IXFR and AXFR queries can have multiple DNS responses. As all responses
belong to one transaction, they have the same transaction ID.
We shouldn't handle them as retransmits.
Fix: wireshark/wireshark#17293
Don't handle request/response tracking when pinfo->flags.in_error_pkt
is set (DNS packets contained within ICMP/ICMPv6 error packets).
Fix: wireshark/wireshark#15036
reported by check_typed_proto_items.py
packet-dns.c:1688 proto_tree_add_item called for hf_dns_rr_len - item type is FT_UINT32 but call has len 2
packet-dns.c:1719 proto_tree_add_item called for hf_dns_rr_len - item type is FT_UINT32 but call has len 2
packet-dns.c:2493 proto_tree_add_item called for hf_dns_px_preference - item type is FT_UINT8 but call has len 2
Normal DNS response times are in the milli-seconds range, but are currently
listed as seconds.
It is more readable when msec unit is used instead.
Also the average display is hard coded (%.2f) so under normal conditions it
is currently shown as "0.00".
With this change the average value displayed is more useful and high response
times (retransmissions) stand out more clearly.
While running a test suite of a DNS server, a lot of DNS messages on
non-standard ports were not recognized. Rather than manually discovering
and decoding every port using an iterative process of checking the
output of the `udp and not dns` filter, have some heuristics to detect
DNS messages automatically.
Enable these heuristics by default assuming that the checks are strong
enough, 8 bytes are essentially fixed to a low number of possibilities.
Should it cause issued, then the heuristics could be disabled (assuming
that non-standard DNS ports are uncommon) or strengthened.
* Use parameter names from draft-ietf-dnsop-svcb-https-01 to match the
presentation format. Use keyNNNNN for unknown names in the tree.
* Remove the SvcParams tree and directly display parameters under the
resource record tree. Include the parameter value as well.
* Add odohconfig (draft-pauly-dprive-oblivious-doh-02) support.
* Use the presentation format (base64) for echconfig/odohconfig values.
Adding support for SVCB and HTTPS resource records as defined in
draft-ietf-dnsop-svcb-https-01
Bug: 16715
Change-Id: I631246e32f6cb2c89fc953cef761585adfbb056b
Reviewed-on: https://code.wireshark.org/review/37896
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Adding support for DNS Stateful Operations as defined in RFC8490
Change-Id: I8dc95b53bddef0c6a6cd5e5233d1097e930c473f
Reviewed-on: https://code.wireshark.org/review/37850
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The static arrays are supposed to be arrays of const pointers to int,
not arrays of non-const pointers to const int.
Fixing that means some bugs (scribbling on what's *supposed* to be a
const array) will be caught (see packet-ieee80211-radiotap.c for
examples, the first of which inspired this change and the second of
which was discovered while testing compiles with this change), and
removes the need for some annoying casts.
Also make some of those arrays static while we're at it.
Update documentation and dissector-generator tools.
Change-Id: I789da5fc60aadc15797cefecfd9a9fbe9a130ccc
Reviewed-on: https://code.wireshark.org/review/37517
Petri-Dish: Guy Harris <gharris@sonic.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Prefer:
- html (rather than txt)
- https
Also includes the script check_dissector_urls.py,
that can be used to find links in code and test them.
Change-Id: Iafd8bb8948674a38ad5232bf5b5432ffb2b1251b
Reviewed-on: https://code.wireshark.org/review/36821
Petri-Dish: Martin Mathieson <martin.r.mathieson@googlemail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
This codepoint was not registered in RFC 7858, but requested later by
Jon Reed at 2019-12-12, in "[dns-privacy] ALPN protocol ID for DoT":
Tne primary use case we have is supporting both DoT and DoH on port
443, when port 853 is blocked between clients and the servers (this
is by mutual agreement, as discussed in RFC 7858 § 3.1).
Change-Id: Ic993023eedf6f40565a208033703aa1575710c17
Reviewed-on: https://code.wireshark.org/review/36151
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Following commit c397adda8a there was some missing change
* Some `cur_offset += name_len` instead of `cur_offset += used_bytes`
* Some missing format_text
I took a look at the code after observing a bug with RRSIG record.
The signature in RRSIG was dissecting with some strange offset.
You can easily generate some pcap with those commands
delv @1.1.1.1 A www.cloudflare.com
and/or
dig @1.1.1.1 +dnssec www.cloudflare.com
Change-Id: Ibd6a6248b7497b8409d7797dc320035c8c2d1ed8
Reviewed-on: https://code.wireshark.org/review/36080
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Dario Lombardo <lomato@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Use same format for "Time to live" as for other ttl values by
appending the time_secs_to_str() output to the number of seconds.
Ping-Bug: 16263
Change-Id: Ie55bbf27bf9c44554d391b395d23c478ad401d98
Reviewed-on: https://code.wireshark.org/review/35358
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
Display time to live as formatted by unsigned_time_secs_to_str().
This was removed in g42c52d8612 but the commit message for that change
was "Add more filterable fields around EDNS(0)", with no indication
of this change.
Bug: 16263
Change-Id: Ic21f4a4b18d15efbd770c708e37d6e0c15eee6ce
Reviewed-on: https://code.wireshark.org/review/35355
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
See RFC 2181, section 8 (and RFC 1035 erratum 2130, which notes that
section 3.2.1 says the TTL is signed but section 4.1.3 says it's
unsigned); RFC 2181 section 8 says "unsigned, but avoid sending values
that have the uppermost bit set, and treat values with the uppermost bit
set as a value of 0". (STD 13 = RFC 1034, the "concepts and facilities"
DNS RFC, plus RFC 1035, the "implementation and specification" DNS RFC.)
Change-Id: I9be6ac4f190f62dafbc45d1923a95f8f21306a7d
Reviewed-on: https://code.wireshark.org/review/35343
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Those generated fields are linked to the dns.qry.name field, so highlight
the same bytes.
Bug: 15999
Change-Id: Ia989b79a9ec14140472b79fdf7acea6e67baee68
Reviewed-on: https://code.wireshark.org/review/34299
Petri-Dish: Pascal Quantin <pascal@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Pascal Quantin <pascal@wireshark.org>
Items as SSIG, NSEC and DNSKEY had no descriptive. Add these.
Bug: 15970
Change-Id: I95916e628505c227338346c7aca8ae2dd5050f95
Reviewed-on: https://code.wireshark.org/review/34256
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
This allows taps that can fail to report an error and fail; a failed
tap's packet routine won't be called again, so they don't have to keep
track of whether they've failed themselves.
We make the return value from the packet routine an enum.
Don't have a separate type for the per-packet routine for "follow" taps;
they're expected to act like tap packet routines, so just use the type
for tap packet routines.
One tap packet routine returned -1; that's not a valid return value, and
wasn't one before this change (the return value was a boolean), so
presume the intent was "don't redraw".
Another tap routine's early return, without doing any work, returned
TRUE; this is presumably an error (no work done, no need to redraw), so
presumably it should be "don't redraw".
Clean up some white space while we're at it.
Change-Id: Ia7d2b717b2cace4b13c2b886e699aa4d79cc82c8
Reviewed-on: https://code.wireshark.org/review/31283
Reviewed-by: Guy Harris <guy@alum.mit.edu>
This keeps it in the same resolution as the dns.time field.
Ping-Bug: 15382
Change-Id: Ibacf8761819c0fac2e87fa147f7381336ce5cb39
Reviewed-on: https://code.wireshark.org/review/31223
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
Bug: 4234
Change-Id: Ibd59809b2dd9890a7851eb57ef7af384e280a74b
Reviewed-on: https://code.wireshark.org/review/31222
Reviewed-by: Michael Mann <mmann78@netscape.net>
The stat tree API only supports 32-bit integers and if nanosecond resolution
is used correctly it's easy to hit integer overflow issues on even a fairly
small capture file trying to sum up response times.
Bug: 15382
Change-Id: I15d2cfbdbec7b0bef2bcfe1afe4f6eb6fc1d2456
Reviewed-on: https://code.wireshark.org/review/31217
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Make the time stamp precision a 4-bit bitfield, so, when combined with
the other bitfields, we have 32 bits. That means we put the flags at
the same structure level as the time stamp precision, so they can be
combined; that gets rid of an extra "flags." for references to the flags.
Put the two pointers next to each other, and after a multiple of 8 bytes
worth of other fields, so that there's no padding before or between them.
It's still not down to 64 bytes, which is the next lower power of 2, so
there's more work to do.
Change-Id: I6f3e9d9f6f48137bbee8f100c152d2c42adb8fbe
Reviewed-on: https://code.wireshark.org/review/31213
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Handle DoH messages specially, use the HTTP/2 Stream ID for matching
requests with responses. Fixes misleading "retransmission" expert infos
and properly link (successive) requests with (out-of-order) responses.
Change the "Protocol" column to "DoH" while at it.
Change-Id: I42b22c5c8560ee029051dcb3561e188572a4245f
Ping-Bug: 14433
Reviewed-on: https://code.wireshark.org/review/29889
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
This is required for the latest version. The message type "dns/message"
was briefly used in draft -06, but it was changed in the next version.
Change-Id: If26e367b71b7e270cad2f61eaee76041f530273c
Ping-Bug: 14433
Reviewed-on: https://code.wireshark.org/review/29887
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Rename packet-ssl{,-utils}.[ch] to packet-tls{,-utils}.[ch].
Change-Id: I4732162ec131ddf0734b3dd191ccc9e48a76ce06
Reviewed-on: https://code.wireshark.org/review/29659
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
"maxname" is the size of the buffer which also includes the "null
label" (represented by the NUL byte). Do not write this past the end.
Bug: 14955
Change-Id: I51e2237741807aded7ffb82c178d7d7ce5123f78
Fixes: v2.9.0rc0-1142-g53e04b621c ("DNS: fix in expand_dns_name")
Reviewed-on: https://code.wireshark.org/review/28657
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Erika Szelleová <szelleerika@gmail.com>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
The function parsed the DNS name correctly, however, it did not indicate
that a given name is too long (more than MAX_DNAME_LEN bytes).
Bug: 14041
Change-Id: I4078db488a814ca2114c725d1a17e3ef757843c5
Reviewed-on: https://code.wireshark.org/review/28410
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
This allows code to initialize them without having to know the details
of the structure; the initializes should, and will, be changed if the
members of the structure are changed.
Change-Id: I93e6ebfcde9ceca17df696fcba4e8410c5afb175
Reviewed-on: https://code.wireshark.org/review/28501
Reviewed-by: Guy Harris <guy@alum.mit.edu>
According to RFC1035 there are limitations on the maximum length of DNS
names. The maximum length in the code was defined as 1025, this commit
changes it to 255. Also a new macro is introduced which holds the
minimum length of a DNS name.
Bug: 14041
Change-Id: Ic63b332b2a357e33728df183c05ab0e222faf13f
Reviewed-on: https://code.wireshark.org/review/28309
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Dario Lombardo <lomato@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Per RFC 2782, the name should follow the "_Service._Proto.Name" format.
If a malformed packet does not adhere to this and provides a zero-length
name, then wmem_strsplit returns NULL.
Bug: 14681
Change-Id: I7b9935238a9800a1526c8b694fd2c63d3b488d0b
Link: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=7416
Reviewed-on: https://code.wireshark.org/review/27499
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add 8-bit, 16-bit, 24-bit, and 32-bit "fetch signed value" routines, and
use them rather than casting the result of the 8/16/24/32-bit "fetch
unsigned value" routines to a signed type (which, BTW, isn't sufficient
for 24-bit values, so this appears to fix a bug
in epan/dissectors/packet-zbee-zcl.c).
Use numbers rather than sizeof()s in various tvb_get_ routines.
Change-Id: I0e48a57fac9f70fe42de815c3fa915f1592548bd
Reviewed-on: https://code.wireshark.org/review/26844
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The expand_dns_name() function is not used outside of the DNS dissector
(any more?). Remove the function declaration from the public header
file, make the function internal.
Change-Id: Ibba81fa68a0dfd195ca3bbfca3eca20c39cc01f4
Reviewed-on: https://code.wireshark.org/review/26698
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Uli Heilmeier