1 /* packet-dns.c 2 * Routines for DNS packet disassembly 3 * Copyright 2004, Nicolas DICHTEL - 6WIND - <nicolas.dichtel@6wind.com> 4 * 5 * Wireshark - Network traffic analyzer 6 * By Gerald Combs <gerald@wireshark.org> 7 * Copyright 1998 Gerald Combs 8 * 9 * SPDX-License-Identifier: GPL-2.0-or-later 10 */ 11 12 /* 13 * RFC 1034, RFC 1035 14 * RFC 2136 for dynamic DNS 15 * https://datatracker.ietf.org/doc/draft-cheshire-dnsext-multicastdns/ 16 * for multicast DNS 17 * RFC 4795 for link-local multicast name resolution (LLMNR) 18 * 19 * For the TTL field, see also: 20 * 21 * RFC 1035 erratum 2130: 22 * 23 * https://www.rfc-editor.org/errata/eid2130 24 * 25 * RFC 2181, section 8: 26 * 27 * https://tools.ietf.org/html/rfc2181#section-8 28 * 29 * RFC 1035 said, in section 3.2.1, that the TTL is "a 32 bit signed 30 * integer" but said, in section 4.1.3, that it's "a 32 bit unsigned 31 * integer"; the erratum notes this 32 * 33 * RFC 2181 says of this: 34 * 35 * The definition of values appropriate to the TTL field in STD 13 is 36 * not as clear as it could be, with respect to how many significant 37 * bits exist, and whether the value is signed or unsigned. It is 38 * hereby specified that a TTL value is an unsigned number, with a 39 * minimum value of 0, and a maximum value of 2147483647. That is, a 40 * maximum of 2^31 - 1. When transmitted, this value shall be encoded 41 * in the less significant 31 bits of the 32 bit TTL field, with the 42 * most significant, or sign, bit set to zero. 43 * 44 * Implementations should treat TTL values received with the most 45 * significant bit set as if the entire value received was zero. 46 * 47 * Implementations are always free to place an upper bound on any TTL 48 * received, and treat any larger values as if they were that upper 49 * bound. The TTL specifies a maximum time to live, not a mandatory 50 * time to live. 51 * 52 * so its resolution is 1) it's unsigned but 2) don't use the uppermost 53 * bit, presumably to avoid problems with implementations that were based 54 * on section 3.2.1 of RFC 1035 rather than on section 4.1.3 of RFC 1035. 55 */ 56 57 #include "config.h" 58 59 60 #include <epan/packet.h> 61 #include <epan/exceptions.h> 62 #include <epan/ipproto.h> 63 #include <epan/addr_resolv.h> 64 #include "packet-dns.h" 65 #include "packet-tcp.h" 66 #include "packet-ip.h" 67 #include <epan/prefs.h> 68 #include <epan/strutil.h> 69 #include <epan/expert.h> 70 #include <epan/afn.h> 71 #include <epan/tap.h> 72 #include <epan/stats_tree.h> 73 #include <wsutil/utf8_entities.h> 74 #include "packet-tls.h" 75 #include "packet-dtls.h" 76 #include "packet-http2.h" 77 78 void proto_register_dns(void); 79 void proto_reg_handoff_dns(void); 80 81 struct DnsTap { 82 guint packet_qr; 83 guint packet_qtype; 84 gint packet_qclass; 85 guint packet_rcode; 86 guint packet_opcode; 87 guint payload_size; 88 guint qname_len; 89 guint qname_labels; 90 guint nquestions; 91 guint nanswers; 92 guint nauthorities; 93 guint nadditionals; 94 gboolean unsolicited; 95 gboolean retransmission; 96 nstime_t rrt; 97 }; 98 99 static int dns_tap = -1; 100 101 static const gchar* st_str_packets = "Total Packets"; 102 static const gchar* st_str_packet_qr = "Query/Response"; 103 static const gchar* st_str_packet_qtypes = "Query Type"; 104 static const gchar* st_str_packet_qclasses = "Class"; 105 static const gchar* st_str_packet_rcodes = "rcode"; 106 static const gchar* st_str_packet_opcodes = "opcodes"; 107 static const gchar* st_str_packets_avg_size = "Payload size"; 108 static const gchar* st_str_query_stats = "Query Stats"; 109 static const gchar* st_str_query_qname_len = "Qname Len"; 110 static const gchar* st_str_query_domains = "Label Stats"; 111 static const gchar* st_str_query_domains_l1 = "1st Level"; 112 static const gchar* st_str_query_domains_l2 = "2nd Level"; 113 static const gchar* st_str_query_domains_l3 = "3rd Level"; 114 static const gchar* st_str_query_domains_lmore = "4th Level or more"; 115 static const gchar* st_str_response_stats = "Response Stats"; 116 static const gchar* st_str_response_nquestions = "no. of questions"; 117 static const gchar* st_str_response_nanswers = "no. of answers"; 118 static const gchar* st_str_response_nauthorities = "no. of authorities"; 119 static const gchar* st_str_response_nadditionals = "no. of additionals"; 120 static const gchar* st_str_service_stats = "Service Stats"; 121 static const gchar* st_str_service_unsolicited = "no. of unsolicited responses"; 122 static const gchar* st_str_service_retransmission = "no. of retransmissions"; 123 static const gchar* st_str_service_rrt = "request-response time (msec)"; 124 125 static int st_node_packets = -1; 126 static int st_node_packet_qr = -1; 127 static int st_node_packet_qtypes = -1; 128 static int st_node_packet_qclasses = -1; 129 static int st_node_packet_rcodes = -1; 130 static int st_node_packet_opcodes = -1; 131 static int st_node_packets_avg_size = -1; 132 static int st_node_query_stats = -1; 133 static int st_node_query_qname_len = -1; 134 static int st_node_query_domains = -1; 135 static int st_node_query_domains_l1 = -1; 136 static int st_node_query_domains_l2 = -1; 137 static int st_node_query_domains_l3 = -1; 138 static int st_node_query_domains_lmore = -1; 139 static int st_node_response_stats = -1; 140 static int st_node_response_nquestions = -1; 141 static int st_node_response_nanswers = -1; 142 static int st_node_response_nauthorities = -1; 143 static int st_node_response_nadditionals = -1; 144 static int st_node_service_stats = -1; 145 static int st_node_service_unsolicited = -1; 146 static int st_node_service_retransmission = -1; 147 static int st_node_service_rrt = -1; 148 149 static int proto_dns = -1; 150 static int proto_mdns = -1; 151 static int proto_llmnr = -1; 152 static int hf_dns_length = -1; 153 static int hf_dns_flags = -1; 154 static int hf_dns_flags_response = -1; 155 static int hf_dns_flags_opcode = -1; 156 static int hf_dns_flags_authoritative = -1; 157 static int hf_dns_flags_conflict_query = -1; 158 static int hf_dns_flags_conflict_response = -1; 159 static int hf_dns_flags_truncated = -1; 160 static int hf_dns_flags_recdesired = -1; 161 static int hf_dns_flags_tentative = -1; 162 static int hf_dns_flags_recavail = -1; 163 static int hf_dns_flags_z = -1; 164 static int hf_dns_flags_authenticated = -1; 165 static int hf_dns_flags_ad = -1; 166 static int hf_dns_flags_checkdisable = -1; 167 static int hf_dns_flags_rcode = -1; 168 static int hf_dns_transaction_id = -1; 169 static int hf_dns_count_questions = -1; 170 static int hf_dns_count_zones = -1; 171 static int hf_dns_count_answers = -1; 172 static int hf_dns_count_prerequisites = -1; 173 static int hf_dns_count_updates = -1; 174 static int hf_dns_count_auth_rr = -1; 175 static int hf_dns_count_add_rr = -1; 176 static int hf_dns_qry_name = -1; 177 static int hf_dns_qry_name_len = -1; 178 static int hf_dns_count_labels = -1; 179 static int hf_dns_qry_type = -1; 180 static int hf_dns_qry_class = -1; 181 static int hf_dns_qry_class_mdns = -1; 182 static int hf_dns_qry_qu = -1; 183 static int hf_dns_srv_service = -1; 184 static int hf_dns_srv_proto = -1; 185 static int hf_dns_srv_name = -1; 186 static int hf_dns_srv_priority = -1; 187 static int hf_dns_srv_weight = -1; 188 static int hf_dns_srv_port = -1; 189 static int hf_dns_srv_target = -1; 190 static int hf_dns_naptr_order = -1; 191 static int hf_dns_naptr_preference = -1; 192 static int hf_dns_naptr_flags_length = -1; 193 static int hf_dns_naptr_flags = -1; 194 static int hf_dns_naptr_service_length = -1; 195 static int hf_dns_naptr_service = -1; 196 static int hf_dns_naptr_regex_length = -1; 197 static int hf_dns_naptr_regex = -1; 198 static int hf_dns_naptr_replacement_length = -1; 199 static int hf_dns_naptr_replacement = -1; 200 static int hf_dns_rr_name = -1; 201 static int hf_dns_rr_type = -1; 202 static int hf_dns_rr_class = -1; 203 static int hf_dns_rr_class_mdns = -1; 204 static int hf_dns_rr_cache_flush = -1; 205 static int hf_dns_rr_ext_rcode = -1; 206 static int hf_dns_rr_edns0_version = -1; 207 static int hf_dns_rr_z = -1; 208 static int hf_dns_rr_z_do = -1; 209 static int hf_dns_rr_z_reserved = -1; 210 static int hf_dns_rr_ttl = -1; 211 static int hf_dns_rr_len = -1; 212 static int hf_dns_a = -1; 213 static int hf_dns_md = -1; 214 static int hf_dns_mf = -1; 215 static int hf_dns_mb = -1; 216 static int hf_dns_mg = -1; 217 static int hf_dns_mr = -1; 218 static int hf_dns_null = -1; 219 static int hf_dns_aaaa = -1; 220 static int hf_dns_cname = -1; 221 static int hf_dns_rr_udp_payload_size = -1; 222 static int hf_dns_rr_udp_payload_size_mdns = -1; 223 static int hf_dns_soa_mname = -1; 224 static int hf_dns_soa_rname = -1; 225 static int hf_dns_soa_serial_number = -1; 226 static int hf_dns_soa_refresh_interval = -1; 227 static int hf_dns_soa_retry_interval = -1; 228 static int hf_dns_soa_expire_limit = -1; 229 static int hf_dns_soa_minimum_ttl = -1; 230 static int hf_dns_ptr_domain_name = -1; 231 static int hf_dns_wks_address = -1; 232 static int hf_dns_wks_protocol = -1; 233 static int hf_dns_wks_bits = -1; 234 static int hf_dns_hinfo_cpu_length = -1; 235 static int hf_dns_hinfo_cpu = -1; 236 static int hf_dns_hinfo_os_length = -1; 237 static int hf_dns_hinfo_os = -1; 238 static int hf_dns_minfo_r_mailbox = -1; 239 static int hf_dns_minfo_e_mailbox = -1; 240 static int hf_dns_mx_preference = -1; 241 static int hf_dns_mx_mail_exchange = -1; 242 static int hf_dns_txt_length = -1; 243 static int hf_dns_txt = -1; 244 static int hf_dns_csync_soa = -1; 245 static int hf_dns_csync_flags = -1; 246 static int hf_dns_csync_flags_immediate = -1; 247 static int hf_dns_csync_flags_soaminimum = -1; 248 static int hf_dns_csync_type_bitmap = -1; 249 static int hf_dns_zonemd_serial = -1; 250 static int hf_dns_zonemd_scheme = -1; 251 static int hf_dns_zonemd_hash_algo = -1; 252 static int hf_dns_zonemd_digest = -1; 253 static int hf_dns_svcb_priority = -1; 254 static int hf_dns_svcb_target = -1; 255 static int hf_dns_svcb_param_key = -1; 256 static int hf_dns_svcb_param_length = -1; 257 static int hf_dns_svcb_param_value = -1; 258 static int hf_dns_svcb_param = -1; 259 static int hf_dns_svcb_param_mandatory_key = -1; 260 static int hf_dns_svcb_param_alpn_length = -1; 261 static int hf_dns_svcb_param_alpn = -1; 262 static int hf_dns_svcb_param_port = -1; 263 static int hf_dns_svcb_param_ipv4hint_ip = -1; 264 static int hf_dns_svcb_param_echconfig = -1; 265 static int hf_dns_svcb_param_ipv6hint_ip = -1; 266 static int hf_dns_svcb_param_odohconfig = -1; 267 static int hf_dns_openpgpkey = -1; 268 static int hf_dns_spf_length = -1; 269 static int hf_dns_spf = -1; 270 static int hf_dns_ilnp_nodeid_preference = -1; 271 static int hf_dns_ilnp_nodeid = -1; 272 static int hf_dns_ilnp_locator32_preference = -1; 273 static int hf_dns_ilnp_locator32 = -1; 274 static int hf_dns_ilnp_locator64_preference = -1; 275 static int hf_dns_ilnp_locator64 = -1; 276 static int hf_dns_ilnp_locatorfqdn_preference = -1; 277 static int hf_dns_ilnp_locatorfqdn = -1; 278 static int hf_dns_eui48 = -1; 279 static int hf_dns_eui64 = -1; 280 static int hf_dns_rrsig_type_covered = -1; 281 static int hf_dns_rrsig_algorithm = -1; 282 static int hf_dns_rrsig_labels = -1; 283 static int hf_dns_rrsig_original_ttl = -1; 284 static int hf_dns_rrsig_signature_expiration = -1; 285 static int hf_dns_rrsig_signature_inception = -1; 286 static int hf_dns_rrsig_key_tag = -1; 287 static int hf_dns_rrsig_signers_name = -1; 288 static int hf_dns_rrsig_signature = -1; 289 static int hf_dns_dnskey_flags = -1; 290 static int hf_dns_dnskey_flags_zone_key = -1; 291 static int hf_dns_dnskey_flags_key_revoked = -1; 292 static int hf_dns_dnskey_flags_secure_entry_point = -1; 293 static int hf_dns_dnskey_flags_reserved = -1; 294 static int hf_dns_dnskey_protocol = -1; 295 static int hf_dns_dnskey_algorithm = -1; 296 static int hf_dns_dnskey_key_id = -1; 297 static int hf_dns_dnskey_public_key = -1; 298 static int hf_dns_key_flags = -1; 299 static int hf_dns_key_flags_authentication = -1; 300 static int hf_dns_key_flags_confidentiality = -1; 301 static int hf_dns_key_flags_key_required = -1; 302 static int hf_dns_key_flags_associated_user = -1; 303 static int hf_dns_key_flags_associated_named_entity = -1; 304 static int hf_dns_key_flags_ipsec = -1; 305 static int hf_dns_key_flags_mime = -1; 306 static int hf_dns_key_flags_signatory = -1; 307 static int hf_dns_key_protocol = -1; 308 static int hf_dns_key_algorithm = -1; 309 static int hf_dns_key_key_id = -1; 310 static int hf_dns_key_public_key = -1; 311 static int hf_dns_px_preference = -1; 312 static int hf_dns_px_map822 = -1; 313 static int hf_dns_px_mapx400 = -1; 314 static int hf_dns_tkey_algo_name = -1; 315 static int hf_dns_tkey_signature_expiration = -1; 316 static int hf_dns_tkey_signature_inception = -1; 317 static int hf_dns_tkey_mode = -1; 318 static int hf_dns_tkey_error = -1; 319 static int hf_dns_tkey_key_size = -1; 320 static int hf_dns_tkey_key_data = -1; 321 static int hf_dns_tkey_other_size = -1; 322 static int hf_dns_tkey_other_data = -1; 323 static int hf_dns_ipseckey_gateway_precedence = -1; 324 static int hf_dns_ipseckey_gateway_type = -1; 325 static int hf_dns_ipseckey_gateway_algorithm = -1; 326 static int hf_dns_ipseckey_gateway_ipv4 = -1; 327 static int hf_dns_ipseckey_gateway_ipv6 = -1; 328 static int hf_dns_ipseckey_gateway_dns = -1; 329 static int hf_dns_ipseckey_public_key = -1; 330 static int hf_dns_xpf_ip_version = -1; 331 static int hf_dns_xpf_protocol = -1; 332 static int hf_dns_xpf_source_ipv4 = -1; 333 static int hf_dns_xpf_destination_ipv4 = -1; 334 static int hf_dns_xpf_source_ipv6 = -1; 335 static int hf_dns_xpf_destination_ipv6 = -1; 336 static int hf_dns_xpf_sport = -1; 337 static int hf_dns_xpf_dport = -1; 338 static int hf_dns_a6_prefix_len = -1; 339 static int hf_dns_a6_address_suffix = -1; 340 static int hf_dns_a6_prefix_name = -1; 341 static int hf_dns_dname = -1; 342 static int hf_dns_loc_version = -1; 343 static int hf_dns_loc_size = -1; 344 static int hf_dns_loc_horizontal_precision = -1; 345 static int hf_dns_loc_vertical_precision = -1; 346 static int hf_dns_loc_latitude = -1; 347 static int hf_dns_loc_longitude = -1; 348 static int hf_dns_loc_altitude = -1; 349 static int hf_dns_loc_unknown_data = -1; 350 static int hf_dns_nxt_next_domain_name = -1; 351 static int hf_dns_kx_preference = -1; 352 static int hf_dns_kx_key_exchange = -1; 353 static int hf_dns_cert_type = -1; 354 static int hf_dns_cert_key_tag = -1; 355 static int hf_dns_cert_algorithm = -1; 356 static int hf_dns_cert_certificate = -1; 357 static int hf_dns_nsec_next_domain_name = -1; 358 static int hf_dns_ns = -1; 359 static int hf_dns_opt = -1; 360 static int hf_dns_opt_code = -1; 361 static int hf_dns_opt_len = -1; 362 static int hf_dns_opt_data = -1; 363 static int hf_dns_opt_dau = -1; 364 static int hf_dns_opt_dhu = -1; 365 static int hf_dns_opt_n3u = -1; 366 static int hf_dns_opt_client_family = -1; 367 static int hf_dns_opt_client_netmask = -1; 368 static int hf_dns_opt_client_scope = -1; 369 static int hf_dns_opt_client_addr = -1; 370 static int hf_dns_opt_client_addr4 = -1; 371 static int hf_dns_opt_client_addr6 = -1; 372 static int hf_dns_opt_cookie_client = -1; 373 static int hf_dns_opt_cookie_server = -1; 374 static int hf_dns_opt_edns_tcp_keepalive_timeout = -1; 375 static int hf_dns_opt_padding = -1; 376 static int hf_dns_opt_chain_fqdn = -1; 377 static int hf_dns_opt_ext_error_info_code = -1; 378 static int hf_dns_opt_ext_error_extra_text = -1; 379 static int hf_dns_nsec3_algo = -1; 380 static int hf_dns_nsec3_flags = -1; 381 static int hf_dns_nsec3_flag_optout = -1; 382 static int hf_dns_nsec3_iterations = -1; 383 static int hf_dns_nsec3_salt_length = -1; 384 static int hf_dns_nsec3_salt_value = -1; 385 static int hf_dns_nsec3_hash_length = -1; 386 static int hf_dns_nsec3_hash_value = -1; 387 static int hf_dns_tlsa_certificate_usage = -1; 388 static int hf_dns_tlsa_selector = -1; 389 static int hf_dns_tlsa_matching_type = -1; 390 static int hf_dns_tlsa_certificate_association_data = -1; 391 static int hf_dns_tsig_algorithm_name = -1; 392 static int hf_dns_tsig_time_signed = -1; 393 static int hf_dns_tsig_error = -1; 394 static int hf_dns_tsig_fudge = -1; 395 static int hf_dns_tsig_mac_size = -1; 396 static int hf_dns_tsig_mac = -1; 397 static int hf_dns_tsig_original_id = -1; 398 static int hf_dns_tsig_other_len = -1; 399 static int hf_dns_tsig_other_data = -1; 400 static int hf_dns_response_in = -1; 401 static int hf_dns_response_to = -1; 402 static int hf_dns_retransmission = -1; 403 static int hf_dns_retransmit_request_in = -1; 404 static int hf_dns_retransmit_response_in = -1; 405 static int hf_dns_time = -1; 406 static int hf_dns_unsolicited = -1; 407 static int hf_dns_sshfp_algorithm = -1; 408 static int hf_dns_sshfp_fingerprint_type = -1; 409 static int hf_dns_sshfp_fingerprint = -1; 410 static int hf_dns_hip_hit_length = -1; 411 static int hf_dns_hip_pk_algo = -1; 412 static int hf_dns_hip_pk_length = -1; 413 static int hf_dns_hip_hit = -1; 414 static int hf_dns_hip_pk = -1; 415 static int hf_dns_hip_rendezvous_server = -1; 416 static int hf_dns_dhcid_rdata = -1; 417 static int hf_dns_ds_key_id = -1; 418 static int hf_dns_ds_algorithm = -1; 419 static int hf_dns_apl_coded_prefix = -1; 420 static int hf_dns_ds_digest_type = -1; 421 static int hf_dns_ds_digest = -1; 422 static int hf_dns_apl_address_family = -1; 423 static int hf_dns_apl_negation = -1; 424 static int hf_dns_apl_afdlength = -1; 425 static int hf_dns_apl_afdpart_ipv4 = -1; 426 static int hf_dns_apl_afdpart_ipv6 = -1; 427 static int hf_dns_apl_afdpart_data = -1; 428 static int hf_dns_gpos_longitude_length = -1; 429 static int hf_dns_gpos_longitude = -1; 430 static int hf_dns_gpos_latitude_length = -1; 431 static int hf_dns_gpos_latitude = -1; 432 static int hf_dns_gpos_altitude_length = -1; 433 static int hf_dns_gpos_altitude = -1; 434 static int hf_dns_rp_mailbox = -1; 435 static int hf_dns_rp_txt_rr = -1; 436 static int hf_dns_afsdb_subtype = -1; 437 static int hf_dns_afsdb_hostname = -1; 438 static int hf_dns_x25_length = -1; 439 static int hf_dns_x25_psdn_address = -1; 440 static int hf_dns_isdn_length = -1; 441 static int hf_dns_isdn_address = -1; 442 static int hf_dns_isdn_sa_length = -1; 443 static int hf_dns_isdn_sa = -1; 444 static int hf_dns_rt_preference = -1; 445 static int hf_dns_rt_intermediate_host = -1; 446 static int hf_dns_nsap_rdata = -1; 447 static int hf_dns_nsap_ptr_owner = -1; 448 static int hf_dns_caa_flags = -1; 449 static int hf_dns_caa_flag_issuer_critical = -1; 450 static int hf_dns_caa_issue = -1; 451 static int hf_dns_caa_issuewild = -1; 452 static int hf_dns_caa_iodef = -1; 453 static int hf_dns_caa_unknown = -1; 454 static int hf_dns_caa_tag_length = -1; 455 static int hf_dns_caa_tag = -1; 456 static int hf_dns_caa_value = -1; 457 458 static int hf_dns_wins_local_flag = -1; 459 static int hf_dns_wins_lookup_timeout = -1; 460 static int hf_dns_wins_cache_timeout = -1; 461 static int hf_dns_wins_nb_wins_servers = -1; 462 static int hf_dns_wins_server = -1; 463 464 static int hf_dns_winsr_local_flag = -1; 465 static int hf_dns_winsr_lookup_timeout = -1; 466 static int hf_dns_winsr_cache_timeout = -1; 467 static int hf_dns_winsr_name_result_domain = -1; 468 469 static int hf_dns_data = -1; 470 471 static int hf_dns_dso = -1; 472 static int hf_dns_dso_tlv = -1; 473 static int hf_dns_dso_tlv_type = -1; 474 static int hf_dns_dso_tlv_length = -1; 475 static int hf_dns_dso_tlv_data = -1; 476 static int hf_dns_dso_tlv_keepalive_inactivity = -1; 477 static int hf_dns_dso_tlv_keepalive_interval = -1; 478 static int hf_dns_dso_tlv_retrydelay_retrydelay = -1; 479 static int hf_dns_dso_tlv_encpad_padding = -1; 480 481 static gint ett_dns = -1; 482 static gint ett_dns_qd = -1; 483 static gint ett_dns_rr = -1; 484 static gint ett_dns_qry = -1; 485 static gint ett_dns_ans = -1; 486 static gint ett_dns_flags = -1; 487 static gint ett_dns_opts = -1; 488 static gint ett_nsec3_flags = -1; 489 static gint ett_key_flags = -1; 490 static gint ett_t_key = -1; 491 static gint ett_dns_mac = -1; 492 static gint ett_caa_flags = -1; 493 static gint ett_caa_data = -1; 494 static gint ett_dns_csdync_flags = -1; 495 static gint ett_dns_dso = -1; 496 static gint ett_dns_dso_tlv = -1; 497 static gint ett_dns_svcb = -1; 498 499 static expert_field ei_dns_opt_bad_length = EI_INIT; 500 static expert_field ei_dns_depr_opc = EI_INIT; 501 static expert_field ei_ttl_high_bit_set = EI_INIT; 502 static expert_field ei_dns_tsig_alg = EI_INIT; 503 static expert_field ei_dns_undecoded_option = EI_INIT; 504 static expert_field ei_dns_key_id_buffer_too_short = EI_INIT; 505 static expert_field ei_dns_retransmit_request = EI_INIT; 506 static expert_field ei_dns_retransmit_response = EI_INIT; 507 508 static dissector_table_t dns_tsig_dissector_table=NULL; 509 510 static dissector_handle_t dns_handle; 511 512 /* desegmentation of DNS over TCP */ 513 static gboolean dns_desegment = TRUE; 514 515 /* Maximum number of elapsed seconds between messages with the same 516 * transaction ID to be considered as a retransmission 517 */ 518 static guint32 retransmission_timer = 5; 519 520 /* Dissector handle for GSSAPI */ 521 static dissector_handle_t gssapi_handle; 522 static dissector_handle_t ntlmssp_handle; 523 524 /* Transport protocol for DNS. */ 525 enum DnsTransport { 526 DNS_TRANSPORT_UDP, /* includes compatible transports like SCTP */ 527 DNS_TRANSPORT_TCP, 528 DNS_TRANSPORT_HTTP, 529 DNS_TRANSPORT_QUIC 530 }; 531 532 /* Structure containing transaction specific information */ 533 typedef struct _dns_transaction_t { 534 guint32 req_frame; 535 guint32 rep_frame; 536 nstime_t req_time; 537 guint id; 538 gboolean multiple_responds; 539 } dns_transaction_t; 540 541 /* Structure containing conversation specific information */ 542 typedef struct _dns_conv_info_t { 543 wmem_tree_t *pdus; 544 } dns_conv_info_t; 545 546 /* DNS structs and definitions */ 547 548 /* Ports used for DNS. */ 549 #define DEFAULT_DNS_PORT_RANGE "53" 550 #define DEFAULT_DNS_TCP_PORT_RANGE "53,5353" /* Includes mDNS */ 551 #define SCTP_PORT_DNS 53 552 #define UDP_PORT_MDNS 5353 553 #define UDP_PORT_LLMNR 5355 554 #define TCP_PORT_DNS_TLS 853 555 #define UDP_PORT_DNS_DTLS 853 556 #if 0 557 /* PPID used for DNS/SCTP (will be changed when IANA assigned) */ 558 #define DNS_PAYLOAD_PROTOCOL_ID 1000 559 #endif 560 561 /* Offsets of fields in the DNS header. */ 562 #define DNS_ID 0 563 #define DNS_FLAGS 2 564 #define DNS_QUEST 4 565 #define DNS_ANS 6 566 #define DNS_AUTH 8 567 #define DNS_ADD 10 568 569 /* Length of DNS header. */ 570 #define DNS_HDRLEN 12 571 572 /* type values */ 573 #define T_A 1 /* host address */ 574 #define T_NS 2 /* authoritative name server */ 575 #define T_MD 3 /* mail destination (obsolete) */ 576 #define T_MF 4 /* mail forwarder (obsolete) */ 577 #define T_CNAME 5 /* canonical name */ 578 #define T_SOA 6 /* start of authority zone */ 579 #define T_MB 7 /* mailbox domain name (experimental) */ 580 #define T_MG 8 /* mail group member (experimental) */ 581 #define T_MR 9 /* mail rename domain name (experimental) */ 582 #define T_NULL 10 /* null RR (experimental) */ 583 #define T_WKS 11 /* well known service */ 584 #define T_PTR 12 /* domain name pointer */ 585 #define T_HINFO 13 /* host information */ 586 #define T_MINFO 14 /* mailbox or mail list information */ 587 #define T_MX 15 /* mail routing information */ 588 #define T_TXT 16 /* text strings */ 589 #define T_RP 17 /* responsible person (RFC 1183) */ 590 #define T_AFSDB 18 /* AFS data base location (RFC 1183) */ 591 #define T_X25 19 /* X.25 address (RFC 1183) */ 592 #define T_ISDN 20 /* ISDN address (RFC 1183) */ 593 #define T_RT 21 /* route-through (RFC 1183) */ 594 #define T_NSAP 22 /* OSI NSAP (RFC 1706) */ 595 #define T_NSAP_PTR 23 /* PTR equivalent for OSI NSAP (RFC 1348 - obsolete) */ 596 #define T_SIG 24 /* digital signature (RFC 2535) */ 597 #define T_KEY 25 /* public key (RFC 2535) */ 598 #define T_PX 26 /* pointer to X.400/RFC822 mapping info (RFC 1664) */ 599 #define T_GPOS 27 /* geographical position (RFC 1712) */ 600 #define T_AAAA 28 /* IPv6 address (RFC 1886) */ 601 #define T_LOC 29 /* geographical location (RFC 1876) */ 602 #define T_NXT 30 /* "next" name (RFC 2535) */ 603 #define T_EID 31 /* Endpoint Identifier */ 604 #define T_NIMLOC 32 /* Nimrod Locator */ 605 #define T_SRV 33 /* service location (RFC 2052) */ 606 #define T_ATMA 34 /* ATM Address */ 607 #define T_NAPTR 35 /* naming authority pointer (RFC 3403) */ 608 #define T_KX 36 /* Key Exchange (RFC 2230) */ 609 #define T_CERT 37 /* Certificate (RFC 4398) */ 610 #define T_A6 38 /* IPv6 address with indirection (RFC 2874 - obsolete) */ 611 #define T_DNAME 39 /* Non-terminal DNS name redirection (RFC 2672) */ 612 #define T_SINK 40 /* SINK */ 613 #define T_OPT 41 /* OPT pseudo-RR (RFC 2671) */ 614 #define T_APL 42 /* Lists of Address Prefixes (APL RR) (RFC 3123) */ 615 #define T_DS 43 /* Delegation Signer (RFC 4034) */ 616 #define T_SSHFP 44 /* Using DNS to Securely Publish SSH Key Fingerprints (RFC 4255) */ 617 #define T_IPSECKEY 45 /* RFC 4025 */ 618 #define T_RRSIG 46 /* RFC 4034 */ 619 #define T_NSEC 47 /* RFC 4034 */ 620 #define T_DNSKEY 48 /* RFC 4034 */ 621 #define T_DHCID 49 /* DHCID RR (RFC 4701) */ 622 #define T_NSEC3 50 /* Next secure hash (RFC 5155) */ 623 #define T_NSEC3PARAM 51 /* NSEC3 parameters (RFC 5155) */ 624 #define T_TLSA 52 /* TLSA (RFC 6698) */ 625 #define T_HIP 55 /* Host Identity Protocol (HIP) RR (RFC 5205) */ 626 #define T_NINFO 56 /* NINFO */ 627 #define T_RKEY 57 /* RKEY */ 628 #define T_TALINK 58 /* Trust Anchor LINK */ 629 #define T_CDS 59 /* Child DS (RFC7344)*/ 630 #define T_CDNSKEY 60 /* DNSKEY(s) the Child wants reflected in DS ( [RFC7344])*/ 631 #define T_OPENPGPKEY 61 /* OPENPGPKEY draft-ietf-dane-openpgpkey-00 */ 632 #define T_CSYNC 62 /* Child To Parent Synchronization (RFC7477) */ 633 #define T_ZONEMD 63 /* Message Digest for DNS Zones (RFC8976) */ 634 #define T_SVCB 64 /* draft-ietf-dnsop-svcb-https-01 */ 635 #define T_HTTPS 65 /* draft-ietf-dnsop-svcb-https-01 */ 636 #define T_SPF 99 /* SPF RR (RFC 4408) section 3 */ 637 #define T_UINFO 100 /* [IANA-Reserved] */ 638 #define T_UID 101 /* [IANA-Reserved] */ 639 #define T_GID 102 /* [IANA-Reserved] */ 640 #define T_UNSPEC 103 /* [IANA-Reserved] */ 641 #define T_NID 104 /* ILNP [RFC6742] */ 642 #define T_L32 105 /* ILNP [RFC6742] */ 643 #define T_L64 106 /* ILNP [RFC6742] */ 644 #define T_LP 107 /* ILNP [RFC6742] */ 645 #define T_EUI48 108 /* EUI 48 Address (RFC7043) */ 646 #define T_EUI64 109 /* EUI 64 Address (RFC7043) */ 647 #define T_TKEY 249 /* Transaction Key (RFC 2930) */ 648 #define T_TSIG 250 /* Transaction Signature (RFC 2845) */ 649 #define T_IXFR 251 /* incremental transfer (RFC 1995) */ 650 #define T_AXFR 252 /* transfer of an entire zone (RFC 5936) */ 651 #define T_MAILB 253 /* mailbox-related RRs (MB, MG or MR) (RFC 1035) */ 652 #define T_MAILA 254 /* mail agent RRs (OBSOLETE - see MX) (RFC 1035) */ 653 #define T_ANY 255 /* A request for all records (RFC 1035) */ 654 #define T_URI 256 /* URI */ 655 #define T_CAA 257 /* Certification Authority Authorization (RFC 6844) */ 656 #define T_TA 32768 /* DNSSEC Trust Authorities */ 657 #define T_DLV 32769 /* DNSSEC Lookaside Validation (DLV) DNS Resource Record (RFC 4431) */ 658 #define T_WINS 65281 /* Microsoft's WINS RR */ 659 #define T_WINS_R 65282 /* Microsoft's WINS-R RR */ 660 #define T_XPF 65422 /* XPF draft-bellis-dnsop-xpf */ 661 662 /* Class values */ 663 #define C_IN 1 /* the Internet */ 664 #define C_CS 2 /* CSNET (obsolete) */ 665 #define C_CH 3 /* CHAOS */ 666 #define C_HS 4 /* Hesiod */ 667 #define C_NONE 254 /* none */ 668 #define C_ANY 255 /* any */ 669 670 #define C_QU (1<<15) /* High bit is set in queries for unicast queries */ 671 #define C_FLUSH (1<<15) /* High bit is set for MDNS cache flush */ 672 673 /* Bit fields in the flags */ 674 #define F_RESPONSE (1<<15) /* packet is response */ 675 #define F_OPCODE (0xF<<11) /* query opcode */ 676 #define OPCODE_SHIFT 11 677 #define F_AUTHORITATIVE (1<<10) /* response is authoritative */ 678 #define F_CONFLICT (1<<10) /* conflict detected */ 679 #define F_TRUNCATED (1<<9) /* response is truncated */ 680 #define F_RECDESIRED (1<<8) /* recursion desired */ 681 #define F_TENTATIVE (1<<8) /* response is tentative */ 682 #define F_RECAVAIL (1<<7) /* recursion available */ 683 #define F_Z (1<<6) /* Z */ 684 #define F_AUTHENTIC (1<<5) /* authentic data (RFC2535) */ 685 #define F_CHECKDISABLE (1<<4) /* checking disabled (RFC2535) */ 686 #define F_RCODE (0xF<<0) /* reply code */ 687 688 /* Optcode values for EDNS0 options (RFC 2671) */ 689 #define O_LLQ 1 /* Long-lived query (on-hold, draft-sekar-dns-llq) */ 690 #define O_UL 2 /* Update lease (on-hold, draft-sekar-dns-ul) */ 691 #define O_NSID 3 /* Name Server Identifier (RFC 5001) */ 692 #define O_OWNER 4 /* Owner, reserved (draft-cheshire-edns0-owner-option) */ 693 #define O_DAU 5 /* DNSSEC Algorithm Understood (RFC6975) */ 694 #define O_DHU 6 /* DS Hash Understood (RFC6975) */ 695 #define O_N3U 7 /* NSEC3 Hash Understood (RFC6975) */ 696 #define O_CLIENT_SUBNET 8 /* Client subnet as assigned by IANA */ 697 #define O_EDNS_EXPIRE 9 /* EDNS Expire (RFC7314) */ 698 #define O_CLIENT_SUBNET_EXP 0x50fa /* Client subnet (placeholder value, draft-vandergaast-edns-client-subnet) */ 699 #define O_COOKIE 10 /* Cookies (RFC7873) */ 700 #define O_EDNS_TCP_KA 11 /* edns-tcp-keepalive EDNS0 Option (RFC7828) */ 701 #define O_PADDING 12 /* EDNS(0) Padding Option (RFC7830) */ 702 #define O_CHAIN 13 /* draft-ietf-dnsop-edns-chain-query */ 703 #define O_EXT_ERROR 15 /* Extended DNS Errors (RFC8914) */ 704 705 #define MIN_DNAME_LEN 2 /* minimum domain name length */ 706 707 static const true_false_string tfs_flags_response = { 708 "Message is a response", 709 "Message is a query" 710 }; 711 712 static const true_false_string tfs_flags_authoritative = { 713 "Server is an authority for domain", 714 "Server is not an authority for domain" 715 }; 716 717 static const true_false_string tfs_flags_conflict_query = { 718 "The sender received multiple responses", 719 "None" 720 }; 721 722 static const true_false_string tfs_flags_conflict_response = { 723 "The name is not considered unique", 724 "The name is considered unique" 725 }; 726 727 static const true_false_string tfs_flags_truncated = { 728 "Message is truncated", 729 "Message is not truncated" 730 }; 731 732 static const true_false_string tfs_flags_recdesired = { 733 "Do query recursively", 734 "Don't do query recursively" 735 }; 736 737 static const true_false_string tfs_flags_tentative = { 738 "Tentative", 739 "Not tentative" 740 }; 741 742 static const true_false_string tfs_flags_recavail = { 743 "Server can do recursive queries", 744 "Server can't do recursive queries" 745 }; 746 747 static const true_false_string tfs_flags_z = { 748 "reserved - incorrect!", 749 "reserved (0)" 750 }; 751 752 static const true_false_string tfs_flags_authenticated = { 753 "Answer/authority portion was authenticated by the server", 754 "Answer/authority portion was not authenticated by the server" 755 }; 756 757 static const true_false_string tfs_flags_checkdisable = { 758 "Acceptable", 759 "Unacceptable" 760 }; 761 762 static const true_false_string tfs_dns_rr_z_do = { 763 "Accepts DNSSEC security RRs", 764 "Cannot handle DNSSEC security RRs" 765 }; 766 767 /* Opcodes */ 768 #define OPCODE_QUERY 0 /* standard query */ 769 #define OPCODE_IQUERY 1 /* inverse query */ 770 #define OPCODE_STATUS 2 /* server status request */ 771 #define OPCODE_NOTIFY 4 /* zone change notification */ 772 #define OPCODE_UPDATE 5 /* dynamic update */ 773 #define OPCODE_DSO 6 /* DNS stateful operations */ 774 775 static const value_string opcode_vals[] = { 776 { OPCODE_QUERY, "Standard query" }, 777 { OPCODE_IQUERY, "Inverse query" }, 778 { OPCODE_STATUS, "Server status request" }, 779 { OPCODE_NOTIFY, "Zone change notification" }, 780 { OPCODE_UPDATE, "Dynamic update" }, 781 { OPCODE_DSO, "DNS Stateful operations (DSO)" }, 782 { 0, NULL } }; 783 784 /* Reply codes */ 785 #define RCODE_NOERROR 0 786 #define RCODE_FORMERR 1 787 #define RCODE_SERVFAIL 2 788 #define RCODE_NXDOMAIN 3 789 #define RCODE_NOTIMPL 4 790 #define RCODE_REFUSED 5 791 #define RCODE_YXDOMAIN 6 792 #define RCODE_YXRRSET 7 793 #define RCODE_NXRRSET 8 794 #define RCODE_NOTAUTH 9 795 #define RCODE_NOTZONE 10 796 #define RCODE_DSOTYPENI 11 797 798 #define RCODE_BAD 16 799 #define RCODE_BADKEY 17 800 #define RCODE_BADTIME 18 801 #define RCODE_BADMODE 19 802 #define RCODE_BADNAME 20 803 #define RCODE_BADALG 21 804 #define RCODE_BADTRUNC 22 805 #define RCODE_BADCOOKIE 23 806 807 static const value_string rcode_vals[] = { 808 { RCODE_NOERROR, "No error" }, 809 { RCODE_FORMERR, "Format error" }, 810 { RCODE_SERVFAIL, "Server failure" }, 811 { RCODE_NXDOMAIN, "No such name" }, 812 { RCODE_NOTIMPL, "Not implemented" }, 813 { RCODE_REFUSED, "Refused" }, 814 { RCODE_YXDOMAIN, "Name exists" }, 815 { RCODE_YXRRSET, "RRset exists" }, 816 { RCODE_NXRRSET, "RRset does not exist" }, 817 { RCODE_NOTAUTH, "Not authoritative" }, 818 { RCODE_NOTZONE, "Name out of zone" }, 819 { RCODE_DSOTYPENI, "DSO-Type not implemented" }, 820 /* 12-15 Unassigned */ 821 { RCODE_BAD, "Bad OPT Version or TSIG Signature Failure" }, 822 { RCODE_BADKEY, "Key not recognized" }, 823 { RCODE_BADTIME, "Signature out of time window" }, 824 { RCODE_BADMODE, "Bad TKEY Mode" }, 825 { RCODE_BADNAME, "Duplicate key name" }, 826 { RCODE_BADALG, "Algorithm not supported" }, 827 { RCODE_BADTRUNC, "Bad Truncation" }, 828 { RCODE_BADCOOKIE, "Bad/missing Server Cookie" }, 829 { 0, NULL } 830 }; 831 832 #define NSEC3_HASH_RESERVED 0 833 #define NSEC3_HASH_SHA1 1 834 835 #define NSEC3_FLAG_OPTOUT 1 836 837 static const value_string hash_algorithms[] = { 838 { NSEC3_HASH_RESERVED, "Reserved" }, 839 { NSEC3_HASH_SHA1, "SHA-1" }, 840 { 0, NULL } }; 841 842 static const true_false_string tfs_flags_nsec3_optout = { 843 "Additional insecure delegations allowed", 844 "Additional insecure delegations forbidden" 845 }; 846 static const true_false_string tfs_required_experimental = { "Experimental or optional", "Required" }; 847 848 #define TKEYMODE_SERVERASSIGNED (1) 849 #define TKEYMODE_DIFFIEHELLMAN (2) 850 #define TKEYMODE_GSSAPI (3) 851 #define TKEYMODE_RESOLVERASSIGNED (4) 852 #define TKEYMODE_DELETE (5) 853 854 static const value_string tkey_mode_vals[] = { 855 { TKEYMODE_SERVERASSIGNED, "Server assigned" }, 856 { TKEYMODE_DIFFIEHELLMAN, "Diffie Hellman" }, 857 { TKEYMODE_GSSAPI, "GSSAPI" }, 858 { TKEYMODE_RESOLVERASSIGNED, "Resolver assigned" }, 859 { TKEYMODE_DELETE, "Delete" }, 860 { 0, NULL } 861 }; 862 863 /* 864 * SSHFP (RFC 4255) algorithm number and fingerprint types 865 */ 866 #define TSSHFP_ALGO_RESERVED (0) 867 #define TSSHFP_ALGO_RSA (1) 868 #define TSSHFP_ALGO_DSA (2) 869 #define TSSHFP_ALGO_ECDSA (3) 870 #define TSSHFP_ALGO_ED25519 (4) 871 #define TSSHFP_ALGO_XMSS (5) 872 873 #define TSSHFP_FTYPE_RESERVED (0) 874 #define TSSHFP_FTYPE_SHA1 (1) 875 #define TSSHFP_FTYPE_SHA256 (2) 876 877 static const value_string sshfp_algo_vals[] = { 878 { TSSHFP_ALGO_RESERVED, "Reserved" }, 879 { TSSHFP_ALGO_RSA, "RSA" }, 880 { TSSHFP_ALGO_DSA, "DSA" }, 881 { TSSHFP_ALGO_ECDSA, "ECDSA" }, 882 { TSSHFP_ALGO_ED25519, "Ed25519" }, 883 { TSSHFP_ALGO_XMSS, "XMSS" }, 884 { 0, NULL } 885 }; 886 887 static const value_string sshfp_fingertype_vals[] = { 888 { TSSHFP_FTYPE_RESERVED, "Reserved" }, 889 { TSSHFP_FTYPE_SHA1, "SHA1" }, 890 { TSSHFP_FTYPE_SHA256, "SHA256" }, 891 { 0, NULL } 892 }; 893 894 /* HIP PK ALGO RFC 5205 */ 895 #define THIP_ALGO_RESERVED (0) 896 #define THIP_ALGO_DSA (1) 897 #define THIP_ALGO_RSA (2) 898 899 900 static const value_string hip_algo_vals[] = { 901 { THIP_ALGO_DSA, "DSA" }, 902 { THIP_ALGO_RSA, "RSA" }, 903 { THIP_ALGO_RESERVED, "Reserved" }, 904 { 0, NULL } 905 }; 906 907 /* RFC 3123 */ 908 #define DNS_APL_NEGATION (1<<7) 909 #define DNS_APL_AFDLENGTH (0x7F<<0) 910 911 static const true_false_string tfs_dns_apl_negation = { 912 "Yes (!)", 913 "No (0)" 914 }; 915 916 static const value_string afamily_vals[] = { 917 { AFNUM_INET, "IPv4" }, 918 { AFNUM_INET6, "IPv6" }, 919 { 0, NULL } 920 }; 921 922 /* RFC 6844 */ 923 #define CAA_FLAG_ISSUER_CRITICAL (1<<7) 924 925 /* See RFC 1035 for all RR types for which no RFC is listed, except for 926 the ones with "???", and for the Microsoft WINS and WINS-R RRs, for 927 which one should look at 928 929 http://www.windows.com/windows2000/en/server/help/sag_DNS_imp_UsingWinsLookup.htm 930 931 and 932 933 http://www.microsoft.com/windows2000/library/resources/reskit/samplechapters/cncf/cncf_imp_wwaw.asp 934 935 which discuss them to some extent. */ 936 /* http://www.iana.org/assignments/dns-parameters (last updated 2015-07-26)*/ 937 938 static const value_string dns_qr_vals[] = { 939 { 0, "Query" }, 940 { 1, "Response" }, 941 { 0, NULL } 942 }; 943 static const value_string dns_types_vals[] = { 944 { 0, "Unused" }, 945 { T_A, "A" }, 946 { T_NS, "NS" }, 947 { T_MD, "MD" }, 948 { T_MF, "MF" }, 949 { T_CNAME, "CNAME" }, 950 { T_SOA, "SOA" }, 951 { T_MB, "MB" }, 952 { T_MG, "MG" }, 953 { T_MR, "MR" }, 954 { T_NULL, "NULL" }, 955 { T_WKS, "WKS" }, 956 { T_PTR, "PTR" }, 957 { T_HINFO, "HINFO" }, 958 { T_MINFO, "MINFO" }, 959 { T_MX, "MX" }, 960 { T_TXT, "TXT" }, 961 { T_RP, "RP" }, /* RFC 1183 */ 962 { T_AFSDB, "AFSDB" }, /* RFC 1183 */ 963 { T_X25, "X25" }, /* RFC 1183 */ 964 { T_ISDN, "ISDN" }, /* RFC 1183 */ 965 { T_RT, "RT" }, /* RFC 1183 */ 966 { T_NSAP, "NSAP" }, /* RFC 1706 */ 967 { T_NSAP_PTR, "NSAP-PTR" }, /* RFC 1348 */ 968 { T_SIG, "SIG" }, /* RFC 2535 */ 969 { T_KEY, "KEY" }, /* RFC 2535 */ 970 { T_PX, "PX" }, /* RFC 1664 */ 971 { T_GPOS, "GPOS" }, /* RFC 1712 */ 972 { T_AAAA, "AAAA" }, /* RFC 1886 */ 973 { T_LOC, "LOC" }, /* RFC 1886 */ 974 { T_NXT, "NXT" }, /* RFC 1876 */ 975 { T_EID, "EID" }, 976 { T_NIMLOC, "NIMLOC" }, 977 { T_SRV, "SRV" }, /* RFC 2052 */ 978 { T_ATMA, "ATMA" }, 979 { T_NAPTR, "NAPTR" }, /* RFC 3403 */ 980 { T_KX, "KX" }, /* RFC 2230 */ 981 { T_CERT, "CERT" }, /* RFC 4398 */ 982 { T_A6, "A6" }, /* RFC 2874 */ 983 { T_DNAME, "DNAME" }, /* RFC 2672 */ 984 { T_SINK, "SINK" }, 985 { T_OPT, "OPT" }, /* RFC 2671 */ 986 { T_APL, "APL" }, /* RFC 3123 */ 987 { T_DS, "DS" }, /* RFC 4034 */ 988 { T_SSHFP, "SSHFP" }, /* RFC 4255 */ 989 { T_IPSECKEY, "IPSECKEY" }, /* RFC 4025 */ 990 { T_RRSIG, "RRSIG" }, /* RFC 4034 */ 991 { T_NSEC, "NSEC" }, /* RFC 4034 */ 992 { T_DNSKEY, "DNSKEY" }, /* RFC 4034 */ 993 { T_DHCID, "DHCID" }, /* RFC 4701 */ 994 { T_NSEC3, "NSEC3" }, /* RFC 5155 */ 995 { T_NSEC3PARAM, "NSEC3PARAM" }, /* RFC 5155 */ 996 { T_TLSA, "TLSA" }, 997 { T_HIP, "HIP" }, /* RFC 5205 */ 998 { T_RKEY, "RKEY" }, 999 { T_TALINK, "TALINK" }, 1000 { T_CDS, "CDS" }, /* RFC 7344 */ 1001 { T_CDNSKEY, "CDNSKEY" }, /* RFC 7344*/ 1002 { T_OPENPGPKEY, "OPENPGPKEY" }, /* draft-ietf-dane-openpgpkey */ 1003 { T_CSYNC, "CSYNC" }, /* RFC 7477 */ 1004 { T_ZONEMD, "ZONEMD" }, /* RFC 8976 */ 1005 { T_SVCB, "SVCB" }, /* draft-ietf-dnsop-svcb-https-01 */ 1006 { T_HTTPS, "HTTPS" }, /* draft-ietf-dnsop-svcb-https-01 */ 1007 { T_SPF, "SPF" }, /* RFC 4408 */ 1008 { T_UINFO, "UINFO" }, /* IANA reserved */ 1009 { T_UID, "UID" }, /* IANA reserved */ 1010 { T_GID, "GID" }, /* IANA reserved */ 1011 { T_UNSPEC, "UNSPEC" }, /* IANA reserved */ 1012 { T_NID, "NID" }, /* RFC 6742 */ 1013 { T_L32, "L32" }, /* RFC 6742 */ 1014 { T_L64, "L64" }, /* RFC 6742 */ 1015 { T_LP, "LP" }, /* RFC 6742 */ 1016 { T_EUI48, "EUI48" }, /* RFC 7043 */ 1017 { T_EUI64, "EUI64" }, /* RFC 7043 */ 1018 { T_TKEY, "TKEY" }, 1019 { T_TSIG, "TSIG" }, 1020 { T_IXFR, "IXFR" }, 1021 { T_AXFR, "AXFR" }, 1022 { T_MAILB, "MAILA" }, 1023 { T_MAILA, "MAILB" }, 1024 { T_ANY, "ANY" }, 1025 { T_URI, "URI" }, 1026 { T_CAA, "CAA" }, /* RFC 6844 */ 1027 1028 { T_TA, "TA" }, 1029 { T_DLV, "DLV" }, /* RFC 4431 */ 1030 1031 { T_WINS, "WINS" }, 1032 { T_WINS_R, "WINS-R" }, 1033 { T_XPF, "XPF" }, /* draft-bellis-dnsop-xpf */ 1034 1035 {0, NULL} 1036 }; 1037 1038 static value_string_ext dns_types_vals_ext = VALUE_STRING_EXT_INIT(dns_types_vals); 1039 1040 static const value_string dns_types_description_vals[] = { 1041 { 0, "Unused" }, 1042 { T_A, "A (Host Address)" }, 1043 { T_NS, "NS (authoritative Name Server)" }, 1044 { T_MD, "MD (Mail Destination)" }, 1045 { T_MF, "MF (Mail Forwarder)" }, 1046 { T_CNAME, "CNAME (Canonical NAME for an alias)" }, 1047 { T_SOA, "SOA (Start Of a zone of Authority)" }, 1048 { T_MB, "MB (MailBox domain name)"}, 1049 { T_MG, "MG (Mail Group member)" }, 1050 { T_MR, "MR (Mail Rename domain)" }, 1051 { T_NULL, "NULL RR" }, 1052 { T_WKS, "WKS (Well Known Service)" }, 1053 { T_PTR, "PTR (domain name PoinTeR)" }, 1054 { T_HINFO, "HINFO (host information)" }, 1055 { T_MINFO, "MINFO (Mailbox or mail list information)" }, 1056 { T_MX, "MX (Mail eXchange)" }, 1057 { T_TXT, "TXT (Text strings)" }, 1058 { T_RP, "RP (Responsible Person)" }, /* RFC 1183 */ 1059 { T_AFSDB, "AFSDB (AFS Data Base location)" }, /* RFC 1183 */ 1060 { T_X25, "X25 (XX.25 PSDN address)" }, /* RFC 1183 */ 1061 { T_ISDN, "ISDN (ISDN address)" }, /* RFC 1183 */ 1062 { T_RT, "RT (Route Through)" }, /* RFC 1183 */ 1063 { T_NSAP, "NSAP (NSAP address)" }, 1064 { T_NSAP_PTR, "NSAP-PTR (NSAP domain name pointer)" }, 1065 { T_SIG, "SIG (security signature)" }, 1066 { T_KEY, "KEY (security key)" }, 1067 { T_PX, "PX (X.400 mail mapping information)" }, 1068 { T_GPOS, "GPOS (Geographical Position)" }, 1069 { T_AAAA, "AAAA (IPv6 Address)" }, 1070 { T_LOC, "LOC (Location Information)" }, 1071 { T_NXT, "NXT (Next Domain)" }, 1072 { T_EID, "EID (Endpoint Identifier)" }, 1073 { T_NIMLOC, "NIMLOC (Nimrod Locator)" }, 1074 { T_SRV, "SRV (Server Selection)" }, 1075 { T_ATMA, "ATMA (ATM Address)" }, 1076 { T_NAPTR, "NAPTR (Naming Authority Pointer)" }, 1077 { T_KX, "KX (Key Exchanger)" }, 1078 { T_CERT, "CERT" }, 1079 { T_A6, "A6 (OBSOLETE - use AAAA)" }, 1080 { T_DNAME, "DNAME" }, 1081 { T_SINK, "SINK" }, 1082 { T_OPT, "OPT" }, 1083 { T_APL, "APL" }, 1084 { T_DS, "DS (Delegation Signer)" }, 1085 { T_SSHFP, "SSHFP (SSH Key Fingerprint)" }, 1086 { T_IPSECKEY, "IPSECKEY" }, 1087 { T_RRSIG, "RRSIG (Resource Record Signature)" }, 1088 { T_NSEC, "NSEC (Next Secure)" }, 1089 { T_DNSKEY, "DNSKEY (DNS Public Key)" }, 1090 { T_DHCID, "DHCID" }, 1091 { T_NSEC3, "NSEC3" }, 1092 { T_NSEC3PARAM, "NSEC3PARAM" }, 1093 { T_TLSA, "TLSA" }, 1094 { T_HIP, "HIP (Host Identity Protocol)" }, /* RFC 5205 */ 1095 { T_RKEY, "RKEY" }, 1096 { T_TALINK, "TALINK (Trust Anchor LINK)" }, 1097 { T_CDS, "CDS (Child DS)" }, /* RFC 7344 */ 1098 { T_CDNSKEY, "CDNSKEY (DNSKEY(s) the Child wants reflected in DS)" }, /* RFC 7344 */ 1099 { T_OPENPGPKEY, "OPENPGPKEY (OpenPGP Key)" }, /* draft-ietf-dane-openpgpkey */ 1100 { T_CSYNC, "CSYNC (Child-to-Parent Synchronization)" }, /* RFC 7477 */ 1101 { T_ZONEMD, "ZONEMD" }, /* RFC 8976 */ 1102 { T_SVCB, "SVCB (General Purpose Service Endpoints)" }, /* draft-ietf-dnsop-svcb-https*/ 1103 { T_HTTPS, "HTTPS (HTTPS Specific Service Endpoints)" }, /* draft-ietf-dnsop-svcb-https*/ 1104 { T_SPF, "SPF" }, /* RFC 4408 */ 1105 { T_UINFO, "UINFO" }, /* IANA reserved */ 1106 { T_UID, "UID" }, /* IANA reserved */ 1107 { T_GID, "GID" }, /* IANA reserved */ 1108 { T_UNSPEC, "UNSPEC" }, /* IANA reserved */ 1109 { T_NID, "NID (NodeID)" }, 1110 { T_L32, "L32 (Locator32)" }, 1111 { T_L64, "L64 (Locator64)" }, 1112 { T_LP, "LP (Locator FQDN)" }, 1113 { T_EUI48, "EUI48" }, 1114 { T_EUI64, "EUI64" }, 1115 1116 { T_TKEY, "TKEY (Transaction Key)" }, 1117 { T_TSIG, "TSIG (Transaction Signature)" }, 1118 { T_IXFR, "IXFR (incremental transfer)" }, 1119 { T_AXFR, "AXFR (transfer of an entire zone)" }, 1120 { T_MAILB, "MAILB (mailbox-related RRs)" }, 1121 { T_MAILA, "MAILA (mail agent RRs)" }, 1122 { T_ANY, "* (A request for all records the server/cache has available)" }, 1123 { T_URI, "URI" }, 1124 { T_CAA, "CAA (Certification Authority Restriction)" }, /* RFC 6844 */ 1125 { T_TA, "TA (DNSSEC Trust Authorities)" }, 1126 { T_DLV, "DLV (DNSSEC Lookaside Validation)" }, /* RFC 4431 */ 1127 1128 { T_WINS, "WINS" }, 1129 { T_WINS_R, "WINS-R" }, 1130 { T_XPF, "XPF" }, /* draft-bellis-dnsop-xpf */ 1131 1132 {0, NULL} 1133 }; 1134 1135 static value_string_ext dns_types_description_vals_ext = VALUE_STRING_EXT_INIT(dns_types_description_vals); 1136 1137 static const value_string edns0_opt_code_vals[] = { 1138 {0, "Reserved"}, 1139 {O_LLQ, "LLQ - Long-lived query"}, 1140 {O_UL, "UL - Update lease"}, 1141 {O_NSID, "NSID - Name Server Identifier"}, 1142 {O_OWNER, "Owner (reserved)"}, 1143 {O_DAU, "DAU - DNSSEC Algorithm Understood (RFC6975)"}, 1144 {O_DHU, "DHU - DS Hash Understood (RFC6975)"}, 1145 {O_N3U, "N3U - NSEC3 Hash Understood (RFC6975)"}, 1146 {O_CLIENT_SUBNET_EXP, "Experimental - CSUBNET - Client subnet" }, 1147 {O_CLIENT_SUBNET, "CSUBNET - Client subnet" }, 1148 {O_EDNS_EXPIRE, "EDNS EXPIRE (RFC7314)"}, 1149 {O_COOKIE, "COOKIE"}, 1150 {O_EDNS_TCP_KA, "EDNS TCP Keepalive"}, 1151 {O_PADDING, "PADDING"}, 1152 {O_CHAIN, "CHAIN"}, 1153 {O_EXT_ERROR, "Extended DNS Error"}, 1154 {0, NULL} 1155 }; 1156 /* DNS-Based Authentication of Named Entities (DANE) Parameters 1157 http://www.iana.org/assignments/dane-parameters (last updated 2014-04-23) 1158 */ 1159 /* TLSA Certificate Usages */ 1160 #define TLSA_CU_PKIX_TA 0 1161 #define TLSA_CU_PKIX_EE 1 1162 #define TLSA_CU_DANE_TA 2 1163 #define TLSA_CU_DANE_EE 3 1164 1165 static const value_string tlsa_certificate_usage_vals[] = { 1166 {TLSA_CU_PKIX_TA, "CA constraint (PKIX-TA)"}, 1167 {TLSA_CU_PKIX_EE, "Service certificate constraint (PKIX-EE)"}, 1168 {TLSA_CU_DANE_TA, "Trust anchor assertion (DANE-TA)"}, 1169 {TLSA_CU_DANE_EE, "Domain-issued certificate (DANE-EE)"}, 1170 {0, NULL} 1171 }; 1172 1173 /* TLSA Selectors */ 1174 #define TLSA_S_CERT 0 1175 #define TLSA_S_SPKI 1 1176 1177 static const value_string tlsa_selector_vals[] = { 1178 {TLSA_S_CERT, "Full certificate (Cert)"}, 1179 {TLSA_S_SPKI, "SubjectPublicKeyInfo (SPKI)"}, 1180 {0, NULL} 1181 }; 1182 1183 /* TLSA Matching Types */ 1184 #define TLSA_MT_FULL 0 1185 #define TLSA_MT_SHA_256 1 1186 #define TLSA_MT_SHA_512 2 1187 1188 static const value_string tlsa_matching_type_vals[] = { 1189 {TLSA_MT_FULL, "No Hash Used (Full)"}, 1190 {TLSA_MT_SHA_256, "256 bit hash by SHA2 (SHA2-256)"}, 1191 {TLSA_MT_SHA_512, "512 bit hash by SHA2 (SHA2-512)"}, 1192 {0, NULL} 1193 }; 1194 1195 /* IPSECKEY RFC4025 */ 1196 static const value_string gw_algo_vals[] = { 1197 { 1, "DSA" }, 1198 { 2, "RSA" }, 1199 { 0, NULL } 1200 }; 1201 1202 static const value_string gw_type_vals[] = { 1203 { 0, "No Gateway" }, 1204 { 1, "IPv4 Gateway" }, 1205 { 2, "IPv6 Gateway" }, 1206 { 3, "DNS Gateway" }, 1207 { 0, NULL } 1208 }; 1209 1210 const value_string dns_classes[] = { 1211 {C_IN, "IN"}, 1212 {C_CS, "CS"}, 1213 {C_CH, "CH"}, 1214 {C_HS, "HS"}, 1215 {C_NONE, "NONE"}, 1216 {C_ANY, "ANY"}, 1217 {0,NULL} 1218 }; 1219 1220 /* DSO Type Opcodes RFC8490 */ 1221 #define DSO_TYPE_RES 0x0000 /* RFC8490 */ 1222 #define DSO_TYPE_KEEPALIVE 0x0001 /* RFC8490 */ 1223 #define DSO_TYPE_RETRYDELAY 0x0002 /* RFC8490 */ 1224 #define DSO_TYPE_ENCPAD 0x0003 /* RFC8490 */ 1225 #define DSO_TYPE_SUBSCRIBE 0x0040 /* RF8765 */ 1226 #define DSO_TYPE_PUSH 0x0041 /* RF8765 */ 1227 #define DSO_TYPE_UNSUBSCRIBE 0x0042 /* RF8765 */ 1228 #define DSO_TYPE_RECONFIRM 0x0043 /* RF8765 */ 1229 1230 static const range_string dns_dso_type_rvals[] = { 1231 { DSO_TYPE_RES, DSO_TYPE_RES, "Reserved" }, 1232 { DSO_TYPE_KEEPALIVE, DSO_TYPE_KEEPALIVE, "Keep Alive" }, 1233 { DSO_TYPE_RETRYDELAY, DSO_TYPE_RETRYDELAY, "Retry Delay" }, 1234 { DSO_TYPE_ENCPAD, DSO_TYPE_ENCPAD, "Encryption Padding" }, 1235 { 0x0004, 0x003F, "Unassigned, reserved for DSO session-management TLVs" }, 1236 { DSO_TYPE_SUBSCRIBE, DSO_TYPE_SUBSCRIBE, "Subscribe" }, 1237 { DSO_TYPE_PUSH, DSO_TYPE_PUSH, "Push" }, 1238 { DSO_TYPE_UNSUBSCRIBE, DSO_TYPE_UNSUBSCRIBE, "Unsubscribe" }, 1239 { DSO_TYPE_RECONFIRM, DSO_TYPE_RECONFIRM, "Reconfirm" }, 1240 { 0x0044, 0xF7FF, "Unassigned" }, 1241 { 0xF800, 0xFBFF, "Reserved for Experimental/Local Use" }, 1242 { 0xFC00, 0xFFFF, "Reserved for future expansion" }, 1243 { 0, 0, NULL } 1244 }; 1245 1246 #define DNS_SVCB_KEY_MANDATORY 0 1247 #define DNS_SVCB_KEY_ALPN 1 1248 #define DNS_SVCB_KEY_NOALPN 2 1249 #define DNS_SVCB_KEY_PORT 3 1250 #define DNS_SVCB_KEY_IPV4HINT 4 1251 #define DNS_SVCB_KEY_ECHCONFIG 5 1252 #define DNS_SVCB_KEY_IPV6HINT 6 1253 #define DNS_SVCB_KEY_ODOHCONFIG 32769 /* draft-pauly-dprive-oblivious-doh-02 */ 1254 #define DNS_SVCB_KEY_RESERVED 65535 1255 1256 /** 1257 * Service Binding (SVCB) Parameter Registry. 1258 * https://tools.ietf.org/html/draft-ietf-dnsop-svcb-https-01#section-12.3.2 1259 */ 1260 static const value_string dns_svcb_param_key_vals[] = { 1261 { DNS_SVCB_KEY_MANDATORY, "mandatory" }, 1262 { DNS_SVCB_KEY_ALPN, "alpn" }, 1263 { DNS_SVCB_KEY_NOALPN, "no-default-alpn" }, 1264 { DNS_SVCB_KEY_PORT, "port" }, 1265 { DNS_SVCB_KEY_IPV4HINT, "ipv4hint" }, 1266 { DNS_SVCB_KEY_ECHCONFIG, "echconfig" }, 1267 { DNS_SVCB_KEY_IPV6HINT, "ipv6hint" }, 1268 { DNS_SVCB_KEY_ODOHCONFIG, "odohconfig" }, 1269 { DNS_SVCB_KEY_RESERVED, "key65535" }, 1270 { 0, NULL } 1271 }; 1272 1273 static int * const dns_csync_flags[] = { 1274 &hf_dns_csync_flags_immediate, 1275 &hf_dns_csync_flags_soaminimum, 1276 NULL 1277 }; 1278 1279 #define DNS_ZONEMD_SCHEME_SIMPLE 1 1280 1281 static const range_string dns_zonemd_scheme[] = { 1282 { 0, 0, "Reserved" }, 1283 { DNS_ZONEMD_SCHEME_SIMPLE, DNS_ZONEMD_SCHEME_SIMPLE, "SIMPLE" }, 1284 { 2, 239, "Unassigned" }, 1285 { 240, 254, "Private Use" }, 1286 { 255, 255, "Reserved" }, 1287 { 0, 0, NULL } }; 1288 1289 #define DNS_ZONEMD_HASH_SHA384 1 1290 #define DNS_ZONEMD_HASH_SHA512 2 1291 1292 static const range_string dns_zonemd_hash_algo[] = { 1293 { 0, 0, "Reserved" }, 1294 { DNS_ZONEMD_HASH_SHA384, DNS_ZONEMD_HASH_SHA384, "SHA-384" }, 1295 { DNS_ZONEMD_HASH_SHA512, DNS_ZONEMD_HASH_SHA512, "SHA-512" }, 1296 { 3, 239, "Unassigned" }, 1297 { 240, 254, "Private Use" }, 1298 { 255, 255, "Reserved" }, 1299 { 0, 0, NULL } }; 1300 1301 static const range_string dns_ext_err_info_code[] = { 1302 { 0, 0, "Other Error" }, 1303 { 1, 1, "Unsupported DNSKEY Algorithm" }, 1304 { 2, 2, "Unsupported DS Digest Type" }, 1305 { 3, 3, "Stale Answer" }, 1306 { 4, 4, "Forged Answer" }, 1307 { 5, 5, "DNSSEC Indeterminate" }, 1308 { 6, 6, "DNSSEC Bogus" }, 1309 { 7, 7, "Signature Expired" }, 1310 { 8, 8, "Signature Not Yet Valid" }, 1311 { 9, 9, "DNSKEY Missing" }, 1312 { 10, 10, "RRSIGs Missing" }, 1313 { 11, 11, "No Zone Key Bit Set" }, 1314 { 12, 12, "NSEC Missing" }, 1315 { 13, 13, "Cached Error" }, 1316 { 14, 14, "Not Ready" }, 1317 { 15, 15, "Blocked" }, 1318 { 16, 16, "Censored" }, 1319 { 17, 17, "Filtered" }, 1320 { 18, 18, "Prohibited" }, 1321 { 19, 19, "Stale NXDomain Answer" }, 1322 { 20, 20, "Not Authoritative" }, 1323 { 21, 21, "Not Supported" }, 1324 { 22, 22, "No Reachable Authority" }, 1325 { 23, 23, "Network Error" }, 1326 { 24, 24, "Invalid Data" }, 1327 { 25, 49151, "Unassigned" }, 1328 { 49152, 65535, "Reserved for Private Use" }, 1329 { 0, 0, NULL } }; 1330 1331 1332 /* This function counts how many '.' are in the string, plus 1, in order to count the number 1333 * of labels 1334 */ 1335 static guint 1336 qname_labels_count(const gchar* name, gint name_len) 1337 { 1338 guint labels = 0; 1339 gint i; 1340 1341 if (name_len > 1) { 1342 /* it was not a Zero-length name */ 1343 for (i = 0; i < name_len; i++) { 1344 if (name[i] == '.') 1345 labels++; 1346 } 1347 labels++; 1348 } 1349 return labels; 1350 } 1351 1352 /* This function returns the number of bytes consumed and the expanded string 1353 * in *name. 1354 * The string is allocated with wmem_packet_scope scope and does not need to be freed. 1355 * it will be automatically freed when the packet has been dissected. 1356 */ 1357 static int 1358 expand_dns_name(tvbuff_t *tvb, int offset, int max_len, int dns_data_offset, 1359 const gchar **name, gint* name_len) 1360 { 1361 int start_offset = offset; 1362 gchar *np; 1363 int len = -1; 1364 int pointers_count = 0; 1365 int component_len; 1366 int indir_offset; 1367 int maxname; 1368 1369 const int min_len = 1; /* Minimum length of encoded name (for root) */ 1370 /* If we're about to return a value (probably negative) which is less 1371 * than the minimum length, we're looking at bad data and we're liable 1372 * to put the dissector into a loop. Instead we throw an exception */ 1373 1374 maxname = MAX_DNAME_LEN; 1375 np=(gchar *)wmem_alloc(wmem_packet_scope(), maxname); 1376 *name=np; 1377 (*name_len) = 0; 1378 1379 for (;;) { 1380 if (max_len && offset - start_offset > max_len - 1) { 1381 break; 1382 } 1383 component_len = tvb_get_guint8(tvb, offset); 1384 offset++; 1385 if (component_len == 0) { 1386 break; 1387 } 1388 switch (component_len & 0xc0) { 1389 1390 case 0x00: 1391 /* Label */ 1392 if (np != *name) { 1393 /* Not the first component - put in a '.'. */ 1394 if (maxname > 0) { 1395 *np++ = '.'; 1396 (*name_len)++; 1397 maxname--; 1398 } 1399 } 1400 else { 1401 maxname--; 1402 } 1403 while (component_len > 0) { 1404 if (max_len && offset - start_offset > max_len - 1) { 1405 THROW(ReportedBoundsError); 1406 } 1407 if (maxname > 0) { 1408 *np++ = tvb_get_guint8(tvb, offset); 1409 (*name_len)++; 1410 maxname--; 1411 } 1412 component_len--; 1413 offset++; 1414 } 1415 break; 1416 1417 case 0x40: 1418 /* Extended label (RFC 2673) */ 1419 switch (component_len & 0x3f) { 1420 1421 case 0x01: 1422 /* Bitstring label */ 1423 { 1424 int bit_count; 1425 int label_len; 1426 int print_len; 1427 1428 bit_count = tvb_get_guint8(tvb, offset); 1429 offset++; 1430 label_len = (bit_count - 1) / 8 + 1; 1431 1432 if (maxname > 0) { 1433 print_len = g_snprintf(np, maxname, "\\[x"); 1434 if (print_len <= maxname) { 1435 np += print_len; 1436 maxname -= print_len; 1437 } else { 1438 /* Nothing printed, as there's no room. 1439 Suppress all subsequent printing. */ 1440 maxname = 0; 1441 } 1442 } 1443 while (label_len--) { 1444 if (maxname > 0) { 1445 print_len = g_snprintf(np, maxname, "%02x", 1446 tvb_get_guint8(tvb, offset)); 1447 if (print_len <= maxname) { 1448 np += print_len; 1449 maxname -= print_len; 1450 } else { 1451 /* Nothing printed, as there's no room. 1452 Suppress all subsequent printing. */ 1453 maxname = 0; 1454 } 1455 } 1456 offset++; 1457 } 1458 if (maxname > 0) { 1459 print_len = g_snprintf(np, maxname, "/%d]", bit_count); 1460 if (print_len <= maxname) { 1461 np += print_len; 1462 maxname -= print_len; 1463 } else { 1464 /* Nothing printed, as there's no room. 1465 Suppress all subsequent printing. */ 1466 maxname = 0; 1467 } 1468 } 1469 } 1470 break; 1471 1472 default: 1473 *name="<Unknown extended label>"; 1474 *name_len = (guint)strlen(*name); 1475 /* Parsing will probably fail from here on, since the */ 1476 /* label length is unknown... */ 1477 len = offset - start_offset; 1478 if (len < min_len) { 1479 THROW(ReportedBoundsError); 1480 } 1481 return len; 1482 } 1483 break; 1484 1485 case 0x80: 1486 THROW(ReportedBoundsError); 1487 break; 1488 1489 case 0xc0: 1490 /* Pointer. */ 1491 indir_offset = dns_data_offset + 1492 (((component_len & ~0xc0) << 8) | tvb_get_guint8(tvb, offset)); 1493 offset++; 1494 pointers_count++; 1495 1496 /* If "len" is negative, we are still working on the original name, 1497 not something pointed to by a pointer, and so we should set "len" 1498 to the length of the original name. */ 1499 if (len < 0) { 1500 len = offset - start_offset; 1501 } 1502 /* 1503 * If we find a pointer to itself, it is a trivial loop. Otherwise if we 1504 * processed a large number of pointers, assume an indirect loop. 1505 */ 1506 if (indir_offset == offset + 2 || pointers_count > MAX_DNAME_LEN) { 1507 *name="<Name contains a pointer that loops>"; 1508 *name_len = (guint)strlen(*name); 1509 if (len < min_len) { 1510 THROW(ReportedBoundsError); 1511 } 1512 return len; 1513 } 1514 1515 offset = indir_offset; 1516 break; /* now continue processing from there */ 1517 } 1518 } 1519 1520 // Do we have space for the terminating 0? 1521 if (maxname > 0) { 1522 *np = '\0'; 1523 } 1524 else { 1525 *name="<Name too long>"; 1526 *name_len = (guint)strlen(*name); 1527 } 1528 1529 /* If "len" is negative, we haven't seen a pointer, and thus haven't 1530 set the length, so set it. */ 1531 if (len < 0) { 1532 len = offset - start_offset; 1533 } 1534 1535 return len; 1536 } 1537 1538 /* return the bytes in the tvb consumed by the function. The converted string (that 1539 can contain null bytes, is written in name and its length in name_len. */ 1540 int 1541 get_dns_name(tvbuff_t *tvb, int offset, int max_len, int dns_data_offset, 1542 const gchar **name, gint* name_len) 1543 { 1544 int len; 1545 1546 len = expand_dns_name(tvb, offset, max_len, dns_data_offset, name, name_len); 1547 1548 /* Zero-length name means "root server" */ 1549 if (**name == '\0' && len <= MIN_DNAME_LEN) { 1550 *name="<Root>"; 1551 *name_len = (gint)strlen(*name); 1552 return len; 1553 } 1554 1555 if ((len < MIN_DNAME_LEN) || (len > MIN_DNAME_LEN && *name_len == 0)) { 1556 THROW(ReportedBoundsError); 1557 } 1558 1559 return len; 1560 } 1561 1562 static int 1563 get_dns_name_type_class(tvbuff_t *tvb, int offset, int dns_data_offset, 1564 const gchar **name, int *name_len, guint16 *type, guint16 *dns_class) 1565 { 1566 int start_offset = offset; 1567 1568 offset += get_dns_name(tvb, offset, 0, dns_data_offset, name, name_len); 1569 1570 *type = tvb_get_ntohs(tvb, offset); 1571 offset += 2; 1572 1573 *dns_class = tvb_get_ntohs(tvb, offset); 1574 offset += 2; 1575 1576 return offset - start_offset; 1577 } 1578 1579 static double 1580 rfc1867_size(tvbuff_t *tvb, int offset) 1581 { 1582 guint8 val; 1583 double size; 1584 guint32 exponent; 1585 1586 val = tvb_get_guint8(tvb, offset); 1587 size = (val & 0xF0) >> 4; 1588 exponent = (val & 0x0F); 1589 while (exponent != 0) { 1590 size *= 10; 1591 exponent--; 1592 } 1593 return size / 100; /* return size in meters, not cm */ 1594 } 1595 1596 static char * 1597 rfc1867_angle(tvbuff_t *tvb, int offset, gboolean longitude) 1598 { 1599 guint32 angle; 1600 char direction; 1601 guint32 degrees, minutes, secs, tsecs; 1602 /* "%u deg %u min %u.%03u sec %c" */ 1603 static char buf[10+1+3+1 + 2+1+3+1 + 2+1+3+1+3+1 + 1 + 1]; 1604 1605 angle = tvb_get_ntohl(tvb, offset); 1606 1607 if (angle < 0x80000000U) { 1608 angle = 0x80000000U - angle; 1609 direction = longitude ? 'W' : 'S'; 1610 } else { 1611 angle = angle - 0x80000000U; 1612 direction = longitude ? 'E' : 'N'; 1613 } 1614 1615 if (longitude ? (angle > 648000000) : (angle > 324000000)) 1616 { 1617 g_snprintf(buf, sizeof(buf), "Value out of range"); 1618 return buf; 1619 } 1620 1621 tsecs = angle % 1000; 1622 angle = angle / 1000; 1623 secs = angle % 60; 1624 angle = angle / 60; 1625 minutes = angle % 60; 1626 degrees = angle / 60; 1627 1628 g_snprintf(buf, sizeof(buf), "%u deg %u min %u.%03u sec %c", degrees, minutes, secs, 1629 tsecs, direction); 1630 return buf; 1631 } 1632 1633 static int 1634 dissect_dns_query(tvbuff_t *tvb, int offset, int dns_data_offset, 1635 packet_info *pinfo, proto_tree *dns_tree, gboolean is_mdns, 1636 gboolean *is_multiple_responds) 1637 { 1638 int used_bytes; 1639 const gchar *name; 1640 gchar *name_out; 1641 int name_len; 1642 guint16 type; 1643 guint16 dns_class; 1644 int qu; 1645 const char *type_name; 1646 int data_start; 1647 guint16 labels; 1648 proto_tree *q_tree; 1649 proto_item *tq; 1650 1651 data_start = offset; 1652 1653 used_bytes = get_dns_name_type_class(tvb, offset, dns_data_offset, &name, &name_len, 1654 &type, &dns_class); 1655 1656 if (is_mdns) { 1657 /* Split the QU flag and the class */ 1658 qu = dns_class & C_QU; 1659 dns_class &= ~C_QU; 1660 } else { 1661 qu = 0; 1662 } 1663 1664 if (type == T_AXFR || type == T_IXFR) { 1665 *is_multiple_responds = TRUE; 1666 } 1667 1668 type_name = val_to_str_ext(type, &dns_types_vals_ext, "Unknown (%d)"); 1669 1670 /* 1671 * The name might contain octets that aren't printable characters, 1672 * format it for display. 1673 */ 1674 name_out = format_text(wmem_packet_scope(), (const guchar *)name, name_len); 1675 1676 col_append_fstr(pinfo->cinfo, COL_INFO, " %s %s", type_name, name_out); 1677 if (is_mdns) { 1678 col_append_fstr(pinfo->cinfo, COL_INFO, ", \"%s\" question", qu ? "QU" : "QM"); 1679 } 1680 if (dns_tree != NULL) { 1681 q_tree = proto_tree_add_subtree_format(dns_tree, tvb, offset, used_bytes, ett_dns_qd, &tq, "%s: type %s, class %s", 1682 name_out, type_name, val_to_str_const(dns_class, dns_classes, "Unknown")); 1683 if (is_mdns) { 1684 proto_item_append_text(tq, ", \"%s\" question", qu ? "QU" : "QM"); 1685 } 1686 1687 /* The number of used bytes for qname is the total used bytes minus 2 bytes for qtype and 2 bytes for qclass */ 1688 proto_tree_add_string(q_tree, hf_dns_qry_name, tvb, offset, used_bytes - 4, name_out); 1689 1690 tq = proto_tree_add_uint(q_tree, hf_dns_qry_name_len, tvb, offset, used_bytes - 4, name_len > 1 ? name_len : 0); 1691 proto_item_set_generated(tq); 1692 1693 labels = qname_labels_count(name, name_len); 1694 tq = proto_tree_add_uint(q_tree, hf_dns_count_labels, tvb, offset, used_bytes - 4, labels); 1695 proto_item_set_generated(tq); 1696 1697 offset += used_bytes - 4; 1698 1699 proto_tree_add_item(q_tree, hf_dns_qry_type, tvb, offset, 2, ENC_BIG_ENDIAN); 1700 offset += 2; 1701 1702 if (is_mdns) { 1703 proto_tree_add_uint(q_tree, hf_dns_qry_class_mdns, tvb, offset, 2, dns_class); 1704 proto_tree_add_boolean(q_tree, hf_dns_qry_qu, tvb, offset, 2, qu); 1705 } else { 1706 proto_tree_add_uint(q_tree, hf_dns_qry_class, tvb, offset, 2, dns_class); 1707 } 1708 1709 offset += 2; 1710 } 1711 1712 if (data_start + used_bytes != offset) { 1713 /* Add expert info ? (about incorrect len...)*/ 1714 } 1715 return used_bytes; 1716 } 1717 1718 1719 static void 1720 add_rr_to_tree(proto_tree *rr_tree, tvbuff_t *tvb, int offset, 1721 const gchar *name, int namelen, int type, 1722 packet_info *pinfo, gboolean is_mdns) 1723 { 1724 guint32 ttl_value; 1725 proto_item *ttl_item; 1726 gchar **srv_rr_info; 1727 1728 if (type == T_SRV && name[0]) { 1729 srv_rr_info = wmem_strsplit(wmem_packet_scope(), name, ".", 3); 1730 1731 proto_tree_add_string(rr_tree, hf_dns_srv_service, tvb, offset, 1732 namelen, srv_rr_info[0]); 1733 1734 if (srv_rr_info[1]) { 1735 proto_tree_add_string(rr_tree, hf_dns_srv_proto, tvb, offset, 1736 namelen, srv_rr_info[1]); 1737 1738 if (srv_rr_info[2]) { 1739 proto_tree_add_string(rr_tree, hf_dns_srv_name, tvb, offset, 1740 namelen, srv_rr_info[2]); 1741 } 1742 } 1743 } else { 1744 proto_tree_add_string(rr_tree, hf_dns_rr_name, tvb, offset, namelen, name); 1745 } 1746 1747 offset += namelen; 1748 1749 proto_tree_add_item(rr_tree, hf_dns_rr_type, tvb, offset, 2, ENC_BIG_ENDIAN); 1750 offset += 2; 1751 if (is_mdns) { 1752 proto_tree_add_item(rr_tree, hf_dns_rr_class_mdns, tvb, offset, 2, ENC_BIG_ENDIAN); 1753 proto_tree_add_item(rr_tree, hf_dns_rr_cache_flush, tvb, offset, 2, ENC_BIG_ENDIAN); 1754 } else { 1755 proto_tree_add_item(rr_tree, hf_dns_rr_class, tvb, offset, 2, ENC_BIG_ENDIAN); 1756 } 1757 offset += 2; 1758 ttl_item = proto_tree_add_item_ret_uint(rr_tree, hf_dns_rr_ttl, tvb, offset, 4, ENC_BIG_ENDIAN, &ttl_value); 1759 proto_item_append_text(ttl_item, " (%s)", unsigned_time_secs_to_str(wmem_packet_scope(), ttl_value)); 1760 if (ttl_value & 0x80000000) { 1761 expert_add_info(pinfo, ttl_item, &ei_ttl_high_bit_set); 1762 } 1763 1764 offset += 4; 1765 proto_tree_add_item(rr_tree, hf_dns_rr_len, tvb, offset, 2, ENC_BIG_ENDIAN); 1766 } 1767 1768 1769 static void 1770 add_opt_rr_to_tree(proto_tree *rr_tree, tvbuff_t *tvb, int offset, 1771 const char *name, int namelen, gboolean is_mdns) 1772 { 1773 proto_tree *Z_tree; 1774 proto_item *Z_item; 1775 1776 proto_tree_add_string(rr_tree, hf_dns_rr_name, tvb, offset, namelen, name); 1777 offset += namelen; 1778 proto_tree_add_item(rr_tree, hf_dns_rr_type, tvb, offset, 2, ENC_BIG_ENDIAN); 1779 offset += 2; 1780 if (is_mdns) { 1781 proto_tree_add_item(rr_tree, hf_dns_rr_udp_payload_size_mdns, tvb, offset, 2, ENC_BIG_ENDIAN); 1782 proto_tree_add_item(rr_tree, hf_dns_rr_cache_flush, tvb, offset, 2, ENC_BIG_ENDIAN); 1783 } else { 1784 proto_tree_add_item(rr_tree, hf_dns_rr_udp_payload_size, tvb, offset, 2, ENC_BIG_ENDIAN); 1785 } 1786 offset += 2; 1787 proto_tree_add_item(rr_tree, hf_dns_rr_ext_rcode, tvb, offset, 1, ENC_BIG_ENDIAN); 1788 offset++; 1789 proto_tree_add_item(rr_tree, hf_dns_rr_edns0_version, tvb, offset, 1, ENC_BIG_ENDIAN); 1790 offset++; 1791 Z_item = proto_tree_add_item(rr_tree, hf_dns_rr_z, tvb, offset, 2, ENC_BIG_ENDIAN); 1792 Z_tree = proto_item_add_subtree(Z_item, ett_dns_rr); 1793 proto_tree_add_item(Z_tree, hf_dns_rr_z_do, tvb, offset, 2, ENC_BIG_ENDIAN); 1794 proto_tree_add_item(Z_tree, hf_dns_rr_z_reserved, tvb, offset, 2, ENC_BIG_ENDIAN); 1795 offset += 2; 1796 proto_tree_add_item(rr_tree, hf_dns_rr_len, tvb, offset, 2, ENC_BIG_ENDIAN); 1797 } 1798 1799 static int 1800 dissect_type_bitmap(proto_tree *rr_tree, tvbuff_t *tvb, int cur_offset, int rr_len) 1801 { 1802 int mask, blockbase, blocksize; 1803 int i, initial_offset, rr_type; 1804 guint8 bits; 1805 1806 initial_offset = cur_offset; 1807 while (rr_len != 0) { 1808 blockbase = tvb_get_guint8(tvb, cur_offset); 1809 blocksize = tvb_get_guint8(tvb, cur_offset + 1); 1810 cur_offset += 2; 1811 rr_len -= 2; 1812 rr_type = blockbase * 256; 1813 for( ; blocksize; blocksize-- ) { 1814 bits = tvb_get_guint8(tvb, cur_offset); 1815 mask = 1<<7; 1816 for (i = 0; i < 8; i++) { 1817 if (bits & mask) { 1818 proto_tree_add_uint_format(rr_tree, hf_dns_rr_type, tvb, cur_offset, 1, rr_type, 1819 "RR type in bit map: %s", 1820 val_to_str_ext(rr_type, &dns_types_description_vals_ext, "Unknown (%d)")); 1821 } 1822 mask >>= 1; 1823 rr_type++; 1824 } 1825 cur_offset += 1; 1826 rr_len -= 1; 1827 } 1828 } 1829 return(initial_offset - cur_offset); 1830 } 1831 1832 static int 1833 dissect_type_bitmap_nxt(proto_tree *rr_tree, tvbuff_t *tvb, int cur_offset, int rr_len) 1834 { 1835 int mask; 1836 int i, initial_offset, rr_type; 1837 guint8 bits; 1838 1839 initial_offset = cur_offset; 1840 rr_type = 0; 1841 while (rr_len != 0) { 1842 bits = tvb_get_guint8(tvb, cur_offset); 1843 mask = 1<<7; 1844 for (i = 0; i < 8; i++) { 1845 if (bits & mask) { 1846 proto_tree_add_uint_format(rr_tree, hf_dns_rr_type, tvb, cur_offset, 1, rr_type, 1847 "RR type in bit map: %s", 1848 val_to_str_ext(rr_type, &dns_types_description_vals_ext, "Unknown (%d)")); 1849 } 1850 mask >>= 1; 1851 rr_type++; 1852 } 1853 cur_offset += 1; 1854 rr_len -= 1; 1855 } 1856 1857 return(initial_offset - cur_offset); 1858 } 1859 /* 1860 * SIG, KEY, and CERT RR algorithms. 1861 * http://www.iana.org/assignments/dns-sec-alg-numbers/dns-sec-alg-numbers.txt (last updated 2017-01-09) 1862 */ 1863 #define DNS_ALGO_RSAMD5 1 /* RSA/MD5 */ 1864 #define DNS_ALGO_DH 2 /* Diffie-Hellman */ 1865 #define DNS_ALGO_DSA 3 /* DSA */ 1866 #define DNS_ALGO_ECC 4 /* Elliptic curve crypto */ 1867 #define DNS_ALGO_RSASHA1 5 /* RSA/SHA1 */ 1868 #define DNS_ALGO_DSA_NSEC3_SHA1 6 /* DSA + NSEC3/SHA1 */ 1869 #define DNS_ALGO_RSASHA1_NSEC3_SHA1 7 /* RSA/SHA1 + NSEC3/SHA1 */ 1870 #define DNS_ALGO_RSASHA256 8 /* RSA/SHA-256 */ 1871 #define DNS_ALGO_RSASHA512 10 /* RSA/SHA-512 */ 1872 #define DNS_ALGO_ECCGOST 12 /* GOST R 34.10-2001 */ 1873 #define DNS_ALGO_ECDSAP256SHA256 13 /* ECDSA Curve P-256 with SHA-256 */ 1874 #define DNS_ALGO_ECDSAP386SHA386 14 /* ECDSA Curve P-386 with SHA-386 */ 1875 #define DNS_ALGO_ED25519 15 /* Ed25519 */ 1876 #define DNS_ALGO_ED448 16 /* Ed448 */ 1877 #define DNS_ALGO_HMACMD5 157 /* HMAC/MD5 */ 1878 #define DNS_ALGO_INDIRECT 252 /* Indirect key */ 1879 #define DNS_ALGO_PRIVATEDNS 253 /* Private, domain name */ 1880 #define DNS_ALGO_PRIVATEOID 254 /* Private, OID */ 1881 1882 static const value_string dnssec_algo_vals[] = { 1883 { DNS_ALGO_RSAMD5, "RSA/MD5" }, 1884 { DNS_ALGO_DH, "Diffie-Hellman" }, 1885 { DNS_ALGO_DSA, "DSA" }, 1886 { DNS_ALGO_ECC, "Elliptic curve crypto" }, 1887 { DNS_ALGO_RSASHA1, "RSA/SHA1" }, 1888 { DNS_ALGO_DSA_NSEC3_SHA1, "DSA + NSEC3/SHA1" }, 1889 { DNS_ALGO_RSASHA1_NSEC3_SHA1,"RSA/SHA1 + NSEC3/SHA1" }, 1890 { DNS_ALGO_RSASHA256, "RSA/SHA-256" }, 1891 { DNS_ALGO_RSASHA512, "RSA/SHA-512" }, 1892 { DNS_ALGO_ECCGOST, "GOST R 34.10-2001" }, 1893 { DNS_ALGO_ECDSAP256SHA256, "ECDSA Curve P-256 with SHA-256" }, 1894 { DNS_ALGO_ECDSAP386SHA386, "ECDSA Curve P-386 with SHA-386" }, 1895 { DNS_ALGO_ED25519, "Ed25519" }, 1896 { DNS_ALGO_ED448, "Ed448" }, 1897 { DNS_ALGO_HMACMD5, "HMAC/MD5" }, 1898 { DNS_ALGO_INDIRECT, "Indirect key" }, 1899 { DNS_ALGO_PRIVATEDNS, "Private, domain name" }, 1900 { DNS_ALGO_PRIVATEOID, "Private, OID" }, 1901 { 0, NULL } 1902 }; 1903 1904 /* 1905 Delegation Signer (DS) Resource Record (RR) Type Digest Algorithms 1906 https://www.iana.org/assignments/ds-rr-types/ds-rr-types.txt (last-updated 2012-04-13) 1907 */ 1908 #define DS_DIGEST_RESERVED 0 1909 #define DS_DIGEST_SHA1 1 /* MANDATORY [RFC3658] */ 1910 #define DS_DIGEST_SHA256 2 /* MANDATORY [RFC4509] */ 1911 #define DS_DIGEST_GOST 3 /* OPTIONAL [RFC5933] */ 1912 #define DS_DIGEST_SHA384 4 /*OPTIONAL [RFC6605] */ 1913 1914 static const value_string dns_ds_digest_vals[] = { 1915 { DS_DIGEST_RESERVED, "Reserved digest" }, 1916 { DS_DIGEST_SHA1, "SHA-1" }, 1917 { DS_DIGEST_SHA256, "SHA-256" }, 1918 { DS_DIGEST_GOST, "GOST R 34.11-94" }, 1919 { DS_DIGEST_SHA384, "SHA-384" }, 1920 { 0, NULL } 1921 }; 1922 /* DNSKEY : RFC4034 */ 1923 #define DNSKEY_FLAGS_ZK 0x0100 1924 #define DNSKEY_FLAGS_KR 0x0080 1925 #define DNSKEY_FLAGS_SEP 0x0001 1926 #define DNSKEY_FLAGS_RSV 0xFE7E 1927 1928 static const true_false_string dns_dnskey_zone_key_tfs = { "This is the zone key for specified zone", "This it not a zone key" }; 1929 1930 /* See RFC 4398 */ 1931 #define DNS_CERT_PKIX 1 /* X509 certificate */ 1932 #define DNS_CERT_SPKI 2 /* Simple public key certificate */ 1933 #define DNS_CERT_PGP 3 /* OpenPGP packet */ 1934 #define DNS_CERT_IPKIX 4 /* Indirect PKIX */ 1935 #define DNS_CERT_ISPKI 5 /* Indirect SPKI */ 1936 #define DNS_CERT_IPGP 6 /* Indirect PGP */ 1937 #define DNS_CERT_ACPKIX 7 /* Attribute certificate */ 1938 #define DNS_CERT_IACPKIX 8 /* Indirect ACPKIX */ 1939 #define DNS_CERT_PRIVATEURI 253 /* Private, URI */ 1940 #define DNS_CERT_PRIVATEOID 254 /* Private, OID */ 1941 1942 static const value_string dns_cert_type_vals[] = { 1943 { DNS_CERT_PKIX, "PKIX" }, 1944 { DNS_CERT_SPKI, "SPKI" }, 1945 { DNS_CERT_PGP, "PGP" }, 1946 { DNS_CERT_IPKIX, "IPKIX" }, 1947 { DNS_CERT_ISPKI, "ISPKI" }, 1948 { DNS_CERT_IPGP, "IPGP" }, 1949 { DNS_CERT_ACPKIX, "ACPKIX" }, 1950 { DNS_CERT_IACPKIX, "IACPKIX" }, 1951 { DNS_CERT_PRIVATEURI, "Private, URI" }, 1952 { DNS_CERT_PRIVATEOID, "Private, OID" }, 1953 { 0, NULL } 1954 }; 1955 1956 /** 1957 * Compute the key id of a KEY RR depending of the algorithm used. 1958 */ 1959 static gboolean 1960 compute_key_id(proto_tree *tree, packet_info *pinfo, tvbuff_t *tvb, int offset, int size, guint8 algo, guint16 *key_id) 1961 { 1962 guint32 ac; 1963 guint8 c1, c2; 1964 1965 if (size < 4) { 1966 proto_item *item; 1967 *key_id = 0; 1968 item = proto_tree_add_expert(tree, pinfo, &ei_dns_key_id_buffer_too_short, tvb, offset, size); 1969 proto_item_set_generated(item); 1970 return FALSE; 1971 } 1972 1973 switch( algo ) { 1974 case DNS_ALGO_RSAMD5: 1975 *key_id = (guint16)(tvb_get_guint8(tvb, offset + size - 3) << 8) + tvb_get_guint8( tvb, offset + size - 2 ); 1976 break; 1977 default: 1978 for (ac = 0; size > 1; size -= 2, offset += 2) { 1979 c1 = tvb_get_guint8( tvb, offset ); 1980 c2 = tvb_get_guint8( tvb, offset + 1 ); 1981 ac += (c1 << 8) + c2 ; 1982 } 1983 if (size > 0) { 1984 c1 = tvb_get_guint8( tvb, offset ); 1985 ac += c1 << 8; 1986 } 1987 ac += (ac >> 16) & 0xffff; 1988 *key_id = (guint16)(ac & 0xffff); 1989 break; 1990 } 1991 return TRUE; 1992 } 1993 1994 /* Dissect a SvbParam where the presentation format of the value is base64. */ 1995 static void 1996 dissect_dns_svcparam_base64(proto_tree *param_tree, proto_item *param_item, int hf_id, tvbuff_t *tvb, int offset, guint length) 1997 { 1998 gchar *str = g_base64_encode((guint8 *)tvb_memdup(wmem_packet_scope(), tvb, offset, length), length); 1999 proto_tree_add_bytes_format_value(param_tree, hf_id, tvb, offset, length, NULL, "%s", str); 2000 proto_item_append_text(param_item, "=%s", str); 2001 g_free(str); 2002 } 2003 2004 2005 static int 2006 dissect_dns_answer(tvbuff_t *tvb, int offsetx, int dns_data_offset, 2007 proto_tree *dns_tree, packet_info *pinfo, 2008 gboolean is_mdns) 2009 { 2010 const gchar *name; 2011 gchar *name_out; 2012 int name_len; 2013 guint16 dns_type; 2014 guint16 dns_class; 2015 int flush; 2016 const char *class_name; 2017 const char *type_name; 2018 int data_offset; 2019 int cur_offset; 2020 int data_start; 2021 gushort data_len; 2022 proto_tree *rr_tree = NULL; 2023 proto_item *trr = NULL; 2024 guint used_bytes; 2025 2026 data_start = data_offset = offsetx; 2027 cur_offset = offsetx; 2028 2029 used_bytes = get_dns_name_type_class(tvb, offsetx, dns_data_offset, &name, &name_len, 2030 &dns_type, &dns_class); 2031 2032 /* The offset if the total used bytes minus 2 bytes for qtype and 2 bytes for qclass */ 2033 data_offset += used_bytes; 2034 cur_offset += used_bytes; 2035 if (is_mdns) { 2036 /* Split the FLUSH flag and the class */ 2037 flush = dns_class & C_FLUSH; 2038 dns_class &= ~C_FLUSH; 2039 } else { 2040 flush = 0; 2041 } 2042 type_name = val_to_str_ext(dns_type, &dns_types_vals_ext, "Unknown (%d)"); 2043 class_name = val_to_str_const(dns_class, dns_classes, "Unknown"); 2044 2045 data_offset += 4; 2046 cur_offset += 4; 2047 2048 data_len = tvb_get_ntohs(tvb, data_offset); 2049 2050 data_offset += 2; 2051 cur_offset += 2; 2052 2053 col_append_fstr(pinfo->cinfo, COL_INFO, " %s", type_name); 2054 if (is_mdns && flush) { 2055 col_append_str(pinfo->cinfo, COL_INFO, ", cache flush"); 2056 } 2057 2058 if (dns_tree != NULL) { 2059 /* 2060 * The name might contain octets that aren't printable characters, 2061 * format it for display. 2062 */ 2063 name_out = format_text(wmem_packet_scope(), (const guchar*)name, name_len); 2064 if (dns_type != T_OPT) { 2065 rr_tree = proto_tree_add_subtree_format(dns_tree, tvb, offsetx, 2066 (data_offset - data_start) + data_len, 2067 ett_dns_rr, &trr, "%s: type %s, class %s", 2068 name_out, type_name, class_name); 2069 add_rr_to_tree(rr_tree, tvb, offsetx, name_out, used_bytes - 4, 2070 dns_type, pinfo, is_mdns); 2071 } else { 2072 rr_tree = proto_tree_add_subtree_format(dns_tree, tvb, offsetx, 2073 (data_offset - data_start) + data_len, 2074 ett_dns_rr, &trr, "%s: type %s", name_out, type_name); 2075 add_opt_rr_to_tree(rr_tree, tvb, offsetx, name_out, used_bytes - 4, is_mdns); 2076 } 2077 if (is_mdns && flush) { 2078 proto_item_append_text(trr, ", cache flush"); 2079 } 2080 } 2081 2082 if (data_len == 0) { 2083 return data_offset - data_start; 2084 } 2085 2086 switch (dns_type) { 2087 2088 case T_A: /* a host Address (1) */ 2089 { 2090 const char *addr; 2091 2092 addr = tvb_ip_to_str(pinfo->pool, tvb, cur_offset); 2093 col_append_fstr(pinfo->cinfo, COL_INFO, " %s", addr); 2094 2095 proto_item_append_text(trr, ", addr %s", addr); 2096 proto_tree_add_item(rr_tree, hf_dns_a, tvb, cur_offset, 4, ENC_BIG_ENDIAN); 2097 2098 if (gbl_resolv_flags.dns_pkt_addr_resolution && (dns_class & 0x7f) == C_IN && 2099 !PINFO_FD_VISITED(pinfo)) { 2100 guint32 addr_int; 2101 tvb_memcpy(tvb, &addr_int, cur_offset, sizeof(addr_int)); 2102 add_ipv4_name(addr_int, name); 2103 } 2104 } 2105 break; 2106 2107 case T_NS: /* an authoritative Name Server (2) */ 2108 { 2109 const gchar *ns_name; 2110 int ns_name_len; 2111 2112 used_bytes = get_dns_name(tvb, cur_offset, 0, dns_data_offset, &ns_name, &ns_name_len); 2113 name_out = format_text(wmem_packet_scope(), (const guchar*)ns_name, ns_name_len); 2114 col_append_fstr(pinfo->cinfo, COL_INFO, " %s", name_out); 2115 proto_item_append_text(trr, ", ns %s", name_out); 2116 proto_tree_add_string(rr_tree, hf_dns_ns, tvb, cur_offset, used_bytes, name_out); 2117 2118 } 2119 break; 2120 2121 case T_MD: /* Mail Destination (3) */ 2122 { 2123 int hostname_len; 2124 const gchar *hostname_str; 2125 2126 col_append_fstr(pinfo->cinfo, COL_INFO, " %s", name); 2127 2128 used_bytes = get_dns_name(tvb, cur_offset, 0, dns_data_offset, &hostname_str, &hostname_len); 2129 name_out = format_text(wmem_packet_scope(), (const guchar*)hostname_str, hostname_len); 2130 proto_tree_add_string(rr_tree, hf_dns_md, tvb, cur_offset, used_bytes, name_out); 2131 } 2132 break; 2133 2134 case T_MF: /* Mail Forwader (4) */ 2135 { 2136 int hostname_len; 2137 const gchar *hostname_str; 2138 2139 col_append_fstr(pinfo->cinfo, COL_INFO, " %s", name); 2140 2141 used_bytes = get_dns_name(tvb, cur_offset, 0, dns_data_offset, &hostname_str, &hostname_len); 2142 name_out = format_text(wmem_packet_scope(), (const guchar*)hostname_str, hostname_len); 2143 proto_tree_add_string(rr_tree, hf_dns_mf, tvb, cur_offset, used_bytes, name_out); 2144 } 2145 break; 2146 2147 case T_CNAME: /* the Canonical NAME for an alias (5) */ 2148 { 2149 const gchar *cname; 2150 int cname_len; 2151 2152 used_bytes = get_dns_name(tvb, cur_offset, 0, dns_data_offset, &cname, &cname_len); 2153 name_out = format_text(wmem_packet_scope(), (const guchar*)cname, cname_len); 2154 col_append_fstr(pinfo->cinfo, COL_INFO, " %s", name_out); 2155 proto_item_append_text(trr, ", cname %s", name_out); 2156 proto_tree_add_string(rr_tree, hf_dns_cname, tvb, cur_offset, used_bytes, name_out); 2157 2158 } 2159 break; 2160 2161 case T_SOA: /* Start Of Authority zone (6) */ 2162 { 2163 const gchar *mname; 2164 int mname_len; 2165 const gchar *rname; 2166 int rname_len; 2167 proto_item *ti_soa; 2168 2169 used_bytes = get_dns_name(tvb, cur_offset, 0, dns_data_offset, &mname, &mname_len); 2170 name_out = format_text(wmem_packet_scope(), (const guchar*)mname, mname_len); 2171 col_append_fstr(pinfo->cinfo, COL_INFO, " %s", name_out); 2172 proto_item_append_text(trr, ", mname %s", name_out); 2173 proto_tree_add_string(rr_tree, hf_dns_soa_mname, tvb, cur_offset, used_bytes, name_out); 2174 cur_offset += used_bytes; 2175 2176 used_bytes = get_dns_name(tvb, cur_offset, 0, dns_data_offset, &rname, &rname_len); 2177 name_out = format_text(wmem_packet_scope(), (const guchar*)rname, rname_len); 2178 proto_tree_add_string(rr_tree, hf_dns_soa_rname, tvb, cur_offset, used_bytes, name_out); 2179 cur_offset += used_bytes; 2180 2181 proto_tree_add_item(rr_tree, hf_dns_soa_serial_number, tvb, cur_offset, 4, ENC_BIG_ENDIAN); 2182 cur_offset += 4; 2183 2184 ti_soa = proto_tree_add_item(rr_tree, hf_dns_soa_refresh_interval, tvb, cur_offset, 4, ENC_BIG_ENDIAN); 2185 proto_item_append_text(ti_soa, " (%s)", unsigned_time_secs_to_str(wmem_packet_scope(), tvb_get_ntohl(tvb, cur_offset))); 2186 cur_offset += 4; 2187 2188 ti_soa = proto_tree_add_item(rr_tree, hf_dns_soa_retry_interval, tvb, cur_offset, 4, ENC_BIG_ENDIAN); 2189 proto_item_append_text(ti_soa, " (%s)", unsigned_time_secs_to_str(wmem_packet_scope(), tvb_get_ntohl(tvb, cur_offset))); 2190 cur_offset += 4; 2191 2192 ti_soa = proto_tree_add_item(rr_tree, hf_dns_soa_expire_limit, tvb, cur_offset, 4, ENC_BIG_ENDIAN); 2193 proto_item_append_text(ti_soa, " (%s)", unsigned_time_secs_to_str(wmem_packet_scope(), tvb_get_ntohl(tvb, cur_offset))); 2194 cur_offset += 4; 2195 2196 ti_soa = proto_tree_add_item(rr_tree, hf_dns_soa_minimum_ttl, tvb, cur_offset, 4, ENC_BIG_ENDIAN); 2197 proto_item_append_text(ti_soa, " (%s)", unsigned_time_secs_to_str(wmem_packet_scope(), tvb_get_ntohl(tvb, cur_offset))); 2198 } 2199 break; 2200 2201 case T_MB: /* MailBox domain (7) */ 2202 { 2203 int hostname_len; 2204 const gchar *hostname_str; 2205 2206 col_append_fstr(pinfo->cinfo, COL_INFO, " %s", name); 2207 2208 used_bytes = get_dns_name(tvb, cur_offset, 0, dns_data_offset, &hostname_str, &hostname_len); 2209 name_out = format_text(wmem_packet_scope(), (const guchar*)hostname_str, hostname_len); 2210 proto_tree_add_string(rr_tree, hf_dns_mb, tvb, cur_offset, used_bytes, name_out); 2211 } 2212 break; 2213 2214 case T_MG: /* Mail Group member (8) */ 2215 { 2216 int hostname_len; 2217 const gchar *hostname_str; 2218 2219 col_append_fstr(pinfo->cinfo, COL_INFO, " %s", name); 2220 2221 used_bytes = get_dns_name(tvb, cur_offset, 0, dns_data_offset, &hostname_str, &hostname_len); 2222 name_out = format_text(wmem_packet_scope(), (const guchar*)hostname_str, hostname_len); 2223 proto_tree_add_string(rr_tree, hf_dns_mg, tvb, cur_offset, used_bytes, name_out); 2224 } 2225 break; 2226 2227 case T_MR: /* Mail Rename domain (9) */ 2228 { 2229 int hostname_len; 2230 const gchar *hostname_str; 2231 2232 col_append_fstr(pinfo->cinfo, COL_INFO, " %s", name); 2233 2234 used_bytes = get_dns_name(tvb, cur_offset, 0, dns_data_offset, &hostname_str, &hostname_len); 2235 name_out = format_text(wmem_packet_scope(), (const guchar*)hostname_str, hostname_len); 2236 proto_tree_add_string(rr_tree, hf_dns_mr, tvb, cur_offset, used_bytes, name_out); 2237 } 2238 break; 2239 2240 case T_NULL: /* Null (10) */ 2241 { 2242 col_append_fstr(pinfo->cinfo, COL_INFO, " %s", name); 2243 proto_tree_add_item(rr_tree, hf_dns_null, tvb, cur_offset, data_len, ENC_NA); 2244 } 2245 break; 2246 2247 case T_WKS: /* Well Known Service (11) */ 2248 { 2249 int rr_len = data_len; 2250 const char *wks_addr; 2251 guint8 protocol; 2252 guint8 bits; 2253 int mask; 2254 int port_num; 2255 int i; 2256 proto_item *ti_wks; 2257 wmem_strbuf_t *bitnames = wmem_strbuf_new_label(wmem_packet_scope()); 2258 2259 wks_addr = tvb_ip_to_str(pinfo->pool, tvb, cur_offset); 2260 col_append_fstr(pinfo->cinfo, COL_INFO, " %s", wks_addr); 2261 proto_item_append_text(trr, ", addr %s", wks_addr); 2262 proto_tree_add_item(rr_tree, hf_dns_wks_address, tvb, cur_offset, 4, ENC_BIG_ENDIAN); 2263 cur_offset += 4; 2264 rr_len -= 4; 2265 2266 proto_tree_add_item(rr_tree, hf_dns_wks_protocol, tvb, cur_offset, 1, ENC_BIG_ENDIAN); 2267 protocol = tvb_get_guint8(tvb, cur_offset); 2268 cur_offset += 1; 2269 rr_len -= 1; 2270 2271 port_num = 0; 2272 while (rr_len != 0) { 2273 bits = tvb_get_guint8(tvb, cur_offset); 2274 if (bits != 0) { 2275 mask = 1<<7; 2276 wmem_strbuf_truncate(bitnames, 0); 2277 for (i = 0; i < 8; i++) { 2278 if (bits & mask) { 2279 if (wmem_strbuf_get_len(bitnames) > 0) { 2280 wmem_strbuf_append(bitnames, ", "); 2281 } 2282 switch (protocol) { 2283 2284 case IP_PROTO_TCP: 2285 wmem_strbuf_append(bitnames, tcp_port_to_display(wmem_packet_scope(), port_num)); 2286 break; 2287 2288 case IP_PROTO_UDP: 2289 wmem_strbuf_append(bitnames, udp_port_to_display(wmem_packet_scope(), port_num)); 2290 break; 2291 2292 default: 2293 wmem_strbuf_append_printf(bitnames, "%u", port_num); 2294 break; 2295 } 2296 } 2297 mask >>= 1; 2298 port_num++; 2299 } 2300 2301 ti_wks = proto_tree_add_item(rr_tree, hf_dns_wks_bits, tvb, cur_offset, 1, ENC_BIG_ENDIAN); 2302 proto_item_append_text(ti_wks, " (%s)", wmem_strbuf_get_str(bitnames)); 2303 } else { 2304 port_num += 8; 2305 } 2306 cur_offset += 1; 2307 rr_len -= 1; 2308 } 2309 } 2310 break; 2311 2312 case T_PTR: /* Domain Name Pointer (12) */ 2313 { 2314 const gchar *pname; 2315 int pname_len; 2316 2317 used_bytes = get_dns_name(tvb, cur_offset, 0, dns_data_offset, &pname, &pname_len); 2318 name_out = format_text(wmem_packet_scope(), (const guchar*)pname, pname_len); 2319 col_append_fstr(pinfo->cinfo, COL_INFO, " %s", name_out); 2320 proto_item_append_text(trr, ", %s", name_out); 2321 proto_tree_add_string(rr_tree, hf_dns_ptr_domain_name, tvb, cur_offset, used_bytes, name_out); 2322 2323 } 2324 break; 2325 2326 case T_HINFO: /* Host Information (13) */ 2327 { 2328 int cpu_offset; 2329 int cpu_len; 2330 const char *cpu; 2331 int os_offset; 2332 int os_len; 2333 const char *os; 2334 2335 cpu_offset = cur_offset; 2336 cpu_len = tvb_get_guint8(tvb, cpu_offset); 2337 cpu = (const char* )tvb_get_string_enc(wmem_packet_scope(), tvb, cpu_offset + 1, cpu_len, ENC_ASCII|ENC_NA); 2338 os_offset = cpu_offset + 1 + cpu_len; 2339 os_len = tvb_get_guint8(tvb, os_offset); 2340 os = (const char*)tvb_get_string_enc(wmem_packet_scope(), tvb, os_offset + 1, os_len, ENC_ASCII|ENC_NA); 2341 col_append_fstr(pinfo->cinfo, COL_INFO, " %.*s %.*s", cpu_len, cpu, os_len, os); 2342 proto_item_append_text(trr, ", CPU %.*s, OS %.*s", cpu_len, cpu, os_len, os); 2343 2344 proto_tree_add_item(rr_tree, hf_dns_hinfo_cpu_length, tvb, cur_offset, 1, ENC_BIG_ENDIAN); 2345 cur_offset += 1; 2346 proto_tree_add_item(rr_tree, hf_dns_hinfo_cpu, tvb, cur_offset, cpu_len, ENC_ASCII|ENC_NA); 2347 cur_offset += cpu_len; 2348 2349 proto_tree_add_item(rr_tree, hf_dns_hinfo_os_length, tvb, cur_offset, 1, ENC_BIG_ENDIAN); 2350 cur_offset += 1; 2351 proto_tree_add_item(rr_tree, hf_dns_hinfo_os, tvb, cur_offset, os_len, ENC_ASCII|ENC_NA); 2352 /* cur_offset += os_len;*/ 2353 } 2354 break; 2355 2356 case T_MINFO: /* Mailbox or Mail list INFOrmation (14) */ 2357 { 2358 int rmailbx_len, emailbx_len; 2359 const gchar *rmailbx_str, *emailbx_str; 2360 2361 col_append_fstr(pinfo->cinfo, COL_INFO, " %s", name); 2362 2363 used_bytes = get_dns_name(tvb, cur_offset, 0, dns_data_offset, &rmailbx_str, &rmailbx_len); 2364 name_out = format_text(wmem_packet_scope(), (const guchar*)rmailbx_str, rmailbx_len); 2365 proto_tree_add_string(rr_tree, hf_dns_minfo_r_mailbox, tvb, cur_offset, used_bytes, name_out); 2366 cur_offset += used_bytes; 2367 2368 used_bytes = get_dns_name(tvb, cur_offset, 0, dns_data_offset, &emailbx_str, &emailbx_len); 2369 name_out = format_text(wmem_packet_scope(), (const guchar*)emailbx_str, emailbx_len); 2370 proto_tree_add_string(rr_tree, hf_dns_minfo_e_mailbox, tvb, cur_offset, used_bytes, name_out); 2371 } 2372 break; 2373 2374 case T_MX: /* Mail eXchange (15) */ 2375 { 2376 guint16 preference = 0; 2377 const gchar *mx_name; 2378 int mx_name_len; 2379 2380 preference = tvb_get_ntohs(tvb, cur_offset); 2381 2382 used_bytes = get_dns_name(tvb, cur_offset + 2, 0, dns_data_offset, &mx_name, &mx_name_len); 2383 name_out = format_text(wmem_packet_scope(), (const guchar*)mx_name, mx_name_len); 2384 col_append_fstr(pinfo->cinfo, COL_INFO, " %u %s", preference, name_out); 2385 proto_item_append_text(trr, ", preference %u, mx %s", 2386 preference, name_out); 2387 proto_tree_add_item(rr_tree, hf_dns_mx_preference, tvb, cur_offset, 2, ENC_BIG_ENDIAN); 2388 cur_offset += 2; 2389 proto_tree_add_string(rr_tree, hf_dns_mx_mail_exchange, tvb, cur_offset, used_bytes, name_out); 2390 /* cur_offset += used_bytes; */ 2391 } 2392 break; 2393 2394 case T_TXT: /* TeXT strings (16) */ 2395 { 2396 int rr_len = data_len; 2397 int txt_offset; 2398 int txt_len; 2399 2400 txt_offset = cur_offset; 2401 while (rr_len != 0) { 2402 txt_len = tvb_get_guint8(tvb, txt_offset); 2403 proto_tree_add_item(rr_tree, hf_dns_txt_length, tvb, txt_offset, 1, ENC_BIG_ENDIAN); 2404 txt_offset += 1; 2405 rr_len -= 1; 2406 proto_tree_add_item(rr_tree, hf_dns_txt, tvb, txt_offset, txt_len, is_mdns ? ENC_UTF_8|ENC_NA : ENC_ASCII|ENC_NA); 2407 txt_offset += txt_len; 2408 rr_len -= txt_len; 2409 } 2410 } 2411 break; 2412 2413 case T_RP: /* Responsible Person (17) */ 2414 { 2415 int mbox_dname_len, txt_dname_len; 2416 const gchar *mbox_dname, *txt_dname; 2417 2418 col_append_fstr(pinfo->cinfo, COL_INFO, " %s", name); 2419 2420 used_bytes = get_dns_name(tvb, cur_offset, 0, dns_data_offset, &mbox_dname, &mbox_dname_len); 2421 name_out = format_text(wmem_packet_scope(), (const guchar*)mbox_dname, mbox_dname_len); 2422 proto_tree_add_string(rr_tree, hf_dns_rp_mailbox, tvb, cur_offset, used_bytes, name_out); 2423 cur_offset += used_bytes; 2424 2425 used_bytes = get_dns_name(tvb, cur_offset, 0, dns_data_offset, &txt_dname, &txt_dname_len); 2426 name_out = format_text(wmem_packet_scope(), (const guchar*)txt_dname, txt_dname_len); 2427 proto_tree_add_string(rr_tree, hf_dns_rp_txt_rr, tvb, cur_offset, used_bytes, name_out); 2428 } 2429 break; 2430 2431 case T_AFSDB: /* AFS data base location (18) */ 2432 { 2433 const gchar *host_name; 2434 int host_name_len; 2435 2436 col_append_fstr(pinfo->cinfo, COL_INFO, " %s", name); 2437 2438 used_bytes = get_dns_name(tvb, cur_offset + 2, 0, dns_data_offset, &host_name, &host_name_len); 2439 name_out = format_text(wmem_packet_scope(), (const guchar*)host_name, host_name_len); 2440 2441 proto_tree_add_item(rr_tree, hf_dns_afsdb_subtype, tvb, cur_offset, 2, ENC_BIG_ENDIAN); 2442 cur_offset += 2; 2443 2444 proto_tree_add_string(rr_tree, hf_dns_afsdb_hostname, tvb, cur_offset, used_bytes, name_out); 2445 } 2446 break; 2447 2448 case T_X25: /* X.25 address (19) */ 2449 { 2450 guint8 x25_len; 2451 2452 col_append_fstr(pinfo->cinfo, COL_INFO, " %s", name); 2453 2454 proto_tree_add_item(rr_tree, hf_dns_x25_length, tvb, cur_offset, 1, ENC_BIG_ENDIAN); 2455 x25_len = tvb_get_guint8(tvb, cur_offset); 2456 cur_offset += 1; 2457 2458 proto_tree_add_item(rr_tree, hf_dns_x25_psdn_address, tvb, cur_offset, x25_len, ENC_ASCII|ENC_NA); 2459 /*cur_offset += x25_len;*/ 2460 } 2461 break; 2462 2463 case T_ISDN: /* ISDN address (20) */ 2464 { 2465 guint8 isdn_address_len, isdn_sa_len; 2466 int rr_len = data_len; 2467 2468 col_append_fstr(pinfo->cinfo, COL_INFO, " %s", name); 2469 2470 proto_tree_add_item(rr_tree, hf_dns_isdn_length, tvb, cur_offset, 1, ENC_BIG_ENDIAN); 2471 isdn_address_len = tvb_get_guint8(tvb, cur_offset); 2472 cur_offset += 1; 2473 rr_len -= 1; 2474 2475 proto_tree_add_item(rr_tree, hf_dns_isdn_address, tvb, cur_offset, isdn_address_len, ENC_ASCII|ENC_NA); 2476 cur_offset += isdn_address_len; 2477 rr_len -= isdn_address_len; 2478 2479 if (rr_len > 1) /* ISDN SA is optional */ { 2480 proto_tree_add_item(rr_tree, hf_dns_isdn_sa_length, tvb, cur_offset, 1, ENC_BIG_ENDIAN); 2481 isdn_sa_len = tvb_get_guint8(tvb, cur_offset); 2482 cur_offset += 1; 2483 2484 proto_tree_add_item(rr_tree, hf_dns_isdn_sa, tvb, cur_offset, isdn_sa_len, ENC_ASCII|ENC_NA); 2485 } 2486 } 2487 break; 2488 2489 case T_RT: /* Route-Through (21) */ 2490 { 2491 const gchar *host_name; 2492 int host_name_len; 2493 2494 col_append_fstr(pinfo->cinfo, COL_INFO, " %s", name); 2495 2496 used_bytes = get_dns_name(tvb, cur_offset + 2, 0, dns_data_offset, &host_name, &host_name_len); 2497 name_out = format_text(wmem_packet_scope(), (const guchar*)host_name, host_name_len); 2498 2499 proto_tree_add_item(rr_tree, hf_dns_rt_preference, tvb, cur_offset, 2, ENC_BIG_ENDIAN); 2500 cur_offset += 2; 2501 2502 proto_tree_add_string(rr_tree, hf_dns_rt_intermediate_host, tvb, cur_offset, used_bytes, name_out); 2503 } 2504 break; 2505 2506 case T_NSAP: /* for NSAP address, NSAP style A record (22) */ 2507 { 2508 col_append_fstr(pinfo->cinfo, COL_INFO, " %s", name); 2509 proto_tree_add_item(rr_tree, hf_dns_nsap_rdata, tvb, cur_offset, data_len, ENC_NA); 2510 } 2511 break; 2512 2513 case T_NSAP_PTR: /* for domain name pointer, NSAP style (23) */ 2514 { 2515 int nsap_ptr_owner_len; 2516 const gchar *nsap_ptr_owner; 2517 2518 col_append_fstr(pinfo->cinfo, COL_INFO, " %s", name); 2519 2520 used_bytes = get_dns_name(tvb, cur_offset, 0, dns_data_offset, &nsap_ptr_owner, &nsap_ptr_owner_len); 2521 name_out = format_text(wmem_packet_scope(), (const guchar*)nsap_ptr_owner, nsap_ptr_owner_len); 2522 proto_tree_add_string(rr_tree, hf_dns_nsap_ptr_owner, tvb, cur_offset, used_bytes, name_out); 2523 } 2524 break; 2525 2526 2527 case T_KEY: /* Public Key (25) */ 2528 { 2529 int rr_len = data_len; 2530 guint16 flags; 2531 proto_item *tf, *ti_gen; 2532 proto_tree *flags_tree; 2533 guint8 algo; 2534 guint16 key_id; 2535 2536 tf = proto_tree_add_item(rr_tree, hf_dns_key_flags, tvb, cur_offset, 2, ENC_BIG_ENDIAN); 2537 flags_tree = proto_item_add_subtree(tf, ett_key_flags); 2538 flags = tvb_get_ntohs(tvb, cur_offset); 2539 2540 proto_tree_add_item(flags_tree, hf_dns_key_flags_authentication, tvb, cur_offset, 2, ENC_BIG_ENDIAN); 2541 proto_tree_add_item(flags_tree, hf_dns_key_flags_confidentiality, tvb, cur_offset, 2, ENC_BIG_ENDIAN); 2542 if ((flags & 0xC000) != 0xC000) { 2543 /* We have a key */ 2544 proto_tree_add_item(flags_tree, hf_dns_key_flags_key_required, tvb, cur_offset, 2, ENC_BIG_ENDIAN); 2545 proto_tree_add_item(flags_tree, hf_dns_key_flags_associated_user, tvb, cur_offset, 2, ENC_BIG_ENDIAN); 2546 proto_tree_add_item(flags_tree, hf_dns_key_flags_associated_named_entity, tvb, cur_offset, 2, ENC_BIG_ENDIAN); 2547 proto_tree_add_item(flags_tree, hf_dns_key_flags_ipsec, tvb, cur_offset, 2, ENC_BIG_ENDIAN); 2548 proto_tree_add_item(flags_tree, hf_dns_key_flags_mime, tvb, cur_offset, 2, ENC_BIG_ENDIAN); 2549 proto_tree_add_item(flags_tree, hf_dns_key_flags_signatory, tvb, cur_offset, 2, ENC_BIG_ENDIAN); 2550 } 2551 cur_offset += 2; 2552 rr_len -= 2; 2553 2554 proto_tree_add_item(rr_tree, hf_dns_key_protocol, tvb, cur_offset, 1, ENC_BIG_ENDIAN); 2555 cur_offset += 1; 2556 rr_len -= 1; 2557 2558 proto_tree_add_item(rr_tree, hf_dns_key_algorithm, tvb, cur_offset, 1, ENC_BIG_ENDIAN); 2559 algo = tvb_get_guint8(tvb, cur_offset); 2560 cur_offset += 1; 2561 rr_len -= 1; 2562 2563 if (compute_key_id(rr_tree, pinfo, tvb, cur_offset-4, rr_len+4, algo, &key_id)) { 2564 ti_gen = proto_tree_add_uint(rr_tree, hf_dns_key_key_id, tvb, 0, 0, key_id); 2565 proto_item_set_generated(ti_gen); 2566 } 2567 2568 if (rr_len != 0) { 2569 proto_tree_add_item(rr_tree, hf_dns_key_public_key, tvb, cur_offset, rr_len, ENC_NA); 2570 } 2571 } 2572 break; 2573 2574 case T_PX: /* Pointer to X.400/RFC822 mapping info (26)*/ 2575 { 2576 gint px_map822_len, px_mapx400_len; 2577 const gchar *px_map822_dnsname, *px_mapx400_dnsname; 2578 2579 col_append_fstr(pinfo->cinfo, COL_INFO, " %s", name); 2580 proto_tree_add_item(rr_tree, hf_dns_px_preference, tvb, cur_offset, 2, ENC_BIG_ENDIAN); 2581 cur_offset += 2; 2582 2583 used_bytes = get_dns_name(tvb, cur_offset, 0, dns_data_offset, &px_map822_dnsname, &px_map822_len); 2584 name_out = format_text(wmem_packet_scope(), (const guchar*)px_map822_dnsname, px_map822_len); 2585 proto_tree_add_string(rr_tree, hf_dns_px_map822, tvb, cur_offset, used_bytes, name_out); 2586 cur_offset += used_bytes; 2587 2588 used_bytes = get_dns_name(tvb, cur_offset, 0, dns_data_offset, &px_mapx400_dnsname, &px_mapx400_len); 2589 name_out = format_text(wmem_packet_scope(), (const guchar*)px_mapx400_dnsname, px_mapx400_len); 2590 proto_tree_add_string(rr_tree, hf_dns_px_mapx400, tvb, cur_offset, used_bytes, name_out); 2591 /*cur_offset += used_bytes;*/ 2592 } 2593 break; 2594 2595 case T_GPOS: /* Geographical POSition (27) */ 2596 { 2597 guint8 long_len, lat_len, alt_len; 2598 2599 col_append_fstr(pinfo->cinfo, COL_INFO, " %s", name); 2600 proto_tree_add_item(rr_tree, hf_dns_gpos_longitude_length, tvb, cur_offset, 1, ENC_BIG_ENDIAN); 2601 long_len = tvb_get_guint8(tvb, cur_offset); 2602 cur_offset += 1; 2603 2604 proto_tree_add_item(rr_tree, hf_dns_gpos_longitude, tvb, cur_offset, long_len, ENC_ASCII|ENC_NA); 2605 cur_offset += long_len; 2606 2607 proto_tree_add_item(rr_tree, hf_dns_gpos_latitude_length, tvb, cur_offset, 1, ENC_BIG_ENDIAN); 2608 lat_len = tvb_get_guint8(tvb, cur_offset); 2609 cur_offset += 1; 2610 2611 proto_tree_add_item(rr_tree, hf_dns_gpos_latitude, tvb, cur_offset, lat_len, ENC_ASCII|ENC_NA); 2612 cur_offset += lat_len; 2613 2614 proto_tree_add_item(rr_tree, hf_dns_gpos_altitude_length, tvb, cur_offset, 1, ENC_BIG_ENDIAN); 2615 alt_len = tvb_get_guint8(tvb, cur_offset); 2616 cur_offset += 1; 2617 2618 proto_tree_add_item(rr_tree, hf_dns_gpos_altitude, tvb, cur_offset, alt_len, ENC_ASCII|ENC_NA); 2619 /*cur_offset += alt_len;*/ 2620 } 2621 break; 2622 2623 case T_AAAA: /* IPv6 Address (28) */ 2624 { 2625 const char *addr6; 2626 2627 addr6 = tvb_ip6_to_str(pinfo->pool, tvb, cur_offset); 2628 col_append_fstr(pinfo->cinfo, COL_INFO, " %s", addr6); 2629 2630 proto_item_append_text(trr, ", addr %s", addr6); 2631 proto_tree_add_item(rr_tree, hf_dns_aaaa, tvb, cur_offset, 16, ENC_NA); 2632 2633 if (gbl_resolv_flags.dns_pkt_addr_resolution && (dns_class & 0x7f) == C_IN && 2634 !PINFO_FD_VISITED(pinfo)) { 2635 ws_in6_addr addr_in6; 2636 tvb_memcpy(tvb, &addr_in6, cur_offset, sizeof(addr_in6)); 2637 add_ipv6_name(&addr_in6, name); 2638 } 2639 } 2640 break; 2641 2642 case T_LOC: /* Geographical Location (29) */ 2643 { 2644 guint8 version; 2645 proto_item *ti; 2646 2647 version = tvb_get_guint8(tvb, cur_offset); 2648 proto_tree_add_item(rr_tree, hf_dns_loc_version, tvb, cur_offset, 1, ENC_BIG_ENDIAN); 2649 if (version == 0) { 2650 /* Version 0, the only version RFC 1876 discusses. */ 2651 cur_offset++; 2652 2653 ti = proto_tree_add_item(rr_tree, hf_dns_loc_size, tvb, cur_offset, 1, ENC_BIG_ENDIAN); 2654 proto_item_append_text(ti, " (%g m)", rfc1867_size(tvb, cur_offset)); 2655 cur_offset++; 2656 2657 ti = proto_tree_add_item(rr_tree, hf_dns_loc_horizontal_precision, tvb, cur_offset, 1, ENC_BIG_ENDIAN); 2658 proto_item_append_text(ti, " (%g m)", rfc1867_size(tvb, cur_offset)); 2659 cur_offset++; 2660 2661 ti = proto_tree_add_item(rr_tree, hf_dns_loc_vertical_precision, tvb, cur_offset, 1, ENC_BIG_ENDIAN); 2662 proto_item_append_text(ti, " (%g m)", rfc1867_size(tvb, cur_offset)); 2663 cur_offset++; 2664 2665 ti = proto_tree_add_item(rr_tree, hf_dns_loc_latitude, tvb, cur_offset, 4, ENC_BIG_ENDIAN); 2666 proto_item_append_text(ti, " (%s)", rfc1867_angle(tvb, cur_offset, FALSE)); 2667 cur_offset += 4; 2668 2669 ti = proto_tree_add_item(rr_tree, hf_dns_loc_longitude, tvb, cur_offset, 4, ENC_BIG_ENDIAN); 2670 proto_item_append_text(ti, " (%s)", rfc1867_angle(tvb, cur_offset, TRUE)); 2671 cur_offset += 4; 2672 2673 ti = proto_tree_add_item(rr_tree, hf_dns_loc_altitude, tvb, cur_offset, 4, ENC_BIG_ENDIAN); 2674 proto_item_append_text(ti, " (%g m)", (tvb_get_ntohil(tvb, cur_offset) - 10000000)/100.0); 2675 } else { 2676 proto_tree_add_item(rr_tree, hf_dns_loc_unknown_data, tvb, cur_offset, data_len, ENC_NA); 2677 } 2678 } 2679 break; 2680 2681 case T_NXT: /* Next name (30) */ 2682 { 2683 int rr_len = data_len; 2684 const gchar *next_domain_name; 2685 int next_domain_name_len; 2686 2687 used_bytes = get_dns_name(tvb, cur_offset, 0, dns_data_offset, 2688 &next_domain_name, &next_domain_name_len); 2689 name_out = format_text(wmem_packet_scope(), (const guchar*)next_domain_name, next_domain_name_len); 2690 col_append_fstr(pinfo->cinfo, COL_INFO, " %s", name_out); 2691 proto_item_append_text(trr, ", next domain name %s", name_out); 2692 proto_tree_add_string(rr_tree, hf_dns_nxt_next_domain_name, tvb, cur_offset, used_bytes, name_out); 2693 cur_offset += used_bytes; 2694 rr_len -= used_bytes; 2695 dissect_type_bitmap_nxt(rr_tree, tvb, cur_offset, rr_len); 2696 } 2697 break; 2698 2699 case T_SRV: /* Service Location (33) */ 2700 { 2701 guint16 priority = 0; 2702 guint16 weight = 0; 2703 guint16 port = 0; 2704 const gchar *target; 2705 int target_len; 2706 2707 proto_tree_add_item(rr_tree, hf_dns_srv_priority, tvb, cur_offset, 2, ENC_BIG_ENDIAN); 2708 priority = tvb_get_ntohs(tvb, cur_offset); 2709 cur_offset += 2; 2710 2711 proto_tree_add_item(rr_tree, hf_dns_srv_weight, tvb, cur_offset, 2, ENC_BIG_ENDIAN); 2712 weight = tvb_get_ntohs(tvb, cur_offset); 2713 cur_offset += 2; 2714 2715 proto_tree_add_item(rr_tree, hf_dns_srv_port, tvb, cur_offset, 2, ENC_BIG_ENDIAN); 2716 port = tvb_get_ntohs(tvb, cur_offset); 2717 cur_offset += 2; 2718 2719 used_bytes = get_dns_name(tvb, cur_offset, 0, dns_data_offset, &target, &target_len); 2720 name_out = format_text(wmem_packet_scope(), (const guchar*)target, target_len); 2721 2722 proto_tree_add_string(rr_tree, hf_dns_srv_target, tvb, cur_offset, used_bytes, name_out); 2723 2724 col_append_fstr(pinfo->cinfo, COL_INFO, " %u %u %u %s", priority, weight, port, name_out); 2725 proto_item_append_text(trr, 2726 ", priority %u, weight %u, port %u, target %s", 2727 priority, weight, port, name_out); 2728 } 2729 break; 2730 2731 case T_NAPTR: /* Naming Authority PoinTeR (35) */ 2732 { 2733 proto_item *ti_len; 2734 int offset = cur_offset; 2735 guint16 order; 2736 guint16 preference; 2737 const guint8 *flags; 2738 guint8 flags_len; 2739 guint8 service_len; 2740 guint8 regex_len; 2741 const gchar *replacement; 2742 int replacement_len; 2743 2744 /* Order */ 2745 proto_tree_add_item(rr_tree, hf_dns_naptr_order, tvb, offset, 2, ENC_BIG_ENDIAN); 2746 order = tvb_get_ntohs(tvb, offset); 2747 offset += 2; 2748 2749 /* Preference */ 2750 proto_tree_add_item(rr_tree, hf_dns_naptr_preference, tvb, offset, 2, ENC_BIG_ENDIAN); 2751 preference = tvb_get_ntohs(tvb, offset); 2752 offset += 2; 2753 2754 /* Flags */ 2755 proto_tree_add_item(rr_tree, hf_dns_naptr_flags_length, tvb, offset, 1, ENC_BIG_ENDIAN); 2756 flags_len = tvb_get_guint8(tvb, offset); 2757 offset += 1; 2758 proto_tree_add_item_ret_string(rr_tree, hf_dns_naptr_flags, tvb, offset, flags_len, ENC_ASCII|ENC_NA, wmem_packet_scope(), &flags); 2759 offset += flags_len; 2760 2761 /* Service */ 2762 proto_tree_add_item(rr_tree, hf_dns_naptr_service_length, tvb, offset, 1, ENC_BIG_ENDIAN); 2763 service_len = tvb_get_guint8(tvb, offset); 2764 offset += 1; 2765 proto_tree_add_item(rr_tree, hf_dns_naptr_service, tvb, offset, service_len, ENC_ASCII|ENC_NA); 2766 offset += service_len; 2767 2768 /* Regex */ 2769 proto_tree_add_item(rr_tree, hf_dns_naptr_regex_length, tvb, offset, 1, ENC_BIG_ENDIAN); 2770 regex_len = tvb_get_guint8(tvb, offset); 2771 offset += 1; 2772 proto_tree_add_item(rr_tree, hf_dns_naptr_regex, tvb, offset, regex_len, ENC_ASCII|ENC_NA); 2773 offset += regex_len; 2774 2775 /* Replacement */ 2776 used_bytes = get_dns_name(tvb, offset, 0, dns_data_offset, &replacement, &replacement_len); 2777 name_out = format_text(wmem_packet_scope(), (const guchar*)replacement, replacement_len); 2778 ti_len = proto_tree_add_uint(rr_tree, hf_dns_naptr_replacement_length, tvb, offset, 0, replacement_len); 2779 proto_item_set_generated(ti_len); 2780 2781 proto_tree_add_string(rr_tree, hf_dns_naptr_replacement, tvb, offset, used_bytes, name_out); 2782 2783 col_append_fstr(pinfo->cinfo, COL_INFO, " %u %u %s", order, preference, flags); 2784 2785 proto_item_append_text(trr, ", order %u, preference %u, flags %s", 2786 order, preference, flags); 2787 } 2788 break; 2789 2790 case T_KX: /* Key Exchange (36) */ 2791 { 2792 const gchar *kx_name; 2793 int kx_name_len; 2794 2795 used_bytes = get_dns_name(tvb, cur_offset + 2, 0, dns_data_offset, &kx_name, &kx_name_len); 2796 name_out = format_text(wmem_packet_scope(), (const guchar*)kx_name, kx_name_len); 2797 col_append_fstr(pinfo->cinfo, COL_INFO, " %u %s", tvb_get_ntohs(tvb, cur_offset), name_out); 2798 proto_item_append_text(trr, ", preference %u, kx %s", 2799 tvb_get_ntohs(tvb, cur_offset), name_out); 2800 proto_tree_add_item(rr_tree, hf_dns_kx_preference, tvb, cur_offset, 2, ENC_BIG_ENDIAN); 2801 proto_tree_add_string(rr_tree, hf_dns_kx_key_exchange, tvb, cur_offset + 2, used_bytes, name_out); 2802 } 2803 break; 2804 2805 case T_CERT: /* Certificate (37) */ 2806 { 2807 int rr_len = data_len; 2808 2809 proto_tree_add_item(rr_tree, hf_dns_cert_type, tvb, cur_offset, 2, ENC_BIG_ENDIAN); 2810 cur_offset += 2; 2811 rr_len -= 2; 2812 2813 proto_tree_add_item(rr_tree, hf_dns_cert_key_tag, tvb, cur_offset, 2, ENC_BIG_ENDIAN); 2814 cur_offset += 2; 2815 rr_len -= 2; 2816 2817 proto_tree_add_item(rr_tree, hf_dns_cert_algorithm, tvb, cur_offset, 1, ENC_BIG_ENDIAN); 2818 cur_offset += 1; 2819 rr_len -= 1; 2820 2821 if (rr_len != 0) { 2822 proto_tree_add_item(rr_tree, hf_dns_cert_certificate, tvb, cur_offset, rr_len, ENC_NA); 2823 } 2824 } 2825 break; 2826 2827 case T_A6: /* IPv6 address with indirection (38) Obso */ 2828 { 2829 unsigned short pre_len; 2830 unsigned short suf_len; 2831 unsigned short suf_octet_count; 2832 const gchar *pname; 2833 int pname_len; 2834 int a6_offset; 2835 int suf_offset; 2836 ws_in6_addr suffix; 2837 address suffix_addr; 2838 2839 a6_offset = cur_offset; 2840 pre_len = tvb_get_guint8(tvb, cur_offset); 2841 cur_offset++; 2842 suf_len = 128 - pre_len; 2843 suf_octet_count = suf_len ? (suf_len - 1) / 8 + 1 : 0; 2844 /* Pad prefix */ 2845 for (suf_offset = 0; suf_offset < 16 - suf_octet_count; suf_offset++) { 2846 suffix.bytes[suf_offset] = 0; 2847 } 2848 for (; suf_offset < 16; suf_offset++) { 2849 suffix.bytes[suf_offset] = tvb_get_guint8(tvb, cur_offset); 2850 cur_offset++; 2851 } 2852 2853 if (pre_len > 0) { 2854 used_bytes = get_dns_name(tvb, cur_offset, 0, dns_data_offset, 2855 &pname, &pname_len); 2856 } else { 2857 pname = ""; 2858 pname_len = 0; 2859 } 2860 name_out = format_text(wmem_packet_scope(), (const guchar*)pname, pname_len); 2861 2862 set_address(&suffix_addr, AT_IPv6, 16, suffix.bytes); 2863 col_append_fstr(pinfo->cinfo, COL_INFO, " %d %s %s", 2864 pre_len, 2865 address_to_str(wmem_packet_scope(), &suffix_addr), 2866 name_out); 2867 2868 proto_tree_add_item(rr_tree, hf_dns_a6_prefix_len,tvb, a6_offset, 1, ENC_BIG_ENDIAN); 2869 a6_offset++; 2870 if (suf_len) { 2871 proto_tree_add_ipv6(rr_tree, hf_dns_a6_address_suffix,tvb, a6_offset, suf_octet_count, &suffix); 2872 a6_offset += suf_octet_count; 2873 } 2874 if (pre_len > 0) { 2875 proto_tree_add_string(rr_tree, hf_dns_a6_prefix_name, tvb, a6_offset, used_bytes, name_out); 2876 } 2877 proto_item_append_text(trr, ", addr %d %s %s", 2878 pre_len, 2879 address_to_str(wmem_packet_scope(), &suffix_addr), 2880 name_out); 2881 } 2882 break; 2883 2884 case T_DNAME: /* Non-terminal DNS name redirection (39) */ 2885 { 2886 const gchar *dname; 2887 int dname_len; 2888 2889 used_bytes = get_dns_name(tvb, cur_offset, 0, dns_data_offset, 2890 &dname, &dname_len); 2891 name_out = format_text(wmem_packet_scope(), (const guchar*)dname, dname_len); 2892 col_append_fstr(pinfo->cinfo, COL_INFO, " %s", name_out); 2893 proto_item_append_text(trr, ", dname %s", name_out); 2894 proto_tree_add_string(rr_tree, hf_dns_dname, tvb, cur_offset, used_bytes, name_out); 2895 } 2896 break; 2897 2898 case T_OPT: /* Option (41) */ 2899 { 2900 int rropt_len = data_len; 2901 guint16 optcode, optlen; 2902 proto_item *rropt, *rroptlen; 2903 proto_tree *rropt_tree; 2904 2905 while (rropt_len > 0) { 2906 optcode = tvb_get_ntohs(tvb, cur_offset); 2907 rropt_len -= 2; 2908 2909 optlen = tvb_get_ntohs(tvb, cur_offset + 2); 2910 rropt_len -= 2; 2911 2912 rropt = proto_tree_add_item(rr_tree, hf_dns_opt, tvb, cur_offset, 4 + optlen, ENC_NA); 2913 proto_item_append_text(rropt, ": %s", val_to_str(optcode, edns0_opt_code_vals, "Unknown (%d)")); 2914 rropt_tree = proto_item_add_subtree(rropt, ett_dns_opts); 2915 rropt = proto_tree_add_item(rropt_tree, hf_dns_opt_code, tvb, cur_offset, 2, ENC_BIG_ENDIAN); 2916 cur_offset += 2; 2917 rroptlen = proto_tree_add_item(rropt_tree, hf_dns_opt_len, tvb, cur_offset, 2, ENC_BIG_ENDIAN); 2918 cur_offset += 2; 2919 2920 proto_tree_add_item(rropt_tree, hf_dns_opt_data, tvb, cur_offset, optlen, ENC_NA); 2921 switch(optcode) { 2922 2923 case O_DAU: /* DNSSEC Algorithm Understood (RFC6975) */ 2924 { 2925 while (optlen != 0) { 2926 proto_tree_add_item(rropt_tree, hf_dns_opt_dau, tvb, cur_offset, 1, ENC_BIG_ENDIAN); 2927 cur_offset += 1; 2928 rropt_len -= 1; 2929 optlen -= 1; 2930 } 2931 } 2932 break; 2933 2934 case O_DHU: /* DS Hash Understood (RFC6975) */ 2935 { 2936 while (optlen != 0) { 2937 proto_tree_add_item(rropt_tree, hf_dns_opt_dhu, tvb, cur_offset, 1, ENC_BIG_ENDIAN); 2938 cur_offset += 1; 2939 rropt_len -= 1; 2940 optlen -= 1; 2941 } 2942 } 2943 break; 2944 2945 case O_N3U: /* N3SEC Hash Understood (RFC6975) */ 2946 { 2947 while (optlen != 0) { 2948 proto_tree_add_item(rropt_tree, hf_dns_opt_n3u, tvb, cur_offset, 1, ENC_BIG_ENDIAN); 2949 cur_offset += 1; 2950 rropt_len -= 1; 2951 optlen -= 1; 2952 } 2953 } 2954 break; 2955 2956 case O_CLIENT_SUBNET_EXP: /* draft-vandergaast-edns-client-subnet */ 2957 expert_add_info_format(pinfo, rropt, &ei_dns_depr_opc, 2958 "Deprecated opcode. Client subnet OPT assigned as %d.", O_CLIENT_SUBNET); 2959 /* Intentional fall-through */ 2960 2961 case O_CLIENT_SUBNET: 2962 { 2963 guint16 family; 2964 guint16 addr_len = optlen - 4; 2965 union { 2966 guint32 addr; 2967 guint8 bytes[16]; 2968 } ip_addr = {0}; 2969 2970 family = tvb_get_ntohs(tvb, cur_offset); 2971 proto_tree_add_item(rropt_tree, hf_dns_opt_client_family, tvb, cur_offset, 2, ENC_BIG_ENDIAN); 2972 cur_offset += 2; 2973 proto_tree_add_item(rropt_tree, hf_dns_opt_client_netmask, tvb, cur_offset, 1, ENC_BIG_ENDIAN); 2974 cur_offset += 1; 2975 proto_tree_add_item(rropt_tree, hf_dns_opt_client_scope, tvb, cur_offset, 1, ENC_BIG_ENDIAN); 2976 cur_offset += 1; 2977 2978 if (addr_len > 16) { 2979 expert_add_info(pinfo, rroptlen, &ei_dns_opt_bad_length); 2980 /* Avoid stack-smashing which occurs otherwise with the 2981 * following tvb_memcpy. */ 2982 addr_len = 16; 2983 } 2984 tvb_memcpy(tvb, ip_addr.bytes, cur_offset, addr_len); 2985 switch (family) { 2986 2987 case AFNUM_INET: 2988 { 2989 proto_tree_add_ipv4(rropt_tree, hf_dns_opt_client_addr4, tvb, 2990 cur_offset, addr_len, ip_addr.addr); 2991 } 2992 break; 2993 2994 case AFNUM_INET6: 2995 { 2996 proto_tree_add_ipv6(rropt_tree, hf_dns_opt_client_addr6, tvb, 2997 cur_offset, addr_len, (ws_in6_addr *)&ip_addr); 2998 } 2999 break; 3000 3001 default: 3002 { 3003 proto_tree_add_item(rropt_tree, hf_dns_opt_client_addr, tvb, cur_offset, (optlen - 4), 3004 ENC_NA); 3005 } 3006 break; 3007 } 3008 cur_offset += (optlen - 4); 3009 rropt_len -= optlen; 3010 } 3011 break; 3012 3013 case O_COOKIE: 3014 { 3015 proto_tree_add_item(rropt_tree, hf_dns_opt_cookie_client, tvb, cur_offset, 8, ENC_NA); 3016 cur_offset += 8; 3017 rropt_len -= 8; 3018 optlen -= 8; 3019 proto_tree_add_item(rropt_tree, hf_dns_opt_cookie_server, tvb, cur_offset, optlen, ENC_NA); 3020 cur_offset += optlen; 3021 rropt_len -= optlen; 3022 } 3023 break; 3024 3025 case O_EDNS_TCP_KA: 3026 { 3027 if (optlen == 2) { 3028 proto_tree_add_item(rropt_tree, hf_dns_opt_edns_tcp_keepalive_timeout, tvb, cur_offset, 2, ENC_BIG_ENDIAN); 3029 } 3030 cur_offset += optlen; 3031 rropt_len -= optlen; 3032 } 3033 break; 3034 3035 case O_PADDING: 3036 { 3037 proto_tree_add_item(rropt_tree, hf_dns_opt_padding, tvb, cur_offset, optlen, ENC_NA); 3038 cur_offset += optlen; 3039 rropt_len -= optlen; 3040 } 3041 break; 3042 3043 case O_CHAIN: 3044 { 3045 if (optlen) { 3046 proto_tree_add_item(rropt_tree, hf_dns_opt_chain_fqdn, tvb, cur_offset, optlen, ENC_ASCII|ENC_NA); 3047 } 3048 cur_offset += optlen; 3049 rropt_len -= optlen; 3050 } 3051 break; 3052 3053 case O_EXT_ERROR: 3054 { 3055 if (optlen >= 2) { 3056 proto_tree_add_item(rropt_tree, hf_dns_opt_ext_error_info_code, tvb, cur_offset, 2, ENC_BIG_ENDIAN); 3057 cur_offset += 2; 3058 rropt_len -= 2; 3059 if (optlen > 2) { 3060 proto_tree_add_item(rropt_tree, hf_dns_opt_ext_error_extra_text, tvb, cur_offset, optlen - 2, ENC_UTF_8|ENC_NA); 3061 cur_offset += (optlen - 2); 3062 rropt_len -= (optlen - 2); 3063 } 3064 } 3065 } 3066 break; 3067 3068 default: 3069 { 3070 cur_offset += optlen; 3071 rropt_len -= optlen; 3072 } 3073 break; 3074 } 3075 } 3076 } 3077 break; 3078 3079 case T_APL: /* Lists of Address Prefixes (42) */ 3080 { 3081 int rr_len = data_len; 3082 guint16 afamily; 3083 guint8 afdpart_len; 3084 3085 col_append_fstr(pinfo->cinfo, COL_INFO, " %s", name); 3086 3087 while (rr_len > 1) { 3088 afamily = tvb_get_ntohs(tvb, cur_offset); 3089 proto_tree_add_item(rr_tree, hf_dns_apl_address_family, tvb, cur_offset, 2, ENC_BIG_ENDIAN); 3090 cur_offset += 2; 3091 rr_len -= 2; 3092 3093 proto_tree_add_item(rr_tree, hf_dns_apl_coded_prefix, tvb, cur_offset, 1, ENC_BIG_ENDIAN); 3094 cur_offset += 1; 3095 rr_len -= 1; 3096 3097 afdpart_len = tvb_get_guint8(tvb, cur_offset) & DNS_APL_AFDLENGTH; 3098 proto_tree_add_item(rr_tree, hf_dns_apl_negation, tvb, cur_offset, 1, ENC_BIG_ENDIAN); 3099 proto_tree_add_item(rr_tree, hf_dns_apl_afdlength, tvb, cur_offset, 1, ENC_BIG_ENDIAN); 3100 cur_offset += 1; 3101 rr_len -= 1; 3102 3103 if (afamily == AFNUM_INET && afdpart_len <= 4) { 3104 ws_in4_addr *addr4_copy; 3105 3106 addr4_copy = (ws_in4_addr *)wmem_alloc0(wmem_packet_scope(), 4); 3107 tvb_memcpy(tvb, (void *)addr4_copy, cur_offset, afdpart_len); 3108 proto_tree_add_ipv4(rr_tree, hf_dns_apl_afdpart_ipv4, tvb, cur_offset, afdpart_len, *addr4_copy); 3109 } else if (afamily == AFNUM_INET6 && afdpart_len <= 16) { 3110 ws_in6_addr *addr6_copy; 3111 3112 addr6_copy = (ws_in6_addr *)wmem_alloc0(wmem_packet_scope(), 16); 3113 tvb_memcpy(tvb, (void *)addr6_copy, cur_offset, afdpart_len); 3114 proto_tree_add_ipv6(rr_tree, hf_dns_apl_afdpart_ipv6, tvb, cur_offset, afdpart_len, addr6_copy); 3115 } else { /* Other... */ 3116 proto_tree_add_item(rr_tree, hf_dns_apl_afdpart_data, tvb, cur_offset, afdpart_len, ENC_NA); 3117 } 3118 cur_offset += afdpart_len; 3119 rr_len -= afdpart_len; 3120 } 3121 } 3122 break; 3123 3124 case T_DS: /* Delegation Signature (43) */ 3125 case T_CDS: /* Child DS (59) */ 3126 case T_DLV: 3127 { 3128 int rr_len = data_len; 3129 3130 proto_tree_add_item(rr_tree, hf_dns_ds_key_id, tvb, cur_offset, 2, ENC_BIG_ENDIAN); 3131 cur_offset += 2; 3132 rr_len -= 2; 3133 3134 proto_tree_add_item(rr_tree, hf_dns_ds_algorithm, tvb, cur_offset, 1, ENC_BIG_ENDIAN); 3135 cur_offset += 1; 3136 rr_len -= 1; 3137 3138 proto_tree_add_item(rr_tree, hf_dns_ds_digest_type, tvb, cur_offset, 1, ENC_BIG_ENDIAN); 3139 cur_offset += 1; 3140 rr_len -= 1; 3141 3142 proto_tree_add_item(rr_tree, hf_dns_ds_digest, tvb, cur_offset, rr_len, ENC_NA); 3143 } 3144 break; 3145 3146 case T_SSHFP: /* Securely Publish SSH Key Fingerprints (44) */ 3147 { 3148 int rr_len = data_len; 3149 3150 proto_tree_add_item(rr_tree, hf_dns_sshfp_algorithm, tvb, cur_offset, 1, ENC_BIG_ENDIAN); 3151 cur_offset += 1; 3152 rr_len -= 1; 3153 3154 proto_tree_add_item(rr_tree, hf_dns_sshfp_fingerprint_type, tvb, cur_offset, 1, ENC_BIG_ENDIAN); 3155 cur_offset += 1; 3156 rr_len -= 1; 3157 3158 3159 if (rr_len != 0) { 3160 proto_tree_add_item(rr_tree, hf_dns_sshfp_fingerprint, tvb, cur_offset, rr_len, ENC_NA); 3161 } 3162 } 3163 break; 3164 3165 case T_IPSECKEY: /* IPsec Key (45) */ 3166 { 3167 int rr_len = data_len; 3168 guint8 gw_type; 3169 const gchar *gw; 3170 int gw_name_len; 3171 3172 proto_tree_add_item(rr_tree, hf_dns_ipseckey_gateway_precedence, tvb, cur_offset, 1, ENC_BIG_ENDIAN); 3173 cur_offset += 1; 3174 rr_len -= 1; 3175 3176 proto_tree_add_item(rr_tree, hf_dns_ipseckey_gateway_type, tvb, cur_offset, 1, ENC_BIG_ENDIAN); 3177 gw_type = tvb_get_guint8(tvb, cur_offset); 3178 cur_offset += 1; 3179 rr_len -= 1; 3180 3181 proto_tree_add_item(rr_tree, hf_dns_ipseckey_gateway_algorithm, tvb, cur_offset, 1, ENC_BIG_ENDIAN); 3182 cur_offset += 1; 3183 rr_len -= 1; 3184 3185 switch (gw_type) { 3186 3187 case 0: 3188 { 3189 /* No Gateway */ 3190 } 3191 break; 3192 3193 case 1: 3194 { 3195 proto_tree_add_item(rr_tree, hf_dns_ipseckey_gateway_ipv4, tvb, cur_offset, 4, ENC_BIG_ENDIAN); 3196 cur_offset += 4; 3197 rr_len -= 4; 3198 } 3199 break; 3200 3201 case 2: 3202 { 3203 proto_tree_add_item(rr_tree, hf_dns_ipseckey_gateway_ipv6, tvb, cur_offset, 16, ENC_NA); 3204 cur_offset += 16; 3205 rr_len -= 16; 3206 } 3207 break; 3208 3209 case 3: 3210 { 3211 used_bytes = get_dns_name(tvb, cur_offset, 0, dns_data_offset, &gw, &gw_name_len); 3212 name_out = format_text(wmem_packet_scope(), (const guchar*)gw, gw_name_len); 3213 proto_tree_add_string(rr_tree, hf_dns_ipseckey_gateway_dns, tvb, cur_offset, used_bytes, name_out); 3214 3215 cur_offset += used_bytes; 3216 rr_len -= used_bytes; 3217 } 3218 break; 3219 3220 default: 3221 break; 3222 } 3223 if (rr_len != 0) { 3224 proto_tree_add_item(rr_tree, hf_dns_ipseckey_public_key, tvb, cur_offset, rr_len, ENC_NA); 3225 } 3226 } 3227 break; 3228 3229 case T_RRSIG: /* RRSIG (46) */ 3230 case T_SIG: /* Security SIgnature (24) */ 3231 { 3232 int rr_len = data_len; 3233 const gchar *signer_name; 3234 int signer_name_len; 3235 proto_item *ti; 3236 3237 proto_tree_add_item(rr_tree, hf_dns_rrsig_type_covered, tvb, cur_offset, 2, ENC_BIG_ENDIAN); 3238 cur_offset += 2; 3239 rr_len -= 2; 3240 3241 proto_tree_add_item(rr_tree, hf_dns_rrsig_algorithm, tvb, cur_offset, 1, ENC_BIG_ENDIAN); 3242 cur_offset += 1; 3243 rr_len -= 1; 3244 3245 proto_tree_add_item(rr_tree, hf_dns_rrsig_labels, tvb, cur_offset, 1, ENC_BIG_ENDIAN); 3246 cur_offset += 1; 3247 rr_len -= 1; 3248 3249 ti = proto_tree_add_item(rr_tree, hf_dns_rrsig_original_ttl, tvb, cur_offset, 4, ENC_BIG_ENDIAN); 3250 proto_item_append_text(ti, " (%s)", unsigned_time_secs_to_str(wmem_packet_scope(), tvb_get_ntohl(tvb, cur_offset))); 3251 cur_offset += 4; 3252 rr_len -= 4; 3253 3254 proto_tree_add_item(rr_tree, hf_dns_rrsig_signature_expiration, tvb, cur_offset, 4, ENC_BIG_ENDIAN); 3255 cur_offset += 4; 3256 rr_len -= 4; 3257 3258 proto_tree_add_item(rr_tree, hf_dns_rrsig_signature_inception, tvb, cur_offset, 4, ENC_BIG_ENDIAN); 3259 cur_offset += 4; 3260 rr_len -= 4; 3261 3262 proto_tree_add_item(rr_tree, hf_dns_rrsig_key_tag, tvb, cur_offset, 2, ENC_BIG_ENDIAN); 3263 cur_offset += 2; 3264 rr_len -= 2; 3265 3266 used_bytes = get_dns_name(tvb, cur_offset, 0, dns_data_offset, &signer_name, &signer_name_len); 3267 name_out = format_text(wmem_packet_scope(), (const guchar*)signer_name, signer_name_len); 3268 proto_tree_add_string(rr_tree, hf_dns_rrsig_signers_name, tvb, cur_offset, used_bytes, name_out); 3269 cur_offset += used_bytes; 3270 rr_len -= used_bytes; 3271 3272 if (rr_len != 0) { 3273 proto_tree_add_item(rr_tree, hf_dns_rrsig_signature, tvb, cur_offset, rr_len, ENC_NA); 3274 } 3275 } 3276 break; 3277 3278 case T_NSEC: /* NSEC (47) */ 3279 { 3280 int rr_len = data_len; 3281 const gchar *next_domain_name; 3282 int next_domain_name_len; 3283 3284 used_bytes = get_dns_name(tvb, cur_offset, 0, dns_data_offset, 3285 &next_domain_name, &next_domain_name_len); 3286 name_out = format_text(wmem_packet_scope(), (const guchar*)next_domain_name, next_domain_name_len); 3287 col_append_fstr(pinfo->cinfo, COL_INFO, " %s", name_out); 3288 proto_item_append_text(trr, ", next domain name %s", name_out); 3289 proto_tree_add_string(rr_tree, hf_dns_nsec_next_domain_name, tvb, cur_offset, used_bytes, name_out); 3290 cur_offset += used_bytes; 3291 rr_len -= used_bytes; 3292 3293 dissect_type_bitmap(rr_tree, tvb, cur_offset, rr_len); 3294 } 3295 break; 3296 3297 case T_DNSKEY: /* DNSKEY (48) */ 3298 case T_CDNSKEY: /* CDNSKEY (60) */ 3299 { 3300 int rr_len = data_len; 3301 proto_item *tf, *ti_gen; 3302 proto_tree *flags_tree; 3303 guint16 key_id; 3304 guint8 algo; 3305 3306 tf = proto_tree_add_item(rr_tree, hf_dns_dnskey_flags, tvb, cur_offset, 2, ENC_BIG_ENDIAN); 3307 flags_tree = proto_item_add_subtree(tf, ett_key_flags); 3308 proto_tree_add_item(flags_tree, hf_dns_dnskey_flags_zone_key, tvb, cur_offset, 2, ENC_BIG_ENDIAN); 3309 proto_tree_add_item(flags_tree, hf_dns_dnskey_flags_key_revoked, tvb, cur_offset, 2, ENC_BIG_ENDIAN); 3310 proto_tree_add_item(flags_tree, hf_dns_dnskey_flags_secure_entry_point, tvb, cur_offset, 2, ENC_BIG_ENDIAN); 3311 proto_tree_add_item(flags_tree, hf_dns_dnskey_flags_reserved, tvb, cur_offset, 2, ENC_BIG_ENDIAN); 3312 3313 cur_offset += 2; 3314 rr_len -= 2; 3315 3316 /* Must have value 3, Add check ? */ 3317 proto_tree_add_item(rr_tree, hf_dns_dnskey_protocol, tvb, cur_offset, 1, ENC_BIG_ENDIAN); 3318 cur_offset += 1; 3319 rr_len -= 1; 3320 3321 proto_tree_add_item(rr_tree, hf_dns_dnskey_algorithm, tvb, cur_offset, 1, ENC_BIG_ENDIAN); 3322 algo = tvb_get_guint8(tvb, cur_offset); 3323 3324 cur_offset += 1; 3325 rr_len -= 1; 3326 3327 if (compute_key_id(rr_tree, pinfo, tvb, cur_offset-4, rr_len+4, algo, &key_id)) { 3328 ti_gen = proto_tree_add_uint(rr_tree, hf_dns_dnskey_key_id, tvb, 0, 0, key_id); 3329 proto_item_set_generated(ti_gen); 3330 } 3331 3332 proto_tree_add_item(rr_tree, hf_dns_dnskey_public_key, tvb, cur_offset, rr_len, ENC_NA); 3333 } 3334 break; 3335 3336 case T_DHCID: /* DHCID (49) */ 3337 { 3338 col_append_fstr(pinfo->cinfo, COL_INFO, " %s", name); 3339 proto_tree_add_item(rr_tree, hf_dns_dhcid_rdata, tvb, cur_offset, data_len, ENC_NA); 3340 } 3341 break; 3342 3343 case T_NSEC3: /* NSEC3 (50) */ 3344 { 3345 int rr_len, initial_offset = cur_offset; 3346 guint8 salt_len, hash_len; 3347 proto_item *flags_item; 3348 proto_tree *flags_tree; 3349 3350 proto_tree_add_item(rr_tree, hf_dns_nsec3_algo, tvb, cur_offset, 1, ENC_BIG_ENDIAN); 3351 cur_offset += 1; 3352 3353 flags_item = proto_tree_add_item(rr_tree, hf_dns_nsec3_flags, tvb, cur_offset, 1, ENC_BIG_ENDIAN); 3354 flags_tree = proto_item_add_subtree(flags_item, ett_nsec3_flags); 3355 proto_tree_add_item(flags_tree, hf_dns_nsec3_flag_optout, tvb, cur_offset, 1, ENC_BIG_ENDIAN); 3356 cur_offset += 1; 3357 3358 proto_tree_add_item(rr_tree, hf_dns_nsec3_iterations, tvb, cur_offset, 2, ENC_BIG_ENDIAN); 3359 cur_offset += 2; 3360 3361 proto_tree_add_item(rr_tree, hf_dns_nsec3_salt_length, tvb, cur_offset, 1, ENC_BIG_ENDIAN); 3362 salt_len = tvb_get_guint8(tvb, cur_offset); 3363 cur_offset += 1; 3364 3365 proto_tree_add_item(rr_tree, hf_dns_nsec3_salt_value, tvb, cur_offset, salt_len, ENC_NA); 3366 cur_offset += salt_len; 3367 3368 proto_tree_add_item(rr_tree, hf_dns_nsec3_hash_length, tvb, cur_offset, 1, ENC_BIG_ENDIAN); 3369 hash_len = tvb_get_guint8(tvb, cur_offset); 3370 cur_offset += 1; 3371 3372 proto_tree_add_item(rr_tree, hf_dns_nsec3_hash_value, tvb, cur_offset, hash_len, ENC_NA); 3373 cur_offset += hash_len; 3374 3375 rr_len = data_len - (cur_offset - initial_offset); 3376 dissect_type_bitmap(rr_tree, tvb, cur_offset, rr_len); 3377 } 3378 break; 3379 3380 case T_NSEC3PARAM: /* NSEC3PARAM (51) */ 3381 { 3382 int salt_len; 3383 col_append_fstr(pinfo->cinfo, COL_INFO, " %s", name); 3384 3385 proto_tree_add_item(rr_tree, hf_dns_nsec3_algo, tvb, cur_offset, 1, ENC_BIG_ENDIAN); 3386 cur_offset +=1; 3387 3388 proto_tree_add_item(rr_tree, hf_dns_nsec3_flags, tvb, cur_offset, 1, ENC_BIG_ENDIAN); 3389 cur_offset +=1; 3390 3391 proto_tree_add_item(rr_tree, hf_dns_nsec3_iterations, tvb, cur_offset, 2, ENC_BIG_ENDIAN); 3392 cur_offset += 2; 3393 3394 proto_tree_add_item(rr_tree, hf_dns_nsec3_salt_length, tvb, cur_offset, 1, ENC_BIG_ENDIAN); 3395 salt_len = tvb_get_guint8(tvb, cur_offset); 3396 cur_offset +=1; 3397 3398 proto_tree_add_item(rr_tree, hf_dns_nsec3_salt_value, tvb, cur_offset, salt_len, ENC_NA); 3399 } 3400 break; 3401 3402 case T_TLSA: /* DNS-Based Authentication of Named Entities (52) */ 3403 { 3404 int rr_len = data_len; 3405 col_append_fstr(pinfo->cinfo, COL_INFO, " %s", name); 3406 3407 proto_tree_add_item(rr_tree, hf_dns_tlsa_certificate_usage, tvb, cur_offset, 1, ENC_BIG_ENDIAN); 3408 cur_offset ++; 3409 rr_len --; 3410 3411 proto_tree_add_item(rr_tree, hf_dns_tlsa_selector, tvb, cur_offset, 1, ENC_BIG_ENDIAN); 3412 cur_offset ++; 3413 rr_len --; 3414 3415 proto_tree_add_item(rr_tree, hf_dns_tlsa_matching_type, tvb, cur_offset, 1, ENC_BIG_ENDIAN); 3416 cur_offset ++; 3417 rr_len --; 3418 3419 proto_tree_add_item(rr_tree, hf_dns_tlsa_certificate_association_data, tvb, cur_offset, rr_len, ENC_NA); 3420 } 3421 break; 3422 3423 case T_HIP: /* Host Identity Protocol (55) */ 3424 { 3425 guint8 hit_len; 3426 guint16 pk_len; 3427 int rr_len = data_len; 3428 int rendezvous_len; 3429 const gchar *rend_server_dns_name; 3430 3431 col_append_fstr(pinfo->cinfo, COL_INFO, " %s", name); 3432 3433 hit_len = tvb_get_guint8(tvb, cur_offset); 3434 proto_tree_add_item(rr_tree, hf_dns_hip_hit_length, tvb, cur_offset, 1, ENC_BIG_ENDIAN); 3435 cur_offset += 1; 3436 rr_len -= 1; 3437 3438 proto_tree_add_item(rr_tree, hf_dns_hip_pk_algo, tvb, cur_offset, 1, ENC_BIG_ENDIAN); 3439 cur_offset += 1; 3440 rr_len -= 1; 3441 3442 pk_len = tvb_get_ntohs(tvb, cur_offset); 3443 proto_tree_add_item(rr_tree, hf_dns_hip_pk_length, tvb, cur_offset, 2, ENC_BIG_ENDIAN); 3444 cur_offset += 2; 3445 rr_len -= 2; 3446 3447 proto_tree_add_item(rr_tree, hf_dns_hip_hit, tvb, cur_offset, hit_len, ENC_NA); 3448 cur_offset += hit_len; 3449 rr_len -= hit_len; 3450 3451 proto_tree_add_item(rr_tree, hf_dns_hip_pk, tvb, cur_offset, pk_len, ENC_NA); 3452 cur_offset += pk_len; 3453 rr_len -= pk_len; 3454 3455 while (rr_len > 1) { 3456 used_bytes = get_dns_name(tvb, cur_offset, 0, dns_data_offset, &rend_server_dns_name, &rendezvous_len); 3457 name_out = format_text(wmem_packet_scope(), (const guchar*)rend_server_dns_name, rendezvous_len); 3458 proto_tree_add_string(rr_tree, hf_dns_hip_rendezvous_server, tvb, cur_offset, used_bytes, name_out); 3459 cur_offset += used_bytes; 3460 rr_len -= used_bytes; 3461 } 3462 } 3463 break; 3464 3465 case T_OPENPGPKEY: /* OpenPGP Key (61) */ 3466 { 3467 proto_tree_add_item(rr_tree, hf_dns_openpgpkey, tvb, cur_offset, data_len, ENC_ASCII|ENC_NA); 3468 } 3469 break; 3470 3471 case T_CSYNC: /* Child-to-Parent Synchronization (62) */ 3472 { 3473 int rr_len, initial_offset = cur_offset; 3474 3475 proto_tree_add_item(rr_tree, hf_dns_csync_soa, tvb, cur_offset, 4, ENC_ASCII|ENC_NA); 3476 cur_offset += 4; 3477 3478 proto_tree_add_bitmask_with_flags(rr_tree, tvb, cur_offset, 3479 hf_dns_csync_flags, ett_dns_csdync_flags, dns_csync_flags, ENC_BIG_ENDIAN, BMT_NO_APPEND); 3480 cur_offset += 2; 3481 3482 rr_len = data_len - (cur_offset - initial_offset); 3483 proto_tree_add_item(rr_tree, hf_dns_csync_type_bitmap, tvb, cur_offset, rr_len, ENC_NA); 3484 3485 dissect_type_bitmap(rr_tree, tvb, cur_offset, rr_len); 3486 } 3487 break; 3488 3489 case T_ZONEMD: /* Message Digest for DNS Zones (63) */ 3490 { 3491 proto_tree_add_item(rr_tree, hf_dns_zonemd_serial, tvb, cur_offset, 4, ENC_BIG_ENDIAN); 3492 cur_offset += 4; 3493 proto_tree_add_item(rr_tree, hf_dns_zonemd_scheme, tvb, cur_offset, 1, ENC_NA); 3494 cur_offset += 1; 3495 proto_tree_add_item(rr_tree, hf_dns_zonemd_hash_algo, tvb, cur_offset, 1, ENC_NA); 3496 cur_offset += 1; 3497 proto_tree_add_item(rr_tree, hf_dns_zonemd_digest, tvb, cur_offset, data_len - 6 , ENC_NA); 3498 } 3499 break; 3500 3501 case T_SVCB: /* Service binding and parameter specification (64) */ 3502 case T_HTTPS: /* Service binding and parameter specification (65) */ 3503 { 3504 guint32 priority = 0, value; 3505 guint32 svc_param_key; 3506 guint32 svc_param_offset; 3507 guint32 svc_param_length; 3508 guint32 svc_param_alpn_length; 3509 const gchar *target; 3510 int target_len; 3511 int start_offset = cur_offset; 3512 proto_item *svcb_param_ti; 3513 proto_tree *svcb_param_tree; 3514 3515 proto_tree_add_item_ret_uint(rr_tree, hf_dns_svcb_priority, tvb, cur_offset, 2, ENC_BIG_ENDIAN, &priority); 3516 cur_offset += 2; 3517 3518 used_bytes = get_dns_name(tvb, cur_offset, 0, dns_data_offset, &target, &target_len); 3519 name_out = format_text(wmem_packet_scope(), (const guchar*)target, target_len); 3520 3521 proto_tree_add_string(rr_tree, hf_dns_svcb_target, tvb, cur_offset, used_bytes, name_out); 3522 cur_offset += used_bytes; 3523 3524 if (data_len > cur_offset - start_offset) { 3525 while (data_len > cur_offset - start_offset) { 3526 svcb_param_ti = proto_tree_add_item(rr_tree, hf_dns_svcb_param, tvb, cur_offset, -1, ENC_NA); 3527 svcb_param_tree = proto_item_add_subtree(svcb_param_ti, ett_dns_svcb); 3528 3529 proto_tree_add_item_ret_uint(svcb_param_tree, hf_dns_svcb_param_key, tvb, cur_offset, 2, ENC_BIG_ENDIAN, &svc_param_key); 3530 cur_offset += 2; 3531 3532 proto_tree_add_item_ret_uint(svcb_param_tree, hf_dns_svcb_param_length, tvb, cur_offset, 2, ENC_BIG_ENDIAN, &svc_param_length); 3533 cur_offset += 2; 3534 3535 proto_item_append_text(svcb_param_ti, ": %s", val_to_str(svc_param_key, dns_svcb_param_key_vals, "key%u")); 3536 proto_item_set_len(svcb_param_ti, svc_param_length + 4); 3537 3538 switch(svc_param_key) { 3539 case DNS_SVCB_KEY_MANDATORY: 3540 for (svc_param_offset = 0; svc_param_offset < svc_param_length; svc_param_offset += 2) { 3541 guint32 key; 3542 proto_tree_add_item_ret_uint(svcb_param_tree, hf_dns_svcb_param_mandatory_key, tvb, cur_offset, 2, ENC_BIG_ENDIAN, &key); 3543 proto_item_append_text(svcb_param_ti, "%c%s", (svc_param_offset == 0 ? '=' : ','), val_to_str(key, dns_svcb_param_key_vals, "key%u")); 3544 cur_offset += 2; 3545 } 3546 break; 3547 case DNS_SVCB_KEY_ALPN: 3548 for (svc_param_offset = 0; svc_param_offset < svc_param_length; ) { 3549 const guint8 *alpn; 3550 proto_tree_add_item_ret_uint(svcb_param_tree, hf_dns_svcb_param_alpn_length, tvb, cur_offset, 1, ENC_BIG_ENDIAN, &svc_param_alpn_length); 3551 cur_offset += 1; 3552 proto_tree_add_item_ret_string(svcb_param_tree, hf_dns_svcb_param_alpn, tvb, cur_offset, svc_param_alpn_length, ENC_ASCII|ENC_NA, wmem_packet_scope(), &alpn); 3553 cur_offset += svc_param_alpn_length; 3554 proto_item_append_text(svcb_param_ti, "%c%s", (svc_param_offset == 0 ? '=' : ','), alpn); 3555 svc_param_offset += 1 + svc_param_alpn_length; 3556 } 3557 break; 3558 case DNS_SVCB_KEY_NOALPN: 3559 break; 3560 case DNS_SVCB_KEY_PORT: 3561 proto_tree_add_item_ret_uint(svcb_param_tree, hf_dns_svcb_param_port, tvb, cur_offset, 2, ENC_BIG_ENDIAN, &value); 3562 proto_item_append_text(svcb_param_ti, "=%u", value); 3563 cur_offset += 2; 3564 break; 3565 case DNS_SVCB_KEY_IPV4HINT: 3566 for (svc_param_offset = 0; svc_param_offset < svc_param_length; svc_param_offset += 4) { 3567 proto_tree_add_item(svcb_param_tree, hf_dns_svcb_param_ipv4hint_ip, tvb, cur_offset, 4, ENC_NA); 3568 proto_item_append_text(svcb_param_ti, "%c%s", (svc_param_offset == 0 ? '=' : ','), tvb_ip_to_str(pinfo->pool, tvb, cur_offset)); 3569 cur_offset += 4; 3570 } 3571 break; 3572 case DNS_SVCB_KEY_ECHCONFIG: 3573 dissect_dns_svcparam_base64(svcb_param_tree, svcb_param_ti, hf_dns_svcb_param_echconfig, tvb, cur_offset, svc_param_length); 3574 cur_offset += svc_param_length; 3575 break; 3576 case DNS_SVCB_KEY_IPV6HINT: 3577 for (svc_param_offset = 0; svc_param_offset < svc_param_length; svc_param_offset += 16) { 3578 proto_tree_add_item(svcb_param_tree, hf_dns_svcb_param_ipv6hint_ip, tvb, cur_offset, 16, ENC_NA); 3579 proto_item_append_text(svcb_param_ti, "%c%s", (svc_param_offset == 0 ? '=' : ','), tvb_ip6_to_str(pinfo->pool, tvb, cur_offset)); 3580 cur_offset += 16; 3581 } 3582 break; 3583 case DNS_SVCB_KEY_ODOHCONFIG: 3584 dissect_dns_svcparam_base64(svcb_param_tree, svcb_param_ti, hf_dns_svcb_param_odohconfig, tvb, cur_offset, svc_param_length); 3585 cur_offset += svc_param_length; 3586 break; 3587 default: 3588 if (svc_param_length > 0) { 3589 proto_tree_add_item(svcb_param_tree, hf_dns_svcb_param_value, tvb, cur_offset, svc_param_length, ENC_NA); 3590 proto_item_append_text(svcb_param_ti, "=%s", tvb_format_text(pinfo->pool, tvb, cur_offset, svc_param_length)); 3591 cur_offset += svc_param_length; 3592 } 3593 break; 3594 } 3595 } 3596 } 3597 } 3598 break; 3599 3600 case T_SPF: /* Sender Policy Framework (99) */ 3601 { 3602 int rr_len = data_len; 3603 int spf_offset; 3604 int spf_len; 3605 3606 spf_offset = cur_offset; 3607 while (rr_len != 0) { 3608 spf_len = tvb_get_guint8(tvb, spf_offset); 3609 proto_tree_add_item(rr_tree, hf_dns_spf_length, tvb, spf_offset, 1, ENC_BIG_ENDIAN); 3610 spf_offset += 1; 3611 rr_len -= 1; 3612 proto_tree_add_item(rr_tree, hf_dns_spf, tvb, spf_offset, spf_len, ENC_ASCII|ENC_NA); 3613 spf_offset += spf_len; 3614 rr_len -= spf_len; 3615 } 3616 } 3617 break; 3618 3619 case T_NID: /* NodeID (104) */ 3620 { 3621 proto_tree_add_item(rr_tree, hf_dns_ilnp_nodeid_preference, tvb, cur_offset, 2, ENC_BIG_ENDIAN); 3622 cur_offset += 2; 3623 3624 proto_tree_add_item(rr_tree, hf_dns_ilnp_nodeid, tvb, cur_offset, 8, ENC_NA); 3625 /*cur_offset += 8;*/ 3626 } 3627 break; 3628 3629 case T_L32: /* Locator (105) */ 3630 { 3631 proto_tree_add_item(rr_tree, hf_dns_ilnp_locator32_preference, tvb, cur_offset, 2, ENC_BIG_ENDIAN); 3632 cur_offset += 2; 3633 3634 proto_tree_add_item(rr_tree, hf_dns_ilnp_locator32, tvb, cur_offset, 4, ENC_NA); 3635 /*cur_offset += 4;*/ 3636 } 3637 break; 3638 3639 case T_L64: /* Locator64 (106) */ 3640 { 3641 proto_tree_add_item(rr_tree, hf_dns_ilnp_locator64_preference, tvb, cur_offset, 2, ENC_BIG_ENDIAN); 3642 cur_offset += 2; 3643 3644 proto_tree_add_item(rr_tree, hf_dns_ilnp_locator64, tvb, cur_offset, 8, ENC_NA); 3645 /*cur_offset += 8;*/ 3646 } 3647 break; 3648 3649 case T_LP: /* Locator FQDN (107) */ 3650 { 3651 int lp_len; 3652 const gchar *lp_str; 3653 3654 proto_tree_add_item(rr_tree, hf_dns_ilnp_locatorfqdn_preference, tvb, cur_offset, 2, ENC_BIG_ENDIAN); 3655 cur_offset += 2; 3656 3657 used_bytes = get_dns_name(tvb, cur_offset, 0, dns_data_offset, &lp_str, &lp_len); 3658 name_out = format_text(wmem_packet_scope(), (const guchar*)lp_str, lp_len); 3659 proto_tree_add_string(rr_tree, hf_dns_ilnp_locatorfqdn, tvb, cur_offset, used_bytes, name_out); 3660 /*cur_offset += used_bytes;*/ 3661 } 3662 break; 3663 3664 case T_EUI48: /* EUI48 (108) */ 3665 { 3666 proto_tree_add_item(rr_tree, hf_dns_eui48, tvb, cur_offset, 6, ENC_NA); 3667 /*cur_offset += 6;*/ 3668 } 3669 break; 3670 3671 case T_EUI64: /* EUI64 (109) */ 3672 { 3673 proto_tree_add_item(rr_tree, hf_dns_eui64, tvb, cur_offset, 8, ENC_NA); 3674 /*cur_offset += 8;*/ 3675 } 3676 break; 3677 3678 case T_TKEY: /* Transaction Key (249) */ 3679 { 3680 const gchar *tkey_algname; 3681 int tkey_algname_len; 3682 guint16 tkey_mode, tkey_keylen, tkey_otherlen; 3683 3684 proto_tree *key_tree; 3685 proto_item *key_item; 3686 3687 used_bytes = get_dns_name(tvb, cur_offset, 0, dns_data_offset, &tkey_algname, &tkey_algname_len); 3688 name_out = format_text(wmem_packet_scope(), (const guchar*)tkey_algname, tkey_algname_len); 3689 proto_tree_add_string(rr_tree, hf_dns_tkey_algo_name, tvb, cur_offset, used_bytes, name_out); 3690 cur_offset += used_bytes; 3691 3692 proto_tree_add_item(rr_tree, hf_dns_tkey_signature_inception, tvb, cur_offset, 4, ENC_BIG_ENDIAN); 3693 cur_offset += 4; 3694 3695 proto_tree_add_item(rr_tree, hf_dns_tkey_signature_expiration, tvb, cur_offset, 4, ENC_BIG_ENDIAN); 3696 cur_offset += 4; 3697 3698 proto_tree_add_item(rr_tree, hf_dns_tkey_mode, tvb, cur_offset, 2, ENC_BIG_ENDIAN); 3699 tkey_mode = tvb_get_ntohs(tvb, cur_offset); 3700 cur_offset += 2; 3701 3702 proto_tree_add_item(rr_tree, hf_dns_tkey_error, tvb, cur_offset, 2, ENC_BIG_ENDIAN); 3703 cur_offset += 2; 3704 3705 proto_tree_add_item(rr_tree, hf_dns_tkey_key_size, tvb, cur_offset, 2, ENC_BIG_ENDIAN); 3706 tkey_keylen = tvb_get_ntohs(tvb, cur_offset); 3707 cur_offset += 2; 3708 3709 if (tkey_keylen != 0) { 3710 key_item = proto_tree_add_item(rr_tree, hf_dns_tkey_key_data, tvb, cur_offset, tkey_keylen, ENC_NA); 3711 3712 key_tree = proto_item_add_subtree(key_item, ett_t_key); 3713 3714 switch(tkey_mode) { 3715 case TKEYMODE_GSSAPI: 3716 { 3717 tvbuff_t *gssapi_tvb; 3718 3719 /* 3720 * XXX - in at least one capture, this appears to 3721 * be an NTLMSSP blob, with no ASN.1 in it, in 3722 * a query. 3723 * 3724 * See RFC 3645 which might indicate what's going 3725 * on here. (The key is an output_token from 3726 * GSS_Init_sec_context.) 3727 * 3728 * How the heck do we know what method is being 3729 * used, so we know how to decode the key? Do we 3730 * have to look at the algorithm name, e.g. 3731 * "gss.microsoft.com"? We currently do as the 3732 * the SMB dissector does in some cases, and check 3733 * whether the security blob begins with "NTLMSSP". 3734 */ 3735 gssapi_tvb = tvb_new_subset_length(tvb, cur_offset, tkey_keylen); 3736 if (tvb_strneql(gssapi_tvb, 0, "NTLMSSP", 7) == 0) { 3737 call_dissector(ntlmssp_handle, gssapi_tvb, pinfo, key_tree); 3738 } else { 3739 call_dissector(gssapi_handle, gssapi_tvb, pinfo, key_tree); 3740 } 3741 } 3742 break; 3743 3744 default: 3745 /* No dissector for this key mode */ 3746 break; 3747 } 3748 3749 cur_offset += tkey_keylen; 3750 } 3751 3752 proto_tree_add_item(rr_tree, hf_dns_tkey_other_size, tvb, cur_offset, 2, ENC_BIG_ENDIAN); 3753 tkey_otherlen = tvb_get_ntohs(tvb, cur_offset); 3754 cur_offset += 2; 3755 3756 if (tkey_otherlen != 0) { 3757 proto_tree_add_item(rr_tree, hf_dns_tkey_other_data, tvb, cur_offset, tkey_otherlen, ENC_NA); 3758 } 3759 } 3760 break; 3761 3762 case T_TSIG: /* Transaction Signature (250) */ 3763 { 3764 guint16 tsig_siglen, tsig_otherlen; 3765 const gchar *tsig_algname; 3766 int tsig_algname_len; 3767 proto_item *ti; 3768 3769 used_bytes = get_dns_name(tvb, cur_offset, 0, dns_data_offset, &tsig_algname, &tsig_algname_len); 3770 name_out = format_text(wmem_packet_scope(), (const guchar*)tsig_algname, tsig_algname_len); 3771 proto_tree_add_string(rr_tree, hf_dns_tsig_algorithm_name, tvb, cur_offset, used_bytes, name_out); 3772 cur_offset += used_bytes; 3773 3774 ti = proto_tree_add_item(rr_tree, hf_dns_tsig_time_signed ,tvb, cur_offset, 6, ENC_TIME_SECS|ENC_BIG_ENDIAN); 3775 if(tvb_get_ntohs(tvb, cur_offset)) /* Time High */ 3776 { 3777 proto_item_append_text(ti, " (high bits set)"); 3778 } 3779 cur_offset += 6; 3780 3781 proto_tree_add_item(rr_tree, hf_dns_tsig_fudge, tvb, cur_offset, 2, ENC_BIG_ENDIAN); 3782 cur_offset += 2; 3783 3784 tsig_siglen = tvb_get_ntohs(tvb, cur_offset); 3785 proto_tree_add_item(rr_tree, hf_dns_tsig_mac_size, tvb, cur_offset, 2, ENC_BIG_ENDIAN); 3786 cur_offset += 2; 3787 3788 if (tsig_siglen != 0) { 3789 proto_item *mac_item; 3790 proto_tree *mac_tree; 3791 tvbuff_t *sub_tvb; 3792 3793 mac_item = proto_tree_add_item(rr_tree, hf_dns_tsig_mac, tvb, cur_offset, tsig_siglen, ENC_NA); 3794 mac_tree = proto_item_add_subtree(mac_item, ett_dns_mac); 3795 3796 sub_tvb=tvb_new_subset_length(tvb, cur_offset, tsig_siglen); 3797 3798 if (!dissector_try_string(dns_tsig_dissector_table, tsig_algname, sub_tvb, pinfo, mac_tree, NULL)) { 3799 expert_add_info_format(pinfo, mac_item, &ei_dns_tsig_alg, 3800 "No dissector for algorithm:%s", tsig_algname); 3801 } 3802 3803 cur_offset += tsig_siglen; 3804 } 3805 3806 proto_tree_add_item(rr_tree, hf_dns_tsig_original_id, tvb, cur_offset, 2, ENC_BIG_ENDIAN); 3807 cur_offset += 2; 3808 3809 proto_tree_add_item(rr_tree, hf_dns_tsig_error, tvb, cur_offset, 2, ENC_BIG_ENDIAN); 3810 cur_offset += 2; 3811 3812 proto_tree_add_item(rr_tree, hf_dns_tsig_other_len, tvb, cur_offset, 2, ENC_BIG_ENDIAN); 3813 tsig_otherlen = tvb_get_ntohs(tvb, cur_offset); 3814 cur_offset += 2; 3815 3816 if (tsig_otherlen != 0) { 3817 proto_tree_add_item(rr_tree, hf_dns_tsig_other_data, tvb, cur_offset, tsig_otherlen, ENC_NA); 3818 } 3819 } 3820 break; 3821 3822 case T_CAA: /* Certification Authority Restriction (257) */ 3823 { 3824 proto_item *caa_item; 3825 proto_tree *caa_tree; 3826 guint8 tag_len; 3827 const char *tag; 3828 gushort value_len; 3829 const guchar *value; 3830 int cur_hf = -1; 3831 3832 caa_item = proto_tree_add_item(rr_tree, hf_dns_caa_flags, tvb, cur_offset, 1, ENC_BIG_ENDIAN); 3833 caa_tree = proto_item_add_subtree(caa_item, ett_caa_flags); 3834 proto_tree_add_item(caa_tree, hf_dns_caa_flag_issuer_critical, tvb, cur_offset, 1, ENC_BIG_ENDIAN); 3835 cur_offset++; 3836 3837 tag_len = tvb_get_guint8(tvb, cur_offset); 3838 tag = (const char*)tvb_get_string_enc(wmem_packet_scope(), tvb, cur_offset + 1, tag_len, ENC_ASCII|ENC_NA); 3839 3840 value_len = data_len - (tag_len + 2); 3841 value = (guchar*)tvb_get_string_enc(wmem_packet_scope(), tvb, cur_offset + 1 + tag_len, value_len, ENC_ASCII|ENC_NA); 3842 3843 value = (guchar*)format_text(wmem_packet_scope(), value, value_len); 3844 3845 if (strncmp(tag, "issue", tag_len) == 0) { 3846 cur_hf = hf_dns_caa_issue; 3847 } else if (strncmp(tag, "issuewild", tag_len) == 0) { 3848 cur_hf = hf_dns_caa_issuewild; 3849 } else if (strncmp(tag, "iodef", tag_len) == 0) { 3850 cur_hf = hf_dns_caa_iodef; 3851 } else { 3852 cur_hf = hf_dns_caa_unknown; 3853 } 3854 3855 caa_item = proto_tree_add_string(rr_tree, cur_hf, tvb, cur_offset, 1 + tag_len + value_len, (const gchar*)value); 3856 caa_tree = proto_item_add_subtree(caa_item, ett_caa_data); 3857 3858 proto_tree_add_uint(caa_tree, hf_dns_caa_tag_length, tvb, cur_offset, 1, tag_len); 3859 proto_tree_add_string(caa_tree, hf_dns_caa_tag, tvb, cur_offset + 1, tag_len, tag); 3860 proto_tree_add_string(caa_tree, hf_dns_caa_value, tvb, cur_offset + 1 + tag_len, value_len, (const gchar*)value); 3861 } 3862 break; 3863 3864 case T_WINS: /* Microsoft's WINS (65281)*/ 3865 { 3866 int rr_len = data_len; 3867 guint32 nservers; 3868 3869 proto_tree_add_item(rr_tree, hf_dns_wins_local_flag, tvb, cur_offset, 4, ENC_BIG_ENDIAN); 3870 cur_offset += 4; 3871 rr_len -= 4; 3872 3873 proto_tree_add_item(rr_tree, hf_dns_wins_lookup_timeout, tvb, cur_offset, 4, ENC_BIG_ENDIAN); 3874 cur_offset += 4; 3875 rr_len -= 4; 3876 3877 proto_tree_add_item(rr_tree, hf_dns_wins_cache_timeout, tvb, cur_offset, 4, ENC_BIG_ENDIAN); 3878 cur_offset += 4; 3879 rr_len -= 4; 3880 3881 proto_tree_add_item(rr_tree, hf_dns_wins_nb_wins_servers, tvb, cur_offset, 4, ENC_BIG_ENDIAN); 3882 nservers = tvb_get_ntohl(tvb, cur_offset); 3883 cur_offset += 4; 3884 rr_len -= 4; 3885 3886 while (rr_len != 0 && nservers != 0) { 3887 proto_tree_add_item(rr_tree, hf_dns_wins_server, tvb, cur_offset, 4, ENC_NA); 3888 3889 cur_offset += 4; 3890 rr_len -= 4; 3891 nservers--; 3892 } 3893 } 3894 break; 3895 3896 case T_WINS_R: /* Microsoft's WINS-R (65282)*/ 3897 { 3898 const gchar *dname; 3899 int dname_len; 3900 3901 proto_tree_add_item(rr_tree, hf_dns_winsr_local_flag, tvb, cur_offset, 4, ENC_BIG_ENDIAN); 3902 cur_offset += 4; 3903 3904 proto_tree_add_item(rr_tree, hf_dns_winsr_lookup_timeout, tvb, cur_offset, 4, ENC_BIG_ENDIAN); 3905 cur_offset += 4; 3906 3907 proto_tree_add_item(rr_tree, hf_dns_winsr_cache_timeout, tvb, cur_offset, 4, ENC_BIG_ENDIAN); 3908 cur_offset += 4; 3909 3910 used_bytes = get_dns_name(tvb, cur_offset, 0, dns_data_offset, &dname, &dname_len); 3911 name_out = format_text(wmem_packet_scope(), (const guchar*)dname, dname_len); 3912 proto_tree_add_string(rr_tree, hf_dns_winsr_name_result_domain, tvb, cur_offset, used_bytes, name_out); 3913 col_append_fstr(pinfo->cinfo, COL_INFO, " %s", name_out); 3914 proto_item_append_text(trr, ", name result domain %s", name_out); 3915 } 3916 break; 3917 3918 case T_XPF: /* XPF draft-bellis-dnsop-xpf */ 3919 { 3920 guint32 address_family; 3921 3922 proto_tree_add_item_ret_uint(rr_tree, hf_dns_xpf_ip_version, tvb, cur_offset, 1, ENC_BIG_ENDIAN, &address_family); 3923 cur_offset++; 3924 3925 switch (address_family) { 3926 case IP_VERSION_NUM_INET: 3927 proto_tree_add_item(rr_tree, hf_dns_xpf_protocol, tvb, cur_offset, 1, ENC_BIG_ENDIAN); 3928 cur_offset++; 3929 proto_tree_add_item(rr_tree, hf_dns_xpf_source_ipv4, tvb, cur_offset, 4, ENC_BIG_ENDIAN); 3930 cur_offset += 4; 3931 proto_tree_add_item(rr_tree, hf_dns_xpf_destination_ipv4, tvb, cur_offset, 4, ENC_BIG_ENDIAN); 3932 cur_offset += 4; 3933 proto_tree_add_item(rr_tree, hf_dns_xpf_sport, tvb, cur_offset, 2, ENC_BIG_ENDIAN); 3934 cur_offset += 2; 3935 proto_tree_add_item(rr_tree, hf_dns_xpf_dport, tvb, cur_offset, 2, ENC_BIG_ENDIAN); 3936 break; 3937 case IP_VERSION_NUM_INET6: 3938 proto_tree_add_item(rr_tree, hf_dns_xpf_protocol, tvb, cur_offset, 1, ENC_BIG_ENDIAN); 3939 cur_offset++; 3940 proto_tree_add_item(rr_tree, hf_dns_xpf_source_ipv6, tvb, cur_offset, 16, ENC_NA); 3941 cur_offset += 16; 3942 proto_tree_add_item(rr_tree, hf_dns_xpf_destination_ipv6, tvb, cur_offset, 16, ENC_NA); 3943 cur_offset += 16; 3944 proto_tree_add_item(rr_tree, hf_dns_xpf_sport, tvb, cur_offset, 2, ENC_BIG_ENDIAN); 3945 cur_offset += 2; 3946 proto_tree_add_item(rr_tree, hf_dns_xpf_dport, tvb, cur_offset, 2, ENC_BIG_ENDIAN); 3947 break; 3948 default: /* Add Expert info ? */ 3949 break; 3950 } 3951 } 3952 3953 3954 break; 3955 3956 /* TODO: parse more record types */ 3957 default: 3958 { 3959 expert_add_info_format(pinfo, trr, &ei_dns_undecoded_option, 3960 "Dissector for DNS Type (%d)" 3961 " code not implemented, Contact Wireshark developers" 3962 " if you want this supported", dns_type); 3963 proto_tree_add_item(rr_tree, hf_dns_data, tvb, cur_offset, data_len, ENC_NA); 3964 } 3965 break; 3966 } 3967 3968 data_offset += data_len; 3969 3970 return data_offset - data_start; 3971 } 3972 3973 static int 3974 dissect_query_records(tvbuff_t *tvb, int cur_off, int dns_data_offset, 3975 int count, packet_info *pinfo, proto_tree *dns_tree, gboolean isupdate, 3976 gboolean is_mdns, gboolean *is_multiple_responds) 3977 { 3978 int start_off, add_off; 3979 proto_tree *qatree; 3980 proto_item *ti; 3981 const char *s = (isupdate ? "Zone" : "Queries"); 3982 3983 start_off = cur_off; 3984 3985 qatree = proto_tree_add_subtree(dns_tree, tvb, start_off, -1, ett_dns_qry, &ti, s); 3986 3987 while (count-- > 0) { 3988 add_off = dissect_dns_query(tvb, cur_off, dns_data_offset, pinfo, qatree, 3989 is_mdns, is_multiple_responds); 3990 cur_off += add_off; 3991 } 3992 proto_item_set_len(ti, cur_off - start_off); 3993 return cur_off - start_off; 3994 } 3995 3996 static int 3997 dissect_answer_records(tvbuff_t *tvb, int cur_off, int dns_data_offset, 3998 int count, proto_tree *dns_tree, const char *name, 3999 packet_info *pinfo, gboolean is_mdns) 4000 { 4001 int start_off, add_off; 4002 proto_tree *qatree; 4003 proto_item *ti; 4004 4005 start_off = cur_off; 4006 qatree = proto_tree_add_subtree(dns_tree, tvb, start_off, -1, ett_dns_ans, &ti, name); 4007 while (count-- > 0) { 4008 add_off = dissect_dns_answer( 4009 tvb, cur_off, dns_data_offset, qatree, pinfo, is_mdns); 4010 cur_off += add_off; 4011 } 4012 proto_item_set_len(ti, cur_off - start_off); 4013 return cur_off - start_off; 4014 } 4015 4016 static int 4017 dissect_dso_data(tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *dns_tree) 4018 { 4019 proto_tree *dso_tree; 4020 proto_tree *dso_tlv_tree; 4021 proto_item *dso_ti; 4022 proto_item *dso_tlv_ti; 4023 guint16 dso_tlv_length; 4024 guint32 dso_tlv_type; 4025 int start_offset; 4026 4027 start_offset = offset; 4028 dso_ti = proto_tree_add_item(dns_tree, hf_dns_dso, tvb, offset, -1, ENC_NA); 4029 dso_tree = proto_item_add_subtree(dso_ti, ett_dns_dso); 4030 4031 while(tvb_reported_length_remaining(tvb, offset) >= 4) { 4032 dso_tlv_length = tvb_get_ntohs(tvb, offset + 2); 4033 dso_tlv_ti = proto_tree_add_item(dso_tree, hf_dns_dso_tlv, tvb, offset, dso_tlv_length + 4, ENC_NA); 4034 dso_tlv_tree = proto_item_add_subtree(dso_tlv_ti, ett_dns_dso_tlv); 4035 4036 proto_tree_add_item_ret_uint(dso_tlv_tree, hf_dns_dso_tlv_type, tvb, offset, 2, ENC_BIG_ENDIAN, &dso_tlv_type); 4037 offset += 2; 4038 proto_item_append_text(dso_tlv_ti, ": %s", rval_to_str(dso_tlv_type, dns_dso_type_rvals, "Unknown Type")); 4039 4040 proto_tree_add_item(dso_tlv_tree, hf_dns_dso_tlv_length, tvb, offset, 2, ENC_BIG_ENDIAN); 4041 offset += 2; 4042 4043 switch(dso_tlv_type) { 4044 case DSO_TYPE_KEEPALIVE: 4045 proto_tree_add_item(dso_tlv_tree, hf_dns_dso_tlv_keepalive_inactivity, tvb, offset, 4, ENC_BIG_ENDIAN); 4046 offset += 4; 4047 proto_tree_add_item(dso_tlv_tree, hf_dns_dso_tlv_keepalive_interval, tvb, offset, 4, ENC_BIG_ENDIAN); 4048 offset += 4; 4049 break; 4050 case DSO_TYPE_RETRYDELAY: 4051 proto_tree_add_item(dso_tlv_tree, hf_dns_dso_tlv_retrydelay_retrydelay, tvb, offset, 4, ENC_BIG_ENDIAN); 4052 offset += 4; 4053 break; 4054 case DSO_TYPE_ENCPAD: 4055 if (dso_tlv_length > 0) { 4056 proto_tree_add_item(dso_tlv_tree, hf_dns_dso_tlv_encpad_padding, tvb, offset, dso_tlv_length, ENC_NA); 4057 offset += dso_tlv_length; 4058 } 4059 break; 4060 default: 4061 if (dso_tlv_length > 0) { 4062 proto_tree_add_item(dso_tlv_tree, hf_dns_dso_tlv_data, tvb, offset, dso_tlv_length, ENC_NA); 4063 offset += dso_tlv_length; 4064 } 4065 break; 4066 } 4067 } 4068 4069 proto_item_set_len(dso_ti, offset - start_offset); 4070 return offset - start_offset; 4071 } 4072 4073 static void 4074 dissect_dns_common(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, 4075 enum DnsTransport transport, gboolean is_mdns, gboolean is_llmnr) 4076 { 4077 int offset = (transport == DNS_TRANSPORT_TCP || transport == DNS_TRANSPORT_QUIC) ? 2 : 0; 4078 int dns_data_offset; 4079 proto_tree *dns_tree, *field_tree; 4080 proto_item *ti, *tf, *transaction_item; 4081 guint16 flags, opcode, rcode, quest, ans, auth, add; 4082 guint id; 4083 guint32 reqresp_id = 0; 4084 int cur_off; 4085 gboolean isupdate; 4086 conversation_t *conversation; 4087 dns_conv_info_t *dns_info; 4088 dns_transaction_t *dns_trans = NULL; 4089 wmem_tree_key_t key[3]; 4090 struct DnsTap *dns_stats; 4091 guint16 qtype = 0; 4092 guint16 qclass = 0; 4093 gboolean retransmission = FALSE; 4094 const gchar *name; 4095 int name_len; 4096 nstime_t delta = NSTIME_INIT_ZERO; 4097 gboolean is_multiple_responds = FALSE; 4098 4099 dns_data_offset = offset; 4100 4101 col_clear(pinfo->cinfo, COL_INFO); 4102 4103 /* To do: check for errs, etc. */ 4104 id = tvb_get_ntohs(tvb, offset + DNS_ID); 4105 flags = tvb_get_ntohs(tvb, offset + DNS_FLAGS); 4106 opcode = (guint16) ((flags & F_OPCODE) >> OPCODE_SHIFT); 4107 rcode = (guint16) (flags & F_RCODE); 4108 4109 col_add_fstr(pinfo->cinfo, COL_INFO, "%s%s 0x%04x", 4110 val_to_str(opcode, opcode_vals, "Unknown operation (%u)"), 4111 (flags&F_RESPONSE)?" response":"", id); 4112 4113 if (flags & F_RESPONSE) { 4114 if (rcode != RCODE_NOERROR) { 4115 col_append_fstr(pinfo->cinfo, COL_INFO, " %s", 4116 val_to_str(rcode, rcode_vals, "Unknown error (%u)")); 4117 } 4118 } 4119 4120 if (opcode == OPCODE_UPDATE) { 4121 isupdate = TRUE; 4122 } else { 4123 isupdate = FALSE; 4124 } 4125 4126 if (is_llmnr) { 4127 ti = proto_tree_add_protocol_format(tree, proto_llmnr, tvb, 0, -1, 4128 "Link-local Multicast Name Resolution (%s)", (flags & F_RESPONSE) ? "response" : "query"); 4129 } else if (is_mdns){ 4130 ti = proto_tree_add_protocol_format(tree, proto_mdns, tvb, 0, -1, 4131 "Multicast Domain Name System (%s)", (flags & F_RESPONSE) ? "response" : "query"); 4132 } else { 4133 ti = proto_tree_add_protocol_format(tree, proto_dns, tvb, 0, -1, 4134 "Domain Name System (%s)", (flags & F_RESPONSE) ? "response" : "query"); 4135 } 4136 4137 dns_tree = proto_item_add_subtree(ti, ett_dns); 4138 4139 /* 4140 * Do we have a conversation for this connection? 4141 */ 4142 conversation = find_or_create_conversation(pinfo); 4143 4144 /* 4145 * DoH: Each DNS query-response pair is mapped into an HTTP exchange. 4146 * For other transports, just use the DNS transaction ID as usual. 4147 */ 4148 if (transport == DNS_TRANSPORT_HTTP) { 4149 /* For DoH using HTTP/2, use the Stream ID if available. For HTTP/1, 4150 * hopefully there is no pipelining or the DNS ID is unique enough. */ 4151 reqresp_id = http2_get_stream_id(pinfo); 4152 } 4153 if (reqresp_id == 0) { 4154 reqresp_id = id; 4155 } 4156 4157 /* 4158 * Do we already have a state structure for this conv 4159 */ 4160 dns_info = (dns_conv_info_t *)conversation_get_proto_data(conversation, proto_dns); 4161 if (!dns_info) { 4162 /* No. Attach that information to the conversation, and add 4163 * it to the list of information structures. 4164 */ 4165 dns_info = wmem_new(wmem_file_scope(), dns_conv_info_t); 4166 dns_info->pdus=wmem_tree_new(wmem_file_scope()); 4167 conversation_add_proto_data(conversation, proto_dns, dns_info); 4168 } 4169 4170 key[0].length = 1; 4171 key[0].key = &reqresp_id; 4172 key[1].length = 1; 4173 key[1].key = &pinfo->num; 4174 key[2].length = 0; 4175 key[2].key = NULL; 4176 4177 if (!pinfo->flags.in_error_pkt) { 4178 if (!pinfo->fd->visited) { 4179 if (!(flags&F_RESPONSE)) { 4180 /* This is a request */ 4181 gboolean new_transaction = FALSE; 4182 4183 /* Check if we've seen this transaction before */ 4184 dns_trans=(dns_transaction_t *)wmem_tree_lookup32_array_le(dns_info->pdus, key); 4185 if ((dns_trans == NULL) || (dns_trans->id != reqresp_id) || (dns_trans->rep_frame > 0)) { 4186 new_transaction = TRUE; 4187 } else { 4188 nstime_t request_delta; 4189 4190 /* Has not enough time elapsed that we consider this request a retransmission? */ 4191 nstime_delta(&request_delta, &pinfo->abs_ts, &dns_trans->req_time); 4192 if (nstime_to_sec(&request_delta) < (double)retransmission_timer) { 4193 retransmission = TRUE; 4194 } else { 4195 new_transaction = TRUE; 4196 } 4197 } 4198 4199 if (new_transaction) { 4200 dns_trans=wmem_new(wmem_file_scope(), dns_transaction_t); 4201 dns_trans->req_frame=pinfo->num; 4202 dns_trans->rep_frame=0; 4203 dns_trans->req_time=pinfo->abs_ts; 4204 dns_trans->id = reqresp_id; 4205 dns_trans->multiple_responds=FALSE; 4206 wmem_tree_insert32_array(dns_info->pdus, key, (void *)dns_trans); 4207 } 4208 } else { 4209 dns_trans=(dns_transaction_t *)wmem_tree_lookup32_array_le(dns_info->pdus, key); 4210 if (dns_trans) { 4211 if (dns_trans->id != reqresp_id) { 4212 dns_trans = NULL; 4213 } else if (dns_trans->rep_frame == 0) { 4214 dns_trans->rep_frame=pinfo->num; 4215 } else if (!dns_trans->multiple_responds) { 4216 retransmission = TRUE; 4217 } 4218 } 4219 } 4220 } else { 4221 dns_trans=(dns_transaction_t *)wmem_tree_lookup32_array_le(dns_info->pdus, key); 4222 if (dns_trans) { 4223 if (dns_trans->id != reqresp_id) { 4224 dns_trans = NULL; 4225 } else if ((!(flags & F_RESPONSE)) && (dns_trans->req_frame != pinfo->num)) { 4226 /* This is a request retransmission, create a "fake" dns_trans structure*/ 4227 dns_transaction_t *retrans_dns = wmem_new(wmem_packet_scope(), dns_transaction_t); 4228 retrans_dns->req_frame=dns_trans->req_frame; 4229 retrans_dns->rep_frame=0; 4230 retrans_dns->req_time=pinfo->abs_ts; 4231 dns_trans = retrans_dns; 4232 4233 retransmission = TRUE; 4234 } else if ((flags & F_RESPONSE) && (dns_trans->rep_frame != pinfo->num) && (!dns_trans->multiple_responds)) { 4235 retransmission = TRUE; 4236 } 4237 } 4238 } 4239 } 4240 if (!dns_trans) { 4241 /* create a "fake" dns_trans structure */ 4242 dns_trans=wmem_new(wmem_packet_scope(), dns_transaction_t); 4243 dns_trans->req_frame=0; 4244 dns_trans->rep_frame=0; 4245 dns_trans->req_time=pinfo->abs_ts; 4246 } 4247 4248 if (transport == DNS_TRANSPORT_TCP) { 4249 /* Put the length indication into the tree. */ 4250 proto_tree_add_item(dns_tree, hf_dns_length, tvb, offset - 2, 2, ENC_BIG_ENDIAN); 4251 } 4252 4253 transaction_item = proto_tree_add_uint(dns_tree, hf_dns_transaction_id, tvb, 4254 offset + DNS_ID, 2, id); 4255 4256 tf = proto_tree_add_item(dns_tree, hf_dns_flags, tvb, 4257 offset + DNS_FLAGS, 2, ENC_BIG_ENDIAN); 4258 proto_item_append_text(tf, " %s", 4259 val_to_str_const(opcode, opcode_vals, "Unknown operation")); 4260 if (flags & F_RESPONSE) { 4261 proto_item_append_text(tf, " response, %s", 4262 val_to_str_const(rcode, rcode_vals, "Unknown error")); 4263 } 4264 field_tree = proto_item_add_subtree(tf, ett_dns_flags); 4265 proto_tree_add_item(field_tree, hf_dns_flags_response, 4266 tvb, offset + DNS_FLAGS, 2, ENC_BIG_ENDIAN); 4267 proto_tree_add_item(field_tree, hf_dns_flags_opcode, 4268 tvb, offset + DNS_FLAGS, 2, ENC_BIG_ENDIAN); 4269 if (is_llmnr) { 4270 if (flags & F_RESPONSE) { 4271 proto_tree_add_item(field_tree, hf_dns_flags_conflict_response, 4272 tvb, offset + DNS_FLAGS, 2, ENC_BIG_ENDIAN); 4273 } else { 4274 proto_tree_add_item(field_tree, hf_dns_flags_conflict_query, 4275 tvb, offset + DNS_FLAGS, 2, ENC_BIG_ENDIAN); 4276 } 4277 proto_tree_add_item(field_tree, hf_dns_flags_truncated, 4278 tvb, offset + DNS_FLAGS, 2, ENC_BIG_ENDIAN); 4279 proto_tree_add_item(field_tree, hf_dns_flags_tentative, 4280 tvb, offset + DNS_FLAGS, 2, ENC_BIG_ENDIAN); 4281 if (flags & F_RESPONSE) { 4282 proto_tree_add_item(field_tree, hf_dns_flags_rcode, 4283 tvb, offset + DNS_FLAGS, 2, ENC_BIG_ENDIAN); 4284 } 4285 } else { 4286 if (flags & F_RESPONSE) { 4287 proto_tree_add_item(field_tree, hf_dns_flags_authoritative, 4288 tvb, offset + DNS_FLAGS, 2, ENC_BIG_ENDIAN); 4289 } 4290 proto_tree_add_item(field_tree, hf_dns_flags_truncated, 4291 tvb, offset + DNS_FLAGS, 2, ENC_BIG_ENDIAN); 4292 proto_tree_add_item(field_tree, hf_dns_flags_recdesired, 4293 tvb, offset + DNS_FLAGS, 2, ENC_BIG_ENDIAN); 4294 if (flags & F_RESPONSE) { 4295 proto_tree_add_item(field_tree, hf_dns_flags_recavail, 4296 tvb, offset + DNS_FLAGS, 2, ENC_BIG_ENDIAN); 4297 } 4298 proto_tree_add_item(field_tree, hf_dns_flags_z, 4299 tvb, offset + DNS_FLAGS, 2, ENC_BIG_ENDIAN); 4300 if (flags & F_RESPONSE) { 4301 proto_tree_add_item(field_tree, hf_dns_flags_authenticated, 4302 tvb, offset + DNS_FLAGS, 2, ENC_BIG_ENDIAN); 4303 } else if (flags & F_AUTHENTIC) { 4304 proto_tree_add_item(field_tree, hf_dns_flags_ad, 4305 tvb, offset + DNS_FLAGS, 2, ENC_BIG_ENDIAN); 4306 } 4307 proto_tree_add_item(field_tree, hf_dns_flags_checkdisable, 4308 tvb, offset + DNS_FLAGS, 2, ENC_BIG_ENDIAN); 4309 if (flags & F_RESPONSE) { 4310 proto_tree_add_item(field_tree, hf_dns_flags_rcode, 4311 tvb, offset + DNS_FLAGS, 2, ENC_BIG_ENDIAN); 4312 } 4313 } 4314 4315 quest = tvb_get_ntohs(tvb, offset + DNS_QUEST); 4316 if (isupdate) { 4317 proto_tree_add_uint(dns_tree, hf_dns_count_zones, tvb, 4318 offset + DNS_QUEST, 2, quest); 4319 } else { 4320 proto_tree_add_uint(dns_tree, hf_dns_count_questions, tvb, 4321 offset + DNS_QUEST, 2, quest); 4322 } 4323 ans = tvb_get_ntohs(tvb, offset + DNS_ANS); 4324 if (isupdate) { 4325 proto_tree_add_uint(dns_tree, hf_dns_count_prerequisites, tvb, 4326 offset + DNS_ANS, 2, ans); 4327 } else { 4328 proto_tree_add_uint(dns_tree, hf_dns_count_answers, tvb, 4329 offset + DNS_ANS, 2, ans); 4330 } 4331 auth = tvb_get_ntohs(tvb, offset + DNS_AUTH); 4332 if (isupdate) { 4333 proto_tree_add_uint(dns_tree, hf_dns_count_updates, tvb, 4334 offset + DNS_AUTH, 2, auth); 4335 } else { 4336 proto_tree_add_uint(dns_tree, hf_dns_count_auth_rr, tvb, 4337 offset + DNS_AUTH, 2, auth); 4338 } 4339 add = tvb_get_ntohs(tvb, offset + DNS_ADD); 4340 proto_tree_add_uint(dns_tree, hf_dns_count_add_rr, tvb, 4341 offset + DNS_ADD, 2, add); 4342 4343 cur_off = offset + DNS_HDRLEN; 4344 4345 if (opcode == OPCODE_DSO && quest == 0 && ans == 0 && auth == 0 && add == 0) { 4346 /* DSO messages differs somewhat from the traditional DNS message format. 4347 the four count fields (QDCOUNT, ANCOUNT, NSCOUNT, ARCOUNT) are set to zero */ 4348 cur_off += dissect_dso_data(tvb, cur_off, pinfo, dns_tree); 4349 } 4350 4351 if (quest > 0) { 4352 /* If this is a response, don't add information about the queries 4353 to the summary, just add information about the answers. */ 4354 cur_off += dissect_query_records(tvb, cur_off, dns_data_offset, quest, pinfo, 4355 dns_tree, isupdate, is_mdns, &is_multiple_responds); 4356 dns_trans->multiple_responds = is_multiple_responds; 4357 } 4358 4359 if (ans > 0) { 4360 /* If this is a request, don't add information about the answers 4361 to the summary, just add information about the queries. */ 4362 cur_off += dissect_answer_records(tvb, cur_off, dns_data_offset, ans, 4363 dns_tree, 4364 (isupdate ? "Prerequisites" : "Answers"), 4365 pinfo, is_mdns); 4366 } 4367 4368 /* Don't add information about the authoritative name servers, or the 4369 additional records, to the summary. */ 4370 if (auth > 0) { 4371 cur_off += dissect_answer_records(tvb, cur_off, dns_data_offset, auth, dns_tree, 4372 (isupdate ? "Updates" : 4373 "Authoritative nameservers"), 4374 pinfo, is_mdns); 4375 } 4376 4377 if (add > 0) { 4378 dissect_answer_records(tvb, cur_off, dns_data_offset, add, dns_tree, "Additional records", 4379 pinfo, is_mdns); 4380 } 4381 4382 /* print state tracking in the tree */ 4383 if (!(flags&F_RESPONSE)) { 4384 proto_item *it; 4385 /* This is a request */ 4386 if ((retransmission) && (dns_trans->req_frame) && (!pinfo->flags.in_error_pkt)) { 4387 expert_add_info_format(pinfo, transaction_item, &ei_dns_retransmit_request, "DNS query retransmission. Original request in frame %d", dns_trans->req_frame); 4388 4389 it=proto_tree_add_uint(dns_tree, hf_dns_retransmit_request_in, tvb, 0, 0, dns_trans->req_frame); 4390 proto_item_set_generated(it); 4391 4392 it=proto_tree_add_boolean(dns_tree, hf_dns_retransmission, tvb, 0, 0, TRUE); 4393 proto_item_set_generated(it); 4394 } else if (dns_trans->rep_frame) { 4395 4396 it=proto_tree_add_uint(dns_tree, hf_dns_response_in, tvb, 0, 0, dns_trans->rep_frame); 4397 proto_item_set_generated(it); 4398 } 4399 } else { 4400 /* This is a reply */ 4401 proto_item *it; 4402 if (dns_trans->req_frame) { 4403 if ((retransmission) && (dns_trans->rep_frame) && (!pinfo->flags.in_error_pkt)) { 4404 expert_add_info_format(pinfo, transaction_item, &ei_dns_retransmit_response, "DNS response retransmission. Original response in frame %d", dns_trans->rep_frame); 4405 4406 it=proto_tree_add_uint(dns_tree, hf_dns_retransmit_response_in, tvb, 0, 0, dns_trans->rep_frame); 4407 proto_item_set_generated(it); 4408 4409 it=proto_tree_add_boolean(dns_tree, hf_dns_retransmission, tvb, 0, 0, TRUE); 4410 proto_item_set_generated(it); 4411 } else { 4412 it=proto_tree_add_uint(dns_tree, hf_dns_response_to, tvb, 0, 0, dns_trans->req_frame); 4413 proto_item_set_generated(it); 4414 4415 nstime_delta(&delta, &pinfo->abs_ts, &dns_trans->req_time); 4416 it=proto_tree_add_time(dns_tree, hf_dns_time, tvb, 0, 0, &delta); 4417 proto_item_set_generated(it); 4418 } 4419 } else { 4420 if (!retransmission) { 4421 it=proto_tree_add_boolean(dns_tree, hf_dns_unsolicited, tvb, 0, 0, TRUE); 4422 proto_item_set_generated(it); 4423 } 4424 } 4425 } 4426 4427 /* Collect stats */ 4428 if (pinfo->flags.in_error_pkt) { 4429 return; 4430 } 4431 if (is_mdns) { 4432 /* TODO */ 4433 } else if (is_llmnr) { 4434 /* TODO */ 4435 } else { 4436 dns_stats = wmem_new0(wmem_packet_scope(), struct DnsTap); 4437 dns_stats->packet_rcode = rcode; 4438 dns_stats->packet_opcode = opcode; 4439 dns_stats->packet_qr = flags >> 15; 4440 if (quest > 0) { 4441 get_dns_name_type_class(tvb, offset + DNS_HDRLEN, dns_data_offset, &name, &name_len, &qtype, &qclass); 4442 dns_stats->packet_qtype = qtype; 4443 dns_stats->packet_qclass = qclass; 4444 } 4445 dns_stats->payload_size = tvb_captured_length(tvb); 4446 dns_stats->nquestions = quest; 4447 dns_stats->nanswers = ans; 4448 dns_stats->nauthorities = auth; 4449 dns_stats->nadditionals = add; 4450 if (quest > 0) { 4451 dns_stats->qname_len = name_len; 4452 dns_stats->qname_labels = qname_labels_count(name, name_len); 4453 } 4454 if (flags & F_RESPONSE) { 4455 if (dns_trans->req_frame == 0) { 4456 /* we don't have a request. This is an unsolicited response */ 4457 dns_stats->unsolicited = TRUE; 4458 } else { 4459 if (retransmission) 4460 dns_stats->retransmission = TRUE; 4461 else 4462 dns_stats->rrt = delta; 4463 } 4464 } 4465 tap_queue_packet(dns_tap, pinfo, dns_stats); 4466 } 4467 } 4468 4469 static int 4470 dissect_dns_udp_sctp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _U_) 4471 { 4472 col_set_str(pinfo->cinfo, COL_PROTOCOL, "DNS"); 4473 4474 dissect_dns_common(tvb, pinfo, tree, DNS_TRANSPORT_UDP, FALSE, FALSE); 4475 return tvb_captured_length(tvb); 4476 } 4477 4478 static int 4479 dissect_dns_doh(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _U_) 4480 { 4481 col_set_str(pinfo->cinfo, COL_PROTOCOL, "DoH"); 4482 4483 dissect_dns_common(tvb, pinfo, tree, DNS_TRANSPORT_HTTP, FALSE, FALSE); 4484 return tvb_captured_length(tvb); 4485 } 4486 4487 static int 4488 dissect_dns_doq(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _U_) 4489 { 4490 col_set_str(pinfo->cinfo, COL_PROTOCOL, "DNS"); 4491 4492 dissect_dns_common(tvb, pinfo, tree, DNS_TRANSPORT_QUIC, FALSE, FALSE); 4493 return tvb_captured_length(tvb); 4494 } 4495 4496 static int 4497 dissect_mdns_udp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _U_) 4498 { 4499 col_set_str(pinfo->cinfo, COL_PROTOCOL, "MDNS"); 4500 4501 dissect_dns_common(tvb, pinfo, tree, DNS_TRANSPORT_UDP, TRUE, FALSE); 4502 return tvb_captured_length(tvb); 4503 } 4504 4505 static int 4506 dissect_llmnr_udp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _U_) 4507 { 4508 col_set_str(pinfo->cinfo, COL_PROTOCOL, "LLMNR"); 4509 4510 dissect_dns_common(tvb, pinfo, tree, DNS_TRANSPORT_UDP, FALSE, TRUE); 4511 return tvb_captured_length(tvb); 4512 } 4513 4514 static guint 4515 get_dns_pdu_len(packet_info *pinfo _U_, tvbuff_t *tvb, int offset, void *data _U_) 4516 { 4517 guint16 plen; 4518 4519 /* 4520 * Get the length of the DNS packet. 4521 */ 4522 plen = tvb_get_ntohs(tvb, offset); 4523 4524 /* 4525 * That length doesn't include the length field itself; add that in. 4526 */ 4527 return plen + 2; 4528 } 4529 4530 static int 4531 dissect_dns_tcp_pdu(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _U_) 4532 { 4533 col_set_str(pinfo->cinfo, COL_PROTOCOL, "DNS"); 4534 4535 dissect_dns_common(tvb, pinfo, tree, DNS_TRANSPORT_TCP, FALSE, FALSE); 4536 return tvb_reported_length(tvb); 4537 } 4538 4539 static int 4540 dissect_dns_tcp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data) 4541 { 4542 tcp_dissect_pdus(tvb, pinfo, tree, dns_desegment, 2, get_dns_pdu_len, 4543 dissect_dns_tcp_pdu, data); 4544 return tvb_reported_length(tvb); 4545 } 4546 4547 static int 4548 dissect_dns(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data) 4549 { 4550 /* since draft-ietf-doh-dns-over-https-07 */ 4551 gboolean is_doh = !g_strcmp0(pinfo->match_string, "application/dns-message"); 4552 4553 if (is_doh) { 4554 return dissect_dns_doh(tvb, pinfo, tree, data); 4555 } else if (pinfo->ptype == PT_TCP) { 4556 return dissect_dns_tcp(tvb, pinfo, tree, data); 4557 } else { 4558 dissect_dns_udp_sctp(tvb, pinfo, tree, data); 4559 return tvb_captured_length(tvb); 4560 } 4561 } 4562 4563 static gboolean 4564 dissect_dns_heur(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data _U_) 4565 { 4566 /* 4567 * Try hard to match DNS messages while avoiding false positives. Look for: 4568 * 4569 * - Non-empty DNS messages (more than just a header). 4570 * - Flags: QR bit (0-Query, 1-Response); Opcode bits: Standard Query (0000) 4571 * - Questions: 1 (for queries), or 0 or 1 (for responses like AXFR) 4572 * - Answer RRs: 0 (for queries) or a low number (for responses) 4573 * - Authority RRs: 0 (for queries) or a low number (for responses) 4574 * - Additional RRs: assume a low number. 4575 * 4576 * Not implemented, but perhaps we could check for: 4577 * - Require that the question and answer count cannot both be zero. Perhaps 4578 * some protocols have large sequences of zero bytes, this check reduces the 4579 * probability of matching such payloads. 4580 * - Assume a valid QNAME in the question section. (Is there sufficient data 4581 * for a valid name?) 4582 * - Assume a common QTYPE and QCLASS (IN/CH). 4583 * - Potentially implement heuristics for TCP by checking the length prefix? 4584 */ 4585 int offset = 0; 4586 guint16 flags, quest, ans, auth, add; 4587 /* 4588 * max_ans=10 was sufficient for recognizing the majority of DNS messages from 4589 * the rrdns test suite, but four "huge record" test cases have 100 answers. 4590 * The max_auth and max_add numbers were picked arbitrarily. 4591 */ 4592 const guint16 max_ans = 100; 4593 const guint16 max_auth = 10; 4594 const guint16 max_add = 10; 4595 4596 if (tvb_reported_length(tvb) <= DNS_HDRLEN) 4597 return FALSE; 4598 4599 flags = tvb_get_ntohs(tvb, offset + DNS_FLAGS); 4600 if ((flags & F_OPCODE) != 0) 4601 return FALSE; 4602 4603 quest = tvb_get_ntohs(tvb, offset + DNS_QUEST); 4604 ans = tvb_get_ntohs(tvb, offset + DNS_ANS); 4605 auth = tvb_get_ntohs(tvb, offset + DNS_AUTH); 4606 if (!(flags & F_RESPONSE)) { 4607 if (quest != 1 || ans != 0 || auth != 0) 4608 return FALSE; 4609 } else { 4610 if (quest > 1 || ans > max_ans || auth > max_auth) 4611 return FALSE; 4612 } 4613 4614 add = tvb_get_ntohs(tvb, offset + DNS_ADD); 4615 if (add > max_add) 4616 return FALSE; 4617 4618 dissect_dns(tvb, pinfo, tree, NULL); 4619 return TRUE; 4620 } 4621 4622 static void dns_stats_tree_init(stats_tree* st) 4623 { 4624 st_node_packets = stats_tree_create_node(st, st_str_packets, 0, STAT_DT_INT, TRUE); 4625 st_node_packet_qr = stats_tree_create_pivot(st, st_str_packet_qr, st_node_packets); 4626 st_node_packet_qtypes = stats_tree_create_pivot(st, st_str_packet_qtypes, st_node_packets); 4627 st_node_packet_qclasses = stats_tree_create_pivot(st, st_str_packet_qclasses, st_node_packets); 4628 st_node_packet_rcodes = stats_tree_create_pivot(st, st_str_packet_rcodes, st_node_packets); 4629 st_node_packet_opcodes = stats_tree_create_pivot(st, st_str_packet_opcodes, st_node_packets); 4630 st_node_packets_avg_size = stats_tree_create_node(st, st_str_packets_avg_size, 0, STAT_DT_INT, FALSE); 4631 st_node_query_stats = stats_tree_create_node(st, st_str_query_stats, 0, STAT_DT_INT, TRUE); 4632 st_node_query_qname_len = stats_tree_create_node(st, st_str_query_qname_len, st_node_query_stats, STAT_DT_INT, FALSE); 4633 st_node_query_domains = stats_tree_create_node(st, st_str_query_domains, st_node_query_stats, STAT_DT_INT, TRUE); 4634 st_node_query_domains_l1 = stats_tree_create_node(st, st_str_query_domains_l1, st_node_query_domains, STAT_DT_INT, FALSE); 4635 st_node_query_domains_l2 = stats_tree_create_node(st, st_str_query_domains_l2, st_node_query_domains, STAT_DT_INT, FALSE); 4636 st_node_query_domains_l3 = stats_tree_create_node(st, st_str_query_domains_l3, st_node_query_domains, STAT_DT_INT, FALSE); 4637 st_node_query_domains_lmore = stats_tree_create_node(st, st_str_query_domains_lmore, st_node_query_domains, STAT_DT_INT, FALSE); 4638 st_node_response_stats = stats_tree_create_node(st, st_str_response_stats, 0, STAT_DT_INT, TRUE); 4639 st_node_response_nquestions = stats_tree_create_node(st, st_str_response_nquestions, 4640 st_node_response_stats, STAT_DT_INT, FALSE); 4641 st_node_response_nanswers = stats_tree_create_node(st, st_str_response_nanswers, 4642 st_node_response_stats, STAT_DT_INT, FALSE); 4643 st_node_response_nauthorities = stats_tree_create_node(st, st_str_response_nauthorities, 4644 st_node_response_stats, STAT_DT_INT, FALSE); 4645 st_node_response_nadditionals = stats_tree_create_node(st, st_str_response_nadditionals, 4646 st_node_response_stats, STAT_DT_INT, FALSE); 4647 st_node_service_stats = stats_tree_create_node(st, st_str_service_stats, 0, STAT_DT_INT, TRUE); 4648 st_node_service_unsolicited = stats_tree_create_node(st, st_str_service_unsolicited, st_node_service_stats, STAT_DT_INT, FALSE); 4649 st_node_service_retransmission = stats_tree_create_node(st, st_str_service_retransmission, st_node_service_stats, STAT_DT_INT, FALSE); 4650 st_node_service_rrt = stats_tree_create_node(st, st_str_service_rrt, st_node_service_stats, STAT_DT_FLOAT, FALSE); 4651 } 4652 4653 static tap_packet_status dns_stats_tree_packet(stats_tree* st, packet_info* pinfo _U_, epan_dissect_t* edt _U_, const void* p) 4654 { 4655 const struct DnsTap *pi = (const struct DnsTap *)p; 4656 tick_stat_node(st, st_str_packets, 0, FALSE); 4657 stats_tree_tick_pivot(st, st_node_packet_qr, 4658 val_to_str(pi->packet_qr, dns_qr_vals, "Unknown qr (%d)")); 4659 stats_tree_tick_pivot(st, st_node_packet_qtypes, 4660 val_to_str(pi->packet_qtype, dns_types_description_vals, "Unknown packet type (%d)")); 4661 stats_tree_tick_pivot(st, st_node_packet_qclasses, 4662 val_to_str(pi->packet_qclass, dns_classes, "Unknown class (%d)")); 4663 stats_tree_tick_pivot(st, st_node_packet_rcodes, 4664 val_to_str(pi->packet_rcode, rcode_vals, "Unknown rcode (%d)")); 4665 stats_tree_tick_pivot(st, st_node_packet_opcodes, 4666 val_to_str(pi->packet_opcode, opcode_vals, "Unknown opcode (%d)")); 4667 avg_stat_node_add_value_int(st, st_str_packets_avg_size, 0, FALSE, 4668 pi->payload_size); 4669 4670 /* split up stats for queries and responses */ 4671 if (pi->packet_qr == 0) { 4672 avg_stat_node_add_value_int(st, st_str_query_qname_len, 0, FALSE, pi->qname_len); 4673 switch(pi->qname_labels) { 4674 case 1: 4675 tick_stat_node(st, st_str_query_domains_l1, 0, FALSE); 4676 break; 4677 case 2: 4678 tick_stat_node(st, st_str_query_domains_l2, 0, FALSE); 4679 break; 4680 case 3: 4681 tick_stat_node(st, st_str_query_domains_l3, 0, FALSE); 4682 break; 4683 default: 4684 tick_stat_node(st, st_str_query_domains_lmore, 0, FALSE); 4685 break; 4686 } 4687 } else { 4688 avg_stat_node_add_value_int(st, st_str_response_nquestions, 0, FALSE, pi->nquestions); 4689 avg_stat_node_add_value_int(st, st_str_response_nanswers, 0, FALSE, pi->nanswers); 4690 avg_stat_node_add_value_int(st, st_str_response_nauthorities, 0, FALSE, pi->nauthorities); 4691 avg_stat_node_add_value_int(st, st_str_response_nadditionals, 0, FALSE, pi->nadditionals); 4692 if (pi->unsolicited) { 4693 tick_stat_node(st, st_str_service_unsolicited, 0, FALSE); 4694 } else { 4695 avg_stat_node_add_value_int(st, st_str_response_nquestions, 0, FALSE, pi->nquestions); 4696 avg_stat_node_add_value_int(st, st_str_response_nanswers, 0, FALSE, pi->nanswers); 4697 avg_stat_node_add_value_int(st, st_str_response_nauthorities, 0, FALSE, pi->nauthorities); 4698 avg_stat_node_add_value_int(st, st_str_response_nadditionals, 0, FALSE, pi->nadditionals); 4699 if (pi->unsolicited) { 4700 tick_stat_node(st, st_str_service_unsolicited, 0, FALSE); 4701 } else { 4702 if (pi->retransmission) 4703 tick_stat_node(st, st_str_service_retransmission, 0, FALSE); 4704 else 4705 avg_stat_node_add_value_float(st, st_str_service_rrt, 0, FALSE, (gfloat)(pi->rrt.secs*1000. + pi->rrt.nsecs/1000000.0)); 4706 } 4707 } 4708 } 4709 return TAP_PACKET_REDRAW; 4710 } 4711 4712 void 4713 proto_reg_handoff_dns(void) 4714 { 4715 dissector_handle_t mdns_udp_handle; 4716 dissector_handle_t llmnr_udp_handle; 4717 dissector_handle_t doq_handle; 4718 4719 mdns_udp_handle = create_dissector_handle(dissect_mdns_udp, proto_mdns); 4720 llmnr_udp_handle = create_dissector_handle(dissect_llmnr_udp, proto_llmnr); 4721 doq_handle = create_dissector_handle(dissect_dns_doq, proto_dns); 4722 dissector_add_uint_with_preference("udp.port", UDP_PORT_MDNS, mdns_udp_handle); 4723 dissector_add_uint_with_preference("udp.port", UDP_PORT_LLMNR, llmnr_udp_handle); 4724 dissector_add_uint("sctp.port", SCTP_PORT_DNS, dns_handle); 4725 #if 0 4726 dissector_add_uint("sctp.ppi", DNS_PAYLOAD_PROTOCOL_ID, dns_handle); 4727 #endif 4728 stats_tree_register("dns", "dns", "DNS", 0, dns_stats_tree_packet, dns_stats_tree_init, NULL); 4729 gssapi_handle = find_dissector_add_dependency("gssapi", proto_dns); 4730 ntlmssp_handle = find_dissector_add_dependency("ntlmssp", proto_dns); 4731 ssl_dissector_add(TCP_PORT_DNS_TLS, dns_handle); 4732 // RFC 7858 - registration via https://mailarchive.ietf.org/arch/msg/dns-privacy/iZ2rDIhFB2ZWsGC3PcdBVLGa8Do 4733 dissector_add_string("tls.alpn", "dot", dns_handle); 4734 dtls_dissector_add(UDP_PORT_DNS_DTLS, dns_handle); 4735 dissector_add_uint_range_with_preference("tcp.port", DEFAULT_DNS_TCP_PORT_RANGE, dns_handle); 4736 dissector_add_uint_range_with_preference("udp.port", DEFAULT_DNS_PORT_RANGE, dns_handle); 4737 dissector_add_string("media_type", "application/dns-message", dns_handle); /* since draft-ietf-doh-dns-over-https-07 */ 4738 dissector_add_string("quic.proto", "doq", doq_handle); /* https://www.ietf.org/archive/id/draft-ietf-dprive-dnsoquic-03.txt */ 4739 heur_dissector_add("udp", dissect_dns_heur, "DNS over UDP", "dns_udp", proto_dns, HEURISTIC_ENABLE); 4740 } 4741 4742 void 4743 proto_register_dns(void) 4744 { 4745 static hf_register_info hf[] = { 4746 { &hf_dns_length, 4747 { "Length", "dns.length", 4748 FT_UINT16, BASE_DEC, NULL, 0x0, 4749 "Length of DNS-over-TCP request or response", HFILL }}, 4750 4751 { &hf_dns_flags, 4752 { "Flags", "dns.flags", 4753 FT_UINT16, BASE_HEX, NULL, 0x0, 4754 NULL, HFILL }}, 4755 4756 { &hf_dns_flags_response, 4757 { "Response", "dns.flags.response", 4758 FT_BOOLEAN, 16, TFS(&tfs_flags_response), F_RESPONSE, 4759 "Is the message a response?", HFILL }}, 4760 4761 { &hf_dns_flags_opcode, 4762 { "Opcode", "dns.flags.opcode", 4763 FT_UINT16, BASE_DEC, VALS(opcode_vals), F_OPCODE, 4764 "Operation code", HFILL }}, 4765 4766 { &hf_dns_flags_authoritative, 4767 { "Authoritative", "dns.flags.authoritative", 4768 FT_BOOLEAN, 16, TFS(&tfs_flags_authoritative), F_AUTHORITATIVE, 4769 "Is the server is an authority for the domain?", HFILL }}, 4770 4771 { &hf_dns_flags_conflict_query, 4772 { "Conflict", "dns.flags.conflict", 4773 FT_BOOLEAN, 16, TFS(&tfs_flags_conflict_query), F_CONFLICT, 4774 "Did we receive multiple responses to a query?", HFILL }}, 4775 4776 { &hf_dns_flags_conflict_response, 4777 { "Conflict", "dns.flags.conflict", 4778 FT_BOOLEAN, 16, TFS(&tfs_flags_conflict_response), F_CONFLICT, 4779 "Is the name considered unique?", HFILL }}, 4780 4781 { &hf_dns_flags_truncated, 4782 { "Truncated", "dns.flags.truncated", 4783 FT_BOOLEAN, 16, TFS(&tfs_flags_truncated), F_TRUNCATED, 4784 "Is the message truncated?", HFILL }}, 4785 4786 { &hf_dns_flags_recdesired, 4787 { "Recursion desired", "dns.flags.recdesired", 4788 FT_BOOLEAN, 16, TFS(&tfs_flags_recdesired), F_RECDESIRED, 4789 "Do query recursively?", HFILL }}, 4790 4791 { &hf_dns_flags_tentative, 4792 { "Tentative", "dns.flags.tentative", 4793 FT_BOOLEAN, 16, TFS(&tfs_flags_tentative), F_TENTATIVE, 4794 "Is the responder authoritative for the name, but not yet verified the uniqueness?", HFILL }}, 4795 4796 { &hf_dns_flags_recavail, 4797 { "Recursion available", "dns.flags.recavail", 4798 FT_BOOLEAN, 16, TFS(&tfs_flags_recavail), F_RECAVAIL, 4799 "Can the server do recursive queries?", HFILL }}, 4800 4801 { &hf_dns_flags_z, 4802 { "Z", "dns.flags.z", 4803 FT_BOOLEAN, 16, TFS(&tfs_flags_z), F_Z, 4804 "Z flag", HFILL }}, 4805 4806 { &hf_dns_flags_authenticated, 4807 { "Answer authenticated", "dns.flags.authenticated", 4808 FT_BOOLEAN, 16, TFS(&tfs_flags_authenticated), F_AUTHENTIC, 4809 "Was the reply data authenticated by the server?", HFILL }}, 4810 4811 { &hf_dns_flags_ad, 4812 { "AD bit", "dns.flags.authenticated", 4813 FT_BOOLEAN, 16, TFS(&tfs_set_notset), F_AUTHENTIC, 4814 NULL, HFILL }}, 4815 4816 { &hf_dns_flags_checkdisable, 4817 { "Non-authenticated data", "dns.flags.checkdisable", 4818 FT_BOOLEAN, 16, TFS(&tfs_flags_checkdisable), F_CHECKDISABLE, 4819 "Is non-authenticated data acceptable?", HFILL }}, 4820 4821 { &hf_dns_flags_rcode, 4822 { "Reply code", "dns.flags.rcode", 4823 FT_UINT16, BASE_DEC, VALS(rcode_vals), F_RCODE, 4824 NULL, HFILL }}, 4825 4826 { &hf_dns_transaction_id, 4827 { "Transaction ID", "dns.id", 4828 FT_UINT16, BASE_HEX, NULL, 0x0, 4829 "Identification of transaction", HFILL }}, 4830 4831 { &hf_dns_qry_type, 4832 { "Type", "dns.qry.type", 4833 FT_UINT16, BASE_DEC|BASE_EXT_STRING, &dns_types_description_vals_ext, 0, 4834 "Query Type", HFILL }}, 4835 4836 { &hf_dns_qry_class, 4837 { "Class", "dns.qry.class", 4838 FT_UINT16, BASE_HEX, VALS(dns_classes), 0x0, 4839 "Query Class", HFILL }}, 4840 4841 { &hf_dns_qry_class_mdns, 4842 { "Class", "dns.qry.class", 4843 FT_UINT16, BASE_HEX, VALS(dns_classes), 0x7FFF, 4844 "Query Class", HFILL }}, 4845 4846 { &hf_dns_qry_qu, 4847 { "\"QU\" question", "dns.qry.qu", 4848 FT_BOOLEAN, 16, NULL, C_QU, 4849 "QU flag", HFILL }}, 4850 4851 { &hf_dns_qry_name, 4852 { "Name", "dns.qry.name", 4853 FT_STRING, BASE_NONE, NULL, 0x0, 4854 "Query Name", HFILL }}, 4855 4856 { &hf_dns_qry_name_len, 4857 { "Name Length", "dns.qry.name.len", 4858 FT_UINT16, BASE_DEC, NULL, 0x0, 4859 "Query Name Len", HFILL }}, 4860 4861 { &hf_dns_count_labels, 4862 { "Label Count", "dns.count.labels", 4863 FT_UINT16, BASE_DEC, NULL, 0x0, 4864 "Query Label Count", HFILL }}, 4865 4866 { &hf_dns_rr_type, 4867 { "Type", "dns.resp.type", 4868 FT_UINT16, BASE_DEC|BASE_EXT_STRING, &dns_types_description_vals_ext, 0x0, 4869 "Response Type", HFILL }}, 4870 4871 { &hf_dns_rr_class, 4872 { "Class", "dns.resp.class", 4873 FT_UINT16, BASE_HEX, VALS(dns_classes), 0x0, 4874 "Response Class", HFILL }}, 4875 4876 { &hf_dns_rr_class_mdns, 4877 { "Class", "dns.resp.class", 4878 FT_UINT16, BASE_HEX, VALS(dns_classes), 0x7FFF, 4879 "Response Class", HFILL }}, 4880 4881 { &hf_dns_rr_cache_flush, 4882 { "Cache flush", "dns.resp.cache_flush", 4883 FT_BOOLEAN, 16, NULL, C_FLUSH, 4884 "Cache flush flag", HFILL }}, 4885 4886 { &hf_dns_rr_ext_rcode, 4887 { "Higher bits in extended RCODE", "dns.resp.ext_rcode", 4888 FT_UINT8, BASE_HEX, NULL, 0x0, 4889 NULL, HFILL }}, 4890 4891 { &hf_dns_rr_edns0_version, 4892 { "EDNS0 version", "dns.resp.edns0_version", 4893 FT_UINT8, BASE_DEC, NULL, 0x0, 4894 NULL, HFILL }}, 4895 4896 { &hf_dns_rr_z, 4897 { "Z", "dns.resp.z", 4898 FT_UINT16, BASE_HEX, NULL, 0x0, 4899 NULL, HFILL }}, 4900 4901 { &hf_dns_rr_z_do, 4902 { "DO bit", "dns.resp.z.do", 4903 FT_BOOLEAN, 16, TFS(&tfs_dns_rr_z_do), 0x8000, 4904 "DNSSEC OK", HFILL }}, 4905 4906 { &hf_dns_rr_z_reserved, 4907 { "Reserved", "dns.resp.z.reserved", 4908 FT_UINT16, BASE_HEX, NULL, 0x7FFF, 4909 NULL, HFILL }}, 4910 4911 { &hf_dns_srv_service, 4912 { "Service", "dns.srv.service", 4913 FT_STRING, BASE_NONE, NULL, 0x0, 4914 "Desired service", HFILL }}, 4915 4916 { &hf_dns_srv_proto, 4917 { "Protocol", "dns.srv.proto", 4918 FT_STRING, BASE_NONE, NULL, 0x0, 4919 "Desired protocol", HFILL }}, 4920 4921 { &hf_dns_srv_name, 4922 { "Name", "dns.srv.name", 4923 FT_STRING, BASE_NONE, NULL, 0x0, 4924 "Domain this resource record refers to", HFILL }}, 4925 4926 { &hf_dns_srv_priority, 4927 { "Priority", "dns.srv.priority", 4928 FT_UINT16, BASE_DEC, NULL, 0x0, 4929 NULL, HFILL }}, 4930 4931 { &hf_dns_srv_weight, 4932 { "Weight", "dns.srv.weight", 4933 FT_UINT16, BASE_DEC, NULL, 0x0, 4934 NULL, HFILL }}, 4935 4936 { &hf_dns_srv_port, 4937 { "Port", "dns.srv.port", 4938 FT_UINT16, BASE_DEC, NULL, 0x0, 4939 NULL, HFILL }}, 4940 4941 { &hf_dns_srv_target, 4942 { "Target", "dns.srv.target", 4943 FT_STRING, BASE_NONE, NULL, 0x0, 4944 NULL, HFILL }}, 4945 4946 { &hf_dns_naptr_order, 4947 { "Order", "dns.naptr.order", 4948 FT_UINT16, BASE_DEC, NULL, 0x0, 4949 NULL, HFILL }}, 4950 4951 { &hf_dns_naptr_preference, 4952 { "Preference", "dns.naptr.preference", 4953 FT_UINT16, BASE_DEC, NULL, 0x0, 4954 NULL, HFILL }}, 4955 4956 { &hf_dns_naptr_flags_length, 4957 { "Flags Length", "dns.naptr.flags_length", 4958 FT_UINT8, BASE_DEC, NULL, 0x0, 4959 NULL, HFILL }}, 4960 4961 { &hf_dns_naptr_flags, 4962 { "Flags", "dns.naptr.flags", 4963 FT_STRING, BASE_NONE, NULL, 0x0, 4964 NULL, HFILL }}, 4965 4966 { &hf_dns_naptr_service_length, 4967 { "Service Length", "dns.naptr.service_length", 4968 FT_UINT8, BASE_DEC, NULL, 0x0, 4969 NULL, HFILL }}, 4970 4971 { &hf_dns_naptr_service, 4972 { "Service", "dns.naptr.service", 4973 FT_STRING, BASE_NONE, NULL, 0x0, 4974 NULL, HFILL }}, 4975 4976 { &hf_dns_naptr_regex_length, 4977 { "Regex Length", "dns.naptr.regex_length", 4978 FT_UINT8, BASE_DEC, NULL, 0x0, 4979 NULL, HFILL }}, 4980 4981 { &hf_dns_naptr_regex, 4982 { "Regex", "dns.naptr.regex", 4983 FT_STRING, BASE_NONE, NULL, 0x0, 4984 NULL, HFILL }}, 4985 4986 { &hf_dns_naptr_replacement_length, 4987 { "Replacement Length", "dns.naptr.replacement_length", 4988 FT_UINT8, BASE_DEC, NULL, 0x0, 4989 NULL, HFILL }}, 4990 4991 { &hf_dns_naptr_replacement, 4992 { "Replacement", "dns.naptr.replacement", 4993 FT_STRING, BASE_NONE, NULL, 0x0, 4994 NULL, HFILL }}, 4995 4996 { &hf_dns_rr_name, 4997 { "Name", "dns.resp.name", 4998 FT_STRING, BASE_NONE, NULL, 0x0, 4999 "Response Name", HFILL }}, 5000 5001 { &hf_dns_rr_ttl, 5002 { "Time to live", "dns.resp.ttl", 5003 FT_UINT32, BASE_DEC, NULL, 0x0, 5004 "Response TTL", HFILL }}, 5005 5006 { &hf_dns_rr_len, 5007 { "Data length", "dns.resp.len", 5008 FT_UINT16, BASE_DEC, NULL, 0x0, 5009 "Response Length", HFILL }}, 5010 5011 { &hf_dns_a, 5012 { "Address", "dns.a", 5013 FT_IPv4, BASE_NONE, NULL, 0x0, 5014 "Response Address", HFILL }}, 5015 5016 { &hf_dns_md, 5017 { "Mail Destination", "dns.md", 5018 FT_STRING, BASE_NONE, NULL, 0x0, 5019 NULL, HFILL }}, 5020 5021 { &hf_dns_mf, 5022 { "Mail Forwarder", "dns.mf", 5023 FT_STRING, BASE_NONE, NULL, 0x0, 5024 NULL, HFILL }}, 5025 5026 { &hf_dns_mb, 5027 { "MailBox Domaine", "dns.mb", 5028 FT_STRING, BASE_NONE, NULL, 0x0, 5029 NULL, HFILL }}, 5030 5031 { &hf_dns_mg, 5032 { "Mail Group member", "dns.mg", 5033 FT_STRING, BASE_NONE, NULL, 0x0, 5034 NULL, HFILL }}, 5035 5036 { &hf_dns_mr, 5037 { "Mail Rename domaine", "dns.mr", 5038 FT_STRING, BASE_NONE, NULL, 0x0, 5039 NULL, HFILL }}, 5040 5041 { &hf_dns_null, 5042 { "Null (data)", "dns.null", 5043 FT_BYTES, BASE_NONE, NULL, 0x0, 5044 NULL, HFILL }}, 5045 5046 { &hf_dns_aaaa, 5047 { "AAAA Address", "dns.aaaa", 5048 FT_IPv6, BASE_NONE, NULL, 0x0, 5049 "AAAA Response Address", HFILL }}, 5050 5051 { &hf_dns_cname, 5052 { "CNAME", "dns.cname", 5053 FT_STRING, BASE_NONE, NULL, 0x0, 5054 "Response Primary Name", HFILL }}, 5055 5056 { &hf_dns_rr_udp_payload_size_mdns, 5057 { "UDP payload size", "dns.rr.udp_payload_size", 5058 FT_UINT16, BASE_HEX, NULL, 0x7FFF, 5059 NULL, HFILL }}, 5060 5061 { &hf_dns_rr_udp_payload_size, 5062 { "UDP payload size", "dns.rr.udp_payload_size", 5063 FT_UINT16, BASE_DEC, NULL, 0x0, 5064 NULL, HFILL }}, 5065 5066 { &hf_dns_soa_mname, 5067 { "Primary name server", "dns.soa.mname", 5068 FT_STRING, BASE_NONE, NULL, 0x0, 5069 NULL, HFILL }}, 5070 5071 { &hf_dns_soa_rname, 5072 { "Responsible authority's mailbox", "dns.soa.rname", 5073 FT_STRING, BASE_NONE, NULL, 0x0, 5074 NULL, HFILL }}, 5075 5076 { &hf_dns_soa_serial_number, 5077 { "Serial Number", "dns.soa.serial_number", 5078 FT_UINT32, BASE_DEC, NULL, 0x0, 5079 NULL, HFILL }}, 5080 5081 { &hf_dns_soa_refresh_interval, 5082 { "Refresh Interval", "dns.soa.refresh_interval", 5083 FT_UINT32, BASE_DEC, NULL, 0x0, 5084 NULL, HFILL }}, 5085 5086 { &hf_dns_soa_retry_interval, 5087 { "Retry Interval", "dns.soa.retry_interval", 5088 FT_UINT32, BASE_DEC, NULL, 0x0, 5089 NULL, HFILL }}, 5090 5091 { &hf_dns_soa_expire_limit, 5092 { "Expire limit", "dns.soa.expire_limit", 5093 FT_UINT32, BASE_DEC, NULL, 0x0, 5094 NULL, HFILL }}, 5095 5096 { &hf_dns_soa_minimum_ttl, 5097 { "Minimum TTL", "dns.soa.minimum_ttl", 5098 FT_UINT32, BASE_DEC, NULL, 0x0, 5099 NULL, HFILL }}, 5100 5101 { &hf_dns_ptr_domain_name, 5102 { "Domain Name", "dns.ptr.domain_name", 5103 FT_STRING, BASE_NONE, NULL, 0x0, 5104 NULL, HFILL }}, 5105 5106 { &hf_dns_wks_address, 5107 { "Address", "dns.wks.address", 5108 FT_IPv4, BASE_NONE, NULL, 0x0, 5109 NULL, HFILL }}, 5110 5111 { &hf_dns_wks_protocol, 5112 { "Protocol", "dns.wks.protocol", 5113 FT_UINT8, BASE_DEC | BASE_EXT_STRING, &ipproto_val_ext, 0x0, 5114 NULL, HFILL }}, 5115 5116 { &hf_dns_wks_bits, 5117 { "Bits", "dns.wks.bits", 5118 FT_UINT8, BASE_HEX, NULL, 0x0, 5119 NULL, HFILL }}, 5120 5121 { &hf_dns_hinfo_cpu_length, 5122 { "CPU Length", "dns.hinfo.cpu_length", 5123 FT_UINT8, BASE_DEC, NULL, 0x0, 5124 NULL, HFILL }}, 5125 5126 { &hf_dns_hinfo_cpu, 5127 { "CPU", "dns.hinfo.cpu", 5128 FT_STRING, BASE_NONE, NULL, 0x0, 5129 NULL, HFILL }}, 5130 5131 { &hf_dns_hinfo_os_length, 5132 { "OS Length", "dns.hinfo.os_length", 5133 FT_UINT8, BASE_DEC, NULL, 0x0, 5134 NULL, HFILL }}, 5135 5136 { &hf_dns_hinfo_os, 5137 { "OS", "dns.hinfo.os", 5138 FT_STRING, BASE_NONE, NULL, 0x0, 5139 NULL, HFILL }}, 5140 5141 { & hf_dns_minfo_r_mailbox, 5142 { "Responsible Mailbox", "dns.minfo.r", 5143 FT_STRING, BASE_NONE, NULL, 0x0, 5144 NULL, HFILL }}, 5145 5146 { & hf_dns_minfo_e_mailbox, 5147 { "Error Mailbox", "dns.minfo.e", 5148 FT_STRING, BASE_NONE, NULL, 0x0, 5149 NULL, HFILL }}, 5150 5151 { &hf_dns_mx_preference, 5152 { "Preference", "dns.mx.preference", 5153 FT_UINT16, BASE_DEC, NULL, 0x0, 5154 NULL, HFILL }}, 5155 5156 { &hf_dns_mx_mail_exchange, 5157 { "Mail Exchange", "dns.mx.mail_exchange", 5158 FT_STRING, BASE_NONE, NULL, 0x0, 5159 NULL, HFILL }}, 5160 5161 { &hf_dns_txt_length, 5162 { "TXT Length", "dns.txt.length", 5163 FT_UINT8, BASE_DEC, NULL, 0x0, 5164 NULL, HFILL }}, 5165 5166 { &hf_dns_txt, 5167 { "TXT", "dns.txt", 5168 FT_STRING, STR_UNICODE, NULL, 0x0, 5169 NULL, HFILL }}, 5170 5171 { &hf_dns_openpgpkey, 5172 { "OpenPGP Key", "dns.openpgpkey", 5173 FT_STRING, BASE_NONE, NULL, 0x0, 5174 NULL, HFILL }}, 5175 5176 { &hf_dns_csync_soa, 5177 { "SOA", "dns.csync.soa", 5178 FT_UINT32, BASE_DEC, NULL, 0x0, 5179 NULL, HFILL }}, 5180 5181 { &hf_dns_csync_flags, 5182 { "Flags", "dns.csync.flags", 5183 FT_UINT16, BASE_HEX, NULL, 0x0, 5184 NULL, HFILL }}, 5185 5186 { &hf_dns_csync_flags_immediate, 5187 { "immediate", "dns.csync.flags.immediate", 5188 FT_BOOLEAN, 16, NULL, 0x0001, 5189 NULL, HFILL }}, 5190 5191 { &hf_dns_csync_flags_soaminimum, 5192 { "soaminimum", "dns.csync.flags.soaminimum", 5193 FT_BOOLEAN, 16, NULL, 0x0002, 5194 NULL, HFILL }}, 5195 5196 { &hf_dns_csync_type_bitmap, 5197 { "Type Bitmap", "dns.csync.type_bitmap", 5198 FT_BYTES, BASE_NONE, NULL, 0x0, 5199 NULL, HFILL }}, 5200 5201 { &hf_dns_zonemd_serial, 5202 { "Serial", "dns.zonemd.serial", 5203 FT_UINT32, BASE_DEC, NULL, 0x0, 5204 NULL, HFILL }}, 5205 5206 { &hf_dns_zonemd_scheme, 5207 { "Scheme", "dns.zonemd.scheme", 5208 FT_UINT8, BASE_DEC | BASE_RANGE_STRING, RVALS(dns_zonemd_scheme), 0x0, 5209 NULL, HFILL }}, 5210 5211 { &hf_dns_zonemd_hash_algo, 5212 { "Hash Algorithm", "dns.zonemd.hash_algo", 5213 FT_UINT8, BASE_DEC | BASE_RANGE_STRING, RVALS(dns_zonemd_hash_algo), 0x0, 5214 NULL, HFILL }}, 5215 5216 { &hf_dns_zonemd_digest, 5217 { "Digest", "dns.zonemd.digest", 5218 FT_BYTES, BASE_NONE, NULL, 0x0, 5219 NULL, HFILL }}, 5220 5221 { &hf_dns_svcb_priority, 5222 { "SvcPriority", "dns.svcb.svcpriority", 5223 FT_UINT16, BASE_DEC, NULL, 0x0, 5224 NULL, HFILL }}, 5225 5226 { &hf_dns_svcb_target, 5227 { "TargetName", "dns.svcb.targetname", 5228 FT_STRING, BASE_NONE, NULL, 0x0, 5229 NULL, HFILL }}, 5230 5231 { &hf_dns_svcb_param_key, 5232 { "SvcParamKey", "dns.svcb.svcparam.key", 5233 FT_UINT16, BASE_DEC, VALS(dns_svcb_param_key_vals), 0x0, 5234 NULL, HFILL }}, 5235 5236 { &hf_dns_svcb_param_length, 5237 { "SvcParamValue length", "dns.svcb.svcparam.value.length", 5238 FT_UINT16, BASE_DEC, NULL, 0x0, 5239 NULL, HFILL }}, 5240 5241 { &hf_dns_svcb_param_value, 5242 { "SvcParamValue", "dns.svcb.svcparam.value", 5243 FT_BYTES, BASE_NONE, NULL, 0x0, 5244 NULL, HFILL }}, 5245 5246 { &hf_dns_svcb_param, 5247 { "SvcParam", "dns.svcb.svcparam", 5248 FT_NONE, BASE_NONE, NULL, 0x0, 5249 NULL, HFILL }}, 5250 5251 { &hf_dns_svcb_param_mandatory_key, 5252 { "Mandatory key", "dns.svcb.svcparam.mandatory.key", 5253 FT_UINT16, BASE_DEC, VALS(dns_svcb_param_key_vals), 0x0, 5254 "Mandatory keys in this RR", HFILL }}, 5255 5256 { &hf_dns_svcb_param_alpn_length, 5257 { "ALPN length", "dns.svcb.svcparam.alpn.length", 5258 FT_UINT8, BASE_DEC, NULL, 0x0, 5259 NULL, HFILL }}, 5260 5261 { &hf_dns_svcb_param_alpn, 5262 { "ALPN", "dns.svcb.svcparam.alpn", 5263 FT_STRING, BASE_NONE, NULL, 0x0, 5264 "Additional supported protocols", HFILL }}, 5265 5266 { &hf_dns_svcb_param_port, 5267 { "Port", "dns.svcb.svcparam.port", 5268 FT_UINT16, BASE_DEC, NULL, 0x0, 5269 "Port for alternative endpoint", HFILL }}, 5270 5271 { &hf_dns_svcb_param_ipv4hint_ip, 5272 { "IP", "dns.svcb.svcparam.ipv4hint.ip", 5273 FT_IPv4, BASE_NONE, NULL, 0x0, 5274 "IPv4 address hints", HFILL }}, 5275 5276 { &hf_dns_svcb_param_echconfig, 5277 { "ECHConfig", "dns.svcb.svcparam.echconfig", 5278 FT_BYTES, BASE_NONE, NULL, 0x0, 5279 "Encrypted ClientHello (ECH) infos", HFILL }}, 5280 5281 { &hf_dns_svcb_param_ipv6hint_ip, 5282 { "IP", "dns.svcb.svcparam.ipv6hint.ip", 5283 FT_IPv6, BASE_NONE, NULL, 0x0, 5284 "IPv6 address hints", HFILL }}, 5285 5286 { &hf_dns_svcb_param_odohconfig, 5287 { "ODoHConfig", "dns.svcb.svcparam.odohconfig", 5288 FT_BYTES, BASE_NONE, NULL, 0x0, 5289 "Oblivious DoH keys", HFILL }}, 5290 5291 { &hf_dns_spf_length, 5292 { "SPF Length", "dns.spf.length", 5293 FT_UINT8, BASE_DEC, NULL, 0x0, 5294 NULL, HFILL }}, 5295 5296 { &hf_dns_spf, 5297 { "SPF", "dns.spf", 5298 FT_STRING, BASE_NONE, NULL, 0x0, 5299 NULL, HFILL }}, 5300 5301 { &hf_dns_ilnp_nodeid_preference, 5302 { "Preference", "dns.ilnp.nid.preference", 5303 FT_UINT16, BASE_DEC, NULL, 0x0, 5304 NULL, HFILL }}, 5305 5306 { &hf_dns_ilnp_nodeid, 5307 { "NodeID", "dns.ilnp.nid", 5308 FT_BYTES, BASE_NONE, NULL, 0x0, 5309 NULL, HFILL }}, 5310 5311 { &hf_dns_ilnp_locator32_preference, 5312 { "Preference", "dns.ilnp.l32.preference", 5313 FT_UINT16, BASE_DEC, NULL, 0x0, 5314 NULL, HFILL }}, 5315 5316 { &hf_dns_ilnp_locator32, 5317 { "Locator32", "dns.ilnp.l32", 5318 FT_IPv4, BASE_NONE, NULL, 0x0, 5319 NULL, HFILL }}, 5320 5321 { &hf_dns_ilnp_locator64_preference, 5322 { "Preference", "dns.ilnp.l64.preference", 5323 FT_UINT16, BASE_DEC, NULL, 0x0, 5324 NULL, HFILL }}, 5325 5326 { &hf_dns_ilnp_locator64, 5327 { "Locator64", "dns.ilnp.l64", 5328 FT_BYTES, BASE_NONE, NULL, 0x0, 5329 NULL, HFILL }}, 5330 5331 { &hf_dns_ilnp_locatorfqdn_preference, 5332 { "Preference", "dns.ilnp.lp.preference", 5333 FT_UINT16, BASE_DEC, NULL, 0x0, 5334 NULL, HFILL }}, 5335 5336 { &hf_dns_ilnp_locatorfqdn, 5337 { "Locator FQDN", "dns.ilnp.lp", 5338 FT_STRING, BASE_NONE, NULL, 0x0, 5339 NULL, HFILL }}, 5340 5341 { &hf_dns_eui48, 5342 { "EUI48 Address", "dns.eui48", 5343 FT_ETHER, BASE_NONE, NULL, 0x0, 5344 NULL, HFILL }}, 5345 5346 { &hf_dns_eui64, 5347 { "EUI64 Address", "dns.eui64", 5348 FT_EUI64, BASE_NONE, NULL, 0x0, 5349 NULL, HFILL }}, 5350 5351 { &hf_dns_rrsig_type_covered, 5352 { "Type Covered", "dns.rrsig.type_covered", 5353 FT_UINT16, BASE_DEC|BASE_EXT_STRING, &dns_types_description_vals_ext, 0x0, 5354 "Identifies the type of the RRset that is covered by this RRSIG record", HFILL }}, 5355 5356 { &hf_dns_rrsig_algorithm, 5357 { "Algorithm", "dns.rrsig.algorithm", 5358 FT_UINT8, BASE_DEC, VALS(dnssec_algo_vals), 0x0, 5359 "Identifies the cryptographic algorithm used to create the signature", HFILL }}, 5360 5361 { &hf_dns_rrsig_labels, 5362 { "Labels", "dns.rrsig.labels", 5363 FT_UINT8, BASE_DEC, NULL, 0x0, 5364 "Specifies the number of labels in the original RRSIG RR owner name", HFILL }}, 5365 5366 { &hf_dns_rrsig_original_ttl, 5367 { "Original TTL", "dns.rrsig.original_ttl", 5368 FT_UINT32, BASE_DEC, NULL, 0x0, 5369 "Specifies the TTL of the covered RRset as it appears in the authoritative zone", HFILL }}, 5370 5371 { &hf_dns_rrsig_signature_expiration, 5372 { "Signature Expiration", "dns.rrsig.signature_expiration", 5373 FT_ABSOLUTE_TIME, ABSOLUTE_TIME_LOCAL, NULL, 0x0, 5374 "Specify a validity period for the signature", HFILL }}, 5375 5376 { &hf_dns_rrsig_signature_inception, 5377 { "Signature Inception", "dns.rrsig.signature_inception", 5378 FT_ABSOLUTE_TIME, ABSOLUTE_TIME_LOCAL, NULL, 0x0, 5379 "Specify a validity period for the signature", HFILL }}, 5380 5381 { &hf_dns_rrsig_key_tag, 5382 { "Key Tag", "dns.rrsig.key_tag", 5383 FT_UINT16, BASE_DEC, NULL, 0x0, 5384 "Contains the key tag value of the DNSKEY RR that validates this signature", HFILL }}, 5385 5386 { &hf_dns_rrsig_signers_name, 5387 { "Signer's name", "dns.rrsig.signers_name", 5388 FT_STRING, BASE_NONE, NULL, 0x0, 5389 "Identifies the owner name of the DNSKEY RR that a validator is supposed to use to validate this signature", HFILL }}, 5390 5391 { &hf_dns_rrsig_signature, 5392 { "Signature", "dns.rrsig.signature", 5393 FT_BYTES, BASE_NONE, NULL, 0x0, 5394 "Contains the cryptographic signature that covers the RRSIG RDATA", HFILL }}, 5395 5396 { &hf_dns_dnskey_flags, 5397 { "Flags", "dns.dnskey.flags", 5398 FT_UINT16, BASE_HEX, NULL, 0x0, 5399 NULL, HFILL }}, 5400 5401 { &hf_dns_dnskey_flags_zone_key, 5402 { "Zone Key", "dns.dnskey.flags.zone_key", 5403 FT_BOOLEAN, 16, TFS(&dns_dnskey_zone_key_tfs), DNSKEY_FLAGS_ZK, 5404 NULL, HFILL }}, 5405 5406 { &hf_dns_dnskey_flags_key_revoked, 5407 { "Key Revoked", "dns.dnskey.flags.key_revoked", 5408 FT_BOOLEAN, 16, TFS(&tfs_yes_no), DNSKEY_FLAGS_KR, 5409 NULL, HFILL }}, 5410 5411 { &hf_dns_dnskey_flags_secure_entry_point, 5412 { "Key Signing Key", "dns.dnskey.flags.secure_entry_point", 5413 FT_BOOLEAN, 16, TFS(&tfs_yes_no), DNSKEY_FLAGS_SEP, 5414 NULL, HFILL }}, 5415 5416 { &hf_dns_dnskey_flags_reserved, 5417 { "Key Signing Key", "dns.dnskey.flags.reserved", 5418 FT_UINT16, BASE_HEX, NULL, DNSKEY_FLAGS_RSV, 5419 "Must be zero", HFILL }}, 5420 5421 { &hf_dns_dnskey_protocol, 5422 { "Protocol", "dns.dnskey.protocol", 5423 FT_UINT8, BASE_DEC, NULL, 0x0, 5424 "Must be 3", HFILL }}, 5425 5426 { &hf_dns_dnskey_algorithm, 5427 { "Algorithm", "dns.dnskey.algorithm", 5428 FT_UINT8, BASE_DEC, VALS(dnssec_algo_vals), 0x0, 5429 "Identifies the public key's cryptographic algorithm and determines the format of the Public Key field", HFILL }}, 5430 5431 { &hf_dns_dnskey_key_id, 5432 { "Key id", "dns.dnskey.key_id", 5433 FT_UINT16, BASE_DEC, NULL, 0x0, 5434 NULL, HFILL }}, 5435 5436 { &hf_dns_dnskey_public_key, 5437 { "Public Key", "dns.dnskey.public_key", 5438 FT_BYTES, BASE_NONE, NULL, 0x0, 5439 NULL, HFILL }}, 5440 5441 { &hf_dns_key_flags, 5442 { "Flags", "dns.key.flags", 5443 FT_UINT16, BASE_HEX, NULL, 0x0, 5444 NULL, HFILL }}, 5445 5446 { &hf_dns_key_flags_authentication, 5447 { "Key allowed for authentication", "dns.key.flags.authentication", 5448 FT_BOOLEAN, 16, TFS(&tfs_not_allowed_allowed), 0x8000, 5449 NULL, HFILL }}, 5450 5451 { &hf_dns_key_flags_confidentiality, 5452 { "Key allowed for confidentiality", "dns.key.flags.confidentiality", 5453 FT_BOOLEAN, 16, TFS(&tfs_not_allowed_allowed), 0x4000, 5454 NULL, HFILL }}, 5455 5456 { &hf_dns_key_flags_key_required, 5457 { "Key required", "dns.key.flags.required", 5458 FT_BOOLEAN, 16, TFS(&tfs_required_experimental), 0x2000, 5459 NULL, HFILL }}, 5460 5461 { &hf_dns_key_flags_associated_user, 5462 { "Key is associated with a user", "dns.key.flags.associated_user", 5463 FT_BOOLEAN, 16, TFS(&tfs_yes_no), 0x0400, 5464 NULL, HFILL }}, 5465 5466 { &hf_dns_key_flags_associated_named_entity, 5467 { "Key is associated with the named entity", "dns.key.flags.associated_named_entity", 5468 FT_BOOLEAN, 16, TFS(&tfs_yes_no), 0x0200, 5469 NULL, HFILL }}, 5470 5471 { &hf_dns_key_flags_ipsec, 5472 { "Key use with IPSEC", "dns.key.flags.ipsec", 5473 FT_BOOLEAN, 16, TFS(&tfs_valid_invalid), 0x0080, 5474 NULL, HFILL }}, 5475 5476 { &hf_dns_key_flags_mime, 5477 { "Key use with MIME security multiparts", "dns.key.flags.mime", 5478 FT_BOOLEAN, 16, TFS(&tfs_valid_invalid), 0x0040, 5479 NULL, HFILL }}, 5480 5481 { &hf_dns_key_flags_signatory, 5482 { "Signatory", "dns.key.flags.signatory", 5483 FT_UINT16, BASE_DEC, NULL, 0x000F, 5484 NULL, HFILL }}, 5485 5486 { &hf_dns_key_protocol, 5487 { "Protocol", "dns.key.protocol", 5488 FT_UINT8, BASE_DEC, NULL, 0x0, 5489 NULL, HFILL }}, 5490 5491 { &hf_dns_key_algorithm, 5492 { "Algorithm", "dns.key.algorithm", 5493 FT_UINT8, BASE_DEC, VALS(dnssec_algo_vals), 0x0, 5494 NULL, HFILL }}, 5495 5496 { &hf_dns_key_key_id, 5497 { "Key ID", "dns.key.key_id", 5498 FT_UINT16, BASE_DEC, NULL, 0x0, 5499 NULL, HFILL }}, 5500 5501 { &hf_dns_key_public_key, 5502 { "Public Key", "dns.key.public_key", 5503 FT_BYTES, BASE_NONE, NULL, 0x0, 5504 NULL, HFILL }}, 5505 5506 { &hf_dns_px_preference, 5507 { "Preference", "dns.px.preference", 5508 FT_UINT16, BASE_DEC, NULL, 0x0, 5509 NULL, HFILL }}, 5510 5511 { &hf_dns_px_map822, 5512 { "MAP822", "dns.px.map822", 5513 FT_STRING, BASE_NONE, NULL, 0x0, 5514 NULL, HFILL }}, 5515 5516 { &hf_dns_px_mapx400, 5517 { "MAPX400", "dns.px.map400", 5518 FT_STRING, BASE_NONE, NULL, 0x0, 5519 NULL, HFILL }}, 5520 5521 { &hf_dns_tkey_algo_name, 5522 { "Algorithm name", "dns.tkey.algo_name", 5523 FT_STRING, BASE_NONE, NULL, 0x0, 5524 NULL, HFILL }}, 5525 5526 { &hf_dns_tkey_signature_expiration, 5527 { "Signature Expiration", "dns.tkey.signature_expiration", 5528 FT_ABSOLUTE_TIME, ABSOLUTE_TIME_LOCAL, NULL, 0x0, 5529 "Specify a validity period for the signature", HFILL }}, 5530 5531 { &hf_dns_tkey_signature_inception, 5532 { "Signature Inception", "dns.tkey.signature_inception", 5533 FT_ABSOLUTE_TIME, ABSOLUTE_TIME_LOCAL, NULL, 0x0, 5534 "Specify a validity period for the signature", HFILL }}, 5535 5536 { &hf_dns_tkey_mode, 5537 { "Mode", "dns.tkey.mode", 5538 FT_UINT16, BASE_DEC, VALS(tkey_mode_vals), 0x0, 5539 NULL, HFILL }}, 5540 5541 { &hf_dns_tkey_error, 5542 { "Error", "dns.tkey.error", 5543 FT_UINT16, BASE_DEC, VALS(rcode_vals), 0x0, 5544 NULL, HFILL }}, 5545 5546 { &hf_dns_tkey_key_size, 5547 { "Key Size", "dns.tkey.key_size", 5548 FT_UINT16, BASE_DEC, NULL, 0x0, 5549 NULL, HFILL }}, 5550 5551 { &hf_dns_tkey_key_data, 5552 { "Key Data", "dns.tkey.key_data", 5553 FT_BYTES, BASE_NONE, NULL, 0x0, 5554 NULL, HFILL }}, 5555 5556 { &hf_dns_tkey_other_size, 5557 { "Other Size", "dns.tkey.other_size", 5558 FT_UINT16, BASE_DEC, NULL, 0x0, 5559 NULL, HFILL }}, 5560 5561 { &hf_dns_tkey_other_data, 5562 { "Other Data", "dns.tkey.other_data", 5563 FT_BYTES, BASE_NONE, NULL, 0x0, 5564 NULL, HFILL }}, 5565 5566 { &hf_dns_ipseckey_gateway_precedence, 5567 { "Gateway Precedence", "dns.ipseckey.gateway_precedence", 5568 FT_UINT8, BASE_DEC, NULL, 0x0, 5569 NULL, HFILL }}, 5570 5571 { &hf_dns_ipseckey_gateway_algorithm, 5572 { "Gateway Algorithm", "dns.ipseckey.gateway_algorithm", 5573 FT_UINT8, BASE_DEC, VALS(gw_algo_vals), 0x0, 5574 NULL, HFILL }}, 5575 5576 { &hf_dns_ipseckey_gateway_type, 5577 { "Gateway Type", "dns.ipseckey.gateway_type", 5578 FT_UINT8, BASE_DEC, VALS(gw_type_vals), 0x0, 5579 NULL, HFILL }}, 5580 5581 { &hf_dns_ipseckey_gateway_ipv4, 5582 { "IPv4 Gateway", "dns.ipseckey.gateway_ipv4", 5583 FT_IPv4, BASE_NONE, NULL, 0x0, 5584 NULL, HFILL }}, 5585 5586 { &hf_dns_ipseckey_gateway_ipv6, 5587 { "IPv6 Gateway", "dns.ipseckey.gateway_ipv6", 5588 FT_IPv6, BASE_NONE, NULL, 0x0, 5589 NULL, HFILL }}, 5590 5591 { &hf_dns_ipseckey_gateway_dns, 5592 { "DNS Gateway", "dns.ipseckey.gateway_dns", 5593 FT_STRING, BASE_NONE, NULL, 0x0, 5594 NULL, HFILL }}, 5595 5596 { &hf_dns_ipseckey_public_key, 5597 { "Public Key", "dns.ipseckey.public_key", 5598 FT_BYTES, BASE_NONE, NULL, 0x0, 5599 NULL, HFILL }}, 5600 5601 { &hf_dns_xpf_ip_version, 5602 { "IP Version", "dns.xpf.ip_version", 5603 FT_UINT16, BASE_DEC, 5604 VALS(ip_version_vals), 0x0, 5605 NULL, HFILL }}, 5606 5607 { &hf_dns_xpf_protocol, 5608 { "Protocol", "dns.xpf.protocol", 5609 FT_UINT8, BASE_DEC|BASE_EXT_STRING, 5610 &ipproto_val_ext, 0x0, 5611 NULL, HFILL }}, 5612 5613 { &hf_dns_xpf_source_ipv4, 5614 { "IPv4 Source", "dns.xpf.source_ipv4", 5615 FT_IPv4, BASE_NONE, NULL, 0x0, 5616 NULL, HFILL }}, 5617 5618 { &hf_dns_xpf_destination_ipv4, 5619 { "IPv4 Destination", "dns.xpf.destination_ipv4", 5620 FT_IPv4, BASE_NONE, NULL, 0x0, 5621 NULL, HFILL }}, 5622 5623 { &hf_dns_xpf_source_ipv6, 5624 { "IPv6 Source", "dns.xpf.source_ipv6", 5625 FT_IPv6, BASE_NONE, NULL, 0x0, 5626 NULL, HFILL }}, 5627 5628 { &hf_dns_xpf_destination_ipv6, 5629 { "IPv6 Destination", "dns.xpf.destination_ipv6", 5630 FT_IPv6, BASE_NONE, NULL, 0x0, 5631 NULL, HFILL }}, 5632 5633 { &hf_dns_xpf_sport, 5634 { "Source port", "dns.xpf.sport", 5635 FT_UINT16, BASE_DEC, NULL, 0x0, 5636 NULL, HFILL }}, 5637 5638 { &hf_dns_xpf_dport, 5639 { "Destination port", "dns.xpf.dport", 5640 FT_UINT16, BASE_DEC, NULL, 0x0, 5641 NULL, HFILL }}, 5642 5643 { &hf_dns_a6_prefix_len, 5644 { "Prefix len", "dns.a6.prefix_len", 5645 FT_UINT8, BASE_DEC, NULL, 0x0, 5646 NULL, HFILL }}, 5647 5648 { &hf_dns_a6_address_suffix, 5649 { "Address Suffix", "dns.a6.address_suffix", 5650 FT_IPv6, BASE_NONE, NULL, 0x0, 5651 NULL, HFILL }}, 5652 5653 { &hf_dns_a6_prefix_name, 5654 { "Prefix name", "dns.a6.prefix_name", 5655 FT_STRING, BASE_NONE, NULL, 0x0, 5656 NULL, HFILL }}, 5657 5658 { &hf_dns_dname, 5659 { "Dname", "dns.dname", 5660 FT_STRING, BASE_NONE, NULL, 0x0, 5661 NULL, HFILL }}, 5662 5663 { &hf_dns_loc_version, 5664 { "Version", "dns.loc.version", 5665 FT_UINT8, BASE_DEC, NULL, 0x0, 5666 NULL, HFILL }}, 5667 5668 { &hf_dns_loc_size, 5669 { "Size", "dns.loc.size", 5670 FT_UINT8, BASE_DEC, NULL, 0x0, 5671 NULL, HFILL }}, 5672 5673 { &hf_dns_loc_horizontal_precision, 5674 { "Horizontal Precision", "dns.loc.horizontal_precision", 5675 FT_UINT8, BASE_DEC, NULL, 0x0, 5676 NULL, HFILL }}, 5677 5678 { &hf_dns_loc_vertical_precision, 5679 { "Vertical Precision", "dns.loc.vertical_precision", 5680 FT_UINT8, BASE_DEC, NULL, 0x0, 5681 NULL, HFILL }}, 5682 5683 { &hf_dns_loc_latitude, 5684 { "Latitude", "dns.loc.latitude", 5685 FT_UINT32, BASE_DEC, NULL, 0x0, 5686 NULL, HFILL }}, 5687 5688 { &hf_dns_loc_longitude, 5689 { "Longitude", "dns.loc.longitude", 5690 FT_UINT32, BASE_DEC, NULL, 0x0, 5691 NULL, HFILL }}, 5692 5693 { &hf_dns_loc_altitude, 5694 { "Altitude", "dns.loc.altitude", 5695 FT_UINT32, BASE_DEC, NULL, 0x0, 5696 NULL, HFILL }}, 5697 5698 { &hf_dns_loc_unknown_data, 5699 { "Unknown data", "dns.loc.unknown_data", 5700 FT_BYTES, BASE_NONE, NULL, 0x0, 5701 NULL, HFILL }}, 5702 5703 { &hf_dns_nxt_next_domain_name, 5704 { "Next Domain Name", "dns.nxt.next_domain_name", 5705 FT_STRING, BASE_NONE, NULL, 0x0, 5706 NULL, HFILL }}, 5707 5708 { &hf_dns_kx_preference, 5709 { "Preference", "dns.kx.preference", 5710 FT_UINT16, BASE_DEC, NULL, 0x0, 5711 NULL, HFILL }}, 5712 5713 { &hf_dns_kx_key_exchange, 5714 { "Key Exchange", "dns.kx.key_exchange", 5715 FT_STRING, BASE_NONE, NULL, 0x0, 5716 NULL, HFILL }}, 5717 5718 { &hf_dns_cert_type, 5719 { "Type", "dns.cert.type", 5720 FT_UINT16, BASE_DEC, VALS(dns_cert_type_vals), 0x0, 5721 NULL, HFILL }}, 5722 5723 { &hf_dns_cert_key_tag, 5724 { "Key Tag", "dns.cert.key_tag", 5725 FT_UINT16, BASE_HEX, NULL, 0x0, 5726 NULL, HFILL }}, 5727 5728 { &hf_dns_cert_algorithm, 5729 { "Algorithm", "dns.cert.algorithm", 5730 FT_UINT8, BASE_DEC, VALS(dnssec_algo_vals), 0x0, 5731 NULL, HFILL }}, 5732 5733 { &hf_dns_cert_certificate, 5734 { "Certificate (or CRL)", "dns.cert.certificate", 5735 FT_BYTES, BASE_NONE, NULL, 0x0, 5736 NULL, HFILL }}, 5737 5738 { &hf_dns_nsec_next_domain_name, 5739 { "Next Domain Name", "dns.nsec.next_domain_name", 5740 FT_STRING, BASE_NONE, NULL, 0x0, 5741 NULL, HFILL }}, 5742 5743 { &hf_dns_ns, 5744 { "Name Server", "dns.ns", 5745 FT_STRING, BASE_NONE, NULL, 0x0, 5746 NULL, HFILL }}, 5747 5748 { &hf_dns_opt, 5749 { "Option", "dns.opt", 5750 FT_NONE, BASE_NONE, 5751 NULL, 0x0, 5752 NULL, HFILL }}, 5753 5754 { &hf_dns_opt_code, 5755 { "Option Code", "dns.opt.code", 5756 FT_UINT16, BASE_DEC, 5757 VALS(edns0_opt_code_vals), 0x0, 5758 NULL, HFILL }}, 5759 5760 { &hf_dns_opt_len, 5761 { "Option Length", "dns.opt.len", 5762 FT_UINT16, BASE_DEC, NULL, 0x0, 5763 NULL, HFILL }}, 5764 5765 { &hf_dns_opt_data, 5766 { "Option Data", "dns.opt.data", 5767 FT_BYTES, BASE_NONE, NULL, 0x0, 5768 NULL, HFILL }}, 5769 5770 { &hf_dns_opt_dau, 5771 { "DAU", "dns.opt.dau", 5772 FT_UINT8, BASE_DEC, VALS(dnssec_algo_vals), 0x0, 5773 "DNSSEC Algorithm Understood", HFILL }}, 5774 5775 { &hf_dns_opt_dhu, 5776 { "DHU", "dns.opt.dhu", 5777 FT_UINT8, BASE_DEC, VALS(dns_ds_digest_vals), 0x0, 5778 "DS Hash Understood", HFILL }}, 5779 5780 { &hf_dns_opt_n3u, 5781 { "N3U", "dns.opt.n3u", 5782 FT_UINT8, BASE_DEC, VALS(hash_algorithms), 0x0, 5783 "NSEC3 Hash Understood", HFILL }}, 5784 5785 { &hf_dns_opt_client_family, 5786 { "Family", "dns.opt.client.family", 5787 FT_UINT16, BASE_DEC, 5788 VALS(afamily_vals), 0x0, 5789 NULL, HFILL }}, 5790 5791 { &hf_dns_opt_client_netmask, 5792 { "Source Netmask", "dns.opt.client.netmask", 5793 FT_UINT8, BASE_DEC, NULL, 0x0, 5794 NULL, HFILL }}, 5795 5796 { &hf_dns_opt_client_scope, 5797 { "Scope Netmask", "dns.opt.client.scope", 5798 FT_UINT8, BASE_DEC, NULL, 0x0, 5799 NULL, HFILL }}, 5800 5801 { &hf_dns_opt_client_addr, 5802 { "Client Subnet", "dns.opt.client.addr", 5803 FT_BYTES, BASE_NONE, NULL, 0x0, 5804 NULL, HFILL }}, 5805 5806 { &hf_dns_opt_client_addr4, 5807 { "Client Subnet", "dns.opt.client.addr4", 5808 FT_IPv4, BASE_NONE, NULL, 0x0, 5809 NULL, HFILL }}, 5810 5811 { &hf_dns_opt_client_addr6, 5812 { "Client Subnet", "dns.opt.client.addr6", 5813 FT_IPv6, BASE_NONE, NULL, 0x0, 5814 NULL, HFILL }}, 5815 5816 { &hf_dns_opt_cookie_client, 5817 { "Client Cookie", "dns.opt.cookie.client", 5818 FT_BYTES, BASE_NONE, NULL, 0x0, 5819 NULL, HFILL }}, 5820 5821 { &hf_dns_opt_cookie_server, 5822 { "Server Cookie", "dns.opt.cookie.server", 5823 FT_BYTES, BASE_NONE, NULL, 0x0, 5824 NULL, HFILL }}, 5825 5826 { &hf_dns_opt_edns_tcp_keepalive_timeout, 5827 { "Timeout", "dns.opt.edns_tcp_keepalive.timeout", 5828 FT_UINT16, BASE_DEC, NULL, 0x0, 5829 "an idle timeout value for the TCP connection, specified in units of 100 milliseconds", HFILL }}, 5830 5831 { &hf_dns_opt_padding, 5832 { "Padding", "dns.opt.padding", 5833 FT_BYTES, BASE_NONE, NULL, 0x0, 5834 "The PADDING octets SHOULD be set to 0x00", HFILL }}, 5835 5836 { &hf_dns_opt_chain_fqdn, 5837 { "Closest Trust Point", "dns.opt.chain.fqdn", 5838 FT_STRING, BASE_NONE, NULL, 0x0, 5839 "A variable length Fully Qualified Domain Name (FQDN) in DNS wire format of the requested start point of the chain", HFILL }}, 5840 5841 { &hf_dns_opt_ext_error_info_code, 5842 { "Info Code", "dns.opt.ext_error.info_code", 5843 FT_UINT16, BASE_DEC | BASE_RANGE_STRING, RVALS(dns_ext_err_info_code), 0x0, 5844 NULL, HFILL }}, 5845 5846 { &hf_dns_opt_ext_error_extra_text, 5847 { "Extra Text", "dns.opt.ext_error.extra_text", 5848 FT_STRING, STR_UNICODE, NULL, 0x0, 5849 NULL, HFILL }}, 5850 5851 { &hf_dns_count_questions, 5852 { "Questions", "dns.count.queries", 5853 FT_UINT16, BASE_DEC, NULL, 0x0, 5854 "Number of queries in packet", HFILL }}, 5855 5856 { &hf_dns_count_zones, 5857 { "Zones", "dns.count.zones", 5858 FT_UINT16, BASE_DEC, NULL, 0x0, 5859 "Number of zones in packet", HFILL }}, 5860 5861 { &hf_dns_count_answers, 5862 { "Answer RRs", "dns.count.answers", 5863 FT_UINT16, BASE_DEC, NULL, 0x0, 5864 "Number of answers in packet", HFILL }}, 5865 5866 { &hf_dns_count_prerequisites, 5867 { "Prerequisites", "dns.count.prerequisites", 5868 FT_UINT16, BASE_DEC, NULL, 0x0, 5869 "Number of prerequisites in packet", HFILL }}, 5870 5871 { &hf_dns_count_auth_rr, 5872 { "Authority RRs", "dns.count.auth_rr", 5873 FT_UINT16, BASE_DEC, NULL, 0x0, 5874 "Number of authoritative records in packet", HFILL }}, 5875 5876 { &hf_dns_count_updates, 5877 { "Updates", "dns.count.updates", 5878 FT_UINT16, BASE_DEC, NULL, 0x0, 5879 "Number of updates records in packet", HFILL }}, 5880 5881 { &hf_dns_nsec3_algo, 5882 { "Hash algorithm", "dns.nsec3.algo", 5883 FT_UINT8, BASE_DEC, VALS(hash_algorithms), 0, 5884 NULL, HFILL }}, 5885 5886 { &hf_dns_nsec3_flags, 5887 { "NSEC3 flags", "dns.nsec3.flags", 5888 FT_UINT8, BASE_DEC, NULL, 0, 5889 NULL, HFILL }}, 5890 5891 { &hf_dns_nsec3_flag_optout, 5892 { "NSEC3 Opt-out flag", "dns.nsec3.flags.opt_out", 5893 FT_BOOLEAN, 8, TFS(&tfs_flags_nsec3_optout), NSEC3_FLAG_OPTOUT, 5894 NULL, HFILL }}, 5895 5896 { &hf_dns_nsec3_iterations, 5897 { "NSEC3 iterations", "dns.nsec3.iterations", 5898 FT_UINT16, BASE_DEC, NULL, 0, 5899 "Number of hashing iterations", HFILL }}, 5900 5901 { &hf_dns_nsec3_salt_length, 5902 { "Salt length", "dns.nsec3.salt_length", 5903 FT_UINT8, BASE_DEC, NULL, 0, 5904 "Length of salt in bytes", HFILL }}, 5905 5906 { &hf_dns_nsec3_salt_value, 5907 { "Salt value", "dns.nsec3.salt_value", 5908 FT_BYTES, BASE_NONE, NULL, 0, 5909 NULL, HFILL }}, 5910 5911 { &hf_dns_nsec3_hash_length, 5912 { "Hash length", "dns.nsec3.hash_length", 5913 FT_UINT8, BASE_DEC, NULL, 0, 5914 "Length in bytes of next hashed owner", HFILL }}, 5915 5916 { &hf_dns_nsec3_hash_value, 5917 { "Next hashed owner", "dns.nsec3.hash_value", 5918 FT_BYTES, BASE_NONE, NULL, 0, 5919 NULL, HFILL }}, 5920 5921 { &hf_dns_tlsa_certificate_usage, 5922 { "Certificate Usage", "dns.tlsa.certificate_usage", 5923 FT_UINT8, BASE_DEC, VALS(tlsa_certificate_usage_vals), 0, 5924 "Specifies the provided association that will be used to match the certificate presented in the TLS handshake", HFILL }}, 5925 5926 { &hf_dns_tlsa_selector, 5927 { "Selector", "dns.tlsa.selector", 5928 FT_UINT8, BASE_DEC, VALS(tlsa_selector_vals), 0, 5929 "Specifies which part of the TLS certificate presented by the server will be matched against the association data", HFILL }}, 5930 5931 { &hf_dns_tlsa_matching_type, 5932 { "Matching Type", "dns.tlsa.matching_type", 5933 FT_UINT8, BASE_DEC, VALS(tlsa_matching_type_vals), 0, 5934 "Specifies how the certificate association is presented", HFILL }}, 5935 5936 { &hf_dns_tlsa_certificate_association_data, 5937 { "Certificate Association Data", "dns.tlsa.certificate_association_data", 5938 FT_BYTES, BASE_NONE, NULL, 0, 5939 "The data refers to the certificate in the association", HFILL }}, 5940 5941 { &hf_dns_tsig_algorithm_name, 5942 { "Algorithm Name", "dns.tsig.algorithm_name", 5943 FT_STRING, BASE_NONE, NULL, 0x0, 5944 "Name of algorithm used for the MAC", HFILL }}, 5945 5946 { &hf_dns_tsig_time_signed, 5947 { "Time Signed", "dns.tsig.time_signed", 5948 FT_ABSOLUTE_TIME, ABSOLUTE_TIME_LOCAL, NULL, 0x0, 5949 NULL, HFILL }}, 5950 5951 5952 { &hf_dns_tsig_original_id, 5953 { "Original Id", "dns.tsig.original_id", 5954 FT_UINT16, BASE_DEC, NULL, 0x0, 5955 NULL, HFILL }}, 5956 5957 { &hf_dns_tsig_error, 5958 { "Error", "dns.tsig.error", 5959 FT_UINT16, BASE_DEC, VALS(rcode_vals), 0x0, 5960 "Expanded RCODE for TSIG", HFILL }}, 5961 5962 { &hf_dns_tsig_fudge, 5963 { "Fudge", "dns.tsig.fudge", 5964 FT_UINT16, BASE_DEC, NULL, 0x0, 5965 "Number of bytes for the MAC", HFILL }}, 5966 5967 { &hf_dns_tsig_mac_size, 5968 { "MAC Size", "dns.tsig.mac_size", 5969 FT_UINT16, BASE_DEC, NULL, 0x0, 5970 "Number of bytes for the MAC", HFILL }}, 5971 5972 { &hf_dns_tsig_other_len, 5973 { "Other Len", "dns.tsig.other_len", 5974 FT_UINT16, BASE_DEC, NULL, 0x0, 5975 "Number of bytes for Other Data", HFILL }}, 5976 5977 { &hf_dns_tsig_mac, 5978 { "MAC", "dns.tsig.mac", 5979 FT_NONE, BASE_NONE, NULL, 0x0, 5980 NULL, HFILL }}, 5981 5982 { &hf_dns_tsig_other_data, 5983 { "Other Data", "dns.tsig.other_data", 5984 FT_BYTES, BASE_NONE, NULL, 0x0, 5985 NULL, HFILL }}, 5986 5987 { &hf_dns_response_in, 5988 { "Response In", "dns.response_in", 5989 FT_FRAMENUM, BASE_NONE, FRAMENUM_TYPE(FT_FRAMENUM_RESPONSE), 0x0, 5990 "The response to this DNS query is in this frame", HFILL }}, 5991 5992 { &hf_dns_response_to, 5993 { "Request In", "dns.response_to", 5994 FT_FRAMENUM, BASE_NONE, FRAMENUM_TYPE(FT_FRAMENUM_REQUEST), 0x0, 5995 "This is a response to the DNS query in this frame", HFILL }}, 5996 5997 { &hf_dns_retransmission, 5998 { "Retransmission", "dns.retransmission", 5999 FT_BOOLEAN, BASE_NONE, NULL, 0x0, 6000 "This is a retransmission", HFILL }}, 6001 6002 { &hf_dns_retransmit_request_in, 6003 { "Retransmitted request. Original request in", "dns.retransmit_request_in", 6004 FT_FRAMENUM, BASE_NONE, NULL, 0x0, 6005 "This is a retransmitted DNS query", HFILL }}, 6006 6007 { &hf_dns_retransmit_response_in, 6008 { "Retransmitted response. Original response in", "dns.retransmit_response_in", 6009 FT_FRAMENUM, BASE_NONE, NULL, 0x0, 6010 "This is a retransmitted DNS response", HFILL }}, 6011 6012 { &hf_dns_time, 6013 { "Time", "dns.time", 6014 FT_RELATIVE_TIME, BASE_NONE, NULL, 0x0, 6015 "The time between the Query and the Response", HFILL }}, 6016 6017 { &hf_dns_unsolicited, 6018 { "Unsolicited", "dns.unsolicited", 6019 FT_BOOLEAN, BASE_NONE, NULL, 0x0, 6020 "This is an unsolicited response", HFILL }}, 6021 6022 { &hf_dns_count_add_rr, 6023 { "Additional RRs", "dns.count.add_rr", 6024 FT_UINT16, BASE_DEC, NULL, 0x0, 6025 "Number of additional records in packet", HFILL }}, 6026 6027 { &hf_dns_sshfp_algorithm, 6028 { "Algorithm", "dns.sshfp.algorithm", 6029 FT_UINT8, BASE_DEC, VALS(sshfp_algo_vals), 0, 6030 NULL, HFILL }}, 6031 6032 { &hf_dns_sshfp_fingerprint_type, 6033 { "Fingerprint type", "dns.sshfp.fingerprint.type", 6034 FT_UINT8, BASE_DEC, VALS(sshfp_fingertype_vals), 0, 6035 NULL, HFILL }}, 6036 6037 { &hf_dns_sshfp_fingerprint, 6038 { "Fingerprint", "dns.sshfp.fingerprint", 6039 FT_BYTES, BASE_NONE, NULL, 0, 6040 NULL, HFILL }}, 6041 6042 { &hf_dns_hip_hit_length, 6043 { "HIT length", "dns.hip.hit.length", 6044 FT_UINT8, BASE_DEC, NULL, 0, 6045 NULL, HFILL }}, 6046 6047 { &hf_dns_hip_pk_algo, 6048 { "HIT length", "dns.hip.hit.pk.algo", 6049 FT_UINT8, BASE_DEC, VALS(hip_algo_vals), 0, 6050 NULL, HFILL }}, 6051 6052 { &hf_dns_hip_pk_length, 6053 { "PK length", "dns.hip.pk.length", 6054 FT_UINT16, BASE_DEC, NULL, 0, 6055 NULL, HFILL }}, 6056 6057 { &hf_dns_hip_hit, 6058 { "Host Identity Tag", "dns.hip.hit", 6059 FT_BYTES, BASE_NONE, NULL, 0, 6060 NULL, HFILL }}, 6061 6062 { &hf_dns_hip_pk, 6063 { "HIP Public Key", "dns.hip.pk", 6064 FT_BYTES, BASE_NONE, NULL, 0, 6065 NULL, HFILL }}, 6066 6067 { &hf_dns_hip_rendezvous_server, 6068 { "Rendezvous Server", "dns.hip.rendezvous_server", 6069 FT_STRING, BASE_NONE, NULL, 0, 6070 NULL, HFILL }}, 6071 6072 { &hf_dns_dhcid_rdata, 6073 { "DHCID Data", "dns.dhcid.rdata", 6074 FT_BYTES, BASE_NONE, NULL, 0, 6075 NULL, HFILL }}, 6076 6077 { &hf_dns_ds_key_id, 6078 { "Key id", "dns.ds.key_id", 6079 FT_UINT16, BASE_HEX, NULL, 0, 6080 NULL, HFILL }}, 6081 6082 { &hf_dns_ds_algorithm, 6083 { "Algorithm", "dns.ds.algorithm", 6084 FT_UINT8, BASE_DEC, VALS(dnssec_algo_vals), 0, 6085 NULL, HFILL }}, 6086 6087 { &hf_dns_ds_digest_type, 6088 { "Digest Type", "dns.ds.digest_type", 6089 FT_UINT8, BASE_DEC, VALS(dns_ds_digest_vals), 0, 6090 NULL, HFILL }}, 6091 6092 { &hf_dns_ds_digest, 6093 { "Digest", "dns.ds.digest", 6094 FT_BYTES, BASE_NONE, NULL, 0, 6095 NULL, HFILL }}, 6096 6097 { &hf_dns_apl_address_family, 6098 { "Address Family", "dns.apl.address_family", 6099 FT_UINT16, BASE_DEC, VALS(afamily_vals), 0, 6100 NULL, HFILL }}, 6101 6102 { &hf_dns_apl_coded_prefix, 6103 { "Prefix Length", "dns.apl.coded_prefix", 6104 FT_UINT8, BASE_DEC, NULL, 0, 6105 NULL, HFILL }}, 6106 6107 { &hf_dns_apl_negation, 6108 { "Negation Flag", "dns.apl.negation", 6109 FT_BOOLEAN, 8, TFS(&tfs_dns_apl_negation), DNS_APL_NEGATION, 6110 NULL, HFILL }}, 6111 6112 { &hf_dns_apl_afdlength, 6113 { "Address Length","dns.apl.afdlength", 6114 FT_UINT8, BASE_DEC, NULL, DNS_APL_AFDLENGTH, 6115 "in octets", HFILL }}, 6116 6117 { &hf_dns_apl_afdpart_ipv4, 6118 { "Address","dns.apl.afdpart.ipv4", 6119 FT_IPv4, BASE_NONE, NULL, 0, 6120 NULL, HFILL }}, 6121 6122 { &hf_dns_apl_afdpart_ipv6, 6123 { "Address","dns.apl.afdpart.ipv6", 6124 FT_IPv6, BASE_NONE, NULL, 0, 6125 NULL, HFILL }}, 6126 6127 { &hf_dns_apl_afdpart_data, 6128 { "Address","dns.apl.afdpart.data", 6129 FT_BYTES, BASE_NONE, NULL, 0, 6130 NULL, HFILL }}, 6131 6132 { &hf_dns_gpos_longitude_length, 6133 { "Longitude length","dns.gpos.longitude_length", 6134 FT_UINT8, BASE_DEC, NULL, 0, 6135 NULL, HFILL }}, 6136 6137 { &hf_dns_gpos_longitude, 6138 { "Longitude","dns.gpos.longitude", 6139 FT_STRING, BASE_NONE, NULL, 0, 6140 NULL, HFILL }}, 6141 6142 { &hf_dns_gpos_latitude_length, 6143 { "Latitude length","dns.gpos.latitude_length", 6144 FT_UINT8, BASE_DEC, NULL, 0, 6145 NULL, HFILL }}, 6146 6147 { &hf_dns_gpos_latitude, 6148 { "Latitude","dns.gpos.latitude", 6149 FT_STRING, BASE_NONE, NULL, 0, 6150 NULL, HFILL }}, 6151 6152 { &hf_dns_gpos_altitude_length, 6153 { "Altitude length","dns.gpos.altitude_length", 6154 FT_UINT8, BASE_DEC, NULL, 0, 6155 NULL, HFILL }}, 6156 6157 { &hf_dns_gpos_altitude, 6158 { "Altitude","dns.gpos.altitude", 6159 FT_STRING, BASE_NONE, NULL, 0, 6160 NULL, HFILL }}, 6161 6162 { &hf_dns_rp_mailbox, 6163 { "Mailbox","dns.rp.mailbox", 6164 FT_STRING, BASE_NONE, NULL, 0, 6165 NULL, HFILL }}, 6166 6167 { &hf_dns_rp_txt_rr, 6168 { "TXT RR","dns.rp.txt_rr", 6169 FT_STRING, BASE_NONE, NULL, 0, 6170 NULL, HFILL }}, 6171 6172 { &hf_dns_afsdb_subtype, 6173 { "Subtype","dns.afsdb.subtype", 6174 FT_UINT16, BASE_DEC, NULL, 0, 6175 NULL, HFILL }}, 6176 6177 { &hf_dns_afsdb_hostname, 6178 { "Hostname","dns.afsdb.hostname", 6179 FT_STRING, BASE_NONE, NULL, 0, 6180 NULL, HFILL }}, 6181 6182 { &hf_dns_x25_length, 6183 { "Length","dns.x25.length", 6184 FT_UINT8, BASE_DEC, NULL, 0, 6185 NULL, HFILL }}, 6186 6187 { &hf_dns_x25_psdn_address, 6188 { "PSDN-Address","dns.x25.psdn_address", 6189 FT_STRING, BASE_NONE, NULL, 0, 6190 NULL, HFILL }}, 6191 6192 { &hf_dns_isdn_length, 6193 { "Length","dns.idsn.length", 6194 FT_UINT8, BASE_DEC, NULL, 0, 6195 NULL, HFILL }}, 6196 6197 { &hf_dns_isdn_address, 6198 { "ISDN Address","dns.idsn.address", 6199 FT_STRING, BASE_NONE, NULL, 0, 6200 NULL, HFILL }}, 6201 6202 { &hf_dns_isdn_sa_length, 6203 { "Length","dns.idsn.sa.length", 6204 FT_UINT8, BASE_DEC, NULL, 0, 6205 NULL, HFILL }}, 6206 6207 { &hf_dns_isdn_sa, 6208 { "Sub Address","dns.idsn.sa.address", 6209 FT_STRING, BASE_NONE, NULL, 0, 6210 NULL, HFILL }}, 6211 6212 { &hf_dns_rt_preference, 6213 { "Preference","dns.rt.subtype", 6214 FT_UINT16, BASE_DEC, NULL, 0, 6215 NULL, HFILL }}, 6216 6217 { &hf_dns_rt_intermediate_host, 6218 { "Intermediate Hostname","dns.rt.intermediate_host", 6219 FT_STRING, BASE_NONE, NULL, 0, 6220 NULL, HFILL }}, 6221 6222 { &hf_dns_nsap_rdata, 6223 { "NSAP Data", "dns.nsap.rdata", 6224 FT_BYTES, BASE_NONE, NULL, 0, 6225 NULL, HFILL }}, 6226 6227 { &hf_dns_nsap_ptr_owner, 6228 { "Owner", "dns.nsap_ptr.owner", 6229 FT_STRING, BASE_NONE, NULL, 0, 6230 NULL, HFILL }}, 6231 6232 { &hf_dns_caa_flags, 6233 { "CAA Flags", "dns.caa.flags", 6234 FT_UINT8, BASE_HEX, NULL, 0x0, 6235 NULL, HFILL }}, 6236 6237 { &hf_dns_caa_flag_issuer_critical, 6238 { "Issuer Critical", "dns.caa.flags.issuer_critical", 6239 FT_BOOLEAN, 8, TFS(&tfs_critical_not_critical), CAA_FLAG_ISSUER_CRITICAL, 6240 "Other CAs must not issue certificates", HFILL }}, 6241 6242 { &hf_dns_caa_issue, 6243 { "Issue", "dns.caa.issue", 6244 FT_STRING, BASE_NONE, NULL, 0x0, 6245 "CA which is allowed to issue certificates", HFILL }}, 6246 6247 { &hf_dns_caa_issuewild, 6248 { "Issue Wildcard", "dns.caa.issuewild", 6249 FT_STRING, BASE_NONE, NULL, 0x0, 6250 "CA which is allowed to issue wildcard certificates", HFILL }}, 6251 6252 { &hf_dns_caa_iodef, 6253 { "Report URL", "dns.caa.iodef", 6254 FT_STRING, BASE_NONE, NULL, 0x0, 6255 "URL or email address for certificate issue requests and violation reports", HFILL }}, 6256 6257 { &hf_dns_caa_unknown, 6258 { "Unknown tag", "dns.caa.unknown", 6259 FT_STRING, BASE_NONE, NULL, 0x0, 6260 NULL, HFILL }}, 6261 6262 { &hf_dns_caa_tag_length, 6263 { "Tag length", "dns.caa.tag_length", 6264 FT_UINT8, BASE_DEC, NULL, 0, 6265 NULL, HFILL }}, 6266 6267 { &hf_dns_caa_tag, 6268 { "Tag", "dns.caa.tag", 6269 FT_STRING, BASE_NONE, NULL, 0x0, 6270 NULL, HFILL }}, 6271 6272 { &hf_dns_caa_value, 6273 { "Value", "dns.caa.value", 6274 FT_STRING, BASE_NONE, NULL, 0x0, 6275 NULL, HFILL }}, 6276 6277 { &hf_dns_wins_local_flag, 6278 { "Local Flag", "dns.wins.local_flag", 6279 FT_BOOLEAN, 32, TFS(&tfs_true_false), 0x1, 6280 NULL, HFILL }}, 6281 6282 { &hf_dns_wins_lookup_timeout, 6283 { "Lookup timeout", "dns.wins.lookup_timeout", 6284 FT_UINT32, BASE_DEC, NULL, 0x0, 6285 "In seconds", HFILL }}, 6286 6287 { &hf_dns_wins_cache_timeout, 6288 { "Cache timeout", "dns.wins.cache_timeout", 6289 FT_UINT32, BASE_DEC, NULL, 0x0, 6290 "In seconds", HFILL }}, 6291 6292 { &hf_dns_wins_nb_wins_servers, 6293 { "Number of WINS servers", "dns.wins.nb_wins_servers", 6294 FT_UINT32, BASE_DEC, NULL, 0x0, 6295 NULL, HFILL }}, 6296 6297 { &hf_dns_wins_server, 6298 { "WINS Server Address", "dns.wins.wins_server", 6299 FT_IPv4, BASE_NONE, NULL, 0x0, 6300 NULL, HFILL }}, 6301 6302 { &hf_dns_winsr_local_flag, 6303 { "Local Flag", "dns.winsr.local_flag", 6304 FT_BOOLEAN, 32, TFS(&tfs_true_false), 0x1, 6305 NULL, HFILL }}, 6306 6307 { &hf_dns_winsr_lookup_timeout, 6308 { "Lookup timeout", "dns.winsr.lookup_timeout", 6309 FT_UINT32, BASE_DEC, NULL, 0x0, 6310 "In seconds", HFILL }}, 6311 6312 { &hf_dns_winsr_cache_timeout, 6313 { "Cache timeout", "dns.winsr.cache_timeout", 6314 FT_UINT32, BASE_DEC, NULL, 0x0, 6315 "In seconds", HFILL }}, 6316 6317 { &hf_dns_winsr_name_result_domain, 6318 { "Name Result Domain", "dns.winsr.name_result_domain", 6319 FT_STRING, BASE_NONE, NULL, 0x0, 6320 NULL, HFILL }}, 6321 6322 { &hf_dns_data, 6323 { "Data", "dns.data", 6324 FT_BYTES, BASE_NONE, NULL, 0x0, 6325 NULL, HFILL }}, 6326 6327 { &hf_dns_dso, 6328 { "DNS Stateful Operation", "dns.dso", 6329 FT_NONE, BASE_NONE, NULL, 0x0, 6330 NULL, HFILL }}, 6331 { &hf_dns_dso_tlv, 6332 { "DSO TLV", "dns.dso.tlv", 6333 FT_NONE, BASE_NONE, NULL, 0x0, 6334 NULL, HFILL }}, 6335 { &hf_dns_dso_tlv_type, 6336 { "Type", "dns.dso.tlv.type", 6337 FT_UINT16, BASE_DEC | BASE_RANGE_STRING, RVALS(dns_dso_type_rvals), 0x0, 6338 NULL, HFILL }}, 6339 { &hf_dns_dso_tlv_length, 6340 { "Length", "dns.dso.tlv.length", 6341 FT_UINT16, BASE_DEC, NULL, 0x0, 6342 NULL, HFILL }}, 6343 { &hf_dns_dso_tlv_data, 6344 { "Data", "dns.dso.tlv.data", 6345 FT_BYTES, BASE_NONE, NULL, 0x0, 6346 NULL, HFILL }}, 6347 { &hf_dns_dso_tlv_keepalive_inactivity, 6348 { "Inactivity Timeout", "dns.dso.tlv.keepalive.inactivity", 6349 FT_UINT32, BASE_DEC, NULL, 0x0, 6350 "Inactivity Timeout (ms)", HFILL }}, 6351 { &hf_dns_dso_tlv_keepalive_interval, 6352 { "Keepalive Interval", "dns.dso.tlv.keepalive.interval", 6353 FT_UINT32, BASE_DEC, NULL, 0x0, 6354 "Keepalive Interval (ms)", HFILL }}, 6355 { &hf_dns_dso_tlv_retrydelay_retrydelay, 6356 { "Retry Delay", "dns.dso.tlv.retrydelay.retrydelay", 6357 FT_UINT32, BASE_DEC, NULL, 0x0, 6358 "Retry Delay (ms)", HFILL }}, 6359 { &hf_dns_dso_tlv_encpad_padding, 6360 { "Padding", "dns.dso.tlv.encpad.padding", 6361 FT_BYTES, BASE_NONE, NULL, 0x0, 6362 NULL, HFILL }}, 6363 }; 6364 6365 static ei_register_info ei[] = { 6366 { &ei_dns_opt_bad_length, { "dns.rr.opt.bad_length", PI_MALFORMED, PI_ERROR, "Length too long for any type of IP address.", EXPFILL }}, 6367 { &ei_dns_undecoded_option, { "dns.undecoded.type", PI_UNDECODED, PI_NOTE, "Undecoded option", EXPFILL }}, 6368 { &ei_dns_depr_opc, { "dns.depr.opc", PI_PROTOCOL, PI_WARN, "Deprecated opcode", EXPFILL }}, 6369 { &ei_ttl_high_bit_set, { "dns.ttl.high_bit_set", PI_PROTOCOL, PI_WARN, "The uppermost bit of the TTL is set (RFC 2181, section 8)", EXPFILL }}, 6370 { &ei_dns_tsig_alg, { "dns.tsig.noalg", PI_UNDECODED, PI_WARN, "No dissector for algorithm", EXPFILL }}, 6371 { &ei_dns_key_id_buffer_too_short, { "dns.key_id_buffer_too_short", PI_PROTOCOL, PI_WARN, "Buffer too short to compute a key id", EXPFILL }}, 6372 { &ei_dns_retransmit_request, { "dns.retransmit_request", PI_PROTOCOL, PI_WARN, "DNS query retransmission", EXPFILL }}, 6373 { &ei_dns_retransmit_response, { "dns.retransmit_response", PI_PROTOCOL, PI_WARN, "DNS response retransmission", EXPFILL }}, 6374 }; 6375 6376 static gint *ett[] = { 6377 &ett_dns, 6378 &ett_dns_qd, 6379 &ett_dns_rr, 6380 &ett_dns_qry, 6381 &ett_dns_ans, 6382 &ett_dns_flags, 6383 &ett_dns_opts, 6384 &ett_nsec3_flags, 6385 &ett_key_flags, 6386 &ett_t_key, 6387 &ett_dns_mac, 6388 &ett_caa_flags, 6389 &ett_caa_data, 6390 &ett_dns_csdync_flags, 6391 &ett_dns_dso, 6392 &ett_dns_dso_tlv, 6393 &ett_dns_svcb, 6394 }; 6395 6396 module_t *dns_module; 6397 expert_module_t* expert_dns; 6398 6399 proto_dns = proto_register_protocol("Domain Name System", "DNS", "dns"); 6400 proto_mdns = proto_register_protocol("Multicast Domain Name System", "mDNS", "mdns"); 6401 proto_llmnr = proto_register_protocol("Link-local Multicast Name Resolution", "LLMNR", "llmnr"); 6402 proto_register_field_array(proto_dns, hf, array_length(hf)); 6403 proto_register_subtree_array(ett, array_length(ett)); 6404 expert_dns = expert_register_protocol(proto_dns); 6405 expert_register_field_array(expert_dns, ei, array_length(ei)); 6406 6407 dns_module = prefs_register_protocol(proto_dns, NULL); 6408 6409 prefs_register_bool_preference(dns_module, "desegment_dns_messages", 6410 "Reassemble DNS messages spanning multiple TCP segments", 6411 "Whether the DNS dissector should reassemble messages spanning multiple TCP segments." 6412 " To use this option, you must also enable \"Allow subdissectors to reassemble TCP streams\" in the TCP protocol settings.", 6413 &dns_desegment); 6414 6415 prefs_register_uint_preference(dns_module, "retransmission_timer", 6416 "Number of seconds allowed between retransmissions", 6417 "Number of seconds allowed between DNS requests with the same transaction ID to consider it a retransmission." 6418 " Otherwise its considered a new request.", 6419 10, &retransmission_timer); 6420 6421 prefs_register_obsolete_preference(dns_module, "use_for_addr_resolution"); 6422 6423 prefs_register_static_text_preference(dns_module, "text_use_for_addr_resolution", 6424 "DNS address resolution settings can be changed in the Name Resolution preferences", 6425 "DNS address resolution settings can be changed in the Name Resolution preferences"); 6426 6427 dns_tsig_dissector_table = register_dissector_table("dns.tsig.mac", "DNS TSIG MAC", proto_dns, FT_STRING, BASE_NONE); 6428 6429 dns_handle = register_dissector("dns", dissect_dns, proto_dns); 6430 6431 dns_tap = register_tap("dns"); 6432 } 6433 6434 /* 6435 * Editor modelines 6436 * 6437 * Local Variables: 6438 * c-basic-offset: 2 6439 * tab-width: 8 6440 * indent-tabs-mode: nil 6441 * End: 6442 * 6443 * ex: set shiftwidth=2 tabstop=8 expandtab: 6444 * :indentSize=2:tabSize=8:noTabs=true: 6445 */ 6446