp);
334 else if (family == 2)
337 nd_print_invalid(ndo);
341 if (data_len - 4 > (addr_bits / 8)) {
342 nd_print_invalid(ndo);
345 /* checks for invalid ecs scope or source length */
346 if (src_len > addr_bits || scope_len > addr_bits || ((src_len + 7) / 8) != (data_len - 4)) {
347 nd_print_invalid(ndo);
351 /* pad the truncated address from ecs with zeros */
352 memset(padded, 0, sizeof(padded));
353 memcpy(padded, cp, data_len - 4);
357 ND_PRINT("%s/%d/%d", addrtostr(padded, addr, INET_ADDRSTRLEN),
360 ND_PRINT("%s/%d/%d", addrtostr6(padded, addr, INET6_ADDRSTRLEN),
365 extern const struct tok edns_opt2str[];
366 extern const struct tok dau_alg2str[];
367 extern const struct tok dhu_alg2str[];
368 extern const struct tok n3u_alg2str[];
371 /* print an <EDNS-option> */
372 static const u_char *
373 eopt_print(netdissect_options *ndo,
376 u_int opt, data_len, i;
380 opt = GET_BE_U_2(cp);
382 ND_PRINT("%s", tok2str(edns_opt2str, "Opt%u", opt));
385 data_len = GET_BE_U_2(cp);
388 ND_TCHECK_LEN(cp, data_len);
395 print_eopt_ecs(ndo, cp, data_len);
398 if (data_len < 8 || (data_len > 8 && data_len < 16) || data_len > 40)
399 nd_print_invalid(ndo);
401 for (i = 0; i < data_len; ++i) {
402 /* split client and server cookie */
405 ND_PRINT("%02x", GET_U_1(cp + i));
411 nd_print_invalid(ndo);
413 /* keepalive is in increments of 100ms. Convert to seconds */
414 ND_PRINT("%0.1f sec", (GET_BE_U_2(cp) / 10.0));
418 nd_print_invalid(ndo);
420 ND_PRINT("%u sec", GET_BE_U_4(cp));
423 /* ignore contents and just print length */
424 ND_PRINT("(%u)", data_len);
427 if (data_len % 2 != 0)
428 nd_print_invalid(ndo);
430 for (i = 0; i < data_len; i += 2) {
433 ND_PRINT("%u", GET_BE_U_2(cp + i));
437 for (i = 0; i < data_len; ++i) {
440 ND_PRINT("%s", tok2str(dau_alg2str, "Alg_%u", GET_U_1(cp + i)));
444 for (i = 0; i < data_len; ++i) {
447 ND_PRINT("%s", tok2str(dhu_alg2str, "Alg_%u", GET_U_1(cp + i)));
451 for (i = 0; i < data_len; ++i) {
454 ND_PRINT("%s", tok2str(n3u_alg2str, "Alg_%u", GET_U_1(cp + i)));
458 fqdn_print(ndo, cp, cp + data_len);
461 /* intentional fall-through. NSID is an undefined byte string */
463 for (i = 0; i < data_len; ++i)
464 ND_PRINT("%02x", GET_U_1(cp + i));
468 return (cp + data_len);
477 extern const struct tok ns_type2str[];
479 /* https://www.iana.org/assignments/dns-parameters */
480 const struct tok ns_type2str[] = {
481 { T_A, "A" }, /* RFC 1035 */
482 { T_NS, "NS" }, /* RFC 1035 */
483 { T_MD, "MD" }, /* RFC 1035 */
484 { T_MF, "MF" }, /* RFC 1035 */
485 { T_CNAME, "CNAME" }, /* RFC 1035 */
486 { T_SOA, "SOA" }, /* RFC 1035 */
487 { T_MB, "MB" }, /* RFC 1035 */
488 { T_MG, "MG" }, /* RFC 1035 */
489 { T_MR, "MR" }, /* RFC 1035 */
490 { T_NULL, "NULL" }, /* RFC 1035 */
491 { T_WKS, "WKS" }, /* RFC 1035 */
492 { T_PTR, "PTR" }, /* RFC 1035 */
493 { T_HINFO, "HINFO" }, /* RFC 1035 */
494 { T_MINFO, "MINFO" }, /* RFC 1035 */
495 { T_MX, "MX" }, /* RFC 1035 */
496 { T_TXT, "TXT" }, /* RFC 1035 */
497 { T_RP, "RP" }, /* RFC 1183 */
498 { T_AFSDB, "AFSDB" }, /* RFC 5864 */
499 { T_X25, "X25" }, /* RFC 1183 */
500 { T_ISDN, "ISDN" }, /* RFC 1183 */
501 { T_RT, "RT" }, /* RFC 1183 */
502 { T_NSAP, "NSAP" }, /* RFC 1706 */
503 { T_NSAP_PTR, "NSAP_PTR" }, /* RFC 1706 */
504 { T_SIG, "SIG" }, /* RFC 3008 */
505 { T_KEY, "KEY" }, /* RFC 3110 */
506 { T_PX, "PX" }, /* RFC 2163 */
507 { T_GPOS, "GPOS" }, /* RFC 1712 */
508 { T_AAAA, "AAAA" }, /* RFC 3596 */
509 { T_LOC, "LOC" }, /* RFC 1876 */
510 { T_NXT, "NXT" }, /* RFC 3755 */
511 { T_EID, "EID" }, /* Nimrod */
512 { T_NIMLOC, "NIMLOC" }, /* Nimrod */
513 { T_SRV, "SRV" }, /* RFC 2782 */
514 { T_ATMA, "ATMA" }, /* ATM Forum */
515 { T_NAPTR, "NAPTR" }, /* RFC 3403 */
516 { T_KX, "KX" }, /* RFC 2230 */
517 { T_CERT, "CERT" }, /* RFC 4398 */
518 { T_A6, "A6" }, /* RFC 6563 */
519 { T_DNAME, "DNAME" }, /* RFC 6672 */
521 { T_OPT, "OPT" }, /* RFC 6891 */
522 { T_APL, "APL" }, /* RFC 3123 */
523 { T_DS, "DS" }, /* RFC 4034 */
524 { T_SSHFP, "SSHFP" }, /* RFC 4255 */
525 { T_IPSECKEY, "IPSECKEY" }, /* RFC 4025 */
526 { T_RRSIG, "RRSIG" }, /* RFC 4034 */
527 { T_NSEC, "NSEC" }, /* RFC 4034 */
528 { T_DNSKEY, "DNSKEY" }, /* RFC 4034 */
529 { T_DHCID, "DHCID" }, /* RFC 4071 */
530 { T_NSEC3, "NSEC3" }, /* RFC 5155 */
531 { T_NSEC3PARAM, "NSEC3PARAM" }, /* RFC 5155 */
532 { T_TLSA, "TLSA" }, /* RFC 6698 */
533 { T_SMIMEA, "SMIMEA" }, /* RFC 8162 */
534 { T_HIP, "HIP" }, /* RFC 8005 */
535 { T_NINFO, "NINFO" },
537 { T_TALINK, "TALINK" },
538 { T_CDS, "CDS" }, /* RFC 7344 */
539 { T_CDNSKEY, "CDNSKEY" }, /* RFC 7344 */
540 { T_OPENPGPKEY, "OPENPGPKEY" }, /* RFC 7929 */
541 { T_CSYNC, "CSYNC" }, /* RFC 7477 */
542 { T_ZONEMD, "ZONEMD" }, /* RFC 8976 */
544 { T_HTTPS, "HTTPS" },
545 { T_SPF, "SPF" }, /* RFC 7208 */
546 { T_UINFO, "UINFO" },
549 { T_UNSPEC, "UNSPEC" },
550 { T_NID, "NID" }, /* RFC 6742 */
551 { T_L32, "L32" }, /* RFC 6742 */
552 { T_L64, "L64" }, /* RFC 6742 */
553 { T_LP, "LP" }, /* RFC 6742 */
554 { T_EUI48, "EUI48" }, /* RFC 7043 */
555 { T_EUI64, "EUI64" }, /* RFC 7043 */
556 { T_TKEY, "TKEY" }, /* RFC 2930 */
557 { T_TSIG, "TSIG" }, /* RFC 8945 */
558 { T_IXFR, "IXFR" }, /* RFC 1995 */
559 { T_AXFR, "AXFR" }, /* RFC 5936 */
560 { T_MAILB, "MAILB" }, /* RFC 1035 */
561 { T_MAILA, "MAILA" }, /* RFC 1035 */
562 { T_ANY, "ANY" }, /* RFC 8482 */
563 { T_URI, "URI" }, /* RFC 7553 */
564 { T_CAA, "CAA" }, /* RFC 8659 */
567 { T_AMTRELAY, "AMTRELAY" }, /* RFC 8777 */
569 { T_DLV, "DLV" }, /* RFC 8749 */
573 extern const struct tok ns_class2str[];
575 const struct tok ns_class2str[] = {
576 { C_IN, "IN" }, /* Not used */
577 { C_CHAOS, "CHAOS" },
583 const struct tok edns_opt2str[] = {
591 { E_EXPIRE, "EXPIRE" },
592 { E_COOKIE, "COOKIE" },
593 { E_KEEPALIVE, "KEEPALIVE" },
594 { E_PADDING, "PADDING" },
595 { E_CHAIN, "CHAIN" },
596 { E_KEYTAG, "KEY-TAG" },
597 { E_CLIENTTAG, "CLIENT-TAG" },
598 { E_SERVERTAG, "SERVER-TAG" },
602 const struct tok dau_alg2str[] = {
603 { A_DELETE, "DELETE" },
604 { A_RSAMD5, "RSAMD5" },
607 { A_RSASHA1, "RSASHA1" },
608 { A_DSA_NSEC3_SHA1, "DSA-NSEC3-SHA1" },
609 { A_RSASHA1_NSEC3_SHA1, "RSASHA1-NSEC3-SHA1" },
610 { A_RSASHA256, "RSASHA256" },
611 { A_RSASHA512, "RSASHA512" },
612 { A_ECC_GOST, "ECC-GOST" },
613 { A_ECDSAP256SHA256, "ECDSAP256SHA256" },
614 { A_ECDSAP384SHA384, "ECDSAP384SHA384" },
615 { A_ED25519, "ED25519" },
616 { A_ED448, "ED448" },
617 { A_INDIRECT, "INDIRECT" },
618 { A_PRIVATEDNS, "PRIVATEDNS" },
619 { A_PRIVATEOID, "PRIVATEOID" },
623 const struct tok dhu_alg2str[] = {
624 { DS_SHA1, "SHA-1" },
625 { DS_SHA256,"SHA-256" },
626 { DS_GOST, "GOST_R_34.11-94" },
627 { DS_SHA384,"SHA-384" },
631 const struct tok n3u_alg2str[] = {
632 { NSEC_SHA1,"SHA-1" },
637 static const u_char *
638 ns_qprint(netdissect_options *ndo,
639 const u_char *cp, const u_char *bp, int is_mdns)
641 const u_char *np = cp;
644 cp = ns_nskip(ndo, cp);
646 if (cp == NULL || !ND_TTEST_4(cp))
649 /* print the qtype */
652 ND_PRINT(" %s", tok2str(ns_type2str, "Type%u", i));
653 /* print the qclass (if it's not IN) */
661 ND_PRINT(" %s", tok2str(ns_class2str, "(Class %u)", class));
663 ND_PRINT(i & C_QU ? " (QU)" : " (QM)");
667 cp = fqdn_print(ndo, np, bp);
668 return(cp ? cp + 4 : NULL);
672 static const u_char *
673 ns_rprint(netdissect_options *ndo,
674 const u_char *cp, const u_char *bp, int is_mdns)
676 u_int i, class, opt_flags = 0;
680 if (ndo->ndo_vflag) {
682 if ((cp = fqdn_print(ndo, cp, bp)) == NULL)
685 cp = ns_nskip(ndo, cp);
687 if (cp == NULL || !ND_TTEST_LEN(cp, 10))
688 return (ndo->ndo_snapend);
690 /* print the type/qtype */
691 typ = GET_BE_U_2(cp);
693 /* print the class (if it's not IN and the type isn't OPT) */
697 class = (i & ~C_CACHE_FLUSH);
700 if (class != C_IN && typ != T_OPT)
701 ND_PRINT(" %s", tok2str(ns_class2str, "(Class %u)", class));
703 if (i & C_CACHE_FLUSH)
704 ND_PRINT(" (Cache flush)");
710 opt_flags = GET_BE_U_2(cp);
711 /* ignore rest of ttl field */
713 } else if (ndo->ndo_vflag > 2) {
716 unsigned_relts_print(ndo, GET_BE_U_4(cp));
724 len = GET_BE_U_2(cp);
729 ND_PRINT(" %s", tok2str(ns_type2str, "Type%u", typ));
730 if (rp > ndo->ndo_snapend)
735 if (!ND_TTEST_LEN(cp, sizeof(nd_ipv4)))
737 ND_PRINT(" %s", intoa(GET_IPV4_TO_NETWORK_ORDER(cp)));
745 if (fqdn_print(ndo, cp, bp) == NULL)
753 if ((cp = fqdn_print(ndo, cp, bp)) == NULL)
756 if ((cp = fqdn_print(ndo, cp, bp)) == NULL)
758 if (!ND_TTEST_LEN(cp, 5 * 4))
760 ND_PRINT(" %u", GET_BE_U_4(cp));
762 ND_PRINT(" %u", GET_BE_U_4(cp));
764 ND_PRINT(" %u", GET_BE_U_4(cp));
766 ND_PRINT(" %u", GET_BE_U_4(cp));
768 ND_PRINT(" %u", GET_BE_U_4(cp));
775 if (fqdn_print(ndo, cp + 2, bp) == NULL)
777 ND_PRINT(" %u", GET_BE_U_2(cp));
783 cp = ns_cprint(ndo, cp);
794 if (fqdn_print(ndo, cp + 6, bp) == NULL)
796 ND_PRINT(":%u %u %u", GET_BE_U_2(cp + 4),
797 GET_BE_U_2(cp), GET_BE_U_2(cp + 2));
802 char ntop_buf[INET6_ADDRSTRLEN];
804 if (!ND_TTEST_LEN(cp, sizeof(nd_ipv6)))
807 addrtostr6(cp, ntop_buf, sizeof(ntop_buf)));
816 char ntop_buf[INET6_ADDRSTRLEN];
821 pbyte = (pbit & ~7) / 8;
823 ND_PRINT(" %u(bad plen)", pbit);
825 } else if (pbit < 128) {
826 memset(a, 0, sizeof(a));
827 GET_CPY_BYTES(a + pbyte, cp + 1, sizeof(a) - pbyte);
828 ND_PRINT(" %u %s", pbit,
829 addrtostr6(&a, ntop_buf, sizeof(ntop_buf)));
833 if (fqdn_print(ndo, cp + 1 + sizeof(a) - pbyte, bp) == NULL)
840 if (!ND_TTEST_LEN(cp, len))
842 ND_PRINT(" %u %u ", GET_BE_U_2(cp), GET_BE_U_2(cp + 2));
843 if (nd_printn(ndo, cp + 4, len - 4, ndo->ndo_snapend))
848 ND_PRINT(" UDPsize=%u", class);
849 if (opt_flags & 0x8000)
854 cp = eopt_print(ndo, cp);
866 if (cp + len > ndo->ndo_snapend)
871 if ((cp = fqdn_print(ndo, cp, bp)) == NULL)
876 ND_PRINT(" fudge=%u", GET_BE_U_2(cp));
880 ND_PRINT(" maclen=%u", GET_BE_U_2(cp));
881 cp += 2 + GET_BE_U_2(cp);
884 ND_PRINT(" origid=%u", GET_BE_U_2(cp));
888 ND_PRINT(" error=%u", GET_BE_U_2(cp));
892 ND_PRINT(" otherlen=%u", GET_BE_U_2(cp));
896 return (rp); /* XXX This isn't always right */
900 domain_print(netdissect_options *ndo,
901 const u_char *bp, u_int length, int over_tcp, int is_mdns)
903 const dns_header_t *np;
904 uint16_t flags, rcode, rdlen, type;
905 u_int qdcount, ancount, nscount, arcount;
910 ndo->ndo_protocol = "domain";
914 * The message is prefixed with a two byte length field
915 * which gives the message length, excluding the two byte
916 * length field. (RFC 1035 - 4.2.2. TCP usage)
919 ND_PRINT(" [DNS over TCP: length %u < 2]", length);
920 nd_print_invalid(ndo);
923 length -= 2; /* excluding the two byte length field */
924 if (GET_BE_U_2(bp) != length) {
925 ND_PRINT(" [prefix length(%u) != length(%u)]",
926 GET_BE_U_2(bp), length);
927 nd_print_invalid(ndo);
931 /* in over TCP case, we need to prepend a space
932 * (not needed in over UDP case)
939 np = (const dns_header_t *)bp;
941 if(length < sizeof(*np)) {
942 nd_print_protocol(ndo);
943 ND_PRINT(" [length %u < %zu]", length, sizeof(*np));
944 nd_print_invalid(ndo);
949 flags = GET_BE_U_2(np->flags);
950 /* get the byte-order right */
951 qdcount = GET_BE_U_2(np->qdcount);
952 ancount = GET_BE_U_2(np->ancount);
953 nscount = GET_BE_U_2(np->nscount);
954 arcount = GET_BE_U_2(np->arcount);
956 /* find the opt record to extract extended rcode */
957 cp = (const u_char *)(np + 1);
958 rcode = DNS_RCODE(flags);
959 for (i = 0; i < qdcount; i++) {
960 if ((cp = ns_nskip(ndo, cp)) == NULL)
962 cp += 4; /* skip QTYPE and QCLASS */
963 if (cp >= ndo->ndo_snapend)
966 for (i = 0; i < ancount + nscount; i++) {
967 if ((cp = ns_nskip(ndo, cp)) == NULL)
969 cp += 8; /* skip TYPE, CLASS and TTL */
970 if (cp + 2 > ndo->ndo_snapend)
972 rdlen = GET_BE_U_2(cp);
974 if (cp >= ndo->ndo_snapend)
977 for (i = 0; i < arcount; i++) {
978 if ((cp = ns_nskip(ndo, cp)) == NULL)
980 if (cp + 2 > ndo->ndo_snapend)
982 type = GET_BE_U_2(cp);
983 cp += 4; /* skip TYPE and CLASS */
984 if (cp + 1 > ndo->ndo_snapend)
987 rcode |= (GET_U_1(cp) << 4);
991 if (cp + 2 > ndo->ndo_snapend)
993 rdlen = GET_BE_U_2(cp);
995 if (cp >= ndo->ndo_snapend)
1000 if (DNS_QR(flags)) {
1001 /* this is a response */
1002 ND_PRINT("%u%s%s%s%s%s%s",
1004 ns_ops[DNS_OPCODE(flags)],
1006 DNS_AA(flags)? "*" : "",
1007 DNS_RA(flags)? "" : "-",
1008 DNS_TC(flags)? "|" : "",
1009 DNS_AD(flags)? "$" : "");
1012 ND_PRINT(" [%uq]", qdcount);
1013 /* Print QUESTION section on -vv */
1014 cp = (const u_char *)(np + 1);
1015 for (i = 0; i < qdcount; i++) {
1018 if (ndo->ndo_vflag > 1) {
1020 if ((cp = ns_qprint(ndo, cp, bp, is_mdns)) == NULL)
1023 if ((cp = ns_nskip(ndo, cp)) == NULL)
1025 cp += 4; /* skip QTYPE and QCLASS */
1028 ND_PRINT(" %u/%u/%u", ancount, nscount, arcount);
1030 if ((cp = ns_rprint(ndo, cp, bp, is_mdns)) == NULL)
1033 while (cp < ndo->ndo_snapend && ancount) {
1035 if ((cp = ns_rprint(ndo, cp, bp, is_mdns)) == NULL)
1042 /* Print NS and AR sections on -vv */
1043 if (ndo->ndo_vflag > 1) {
1044 if (cp < ndo->ndo_snapend && nscount) {
1046 if ((cp = ns_rprint(ndo, cp, bp, is_mdns)) == NULL)
1049 while (cp < ndo->ndo_snapend && nscount) {
1051 if ((cp = ns_rprint(ndo, cp, bp, is_mdns)) == NULL)
1058 if (cp < ndo->ndo_snapend && arcount) {
1060 if ((cp = ns_rprint(ndo, cp, bp, is_mdns)) == NULL)
1063 while (cp < ndo->ndo_snapend && arcount) {
1065 if ((cp = ns_rprint(ndo, cp, bp, is_mdns)) == NULL)
1075 /* this is a request */
1076 ND_PRINT("%u%s%s%s", GET_BE_U_2(np->id),
1077 ns_ops[DNS_OPCODE(flags)],
1078 DNS_RD(flags) ? "+" : "",
1079 DNS_CD(flags) ? "%" : "");
1081 /* any weirdness? */
1082 b2 = GET_BE_U_2(((const u_short *)np) + 1);
1084 ND_PRINT(" [b2&3=0x%x]", b2);
1086 if (DNS_OPCODE(flags) == IQUERY) {
1088 ND_PRINT(" [%uq]", qdcount);
1090 ND_PRINT(" [%ua]", ancount);
1094 ND_PRINT(" [%ua]", ancount);
1096 ND_PRINT(" [%uq]", qdcount);
1099 ND_PRINT(" [%un]", nscount);
1101 ND_PRINT(" [%uau]", arcount);
1103 cp = (const u_char *)(np + 1);
1105 cp = ns_qprint(ndo, cp, (const u_char *)np, is_mdns);
1109 while (cp < ndo->ndo_snapend && qdcount) {
1110 cp = ns_qprint(ndo, (const u_char *)cp,
1121 /* Print remaining sections on -vv */
1122 if (ndo->ndo_vflag > 1) {
1124 if ((cp = ns_rprint(ndo, cp, bp, is_mdns)) == NULL)
1127 while (cp < ndo->ndo_snapend && ancount) {
1129 if ((cp = ns_rprint(ndo, cp, bp, is_mdns)) == NULL)
1136 if (cp < ndo->ndo_snapend && nscount) {
1138 if ((cp = ns_rprint(ndo, cp, bp, is_mdns)) == NULL)
1141 while (cp < ndo->ndo_snapend && nscount) {
1143 if ((cp = ns_rprint(ndo, cp, bp, is_mdns)) == NULL)
1150 if (cp < ndo->ndo_snapend && arcount) {
1152 if ((cp = ns_rprint(ndo, cp, bp, is_mdns)) == NULL)
1155 while (cp < ndo->ndo_snapend && arcount) {
1157 if ((cp = ns_rprint(ndo, cp, bp, is_mdns)) == NULL)
1166 ND_PRINT(" (%u)", length);
1170 nd_print_trunc(ndo);