2 * Routines for DNS packet disassembly
4 * $Id: packet-dns.c,v 1.4 1998/09/27 22:12:28 gerald Exp $
6 * Ethereal - Network traffic analyzer
7 * By Gerald Combs <gerald@zing.org>
8 * Copyright 1998 Gerald Combs
11 * This program is free software; you can redistribute it and/or
12 * modify it under the terms of the GNU General Public License
13 * as published by the Free Software Foundation; either version 2
14 * of the License, or (at your option) any later version.
16 * This program is distributed in the hope that it will be useful,
17 * but WITHOUT ANY WARRANTY; without even the implied warranty of
18 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 * GNU General Public License for more details.
21 * You should have received a copy of the GNU General Public License
22 * along with this program; if not, write to the Free Software
23 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
36 #ifdef HAVE_SYS_TYPES_H
37 # include <sys/types.h>
40 #ifdef HAVE_NETINET_IN_H
41 # include <netinet/in.h>
48 /* DNS structs and definitions */
50 typedef struct _e_dns {
59 #define MAXDNAME 1025 /* maximum domain name */
62 #define T_A 1 /* host address */
63 #define T_NS 2 /* authoritative server */
64 #define T_CNAME 5 /* canonical name */
65 #define T_SOA 6 /* start of authority zone */
66 #define T_WKS 11 /* well known service */
67 #define T_PTR 12 /* domain name pointer */
68 #define T_HINFO 13 /* host information */
69 #define T_MX 15 /* mail routing information */
70 #define T_TXT 16 /* text strings */
71 #define T_AAAA 28 /* IP6 Address */
74 static const u_char *dns_data_ptr;
77 dns_type_name (int type)
79 char *type_names[36] = {
80 "unused", "A", "NS", "MD", "MF", "CNAME", "SOA", "MB", "MG", "MR",
81 "NULL", "WKS", "PTR", "HINFO", "MINFO", "MX", "TXT", "RP", "AFSDB",
82 "X25", "ISDN", "RT", "NSAP", "NSAP_PTR", "SIG", "KEY", "PX", "GPOS",
83 "AAAA", "LOC", "NXT", "EID", "NIMLOC", "SRV", "ATMA", "NAPTR"
87 return type_names[type];
120 dns_class_name(int class)
129 class_name = "chaos";
132 class_name = "hesiod";
135 class_name = "unknown";
143 is_compressed_name(const u_char *foo)
145 return (0xc0 == (*foo & 0xc0));
150 get_compressed_name_offset(const u_char *ptr)
152 return ((*ptr & ~0xc0) << 8) | *(ptr+1);
157 copy_one_name_component(const u_char *dataptr, char *nameptr)
162 len = n = *dataptr++;
167 *nameptr++ = *dataptr++;
174 copy_name_component_rec(const u_char *dataptr, char *nameptr, int *real_string_len)
181 if (is_compressed_name(dataptr)) {
183 offset = get_compressed_name_offset(dataptr);
184 dataptr = dns_data_ptr + offset;
185 copy_name_component_rec(dataptr, nameptr, &str_len);
186 *real_string_len += str_len;
191 str_len = copy_one_name_component(dataptr, nameptr);
192 *real_string_len = str_len;
193 dataptr += str_len + 1;
201 (*real_string_len)++;
205 len += copy_name_component_rec(dataptr, nameptr, &str_len);
206 *real_string_len += str_len;
215 get_dns_name(const u_char *pd, int offset, char *nameptr, int maxname)
218 const u_char *dataptr = pd + offset;
221 memset (nameptr, 0, maxname);
222 len = copy_name_component_rec(dataptr, nameptr, &str_len);
229 get_dns_name_type_class (const u_char *pd,
240 const u_char *pd_save;
242 name_len = get_dns_name(pd, offset, name, sizeof(name));
247 type = (*pd << 8) | *(pd + 1);
249 class = (*pd << 8) | *(pd + 1);
252 strcpy (name_ret, name);
262 dissect_dns_query(const u_char *pd, int offset, GtkWidget *dns_tree)
271 len = get_dns_name_type_class (pd, offset, name, &type, &class);
273 type_name = dns_type_name(type);
274 class_name = dns_class_name(class);
276 add_item_to_tree(dns_tree, offset, len, "%s: type %s, class %s",
277 name, type_name, class_name );
284 dissect_dns_answer(const u_char *pd, int offset, GtkWidget *dns_tree)
293 const u_char *data_start;
294 const u_char *res_ptr;
298 data_start = dptr = pd + offset;
300 len = get_dns_name_type_class (pd, offset, name, &type, &class);
303 /* this works regardless of the alignment */
304 ttl = (*dptr << 24) | *(dptr + 1) << 16 | *(dptr + 2) << 8 | *(dptr + 3);
306 data_len = (*dptr << 8) | *(dptr + 1);
309 type_name = dns_type_name(type);
310 class_name = dns_class_name(class);
313 /* skip the resource data */
316 len = dptr - data_start;
319 case T_A: /* "A" record */
320 add_item_to_tree(dns_tree, offset, len,
321 "%s: type %s, class %s, addr %d.%d.%d.%d",
322 name, type_name, class_name,
323 *res_ptr, *(res_ptr+1), *(res_ptr+2), *(res_ptr+3));
326 case T_NS: /* "NS" record */
328 char ns_name[MAXDNAME];
330 get_dns_name(res_ptr, 0, ns_name, sizeof(ns_name));
331 add_item_to_tree(dns_tree, offset, len,
332 "%s: %s, type %s, class %s",
333 name, ns_name, type_name, class_name);
338 /* TODO: parse more record types */
341 add_item_to_tree(dns_tree, offset, len, "%s: type %s, class %s",
342 name, type_name, class_name);
350 dissect_answer_records(int count, const u_char *pd, int cur_off,
351 GtkWidget *dns_tree, char *name)
354 GtkWidget *qatree, *ti;
356 qatree = gtk_tree_new();
360 cur_off += dissect_dns_answer(pd, cur_off, qatree);
361 ti = add_item_to_tree(GTK_WIDGET(dns_tree), start_off, cur_off - start_off, name);
362 add_subtree(ti, qatree, ETT_DNS_ANS);
364 return cur_off - start_off;
369 dissect_query_records(int count, const u_char *pd,
370 int cur_off, GtkWidget *dns_tree)
373 GtkWidget *qatree, *ti;
375 qatree = gtk_tree_new();
379 cur_off += dissect_dns_query(pd, cur_off, qatree);
380 ti = add_item_to_tree(GTK_WIDGET(dns_tree),
381 start_off, cur_off - start_off, "Queries");
382 add_subtree(ti, qatree, ETT_DNS_QRY);
384 return cur_off - start_off;
390 dissect_dns(const u_char *pd, int offset, frame_data *fd, GtkTree *tree) {
392 GtkWidget *dns_tree, *ti;
393 guint16 id, flags, quest, ans, auth, add;
397 dns_data_ptr = &pd[offset];
398 dh = (e_dns *) dns_data_ptr;
400 /* To do: check for runts, errs, etc. */
401 id = ntohs(dh->dns_id);
402 flags = ntohs(dh->dns_flags);
403 quest = ntohs(dh->dns_quest);
404 ans = ntohs(dh->dns_ans);
405 auth = ntohs(dh->dns_auth);
406 add = ntohs(dh->dns_add);
408 query = ! (flags & (1 << 15));
410 if (fd->win_info[COL_NUM]) {
411 strcpy(fd->win_info[COL_PROTOCOL], "DNS (UDP)");
412 strcpy(fd->win_info[COL_INFO], query ? "Query" : "Response");
416 ti = add_item_to_tree(GTK_WIDGET(tree), offset, 4,
417 query ? "DNS query" : "DNS response");
419 dns_tree = gtk_tree_new();
420 add_subtree(ti, dns_tree, ETT_DNS);
422 add_item_to_tree(dns_tree, offset, 2, "ID: 0x%04x", id);
424 add_item_to_tree(dns_tree, offset + 2, 2, "Flags: 0x%04x", flags);
425 add_item_to_tree(dns_tree, offset + 4, 2, "Questions: %d", quest);
426 add_item_to_tree(dns_tree, offset + 6, 2, "Answer RRs: %d", ans);
427 add_item_to_tree(dns_tree, offset + 8, 2, "Authority RRs: %d", auth);
428 add_item_to_tree(dns_tree, offset + 10, 2, "Additional RRs: %d", add);
430 cur_off = offset + 12;
433 cur_off += dissect_query_records(quest, pd, cur_off, dns_tree);
436 cur_off += dissect_answer_records(ans, pd, cur_off, dns_tree, "Answers");
439 cur_off += dissect_answer_records(auth, pd, cur_off, dns_tree,
440 "Authoritative nameservers");
443 cur_off += dissect_answer_records(add, pd, cur_off, dns_tree,
444 "Additional records");