As the owner name of each NSEC3 record is Base32-encoded, the Next
Hashed Owner Name field in those records should also be displayed in
Base32-encoded form. This enables the user to quickly tell what span of
hashed owner names is covered by a given NSEC3 record.
These display bases work to replace unprintable characters so the
name is a misnomer. In addition they are the same option and this
display behaviour is not something that is configurable.
This does not affect encodings because all our internal text strings
need to be valid UTF-8 and the source encoding is specified using
ENC_*.
Remove the assertion for valid UTF-8 in proto.c because
tvb_get_*_string() must return a valid UTF-8 string, always, and we
don't need to assert that, it is expensive.
A few of them just needed scratch memory, so allocate and free it
manually after doing any exception-raising checks.
A few others were returning memory, and needed conversion to accept a
wmem scope argument.
IXFR and AXFR queries can have multiple DNS responses. As all responses
belong to one transaction, they have the same transaction ID.
We shouldn't handle them as retransmits.
Fix: wireshark/wireshark#17293
Don't handle request/response tracking when pinfo->flags.in_error_pkt
is set (DNS packets contained within ICMP/ICMPv6 error packets).
Fix: wireshark/wireshark#15036
reported by check_typed_proto_items.py
packet-dns.c:1688 proto_tree_add_item called for hf_dns_rr_len - item type is FT_UINT32 but call has len 2
packet-dns.c:1719 proto_tree_add_item called for hf_dns_rr_len - item type is FT_UINT32 but call has len 2
packet-dns.c:2493 proto_tree_add_item called for hf_dns_px_preference - item type is FT_UINT8 but call has len 2
Normal DNS response times are in the milli-seconds range, but are currently
listed as seconds.
It is more readable when msec unit is used instead.
Also the average display is hard coded (%.2f) so under normal conditions it
is currently shown as "0.00".
With this change the average value displayed is more useful and high response
times (retransmissions) stand out more clearly.
While running a test suite of a DNS server, a lot of DNS messages on
non-standard ports were not recognized. Rather than manually discovering
and decoding every port using an iterative process of checking the
output of the `udp and not dns` filter, have some heuristics to detect
DNS messages automatically.
Enable these heuristics by default assuming that the checks are strong
enough, 8 bytes are essentially fixed to a low number of possibilities.
Should it cause issued, then the heuristics could be disabled (assuming
that non-standard DNS ports are uncommon) or strengthened.
* Use parameter names from draft-ietf-dnsop-svcb-https-01 to match the
presentation format. Use keyNNNNN for unknown names in the tree.
* Remove the SvcParams tree and directly display parameters under the
resource record tree. Include the parameter value as well.
* Add odohconfig (draft-pauly-dprive-oblivious-doh-02) support.
* Use the presentation format (base64) for echconfig/odohconfig values.
Adding support for SVCB and HTTPS resource records as defined in
draft-ietf-dnsop-svcb-https-01
Bug: 16715
Change-Id: I631246e32f6cb2c89fc953cef761585adfbb056b
Reviewed-on: https://code.wireshark.org/review/37896
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Adding support for DNS Stateful Operations as defined in RFC8490
Change-Id: I8dc95b53bddef0c6a6cd5e5233d1097e930c473f
Reviewed-on: https://code.wireshark.org/review/37850
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The static arrays are supposed to be arrays of const pointers to int,
not arrays of non-const pointers to const int.
Fixing that means some bugs (scribbling on what's *supposed* to be a
const array) will be caught (see packet-ieee80211-radiotap.c for
examples, the first of which inspired this change and the second of
which was discovered while testing compiles with this change), and
removes the need for some annoying casts.
Also make some of those arrays static while we're at it.
Update documentation and dissector-generator tools.
Change-Id: I789da5fc60aadc15797cefecfd9a9fbe9a130ccc
Reviewed-on: https://code.wireshark.org/review/37517
Petri-Dish: Guy Harris <gharris@sonic.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Prefer:
- html (rather than txt)
- https
Also includes the script check_dissector_urls.py,
that can be used to find links in code and test them.
Change-Id: Iafd8bb8948674a38ad5232bf5b5432ffb2b1251b
Reviewed-on: https://code.wireshark.org/review/36821
Petri-Dish: Martin Mathieson <martin.r.mathieson@googlemail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
This codepoint was not registered in RFC 7858, but requested later by
Jon Reed at 2019-12-12, in "[dns-privacy] ALPN protocol ID for DoT":
Tne primary use case we have is supporting both DoT and DoH on port
443, when port 853 is blocked between clients and the servers (this
is by mutual agreement, as discussed in RFC 7858 § 3.1).
Change-Id: Ic993023eedf6f40565a208033703aa1575710c17
Reviewed-on: https://code.wireshark.org/review/36151
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Following commit c397adda8a there was some missing change
* Some `cur_offset += name_len` instead of `cur_offset += used_bytes`
* Some missing format_text
I took a look at the code after observing a bug with RRSIG record.
The signature in RRSIG was dissecting with some strange offset.
You can easily generate some pcap with those commands
delv @1.1.1.1 A www.cloudflare.com
and/or
dig @1.1.1.1 +dnssec www.cloudflare.com
Change-Id: Ibd6a6248b7497b8409d7797dc320035c8c2d1ed8
Reviewed-on: https://code.wireshark.org/review/36080
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Dario Lombardo <lomato@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Use same format for "Time to live" as for other ttl values by
appending the time_secs_to_str() output to the number of seconds.
Ping-Bug: 16263
Change-Id: Ie55bbf27bf9c44554d391b395d23c478ad401d98
Reviewed-on: https://code.wireshark.org/review/35358
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
Display time to live as formatted by unsigned_time_secs_to_str().
This was removed in g42c52d8612 but the commit message for that change
was "Add more filterable fields around EDNS(0)", with no indication
of this change.
Bug: 16263
Change-Id: Ic21f4a4b18d15efbd770c708e37d6e0c15eee6ce
Reviewed-on: https://code.wireshark.org/review/35355
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
See RFC 2181, section 8 (and RFC 1035 erratum 2130, which notes that
section 3.2.1 says the TTL is signed but section 4.1.3 says it's
unsigned); RFC 2181 section 8 says "unsigned, but avoid sending values
that have the uppermost bit set, and treat values with the uppermost bit
set as a value of 0". (STD 13 = RFC 1034, the "concepts and facilities"
DNS RFC, plus RFC 1035, the "implementation and specification" DNS RFC.)
Change-Id: I9be6ac4f190f62dafbc45d1923a95f8f21306a7d
Reviewed-on: https://code.wireshark.org/review/35343
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Those generated fields are linked to the dns.qry.name field, so highlight
the same bytes.
Bug: 15999
Change-Id: Ia989b79a9ec14140472b79fdf7acea6e67baee68
Reviewed-on: https://code.wireshark.org/review/34299
Petri-Dish: Pascal Quantin <pascal@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Pascal Quantin <pascal@wireshark.org>
Items as SSIG, NSEC and DNSKEY had no descriptive. Add these.
Bug: 15970
Change-Id: I95916e628505c227338346c7aca8ae2dd5050f95
Reviewed-on: https://code.wireshark.org/review/34256
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Martin Mathieson