1998-09-16 02:39:15 +00:00
|
|
|
/* packet-dns.c
|
|
|
|
* Routines for DNS packet disassembly
|
|
|
|
*
|
1998-11-17 04:29:13 +00:00
|
|
|
* $Id: packet-dns.c,v 1.9 1998/11/17 04:28:51 gerald Exp $
|
1998-09-16 03:22:19 +00:00
|
|
|
*
|
1998-09-16 02:39:15 +00:00
|
|
|
* Ethereal - Network traffic analyzer
|
|
|
|
* By Gerald Combs <gerald@zing.org>
|
|
|
|
* Copyright 1998 Gerald Combs
|
|
|
|
*
|
|
|
|
*
|
|
|
|
* This program is free software; you can redistribute it and/or
|
|
|
|
* modify it under the terms of the GNU General Public License
|
|
|
|
* as published by the Free Software Foundation; either version 2
|
|
|
|
* of the License, or (at your option) any later version.
|
|
|
|
*
|
|
|
|
* This program is distributed in the hope that it will be useful,
|
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
* GNU General Public License for more details.
|
|
|
|
*
|
|
|
|
* You should have received a copy of the GNU General Public License
|
|
|
|
* along with this program; if not, write to the Free Software
|
|
|
|
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
|
|
|
|
*/
|
|
|
|
|
|
|
|
#ifdef HAVE_CONFIG_H
|
|
|
|
# include "config.h"
|
|
|
|
#endif
|
|
|
|
|
|
|
|
#include <gtk/gtk.h>
|
|
|
|
|
|
|
|
#include <stdio.h>
|
1998-09-27 22:12:47 +00:00
|
|
|
#include <memory.h>
|
1998-09-16 02:39:15 +00:00
|
|
|
|
|
|
|
#ifdef HAVE_SYS_TYPES_H
|
|
|
|
# include <sys/types.h>
|
|
|
|
#endif
|
|
|
|
|
|
|
|
#ifdef HAVE_NETINET_IN_H
|
|
|
|
# include <netinet/in.h>
|
|
|
|
#endif
|
|
|
|
|
1998-09-27 22:12:47 +00:00
|
|
|
#include "ethereal.h"
|
1998-09-16 02:39:15 +00:00
|
|
|
#include "packet.h"
|
1998-10-14 19:35:00 +00:00
|
|
|
#include "packet-dns.h"
|
1998-09-16 02:39:15 +00:00
|
|
|
|
|
|
|
|
|
|
|
/* DNS structs and definitions */
|
|
|
|
|
|
|
|
typedef struct _e_dns {
|
|
|
|
guint16 dns_id;
|
|
|
|
guint16 dns_flags;
|
|
|
|
guint16 dns_quest;
|
|
|
|
guint16 dns_ans;
|
|
|
|
guint16 dns_auth;
|
|
|
|
guint16 dns_add;
|
|
|
|
} e_dns;
|
|
|
|
|
|
|
|
/* type values */
|
|
|
|
#define T_A 1 /* host address */
|
|
|
|
#define T_NS 2 /* authoritative server */
|
|
|
|
#define T_CNAME 5 /* canonical name */
|
|
|
|
#define T_SOA 6 /* start of authority zone */
|
|
|
|
#define T_WKS 11 /* well known service */
|
|
|
|
#define T_PTR 12 /* domain name pointer */
|
|
|
|
#define T_HINFO 13 /* host information */
|
|
|
|
#define T_MX 15 /* mail routing information */
|
|
|
|
#define T_TXT 16 /* text strings */
|
|
|
|
#define T_AAAA 28 /* IP6 Address */
|
|
|
|
|
|
|
|
|
|
|
|
static char *
|
|
|
|
dns_type_name (int type)
|
|
|
|
{
|
|
|
|
char *type_names[36] = {
|
|
|
|
"unused", "A", "NS", "MD", "MF", "CNAME", "SOA", "MB", "MG", "MR",
|
|
|
|
"NULL", "WKS", "PTR", "HINFO", "MINFO", "MX", "TXT", "RP", "AFSDB",
|
|
|
|
"X25", "ISDN", "RT", "NSAP", "NSAP_PTR", "SIG", "KEY", "PX", "GPOS",
|
|
|
|
"AAAA", "LOC", "NXT", "EID", "NIMLOC", "SRV", "ATMA", "NAPTR"
|
|
|
|
};
|
|
|
|
|
|
|
|
if (type <= 35)
|
|
|
|
return type_names[type];
|
|
|
|
|
|
|
|
/* special cases */
|
|
|
|
switch (type)
|
|
|
|
{
|
|
|
|
/* non standard */
|
|
|
|
case 100:
|
|
|
|
return "UINFO";
|
|
|
|
case 101:
|
|
|
|
return "UID";
|
|
|
|
case 102:
|
|
|
|
return "GID";
|
|
|
|
case 103:
|
|
|
|
return "UNSPEC";
|
|
|
|
|
|
|
|
/* queries */
|
|
|
|
case 251:
|
|
|
|
return "IXFR";
|
|
|
|
case 252:
|
|
|
|
return "AXFR";
|
|
|
|
case 253:
|
|
|
|
return "MAILB";
|
|
|
|
case 254:
|
|
|
|
return "MAILA";
|
|
|
|
case 255:
|
|
|
|
return "ANY";
|
|
|
|
}
|
|
|
|
|
|
|
|
return "unknown";
|
|
|
|
}
|
|
|
|
|
|
|
|
|
1998-10-14 19:35:00 +00:00
|
|
|
char *
|
1998-09-16 02:39:15 +00:00
|
|
|
dns_class_name(int class)
|
|
|
|
{
|
|
|
|
char *class_name;
|
|
|
|
|
|
|
|
switch (class) {
|
|
|
|
case 1:
|
|
|
|
class_name = "inet";
|
|
|
|
break;
|
|
|
|
case 3:
|
|
|
|
class_name = "chaos";
|
|
|
|
break;
|
|
|
|
case 4:
|
|
|
|
class_name = "hesiod";
|
|
|
|
break;
|
|
|
|
default:
|
|
|
|
class_name = "unknown";
|
|
|
|
}
|
|
|
|
|
|
|
|
return class_name;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
static int
|
|
|
|
is_compressed_name(const u_char *foo)
|
|
|
|
{
|
|
|
|
return (0xc0 == (*foo & 0xc0));
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
static int
|
|
|
|
get_compressed_name_offset(const u_char *ptr)
|
|
|
|
{
|
|
|
|
return ((*ptr & ~0xc0) << 8) | *(ptr+1);
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
static int
|
|
|
|
copy_one_name_component(const u_char *dataptr, char *nameptr)
|
|
|
|
{
|
|
|
|
int len;
|
|
|
|
int n;
|
|
|
|
|
|
|
|
len = n = *dataptr++;
|
|
|
|
if (0 == len)
|
|
|
|
return 0;
|
|
|
|
|
|
|
|
while (n-- > 0)
|
|
|
|
*nameptr++ = *dataptr++;
|
|
|
|
|
|
|
|
return len;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
static int
|
1998-10-14 19:35:00 +00:00
|
|
|
copy_name_component_rec(const u_char *dns_data_ptr, const u_char *dataptr,
|
|
|
|
char *nameptr, int *real_string_len)
|
1998-09-16 02:39:15 +00:00
|
|
|
{
|
|
|
|
int len = 0;
|
|
|
|
int str_len;
|
|
|
|
int offset;
|
|
|
|
int compress = 0;
|
|
|
|
|
|
|
|
if (is_compressed_name(dataptr)) {
|
|
|
|
compress = 1;
|
|
|
|
offset = get_compressed_name_offset(dataptr);
|
|
|
|
dataptr = dns_data_ptr + offset;
|
1998-10-14 19:35:00 +00:00
|
|
|
copy_name_component_rec(dns_data_ptr, dataptr, nameptr, &str_len);
|
1998-09-16 02:39:15 +00:00
|
|
|
*real_string_len += str_len;
|
|
|
|
nameptr += str_len;
|
|
|
|
len = 2;
|
|
|
|
}
|
|
|
|
else {
|
|
|
|
str_len = copy_one_name_component(dataptr, nameptr);
|
|
|
|
*real_string_len = str_len;
|
|
|
|
dataptr += str_len + 1;
|
|
|
|
len += str_len + 1;
|
|
|
|
nameptr += str_len;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (compress)
|
|
|
|
return len;
|
|
|
|
|
|
|
|
(*real_string_len)++;
|
|
|
|
|
|
|
|
if (*dataptr > 0) {
|
|
|
|
*nameptr++ = '.';
|
1998-10-14 19:35:00 +00:00
|
|
|
len += copy_name_component_rec(dns_data_ptr, dataptr, nameptr, &str_len);
|
1998-09-16 02:39:15 +00:00
|
|
|
*real_string_len += str_len;
|
|
|
|
return len;
|
|
|
|
}
|
|
|
|
|
|
|
|
return len + 1;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
1998-10-14 19:35:00 +00:00
|
|
|
int
|
|
|
|
get_dns_name(const u_char *dns_data_ptr, const u_char *pd, int offset,
|
|
|
|
char *nameptr, int maxname)
|
1998-09-16 02:39:15 +00:00
|
|
|
{
|
|
|
|
int len;
|
|
|
|
const u_char *dataptr = pd + offset;
|
|
|
|
int str_len = 0;
|
|
|
|
|
|
|
|
memset (nameptr, 0, maxname);
|
1998-10-14 19:35:00 +00:00
|
|
|
len = copy_name_component_rec(dns_data_ptr, dataptr, nameptr, &str_len);
|
1998-09-16 02:39:15 +00:00
|
|
|
|
|
|
|
return len;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
static int
|
1998-10-14 19:35:00 +00:00
|
|
|
get_dns_name_type_class (const u_char *dns_data_ptr,
|
|
|
|
const u_char *pd,
|
1998-09-16 02:39:15 +00:00
|
|
|
int offset,
|
1998-10-14 19:35:00 +00:00
|
|
|
char *name_ret,
|
|
|
|
int *name_len_ret,
|
1998-09-16 02:39:15 +00:00
|
|
|
int *type_ret,
|
|
|
|
int *class_ret)
|
|
|
|
{
|
|
|
|
int len;
|
|
|
|
int name_len;
|
|
|
|
int type;
|
|
|
|
int class;
|
|
|
|
char name[MAXDNAME];
|
|
|
|
const u_char *pd_save;
|
|
|
|
|
1998-10-14 19:35:00 +00:00
|
|
|
name_len = get_dns_name(dns_data_ptr, pd, offset, name, sizeof(name));
|
1998-09-16 02:39:15 +00:00
|
|
|
pd += offset;
|
|
|
|
pd_save = pd;
|
|
|
|
pd += name_len;
|
|
|
|
|
1998-10-14 19:35:00 +00:00
|
|
|
type = pntohs(pd);
|
1998-09-16 02:39:15 +00:00
|
|
|
pd += 2;
|
1998-10-14 19:35:00 +00:00
|
|
|
class = pntohs(pd);
|
1998-09-16 02:39:15 +00:00
|
|
|
pd += 2;
|
|
|
|
|
|
|
|
strcpy (name_ret, name);
|
|
|
|
*type_ret = type;
|
|
|
|
*class_ret = class;
|
1998-10-14 19:35:00 +00:00
|
|
|
*name_len_ret = name_len;
|
1998-09-16 02:39:15 +00:00
|
|
|
|
|
|
|
len = pd - pd_save;
|
|
|
|
return len;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
static int
|
1998-10-14 19:35:00 +00:00
|
|
|
dissect_dns_query(const u_char *dns_data_ptr, const u_char *pd, int offset,
|
|
|
|
GtkWidget *dns_tree)
|
1998-09-16 02:39:15 +00:00
|
|
|
{
|
|
|
|
int len;
|
|
|
|
char name[MAXDNAME];
|
1998-10-14 19:35:00 +00:00
|
|
|
int name_len;
|
1998-09-16 02:39:15 +00:00
|
|
|
int type;
|
|
|
|
int class;
|
|
|
|
char *class_name;
|
|
|
|
char *type_name;
|
1998-10-14 19:35:00 +00:00
|
|
|
const u_char *dptr;
|
|
|
|
const u_char *data_start;
|
1998-10-15 06:40:51 +00:00
|
|
|
GtkWidget *q_tree, *tq;
|
1998-09-16 02:39:15 +00:00
|
|
|
|
1998-10-14 19:35:00 +00:00
|
|
|
data_start = dptr = pd + offset;
|
|
|
|
|
|
|
|
len = get_dns_name_type_class(dns_data_ptr, pd, offset, name, &name_len,
|
|
|
|
&type, &class);
|
|
|
|
dptr += len;
|
|
|
|
|
1998-10-15 06:40:51 +00:00
|
|
|
type_name = dns_type_name(type);
|
|
|
|
class_name = dns_class_name(class);
|
|
|
|
|
|
|
|
tq = add_item_to_tree(dns_tree, offset, len, "%s: type %s, class %s",
|
|
|
|
name, type_name, class_name);
|
|
|
|
q_tree = gtk_tree_new();
|
|
|
|
add_subtree(tq, q_tree, ETT_DNS_QD);
|
|
|
|
|
|
|
|
add_item_to_tree(q_tree, offset, name_len, "Name: %s", name);
|
1998-10-14 19:35:00 +00:00
|
|
|
offset += name_len;
|
1998-09-16 02:39:15 +00:00
|
|
|
|
1998-10-15 06:40:51 +00:00
|
|
|
add_item_to_tree(q_tree, offset, 2, "Type: %s", type_name);
|
1998-10-14 19:35:00 +00:00
|
|
|
offset += 2;
|
|
|
|
|
1998-10-15 06:40:51 +00:00
|
|
|
add_item_to_tree(q_tree, offset, 2, "Class: %s", class_name);
|
1998-10-14 19:35:00 +00:00
|
|
|
offset += 2;
|
1998-09-16 02:39:15 +00:00
|
|
|
|
1998-10-14 19:35:00 +00:00
|
|
|
return dptr - data_start;
|
1998-09-16 02:39:15 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
1998-10-14 19:35:00 +00:00
|
|
|
GtkWidget *
|
|
|
|
add_rr_to_tree(GtkWidget *trr, int rr_type, int offset, const char *name,
|
|
|
|
int namelen, const char *type_name, const char *class_name, u_int ttl,
|
|
|
|
u_short data_len)
|
|
|
|
{
|
|
|
|
GtkWidget *rr_tree;
|
|
|
|
|
|
|
|
rr_tree = gtk_tree_new();
|
|
|
|
add_subtree(trr, rr_tree, rr_type);
|
|
|
|
add_item_to_tree(rr_tree, offset, namelen, "Name: %s", name);
|
|
|
|
offset += namelen;
|
|
|
|
add_item_to_tree(rr_tree, offset, 2, "Type: %s", type_name);
|
|
|
|
offset += 2;
|
|
|
|
add_item_to_tree(rr_tree, offset, 2, "Class: %s", class_name);
|
|
|
|
offset += 2;
|
|
|
|
add_item_to_tree(rr_tree, offset, 4, "Time to live: %u", ttl);
|
|
|
|
offset += 4;
|
|
|
|
add_item_to_tree(rr_tree, offset, 2, "Data length: %u", data_len);
|
|
|
|
return rr_tree;
|
|
|
|
}
|
|
|
|
|
1998-09-16 02:39:15 +00:00
|
|
|
static int
|
1998-10-14 19:35:00 +00:00
|
|
|
dissect_dns_answer(const u_char *dns_data_ptr, const u_char *pd, int offset,
|
|
|
|
GtkWidget *dns_tree)
|
1998-09-16 02:39:15 +00:00
|
|
|
{
|
|
|
|
int len;
|
|
|
|
char name[MAXDNAME];
|
1998-10-14 19:35:00 +00:00
|
|
|
int name_len;
|
1998-09-16 02:39:15 +00:00
|
|
|
int type;
|
|
|
|
int class;
|
|
|
|
char *class_name;
|
|
|
|
char *type_name;
|
|
|
|
const u_char *dptr;
|
|
|
|
const u_char *data_start;
|
|
|
|
u_int ttl;
|
|
|
|
u_short data_len;
|
1998-10-14 19:35:00 +00:00
|
|
|
GtkWidget *rr_tree, *trr;
|
1998-09-16 02:39:15 +00:00
|
|
|
|
|
|
|
data_start = dptr = pd + offset;
|
|
|
|
|
1998-10-14 19:35:00 +00:00
|
|
|
len = get_dns_name_type_class(dns_data_ptr, pd, offset, name, &name_len,
|
|
|
|
&type, &class);
|
1998-09-16 02:39:15 +00:00
|
|
|
dptr += len;
|
|
|
|
|
|
|
|
type_name = dns_type_name(type);
|
|
|
|
class_name = dns_class_name(class);
|
|
|
|
|
1998-10-14 19:35:00 +00:00
|
|
|
ttl = pntohl(dptr);
|
|
|
|
dptr += 4;
|
|
|
|
|
|
|
|
data_len = pntohs(dptr);
|
|
|
|
dptr += 2;
|
|
|
|
|
1998-09-16 02:39:15 +00:00
|
|
|
switch (type) {
|
|
|
|
case T_A: /* "A" record */
|
1998-10-14 19:35:00 +00:00
|
|
|
trr = add_item_to_tree(dns_tree, offset, (dptr - data_start) + data_len,
|
1998-10-14 22:37:02 +00:00
|
|
|
"%s: type %s, class %s, addr %s",
|
1998-09-16 02:39:15 +00:00
|
|
|
name, type_name, class_name,
|
1998-10-14 22:37:02 +00:00
|
|
|
ip_to_str((guint8 *)dptr));
|
1998-10-14 19:35:00 +00:00
|
|
|
rr_tree = add_rr_to_tree(trr, ETT_DNS_RR, offset, name, name_len, type_name,
|
|
|
|
class_name, ttl, data_len);
|
|
|
|
offset += (dptr - data_start);
|
1998-10-14 22:37:02 +00:00
|
|
|
add_item_to_tree(rr_tree, offset, 4, "Addr: %s",
|
|
|
|
ip_to_str((guint8 *)dptr));
|
1998-09-16 02:39:15 +00:00
|
|
|
break;
|
|
|
|
|
|
|
|
case T_NS: /* "NS" record */
|
|
|
|
{
|
|
|
|
char ns_name[MAXDNAME];
|
1998-10-14 19:35:00 +00:00
|
|
|
int ns_name_len;
|
1998-09-16 02:39:15 +00:00
|
|
|
|
1998-10-14 19:35:00 +00:00
|
|
|
ns_name_len = get_dns_name(dns_data_ptr, dptr, 0, ns_name, sizeof(ns_name));
|
|
|
|
trr = add_item_to_tree(dns_tree, offset, (dptr - data_start) + data_len,
|
|
|
|
"%s: type %s, class %s, ns %s",
|
|
|
|
name, type_name, class_name, ns_name);
|
|
|
|
rr_tree = add_rr_to_tree(trr, ETT_DNS_RR, offset, name, name_len,
|
|
|
|
type_name, class_name, ttl, data_len);
|
|
|
|
offset += (dptr - data_start);
|
|
|
|
add_item_to_tree(rr_tree, offset, ns_name_len, "Name server: %s", ns_name);
|
1998-09-16 02:39:15 +00:00
|
|
|
}
|
|
|
|
break;
|
|
|
|
|
|
|
|
/* TODO: parse more record types */
|
|
|
|
|
1998-10-14 19:35:00 +00:00
|
|
|
default:
|
|
|
|
trr = add_item_to_tree(dns_tree, offset, (dptr - data_start) + data_len,
|
|
|
|
"%s: type %s, class %s",
|
1998-09-16 02:39:15 +00:00
|
|
|
name, type_name, class_name);
|
1998-10-14 19:35:00 +00:00
|
|
|
rr_tree = add_rr_to_tree(trr, ETT_DNS_RR, offset, name, name_len, type_name,
|
|
|
|
class_name, ttl, data_len);
|
|
|
|
offset += (dptr - data_start);
|
|
|
|
add_item_to_tree(rr_tree, offset, data_len, "Data");
|
1998-09-16 02:39:15 +00:00
|
|
|
}
|
|
|
|
|
1998-10-14 19:35:00 +00:00
|
|
|
dptr += data_len;
|
|
|
|
|
|
|
|
return dptr - data_start;
|
1998-09-16 02:39:15 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
static int
|
1998-10-14 19:35:00 +00:00
|
|
|
dissect_query_records(const u_char *dns_data_ptr, int count, const u_char *pd,
|
|
|
|
int cur_off, GtkWidget *dns_tree)
|
1998-09-16 02:39:15 +00:00
|
|
|
{
|
|
|
|
int start_off;
|
|
|
|
GtkWidget *qatree, *ti;
|
|
|
|
|
|
|
|
qatree = gtk_tree_new();
|
|
|
|
start_off = cur_off;
|
1998-10-14 19:35:00 +00:00
|
|
|
|
1998-09-16 02:39:15 +00:00
|
|
|
while (count-- > 0)
|
1998-10-14 19:35:00 +00:00
|
|
|
cur_off += dissect_dns_query(dns_data_ptr, pd, cur_off, qatree);
|
|
|
|
ti = add_item_to_tree(GTK_WIDGET(dns_tree),
|
|
|
|
start_off, cur_off - start_off, "Queries");
|
|
|
|
add_subtree(ti, qatree, ETT_DNS_QRY);
|
1998-09-16 02:39:15 +00:00
|
|
|
|
|
|
|
return cur_off - start_off;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
1998-10-14 19:35:00 +00:00
|
|
|
|
1998-09-16 02:39:15 +00:00
|
|
|
static int
|
1998-10-14 19:35:00 +00:00
|
|
|
dissect_answer_records(const u_char *dns_data_ptr, int count,
|
|
|
|
const u_char *pd, int cur_off, GtkWidget *dns_tree,
|
|
|
|
char *name)
|
1998-09-16 02:39:15 +00:00
|
|
|
{
|
|
|
|
int start_off;
|
|
|
|
GtkWidget *qatree, *ti;
|
|
|
|
|
|
|
|
qatree = gtk_tree_new();
|
|
|
|
start_off = cur_off;
|
1998-10-14 19:35:00 +00:00
|
|
|
|
1998-09-16 02:39:15 +00:00
|
|
|
while (count-- > 0)
|
1998-10-14 19:35:00 +00:00
|
|
|
cur_off += dissect_dns_answer(dns_data_ptr, pd, cur_off, qatree);
|
|
|
|
ti = add_item_to_tree(GTK_WIDGET(dns_tree), start_off, cur_off - start_off, name);
|
|
|
|
add_subtree(ti, qatree, ETT_DNS_ANS);
|
1998-09-16 02:39:15 +00:00
|
|
|
|
|
|
|
return cur_off - start_off;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
void
|
|
|
|
dissect_dns(const u_char *pd, int offset, frame_data *fd, GtkTree *tree) {
|
1998-10-14 19:35:00 +00:00
|
|
|
const u_char *dns_data_ptr;
|
1998-09-16 02:39:15 +00:00
|
|
|
e_dns *dh;
|
|
|
|
GtkWidget *dns_tree, *ti;
|
|
|
|
guint16 id, flags, quest, ans, auth, add;
|
|
|
|
int query = 0;
|
|
|
|
int cur_off;
|
|
|
|
|
|
|
|
dns_data_ptr = &pd[offset];
|
|
|
|
dh = (e_dns *) dns_data_ptr;
|
|
|
|
|
|
|
|
/* To do: check for runts, errs, etc. */
|
|
|
|
id = ntohs(dh->dns_id);
|
|
|
|
flags = ntohs(dh->dns_flags);
|
|
|
|
quest = ntohs(dh->dns_quest);
|
|
|
|
ans = ntohs(dh->dns_ans);
|
|
|
|
auth = ntohs(dh->dns_auth);
|
|
|
|
add = ntohs(dh->dns_add);
|
|
|
|
|
|
|
|
query = ! (flags & (1 << 15));
|
|
|
|
|
1998-11-17 04:29:13 +00:00
|
|
|
if (check_col(fd, COL_PROTOCOL))
|
|
|
|
col_add_str(fd, COL_PROTOCOL, "DNS (UDP)");
|
|
|
|
if (check_col(fd, COL_INFO))
|
|
|
|
col_add_str(fd, COL_INFO, query ? "Query" : "Response");
|
1998-09-16 02:39:15 +00:00
|
|
|
|
|
|
|
if (tree) {
|
1998-09-27 22:12:47 +00:00
|
|
|
ti = add_item_to_tree(GTK_WIDGET(tree), offset, 4,
|
1998-09-16 02:39:15 +00:00
|
|
|
query ? "DNS query" : "DNS response");
|
|
|
|
|
|
|
|
dns_tree = gtk_tree_new();
|
|
|
|
add_subtree(ti, dns_tree, ETT_DNS);
|
|
|
|
|
|
|
|
add_item_to_tree(dns_tree, offset, 2, "ID: 0x%04x", id);
|
|
|
|
|
|
|
|
add_item_to_tree(dns_tree, offset + 2, 2, "Flags: 0x%04x", flags);
|
|
|
|
add_item_to_tree(dns_tree, offset + 4, 2, "Questions: %d", quest);
|
|
|
|
add_item_to_tree(dns_tree, offset + 6, 2, "Answer RRs: %d", ans);
|
|
|
|
add_item_to_tree(dns_tree, offset + 8, 2, "Authority RRs: %d", auth);
|
|
|
|
add_item_to_tree(dns_tree, offset + 10, 2, "Additional RRs: %d", add);
|
|
|
|
|
|
|
|
cur_off = offset + 12;
|
|
|
|
|
|
|
|
if (quest > 0)
|
1998-10-14 19:35:00 +00:00
|
|
|
cur_off += dissect_query_records(dns_data_ptr, quest, pd, cur_off,
|
|
|
|
dns_tree);
|
1998-09-16 02:39:15 +00:00
|
|
|
|
|
|
|
if (ans > 0)
|
1998-10-14 19:35:00 +00:00
|
|
|
cur_off += dissect_answer_records(dns_data_ptr, ans, pd, cur_off,
|
|
|
|
dns_tree, "Answers");
|
1998-09-16 02:39:15 +00:00
|
|
|
|
|
|
|
if (auth > 0)
|
1998-10-14 19:35:00 +00:00
|
|
|
cur_off += dissect_answer_records(dns_data_ptr, auth, pd, cur_off,
|
|
|
|
dns_tree, "Authoritative nameservers");
|
1998-09-16 02:39:15 +00:00
|
|
|
|
|
|
|
if (add > 0)
|
1998-10-14 19:35:00 +00:00
|
|
|
cur_off += dissect_answer_records(dns_data_ptr, add, pd, cur_off,
|
|
|
|
dns_tree, "Additional records");
|
1998-09-16 02:39:15 +00:00
|
|
|
}
|
|
|
|
}
|