search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Revert "TODO epan/dissectors/asn1/kerberos/packet-kerberos-template.c new GSS flags"
[wireshark-sm.git] / epan / dissectors / packet-dns.c
bloba6b39d58281c2a0365a4ef7a9878f0dc580a7866
1 /* packet-dns.c
2 * Routines for DNS packet disassembly
3 * Copyright 2004, Nicolas DICHTEL - 6WIND - <nicolas.dichtel@6wind.com>
4 *
5 * Wireshark - Network traffic analyzer
6 * By Gerald Combs <gerald@wireshark.org>
7 * Copyright 1998 Gerald Combs
8 *
9 * SPDX-License-Identifier: GPL-2.0-or-later
10 */
11
12 /*
13 * RFC 1034, RFC 1035
14 * RFC 2136 for dynamic DNS
15 * https://datatracker.ietf.org/doc/draft-cheshire-dnsext-multicastdns/
16 * for multicast DNS
17 * RFC 4795 for link-local multicast name resolution (LLMNR)
18 *
19 * For the TTL field, see also:
20 *
21 * RFC 1035 erratum 2130:
22 *
23 * https://www.rfc-editor.org/errata/eid2130
24 *
25 * RFC 2181, section 8:
26 *
27 * https://tools.ietf.org/html/rfc2181#section-8
28 *
29 * RFC 1035 said, in section 3.2.1, that the TTL is "a 32 bit signed
30 * integer" but said, in section 4.1.3, that it's "a 32 bit unsigned
31 * integer"; the erratum notes this
32 *
33 * RFC 2181 says of this:
34 *
35 * The definition of values appropriate to the TTL field in STD 13 is
36 * not as clear as it could be, with respect to how many significant
37 * bits exist, and whether the value is signed or unsigned. It is
38 * hereby specified that a TTL value is an unsigned number, with a
39 * minimum value of 0, and a maximum value of 2147483647. That is, a
40 * maximum of 2^31 - 1. When transmitted, this value shall be encoded
41 * in the less significant 31 bits of the 32 bit TTL field, with the
42 * most significant, or sign, bit set to zero.
43 *
44 * Implementations should treat TTL values received with the most
45 * significant bit set as if the entire value received was zero.
46 *
47 * Implementations are always free to place an upper bound on any TTL
48 * received, and treat any larger values as if they were that upper
49 * bound. The TTL specifies a maximum time to live, not a mandatory
50 * time to live.
51 *
52 * so its resolution is 1) it's unsigned but 2) don't use the uppermost
53 * bit, presumably to avoid problems with implementations that were based
54 * on section 3.2.1 of RFC 1035 rather than on section 4.1.3 of RFC 1035.
55 */
56
57 #include "config.h"
58
59
60 #include <epan/packet.h>
61 #include <epan/exceptions.h>
62 #include <epan/ipproto.h>
63 #include <epan/addr_resolv.h>
64 #include "packet-dns.h"
65 #include "packet-tcp.h"
66 #include "packet-ip.h"
67 #include <epan/prefs.h>
68 #include <epan/prefs-int.h>
69 #include <epan/strutil.h>
70 #include <epan/expert.h>
71 #include <epan/afn.h>
72 #include <epan/tap.h>
73 #include <epan/stats_tree.h>
74 #include <epan/tfs.h>
75 #include "packet-tls.h"
76 #include "packet-dtls.h"
77 #include "packet-http2.h"
78 #include <wsutil/array.h>
79
80 // parent knob to turn on-off the entire query-response statistics (at runtime)
81 // qr = Query-Response
82 static bool dns_qr_statistics_enabled = true;
83
84 // knob to turn on-off the display of query record name (at runtime)
85 // qrn = Query-Record-Name
86 static bool dns_qr_qrn_statistics_enabled;
87
88 // knob to turn on-off the display of query-record-name for answers, authorities
89 // and additionals with zero values (at runtime)
90 // aud = Answers-aUthorities-aDdtionals; zv = Zero-Value
91 static bool dns_qr_qrn_aud_zv_statistics_enabled;
92
93 // support for above knobs
94 static pref_t* perf_qr_enable_statistics;
95 static pref_t* perf_qr_qrn_enable_statistics;
96 static pref_t* perf_qr_qrn_aud_zv_enable_statistics;
97
98 // strings required for statistical nodes
99 static const char* st_str_qr_t_packets = "Total";
100 static const char* st_str_qr_q_packets = "Query";
101 static const char* st_str_qr_qf_packets = "From";
102 static const char* st_str_qr_qo_packets = "Opcodes";
103 static const char* st_str_qr_qk_packets = "Kind";
104 static const char* st_str_qr_qt_packets = "Types";
105 static const char* st_str_qr_ql_packets = "Labels";
106 static const char* st_str_qr_qp_packets = "Payload";
107 static const char* st_str_qr_qs_packets = "Servicing";
108 static const char* st_str_qr_qs_a_packets = "Answered (ms)";
109 static const char* st_str_qr_qs_u_packets = "Unanswered";
110 static const char* st_str_qr_qs_r_packets = "Retransmissions";
111 static const char* st_str_qr_r_packets = "Response";
112 static const char* st_str_qr_rf_packets = "From";
113 static const char* st_str_qr_rc_packets = "Rcodes";
114 static const char* st_str_qr_rk_packets = "Kind";
115 static const char* st_str_qr_ra_packets = "Answers";
116 static const char* st_str_qr_ru_packets = "Authorities";
117 static const char* st_str_qr_rd_packets = "Additionals";
118 static const char* st_str_qr_rp_packets = "Payload";
119 static const char* st_str_qr_rt_packets = "TTL";
120 static const char* st_str_qr_rt_a_packets = "Answers";
121 static const char* st_str_qr_rt_u_packets = "Authorities";
122 static const char* st_str_qr_rt_d_packets = "Additionals";
123 static const char* st_str_qr_rs_packets = "Servicing";
124 static const char* st_str_qr_rs_a_packets = "Answered (ms)";
125 static const char* st_str_qr_rs_u_packets = "Unsolicited";
126 static const char* st_str_qr_rs_r_packets = "Retransmissions";
127
128 // nodes required for housing statistics
129 static int st_node_qr_t_packets = -1; // t = Total
130 static int st_node_qr_q_packets = -1; // q = Query
131 static int st_node_qr_qf_packets = -1; // qf = Query-From
132 static int st_node_qr_qo_packets = -1; // qo = Query-Opcode
133 static int st_node_qr_qk_packets = -1; // qk = Query-Kind
134 static int st_node_qr_qt_packets = -1; // qt = Query-Type
135 static int st_node_qr_ql_packets = -1; // ql = Query-Label
136 static int st_node_qr_qp_packets = -1; // qp = Query-Payload
137 static int st_node_qr_qs_packets = -1; // qs = Query-Servicing
138 static int st_node_qr_qs_a_packets = -1; // a = Answered (ms)
139 static int st_node_qr_qs_u_packets = -1; // u = Unanswered
140 static int st_node_qr_qs_r_packets = -1; // r = Retransmission
141 static int st_node_qr_r_packets = -1; // r = Response
142 static int st_node_qr_rf_packets = -1; // rf = Response-From
143 static int st_node_qr_rc_packets = -1; // rc = Response-Code
144 static int st_node_qr_rk_packets = -1; // rk = Response-Kind
145 static int st_node_qr_ra_packets = -1; // ra = Response-Answer
146 static int st_node_qr_ru_packets = -1; // ru = Response-aUthority
147 static int st_node_qr_rd_packets = -1; // rd = Response-aDditional
148 static int st_node_qr_rp_packets = -1; // rp = Response-Payload
149 static int st_node_qr_rs_packets = -1; // rs = Response-Servicing
150 static int st_node_qr_rs_a_packets = -1; // a = Answered (ms)
151 static int st_node_qr_rs_u_packets = -1; // u = Unsolicited
152 static int st_node_qr_rs_r_packets = -1; // r = Retransmission
153 static int st_node_qr_rt_packets = -1; // rt = Response-TTL
154 static int st_node_qr_rt_a_packets = -1; // a = Answer
155 static int st_node_qr_rt_u_packets = -1; // u = aUthority
156 static int st_node_qr_rt_d_packets = -1; // d = aDditional
157
158 // individual knobs that turn on-off particular statistics (at runtime)
159 // note: currently not configured as preferences
160 static bool dns_qr_t_statistics_enabled = true; // t = Total
161 static bool dns_qr_q_statistics_enabled = true; // q = Query
162 static bool dns_qr_qf_statistics_enabled = true; // qf = Query-From
163 static bool dns_qr_qo_statistics_enabled = true; // qo = Query-Opcode
164 static bool dns_qr_qk_statistics_enabled = true; // qk = Query-Kind
165 static bool dns_qr_qt_statistics_enabled = true; // qt = Query-Type
166 static bool dns_qr_ql_statistics_enabled = true; // ql = Query-Label
167 static bool dns_qr_qp_statistics_enabled = true; // qp = Query-Payload
168 static bool dns_qr_qs_statistics_enabled = true; // qs = Query-Servicing
169 static bool dns_qr_qs_a_statistics_enabled = true; // a = Answered (ms)
170 static bool dns_qr_qs_u_statistics_enabled = true; // u = Unanswered
171 static bool dns_qr_qs_r_statistics_enabled = true; // r = Retransmission
172 static bool dns_qr_r_statistics_enabled = true; // r = Response
173 static bool dns_qr_rf_statistics_enabled = true; // rf = Response-From
174 static bool dns_qr_rc_statistics_enabled = true; // rc = Response-Code
175 static bool dns_qr_rk_statistics_enabled = true; // rk = Response-Kind
176 static bool dns_qr_ra_statistics_enabled = true; // ra = Response-Answer
177 static bool dns_qr_ru_statistics_enabled = true; // ru = Response-aUthority
178 static bool dns_qr_rd_statistics_enabled = true; // rd = Response-aDditional
179 static bool dns_qr_rp_statistics_enabled = true; // rp = Response-Payload
180 static bool dns_qr_rs_statistics_enabled = true; // rs = Response-Servicing
181 static bool dns_qr_rs_a_statistics_enabled = true; // a = Answered (ms)
182 static bool dns_qr_rs_u_statistics_enabled = true; // u = Unsolicited
183 static bool dns_qr_rs_r_statistics_enabled = true; // r = Retransmission
184 static bool dns_qr_rt_statistics_enabled = true; // rt = Response-TTL
185 static bool dns_qr_rt_a_statistics_enabled = true; // a = Answer
186 static bool dns_qr_rt_u_statistics_enabled = true; // u = aUthority
187 static bool dns_qr_rt_d_statistics_enabled = true; // d = aDditional
188
189 // storage to store ttls of each answer-authority-additional record and is
190 // overwritten for each response
191 #define TTL_MAXIMUM_ELEMENTS 4096
192 static unsigned dns_qr_r_ra_ttls[TTL_MAXIMUM_ELEMENTS]; // ra = Answer array
193 static unsigned dns_qr_r_ru_ttls[TTL_MAXIMUM_ELEMENTS]; // ru = aUthority array
194 static unsigned dns_qr_r_rd_ttls[TTL_MAXIMUM_ELEMENTS]; // rd = aDditional array
195 static unsigned dns_qr_r_ra_ttl_index; // ra = Answer index
196 static unsigned dns_qr_r_ru_ttl_index; // ru = aUthority index
197 static unsigned dns_qr_r_rd_ttl_index; // rd = aDditional index
198
199 // pointers that point and index into context arrays, i.e., points to answer
200 // array when processing an answer, points to authority array when processing an
201 // authority and points to additional array when processing an additional
202 static unsigned* p_dns_qr_r_rx_ttls;
203 static unsigned* p_dns_qr_r_rx_ttl_index;
204
205 // forward declaration (definitions are called at each launch of statistics)
206 static void qname_host_and_domain(char* name, int name_len, char* host, char* domain);
207 static void dns_qr_stats_tree_init(stats_tree* st);
208 static tap_packet_status dns_qr_stats_tree_packet(stats_tree* st, packet_info* pinfo _U_, epan_dissect_t* edt _U_, const void* p, tap_flags_t flags _U_);
209 static void dns_qr_stats_tree_cleanup(stats_tree* st);
210
211 void proto_register_dns(void);
212 void proto_reg_handoff_dns(void);
213
214 struct DnsTap {
215 unsigned packet_qr;
216 unsigned packet_qtype;
217 int packet_qclass;
218 unsigned packet_rcode;
219 unsigned packet_opcode;
220 unsigned payload_size;
221 unsigned qname_len;
222 unsigned qname_labels;
223 char* qname;
224 unsigned nquestions;
225 unsigned nanswers;
226 unsigned nauthorities;
227 unsigned nadditionals;
228 bool unsolicited;
229 bool retransmission;
230 nstime_t rrt;
231 wmem_list_t *rr_types;
232 char source[256];
233 char qhost[256]; // host or left-most part of query name
234 char qdomain[256]; // domain or remaining part of query name
235 unsigned flags;
236 };
237
238 static int dns_tap;
239
240 static const char* st_str_packets = "Total Packets";
241 static const char* st_str_packet_qr = "Query/Response";
242 static const char* st_str_packet_qtypes = "Query Type";
243 static const char* st_str_packet_qnames = "Query Name";
244 static const char* st_str_packet_qclasses = "Class";
245 static const char* st_str_packet_rcodes = "rcode";
246 static const char* st_str_packet_opcodes = "opcodes";
247 static const char* st_str_packets_avg_size = "Payload size";
248 static const char* st_str_query_stats = "Query Stats";
249 static const char* st_str_query_qname_len = "Qname Len";
250 static const char* st_str_query_domains = "Label Stats";
251 static const char* st_str_query_domains_l1 = "1st Level";
252 static const char* st_str_query_domains_l2 = "2nd Level";
253 static const char* st_str_query_domains_l3 = "3rd Level";
254 static const char* st_str_query_domains_lmore = "4th Level or more";
255 static const char* st_str_response_stats = "Response Stats";
256 static const char* st_str_rr_types = "Answer Type";
257 static const char* st_str_response_nquestions = "no. of questions";
258 static const char* st_str_response_nanswers = "no. of answers";
259 static const char* st_str_response_nauthorities = "no. of authorities";
260 static const char* st_str_response_nadditionals = "no. of additionals";
261 static const char* st_str_service_stats = "Service Stats";
262 static const char* st_str_service_unsolicited = "no. of unsolicited responses";
263 static const char* st_str_service_retransmission = "no. of retransmissions";
264 static const char* st_str_service_rrt = "request-response time (msec)";
265
266 static int st_node_packet_qr = -1;
267 static int st_node_packet_qtypes = -1;
268 static int st_node_packet_qnames = -1;
269 static int st_node_packet_qclasses = -1;
270 static int st_node_packet_rcodes = -1;
271 static int st_node_packet_opcodes = -1;
272 static int st_node_packets_avg_size = -1;
273 static int st_node_query_stats = -1;
274 static int st_node_query_qname_len = -1;
275 static int st_node_query_domains = -1;
276 static int st_node_query_domains_l1 = -1;
277 static int st_node_query_domains_l2 = -1;
278 static int st_node_query_domains_l3 = -1;
279 static int st_node_query_domains_lmore = -1;
280 static int st_node_response_stats = -1;
281 static int st_node_rr_types = -1;
282 static int st_node_response_nquestions = -1;
283 static int st_node_response_nanswers = -1;
284 static int st_node_response_nauthorities = -1;
285 static int st_node_response_nadditionals = -1;
286 static int st_node_service_stats = -1;
287 static int st_node_service_unsolicited = -1;
288 static int st_node_service_retransmission = -1;
289 static int st_node_service_rrt = -1;
290
291 static int proto_dns;
292 static int proto_mdns;
293 static int proto_llmnr;
294 static int hf_dns_length;
295 static int hf_dns_flags;
296 static int hf_dns_flags_response;
297 static int hf_dns_flags_opcode;
298 static int hf_dns_flags_authoritative;
299 static int hf_dns_flags_conflict_query;
300 static int hf_dns_flags_conflict_response;
301 static int hf_dns_flags_truncated;
302 static int hf_dns_flags_recdesired;
303 static int hf_dns_flags_tentative;
304 static int hf_dns_flags_recavail;
305 static int hf_dns_flags_z;
306 static int hf_dns_flags_authenticated;
307 static int hf_dns_flags_ad;
308 static int hf_dns_flags_checkdisable;
309 static int hf_dns_flags_rcode;
310 static int hf_dns_transaction_id;
311 static int hf_dns_count_questions;
312 static int hf_dns_count_zones;
313 static int hf_dns_count_answers;
314 static int hf_dns_count_prerequisites;
315 static int hf_dns_count_updates;
316 static int hf_dns_count_auth_rr;
317 static int hf_dns_count_add_rr;
318 static int hf_dns_qry_name;
319 static int hf_dns_qry_name_len;
320 static int hf_dns_count_labels;
321 static int hf_dns_qry_type;
322 static int hf_dns_qry_class;
323 static int hf_dns_qry_class_mdns;
324 static int hf_dns_qry_qu;
325 static int hf_dns_srv_instance;
326 static int hf_dns_srv_service;
327 static int hf_dns_srv_proto;
328 static int hf_dns_srv_name;
329 static int hf_dns_srv_priority;
330 static int hf_dns_srv_weight;
331 static int hf_dns_srv_port;
332 static int hf_dns_srv_target;
333 static int hf_dns_naptr_order;
334 static int hf_dns_naptr_preference;
335 static int hf_dns_naptr_flags_length;
336 static int hf_dns_naptr_flags;
337 static int hf_dns_naptr_service_length;
338 static int hf_dns_naptr_service;
339 static int hf_dns_naptr_regex_length;
340 static int hf_dns_naptr_regex;
341 static int hf_dns_naptr_replacement_length;
342 static int hf_dns_naptr_replacement;
343 static int hf_dns_rr_name;
344 static int hf_dns_rr_type;
345 static int hf_dns_rr_class;
346 static int hf_dns_rr_class_mdns;
347 static int hf_dns_rr_cache_flush;
348 static int hf_dns_rr_ext_rcode;
349 static int hf_dns_rr_edns0_version;
350 static int hf_dns_rr_z;
351 static int hf_dns_rr_z_do;
352 static int hf_dns_rr_z_reserved;
353 static int hf_dns_rr_ttl;
354 static int hf_dns_rr_len;
355 static int hf_dns_a;
356 static int hf_dns_a_ch_domain;
357 static int hf_dns_a_ch_addr;
358 static int hf_dns_md;
359 static int hf_dns_mf;
360 static int hf_dns_mb;
361 static int hf_dns_mg;
362 static int hf_dns_mr;
363 static int hf_dns_null;
364 static int hf_dns_aaaa;
365 static int hf_dns_cname;
366 static int hf_dns_rr_udp_payload_size;
367 static int hf_dns_rr_udp_payload_size_mdns;
368 static int hf_dns_soa_mname;
369 static int hf_dns_soa_rname;
370 static int hf_dns_soa_serial_number;
371 static int hf_dns_soa_refresh_interval;
372 static int hf_dns_soa_retry_interval;
373 static int hf_dns_soa_expire_limit;
374 static int hf_dns_soa_minimum_ttl;
375 static int hf_dns_ptr_domain_name;
376 static int hf_dns_wks_address;
377 static int hf_dns_wks_protocol;
378 static int hf_dns_wks_bits;
379 static int hf_dns_hinfo_cpu_length;
380 static int hf_dns_hinfo_cpu;
381 static int hf_dns_hinfo_os_length;
382 static int hf_dns_hinfo_os;
383 static int hf_dns_minfo_r_mailbox;
384 static int hf_dns_minfo_e_mailbox;
385 static int hf_dns_mx_preference;
386 static int hf_dns_mx_mail_exchange;
387 static int hf_dns_txt_length;
388 static int hf_dns_txt;
389 static int hf_dns_csync_soa;
390 static int hf_dns_csync_flags;
391 static int hf_dns_csync_flags_immediate;
392 static int hf_dns_csync_flags_soaminimum;
393 static int hf_dns_csync_type_bitmap;
394 static int hf_dns_zonemd_serial;
395 static int hf_dns_zonemd_scheme;
396 static int hf_dns_zonemd_hash_algo;
397 static int hf_dns_zonemd_digest;
398 static int hf_dns_svcb_priority;
399 static int hf_dns_svcb_target;
400 static int hf_dns_svcb_param_key;
401 static int hf_dns_svcb_param_length;
402 static int hf_dns_svcb_param_value;
403 static int hf_dns_svcb_param;
404 static int hf_dns_svcb_param_mandatory_key;
405 static int hf_dns_svcb_param_alpn_length;
406 static int hf_dns_svcb_param_alpn;
407 static int hf_dns_svcb_param_port;
408 static int hf_dns_svcb_param_ipv4hint_ip;
409 static int hf_dns_svcb_param_ipv6hint_ip;
410 static int hf_dns_svcb_param_dohpath;
411 static int hf_dns_svcb_param_odohconfig;
412 static int hf_dns_openpgpkey;
413 static int hf_dns_spf_length;
414 static int hf_dns_spf;
415 static int hf_dns_ilnp_nodeid_preference;
416 static int hf_dns_ilnp_nodeid;
417 static int hf_dns_ilnp_locator32_preference;
418 static int hf_dns_ilnp_locator32;
419 static int hf_dns_ilnp_locator64_preference;
420 static int hf_dns_ilnp_locator64;
421 static int hf_dns_ilnp_locatorfqdn_preference;
422 static int hf_dns_ilnp_locatorfqdn;
423 static int hf_dns_eui48;
424 static int hf_dns_eui64;
425 static int hf_dns_rrsig_type_covered;
426 static int hf_dns_rrsig_algorithm;
427 static int hf_dns_rrsig_labels;
428 static int hf_dns_rrsig_original_ttl;
429 static int hf_dns_rrsig_signature_expiration;
430 static int hf_dns_rrsig_signature_inception;
431 static int hf_dns_rrsig_key_tag;
432 static int hf_dns_rrsig_signers_name;
433 static int hf_dns_rrsig_signature;
434 static int hf_dns_dnskey_flags;
435 static int hf_dns_dnskey_flags_zone_key;
436 static int hf_dns_dnskey_flags_key_revoked;
437 static int hf_dns_dnskey_flags_secure_entry_point;
438 static int hf_dns_dnskey_flags_reserved;
439 static int hf_dns_dnskey_protocol;
440 static int hf_dns_dnskey_algorithm;
441 static int hf_dns_dnskey_key_id;
442 static int hf_dns_dnskey_public_key;
443 static int hf_dns_key_flags;
444 static int hf_dns_key_flags_authentication;
445 static int hf_dns_key_flags_confidentiality;
446 static int hf_dns_key_flags_key_required;
447 static int hf_dns_key_flags_associated_user;
448 static int hf_dns_key_flags_associated_named_entity;
449 static int hf_dns_key_flags_ipsec;
450 static int hf_dns_key_flags_mime;
451 static int hf_dns_key_flags_signatory;
452 static int hf_dns_key_protocol;
453 static int hf_dns_key_algorithm;
454 static int hf_dns_key_key_id;
455 static int hf_dns_key_public_key;
456 static int hf_dns_px_preference;
457 static int hf_dns_px_map822;
458 static int hf_dns_px_mapx400;
459 static int hf_dns_tkey_algo_name;
460 static int hf_dns_tkey_signature_expiration;
461 static int hf_dns_tkey_signature_inception;
462 static int hf_dns_tkey_mode;
463 static int hf_dns_tkey_error;
464 static int hf_dns_tkey_key_size;
465 static int hf_dns_tkey_key_data;
466 static int hf_dns_tkey_other_size;
467 static int hf_dns_tkey_other_data;
468 static int hf_dns_ipseckey_gateway_precedence;
469 static int hf_dns_ipseckey_gateway_type;
470 static int hf_dns_ipseckey_gateway_algorithm;
471 static int hf_dns_ipseckey_gateway_ipv4;
472 static int hf_dns_ipseckey_gateway_ipv6;
473 static int hf_dns_ipseckey_gateway_dns;
474 static int hf_dns_ipseckey_public_key;
475 static int hf_dns_xpf_ip_version;
476 static int hf_dns_xpf_protocol;
477 static int hf_dns_xpf_source_ipv4;
478 static int hf_dns_xpf_destination_ipv4;
479 static int hf_dns_xpf_source_ipv6;
480 static int hf_dns_xpf_destination_ipv6;
481 static int hf_dns_xpf_sport;
482 static int hf_dns_xpf_dport;
483 static int hf_dns_a6_prefix_len;
484 static int hf_dns_a6_address_suffix;
485 static int hf_dns_a6_prefix_name;
486 static int hf_dns_dname;
487 static int hf_dns_loc_version;
488 static int hf_dns_loc_size;
489 static int hf_dns_loc_horizontal_precision;
490 static int hf_dns_loc_vertical_precision;
491 static int hf_dns_loc_latitude;
492 static int hf_dns_loc_longitude;
493 static int hf_dns_loc_altitude;
494 static int hf_dns_loc_unknown_data;
495 static int hf_dns_nxt_next_domain_name;
496 static int hf_dns_kx_preference;
497 static int hf_dns_kx_key_exchange;
498 static int hf_dns_cert_type;
499 static int hf_dns_cert_key_tag;
500 static int hf_dns_cert_algorithm;
501 static int hf_dns_cert_certificate;
502 static int hf_dns_nsec_next_domain_name;
503 static int hf_dns_ns;
504 static int hf_dns_opt;
505 static int hf_dns_opt_code;
506 static int hf_dns_opt_len;
507 static int hf_dns_opt_data;
508 static int hf_dns_opt_dau;
509 static int hf_dns_opt_dhu;
510 static int hf_dns_opt_n3u;
511 static int hf_dns_opt_client_family;
512 static int hf_dns_opt_client_netmask;
513 static int hf_dns_opt_client_scope;
514 static int hf_dns_opt_client_addr;
515 static int hf_dns_opt_client_addr4;
516 static int hf_dns_opt_client_addr6;
517 static int hf_dns_opt_cookie_client;
518 static int hf_dns_opt_cookie_server;
519 static int hf_dns_opt_edns_tcp_keepalive_timeout;
520 static int hf_dns_opt_padding;
521 static int hf_dns_opt_chain_fqdn;
522 static int hf_dns_opt_ext_error_info_code;
523 static int hf_dns_opt_ext_error_extra_text;
524 static int hf_dns_opt_agent_domain;
525 static int hf_dns_opt_zoneversion_labelcount;
526 static int hf_dns_opt_zoneversion_type;
527 static int hf_dns_opt_zoneversion_soa;
528 static int hf_dns_opt_zoneversion_version;
529 static int hf_dns_nsec3_algo;
530 static int hf_dns_nsec3_flags;
531 static int hf_dns_nsec3_flag_optout;
532 static int hf_dns_nsec3_iterations;
533 static int hf_dns_nsec3_salt_length;
534 static int hf_dns_nsec3_salt_value;
535 static int hf_dns_nsec3_hash_length;
536 static int hf_dns_nsec3_hash_value;
537 static int hf_dns_tlsa_certificate_usage;
538 static int hf_dns_tlsa_selector;
539 static int hf_dns_tlsa_matching_type;
540 static int hf_dns_tlsa_certificate_association_data;
541 static int hf_dns_tsig_algorithm_name;
542 static int hf_dns_tsig_time_signed;
543 static int hf_dns_tsig_error;
544 static int hf_dns_tsig_fudge;
545 static int hf_dns_tsig_mac_size;
546 static int hf_dns_tsig_mac;
547 static int hf_dns_tsig_original_id;
548 static int hf_dns_tsig_other_len;
549 static int hf_dns_tsig_other_data;
550 static int hf_dns_response_in;
551 static int hf_dns_response_to;
552 static int hf_dns_retransmission;
553 static int hf_dns_retransmit_request_in;
554 static int hf_dns_retransmit_response_in;
555 static int hf_dns_time;
556 static int hf_dns_unsolicited;
557 static int hf_dns_sshfp_algorithm;
558 static int hf_dns_sshfp_fingerprint_type;
559 static int hf_dns_sshfp_fingerprint;
560 static int hf_dns_hip_hit_length;
561 static int hf_dns_hip_pk_algo;
562 static int hf_dns_hip_pk_length;
563 static int hf_dns_hip_hit;
564 static int hf_dns_hip_pk;
565 static int hf_dns_hip_rendezvous_server;
566 static int hf_dns_dhcid_rdata;
567 static int hf_dns_ds_key_id;
568 static int hf_dns_ds_algorithm;
569 static int hf_dns_apl_coded_prefix;
570 static int hf_dns_ds_digest_type;
571 static int hf_dns_ds_digest;
572 static int hf_dns_apl_address_family;
573 static int hf_dns_apl_negation;
574 static int hf_dns_apl_afdlength;
575 static int hf_dns_apl_afdpart_ipv4;
576 static int hf_dns_apl_afdpart_ipv6;
577 static int hf_dns_apl_afdpart_data;
578 static int hf_dns_gpos_longitude_length;
579 static int hf_dns_gpos_longitude;
580 static int hf_dns_gpos_latitude_length;
581 static int hf_dns_gpos_latitude;
582 static int hf_dns_gpos_altitude_length;
583 static int hf_dns_gpos_altitude;
584 static int hf_dns_rp_mailbox;
585 static int hf_dns_rp_txt_rr;
586 static int hf_dns_afsdb_subtype;
587 static int hf_dns_afsdb_hostname;
588 static int hf_dns_x25_length;
589 static int hf_dns_x25_psdn_address;
590 static int hf_dns_isdn_length;
591 static int hf_dns_isdn_address;
592 static int hf_dns_isdn_sa_length;
593 static int hf_dns_isdn_sa;
594 static int hf_dns_rt_preference;
595 static int hf_dns_rt_intermediate_host;
596 static int hf_dns_nsap_rdata;
597 static int hf_dns_nsap_ptr_owner;
598 static int hf_dns_caa_flags;
599 static int hf_dns_caa_flag_issuer_critical;
600 static int hf_dns_caa_issue;
601 static int hf_dns_caa_issuewild;
602 static int hf_dns_caa_iodef;
603 static int hf_dns_caa_unknown;
604 static int hf_dns_caa_tag_length;
605 static int hf_dns_caa_tag;
606 static int hf_dns_caa_value;
607 static int hf_dns_extraneous_data;
608 static int hf_dns_extraneous_length;
609
610 static int hf_dns_wins_local_flag;
611 static int hf_dns_wins_lookup_timeout;
612 static int hf_dns_wins_cache_timeout;
613 static int hf_dns_wins_nb_wins_servers;
614 static int hf_dns_wins_server;
615
616 static int hf_dns_winsr_local_flag;
617 static int hf_dns_winsr_lookup_timeout;
618 static int hf_dns_winsr_cache_timeout;
619 static int hf_dns_winsr_name_result_domain;
620
621 static int hf_dns_data;
622
623 static int hf_dns_dso;
624 static int hf_dns_dso_tlv;
625 static int hf_dns_dso_tlv_type;
626 static int hf_dns_dso_tlv_length;
627 static int hf_dns_dso_tlv_data;
628 static int hf_dns_dso_tlv_keepalive_inactivity;
629 static int hf_dns_dso_tlv_keepalive_interval;
630 static int hf_dns_dso_tlv_retrydelay_retrydelay;
631 static int hf_dns_dso_tlv_encpad_padding;
632
633 static int hf_dns_dnscrypt;
634 static int hf_dns_dnscrypt_magic;
635 static int hf_dns_dnscrypt_esversion;
636 static int hf_dns_dnscrypt_protocol_version;
637 static int hf_dns_dnscrypt_signature;
638 static int hf_dns_dnscrypt_resolver_pk;
639 static int hf_dns_dnscrypt_client_magic;
640 static int hf_dns_dnscrypt_serial_number;
641 static int hf_dns_dnscrypt_ts_start;
642 static int hf_dns_dnscrypt_ts_end;
643
644 static int ett_dns;
645 static int ett_dns_qd;
646 static int ett_dns_rr;
647 static int ett_dns_qry;
648 static int ett_dns_ans;
649 static int ett_dns_flags;
650 static int ett_dns_opts;
651 static int ett_nsec3_flags;
652 static int ett_key_flags;
653 static int ett_t_key;
654 static int ett_dns_mac;
655 static int ett_caa_flags;
656 static int ett_caa_data;
657 static int ett_dns_csdync_flags;
658 static int ett_dns_dso;
659 static int ett_dns_dso_tlv;
660 static int ett_dns_svcb;
661 static int ett_dns_extraneous;
662 static int ett_dns_dnscrypt;
663
664 static expert_field ei_dns_a_class_undecoded;
665 static expert_field ei_dns_opt_bad_length;
666 static expert_field ei_dns_depr_opc;
667 static expert_field ei_ttl_high_bit_set;
668 static expert_field ei_dns_tsig_alg;
669 static expert_field ei_dns_undecoded_option;
670 static expert_field ei_dns_key_id_buffer_too_short;
671 static expert_field ei_dns_retransmit_request;
672 static expert_field ei_dns_retransmit_response;
673 static expert_field ei_dns_extraneous_data;
674 static expert_field ei_dns_response_missing;
675
676 static dissector_table_t dns_tsig_dissector_table;
677
678 static dissector_handle_t dns_handle;
679 static dissector_handle_t mdns_udp_handle;
680 static dissector_handle_t llmnr_udp_handle;
681 static dissector_handle_t doq_handle;
682
683
684 /* desegmentation of DNS over TCP */
685 static bool dns_desegment = true;
686
687 static bool dns_qname_stats;
688
689 /* Maximum number of elapsed seconds between messages with the same
690 * transaction ID to be considered as a retransmission
691 */
692 static uint32_t retransmission_timer = 5;
693
694 /* Dissector handle for GSSAPI */
695 static dissector_handle_t gssapi_handle;
696 static dissector_handle_t ntlmssp_handle;
697
698 /* Dissector handle for TLS ECHConfig message */
699 static dissector_handle_t tls_echconfig_handle;
700
701 /* Transport protocol for DNS. */
702 enum DnsTransport {
703 DNS_TRANSPORT_UDP, /* includes compatible transports like SCTP */
704 DNS_TRANSPORT_TCP,
705 DNS_TRANSPORT_HTTP,
706 DNS_TRANSPORT_QUIC
707 };
708
709 /* Structure containing transaction specific information */
710 typedef struct _dns_transaction_t {
711 uint32_t req_frame;
712 uint32_t rep_frame;
713 nstime_t req_time;
714 unsigned id;
715 bool multiple_responds;
716 } dns_transaction_t;
717
718 /* Structure containing conversation specific information */
719 typedef struct _dns_conv_info_t {
720 wmem_tree_t *pdus;
721 } dns_conv_info_t;
722
723 /* DNS structs and definitions */
724
725 /* Ports used for DNS. */
726 #define DEFAULT_DNS_PORT_RANGE "53"
727 #define DEFAULT_DNS_TCP_PORT_RANGE "53,5353" /* Includes mDNS */
728 #define SCTP_PORT_DNS 53
729 #define UDP_PORT_MDNS 5353
730 #define UDP_PORT_LLMNR 5355
731 #define TCP_PORT_DNS_TLS 853
732 #define UDP_PORT_DNS_DTLS 853
733 #if 0
734 /* PPID used for DNS/SCTP (will be changed when IANA assigned) */
735 #define DNS_PAYLOAD_PROTOCOL_ID 1000
736 #endif
737
738 /* Offsets of fields in the DNS header. */
739 #define DNS_ID 0
740 #define DNS_FLAGS 2
741 #define DNS_QUEST 4
742 #define DNS_ANS 6
743 #define DNS_AUTH 8
744 #define DNS_ADD 10
745
746 /* Length of DNS header. */
747 #define DNS_HDRLEN 12
748
749 /* type values */
750 #define T_A 1 /* host address */
751 #define T_NS 2 /* authoritative name server */
752 #define T_MD 3 /* mail destination (obsolete) */
753 #define T_MF 4 /* mail forwarder (obsolete) */
754 #define T_CNAME 5 /* canonical name */
755 #define T_SOA 6 /* start of authority zone */
756 #define T_MB 7 /* mailbox domain name (experimental) */
757 #define T_MG 8 /* mail group member (experimental) */
758 #define T_MR 9 /* mail rename domain name (experimental) */
759 #define T_NULL 10 /* null RR (experimental) */
760 #define T_WKS 11 /* well known service */
761 #define T_PTR 12 /* domain name pointer */
762 #define T_HINFO 13 /* host information */
763 #define T_MINFO 14 /* mailbox or mail list information */
764 #define T_MX 15 /* mail routing information */
765 #define T_TXT 16 /* text strings */
766 #define T_RP 17 /* responsible person (RFC 1183) */
767 #define T_AFSDB 18 /* AFS data base location (RFC 1183) */
768 #define T_X25 19 /* X.25 address (RFC 1183) */
769 #define T_ISDN 20 /* ISDN address (RFC 1183) */
770 #define T_RT 21 /* route-through (RFC 1183) */
771 #define T_NSAP 22 /* OSI NSAP (RFC 1706) */
772 #define T_NSAP_PTR 23 /* PTR equivalent for OSI NSAP (RFC 1348 - obsolete) */
773 #define T_SIG 24 /* digital signature (RFC 2535) */
774 #define T_KEY 25 /* public key (RFC 2535) */
775 #define T_PX 26 /* pointer to X.400/RFC822 mapping info (RFC 1664) */
776 #define T_GPOS 27 /* geographical position (RFC 1712) */
777 #define T_AAAA 28 /* IPv6 address (RFC 1886) */
778 #define T_LOC 29 /* geographical location (RFC 1876) */
779 #define T_NXT 30 /* "next" name (RFC 2535) */
780 #define T_EID 31 /* Endpoint Identifier */
781 #define T_NIMLOC 32 /* Nimrod Locator */
782 #define T_SRV 33 /* service location (RFC 2052) */
783 #define T_ATMA 34 /* ATM Address */
784 #define T_NAPTR 35 /* naming authority pointer (RFC 3403) */
785 #define T_KX 36 /* Key Exchange (RFC 2230) */
786 #define T_CERT 37 /* Certificate (RFC 4398) */
787 #define T_A6 38 /* IPv6 address with indirection (RFC 2874 - obsolete) */
788 #define T_DNAME 39 /* Non-terminal DNS name redirection (RFC 2672) */
789 #define T_SINK 40 /* SINK */
790 #define T_OPT 41 /* OPT pseudo-RR (RFC 2671) */
791 #define T_APL 42 /* Lists of Address Prefixes (APL RR) (RFC 3123) */
792 #define T_DS 43 /* Delegation Signer (RFC 4034) */
793 #define T_SSHFP 44 /* Using DNS to Securely Publish SSH Key Fingerprints (RFC 4255) */
794 #define T_IPSECKEY 45 /* RFC 4025 */
795 #define T_RRSIG 46 /* RFC 4034 */
796 #define T_NSEC 47 /* RFC 4034 */
797 #define T_DNSKEY 48 /* RFC 4034 */
798 #define T_DHCID 49 /* DHCID RR (RFC 4701) */
799 #define T_NSEC3 50 /* Next secure hash (RFC 5155) */
800 #define T_NSEC3PARAM 51 /* NSEC3 parameters (RFC 5155) */
801 #define T_TLSA 52 /* TLSA (RFC 6698) */
802 #define T_HIP 55 /* Host Identity Protocol (HIP) RR (RFC 5205) */
803 #define T_NINFO 56 /* NINFO */
804 #define T_RKEY 57 /* RKEY */
805 #define T_TALINK 58 /* Trust Anchor LINK */
806 #define T_CDS 59 /* Child DS (RFC7344)*/
807 #define T_CDNSKEY 60 /* DNSKEY(s) the Child wants reflected in DS ( [RFC7344])*/
808 #define T_OPENPGPKEY 61 /* OPENPGPKEY draft-ietf-dane-openpgpkey-00 */
809 #define T_CSYNC 62 /* Child To Parent Synchronization (RFC7477) */
810 #define T_ZONEMD 63 /* Message Digest for DNS Zones (RFC8976) */
811 #define T_SVCB 64 /* draft-ietf-dnsop-svcb-https-01 */
812 #define T_HTTPS 65 /* draft-ietf-dnsop-svcb-https-01 */
813 #define T_SPF 99 /* SPF RR (RFC 4408) section 3 */
814 #define T_UINFO 100 /* [IANA-Reserved] */
815 #define T_UID 101 /* [IANA-Reserved] */
816 #define T_GID 102 /* [IANA-Reserved] */
817 #define T_UNSPEC 103 /* [IANA-Reserved] */
818 #define T_NID 104 /* ILNP [RFC6742] */
819 #define T_L32 105 /* ILNP [RFC6742] */
820 #define T_L64 106 /* ILNP [RFC6742] */
821 #define T_LP 107 /* ILNP [RFC6742] */
822 #define T_EUI48 108 /* EUI 48 Address (RFC7043) */
823 #define T_EUI64 109 /* EUI 64 Address (RFC7043) */
824 #define T_TKEY 249 /* Transaction Key (RFC 2930) */
825 #define T_TSIG 250 /* Transaction Signature (RFC 2845) */
826 #define T_IXFR 251 /* incremental transfer (RFC 1995) */
827 #define T_AXFR 252 /* transfer of an entire zone (RFC 5936) */
828 #define T_MAILB 253 /* mailbox-related RRs (MB, MG or MR) (RFC 1035) */
829 #define T_MAILA 254 /* mail agent RRs (OBSOLETE - see MX) (RFC 1035) */
830 #define T_ANY 255 /* A request for all records (RFC 1035) */
831 #define T_URI 256 /* URI */
832 #define T_CAA 257 /* Certification Authority Authorization (RFC 6844) */
833 #define T_AVC 258 /* Application Visibility and Control (Wolfgang_Riedel) */
834 #define T_DOA 259 /* Digital Object Architecture (draft-durand-doa-over-dns) */
835 #define T_AMTRELAY 260 /* Automatic Multicast Tunneling Relay (RFC8777) */
836 #define T_RESINFO 261 /* Resolver Information */
837 #define T_WALLET 262 /* Public wallet address */
838 #define T_TA 32768 /* DNSSEC Trust Authorities */
839 #define T_DLV 32769 /* DNSSEC Lookaside Validation (DLV) DNS Resource Record (RFC 4431) */
840 #define T_WINS 65281 /* Microsoft's WINS RR */
841 #define T_WINS_R 65282 /* Microsoft's WINS-R RR */
842 #define T_XPF 65422 /* XPF draft-bellis-dnsop-xpf */
843
844 /* Class values */
845 #define C_IN 1 /* the Internet */
846 #define C_CS 2 /* CSNET (obsolete) */
847 #define C_CH 3 /* CHAOS */
848 #define C_HS 4 /* Hesiod */
849 #define C_NONE 254 /* none */
850 #define C_ANY 255 /* any */
851
852 #define C_QU (1<<15) /* High bit is set in queries for unicast queries */
853 #define C_FLUSH (1<<15) /* High bit is set for MDNS cache flush */
854
855 /* Bit fields in the flags */
856 #define F_RESPONSE (1<<15) /* packet is response */
857 #define F_OPCODE (0xF<<11) /* query opcode */
858 #define OPCODE_SHIFT 11
859 #define F_AUTHORITATIVE (1<<10) /* response is authoritative */
860 #define F_CONFLICT (1<<10) /* conflict detected */
861 #define F_TRUNCATED (1<<9) /* response is truncated */
862 #define F_RECDESIRED (1<<8) /* recursion desired */
863 #define F_TENTATIVE (1<<8) /* response is tentative */
864 #define F_RECAVAIL (1<<7) /* recursion available */
865 #define F_Z (1<<6) /* Z */
866 #define F_AUTHENTIC (1<<5) /* authentic data (RFC2535) */
867 #define F_CHECKDISABLE (1<<4) /* checking disabled (RFC2535) */
868 #define F_RCODE (0xF<<0) /* reply code */
869
870 /* Optcode values for EDNS0 options (RFC 2671) */
871 #define O_LLQ 1 /* Long-lived query (on-hold, draft-sekar-dns-llq) */
872 #define O_UL 2 /* Update lease (on-hold, draft-sekar-dns-ul) */
873 #define O_NSID 3 /* Name Server Identifier (RFC 5001) */
874 #define O_OWNER 4 /* Owner, reserved (draft-cheshire-edns0-owner-option) */
875 #define O_DAU 5 /* DNSSEC Algorithm Understood (RFC6975) */
876 #define O_DHU 6 /* DS Hash Understood (RFC6975) */
877 #define O_N3U 7 /* NSEC3 Hash Understood (RFC6975) */
878 #define O_CLIENT_SUBNET 8 /* Client subnet as assigned by IANA */
879 #define O_EDNS_EXPIRE 9 /* EDNS Expire (RFC7314) */
880 #define O_CLIENT_SUBNET_EXP 0x50fa /* Client subnet (placeholder value, draft-vandergaast-edns-client-subnet) */
881 #define O_COOKIE 10 /* Cookies (RFC7873) */
882 #define O_EDNS_TCP_KA 11 /* edns-tcp-keepalive EDNS0 Option (RFC7828) */
883 #define O_PADDING 12 /* EDNS(0) Padding Option (RFC7830) */
884 #define O_CHAIN 13 /* draft-ietf-dnsop-edns-chain-query */
885 #define O_EXT_ERROR 15 /* Extended DNS Errors (RFC8914) */
886 #define O_REPORT_CHANNEL 18 /* DNS Error Reporting (RFC9567) */
887 #define O_ZONEVERSION 19 /* DNS Zone Version (ZONEVERSION) Option (RFC9660) */
888
889 #define MIN_DNAME_LEN 2 /* minimum domain name length */
890
891 static const true_false_string tfs_flags_response = {
892 "Message is a response",
893 "Message is a query"
894 };
895
896 static const true_false_string tfs_flags_authoritative = {
897 "Server is an authority for domain",
898 "Server is not an authority for domain"
899 };
900
901 static const true_false_string tfs_flags_conflict_query = {
902 "The sender received multiple responses",
903 "None"
904 };
905
906 static const true_false_string tfs_flags_conflict_response = {
907 "The name is not considered unique",
908 "The name is considered unique"
909 };
910
911 static const true_false_string tfs_flags_truncated = {
912 "Message is truncated",
913 "Message is not truncated"
914 };
915
916 static const true_false_string tfs_flags_recdesired = {
917 "Do query recursively",
918 "Don't do query recursively"
919 };
920
921 static const true_false_string tfs_flags_tentative = {
922 "Tentative",
923 "Not tentative"
924 };
925
926 static const true_false_string tfs_flags_recavail = {
927 "Server can do recursive queries",
928 "Server can't do recursive queries"
929 };
930
931 static const true_false_string tfs_flags_z = {
932 "reserved - incorrect!",
933 "reserved (0)"
934 };
935
936 static const true_false_string tfs_flags_authenticated = {
937 "Answer/authority portion was authenticated by the server",
938 "Answer/authority portion was not authenticated by the server"
939 };
940
941 static const true_false_string tfs_flags_checkdisable = {
942 "Acceptable",
943 "Unacceptable"
944 };
945
946 static const true_false_string tfs_dns_rr_z_do = {
947 "Accepts DNSSEC security RRs",
948 "Cannot handle DNSSEC security RRs"
949 };
950
951 /* Opcodes */
952 #define OPCODE_QUERY 0 /* standard query */
953 #define OPCODE_IQUERY 1 /* inverse query */
954 #define OPCODE_STATUS 2 /* server status request */
955 #define OPCODE_NOTIFY 4 /* zone change notification */
956 #define OPCODE_UPDATE 5 /* dynamic update */
957 #define OPCODE_DSO 6 /* DNS stateful operations */
958
959 static const value_string opcode_vals[] = {
960 { OPCODE_QUERY, "Standard query" },
961 { OPCODE_IQUERY, "Inverse query" },
962 { OPCODE_STATUS, "Server status request" },
963 { OPCODE_NOTIFY, "Zone change notification" },
964 { OPCODE_UPDATE, "Dynamic update" },
965 { OPCODE_DSO, "DNS Stateful operations (DSO)" },
966 { 0, NULL } };
967
968 /* Reply codes */
969 #define RCODE_NOERROR 0
970 #define RCODE_FORMERR 1
971 #define RCODE_SERVFAIL 2
972 #define RCODE_NXDOMAIN 3
973 #define RCODE_NOTIMPL 4
974 #define RCODE_REFUSED 5
975 #define RCODE_YXDOMAIN 6
976 #define RCODE_YXRRSET 7
977 #define RCODE_NXRRSET 8
978 #define RCODE_NOTAUTH 9
979 #define RCODE_NOTZONE 10
980 #define RCODE_DSOTYPENI 11
981
982 #define RCODE_BAD 16
983 #define RCODE_BADKEY 17
984 #define RCODE_BADTIME 18
985 #define RCODE_BADMODE 19
986 #define RCODE_BADNAME 20
987 #define RCODE_BADALG 21
988 #define RCODE_BADTRUNC 22
989 #define RCODE_BADCOOKIE 23
990
991 static const value_string rcode_vals[] = {
992 { RCODE_NOERROR, "No error" },
993 { RCODE_FORMERR, "Format error" },
994 { RCODE_SERVFAIL, "Server failure" },
995 { RCODE_NXDOMAIN, "No such name" },
996 { RCODE_NOTIMPL, "Not implemented" },
997 { RCODE_REFUSED, "Refused" },
998 { RCODE_YXDOMAIN, "Name exists" },
999 { RCODE_YXRRSET, "RRset exists" },
1000 { RCODE_NXRRSET, "RRset does not exist" },
1001 { RCODE_NOTAUTH, "Not authoritative" },
1002 { RCODE_NOTZONE, "Name out of zone" },
1003 { RCODE_DSOTYPENI, "DSO-Type not implemented" },
1004 /* 12-15 Unassigned */
1005 { RCODE_BAD, "Bad OPT Version or TSIG Signature Failure" },
1006 { RCODE_BADKEY, "Key not recognized" },
1007 { RCODE_BADTIME, "Signature out of time window" },
1008 { RCODE_BADMODE, "Bad TKEY Mode" },
1009 { RCODE_BADNAME, "Duplicate key name" },
1010 { RCODE_BADALG, "Algorithm not supported" },
1011 { RCODE_BADTRUNC, "Bad Truncation" },
1012 { RCODE_BADCOOKIE, "Bad/missing Server Cookie" },
1013 { 0, NULL }
1014 };
1015
1016 #define NSEC3_HASH_RESERVED 0
1017 #define NSEC3_HASH_SHA1 1
1018
1019 #define NSEC3_FLAG_OPTOUT 1
1020
1021 static const value_string hash_algorithms[] = {
1022 { NSEC3_HASH_RESERVED, "Reserved" },
1023 { NSEC3_HASH_SHA1, "SHA-1" },
1024 { 0, NULL } };
1025
1026 static const true_false_string tfs_flags_nsec3_optout = {
1027 "Additional insecure delegations allowed",
1028 "Additional insecure delegations forbidden"
1029 };
1030 static const true_false_string tfs_required_experimental = { "Experimental or optional", "Required" };
1031
1032 #define TKEYMODE_SERVERASSIGNED (1)
1033 #define TKEYMODE_DIFFIEHELLMAN (2)
1034 #define TKEYMODE_GSSAPI (3)
1035 #define TKEYMODE_RESOLVERASSIGNED (4)
1036 #define TKEYMODE_DELETE (5)
1037
1038 static const value_string tkey_mode_vals[] = {
1039 { TKEYMODE_SERVERASSIGNED, "Server assigned" },
1040 { TKEYMODE_DIFFIEHELLMAN, "Diffie Hellman" },
1041 { TKEYMODE_GSSAPI, "GSSAPI" },
1042 { TKEYMODE_RESOLVERASSIGNED, "Resolver assigned" },
1043 { TKEYMODE_DELETE, "Delete" },
1044 { 0, NULL }
1045 };
1046
1047 /*
1048 * SSHFP (RFC 4255) algorithm number and fingerprint types
1049 */
1050 #define TSSHFP_ALGO_RESERVED (0)
1051 #define TSSHFP_ALGO_RSA (1)
1052 #define TSSHFP_ALGO_DSA (2)
1053 #define TSSHFP_ALGO_ECDSA (3)
1054 #define TSSHFP_ALGO_ED25519 (4)
1055 #define TSSHFP_ALGO_XMSS (5)
1056
1057 #define TSSHFP_FTYPE_RESERVED (0)
1058 #define TSSHFP_FTYPE_SHA1 (1)
1059 #define TSSHFP_FTYPE_SHA256 (2)
1060
1061 static const value_string sshfp_algo_vals[] = {
1062 { TSSHFP_ALGO_RESERVED, "Reserved" },
1063 { TSSHFP_ALGO_RSA, "RSA" },
1064 { TSSHFP_ALGO_DSA, "DSA" },
1065 { TSSHFP_ALGO_ECDSA, "ECDSA" },
1066 { TSSHFP_ALGO_ED25519, "Ed25519" },
1067 { TSSHFP_ALGO_XMSS, "XMSS" },
1068 { 0, NULL }
1069 };
1070
1071 static const value_string sshfp_fingertype_vals[] = {
1072 { TSSHFP_FTYPE_RESERVED, "Reserved" },
1073 { TSSHFP_FTYPE_SHA1, "SHA1" },
1074 { TSSHFP_FTYPE_SHA256, "SHA256" },
1075 { 0, NULL }
1076 };
1077
1078 /* HIP PK ALGO RFC 5205 */
1079 #define THIP_ALGO_RESERVED (0)
1080 #define THIP_ALGO_DSA (1)
1081 #define THIP_ALGO_RSA (2)
1082
1083
1084 static const value_string hip_algo_vals[] = {
1085 { THIP_ALGO_DSA, "DSA" },
1086 { THIP_ALGO_RSA, "RSA" },
1087 { THIP_ALGO_RESERVED, "Reserved" },
1088 { 0, NULL }
1089 };
1090
1091 /* RFC 3123 */
1092 #define DNS_APL_NEGATION (1<<7)
1093 #define DNS_APL_AFDLENGTH (0x7F<<0)
1094
1095 static const true_false_string tfs_dns_apl_negation = {
1096 "Yes (!)",
1097 "No (0)"
1098 };
1099
1100 /* RFC 6844 */
1101 #define CAA_FLAG_ISSUER_CRITICAL (1<<7)
1102
1103 /* See RFC 1035 for all RR types for which no RFC is listed, except for
1104 the ones with "???", and for the Microsoft WINS and WINS-R RRs, for
1105 which one should look at
1106
1107 http://www.windows.com/windows2000/en/server/help/sag_DNS_imp_UsingWinsLookup.htm
1108
1109 and
1110
1111 http://www.microsoft.com/windows2000/library/resources/reskit/samplechapters/cncf/cncf_imp_wwaw.asp
1112
1113 which discuss them to some extent. */
1114 /* http://www.iana.org/assignments/dns-parameters (last updated 2015-07-26)*/
1115
1116 static const value_string dns_qr_vals[] = {
1117 { 0, "Query" },
1118 { 1, "Response" },
1119 { 0, NULL }
1120 };
1121 static const value_string dns_types_vals[] = {
1122 { 0, "Unused" },
1123 { T_A, "A" },
1124 { T_NS, "NS" },
1125 { T_MD, "MD" },
1126 { T_MF, "MF" },
1127 { T_CNAME, "CNAME" },
1128 { T_SOA, "SOA" },
1129 { T_MB, "MB" },
1130 { T_MG, "MG" },
1131 { T_MR, "MR" },
1132 { T_NULL, "NULL" },
1133 { T_WKS, "WKS" },
1134 { T_PTR, "PTR" },
1135 { T_HINFO, "HINFO" },
1136 { T_MINFO, "MINFO" },
1137 { T_MX, "MX" },
1138 { T_TXT, "TXT" },
1139 { T_RP, "RP" }, /* RFC 1183 */
1140 { T_AFSDB, "AFSDB" }, /* RFC 1183 */
1141 { T_X25, "X25" }, /* RFC 1183 */
1142 { T_ISDN, "ISDN" }, /* RFC 1183 */
1143 { T_RT, "RT" }, /* RFC 1183 */
1144 { T_NSAP, "NSAP" }, /* RFC 1706 */
1145 { T_NSAP_PTR, "NSAP-PTR" }, /* RFC 1348 */
1146 { T_SIG, "SIG" }, /* RFC 2535 */
1147 { T_KEY, "KEY" }, /* RFC 2535 */
1148 { T_PX, "PX" }, /* RFC 1664 */
1149 { T_GPOS, "GPOS" }, /* RFC 1712 */
1150 { T_AAAA, "AAAA" }, /* RFC 1886 */
1151 { T_LOC, "LOC" }, /* RFC 1886 */
1152 { T_NXT, "NXT" }, /* RFC 1876 */
1153 { T_EID, "EID" },
1154 { T_NIMLOC, "NIMLOC" },
1155 { T_SRV, "SRV" }, /* RFC 2052 */
1156 { T_ATMA, "ATMA" },
1157 { T_NAPTR, "NAPTR" }, /* RFC 3403 */
1158 { T_KX, "KX" }, /* RFC 2230 */
1159 { T_CERT, "CERT" }, /* RFC 4398 */
1160 { T_A6, "A6" }, /* RFC 2874 */
1161 { T_DNAME, "DNAME" }, /* RFC 2672 */
1162 { T_SINK, "SINK" },
1163 { T_OPT, "OPT" }, /* RFC 2671 */
1164 { T_APL, "APL" }, /* RFC 3123 */
1165 { T_DS, "DS" }, /* RFC 4034 */
1166 { T_SSHFP, "SSHFP" }, /* RFC 4255 */
1167 { T_IPSECKEY, "IPSECKEY" }, /* RFC 4025 */
1168 { T_RRSIG, "RRSIG" }, /* RFC 4034 */
1169 { T_NSEC, "NSEC" }, /* RFC 4034 */
1170 { T_DNSKEY, "DNSKEY" }, /* RFC 4034 */
1171 { T_DHCID, "DHCID" }, /* RFC 4701 */
1172 { T_NSEC3, "NSEC3" }, /* RFC 5155 */
1173 { T_NSEC3PARAM, "NSEC3PARAM" }, /* RFC 5155 */
1174 { T_TLSA, "TLSA" },
1175 { T_HIP, "HIP" }, /* RFC 5205 */
1176 { T_RKEY, "RKEY" },
1177 { T_TALINK, "TALINK" },
1178 { T_CDS, "CDS" }, /* RFC 7344 */
1179 { T_CDNSKEY, "CDNSKEY" }, /* RFC 7344*/
1180 { T_OPENPGPKEY, "OPENPGPKEY" }, /* draft-ietf-dane-openpgpkey */
1181 { T_CSYNC, "CSYNC" }, /* RFC 7477 */
1182 { T_ZONEMD, "ZONEMD" }, /* RFC 8976 */
1183 { T_SVCB, "SVCB" }, /* draft-ietf-dnsop-svcb-https-01 */
1184 { T_HTTPS, "HTTPS" }, /* draft-ietf-dnsop-svcb-https-01 */
1185 { T_SPF, "SPF" }, /* RFC 4408 */
1186 { T_UINFO, "UINFO" }, /* IANA reserved */
1187 { T_UID, "UID" }, /* IANA reserved */
1188 { T_GID, "GID" }, /* IANA reserved */
1189 { T_UNSPEC, "UNSPEC" }, /* IANA reserved */
1190 { T_NID, "NID" }, /* RFC 6742 */
1191 { T_L32, "L32" }, /* RFC 6742 */
1192 { T_L64, "L64" }, /* RFC 6742 */
1193 { T_LP, "LP" }, /* RFC 6742 */
1194 { T_EUI48, "EUI48" }, /* RFC 7043 */
1195 { T_EUI64, "EUI64" }, /* RFC 7043 */
1196 { T_TKEY, "TKEY" },
1197 { T_TSIG, "TSIG" },
1198 { T_IXFR, "IXFR" },
1199 { T_AXFR, "AXFR" },
1200 { T_MAILB, "MAILB" },
1201 { T_MAILA, "MAILA" },
1202 { T_ANY, "ANY" },
1203 { T_URI, "URI" },
1204 { T_CAA, "CAA" }, /* RFC 6844 */
1205 { T_AVC, "AVC" },
1206 { T_DOA, "DOA" }, /* (draft-durand-doa-over-dns) */
1207 { T_AMTRELAY, "AMTRELAY" }, /* RFC8777 */
1208 { T_RESINFO, "RESINFO" },
1209 { T_WALLET, "WALLET" },
1210 { T_TA, "TA" },
1211 { T_DLV, "DLV" }, /* RFC 4431 */
1212
1213 { T_WINS, "WINS" },
1214 { T_WINS_R, "WINS-R" },
1215 { T_XPF, "XPF" }, /* draft-bellis-dnsop-xpf */
1216
1217 {0, NULL}
1218 };
1219
1220 static value_string_ext dns_types_vals_ext = VALUE_STRING_EXT_INIT(dns_types_vals);
1221
1222 static const value_string dns_types_description_vals[] = {
1223 { 0, "" },
1224 { T_A, "(Host Address)" },
1225 { T_NS, "(authoritative Name Server)" },
1226 { T_MD, "(Mail Destination)" },
1227 { T_MF, "(Mail Forwarder)" },
1228 { T_CNAME, "(Canonical NAME for an alias)" },
1229 { T_SOA, "(Start Of a zone of Authority)" },
1230 { T_MB, "(MailBox domain name)"},
1231 { T_MG, "(Mail Group member)" },
1232 { T_MR, "(Mail Rename domain)" },
1233 { T_NULL, "(RR)" },
1234 { T_WKS, "(Well Known Service)" },
1235 { T_PTR, "(domain name PoinTeR)" },
1236 { T_HINFO, "(host information)" },
1237 { T_MINFO, "(Mailbox or mail list information)" },
1238 { T_MX, "(Mail eXchange)" },
1239 { T_TXT, "(Text strings)" },
1240 { T_RP, "(Responsible Person)" }, /* RFC 1183 */
1241 { T_AFSDB, "(AFS Data Base location)" }, /* RFC 1183 */
1242 { T_X25, "(XX.25 PSDN address)" }, /* RFC 1183 */
1243 { T_ISDN, "(ISDN address)" }, /* RFC 1183 */
1244 { T_RT, "(Route Through)" }, /* RFC 1183 */
1245 { T_NSAP, "(NSAP address)" },
1246 { T_NSAP_PTR, "(NSAP domain name pointer)" },
1247 { T_SIG, "(security signature)" },
1248 { T_KEY, "(security key)" },
1249 { T_PX, "(X.400 mail mapping information)" },
1250 { T_GPOS, "(Geographical Position)" },
1251 { T_AAAA, "(IP6 Address)" },
1252 { T_LOC, "(Location Information)" },
1253 { T_NXT, "(Next Domain)" },
1254 { T_EID, "(Endpoint Identifier)" },
1255 { T_NIMLOC, "(Nimrod Locator)" },
1256 { T_SRV, "(Server Selection)" },
1257 { T_ATMA, "(ATM Address)" },
1258 { T_NAPTR, "(Naming Authority Pointer)" },
1259 { T_KX, "(Key Exchanger)" },
1260 { T_CERT, "" },
1261 { T_A6, "(OBSOLETE - use AAAA)" },
1262 { T_DNAME, "" },
1263 { T_SINK, "" },
1264 { T_OPT, "" },
1265 { T_APL, "" },
1266 { T_DS, "(Delegation Signer)" },
1267 { T_SSHFP, "(SSH Key Fingerprint)" },
1268 { T_IPSECKEY, "" },
1269 { T_RRSIG, "(Resource Record Signature)" },
1270 { T_NSEC, "(Next Secure)" },
1271 { T_DNSKEY, "(DNS Public Key)" },
1272 { T_DHCID, "" },
1273 { T_NSEC3, "" },
1274 { T_NSEC3PARAM, "" },
1275 { T_TLSA, "" },
1276 { T_HIP, "(Host Identity Protocol)" }, /* RFC 5205 */
1277 { T_RKEY, "" },
1278 { T_TALINK, "(Trust Anchor LINK)" },
1279 { T_CDS, "(Child DS)" }, /* RFC 7344 */
1280 { T_CDNSKEY, "(DNSKEY(s) the Child wants reflected in DS)" }, /* RFC 7344 */
1281 { T_OPENPGPKEY, "(OpenPGP Key)" }, /* draft-ietf-dane-openpgpkey */
1282 { T_CSYNC, "(Child-to-Parent Synchronization)" }, /* RFC 7477 */
1283 { T_ZONEMD, "" }, /* RFC 8976 */
1284 { T_SVCB, "(General Purpose Service Endpoints)" }, /* draft-ietf-dnsop-svcb-https*/
1285 { T_HTTPS, "(HTTPS Specific Service Endpoints)" }, /* draft-ietf-dnsop-svcb-https*/
1286 { T_SPF, "" }, /* RFC 4408 */
1287 { T_UINFO, "" }, /* IANA reserved */
1288 { T_UID, "" }, /* IANA reserved */
1289 { T_GID, "" }, /* IANA reserved */
1290 { T_UNSPEC, "" }, /* IANA reserved */
1291 { T_NID, "(NodeID)" },
1292 { T_L32, "(Locator32)" },
1293 { T_L64, "(Locator64)" },
1294 { T_LP, "(Locator FQDN)" },
1295 { T_EUI48, "" },
1296 { T_EUI64, "" },
1297 { T_TKEY, "(Transaction Key)" },
1298 { T_TSIG, "(Transaction Signature)" },
1299 { T_IXFR, "(incremental transfer)" },
1300 { T_AXFR, "(transfer of an entire zone)" },
1301 { T_MAILB, "(mailbox-related RRs)" },
1302 { T_MAILA, "(mail agent RRs)" },
1303 { T_ANY, "(A request for all records the server/cache has available)" },
1304 { T_URI, "" },
1305 { T_CAA, "(Certification Authority Restriction)" }, /* RFC 6844 */
1306 { T_AVC, "(Application Visibility and Control)" },
1307 { T_DOA, "(Digital Object Architecture)" }, /* (draft-durand-doa-over-dns) */
1308 { T_AMTRELAY, "(Automatic Multicast Tunneling Relay)" }, /* RFC8777 */
1309 { T_RESINFO, "(Resolver Information) " },
1310 { T_WALLET, "(Public Wallet Address) " },
1311 { T_TA, "(DNSSEC Trust Authorities)" },
1312 { T_DLV, "(DNSSEC Lookaside Validation)" }, /* RFC 4431 */
1313 { T_WINS, "" },
1314 { T_WINS_R, "" },
1315 { T_XPF, "" }, /* draft-bellis-dnsop-xpf */
1316 {0, NULL}
1317 };
1318
1319 static value_string_ext dns_types_description_vals_ext = VALUE_STRING_EXT_INIT(dns_types_description_vals);
1320
1321 static const value_string edns0_opt_code_vals[] = {
1322 {0, "Reserved"},
1323 {O_LLQ, "LLQ - Long-lived query"},
1324 {O_UL, "UL - Update lease"},
1325 {O_NSID, "NSID - Name Server Identifier"},
1326 {O_OWNER, "Owner (reserved)"},
1327 {O_DAU, "DAU - DNSSEC Algorithm Understood (RFC6975)"},
1328 {O_DHU, "DHU - DS Hash Understood (RFC6975)"},
1329 {O_N3U, "N3U - NSEC3 Hash Understood (RFC6975)"},
1330 {O_CLIENT_SUBNET_EXP, "Experimental - CSUBNET - Client subnet" },
1331 {O_CLIENT_SUBNET, "CSUBNET - Client subnet" },
1332 {O_EDNS_EXPIRE, "EDNS EXPIRE (RFC7314)"},
1333 {O_COOKIE, "COOKIE"},
1334 {O_EDNS_TCP_KA, "EDNS TCP Keepalive"},
1335 {O_PADDING, "PADDING"},
1336 {O_CHAIN, "CHAIN"},
1337 {O_EXT_ERROR, "Extended DNS Error"},
1338 {O_REPORT_CHANNEL, "Report-Channel"},
1339 {O_ZONEVERSION, "Zone Version"},
1340 {0, NULL}
1341 };
1342 /* DNS-Based Authentication of Named Entities (DANE) Parameters
1343 http://www.iana.org/assignments/dane-parameters (last updated 2014-04-23)
1344 */
1345 /* TLSA Certificate Usages */
1346 #define TLSA_CU_PKIX_TA 0
1347 #define TLSA_CU_PKIX_EE 1
1348 #define TLSA_CU_DANE_TA 2
1349 #define TLSA_CU_DANE_EE 3
1350
1351 static const value_string tlsa_certificate_usage_vals[] = {
1352 {TLSA_CU_PKIX_TA, "CA constraint (PKIX-TA)"},
1353 {TLSA_CU_PKIX_EE, "Service certificate constraint (PKIX-EE)"},
1354 {TLSA_CU_DANE_TA, "Trust anchor assertion (DANE-TA)"},
1355 {TLSA_CU_DANE_EE, "Domain-issued certificate (DANE-EE)"},
1356 {0, NULL}
1357 };
1358
1359 /* TLSA Selectors */
1360 #define TLSA_S_CERT 0
1361 #define TLSA_S_SPKI 1
1362
1363 static const value_string tlsa_selector_vals[] = {
1364 {TLSA_S_CERT, "Full certificate (Cert)"},
1365 {TLSA_S_SPKI, "SubjectPublicKeyInfo (SPKI)"},
1366 {0, NULL}
1367 };
1368
1369 /* TLSA Matching Types */
1370 #define TLSA_MT_FULL 0
1371 #define TLSA_MT_SHA_256 1
1372 #define TLSA_MT_SHA_512 2
1373
1374 static const value_string tlsa_matching_type_vals[] = {
1375 {TLSA_MT_FULL, "No Hash Used (Full)"},
1376 {TLSA_MT_SHA_256, "256 bit hash by SHA2 (SHA2-256)"},
1377 {TLSA_MT_SHA_512, "512 bit hash by SHA2 (SHA2-512)"},
1378 {0, NULL}
1379 };
1380
1381 /* IPSECKEY RFC4025 */
1382 /* IPSECKEY RFC8005 */
1383 /* IPSECKEY RFC9373 */
1384 static const value_string gw_algo_vals[] = {
1385 { 1, "DSA" },
1386 { 2, "RSA" },
1387 { 3, "ECDSA" },
1388 { 4, "EdDSA" },
1389 { 0, NULL }
1390 };
1391
1392 static const value_string gw_type_vals[] = {
1393 { 0, "No Gateway" },
1394 { 1, "IPv4 Gateway" },
1395 { 2, "IPv6 Gateway" },
1396 { 3, "DNS Gateway" },
1397 { 0, NULL }
1398 };
1399
1400 const value_string dns_classes[] = {
1401 {C_IN, "IN"},
1402 {C_CS, "CS"},
1403 {C_CH, "CH"},
1404 {C_HS, "HS"},
1405 {C_NONE, "NONE"},
1406 {C_ANY, "ANY"},
1407 {0,NULL}
1408 };
1409
1410 /* DSO Type Opcodes RFC8490 */
1411 #define DSO_TYPE_RES 0x0000 /* RFC8490 */
1412 #define DSO_TYPE_KEEPALIVE 0x0001 /* RFC8490 */
1413 #define DSO_TYPE_RETRYDELAY 0x0002 /* RFC8490 */
1414 #define DSO_TYPE_ENCPAD 0x0003 /* RFC8490 */
1415 #define DSO_TYPE_SUBSCRIBE 0x0040 /* RF8765 */
1416 #define DSO_TYPE_PUSH 0x0041 /* RF8765 */
1417 #define DSO_TYPE_UNSUBSCRIBE 0x0042 /* RF8765 */
1418 #define DSO_TYPE_RECONFIRM 0x0043 /* RF8765 */
1419
1420 static const range_string dns_dso_type_rvals[] = {
1421 { DSO_TYPE_RES, DSO_TYPE_RES, "Reserved" },
1422 { DSO_TYPE_KEEPALIVE, DSO_TYPE_KEEPALIVE, "Keep Alive" },
1423 { DSO_TYPE_RETRYDELAY, DSO_TYPE_RETRYDELAY, "Retry Delay" },
1424 { DSO_TYPE_ENCPAD, DSO_TYPE_ENCPAD, "Encryption Padding" },
1425 { 0x0004, 0x003F, "Unassigned, reserved for DSO session-management TLVs" },
1426 { DSO_TYPE_SUBSCRIBE, DSO_TYPE_SUBSCRIBE, "Subscribe" },
1427 { DSO_TYPE_PUSH, DSO_TYPE_PUSH, "Push" },
1428 { DSO_TYPE_UNSUBSCRIBE, DSO_TYPE_UNSUBSCRIBE, "Unsubscribe" },
1429 { DSO_TYPE_RECONFIRM, DSO_TYPE_RECONFIRM, "Reconfirm" },
1430 { 0x0044, 0xF7FF, "Unassigned" },
1431 { 0xF800, 0xFBFF, "Reserved for Experimental/Local Use" },
1432 { 0xFC00, 0xFFFF, "Reserved for future expansion" },
1433 { 0, 0, NULL }
1434 };
1435
1436 #define DNS_SVCB_KEY_MANDATORY 0
1437 #define DNS_SVCB_KEY_ALPN 1
1438 #define DNS_SVCB_KEY_NOALPN 2
1439 #define DNS_SVCB_KEY_PORT 3
1440 #define DNS_SVCB_KEY_IPV4HINT 4
1441 #define DNS_SVCB_KEY_ECH 5 /* draft-ietf-tls-svcb-ech-00 */
1442 #define DNS_SVCB_KEY_IPV6HINT 6
1443 #define DNS_SVCB_KEY_DOHPATH 7 /* draft-ietf-add-svcb-dns-08 */
1444 #define DNS_SVCB_KEY_ODOHCONFIG 32769 /* draft-pauly-dprive-oblivious-doh-02 */
1445 #define DNS_SVCB_KEY_RESERVED 65535
1446
1447 /**
1448 * Service Binding (SVCB) Parameter Registry.
1449 * https://tools.ietf.org/html/draft-ietf-dnsop-svcb-https-12#section-14.3.2
1450 */
1451 static const value_string dns_svcb_param_key_vals[] = {
1452 { DNS_SVCB_KEY_MANDATORY, "mandatory" },
1453 { DNS_SVCB_KEY_ALPN, "alpn" },
1454 { DNS_SVCB_KEY_NOALPN, "no-default-alpn" },
1455 { DNS_SVCB_KEY_PORT, "port" },
1456 { DNS_SVCB_KEY_IPV4HINT, "ipv4hint" },
1457 { DNS_SVCB_KEY_ECH, "ech" },
1458 { DNS_SVCB_KEY_IPV6HINT, "ipv6hint" },
1459 { DNS_SVCB_KEY_DOHPATH, "dohpath" },
1460 { DNS_SVCB_KEY_ODOHCONFIG, "odohconfig" },
1461 { DNS_SVCB_KEY_RESERVED, "key65535" },
1462 { 0, NULL }
1463 };
1464
1465 static int * const dns_csync_flags[] = {
1466 &hf_dns_csync_flags_immediate,
1467 &hf_dns_csync_flags_soaminimum,
1468 NULL
1469 };
1470
1471 #define DNS_ZONEMD_SCHEME_SIMPLE 1
1472
1473 static const range_string dns_zonemd_scheme[] = {
1474 { 0, 0, "Reserved" },
1475 { DNS_ZONEMD_SCHEME_SIMPLE, DNS_ZONEMD_SCHEME_SIMPLE, "SIMPLE" },
1476 { 2, 239, "Unassigned" },
1477 { 240, 254, "Private Use" },
1478 { 255, 255, "Reserved" },
1479 { 0, 0, NULL } };
1480
1481 #define DNS_ZONEMD_HASH_SHA384 1
1482 #define DNS_ZONEMD_HASH_SHA512 2
1483
1484 static const range_string dns_zonemd_hash_algo[] = {
1485 { 0, 0, "Reserved" },
1486 { DNS_ZONEMD_HASH_SHA384, DNS_ZONEMD_HASH_SHA384, "SHA-384" },
1487 { DNS_ZONEMD_HASH_SHA512, DNS_ZONEMD_HASH_SHA512, "SHA-512" },
1488 { 3, 239, "Unassigned" },
1489 { 240, 254, "Private Use" },
1490 { 255, 255, "Reserved" },
1491 { 0, 0, NULL } };
1492
1493 static const range_string dns_ext_err_info_code[] = {
1494 { 0, 0, "Other Error" },
1495 { 1, 1, "Unsupported DNSKEY Algorithm" },
1496 { 2, 2, "Unsupported DS Digest Type" },
1497 { 3, 3, "Stale Answer" },
1498 { 4, 4, "Forged Answer" },
1499 { 5, 5, "DNSSEC Indeterminate" },
1500 { 6, 6, "DNSSEC Bogus" },
1501 { 7, 7, "Signature Expired" },
1502 { 8, 8, "Signature Not Yet Valid" },
1503 { 9, 9, "DNSKEY Missing" },
1504 { 10, 10, "RRSIGs Missing" },
1505 { 11, 11, "No Zone Key Bit Set" },
1506 { 12, 12, "NSEC Missing" },
1507 { 13, 13, "Cached Error" },
1508 { 14, 14, "Not Ready" },
1509 { 15, 15, "Blocked" },
1510 { 16, 16, "Censored" },
1511 { 17, 17, "Filtered" },
1512 { 18, 18, "Prohibited" },
1513 { 19, 19, "Stale NXDomain Answer" },
1514 { 20, 20, "Not Authoritative" },
1515 { 21, 21, "Not Supported" },
1516 { 22, 22, "No Reachable Authority" },
1517 { 23, 23, "Network Error" },
1518 { 24, 24, "Invalid Data" },
1519 { 25, 25, "Signature Expired before Valid" },
1520 { 26, 26, "Too Early" },
1521 { 27, 27, "Unsupported NSEC3 Iterations Value" },
1522 { 28, 28, "Unable to conform to policy" },
1523 { 29, 29, "Synthesized" },
1524 { 30, 49151, "Unassigned" },
1525 { 49152, 65535, "Reserved for Private Use" },
1526 { 0, 0, NULL } };
1527
1528 #define DNS_ZONEVERSION_TYPE_SOA_SERIAL 0
1529 static const range_string dns_zoneversion_type[] = {
1530 { DNS_ZONEVERSION_TYPE_SOA_SERIAL, DNS_ZONEVERSION_TYPE_SOA_SERIAL, "SOA-SERIAL" },
1531 { 1, 245, "Unassigned" },
1532 { 246, 254, "Private Use" },
1533 { 255, 255, "Reserved" },
1534 { 0, 0, NULL } };
1535
1536 static void qname_host_and_domain(char* name, int name_len, char* host, char* domain)
1537 {
1538 int i;
1539 if (name_len > 1) {
1540 for (i = 0; i < name_len; i++) {
1541 if (name[i] == '.') {
1542 host[i] = '\0';
1543 if (i < name_len)
1544 ws_label_strcpy(domain, 256, 0, &name[i + 1], 0);
1545 break;
1546 }
1547 else {
1548 host[i] = name[i];
1549 }
1550 }
1551 }
1552 }
1553
1554 /* This function counts how many '.' are in the string, plus 1, in order to count the number
1555 * of labels
1556 */
1557 static unsigned
1558 qname_labels_count(const char* name, int name_len)
1559 {
1560 unsigned labels = 0;
1561 int i;
1562
1563 if (name_len > 1) {
1564 /* it was not a Zero-length name */
1565 for (i = 0; i < name_len; i++) {
1566 if (name[i] == '.')
1567 labels++;
1568 }
1569 labels++;
1570 }
1571 return labels;
1572 }
1573
1574 /* This function returns the number of bytes consumed and the expanded string
1575 * in *name.
1576 * The string is allocated with wmem_packet_scope scope and does not need to be freed.
1577 * it will be automatically freed when the packet has been dissected.
1578 */
1579 static int
1580 expand_dns_name(tvbuff_t *tvb, int offset, int max_len, int dns_data_offset,
1581 const char **name, int* name_len)
1582 {
1583 int start_offset = offset;
1584 char *np;
1585 int len = -1;
1586 int pointers_count = 0;
1587 int component_len;
1588 int indir_offset;
1589 int maxname;
1590
1591 const int min_len = 1; /* Minimum length of encoded name (for root) */
1592 /* If we're about to return a value (probably negative) which is less
1593 * than the minimum length, we're looking at bad data and we're liable
1594 * to put the dissector into a loop. Instead we throw an exception */
1595
1596 maxname = MAX_DNAME_LEN;
1597 np=(char *)wmem_alloc(wmem_packet_scope(), maxname);
1598 *name=np;
1599 (*name_len) = 0;
1600
1601 for (;;) {
1602 if (max_len && offset - start_offset > max_len - 1) {
1603 break;
1604 }
1605 component_len = tvb_get_uint8(tvb, offset);
1606 offset++;
1607 if (component_len == 0) {
1608 break;
1609 }
1610 switch (component_len & 0xc0) {
1611
1612 case 0x00:
1613 /* Label */
1614 if (np != *name) {
1615 /* Not the first component - put in a '.'. */
1616 if (maxname > 0) {
1617 *np++ = '.';
1618 (*name_len)++;
1619 maxname--;
1620 }
1621 }
1622 else {
1623 maxname--;
1624 }
1625 while (component_len > 0) {
1626 if (max_len && offset - start_offset > max_len - 1) {
1627 THROW(ReportedBoundsError);
1628 }
1629 if (maxname > 0) {
1630 *np++ = tvb_get_uint8(tvb, offset);
1631 (*name_len)++;
1632 maxname--;
1633 }
1634 component_len--;
1635 offset++;
1636 }
1637 break;
1638
1639 case 0x40:
1640 /* Extended label (RFC 2673) */
1641 switch (component_len & 0x3f) {
1642
1643 case 0x01:
1644 /* Bitstring label */
1645 {
1646 int bit_count;
1647 int label_len;
1648 int print_len;
1649
1650 bit_count = tvb_get_uint8(tvb, offset);
1651 offset++;
1652 label_len = (bit_count - 1) / 8 + 1;
1653
1654 if (maxname > 0) {
1655 print_len = snprintf(np, maxname, "\\[x");
1656 if (print_len <= maxname) {
1657 np += print_len;
1658 maxname -= print_len;
1659 } else {
1660 /* Nothing printed, as there's no room.
1661 Suppress all subsequent printing. */
1662 maxname = 0;
1663 }
1664 }
1665 while (label_len--) {
1666 if (maxname > 0) {
1667 print_len = snprintf(np, maxname, "%02x",
1668 tvb_get_uint8(tvb, offset));
1669 if (print_len <= maxname) {
1670 np += print_len;
1671 maxname -= print_len;
1672 } else {
1673 /* Nothing printed, as there's no room.
1674 Suppress all subsequent printing. */
1675 maxname = 0;
1676 }
1677 }
1678 offset++;
1679 }
1680 if (maxname > 0) {
1681 print_len = snprintf(np, maxname, "/%d]", bit_count);
1682 if (print_len <= maxname) {
1683 np += print_len;
1684 maxname -= print_len;
1685 } else {
1686 /* Nothing printed, as there's no room.
1687 Suppress all subsequent printing. */
1688 maxname = 0;
1689 }
1690 }
1691 }
1692 break;
1693
1694 default:
1695 *name="<Unknown extended label>";
1696 *name_len = (unsigned)strlen(*name);
1697 /* Parsing will probably fail from here on, since the */
1698 /* label length is unknown... */
1699 len = offset - start_offset;
1700 if (len < min_len) {
1701 THROW(ReportedBoundsError);
1702 }
1703 return len;
1704 }
1705 break;
1706
1707 case 0x80:
1708 THROW(ReportedBoundsError);
1709 break;
1710
1711 case 0xc0:
1712 /* Pointer. */
1713 indir_offset = dns_data_offset +
1714 (((component_len & ~0xc0) << 8) | tvb_get_uint8(tvb, offset));
1715 offset++;
1716 pointers_count++;
1717
1718 /* If "len" is negative, we are still working on the original name,
1719 not something pointed to by a pointer, and so we should set "len"
1720 to the length of the original name. */
1721 if (len < 0) {
1722 len = offset - start_offset;
1723 }
1724 /*
1725 * If we find a pointer to itself, it is a trivial loop. Otherwise if we
1726 * processed a large number of pointers, assume an indirect loop.
1727 */
1728 if (indir_offset == offset + 2 || pointers_count > MAX_DNAME_LEN) {
1729 *name="<Name contains a pointer that loops>";
1730 *name_len = (unsigned)strlen(*name);
1731 if (len < min_len) {
1732 THROW(ReportedBoundsError);
1733 }
1734 return len;
1735 }
1736
1737 offset = indir_offset;
1738 break; /* now continue processing from there */
1739 }
1740 }
1741
1742 // Do we have space for the terminating 0?
1743 if (maxname > 0) {
1744 *np = '\0';
1745 }
1746 else {
1747 *name="<Name too long>";
1748 *name_len = (unsigned)strlen(*name);
1749 }
1750
1751 /* If "len" is negative, we haven't seen a pointer, and thus haven't
1752 set the length, so set it. */
1753 if (len < 0) {
1754 len = offset - start_offset;
1755 }
1756
1757 return len;
1758 }
1759
1760 /* return the bytes in the tvb consumed by the function. The converted string (that
1761 can contain null bytes, is written in name and its length in name_len. */
1762 int
1763 get_dns_name(tvbuff_t *tvb, int offset, int max_len, int dns_data_offset,
1764 const char **name, int* name_len)
1765 {
1766 int len;
1767
1768 len = expand_dns_name(tvb, offset, max_len, dns_data_offset, name, name_len);
1769
1770 /* Zero-length name means "root server" */
1771 if (**name == '\0' && len <= MIN_DNAME_LEN) {
1772 *name="<Root>";
1773 *name_len = (int)strlen(*name);
1774 return len;
1775 }
1776
1777 if ((len < MIN_DNAME_LEN) || (len > MIN_DNAME_LEN && *name_len == 0)) {
1778 THROW(ReportedBoundsError);
1779 }
1780
1781 return len;
1782 }
1783
1784 static int
1785 get_dns_name_type_class(tvbuff_t *tvb, int offset, int dns_data_offset,
1786 const char **name, int *name_len, uint16_t *type, uint16_t *dns_class)
1787 {
1788 int start_offset = offset;
1789
1790 offset += get_dns_name(tvb, offset, 0, dns_data_offset, name, name_len);
1791
1792 *type = tvb_get_ntohs(tvb, offset);
1793 offset += 2;
1794
1795 *dns_class = tvb_get_ntohs(tvb, offset);
1796 offset += 2;
1797
1798 return offset - start_offset;
1799 }
1800
1801 static double
1802 rfc1867_size(tvbuff_t *tvb, int offset)
1803 {
1804 uint8_t val;
1805 double size;
1806 uint32_t exponent;
1807
1808 val = tvb_get_uint8(tvb, offset);
1809 size = (val & 0xF0) >> 4;
1810 exponent = (val & 0x0F);
1811 while (exponent != 0) {
1812 size *= 10;
1813 exponent--;
1814 }
1815 return size / 100; /* return size in meters, not cm */
1816 }
1817
1818 static char *
1819 rfc1867_angle(tvbuff_t *tvb, int offset, bool longitude)
1820 {
1821 uint32_t angle;
1822 char direction;
1823 uint32_t degrees, minutes, secs, tsecs;
1824 /* "%u deg %u min %u.%03u sec %c" */
1825 static char buf[10+1+3+1 + 2+1+3+1 + 2+1+3+1+3+1 + 1 + 1];
1826
1827 angle = tvb_get_ntohl(tvb, offset);
1828
1829 if (angle < 0x80000000U) {
1830 angle = 0x80000000U - angle;
1831 direction = longitude ? 'W' : 'S';
1832 } else {
1833 angle = angle - 0x80000000U;
1834 direction = longitude ? 'E' : 'N';
1835 }
1836
1837 if (longitude ? (angle > 648000000) : (angle > 324000000))
1838 {
1839 snprintf(buf, sizeof(buf), "Value out of range");
1840 return buf;
1841 }
1842
1843 tsecs = angle % 1000;
1844 angle = angle / 1000;
1845 secs = angle % 60;
1846 angle = angle / 60;
1847 minutes = angle % 60;
1848 degrees = angle / 60;
1849
1850 snprintf(buf, sizeof(buf), "%u deg %u min %u.%03u sec %c", degrees, minutes, secs,
1851 tsecs, direction);
1852 return buf;
1853 }
1854
1855 static int
1856 dissect_dns_query(tvbuff_t *tvb, int offset, int dns_data_offset,
1857 packet_info *pinfo, proto_tree *dns_tree, bool is_mdns,
1858 bool *is_multiple_responds)
1859 {
1860 int used_bytes;
1861 const char *name;
1862 char *name_out;
1863 int name_len;
1864 uint16_t type;
1865 uint16_t dns_class;
1866 int qu;
1867 const char *type_name;
1868 int data_start;
1869 uint16_t labels;
1870 proto_tree *q_tree;
1871 proto_item *tq;
1872 proto_item *ti;
1873
1874 data_start = offset;
1875
1876 used_bytes = get_dns_name_type_class(tvb, offset, dns_data_offset, &name, &name_len,
1877 &type, &dns_class);
1878
1879 if (is_mdns) {
1880 /* Split the QU flag and the class */
1881 qu = dns_class & C_QU;
1882 dns_class &= ~C_QU;
1883 } else {
1884 qu = 0;
1885 }
1886
1887 if (type == T_AXFR || type == T_IXFR) {
1888 *is_multiple_responds = true;
1889 }
1890
1891 type_name = val_to_str_ext(type, &dns_types_vals_ext, "Unknown (%u)");
1892
1893 /*
1894 * The name might contain octets that aren't printable characters,
1895 * format it for display.
1896 */
1897 name_out = format_text(pinfo->pool, (const unsigned char *)name, name_len);
1898
1899 col_append_fstr(pinfo->cinfo, COL_INFO, " %s %s", type_name, name_out);
1900 if (is_mdns) {
1901 col_append_fstr(pinfo->cinfo, COL_INFO, ", \"%s\" question", qu ? "QU" : "QM");
1902 }
1903 if (dns_tree != NULL) {
1904 q_tree = proto_tree_add_subtree_format(dns_tree, tvb, offset, used_bytes, ett_dns_qd, &tq, "%s: type %s, class %s",
1905 name_out, type_name, val_to_str_const(dns_class, dns_classes, "Unknown"));
1906 if (is_mdns) {
1907 proto_item_append_text(tq, ", \"%s\" question", qu ? "QU" : "QM");
1908 }
1909
1910 /* The number of used bytes for qname is the total used bytes minus 2 bytes for qtype and 2 bytes for qclass */
1911 proto_tree_add_string(q_tree, hf_dns_qry_name, tvb, offset, used_bytes - 4, name_out);
1912
1913 tq = proto_tree_add_uint(q_tree, hf_dns_qry_name_len, tvb, offset, used_bytes - 4, name_len > 1 ? name_len : 0);
1914 proto_item_set_generated(tq);
1915
1916 labels = qname_labels_count(name, name_len);
1917 tq = proto_tree_add_uint(q_tree, hf_dns_count_labels, tvb, offset, used_bytes - 4, labels);
1918 proto_item_set_generated(tq);
1919
1920 offset += used_bytes - 4;
1921
1922 ti = proto_tree_add_item(q_tree, hf_dns_qry_type, tvb, offset, 2, ENC_BIG_ENDIAN);
1923 proto_item_append_text(ti, " %s", val_to_str_ext(type, &dns_types_description_vals_ext, "Unknown (%d)"));
1924 offset += 2;
1925
1926 if (is_mdns) {
1927 proto_tree_add_uint(q_tree, hf_dns_qry_class_mdns, tvb, offset, 2, dns_class);
1928 proto_tree_add_boolean(q_tree, hf_dns_qry_qu, tvb, offset, 2, qu);
1929 } else {
1930 proto_tree_add_uint(q_tree, hf_dns_qry_class, tvb, offset, 2, dns_class);
1931 }
1932
1933 offset += 2;
1934 }
1935
1936 if (data_start + used_bytes != offset) {
1937 /* Add expert info ? (about incorrect len...)*/
1938 }
1939 return used_bytes;
1940 }
1941
1942
1943 static void
1944 add_rr_to_tree(proto_tree *rr_tree, tvbuff_t *tvb, int offset,
1945 const char *name, int namelen, int type,
1946 packet_info *pinfo, bool is_mdns)
1947 {
1948 uint32_t ttl_value;
1949 proto_item *ttl_item;
1950 char **srv_rr_info;
1951 proto_item *ti;
1952
1953 if (type == T_SRV && name[0]) {
1954 srv_rr_info = wmem_strsplit(pinfo->pool, name, ".", 4);
1955
1956 // If there are >=3 labels and the third label starts with an underscore,
1957 // then likely a DNS-SD instance name is present [RFC 6763 sect 4.1], as in
1958 // instance._service._proto.example.com
1959 if (g_strv_length(srv_rr_info) >= 3 && srv_rr_info[2][0] == '_') {
1960 proto_tree_add_string(rr_tree, hf_dns_srv_instance, tvb, offset, namelen, srv_rr_info[0]);
1961 proto_tree_add_string(rr_tree, hf_dns_srv_service, tvb, offset, namelen, srv_rr_info[1]);
1962 proto_tree_add_string(rr_tree, hf_dns_srv_proto, tvb, offset, namelen, srv_rr_info[2]);
1963 if (srv_rr_info[3]) {
1964 proto_tree_add_string(rr_tree, hf_dns_srv_name, tvb, offset, namelen, srv_rr_info[3]);
1965 }
1966 } else {
1967 // Else this is a normal SRV record like _service._proto.example.com
1968
1969 proto_tree_add_string(rr_tree, hf_dns_srv_service, tvb, offset, namelen, srv_rr_info[0]);
1970
1971 if (srv_rr_info[1]) {
1972 proto_tree_add_string(rr_tree, hf_dns_srv_proto, tvb, offset, namelen, srv_rr_info[1]);
1973
1974 if (srv_rr_info[2]) {
1975 // If the name happens to only have 3 labels like "_service._proto.example",
1976 // then we can just use srv_rr_info[2] as the name; but otherwise,
1977 // the wmem_split above will turn "_service._proto.one.two.example.com"
1978 // into ["_service", "_proto", "one", "two.example.com"]
1979 // and we need to concatenate "one" + "." + "two.example.com" first
1980 if (srv_rr_info[3]) {
1981 const char* domain_name = wmem_strjoin(pinfo->pool, ".", srv_rr_info[2], srv_rr_info[3], NULL);
1982 proto_tree_add_string(rr_tree, hf_dns_srv_name, tvb, offset, namelen, domain_name);
1983 } else {
1984 proto_tree_add_string(rr_tree, hf_dns_srv_name, tvb, offset, namelen, srv_rr_info[2]);
1985 }
1986 }
1987 }
1988 }
1989 } else {
1990 proto_tree_add_string(rr_tree, hf_dns_rr_name, tvb, offset, namelen, name);
1991 }
1992
1993 offset += namelen;
1994
1995 ti = proto_tree_add_item(rr_tree, hf_dns_rr_type, tvb, offset, 2, ENC_BIG_ENDIAN);
1996 proto_item_append_text(ti, " %s", val_to_str_ext(type, &dns_types_description_vals_ext, "Unknown (%d)"));
1997 offset += 2;
1998 if (is_mdns) {
1999 proto_tree_add_item(rr_tree, hf_dns_rr_class_mdns, tvb, offset, 2, ENC_BIG_ENDIAN);
2000 proto_tree_add_item(rr_tree, hf_dns_rr_cache_flush, tvb, offset, 2, ENC_BIG_ENDIAN);
2001 } else {
2002 proto_tree_add_item(rr_tree, hf_dns_rr_class, tvb, offset, 2, ENC_BIG_ENDIAN);
2003 }
2004 offset += 2;
2005 ttl_item = proto_tree_add_item_ret_uint(rr_tree, hf_dns_rr_ttl, tvb, offset, 4, ENC_BIG_ENDIAN, &ttl_value);
2006 // storing ttl in the context-specific array and then increments its array's
2007 // index for storing ttl of the next record
2008 if (dns_qr_statistics_enabled) {
2009 // cap (or limit check) has been put in-place to avoid overflow
2010 // check https://gitlab.com/wireshark/wireshark/-/issues/19700
2011 if (*p_dns_qr_r_rx_ttl_index < TTL_MAXIMUM_ELEMENTS) {
2012 p_dns_qr_r_rx_ttls[(*p_dns_qr_r_rx_ttl_index)++] = ttl_value;
2013 }
2014 else {
2015 ws_debug("index(%u) >= (%u)TTL_MAXIMUM_ELEMENTS", *p_dns_qr_r_rx_ttl_index, TTL_MAXIMUM_ELEMENTS);
2016 }
2017 }
2018 proto_item_append_text(ttl_item, " (%s)", unsigned_time_secs_to_str(pinfo->pool, ttl_value));
2019 if (ttl_value & 0x80000000) {
2020 expert_add_info(pinfo, ttl_item, &ei_ttl_high_bit_set);
2021 }
2022
2023 offset += 4;
2024 proto_tree_add_item(rr_tree, hf_dns_rr_len, tvb, offset, 2, ENC_BIG_ENDIAN);
2025 }
2026
2027
2028 static void
2029 add_opt_rr_to_tree(proto_tree *rr_tree, tvbuff_t *tvb, int offset,
2030 const char *name, int namelen, bool is_mdns)
2031 {
2032 proto_tree *Z_tree;
2033 proto_item *Z_item;
2034 proto_item *ti;
2035 uint32_t type;
2036
2037 proto_tree_add_string(rr_tree, hf_dns_rr_name, tvb, offset, namelen, name);
2038 offset += namelen;
2039 ti = proto_tree_add_item_ret_uint(rr_tree, hf_dns_rr_type, tvb, offset, 2, ENC_BIG_ENDIAN, &type);
2040 proto_item_append_text(ti, " %s", val_to_str_ext(type, &dns_types_description_vals_ext, "Unknown (%d)"));
2041 offset += 2;
2042 if (is_mdns) {
2043 proto_tree_add_item(rr_tree, hf_dns_rr_udp_payload_size_mdns, tvb, offset, 2, ENC_BIG_ENDIAN);
2044 proto_tree_add_item(rr_tree, hf_dns_rr_cache_flush, tvb, offset, 2, ENC_BIG_ENDIAN);
2045 } else {
2046 proto_tree_add_item(rr_tree, hf_dns_rr_udp_payload_size, tvb, offset, 2, ENC_BIG_ENDIAN);
2047 }
2048 offset += 2;
2049 proto_tree_add_item(rr_tree, hf_dns_rr_ext_rcode, tvb, offset, 1, ENC_BIG_ENDIAN);
2050 offset++;
2051 proto_tree_add_item(rr_tree, hf_dns_rr_edns0_version, tvb, offset, 1, ENC_BIG_ENDIAN);
2052 offset++;
2053 Z_item = proto_tree_add_item(rr_tree, hf_dns_rr_z, tvb, offset, 2, ENC_BIG_ENDIAN);
2054 Z_tree = proto_item_add_subtree(Z_item, ett_dns_rr);
2055 proto_tree_add_item(Z_tree, hf_dns_rr_z_do, tvb, offset, 2, ENC_BIG_ENDIAN);
2056 proto_tree_add_item(Z_tree, hf_dns_rr_z_reserved, tvb, offset, 2, ENC_BIG_ENDIAN);
2057 offset += 2;
2058 proto_tree_add_item(rr_tree, hf_dns_rr_len, tvb, offset, 2, ENC_BIG_ENDIAN);
2059 }
2060
2061 static int
2062 dissect_type_bitmap(proto_tree *rr_tree, tvbuff_t *tvb, int cur_offset, int rr_len)
2063 {
2064 int mask, blockbase, blocksize;
2065 int i, initial_offset, rr_type;
2066 uint8_t bits;
2067
2068 initial_offset = cur_offset;
2069 while (rr_len != 0) {
2070 blockbase = tvb_get_uint8(tvb, cur_offset);
2071 blocksize = tvb_get_uint8(tvb, cur_offset + 1);
2072 cur_offset += 2;
2073 rr_len -= 2;
2074 rr_type = blockbase * 256;
2075 for( ; blocksize; blocksize-- ) {
2076 bits = tvb_get_uint8(tvb, cur_offset);
2077 mask = 1<<7;
2078 for (i = 0; i < 8; i++) {
2079 if (bits & mask) {
2080 proto_tree_add_uint_format(rr_tree, hf_dns_rr_type, tvb, cur_offset, 1, rr_type,
2081 "RR type in bit map: %s %s",
2082 val_to_str_ext_const(rr_type, &dns_types_vals_ext, " "),
2083 val_to_str_ext(rr_type, &dns_types_description_vals_ext, "Unknown (%d)")
2084 );
2085 }
2086 mask >>= 1;
2087 rr_type++;
2088 }
2089 cur_offset += 1;
2090 rr_len -= 1;
2091 }
2092 }
2093 return initial_offset - cur_offset;
2094 }
2095
2096 static int
2097 dissect_type_bitmap_nxt(proto_tree *rr_tree, tvbuff_t *tvb, int cur_offset, int rr_len)
2098 {
2099 int mask;
2100 int i, initial_offset, rr_type;
2101 uint8_t bits;
2102
2103 initial_offset = cur_offset;
2104 rr_type = 0;
2105 while (rr_len != 0) {
2106 bits = tvb_get_uint8(tvb, cur_offset);
2107 mask = 1<<7;
2108 for (i = 0; i < 8; i++) {
2109 if (bits & mask) {
2110 proto_tree_add_uint_format(rr_tree, hf_dns_rr_type, tvb, cur_offset, 1, rr_type,
2111 "RR type in bit map: %s %s",
2112 val_to_str_ext_const(rr_type, &dns_types_vals_ext, " "),
2113 val_to_str_ext(rr_type, &dns_types_description_vals_ext, "Unknown (%d)"));
2114 }
2115 mask >>= 1;
2116 rr_type++;
2117 }
2118 cur_offset += 1;
2119 rr_len -= 1;
2120 }
2121
2122 return initial_offset - cur_offset;
2123 }
2124
2125 /*
2126 * SIG, KEY, and CERT RR algorithms.
2127 * http://www.iana.org/assignments/dns-sec-alg-numbers/dns-sec-alg-numbers.txt (last updated 2017-01-09)
2128 */
2129 #define DNS_ALGO_RSAMD5 1 /* RSA/MD5 */
2130 #define DNS_ALGO_DH 2 /* Diffie-Hellman */
2131 #define DNS_ALGO_DSA 3 /* DSA */
2132 #define DNS_ALGO_ECC 4 /* Elliptic curve crypto */
2133 #define DNS_ALGO_RSASHA1 5 /* RSA/SHA1 */
2134 #define DNS_ALGO_DSA_NSEC3_SHA1 6 /* DSA + NSEC3/SHA1 */
2135 #define DNS_ALGO_RSASHA1_NSEC3_SHA1 7 /* RSA/SHA1 + NSEC3/SHA1 */
2136 #define DNS_ALGO_RSASHA256 8 /* RSA/SHA-256 */
2137 #define DNS_ALGO_RSASHA512 10 /* RSA/SHA-512 */
2138 #define DNS_ALGO_ECCGOST 12 /* GOST R 34.10-2001 */
2139 #define DNS_ALGO_ECDSAP256SHA256 13 /* ECDSA Curve P-256 with SHA-256 */
2140 #define DNS_ALGO_ECDSAP384SHA384 14 /* ECDSA Curve P-384 with SHA-384 */
2141 #define DNS_ALGO_ED25519 15 /* Ed25519 */
2142 #define DNS_ALGO_ED448 16 /* Ed448 */
2143 #define DNS_ALGO_HMACMD5 157 /* HMAC/MD5 */
2144 #define DNS_ALGO_INDIRECT 252 /* Indirect key */
2145 #define DNS_ALGO_PRIVATEDNS 253 /* Private, domain name */
2146 #define DNS_ALGO_PRIVATEOID 254 /* Private, OID */
2147
2148 static const value_string dnssec_algo_vals[] = {
2149 { DNS_ALGO_RSAMD5, "RSA/MD5" },
2150 { DNS_ALGO_DH, "Diffie-Hellman" },
2151 { DNS_ALGO_DSA, "DSA" },
2152 { DNS_ALGO_ECC, "Elliptic curve crypto" },
2153 { DNS_ALGO_RSASHA1, "RSA/SHA1" },
2154 { DNS_ALGO_DSA_NSEC3_SHA1, "DSA + NSEC3/SHA1" },
2155 { DNS_ALGO_RSASHA1_NSEC3_SHA1,"RSA/SHA1 + NSEC3/SHA1" },
2156 { DNS_ALGO_RSASHA256, "RSA/SHA-256" },
2157 { DNS_ALGO_RSASHA512, "RSA/SHA-512" },
2158 { DNS_ALGO_ECCGOST, "GOST R 34.10-2001" },
2159 { DNS_ALGO_ECDSAP256SHA256, "ECDSA Curve P-256 with SHA-256" },
2160 { DNS_ALGO_ECDSAP384SHA384, "ECDSA Curve P-384 with SHA-384" },
2161 { DNS_ALGO_ED25519, "Ed25519" },
2162 { DNS_ALGO_ED448, "Ed448" },
2163 { DNS_ALGO_HMACMD5, "HMAC/MD5" },
2164 { DNS_ALGO_INDIRECT, "Indirect key" },
2165 { DNS_ALGO_PRIVATEDNS, "Private, domain name" },
2166 { DNS_ALGO_PRIVATEOID, "Private, OID" },
2167 { 0, NULL }
2168 };
2169
2170 /*
2171 Delegation Signer (DS) Resource Record (RR) Type Digest Algorithms
2172 https://www.iana.org/assignments/ds-rr-types/ds-rr-types.txt (last-updated 2012-04-13)
2173 */
2174 #define DS_DIGEST_RESERVED 0
2175 #define DS_DIGEST_SHA1 1 /* MANDATORY [RFC3658] */
2176 #define DS_DIGEST_SHA256 2 /* MANDATORY [RFC4509] */
2177 #define DS_DIGEST_GOST 3 /* OPTIONAL [RFC5933] */
2178 #define DS_DIGEST_SHA384 4 /*OPTIONAL [RFC6605] */
2179
2180 static const value_string dns_ds_digest_vals[] = {
2181 { DS_DIGEST_RESERVED, "Reserved digest" },
2182 { DS_DIGEST_SHA1, "SHA-1" },
2183 { DS_DIGEST_SHA256, "SHA-256" },
2184 { DS_DIGEST_GOST, "GOST R 34.11-94" },
2185 { DS_DIGEST_SHA384, "SHA-384" },
2186 { 0, NULL }
2187 };
2188 /* DNSKEY : RFC4034 */
2189 #define DNSKEY_FLAGS_ZK 0x0100
2190 #define DNSKEY_FLAGS_KR 0x0080
2191 #define DNSKEY_FLAGS_SEP 0x0001
2192 #define DNSKEY_FLAGS_RSV 0xFE7E
2193
2194 static const true_false_string dns_dnskey_zone_key_tfs = { "This is the zone key for specified zone", "This it not a zone key" };
2195
2196 /* See RFC 4398 */
2197 #define DNS_CERT_PKIX 1 /* X509 certificate */
2198 #define DNS_CERT_SPKI 2 /* Simple public key certificate */
2199 #define DNS_CERT_PGP 3 /* OpenPGP packet */
2200 #define DNS_CERT_IPKIX 4 /* Indirect PKIX */
2201 #define DNS_CERT_ISPKI 5 /* Indirect SPKI */
2202 #define DNS_CERT_IPGP 6 /* Indirect PGP */
2203 #define DNS_CERT_ACPKIX 7 /* Attribute certificate */
2204 #define DNS_CERT_IACPKIX 8 /* Indirect ACPKIX */
2205 #define DNS_CERT_PRIVATEURI 253 /* Private, URI */
2206 #define DNS_CERT_PRIVATEOID 254 /* Private, OID */
2207
2208 static const value_string dns_cert_type_vals[] = {
2209 { DNS_CERT_PKIX, "PKIX" },
2210 { DNS_CERT_SPKI, "SPKI" },
2211 { DNS_CERT_PGP, "PGP" },
2212 { DNS_CERT_IPKIX, "IPKIX" },
2213 { DNS_CERT_ISPKI, "ISPKI" },
2214 { DNS_CERT_IPGP, "IPGP" },
2215 { DNS_CERT_ACPKIX, "ACPKIX" },
2216 { DNS_CERT_IACPKIX, "IACPKIX" },
2217 { DNS_CERT_PRIVATEURI, "Private, URI" },
2218 { DNS_CERT_PRIVATEOID, "Private, OID" },
2219 { 0, NULL }
2220 };
2221
2222 #define XSALSA20_POLY1305 0x0001
2223 #define XCHACHA20_POLY1305 0x0002
2224
2225 static const value_string esversions[] = {
2226 { XSALSA20_POLY1305, "XSalsa20Poly1305" },
2227 { XCHACHA20_POLY1305, "XChacha20Poly1305" },
2228 { 0, NULL }
2229 };
2230
2231 /**
2232 * Compute the key id of a KEY RR depending of the algorithm used.
2233 */
2234 static bool
2235 compute_key_id(proto_tree *tree, packet_info *pinfo, tvbuff_t *tvb, int offset, int size, uint8_t algo, uint16_t *key_id)
2236 {
2237 uint32_t ac;
2238 uint8_t c1, c2;
2239
2240 if (size < 4) {
2241 proto_item *item;
2242 *key_id = 0;
2243 item = proto_tree_add_expert(tree, pinfo, &ei_dns_key_id_buffer_too_short, tvb, offset, size);
2244 proto_item_set_generated(item);
2245 return false;
2246 }
2247
2248 switch( algo ) {
2249 case DNS_ALGO_RSAMD5:
2250 *key_id = (uint16_t)(tvb_get_uint8(tvb, offset + size - 3) << 8) + tvb_get_uint8( tvb, offset + size - 2 );
2251 break;
2252 default:
2253 for (ac = 0; size > 1; size -= 2, offset += 2) {
2254 c1 = tvb_get_uint8( tvb, offset );
2255 c2 = tvb_get_uint8( tvb, offset + 1 );
2256 ac += (c1 << 8) + c2 ;
2257 }
2258 if (size > 0) {
2259 c1 = tvb_get_uint8( tvb, offset );
2260 ac += c1 << 8;
2261 }
2262 ac += (ac >> 16) & 0xffff;
2263 *key_id = (uint16_t)(ac & 0xffff);
2264 break;
2265 }
2266 return true;
2267 }
2268
2269 /* Dissect a SvbParam where the presentation format of the value is base64. */
2270 static void
2271 dissect_dns_svcparam_base64(proto_tree *param_tree, proto_item *param_item, int hf_id, tvbuff_t *tvb, int offset, unsigned length)
2272 {
2273 char *str = g_base64_encode((uint8_t *)tvb_memdup(wmem_packet_scope(), tvb, offset, length), length);
2274 proto_tree_add_bytes_format_value(param_tree, hf_id, tvb, offset, length, NULL, "%s", str);
2275 proto_item_append_text(param_item, "=%s", str);
2276 g_free(str);
2277 }
2278
2279 static void
2280 add_timestamp(proto_tree *tree, int hf_id, tvbuff_t *tvb, int offset)
2281 {
2282 time_t date = tvb_get_ntohl(tvb, offset);
2283 nstime_t tv= {0, 0};
2284 tv.secs = (time_t)(date);
2285 proto_tree_add_time(tree, hf_id, tvb, offset, 4, &tv);
2286 }
2287
2288 /* The client begins a DNSCrypt session by sending a regular unencrypted
2289 TXT DNS query to the resolver IP address
2290 https://dnscrypt.info/protocol/
2291 https://www.ietf.org/archive/id/draft-denis-dprive-dnscrypt-01.html
2292 https://github.com/DNSCrypt/dnscrypt-proxy/blob/master/dnscrypt-proxy/dnscrypt_certs.go
2293 */
2294 static int
2295 dissect_dnscrypt(proto_tree *tree, tvbuff_t *tvb, int offset, unsigned length)
2296 {
2297 proto_item *sub_item;
2298 proto_tree *sub_tree;
2299
2300 sub_item = proto_tree_add_item(tree, hf_dns_dnscrypt, tvb, offset, length, ENC_NA);
2301 sub_tree = proto_item_add_subtree(sub_item, ett_dns_dnscrypt);
2302
2303 proto_tree_add_item(sub_tree, hf_dns_dnscrypt_magic, tvb, offset, 4, ENC_ASCII);
2304 offset+= 4;
2305
2306 proto_tree_add_item(sub_tree, hf_dns_dnscrypt_esversion, tvb, offset, 2, ENC_BIG_ENDIAN);
2307 offset+= 2;
2308
2309 proto_tree_add_item(sub_tree, hf_dns_dnscrypt_protocol_version, tvb, offset, 2, ENC_BIG_ENDIAN);
2310 offset+= 2;
2311
2312 proto_tree_add_item(sub_tree, hf_dns_dnscrypt_signature, tvb, offset, 64, ENC_NA);
2313 offset+= 64;
2314
2315 proto_tree_add_item(sub_tree, hf_dns_dnscrypt_resolver_pk, tvb, offset, 32, ENC_NA);
2316 offset+= 32;
2317
2318 proto_tree_add_item(sub_tree, hf_dns_dnscrypt_client_magic, tvb, offset, 8, ENC_NA);
2319 offset+= 8;
2320
2321 proto_tree_add_item(sub_tree, hf_dns_dnscrypt_serial_number, tvb, offset, 4, ENC_NA);
2322 offset+= 4;
2323
2324 add_timestamp(sub_tree, hf_dns_dnscrypt_ts_start, tvb, offset);
2325 offset += 4;
2326
2327 add_timestamp(sub_tree, hf_dns_dnscrypt_ts_end, tvb, offset);
2328 offset += 4;
2329
2330 return offset;
2331 }
2332
2333 static int
2334 dissect_dns_answer(tvbuff_t *tvb, int offsetx, int dns_data_offset,
2335 proto_tree *dns_tree, packet_info *pinfo,
2336 bool is_mdns, wmem_list_t *dns_type_list)
2337 {
2338 const char *name;
2339 char *name_out;
2340 int name_len;
2341 uint16_t dns_type;
2342 uint16_t dns_class;
2343 int flush;
2344 const char *class_name;
2345 const char *type_name;
2346 int data_offset;
2347 int cur_offset;
2348 int data_start;
2349 uint16_t data_len;
2350 proto_tree *rr_tree = NULL;
2351 proto_item *trr = NULL;
2352 unsigned used_bytes;
2353
2354 data_start = data_offset = offsetx;
2355 cur_offset = offsetx;
2356
2357 used_bytes = get_dns_name_type_class(tvb, offsetx, dns_data_offset, &name, &name_len,
2358 &dns_type, &dns_class);
2359
2360 /* The offset if the total used bytes minus 2 bytes for qtype and 2 bytes for qclass */
2361 data_offset += used_bytes;
2362 cur_offset += used_bytes;
2363 if (is_mdns) {
2364 /* Split the FLUSH flag and the class */
2365 flush = dns_class & C_FLUSH;
2366 dns_class &= ~C_FLUSH;
2367 } else {
2368 flush = 0;
2369 }
2370 type_name = val_to_str_ext(dns_type, &dns_types_vals_ext, "Unknown (%d)");
2371 class_name = val_to_str_const(dns_class, dns_classes, "Unknown");
2372
2373 data_offset += 4;
2374 cur_offset += 4;
2375
2376 data_len = tvb_get_ntohs(tvb, data_offset);
2377
2378 data_offset += 2;
2379 cur_offset += 2;
2380
2381 col_append_fstr(pinfo->cinfo, COL_INFO, " %s", type_name);
2382 if (is_mdns && flush) {
2383 col_append_str(pinfo->cinfo, COL_INFO, ", cache flush");
2384 }
2385
2386 wmem_list_append(dns_type_list, GINT_TO_POINTER(dns_type));
2387
2388 /*
2389 * The name might contain octets that aren't printable characters,
2390 * format it for display.
2391 */
2392 name_out = format_text(pinfo->pool, (const unsigned char*)name, name_len);
2393 if (dns_type != T_OPT) {
2394 rr_tree = proto_tree_add_subtree_format(dns_tree, tvb, offsetx,
2395 (data_offset - data_start) + data_len,
2396 ett_dns_rr, &trr, "%s: type %s, class %s",
2397 name_out, type_name, class_name);
2398 add_rr_to_tree(rr_tree, tvb, offsetx, name_out, used_bytes - 4,
2399 dns_type, pinfo, is_mdns);
2400 } else {
2401 rr_tree = proto_tree_add_subtree_format(dns_tree, tvb, offsetx,
2402 (data_offset - data_start) + data_len,
2403 ett_dns_rr, &trr, "%s: type %s", name_out, type_name);
2404 add_opt_rr_to_tree(rr_tree, tvb, offsetx, name_out, used_bytes - 4, is_mdns);
2405 }
2406 if (is_mdns && flush) {
2407 proto_item_append_text(trr, ", cache flush");
2408 }
2409
2410 if (data_len == 0) {
2411 return data_offset - data_start;
2412 }
2413
2414 switch (dns_type) {
2415
2416 case T_A: /* a host Address (1) */
2417 {
2418 switch (dns_class) {
2419 /* RFC 1034 Section 3.6
2420 * RDATA
2421 * A For the IN class, a 32 bit IP address
2422 *
2423 * For the CH class, a domain name followed
2424 * by a 16 bit octal Chaos address.
2425 */
2426 case C_IN:
2427 {
2428 const char *addr;
2429
2430 addr = tvb_ip_to_str(pinfo->pool, tvb, cur_offset);
2431 col_append_fstr(pinfo->cinfo, COL_INFO, " %s", addr);
2432
2433 proto_item_append_text(trr, ", addr %s", addr);
2434 proto_tree_add_item(rr_tree, hf_dns_a, tvb, cur_offset, 4, ENC_BIG_ENDIAN);
2435
2436 if (gbl_resolv_flags.dns_pkt_addr_resolution && dns_class == C_IN &&
2437 !PINFO_FD_VISITED(pinfo)) {
2438 uint32_t addr_int;
2439 tvb_memcpy(tvb, &addr_int, cur_offset, sizeof(addr_int));
2440 add_ipv4_name(addr_int, name, false);
2441 }
2442 }
2443 break;
2444
2445 case C_CH:
2446 {
2447 const char *domain_name;
2448 int domain_name_len;
2449 uint32_t ch_addr;
2450
2451 used_bytes = get_dns_name(tvb, cur_offset, 0, dns_data_offset, &domain_name, &domain_name_len);
2452 name_out = format_text(pinfo->pool, (const unsigned char*)domain_name, domain_name_len);
2453 col_append_fstr(pinfo->cinfo, COL_INFO, " %s", name_out);
2454 proto_item_append_text(trr, ", domain/addr %s", name_out);
2455 proto_tree_add_string(rr_tree, hf_dns_a_ch_domain, tvb, cur_offset, used_bytes, name_out);
2456
2457 proto_tree_add_item_ret_uint(rr_tree, hf_dns_a_ch_addr, tvb, cur_offset + used_bytes, 2, ENC_BIG_ENDIAN, &ch_addr);
2458 col_append_fstr(pinfo->cinfo, COL_INFO, "/0%o", ch_addr);
2459 proto_item_append_text(trr, "/0%o", ch_addr);
2460 }
2461 break;
2462
2463 default:
2464 {
2465 expert_add_info_format(pinfo, trr, &ei_dns_a_class_undecoded,
2466 "A record dissection for class (%d)"
2467 " code not implemented, Contact Wireshark developers"
2468 " if you want this supported", dns_class);
2469 proto_tree_add_item(rr_tree, hf_dns_data, tvb, cur_offset, data_len, ENC_NA);
2470 }
2471 break;
2472 }
2473 }
2474 break;
2475
2476 case T_NS: /* an authoritative Name Server (2) */
2477 {
2478 const char *ns_name;
2479 int ns_name_len;
2480
2481 used_bytes = get_dns_name(tvb, cur_offset, 0, dns_data_offset, &ns_name, &ns_name_len);
2482 name_out = format_text(pinfo->pool, (const unsigned char*)ns_name, ns_name_len);
2483 col_append_fstr(pinfo->cinfo, COL_INFO, " %s", name_out);
2484 proto_item_append_text(trr, ", ns %s", name_out);
2485 proto_tree_add_string(rr_tree, hf_dns_ns, tvb, cur_offset, used_bytes, name_out);
2486
2487 }
2488 break;
2489
2490 case T_MD: /* Mail Destination (3) */
2491 {
2492 int hostname_len;
2493 const char *hostname_str;
2494
2495 col_append_fstr(pinfo->cinfo, COL_INFO, " %s", name_out);
2496
2497 used_bytes = get_dns_name(tvb, cur_offset, 0, dns_data_offset, &hostname_str, &hostname_len);
2498 name_out = format_text(pinfo->pool, (const unsigned char*)hostname_str, hostname_len);
2499 proto_tree_add_string(rr_tree, hf_dns_md, tvb, cur_offset, used_bytes, name_out);
2500 }
2501 break;
2502
2503 case T_MF: /* Mail Forwarder (4) */
2504 {
2505 int hostname_len;
2506 const char *hostname_str;
2507
2508 col_append_fstr(pinfo->cinfo, COL_INFO, " %s", name_out);
2509
2510 used_bytes = get_dns_name(tvb, cur_offset, 0, dns_data_offset, &hostname_str, &hostname_len);
2511 name_out = format_text(pinfo->pool, (const unsigned char*)hostname_str, hostname_len);
2512 proto_tree_add_string(rr_tree, hf_dns_mf, tvb, cur_offset, used_bytes, name_out);
2513 }
2514 break;
2515
2516 case T_CNAME: /* the Canonical NAME for an alias (5) */
2517 {
2518 const char *cname;
2519 int cname_len;
2520
2521 used_bytes = get_dns_name(tvb, cur_offset, 0, dns_data_offset, &cname, &cname_len);
2522 name_out = format_text(pinfo->pool, (const unsigned char*)cname, cname_len);
2523 col_append_fstr(pinfo->cinfo, COL_INFO, " %s", name_out);
2524 proto_item_append_text(trr, ", cname %s", name_out);
2525 proto_tree_add_string(rr_tree, hf_dns_cname, tvb, cur_offset, used_bytes, name_out);
2526
2527 }
2528 break;
2529
2530 case T_SOA: /* Start Of Authority zone (6) */
2531 {
2532 const char *mname;
2533 int mname_len;
2534 const char *rname;
2535 int rname_len;
2536 proto_item *ti_soa;
2537
2538 used_bytes = get_dns_name(tvb, cur_offset, 0, dns_data_offset, &mname, &mname_len);
2539 name_out = format_text(pinfo->pool, (const unsigned char*)mname, mname_len);
2540 col_append_fstr(pinfo->cinfo, COL_INFO, " %s", name_out);
2541 proto_item_append_text(trr, ", mname %s", name_out);
2542 proto_tree_add_string(rr_tree, hf_dns_soa_mname, tvb, cur_offset, used_bytes, name_out);
2543 cur_offset += used_bytes;
2544
2545 used_bytes = get_dns_name(tvb, cur_offset, 0, dns_data_offset, &rname, &rname_len);
2546 name_out = format_text(pinfo->pool, (const unsigned char*)rname, rname_len);
2547 proto_tree_add_string(rr_tree, hf_dns_soa_rname, tvb, cur_offset, used_bytes, name_out);
2548 cur_offset += used_bytes;
2549
2550 proto_tree_add_item(rr_tree, hf_dns_soa_serial_number, tvb, cur_offset, 4, ENC_BIG_ENDIAN);
2551 cur_offset += 4;
2552
2553 ti_soa = proto_tree_add_item(rr_tree, hf_dns_soa_refresh_interval, tvb, cur_offset, 4, ENC_BIG_ENDIAN);
2554 proto_item_append_text(ti_soa, " (%s)", unsigned_time_secs_to_str(pinfo->pool, tvb_get_ntohl(tvb, cur_offset)));
2555 cur_offset += 4;
2556
2557 ti_soa = proto_tree_add_item(rr_tree, hf_dns_soa_retry_interval, tvb, cur_offset, 4, ENC_BIG_ENDIAN);
2558 proto_item_append_text(ti_soa, " (%s)", unsigned_time_secs_to_str(pinfo->pool, tvb_get_ntohl(tvb, cur_offset)));
2559 cur_offset += 4;
2560
2561 ti_soa = proto_tree_add_item(rr_tree, hf_dns_soa_expire_limit, tvb, cur_offset, 4, ENC_BIG_ENDIAN);
2562 proto_item_append_text(ti_soa, " (%s)", unsigned_time_secs_to_str(pinfo->pool, tvb_get_ntohl(tvb, cur_offset)));
2563 cur_offset += 4;
2564
2565 ti_soa = proto_tree_add_item(rr_tree, hf_dns_soa_minimum_ttl, tvb, cur_offset, 4, ENC_BIG_ENDIAN);
2566 proto_item_append_text(ti_soa, " (%s)", unsigned_time_secs_to_str(pinfo->pool, tvb_get_ntohl(tvb, cur_offset)));
2567 }
2568 break;
2569
2570 case T_MB: /* MailBox domain (7) */
2571 {
2572 int hostname_len;
2573 const char *hostname_str;
2574
2575 col_append_fstr(pinfo->cinfo, COL_INFO, " %s", name_out);
2576
2577 used_bytes = get_dns_name(tvb, cur_offset, 0, dns_data_offset, &hostname_str, &hostname_len);
2578 name_out = format_text(pinfo->pool, (const unsigned char*)hostname_str, hostname_len);
2579 proto_tree_add_string(rr_tree, hf_dns_mb, tvb, cur_offset, used_bytes, name_out);
2580 }
2581 break;
2582
2583 case T_MG: /* Mail Group member (8) */
2584 {
2585 int hostname_len;
2586 const char *hostname_str;
2587
2588 col_append_fstr(pinfo->cinfo, COL_INFO, " %s", name_out);
2589
2590 used_bytes = get_dns_name(tvb, cur_offset, 0, dns_data_offset, &hostname_str, &hostname_len);
2591 name_out = format_text(pinfo->pool, (const unsigned char*)hostname_str, hostname_len);
2592 proto_tree_add_string(rr_tree, hf_dns_mg, tvb, cur_offset, used_bytes, name_out);
2593 }
2594 break;
2595
2596 case T_MR: /* Mail Rename domain (9) */
2597 {
2598 int hostname_len;
2599 const char *hostname_str;
2600
2601 col_append_fstr(pinfo->cinfo, COL_INFO, " %s", name_out);
2602
2603 used_bytes = get_dns_name(tvb, cur_offset, 0, dns_data_offset, &hostname_str, &hostname_len);
2604 name_out = format_text(pinfo->pool, (const unsigned char*)hostname_str, hostname_len);
2605 proto_tree_add_string(rr_tree, hf_dns_mr, tvb, cur_offset, used_bytes, name_out);
2606 }
2607 break;
2608
2609 case T_NULL: /* Null (10) */
2610 {
2611 col_append_fstr(pinfo->cinfo, COL_INFO, " %s", name_out);
2612 proto_tree_add_item(rr_tree, hf_dns_null, tvb, cur_offset, data_len, ENC_NA);
2613 }
2614 break;
2615
2616 case T_WKS: /* Well Known Service (11) */
2617 {
2618 int rr_len = data_len;
2619 const char *wks_addr;
2620 uint8_t protocol;
2621 uint8_t bits;
2622 int mask;
2623 int port_num;
2624 int i;
2625 proto_item *ti_wks;
2626 wmem_strbuf_t *bitnames = wmem_strbuf_create(pinfo->pool);
2627
2628 wks_addr = tvb_ip_to_str(pinfo->pool, tvb, cur_offset);
2629 col_append_fstr(pinfo->cinfo, COL_INFO, " %s", wks_addr);
2630 proto_item_append_text(trr, ", addr %s", wks_addr);
2631 proto_tree_add_item(rr_tree, hf_dns_wks_address, tvb, cur_offset, 4, ENC_BIG_ENDIAN);
2632 cur_offset += 4;
2633 rr_len -= 4;
2634
2635 proto_tree_add_item(rr_tree, hf_dns_wks_protocol, tvb, cur_offset, 1, ENC_BIG_ENDIAN);
2636 protocol = tvb_get_uint8(tvb, cur_offset);
2637 cur_offset += 1;
2638 rr_len -= 1;
2639
2640 port_num = 0;
2641 while (rr_len != 0) {
2642 bits = tvb_get_uint8(tvb, cur_offset);
2643 if (bits != 0) {
2644 mask = 1<<7;
2645 wmem_strbuf_truncate(bitnames, 0);
2646 for (i = 0; i < 8; i++) {
2647 if (bits & mask) {
2648 if (wmem_strbuf_get_len(bitnames) > 0) {
2649 wmem_strbuf_append(bitnames, ", ");
2650 }
2651 switch (protocol) {
2652
2653 case IP_PROTO_TCP:
2654 wmem_strbuf_append(bitnames, tcp_port_to_display(pinfo->pool, port_num));
2655 break;
2656
2657 case IP_PROTO_UDP:
2658 wmem_strbuf_append(bitnames, udp_port_to_display(pinfo->pool, port_num));
2659 break;
2660
2661 default:
2662 wmem_strbuf_append_printf(bitnames, "%u", port_num);
2663 break;
2664 }
2665 }
2666 mask >>= 1;
2667 port_num++;
2668 }
2669
2670 ti_wks = proto_tree_add_item(rr_tree, hf_dns_wks_bits, tvb, cur_offset, 1, ENC_BIG_ENDIAN);
2671 proto_item_append_text(ti_wks, " (%s)", wmem_strbuf_get_str(bitnames));
2672 } else {
2673 port_num += 8;
2674 }
2675 cur_offset += 1;
2676 rr_len -= 1;
2677 }
2678 }
2679 break;
2680
2681 case T_PTR: /* Domain Name Pointer (12) */
2682 {
2683 const char *pname;
2684 int pname_len;
2685
2686 used_bytes = get_dns_name(tvb, cur_offset, 0, dns_data_offset, &pname, &pname_len);
2687 name_out = format_text(pinfo->pool, (const unsigned char*)pname, pname_len);
2688 col_append_fstr(pinfo->cinfo, COL_INFO, " %s", name_out);
2689 proto_item_append_text(trr, ", %s", name_out);
2690 proto_tree_add_string(rr_tree, hf_dns_ptr_domain_name, tvb, cur_offset, used_bytes, name_out);
2691
2692 if (gbl_resolv_flags.dns_pkt_addr_resolution && (dns_class & 0x7f) == C_IN &&
2693 !PINFO_FD_VISITED(pinfo)) {
2694 uint32_t addr_int;
2695 char** name_tokens;
2696
2697 name_tokens = g_strsplit(name, ".", 33);
2698
2699 if (g_strv_length(name_tokens) == 6) {
2700 if (g_ascii_strcasecmp(name_tokens[4], "in-addr") == 0 &&
2701 g_ascii_strcasecmp(name_tokens[5], "arpa") == 0) {
2702 char* addr_str = g_strjoin(".", name_tokens[3], name_tokens[2], name_tokens[1], name_tokens[0], NULL);
2703 if (ws_inet_pton4(addr_str, &addr_int)) {
2704 add_ipv4_name(addr_int, name_out, false);
2705 }
2706 g_free(addr_str);
2707 }
2708 } else if (g_strv_length(name_tokens) == 33) {
2709 if (g_ascii_strcasecmp(name_tokens[32], "ip6.arpa") == 0) {
2710 ws_in6_addr address_ipv6;
2711
2712 wmem_strbuf_t *address_buf = wmem_strbuf_new_sized(pinfo->pool, 40);
2713 for (size_t i = 31; i > 0; i--) {
2714 wmem_strbuf_append(address_buf, name_tokens[i]);
2715 if (i % 4 == 0) {
2716 wmem_strbuf_append_c(address_buf, ':');
2717 }
2718 }
2719 wmem_strbuf_append(address_buf, name_tokens[0]);
2720 if (ws_inet_pton6(wmem_strbuf_get_str(address_buf), &address_ipv6)) {
2721 add_ipv6_name(&address_ipv6, name_out, false);
2722 }
2723 wmem_strbuf_destroy(address_buf);
2724 }
2725 }
2726 g_strfreev(name_tokens);
2727 }
2728 }
2729 break;
2730
2731 case T_HINFO: /* Host Information (13) */
2732 {
2733 int cpu_offset;
2734 int cpu_len;
2735 const char *cpu;
2736 int os_offset;
2737 int os_len;
2738 const char *os;
2739
2740 cpu_offset = cur_offset;
2741 cpu_len = tvb_get_uint8(tvb, cpu_offset);
2742 cpu = (const char* )tvb_get_string_enc(pinfo->pool, tvb, cpu_offset + 1, cpu_len, ENC_ASCII|ENC_NA);
2743 os_offset = cpu_offset + 1 + cpu_len;
2744 os_len = tvb_get_uint8(tvb, os_offset);
2745 os = (const char*)tvb_get_string_enc(pinfo->pool, tvb, os_offset + 1, os_len, ENC_ASCII|ENC_NA);
2746 col_append_fstr(pinfo->cinfo, COL_INFO, " %s %s", cpu, os);
2747 proto_item_append_text(trr, ", CPU %s, OS %s", cpu, os);
2748
2749 proto_tree_add_item(rr_tree, hf_dns_hinfo_cpu_length, tvb, cur_offset, 1, ENC_BIG_ENDIAN);
2750 cur_offset += 1;
2751 proto_tree_add_item(rr_tree, hf_dns_hinfo_cpu, tvb, cur_offset, cpu_len, ENC_ASCII);
2752 cur_offset += cpu_len;
2753
2754 proto_tree_add_item(rr_tree, hf_dns_hinfo_os_length, tvb, cur_offset, 1, ENC_BIG_ENDIAN);
2755 cur_offset += 1;
2756 proto_tree_add_item(rr_tree, hf_dns_hinfo_os, tvb, cur_offset, os_len, ENC_ASCII);
2757 /* cur_offset += os_len;*/
2758 }
2759 break;
2760
2761 case T_MINFO: /* Mailbox or Mail list INFOrmation (14) */
2762 {
2763 int rmailbx_len, emailbx_len;
2764 const char *rmailbx_str, *emailbx_str;
2765
2766 col_append_fstr(pinfo->cinfo, COL_INFO, " %s", name_out);
2767
2768 used_bytes = get_dns_name(tvb, cur_offset, 0, dns_data_offset, &rmailbx_str, &rmailbx_len);
2769 name_out = format_text(pinfo->pool, (const unsigned char*)rmailbx_str, rmailbx_len);
2770 proto_tree_add_string(rr_tree, hf_dns_minfo_r_mailbox, tvb, cur_offset, used_bytes, name_out);
2771 cur_offset += used_bytes;
2772
2773 used_bytes = get_dns_name(tvb, cur_offset, 0, dns_data_offset, &emailbx_str, &emailbx_len);
2774 name_out = format_text(pinfo->pool, (const unsigned char*)emailbx_str, emailbx_len);
2775 proto_tree_add_string(rr_tree, hf_dns_minfo_e_mailbox, tvb, cur_offset, used_bytes, name_out);
2776 }
2777 break;
2778
2779 case T_MX: /* Mail eXchange (15) */
2780 {
2781 uint16_t preference = 0;
2782 const char *mx_name;
2783 int mx_name_len;
2784
2785 preference = tvb_get_ntohs(tvb, cur_offset);
2786
2787 used_bytes = get_dns_name(tvb, cur_offset + 2, 0, dns_data_offset, &mx_name, &mx_name_len);
2788 name_out = format_text(pinfo->pool, (const unsigned char*)mx_name, mx_name_len);
2789 col_append_fstr(pinfo->cinfo, COL_INFO, " %u %s", preference, name_out);
2790 proto_item_append_text(trr, ", preference %u, mx %s",
2791 preference, name_out);
2792 proto_tree_add_item(rr_tree, hf_dns_mx_preference, tvb, cur_offset, 2, ENC_BIG_ENDIAN);
2793 cur_offset += 2;
2794 proto_tree_add_string(rr_tree, hf_dns_mx_mail_exchange, tvb, cur_offset, used_bytes, name_out);
2795 /* cur_offset += used_bytes; */
2796 }
2797 break;
2798
2799 case T_TXT: /* TeXT strings (16) */
2800 {
2801 int rr_len = data_len;
2802 int txt_offset;
2803 int txt_len;
2804 const bool is_dnscrypt_name = (strstr(name, "2.dnscrypt-cert.") != NULL);
2805 #define DNSCRYPT_CERT_MAGIC 0x444E5343
2806
2807 txt_offset = cur_offset;
2808 while (rr_len != 0) {
2809 txt_len = tvb_get_uint8(tvb, txt_offset);
2810 proto_tree_add_item(rr_tree, hf_dns_txt_length, tvb, txt_offset, 1, ENC_BIG_ENDIAN);
2811 txt_offset += 1;
2812 rr_len -= 1;
2813 if( is_dnscrypt_name
2814 && txt_len == 124
2815 && rr_len >= txt_len
2816 && tvb_get_uint32(tvb, txt_offset, ENC_BIG_ENDIAN) == DNSCRYPT_CERT_MAGIC){
2817 dissect_dnscrypt(rr_tree, tvb, txt_offset, txt_len);
2818 } else {
2819 proto_tree_add_item(rr_tree, hf_dns_txt, tvb, txt_offset, txt_len, is_mdns ? ENC_UTF_8|ENC_NA : ENC_ASCII|ENC_NA);
2820 }
2821 txt_offset += txt_len;
2822 rr_len -= txt_len;
2823 }
2824 }
2825 break;
2826
2827 case T_RP: /* Responsible Person (17) */
2828 {
2829 int mbox_dname_len, txt_dname_len;
2830 const char *mbox_dname, *txt_dname;
2831
2832 col_append_fstr(pinfo->cinfo, COL_INFO, " %s", name_out);
2833
2834 used_bytes = get_dns_name(tvb, cur_offset, 0, dns_data_offset, &mbox_dname, &mbox_dname_len);
2835 name_out = format_text(pinfo->pool, (const unsigned char*)mbox_dname, mbox_dname_len);
2836 proto_tree_add_string(rr_tree, hf_dns_rp_mailbox, tvb, cur_offset, used_bytes, name_out);
2837 cur_offset += used_bytes;
2838
2839 used_bytes = get_dns_name(tvb, cur_offset, 0, dns_data_offset, &txt_dname, &txt_dname_len);
2840 name_out = format_text(pinfo->pool, (const unsigned char*)txt_dname, txt_dname_len);
2841 proto_tree_add_string(rr_tree, hf_dns_rp_txt_rr, tvb, cur_offset, used_bytes, name_out);
2842 }
2843 break;
2844
2845 case T_AFSDB: /* AFS data base location (18) */
2846 {
2847 const char *host_name;
2848 int host_name_len;
2849
2850 col_append_fstr(pinfo->cinfo, COL_INFO, " %s", name_out);
2851
2852 used_bytes = get_dns_name(tvb, cur_offset + 2, 0, dns_data_offset, &host_name, &host_name_len);
2853 name_out = format_text(pinfo->pool, (const unsigned char*)host_name, host_name_len);
2854
2855 proto_tree_add_item(rr_tree, hf_dns_afsdb_subtype, tvb, cur_offset, 2, ENC_BIG_ENDIAN);
2856 cur_offset += 2;
2857
2858 proto_tree_add_string(rr_tree, hf_dns_afsdb_hostname, tvb, cur_offset, used_bytes, name_out);
2859 }
2860 break;
2861
2862 case T_X25: /* X.25 address (19) */
2863 {
2864 uint8_t x25_len;
2865
2866 col_append_fstr(pinfo->cinfo, COL_INFO, " %s", name_out);
2867
2868 proto_tree_add_item(rr_tree, hf_dns_x25_length, tvb, cur_offset, 1, ENC_BIG_ENDIAN);
2869 x25_len = tvb_get_uint8(tvb, cur_offset);
2870 cur_offset += 1;
2871
2872 proto_tree_add_item(rr_tree, hf_dns_x25_psdn_address, tvb, cur_offset, x25_len, ENC_ASCII);
2873 /*cur_offset += x25_len;*/
2874 }
2875 break;
2876
2877 case T_ISDN: /* ISDN address (20) */
2878 {
2879 uint8_t isdn_address_len, isdn_sa_len;
2880 int rr_len = data_len;
2881
2882 col_append_fstr(pinfo->cinfo, COL_INFO, " %s", name_out);
2883
2884 proto_tree_add_item(rr_tree, hf_dns_isdn_length, tvb, cur_offset, 1, ENC_BIG_ENDIAN);
2885 isdn_address_len = tvb_get_uint8(tvb, cur_offset);
2886 cur_offset += 1;
2887 rr_len -= 1;
2888
2889 proto_tree_add_item(rr_tree, hf_dns_isdn_address, tvb, cur_offset, isdn_address_len, ENC_ASCII);
2890 cur_offset += isdn_address_len;
2891 rr_len -= isdn_address_len;
2892
2893 if (rr_len > 1) /* ISDN SA is optional */ {
2894 proto_tree_add_item(rr_tree, hf_dns_isdn_sa_length, tvb, cur_offset, 1, ENC_BIG_ENDIAN);
2895 isdn_sa_len = tvb_get_uint8(tvb, cur_offset);
2896 cur_offset += 1;
2897
2898 proto_tree_add_item(rr_tree, hf_dns_isdn_sa, tvb, cur_offset, isdn_sa_len, ENC_ASCII);
2899 }
2900 }
2901 break;
2902
2903 case T_RT: /* Route-Through (21) */
2904 {
2905 const char *host_name;
2906 int host_name_len;
2907
2908 col_append_fstr(pinfo->cinfo, COL_INFO, " %s", name_out);
2909
2910 used_bytes = get_dns_name(tvb, cur_offset + 2, 0, dns_data_offset, &host_name, &host_name_len);
2911 name_out = format_text(pinfo->pool, (const unsigned char*)host_name, host_name_len);
2912
2913 proto_tree_add_item(rr_tree, hf_dns_rt_preference, tvb, cur_offset, 2, ENC_BIG_ENDIAN);
2914 cur_offset += 2;
2915
2916 proto_tree_add_string(rr_tree, hf_dns_rt_intermediate_host, tvb, cur_offset, used_bytes, name_out);
2917 }
2918 break;
2919
2920 case T_NSAP: /* for NSAP address, NSAP style A record (22) */
2921 {
2922 col_append_fstr(pinfo->cinfo, COL_INFO, " %s", name_out);
2923 proto_tree_add_item(rr_tree, hf_dns_nsap_rdata, tvb, cur_offset, data_len, ENC_NA);
2924 }
2925 break;
2926
2927 case T_NSAP_PTR: /* for domain name pointer, NSAP style (23) */
2928 {
2929 int nsap_ptr_owner_len;
2930 const char *nsap_ptr_owner;
2931
2932 col_append_fstr(pinfo->cinfo, COL_INFO, " %s", name_out);
2933
2934 used_bytes = get_dns_name(tvb, cur_offset, 0, dns_data_offset, &nsap_ptr_owner, &nsap_ptr_owner_len);
2935 name_out = format_text(pinfo->pool, (const unsigned char*)nsap_ptr_owner, nsap_ptr_owner_len);
2936 proto_tree_add_string(rr_tree, hf_dns_nsap_ptr_owner, tvb, cur_offset, used_bytes, name_out);
2937 }
2938 break;
2939
2940
2941 case T_KEY: /* Public Key (25) */
2942 {
2943 int rr_len = data_len;
2944 uint16_t flags;
2945 proto_item *tf, *ti_gen;
2946 proto_tree *flags_tree;
2947 uint8_t algo;
2948 uint16_t key_id;
2949
2950 tf = proto_tree_add_item(rr_tree, hf_dns_key_flags, tvb, cur_offset, 2, ENC_BIG_ENDIAN);
2951 flags_tree = proto_item_add_subtree(tf, ett_key_flags);
2952 flags = tvb_get_ntohs(tvb, cur_offset);
2953
2954 proto_tree_add_item(flags_tree, hf_dns_key_flags_authentication, tvb, cur_offset, 2, ENC_BIG_ENDIAN);
2955 proto_tree_add_item(flags_tree, hf_dns_key_flags_confidentiality, tvb, cur_offset, 2, ENC_BIG_ENDIAN);
2956 if ((flags & 0xC000) != 0xC000) {
2957 /* We have a key */
2958 proto_tree_add_item(flags_tree, hf_dns_key_flags_key_required, tvb, cur_offset, 2, ENC_BIG_ENDIAN);
2959 proto_tree_add_item(flags_tree, hf_dns_key_flags_associated_user, tvb, cur_offset, 2, ENC_BIG_ENDIAN);
2960 proto_tree_add_item(flags_tree, hf_dns_key_flags_associated_named_entity, tvb, cur_offset, 2, ENC_BIG_ENDIAN);
2961 proto_tree_add_item(flags_tree, hf_dns_key_flags_ipsec, tvb, cur_offset, 2, ENC_BIG_ENDIAN);
2962 proto_tree_add_item(flags_tree, hf_dns_key_flags_mime, tvb, cur_offset, 2, ENC_BIG_ENDIAN);
2963 proto_tree_add_item(flags_tree, hf_dns_key_flags_signatory, tvb, cur_offset, 2, ENC_BIG_ENDIAN);
2964 }
2965 cur_offset += 2;
2966 rr_len -= 2;
2967
2968 proto_tree_add_item(rr_tree, hf_dns_key_protocol, tvb, cur_offset, 1, ENC_BIG_ENDIAN);
2969 cur_offset += 1;
2970 rr_len -= 1;
2971
2972 proto_tree_add_item(rr_tree, hf_dns_key_algorithm, tvb, cur_offset, 1, ENC_BIG_ENDIAN);
2973 algo = tvb_get_uint8(tvb, cur_offset);
2974 cur_offset += 1;
2975 rr_len -= 1;
2976
2977 if (compute_key_id(rr_tree, pinfo, tvb, cur_offset-4, rr_len+4, algo, &key_id)) {
2978 ti_gen = proto_tree_add_uint(rr_tree, hf_dns_key_key_id, tvb, 0, 0, key_id);
2979 proto_item_set_generated(ti_gen);
2980 }
2981
2982 if (rr_len != 0) {
2983 proto_tree_add_item(rr_tree, hf_dns_key_public_key, tvb, cur_offset, rr_len, ENC_NA);
2984 }
2985 }
2986 break;
2987
2988 case T_PX: /* Pointer to X.400/RFC822 mapping info (26)*/
2989 {
2990 int px_map822_len, px_mapx400_len;
2991 const char *px_map822_dnsname, *px_mapx400_dnsname;
2992
2993 col_append_fstr(pinfo->cinfo, COL_INFO, " %s", name_out);
2994 proto_tree_add_item(rr_tree, hf_dns_px_preference, tvb, cur_offset, 2, ENC_BIG_ENDIAN);
2995 cur_offset += 2;
2996
2997 used_bytes = get_dns_name(tvb, cur_offset, 0, dns_data_offset, &px_map822_dnsname, &px_map822_len);
2998 name_out = format_text(pinfo->pool, (const unsigned char*)px_map822_dnsname, px_map822_len);
2999 proto_tree_add_string(rr_tree, hf_dns_px_map822, tvb, cur_offset, used_bytes, name_out);
3000 cur_offset += used_bytes;
3001
3002 used_bytes = get_dns_name(tvb, cur_offset, 0, dns_data_offset, &px_mapx400_dnsname, &px_mapx400_len);
3003 name_out = format_text(pinfo->pool, (const unsigned char*)px_mapx400_dnsname, px_mapx400_len);
3004 proto_tree_add_string(rr_tree, hf_dns_px_mapx400, tvb, cur_offset, used_bytes, name_out);
3005 /*cur_offset += used_bytes;*/
3006 }
3007 break;
3008
3009 case T_GPOS: /* Geographical POSition (27) */
3010 {
3011 uint8_t long_len, lat_len, alt_len;
3012
3013 col_append_fstr(pinfo->cinfo, COL_INFO, " %s", name_out);
3014 proto_tree_add_item(rr_tree, hf_dns_gpos_longitude_length, tvb, cur_offset, 1, ENC_BIG_ENDIAN);
3015 long_len = tvb_get_uint8(tvb, cur_offset);
3016 cur_offset += 1;
3017
3018 proto_tree_add_item(rr_tree, hf_dns_gpos_longitude, tvb, cur_offset, long_len, ENC_ASCII);
3019 cur_offset += long_len;
3020
3021 proto_tree_add_item(rr_tree, hf_dns_gpos_latitude_length, tvb, cur_offset, 1, ENC_BIG_ENDIAN);
3022 lat_len = tvb_get_uint8(tvb, cur_offset);
3023 cur_offset += 1;
3024
3025 proto_tree_add_item(rr_tree, hf_dns_gpos_latitude, tvb, cur_offset, lat_len, ENC_ASCII);
3026 cur_offset += lat_len;
3027
3028 proto_tree_add_item(rr_tree, hf_dns_gpos_altitude_length, tvb, cur_offset, 1, ENC_BIG_ENDIAN);
3029 alt_len = tvb_get_uint8(tvb, cur_offset);
3030 cur_offset += 1;
3031
3032 proto_tree_add_item(rr_tree, hf_dns_gpos_altitude, tvb, cur_offset, alt_len, ENC_ASCII);
3033 /*cur_offset += alt_len;*/
3034 }
3035 break;
3036
3037 case T_AAAA: /* IPv6 Address (28) */
3038 {
3039 const char *addr6;
3040
3041 addr6 = tvb_ip6_to_str(pinfo->pool, tvb, cur_offset);
3042 col_append_fstr(pinfo->cinfo, COL_INFO, " %s", addr6);
3043
3044 proto_item_append_text(trr, ", addr %s", addr6);
3045 proto_tree_add_item(rr_tree, hf_dns_aaaa, tvb, cur_offset, 16, ENC_NA);
3046
3047 if (gbl_resolv_flags.dns_pkt_addr_resolution && (dns_class & 0x7f) == C_IN &&
3048 !PINFO_FD_VISITED(pinfo)) {
3049 ws_in6_addr addr_in6;
3050 tvb_memcpy(tvb, &addr_in6, cur_offset, sizeof(addr_in6));
3051 add_ipv6_name(&addr_in6, name, false);
3052 }
3053 }
3054 break;
3055
3056 case T_LOC: /* Geographical Location (29) */
3057 {
3058 uint8_t version;
3059 proto_item *ti;
3060
3061 version = tvb_get_uint8(tvb, cur_offset);
3062 proto_tree_add_item(rr_tree, hf_dns_loc_version, tvb, cur_offset, 1, ENC_BIG_ENDIAN);
3063 if (version == 0) {
3064 /* Version 0, the only version RFC 1876 discusses. */
3065 cur_offset++;
3066
3067 ti = proto_tree_add_item(rr_tree, hf_dns_loc_size, tvb, cur_offset, 1, ENC_BIG_ENDIAN);
3068 proto_item_append_text(ti, " (%g m)", rfc1867_size(tvb, cur_offset));
3069 cur_offset++;
3070
3071 ti = proto_tree_add_item(rr_tree, hf_dns_loc_horizontal_precision, tvb, cur_offset, 1, ENC_BIG_ENDIAN);
3072 proto_item_append_text(ti, " (%g m)", rfc1867_size(tvb, cur_offset));
3073 cur_offset++;
3074
3075 ti = proto_tree_add_item(rr_tree, hf_dns_loc_vertical_precision, tvb, cur_offset, 1, ENC_BIG_ENDIAN);
3076 proto_item_append_text(ti, " (%g m)", rfc1867_size(tvb, cur_offset));
3077 cur_offset++;
3078
3079 ti = proto_tree_add_item(rr_tree, hf_dns_loc_latitude, tvb, cur_offset, 4, ENC_BIG_ENDIAN);
3080 proto_item_append_text(ti, " (%s)", rfc1867_angle(tvb, cur_offset, false));
3081 cur_offset += 4;
3082
3083 ti = proto_tree_add_item(rr_tree, hf_dns_loc_longitude, tvb, cur_offset, 4, ENC_BIG_ENDIAN);
3084 proto_item_append_text(ti, " (%s)", rfc1867_angle(tvb, cur_offset, true));
3085 cur_offset += 4;
3086
3087 ti = proto_tree_add_item(rr_tree, hf_dns_loc_altitude, tvb, cur_offset, 4, ENC_BIG_ENDIAN);
3088 proto_item_append_text(ti, " (%g m)", (tvb_get_ntohil(tvb, cur_offset) - 10000000)/100.0);
3089 } else {
3090 proto_tree_add_item(rr_tree, hf_dns_loc_unknown_data, tvb, cur_offset, data_len, ENC_NA);
3091 }
3092 }
3093 break;
3094
3095 case T_NXT: /* Next name (30) */
3096 {
3097 int rr_len = data_len;
3098 const char *next_domain_name;
3099 int next_domain_name_len;
3100
3101 used_bytes = get_dns_name(tvb, cur_offset, 0, dns_data_offset,
3102 &next_domain_name, &next_domain_name_len);
3103 name_out = format_text(pinfo->pool, (const unsigned char*)next_domain_name, next_domain_name_len);
3104 col_append_fstr(pinfo->cinfo, COL_INFO, " %s", name_out);
3105 proto_item_append_text(trr, ", next domain name %s", name_out);
3106 proto_tree_add_string(rr_tree, hf_dns_nxt_next_domain_name, tvb, cur_offset, used_bytes, name_out);
3107 cur_offset += used_bytes;
3108 rr_len -= used_bytes;
3109 dissect_type_bitmap_nxt(rr_tree, tvb, cur_offset, rr_len);
3110 }
3111 break;
3112
3113 case T_SRV: /* Service Location (33) */
3114 {
3115 uint16_t priority = 0;
3116 uint16_t weight = 0;
3117 uint16_t port = 0;
3118 const char *target;
3119 int target_len;
3120
3121 proto_tree_add_item(rr_tree, hf_dns_srv_priority, tvb, cur_offset, 2, ENC_BIG_ENDIAN);
3122 priority = tvb_get_ntohs(tvb, cur_offset);
3123 cur_offset += 2;
3124
3125 proto_tree_add_item(rr_tree, hf_dns_srv_weight, tvb, cur_offset, 2, ENC_BIG_ENDIAN);
3126 weight = tvb_get_ntohs(tvb, cur_offset);
3127 cur_offset += 2;
3128
3129 proto_tree_add_item(rr_tree, hf_dns_srv_port, tvb, cur_offset, 2, ENC_BIG_ENDIAN);
3130 port = tvb_get_ntohs(tvb, cur_offset);
3131 cur_offset += 2;
3132
3133 used_bytes = get_dns_name(tvb, cur_offset, 0, dns_data_offset, &target, &target_len);
3134 name_out = format_text(pinfo->pool, (const unsigned char*)target, target_len);
3135
3136 proto_tree_add_string(rr_tree, hf_dns_srv_target, tvb, cur_offset, used_bytes, name_out);
3137
3138 col_append_fstr(pinfo->cinfo, COL_INFO, " %u %u %u %s", priority, weight, port, name_out);
3139 proto_item_append_text(trr,
3140 ", priority %u, weight %u, port %u, target %s",
3141 priority, weight, port, name_out);
3142 }
3143 break;
3144
3145 case T_NAPTR: /* Naming Authority PoinTeR (35) */
3146 {
3147 proto_item *ti_len;
3148 int offset = cur_offset;
3149 uint16_t order;
3150 uint16_t preference;
3151 const uint8_t *flags;
3152 uint8_t flags_len;
3153 uint8_t service_len;
3154 uint8_t regex_len;
3155 const char *replacement;
3156 int replacement_len;
3157
3158 /* Order */
3159 proto_tree_add_item(rr_tree, hf_dns_naptr_order, tvb, offset, 2, ENC_BIG_ENDIAN);
3160 order = tvb_get_ntohs(tvb, offset);
3161 offset += 2;
3162
3163 /* Preference */
3164 proto_tree_add_item(rr_tree, hf_dns_naptr_preference, tvb, offset, 2, ENC_BIG_ENDIAN);
3165 preference = tvb_get_ntohs(tvb, offset);
3166 offset += 2;
3167
3168 /* Flags */
3169 proto_tree_add_item(rr_tree, hf_dns_naptr_flags_length, tvb, offset, 1, ENC_BIG_ENDIAN);
3170 flags_len = tvb_get_uint8(tvb, offset);
3171 offset += 1;
3172 proto_tree_add_item_ret_string(rr_tree, hf_dns_naptr_flags, tvb, offset, flags_len, ENC_ASCII|ENC_NA, pinfo->pool, &flags);
3173 offset += flags_len;
3174
3175 /* Service */
3176 proto_tree_add_item(rr_tree, hf_dns_naptr_service_length, tvb, offset, 1, ENC_BIG_ENDIAN);
3177 service_len = tvb_get_uint8(tvb, offset);
3178 offset += 1;
3179 proto_tree_add_item(rr_tree, hf_dns_naptr_service, tvb, offset, service_len, ENC_ASCII);
3180 offset += service_len;
3181
3182 /* Regex */
3183 proto_tree_add_item(rr_tree, hf_dns_naptr_regex_length, tvb, offset, 1, ENC_BIG_ENDIAN);
3184 regex_len = tvb_get_uint8(tvb, offset);
3185 offset += 1;
3186 proto_tree_add_item(rr_tree, hf_dns_naptr_regex, tvb, offset, regex_len, ENC_ASCII);
3187 offset += regex_len;
3188
3189 /* Replacement */
3190 used_bytes = get_dns_name(tvb, offset, 0, dns_data_offset, &replacement, &replacement_len);
3191 name_out = format_text(pinfo->pool, (const unsigned char*)replacement, replacement_len);
3192 ti_len = proto_tree_add_uint(rr_tree, hf_dns_naptr_replacement_length, tvb, offset, 0, replacement_len);
3193 proto_item_set_generated(ti_len);
3194
3195 proto_tree_add_string(rr_tree, hf_dns_naptr_replacement, tvb, offset, used_bytes, name_out);
3196
3197 col_append_fstr(pinfo->cinfo, COL_INFO, " %u %u %s", order, preference, flags);
3198
3199 proto_item_append_text(trr, ", order %u, preference %u, flags %s",
3200 order, preference, flags);
3201 }
3202 break;
3203
3204 case T_KX: /* Key Exchange (36) */
3205 {
3206 const char *kx_name;
3207 int kx_name_len;
3208
3209 used_bytes = get_dns_name(tvb, cur_offset + 2, 0, dns_data_offset, &kx_name, &kx_name_len);
3210 name_out = format_text(pinfo->pool, (const unsigned char*)kx_name, kx_name_len);
3211 col_append_fstr(pinfo->cinfo, COL_INFO, " %u %s", tvb_get_ntohs(tvb, cur_offset), name_out);
3212 proto_item_append_text(trr, ", preference %u, kx %s",
3213 tvb_get_ntohs(tvb, cur_offset), name_out);
3214 proto_tree_add_item(rr_tree, hf_dns_kx_preference, tvb, cur_offset, 2, ENC_BIG_ENDIAN);
3215 proto_tree_add_string(rr_tree, hf_dns_kx_key_exchange, tvb, cur_offset + 2, used_bytes, name_out);
3216 }
3217 break;
3218
3219 case T_CERT: /* Certificate (37) */
3220 {
3221 int rr_len = data_len;
3222
3223 proto_tree_add_item(rr_tree, hf_dns_cert_type, tvb, cur_offset, 2, ENC_BIG_ENDIAN);
3224 cur_offset += 2;
3225 rr_len -= 2;
3226
3227 proto_tree_add_item(rr_tree, hf_dns_cert_key_tag, tvb, cur_offset, 2, ENC_BIG_ENDIAN);
3228 cur_offset += 2;
3229 rr_len -= 2;
3230
3231 proto_tree_add_item(rr_tree, hf_dns_cert_algorithm, tvb, cur_offset, 1, ENC_BIG_ENDIAN);
3232 cur_offset += 1;
3233 rr_len -= 1;
3234
3235 if (rr_len != 0) {
3236 proto_tree_add_item(rr_tree, hf_dns_cert_certificate, tvb, cur_offset, rr_len, ENC_NA);
3237 }
3238 }
3239 break;
3240
3241 case T_A6: /* IPv6 address with indirection (38) Obso */
3242 {
3243 unsigned short pre_len;
3244 unsigned short suf_len;
3245 unsigned short suf_octet_count;
3246 const char *pname;
3247 int pname_len;
3248 int a6_offset;
3249 int suf_offset;
3250 ws_in6_addr suffix;
3251 address suffix_addr;
3252
3253 a6_offset = cur_offset;
3254 pre_len = tvb_get_uint8(tvb, cur_offset);
3255 cur_offset++;
3256 suf_len = 128 - pre_len;
3257 suf_octet_count = suf_len ? (suf_len - 1) / 8 + 1 : 0;
3258 /* Pad prefix */
3259 for (suf_offset = 0; suf_offset < 16 - suf_octet_count; suf_offset++) {
3260 suffix.bytes[suf_offset] = 0;
3261 }
3262 for (; suf_offset < 16; suf_offset++) {
3263 suffix.bytes[suf_offset] = tvb_get_uint8(tvb, cur_offset);
3264 cur_offset++;
3265 }
3266
3267 if (pre_len > 0) {
3268 used_bytes = get_dns_name(tvb, cur_offset, 0, dns_data_offset,
3269 &pname, &pname_len);
3270 } else {
3271 pname = "";
3272 pname_len = 0;
3273 }
3274 name_out = format_text(pinfo->pool, (const unsigned char*)pname, pname_len);
3275
3276 set_address(&suffix_addr, AT_IPv6, 16, suffix.bytes);
3277 col_append_fstr(pinfo->cinfo, COL_INFO, " %d %s %s",
3278 pre_len,
3279 address_to_str(pinfo->pool, &suffix_addr),
3280 name_out);
3281
3282 proto_tree_add_item(rr_tree, hf_dns_a6_prefix_len,tvb, a6_offset, 1, ENC_BIG_ENDIAN);
3283 a6_offset++;
3284 if (suf_len) {
3285 proto_tree_add_ipv6(rr_tree, hf_dns_a6_address_suffix,tvb, a6_offset, suf_octet_count, &suffix);
3286 a6_offset += suf_octet_count;
3287 }
3288 if (pre_len > 0) {
3289 proto_tree_add_string(rr_tree, hf_dns_a6_prefix_name, tvb, a6_offset, used_bytes, name_out);
3290 }
3291 proto_item_append_text(trr, ", addr %d %s %s",
3292 pre_len,
3293 address_to_str(pinfo->pool, &suffix_addr),
3294 name_out);
3295 }
3296 break;
3297
3298 case T_DNAME: /* Non-terminal DNS name redirection (39) */
3299 {
3300 const char *dname;
3301 int dname_len;
3302
3303 used_bytes = get_dns_name(tvb, cur_offset, 0, dns_data_offset,
3304 &dname, &dname_len);
3305 name_out = format_text(pinfo->pool, (const unsigned char*)dname, dname_len);
3306 col_append_fstr(pinfo->cinfo, COL_INFO, " %s", name_out);
3307 proto_item_append_text(trr, ", dname %s", name_out);
3308 proto_tree_add_string(rr_tree, hf_dns_dname, tvb, cur_offset, used_bytes, name_out);
3309 }
3310 break;
3311
3312 case T_OPT: /* Option (41) */
3313 {
3314 int rropt_len = data_len;
3315 uint16_t optcode, optlen;
3316 proto_item *rropt, *rroptlen;
3317 proto_tree *rropt_tree;
3318
3319 while (rropt_len > 0) {
3320 optcode = tvb_get_ntohs(tvb, cur_offset);
3321 rropt_len -= 2;
3322
3323 optlen = tvb_get_ntohs(tvb, cur_offset + 2);
3324 rropt_len -= 2;
3325
3326 rropt = proto_tree_add_item(rr_tree, hf_dns_opt, tvb, cur_offset, 4 + optlen, ENC_NA);
3327 proto_item_append_text(rropt, ": %s", val_to_str(optcode, edns0_opt_code_vals, "Unknown (%d)"));
3328 rropt_tree = proto_item_add_subtree(rropt, ett_dns_opts);
3329 rropt = proto_tree_add_item(rropt_tree, hf_dns_opt_code, tvb, cur_offset, 2, ENC_BIG_ENDIAN);
3330 cur_offset += 2;
3331 rroptlen = proto_tree_add_item(rropt_tree, hf_dns_opt_len, tvb, cur_offset, 2, ENC_BIG_ENDIAN);
3332 cur_offset += 2;
3333
3334 proto_tree_add_item(rropt_tree, hf_dns_opt_data, tvb, cur_offset, optlen, ENC_NA);
3335 switch(optcode) {
3336
3337 case O_DAU: /* DNSSEC Algorithm Understood (RFC6975) */
3338 {
3339 while (optlen != 0) {
3340 proto_tree_add_item(rropt_tree, hf_dns_opt_dau, tvb, cur_offset, 1, ENC_BIG_ENDIAN);
3341 cur_offset += 1;
3342 rropt_len -= 1;
3343 optlen -= 1;
3344 }
3345 }
3346 break;
3347
3348 case O_DHU: /* DS Hash Understood (RFC6975) */
3349 {
3350 while (optlen != 0) {
3351 proto_tree_add_item(rropt_tree, hf_dns_opt_dhu, tvb, cur_offset, 1, ENC_BIG_ENDIAN);
3352 cur_offset += 1;
3353 rropt_len -= 1;
3354 optlen -= 1;
3355 }
3356 }
3357 break;
3358
3359 case O_N3U: /* N3SEC Hash Understood (RFC6975) */
3360 {
3361 while (optlen != 0) {
3362 proto_tree_add_item(rropt_tree, hf_dns_opt_n3u, tvb, cur_offset, 1, ENC_BIG_ENDIAN);
3363 cur_offset += 1;
3364 rropt_len -= 1;
3365 optlen -= 1;
3366 }
3367 }
3368 break;
3369
3370 case O_CLIENT_SUBNET_EXP: /* draft-vandergaast-edns-client-subnet */
3371 expert_add_info_format(pinfo, rropt, &ei_dns_depr_opc,
3372 "Deprecated opcode. Client subnet OPT assigned as %d.", O_CLIENT_SUBNET);
3373 /* Intentional fall-through */
3374
3375 case O_CLIENT_SUBNET:
3376 {
3377 uint16_t family;
3378 uint16_t addr_len = optlen - 4;
3379 union {
3380 uint32_t addr;
3381 uint8_t bytes[16];
3382 } ip_addr = {0};
3383
3384 family = tvb_get_ntohs(tvb, cur_offset);
3385 proto_tree_add_item(rropt_tree, hf_dns_opt_client_family, tvb, cur_offset, 2, ENC_BIG_ENDIAN);
3386 cur_offset += 2;
3387 proto_tree_add_item(rropt_tree, hf_dns_opt_client_netmask, tvb, cur_offset, 1, ENC_BIG_ENDIAN);
3388 cur_offset += 1;
3389 proto_tree_add_item(rropt_tree, hf_dns_opt_client_scope, tvb, cur_offset, 1, ENC_BIG_ENDIAN);
3390 cur_offset += 1;
3391
3392 if (addr_len > 16) {
3393 expert_add_info(pinfo, rroptlen, &ei_dns_opt_bad_length);
3394 /* Avoid stack-smashing which occurs otherwise with the
3395 * following tvb_memcpy. */
3396 addr_len = 16;
3397 }
3398 tvb_memcpy(tvb, ip_addr.bytes, cur_offset, addr_len);
3399 switch (family) {
3400
3401 case AFNUM_INET:
3402 {
3403 proto_tree_add_ipv4(rropt_tree, hf_dns_opt_client_addr4, tvb,
3404 cur_offset, addr_len, ip_addr.addr);
3405 }
3406 break;
3407
3408 case AFNUM_INET6:
3409 {
3410 proto_tree_add_ipv6(rropt_tree, hf_dns_opt_client_addr6, tvb,
3411 cur_offset, addr_len, (ws_in6_addr *)&ip_addr);
3412 }
3413 break;
3414
3415 default:
3416 {
3417 proto_tree_add_item(rropt_tree, hf_dns_opt_client_addr, tvb, cur_offset, (optlen - 4),
3418 ENC_NA);
3419 }
3420 break;
3421 }
3422 cur_offset += (optlen - 4);
3423 rropt_len -= optlen;
3424 }
3425 break;
3426
3427 case O_COOKIE:
3428 {
3429 proto_tree_add_item(rropt_tree, hf_dns_opt_cookie_client, tvb, cur_offset, 8, ENC_NA);
3430 cur_offset += 8;
3431 rropt_len -= 8;
3432 optlen -= 8;
3433 proto_tree_add_item(rropt_tree, hf_dns_opt_cookie_server, tvb, cur_offset, optlen, ENC_NA);
3434 cur_offset += optlen;
3435 rropt_len -= optlen;
3436 }
3437 break;
3438
3439 case O_EDNS_TCP_KA:
3440 {
3441 if (optlen == 2) {
3442 proto_tree_add_item(rropt_tree, hf_dns_opt_edns_tcp_keepalive_timeout, tvb, cur_offset, 2, ENC_BIG_ENDIAN);
3443 }
3444 cur_offset += optlen;
3445 rropt_len -= optlen;
3446 }
3447 break;
3448
3449 case O_PADDING:
3450 {
3451 proto_tree_add_item(rropt_tree, hf_dns_opt_padding, tvb, cur_offset, optlen, ENC_NA);
3452 cur_offset += optlen;
3453 rropt_len -= optlen;
3454 }
3455 break;
3456
3457 case O_CHAIN:
3458 {
3459 if (optlen) {
3460 proto_tree_add_item(rropt_tree, hf_dns_opt_chain_fqdn, tvb, cur_offset, optlen, ENC_ASCII);
3461 }
3462 cur_offset += optlen;
3463 rropt_len -= optlen;
3464 }
3465 break;
3466
3467 case O_EXT_ERROR:
3468 {
3469 if (optlen >= 2) {
3470 proto_tree_add_item(rropt_tree, hf_dns_opt_ext_error_info_code, tvb, cur_offset, 2, ENC_BIG_ENDIAN);
3471 cur_offset += 2;
3472 rropt_len -= 2;
3473 if (optlen > 2) {
3474 proto_tree_add_item(rropt_tree, hf_dns_opt_ext_error_extra_text, tvb, cur_offset, optlen - 2, ENC_UTF_8);
3475 cur_offset += (optlen - 2);
3476 rropt_len -= (optlen - 2);
3477 }
3478 }
3479 }
3480 break;
3481
3482 case O_REPORT_CHANNEL:
3483 {
3484
3485 const char *dname;
3486 int dname_len;
3487
3488 used_bytes = get_dns_name(tvb, cur_offset, 0, dns_data_offset,
3489 &dname, &dname_len);
3490 name_out = format_text(wmem_packet_scope(), (const unsigned char*)dname, dname_len);
3491 proto_tree_add_string(rropt_tree, hf_dns_opt_agent_domain, tvb, cur_offset, used_bytes, name_out);
3492
3493 cur_offset += used_bytes;
3494 rropt_len -= used_bytes;
3495 }
3496 break;
3497
3498 case O_ZONEVERSION:
3499 {
3500 uint32_t type;
3501 if (optlen >= 2) {
3502 proto_tree_add_item(rropt_tree, hf_dns_opt_zoneversion_labelcount, tvb, cur_offset, 1, ENC_NA);
3503 cur_offset += 1;
3504 rropt_len -= 1;
3505 proto_tree_add_item_ret_uint(rropt_tree, hf_dns_opt_zoneversion_type, tvb, cur_offset, 1, ENC_NA, &type);
3506 cur_offset += 1;
3507 rropt_len -= 1;
3508 if (optlen > 2) {
3509 switch (type) {
3510 case DNS_ZONEVERSION_TYPE_SOA_SERIAL:
3511 proto_tree_add_item(rropt_tree, hf_dns_opt_zoneversion_soa, tvb, cur_offset, 4, ENC_BIG_ENDIAN);
3512 cur_offset += 4;
3513 rropt_len -= 4;
3514 break;
3515 default:
3516 proto_tree_add_item(rropt_tree, hf_dns_opt_zoneversion_version, tvb, cur_offset, optlen - 2, ENC_NA);
3517 cur_offset += (optlen - 2);
3518 rropt_len -= (optlen - 2);
3519 }
3520 }
3521 }
3522 }
3523 break;
3524 default:
3525 {
3526 cur_offset += optlen;
3527 rropt_len -= optlen;
3528 }
3529 break;
3530 }
3531 }
3532 }
3533 break;
3534
3535 case T_APL: /* Lists of Address Prefixes (42) */
3536 {
3537 int rr_len = data_len;
3538 uint16_t afamily;
3539 uint8_t afdpart_len;
3540
3541 col_append_fstr(pinfo->cinfo, COL_INFO, " %s", name_out);
3542
3543 while (rr_len > 1) {
3544 afamily = tvb_get_ntohs(tvb, cur_offset);
3545 proto_tree_add_item(rr_tree, hf_dns_apl_address_family, tvb, cur_offset, 2, ENC_BIG_ENDIAN);
3546 cur_offset += 2;
3547 rr_len -= 2;
3548
3549 proto_tree_add_item(rr_tree, hf_dns_apl_coded_prefix, tvb, cur_offset, 1, ENC_BIG_ENDIAN);
3550 cur_offset += 1;
3551 rr_len -= 1;
3552
3553 afdpart_len = tvb_get_uint8(tvb, cur_offset) & DNS_APL_AFDLENGTH;
3554 proto_tree_add_item(rr_tree, hf_dns_apl_negation, tvb, cur_offset, 1, ENC_BIG_ENDIAN);
3555 proto_tree_add_item(rr_tree, hf_dns_apl_afdlength, tvb, cur_offset, 1, ENC_BIG_ENDIAN);
3556 cur_offset += 1;
3557 rr_len -= 1;
3558
3559 if (afamily == AFNUM_INET && afdpart_len <= 4) {
3560 ws_in4_addr *addr4_copy;
3561
3562 addr4_copy = (ws_in4_addr *)wmem_alloc0(pinfo->pool, 4);
3563 tvb_memcpy(tvb, (void *)addr4_copy, cur_offset, afdpart_len);
3564 proto_tree_add_ipv4(rr_tree, hf_dns_apl_afdpart_ipv4, tvb, cur_offset, afdpart_len, *addr4_copy);
3565 } else if (afamily == AFNUM_INET6 && afdpart_len <= 16) {
3566 ws_in6_addr *addr6_copy;
3567
3568 addr6_copy = (ws_in6_addr *)wmem_alloc0(pinfo->pool, 16);
3569 tvb_memcpy(tvb, (void *)addr6_copy, cur_offset, afdpart_len);
3570 proto_tree_add_ipv6(rr_tree, hf_dns_apl_afdpart_ipv6, tvb, cur_offset, afdpart_len, addr6_copy);
3571 } else { /* Other... */
3572 proto_tree_add_item(rr_tree, hf_dns_apl_afdpart_data, tvb, cur_offset, afdpart_len, ENC_NA);
3573 }
3574 cur_offset += afdpart_len;
3575 rr_len -= afdpart_len;
3576 }
3577 }
3578 break;
3579
3580 case T_DS: /* Delegation Signature (43) */
3581 case T_CDS: /* Child DS (59) */
3582 case T_DLV:
3583 {
3584 int rr_len = data_len;
3585
3586 proto_tree_add_item(rr_tree, hf_dns_ds_key_id, tvb, cur_offset, 2, ENC_BIG_ENDIAN);
3587 cur_offset += 2;
3588 rr_len -= 2;
3589
3590 proto_tree_add_item(rr_tree, hf_dns_ds_algorithm, tvb, cur_offset, 1, ENC_BIG_ENDIAN);
3591 cur_offset += 1;
3592 rr_len -= 1;
3593
3594 proto_tree_add_item(rr_tree, hf_dns_ds_digest_type, tvb, cur_offset, 1, ENC_BIG_ENDIAN);
3595 cur_offset += 1;
3596 rr_len -= 1;
3597
3598 proto_tree_add_item(rr_tree, hf_dns_ds_digest, tvb, cur_offset, rr_len, ENC_NA);
3599 }
3600 break;
3601
3602 case T_SSHFP: /* Securely Publish SSH Key Fingerprints (44) */
3603 {
3604 int rr_len = data_len;
3605
3606 proto_tree_add_item(rr_tree, hf_dns_sshfp_algorithm, tvb, cur_offset, 1, ENC_BIG_ENDIAN);
3607 cur_offset += 1;
3608 rr_len -= 1;
3609
3610 proto_tree_add_item(rr_tree, hf_dns_sshfp_fingerprint_type, tvb, cur_offset, 1, ENC_BIG_ENDIAN);
3611 cur_offset += 1;
3612 rr_len -= 1;
3613
3614
3615 if (rr_len != 0) {
3616 proto_tree_add_item(rr_tree, hf_dns_sshfp_fingerprint, tvb, cur_offset, rr_len, ENC_NA);
3617 }
3618 }
3619 break;
3620
3621 case T_IPSECKEY: /* IPsec Key (45) */
3622 {
3623 int rr_len = data_len;
3624 uint8_t gw_type;
3625 const char *gw;
3626 int gw_name_len;
3627
3628 proto_tree_add_item(rr_tree, hf_dns_ipseckey_gateway_precedence, tvb, cur_offset, 1, ENC_BIG_ENDIAN);
3629 cur_offset += 1;
3630 rr_len -= 1;
3631
3632 proto_tree_add_item(rr_tree, hf_dns_ipseckey_gateway_type, tvb, cur_offset, 1, ENC_BIG_ENDIAN);
3633 gw_type = tvb_get_uint8(tvb, cur_offset);
3634 cur_offset += 1;
3635 rr_len -= 1;
3636
3637 proto_tree_add_item(rr_tree, hf_dns_ipseckey_gateway_algorithm, tvb, cur_offset, 1, ENC_BIG_ENDIAN);
3638 cur_offset += 1;
3639 rr_len -= 1;
3640
3641 switch (gw_type) {
3642
3643 case 0:
3644 {
3645 /* No Gateway */
3646 }
3647 break;
3648
3649 case 1:
3650 {
3651 proto_tree_add_item(rr_tree, hf_dns_ipseckey_gateway_ipv4, tvb, cur_offset, 4, ENC_BIG_ENDIAN);
3652 cur_offset += 4;
3653 rr_len -= 4;
3654 }
3655 break;
3656
3657 case 2:
3658 {
3659 proto_tree_add_item(rr_tree, hf_dns_ipseckey_gateway_ipv6, tvb, cur_offset, 16, ENC_NA);
3660 cur_offset += 16;
3661 rr_len -= 16;
3662 }
3663 break;
3664
3665 case 3:
3666 {
3667 used_bytes = get_dns_name(tvb, cur_offset, 0, dns_data_offset, &gw, &gw_name_len);
3668 name_out = format_text(pinfo->pool, (const unsigned char*)gw, gw_name_len);
3669 proto_tree_add_string(rr_tree, hf_dns_ipseckey_gateway_dns, tvb, cur_offset, used_bytes, name_out);
3670
3671 cur_offset += used_bytes;
3672 rr_len -= used_bytes;
3673 }
3674 break;
3675
3676 default:
3677 break;
3678 }
3679 if (rr_len != 0) {
3680 proto_tree_add_item(rr_tree, hf_dns_ipseckey_public_key, tvb, cur_offset, rr_len, ENC_NA);
3681 }
3682 }
3683 break;
3684
3685 case T_RRSIG: /* RRSIG (46) */
3686 case T_SIG: /* Security SIgnature (24) */
3687 {
3688 int rr_len = data_len;
3689 const char *signer_name;
3690 int signer_name_len;
3691 proto_item *ti;
3692 uint32_t type;
3693
3694 ti = proto_tree_add_item_ret_uint(rr_tree, hf_dns_rrsig_type_covered, tvb, cur_offset, 2, ENC_BIG_ENDIAN, &type);
3695 proto_item_append_text(ti, " %s", val_to_str_ext(type, &dns_types_description_vals_ext, "Unknown (%d)"));
3696 cur_offset += 2;
3697 rr_len -= 2;
3698
3699 proto_tree_add_item(rr_tree, hf_dns_rrsig_algorithm, tvb, cur_offset, 1, ENC_BIG_ENDIAN);
3700 cur_offset += 1;
3701 rr_len -= 1;
3702
3703 proto_tree_add_item(rr_tree, hf_dns_rrsig_labels, tvb, cur_offset, 1, ENC_BIG_ENDIAN);
3704 cur_offset += 1;
3705 rr_len -= 1;
3706
3707 ti = proto_tree_add_item(rr_tree, hf_dns_rrsig_original_ttl, tvb, cur_offset, 4, ENC_BIG_ENDIAN);
3708 proto_item_append_text(ti, " (%s)", unsigned_time_secs_to_str(pinfo->pool, tvb_get_ntohl(tvb, cur_offset)));
3709 cur_offset += 4;
3710 rr_len -= 4;
3711
3712 proto_tree_add_item(rr_tree, hf_dns_rrsig_signature_expiration, tvb, cur_offset, 4, ENC_BIG_ENDIAN);
3713 cur_offset += 4;
3714 rr_len -= 4;
3715
3716 proto_tree_add_item(rr_tree, hf_dns_rrsig_signature_inception, tvb, cur_offset, 4, ENC_BIG_ENDIAN);
3717 cur_offset += 4;
3718 rr_len -= 4;
3719
3720 proto_tree_add_item(rr_tree, hf_dns_rrsig_key_tag, tvb, cur_offset, 2, ENC_BIG_ENDIAN);
3721 cur_offset += 2;
3722 rr_len -= 2;
3723
3724 used_bytes = get_dns_name(tvb, cur_offset, 0, dns_data_offset, &signer_name, &signer_name_len);
3725 name_out = format_text(pinfo->pool, (const unsigned char*)signer_name, signer_name_len);
3726 proto_tree_add_string(rr_tree, hf_dns_rrsig_signers_name, tvb, cur_offset, used_bytes, name_out);
3727 cur_offset += used_bytes;
3728 rr_len -= used_bytes;
3729
3730 if (rr_len != 0) {
3731 proto_tree_add_item(rr_tree, hf_dns_rrsig_signature, tvb, cur_offset, rr_len, ENC_NA);
3732 }
3733 }
3734 break;
3735
3736 case T_NSEC: /* NSEC (47) */
3737 {
3738 int rr_len = data_len;
3739 const char *next_domain_name;
3740 int next_domain_name_len;
3741
3742 used_bytes = get_dns_name(tvb, cur_offset, 0, dns_data_offset,
3743 &next_domain_name, &next_domain_name_len);
3744 name_out = format_text(pinfo->pool, (const unsigned char*)next_domain_name, next_domain_name_len);
3745 col_append_fstr(pinfo->cinfo, COL_INFO, " %s", name_out);
3746 proto_item_append_text(trr, ", next domain name %s", name_out);
3747 proto_tree_add_string(rr_tree, hf_dns_nsec_next_domain_name, tvb, cur_offset, used_bytes, name_out);
3748 cur_offset += used_bytes;
3749 rr_len -= used_bytes;
3750
3751 dissect_type_bitmap(rr_tree, tvb, cur_offset, rr_len);
3752 }
3753 break;
3754
3755 case T_DNSKEY: /* DNSKEY (48) */
3756 case T_CDNSKEY: /* CDNSKEY (60) */
3757 {
3758 int rr_len = data_len;
3759 proto_item *tf, *ti_gen;
3760 proto_tree *flags_tree;
3761 uint16_t key_id;
3762 uint8_t algo;
3763
3764 tf = proto_tree_add_item(rr_tree, hf_dns_dnskey_flags, tvb, cur_offset, 2, ENC_BIG_ENDIAN);
3765 flags_tree = proto_item_add_subtree(tf, ett_key_flags);
3766 proto_tree_add_item(flags_tree, hf_dns_dnskey_flags_zone_key, tvb, cur_offset, 2, ENC_BIG_ENDIAN);
3767 proto_tree_add_item(flags_tree, hf_dns_dnskey_flags_key_revoked, tvb, cur_offset, 2, ENC_BIG_ENDIAN);
3768 proto_tree_add_item(flags_tree, hf_dns_dnskey_flags_secure_entry_point, tvb, cur_offset, 2, ENC_BIG_ENDIAN);
3769 proto_tree_add_item(flags_tree, hf_dns_dnskey_flags_reserved, tvb, cur_offset, 2, ENC_BIG_ENDIAN);
3770
3771 cur_offset += 2;
3772 rr_len -= 2;
3773
3774 /* Must have value 3, Add check ? */
3775 proto_tree_add_item(rr_tree, hf_dns_dnskey_protocol, tvb, cur_offset, 1, ENC_BIG_ENDIAN);
3776 cur_offset += 1;
3777 rr_len -= 1;
3778
3779 proto_tree_add_item(rr_tree, hf_dns_dnskey_algorithm, tvb, cur_offset, 1, ENC_BIG_ENDIAN);
3780 algo = tvb_get_uint8(tvb, cur_offset);
3781
3782 cur_offset += 1;
3783 rr_len -= 1;
3784
3785 if (compute_key_id(rr_tree, pinfo, tvb, cur_offset-4, rr_len+4, algo, &key_id)) {
3786 ti_gen = proto_tree_add_uint(rr_tree, hf_dns_dnskey_key_id, tvb, 0, 0, key_id);
3787 proto_item_set_generated(ti_gen);
3788 }
3789
3790 proto_tree_add_item(rr_tree, hf_dns_dnskey_public_key, tvb, cur_offset, rr_len, ENC_NA);
3791 }
3792 break;
3793
3794 case T_DHCID: /* DHCID (49) */
3795 {
3796 col_append_fstr(pinfo->cinfo, COL_INFO, " %s", name_out);
3797 proto_tree_add_item(rr_tree, hf_dns_dhcid_rdata, tvb, cur_offset, data_len, ENC_NA);
3798 }
3799 break;
3800
3801 case T_NSEC3: /* NSEC3 (50) */
3802 {
3803 int rr_len, initial_offset = cur_offset;
3804 uint8_t salt_len, hash_len;
3805 proto_item *flags_item, *hash_item;
3806 proto_tree *flags_tree;
3807
3808 proto_tree_add_item(rr_tree, hf_dns_nsec3_algo, tvb, cur_offset, 1, ENC_BIG_ENDIAN);
3809 cur_offset += 1;
3810
3811 flags_item = proto_tree_add_item(rr_tree, hf_dns_nsec3_flags, tvb, cur_offset, 1, ENC_BIG_ENDIAN);
3812 flags_tree = proto_item_add_subtree(flags_item, ett_nsec3_flags);
3813 proto_tree_add_item(flags_tree, hf_dns_nsec3_flag_optout, tvb, cur_offset, 1, ENC_BIG_ENDIAN);
3814 cur_offset += 1;
3815
3816 proto_tree_add_item(rr_tree, hf_dns_nsec3_iterations, tvb, cur_offset, 2, ENC_BIG_ENDIAN);
3817 cur_offset += 2;
3818
3819 proto_tree_add_item(rr_tree, hf_dns_nsec3_salt_length, tvb, cur_offset, 1, ENC_BIG_ENDIAN);
3820 salt_len = tvb_get_uint8(tvb, cur_offset);
3821 cur_offset += 1;
3822
3823 proto_tree_add_item(rr_tree, hf_dns_nsec3_salt_value, tvb, cur_offset, salt_len, ENC_NA);
3824 cur_offset += salt_len;
3825
3826 proto_tree_add_item(rr_tree, hf_dns_nsec3_hash_length, tvb, cur_offset, 1, ENC_BIG_ENDIAN);
3827 hash_len = tvb_get_uint8(tvb, cur_offset);
3828 cur_offset += 1;
3829
3830 /*
3831 * The code below is optimized for simplicity as trailing padding
3832 * characters ("=") are not used in the NSEC3 specification (see RFC 5155
3833 * section 1.3).
3834 */
3835 if (hash_len) {
3836 /* Base 32 Encoding with Extended Hex Alphabet (see RFC 4648 section 7) */
3837 const char *base32hex = "0123456789abcdefghijklmnopqrstuv";
3838 wmem_strbuf_t *hash_value_base32hex = wmem_strbuf_new(pinfo->pool, "");
3839 int group, in_offset, out_offset;
3840 for (in_offset = 0, out_offset = 0;
3841 in_offset / 8 < hash_len;
3842 in_offset += 5, out_offset += 1) {
3843 group = tvb_get_bits8(tvb, cur_offset * 8 + in_offset, 5);
3844 wmem_strbuf_append_c(hash_value_base32hex, base32hex[group]);
3845 }
3846 hash_item = proto_tree_add_string(rr_tree, hf_dns_nsec3_hash_value, tvb, cur_offset, hash_len, wmem_strbuf_finalize(hash_value_base32hex));
3847 proto_item_set_generated(hash_item);
3848 cur_offset += hash_len;
3849 }
3850
3851 rr_len = data_len - (cur_offset - initial_offset);
3852 dissect_type_bitmap(rr_tree, tvb, cur_offset, rr_len);
3853 }
3854 break;
3855
3856 case T_NSEC3PARAM: /* NSEC3PARAM (51) */
3857 {
3858 int salt_len;
3859 col_append_fstr(pinfo->cinfo, COL_INFO, " %s", name_out);
3860
3861 proto_tree_add_item(rr_tree, hf_dns_nsec3_algo, tvb, cur_offset, 1, ENC_BIG_ENDIAN);
3862 cur_offset +=1;
3863
3864 proto_tree_add_item(rr_tree, hf_dns_nsec3_flags, tvb, cur_offset, 1, ENC_BIG_ENDIAN);
3865 cur_offset +=1;
3866
3867 proto_tree_add_item(rr_tree, hf_dns_nsec3_iterations, tvb, cur_offset, 2, ENC_BIG_ENDIAN);
3868 cur_offset += 2;
3869
3870 proto_tree_add_item(rr_tree, hf_dns_nsec3_salt_length, tvb, cur_offset, 1, ENC_BIG_ENDIAN);
3871 salt_len = tvb_get_uint8(tvb, cur_offset);
3872 cur_offset +=1;
3873
3874 proto_tree_add_item(rr_tree, hf_dns_nsec3_salt_value, tvb, cur_offset, salt_len, ENC_NA);
3875 }
3876 break;
3877
3878 case T_TLSA: /* DNS-Based Authentication of Named Entities (52) */
3879 {
3880 int rr_len = data_len;
3881 col_append_fstr(pinfo->cinfo, COL_INFO, " %s", name_out);
3882
3883 proto_tree_add_item(rr_tree, hf_dns_tlsa_certificate_usage, tvb, cur_offset, 1, ENC_BIG_ENDIAN);
3884 cur_offset ++;
3885 rr_len --;
3886
3887 proto_tree_add_item(rr_tree, hf_dns_tlsa_selector, tvb, cur_offset, 1, ENC_BIG_ENDIAN);
3888 cur_offset ++;
3889 rr_len --;
3890
3891 proto_tree_add_item(rr_tree, hf_dns_tlsa_matching_type, tvb, cur_offset, 1, ENC_BIG_ENDIAN);
3892 cur_offset ++;
3893 rr_len --;
3894
3895 proto_tree_add_item(rr_tree, hf_dns_tlsa_certificate_association_data, tvb, cur_offset, rr_len, ENC_NA);
3896 }
3897 break;
3898
3899 case T_HIP: /* Host Identity Protocol (55) */
3900 {
3901 uint8_t hit_len;
3902 uint16_t pk_len;
3903 int rr_len = data_len;
3904 int rendezvous_len;
3905 const char *rend_server_dns_name;
3906
3907 col_append_fstr(pinfo->cinfo, COL_INFO, " %s", name_out);
3908
3909 hit_len = tvb_get_uint8(tvb, cur_offset);
3910 proto_tree_add_item(rr_tree, hf_dns_hip_hit_length, tvb, cur_offset, 1, ENC_BIG_ENDIAN);
3911 cur_offset += 1;
3912 rr_len -= 1;
3913
3914 proto_tree_add_item(rr_tree, hf_dns_hip_pk_algo, tvb, cur_offset, 1, ENC_BIG_ENDIAN);
3915 cur_offset += 1;
3916 rr_len -= 1;
3917
3918 pk_len = tvb_get_ntohs(tvb, cur_offset);
3919 proto_tree_add_item(rr_tree, hf_dns_hip_pk_length, tvb, cur_offset, 2, ENC_BIG_ENDIAN);
3920 cur_offset += 2;
3921 rr_len -= 2;
3922
3923 proto_tree_add_item(rr_tree, hf_dns_hip_hit, tvb, cur_offset, hit_len, ENC_NA);
3924 cur_offset += hit_len;
3925 rr_len -= hit_len;
3926
3927 proto_tree_add_item(rr_tree, hf_dns_hip_pk, tvb, cur_offset, pk_len, ENC_NA);
3928 cur_offset += pk_len;
3929 rr_len -= pk_len;
3930
3931 while (rr_len > 1) {
3932 used_bytes = get_dns_name(tvb, cur_offset, 0, dns_data_offset, &rend_server_dns_name, &rendezvous_len);
3933 name_out = format_text(pinfo->pool, (const unsigned char*)rend_server_dns_name, rendezvous_len);
3934 proto_tree_add_string(rr_tree, hf_dns_hip_rendezvous_server, tvb, cur_offset, used_bytes, name_out);
3935 cur_offset += used_bytes;
3936 rr_len -= used_bytes;
3937 }
3938 }
3939 break;
3940
3941 case T_OPENPGPKEY: /* OpenPGP Key (61) */
3942 {
3943 proto_tree_add_item(rr_tree, hf_dns_openpgpkey, tvb, cur_offset, data_len, ENC_ASCII);
3944 }
3945 break;
3946
3947 case T_CSYNC: /* Child-to-Parent Synchronization (62) */
3948 {
3949 int rr_len, initial_offset = cur_offset;
3950
3951 proto_tree_add_item(rr_tree, hf_dns_csync_soa, tvb, cur_offset, 4, ENC_ASCII|ENC_NA);
3952 cur_offset += 4;
3953
3954 proto_tree_add_bitmask_with_flags(rr_tree, tvb, cur_offset,
3955 hf_dns_csync_flags, ett_dns_csdync_flags, dns_csync_flags, ENC_BIG_ENDIAN, BMT_NO_APPEND);
3956 cur_offset += 2;
3957
3958 rr_len = data_len - (cur_offset - initial_offset);
3959 proto_tree_add_item(rr_tree, hf_dns_csync_type_bitmap, tvb, cur_offset, rr_len, ENC_NA);
3960
3961 dissect_type_bitmap(rr_tree, tvb, cur_offset, rr_len);
3962 }
3963 break;
3964
3965 case T_ZONEMD: /* Message Digest for DNS Zones (63) */
3966 {
3967 proto_tree_add_item(rr_tree, hf_dns_zonemd_serial, tvb, cur_offset, 4, ENC_BIG_ENDIAN);
3968 cur_offset += 4;
3969 proto_tree_add_item(rr_tree, hf_dns_zonemd_scheme, tvb, cur_offset, 1, ENC_NA);
3970 cur_offset += 1;
3971 proto_tree_add_item(rr_tree, hf_dns_zonemd_hash_algo, tvb, cur_offset, 1, ENC_NA);
3972 cur_offset += 1;
3973 proto_tree_add_item(rr_tree, hf_dns_zonemd_digest, tvb, cur_offset, data_len - 6 , ENC_NA);
3974 }
3975 break;
3976
3977 case T_SVCB: /* Service binding and parameter specification (64) */
3978 case T_HTTPS: /* Service binding and parameter specification (65) */
3979 {
3980 uint32_t priority = 0, value;
3981 uint32_t svc_param_key;
3982 uint32_t svc_param_offset;
3983 uint32_t svc_param_length;
3984 uint32_t svc_param_alpn_length;
3985 const char *target;
3986 int target_len;
3987 const uint8_t *dohpath;
3988 int start_offset = cur_offset;
3989 proto_item *svcb_param_ti;
3990 proto_tree *svcb_param_tree;
3991
3992 proto_tree_add_item_ret_uint(rr_tree, hf_dns_svcb_priority, tvb, cur_offset, 2, ENC_BIG_ENDIAN, &priority);
3993 cur_offset += 2;
3994
3995 used_bytes = get_dns_name(tvb, cur_offset, 0, dns_data_offset, &target, &target_len);
3996 name_out = format_text(pinfo->pool, (const unsigned char*)target, target_len);
3997
3998 proto_tree_add_string(rr_tree, hf_dns_svcb_target, tvb, cur_offset, used_bytes, name_out);
3999 cur_offset += used_bytes;
4000
4001 if (data_len > cur_offset - start_offset) {
4002 while (data_len > cur_offset - start_offset) {
4003 svcb_param_ti = proto_tree_add_item(rr_tree, hf_dns_svcb_param, tvb, cur_offset, -1, ENC_NA);
4004 svcb_param_tree = proto_item_add_subtree(svcb_param_ti, ett_dns_svcb);
4005
4006 proto_tree_add_item_ret_uint(svcb_param_tree, hf_dns_svcb_param_key, tvb, cur_offset, 2, ENC_BIG_ENDIAN, &svc_param_key);
4007 cur_offset += 2;
4008
4009 proto_tree_add_item_ret_uint(svcb_param_tree, hf_dns_svcb_param_length, tvb, cur_offset, 2, ENC_BIG_ENDIAN, &svc_param_length);
4010 cur_offset += 2;
4011
4012 proto_item_append_text(svcb_param_ti, ": %s", val_to_str(svc_param_key, dns_svcb_param_key_vals, "key%u"));
4013 proto_item_set_len(svcb_param_ti, svc_param_length + 4);
4014
4015 switch(svc_param_key) {
4016 case DNS_SVCB_KEY_MANDATORY:
4017 for (svc_param_offset = 0; svc_param_offset < svc_param_length; svc_param_offset += 2) {
4018 uint32_t key;
4019 proto_tree_add_item_ret_uint(svcb_param_tree, hf_dns_svcb_param_mandatory_key, tvb, cur_offset, 2, ENC_BIG_ENDIAN, &key);
4020 proto_item_append_text(svcb_param_ti, "%c%s", (svc_param_offset == 0 ? '=' : ','), val_to_str(key, dns_svcb_param_key_vals, "key%u"));
4021 cur_offset += 2;
4022 }
4023 break;
4024 case DNS_SVCB_KEY_ALPN:
4025 for (svc_param_offset = 0; svc_param_offset < svc_param_length; ) {
4026 const uint8_t *alpn;
4027 proto_tree_add_item_ret_uint(svcb_param_tree, hf_dns_svcb_param_alpn_length, tvb, cur_offset, 1, ENC_BIG_ENDIAN, &svc_param_alpn_length);
4028 cur_offset += 1;
4029 proto_tree_add_item_ret_string(svcb_param_tree, hf_dns_svcb_param_alpn, tvb, cur_offset, svc_param_alpn_length, ENC_ASCII|ENC_NA, pinfo->pool, &alpn);
4030 cur_offset += svc_param_alpn_length;
4031 proto_item_append_text(svcb_param_ti, "%c%s", (svc_param_offset == 0 ? '=' : ','), alpn);
4032 svc_param_offset += 1 + svc_param_alpn_length;
4033 }
4034 break;
4035 case DNS_SVCB_KEY_NOALPN:
4036 break;
4037 case DNS_SVCB_KEY_PORT:
4038 proto_tree_add_item_ret_uint(svcb_param_tree, hf_dns_svcb_param_port, tvb, cur_offset, 2, ENC_BIG_ENDIAN, &value);
4039 proto_item_append_text(svcb_param_ti, "=%u", value);
4040 cur_offset += 2;
4041 break;
4042 case DNS_SVCB_KEY_IPV4HINT:
4043 for (svc_param_offset = 0; svc_param_offset < svc_param_length; svc_param_offset += 4) {
4044 proto_tree_add_item(svcb_param_tree, hf_dns_svcb_param_ipv4hint_ip, tvb, cur_offset, 4, ENC_NA);
4045 proto_item_append_text(svcb_param_ti, "%c%s", (svc_param_offset == 0 ? '=' : ','), tvb_ip_to_str(pinfo->pool, tvb, cur_offset));
4046 cur_offset += 4;
4047 }
4048 break;
4049 case DNS_SVCB_KEY_ECH:
4050 {
4051 tvbuff_t *next_tvb = tvb_new_subset_length(tvb, cur_offset, svc_param_length);
4052 cur_offset += call_dissector(tls_echconfig_handle, next_tvb, pinfo, svcb_param_tree);
4053 break;
4054 }
4055 case DNS_SVCB_KEY_IPV6HINT:
4056 for (svc_param_offset = 0; svc_param_offset < svc_param_length; svc_param_offset += 16) {
4057 proto_tree_add_item(svcb_param_tree, hf_dns_svcb_param_ipv6hint_ip, tvb, cur_offset, 16, ENC_NA);
4058 proto_item_append_text(svcb_param_ti, "%c%s", (svc_param_offset == 0 ? '=' : ','), tvb_ip6_to_str(pinfo->pool, tvb, cur_offset));
4059 cur_offset += 16;
4060 }
4061 break;
4062 case DNS_SVCB_KEY_DOHPATH:
4063 proto_tree_add_item_ret_string(svcb_param_tree, hf_dns_svcb_param_dohpath, tvb, cur_offset, svc_param_length, ENC_UTF_8|ENC_NA, pinfo->pool, &dohpath);
4064 cur_offset += svc_param_length;
4065 proto_item_append_text(svcb_param_ti, "=%s", dohpath);
4066 break;
4067 case DNS_SVCB_KEY_ODOHCONFIG:
4068 dissect_dns_svcparam_base64(svcb_param_tree, svcb_param_ti, hf_dns_svcb_param_odohconfig, tvb, cur_offset, svc_param_length);
4069 cur_offset += svc_param_length;
4070 break;
4071 default:
4072 if (svc_param_length > 0) {
4073 proto_tree_add_item(svcb_param_tree, hf_dns_svcb_param_value, tvb, cur_offset, svc_param_length, ENC_NA);
4074 proto_item_append_text(svcb_param_ti, "=%s", tvb_format_text(pinfo->pool, tvb, cur_offset, svc_param_length));
4075 cur_offset += svc_param_length;
4076 }
4077 break;
4078 }
4079 }
4080 }
4081 }
4082 break;
4083
4084 case T_SPF: /* Sender Policy Framework (99) */
4085 {
4086 int rr_len = data_len;
4087 int spf_offset;
4088 int spf_len;
4089
4090 spf_offset = cur_offset;
4091 while (rr_len != 0) {
4092 spf_len = tvb_get_uint8(tvb, spf_offset);
4093 proto_tree_add_item(rr_tree, hf_dns_spf_length, tvb, spf_offset, 1, ENC_BIG_ENDIAN);
4094 spf_offset += 1;
4095 rr_len -= 1;
4096 proto_tree_add_item(rr_tree, hf_dns_spf, tvb, spf_offset, spf_len, ENC_ASCII);
4097 spf_offset += spf_len;
4098 rr_len -= spf_len;
4099 }
4100 }
4101 break;
4102
4103 case T_NID: /* NodeID (104) */
4104 {
4105 proto_tree_add_item(rr_tree, hf_dns_ilnp_nodeid_preference, tvb, cur_offset, 2, ENC_BIG_ENDIAN);
4106 cur_offset += 2;
4107
4108 proto_tree_add_item(rr_tree, hf_dns_ilnp_nodeid, tvb, cur_offset, 8, ENC_NA);
4109 /*cur_offset += 8;*/
4110 }
4111 break;
4112
4113 case T_L32: /* Locator (105) */
4114 {
4115 proto_tree_add_item(rr_tree, hf_dns_ilnp_locator32_preference, tvb, cur_offset, 2, ENC_BIG_ENDIAN);
4116 cur_offset += 2;
4117
4118 proto_tree_add_item(rr_tree, hf_dns_ilnp_locator32, tvb, cur_offset, 4, ENC_NA);
4119 /*cur_offset += 4;*/
4120 }
4121 break;
4122
4123 case T_L64: /* Locator64 (106) */
4124 {
4125 proto_tree_add_item(rr_tree, hf_dns_ilnp_locator64_preference, tvb, cur_offset, 2, ENC_BIG_ENDIAN);
4126 cur_offset += 2;
4127
4128 proto_tree_add_item(rr_tree, hf_dns_ilnp_locator64, tvb, cur_offset, 8, ENC_NA);
4129 /*cur_offset += 8;*/
4130 }
4131 break;
4132
4133 case T_LP: /* Locator FQDN (107) */
4134 {
4135 int lp_len;
4136 const char *lp_str;
4137
4138 proto_tree_add_item(rr_tree, hf_dns_ilnp_locatorfqdn_preference, tvb, cur_offset, 2, ENC_BIG_ENDIAN);
4139 cur_offset += 2;
4140
4141 used_bytes = get_dns_name(tvb, cur_offset, 0, dns_data_offset, &lp_str, &lp_len);
4142 name_out = format_text(pinfo->pool, (const unsigned char*)lp_str, lp_len);
4143 proto_tree_add_string(rr_tree, hf_dns_ilnp_locatorfqdn, tvb, cur_offset, used_bytes, name_out);
4144 /*cur_offset += used_bytes;*/
4145 }
4146 break;
4147
4148 case T_EUI48: /* EUI48 (108) */
4149 {
4150 proto_tree_add_item(rr_tree, hf_dns_eui48, tvb, cur_offset, 6, ENC_NA);
4151 /*cur_offset += 6;*/
4152 }
4153 break;
4154
4155 case T_EUI64: /* EUI64 (109) */
4156 {
4157 proto_tree_add_item(rr_tree, hf_dns_eui64, tvb, cur_offset, 8, ENC_NA);
4158 /*cur_offset += 8;*/
4159 }
4160 break;
4161
4162 case T_TKEY: /* Transaction Key (249) */
4163 {
4164 const char *tkey_algname;
4165 int tkey_algname_len;
4166 uint16_t tkey_mode, tkey_keylen, tkey_otherlen;
4167
4168 proto_tree *key_tree;
4169 proto_item *key_item;
4170
4171 used_bytes = get_dns_name(tvb, cur_offset, 0, dns_data_offset, &tkey_algname, &tkey_algname_len);
4172 name_out = format_text(pinfo->pool, (const unsigned char*)tkey_algname, tkey_algname_len);
4173 proto_tree_add_string(rr_tree, hf_dns_tkey_algo_name, tvb, cur_offset, used_bytes, name_out);
4174 cur_offset += used_bytes;
4175
4176 proto_tree_add_item(rr_tree, hf_dns_tkey_signature_inception, tvb, cur_offset, 4, ENC_BIG_ENDIAN);
4177 cur_offset += 4;
4178
4179 proto_tree_add_item(rr_tree, hf_dns_tkey_signature_expiration, tvb, cur_offset, 4, ENC_BIG_ENDIAN);
4180 cur_offset += 4;
4181
4182 proto_tree_add_item(rr_tree, hf_dns_tkey_mode, tvb, cur_offset, 2, ENC_BIG_ENDIAN);
4183 tkey_mode = tvb_get_ntohs(tvb, cur_offset);
4184 cur_offset += 2;
4185
4186 proto_tree_add_item(rr_tree, hf_dns_tkey_error, tvb, cur_offset, 2, ENC_BIG_ENDIAN);
4187 cur_offset += 2;
4188
4189 proto_tree_add_item(rr_tree, hf_dns_tkey_key_size, tvb, cur_offset, 2, ENC_BIG_ENDIAN);
4190 tkey_keylen = tvb_get_ntohs(tvb, cur_offset);
4191 cur_offset += 2;
4192
4193 if (tkey_keylen != 0) {
4194 key_item = proto_tree_add_item(rr_tree, hf_dns_tkey_key_data, tvb, cur_offset, tkey_keylen, ENC_NA);
4195
4196 key_tree = proto_item_add_subtree(key_item, ett_t_key);
4197
4198 switch(tkey_mode) {
4199 case TKEYMODE_GSSAPI:
4200 {
4201 tvbuff_t *gssapi_tvb;
4202
4203 /*
4204 * XXX - in at least one capture, this appears to
4205 * be an NTLMSSP blob, with no ASN.1 in it, in
4206 * a query.
4207 *
4208 * See RFC 3645 which might indicate what's going
4209 * on here. (The key is an output_token from
4210 * GSS_Init_sec_context.)
4211 *
4212 * How the heck do we know what method is being
4213 * used, so we know how to decode the key? Do we
4214 * have to look at the algorithm name, e.g.
4215 * "gss.microsoft.com"? We currently do as the
4216 * the SMB dissector does in some cases, and check
4217 * whether the security blob begins with "NTLMSSP".
4218 */
4219 gssapi_tvb = tvb_new_subset_length(tvb, cur_offset, tkey_keylen);
4220 if (tvb_strneql(gssapi_tvb, 0, "NTLMSSP", 7) == 0) {
4221 call_dissector(ntlmssp_handle, gssapi_tvb, pinfo, key_tree);
4222 } else {
4223 call_dissector(gssapi_handle, gssapi_tvb, pinfo, key_tree);
4224 }
4225 }
4226 break;
4227
4228 default:
4229 /* No dissector for this key mode */
4230 break;
4231 }
4232
4233 cur_offset += tkey_keylen;
4234 }
4235
4236 proto_tree_add_item(rr_tree, hf_dns_tkey_other_size, tvb, cur_offset, 2, ENC_BIG_ENDIAN);
4237 tkey_otherlen = tvb_get_ntohs(tvb, cur_offset);
4238 cur_offset += 2;
4239
4240 if (tkey_otherlen != 0) {
4241 proto_tree_add_item(rr_tree, hf_dns_tkey_other_data, tvb, cur_offset, tkey_otherlen, ENC_NA);
4242 }
4243 }
4244 break;
4245
4246 case T_TSIG: /* Transaction Signature (250) */
4247 {
4248 uint16_t tsig_siglen, tsig_otherlen;
4249 const char *tsig_algname;
4250 int tsig_algname_len;
4251 proto_item *ti;
4252
4253 used_bytes = get_dns_name(tvb, cur_offset, 0, dns_data_offset, &tsig_algname, &tsig_algname_len);
4254 name_out = format_text(pinfo->pool, (const unsigned char*)tsig_algname, tsig_algname_len);
4255 proto_tree_add_string(rr_tree, hf_dns_tsig_algorithm_name, tvb, cur_offset, used_bytes, name_out);
4256 cur_offset += used_bytes;
4257
4258 ti = proto_tree_add_item(rr_tree, hf_dns_tsig_time_signed ,tvb, cur_offset, 6, ENC_TIME_SECS|ENC_BIG_ENDIAN);
4259 if(tvb_get_ntohs(tvb, cur_offset)) /* Time High */
4260 {
4261 proto_item_append_text(ti, " (high bits set)");
4262 }
4263 cur_offset += 6;
4264
4265 proto_tree_add_item(rr_tree, hf_dns_tsig_fudge, tvb, cur_offset, 2, ENC_BIG_ENDIAN);
4266 cur_offset += 2;
4267
4268 tsig_siglen = tvb_get_ntohs(tvb, cur_offset);
4269 proto_tree_add_item(rr_tree, hf_dns_tsig_mac_size, tvb, cur_offset, 2, ENC_BIG_ENDIAN);
4270 cur_offset += 2;
4271
4272 if (tsig_siglen != 0) {
4273 proto_item *mac_item;
4274 proto_tree *mac_tree;
4275 tvbuff_t *sub_tvb;
4276
4277 mac_item = proto_tree_add_item(rr_tree, hf_dns_tsig_mac, tvb, cur_offset, tsig_siglen, ENC_NA);
4278 mac_tree = proto_item_add_subtree(mac_item, ett_dns_mac);
4279
4280 sub_tvb=tvb_new_subset_length(tvb, cur_offset, tsig_siglen);
4281
4282 if (!dissector_try_string_with_data(dns_tsig_dissector_table, tsig_algname, sub_tvb, pinfo, mac_tree, true, NULL)) {
4283 expert_add_info_format(pinfo, mac_item, &ei_dns_tsig_alg,
4284 "No dissector for algorithm:%s", name_out);
4285 }
4286
4287 cur_offset += tsig_siglen;
4288 }
4289
4290 proto_tree_add_item(rr_tree, hf_dns_tsig_original_id, tvb, cur_offset, 2, ENC_BIG_ENDIAN);
4291 cur_offset += 2;
4292
4293 proto_tree_add_item(rr_tree, hf_dns_tsig_error, tvb, cur_offset, 2, ENC_BIG_ENDIAN);
4294 cur_offset += 2;
4295
4296 proto_tree_add_item(rr_tree, hf_dns_tsig_other_len, tvb, cur_offset, 2, ENC_BIG_ENDIAN);
4297 tsig_otherlen = tvb_get_ntohs(tvb, cur_offset);
4298 cur_offset += 2;
4299
4300 if (tsig_otherlen != 0) {
4301 proto_tree_add_item(rr_tree, hf_dns_tsig_other_data, tvb, cur_offset, tsig_otherlen, ENC_NA);
4302 }
4303 }
4304 break;
4305
4306 case T_URI: /* Uniform Resource Locator (256) */
4307 {
4308 int rr_len = data_len;
4309 uint16_t priority = 0;
4310 uint16_t weight = 0;
4311 int target_len = rr_len - 4;
4312 const char *target;
4313
4314 proto_tree_add_item(rr_tree, hf_dns_srv_priority, tvb, cur_offset, 2, ENC_BIG_ENDIAN);
4315 priority = tvb_get_ntohs(tvb, cur_offset);
4316 cur_offset += 2;
4317
4318 proto_tree_add_item(rr_tree, hf_dns_srv_weight, tvb, cur_offset, 2, ENC_BIG_ENDIAN);
4319 weight = tvb_get_ntohs(tvb, cur_offset);
4320 cur_offset += 2;
4321
4322 target = (const char*)tvb_get_string_enc(pinfo->pool, tvb, cur_offset, target_len, ENC_ASCII|ENC_NA);
4323
4324 proto_tree_add_string(rr_tree, hf_dns_srv_target, tvb, cur_offset, used_bytes, target);
4325
4326 col_append_fstr(pinfo->cinfo, COL_INFO, " %u %u %s", priority, weight, target);
4327 proto_item_append_text(trr,
4328 ", priority %u, weight %u, target %s",
4329 priority, weight, target);
4330 }
4331 break;
4332
4333
4334 case T_CAA: /* Certification Authority Restriction (257) */
4335 {
4336 proto_item *caa_item;
4337 proto_tree *caa_tree;
4338 uint8_t tag_len;
4339 const char *tag;
4340 uint16_t value_len;
4341 const unsigned char *value;
4342 int cur_hf = -1;
4343
4344 caa_item = proto_tree_add_item(rr_tree, hf_dns_caa_flags, tvb, cur_offset, 1, ENC_BIG_ENDIAN);
4345 caa_tree = proto_item_add_subtree(caa_item, ett_caa_flags);
4346 proto_tree_add_item(caa_tree, hf_dns_caa_flag_issuer_critical, tvb, cur_offset, 1, ENC_BIG_ENDIAN);
4347 cur_offset++;
4348
4349 tag_len = tvb_get_uint8(tvb, cur_offset);
4350 tag = (const char*)tvb_get_string_enc(pinfo->pool, tvb, cur_offset + 1, tag_len, ENC_ASCII|ENC_NA);
4351
4352 value_len = data_len - (tag_len + 2);
4353 value = (unsigned char*)tvb_get_string_enc(pinfo->pool, tvb, cur_offset + 1 + tag_len, value_len, ENC_ASCII|ENC_NA);
4354
4355 value = (unsigned char*)format_text(pinfo->pool, value, value_len);
4356
4357 if (strncmp(tag, "issue", tag_len) == 0) {
4358 cur_hf = hf_dns_caa_issue;
4359 } else if (strncmp(tag, "issuewild", tag_len) == 0) {
4360 cur_hf = hf_dns_caa_issuewild;
4361 } else if (strncmp(tag, "iodef", tag_len) == 0) {
4362 cur_hf = hf_dns_caa_iodef;
4363 } else {
4364 cur_hf = hf_dns_caa_unknown;
4365 }
4366
4367 caa_item = proto_tree_add_string(rr_tree, cur_hf, tvb, cur_offset, 1 + tag_len + value_len, (const char*)value);
4368 caa_tree = proto_item_add_subtree(caa_item, ett_caa_data);
4369
4370 proto_tree_add_uint(caa_tree, hf_dns_caa_tag_length, tvb, cur_offset, 1, tag_len);
4371 proto_tree_add_string(caa_tree, hf_dns_caa_tag, tvb, cur_offset + 1, tag_len, tag);
4372 proto_tree_add_string(caa_tree, hf_dns_caa_value, tvb, cur_offset + 1 + tag_len, value_len, (const char*)value);
4373 }
4374 break;
4375
4376 case T_WINS: /* Microsoft's WINS (65281)*/
4377 {
4378 int rr_len = data_len;
4379 uint32_t nservers;
4380
4381 proto_tree_add_item(rr_tree, hf_dns_wins_local_flag, tvb, cur_offset, 4, ENC_BIG_ENDIAN);
4382 cur_offset += 4;
4383 rr_len -= 4;
4384
4385 proto_tree_add_item(rr_tree, hf_dns_wins_lookup_timeout, tvb, cur_offset, 4, ENC_BIG_ENDIAN);
4386 cur_offset += 4;
4387 rr_len -= 4;
4388
4389 proto_tree_add_item(rr_tree, hf_dns_wins_cache_timeout, tvb, cur_offset, 4, ENC_BIG_ENDIAN);
4390 cur_offset += 4;
4391 rr_len -= 4;
4392
4393 proto_tree_add_item(rr_tree, hf_dns_wins_nb_wins_servers, tvb, cur_offset, 4, ENC_BIG_ENDIAN);
4394 nservers = tvb_get_ntohl(tvb, cur_offset);
4395 cur_offset += 4;
4396 rr_len -= 4;
4397
4398 while (rr_len != 0 && nservers != 0) {
4399 proto_tree_add_item(rr_tree, hf_dns_wins_server, tvb, cur_offset, 4, ENC_NA);
4400
4401 cur_offset += 4;
4402 rr_len -= 4;
4403 nservers--;
4404 }
4405 }
4406 break;
4407
4408 case T_WINS_R: /* Microsoft's WINS-R (65282)*/
4409 {
4410 const char *dname;
4411 int dname_len;
4412
4413 proto_tree_add_item(rr_tree, hf_dns_winsr_local_flag, tvb, cur_offset, 4, ENC_BIG_ENDIAN);
4414 cur_offset += 4;
4415
4416 proto_tree_add_item(rr_tree, hf_dns_winsr_lookup_timeout, tvb, cur_offset, 4, ENC_BIG_ENDIAN);
4417 cur_offset += 4;
4418
4419 proto_tree_add_item(rr_tree, hf_dns_winsr_cache_timeout, tvb, cur_offset, 4, ENC_BIG_ENDIAN);
4420 cur_offset += 4;
4421
4422 used_bytes = get_dns_name(tvb, cur_offset, 0, dns_data_offset, &dname, &dname_len);
4423 name_out = format_text(pinfo->pool, (const unsigned char*)dname, dname_len);
4424 proto_tree_add_string(rr_tree, hf_dns_winsr_name_result_domain, tvb, cur_offset, used_bytes, name_out);
4425 col_append_fstr(pinfo->cinfo, COL_INFO, " %s", name_out);
4426 proto_item_append_text(trr, ", name result domain %s", name_out);
4427 }
4428 break;
4429
4430 case T_XPF: /* XPF draft-bellis-dnsop-xpf */
4431 {
4432 uint32_t address_family;
4433
4434 proto_tree_add_item_ret_uint(rr_tree, hf_dns_xpf_ip_version, tvb, cur_offset, 1, ENC_BIG_ENDIAN, &address_family);
4435 cur_offset++;
4436
4437 switch (address_family) {
4438 case IP_VERSION_NUM_INET:
4439 proto_tree_add_item(rr_tree, hf_dns_xpf_protocol, tvb, cur_offset, 1, ENC_BIG_ENDIAN);
4440 cur_offset++;
4441 proto_tree_add_item(rr_tree, hf_dns_xpf_source_ipv4, tvb, cur_offset, 4, ENC_BIG_ENDIAN);
4442 cur_offset += 4;
4443 proto_tree_add_item(rr_tree, hf_dns_xpf_destination_ipv4, tvb, cur_offset, 4, ENC_BIG_ENDIAN);
4444 cur_offset += 4;
4445 proto_tree_add_item(rr_tree, hf_dns_xpf_sport, tvb, cur_offset, 2, ENC_BIG_ENDIAN);
4446 cur_offset += 2;
4447 proto_tree_add_item(rr_tree, hf_dns_xpf_dport, tvb, cur_offset, 2, ENC_BIG_ENDIAN);
4448 break;
4449 case IP_VERSION_NUM_INET6:
4450 proto_tree_add_item(rr_tree, hf_dns_xpf_protocol, tvb, cur_offset, 1, ENC_BIG_ENDIAN);
4451 cur_offset++;
4452 proto_tree_add_item(rr_tree, hf_dns_xpf_source_ipv6, tvb, cur_offset, 16, ENC_NA);
4453 cur_offset += 16;
4454 proto_tree_add_item(rr_tree, hf_dns_xpf_destination_ipv6, tvb, cur_offset, 16, ENC_NA);
4455 cur_offset += 16;
4456 proto_tree_add_item(rr_tree, hf_dns_xpf_sport, tvb, cur_offset, 2, ENC_BIG_ENDIAN);
4457 cur_offset += 2;
4458 proto_tree_add_item(rr_tree, hf_dns_xpf_dport, tvb, cur_offset, 2, ENC_BIG_ENDIAN);
4459 break;
4460 default: /* Add Expert info ? */
4461 break;
4462 }
4463 }
4464
4465
4466 break;
4467
4468 /* TODO: parse more record types */
4469 default:
4470 {
4471 expert_add_info_format(pinfo, trr, &ei_dns_undecoded_option,
4472 "Dissector for DNS Type (%d)"
4473 " code not implemented, Contact Wireshark developers"
4474 " if you want this supported", dns_type);
4475 proto_tree_add_item(rr_tree, hf_dns_data, tvb, cur_offset, data_len, ENC_NA);
4476 }
4477 break;
4478 }
4479
4480 data_offset += data_len;
4481
4482 return data_offset - data_start;
4483 }
4484
4485 static int
4486 dissect_query_records(tvbuff_t *tvb, int cur_off, int dns_data_offset,
4487 int count, packet_info *pinfo, proto_tree *dns_tree, bool isupdate,
4488 bool is_mdns, bool *is_multiple_responds)
4489 {
4490 int start_off, add_off;
4491 proto_tree *qatree;
4492 proto_item *ti;
4493 const char *s = (isupdate ? "Zone" : "Queries");
4494
4495 start_off = cur_off;
4496
4497 qatree = proto_tree_add_subtree(dns_tree, tvb, start_off, -1, ett_dns_qry, &ti, s);
4498
4499 while (count-- > 0) {
4500 add_off = dissect_dns_query(tvb, cur_off, dns_data_offset, pinfo, qatree,
4501 is_mdns, is_multiple_responds);
4502 cur_off += add_off;
4503 }
4504 proto_item_set_len(ti, cur_off - start_off);
4505 return cur_off - start_off;
4506 }
4507
4508 static int
4509 dissect_answer_records(tvbuff_t *tvb, int cur_off, int dns_data_offset,
4510 int count, proto_tree *dns_tree, const char *name,
4511 packet_info *pinfo, bool is_mdns, wmem_list_t *answers)
4512 {
4513 int start_off, add_off;
4514 proto_tree *qatree;
4515 proto_item *ti;
4516
4517 start_off = cur_off;
4518 qatree = proto_tree_add_subtree(dns_tree, tvb, start_off, -1, ett_dns_ans, &ti, name);
4519 while (count-- > 0) {
4520 add_off = dissect_dns_answer(
4521 tvb, cur_off, dns_data_offset, qatree, pinfo, is_mdns, answers);
4522 cur_off += add_off;
4523 }
4524 proto_item_set_len(ti, cur_off - start_off);
4525 return cur_off - start_off;
4526 }
4527
4528 static int
4529 dissect_dso_data(tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *dns_tree)
4530 {
4531 proto_tree *dso_tree;
4532 proto_tree *dso_tlv_tree;
4533 proto_item *dso_ti;
4534 proto_item *dso_tlv_ti;
4535 uint16_t dso_tlv_length;
4536 uint32_t dso_tlv_type;
4537 int start_offset;
4538
4539 start_offset = offset;
4540 dso_ti = proto_tree_add_item(dns_tree, hf_dns_dso, tvb, offset, -1, ENC_NA);
4541 dso_tree = proto_item_add_subtree(dso_ti, ett_dns_dso);
4542
4543 while(tvb_reported_length_remaining(tvb, offset) >= 4) {
4544 dso_tlv_length = tvb_get_ntohs(tvb, offset + 2);
4545 dso_tlv_ti = proto_tree_add_item(dso_tree, hf_dns_dso_tlv, tvb, offset, dso_tlv_length + 4, ENC_NA);
4546 dso_tlv_tree = proto_item_add_subtree(dso_tlv_ti, ett_dns_dso_tlv);
4547
4548 proto_tree_add_item_ret_uint(dso_tlv_tree, hf_dns_dso_tlv_type, tvb, offset, 2, ENC_BIG_ENDIAN, &dso_tlv_type);
4549 offset += 2;
4550 proto_item_append_text(dso_tlv_ti, ": %s", rval_to_str_const(dso_tlv_type, dns_dso_type_rvals, "Unknown Type"));
4551
4552 proto_tree_add_item(dso_tlv_tree, hf_dns_dso_tlv_length, tvb, offset, 2, ENC_BIG_ENDIAN);
4553 offset += 2;
4554
4555 switch(dso_tlv_type) {
4556 case DSO_TYPE_KEEPALIVE:
4557 proto_tree_add_item(dso_tlv_tree, hf_dns_dso_tlv_keepalive_inactivity, tvb, offset, 4, ENC_BIG_ENDIAN);
4558 offset += 4;
4559 proto_tree_add_item(dso_tlv_tree, hf_dns_dso_tlv_keepalive_interval, tvb, offset, 4, ENC_BIG_ENDIAN);
4560 offset += 4;
4561 break;
4562 case DSO_TYPE_RETRYDELAY:
4563 proto_tree_add_item(dso_tlv_tree, hf_dns_dso_tlv_retrydelay_retrydelay, tvb, offset, 4, ENC_BIG_ENDIAN);
4564 offset += 4;
4565 break;
4566 case DSO_TYPE_ENCPAD:
4567 if (dso_tlv_length > 0) {
4568 proto_tree_add_item(dso_tlv_tree, hf_dns_dso_tlv_encpad_padding, tvb, offset, dso_tlv_length, ENC_NA);
4569 offset += dso_tlv_length;
4570 }
4571 break;
4572 default:
4573 if (dso_tlv_length > 0) {
4574 proto_tree_add_item(dso_tlv_tree, hf_dns_dso_tlv_data, tvb, offset, dso_tlv_length, ENC_NA);
4575 offset += dso_tlv_length;
4576 }
4577 break;
4578 }
4579 }
4580
4581 proto_item_set_len(dso_ti, offset - start_offset);
4582 return offset - start_offset;
4583 }
4584
4585 static void
4586 dissect_dns_common(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree,
4587 enum DnsTransport transport, bool is_mdns, bool is_llmnr)
4588 {
4589 int offset = (transport == DNS_TRANSPORT_TCP || transport == DNS_TRANSPORT_QUIC) ? 2 : 0;
4590 int dns_data_offset;
4591 proto_tree *dns_tree, *field_tree;
4592 proto_item *ti, *tf, *transaction_item;
4593 uint16_t flags, opcode, rcode, quest, ans, auth, add;
4594 unsigned id;
4595 uint32_t reqresp_id = 0;
4596 int cur_off;
4597 bool isupdate;
4598 conversation_t *conversation;
4599 dns_conv_info_t *dns_info;
4600 dns_transaction_t *dns_trans = NULL;
4601 wmem_tree_key_t key[3];
4602 struct DnsTap *dns_stats;
4603 wmem_list_t *rr_types;
4604 uint16_t qtype = 0;
4605 uint16_t qclass = 0;
4606 bool retransmission = false;
4607 const char *name;
4608 int name_len;
4609 nstime_t delta = NSTIME_INIT_ZERO;
4610 bool is_multiple_responds = false;
4611
4612 dns_data_offset = offset;
4613
4614 col_clear(pinfo->cinfo, COL_INFO);
4615
4616 /* To do: check for errs, etc. */
4617 id = tvb_get_ntohs(tvb, offset + DNS_ID);
4618 flags = tvb_get_ntohs(tvb, offset + DNS_FLAGS);
4619 opcode = (uint16_t) ((flags & F_OPCODE) >> OPCODE_SHIFT);
4620 rcode = (uint16_t) (flags & F_RCODE);
4621
4622 col_append_sep_fstr(pinfo->cinfo, COL_INFO, NULL, "%s%s 0x%04x",
4623 val_to_str(opcode, opcode_vals, "Unknown operation (%u)"),
4624 (flags&F_RESPONSE)?" response":"", id);
4625
4626 if (flags & F_RESPONSE) {
4627 if (rcode != RCODE_NOERROR) {
4628 col_append_fstr(pinfo->cinfo, COL_INFO, " %s",
4629 val_to_str(rcode, rcode_vals, "Unknown error (%u)"));
4630 }
4631 }
4632
4633 if (opcode == OPCODE_UPDATE) {
4634 isupdate = true;
4635 } else {
4636 isupdate = false;
4637 }
4638
4639 if (is_llmnr) {
4640 ti = proto_tree_add_protocol_format(tree, proto_llmnr, tvb, 0, -1,
4641 "Link-local Multicast Name Resolution (%s)", (flags & F_RESPONSE) ? "response" : "query");
4642 } else if (is_mdns){
4643 ti = proto_tree_add_protocol_format(tree, proto_mdns, tvb, 0, -1,
4644 "Multicast Domain Name System (%s)", (flags & F_RESPONSE) ? "response" : "query");
4645 } else {
4646 ti = proto_tree_add_protocol_format(tree, proto_dns, tvb, 0, -1,
4647 "Domain Name System (%s)", (flags & F_RESPONSE) ? "response" : "query");
4648 }
4649
4650 dns_tree = proto_item_add_subtree(ti, ett_dns);
4651
4652 /*
4653 * Do we have a conversation for this connection?
4654 */
4655 conversation = find_or_create_conversation(pinfo);
4656
4657 /*
4658 * DoH: Each DNS query-response pair is mapped into an HTTP exchange.
4659 * For other transports, just use the DNS transaction ID as usual.
4660 */
4661 if (transport == DNS_TRANSPORT_HTTP) {
4662 /* For DoH using HTTP/2, use the Stream ID if available. For HTTP/1,
4663 * hopefully there is no pipelining or the DNS ID is unique enough. */
4664 reqresp_id = http2_get_stream_id(pinfo);
4665 }
4666 if (reqresp_id == 0) {
4667 reqresp_id = id;
4668 }
4669
4670 /*
4671 * Do we already have a state structure for this conv
4672 */
4673 dns_info = (dns_conv_info_t *)conversation_get_proto_data(conversation, proto_dns);
4674 if (!dns_info) {
4675 /* No. Attach that information to the conversation, and add
4676 * it to the list of information structures.
4677 */
4678 dns_info = wmem_new(wmem_file_scope(), dns_conv_info_t);
4679 dns_info->pdus=wmem_tree_new(wmem_file_scope());
4680 conversation_add_proto_data(conversation, proto_dns, dns_info);
4681 }
4682
4683 key[0].length = 1;
4684 key[0].key = &reqresp_id;
4685 key[1].length = 1;
4686 key[1].key = &pinfo->num;
4687 key[2].length = 0;
4688 key[2].key = NULL;
4689
4690 if (!pinfo->flags.in_error_pkt) {
4691 if (!pinfo->fd->visited) {
4692 if (!(flags&F_RESPONSE)) {
4693 /* This is a request */
4694 bool new_transaction = false;
4695
4696 /* Check if we've seen this transaction before */
4697 dns_trans=(dns_transaction_t *)wmem_tree_lookup32_array_le(dns_info->pdus, key);
4698 if ((dns_trans == NULL) || (dns_trans->id != reqresp_id) || (dns_trans->rep_frame > 0)) {
4699 new_transaction = true;
4700 } else {
4701 nstime_t request_delta;
4702
4703 /* Has not enough time elapsed that we consider this request a retransmission? */
4704 nstime_delta(&request_delta, &pinfo->abs_ts, &dns_trans->req_time);
4705 if (nstime_to_sec(&request_delta) < (double)retransmission_timer) {
4706 retransmission = true;
4707 } else {
4708 new_transaction = true;
4709 }
4710 }
4711
4712 if (new_transaction) {
4713 dns_trans=wmem_new(wmem_file_scope(), dns_transaction_t);
4714 dns_trans->req_frame=pinfo->num;
4715 dns_trans->rep_frame=0;
4716 dns_trans->req_time=pinfo->abs_ts;
4717 dns_trans->id = reqresp_id;
4718 dns_trans->multiple_responds=false;
4719 wmem_tree_insert32_array(dns_info->pdus, key, (void *)dns_trans);
4720 }
4721 } else {
4722 dns_trans=(dns_transaction_t *)wmem_tree_lookup32_array_le(dns_info->pdus, key);
4723 if (dns_trans) {
4724 if (dns_trans->id != reqresp_id) {
4725 dns_trans = NULL;
4726 } else if (dns_trans->rep_frame == 0) {
4727 dns_trans->rep_frame=pinfo->num;
4728 } else if (!dns_trans->multiple_responds) {
4729 retransmission = true;
4730 }
4731 }
4732 }
4733 } else {
4734 dns_trans=(dns_transaction_t *)wmem_tree_lookup32_array_le(dns_info->pdus, key);
4735 if (dns_trans) {
4736 if (dns_trans->id != reqresp_id) {
4737 dns_trans = NULL;
4738 } else if ((!(flags & F_RESPONSE)) && (dns_trans->req_frame != pinfo->num)) {
4739 /* This is a request retransmission, create a "fake" dns_trans structure*/
4740 dns_transaction_t *retrans_dns = wmem_new(pinfo->pool, dns_transaction_t);
4741 retrans_dns->req_frame=dns_trans->req_frame;
4742 retrans_dns->rep_frame=0;
4743 retrans_dns->req_time=pinfo->abs_ts;
4744 dns_trans = retrans_dns;
4745
4746 retransmission = true;
4747 } else if ((flags & F_RESPONSE) && (dns_trans->rep_frame != pinfo->num) && (!dns_trans->multiple_responds)) {
4748 retransmission = true;
4749 }
4750 }
4751 }
4752 }
4753 if (!dns_trans) {
4754 /* create a "fake" dns_trans structure */
4755 dns_trans=wmem_new(pinfo->pool, dns_transaction_t);
4756 dns_trans->req_frame=0;
4757 dns_trans->rep_frame=0;
4758 dns_trans->req_time=pinfo->abs_ts;
4759 }
4760
4761 if (transport == DNS_TRANSPORT_TCP) {
4762 /* Put the length indication into the tree. */
4763 proto_tree_add_item(dns_tree, hf_dns_length, tvb, offset - 2, 2, ENC_BIG_ENDIAN);
4764 }
4765
4766 transaction_item = proto_tree_add_uint(dns_tree, hf_dns_transaction_id, tvb,
4767 offset + DNS_ID, 2, id);
4768
4769 tf = proto_tree_add_item(dns_tree, hf_dns_flags, tvb,
4770 offset + DNS_FLAGS, 2, ENC_BIG_ENDIAN);
4771 proto_item_append_text(tf, " %s",
4772 val_to_str_const(opcode, opcode_vals, "Unknown operation"));
4773 if (flags & F_RESPONSE) {
4774 proto_item_append_text(tf, " response, %s",
4775 val_to_str_const(rcode, rcode_vals, "Unknown error"));
4776 }
4777 field_tree = proto_item_add_subtree(tf, ett_dns_flags);
4778 proto_tree_add_item(field_tree, hf_dns_flags_response,
4779 tvb, offset + DNS_FLAGS, 2, ENC_BIG_ENDIAN);
4780 proto_tree_add_item(field_tree, hf_dns_flags_opcode,
4781 tvb, offset + DNS_FLAGS, 2, ENC_BIG_ENDIAN);
4782 if (is_llmnr) {
4783 if (flags & F_RESPONSE) {
4784 proto_tree_add_item(field_tree, hf_dns_flags_conflict_response,
4785 tvb, offset + DNS_FLAGS, 2, ENC_BIG_ENDIAN);
4786 } else {
4787 proto_tree_add_item(field_tree, hf_dns_flags_conflict_query,
4788 tvb, offset + DNS_FLAGS, 2, ENC_BIG_ENDIAN);
4789 }
4790 proto_tree_add_item(field_tree, hf_dns_flags_truncated,
4791 tvb, offset + DNS_FLAGS, 2, ENC_BIG_ENDIAN);
4792 proto_tree_add_item(field_tree, hf_dns_flags_tentative,
4793 tvb, offset + DNS_FLAGS, 2, ENC_BIG_ENDIAN);
4794 if (flags & F_RESPONSE) {
4795 proto_tree_add_item(field_tree, hf_dns_flags_rcode,
4796 tvb, offset + DNS_FLAGS, 2, ENC_BIG_ENDIAN);
4797 }
4798 } else {
4799 if (flags & F_RESPONSE) {
4800 proto_tree_add_item(field_tree, hf_dns_flags_authoritative,
4801 tvb, offset + DNS_FLAGS, 2, ENC_BIG_ENDIAN);
4802 }
4803 proto_tree_add_item(field_tree, hf_dns_flags_truncated,
4804 tvb, offset + DNS_FLAGS, 2, ENC_BIG_ENDIAN);
4805 proto_tree_add_item(field_tree, hf_dns_flags_recdesired,
4806 tvb, offset + DNS_FLAGS, 2, ENC_BIG_ENDIAN);
4807 if (flags & F_RESPONSE) {
4808 proto_tree_add_item(field_tree, hf_dns_flags_recavail,
4809 tvb, offset + DNS_FLAGS, 2, ENC_BIG_ENDIAN);
4810 }
4811 proto_tree_add_item(field_tree, hf_dns_flags_z,
4812 tvb, offset + DNS_FLAGS, 2, ENC_BIG_ENDIAN);
4813 if (flags & F_RESPONSE) {
4814 proto_tree_add_item(field_tree, hf_dns_flags_authenticated,
4815 tvb, offset + DNS_FLAGS, 2, ENC_BIG_ENDIAN);
4816 } else if (flags & F_AUTHENTIC) {
4817 proto_tree_add_item(field_tree, hf_dns_flags_ad,
4818 tvb, offset + DNS_FLAGS, 2, ENC_BIG_ENDIAN);
4819 }
4820 proto_tree_add_item(field_tree, hf_dns_flags_checkdisable,
4821 tvb, offset + DNS_FLAGS, 2, ENC_BIG_ENDIAN);
4822 if (flags & F_RESPONSE) {
4823 proto_tree_add_item(field_tree, hf_dns_flags_rcode,
4824 tvb, offset + DNS_FLAGS, 2, ENC_BIG_ENDIAN);
4825 }
4826 }
4827
4828 quest = tvb_get_ntohs(tvb, offset + DNS_QUEST);
4829 if (isupdate) {
4830 proto_tree_add_uint(dns_tree, hf_dns_count_zones, tvb,
4831 offset + DNS_QUEST, 2, quest);
4832 } else {
4833 proto_tree_add_uint(dns_tree, hf_dns_count_questions, tvb,
4834 offset + DNS_QUEST, 2, quest);
4835 }
4836 ans = tvb_get_ntohs(tvb, offset + DNS_ANS);
4837 if (isupdate) {
4838 proto_tree_add_uint(dns_tree, hf_dns_count_prerequisites, tvb,
4839 offset + DNS_ANS, 2, ans);
4840 } else {
4841 proto_tree_add_uint(dns_tree, hf_dns_count_answers, tvb,
4842 offset + DNS_ANS, 2, ans);
4843 }
4844 auth = tvb_get_ntohs(tvb, offset + DNS_AUTH);
4845 if (isupdate) {
4846 proto_tree_add_uint(dns_tree, hf_dns_count_updates, tvb,
4847 offset + DNS_AUTH, 2, auth);
4848 } else {
4849 proto_tree_add_uint(dns_tree, hf_dns_count_auth_rr, tvb,
4850 offset + DNS_AUTH, 2, auth);
4851 }
4852 add = tvb_get_ntohs(tvb, offset + DNS_ADD);
4853 proto_tree_add_uint(dns_tree, hf_dns_count_add_rr, tvb,
4854 offset + DNS_ADD, 2, add);
4855
4856 cur_off = offset + DNS_HDRLEN;
4857
4858 if (opcode == OPCODE_DSO && quest == 0 && ans == 0 && auth == 0 && add == 0) {
4859 /* DSO messages differs somewhat from the traditional DNS message format.
4860 the four count fields (QDCOUNT, ANCOUNT, NSCOUNT, ARCOUNT) are set to zero */
4861 cur_off += dissect_dso_data(tvb, cur_off, pinfo, dns_tree);
4862 }
4863
4864 rr_types = wmem_list_new(pinfo->pool);
4865
4866 if (quest > 0) {
4867 /* If this is a response, don't add information about the queries
4868 to the summary, just add information about the answers. */
4869 cur_off += dissect_query_records(tvb, cur_off, dns_data_offset, quest, pinfo,
4870 dns_tree, isupdate, is_mdns, &is_multiple_responds);
4871 dns_trans->multiple_responds = is_multiple_responds;
4872 }
4873
4874 if (ans > 0) {
4875 // set answer array and its index
4876 p_dns_qr_r_rx_ttls = dns_qr_r_ra_ttls;
4877 p_dns_qr_r_rx_ttl_index = &dns_qr_r_ra_ttl_index;
4878 /* If this is a request, don't add information about the answers
4879 to the summary, just add information about the queries. */
4880 cur_off += dissect_answer_records(tvb, cur_off, dns_data_offset, ans,
4881 dns_tree,
4882 (isupdate ? "Prerequisites" : "Answers"),
4883 pinfo, is_mdns, rr_types);
4884 }
4885
4886 /* Don't add information about the authoritative name servers, or the
4887 additional records, to the summary. */
4888 if (auth > 0) {
4889 // set authority array and its index
4890 p_dns_qr_r_rx_ttls = dns_qr_r_ru_ttls;
4891 p_dns_qr_r_rx_ttl_index = &dns_qr_r_ru_ttl_index;
4892 cur_off += dissect_answer_records(tvb, cur_off, dns_data_offset, auth, dns_tree,
4893 (isupdate ? "Updates" :
4894 "Authoritative nameservers"),
4895 pinfo, is_mdns, rr_types);
4896 }
4897
4898 if (add > 0) {
4899 // set additional array and its index
4900 p_dns_qr_r_rx_ttls = dns_qr_r_rd_ttls;
4901 p_dns_qr_r_rx_ttl_index = &dns_qr_r_rd_ttl_index;
4902 cur_off += dissect_answer_records(tvb, cur_off, dns_data_offset, add, dns_tree, "Additional records",
4903 pinfo, is_mdns, rr_types);
4904 }
4905 col_set_fence(pinfo->cinfo, COL_INFO);
4906
4907 /* print state tracking in the tree */
4908 if (!(flags&F_RESPONSE)) {
4909 proto_item *it;
4910 /* This is a request */
4911 if ((retransmission) && (dns_trans->req_frame) && (!pinfo->flags.in_error_pkt)) {
4912 expert_add_info_format(pinfo, transaction_item, &ei_dns_retransmit_request, "DNS query retransmission. Original request in frame %d", dns_trans->req_frame);
4913
4914 it=proto_tree_add_uint(dns_tree, hf_dns_retransmit_request_in, tvb, 0, 0, dns_trans->req_frame);
4915 proto_item_set_generated(it);
4916
4917 it=proto_tree_add_boolean(dns_tree, hf_dns_retransmission, tvb, 0, 0, true);
4918 proto_item_set_generated(it);
4919 } else if (dns_trans->rep_frame) {
4920
4921 it=proto_tree_add_uint(dns_tree, hf_dns_response_in, tvb, 0, 0, dns_trans->rep_frame);
4922 proto_item_set_generated(it);
4923 } else if PINFO_FD_VISITED(pinfo) {
4924 expert_add_info(pinfo, transaction_item, &ei_dns_response_missing);
4925 }
4926 } else {
4927 /* This is a reply */
4928 proto_item *it;
4929 if (dns_trans->req_frame) {
4930 if ((retransmission) && (dns_trans->rep_frame) && (!pinfo->flags.in_error_pkt)) {
4931 expert_add_info_format(pinfo, transaction_item, &ei_dns_retransmit_response, "DNS response retransmission. Original response in frame %d", dns_trans->rep_frame);
4932
4933 it=proto_tree_add_uint(dns_tree, hf_dns_retransmit_response_in, tvb, 0, 0, dns_trans->rep_frame);
4934 proto_item_set_generated(it);
4935
4936 it=proto_tree_add_boolean(dns_tree, hf_dns_retransmission, tvb, 0, 0, true);
4937 proto_item_set_generated(it);
4938 } else {
4939 it=proto_tree_add_uint(dns_tree, hf_dns_response_to, tvb, 0, 0, dns_trans->req_frame);
4940 proto_item_set_generated(it);
4941
4942 nstime_delta(&delta, &pinfo->abs_ts, &dns_trans->req_time);
4943 it=proto_tree_add_time(dns_tree, hf_dns_time, tvb, 0, 0, &delta);
4944 proto_item_set_generated(it);
4945 }
4946 } else {
4947 if (!retransmission) {
4948 it=proto_tree_add_boolean(dns_tree, hf_dns_unsolicited, tvb, 0, 0, true);
4949 proto_item_set_generated(it);
4950 }
4951 }
4952 }
4953
4954 /* Do we have any extraneous data? */
4955 int extraneous_length = tvb_reported_length_remaining(tvb, cur_off);
4956 if(extraneous_length > 0) {
4957 proto_tree *ext_tree;
4958 proto_item *it;
4959
4960 ext_tree = proto_tree_add_subtree_format(dns_tree, tvb, cur_off, extraneous_length,
4961 ett_dns_extraneous, &it, "Extraneous Data (%d bytes)", extraneous_length);
4962
4963 proto_tree_add_item(ext_tree, hf_dns_extraneous_data, tvb, cur_off, extraneous_length, ENC_NA);
4964
4965 it = proto_tree_add_int(ext_tree, hf_dns_extraneous_length, tvb, 0, 0, extraneous_length);
4966 proto_item_set_generated(it);
4967
4968 it = proto_tree_add_expert(ext_tree, pinfo, &ei_dns_extraneous_data, tvb, cur_off, extraneous_length);
4969 proto_item_set_hidden(it);
4970 }
4971
4972 /* Collect stats */
4973 if (pinfo->flags.in_error_pkt) {
4974 return;
4975 }
4976 if (is_mdns) {
4977 /* TODO */
4978 } else if (is_llmnr) {
4979 /* TODO */
4980 } else {
4981 dns_stats = wmem_new0(pinfo->pool, struct DnsTap);
4982 dns_stats->packet_rcode = rcode;
4983 dns_stats->packet_opcode = opcode;
4984 dns_stats->packet_qr = flags >> 15;
4985 if (quest > 0) {
4986 get_dns_name_type_class(tvb, offset + DNS_HDRLEN, dns_data_offset, &name, &name_len, &qtype, &qclass);
4987 dns_stats->packet_qtype = qtype;
4988 dns_stats->packet_qclass = qclass;
4989 }
4990 dns_stats->payload_size = tvb_captured_length(tvb);
4991 dns_stats->nquestions = quest;
4992 dns_stats->nanswers = ans;
4993 dns_stats->nauthorities = auth;
4994 dns_stats->nadditionals = add;
4995 if (quest > 0) {
4996 dns_stats->qname_len = name_len;
4997 dns_stats->qname_labels = qname_labels_count(name, name_len);
4998 dns_stats->qname = format_text(pinfo->pool, (const unsigned char *)name, name_len);
4999 // split into host and domain
5000 qname_host_and_domain(dns_stats->qname, name_len, dns_stats->qhost, dns_stats->qdomain);
5001 // queries could also be retransmitted
5002 if (retransmission) {
5003 dns_stats->retransmission = true;
5004 }
5005 }
5006 if (flags & F_RESPONSE) {
5007 if (dns_trans->req_frame == 0) {
5008 /* we don't have a request. This is an unsolicited response */
5009 dns_stats->unsolicited = true;
5010 } else {
5011 if (retransmission)
5012 dns_stats->retransmission = true;
5013 else
5014 dns_stats->rrt = delta;
5015 }
5016 }
5017 dns_stats->rr_types = rr_types;
5018 // storing ip (for "from" category in query and response)
5019 if (pinfo->src.type == AT_IPv4) {
5020 ip_addr_to_str_buf(pinfo->src.data, dns_stats->source, sizeof(dns_stats->source));
5021 }
5022 else if (pinfo->src.type == AT_IPv6) {
5023 ip6_to_str_buf(pinfo->src.data, dns_stats->source, sizeof(dns_stats->source));
5024 }
5025 else {
5026 ws_label_strcpy(dns_stats->source, sizeof(dns_stats->source), 0, "n/a",0);
5027 }
5028 // resetting to zero for the next response
5029 dns_qr_r_ra_ttl_index = 0;
5030 dns_qr_r_ru_ttl_index = 0;
5031 dns_qr_r_rd_ttl_index = 0;
5032 tap_queue_packet(dns_tap, pinfo, dns_stats);
5033 }
5034 }
5035
5036 static int
5037 dissect_dns_udp_sctp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _U_)
5038 {
5039 col_set_str(pinfo->cinfo, COL_PROTOCOL, "DNS");
5040
5041 dissect_dns_common(tvb, pinfo, tree, DNS_TRANSPORT_UDP, false, false);
5042 return tvb_captured_length(tvb);
5043 }
5044
5045 static int
5046 dissect_dns_doh(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _U_)
5047 {
5048 col_set_str(pinfo->cinfo, COL_PROTOCOL, "DoH");
5049
5050 dissect_dns_common(tvb, pinfo, tree, DNS_TRANSPORT_HTTP, false, false);
5051 return tvb_captured_length(tvb);
5052 }
5053
5054 static int
5055 dissect_dns_doq(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _U_)
5056 {
5057 col_set_str(pinfo->cinfo, COL_PROTOCOL, "DNS");
5058
5059 dissect_dns_common(tvb, pinfo, tree, DNS_TRANSPORT_QUIC, false, false);
5060 return tvb_captured_length(tvb);
5061 }
5062
5063 static int
5064 dissect_mdns_udp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _U_)
5065 {
5066 col_set_str(pinfo->cinfo, COL_PROTOCOL, "MDNS");
5067
5068 dissect_dns_common(tvb, pinfo, tree, DNS_TRANSPORT_UDP, true, false);
5069 return tvb_captured_length(tvb);
5070 }
5071
5072 static int
5073 dissect_llmnr_udp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _U_)
5074 {
5075 col_set_str(pinfo->cinfo, COL_PROTOCOL, "LLMNR");
5076
5077 dissect_dns_common(tvb, pinfo, tree, DNS_TRANSPORT_UDP, false, true);
5078 return tvb_captured_length(tvb);
5079 }
5080
5081 static unsigned
5082 get_dns_pdu_len(packet_info *pinfo _U_, tvbuff_t *tvb, int offset, void *data _U_)
5083 {
5084 uint16_t plen;
5085
5086 /*
5087 * Get the length of the DNS packet.
5088 */
5089 plen = tvb_get_ntohs(tvb, offset);
5090
5091 /*
5092 * That length doesn't include the length field itself; add that in.
5093 */
5094 return plen + 2;
5095 }
5096
5097 static int
5098 dissect_dns_tcp_pdu(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _U_)
5099 {
5100 col_set_str(pinfo->cinfo, COL_PROTOCOL, "DNS");
5101
5102 dissect_dns_common(tvb, pinfo, tree, DNS_TRANSPORT_TCP, false, false);
5103 return tvb_reported_length(tvb);
5104 }
5105
5106 static int
5107 dissect_dns_tcp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data)
5108 {
5109 tcp_dissect_pdus(tvb, pinfo, tree, dns_desegment, 2, get_dns_pdu_len,
5110 dissect_dns_tcp_pdu, data);
5111 return tvb_reported_length(tvb);
5112 }
5113
5114 static int
5115 dissect_dns(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data)
5116 {
5117 /* since draft-ietf-doh-dns-over-https-07 */
5118 bool is_doh = !g_strcmp0(pinfo->match_string, "application/dns-message");
5119
5120 if (is_doh) {
5121 return dissect_dns_doh(tvb, pinfo, tree, data);
5122 } else if (pinfo->ptype == PT_TCP) {
5123 return dissect_dns_tcp(tvb, pinfo, tree, data);
5124 } else {
5125 dissect_dns_udp_sctp(tvb, pinfo, tree, data);
5126 return tvb_captured_length(tvb);
5127 }
5128 }
5129
5130 static bool
5131 dissect_dns_heur(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data _U_)
5132 {
5133 /*
5134 * Try hard to match DNS messages while avoiding false positives. Look for:
5135 *
5136 * - Non-empty DNS messages (more than just a header).
5137 * - Flags: QR bit (0-Query, 1-Response); Opcode bits: Standard Query (0000)
5138 * - Questions: 1 (for queries), or 0 or 1 (for responses like AXFR)
5139 * - Answer RRs: 0 (for queries) or a low number (for responses)
5140 * - Authority RRs: 0 (for queries) or a low number (for responses)
5141 * - Additional RRs: assume a low number.
5142 * - Require that the question and answer count cannot both be zero. Perhaps
5143 * some protocols have large sequences of zero bytes, this check reduces the
5144 * probability of matching such payloads.
5145 * - Check that the packet is long enough to carry the Questions and RRs.
5146 *
5147 * Not implemented, but perhaps we could check for:
5148 * - Assume a valid QNAME in the question section. (Is there sufficient data
5149 * for a valid name?)
5150 * - Assume a common QTYPE and QCLASS (IN/CH).
5151 * - Potentially implement heuristics for TCP by checking the length prefix?
5152 */
5153 int offset = 0;
5154 uint16_t flags, quest, ans, auth, add;
5155 /*
5156 * max_ans=10 was sufficient for recognizing the majority of DNS messages from
5157 * the rrdns test suite, but four "huge record" test cases have 100 answers.
5158 * The max_auth and max_add numbers were picked arbitrarily.
5159 */
5160 const uint16_t max_ans = 100;
5161 const uint16_t max_auth = 10;
5162 const uint16_t max_add = 10;
5163
5164 if (tvb_reported_length(tvb) <= DNS_HDRLEN)
5165 return false;
5166
5167 flags = tvb_get_ntohs(tvb, offset + DNS_FLAGS);
5168 if ((flags & F_OPCODE) != 0)
5169 return false;
5170
5171 quest = tvb_get_ntohs(tvb, offset + DNS_QUEST);
5172 ans = tvb_get_ntohs(tvb, offset + DNS_ANS);
5173 auth = tvb_get_ntohs(tvb, offset + DNS_AUTH);
5174 if (!(flags & F_RESPONSE)) {
5175 if (quest != 1 || ans != 0 || auth != 0)
5176 return false;
5177 } else {
5178 if (quest > 1 || ans > max_ans || auth > max_auth)
5179 return false;
5180 }
5181
5182 add = tvb_get_ntohs(tvb, offset + DNS_ADD);
5183 if (add > max_add)
5184 return false;
5185
5186 if (quest + ans == 0)
5187 return false;
5188
5189 /* Do we even have enough space left? */
5190 if ( (quest * 6 + (ans + auth + add) * 11) > tvb_reported_length_remaining(tvb, offset + DNS_HDRLEN))
5191 return false;
5192
5193 dissect_dns(tvb, pinfo, tree, NULL);
5194 return true;
5195 }
5196
5197 static void dns_stats_tree_init(stats_tree* st)
5198 {
5199 stats_tree_create_node(st, st_str_packets, 0, STAT_DT_INT, true);
5200 stat_node_set_flags(st, st_str_packets, 0, false, ST_FLG_SORT_TOP);
5201 st_node_packet_qr = stats_tree_create_pivot(st, st_str_packet_qr, 0);
5202 st_node_packet_qtypes = stats_tree_create_pivot(st, st_str_packet_qtypes, 0);
5203 st_node_rr_types = stats_tree_create_pivot(st, st_str_rr_types, 0);
5204 st_node_packet_qnames = stats_tree_create_pivot(st, st_str_packet_qnames, 0);
5205 st_node_packet_qclasses = stats_tree_create_pivot(st, st_str_packet_qclasses, 0);
5206 st_node_packet_rcodes = stats_tree_create_pivot(st, st_str_packet_rcodes, 0);
5207 st_node_packet_opcodes = stats_tree_create_pivot(st, st_str_packet_opcodes, 0);
5208 st_node_packets_avg_size = stats_tree_create_node(st, st_str_packets_avg_size, 0, STAT_DT_INT, false);
5209 st_node_query_stats = stats_tree_create_node(st, st_str_query_stats, 0, STAT_DT_INT, true);
5210 st_node_query_qname_len = stats_tree_create_node(st, st_str_query_qname_len, st_node_query_stats, STAT_DT_INT, false);
5211 st_node_query_domains = stats_tree_create_node(st, st_str_query_domains, st_node_query_stats, STAT_DT_INT, true);
5212 st_node_query_domains_l1 = stats_tree_create_node(st, st_str_query_domains_l1, st_node_query_domains, STAT_DT_INT, false);
5213 st_node_query_domains_l2 = stats_tree_create_node(st, st_str_query_domains_l2, st_node_query_domains, STAT_DT_INT, false);
5214 st_node_query_domains_l3 = stats_tree_create_node(st, st_str_query_domains_l3, st_node_query_domains, STAT_DT_INT, false);
5215 st_node_query_domains_lmore = stats_tree_create_node(st, st_str_query_domains_lmore, st_node_query_domains, STAT_DT_INT, false);
5216 st_node_response_stats = stats_tree_create_node(st, st_str_response_stats, 0, STAT_DT_INT, true);
5217 st_node_response_nquestions = stats_tree_create_node(st, st_str_response_nquestions,
5218 st_node_response_stats, STAT_DT_INT, false);
5219 st_node_response_nanswers = stats_tree_create_node(st, st_str_response_nanswers,
5220 st_node_response_stats, STAT_DT_INT, false);
5221 st_node_response_nauthorities = stats_tree_create_node(st, st_str_response_nauthorities,
5222 st_node_response_stats, STAT_DT_INT, false);
5223 st_node_response_nadditionals = stats_tree_create_node(st, st_str_response_nadditionals,
5224 st_node_response_stats, STAT_DT_INT, false);
5225 st_node_service_stats = stats_tree_create_node(st, st_str_service_stats, 0, STAT_DT_INT, true);
5226 st_node_service_unsolicited = stats_tree_create_node(st, st_str_service_unsolicited, st_node_service_stats, STAT_DT_INT, false);
5227 st_node_service_retransmission = stats_tree_create_node(st, st_str_service_retransmission, st_node_service_stats, STAT_DT_INT, false);
5228 st_node_service_rrt = stats_tree_create_node(st, st_str_service_rrt, st_node_service_stats, STAT_DT_FLOAT, false);
5229 }
5230
5231 static tap_packet_status dns_stats_tree_packet(stats_tree* st, packet_info* pinfo _U_, epan_dissect_t* edt _U_, const void* p, tap_flags_t flags _U_)
5232 {
5233 const struct DnsTap *pi = (const struct DnsTap *)p;
5234 tick_stat_node(st, st_str_packets, 0, false);
5235 stats_tree_tick_pivot(st, st_node_packet_qr,
5236 val_to_str(pi->packet_qr, dns_qr_vals, "Unknown qr (%d)"));
5237 stats_tree_tick_pivot(st, st_node_packet_qtypes,
5238 val_to_str(pi->packet_qtype, dns_types_vals, "Unknown packet type (%d)"));
5239 if (dns_qname_stats) {
5240 stats_tree_tick_pivot(st, st_node_packet_qnames, pi->qname);
5241 }
5242 stats_tree_tick_pivot(st, st_node_packet_qclasses,
5243 val_to_str(pi->packet_qclass, dns_classes, "Unknown class (%d)"));
5244 stats_tree_tick_pivot(st, st_node_packet_rcodes,
5245 val_to_str(pi->packet_rcode, rcode_vals, "Unknown rcode (%d)"));
5246 stats_tree_tick_pivot(st, st_node_packet_opcodes,
5247 val_to_str(pi->packet_opcode, opcode_vals, "Unknown opcode (%d)"));
5248 avg_stat_node_add_value_int(st, st_str_packets_avg_size, 0, false,
5249 pi->payload_size);
5250
5251 /* split up stats for queries and responses */
5252 if (pi->packet_qr == 0) {
5253 avg_stat_node_add_value_int(st, st_str_query_qname_len, 0, false, pi->qname_len);
5254 switch(pi->qname_labels) {
5255 case 1:
5256 tick_stat_node(st, st_str_query_domains_l1, 0, false);
5257 break;
5258 case 2:
5259 tick_stat_node(st, st_str_query_domains_l2, 0, false);
5260 break;
5261 case 3:
5262 tick_stat_node(st, st_str_query_domains_l3, 0, false);
5263 break;
5264 default:
5265 tick_stat_node(st, st_str_query_domains_lmore, 0, false);
5266 break;
5267 }
5268 } else {
5269 avg_stat_node_add_value_int(st, st_str_response_nquestions, 0, false, pi->nquestions);
5270 avg_stat_node_add_value_int(st, st_str_response_nanswers, 0, false, pi->nanswers);
5271 avg_stat_node_add_value_int(st, st_str_response_nauthorities, 0, false, pi->nauthorities);
5272 avg_stat_node_add_value_int(st, st_str_response_nadditionals, 0, false, pi->nadditionals);
5273
5274 /* add answer types to stats */
5275 for (wmem_list_frame_t *type_entry = wmem_list_head(pi->rr_types); type_entry != NULL; type_entry = wmem_list_frame_next(type_entry)) {
5276 int qtype_val = GPOINTER_TO_INT(wmem_list_frame_data(type_entry));
5277 stats_tree_tick_pivot(st, st_node_rr_types,
5278 val_to_str(qtype_val, dns_types_vals, "Unknown packet type (%d)"));
5279 }
5280
5281 if (pi->unsolicited) {
5282 tick_stat_node(st, st_str_service_unsolicited, 0, false);
5283 } else {
5284 avg_stat_node_add_value_int(st, st_str_response_nquestions, 0, false, pi->nquestions);
5285 avg_stat_node_add_value_int(st, st_str_response_nanswers, 0, false, pi->nanswers);
5286 avg_stat_node_add_value_int(st, st_str_response_nauthorities, 0, false, pi->nauthorities);
5287 avg_stat_node_add_value_int(st, st_str_response_nadditionals, 0, false, pi->nadditionals);
5288 if (pi->unsolicited) {
5289 tick_stat_node(st, st_str_service_unsolicited, 0, false);
5290 } else {
5291 if (pi->retransmission)
5292 tick_stat_node(st, st_str_service_retransmission, 0, false);
5293 else
5294 avg_stat_node_add_value_float(st, st_str_service_rrt, 0, false, (float)(pi->rrt.secs*1000. + pi->rrt.nsecs/1000000.0));
5295 }
5296 }
5297 }
5298 return TAP_PACKET_REDRAW;
5299 }
5300
5301 static void dns_qr_stats_tree_init(stats_tree* st)
5302 {
5303 dns_qr_statistics_enabled = prefs_get_bool_value(perf_qr_enable_statistics, pref_current);
5304 dns_qr_qrn_statistics_enabled = prefs_get_bool_value(perf_qr_qrn_enable_statistics, pref_current);
5305 dns_qr_qrn_aud_zv_statistics_enabled = prefs_get_bool_value(perf_qr_qrn_aud_zv_enable_statistics, pref_current);
5306
5307 if (!dns_qr_statistics_enabled) {
5308 return;
5309 }
5310
5311 // t = Total
5312 if (dns_qr_t_statistics_enabled) {
5313 st_node_qr_t_packets = stats_tree_create_node(st, st_str_qr_t_packets, 0, STAT_DT_INT, true);
5314 }
5315
5316 // q = Query
5317 if (dns_qr_q_statistics_enabled) {
5318 st_node_qr_q_packets = stats_tree_create_node(st, st_str_qr_q_packets, 0, STAT_DT_INT, true);
5319
5320 // qf = Query-From
5321 if (dns_qr_qf_statistics_enabled) {
5322 st_node_qr_qf_packets = stats_tree_create_pivot(st, st_str_qr_qf_packets, st_node_qr_q_packets);
5323 }
5324
5325 // qo = Query-Opcode
5326 if (dns_qr_qo_statistics_enabled) {
5327 st_node_qr_qo_packets = stats_tree_create_pivot(st, st_str_qr_qo_packets, st_node_qr_q_packets);
5328 }
5329
5330 // qk = Query-Kind
5331 if (dns_qr_qk_statistics_enabled) {
5332 st_node_qr_qk_packets = stats_tree_create_pivot(st, st_str_qr_qk_packets, st_node_qr_q_packets);
5333 }
5334
5335 // qt = Query-Type
5336 if (dns_qr_qt_statistics_enabled) {
5337 st_node_qr_qt_packets = stats_tree_create_pivot(st, st_str_qr_qt_packets, st_node_qr_q_packets);
5338 }
5339
5340 // ql = Query-Label
5341 if (dns_qr_ql_statistics_enabled) {
5342 st_node_qr_ql_packets = stats_tree_create_pivot(st, st_str_qr_ql_packets, st_node_qr_q_packets);
5343 }
5344
5345 // qp = Query-Payload
5346 if (dns_qr_qp_statistics_enabled) {
5347 st_node_qr_qp_packets = stats_tree_create_pivot(st, st_str_qr_qp_packets, st_node_qr_q_packets);
5348 }
5349
5350 // qs = Query-Servicing
5351 if (dns_qr_qs_statistics_enabled) {
5352 st_node_qr_qs_packets = stats_tree_create_node(st, st_str_qr_qs_packets, st_node_qr_q_packets, STAT_DT_INT, true);
5353
5354 // qs_a = Answered (ms)
5355 if (dns_qr_qs_a_statistics_enabled) {
5356 st_node_qr_qs_a_packets = stats_tree_create_node(st, st_str_qr_qs_a_packets, st_node_qr_qs_packets, STAT_DT_FLOAT, true);
5357 }
5358
5359 // qs_u = Unanswered
5360 if (dns_qr_qs_u_statistics_enabled) {
5361 st_node_qr_qs_u_packets = stats_tree_create_pivot(st, st_str_qr_qs_u_packets, st_node_qr_qs_packets);
5362 }
5363
5364 // qs_r = Retransmission
5365 if (dns_qr_qs_r_statistics_enabled) {
5366 st_node_qr_qs_r_packets = stats_tree_create_pivot(st, st_str_qr_qs_r_packets, st_node_qr_qs_packets);
5367 }
5368 }
5369 }
5370
5371 // r = Response
5372 if (dns_qr_r_statistics_enabled) {
5373 st_node_qr_r_packets = stats_tree_create_node(st, st_str_qr_r_packets, 0, STAT_DT_INT, true);
5374
5375 // rf = Response-From
5376 if (dns_qr_rf_statistics_enabled) {
5377 st_node_qr_rf_packets = stats_tree_create_pivot(st, st_str_qr_rf_packets, st_node_qr_r_packets);
5378 }
5379
5380 // rc = Response-Code
5381 if (dns_qr_rc_statistics_enabled) {
5382 st_node_qr_rc_packets = stats_tree_create_pivot(st, st_str_qr_rc_packets, st_node_qr_r_packets);
5383 }
5384
5385 // rk = Response-Kind
5386 if (dns_qr_rk_statistics_enabled) {
5387 st_node_qr_rk_packets = stats_tree_create_pivot(st, st_str_qr_rk_packets, st_node_qr_r_packets);
5388 }
5389
5390 // ra = Response-Answer
5391 if (dns_qr_ra_statistics_enabled) {
5392 st_node_qr_ra_packets = stats_tree_create_pivot(st, st_str_qr_ra_packets, st_node_qr_r_packets);
5393 }
5394
5395 // ru = Response-aUthority
5396 if (dns_qr_ru_statistics_enabled) {
5397 st_node_qr_ru_packets = stats_tree_create_pivot(st, st_str_qr_ru_packets, st_node_qr_r_packets);
5398 }
5399
5400 // ru = Response-aDditional
5401 if (dns_qr_rd_statistics_enabled) {
5402 st_node_qr_rd_packets = stats_tree_create_pivot(st, st_str_qr_rd_packets, st_node_qr_r_packets);
5403 }
5404
5405 // rp = Response-Payload
5406 if (dns_qr_rp_statistics_enabled) {
5407 st_node_qr_rp_packets = stats_tree_create_pivot(st, st_str_qr_rp_packets, st_node_qr_r_packets);
5408 }
5409
5410 // rs = Response-Servicing
5411 if (dns_qr_rs_statistics_enabled) {
5412 st_node_qr_rs_packets = stats_tree_create_node(st, st_str_qr_rs_packets, st_node_qr_r_packets, STAT_DT_INT, true);
5413
5414 // rs_a = Answered (ms)
5415 if (dns_qr_rs_a_statistics_enabled) {
5416 st_node_qr_rs_a_packets = stats_tree_create_node(st, st_str_qr_rs_a_packets, st_node_qr_rs_packets, STAT_DT_FLOAT, true);
5417 }
5418
5419 // rs_n = Unsolicited
5420 if (dns_qr_rs_u_statistics_enabled) {
5421 st_node_qr_rs_u_packets = stats_tree_create_pivot(st, st_str_qr_rs_u_packets, st_node_qr_rs_packets);
5422 }
5423
5424 // rs_r = Retransmission
5425 if (dns_qr_rs_r_statistics_enabled) {
5426 st_node_qr_rs_r_packets = stats_tree_create_pivot(st, st_str_qr_rs_r_packets, st_node_qr_rs_packets);
5427 }
5428 }
5429
5430 // rt = Response-TTL
5431 if (dns_qr_rt_statistics_enabled) {
5432 st_node_qr_rt_packets = stats_tree_create_pivot(st, st_str_qr_rt_packets, st_node_qr_r_packets);
5433
5434 // rt_a = Answer
5435 if (dns_qr_rt_a_statistics_enabled) {
5436 st_node_qr_rt_a_packets = stats_tree_create_pivot(st, st_str_qr_rt_a_packets, st_node_qr_rt_packets);
5437 }
5438
5439 // rt_u = aUthority
5440 if (dns_qr_rt_u_statistics_enabled) {
5441 st_node_qr_rt_u_packets = stats_tree_create_pivot(st, st_str_qr_rt_u_packets, st_node_qr_rt_packets);
5442 }
5443
5444 // rt_d = aDditional
5445 if (dns_qr_rt_d_statistics_enabled) {
5446 st_node_qr_rt_d_packets = stats_tree_create_pivot(st, st_str_qr_rt_d_packets, st_node_qr_rt_packets);
5447 }
5448 }
5449 }
5450 }
5451
5452 static tap_packet_status dns_qr_stats_tree_packet(stats_tree* st, packet_info* pinfo _U_, epan_dissect_t* edt _U_, const void* p, tap_flags_t flags _U_)
5453 {
5454 // log frame number
5455 ws_debug("total packets: %u\n", pinfo->num);
5456
5457 if (!dns_qr_statistics_enabled) {
5458 ws_debug("dns_qr_statistics_enabled = false\n");
5459 goto _exit_;
5460 }
5461
5462 char buf[256];
5463 static int st_node = 1;
5464 const struct DnsTap* pi = (const struct DnsTap*)p;
5465
5466 // t = Total
5467 if (dns_qr_t_statistics_enabled) {
5468 ws_debug(" t = Total\n");
5469 stats_tree_tick_pivot(st, st_node_qr_t_packets, val_to_str(pi->packet_qr, dns_qr_vals, "Unknown qr (%d)"));
5470 }
5471
5472 // query
5473 if (pi->packet_qr == 0) { // query
5474
5475 // q = Query
5476 if (!dns_qr_q_statistics_enabled) {
5477 ws_debug("dns_qr_q_statistics_enabled = false\n");
5478 goto _exit_;
5479 }
5480
5481 // qf = Query-From
5482 if (dns_qr_qf_statistics_enabled) {
5483 ws_debug("qo = Query-From\n");
5484 tick_stat_node(st, st_str_qr_qf_packets, st_node_qr_q_packets, true);
5485 buf[0] = '\0';
5486 if (pinfo->src.type == AT_IPv4) {
5487 ip_addr_to_str_buf(pinfo->src.data, buf, sizeof(buf));
5488 }
5489 else if (pinfo->src.type == AT_IPv6) {
5490 ip6_to_str_buf(pinfo->src.data, buf, sizeof(buf));
5491 }
5492 st_node = tick_stat_node(st, buf, st_node_qr_qf_packets, true);
5493 if (dns_qr_qrn_statistics_enabled) {
5494 tick_stat_node(st, pi->qname, st_node, false);
5495 }
5496 }
5497
5498 // qo = Query-Opcode
5499 if (dns_qr_qo_statistics_enabled) {
5500 ws_debug("qo = Query-Opcode\n");
5501 tick_stat_node(st, st_str_qr_qo_packets, st_node_qr_q_packets, true);
5502 st_node = tick_stat_node(st, val_to_str(pi->packet_opcode, opcode_vals, "Unknown opcode (%d)"), st_node_qr_qo_packets, true);
5503 if (dns_qr_qrn_statistics_enabled) {
5504 tick_stat_node(st, pi->qname, st_node, false);
5505 }
5506 }
5507
5508 // qk = Query-Kind
5509 if (dns_qr_qk_statistics_enabled) {
5510 ws_debug("qk = Query-Kind\n");
5511 tick_stat_node(st, st_str_qr_qk_packets, st_node_qr_q_packets, true);
5512 if (pi->flags & F_RECDESIRED) {
5513 st_node = tick_stat_node(st, "Recursion Desired", st_node_qr_qk_packets, true);
5514 }
5515 else {
5516 st_node = tick_stat_node(st, "Iteration Desired", st_node_qr_qk_packets, true);
5517 }
5518 if (dns_qr_qrn_statistics_enabled) {
5519 tick_stat_node(st, pi->qname, st_node, false);
5520 }
5521 }
5522
5523 // qt = Query-Type
5524 if (dns_qr_qt_statistics_enabled) {
5525 ws_debug("qt = Query-Type\n");
5526 tick_stat_node(st, st_str_qr_qt_packets, st_node_qr_q_packets, true);
5527 st_node = tick_stat_node(st, val_to_str(pi->packet_qtype, dns_types_vals, "Unknown packet type (%d)"), st_node_qr_qt_packets, true);
5528 if (dns_qr_qrn_statistics_enabled) {
5529 tick_stat_node(st, pi->qname, st_node, false);
5530 }
5531 }
5532
5533 // ql = Query-Label
5534 if (dns_qr_ql_statistics_enabled) {
5535 ws_debug("ql = Query-Label\n");
5536 tick_stat_node(st, st_str_qr_ql_packets, st_node_qr_q_packets, true);
5537 switch (pi->qname_labels) {
5538 case 1:
5539 st_node = tick_stat_node(st, "1st Level", st_node_qr_ql_packets, true);
5540 break;
5541 case 2:
5542 st_node = tick_stat_node(st, "2nd Level", st_node_qr_ql_packets, true);
5543 break;
5544 case 3:
5545 st_node = tick_stat_node(st, "3rd Level", st_node_qr_ql_packets, true);
5546 break;
5547 case 4:
5548 st_node = tick_stat_node(st, "4th Level", st_node_qr_ql_packets, true);
5549 break;
5550 case 5:
5551 st_node = tick_stat_node(st, "5th Level", st_node_qr_ql_packets, true);
5552 break;
5553 case 6:
5554 st_node = tick_stat_node(st, "6th Level", st_node_qr_ql_packets, true);
5555 break;
5556 case 7:
5557 st_node = tick_stat_node(st, "7th Level", st_node_qr_ql_packets, true);
5558 break;
5559 case 8:
5560 st_node = tick_stat_node(st, "8th Level", st_node_qr_ql_packets, true);
5561 break;
5562 default:
5563 st_node = tick_stat_node(st, "9+ Level", st_node_qr_ql_packets, true);
5564 break;
5565 }
5566 if (dns_qr_qrn_statistics_enabled) {
5567 st_node = tick_stat_node(st, pi->qdomain, st_node, true);
5568 tick_stat_node(st, pi->qhost, st_node, false);
5569 }
5570 }
5571
5572 // qp = Query-Payload
5573 if (dns_qr_qp_statistics_enabled) {
5574 ws_debug("qp = Query-Payloadl\n");
5575 tick_stat_node(st, st_str_qr_qp_packets, st_node_qr_q_packets, false);
5576 if (pi->payload_size == 0) {
5577 st_node = tick_stat_node(st, "zero", st_node_qr_qp_packets, true);
5578 }
5579 else if (pi->payload_size == 0x1) {
5580 st_node = tick_stat_node(st, "= 1B", st_node_qr_qp_packets, true);
5581 }
5582 else if (pi->payload_size == 0x2) {
5583 st_node = tick_stat_node(st, "= 2B", st_node_qr_qp_packets, true);
5584 }
5585 else if (pi->payload_size <= 0x4) {
5586 st_node = tick_stat_node(st, "<= 4B", st_node_qr_qp_packets, true);
5587 }
5588 else if (pi->payload_size < 0x8) {
5589 st_node = tick_stat_node(st, "<= 8B", st_node_qr_qp_packets, true);
5590 }
5591 else if (pi->payload_size < 0x10) {
5592 st_node = tick_stat_node(st, "<= 16B", st_node_qr_qp_packets, true);
5593 }
5594 else if (pi->payload_size < 0x20) {
5595 st_node = tick_stat_node(st, "<= 32B", st_node_qr_qp_packets, true);
5596 }
5597 else if (pi->payload_size < 0x40) {
5598 st_node = tick_stat_node(st, "<= 64B", st_node_qr_qp_packets, true);
5599 }
5600 else if (pi->payload_size < 0x80) {
5601 st_node = tick_stat_node(st, "<= 128B", st_node_qr_qp_packets, true);
5602 }
5603 else if (pi->payload_size < 0x100) {
5604 st_node = tick_stat_node(st, "<= 256B", st_node_qr_qp_packets, true);
5605 }
5606 else if (pi->payload_size < 0x200) {
5607 st_node = tick_stat_node(st, "<= 512B", st_node_qr_qp_packets, true);
5608 }
5609 else if (pi->payload_size < 0x400) {
5610 st_node = tick_stat_node(st, "<= 1KB", st_node_qr_qp_packets, true);
5611 }
5612 else if (pi->payload_size < 0x800) {
5613 st_node = tick_stat_node(st, "<= 2KB", st_node_qr_qp_packets, true);
5614 }
5615 else if (pi->payload_size < 0x1000) {
5616 st_node = tick_stat_node(st, "<= 4KB", st_node_qr_qp_packets, true);
5617 }
5618 else if (pi->payload_size < 0x2000) {
5619 st_node = tick_stat_node(st, "<= 8KB", st_node_qr_qp_packets, true);
5620 }
5621 else if (pi->payload_size < 0x4000) {
5622 st_node = tick_stat_node(st, "<= 16KB", st_node_qr_qp_packets, true);
5623 }
5624 else if (pi->payload_size < 0x8000) {
5625 st_node = tick_stat_node(st, "<= 32KB", st_node_qr_qp_packets, true);
5626 }
5627 else if (pi->payload_size < 0x10000) {
5628 st_node = tick_stat_node(st, "<= 64KB", st_node_qr_qp_packets, true);
5629 }
5630 else {
5631 st_node = tick_stat_node(st, "> 64KB", st_node_qr_qp_packets, true);
5632 }
5633 if (dns_qr_qrn_statistics_enabled) {
5634 tick_stat_node(st, pi->qname, st_node, false);
5635 }
5636 }
5637
5638 // qs = Query-Servicing
5639 if (dns_qr_qs_statistics_enabled) {
5640
5641 ws_debug("qs = Query-Servicing\n");
5642 tick_stat_node(st, st_str_qr_qs_packets, st_node_qr_q_packets, true);
5643
5644 // qs_a = Query-Service_Answered (ms)
5645 if (dns_qr_qs_a_statistics_enabled) {
5646 ws_debug("qs_a = Query-Service_Answered (ms)\n");
5647 // data is populated from responses
5648 // check rs_a = Response-Servicing_Answered
5649 }
5650
5651 // qs_u = Query-Service_Unanswered
5652 if (dns_qr_qs_u_statistics_enabled) {
5653 ws_debug("qs_u = Query-Service_Unanswered\n");
5654 if (!pi->retransmission) {
5655 if (dns_qr_qrn_statistics_enabled) {
5656 stats_tree_tick_pivot(st, st_node_qr_qs_u_packets, pi->qname);
5657 }
5658 else {
5659 tick_stat_node(st, st_str_qr_qs_u_packets, st_node_qr_qs_packets, false);
5660 }
5661 }
5662 }
5663
5664 // qs_r = Query-Service_Retransmission
5665 if (dns_qr_qs_r_statistics_enabled) {
5666 ws_debug("qs_r = Query-Service_Retransmission\n");
5667 if (pi->retransmission) {
5668 if (dns_qr_qrn_statistics_enabled) {
5669 stats_tree_tick_pivot(st, st_node_qr_qs_r_packets, pi->qname);
5670 }
5671 else {
5672 tick_stat_node(st, st_str_qr_qs_r_packets, st_node_qr_qs_packets, false);
5673 }
5674 }
5675 }
5676 }
5677 }
5678
5679 // response
5680 else {
5681
5682 // r = Response
5683 if (!dns_qr_r_statistics_enabled) {
5684 ws_debug("dns_qr_r_statistics_enabled = false\n");
5685 goto _exit_;
5686 }
5687
5688 // rf = Response-From
5689 if (dns_qr_rf_statistics_enabled) {
5690 ws_debug("rf = Response-From\n");
5691 tick_stat_node(st, st_str_qr_rf_packets, st_node_qr_r_packets, true);
5692 buf[0] = '\0';
5693 if (pinfo->src.type == AT_IPv4) {
5694 ip_addr_to_str_buf(pinfo->src.data, buf, sizeof(buf));
5695 }
5696 else if (pinfo->src.type == AT_IPv6) {
5697 ip6_to_str_buf(pinfo->src.data, buf, sizeof(buf));
5698 }
5699 st_node = tick_stat_node(st, buf, st_node_qr_rf_packets, true);
5700 if (dns_qr_qrn_statistics_enabled) {
5701 tick_stat_node(st, pi->qname, st_node, false);
5702 }
5703 }
5704
5705 // rc = Response-Code
5706 if (dns_qr_rc_statistics_enabled) {
5707 ws_debug("rc = Response-Code\n");
5708 tick_stat_node(st, st_str_qr_rc_packets, st_node_qr_r_packets, true);
5709 st_node = tick_stat_node(st, val_to_str(pi->packet_rcode, rcode_vals, "Unknown rcode (%d)"), st_node_qr_rc_packets, true);
5710 if (dns_qr_qrn_statistics_enabled) {
5711 tick_stat_node(st, pi->qname, st_node, false);
5712 }
5713 }
5714
5715 // rk = Response-Kind
5716 if (dns_qr_rk_statistics_enabled) {
5717 ws_debug("rk = Response-Kind\n");
5718 tick_stat_node(st, st_str_qr_rk_packets, st_node_qr_r_packets, true);
5719 if (pi->flags & F_AUTHORITATIVE) {
5720 st_node = tick_stat_node(st, "Authoritative", st_node_qr_rk_packets, true);
5721 }
5722 else {
5723 st_node = tick_stat_node(st, "Non-Authoritative", st_node_qr_rk_packets, true);
5724 }
5725 if (dns_qr_qrn_statistics_enabled) {
5726 tick_stat_node(st, pi->qname, st_node, false);
5727 }
5728 }
5729
5730 // ra = Response-Answer
5731 if (dns_qr_ra_statistics_enabled) {
5732 ws_debug("ra = Response-Answer\n");
5733 tick_stat_node(st, st_str_qr_ra_packets, st_node_qr_r_packets, true);
5734 if (pi->nanswers == 0) {
5735 st_node = tick_stat_node(st, "zero", st_node_qr_ra_packets, true);
5736 }
5737 else if (pi->nanswers == 0x1) {
5738 st_node = tick_stat_node(st, "= 1", st_node_qr_ra_packets, true);
5739 }
5740 else if (pi->nanswers == 0x2) {
5741 st_node = tick_stat_node(st, "= 2", st_node_qr_ra_packets, true);
5742 }
5743 else if (pi->nanswers <= 0x4) {
5744 st_node = tick_stat_node(st, "<= 4", st_node_qr_ra_packets, true);
5745 }
5746 else if (pi->nanswers <= 0x8) {
5747 st_node = tick_stat_node(st, "<= 8", st_node_qr_ra_packets, true);
5748 }
5749 else if (pi->nanswers <= 0x10) {
5750 st_node = tick_stat_node(st, "<= 16", st_node_qr_ra_packets, true);
5751 }
5752 else if (pi->nanswers <= 0x20) {
5753 st_node = tick_stat_node(st, "<= 32", st_node_qr_ra_packets, true);
5754 }
5755 else if (pi->nanswers <= 0x40) {
5756 st_node = tick_stat_node(st, "<= 64", st_node_qr_ra_packets, true);
5757 }
5758 else if (pi->nanswers <= 0x80) {
5759 st_node = tick_stat_node(st, "<= 128", st_node_qr_ra_packets, true);
5760 }
5761 else if (pi->nanswers <= 0x100) {
5762 st_node = tick_stat_node(st, "<= 256", st_node_qr_ra_packets, true);
5763 }
5764 else if (pi->nanswers <= 0x200) {
5765 st_node = tick_stat_node(st, "<= 512", st_node_qr_ra_packets, true);
5766 }
5767 else if (pi->nanswers <= 0x400) {
5768 st_node = tick_stat_node(st, "<= 1K", st_node_qr_ra_packets, true);
5769 }
5770 else if (pi->nanswers <= 0x800) {
5771 st_node = tick_stat_node(st, "<= 2K", st_node_qr_ra_packets, true);
5772 }
5773 else if (pi->nanswers <= 0x1000) {
5774 st_node = tick_stat_node(st, "<= 4K", st_node_qr_ra_packets, true);
5775 }
5776 else {
5777 st_node = tick_stat_node(st, "> 4K", st_node_qr_ra_packets, true);
5778 }
5779 if (dns_qr_qrn_statistics_enabled) {
5780 if (pi->nanswers == 0) {
5781 if (dns_qr_qrn_aud_zv_statistics_enabled) {
5782 tick_stat_node(st, pi->qname, st_node, false);
5783 }
5784 }
5785 else {
5786 tick_stat_node(st, pi->qname, st_node, false);
5787 }
5788 }
5789 }
5790
5791 // ru = Response-aUthority
5792 if (dns_qr_ru_statistics_enabled) {
5793 ws_debug("ru = Response-aUthority\n");
5794 tick_stat_node(st, st_str_qr_ru_packets, st_node_qr_r_packets, true);
5795 if (pi->nauthorities == 0) {
5796 st_node = tick_stat_node(st, "zero", st_node_qr_ru_packets, true);
5797 }
5798 else if (pi->nauthorities == 0x1) {
5799 st_node = tick_stat_node(st, "= 1", st_node_qr_ru_packets, true);
5800 }
5801 else if (pi->nauthorities == 0x2) {
5802 st_node = tick_stat_node(st, "= 2", st_node_qr_ru_packets, true);
5803 }
5804 else if (pi->nauthorities <= 0x4) {
5805 st_node = tick_stat_node(st, "<= 4", st_node_qr_ru_packets, true);
5806 }
5807 else if (pi->nauthorities <= 0x8) {
5808 st_node = tick_stat_node(st, "<= 8", st_node_qr_ru_packets, true);
5809 }
5810 else if (pi->nauthorities <= 0x10) {
5811 st_node = tick_stat_node(st, "<= 16", st_node_qr_ru_packets, true);
5812 }
5813 else if (pi->nauthorities <= 0x20) {
5814 st_node = tick_stat_node(st, "<= 32", st_node_qr_ru_packets, true);
5815 }
5816 else if (pi->nauthorities <= 0x40) {
5817 st_node = tick_stat_node(st, "<= 64", st_node_qr_ru_packets, true);
5818 }
5819 else if (pi->nauthorities <= 0x80) {
5820 st_node = tick_stat_node(st, "<= 128", st_node_qr_ru_packets, true);
5821 }
5822 else if (pi->nauthorities <= 0x100) {
5823 st_node = tick_stat_node(st, "<= 256", st_node_qr_ru_packets, true);
5824 }
5825 else if (pi->nauthorities <= 0x200) {
5826 st_node = tick_stat_node(st, "<= 512", st_node_qr_ru_packets, true);
5827 }
5828 else if (pi->nauthorities <= 0x400) {
5829 st_node = tick_stat_node(st, "<= 1K", st_node_qr_ru_packets, true);
5830 }
5831 else if (pi->nauthorities <= 0x800) {
5832 st_node = tick_stat_node(st, "<= 2K", st_node_qr_ru_packets, true);
5833 }
5834 else if (pi->nauthorities <= 0x1000) {
5835 st_node = tick_stat_node(st, "<= 4K", st_node_qr_ru_packets, true);
5836 }
5837 else {
5838 st_node = tick_stat_node(st, "> 4K", st_node_qr_ru_packets, true);
5839 }
5840 if (dns_qr_qrn_statistics_enabled) {
5841 if (pi->nauthorities == 0) {
5842 if (dns_qr_qrn_aud_zv_statistics_enabled) {
5843 tick_stat_node(st, pi->qname, st_node, false);
5844 }
5845 }
5846 else {
5847 tick_stat_node(st, pi->qname, st_node, false);
5848 }
5849 }
5850 }
5851
5852 // rd = Response-aDditional
5853 if (dns_qr_rd_statistics_enabled) {
5854 ws_debug("rd = Response-aDditional\n");
5855 tick_stat_node(st, st_str_qr_rd_packets, st_node_qr_r_packets, true);
5856 if (pi->nadditionals == 0) {
5857 st_node = tick_stat_node(st, "zero", st_node_qr_rd_packets, true);
5858 }
5859 else if (pi->nadditionals == 0x1) {
5860 st_node = tick_stat_node(st, "= 1", st_node_qr_rd_packets, true);
5861 }
5862 else if (pi->nadditionals == 0x2) {
5863 st_node = tick_stat_node(st, "= 2", st_node_qr_rd_packets, true);
5864 }
5865 else if (pi->nadditionals <= 0x4) {
5866 st_node = tick_stat_node(st, "<= 4", st_node_qr_rd_packets, true);
5867 }
5868 else if (pi->nadditionals <= 0x8) {
5869 st_node = tick_stat_node(st, "<= 8", st_node_qr_rd_packets, true);
5870 }
5871 else if (pi->nadditionals <= 0x10) {
5872 st_node = tick_stat_node(st, "<= 16", st_node_qr_rd_packets, true);
5873 }
5874 else if (pi->nadditionals <= 0x20) {
5875 st_node = tick_stat_node(st, "<= 32", st_node_qr_rd_packets, true);
5876 }
5877 else if (pi->nadditionals <= 0x40) {
5878 st_node = tick_stat_node(st, "<= 64", st_node_qr_rd_packets, true);
5879 }
5880 else if (pi->nadditionals <= 0x80) {
5881 st_node = tick_stat_node(st, "<= 128", st_node_qr_rd_packets, true);
5882 }
5883 else if (pi->nadditionals <= 0x100) {
5884 st_node = tick_stat_node(st, "<= 256", st_node_qr_rd_packets, true);
5885 }
5886 else if (pi->nadditionals <= 0x200) {
5887 st_node = tick_stat_node(st, "<= 512", st_node_qr_rd_packets, true);
5888 }
5889 else if (pi->nadditionals <= 0x400) {
5890 st_node = tick_stat_node(st, "<= 1K", st_node_qr_rd_packets, true);
5891 }
5892 else if (pi->nadditionals <= 0x800) {
5893 st_node = tick_stat_node(st, "<= 2K", st_node_qr_rd_packets, true);
5894 }
5895 else if (pi->nadditionals <= 0x1000) {
5896 st_node = tick_stat_node(st, "<= 4K", st_node_qr_rd_packets, true);
5897 }
5898 else {
5899 st_node = tick_stat_node(st, "> 4K", st_node_qr_rd_packets, true);
5900 }
5901 if (dns_qr_qrn_statistics_enabled) {
5902 if (pi->nadditionals == 0) {
5903 if (dns_qr_qrn_aud_zv_statistics_enabled) {
5904 tick_stat_node(st, pi->qname, st_node, false);
5905 }
5906 }
5907 else {
5908 tick_stat_node(st, pi->qname, st_node, false);
5909 }
5910 }
5911 }
5912
5913 // rp = Response-Payload
5914 if (dns_qr_rp_statistics_enabled) {
5915 ws_debug("rp = Response-Payloadl\n");
5916 tick_stat_node(st, st_str_qr_rp_packets, st_node_qr_r_packets, false);
5917 if (pi->payload_size == 0) {
5918 st_node = tick_stat_node(st, "zero", st_node_qr_rp_packets, true);
5919 }
5920 else if (pi->payload_size == 0x1) {
5921 st_node = tick_stat_node(st, "= 1B", st_node_qr_rp_packets, true);
5922 }
5923 else if (pi->payload_size == 0x2) {
5924 st_node = tick_stat_node(st, "= 2B", st_node_qr_rp_packets, true);
5925 }
5926 else if (pi->payload_size <= 0x4) {
5927 st_node = tick_stat_node(st, "<= 4B", st_node_qr_rp_packets, true);
5928 }
5929 else if (pi->payload_size <= 0x8) {
5930 st_node = tick_stat_node(st, "<= 8B", st_node_qr_rp_packets, true);
5931 }
5932 else if (pi->payload_size <= 0x10) {
5933 st_node = tick_stat_node(st, "<= 16B", st_node_qr_rp_packets, true);
5934 }
5935 else if (pi->payload_size <= 0x20) {
5936 st_node = tick_stat_node(st, "<= 32B", st_node_qr_rp_packets, true);
5937 }
5938 else if (pi->payload_size <= 0x40) {
5939 st_node = tick_stat_node(st, "<= 64B", st_node_qr_rp_packets, true);
5940 }
5941 else if (pi->payload_size <= 0x80) {
5942 st_node = tick_stat_node(st, "<= 128B", st_node_qr_rp_packets, true);
5943 }
5944 else if (pi->payload_size <= 0x100) {
5945 st_node = tick_stat_node(st, "<= 256B", st_node_qr_rp_packets, true);
5946 }
5947 else if (pi->payload_size <= 0x200) {
5948 st_node = tick_stat_node(st, "<= 512B", st_node_qr_rp_packets, true);
5949 }
5950 else if (pi->payload_size <= 0x400) {
5951 st_node = tick_stat_node(st, "<= 1KB", st_node_qr_rp_packets, true);
5952 }
5953 else if (pi->payload_size <= 0x800) {
5954 st_node = tick_stat_node(st, "<= 2KB", st_node_qr_rp_packets, true);
5955 }
5956 else if (pi->payload_size <= 0x1000) {
5957 st_node = tick_stat_node(st, "<= 4KB", st_node_qr_rp_packets, true);
5958 }
5959 else if (pi->payload_size <= 0x2000) {
5960 st_node = tick_stat_node(st, "<= 8KB", st_node_qr_rp_packets, true);
5961 }
5962 else if (pi->payload_size <= 0x4000) {
5963 st_node = tick_stat_node(st, "<= 16KB", st_node_qr_rp_packets, true);
5964 }
5965 else if (pi->payload_size <= 0x8000) {
5966 st_node = tick_stat_node(st, "<= 32KB", st_node_qr_rp_packets, true);
5967 }
5968 else if (pi->payload_size <= 0x10000) {
5969 st_node = tick_stat_node(st, "<= 64KB", st_node_qr_rp_packets, true);
5970 }
5971 else {
5972 st_node = tick_stat_node(st, "> 64KB", st_node_qr_rp_packets, true);
5973 }
5974 if (dns_qr_qrn_statistics_enabled) {
5975 tick_stat_node(st, pi->qname, st_node, false);
5976 }
5977 }
5978
5979 // rs = Response-Servicing
5980 if (dns_qr_rs_statistics_enabled) {
5981
5982 ws_debug("rs = Response-Servicing\n");
5983 tick_stat_node(st, st_str_qr_rs_packets, st_node_qr_r_packets, true);
5984
5985 // rs_a = Response-Service_Answered (ms)
5986 if (dns_qr_rs_a_statistics_enabled) {
5987 ws_debug("rs_a = Response-Service_Answered (ms)\n");
5988 if (!pi->retransmission && !pi->unsolicited) {
5989 st_node = avg_stat_node_add_value_float(st, st_str_qr_rs_a_packets, st_node_qr_rs_packets, true, (float)(pi->rrt.secs * 1000. + pi->rrt.nsecs / 1000000.0));
5990 if (dns_qr_qrn_statistics_enabled) {
5991 avg_stat_node_add_value_float(st, pi->qname, st_node, false, (float)(pi->rrt.secs * 1000. + pi->rrt.nsecs / 1000000.0));
5992 }
5993 // filling in qs_a = Answered (ms)
5994 if (dns_qr_qs_a_statistics_enabled) {
5995 st_node = avg_stat_node_add_value_float(st, st_str_qr_qs_a_packets, st_node_qr_qs_packets, true, (float)(pi->rrt.secs * 1000. + pi->rrt.nsecs / 1000000.0));
5996 if (dns_qr_qrn_statistics_enabled) {
5997 avg_stat_node_add_value_float(st, pi->qname, st_node, false, (float)(pi->rrt.secs * 1000. + pi->rrt.nsecs / 1000000.0));
5998 }
5999 }
6000 // decrementing qs_u = Unanswered
6001 if (dns_qr_qs_u_statistics_enabled) {
6002 increase_stat_node(st, st_str_qr_qs_u_packets, st_node_qr_qs_packets, false, -1);
6003 if (dns_qr_qrn_statistics_enabled) {
6004 increase_stat_node(st, pi->qname, st_node_qr_qs_u_packets, false, -1);
6005 }
6006 }
6007 }
6008 }
6009
6010 // rs_u = Response-Service_Unsolicited
6011 if (dns_qr_rs_u_statistics_enabled) {
6012 ws_debug("rs_u = Response-Service_Unsolicited\n");
6013 // service statistics (total responses = unsolicited + retransmissions + non-retransmissions)
6014 if (pi->unsolicited) { // unsolicited = responses without queries being present in this capture
6015 if (dns_qr_qrn_statistics_enabled) {
6016 stats_tree_tick_pivot(st, st_node_qr_rs_u_packets, pi->qname);
6017 }
6018 else {
6019 tick_stat_node(st, st_str_qr_rs_u_packets, st_node_qr_rs_packets, false);
6020 }
6021 }
6022 }
6023
6024 // rs_r = Response-Service_Retransmission
6025 if (dns_qr_rs_r_statistics_enabled) {
6026 ws_debug("rs_r = Response-Service_Retransmission\n");
6027 if (pi->retransmission && !pi->unsolicited) {
6028 if (dns_qr_qrn_statistics_enabled) {
6029 stats_tree_tick_pivot(st, st_node_qr_rs_r_packets, pi->qname);
6030 }
6031 else {
6032 tick_stat_node(st, st_str_qr_rs_r_packets, st_node_qr_rs_packets, false);
6033 }
6034 }
6035 }
6036 }
6037
6038 // rt = Response-TTL
6039 if (dns_qr_rt_statistics_enabled) {
6040 ws_debug("rt = Response-TTL\n");
6041
6042 // counting of ttl should stay disabled to avoid confusion with summation
6043 // of its child nodes and its count. for example, if there are only 2
6044 // responses, ttl count will be 2 but summation of answers, authorities
6045 // and additionals could be more as each response could contain multiple
6046 // answers, authorities and additionals. if ttl count is changed to
6047 // reflect summation, then it would standout withing its siblings like
6048 // rcode, payload etc.
6049 //tick_stat_node(st, st_str_qr_rt_packets, st_node_qr_r_packets, true);
6050
6051 // rt_a = Answers
6052 if (dns_qr_rt_a_statistics_enabled) {
6053 ws_debug("rt_a = Response-TTL_Answers\n");
6054 unsigned ui_limit = pi->nanswers;
6055 if (ui_limit > TTL_MAXIMUM_ELEMENTS) { // limit check to avoid overflow
6056 ws_debug("rt_a = Response-TTL_Answers (answers(%u) > (%u)TTL_MAXIMUM_ELEMENTS) (iterating upto TTL_MAXIMUM_ELEMENTS)\n", ui_limit, TTL_MAXIMUM_ELEMENTS);
6057 ui_limit = TTL_MAXIMUM_ELEMENTS;
6058 }
6059 for (unsigned ui = 0; ui < ui_limit; ui++) {
6060 tick_stat_node(st, st_str_qr_rt_a_packets, st_node_qr_rt_packets, true);
6061 if (dns_qr_r_ra_ttls[ui] == 0) {
6062 st_node = tick_stat_node(st, "zero", st_node_qr_rt_a_packets, true);
6063 }
6064 else if (dns_qr_r_ra_ttls[ui] <= 60) {
6065 st_node = tick_stat_node(st, "<= minute", st_node_qr_rt_a_packets, true);
6066 }
6067 else if (dns_qr_r_ra_ttls[ui] <= 3600) {
6068 st_node = tick_stat_node(st, "<= hour", st_node_qr_rt_a_packets, true);
6069 }
6070 else if (dns_qr_r_ra_ttls[ui] <= 86400) {
6071 st_node = tick_stat_node(st, "<= day", st_node_qr_rt_a_packets, true);
6072 }
6073 else if (dns_qr_r_ra_ttls[ui] <= 604800) {
6074 st_node = tick_stat_node(st, "<= week", st_node_qr_rt_a_packets, true);
6075 }
6076 else if (dns_qr_r_ra_ttls[ui] <= 2628000) {
6077 st_node = tick_stat_node(st, "<= month", st_node_qr_rt_a_packets, true);
6078 }
6079 else if (dns_qr_r_ra_ttls[ui] <= 31536000) {
6080 st_node = tick_stat_node(st, "<= year", st_node_qr_rt_a_packets, true);
6081 }
6082 else {
6083 st_node = tick_stat_node(st, "> year", st_node_qr_rt_a_packets, true);
6084 }
6085 if (dns_qr_qrn_statistics_enabled) {
6086 tick_stat_node(st, pi->qname, st_node, false);
6087 }
6088 }
6089 }
6090
6091 // rt_u = aUthority
6092 if (dns_qr_rt_u_statistics_enabled) {
6093 ws_debug("rt_u = Response-TTL_aUthority\n");
6094 unsigned ui_limit = pi->nauthorities;
6095 if (ui_limit > TTL_MAXIMUM_ELEMENTS) { // limit check to avoid overflow
6096 ws_debug("rt_a = Response-TTL_Answers (authorities(%u) > (%u)TTL_MAXIMUM_ELEMENTS) (iterating upto TTL_MAXIMUM_ELEMENTS)\n", ui_limit, TTL_MAXIMUM_ELEMENTS);
6097 ui_limit = TTL_MAXIMUM_ELEMENTS;
6098 }
6099 for (unsigned ui = 0; ui < ui_limit; ui++) {
6100 tick_stat_node(st, st_str_qr_rt_u_packets, st_node_qr_rt_packets, true);
6101 if (dns_qr_r_ru_ttls[ui] == 0) {
6102 st_node = tick_stat_node(st, "zero", st_node_qr_rt_u_packets, true);
6103 }
6104 else if (dns_qr_r_ru_ttls[ui] <= 60) {
6105 st_node = tick_stat_node(st, "<= minute", st_node_qr_rt_u_packets, true);
6106 }
6107 else if (dns_qr_r_ru_ttls[ui] <= 3600) {
6108 st_node = tick_stat_node(st, "<= hour", st_node_qr_rt_u_packets, true);
6109 }
6110 else if (dns_qr_r_ru_ttls[ui] <= 86400) {
6111 st_node = tick_stat_node(st, "<= day", st_node_qr_rt_u_packets, true);
6112 }
6113 else if (dns_qr_r_ru_ttls[ui] <= 604800) {
6114 st_node = tick_stat_node(st, "<= week", st_node_qr_rt_u_packets, true);
6115 }
6116 else if (dns_qr_r_ru_ttls[ui] <= 2628000) {
6117 st_node = tick_stat_node(st, "<= month", st_node_qr_rt_u_packets, true);
6118 }
6119 else if (dns_qr_r_ru_ttls[ui] <= 31536000) {
6120 st_node = tick_stat_node(st, "<= year", st_node_qr_rt_u_packets, true);
6121 }
6122 else {
6123 st_node = tick_stat_node(st, "> year", st_node_qr_rt_u_packets, true);
6124 }
6125 if (dns_qr_qrn_statistics_enabled) {
6126 tick_stat_node(st, pi->qname, st_node, false);
6127 }
6128 }
6129 }
6130
6131 // rt_d = aDditional
6132 if (dns_qr_rt_d_statistics_enabled) {
6133 ws_debug("rt_d = Response-TTL_aDditional\n");
6134 unsigned ui_limit = pi->nadditionals;
6135 if (ui_limit > TTL_MAXIMUM_ELEMENTS) { // limit check to avoid overflow
6136 ws_debug("rt_a = Response-TTL_Answers (additionals(%u) > (%u)TTL_MAXIMUM_ELEMENTS) (iterating upto TTL_MAXIMUM_ELEMENTS)\n", ui_limit, TTL_MAXIMUM_ELEMENTS);
6137 ui_limit = TTL_MAXIMUM_ELEMENTS;
6138 }
6139 for (unsigned ui = 0; ui < ui_limit; ui++) {
6140 tick_stat_node(st, st_str_qr_rt_d_packets, st_node_qr_rt_packets, true);
6141 if (dns_qr_r_rd_ttls[ui] == 0) {
6142 st_node = tick_stat_node(st, "zero", st_node_qr_rt_d_packets, true);
6143 }
6144 else if (dns_qr_r_rd_ttls[ui] <= 60) {
6145 st_node = tick_stat_node(st, "<= minute", st_node_qr_rt_d_packets, true);
6146 }
6147 else if (dns_qr_r_rd_ttls[ui] <= 3600) {
6148 st_node = tick_stat_node(st, "<= hour", st_node_qr_rt_d_packets, true);
6149 }
6150 else if (dns_qr_r_rd_ttls[ui] <= 86400) {
6151 st_node = tick_stat_node(st, "<= day", st_node_qr_rt_d_packets, true);
6152 }
6153 else if (dns_qr_r_rd_ttls[ui] <= 604800) {
6154 st_node = tick_stat_node(st, "<= week", st_node_qr_rt_d_packets, true);
6155 }
6156 else if (dns_qr_r_rd_ttls[ui] <= 2628000) {
6157 st_node = tick_stat_node(st, "<= month", st_node_qr_rt_d_packets, true);
6158 }
6159 else if (dns_qr_r_rd_ttls[ui] <= 31536000) {
6160 st_node = tick_stat_node(st, "<= year", st_node_qr_rt_d_packets, true);
6161 }
6162 else {
6163 st_node = tick_stat_node(st, "> year", st_node_qr_rt_d_packets, true);
6164 }
6165 if (dns_qr_qrn_statistics_enabled) {
6166 tick_stat_node(st, pi->qname, st_node, false);
6167 }
6168 }
6169 }
6170 }
6171 }
6172 _exit_:
6173 return TAP_PACKET_REDRAW;
6174 }
6175
6176 static void dns_qr_stats_tree_cleanup(stats_tree* st)
6177 {
6178 ws_debug("cleanup with st=%p\n", st);
6179 }
6180
6181 void
6182 proto_reg_handoff_dns(void)
6183 {
6184 dissector_add_uint_with_preference("udp.port", UDP_PORT_MDNS, mdns_udp_handle);
6185 dissector_add_uint_with_preference("udp.port", UDP_PORT_LLMNR, llmnr_udp_handle);
6186 dissector_add_uint("sctp.port", SCTP_PORT_DNS, dns_handle);
6187 #if 0
6188 dissector_add_uint("sctp.ppi", DNS_PAYLOAD_PROTOCOL_ID, dns_handle);
6189 #endif
6190 stats_tree_cfg *st_config = stats_tree_register("dns", "dns", "DNS", 0, dns_stats_tree_packet, dns_stats_tree_init, NULL);
6191 stats_tree_set_first_column_name(st_config, "Packet Type");
6192 stats_tree_register("dns", "dns_qr", "DNS/Query-Response", 0, dns_qr_stats_tree_packet, dns_qr_stats_tree_init, dns_qr_stats_tree_cleanup);
6193 gssapi_handle = find_dissector_add_dependency("gssapi", proto_dns);
6194 ntlmssp_handle = find_dissector_add_dependency("ntlmssp", proto_dns);
6195 tls_echconfig_handle = find_dissector("tls-echconfig");
6196 ssl_dissector_add(TCP_PORT_DNS_TLS, dns_handle);
6197 // RFC 7858 - registration via https://mailarchive.ietf.org/arch/msg/dns-privacy/iZ2rDIhFB2ZWsGC3PcdBVLGa8Do
6198 dissector_add_string("tls.alpn", "dot", dns_handle);
6199 dtls_dissector_add(UDP_PORT_DNS_DTLS, dns_handle);
6200 dissector_add_uint_range_with_preference("tcp.port", DEFAULT_DNS_TCP_PORT_RANGE, dns_handle);
6201 dissector_add_uint_range_with_preference("udp.port", DEFAULT_DNS_PORT_RANGE, dns_handle);
6202 dissector_add_string("media_type", "application/dns-message", dns_handle); /* since draft-ietf-doh-dns-over-https-07 */
6203 dissector_add_string("quic.proto", "doq", doq_handle); /* https://www.ietf.org/archive/id/draft-ietf-dprive-dnsoquic-03.txt */
6204 heur_dissector_add("udp", dissect_dns_heur, "DNS over UDP", "dns_udp", proto_dns, HEURISTIC_ENABLE);
6205 }
6206
6207 void
6208 proto_register_dns(void)
6209 {
6210 static hf_register_info hf[] = {
6211 { &hf_dns_length,
6212 { "Length", "dns.length",
6213 FT_UINT16, BASE_DEC, NULL, 0x0,
6214 "Length of DNS-over-TCP request or response", HFILL }},
6215
6216 { &hf_dns_flags,
6217 { "Flags", "dns.flags",
6218 FT_UINT16, BASE_HEX, NULL, 0x0,
6219 NULL, HFILL }},
6220
6221 { &hf_dns_flags_response,
6222 { "Response", "dns.flags.response",
6223 FT_BOOLEAN, 16, TFS(&tfs_flags_response), F_RESPONSE,
6224 "Is the message a response?", HFILL }},
6225
6226 { &hf_dns_flags_opcode,
6227 { "Opcode", "dns.flags.opcode",
6228 FT_UINT16, BASE_DEC, VALS(opcode_vals), F_OPCODE,
6229 "Operation code", HFILL }},
6230
6231 { &hf_dns_flags_authoritative,
6232 { "Authoritative", "dns.flags.authoritative",
6233 FT_BOOLEAN, 16, TFS(&tfs_flags_authoritative), F_AUTHORITATIVE,
6234 "Is the server is an authority for the domain?", HFILL }},
6235
6236 { &hf_dns_flags_conflict_query,
6237 { "Conflict", "dns.flags.conflict",
6238 FT_BOOLEAN, 16, TFS(&tfs_flags_conflict_query), F_CONFLICT,
6239 "Did we receive multiple responses to a query?", HFILL }},
6240
6241 { &hf_dns_flags_conflict_response,
6242 { "Conflict", "dns.flags.conflict",
6243 FT_BOOLEAN, 16, TFS(&tfs_flags_conflict_response), F_CONFLICT,
6244 "Is the name considered unique?", HFILL }},
6245
6246 { &hf_dns_flags_truncated,
6247 { "Truncated", "dns.flags.truncated",
6248 FT_BOOLEAN, 16, TFS(&tfs_flags_truncated), F_TRUNCATED,
6249 "Is the message truncated?", HFILL }},
6250
6251 { &hf_dns_flags_recdesired,
6252 { "Recursion desired", "dns.flags.recdesired",
6253 FT_BOOLEAN, 16, TFS(&tfs_flags_recdesired), F_RECDESIRED,
6254 "Do query recursively?", HFILL }},
6255
6256 { &hf_dns_flags_tentative,
6257 { "Tentative", "dns.flags.tentative",
6258 FT_BOOLEAN, 16, TFS(&tfs_flags_tentative), F_TENTATIVE,
6259 "Is the responder authoritative for the name, but not yet verified the uniqueness?", HFILL }},
6260
6261 { &hf_dns_flags_recavail,
6262 { "Recursion available", "dns.flags.recavail",
6263 FT_BOOLEAN, 16, TFS(&tfs_flags_recavail), F_RECAVAIL,
6264 "Can the server do recursive queries?", HFILL }},
6265
6266 { &hf_dns_flags_z,
6267 { "Z", "dns.flags.z",
6268 FT_BOOLEAN, 16, TFS(&tfs_flags_z), F_Z,
6269 "Z flag", HFILL }},
6270
6271 { &hf_dns_flags_authenticated,
6272 { "Answer authenticated", "dns.flags.authenticated",
6273 FT_BOOLEAN, 16, TFS(&tfs_flags_authenticated), F_AUTHENTIC,
6274 "Was the reply data authenticated by the server?", HFILL }},
6275
6276 { &hf_dns_flags_ad,
6277 { "AD bit", "dns.flags.ad",
6278 FT_BOOLEAN, 16, TFS(&tfs_set_notset), F_AUTHENTIC,
6279 NULL, HFILL }},
6280
6281 { &hf_dns_flags_checkdisable,
6282 { "Non-authenticated data", "dns.flags.checkdisable",
6283 FT_BOOLEAN, 16, TFS(&tfs_flags_checkdisable), F_CHECKDISABLE,
6284 "Is non-authenticated data acceptable?", HFILL }},
6285
6286 { &hf_dns_flags_rcode,
6287 { "Reply code", "dns.flags.rcode",
6288 FT_UINT16, BASE_DEC, VALS(rcode_vals), F_RCODE,
6289 NULL, HFILL }},
6290
6291 { &hf_dns_transaction_id,
6292 { "Transaction ID", "dns.id",
6293 FT_UINT16, BASE_HEX, NULL, 0x0,
6294 "Identification of transaction", HFILL }},
6295
6296 { &hf_dns_qry_type,
6297 { "Type", "dns.qry.type",
6298 FT_UINT16, BASE_DEC|BASE_EXT_STRING, &dns_types_vals_ext, 0,
6299 "Query Type", HFILL }},
6300
6301 { &hf_dns_qry_class,
6302 { "Class", "dns.qry.class",
6303 FT_UINT16, BASE_HEX, VALS(dns_classes), 0x0,
6304 "Query Class", HFILL }},
6305
6306 { &hf_dns_qry_class_mdns,
6307 { "Class", "dns.qry.class",
6308 FT_UINT16, BASE_HEX, VALS(dns_classes), 0x7FFF,
6309 "Query Class", HFILL }},
6310
6311 { &hf_dns_qry_qu,
6312 { "\"QU\" question", "dns.qry.qu",
6313 FT_BOOLEAN, 16, NULL, C_QU,
6314 "QU flag", HFILL }},
6315
6316 { &hf_dns_qry_name,
6317 { "Name", "dns.qry.name",
6318 FT_STRING, BASE_NONE, NULL, 0x0,
6319 "Query Name", HFILL }},
6320
6321 { &hf_dns_qry_name_len,
6322 { "Name Length", "dns.qry.name.len",
6323 FT_UINT16, BASE_DEC, NULL, 0x0,
6324 "Query Name Len", HFILL }},
6325
6326 { &hf_dns_count_labels,
6327 { "Label Count", "dns.count.labels",
6328 FT_UINT16, BASE_DEC, NULL, 0x0,
6329 "Query Label Count", HFILL }},
6330
6331 { &hf_dns_rr_type,
6332 { "Type", "dns.resp.type",
6333 FT_UINT16, BASE_DEC|BASE_EXT_STRING, &dns_types_vals_ext, 0x0,
6334 "Response Type", HFILL }},
6335
6336 { &hf_dns_rr_class,
6337 { "Class", "dns.resp.class",
6338 FT_UINT16, BASE_HEX, VALS(dns_classes), 0x0,
6339 "Response Class", HFILL }},
6340
6341 { &hf_dns_rr_class_mdns,
6342 { "Class", "dns.resp.class",
6343 FT_UINT16, BASE_HEX, VALS(dns_classes), 0x7FFF,
6344 "Response Class", HFILL }},
6345
6346 { &hf_dns_rr_cache_flush,
6347 { "Cache flush", "dns.resp.cache_flush",
6348 FT_BOOLEAN, 16, NULL, C_FLUSH,
6349 "Cache flush flag", HFILL }},
6350
6351 { &hf_dns_rr_ext_rcode,
6352 { "Higher bits in extended RCODE", "dns.resp.ext_rcode",
6353 FT_UINT8, BASE_HEX, NULL, 0x0,
6354 NULL, HFILL }},
6355
6356 { &hf_dns_rr_edns0_version,
6357 { "EDNS0 version", "dns.resp.edns0_version",
6358 FT_UINT8, BASE_DEC, NULL, 0x0,
6359 NULL, HFILL }},
6360
6361 { &hf_dns_rr_z,
6362 { "Z", "dns.resp.z",
6363 FT_UINT16, BASE_HEX, NULL, 0x0,
6364 NULL, HFILL }},
6365
6366 { &hf_dns_rr_z_do,
6367 { "DO bit", "dns.resp.z.do",
6368 FT_BOOLEAN, 16, TFS(&tfs_dns_rr_z_do), 0x8000,
6369 "DNSSEC OK", HFILL }},
6370
6371 { &hf_dns_rr_z_reserved,
6372 { "Reserved", "dns.resp.z.reserved",
6373 FT_UINT16, BASE_HEX, NULL, 0x7FFF,
6374 NULL, HFILL }},
6375
6376 { &hf_dns_srv_instance,
6377 { "Instance", "dns.srv.instance",
6378 FT_STRING, BASE_NONE, NULL, 0x0,
6379 "Desired service instance", HFILL }},
6380
6381 { &hf_dns_srv_service,
6382 { "Service", "dns.srv.service",
6383 FT_STRING, BASE_NONE, NULL, 0x0,
6384 "Desired service", HFILL }},
6385
6386 { &hf_dns_srv_proto,
6387 { "Protocol", "dns.srv.proto",
6388 FT_STRING, BASE_NONE, NULL, 0x0,
6389 "Desired protocol", HFILL }},
6390
6391 { &hf_dns_srv_name,
6392 { "Name", "dns.srv.name",
6393 FT_STRING, BASE_NONE, NULL, 0x0,
6394 "Domain this resource record refers to", HFILL }},
6395
6396 { &hf_dns_srv_priority,
6397 { "Priority", "dns.srv.priority",
6398 FT_UINT16, BASE_DEC, NULL, 0x0,
6399 NULL, HFILL }},
6400
6401 { &hf_dns_srv_weight,
6402 { "Weight", "dns.srv.weight",
6403 FT_UINT16, BASE_DEC, NULL, 0x0,
6404 NULL, HFILL }},
6405
6406 { &hf_dns_srv_port,
6407 { "Port", "dns.srv.port",
6408 FT_UINT16, BASE_DEC, NULL, 0x0,
6409 NULL, HFILL }},
6410
6411 { &hf_dns_srv_target,
6412 { "Target", "dns.srv.target",
6413 FT_STRING, BASE_NONE, NULL, 0x0,
6414 NULL, HFILL }},
6415
6416 { &hf_dns_naptr_order,
6417 { "Order", "dns.naptr.order",
6418 FT_UINT16, BASE_DEC, NULL, 0x0,
6419 NULL, HFILL }},
6420
6421 { &hf_dns_naptr_preference,
6422 { "Preference", "dns.naptr.preference",
6423 FT_UINT16, BASE_DEC, NULL, 0x0,
6424 NULL, HFILL }},
6425
6426 { &hf_dns_naptr_flags_length,
6427 { "Flags Length", "dns.naptr.flags_length",
6428 FT_UINT8, BASE_DEC, NULL, 0x0,
6429 NULL, HFILL }},
6430
6431 { &hf_dns_naptr_flags,
6432 { "Flags", "dns.naptr.flags",
6433 FT_STRING, BASE_NONE, NULL, 0x0,
6434 NULL, HFILL }},
6435
6436 { &hf_dns_naptr_service_length,
6437 { "Service Length", "dns.naptr.service_length",
6438 FT_UINT8, BASE_DEC, NULL, 0x0,
6439 NULL, HFILL }},
6440
6441 { &hf_dns_naptr_service,
6442 { "Service", "dns.naptr.service",
6443 FT_STRING, BASE_NONE, NULL, 0x0,
6444 NULL, HFILL }},
6445
6446 { &hf_dns_naptr_regex_length,
6447 { "Regex Length", "dns.naptr.regex_length",
6448 FT_UINT8, BASE_DEC, NULL, 0x0,
6449 NULL, HFILL }},
6450
6451 { &hf_dns_naptr_regex,
6452 { "Regex", "dns.naptr.regex",
6453 FT_STRING, BASE_NONE, NULL, 0x0,
6454 NULL, HFILL }},
6455
6456 { &hf_dns_naptr_replacement_length,
6457 { "Replacement Length", "dns.naptr.replacement_length",
6458 FT_UINT8, BASE_DEC, NULL, 0x0,
6459 NULL, HFILL }},
6460
6461 { &hf_dns_naptr_replacement,
6462 { "Replacement", "dns.naptr.replacement",
6463 FT_STRING, BASE_NONE, NULL, 0x0,
6464 NULL, HFILL }},
6465
6466 { &hf_dns_rr_name,
6467 { "Name", "dns.resp.name",
6468 FT_STRING, BASE_NONE, NULL, 0x0,
6469 "Response Name", HFILL }},
6470
6471 { &hf_dns_rr_ttl,
6472 { "Time to live", "dns.resp.ttl",
6473 FT_UINT32, BASE_DEC, NULL, 0x0,
6474 "Response TTL", HFILL }},
6475
6476 { &hf_dns_rr_len,
6477 { "Data length", "dns.resp.len",
6478 FT_UINT16, BASE_DEC, NULL, 0x0,
6479 "Response Length", HFILL }},
6480
6481 { &hf_dns_a,
6482 { "Address", "dns.a",
6483 FT_IPv4, BASE_NONE, NULL, 0x0,
6484 "Response IPv4 Address", HFILL }},
6485
6486 { &hf_dns_a_ch_domain,
6487 { "Chaos Domain", "dns.a.ch.domain",
6488 FT_STRING, BASE_NONE, NULL, 0x0,
6489 "Response Chaos Domain", HFILL }},
6490
6491 { &hf_dns_a_ch_addr,
6492 { "Chaos Address", "dns.a.ch.addr",
6493 FT_UINT16, BASE_OCT, NULL, 0x0,
6494 "Response Chaos Address", HFILL }},
6495
6496 { &hf_dns_md,
6497 { "Mail Destination", "dns.md",
6498 FT_STRING, BASE_NONE, NULL, 0x0,
6499 NULL, HFILL }},
6500
6501 { &hf_dns_mf,
6502 { "Mail Forwarder", "dns.mf",
6503 FT_STRING, BASE_NONE, NULL, 0x0,
6504 NULL, HFILL }},
6505
6506 { &hf_dns_mb,
6507 { "MailBox Domain", "dns.mb",
6508 FT_STRING, BASE_NONE, NULL, 0x0,
6509 NULL, HFILL }},
6510
6511 { &hf_dns_mg,
6512 { "Mail Group member", "dns.mg",
6513 FT_STRING, BASE_NONE, NULL, 0x0,
6514 NULL, HFILL }},
6515
6516 { &hf_dns_mr,
6517 { "Mail Rename domain", "dns.mr",
6518 FT_STRING, BASE_NONE, NULL, 0x0,
6519 NULL, HFILL }},
6520
6521 { &hf_dns_null,
6522 { "Null (data)", "dns.null",
6523 FT_BYTES, BASE_NONE, NULL, 0x0,
6524 NULL, HFILL }},
6525
6526 { &hf_dns_aaaa,
6527 { "AAAA Address", "dns.aaaa",
6528 FT_IPv6, BASE_NONE, NULL, 0x0,
6529 "AAAA Response Address", HFILL }},
6530
6531 { &hf_dns_cname,
6532 { "CNAME", "dns.cname",
6533 FT_STRING, BASE_NONE, NULL, 0x0,
6534 "Response Primary Name", HFILL }},
6535
6536 { &hf_dns_rr_udp_payload_size_mdns,
6537 { "UDP payload size", "dns.rr.udp_payload_size",
6538 FT_UINT16, BASE_HEX, NULL, 0x7FFF,
6539 NULL, HFILL }},
6540
6541 { &hf_dns_rr_udp_payload_size,
6542 { "UDP payload size", "dns.rr.udp_payload_size",
6543 FT_UINT16, BASE_DEC, NULL, 0x0,
6544 NULL, HFILL }},
6545
6546 { &hf_dns_soa_mname,
6547 { "Primary name server", "dns.soa.mname",
6548 FT_STRING, BASE_NONE, NULL, 0x0,
6549 NULL, HFILL }},
6550
6551 { &hf_dns_soa_rname,
6552 { "Responsible authority's mailbox", "dns.soa.rname",
6553 FT_STRING, BASE_NONE, NULL, 0x0,
6554 NULL, HFILL }},
6555
6556 { &hf_dns_soa_serial_number,
6557 { "Serial Number", "dns.soa.serial_number",
6558 FT_UINT32, BASE_DEC, NULL, 0x0,
6559 NULL, HFILL }},
6560
6561 { &hf_dns_soa_refresh_interval,
6562 { "Refresh Interval", "dns.soa.refresh_interval",
6563 FT_UINT32, BASE_DEC, NULL, 0x0,
6564 NULL, HFILL }},
6565
6566 { &hf_dns_soa_retry_interval,
6567 { "Retry Interval", "dns.soa.retry_interval",
6568 FT_UINT32, BASE_DEC, NULL, 0x0,
6569 NULL, HFILL }},
6570
6571 { &hf_dns_soa_expire_limit,
6572 { "Expire limit", "dns.soa.expire_limit",
6573 FT_UINT32, BASE_DEC, NULL, 0x0,
6574 NULL, HFILL }},
6575
6576 { &hf_dns_soa_minimum_ttl,
6577 { "Minimum TTL", "dns.soa.minimum_ttl",
6578 FT_UINT32, BASE_DEC, NULL, 0x0,
6579 NULL, HFILL }},
6580
6581 { &hf_dns_ptr_domain_name,
6582 { "Domain Name", "dns.ptr.domain_name",
6583 FT_STRING, BASE_NONE, NULL, 0x0,
6584 NULL, HFILL }},
6585
6586 { &hf_dns_wks_address,
6587 { "Address", "dns.wks.address",
6588 FT_IPv4, BASE_NONE, NULL, 0x0,
6589 NULL, HFILL }},
6590
6591 { &hf_dns_wks_protocol,
6592 { "Protocol", "dns.wks.protocol",
6593 FT_UINT8, BASE_DEC | BASE_EXT_STRING, &ipproto_val_ext, 0x0,
6594 NULL, HFILL }},
6595
6596 { &hf_dns_wks_bits,
6597 { "Bits", "dns.wks.bits",
6598 FT_UINT8, BASE_HEX, NULL, 0x0,
6599 NULL, HFILL }},
6600
6601 { &hf_dns_hinfo_cpu_length,
6602 { "CPU Length", "dns.hinfo.cpu_length",
6603 FT_UINT8, BASE_DEC, NULL, 0x0,
6604 NULL, HFILL }},
6605
6606 { &hf_dns_hinfo_cpu,
6607 { "CPU", "dns.hinfo.cpu",
6608 FT_STRING, BASE_NONE, NULL, 0x0,
6609 NULL, HFILL }},
6610
6611 { &hf_dns_hinfo_os_length,
6612 { "OS Length", "dns.hinfo.os_length",
6613 FT_UINT8, BASE_DEC, NULL, 0x0,
6614 NULL, HFILL }},
6615
6616 { &hf_dns_hinfo_os,
6617 { "OS", "dns.hinfo.os",
6618 FT_STRING, BASE_NONE, NULL, 0x0,
6619 NULL, HFILL }},
6620
6621 { &hf_dns_minfo_r_mailbox,
6622 { "Responsible Mailbox", "dns.minfo.r",
6623 FT_STRING, BASE_NONE, NULL, 0x0,
6624 NULL, HFILL }},
6625
6626 { &hf_dns_minfo_e_mailbox,
6627 { "Error Mailbox", "dns.minfo.e",
6628 FT_STRING, BASE_NONE, NULL, 0x0,
6629 NULL, HFILL }},
6630
6631 { &hf_dns_mx_preference,
6632 { "Preference", "dns.mx.preference",
6633 FT_UINT16, BASE_DEC, NULL, 0x0,
6634 NULL, HFILL }},
6635
6636 { &hf_dns_mx_mail_exchange,
6637 { "Mail Exchange", "dns.mx.mail_exchange",
6638 FT_STRING, BASE_NONE, NULL, 0x0,
6639 NULL, HFILL }},
6640
6641 { &hf_dns_txt_length,
6642 { "TXT Length", "dns.txt.length",
6643 FT_UINT8, BASE_DEC, NULL, 0x0,
6644 NULL, HFILL }},
6645
6646 { &hf_dns_txt,
6647 { "TXT", "dns.txt",
6648 FT_STRING, BASE_NONE, NULL, 0x0,
6649 NULL, HFILL }},
6650
6651 { &hf_dns_openpgpkey,
6652 { "OpenPGP Key", "dns.openpgpkey",
6653 FT_STRING, BASE_NONE, NULL, 0x0,
6654 NULL, HFILL }},
6655
6656 { &hf_dns_csync_soa,
6657 { "SOA", "dns.csync.soa",
6658 FT_UINT32, BASE_DEC, NULL, 0x0,
6659 NULL, HFILL }},
6660
6661 { &hf_dns_csync_flags,
6662 { "Flags", "dns.csync.flags",
6663 FT_UINT16, BASE_HEX, NULL, 0x0,
6664 NULL, HFILL }},
6665
6666 { &hf_dns_csync_flags_immediate,
6667 { "immediate", "dns.csync.flags.immediate",
6668 FT_BOOLEAN, 16, NULL, 0x0001,
6669 NULL, HFILL }},
6670
6671 { &hf_dns_csync_flags_soaminimum,
6672 { "soaminimum", "dns.csync.flags.soaminimum",
6673 FT_BOOLEAN, 16, NULL, 0x0002,
6674 NULL, HFILL }},
6675
6676 { &hf_dns_csync_type_bitmap,
6677 { "Type Bitmap", "dns.csync.type_bitmap",
6678 FT_BYTES, BASE_NONE, NULL, 0x0,
6679 NULL, HFILL }},
6680
6681 { &hf_dns_zonemd_serial,
6682 { "Serial", "dns.zonemd.serial",
6683 FT_UINT32, BASE_DEC, NULL, 0x0,
6684 NULL, HFILL }},
6685
6686 { &hf_dns_zonemd_scheme,
6687 { "Scheme", "dns.zonemd.scheme",
6688 FT_UINT8, BASE_DEC | BASE_RANGE_STRING, RVALS(dns_zonemd_scheme), 0x0,
6689 NULL, HFILL }},
6690
6691 { &hf_dns_zonemd_hash_algo,
6692 { "Hash Algorithm", "dns.zonemd.hash_algo",
6693 FT_UINT8, BASE_DEC | BASE_RANGE_STRING, RVALS(dns_zonemd_hash_algo), 0x0,
6694 NULL, HFILL }},
6695
6696 { &hf_dns_zonemd_digest,
6697 { "Digest", "dns.zonemd.digest",
6698 FT_BYTES, BASE_NONE, NULL, 0x0,
6699 NULL, HFILL }},
6700
6701 { &hf_dns_svcb_priority,
6702 { "SvcPriority", "dns.svcb.svcpriority",
6703 FT_UINT16, BASE_DEC, NULL, 0x0,
6704 NULL, HFILL }},
6705
6706 { &hf_dns_svcb_target,
6707 { "TargetName", "dns.svcb.targetname",
6708 FT_STRING, BASE_NONE, NULL, 0x0,
6709 NULL, HFILL }},
6710
6711 { &hf_dns_svcb_param_key,
6712 { "SvcParamKey", "dns.svcb.svcparam.key",
6713 FT_UINT16, BASE_DEC, VALS(dns_svcb_param_key_vals), 0x0,
6714 NULL, HFILL }},
6715
6716 { &hf_dns_svcb_param_length,
6717 { "SvcParamValue length", "dns.svcb.svcparam.value.length",
6718 FT_UINT16, BASE_DEC, NULL, 0x0,
6719 NULL, HFILL }},
6720
6721 { &hf_dns_svcb_param_value,
6722 { "SvcParamValue", "dns.svcb.svcparam.value",
6723 FT_BYTES, BASE_NONE, NULL, 0x0,
6724 NULL, HFILL }},
6725
6726 { &hf_dns_svcb_param,
6727 { "SvcParam", "dns.svcb.svcparam",
6728 FT_NONE, BASE_NONE, NULL, 0x0,
6729 NULL, HFILL }},
6730
6731 { &hf_dns_svcb_param_mandatory_key,
6732 { "Mandatory key", "dns.svcb.svcparam.mandatory.key",
6733 FT_UINT16, BASE_DEC, VALS(dns_svcb_param_key_vals), 0x0,
6734 "Mandatory keys in this RR", HFILL }},
6735
6736 { &hf_dns_svcb_param_alpn_length,
6737 { "ALPN length", "dns.svcb.svcparam.alpn.length",
6738 FT_UINT8, BASE_DEC, NULL, 0x0,
6739 NULL, HFILL }},
6740
6741 { &hf_dns_svcb_param_alpn,
6742 { "ALPN", "dns.svcb.svcparam.alpn",
6743 FT_STRING, BASE_NONE, NULL, 0x0,
6744 "Additional supported protocols", HFILL }},
6745
6746 { &hf_dns_svcb_param_port,
6747 { "Port", "dns.svcb.svcparam.port",
6748 FT_UINT16, BASE_DEC, NULL, 0x0,
6749 "Port for alternative endpoint", HFILL }},
6750
6751 { &hf_dns_svcb_param_ipv4hint_ip,
6752 { "IP", "dns.svcb.svcparam.ipv4hint.ip",
6753 FT_IPv4, BASE_NONE, NULL, 0x0,
6754 "IPv4 address hints", HFILL }},
6755
6756 { &hf_dns_svcb_param_ipv6hint_ip,
6757 { "IP", "dns.svcb.svcparam.ipv6hint.ip",
6758 FT_IPv6, BASE_NONE, NULL, 0x0,
6759 "IPv6 address hints", HFILL }},
6760
6761 { &hf_dns_svcb_param_dohpath,
6762 { "DoH path", "dns.svcb.svcparam.dohpath",
6763 FT_STRING, BASE_NONE, NULL, 0x0,
6764 "DoH URI template", HFILL}},
6765
6766 { &hf_dns_svcb_param_odohconfig,
6767 { "ODoHConfig", "dns.svcb.svcparam.odohconfig",
6768 FT_BYTES, BASE_NONE, NULL, 0x0,
6769 "Oblivious DoH keys", HFILL }},
6770
6771 { &hf_dns_spf_length,
6772 { "SPF Length", "dns.spf.length",
6773 FT_UINT8, BASE_DEC, NULL, 0x0,
6774 NULL, HFILL }},
6775
6776 { &hf_dns_spf,
6777 { "SPF", "dns.spf",
6778 FT_STRING, BASE_NONE, NULL, 0x0,
6779 NULL, HFILL }},
6780
6781 { &hf_dns_ilnp_nodeid_preference,
6782 { "Preference", "dns.ilnp.nid.preference",
6783 FT_UINT16, BASE_DEC, NULL, 0x0,
6784 NULL, HFILL }},
6785
6786 { &hf_dns_ilnp_nodeid,
6787 { "NodeID", "dns.ilnp.nid",
6788 FT_BYTES, BASE_NONE, NULL, 0x0,
6789 NULL, HFILL }},
6790
6791 { &hf_dns_ilnp_locator32_preference,
6792 { "Preference", "dns.ilnp.l32.preference",
6793 FT_UINT16, BASE_DEC, NULL, 0x0,
6794 NULL, HFILL }},
6795
6796 { &hf_dns_ilnp_locator32,
6797 { "Locator32", "dns.ilnp.l32",
6798 FT_IPv4, BASE_NONE, NULL, 0x0,
6799 NULL, HFILL }},
6800
6801 { &hf_dns_ilnp_locator64_preference,
6802 { "Preference", "dns.ilnp.l64.preference",
6803 FT_UINT16, BASE_DEC, NULL, 0x0,
6804 NULL, HFILL }},
6805
6806 { &hf_dns_ilnp_locator64,
6807 { "Locator64", "dns.ilnp.l64",
6808 FT_BYTES, BASE_NONE, NULL, 0x0,
6809 NULL, HFILL }},
6810
6811 { &hf_dns_ilnp_locatorfqdn_preference,
6812 { "Preference", "dns.ilnp.lp.preference",
6813 FT_UINT16, BASE_DEC, NULL, 0x0,
6814 NULL, HFILL }},
6815
6816 { &hf_dns_ilnp_locatorfqdn,
6817 { "Locator FQDN", "dns.ilnp.lp",
6818 FT_STRING, BASE_NONE, NULL, 0x0,
6819 NULL, HFILL }},
6820
6821 { &hf_dns_eui48,
6822 { "EUI48 Address", "dns.eui48",
6823 FT_ETHER, BASE_NONE, NULL, 0x0,
6824 NULL, HFILL }},
6825
6826 { &hf_dns_eui64,
6827 { "EUI64 Address", "dns.eui64",
6828 FT_EUI64, BASE_NONE, NULL, 0x0,
6829 NULL, HFILL }},
6830
6831 { &hf_dns_rrsig_type_covered,
6832 { "Type Covered", "dns.rrsig.type_covered",
6833 FT_UINT16, BASE_DEC|BASE_EXT_STRING, &dns_types_vals_ext, 0x0,
6834 "Identifies the type of the RRset that is covered by this RRSIG record", HFILL }},
6835
6836 { &hf_dns_rrsig_algorithm,
6837 { "Algorithm", "dns.rrsig.algorithm",
6838 FT_UINT8, BASE_DEC, VALS(dnssec_algo_vals), 0x0,
6839 "Identifies the cryptographic algorithm used to create the signature", HFILL }},
6840
6841 { &hf_dns_rrsig_labels,
6842 { "Labels", "dns.rrsig.labels",
6843 FT_UINT8, BASE_DEC, NULL, 0x0,
6844 "Specifies the number of labels in the original RRSIG RR owner name", HFILL }},
6845
6846 { &hf_dns_rrsig_original_ttl,
6847 { "Original TTL", "dns.rrsig.original_ttl",
6848 FT_UINT32, BASE_DEC, NULL, 0x0,
6849 "Specifies the TTL of the covered RRset as it appears in the authoritative zone", HFILL }},
6850
6851 { &hf_dns_rrsig_signature_expiration,
6852 { "Signature Expiration", "dns.rrsig.signature_expiration",
6853 FT_ABSOLUTE_TIME, ABSOLUTE_TIME_LOCAL, NULL, 0x0,
6854 "Specify a validity period for the signature", HFILL }},
6855
6856 { &hf_dns_rrsig_signature_inception,
6857 { "Signature Inception", "dns.rrsig.signature_inception",
6858 FT_ABSOLUTE_TIME, ABSOLUTE_TIME_LOCAL, NULL, 0x0,
6859 "Specify a validity period for the signature", HFILL }},
6860
6861 { &hf_dns_rrsig_key_tag,
6862 { "Key Tag", "dns.rrsig.key_tag",
6863 FT_UINT16, BASE_DEC, NULL, 0x0,
6864 "Contains the key tag value of the DNSKEY RR that validates this signature", HFILL }},
6865
6866 { &hf_dns_rrsig_signers_name,
6867 { "Signer's name", "dns.rrsig.signers_name",
6868 FT_STRING, BASE_NONE, NULL, 0x0,
6869 "Identifies the owner name of the DNSKEY RR that a validator is supposed to use to validate this signature", HFILL }},
6870
6871 { &hf_dns_rrsig_signature,
6872 { "Signature", "dns.rrsig.signature",
6873 FT_BYTES, BASE_NONE, NULL, 0x0,
6874 "Contains the cryptographic signature that covers the RRSIG RDATA", HFILL }},
6875
6876 { &hf_dns_dnskey_flags,
6877 { "Flags", "dns.dnskey.flags",
6878 FT_UINT16, BASE_HEX, NULL, 0x0,
6879 NULL, HFILL }},
6880
6881 { &hf_dns_dnskey_flags_zone_key,
6882 { "Zone Key", "dns.dnskey.flags.zone_key",
6883 FT_BOOLEAN, 16, TFS(&dns_dnskey_zone_key_tfs), DNSKEY_FLAGS_ZK,
6884 NULL, HFILL }},
6885
6886 { &hf_dns_dnskey_flags_key_revoked,
6887 { "Key Revoked", "dns.dnskey.flags.key_revoked",
6888 FT_BOOLEAN, 16, TFS(&tfs_yes_no), DNSKEY_FLAGS_KR,
6889 NULL, HFILL }},
6890
6891 { &hf_dns_dnskey_flags_secure_entry_point,
6892 { "Key Signing Key", "dns.dnskey.flags.secure_entry_point",
6893 FT_BOOLEAN, 16, TFS(&tfs_yes_no), DNSKEY_FLAGS_SEP,
6894 NULL, HFILL }},
6895
6896 { &hf_dns_dnskey_flags_reserved,
6897 { "Key Signing Key", "dns.dnskey.flags.reserved",
6898 FT_UINT16, BASE_HEX, NULL, DNSKEY_FLAGS_RSV,
6899 "Must be zero", HFILL }},
6900
6901 { &hf_dns_dnskey_protocol,
6902 { "Protocol", "dns.dnskey.protocol",
6903 FT_UINT8, BASE_DEC, NULL, 0x0,
6904 "Must be 3", HFILL }},
6905
6906 { &hf_dns_dnskey_algorithm,
6907 { "Algorithm", "dns.dnskey.algorithm",
6908 FT_UINT8, BASE_DEC, VALS(dnssec_algo_vals), 0x0,
6909 "Identifies the public key's cryptographic algorithm and determines the format of the Public Key field", HFILL }},
6910
6911 { &hf_dns_dnskey_key_id,
6912 { "Key id", "dns.dnskey.key_id",
6913 FT_UINT16, BASE_DEC, NULL, 0x0,
6914 NULL, HFILL }},
6915
6916 { &hf_dns_dnskey_public_key,
6917 { "Public Key", "dns.dnskey.public_key",
6918 FT_BYTES, BASE_NONE, NULL, 0x0,
6919 NULL, HFILL }},
6920
6921 { &hf_dns_key_flags,
6922 { "Flags", "dns.key.flags",
6923 FT_UINT16, BASE_HEX, NULL, 0x0,
6924 NULL, HFILL }},
6925
6926 { &hf_dns_key_flags_authentication,
6927 { "Key allowed for authentication", "dns.key.flags.authentication",
6928 FT_BOOLEAN, 16, TFS(&tfs_not_allowed_allowed), 0x8000,
6929 NULL, HFILL }},
6930
6931 { &hf_dns_key_flags_confidentiality,
6932 { "Key allowed for confidentiality", "dns.key.flags.confidentiality",
6933 FT_BOOLEAN, 16, TFS(&tfs_not_allowed_allowed), 0x4000,
6934 NULL, HFILL }},
6935
6936 { &hf_dns_key_flags_key_required,
6937 { "Key required", "dns.key.flags.required",
6938 FT_BOOLEAN, 16, TFS(&tfs_required_experimental), 0x2000,
6939 NULL, HFILL }},
6940
6941 { &hf_dns_key_flags_associated_user,
6942 { "Key is associated with a user", "dns.key.flags.associated_user",
6943 FT_BOOLEAN, 16, TFS(&tfs_yes_no), 0x0400,
6944 NULL, HFILL }},
6945
6946 { &hf_dns_key_flags_associated_named_entity,
6947 { "Key is associated with the named entity", "dns.key.flags.associated_named_entity",
6948 FT_BOOLEAN, 16, TFS(&tfs_yes_no), 0x0200,
6949 NULL, HFILL }},
6950
6951 { &hf_dns_key_flags_ipsec,
6952 { "Key use with IPSEC", "dns.key.flags.ipsec",
6953 FT_BOOLEAN, 16, TFS(&tfs_valid_invalid), 0x0080,
6954 NULL, HFILL }},
6955
6956 { &hf_dns_key_flags_mime,
6957 { "Key use with MIME security multiparts", "dns.key.flags.mime",
6958 FT_BOOLEAN, 16, TFS(&tfs_valid_invalid), 0x0040,
6959 NULL, HFILL }},
6960
6961 { &hf_dns_key_flags_signatory,
6962 { "Signatory", "dns.key.flags.signatory",
6963 FT_UINT16, BASE_DEC, NULL, 0x000F,
6964 NULL, HFILL }},
6965
6966 { &hf_dns_key_protocol,
6967 { "Protocol", "dns.key.protocol",
6968 FT_UINT8, BASE_DEC, NULL, 0x0,
6969 NULL, HFILL }},
6970
6971 { &hf_dns_key_algorithm,
6972 { "Algorithm", "dns.key.algorithm",
6973 FT_UINT8, BASE_DEC, VALS(dnssec_algo_vals), 0x0,
6974 NULL, HFILL }},
6975
6976 { &hf_dns_key_key_id,
6977 { "Key ID", "dns.key.key_id",
6978 FT_UINT16, BASE_DEC, NULL, 0x0,
6979 NULL, HFILL }},
6980
6981 { &hf_dns_key_public_key,
6982 { "Public Key", "dns.key.public_key",
6983 FT_BYTES, BASE_NONE, NULL, 0x0,
6984 NULL, HFILL }},
6985
6986 { &hf_dns_px_preference,
6987 { "Preference", "dns.px.preference",
6988 FT_UINT16, BASE_DEC, NULL, 0x0,
6989 NULL, HFILL }},
6990
6991 { &hf_dns_px_map822,
6992 { "MAP822", "dns.px.map822",
6993 FT_STRING, BASE_NONE, NULL, 0x0,
6994 NULL, HFILL }},
6995
6996 { &hf_dns_px_mapx400,
6997 { "MAPX400", "dns.px.map400",
6998 FT_STRING, BASE_NONE, NULL, 0x0,
6999 NULL, HFILL }},
7000
7001 { &hf_dns_tkey_algo_name,
7002 { "Algorithm name", "dns.tkey.algo_name",
7003 FT_STRING, BASE_NONE, NULL, 0x0,
7004 NULL, HFILL }},
7005
7006 { &hf_dns_tkey_signature_expiration,
7007 { "Signature Expiration", "dns.tkey.signature_expiration",
7008 FT_ABSOLUTE_TIME, ABSOLUTE_TIME_LOCAL, NULL, 0x0,
7009 "Specify a validity period for the signature", HFILL }},
7010
7011 { &hf_dns_tkey_signature_inception,
7012 { "Signature Inception", "dns.tkey.signature_inception",
7013 FT_ABSOLUTE_TIME, ABSOLUTE_TIME_LOCAL, NULL, 0x0,
7014 "Specify a validity period for the signature", HFILL }},
7015
7016 { &hf_dns_tkey_mode,
7017 { "Mode", "dns.tkey.mode",
7018 FT_UINT16, BASE_DEC, VALS(tkey_mode_vals), 0x0,
7019 NULL, HFILL }},
7020
7021 { &hf_dns_tkey_error,
7022 { "Error", "dns.tkey.error",
7023 FT_UINT16, BASE_DEC, VALS(rcode_vals), 0x0,
7024 NULL, HFILL }},
7025
7026 { &hf_dns_tkey_key_size,
7027 { "Key Size", "dns.tkey.key_size",
7028 FT_UINT16, BASE_DEC, NULL, 0x0,
7029 NULL, HFILL }},
7030
7031 { &hf_dns_tkey_key_data,
7032 { "Key Data", "dns.tkey.key_data",
7033 FT_BYTES, BASE_NONE, NULL, 0x0,
7034 NULL, HFILL }},
7035
7036 { &hf_dns_tkey_other_size,
7037 { "Other Size", "dns.tkey.other_size",
7038 FT_UINT16, BASE_DEC, NULL, 0x0,
7039 NULL, HFILL }},
7040
7041 { &hf_dns_tkey_other_data,
7042 { "Other Data", "dns.tkey.other_data",
7043 FT_BYTES, BASE_NONE, NULL, 0x0,
7044 NULL, HFILL }},
7045
7046 { &hf_dns_ipseckey_gateway_precedence,
7047 { "Gateway Precedence", "dns.ipseckey.gateway_precedence",
7048 FT_UINT8, BASE_DEC, NULL, 0x0,
7049 NULL, HFILL }},
7050
7051 { &hf_dns_ipseckey_gateway_algorithm,
7052 { "Gateway Algorithm", "dns.ipseckey.gateway_algorithm",
7053 FT_UINT8, BASE_DEC, VALS(gw_algo_vals), 0x0,
7054 NULL, HFILL }},
7055
7056 { &hf_dns_ipseckey_gateway_type,
7057 { "Gateway Type", "dns.ipseckey.gateway_type",
7058 FT_UINT8, BASE_DEC, VALS(gw_type_vals), 0x0,
7059 NULL, HFILL }},
7060
7061 { &hf_dns_ipseckey_gateway_ipv4,
7062 { "IPv4 Gateway", "dns.ipseckey.gateway_ipv4",
7063 FT_IPv4, BASE_NONE, NULL, 0x0,
7064 NULL, HFILL }},
7065
7066 { &hf_dns_ipseckey_gateway_ipv6,
7067 { "IPv6 Gateway", "dns.ipseckey.gateway_ipv6",
7068 FT_IPv6, BASE_NONE, NULL, 0x0,
7069 NULL, HFILL }},
7070
7071 { &hf_dns_ipseckey_gateway_dns,
7072 { "DNS Gateway", "dns.ipseckey.gateway_dns",
7073 FT_STRING, BASE_NONE, NULL, 0x0,
7074 NULL, HFILL }},
7075
7076 { &hf_dns_ipseckey_public_key,
7077 { "Public Key", "dns.ipseckey.public_key",
7078 FT_BYTES, BASE_NONE, NULL, 0x0,
7079 NULL, HFILL }},
7080
7081 { &hf_dns_xpf_ip_version,
7082 { "IP Version", "dns.xpf.ip_version",
7083 FT_UINT16, BASE_DEC,
7084 VALS(ip_version_vals), 0x0,
7085 NULL, HFILL }},
7086
7087 { &hf_dns_xpf_protocol,
7088 { "Protocol", "dns.xpf.protocol",
7089 FT_UINT8, BASE_DEC|BASE_EXT_STRING,
7090 &ipproto_val_ext, 0x0,
7091 NULL, HFILL }},
7092
7093 { &hf_dns_xpf_source_ipv4,
7094 { "IPv4 Source", "dns.xpf.source_ipv4",
7095 FT_IPv4, BASE_NONE, NULL, 0x0,
7096 NULL, HFILL }},
7097
7098 { &hf_dns_xpf_destination_ipv4,
7099 { "IPv4 Destination", "dns.xpf.destination_ipv4",
7100 FT_IPv4, BASE_NONE, NULL, 0x0,
7101 NULL, HFILL }},
7102
7103 { &hf_dns_xpf_source_ipv6,
7104 { "IPv6 Source", "dns.xpf.source_ipv6",
7105 FT_IPv6, BASE_NONE, NULL, 0x0,
7106 NULL, HFILL }},
7107
7108 { &hf_dns_xpf_destination_ipv6,
7109 { "IPv6 Destination", "dns.xpf.destination_ipv6",
7110 FT_IPv6, BASE_NONE, NULL, 0x0,
7111 NULL, HFILL }},
7112
7113 { &hf_dns_xpf_sport,
7114 { "Source port", "dns.xpf.sport",
7115 FT_UINT16, BASE_DEC, NULL, 0x0,
7116 NULL, HFILL }},
7117
7118 { &hf_dns_xpf_dport,
7119 { "Destination port", "dns.xpf.dport",
7120 FT_UINT16, BASE_DEC, NULL, 0x0,
7121 NULL, HFILL }},
7122
7123 { &hf_dns_a6_prefix_len,
7124 { "Prefix len", "dns.a6.prefix_len",
7125 FT_UINT8, BASE_DEC, NULL, 0x0,
7126 NULL, HFILL }},
7127
7128 { &hf_dns_a6_address_suffix,
7129 { "Address Suffix", "dns.a6.address_suffix",
7130 FT_IPv6, BASE_NONE, NULL, 0x0,
7131 NULL, HFILL }},
7132
7133 { &hf_dns_a6_prefix_name,
7134 { "Prefix name", "dns.a6.prefix_name",
7135 FT_STRING, BASE_NONE, NULL, 0x0,
7136 NULL, HFILL }},
7137
7138 { &hf_dns_dname,
7139 { "Dname", "dns.dname",
7140 FT_STRING, BASE_NONE, NULL, 0x0,
7141 NULL, HFILL }},
7142
7143 { &hf_dns_loc_version,
7144 { "Version", "dns.loc.version",
7145 FT_UINT8, BASE_DEC, NULL, 0x0,
7146 NULL, HFILL }},
7147
7148 { &hf_dns_loc_size,
7149 { "Size", "dns.loc.size",
7150 FT_UINT8, BASE_DEC, NULL, 0x0,
7151 NULL, HFILL }},
7152
7153 { &hf_dns_loc_horizontal_precision,
7154 { "Horizontal Precision", "dns.loc.horizontal_precision",
7155 FT_UINT8, BASE_DEC, NULL, 0x0,
7156 NULL, HFILL }},
7157
7158 { &hf_dns_loc_vertical_precision,
7159 { "Vertical Precision", "dns.loc.vertical_precision",
7160 FT_UINT8, BASE_DEC, NULL, 0x0,
7161 NULL, HFILL }},
7162
7163 { &hf_dns_loc_latitude,
7164 { "Latitude", "dns.loc.latitude",
7165 FT_UINT32, BASE_DEC, NULL, 0x0,
7166 NULL, HFILL }},
7167
7168 { &hf_dns_loc_longitude,
7169 { "Longitude", "dns.loc.longitude",
7170 FT_UINT32, BASE_DEC, NULL, 0x0,
7171 NULL, HFILL }},
7172
7173 { &hf_dns_loc_altitude,
7174 { "Altitude", "dns.loc.altitude",
7175 FT_UINT32, BASE_DEC, NULL, 0x0,
7176 NULL, HFILL }},
7177
7178 { &hf_dns_loc_unknown_data,
7179 { "Unknown data", "dns.loc.unknown_data",
7180 FT_BYTES, BASE_NONE, NULL, 0x0,
7181 NULL, HFILL }},
7182
7183 { &hf_dns_nxt_next_domain_name,
7184 { "Next Domain Name", "dns.nxt.next_domain_name",
7185 FT_STRING, BASE_NONE, NULL, 0x0,
7186 NULL, HFILL }},
7187
7188 { &hf_dns_kx_preference,
7189 { "Preference", "dns.kx.preference",
7190 FT_UINT16, BASE_DEC, NULL, 0x0,
7191 NULL, HFILL }},
7192
7193 { &hf_dns_kx_key_exchange,
7194 { "Key Exchange", "dns.kx.key_exchange",
7195 FT_STRING, BASE_NONE, NULL, 0x0,
7196 NULL, HFILL }},
7197
7198 { &hf_dns_cert_type,
7199 { "Type", "dns.cert.type",
7200 FT_UINT16, BASE_DEC, VALS(dns_cert_type_vals), 0x0,
7201 NULL, HFILL }},
7202
7203 { &hf_dns_cert_key_tag,
7204 { "Key Tag", "dns.cert.key_tag",
7205 FT_UINT16, BASE_HEX, NULL, 0x0,
7206 NULL, HFILL }},
7207
7208 { &hf_dns_cert_algorithm,
7209 { "Algorithm", "dns.cert.algorithm",
7210 FT_UINT8, BASE_DEC, VALS(dnssec_algo_vals), 0x0,
7211 NULL, HFILL }},
7212
7213 { &hf_dns_cert_certificate,
7214 { "Certificate (or CRL)", "dns.cert.certificate",
7215 FT_BYTES, BASE_NONE, NULL, 0x0,
7216 NULL, HFILL }},
7217
7218 { &hf_dns_nsec_next_domain_name,
7219 { "Next Domain Name", "dns.nsec.next_domain_name",
7220 FT_STRING, BASE_NONE, NULL, 0x0,
7221 NULL, HFILL }},
7222
7223 { &hf_dns_ns,
7224 { "Name Server", "dns.ns",
7225 FT_STRING, BASE_NONE, NULL, 0x0,
7226 NULL, HFILL }},
7227
7228 { &hf_dns_opt,
7229 { "Option", "dns.opt",
7230 FT_NONE, BASE_NONE,
7231 NULL, 0x0,
7232 NULL, HFILL }},
7233
7234 { &hf_dns_opt_code,
7235 { "Option Code", "dns.opt.code",
7236 FT_UINT16, BASE_DEC,
7237 VALS(edns0_opt_code_vals), 0x0,
7238 NULL, HFILL }},
7239
7240 { &hf_dns_opt_len,
7241 { "Option Length", "dns.opt.len",
7242 FT_UINT16, BASE_DEC, NULL, 0x0,
7243 NULL, HFILL }},
7244
7245 { &hf_dns_opt_data,
7246 { "Option Data", "dns.opt.data",
7247 FT_BYTES, BASE_NONE, NULL, 0x0,
7248 NULL, HFILL }},
7249
7250 { &hf_dns_opt_dau,
7251 { "DAU", "dns.opt.dau",
7252 FT_UINT8, BASE_DEC, VALS(dnssec_algo_vals), 0x0,
7253 "DNSSEC Algorithm Understood", HFILL }},
7254
7255 { &hf_dns_opt_dhu,
7256 { "DHU", "dns.opt.dhu",
7257 FT_UINT8, BASE_DEC, VALS(dns_ds_digest_vals), 0x0,
7258 "DS Hash Understood", HFILL }},
7259
7260 { &hf_dns_opt_n3u,
7261 { "N3U", "dns.opt.n3u",
7262 FT_UINT8, BASE_DEC, VALS(hash_algorithms), 0x0,
7263 "NSEC3 Hash Understood", HFILL }},
7264
7265 { &hf_dns_opt_client_family,
7266 { "Family", "dns.opt.client.family",
7267 FT_UINT16, BASE_DEC,
7268 VALS(afn_vals), 0x0,
7269 NULL, HFILL }},
7270
7271 { &hf_dns_opt_client_netmask,
7272 { "Source Netmask", "dns.opt.client.netmask",
7273 FT_UINT8, BASE_DEC, NULL, 0x0,
7274 NULL, HFILL }},
7275
7276 { &hf_dns_opt_client_scope,
7277 { "Scope Netmask", "dns.opt.client.scope",
7278 FT_UINT8, BASE_DEC, NULL, 0x0,
7279 NULL, HFILL }},
7280
7281 { &hf_dns_opt_client_addr,
7282 { "Client Subnet", "dns.opt.client.addr",
7283 FT_BYTES, BASE_NONE, NULL, 0x0,
7284 NULL, HFILL }},
7285
7286 { &hf_dns_opt_client_addr4,
7287 { "Client Subnet", "dns.opt.client.addr4",
7288 FT_IPv4, BASE_NONE, NULL, 0x0,
7289 NULL, HFILL }},
7290
7291 { &hf_dns_opt_client_addr6,
7292 { "Client Subnet", "dns.opt.client.addr6",
7293 FT_IPv6, BASE_NONE, NULL, 0x0,
7294 NULL, HFILL }},
7295
7296 { &hf_dns_opt_cookie_client,
7297 { "Client Cookie", "dns.opt.cookie.client",
7298 FT_BYTES, BASE_NONE, NULL, 0x0,
7299 NULL, HFILL }},
7300
7301 { &hf_dns_opt_cookie_server,
7302 { "Server Cookie", "dns.opt.cookie.server",
7303 FT_BYTES, BASE_NONE, NULL, 0x0,
7304 NULL, HFILL }},
7305
7306 { &hf_dns_opt_edns_tcp_keepalive_timeout,
7307 { "Timeout", "dns.opt.edns_tcp_keepalive.timeout",
7308 FT_UINT16, BASE_DEC, NULL, 0x0,
7309 "an idle timeout value for the TCP connection, specified in units of 100 milliseconds", HFILL }},
7310
7311 { &hf_dns_opt_padding,
7312 { "Padding", "dns.opt.padding",
7313 FT_BYTES, BASE_NONE, NULL, 0x0,
7314 "The PADDING octets SHOULD be set to 0x00", HFILL }},
7315
7316 { &hf_dns_opt_chain_fqdn,
7317 { "Closest Trust Point", "dns.opt.chain.fqdn",
7318 FT_STRING, BASE_NONE, NULL, 0x0,
7319 "A variable length Fully Qualified Domain Name (FQDN) in DNS wire format of the requested start point of the chain", HFILL }},
7320
7321 { &hf_dns_opt_ext_error_info_code,
7322 { "Info Code", "dns.opt.ext_error.info_code",
7323 FT_UINT16, BASE_DEC | BASE_RANGE_STRING, RVALS(dns_ext_err_info_code), 0x0,
7324 NULL, HFILL }},
7325
7326 { &hf_dns_opt_ext_error_extra_text,
7327 { "Extra Text", "dns.opt.ext_error.extra_text",
7328 FT_STRING, BASE_NONE, NULL, 0x0,
7329 NULL, HFILL }},
7330
7331 { &hf_dns_opt_agent_domain,
7332 { "Agent Domain", "dns.opt.agent_domain",
7333 FT_STRING, BASE_NONE, NULL, 0x0,
7334 NULL, HFILL }},
7335
7336 { &hf_dns_opt_zoneversion_labelcount,
7337 { "Labelcount", "dns.opt.zoneversion.labelcount",
7338 FT_UINT8, BASE_DEC, NULL, 0x0,
7339 NULL, HFILL }},
7340
7341 { &hf_dns_opt_zoneversion_type,
7342 { "Type", "dns.opt.zoneversion.type",
7343 FT_UINT8, BASE_DEC | BASE_RANGE_STRING, RVALS(dns_zoneversion_type), 0x0,
7344 NULL, HFILL }},
7345
7346 { &hf_dns_opt_zoneversion_soa,
7347 { "SOA-SERIAL", "dns.opt.zoneversion.soa",
7348 FT_UINT32, BASE_DEC, NULL, 0x0,
7349 NULL, HFILL }},
7350
7351 { &hf_dns_opt_zoneversion_version,
7352 { "Version", "dns.opt.zoneversion.version",
7353 FT_BYTES, BASE_NONE, NULL, 0x0,
7354 NULL, HFILL }},
7355
7356 { &hf_dns_count_questions,
7357 { "Questions", "dns.count.queries",
7358 FT_UINT16, BASE_DEC, NULL, 0x0,
7359 "Number of queries in packet", HFILL }},
7360
7361 { &hf_dns_count_zones,
7362 { "Zones", "dns.count.zones",
7363 FT_UINT16, BASE_DEC, NULL, 0x0,
7364 "Number of zones in packet", HFILL }},
7365
7366 { &hf_dns_count_answers,
7367 { "Answer RRs", "dns.count.answers",
7368 FT_UINT16, BASE_DEC, NULL, 0x0,
7369 "Number of answers in packet", HFILL }},
7370
7371 { &hf_dns_count_prerequisites,
7372 { "Prerequisites", "dns.count.prerequisites",
7373 FT_UINT16, BASE_DEC, NULL, 0x0,
7374 "Number of prerequisites in packet", HFILL }},
7375
7376 { &hf_dns_count_auth_rr,
7377 { "Authority RRs", "dns.count.auth_rr",
7378 FT_UINT16, BASE_DEC, NULL, 0x0,
7379 "Number of authoritative records in packet", HFILL }},
7380
7381 { &hf_dns_count_updates,
7382 { "Updates", "dns.count.updates",
7383 FT_UINT16, BASE_DEC, NULL, 0x0,
7384 "Number of updates records in packet", HFILL }},
7385
7386 { &hf_dns_nsec3_algo,
7387 { "Hash algorithm", "dns.nsec3.algo",
7388 FT_UINT8, BASE_DEC, VALS(hash_algorithms), 0,
7389 NULL, HFILL }},
7390
7391 { &hf_dns_nsec3_flags,
7392 { "NSEC3 flags", "dns.nsec3.flags",
7393 FT_UINT8, BASE_DEC, NULL, 0,
7394 NULL, HFILL }},
7395
7396 { &hf_dns_nsec3_flag_optout,
7397 { "NSEC3 Opt-out flag", "dns.nsec3.flags.opt_out",
7398 FT_BOOLEAN, 8, TFS(&tfs_flags_nsec3_optout), NSEC3_FLAG_OPTOUT,
7399 NULL, HFILL }},
7400
7401 { &hf_dns_nsec3_iterations,
7402 { "NSEC3 iterations", "dns.nsec3.iterations",
7403 FT_UINT16, BASE_DEC, NULL, 0,
7404 "Number of hashing iterations", HFILL }},
7405
7406 { &hf_dns_nsec3_salt_length,
7407 { "Salt length", "dns.nsec3.salt_length",
7408 FT_UINT8, BASE_DEC, NULL, 0,
7409 "Length of salt in bytes", HFILL }},
7410
7411 { &hf_dns_nsec3_salt_value,
7412 { "Salt value", "dns.nsec3.salt_value",
7413 FT_BYTES, BASE_NONE, NULL, 0,
7414 NULL, HFILL }},
7415
7416 { &hf_dns_nsec3_hash_length,
7417 { "Hash length", "dns.nsec3.hash_length",
7418 FT_UINT8, BASE_DEC, NULL, 0,
7419 "Length in bytes of next hashed owner", HFILL }},
7420
7421 { &hf_dns_nsec3_hash_value,
7422 { "Next hashed owner", "dns.nsec3.hash_value",
7423 FT_STRING, BASE_NONE, NULL, 0,
7424 NULL, HFILL }},
7425
7426 { &hf_dns_tlsa_certificate_usage,
7427 { "Certificate Usage", "dns.tlsa.certificate_usage",
7428 FT_UINT8, BASE_DEC, VALS(tlsa_certificate_usage_vals), 0,
7429 "Specifies the provided association that will be used to match the certificate presented in the TLS handshake", HFILL }},
7430
7431 { &hf_dns_tlsa_selector,
7432 { "Selector", "dns.tlsa.selector",
7433 FT_UINT8, BASE_DEC, VALS(tlsa_selector_vals), 0,
7434 "Specifies which part of the TLS certificate presented by the server will be matched against the association data", HFILL }},
7435
7436 { &hf_dns_tlsa_matching_type,
7437 { "Matching Type", "dns.tlsa.matching_type",
7438 FT_UINT8, BASE_DEC, VALS(tlsa_matching_type_vals), 0,
7439 "Specifies how the certificate association is presented", HFILL }},
7440
7441 { &hf_dns_tlsa_certificate_association_data,
7442 { "Certificate Association Data", "dns.tlsa.certificate_association_data",
7443 FT_BYTES, BASE_NONE, NULL, 0,
7444 "The data refers to the certificate in the association", HFILL }},
7445
7446 { &hf_dns_tsig_algorithm_name,
7447 { "Algorithm Name", "dns.tsig.algorithm_name",
7448 FT_STRING, BASE_NONE, NULL, 0x0,
7449 "Name of algorithm used for the MAC", HFILL }},
7450
7451 { &hf_dns_tsig_time_signed,
7452 { "Time Signed", "dns.tsig.time_signed",
7453 FT_ABSOLUTE_TIME, ABSOLUTE_TIME_LOCAL, NULL, 0x0,
7454 NULL, HFILL }},
7455
7456
7457 { &hf_dns_tsig_original_id,
7458 { "Original Id", "dns.tsig.original_id",
7459 FT_UINT16, BASE_DEC, NULL, 0x0,
7460 NULL, HFILL }},
7461
7462 { &hf_dns_tsig_error,
7463 { "Error", "dns.tsig.error",
7464 FT_UINT16, BASE_DEC, VALS(rcode_vals), 0x0,
7465 "Expanded RCODE for TSIG", HFILL }},
7466
7467 { &hf_dns_tsig_fudge,
7468 { "Fudge", "dns.tsig.fudge",
7469 FT_UINT16, BASE_DEC, NULL, 0x0,
7470 "Number of bytes for the MAC", HFILL }},
7471
7472 { &hf_dns_tsig_mac_size,
7473 { "MAC Size", "dns.tsig.mac_size",
7474 FT_UINT16, BASE_DEC, NULL, 0x0,
7475 "Number of bytes for the MAC", HFILL }},
7476
7477 { &hf_dns_tsig_other_len,
7478 { "Other Len", "dns.tsig.other_len",
7479 FT_UINT16, BASE_DEC, NULL, 0x0,
7480 "Number of bytes for Other Data", HFILL }},
7481
7482 { &hf_dns_tsig_mac,
7483 { "MAC", "dns.tsig.mac",
7484 FT_NONE, BASE_NONE, NULL, 0x0,
7485 NULL, HFILL }},
7486
7487 { &hf_dns_tsig_other_data,
7488 { "Other Data", "dns.tsig.other_data",
7489 FT_BYTES, BASE_NONE, NULL, 0x0,
7490 NULL, HFILL }},
7491
7492 { &hf_dns_response_in,
7493 { "Response In", "dns.response_in",
7494 FT_FRAMENUM, BASE_NONE, FRAMENUM_TYPE(FT_FRAMENUM_RESPONSE), 0x0,
7495 "The response to this DNS query is in this frame", HFILL }},
7496
7497 { &hf_dns_response_to,
7498 { "Request In", "dns.response_to",
7499 FT_FRAMENUM, BASE_NONE, FRAMENUM_TYPE(FT_FRAMENUM_REQUEST), 0x0,
7500 "This is a response to the DNS query in this frame", HFILL }},
7501
7502 { &hf_dns_retransmission,
7503 { "Retransmission", "dns.retransmission",
7504 FT_BOOLEAN, BASE_NONE, NULL, 0x0,
7505 "This is a retransmission", HFILL }},
7506
7507 { &hf_dns_retransmit_request_in,
7508 { "Retransmitted request. Original request in", "dns.retransmit_request_in",
7509 FT_FRAMENUM, BASE_NONE, NULL, 0x0,
7510 "This is a retransmitted DNS query", HFILL }},
7511
7512 { &hf_dns_retransmit_response_in,
7513 { "Retransmitted response. Original response in", "dns.retransmit_response_in",
7514 FT_FRAMENUM, BASE_NONE, NULL, 0x0,
7515 "This is a retransmitted DNS response", HFILL }},
7516
7517 { &hf_dns_time,
7518 { "Time", "dns.time",
7519 FT_RELATIVE_TIME, BASE_NONE, NULL, 0x0,
7520 "The time between the Query and the Response", HFILL }},
7521
7522 { &hf_dns_unsolicited,
7523 { "Unsolicited", "dns.unsolicited",
7524 FT_BOOLEAN, BASE_NONE, NULL, 0x0,
7525 "This is an unsolicited response", HFILL }},
7526
7527 { &hf_dns_count_add_rr,
7528 { "Additional RRs", "dns.count.add_rr",
7529 FT_UINT16, BASE_DEC, NULL, 0x0,
7530 "Number of additional records in packet", HFILL }},
7531
7532 { &hf_dns_sshfp_algorithm,
7533 { "Algorithm", "dns.sshfp.algorithm",
7534 FT_UINT8, BASE_DEC, VALS(sshfp_algo_vals), 0,
7535 NULL, HFILL }},
7536
7537 { &hf_dns_sshfp_fingerprint_type,
7538 { "Fingerprint type", "dns.sshfp.fingerprint.type",
7539 FT_UINT8, BASE_DEC, VALS(sshfp_fingertype_vals), 0,
7540 NULL, HFILL }},
7541
7542 { &hf_dns_sshfp_fingerprint,
7543 { "Fingerprint", "dns.sshfp.fingerprint",
7544 FT_BYTES, BASE_NONE, NULL, 0,
7545 NULL, HFILL }},
7546
7547 { &hf_dns_hip_hit_length,
7548 { "HIT length", "dns.hip.hit.length",
7549 FT_UINT8, BASE_DEC, NULL, 0,
7550 NULL, HFILL }},
7551
7552 { &hf_dns_hip_pk_algo,
7553 { "HIT length", "dns.hip.hit.pk.algo",
7554 FT_UINT8, BASE_DEC, VALS(hip_algo_vals), 0,
7555 NULL, HFILL }},
7556
7557 { &hf_dns_hip_pk_length,
7558 { "PK length", "dns.hip.pk.length",
7559 FT_UINT16, BASE_DEC, NULL, 0,
7560 NULL, HFILL }},
7561
7562 { &hf_dns_hip_hit,
7563 { "Host Identity Tag", "dns.hip.hit",
7564 FT_BYTES, BASE_NONE, NULL, 0,
7565 NULL, HFILL }},
7566
7567 { &hf_dns_hip_pk,
7568 { "HIP Public Key", "dns.hip.pk",
7569 FT_BYTES, BASE_NONE, NULL, 0,
7570 NULL, HFILL }},
7571
7572 { &hf_dns_hip_rendezvous_server,
7573 { "Rendezvous Server", "dns.hip.rendezvous_server",
7574 FT_STRING, BASE_NONE, NULL, 0,
7575 NULL, HFILL }},
7576
7577 { &hf_dns_dhcid_rdata,
7578 { "DHCID Data", "dns.dhcid.rdata",
7579 FT_BYTES, BASE_NONE, NULL, 0,
7580 NULL, HFILL }},
7581
7582 { &hf_dns_ds_key_id,
7583 { "Key id", "dns.ds.key_id",
7584 FT_UINT16, BASE_HEX, NULL, 0,
7585 NULL, HFILL }},
7586
7587 { &hf_dns_ds_algorithm,
7588 { "Algorithm", "dns.ds.algorithm",
7589 FT_UINT8, BASE_DEC, VALS(dnssec_algo_vals), 0,
7590 NULL, HFILL }},
7591
7592 { &hf_dns_ds_digest_type,
7593 { "Digest Type", "dns.ds.digest_type",
7594 FT_UINT8, BASE_DEC, VALS(dns_ds_digest_vals), 0,
7595 NULL, HFILL }},
7596
7597 { &hf_dns_ds_digest,
7598 { "Digest", "dns.ds.digest",
7599 FT_BYTES, BASE_NONE, NULL, 0,
7600 NULL, HFILL }},
7601
7602 { &hf_dns_apl_address_family,
7603 { "Address Family", "dns.apl.address_family",
7604 FT_UINT16, BASE_DEC, VALS(afn_vals), 0,
7605 NULL, HFILL }},
7606
7607 { &hf_dns_apl_coded_prefix,
7608 { "Prefix Length", "dns.apl.coded_prefix",
7609 FT_UINT8, BASE_DEC, NULL, 0,
7610 NULL, HFILL }},
7611
7612 { &hf_dns_apl_negation,
7613 { "Negation Flag", "dns.apl.negation",
7614 FT_BOOLEAN, 8, TFS(&tfs_dns_apl_negation), DNS_APL_NEGATION,
7615 NULL, HFILL }},
7616
7617 { &hf_dns_apl_afdlength,
7618 { "Address Length","dns.apl.afdlength",
7619 FT_UINT8, BASE_DEC, NULL, DNS_APL_AFDLENGTH,
7620 "in octets", HFILL }},
7621
7622 { &hf_dns_apl_afdpart_ipv4,
7623 { "Address","dns.apl.afdpart.ipv4",
7624 FT_IPv4, BASE_NONE, NULL, 0,
7625 NULL, HFILL }},
7626
7627 { &hf_dns_apl_afdpart_ipv6,
7628 { "Address","dns.apl.afdpart.ipv6",
7629 FT_IPv6, BASE_NONE, NULL, 0,
7630 NULL, HFILL }},
7631
7632 { &hf_dns_apl_afdpart_data,
7633 { "Address","dns.apl.afdpart.data",
7634 FT_BYTES, BASE_NONE, NULL, 0,
7635 NULL, HFILL }},
7636
7637 { &hf_dns_gpos_longitude_length,
7638 { "Longitude length","dns.gpos.longitude_length",
7639 FT_UINT8, BASE_DEC, NULL, 0,
7640 NULL, HFILL }},
7641
7642 { &hf_dns_gpos_longitude,
7643 { "Longitude","dns.gpos.longitude",
7644 FT_STRING, BASE_NONE, NULL, 0,
7645 NULL, HFILL }},
7646
7647 { &hf_dns_gpos_latitude_length,
7648 { "Latitude length","dns.gpos.latitude_length",
7649 FT_UINT8, BASE_DEC, NULL, 0,
7650 NULL, HFILL }},
7651
7652 { &hf_dns_gpos_latitude,
7653 { "Latitude","dns.gpos.latitude",
7654 FT_STRING, BASE_NONE, NULL, 0,
7655 NULL, HFILL }},
7656
7657 { &hf_dns_gpos_altitude_length,
7658 { "Altitude length","dns.gpos.altitude_length",
7659 FT_UINT8, BASE_DEC, NULL, 0,
7660 NULL, HFILL }},
7661
7662 { &hf_dns_gpos_altitude,
7663 { "Altitude","dns.gpos.altitude",
7664 FT_STRING, BASE_NONE, NULL, 0,
7665 NULL, HFILL }},
7666
7667 { &hf_dns_rp_mailbox,
7668 { "Mailbox","dns.rp.mailbox",
7669 FT_STRING, BASE_NONE, NULL, 0,
7670 NULL, HFILL }},
7671
7672 { &hf_dns_rp_txt_rr,
7673 { "TXT RR","dns.rp.txt_rr",
7674 FT_STRING, BASE_NONE, NULL, 0,
7675 NULL, HFILL }},
7676
7677 { &hf_dns_afsdb_subtype,
7678 { "Subtype","dns.afsdb.subtype",
7679 FT_UINT16, BASE_DEC, NULL, 0,
7680 NULL, HFILL }},
7681
7682 { &hf_dns_afsdb_hostname,
7683 { "Hostname","dns.afsdb.hostname",
7684 FT_STRING, BASE_NONE, NULL, 0,
7685 NULL, HFILL }},
7686
7687 { &hf_dns_x25_length,
7688 { "Length","dns.x25.length",
7689 FT_UINT8, BASE_DEC, NULL, 0,
7690 NULL, HFILL }},
7691
7692 { &hf_dns_x25_psdn_address,
7693 { "PSDN-Address","dns.x25.psdn_address",
7694 FT_STRING, BASE_NONE, NULL, 0,
7695 NULL, HFILL }},
7696
7697 { &hf_dns_isdn_length,
7698 { "Length","dns.idsn.length",
7699 FT_UINT8, BASE_DEC, NULL, 0,
7700 NULL, HFILL }},
7701
7702 { &hf_dns_isdn_address,
7703 { "ISDN Address","dns.idsn.address",
7704 FT_STRING, BASE_NONE, NULL, 0,
7705 NULL, HFILL }},
7706
7707 { &hf_dns_isdn_sa_length,
7708 { "Length","dns.idsn.sa.length",
7709 FT_UINT8, BASE_DEC, NULL, 0,
7710 NULL, HFILL }},
7711
7712 { &hf_dns_isdn_sa,
7713 { "Sub Address","dns.idsn.sa.address",
7714 FT_STRING, BASE_NONE, NULL, 0,
7715 NULL, HFILL }},
7716
7717 { &hf_dns_rt_preference,
7718 { "Preference","dns.rt.subtype",
7719 FT_UINT16, BASE_DEC, NULL, 0,
7720 NULL, HFILL }},
7721
7722 { &hf_dns_rt_intermediate_host,
7723 { "Intermediate Hostname","dns.rt.intermediate_host",
7724 FT_STRING, BASE_NONE, NULL, 0,
7725 NULL, HFILL }},
7726
7727 { &hf_dns_nsap_rdata,
7728 { "NSAP Data", "dns.nsap.rdata",
7729 FT_BYTES, BASE_NONE, NULL, 0,
7730 NULL, HFILL }},
7731
7732 { &hf_dns_nsap_ptr_owner,
7733 { "Owner", "dns.nsap_ptr.owner",
7734 FT_STRING, BASE_NONE, NULL, 0,
7735 NULL, HFILL }},
7736
7737 { &hf_dns_caa_flags,
7738 { "CAA Flags", "dns.caa.flags",
7739 FT_UINT8, BASE_HEX, NULL, 0x0,
7740 NULL, HFILL }},
7741
7742 { &hf_dns_caa_flag_issuer_critical,
7743 { "Issuer Critical", "dns.caa.flags.issuer_critical",
7744 FT_BOOLEAN, 8, TFS(&tfs_critical_not_critical), CAA_FLAG_ISSUER_CRITICAL,
7745 "Other CAs must not issue certificates", HFILL }},
7746
7747 { &hf_dns_caa_issue,
7748 { "Issue", "dns.caa.issue",
7749 FT_STRING, BASE_NONE, NULL, 0x0,
7750 "CA which is allowed to issue certificates", HFILL }},
7751
7752 { &hf_dns_caa_issuewild,
7753 { "Issue Wildcard", "dns.caa.issuewild",
7754 FT_STRING, BASE_NONE, NULL, 0x0,
7755 "CA which is allowed to issue wildcard certificates", HFILL }},
7756
7757 { &hf_dns_caa_iodef,
7758 { "Report URL", "dns.caa.iodef",
7759 FT_STRING, BASE_NONE, NULL, 0x0,
7760 "URL or email address for certificate issue requests and violation reports", HFILL }},
7761
7762 { &hf_dns_caa_unknown,
7763 { "Unknown tag", "dns.caa.unknown",
7764 FT_STRING, BASE_NONE, NULL, 0x0,
7765 NULL, HFILL }},
7766
7767 { &hf_dns_caa_tag_length,
7768 { "Tag length", "dns.caa.tag_length",
7769 FT_UINT8, BASE_DEC, NULL, 0,
7770 NULL, HFILL }},
7771
7772 { &hf_dns_caa_tag,
7773 { "Tag", "dns.caa.tag",
7774 FT_STRING, BASE_NONE, NULL, 0x0,
7775 NULL, HFILL }},
7776
7777 { &hf_dns_caa_value,
7778 { "Value", "dns.caa.value",
7779 FT_STRING, BASE_NONE, NULL, 0x0,
7780 NULL, HFILL }},
7781
7782 { &hf_dns_extraneous_data,
7783 { "Extraneous Data Bytes", "dns.extraneous.data",
7784 FT_BYTES, BASE_NONE, NULL, 0x0,
7785 NULL, HFILL }},
7786
7787 { &hf_dns_extraneous_length,
7788 { "Extraneous Data Length", "dns.extraneous.length",
7789 FT_INT32, BASE_DEC, NULL, 0x0,
7790 NULL, HFILL }},
7791
7792 { &hf_dns_wins_local_flag,
7793 { "Local Flag", "dns.wins.local_flag",
7794 FT_BOOLEAN, 32, NULL, 0x1,
7795 NULL, HFILL }},
7796
7797 { &hf_dns_wins_lookup_timeout,
7798 { "Lookup timeout", "dns.wins.lookup_timeout",
7799 FT_UINT32, BASE_DEC, NULL, 0x0,
7800 "In seconds", HFILL }},
7801
7802 { &hf_dns_wins_cache_timeout,
7803 { "Cache timeout", "dns.wins.cache_timeout",
7804 FT_UINT32, BASE_DEC, NULL, 0x0,
7805 "In seconds", HFILL }},
7806
7807 { &hf_dns_wins_nb_wins_servers,
7808 { "Number of WINS servers", "dns.wins.nb_wins_servers",
7809 FT_UINT32, BASE_DEC, NULL, 0x0,
7810 NULL, HFILL }},
7811
7812 { &hf_dns_wins_server,
7813 { "WINS Server Address", "dns.wins.wins_server",
7814 FT_IPv4, BASE_NONE, NULL, 0x0,
7815 NULL, HFILL }},
7816
7817 { &hf_dns_winsr_local_flag,
7818 { "Local Flag", "dns.winsr.local_flag",
7819 FT_BOOLEAN, 32, NULL, 0x1,
7820 NULL, HFILL }},
7821
7822 { &hf_dns_winsr_lookup_timeout,
7823 { "Lookup timeout", "dns.winsr.lookup_timeout",
7824 FT_UINT32, BASE_DEC, NULL, 0x0,
7825 "In seconds", HFILL }},
7826
7827 { &hf_dns_winsr_cache_timeout,
7828 { "Cache timeout", "dns.winsr.cache_timeout",
7829 FT_UINT32, BASE_DEC, NULL, 0x0,
7830 "In seconds", HFILL }},
7831
7832 { &hf_dns_winsr_name_result_domain,
7833 { "Name Result Domain", "dns.winsr.name_result_domain",
7834 FT_STRING, BASE_NONE, NULL, 0x0,
7835 NULL, HFILL }},
7836
7837 { &hf_dns_data,
7838 { "Data", "dns.data",
7839 FT_BYTES, BASE_NONE, NULL, 0x0,
7840 NULL, HFILL }},
7841
7842 { &hf_dns_dso,
7843 { "DNS Stateful Operation", "dns.dso",
7844 FT_NONE, BASE_NONE, NULL, 0x0,
7845 NULL, HFILL }},
7846 { &hf_dns_dso_tlv,
7847 { "DSO TLV", "dns.dso.tlv",
7848 FT_NONE, BASE_NONE, NULL, 0x0,
7849 NULL, HFILL }},
7850 { &hf_dns_dso_tlv_type,
7851 { "Type", "dns.dso.tlv.type",
7852 FT_UINT16, BASE_DEC | BASE_RANGE_STRING, RVALS(dns_dso_type_rvals), 0x0,
7853 NULL, HFILL }},
7854 { &hf_dns_dso_tlv_length,
7855 { "Length", "dns.dso.tlv.length",
7856 FT_UINT16, BASE_DEC, NULL, 0x0,
7857 NULL, HFILL }},
7858 { &hf_dns_dso_tlv_data,
7859 { "Data", "dns.dso.tlv.data",
7860 FT_BYTES, BASE_NONE, NULL, 0x0,
7861 NULL, HFILL }},
7862 { &hf_dns_dso_tlv_keepalive_inactivity,
7863 { "Inactivity Timeout", "dns.dso.tlv.keepalive.inactivity",
7864 FT_UINT32, BASE_DEC, NULL, 0x0,
7865 "Inactivity Timeout (ms)", HFILL }},
7866 { &hf_dns_dso_tlv_keepalive_interval,
7867 { "Keepalive Interval", "dns.dso.tlv.keepalive.interval",
7868 FT_UINT32, BASE_DEC, NULL, 0x0,
7869 "Keepalive Interval (ms)", HFILL }},
7870 { &hf_dns_dso_tlv_retrydelay_retrydelay,
7871 { "Retry Delay", "dns.dso.tlv.retrydelay.retrydelay",
7872 FT_UINT32, BASE_DEC, NULL, 0x0,
7873 "Retry Delay (ms)", HFILL }},
7874 { &hf_dns_dso_tlv_encpad_padding,
7875 { "Padding", "dns.dso.tlv.encpad.padding",
7876 FT_BYTES, BASE_NONE, NULL, 0x0,
7877 NULL, HFILL }},
7878
7879 { &hf_dns_dnscrypt,
7880 { "DNSCrypt", "dns.dnscrypt",
7881 FT_NONE, BASE_NONE, NULL, 0x0,
7882 NULL, HFILL }},
7883 { &hf_dns_dnscrypt_magic,
7884 { "Magic", "dns.dnscrypt.magic",
7885 FT_STRING, BASE_NONE, NULL, 0x0,
7886 NULL, HFILL }},
7887 { &hf_dns_dnscrypt_esversion,
7888 { "ES Version", "dns.dnscrypt.esversion",
7889 FT_UINT16, BASE_HEX, VALS(esversions), 0,
7890 NULL, HFILL }},
7891 { &hf_dns_dnscrypt_protocol_version,
7892 { "Protocol Version", "dns.dnscrypt.protocol_version",
7893 FT_UINT16, BASE_HEX, NULL, 0x0, NULL, HFILL }},
7894 { &hf_dns_dnscrypt_signature,
7895 { "Signature", "dns.dnscrypt.signature",
7896 FT_BYTES, BASE_NONE, NULL, 0, NULL, HFILL }},
7897 { &hf_dns_dnscrypt_resolver_pk,
7898 { "Resolver PK", "dns.dnscrypt.resolver_public_key",
7899 FT_BYTES, BASE_NONE, NULL, 0, NULL, HFILL }},
7900 { &hf_dns_dnscrypt_client_magic,
7901 { "Client Magic", "dns.dnscrypt.client_magic",
7902 FT_BYTES, BASE_NONE, NULL, 0, NULL, HFILL }},
7903 { &hf_dns_dnscrypt_serial_number,
7904 { "Serial Number", "dns.dnscrypt.serial_number",
7905 FT_BYTES, BASE_NONE, NULL, 0, NULL, HFILL }},
7906 {&hf_dns_dnscrypt_ts_start,
7907 { "Valid From", "dns.dnscrypt.valid_from",
7908 FT_ABSOLUTE_TIME, ABSOLUTE_TIME_LOCAL, NULL, 0x0, NULL, HFILL}},
7909 {&hf_dns_dnscrypt_ts_end,
7910 { "Valid To", "dns.dnscrypt.valid_to",
7911 FT_ABSOLUTE_TIME, ABSOLUTE_TIME_LOCAL, NULL, 0x0, NULL, HFILL}},
7912 };
7913
7914 static ei_register_info ei[] = {
7915 { &ei_dns_a_class_undecoded, { "dns.a.class.undecoded", PI_UNDECODED, PI_NOTE, "Undecoded class", EXPFILL }},
7916 { &ei_dns_opt_bad_length, { "dns.rr.opt.bad_length", PI_MALFORMED, PI_ERROR, "Length too long for any type of IP address.", EXPFILL }},
7917 { &ei_dns_undecoded_option, { "dns.undecoded.type", PI_UNDECODED, PI_NOTE, "Undecoded option", EXPFILL }},
7918 { &ei_dns_depr_opc, { "dns.depr.opc", PI_PROTOCOL, PI_WARN, "Deprecated opcode", EXPFILL }},
7919 { &ei_ttl_high_bit_set, { "dns.ttl.high_bit_set", PI_PROTOCOL, PI_WARN, "The uppermost bit of the TTL is set (RFC 2181, section 8)", EXPFILL }},
7920 { &ei_dns_tsig_alg, { "dns.tsig.noalg", PI_UNDECODED, PI_WARN, "No dissector for algorithm", EXPFILL }},
7921 { &ei_dns_key_id_buffer_too_short, { "dns.key_id_buffer_too_short", PI_PROTOCOL, PI_WARN, "Buffer too short to compute a key id", EXPFILL }},
7922 { &ei_dns_retransmit_request, { "dns.retransmit_request", PI_PROTOCOL, PI_WARN, "DNS query retransmission", EXPFILL }},
7923 { &ei_dns_retransmit_response, { "dns.retransmit_response", PI_PROTOCOL, PI_WARN, "DNS response retransmission", EXPFILL }},
7924 { &ei_dns_extraneous_data, { "dns.extraneous", PI_UNDECODED, PI_NOTE, "Extraneous data", EXPFILL }},
7925 { &ei_dns_response_missing, { "dns.response_missing", PI_PROTOCOL, PI_WARN, "DNS response missing", EXPFILL }},
7926 };
7927
7928 static int *ett[] = {
7929 &ett_dns,
7930 &ett_dns_qd,
7931 &ett_dns_rr,
7932 &ett_dns_qry,
7933 &ett_dns_ans,
7934 &ett_dns_flags,
7935 &ett_dns_opts,
7936 &ett_nsec3_flags,
7937 &ett_key_flags,
7938 &ett_t_key,
7939 &ett_dns_mac,
7940 &ett_caa_flags,
7941 &ett_caa_data,
7942 &ett_dns_csdync_flags,
7943 &ett_dns_dso,
7944 &ett_dns_dso_tlv,
7945 &ett_dns_svcb,
7946 &ett_dns_extraneous,
7947 &ett_dns_dnscrypt
7948 };
7949
7950 module_t *dns_module;
7951 expert_module_t* expert_dns;
7952
7953 proto_dns = proto_register_protocol("Domain Name System", "DNS", "dns");
7954 proto_mdns = proto_register_protocol("Multicast Domain Name System", "mDNS", "mdns");
7955 proto_llmnr = proto_register_protocol("Link-local Multicast Name Resolution", "LLMNR", "llmnr");
7956 proto_register_field_array(proto_dns, hf, array_length(hf));
7957 proto_register_subtree_array(ett, array_length(ett));
7958 expert_dns = expert_register_protocol(proto_dns);
7959 expert_register_field_array(expert_dns, ei, array_length(ei));
7960
7961 dns_module = prefs_register_protocol(proto_dns, NULL);
7962
7963 // preferences for dns_qr_statistics
7964 prefs_register_bool_preference(dns_module, "qr_enable_statistics", "Enable Query-Response Statistics", "Enable Query-Response Statistics", &dns_qr_statistics_enabled);
7965 perf_qr_enable_statistics = prefs_find_preference(dns_module, "qr_enable_statistics");
7966 dns_qr_statistics_enabled = prefs_get_bool_value(perf_qr_enable_statistics, pref_current);
7967 prefs_register_bool_preference(dns_module, "qr_qrn_enable_statistics", "Enable Display of Query-Record-Name", "Enable Display of Query-Record-Name", &dns_qr_qrn_statistics_enabled);
7968 perf_qr_qrn_enable_statistics = prefs_find_preference(dns_module, "qr_qrn_enable_statistics");
7969 dns_qr_qrn_statistics_enabled = prefs_get_bool_value(perf_qr_qrn_enable_statistics, pref_current);
7970 prefs_register_bool_preference(dns_module, "qr_qrn_aud_zv_enable_statistics", "Enable Display of Query-Record-Name for Nodes with Zero-Values", "Enable Display of Query-Record-Name for Answers-Authorities-Additionals with Zero-Values. If this is set, it also requires dns.qr_qrn_enable_statistics to be set for it to work.", &dns_qr_qrn_aud_zv_statistics_enabled);
7971 perf_qr_qrn_aud_zv_enable_statistics = prefs_find_preference(dns_module, "qr_qrn_aud_zv_enable_statistics");
7972 dns_qr_qrn_aud_zv_statistics_enabled = prefs_get_bool_value(perf_qr_qrn_aud_zv_enable_statistics, pref_current);
7973
7974 prefs_register_bool_preference(dns_module, "desegment_dns_messages",
7975 "Reassemble DNS messages spanning multiple TCP segments",
7976 "Whether the DNS dissector should reassemble messages spanning multiple TCP segments."
7977 " To use this option, you must also enable \"Allow subdissectors to reassemble TCP streams\" in the TCP protocol settings.",
7978 &dns_desegment);
7979
7980 prefs_register_uint_preference(dns_module, "retransmission_timer",
7981 "Number of seconds allowed between retransmissions",
7982 "Number of seconds allowed between DNS requests with the same transaction ID to consider it a retransmission."
7983 " Otherwise its considered a new request.",
7984 10, &retransmission_timer);
7985
7986 prefs_register_obsolete_preference(dns_module, "use_for_addr_resolution");
7987
7988 prefs_register_static_text_preference(dns_module, "text_use_for_addr_resolution",
7989 "DNS address resolution settings can be changed in the Name Resolution preferences",
7990 "DNS address resolution settings can be changed in the Name Resolution preferences");
7991
7992 prefs_register_bool_preference(dns_module, "enable_qname_stats",
7993 "Add queried names to DNS statistics",
7994 "Whether the DNS dissector should add queried names to DNS statistics.",
7995 &dns_qname_stats);
7996
7997
7998 dns_tsig_dissector_table = register_dissector_table("dns.tsig.mac", "DNS TSIG MAC", proto_dns, FT_STRING, STRING_CASE_SENSITIVE);
7999
8000 dns_handle = register_dissector("dns", dissect_dns, proto_dns);
8001 mdns_udp_handle = register_dissector("mdns", dissect_mdns_udp, proto_mdns);
8002 llmnr_udp_handle = register_dissector("llmnr", dissect_llmnr_udp, proto_llmnr);
8003 doq_handle = register_dissector("dns.doq", dissect_dns_doq, proto_dns);
8004
8005 dns_tap = register_tap("dns");
8006 }
8007
8008 /*
8009 * Editor modelines
8010 *
8011 * Local Variables:
8012 * c-basic-offset: 2
8013 * tab-width: 8
8014 * indent-tabs-mode: nil
8015 * End:
8016 *
8017 * ex: set shiftwidth=2 tabstop=8 expandtab:
8018 * :indentSize=2:tabSize=8:noTabs=true:
8019 */
Metzes wireshark repo