1 /*
2 * Copyright (c) 1988, 1989, 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997
3 * The Regents of the University of California. All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that: (1) source code distributions
7 * retain the above copyright notice and this paragraph in its entirety, (2)
8 * distributions including binary code include the above copyright notice and
9 * this paragraph in its entirety in the documentation or other materials
10 * provided with the distribution, and (3) all advertising materials mentioning
11 * features or use of this software display the following acknowledgement:
12 * ``This product includes software developed by the University of California,
13 * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of
14 * the University nor the names of its contributors may be used to endorse
15 * or promote products derived from this software without specific prior
16 * written permission.
17 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED
18 * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
19 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
20 */
21
22 /* \summary: Domain Name System (DNS) printer */
23
24 #ifdef HAVE_CONFIG_H
25 #include "config.h"
26 #endif
27
28 #include <netdissect-stdinc.h>
29
30 #include "nameser.h"
31
32 #include <string.h>
33
34 #include "netdissect.h"
35 #include "addrtoname.h"
36 #include "addrtostr.h"
37 #include "extract.h"
38
39 static const char *ns_ops[] = {
40 "", " inv_q", " stat", " op3", " notify", " update", " op6", " op7",
41 " op8", " updateA", " updateD", " updateDA",
42 " updateM", " updateMA", " zoneInit", " zoneRef",
43 };
44
45 static const char *ns_resp[] = {
46 "", " FormErr", " ServFail", " NXDomain",
47 " NotImp", " Refused", " YXDomain", " YXRRSet",
48 " NXRRSet", " NotAuth", " NotZone", " Resp11",
49 " Resp12", " Resp13", " Resp14", " NoChange",
50 };
51
52 /* skip over a domain name */
53 static const u_char *
ns_nskip(netdissect_options * ndo,register const u_char * cp)54 ns_nskip(netdissect_options *ndo,
55 register const u_char *cp)
56 {
57 register u_char i;
58
59 if (!ND_TTEST2(*cp, 1))
60 return (NULL);
61 i = *cp++;
62 while (i) {
63 if ((i & INDIR_MASK) == INDIR_MASK)
64 return (cp + 1);
65 if ((i & INDIR_MASK) == EDNS0_MASK) {
66 int bitlen, bytelen;
67
68 if ((i & ~INDIR_MASK) != EDNS0_ELT_BITLABEL)
69 return(NULL); /* unknown ELT */
70 if (!ND_TTEST2(*cp, 1))
71 return (NULL);
72 if ((bitlen = *cp++) == 0)
73 bitlen = 256;
74 bytelen = (bitlen + 7) / 8;
75 cp += bytelen;
76 } else
77 cp += i;
78 if (!ND_TTEST2(*cp, 1))
79 return (NULL);
80 i = *cp++;
81 }
82 return (cp);
83 }
84
85 /* print a <domain-name> */
86 static const u_char *
blabel_print(netdissect_options * ndo,const u_char * cp)87 blabel_print(netdissect_options *ndo,
88 const u_char *cp)
89 {
90 int bitlen, slen, b;
91 const u_char *bitp, *lim;
92 char tc;
93
94 if (!ND_TTEST2(*cp, 1))
95 return(NULL);
96 if ((bitlen = *cp) == 0)
97 bitlen = 256;
98 slen = (bitlen + 3) / 4;
99 lim = cp + 1 + slen;
100
101 /* print the bit string as a hex string */
102 ND_PRINT((ndo, "\\[x"));
103 for (bitp = cp + 1, b = bitlen; bitp < lim && b > 7; b -= 8, bitp++) {
104 ND_TCHECK(*bitp);
105 ND_PRINT((ndo, "%02x", *bitp));
106 }
107 if (b > 4) {
108 ND_TCHECK(*bitp);
109 tc = *bitp++;
110 ND_PRINT((ndo, "%02x", tc & (0xff << (8 - b))));
111 } else if (b > 0) {
112 ND_TCHECK(*bitp);
113 tc = *bitp++;
114 ND_PRINT((ndo, "%1x", ((tc >> 4) & 0x0f) & (0x0f << (4 - b))));
115 }
116 ND_PRINT((ndo, "/%d]", bitlen));
117 return lim;
118 trunc:
119 ND_PRINT((ndo, ".../%d]", bitlen));
120 return NULL;
121 }
122
123 static int
labellen(netdissect_options * ndo,const u_char * cp)124 labellen(netdissect_options *ndo,
125 const u_char *cp)
126 {
127 register u_int i;
128
129 if (!ND_TTEST2(*cp, 1))
130 return(-1);
131 i = *cp;
132 if ((i & INDIR_MASK) == EDNS0_MASK) {
133 int bitlen, elt;
134 if ((elt = (i & ~INDIR_MASK)) != EDNS0_ELT_BITLABEL) {
135 ND_PRINT((ndo, "<ELT %d>", elt));
136 return(-1);
137 }
138 if (!ND_TTEST2(*(cp + 1), 1))
139 return(-1);
140 if ((bitlen = *(cp + 1)) == 0)
141 bitlen = 256;
142 return(((bitlen + 7) / 8) + 1);
143 } else
144 return(i);
145 }
146
147 const u_char *
ns_nprint(netdissect_options * ndo,register const u_char * cp,register const u_char * bp)148 ns_nprint(netdissect_options *ndo,
149 register const u_char *cp, register const u_char *bp)
150 {
151 register u_int i, l;
152 register const u_char *rp = NULL;
153 register int compress = 0;
154 int chars_processed;
155 int elt;
156 int data_size = ndo->ndo_snapend - bp;
157
158 if ((l = labellen(ndo, cp)) == (u_int)-1)
159 return(NULL);
160 if (!ND_TTEST2(*cp, 1))
161 return(NULL);
162 chars_processed = 1;
163 if (((i = *cp++) & INDIR_MASK) != INDIR_MASK) {
164 compress = 0;
165 rp = cp + l;
166 }
167
168 if (i != 0)
169 while (i && cp < ndo->ndo_snapend) {
170 if ((i & INDIR_MASK) == INDIR_MASK) {
171 if (!compress) {
172 rp = cp + 1;
173 compress = 1;
174 }
175 if (!ND_TTEST2(*cp, 1))
176 return(NULL);
177 cp = bp + (((i << 8) | *cp) & 0x3fff);
178 if ((l = labellen(ndo, cp)) == (u_int)-1)
179 return(NULL);
180 if (!ND_TTEST2(*cp, 1))
181 return(NULL);
182 i = *cp++;
183 chars_processed++;
184
185 /*
186 * If we've looked at every character in
187 * the message, this pointer will make
188 * us look at some character again,
189 * which means we're looping.
190 */
191 if (chars_processed >= data_size) {
192 ND_PRINT((ndo, "<LOOP>"));
193 return (NULL);
194 }
195 continue;
196 }
197 if ((i & INDIR_MASK) == EDNS0_MASK) {
198 elt = (i & ~INDIR_MASK);
199 switch(elt) {
200 case EDNS0_ELT_BITLABEL:
201 if (blabel_print(ndo, cp) == NULL)
202 return (NULL);
203 break;
204 default:
205 /* unknown ELT */
206 ND_PRINT((ndo, "<ELT %d>", elt));
207 return(NULL);
208 }
209 } else {
210 if (fn_printn(ndo, cp, l, ndo->ndo_snapend))
211 return(NULL);
212 }
213
214 cp += l;
215 chars_processed += l;
216 ND_PRINT((ndo, "."));
217 if ((l = labellen(ndo, cp)) == (u_int)-1)
218 return(NULL);
219 if (!ND_TTEST2(*cp, 1))
220 return(NULL);
221 i = *cp++;
222 chars_processed++;
223 if (!compress)
224 rp += l + 1;
225 }
226 else
227 ND_PRINT((ndo, "."));
228 return (rp);
229 }
230
231 /* print a <character-string> */
232 static const u_char *
ns_cprint(netdissect_options * ndo,register const u_char * cp)233 ns_cprint(netdissect_options *ndo,
234 register const u_char *cp)
235 {
236 register u_int i;
237
238 if (!ND_TTEST2(*cp, 1))
239 return (NULL);
240 i = *cp++;
241 if (fn_printn(ndo, cp, i, ndo->ndo_snapend))
242 return (NULL);
243 return (cp + i);
244 }
245
246 /* http://www.iana.org/assignments/dns-parameters */
247 const struct tok ns_type2str[] = {
248 { T_A, "A" }, /* RFC 1035 */
249 { T_NS, "NS" }, /* RFC 1035 */
250 { T_MD, "MD" }, /* RFC 1035 */
251 { T_MF, "MF" }, /* RFC 1035 */
252 { T_CNAME, "CNAME" }, /* RFC 1035 */
253 { T_SOA, "SOA" }, /* RFC 1035 */
254 { T_MB, "MB" }, /* RFC 1035 */
255 { T_MG, "MG" }, /* RFC 1035 */
256 { T_MR, "MR" }, /* RFC 1035 */
257 { T_NULL, "NULL" }, /* RFC 1035 */
258 { T_WKS, "WKS" }, /* RFC 1035 */
259 { T_PTR, "PTR" }, /* RFC 1035 */
260 { T_HINFO, "HINFO" }, /* RFC 1035 */
261 { T_MINFO, "MINFO" }, /* RFC 1035 */
262 { T_MX, "MX" }, /* RFC 1035 */
263 { T_TXT, "TXT" }, /* RFC 1035 */
264 { T_RP, "RP" }, /* RFC 1183 */
265 { T_AFSDB, "AFSDB" }, /* RFC 1183 */
266 { T_X25, "X25" }, /* RFC 1183 */
267 { T_ISDN, "ISDN" }, /* RFC 1183 */
268 { T_RT, "RT" }, /* RFC 1183 */
269 { T_NSAP, "NSAP" }, /* RFC 1706 */
270 { T_NSAP_PTR, "NSAP_PTR" },
271 { T_SIG, "SIG" }, /* RFC 2535 */
272 { T_KEY, "KEY" }, /* RFC 2535 */
273 { T_PX, "PX" }, /* RFC 2163 */
274 { T_GPOS, "GPOS" }, /* RFC 1712 */
275 { T_AAAA, "AAAA" }, /* RFC 1886 */
276 { T_LOC, "LOC" }, /* RFC 1876 */
277 { T_NXT, "NXT" }, /* RFC 2535 */
278 { T_EID, "EID" }, /* Nimrod */
279 { T_NIMLOC, "NIMLOC" }, /* Nimrod */
280 { T_SRV, "SRV" }, /* RFC 2782 */
281 { T_ATMA, "ATMA" }, /* ATM Forum */
282 { T_NAPTR, "NAPTR" }, /* RFC 2168, RFC 2915 */
283 { T_KX, "KX" }, /* RFC 2230 */
284 { T_CERT, "CERT" }, /* RFC 2538 */
285 { T_A6, "A6" }, /* RFC 2874 */
286 { T_DNAME, "DNAME" }, /* RFC 2672 */
287 { T_SINK, "SINK" },
288 { T_OPT, "OPT" }, /* RFC 2671 */
289 { T_APL, "APL" }, /* RFC 3123 */
290 { T_DS, "DS" }, /* RFC 4034 */
291 { T_SSHFP, "SSHFP" }, /* RFC 4255 */
292 { T_IPSECKEY, "IPSECKEY" }, /* RFC 4025 */
293 { T_RRSIG, "RRSIG" }, /* RFC 4034 */
294 { T_NSEC, "NSEC" }, /* RFC 4034 */
295 { T_DNSKEY, "DNSKEY" }, /* RFC 4034 */
296 { T_SPF, "SPF" }, /* RFC-schlitt-spf-classic-02.txt */
297 { T_UINFO, "UINFO" },
298 { T_UID, "UID" },
299 { T_GID, "GID" },
300 { T_UNSPEC, "UNSPEC" },
301 { T_UNSPECA, "UNSPECA" },
302 { T_TKEY, "TKEY" }, /* RFC 2930 */
303 { T_TSIG, "TSIG" }, /* RFC 2845 */
304 { T_IXFR, "IXFR" }, /* RFC 1995 */
305 { T_AXFR, "AXFR" }, /* RFC 1035 */
306 { T_MAILB, "MAILB" }, /* RFC 1035 */
307 { T_MAILA, "MAILA" }, /* RFC 1035 */
308 { T_ANY, "ANY" },
309 { 0, NULL }
310 };
311
312 const struct tok ns_class2str[] = {
313 { C_IN, "IN" }, /* Not used */
314 { C_CHAOS, "CHAOS" },
315 { C_HS, "HS" },
316 { C_ANY, "ANY" },
317 { 0, NULL }
318 };
319
320 /* print a query */
321 static const u_char *
ns_qprint(netdissect_options * ndo,register const u_char * cp,register const u_char * bp,int is_mdns)322 ns_qprint(netdissect_options *ndo,
323 register const u_char *cp, register const u_char *bp, int is_mdns)
324 {
325 register const u_char *np = cp;
326 register u_int i, class;
327
328 cp = ns_nskip(ndo, cp);
329
330 if (cp == NULL || !ND_TTEST2(*cp, 4))
331 return(NULL);
332
333 /* print the qtype */
334 i = EXTRACT_16BITS(cp);
335 cp += 2;
336 ND_PRINT((ndo, " %s", tok2str(ns_type2str, "Type%d", i)));
337 /* print the qclass (if it's not IN) */
338 i = EXTRACT_16BITS(cp);
339 cp += 2;
340 if (is_mdns)
341 class = (i & ~C_QU);
342 else
343 class = i;
344 if (class != C_IN)
345 ND_PRINT((ndo, " %s", tok2str(ns_class2str, "(Class %d)", class)));
346 if (is_mdns) {
347 ND_PRINT((ndo, i & C_QU ? " (QU)" : " (QM)"));
348 }
349
350 ND_PRINT((ndo, "? "));
351 cp = ns_nprint(ndo, np, bp);
352 return(cp ? cp + 4 : NULL);
353 }
354
355 /* print a reply */
356 static const u_char *
ns_rprint(netdissect_options * ndo,register const u_char * cp,register const u_char * bp,int is_mdns)357 ns_rprint(netdissect_options *ndo,
358 register const u_char *cp, register const u_char *bp, int is_mdns)
359 {
360 register u_int i, class, opt_flags = 0;
361 register u_short typ, len;
362 register const u_char *rp;
363
364 if (ndo->ndo_vflag) {
365 ND_PRINT((ndo, " "));
366 if ((cp = ns_nprint(ndo, cp, bp)) == NULL)
367 return NULL;
368 } else
369 cp = ns_nskip(ndo, cp);
370
371 if (cp == NULL || !ND_TTEST2(*cp, 10))
372 return (ndo->ndo_snapend);
373
374 /* print the type/qtype */
375 typ = EXTRACT_16BITS(cp);
376 cp += 2;
377 /* print the class (if it's not IN and the type isn't OPT) */
378 i = EXTRACT_16BITS(cp);
379 cp += 2;
380 if (is_mdns)
381 class = (i & ~C_CACHE_FLUSH);
382 else
383 class = i;
384 if (class != C_IN && typ != T_OPT)
385 ND_PRINT((ndo, " %s", tok2str(ns_class2str, "(Class %d)", class)));
386 if (is_mdns) {
387 if (i & C_CACHE_FLUSH)
388 ND_PRINT((ndo, " (Cache flush)"));
389 }
390
391 if (typ == T_OPT) {
392 /* get opt flags */
393 cp += 2;
394 opt_flags = EXTRACT_16BITS(cp);
395 /* ignore rest of ttl field */
396 cp += 2;
397 } else if (ndo->ndo_vflag > 2) {
398 /* print ttl */
399 ND_PRINT((ndo, " ["));
400 unsigned_relts_print(ndo, EXTRACT_32BITS(cp));
401 ND_PRINT((ndo, "]"));
402 cp += 4;
403 } else {
404 /* ignore ttl */
405 cp += 4;
406 }
407
408 len = EXTRACT_16BITS(cp);
409 cp += 2;
410
411 rp = cp + len;
412
413 ND_PRINT((ndo, " %s", tok2str(ns_type2str, "Type%d", typ)));
414 if (rp > ndo->ndo_snapend)
415 return(NULL);
416
417 switch (typ) {
418 case T_A:
419 if (!ND_TTEST2(*cp, sizeof(struct in_addr)))
420 return(NULL);
421 ND_PRINT((ndo, " %s", intoa(htonl(EXTRACT_32BITS(cp)))));
422 break;
423
424 case T_NS:
425 case T_CNAME:
426 case T_PTR:
427 #ifdef T_DNAME
428 case T_DNAME:
429 #endif
430 ND_PRINT((ndo, " "));
431 if (ns_nprint(ndo, cp, bp) == NULL)
432 return(NULL);
433 break;
434
435 case T_SOA:
436 if (!ndo->ndo_vflag)
437 break;
438 ND_PRINT((ndo, " "));
439 if ((cp = ns_nprint(ndo, cp, bp)) == NULL)
440 return(NULL);
441 ND_PRINT((ndo, " "));
442 if ((cp = ns_nprint(ndo, cp, bp)) == NULL)
443 return(NULL);
444 if (!ND_TTEST2(*cp, 5 * 4))
445 return(NULL);
446 ND_PRINT((ndo, " %u", EXTRACT_32BITS(cp)));
447 cp += 4;
448 ND_PRINT((ndo, " %u", EXTRACT_32BITS(cp)));
449 cp += 4;
450 ND_PRINT((ndo, " %u", EXTRACT_32BITS(cp)));
451 cp += 4;
452 ND_PRINT((ndo, " %u", EXTRACT_32BITS(cp)));
453 cp += 4;
454 ND_PRINT((ndo, " %u", EXTRACT_32BITS(cp)));
455 cp += 4;
456 break;
457 case T_MX:
458 ND_PRINT((ndo, " "));
459 if (!ND_TTEST2(*cp, 2))
460 return(NULL);
461 if (ns_nprint(ndo, cp + 2, bp) == NULL)
462 return(NULL);
463 ND_PRINT((ndo, " %d", EXTRACT_16BITS(cp)));
464 break;
465
466 case T_TXT:
467 while (cp < rp) {
468 ND_PRINT((ndo, " \""));
469 cp = ns_cprint(ndo, cp);
470 if (cp == NULL)
471 return(NULL);
472 ND_PRINT((ndo, "\""));
473 }
474 break;
475
476 case T_SRV:
477 ND_PRINT((ndo, " "));
478 if (!ND_TTEST2(*cp, 6))
479 return(NULL);
480 if (ns_nprint(ndo, cp + 6, bp) == NULL)
481 return(NULL);
482 ND_PRINT((ndo, ":%d %d %d", EXTRACT_16BITS(cp + 4),
483 EXTRACT_16BITS(cp), EXTRACT_16BITS(cp + 2)));
484 break;
485
486 case T_AAAA:
487 {
488 char ntop_buf[INET6_ADDRSTRLEN];
489
490 if (!ND_TTEST2(*cp, sizeof(struct in6_addr)))
491 return(NULL);
492 ND_PRINT((ndo, " %s",
493 addrtostr6(cp, ntop_buf, sizeof(ntop_buf))));
494
495 break;
496 }
497
498 case T_A6:
499 {
500 struct in6_addr a;
501 int pbit, pbyte;
502 char ntop_buf[INET6_ADDRSTRLEN];
503
504 if (!ND_TTEST2(*cp, 1))
505 return(NULL);
506 pbit = *cp;
507 pbyte = (pbit & ~7) / 8;
508 if (pbit > 128) {
509 ND_PRINT((ndo, " %u(bad plen)", pbit));
510 break;
511 } else if (pbit < 128) {
512 if (!ND_TTEST2(*(cp + 1), sizeof(a) - pbyte))
513 return(NULL);
514 memset(&a, 0, sizeof(a));
515 memcpy(&a.s6_addr[pbyte], cp + 1, sizeof(a) - pbyte);
516 ND_PRINT((ndo, " %u %s", pbit,
517 addrtostr6(&a, ntop_buf, sizeof(ntop_buf))));
518 }
519 if (pbit > 0) {
520 ND_PRINT((ndo, " "));
521 if (ns_nprint(ndo, cp + 1 + sizeof(a) - pbyte, bp) == NULL)
522 return(NULL);
523 }
524 break;
525 }
526
527 case T_OPT:
528 ND_PRINT((ndo, " UDPsize=%u", class));
529 if (opt_flags & 0x8000)
530 ND_PRINT((ndo, " DO"));
531 break;
532
533 case T_UNSPECA: /* One long string */
534 if (!ND_TTEST2(*cp, len))
535 return(NULL);
536 if (fn_printn(ndo, cp, len, ndo->ndo_snapend))
537 return(NULL);
538 break;
539
540 case T_TSIG:
541 {
542 if (cp + len > ndo->ndo_snapend)
543 return(NULL);
544 if (!ndo->ndo_vflag)
545 break;
546 ND_PRINT((ndo, " "));
547 if ((cp = ns_nprint(ndo, cp, bp)) == NULL)
548 return(NULL);
549 cp += 6;
550 if (!ND_TTEST2(*cp, 2))
551 return(NULL);
552 ND_PRINT((ndo, " fudge=%u", EXTRACT_16BITS(cp)));
553 cp += 2;
554 if (!ND_TTEST2(*cp, 2))
555 return(NULL);
556 ND_PRINT((ndo, " maclen=%u", EXTRACT_16BITS(cp)));
557 cp += 2 + EXTRACT_16BITS(cp);
558 if (!ND_TTEST2(*cp, 2))
559 return(NULL);
560 ND_PRINT((ndo, " origid=%u", EXTRACT_16BITS(cp)));
561 cp += 2;
562 if (!ND_TTEST2(*cp, 2))
563 return(NULL);
564 ND_PRINT((ndo, " error=%u", EXTRACT_16BITS(cp)));
565 cp += 2;
566 if (!ND_TTEST2(*cp, 2))
567 return(NULL);
568 ND_PRINT((ndo, " otherlen=%u", EXTRACT_16BITS(cp)));
569 cp += 2;
570 }
571 }
572 return (rp); /* XXX This isn't always right */
573 }
574
575 void
ns_print(netdissect_options * ndo,register const u_char * bp,u_int length,int is_mdns)576 ns_print(netdissect_options *ndo,
577 register const u_char *bp, u_int length, int is_mdns)
578 {
579 register const HEADER *np;
580 register int qdcount, ancount, nscount, arcount;
581 register const u_char *cp;
582 uint16_t b2;
583
584 np = (const HEADER *)bp;
585 ND_TCHECK(*np);
586 /* get the byte-order right */
587 qdcount = EXTRACT_16BITS(&np->qdcount);
588 ancount = EXTRACT_16BITS(&np->ancount);
589 nscount = EXTRACT_16BITS(&np->nscount);
590 arcount = EXTRACT_16BITS(&np->arcount);
591
592 if (DNS_QR(np)) {
593 /* this is a response */
594 ND_PRINT((ndo, "%d%s%s%s%s%s%s",
595 EXTRACT_16BITS(&np->id),
596 ns_ops[DNS_OPCODE(np)],
597 ns_resp[DNS_RCODE(np)],
598 DNS_AA(np)? "*" : "",
599 DNS_RA(np)? "" : "-",
600 DNS_TC(np)? "|" : "",
601 DNS_AD(np)? "$" : ""));
602
603 if (qdcount != 1)
604 ND_PRINT((ndo, " [%dq]", qdcount));
605 /* Print QUESTION section on -vv */
606 cp = (const u_char *)(np + 1);
607 while (qdcount--) {
608 if (qdcount < EXTRACT_16BITS(&np->qdcount) - 1)
609 ND_PRINT((ndo, ","));
610 if (ndo->ndo_vflag > 1) {
611 ND_PRINT((ndo, " q:"));
612 if ((cp = ns_qprint(ndo, cp, bp, is_mdns)) == NULL)
613 goto trunc;
614 } else {
615 if ((cp = ns_nskip(ndo, cp)) == NULL)
616 goto trunc;
617 cp += 4; /* skip QTYPE and QCLASS */
618 }
619 }
620 ND_PRINT((ndo, " %d/%d/%d", ancount, nscount, arcount));
621 if (ancount--) {
622 if ((cp = ns_rprint(ndo, cp, bp, is_mdns)) == NULL)
623 goto trunc;
624 while (cp < ndo->ndo_snapend && ancount--) {
625 ND_PRINT((ndo, ","));
626 if ((cp = ns_rprint(ndo, cp, bp, is_mdns)) == NULL)
627 goto trunc;
628 }
629 }
630 if (ancount > 0)
631 goto trunc;
632 /* Print NS and AR sections on -vv */
633 if (ndo->ndo_vflag > 1) {
634 if (cp < ndo->ndo_snapend && nscount--) {
635 ND_PRINT((ndo, " ns:"));
636 if ((cp = ns_rprint(ndo, cp, bp, is_mdns)) == NULL)
637 goto trunc;
638 while (cp < ndo->ndo_snapend && nscount--) {
639 ND_PRINT((ndo, ","));
640 if ((cp = ns_rprint(ndo, cp, bp, is_mdns)) == NULL)
641 goto trunc;
642 }
643 }
644 if (nscount > 0)
645 goto trunc;
646 if (cp < ndo->ndo_snapend && arcount--) {
647 ND_PRINT((ndo, " ar:"));
648 if ((cp = ns_rprint(ndo, cp, bp, is_mdns)) == NULL)
649 goto trunc;
650 while (cp < ndo->ndo_snapend && arcount--) {
651 ND_PRINT((ndo, ","));
652 if ((cp = ns_rprint(ndo, cp, bp, is_mdns)) == NULL)
653 goto trunc;
654 }
655 }
656 if (arcount > 0)
657 goto trunc;
658 }
659 }
660 else {
661 /* this is a request */
662 ND_PRINT((ndo, "%d%s%s%s", EXTRACT_16BITS(&np->id), ns_ops[DNS_OPCODE(np)],
663 DNS_RD(np) ? "+" : "",
664 DNS_CD(np) ? "%" : ""));
665
666 /* any weirdness? */
667 b2 = EXTRACT_16BITS(((const u_short *)np)+1);
668 if (b2 & 0x6cf)
669 ND_PRINT((ndo, " [b2&3=0x%x]", b2));
670
671 if (DNS_OPCODE(np) == IQUERY) {
672 if (qdcount)
673 ND_PRINT((ndo, " [%dq]", qdcount));
674 if (ancount != 1)
675 ND_PRINT((ndo, " [%da]", ancount));
676 }
677 else {
678 if (ancount)
679 ND_PRINT((ndo, " [%da]", ancount));
680 if (qdcount != 1)
681 ND_PRINT((ndo, " [%dq]", qdcount));
682 }
683 if (nscount)
684 ND_PRINT((ndo, " [%dn]", nscount));
685 if (arcount)
686 ND_PRINT((ndo, " [%dau]", arcount));
687
688 cp = (const u_char *)(np + 1);
689 if (qdcount--) {
690 cp = ns_qprint(ndo, cp, (const u_char *)np, is_mdns);
691 if (!cp)
692 goto trunc;
693 while (cp < ndo->ndo_snapend && qdcount--) {
694 cp = ns_qprint(ndo, (const u_char *)cp,
695 (const u_char *)np,
696 is_mdns);
697 if (!cp)
698 goto trunc;
699 }
700 }
701 if (qdcount > 0)
702 goto trunc;
703
704 /* Print remaining sections on -vv */
705 if (ndo->ndo_vflag > 1) {
706 if (ancount--) {
707 if ((cp = ns_rprint(ndo, cp, bp, is_mdns)) == NULL)
708 goto trunc;
709 while (cp < ndo->ndo_snapend && ancount--) {
710 ND_PRINT((ndo, ","));
711 if ((cp = ns_rprint(ndo, cp, bp, is_mdns)) == NULL)
712 goto trunc;
713 }
714 }
715 if (ancount > 0)
716 goto trunc;
717 if (cp < ndo->ndo_snapend && nscount--) {
718 ND_PRINT((ndo, " ns:"));
719 if ((cp = ns_rprint(ndo, cp, bp, is_mdns)) == NULL)
720 goto trunc;
721 while (nscount-- && cp < ndo->ndo_snapend) {
722 ND_PRINT((ndo, ","));
723 if ((cp = ns_rprint(ndo, cp, bp, is_mdns)) == NULL)
724 goto trunc;
725 }
726 }
727 if (nscount > 0)
728 goto trunc;
729 if (cp < ndo->ndo_snapend && arcount--) {
730 ND_PRINT((ndo, " ar:"));
731 if ((cp = ns_rprint(ndo, cp, bp, is_mdns)) == NULL)
732 goto trunc;
733 while (cp < ndo->ndo_snapend && arcount--) {
734 ND_PRINT((ndo, ","));
735 if ((cp = ns_rprint(ndo, cp, bp, is_mdns)) == NULL)
736 goto trunc;
737 }
738 }
739 if (arcount > 0)
740 goto trunc;
741 }
742 }
743 ND_PRINT((ndo, " (%d)", length));
744 return;
745
746 trunc:
747 ND_PRINT((ndo, "[|domain]"));
748 }
749