search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
dcerpc-netlogon: maintain netlogon_auth_vars for NetrServerAuthenticateKerberos
[wireshark-sm.git] / epan / dissectors / packet-dns.c
blob6ba8c4141d89a7f0af3c53c486ad564bd213c07a
1 /* packet-dns.c
2 * Routines for DNS packet disassembly
3 * Copyright 2004, Nicolas DICHTEL - 6WIND - <nicolas.dichtel@6wind.com>
4 *
5 * Wireshark - Network traffic analyzer
6 * By Gerald Combs <gerald@wireshark.org>
7 * Copyright 1998 Gerald Combs
8 *
9 * SPDX-License-Identifier: GPL-2.0-or-later
10 */
11
12 /*
13 * RFC 1034, RFC 1035
14 * RFC 2136 for dynamic DNS
15 * https://datatracker.ietf.org/doc/draft-cheshire-dnsext-multicastdns/
16 * for multicast DNS
17 * RFC 4795 for link-local multicast name resolution (LLMNR)
18 *
19 * For the TTL field, see also:
20 *
21 * RFC 1035 erratum 2130:
22 *
23 * https://www.rfc-editor.org/errata/eid2130
24 *
25 * RFC 2181, section 8:
26 *
27 * https://tools.ietf.org/html/rfc2181#section-8
28 *
29 * RFC 1035 said, in section 3.2.1, that the TTL is "a 32 bit signed
30 * integer" but said, in section 4.1.3, that it's "a 32 bit unsigned
31 * integer"; the erratum notes this
32 *
33 * RFC 2181 says of this:
34 *
35 * The definition of values appropriate to the TTL field in STD 13 is
36 * not as clear as it could be, with respect to how many significant
37 * bits exist, and whether the value is signed or unsigned. It is
38 * hereby specified that a TTL value is an unsigned number, with a
39 * minimum value of 0, and a maximum value of 2147483647. That is, a
40 * maximum of 2^31 - 1. When transmitted, this value shall be encoded
41 * in the less significant 31 bits of the 32 bit TTL field, with the
42 * most significant, or sign, bit set to zero.
43 *
44 * Implementations should treat TTL values received with the most
45 * significant bit set as if the entire value received was zero.
46 *
47 * Implementations are always free to place an upper bound on any TTL
48 * received, and treat any larger values as if they were that upper
49 * bound. The TTL specifies a maximum time to live, not a mandatory
50 * time to live.
51 *
52 * so its resolution is 1) it's unsigned but 2) don't use the uppermost
53 * bit, presumably to avoid problems with implementations that were based
54 * on section 3.2.1 of RFC 1035 rather than on section 4.1.3 of RFC 1035.
55 */
56
57 #include "config.h"
58
59
60 #include <epan/packet.h>
61 #include <epan/exceptions.h>
62 #include <epan/ipproto.h>
63 #include <epan/addr_resolv.h>
64 #include "packet-dns.h"
65 #include "packet-tcp.h"
66 #include "packet-ip.h"
67 #include <epan/prefs.h>
68 #include <epan/prefs-int.h>
69 #include <epan/strutil.h>
70 #include <epan/expert.h>
71 #include <epan/afn.h>
72 #include <epan/tap.h>
73 #include <epan/stats_tree.h>
74 #include <epan/tfs.h>
75 #include "packet-tls.h"
76 #include "packet-dtls.h"
77 #include "packet-http2.h"
78
79 // parent knob to turn on-off the entire query-response statistics (at runtime)
80 // qr = Query-Response
81 static bool dns_qr_statistics_enabled = true;
82
83 // knob to turn on-off the display of query record name (at runtime)
84 // qrn = Query-Record-Name
85 static bool dns_qr_qrn_statistics_enabled;
86
87 // knob to turn on-off the display of query-record-name for answers, authorities
88 // and additionals with zero values (at runtime)
89 // aud = Answers-aUthorities-aDdtionals; zv = Zero-Value
90 static bool dns_qr_qrn_aud_zv_statistics_enabled;
91
92 // support for above knobs
93 static pref_t* perf_qr_enable_statistics;
94 static pref_t* perf_qr_qrn_enable_statistics;
95 static pref_t* perf_qr_qrn_aud_zv_enable_statistics;
96
97 // strings required for statistical nodes
98 static const char* st_str_qr_t_packets = "Total";
99 static const char* st_str_qr_q_packets = "Query";
100 static const char* st_str_qr_qf_packets = "From";
101 static const char* st_str_qr_qo_packets = "Opcodes";
102 static const char* st_str_qr_qk_packets = "Kind";
103 static const char* st_str_qr_qt_packets = "Types";
104 static const char* st_str_qr_ql_packets = "Labels";
105 static const char* st_str_qr_qp_packets = "Payload";
106 static const char* st_str_qr_qs_packets = "Servicing";
107 static const char* st_str_qr_qs_a_packets = "Answered (ms)";
108 static const char* st_str_qr_qs_u_packets = "Unanswered";
109 static const char* st_str_qr_qs_r_packets = "Retransmissions";
110 static const char* st_str_qr_r_packets = "Response";
111 static const char* st_str_qr_rf_packets = "From";
112 static const char* st_str_qr_rc_packets = "Rcodes";
113 static const char* st_str_qr_rk_packets = "Kind";
114 static const char* st_str_qr_ra_packets = "Answers";
115 static const char* st_str_qr_ru_packets = "Authorities";
116 static const char* st_str_qr_rd_packets = "Additionals";
117 static const char* st_str_qr_rp_packets = "Payload";
118 static const char* st_str_qr_rt_packets = "TTL";
119 static const char* st_str_qr_rt_a_packets = "Answers";
120 static const char* st_str_qr_rt_u_packets = "Authorities";
121 static const char* st_str_qr_rt_d_packets = "Additionals";
122 static const char* st_str_qr_rs_packets = "Servicing";
123 static const char* st_str_qr_rs_a_packets = "Answered (ms)";
124 static const char* st_str_qr_rs_u_packets = "Unsolicited";
125 static const char* st_str_qr_rs_r_packets = "Retransmissions";
126
127 // nodes required for housing statistics
128 static int st_node_qr_t_packets = -1; // t = Total
129 static int st_node_qr_q_packets = -1; // q = Query
130 static int st_node_qr_qf_packets = -1; // qf = Query-From
131 static int st_node_qr_qo_packets = -1; // qo = Query-Opcode
132 static int st_node_qr_qk_packets = -1; // qk = Query-Kind
133 static int st_node_qr_qt_packets = -1; // qt = Query-Type
134 static int st_node_qr_ql_packets = -1; // ql = Query-Label
135 static int st_node_qr_qp_packets = -1; // qp = Query-Payload
136 static int st_node_qr_qs_packets = -1; // qs = Query-Servicing
137 static int st_node_qr_qs_a_packets = -1; // a = Answered (ms)
138 static int st_node_qr_qs_u_packets = -1; // u = Unanswered
139 static int st_node_qr_qs_r_packets = -1; // r = Retransmission
140 static int st_node_qr_r_packets = -1; // r = Response
141 static int st_node_qr_rf_packets = -1; // rf = Response-From
142 static int st_node_qr_rc_packets = -1; // rc = Response-Code
143 static int st_node_qr_rk_packets = -1; // rk = Response-Kind
144 static int st_node_qr_ra_packets = -1; // ra = Response-Answer
145 static int st_node_qr_ru_packets = -1; // ru = Response-aUthority
146 static int st_node_qr_rd_packets = -1; // rd = Response-aDditional
147 static int st_node_qr_rp_packets = -1; // rp = Response-Payload
148 static int st_node_qr_rs_packets = -1; // rs = Response-Servicing
149 static int st_node_qr_rs_a_packets = -1; // a = Answered (ms)
150 static int st_node_qr_rs_u_packets = -1; // u = Unsolicited
151 static int st_node_qr_rs_r_packets = -1; // r = Retransmission
152 static int st_node_qr_rt_packets = -1; // rt = Response-TTL
153 static int st_node_qr_rt_a_packets = -1; // a = Answer
154 static int st_node_qr_rt_u_packets = -1; // u = aUthority
155 static int st_node_qr_rt_d_packets = -1; // d = aDditional
156
157 // individual knobs that turn on-off particular statistics (at runtime)
158 // note: currently not configured as preferences
159 static bool dns_qr_t_statistics_enabled = true; // t = Total
160 static bool dns_qr_q_statistics_enabled = true; // q = Query
161 static bool dns_qr_qf_statistics_enabled = true; // qf = Query-From
162 static bool dns_qr_qo_statistics_enabled = true; // qo = Query-Opcode
163 static bool dns_qr_qk_statistics_enabled = true; // qk = Query-Kind
164 static bool dns_qr_qt_statistics_enabled = true; // qt = Query-Type
165 static bool dns_qr_ql_statistics_enabled = true; // ql = Query-Label
166 static bool dns_qr_qp_statistics_enabled = true; // qp = Query-Payload
167 static bool dns_qr_qs_statistics_enabled = true; // qs = Query-Servicing
168 static bool dns_qr_qs_a_statistics_enabled = true; // a = Answered (ms)
169 static bool dns_qr_qs_u_statistics_enabled = true; // u = Unanswered
170 static bool dns_qr_qs_r_statistics_enabled = true; // r = Retransmission
171 static bool dns_qr_r_statistics_enabled = true; // r = Response
172 static bool dns_qr_rf_statistics_enabled = true; // rf = Response-From
173 static bool dns_qr_rc_statistics_enabled = true; // rc = Response-Code
174 static bool dns_qr_rk_statistics_enabled = true; // rk = Response-Kind
175 static bool dns_qr_ra_statistics_enabled = true; // ra = Response-Answer
176 static bool dns_qr_ru_statistics_enabled = true; // ru = Response-aUthority
177 static bool dns_qr_rd_statistics_enabled = true; // rd = Response-aDditional
178 static bool dns_qr_rp_statistics_enabled = true; // rp = Response-Payload
179 static bool dns_qr_rs_statistics_enabled = true; // rs = Response-Servicing
180 static bool dns_qr_rs_a_statistics_enabled = true; // a = Answered (ms)
181 static bool dns_qr_rs_u_statistics_enabled = true; // u = Unsolicited
182 static bool dns_qr_rs_r_statistics_enabled = true; // r = Retransmission
183 static bool dns_qr_rt_statistics_enabled = true; // rt = Response-TTL
184 static bool dns_qr_rt_a_statistics_enabled = true; // a = Answer
185 static bool dns_qr_rt_u_statistics_enabled = true; // u = aUthority
186 static bool dns_qr_rt_d_statistics_enabled = true; // d = aDditional
187
188 // storage to store ttls of each answer-authority-additional record and is
189 // overwritten for each response
190 #define TTL_MAXIMUM_ELEMENTS 4096
191 static unsigned dns_qr_r_ra_ttls[TTL_MAXIMUM_ELEMENTS]; // ra = Answer array
192 static unsigned dns_qr_r_ru_ttls[TTL_MAXIMUM_ELEMENTS]; // ru = aUthority array
193 static unsigned dns_qr_r_rd_ttls[TTL_MAXIMUM_ELEMENTS]; // rd = aDditional array
194 static unsigned dns_qr_r_ra_ttl_index; // ra = Answer index
195 static unsigned dns_qr_r_ru_ttl_index; // ru = aUthority index
196 static unsigned dns_qr_r_rd_ttl_index; // rd = aDditional index
197
198 // pointers that point and index into context arrays, i.e., points to answer
199 // array when processing an answer, points to authority array when processing an
200 // authority and points to additional array when processing an additional
201 static unsigned* p_dns_qr_r_rx_ttls;
202 static unsigned* p_dns_qr_r_rx_ttl_index;
203
204 // forward declaration (definitions are called at each launch of statistics)
205 static void qname_host_and_domain(char* name, int name_len, char* host, char* domain);
206 static void dns_qr_stats_tree_init(stats_tree* st);
207 static tap_packet_status dns_qr_stats_tree_packet(stats_tree* st, packet_info* pinfo _U_, epan_dissect_t* edt _U_, const void* p, tap_flags_t flags _U_);
208 static void dns_qr_stats_tree_cleanup(stats_tree* st);
209
210 void proto_register_dns(void);
211 void proto_reg_handoff_dns(void);
212
213 struct DnsTap {
214 unsigned packet_qr;
215 unsigned packet_qtype;
216 int packet_qclass;
217 unsigned packet_rcode;
218 unsigned packet_opcode;
219 unsigned payload_size;
220 unsigned qname_len;
221 unsigned qname_labels;
222 char* qname;
223 unsigned nquestions;
224 unsigned nanswers;
225 unsigned nauthorities;
226 unsigned nadditionals;
227 bool unsolicited;
228 bool retransmission;
229 nstime_t rrt;
230 wmem_list_t *rr_types;
231 char source[256];
232 char qhost[256]; // host or left-most part of query name
233 char qdomain[256]; // domain or remaining part of query name
234 unsigned flags;
235 };
236
237 static int dns_tap;
238
239 static const char* st_str_packets = "Total Packets";
240 static const char* st_str_packet_qr = "Query/Response";
241 static const char* st_str_packet_qtypes = "Query Type";
242 static const char* st_str_packet_qnames = "Query Name";
243 static const char* st_str_packet_qclasses = "Class";
244 static const char* st_str_packet_rcodes = "rcode";
245 static const char* st_str_packet_opcodes = "opcodes";
246 static const char* st_str_packets_avg_size = "Payload size";
247 static const char* st_str_query_stats = "Query Stats";
248 static const char* st_str_query_qname_len = "Qname Len";
249 static const char* st_str_query_domains = "Label Stats";
250 static const char* st_str_query_domains_l1 = "1st Level";
251 static const char* st_str_query_domains_l2 = "2nd Level";
252 static const char* st_str_query_domains_l3 = "3rd Level";
253 static const char* st_str_query_domains_lmore = "4th Level or more";
254 static const char* st_str_response_stats = "Response Stats";
255 static const char* st_str_rr_types = "Answer Type";
256 static const char* st_str_response_nquestions = "no. of questions";
257 static const char* st_str_response_nanswers = "no. of answers";
258 static const char* st_str_response_nauthorities = "no. of authorities";
259 static const char* st_str_response_nadditionals = "no. of additionals";
260 static const char* st_str_service_stats = "Service Stats";
261 static const char* st_str_service_unsolicited = "no. of unsolicited responses";
262 static const char* st_str_service_retransmission = "no. of retransmissions";
263 static const char* st_str_service_rrt = "request-response time (msec)";
264
265 static int st_node_packet_qr = -1;
266 static int st_node_packet_qtypes = -1;
267 static int st_node_packet_qnames = -1;
268 static int st_node_packet_qclasses = -1;
269 static int st_node_packet_rcodes = -1;
270 static int st_node_packet_opcodes = -1;
271 static int st_node_packets_avg_size = -1;
272 static int st_node_query_stats = -1;
273 static int st_node_query_qname_len = -1;
274 static int st_node_query_domains = -1;
275 static int st_node_query_domains_l1 = -1;
276 static int st_node_query_domains_l2 = -1;
277 static int st_node_query_domains_l3 = -1;
278 static int st_node_query_domains_lmore = -1;
279 static int st_node_response_stats = -1;
280 static int st_node_rr_types = -1;
281 static int st_node_response_nquestions = -1;
282 static int st_node_response_nanswers = -1;
283 static int st_node_response_nauthorities = -1;
284 static int st_node_response_nadditionals = -1;
285 static int st_node_service_stats = -1;
286 static int st_node_service_unsolicited = -1;
287 static int st_node_service_retransmission = -1;
288 static int st_node_service_rrt = -1;
289
290 static int proto_dns;
291 static int proto_mdns;
292 static int proto_llmnr;
293 static int hf_dns_length;
294 static int hf_dns_flags;
295 static int hf_dns_flags_response;
296 static int hf_dns_flags_opcode;
297 static int hf_dns_flags_authoritative;
298 static int hf_dns_flags_conflict_query;
299 static int hf_dns_flags_conflict_response;
300 static int hf_dns_flags_truncated;
301 static int hf_dns_flags_recdesired;
302 static int hf_dns_flags_tentative;
303 static int hf_dns_flags_recavail;
304 static int hf_dns_flags_z;
305 static int hf_dns_flags_authenticated;
306 static int hf_dns_flags_ad;
307 static int hf_dns_flags_checkdisable;
308 static int hf_dns_flags_rcode;
309 static int hf_dns_transaction_id;
310 static int hf_dns_count_questions;
311 static int hf_dns_count_zones;
312 static int hf_dns_count_answers;
313 static int hf_dns_count_prerequisites;
314 static int hf_dns_count_updates;
315 static int hf_dns_count_auth_rr;
316 static int hf_dns_count_add_rr;
317 static int hf_dns_qry_name;
318 static int hf_dns_qry_name_len;
319 static int hf_dns_count_labels;
320 static int hf_dns_qry_type;
321 static int hf_dns_qry_class;
322 static int hf_dns_qry_class_mdns;
323 static int hf_dns_qry_qu;
324 static int hf_dns_srv_instance;
325 static int hf_dns_srv_service;
326 static int hf_dns_srv_proto;
327 static int hf_dns_srv_name;
328 static int hf_dns_srv_priority;
329 static int hf_dns_srv_weight;
330 static int hf_dns_srv_port;
331 static int hf_dns_srv_target;
332 static int hf_dns_naptr_order;
333 static int hf_dns_naptr_preference;
334 static int hf_dns_naptr_flags_length;
335 static int hf_dns_naptr_flags;
336 static int hf_dns_naptr_service_length;
337 static int hf_dns_naptr_service;
338 static int hf_dns_naptr_regex_length;
339 static int hf_dns_naptr_regex;
340 static int hf_dns_naptr_replacement_length;
341 static int hf_dns_naptr_replacement;
342 static int hf_dns_rr_name;
343 static int hf_dns_rr_type;
344 static int hf_dns_rr_class;
345 static int hf_dns_rr_class_mdns;
346 static int hf_dns_rr_cache_flush;
347 static int hf_dns_rr_ext_rcode;
348 static int hf_dns_rr_edns0_version;
349 static int hf_dns_rr_z;
350 static int hf_dns_rr_z_do;
351 static int hf_dns_rr_z_reserved;
352 static int hf_dns_rr_ttl;
353 static int hf_dns_rr_len;
354 static int hf_dns_a;
355 static int hf_dns_a_ch_domain;
356 static int hf_dns_a_ch_addr;
357 static int hf_dns_md;
358 static int hf_dns_mf;
359 static int hf_dns_mb;
360 static int hf_dns_mg;
361 static int hf_dns_mr;
362 static int hf_dns_null;
363 static int hf_dns_aaaa;
364 static int hf_dns_cname;
365 static int hf_dns_rr_udp_payload_size;
366 static int hf_dns_rr_udp_payload_size_mdns;
367 static int hf_dns_soa_mname;
368 static int hf_dns_soa_rname;
369 static int hf_dns_soa_serial_number;
370 static int hf_dns_soa_refresh_interval;
371 static int hf_dns_soa_retry_interval;
372 static int hf_dns_soa_expire_limit;
373 static int hf_dns_soa_minimum_ttl;
374 static int hf_dns_ptr_domain_name;
375 static int hf_dns_wks_address;
376 static int hf_dns_wks_protocol;
377 static int hf_dns_wks_bits;
378 static int hf_dns_hinfo_cpu_length;
379 static int hf_dns_hinfo_cpu;
380 static int hf_dns_hinfo_os_length;
381 static int hf_dns_hinfo_os;
382 static int hf_dns_minfo_r_mailbox;
383 static int hf_dns_minfo_e_mailbox;
384 static int hf_dns_mx_preference;
385 static int hf_dns_mx_mail_exchange;
386 static int hf_dns_txt_length;
387 static int hf_dns_txt;
388 static int hf_dns_csync_soa;
389 static int hf_dns_csync_flags;
390 static int hf_dns_csync_flags_immediate;
391 static int hf_dns_csync_flags_soaminimum;
392 static int hf_dns_csync_type_bitmap;
393 static int hf_dns_zonemd_serial;
394 static int hf_dns_zonemd_scheme;
395 static int hf_dns_zonemd_hash_algo;
396 static int hf_dns_zonemd_digest;
397 static int hf_dns_svcb_priority;
398 static int hf_dns_svcb_target;
399 static int hf_dns_svcb_param_key;
400 static int hf_dns_svcb_param_length;
401 static int hf_dns_svcb_param_value;
402 static int hf_dns_svcb_param;
403 static int hf_dns_svcb_param_mandatory_key;
404 static int hf_dns_svcb_param_alpn_length;
405 static int hf_dns_svcb_param_alpn;
406 static int hf_dns_svcb_param_port;
407 static int hf_dns_svcb_param_ipv4hint_ip;
408 static int hf_dns_svcb_param_ipv6hint_ip;
409 static int hf_dns_svcb_param_dohpath;
410 static int hf_dns_svcb_param_odohconfig;
411 static int hf_dns_openpgpkey;
412 static int hf_dns_spf_length;
413 static int hf_dns_spf;
414 static int hf_dns_ilnp_nodeid_preference;
415 static int hf_dns_ilnp_nodeid;
416 static int hf_dns_ilnp_locator32_preference;
417 static int hf_dns_ilnp_locator32;
418 static int hf_dns_ilnp_locator64_preference;
419 static int hf_dns_ilnp_locator64;
420 static int hf_dns_ilnp_locatorfqdn_preference;
421 static int hf_dns_ilnp_locatorfqdn;
422 static int hf_dns_eui48;
423 static int hf_dns_eui64;
424 static int hf_dns_rrsig_type_covered;
425 static int hf_dns_rrsig_algorithm;
426 static int hf_dns_rrsig_labels;
427 static int hf_dns_rrsig_original_ttl;
428 static int hf_dns_rrsig_signature_expiration;
429 static int hf_dns_rrsig_signature_inception;
430 static int hf_dns_rrsig_key_tag;
431 static int hf_dns_rrsig_signers_name;
432 static int hf_dns_rrsig_signature;
433 static int hf_dns_dnskey_flags;
434 static int hf_dns_dnskey_flags_zone_key;
435 static int hf_dns_dnskey_flags_key_revoked;
436 static int hf_dns_dnskey_flags_secure_entry_point;
437 static int hf_dns_dnskey_flags_reserved;
438 static int hf_dns_dnskey_protocol;
439 static int hf_dns_dnskey_algorithm;
440 static int hf_dns_dnskey_key_id;
441 static int hf_dns_dnskey_public_key;
442 static int hf_dns_key_flags;
443 static int hf_dns_key_flags_authentication;
444 static int hf_dns_key_flags_confidentiality;
445 static int hf_dns_key_flags_key_required;
446 static int hf_dns_key_flags_associated_user;
447 static int hf_dns_key_flags_associated_named_entity;
448 static int hf_dns_key_flags_ipsec;
449 static int hf_dns_key_flags_mime;
450 static int hf_dns_key_flags_signatory;
451 static int hf_dns_key_protocol;
452 static int hf_dns_key_algorithm;
453 static int hf_dns_key_key_id;
454 static int hf_dns_key_public_key;
455 static int hf_dns_px_preference;
456 static int hf_dns_px_map822;
457 static int hf_dns_px_mapx400;
458 static int hf_dns_tkey_algo_name;
459 static int hf_dns_tkey_signature_expiration;
460 static int hf_dns_tkey_signature_inception;
461 static int hf_dns_tkey_mode;
462 static int hf_dns_tkey_error;
463 static int hf_dns_tkey_key_size;
464 static int hf_dns_tkey_key_data;
465 static int hf_dns_tkey_other_size;
466 static int hf_dns_tkey_other_data;
467 static int hf_dns_ipseckey_gateway_precedence;
468 static int hf_dns_ipseckey_gateway_type;
469 static int hf_dns_ipseckey_gateway_algorithm;
470 static int hf_dns_ipseckey_gateway_ipv4;
471 static int hf_dns_ipseckey_gateway_ipv6;
472 static int hf_dns_ipseckey_gateway_dns;
473 static int hf_dns_ipseckey_public_key;
474 static int hf_dns_xpf_ip_version;
475 static int hf_dns_xpf_protocol;
476 static int hf_dns_xpf_source_ipv4;
477 static int hf_dns_xpf_destination_ipv4;
478 static int hf_dns_xpf_source_ipv6;
479 static int hf_dns_xpf_destination_ipv6;
480 static int hf_dns_xpf_sport;
481 static int hf_dns_xpf_dport;
482 static int hf_dns_a6_prefix_len;
483 static int hf_dns_a6_address_suffix;
484 static int hf_dns_a6_prefix_name;
485 static int hf_dns_dname;
486 static int hf_dns_loc_version;
487 static int hf_dns_loc_size;
488 static int hf_dns_loc_horizontal_precision;
489 static int hf_dns_loc_vertical_precision;
490 static int hf_dns_loc_latitude;
491 static int hf_dns_loc_longitude;
492 static int hf_dns_loc_altitude;
493 static int hf_dns_loc_unknown_data;
494 static int hf_dns_nxt_next_domain_name;
495 static int hf_dns_kx_preference;
496 static int hf_dns_kx_key_exchange;
497 static int hf_dns_cert_type;
498 static int hf_dns_cert_key_tag;
499 static int hf_dns_cert_algorithm;
500 static int hf_dns_cert_certificate;
501 static int hf_dns_nsec_next_domain_name;
502 static int hf_dns_ns;
503 static int hf_dns_opt;
504 static int hf_dns_opt_code;
505 static int hf_dns_opt_len;
506 static int hf_dns_opt_data;
507 static int hf_dns_opt_dau;
508 static int hf_dns_opt_dhu;
509 static int hf_dns_opt_n3u;
510 static int hf_dns_opt_client_family;
511 static int hf_dns_opt_client_netmask;
512 static int hf_dns_opt_client_scope;
513 static int hf_dns_opt_client_addr;
514 static int hf_dns_opt_client_addr4;
515 static int hf_dns_opt_client_addr6;
516 static int hf_dns_opt_cookie_client;
517 static int hf_dns_opt_cookie_server;
518 static int hf_dns_opt_edns_tcp_keepalive_timeout;
519 static int hf_dns_opt_padding;
520 static int hf_dns_opt_chain_fqdn;
521 static int hf_dns_opt_ext_error_info_code;
522 static int hf_dns_opt_ext_error_extra_text;
523 static int hf_dns_opt_agent_domain;
524 static int hf_dns_opt_zoneversion_labelcount;
525 static int hf_dns_opt_zoneversion_type;
526 static int hf_dns_opt_zoneversion_soa;
527 static int hf_dns_opt_zoneversion_version;
528 static int hf_dns_nsec3_algo;
529 static int hf_dns_nsec3_flags;
530 static int hf_dns_nsec3_flag_optout;
531 static int hf_dns_nsec3_iterations;
532 static int hf_dns_nsec3_salt_length;
533 static int hf_dns_nsec3_salt_value;
534 static int hf_dns_nsec3_hash_length;
535 static int hf_dns_nsec3_hash_value;
536 static int hf_dns_tlsa_certificate_usage;
537 static int hf_dns_tlsa_selector;
538 static int hf_dns_tlsa_matching_type;
539 static int hf_dns_tlsa_certificate_association_data;
540 static int hf_dns_tsig_algorithm_name;
541 static int hf_dns_tsig_time_signed;
542 static int hf_dns_tsig_error;
543 static int hf_dns_tsig_fudge;
544 static int hf_dns_tsig_mac_size;
545 static int hf_dns_tsig_mac;
546 static int hf_dns_tsig_original_id;
547 static int hf_dns_tsig_other_len;
548 static int hf_dns_tsig_other_data;
549 static int hf_dns_response_in;
550 static int hf_dns_response_to;
551 static int hf_dns_retransmission;
552 static int hf_dns_retransmit_request_in;
553 static int hf_dns_retransmit_response_in;
554 static int hf_dns_time;
555 static int hf_dns_unsolicited;
556 static int hf_dns_sshfp_algorithm;
557 static int hf_dns_sshfp_fingerprint_type;
558 static int hf_dns_sshfp_fingerprint;
559 static int hf_dns_hip_hit_length;
560 static int hf_dns_hip_pk_algo;
561 static int hf_dns_hip_pk_length;
562 static int hf_dns_hip_hit;
563 static int hf_dns_hip_pk;
564 static int hf_dns_hip_rendezvous_server;
565 static int hf_dns_dhcid_rdata;
566 static int hf_dns_ds_key_id;
567 static int hf_dns_ds_algorithm;
568 static int hf_dns_apl_coded_prefix;
569 static int hf_dns_ds_digest_type;
570 static int hf_dns_ds_digest;
571 static int hf_dns_apl_address_family;
572 static int hf_dns_apl_negation;
573 static int hf_dns_apl_afdlength;
574 static int hf_dns_apl_afdpart_ipv4;
575 static int hf_dns_apl_afdpart_ipv6;
576 static int hf_dns_apl_afdpart_data;
577 static int hf_dns_gpos_longitude_length;
578 static int hf_dns_gpos_longitude;
579 static int hf_dns_gpos_latitude_length;
580 static int hf_dns_gpos_latitude;
581 static int hf_dns_gpos_altitude_length;
582 static int hf_dns_gpos_altitude;
583 static int hf_dns_rp_mailbox;
584 static int hf_dns_rp_txt_rr;
585 static int hf_dns_afsdb_subtype;
586 static int hf_dns_afsdb_hostname;
587 static int hf_dns_x25_length;
588 static int hf_dns_x25_psdn_address;
589 static int hf_dns_isdn_length;
590 static int hf_dns_isdn_address;
591 static int hf_dns_isdn_sa_length;
592 static int hf_dns_isdn_sa;
593 static int hf_dns_rt_preference;
594 static int hf_dns_rt_intermediate_host;
595 static int hf_dns_nsap_rdata;
596 static int hf_dns_nsap_ptr_owner;
597 static int hf_dns_caa_flags;
598 static int hf_dns_caa_flag_issuer_critical;
599 static int hf_dns_caa_issue;
600 static int hf_dns_caa_issuewild;
601 static int hf_dns_caa_iodef;
602 static int hf_dns_caa_unknown;
603 static int hf_dns_caa_tag_length;
604 static int hf_dns_caa_tag;
605 static int hf_dns_caa_value;
606 static int hf_dns_extraneous_data;
607 static int hf_dns_extraneous_length;
608
609 static int hf_dns_wins_local_flag;
610 static int hf_dns_wins_lookup_timeout;
611 static int hf_dns_wins_cache_timeout;
612 static int hf_dns_wins_nb_wins_servers;
613 static int hf_dns_wins_server;
614
615 static int hf_dns_winsr_local_flag;
616 static int hf_dns_winsr_lookup_timeout;
617 static int hf_dns_winsr_cache_timeout;
618 static int hf_dns_winsr_name_result_domain;
619
620 static int hf_dns_data;
621
622 static int hf_dns_dso;
623 static int hf_dns_dso_tlv;
624 static int hf_dns_dso_tlv_type;
625 static int hf_dns_dso_tlv_length;
626 static int hf_dns_dso_tlv_data;
627 static int hf_dns_dso_tlv_keepalive_inactivity;
628 static int hf_dns_dso_tlv_keepalive_interval;
629 static int hf_dns_dso_tlv_retrydelay_retrydelay;
630 static int hf_dns_dso_tlv_encpad_padding;
631
632 static int hf_dns_dnscrypt;
633 static int hf_dns_dnscrypt_magic;
634 static int hf_dns_dnscrypt_esversion;
635 static int hf_dns_dnscrypt_protocol_version;
636 static int hf_dns_dnscrypt_signature;
637 static int hf_dns_dnscrypt_resolver_pk;
638 static int hf_dns_dnscrypt_client_magic;
639 static int hf_dns_dnscrypt_serial_number;
640 static int hf_dns_dnscrypt_ts_start;
641 static int hf_dns_dnscrypt_ts_end;
642
643 static int ett_dns;
644 static int ett_dns_qd;
645 static int ett_dns_rr;
646 static int ett_dns_qry;
647 static int ett_dns_ans;
648 static int ett_dns_flags;
649 static int ett_dns_opts;
650 static int ett_nsec3_flags;
651 static int ett_key_flags;
652 static int ett_t_key;
653 static int ett_dns_mac;
654 static int ett_caa_flags;
655 static int ett_caa_data;
656 static int ett_dns_csdync_flags;
657 static int ett_dns_dso;
658 static int ett_dns_dso_tlv;
659 static int ett_dns_svcb;
660 static int ett_dns_extraneous;
661 static int ett_dns_dnscrypt;
662
663 static expert_field ei_dns_a_class_undecoded;
664 static expert_field ei_dns_opt_bad_length;
665 static expert_field ei_dns_depr_opc;
666 static expert_field ei_ttl_high_bit_set;
667 static expert_field ei_dns_tsig_alg;
668 static expert_field ei_dns_undecoded_option;
669 static expert_field ei_dns_key_id_buffer_too_short;
670 static expert_field ei_dns_retransmit_request;
671 static expert_field ei_dns_retransmit_response;
672 static expert_field ei_dns_extraneous_data;
673 static expert_field ei_dns_response_missing;
674
675 static dissector_table_t dns_tsig_dissector_table;
676
677 static dissector_handle_t dns_handle;
678 static dissector_handle_t mdns_udp_handle;
679 static dissector_handle_t llmnr_udp_handle;
680 static dissector_handle_t doq_handle;
681
682
683 /* desegmentation of DNS over TCP */
684 static bool dns_desegment = true;
685
686 static bool dns_qname_stats;
687
688 /* Maximum number of elapsed seconds between messages with the same
689 * transaction ID to be considered as a retransmission
690 */
691 static uint32_t retransmission_timer = 5;
692
693 /* Dissector handle for GSSAPI */
694 static dissector_handle_t gssapi_handle;
695 static dissector_handle_t ntlmssp_handle;
696
697 /* Dissector handle for TLS ECHConfig message */
698 static dissector_handle_t tls_echconfig_handle;
699
700 /* Transport protocol for DNS. */
701 enum DnsTransport {
702 DNS_TRANSPORT_UDP, /* includes compatible transports like SCTP */
703 DNS_TRANSPORT_TCP,
704 DNS_TRANSPORT_HTTP,
705 DNS_TRANSPORT_QUIC
706 };
707
708 /* Structure containing transaction specific information */
709 typedef struct _dns_transaction_t {
710 uint32_t req_frame;
711 uint32_t rep_frame;
712 nstime_t req_time;
713 unsigned id;
714 bool multiple_responds;
715 } dns_transaction_t;
716
717 /* Structure containing conversation specific information */
718 typedef struct _dns_conv_info_t {
719 wmem_tree_t *pdus;
720 } dns_conv_info_t;
721
722 /* DNS structs and definitions */
723
724 /* Ports used for DNS. */
725 #define DEFAULT_DNS_PORT_RANGE "53"
726 #define DEFAULT_DNS_TCP_PORT_RANGE "53,5353" /* Includes mDNS */
727 #define SCTP_PORT_DNS 53
728 #define UDP_PORT_MDNS 5353
729 #define UDP_PORT_LLMNR 5355
730 #define TCP_PORT_DNS_TLS 853
731 #define UDP_PORT_DNS_DTLS 853
732 #if 0
733 /* PPID used for DNS/SCTP (will be changed when IANA assigned) */
734 #define DNS_PAYLOAD_PROTOCOL_ID 1000
735 #endif
736
737 /* Offsets of fields in the DNS header. */
738 #define DNS_ID 0
739 #define DNS_FLAGS 2
740 #define DNS_QUEST 4
741 #define DNS_ANS 6
742 #define DNS_AUTH 8
743 #define DNS_ADD 10
744
745 /* Length of DNS header. */
746 #define DNS_HDRLEN 12
747
748 /* type values */
749 #define T_A 1 /* host address */
750 #define T_NS 2 /* authoritative name server */
751 #define T_MD 3 /* mail destination (obsolete) */
752 #define T_MF 4 /* mail forwarder (obsolete) */
753 #define T_CNAME 5 /* canonical name */
754 #define T_SOA 6 /* start of authority zone */
755 #define T_MB 7 /* mailbox domain name (experimental) */
756 #define T_MG 8 /* mail group member (experimental) */
757 #define T_MR 9 /* mail rename domain name (experimental) */
758 #define T_NULL 10 /* null RR (experimental) */
759 #define T_WKS 11 /* well known service */
760 #define T_PTR 12 /* domain name pointer */
761 #define T_HINFO 13 /* host information */
762 #define T_MINFO 14 /* mailbox or mail list information */
763 #define T_MX 15 /* mail routing information */
764 #define T_TXT 16 /* text strings */
765 #define T_RP 17 /* responsible person (RFC 1183) */
766 #define T_AFSDB 18 /* AFS data base location (RFC 1183) */
767 #define T_X25 19 /* X.25 address (RFC 1183) */
768 #define T_ISDN 20 /* ISDN address (RFC 1183) */
769 #define T_RT 21 /* route-through (RFC 1183) */
770 #define T_NSAP 22 /* OSI NSAP (RFC 1706) */
771 #define T_NSAP_PTR 23 /* PTR equivalent for OSI NSAP (RFC 1348 - obsolete) */
772 #define T_SIG 24 /* digital signature (RFC 2535) */
773 #define T_KEY 25 /* public key (RFC 2535) */
774 #define T_PX 26 /* pointer to X.400/RFC822 mapping info (RFC 1664) */
775 #define T_GPOS 27 /* geographical position (RFC 1712) */
776 #define T_AAAA 28 /* IPv6 address (RFC 1886) */
777 #define T_LOC 29 /* geographical location (RFC 1876) */
778 #define T_NXT 30 /* "next" name (RFC 2535) */
779 #define T_EID 31 /* Endpoint Identifier */
780 #define T_NIMLOC 32 /* Nimrod Locator */
781 #define T_SRV 33 /* service location (RFC 2052) */
782 #define T_ATMA 34 /* ATM Address */
783 #define T_NAPTR 35 /* naming authority pointer (RFC 3403) */
784 #define T_KX 36 /* Key Exchange (RFC 2230) */
785 #define T_CERT 37 /* Certificate (RFC 4398) */
786 #define T_A6 38 /* IPv6 address with indirection (RFC 2874 - obsolete) */
787 #define T_DNAME 39 /* Non-terminal DNS name redirection (RFC 2672) */
788 #define T_SINK 40 /* SINK */
789 #define T_OPT 41 /* OPT pseudo-RR (RFC 2671) */
790 #define T_APL 42 /* Lists of Address Prefixes (APL RR) (RFC 3123) */
791 #define T_DS 43 /* Delegation Signer (RFC 4034) */
792 #define T_SSHFP 44 /* Using DNS to Securely Publish SSH Key Fingerprints (RFC 4255) */
793 #define T_IPSECKEY 45 /* RFC 4025 */
794 #define T_RRSIG 46 /* RFC 4034 */
795 #define T_NSEC 47 /* RFC 4034 */
796 #define T_DNSKEY 48 /* RFC 4034 */
797 #define T_DHCID 49 /* DHCID RR (RFC 4701) */
798 #define T_NSEC3 50 /* Next secure hash (RFC 5155) */
799 #define T_NSEC3PARAM 51 /* NSEC3 parameters (RFC 5155) */
800 #define T_TLSA 52 /* TLSA (RFC 6698) */
801 #define T_HIP 55 /* Host Identity Protocol (HIP) RR (RFC 5205) */
802 #define T_NINFO 56 /* NINFO */
803 #define T_RKEY 57 /* RKEY */
804 #define T_TALINK 58 /* Trust Anchor LINK */
805 #define T_CDS 59 /* Child DS (RFC7344)*/
806 #define T_CDNSKEY 60 /* DNSKEY(s) the Child wants reflected in DS ( [RFC7344])*/
807 #define T_OPENPGPKEY 61 /* OPENPGPKEY draft-ietf-dane-openpgpkey-00 */
808 #define T_CSYNC 62 /* Child To Parent Synchronization (RFC7477) */
809 #define T_ZONEMD 63 /* Message Digest for DNS Zones (RFC8976) */
810 #define T_SVCB 64 /* draft-ietf-dnsop-svcb-https-01 */
811 #define T_HTTPS 65 /* draft-ietf-dnsop-svcb-https-01 */
812 #define T_SPF 99 /* SPF RR (RFC 4408) section 3 */
813 #define T_UINFO 100 /* [IANA-Reserved] */
814 #define T_UID 101 /* [IANA-Reserved] */
815 #define T_GID 102 /* [IANA-Reserved] */
816 #define T_UNSPEC 103 /* [IANA-Reserved] */
817 #define T_NID 104 /* ILNP [RFC6742] */
818 #define T_L32 105 /* ILNP [RFC6742] */
819 #define T_L64 106 /* ILNP [RFC6742] */
820 #define T_LP 107 /* ILNP [RFC6742] */
821 #define T_EUI48 108 /* EUI 48 Address (RFC7043) */
822 #define T_EUI64 109 /* EUI 64 Address (RFC7043) */
823 #define T_TKEY 249 /* Transaction Key (RFC 2930) */
824 #define T_TSIG 250 /* Transaction Signature (RFC 2845) */
825 #define T_IXFR 251 /* incremental transfer (RFC 1995) */
826 #define T_AXFR 252 /* transfer of an entire zone (RFC 5936) */
827 #define T_MAILB 253 /* mailbox-related RRs (MB, MG or MR) (RFC 1035) */
828 #define T_MAILA 254 /* mail agent RRs (OBSOLETE - see MX) (RFC 1035) */
829 #define T_ANY 255 /* A request for all records (RFC 1035) */
830 #define T_URI 256 /* URI */
831 #define T_CAA 257 /* Certification Authority Authorization (RFC 6844) */
832 #define T_AVC 258 /* Application Visibility and Control (Wolfgang_Riedel) */
833 #define T_DOA 259 /* Digital Object Architecture (draft-durand-doa-over-dns) */
834 #define T_AMTRELAY 260 /* Automatic Multicast Tunneling Relay (RFC8777) */
835 #define T_RESINFO 261 /* Resolver Information */
836 #define T_WALLET 262 /* Public wallet address */
837 #define T_TA 32768 /* DNSSEC Trust Authorities */
838 #define T_DLV 32769 /* DNSSEC Lookaside Validation (DLV) DNS Resource Record (RFC 4431) */
839 #define T_WINS 65281 /* Microsoft's WINS RR */
840 #define T_WINS_R 65282 /* Microsoft's WINS-R RR */
841 #define T_XPF 65422 /* XPF draft-bellis-dnsop-xpf */
842
843 /* Class values */
844 #define C_IN 1 /* the Internet */
845 #define C_CS 2 /* CSNET (obsolete) */
846 #define C_CH 3 /* CHAOS */
847 #define C_HS 4 /* Hesiod */
848 #define C_NONE 254 /* none */
849 #define C_ANY 255 /* any */
850
851 #define C_QU (1<<15) /* High bit is set in queries for unicast queries */
852 #define C_FLUSH (1<<15) /* High bit is set for MDNS cache flush */
853
854 /* Bit fields in the flags */
855 #define F_RESPONSE (1<<15) /* packet is response */
856 #define F_OPCODE (0xF<<11) /* query opcode */
857 #define OPCODE_SHIFT 11
858 #define F_AUTHORITATIVE (1<<10) /* response is authoritative */
859 #define F_CONFLICT (1<<10) /* conflict detected */
860 #define F_TRUNCATED (1<<9) /* response is truncated */
861 #define F_RECDESIRED (1<<8) /* recursion desired */
862 #define F_TENTATIVE (1<<8) /* response is tentative */
863 #define F_RECAVAIL (1<<7) /* recursion available */
864 #define F_Z (1<<6) /* Z */
865 #define F_AUTHENTIC (1<<5) /* authentic data (RFC2535) */
866 #define F_CHECKDISABLE (1<<4) /* checking disabled (RFC2535) */
867 #define F_RCODE (0xF<<0) /* reply code */
868
869 /* Optcode values for EDNS0 options (RFC 2671) */
870 #define O_LLQ 1 /* Long-lived query (on-hold, draft-sekar-dns-llq) */
871 #define O_UL 2 /* Update lease (on-hold, draft-sekar-dns-ul) */
872 #define O_NSID 3 /* Name Server Identifier (RFC 5001) */
873 #define O_OWNER 4 /* Owner, reserved (draft-cheshire-edns0-owner-option) */
874 #define O_DAU 5 /* DNSSEC Algorithm Understood (RFC6975) */
875 #define O_DHU 6 /* DS Hash Understood (RFC6975) */
876 #define O_N3U 7 /* NSEC3 Hash Understood (RFC6975) */
877 #define O_CLIENT_SUBNET 8 /* Client subnet as assigned by IANA */
878 #define O_EDNS_EXPIRE 9 /* EDNS Expire (RFC7314) */
879 #define O_CLIENT_SUBNET_EXP 0x50fa /* Client subnet (placeholder value, draft-vandergaast-edns-client-subnet) */
880 #define O_COOKIE 10 /* Cookies (RFC7873) */
881 #define O_EDNS_TCP_KA 11 /* edns-tcp-keepalive EDNS0 Option (RFC7828) */
882 #define O_PADDING 12 /* EDNS(0) Padding Option (RFC7830) */
883 #define O_CHAIN 13 /* draft-ietf-dnsop-edns-chain-query */
884 #define O_EXT_ERROR 15 /* Extended DNS Errors (RFC8914) */
885 #define O_REPORT_CHANNEL 18 /* DNS Error Reporting (RFC9567) */
886 #define O_ZONEVERSION 19 /* DNS Zone Version (ZONEVERSION) Option (RFC9660) */
887
888 #define MIN_DNAME_LEN 2 /* minimum domain name length */
889
890 static const true_false_string tfs_flags_response = {
891 "Message is a response",
892 "Message is a query"
893 };
894
895 static const true_false_string tfs_flags_authoritative = {
896 "Server is an authority for domain",
897 "Server is not an authority for domain"
898 };
899
900 static const true_false_string tfs_flags_conflict_query = {
901 "The sender received multiple responses",
902 "None"
903 };
904
905 static const true_false_string tfs_flags_conflict_response = {
906 "The name is not considered unique",
907 "The name is considered unique"
908 };
909
910 static const true_false_string tfs_flags_truncated = {
911 "Message is truncated",
912 "Message is not truncated"
913 };
914
915 static const true_false_string tfs_flags_recdesired = {
916 "Do query recursively",
917 "Don't do query recursively"
918 };
919
920 static const true_false_string tfs_flags_tentative = {
921 "Tentative",
922 "Not tentative"
923 };
924
925 static const true_false_string tfs_flags_recavail = {
926 "Server can do recursive queries",
927 "Server can't do recursive queries"
928 };
929
930 static const true_false_string tfs_flags_z = {
931 "reserved - incorrect!",
932 "reserved (0)"
933 };
934
935 static const true_false_string tfs_flags_authenticated = {
936 "Answer/authority portion was authenticated by the server",
937 "Answer/authority portion was not authenticated by the server"
938 };
939
940 static const true_false_string tfs_flags_checkdisable = {
941 "Acceptable",
942 "Unacceptable"
943 };
944
945 static const true_false_string tfs_dns_rr_z_do = {
946 "Accepts DNSSEC security RRs",
947 "Cannot handle DNSSEC security RRs"
948 };
949
950 /* Opcodes */
951 #define OPCODE_QUERY 0 /* standard query */
952 #define OPCODE_IQUERY 1 /* inverse query */
953 #define OPCODE_STATUS 2 /* server status request */
954 #define OPCODE_NOTIFY 4 /* zone change notification */
955 #define OPCODE_UPDATE 5 /* dynamic update */
956 #define OPCODE_DSO 6 /* DNS stateful operations */
957
958 static const value_string opcode_vals[] = {
959 { OPCODE_QUERY, "Standard query" },
960 { OPCODE_IQUERY, "Inverse query" },
961 { OPCODE_STATUS, "Server status request" },
962 { OPCODE_NOTIFY, "Zone change notification" },
963 { OPCODE_UPDATE, "Dynamic update" },
964 { OPCODE_DSO, "DNS Stateful operations (DSO)" },
965 { 0, NULL } };
966
967 /* Reply codes */
968 #define RCODE_NOERROR 0
969 #define RCODE_FORMERR 1
970 #define RCODE_SERVFAIL 2
971 #define RCODE_NXDOMAIN 3
972 #define RCODE_NOTIMPL 4
973 #define RCODE_REFUSED 5
974 #define RCODE_YXDOMAIN 6
975 #define RCODE_YXRRSET 7
976 #define RCODE_NXRRSET 8
977 #define RCODE_NOTAUTH 9
978 #define RCODE_NOTZONE 10
979 #define RCODE_DSOTYPENI 11
980
981 #define RCODE_BAD 16
982 #define RCODE_BADKEY 17
983 #define RCODE_BADTIME 18
984 #define RCODE_BADMODE 19
985 #define RCODE_BADNAME 20
986 #define RCODE_BADALG 21
987 #define RCODE_BADTRUNC 22
988 #define RCODE_BADCOOKIE 23
989
990 static const value_string rcode_vals[] = {
991 { RCODE_NOERROR, "No error" },
992 { RCODE_FORMERR, "Format error" },
993 { RCODE_SERVFAIL, "Server failure" },
994 { RCODE_NXDOMAIN, "No such name" },
995 { RCODE_NOTIMPL, "Not implemented" },
996 { RCODE_REFUSED, "Refused" },
997 { RCODE_YXDOMAIN, "Name exists" },
998 { RCODE_YXRRSET, "RRset exists" },
999 { RCODE_NXRRSET, "RRset does not exist" },
1000 { RCODE_NOTAUTH, "Not authoritative" },
1001 { RCODE_NOTZONE, "Name out of zone" },
1002 { RCODE_DSOTYPENI, "DSO-Type not implemented" },
1003 /* 12-15 Unassigned */
1004 { RCODE_BAD, "Bad OPT Version or TSIG Signature Failure" },
1005 { RCODE_BADKEY, "Key not recognized" },
1006 { RCODE_BADTIME, "Signature out of time window" },
1007 { RCODE_BADMODE, "Bad TKEY Mode" },
1008 { RCODE_BADNAME, "Duplicate key name" },
1009 { RCODE_BADALG, "Algorithm not supported" },
1010 { RCODE_BADTRUNC, "Bad Truncation" },
1011 { RCODE_BADCOOKIE, "Bad/missing Server Cookie" },
1012 { 0, NULL }
1013 };
1014
1015 #define NSEC3_HASH_RESERVED 0
1016 #define NSEC3_HASH_SHA1 1
1017
1018 #define NSEC3_FLAG_OPTOUT 1
1019
1020 static const value_string hash_algorithms[] = {
1021 { NSEC3_HASH_RESERVED, "Reserved" },
1022 { NSEC3_HASH_SHA1, "SHA-1" },
1023 { 0, NULL } };
1024
1025 static const true_false_string tfs_flags_nsec3_optout = {
1026 "Additional insecure delegations allowed",
1027 "Additional insecure delegations forbidden"
1028 };
1029 static const true_false_string tfs_required_experimental = { "Experimental or optional", "Required" };
1030
1031 #define TKEYMODE_SERVERASSIGNED (1)
1032 #define TKEYMODE_DIFFIEHELLMAN (2)
1033 #define TKEYMODE_GSSAPI (3)
1034 #define TKEYMODE_RESOLVERASSIGNED (4)
1035 #define TKEYMODE_DELETE (5)
1036
1037 static const value_string tkey_mode_vals[] = {
1038 { TKEYMODE_SERVERASSIGNED, "Server assigned" },
1039 { TKEYMODE_DIFFIEHELLMAN, "Diffie Hellman" },
1040 { TKEYMODE_GSSAPI, "GSSAPI" },
1041 { TKEYMODE_RESOLVERASSIGNED, "Resolver assigned" },
1042 { TKEYMODE_DELETE, "Delete" },
1043 { 0, NULL }
1044 };
1045
1046 /*
1047 * SSHFP (RFC 4255) algorithm number and fingerprint types
1048 */
1049 #define TSSHFP_ALGO_RESERVED (0)
1050 #define TSSHFP_ALGO_RSA (1)
1051 #define TSSHFP_ALGO_DSA (2)
1052 #define TSSHFP_ALGO_ECDSA (3)
1053 #define TSSHFP_ALGO_ED25519 (4)
1054 #define TSSHFP_ALGO_XMSS (5)
1055
1056 #define TSSHFP_FTYPE_RESERVED (0)
1057 #define TSSHFP_FTYPE_SHA1 (1)
1058 #define TSSHFP_FTYPE_SHA256 (2)
1059
1060 static const value_string sshfp_algo_vals[] = {
1061 { TSSHFP_ALGO_RESERVED, "Reserved" },
1062 { TSSHFP_ALGO_RSA, "RSA" },
1063 { TSSHFP_ALGO_DSA, "DSA" },
1064 { TSSHFP_ALGO_ECDSA, "ECDSA" },
1065 { TSSHFP_ALGO_ED25519, "Ed25519" },
1066 { TSSHFP_ALGO_XMSS, "XMSS" },
1067 { 0, NULL }
1068 };
1069
1070 static const value_string sshfp_fingertype_vals[] = {
1071 { TSSHFP_FTYPE_RESERVED, "Reserved" },
1072 { TSSHFP_FTYPE_SHA1, "SHA1" },
1073 { TSSHFP_FTYPE_SHA256, "SHA256" },
1074 { 0, NULL }
1075 };
1076
1077 /* HIP PK ALGO RFC 5205 */
1078 #define THIP_ALGO_RESERVED (0)
1079 #define THIP_ALGO_DSA (1)
1080 #define THIP_ALGO_RSA (2)
1081
1082
1083 static const value_string hip_algo_vals[] = {
1084 { THIP_ALGO_DSA, "DSA" },
1085 { THIP_ALGO_RSA, "RSA" },
1086 { THIP_ALGO_RESERVED, "Reserved" },
1087 { 0, NULL }
1088 };
1089
1090 /* RFC 3123 */
1091 #define DNS_APL_NEGATION (1<<7)
1092 #define DNS_APL_AFDLENGTH (0x7F<<0)
1093
1094 static const true_false_string tfs_dns_apl_negation = {
1095 "Yes (!)",
1096 "No (0)"
1097 };
1098
1099 /* RFC 6844 */
1100 #define CAA_FLAG_ISSUER_CRITICAL (1<<7)
1101
1102 /* See RFC 1035 for all RR types for which no RFC is listed, except for
1103 the ones with "???", and for the Microsoft WINS and WINS-R RRs, for
1104 which one should look at
1105
1106 http://www.windows.com/windows2000/en/server/help/sag_DNS_imp_UsingWinsLookup.htm
1107
1108 and
1109
1110 http://www.microsoft.com/windows2000/library/resources/reskit/samplechapters/cncf/cncf_imp_wwaw.asp
1111
1112 which discuss them to some extent. */
1113 /* http://www.iana.org/assignments/dns-parameters (last updated 2015-07-26)*/
1114
1115 static const value_string dns_qr_vals[] = {
1116 { 0, "Query" },
1117 { 1, "Response" },
1118 { 0, NULL }
1119 };
1120 static const value_string dns_types_vals[] = {
1121 { 0, "Unused" },
1122 { T_A, "A" },
1123 { T_NS, "NS" },
1124 { T_MD, "MD" },
1125 { T_MF, "MF" },
1126 { T_CNAME, "CNAME" },
1127 { T_SOA, "SOA" },
1128 { T_MB, "MB" },
1129 { T_MG, "MG" },
1130 { T_MR, "MR" },
1131 { T_NULL, "NULL" },
1132 { T_WKS, "WKS" },
1133 { T_PTR, "PTR" },
1134 { T_HINFO, "HINFO" },
1135 { T_MINFO, "MINFO" },
1136 { T_MX, "MX" },
1137 { T_TXT, "TXT" },
1138 { T_RP, "RP" }, /* RFC 1183 */
1139 { T_AFSDB, "AFSDB" }, /* RFC 1183 */
1140 { T_X25, "X25" }, /* RFC 1183 */
1141 { T_ISDN, "ISDN" }, /* RFC 1183 */
1142 { T_RT, "RT" }, /* RFC 1183 */
1143 { T_NSAP, "NSAP" }, /* RFC 1706 */
1144 { T_NSAP_PTR, "NSAP-PTR" }, /* RFC 1348 */
1145 { T_SIG, "SIG" }, /* RFC 2535 */
1146 { T_KEY, "KEY" }, /* RFC 2535 */
1147 { T_PX, "PX" }, /* RFC 1664 */
1148 { T_GPOS, "GPOS" }, /* RFC 1712 */
1149 { T_AAAA, "AAAA" }, /* RFC 1886 */
1150 { T_LOC, "LOC" }, /* RFC 1886 */
1151 { T_NXT, "NXT" }, /* RFC 1876 */
1152 { T_EID, "EID" },
1153 { T_NIMLOC, "NIMLOC" },
1154 { T_SRV, "SRV" }, /* RFC 2052 */
1155 { T_ATMA, "ATMA" },
1156 { T_NAPTR, "NAPTR" }, /* RFC 3403 */
1157 { T_KX, "KX" }, /* RFC 2230 */
1158 { T_CERT, "CERT" }, /* RFC 4398 */
1159 { T_A6, "A6" }, /* RFC 2874 */
1160 { T_DNAME, "DNAME" }, /* RFC 2672 */
1161 { T_SINK, "SINK" },
1162 { T_OPT, "OPT" }, /* RFC 2671 */
1163 { T_APL, "APL" }, /* RFC 3123 */
1164 { T_DS, "DS" }, /* RFC 4034 */
1165 { T_SSHFP, "SSHFP" }, /* RFC 4255 */
1166 { T_IPSECKEY, "IPSECKEY" }, /* RFC 4025 */
1167 { T_RRSIG, "RRSIG" }, /* RFC 4034 */
1168 { T_NSEC, "NSEC" }, /* RFC 4034 */
1169 { T_DNSKEY, "DNSKEY" }, /* RFC 4034 */
1170 { T_DHCID, "DHCID" }, /* RFC 4701 */
1171 { T_NSEC3, "NSEC3" }, /* RFC 5155 */
1172 { T_NSEC3PARAM, "NSEC3PARAM" }, /* RFC 5155 */
1173 { T_TLSA, "TLSA" },
1174 { T_HIP, "HIP" }, /* RFC 5205 */
1175 { T_RKEY, "RKEY" },
1176 { T_TALINK, "TALINK" },
1177 { T_CDS, "CDS" }, /* RFC 7344 */
1178 { T_CDNSKEY, "CDNSKEY" }, /* RFC 7344*/
1179 { T_OPENPGPKEY, "OPENPGPKEY" }, /* draft-ietf-dane-openpgpkey */
1180 { T_CSYNC, "CSYNC" }, /* RFC 7477 */
1181 { T_ZONEMD, "ZONEMD" }, /* RFC 8976 */
1182 { T_SVCB, "SVCB" }, /* draft-ietf-dnsop-svcb-https-01 */
1183 { T_HTTPS, "HTTPS" }, /* draft-ietf-dnsop-svcb-https-01 */
1184 { T_SPF, "SPF" }, /* RFC 4408 */
1185 { T_UINFO, "UINFO" }, /* IANA reserved */
1186 { T_UID, "UID" }, /* IANA reserved */
1187 { T_GID, "GID" }, /* IANA reserved */
1188 { T_UNSPEC, "UNSPEC" }, /* IANA reserved */
1189 { T_NID, "NID" }, /* RFC 6742 */
1190 { T_L32, "L32" }, /* RFC 6742 */
1191 { T_L64, "L64" }, /* RFC 6742 */
1192 { T_LP, "LP" }, /* RFC 6742 */
1193 { T_EUI48, "EUI48" }, /* RFC 7043 */
1194 { T_EUI64, "EUI64" }, /* RFC 7043 */
1195 { T_TKEY, "TKEY" },
1196 { T_TSIG, "TSIG" },
1197 { T_IXFR, "IXFR" },
1198 { T_AXFR, "AXFR" },
1199 { T_MAILB, "MAILB" },
1200 { T_MAILA, "MAILA" },
1201 { T_ANY, "ANY" },
1202 { T_URI, "URI" },
1203 { T_CAA, "CAA" }, /* RFC 6844 */
1204 { T_AVC, "AVC" },
1205 { T_DOA, "DOA" }, /* (draft-durand-doa-over-dns) */
1206 { T_AMTRELAY, "AMTRELAY" }, /* RFC8777 */
1207 { T_RESINFO, "RESINFO" },
1208 { T_WALLET, "WALLET" },
1209 { T_TA, "TA" },
1210 { T_DLV, "DLV" }, /* RFC 4431 */
1211
1212 { T_WINS, "WINS" },
1213 { T_WINS_R, "WINS-R" },
1214 { T_XPF, "XPF" }, /* draft-bellis-dnsop-xpf */
1215
1216 {0, NULL}
1217 };
1218
1219 static value_string_ext dns_types_vals_ext = VALUE_STRING_EXT_INIT(dns_types_vals);
1220
1221 static const value_string dns_types_description_vals[] = {
1222 { 0, "" },
1223 { T_A, "(Host Address)" },
1224 { T_NS, "(authoritative Name Server)" },
1225 { T_MD, "(Mail Destination)" },
1226 { T_MF, "(Mail Forwarder)" },
1227 { T_CNAME, "(Canonical NAME for an alias)" },
1228 { T_SOA, "(Start Of a zone of Authority)" },
1229 { T_MB, "(MailBox domain name)"},
1230 { T_MG, "(Mail Group member)" },
1231 { T_MR, "(Mail Rename domain)" },
1232 { T_NULL, "(RR)" },
1233 { T_WKS, "(Well Known Service)" },
1234 { T_PTR, "(domain name PoinTeR)" },
1235 { T_HINFO, "(host information)" },
1236 { T_MINFO, "(Mailbox or mail list information)" },
1237 { T_MX, "(Mail eXchange)" },
1238 { T_TXT, "(Text strings)" },
1239 { T_RP, "(Responsible Person)" }, /* RFC 1183 */
1240 { T_AFSDB, "(AFS Data Base location)" }, /* RFC 1183 */
1241 { T_X25, "(XX.25 PSDN address)" }, /* RFC 1183 */
1242 { T_ISDN, "(ISDN address)" }, /* RFC 1183 */
1243 { T_RT, "(Route Through)" }, /* RFC 1183 */
1244 { T_NSAP, "(NSAP address)" },
1245 { T_NSAP_PTR, "(NSAP domain name pointer)" },
1246 { T_SIG, "(security signature)" },
1247 { T_KEY, "(security key)" },
1248 { T_PX, "(X.400 mail mapping information)" },
1249 { T_GPOS, "(Geographical Position)" },
1250 { T_AAAA, "(IP6 Address)" },
1251 { T_LOC, "(Location Information)" },
1252 { T_NXT, "(Next Domain)" },
1253 { T_EID, "(Endpoint Identifier)" },
1254 { T_NIMLOC, "(Nimrod Locator)" },
1255 { T_SRV, "(Server Selection)" },
1256 { T_ATMA, "(ATM Address)" },
1257 { T_NAPTR, "(Naming Authority Pointer)" },
1258 { T_KX, "(Key Exchanger)" },
1259 { T_CERT, "" },
1260 { T_A6, "(OBSOLETE - use AAAA)" },
1261 { T_DNAME, "" },
1262 { T_SINK, "" },
1263 { T_OPT, "" },
1264 { T_APL, "" },
1265 { T_DS, "(Delegation Signer)" },
1266 { T_SSHFP, "(SSH Key Fingerprint)" },
1267 { T_IPSECKEY, "" },
1268 { T_RRSIG, "(Resource Record Signature)" },
1269 { T_NSEC, "(Next Secure)" },
1270 { T_DNSKEY, "(DNS Public Key)" },
1271 { T_DHCID, "" },
1272 { T_NSEC3, "" },
1273 { T_NSEC3PARAM, "" },
1274 { T_TLSA, "" },
1275 { T_HIP, "(Host Identity Protocol)" }, /* RFC 5205 */
1276 { T_RKEY, "" },
1277 { T_TALINK, "(Trust Anchor LINK)" },
1278 { T_CDS, "(Child DS)" }, /* RFC 7344 */
1279 { T_CDNSKEY, "(DNSKEY(s) the Child wants reflected in DS)" }, /* RFC 7344 */
1280 { T_OPENPGPKEY, "(OpenPGP Key)" }, /* draft-ietf-dane-openpgpkey */
1281 { T_CSYNC, "(Child-to-Parent Synchronization)" }, /* RFC 7477 */
1282 { T_ZONEMD, "" }, /* RFC 8976 */
1283 { T_SVCB, "(General Purpose Service Endpoints)" }, /* draft-ietf-dnsop-svcb-https*/
1284 { T_HTTPS, "(HTTPS Specific Service Endpoints)" }, /* draft-ietf-dnsop-svcb-https*/
1285 { T_SPF, "" }, /* RFC 4408 */
1286 { T_UINFO, "" }, /* IANA reserved */
1287 { T_UID, "" }, /* IANA reserved */
1288 { T_GID, "" }, /* IANA reserved */
1289 { T_UNSPEC, "" }, /* IANA reserved */
1290 { T_NID, "(NodeID)" },
1291 { T_L32, "(Locator32)" },
1292 { T_L64, "(Locator64)" },
1293 { T_LP, "(Locator FQDN)" },
1294 { T_EUI48, "" },
1295 { T_EUI64, "" },
1296 { T_TKEY, "(Transaction Key)" },
1297 { T_TSIG, "(Transaction Signature)" },
1298 { T_IXFR, "(incremental transfer)" },
1299 { T_AXFR, "(transfer of an entire zone)" },
1300 { T_MAILB, "(mailbox-related RRs)" },
1301 { T_MAILA, "(mail agent RRs)" },
1302 { T_ANY, "(A request for all records the server/cache has available)" },
1303 { T_URI, "" },
1304 { T_CAA, "(Certification Authority Restriction)" }, /* RFC 6844 */
1305 { T_AVC, "(Application Visibility and Control)" },
1306 { T_DOA, "(Digital Object Architecture)" }, /* (draft-durand-doa-over-dns) */
1307 { T_AMTRELAY, "(Automatic Multicast Tunneling Relay)" }, /* RFC8777 */
1308 { T_RESINFO, "(Resolver Information) " },
1309 { T_WALLET, "(Public Wallet Address) " },
1310 { T_TA, "(DNSSEC Trust Authorities)" },
1311 { T_DLV, "(DNSSEC Lookaside Validation)" }, /* RFC 4431 */
1312 { T_WINS, "" },
1313 { T_WINS_R, "" },
1314 { T_XPF, "" }, /* draft-bellis-dnsop-xpf */
1315 {0, NULL}
1316 };
1317
1318 static value_string_ext dns_types_description_vals_ext = VALUE_STRING_EXT_INIT(dns_types_description_vals);
1319
1320 static const value_string edns0_opt_code_vals[] = {
1321 {0, "Reserved"},
1322 {O_LLQ, "LLQ - Long-lived query"},
1323 {O_UL, "UL - Update lease"},
1324 {O_NSID, "NSID - Name Server Identifier"},
1325 {O_OWNER, "Owner (reserved)"},
1326 {O_DAU, "DAU - DNSSEC Algorithm Understood (RFC6975)"},
1327 {O_DHU, "DHU - DS Hash Understood (RFC6975)"},
1328 {O_N3U, "N3U - NSEC3 Hash Understood (RFC6975)"},
1329 {O_CLIENT_SUBNET_EXP, "Experimental - CSUBNET - Client subnet" },
1330 {O_CLIENT_SUBNET, "CSUBNET - Client subnet" },
1331 {O_EDNS_EXPIRE, "EDNS EXPIRE (RFC7314)"},
1332 {O_COOKIE, "COOKIE"},
1333 {O_EDNS_TCP_KA, "EDNS TCP Keepalive"},
1334 {O_PADDING, "PADDING"},
1335 {O_CHAIN, "CHAIN"},
1336 {O_EXT_ERROR, "Extended DNS Error"},
1337 {O_REPORT_CHANNEL, "Report-Channel"},
1338 {O_ZONEVERSION, "Zone Version"},
1339 {0, NULL}
1340 };
1341 /* DNS-Based Authentication of Named Entities (DANE) Parameters
1342 http://www.iana.org/assignments/dane-parameters (last updated 2014-04-23)
1343 */
1344 /* TLSA Certificate Usages */
1345 #define TLSA_CU_PKIX_TA 0
1346 #define TLSA_CU_PKIX_EE 1
1347 #define TLSA_CU_DANE_TA 2
1348 #define TLSA_CU_DANE_EE 3
1349
1350 static const value_string tlsa_certificate_usage_vals[] = {
1351 {TLSA_CU_PKIX_TA, "CA constraint (PKIX-TA)"},
1352 {TLSA_CU_PKIX_EE, "Service certificate constraint (PKIX-EE)"},
1353 {TLSA_CU_DANE_TA, "Trust anchor assertion (DANE-TA)"},
1354 {TLSA_CU_DANE_EE, "Domain-issued certificate (DANE-EE)"},
1355 {0, NULL}
1356 };
1357
1358 /* TLSA Selectors */
1359 #define TLSA_S_CERT 0
1360 #define TLSA_S_SPKI 1
1361
1362 static const value_string tlsa_selector_vals[] = {
1363 {TLSA_S_CERT, "Full certificate (Cert)"},
1364 {TLSA_S_SPKI, "SubjectPublicKeyInfo (SPKI)"},
1365 {0, NULL}
1366 };
1367
1368 /* TLSA Matching Types */
1369 #define TLSA_MT_FULL 0
1370 #define TLSA_MT_SHA_256 1
1371 #define TLSA_MT_SHA_512 2
1372
1373 static const value_string tlsa_matching_type_vals[] = {
1374 {TLSA_MT_FULL, "No Hash Used (Full)"},
1375 {TLSA_MT_SHA_256, "256 bit hash by SHA2 (SHA2-256)"},
1376 {TLSA_MT_SHA_512, "512 bit hash by SHA2 (SHA2-512)"},
1377 {0, NULL}
1378 };
1379
1380 /* IPSECKEY RFC4025 */
1381 /* IPSECKEY RFC8005 */
1382 /* IPSECKEY RFC9373 */
1383 static const value_string gw_algo_vals[] = {
1384 { 1, "DSA" },
1385 { 2, "RSA" },
1386 { 3, "ECDSA" },
1387 { 4, "EdDSA" },
1388 { 0, NULL }
1389 };
1390
1391 static const value_string gw_type_vals[] = {
1392 { 0, "No Gateway" },
1393 { 1, "IPv4 Gateway" },
1394 { 2, "IPv6 Gateway" },
1395 { 3, "DNS Gateway" },
1396 { 0, NULL }
1397 };
1398
1399 const value_string dns_classes[] = {
1400 {C_IN, "IN"},
1401 {C_CS, "CS"},
1402 {C_CH, "CH"},
1403 {C_HS, "HS"},
1404 {C_NONE, "NONE"},
1405 {C_ANY, "ANY"},
1406 {0,NULL}
1407 };
1408
1409 /* DSO Type Opcodes RFC8490 */
1410 #define DSO_TYPE_RES 0x0000 /* RFC8490 */
1411 #define DSO_TYPE_KEEPALIVE 0x0001 /* RFC8490 */
1412 #define DSO_TYPE_RETRYDELAY 0x0002 /* RFC8490 */
1413 #define DSO_TYPE_ENCPAD 0x0003 /* RFC8490 */
1414 #define DSO_TYPE_SUBSCRIBE 0x0040 /* RF8765 */
1415 #define DSO_TYPE_PUSH 0x0041 /* RF8765 */
1416 #define DSO_TYPE_UNSUBSCRIBE 0x0042 /* RF8765 */
1417 #define DSO_TYPE_RECONFIRM 0x0043 /* RF8765 */
1418
1419 static const range_string dns_dso_type_rvals[] = {
1420 { DSO_TYPE_RES, DSO_TYPE_RES, "Reserved" },
1421 { DSO_TYPE_KEEPALIVE, DSO_TYPE_KEEPALIVE, "Keep Alive" },
1422 { DSO_TYPE_RETRYDELAY, DSO_TYPE_RETRYDELAY, "Retry Delay" },
1423 { DSO_TYPE_ENCPAD, DSO_TYPE_ENCPAD, "Encryption Padding" },
1424 { 0x0004, 0x003F, "Unassigned, reserved for DSO session-management TLVs" },
1425 { DSO_TYPE_SUBSCRIBE, DSO_TYPE_SUBSCRIBE, "Subscribe" },
1426 { DSO_TYPE_PUSH, DSO_TYPE_PUSH, "Push" },
1427 { DSO_TYPE_UNSUBSCRIBE, DSO_TYPE_UNSUBSCRIBE, "Unsubscribe" },
1428 { DSO_TYPE_RECONFIRM, DSO_TYPE_RECONFIRM, "Reconfirm" },
1429 { 0x0044, 0xF7FF, "Unassigned" },
1430 { 0xF800, 0xFBFF, "Reserved for Experimental/Local Use" },
1431 { 0xFC00, 0xFFFF, "Reserved for future expansion" },
1432 { 0, 0, NULL }
1433 };
1434
1435 #define DNS_SVCB_KEY_MANDATORY 0
1436 #define DNS_SVCB_KEY_ALPN 1
1437 #define DNS_SVCB_KEY_NOALPN 2
1438 #define DNS_SVCB_KEY_PORT 3
1439 #define DNS_SVCB_KEY_IPV4HINT 4
1440 #define DNS_SVCB_KEY_ECH 5 /* draft-ietf-tls-svcb-ech-00 */
1441 #define DNS_SVCB_KEY_IPV6HINT 6
1442 #define DNS_SVCB_KEY_DOHPATH 7 /* draft-ietf-add-svcb-dns-08 */
1443 #define DNS_SVCB_KEY_ODOHCONFIG 32769 /* draft-pauly-dprive-oblivious-doh-02 */
1444 #define DNS_SVCB_KEY_RESERVED 65535
1445
1446 /**
1447 * Service Binding (SVCB) Parameter Registry.
1448 * https://tools.ietf.org/html/draft-ietf-dnsop-svcb-https-12#section-14.3.2
1449 */
1450 static const value_string dns_svcb_param_key_vals[] = {
1451 { DNS_SVCB_KEY_MANDATORY, "mandatory" },
1452 { DNS_SVCB_KEY_ALPN, "alpn" },
1453 { DNS_SVCB_KEY_NOALPN, "no-default-alpn" },
1454 { DNS_SVCB_KEY_PORT, "port" },
1455 { DNS_SVCB_KEY_IPV4HINT, "ipv4hint" },
1456 { DNS_SVCB_KEY_ECH, "ech" },
1457 { DNS_SVCB_KEY_IPV6HINT, "ipv6hint" },
1458 { DNS_SVCB_KEY_DOHPATH, "dohpath" },
1459 { DNS_SVCB_KEY_ODOHCONFIG, "odohconfig" },
1460 { DNS_SVCB_KEY_RESERVED, "key65535" },
1461 { 0, NULL }
1462 };
1463
1464 static int * const dns_csync_flags[] = {
1465 &hf_dns_csync_flags_immediate,
1466 &hf_dns_csync_flags_soaminimum,
1467 NULL
1468 };
1469
1470 #define DNS_ZONEMD_SCHEME_SIMPLE 1
1471
1472 static const range_string dns_zonemd_scheme[] = {
1473 { 0, 0, "Reserved" },
1474 { DNS_ZONEMD_SCHEME_SIMPLE, DNS_ZONEMD_SCHEME_SIMPLE, "SIMPLE" },
1475 { 2, 239, "Unassigned" },
1476 { 240, 254, "Private Use" },
1477 { 255, 255, "Reserved" },
1478 { 0, 0, NULL } };
1479
1480 #define DNS_ZONEMD_HASH_SHA384 1
1481 #define DNS_ZONEMD_HASH_SHA512 2
1482
1483 static const range_string dns_zonemd_hash_algo[] = {
1484 { 0, 0, "Reserved" },
1485 { DNS_ZONEMD_HASH_SHA384, DNS_ZONEMD_HASH_SHA384, "SHA-384" },
1486 { DNS_ZONEMD_HASH_SHA512, DNS_ZONEMD_HASH_SHA512, "SHA-512" },
1487 { 3, 239, "Unassigned" },
1488 { 240, 254, "Private Use" },
1489 { 255, 255, "Reserved" },
1490 { 0, 0, NULL } };
1491
1492 static const range_string dns_ext_err_info_code[] = {
1493 { 0, 0, "Other Error" },
1494 { 1, 1, "Unsupported DNSKEY Algorithm" },
1495 { 2, 2, "Unsupported DS Digest Type" },
1496 { 3, 3, "Stale Answer" },
1497 { 4, 4, "Forged Answer" },
1498 { 5, 5, "DNSSEC Indeterminate" },
1499 { 6, 6, "DNSSEC Bogus" },
1500 { 7, 7, "Signature Expired" },
1501 { 8, 8, "Signature Not Yet Valid" },
1502 { 9, 9, "DNSKEY Missing" },
1503 { 10, 10, "RRSIGs Missing" },
1504 { 11, 11, "No Zone Key Bit Set" },
1505 { 12, 12, "NSEC Missing" },
1506 { 13, 13, "Cached Error" },
1507 { 14, 14, "Not Ready" },
1508 { 15, 15, "Blocked" },
1509 { 16, 16, "Censored" },
1510 { 17, 17, "Filtered" },
1511 { 18, 18, "Prohibited" },
1512 { 19, 19, "Stale NXDomain Answer" },
1513 { 20, 20, "Not Authoritative" },
1514 { 21, 21, "Not Supported" },
1515 { 22, 22, "No Reachable Authority" },
1516 { 23, 23, "Network Error" },
1517 { 24, 24, "Invalid Data" },
1518 { 25, 25, "Signature Expired before Valid" },
1519 { 26, 26, "Too Early" },
1520 { 27, 27, "Unsupported NSEC3 Iterations Value" },
1521 { 28, 28, "Unable to conform to policy" },
1522 { 29, 29, "Synthesized" },
1523 { 30, 49151, "Unassigned" },
1524 { 49152, 65535, "Reserved for Private Use" },
1525 { 0, 0, NULL } };
1526
1527 #define DNS_ZONEVERSION_TYPE_SOA_SERIAL 0
1528 static const range_string dns_zoneversion_type[] = {
1529 { DNS_ZONEVERSION_TYPE_SOA_SERIAL, DNS_ZONEVERSION_TYPE_SOA_SERIAL, "SOA-SERIAL" },
1530 { 1, 245, "Unassigned" },
1531 { 246, 254, "Private Use" },
1532 { 255, 255, "Reserved" },
1533 { 0, 0, NULL } };
1534
1535 static void qname_host_and_domain(char* name, int name_len, char* host, char* domain)
1536 {
1537 int i;
1538 if (name_len > 1) {
1539 for (i = 0; i < name_len; i++) {
1540 if (name[i] == '.') {
1541 host[i] = '\0';
1542 if (i < name_len)
1543 ws_label_strcpy(domain, 256, 0, &name[i + 1], 0);
1544 break;
1545 }
1546 else {
1547 host[i] = name[i];
1548 }
1549 }
1550 }
1551 }
1552
1553 /* This function counts how many '.' are in the string, plus 1, in order to count the number
1554 * of labels
1555 */
1556 static unsigned
1557 qname_labels_count(const char* name, int name_len)
1558 {
1559 unsigned labels = 0;
1560 int i;
1561
1562 if (name_len > 1) {
1563 /* it was not a Zero-length name */
1564 for (i = 0; i < name_len; i++) {
1565 if (name[i] == '.')
1566 labels++;
1567 }
1568 labels++;
1569 }
1570 return labels;
1571 }
1572
1573 /* This function returns the number of bytes consumed and the expanded string
1574 * in *name.
1575 * The string is allocated with wmem_packet_scope scope and does not need to be freed.
1576 * it will be automatically freed when the packet has been dissected.
1577 */
1578 static int
1579 expand_dns_name(tvbuff_t *tvb, int offset, int max_len, int dns_data_offset,
1580 const char **name, int* name_len)
1581 {
1582 int start_offset = offset;
1583 char *np;
1584 int len = -1;
1585 int pointers_count = 0;
1586 int component_len;
1587 int indir_offset;
1588 int maxname;
1589
1590 const int min_len = 1; /* Minimum length of encoded name (for root) */
1591 /* If we're about to return a value (probably negative) which is less
1592 * than the minimum length, we're looking at bad data and we're liable
1593 * to put the dissector into a loop. Instead we throw an exception */
1594
1595 maxname = MAX_DNAME_LEN;
1596 np=(char *)wmem_alloc(wmem_packet_scope(), maxname);
1597 *name=np;
1598 (*name_len) = 0;
1599
1600 for (;;) {
1601 if (max_len && offset - start_offset > max_len - 1) {
1602 break;
1603 }
1604 component_len = tvb_get_uint8(tvb, offset);
1605 offset++;
1606 if (component_len == 0) {
1607 break;
1608 }
1609 switch (component_len & 0xc0) {
1610
1611 case 0x00:
1612 /* Label */
1613 if (np != *name) {
1614 /* Not the first component - put in a '.'. */
1615 if (maxname > 0) {
1616 *np++ = '.';
1617 (*name_len)++;
1618 maxname--;
1619 }
1620 }
1621 else {
1622 maxname--;
1623 }
1624 while (component_len > 0) {
1625 if (max_len && offset - start_offset > max_len - 1) {
1626 THROW(ReportedBoundsError);
1627 }
1628 if (maxname > 0) {
1629 *np++ = tvb_get_uint8(tvb, offset);
1630 (*name_len)++;
1631 maxname--;
1632 }
1633 component_len--;
1634 offset++;
1635 }
1636 break;
1637
1638 case 0x40:
1639 /* Extended label (RFC 2673) */
1640 switch (component_len & 0x3f) {
1641
1642 case 0x01:
1643 /* Bitstring label */
1644 {
1645 int bit_count;
1646 int label_len;
1647 int print_len;
1648
1649 bit_count = tvb_get_uint8(tvb, offset);
1650 offset++;
1651 label_len = (bit_count - 1) / 8 + 1;
1652
1653 if (maxname > 0) {
1654 print_len = snprintf(np, maxname, "\\[x");
1655 if (print_len <= maxname) {
1656 np += print_len;
1657 maxname -= print_len;
1658 } else {
1659 /* Nothing printed, as there's no room.
1660 Suppress all subsequent printing. */
1661 maxname = 0;
1662 }
1663 }
1664 while (label_len--) {
1665 if (maxname > 0) {
1666 print_len = snprintf(np, maxname, "%02x",
1667 tvb_get_uint8(tvb, offset));
1668 if (print_len <= maxname) {
1669 np += print_len;
1670 maxname -= print_len;
1671 } else {
1672 /* Nothing printed, as there's no room.
1673 Suppress all subsequent printing. */
1674 maxname = 0;
1675 }
1676 }
1677 offset++;
1678 }
1679 if (maxname > 0) {
1680 print_len = snprintf(np, maxname, "/%d]", bit_count);
1681 if (print_len <= maxname) {
1682 np += print_len;
1683 maxname -= print_len;
1684 } else {
1685 /* Nothing printed, as there's no room.
1686 Suppress all subsequent printing. */
1687 maxname = 0;
1688 }
1689 }
1690 }
1691 break;
1692
1693 default:
1694 *name="<Unknown extended label>";
1695 *name_len = (unsigned)strlen(*name);
1696 /* Parsing will probably fail from here on, since the */
1697 /* label length is unknown... */
1698 len = offset - start_offset;
1699 if (len < min_len) {
1700 THROW(ReportedBoundsError);
1701 }
1702 return len;
1703 }
1704 break;
1705
1706 case 0x80:
1707 THROW(ReportedBoundsError);
1708 break;
1709
1710 case 0xc0:
1711 /* Pointer. */
1712 indir_offset = dns_data_offset +
1713 (((component_len & ~0xc0) << 8) | tvb_get_uint8(tvb, offset));
1714 offset++;
1715 pointers_count++;
1716
1717 /* If "len" is negative, we are still working on the original name,
1718 not something pointed to by a pointer, and so we should set "len"
1719 to the length of the original name. */
1720 if (len < 0) {
1721 len = offset - start_offset;
1722 }
1723 /*
1724 * If we find a pointer to itself, it is a trivial loop. Otherwise if we
1725 * processed a large number of pointers, assume an indirect loop.
1726 */
1727 if (indir_offset == offset + 2 || pointers_count > MAX_DNAME_LEN) {
1728 *name="<Name contains a pointer that loops>";
1729 *name_len = (unsigned)strlen(*name);
1730 if (len < min_len) {
1731 THROW(ReportedBoundsError);
1732 }
1733 return len;
1734 }
1735
1736 offset = indir_offset;
1737 break; /* now continue processing from there */
1738 }
1739 }
1740
1741 // Do we have space for the terminating 0?
1742 if (maxname > 0) {
1743 *np = '\0';
1744 }
1745 else {
1746 *name="<Name too long>";
1747 *name_len = (unsigned)strlen(*name);
1748 }
1749
1750 /* If "len" is negative, we haven't seen a pointer, and thus haven't
1751 set the length, so set it. */
1752 if (len < 0) {
1753 len = offset - start_offset;
1754 }
1755
1756 return len;
1757 }
1758
1759 /* return the bytes in the tvb consumed by the function. The converted string (that
1760 can contain null bytes, is written in name and its length in name_len. */
1761 int
1762 get_dns_name(tvbuff_t *tvb, int offset, int max_len, int dns_data_offset,
1763 const char **name, int* name_len)
1764 {
1765 int len;
1766
1767 len = expand_dns_name(tvb, offset, max_len, dns_data_offset, name, name_len);
1768
1769 /* Zero-length name means "root server" */
1770 if (**name == '\0' && len <= MIN_DNAME_LEN) {
1771 *name="<Root>";
1772 *name_len = (int)strlen(*name);
1773 return len;
1774 }
1775
1776 if ((len < MIN_DNAME_LEN) || (len > MIN_DNAME_LEN && *name_len == 0)) {
1777 THROW(ReportedBoundsError);
1778 }
1779
1780 return len;
1781 }
1782
1783 static int
1784 get_dns_name_type_class(tvbuff_t *tvb, int offset, int dns_data_offset,
1785 const char **name, int *name_len, uint16_t *type, uint16_t *dns_class)
1786 {
1787 int start_offset = offset;
1788
1789 offset += get_dns_name(tvb, offset, 0, dns_data_offset, name, name_len);
1790
1791 *type = tvb_get_ntohs(tvb, offset);
1792 offset += 2;
1793
1794 *dns_class = tvb_get_ntohs(tvb, offset);
1795 offset += 2;
1796
1797 return offset - start_offset;
1798 }
1799
1800 static double
1801 rfc1867_size(tvbuff_t *tvb, int offset)
1802 {
1803 uint8_t val;
1804 double size;
1805 uint32_t exponent;
1806
1807 val = tvb_get_uint8(tvb, offset);
1808 size = (val & 0xF0) >> 4;
1809 exponent = (val & 0x0F);
1810 while (exponent != 0) {
1811 size *= 10;
1812 exponent--;
1813 }
1814 return size / 100; /* return size in meters, not cm */
1815 }
1816
1817 static char *
1818 rfc1867_angle(tvbuff_t *tvb, int offset, bool longitude)
1819 {
1820 uint32_t angle;
1821 char direction;
1822 uint32_t degrees, minutes, secs, tsecs;
1823 /* "%u deg %u min %u.%03u sec %c" */
1824 static char buf[10+1+3+1 + 2+1+3+1 + 2+1+3+1+3+1 + 1 + 1];
1825
1826 angle = tvb_get_ntohl(tvb, offset);
1827
1828 if (angle < 0x80000000U) {
1829 angle = 0x80000000U - angle;
1830 direction = longitude ? 'W' : 'S';
1831 } else {
1832 angle = angle - 0x80000000U;
1833 direction = longitude ? 'E' : 'N';
1834 }
1835
1836 if (longitude ? (angle > 648000000) : (angle > 324000000))
1837 {
1838 snprintf(buf, sizeof(buf), "Value out of range");
1839 return buf;
1840 }
1841
1842 tsecs = angle % 1000;
1843 angle = angle / 1000;
1844 secs = angle % 60;
1845 angle = angle / 60;
1846 minutes = angle % 60;
1847 degrees = angle / 60;
1848
1849 snprintf(buf, sizeof(buf), "%u deg %u min %u.%03u sec %c", degrees, minutes, secs,
1850 tsecs, direction);
1851 return buf;
1852 }
1853
1854 static int
1855 dissect_dns_query(tvbuff_t *tvb, int offset, int dns_data_offset,
1856 packet_info *pinfo, proto_tree *dns_tree, bool is_mdns,
1857 bool *is_multiple_responds)
1858 {
1859 int used_bytes;
1860 const char *name;
1861 char *name_out;
1862 int name_len;
1863 uint16_t type;
1864 uint16_t dns_class;
1865 int qu;
1866 const char *type_name;
1867 int data_start;
1868 uint16_t labels;
1869 proto_tree *q_tree;
1870 proto_item *tq;
1871 proto_item *ti;
1872
1873 data_start = offset;
1874
1875 used_bytes = get_dns_name_type_class(tvb, offset, dns_data_offset, &name, &name_len,
1876 &type, &dns_class);
1877
1878 if (is_mdns) {
1879 /* Split the QU flag and the class */
1880 qu = dns_class & C_QU;
1881 dns_class &= ~C_QU;
1882 } else {
1883 qu = 0;
1884 }
1885
1886 if (type == T_AXFR || type == T_IXFR) {
1887 *is_multiple_responds = true;
1888 }
1889
1890 type_name = val_to_str_ext(type, &dns_types_vals_ext, "Unknown (%u)");
1891
1892 /*
1893 * The name might contain octets that aren't printable characters,
1894 * format it for display.
1895 */
1896 name_out = format_text(pinfo->pool, (const unsigned char *)name, name_len);
1897
1898 col_append_fstr(pinfo->cinfo, COL_INFO, " %s %s", type_name, name_out);
1899 if (is_mdns) {
1900 col_append_fstr(pinfo->cinfo, COL_INFO, ", \"%s\" question", qu ? "QU" : "QM");
1901 }
1902 if (dns_tree != NULL) {
1903 q_tree = proto_tree_add_subtree_format(dns_tree, tvb, offset, used_bytes, ett_dns_qd, &tq, "%s: type %s, class %s",
1904 name_out, type_name, val_to_str_const(dns_class, dns_classes, "Unknown"));
1905 if (is_mdns) {
1906 proto_item_append_text(tq, ", \"%s\" question", qu ? "QU" : "QM");
1907 }
1908
1909 /* The number of used bytes for qname is the total used bytes minus 2 bytes for qtype and 2 bytes for qclass */
1910 proto_tree_add_string(q_tree, hf_dns_qry_name, tvb, offset, used_bytes - 4, name_out);
1911
1912 tq = proto_tree_add_uint(q_tree, hf_dns_qry_name_len, tvb, offset, used_bytes - 4, name_len > 1 ? name_len : 0);
1913 proto_item_set_generated(tq);
1914
1915 labels = qname_labels_count(name, name_len);
1916 tq = proto_tree_add_uint(q_tree, hf_dns_count_labels, tvb, offset, used_bytes - 4, labels);
1917 proto_item_set_generated(tq);
1918
1919 offset += used_bytes - 4;
1920
1921 ti = proto_tree_add_item(q_tree, hf_dns_qry_type, tvb, offset, 2, ENC_BIG_ENDIAN);
1922 proto_item_append_text(ti, " %s", val_to_str_ext(type, &dns_types_description_vals_ext, "Unknown (%d)"));
1923 offset += 2;
1924
1925 if (is_mdns) {
1926 proto_tree_add_uint(q_tree, hf_dns_qry_class_mdns, tvb, offset, 2, dns_class);
1927 proto_tree_add_boolean(q_tree, hf_dns_qry_qu, tvb, offset, 2, qu);
1928 } else {
1929 proto_tree_add_uint(q_tree, hf_dns_qry_class, tvb, offset, 2, dns_class);
1930 }
1931
1932 offset += 2;
1933 }
1934
1935 if (data_start + used_bytes != offset) {
1936 /* Add expert info ? (about incorrect len...)*/
1937 }
1938 return used_bytes;
1939 }
1940
1941
1942 static void
1943 add_rr_to_tree(proto_tree *rr_tree, tvbuff_t *tvb, int offset,
1944 const char *name, int namelen, int type,
1945 packet_info *pinfo, bool is_mdns)
1946 {
1947 uint32_t ttl_value;
1948 proto_item *ttl_item;
1949 char **srv_rr_info;
1950 proto_item *ti;
1951
1952 if (type == T_SRV && name[0]) {
1953 srv_rr_info = wmem_strsplit(pinfo->pool, name, ".", 4);
1954
1955 // If there are >=3 labels and the third label starts with an underscore,
1956 // then likely a DNS-SD instance name is present [RFC 6763 sect 4.1], as in
1957 // instance._service._proto.example.com
1958 if (g_strv_length(srv_rr_info) >= 3 && srv_rr_info[2][0] == '_') {
1959 proto_tree_add_string(rr_tree, hf_dns_srv_instance, tvb, offset, namelen, srv_rr_info[0]);
1960 proto_tree_add_string(rr_tree, hf_dns_srv_service, tvb, offset, namelen, srv_rr_info[1]);
1961 proto_tree_add_string(rr_tree, hf_dns_srv_proto, tvb, offset, namelen, srv_rr_info[2]);
1962 if (srv_rr_info[3]) {
1963 proto_tree_add_string(rr_tree, hf_dns_srv_name, tvb, offset, namelen, srv_rr_info[3]);
1964 }
1965 } else {
1966 // Else this is a normal SRV record like _service._proto.example.com
1967
1968 proto_tree_add_string(rr_tree, hf_dns_srv_service, tvb, offset, namelen, srv_rr_info[0]);
1969
1970 if (srv_rr_info[1]) {
1971 proto_tree_add_string(rr_tree, hf_dns_srv_proto, tvb, offset, namelen, srv_rr_info[1]);
1972
1973 if (srv_rr_info[2]) {
1974 // If the name happens to only have 3 labels like "_service._proto.example",
1975 // then we can just use srv_rr_info[2] as the name; but otherwise,
1976 // the wmem_split above will turn "_service._proto.one.two.example.com"
1977 // into ["_service", "_proto", "one", "two.example.com"]
1978 // and we need to concatenate "one" + "." + "two.example.com" first
1979 if (srv_rr_info[3]) {
1980 const char* domain_name = wmem_strjoin(pinfo->pool, ".", srv_rr_info[2], srv_rr_info[3], NULL);
1981 proto_tree_add_string(rr_tree, hf_dns_srv_name, tvb, offset, namelen, domain_name);
1982 } else {
1983 proto_tree_add_string(rr_tree, hf_dns_srv_name, tvb, offset, namelen, srv_rr_info[2]);
1984 }
1985 }
1986 }
1987 }
1988 } else {
1989 proto_tree_add_string(rr_tree, hf_dns_rr_name, tvb, offset, namelen, name);
1990 }
1991
1992 offset += namelen;
1993
1994 ti = proto_tree_add_item(rr_tree, hf_dns_rr_type, tvb, offset, 2, ENC_BIG_ENDIAN);
1995 proto_item_append_text(ti, " %s", val_to_str_ext(type, &dns_types_description_vals_ext, "Unknown (%d)"));
1996 offset += 2;
1997 if (is_mdns) {
1998 proto_tree_add_item(rr_tree, hf_dns_rr_class_mdns, tvb, offset, 2, ENC_BIG_ENDIAN);
1999 proto_tree_add_item(rr_tree, hf_dns_rr_cache_flush, tvb, offset, 2, ENC_BIG_ENDIAN);
2000 } else {
2001 proto_tree_add_item(rr_tree, hf_dns_rr_class, tvb, offset, 2, ENC_BIG_ENDIAN);
2002 }
2003 offset += 2;
2004 ttl_item = proto_tree_add_item_ret_uint(rr_tree, hf_dns_rr_ttl, tvb, offset, 4, ENC_BIG_ENDIAN, &ttl_value);
2005 // storing ttl in the context-specific array and then increments its array's
2006 // index for storing ttl of the next record
2007 if (dns_qr_statistics_enabled) {
2008 // cap (or limit check) has been put in-place to avoid overflow
2009 // check https://gitlab.com/wireshark/wireshark/-/issues/19700
2010 if (*p_dns_qr_r_rx_ttl_index < TTL_MAXIMUM_ELEMENTS) {
2011 p_dns_qr_r_rx_ttls[(*p_dns_qr_r_rx_ttl_index)++] = ttl_value;
2012 }
2013 else {
2014 ws_debug("index(%u) >= (%u)TTL_MAXIMUM_ELEMENTS", *p_dns_qr_r_rx_ttl_index, TTL_MAXIMUM_ELEMENTS);
2015 }
2016 }
2017 proto_item_append_text(ttl_item, " (%s)", unsigned_time_secs_to_str(pinfo->pool, ttl_value));
2018 if (ttl_value & 0x80000000) {
2019 expert_add_info(pinfo, ttl_item, &ei_ttl_high_bit_set);
2020 }
2021
2022 offset += 4;
2023 proto_tree_add_item(rr_tree, hf_dns_rr_len, tvb, offset, 2, ENC_BIG_ENDIAN);
2024 }
2025
2026
2027 static void
2028 add_opt_rr_to_tree(proto_tree *rr_tree, tvbuff_t *tvb, int offset,
2029 const char *name, int namelen, bool is_mdns)
2030 {
2031 proto_tree *Z_tree;
2032 proto_item *Z_item;
2033 proto_item *ti;
2034 uint32_t type;
2035
2036 proto_tree_add_string(rr_tree, hf_dns_rr_name, tvb, offset, namelen, name);
2037 offset += namelen;
2038 ti = proto_tree_add_item_ret_uint(rr_tree, hf_dns_rr_type, tvb, offset, 2, ENC_BIG_ENDIAN, &type);
2039 proto_item_append_text(ti, " %s", val_to_str_ext(type, &dns_types_description_vals_ext, "Unknown (%d)"));
2040 offset += 2;
2041 if (is_mdns) {
2042 proto_tree_add_item(rr_tree, hf_dns_rr_udp_payload_size_mdns, tvb, offset, 2, ENC_BIG_ENDIAN);
2043 proto_tree_add_item(rr_tree, hf_dns_rr_cache_flush, tvb, offset, 2, ENC_BIG_ENDIAN);
2044 } else {
2045 proto_tree_add_item(rr_tree, hf_dns_rr_udp_payload_size, tvb, offset, 2, ENC_BIG_ENDIAN);
2046 }
2047 offset += 2;
2048 proto_tree_add_item(rr_tree, hf_dns_rr_ext_rcode, tvb, offset, 1, ENC_BIG_ENDIAN);
2049 offset++;
2050 proto_tree_add_item(rr_tree, hf_dns_rr_edns0_version, tvb, offset, 1, ENC_BIG_ENDIAN);
2051 offset++;
2052 Z_item = proto_tree_add_item(rr_tree, hf_dns_rr_z, tvb, offset, 2, ENC_BIG_ENDIAN);
2053 Z_tree = proto_item_add_subtree(Z_item, ett_dns_rr);
2054 proto_tree_add_item(Z_tree, hf_dns_rr_z_do, tvb, offset, 2, ENC_BIG_ENDIAN);
2055 proto_tree_add_item(Z_tree, hf_dns_rr_z_reserved, tvb, offset, 2, ENC_BIG_ENDIAN);
2056 offset += 2;
2057 proto_tree_add_item(rr_tree, hf_dns_rr_len, tvb, offset, 2, ENC_BIG_ENDIAN);
2058 }
2059
2060 static int
2061 dissect_type_bitmap(proto_tree *rr_tree, tvbuff_t *tvb, int cur_offset, int rr_len)
2062 {
2063 int mask, blockbase, blocksize;
2064 int i, initial_offset, rr_type;
2065 uint8_t bits;
2066
2067 initial_offset = cur_offset;
2068 while (rr_len != 0) {
2069 blockbase = tvb_get_uint8(tvb, cur_offset);
2070 blocksize = tvb_get_uint8(tvb, cur_offset + 1);
2071 cur_offset += 2;
2072 rr_len -= 2;
2073 rr_type = blockbase * 256;
2074 for( ; blocksize; blocksize-- ) {
2075 bits = tvb_get_uint8(tvb, cur_offset);
2076 mask = 1<<7;
2077 for (i = 0; i < 8; i++) {
2078 if (bits & mask) {
2079 proto_tree_add_uint_format(rr_tree, hf_dns_rr_type, tvb, cur_offset, 1, rr_type,
2080 "RR type in bit map: %s %s",
2081 val_to_str_ext_const(rr_type, &dns_types_vals_ext, " "),
2082 val_to_str_ext(rr_type, &dns_types_description_vals_ext, "Unknown (%d)")
2083 );
2084 }
2085 mask >>= 1;
2086 rr_type++;
2087 }
2088 cur_offset += 1;
2089 rr_len -= 1;
2090 }
2091 }
2092 return initial_offset - cur_offset;
2093 }
2094
2095 static int
2096 dissect_type_bitmap_nxt(proto_tree *rr_tree, tvbuff_t *tvb, int cur_offset, int rr_len)
2097 {
2098 int mask;
2099 int i, initial_offset, rr_type;
2100 uint8_t bits;
2101
2102 initial_offset = cur_offset;
2103 rr_type = 0;
2104 while (rr_len != 0) {
2105 bits = tvb_get_uint8(tvb, cur_offset);
2106 mask = 1<<7;
2107 for (i = 0; i < 8; i++) {
2108 if (bits & mask) {
2109 proto_tree_add_uint_format(rr_tree, hf_dns_rr_type, tvb, cur_offset, 1, rr_type,
2110 "RR type in bit map: %s %s",
2111 val_to_str_ext_const(rr_type, &dns_types_vals_ext, " "),
2112 val_to_str_ext(rr_type, &dns_types_description_vals_ext, "Unknown (%d)"));
2113 }
2114 mask >>= 1;
2115 rr_type++;
2116 }
2117 cur_offset += 1;
2118 rr_len -= 1;
2119 }
2120
2121 return initial_offset - cur_offset;
2122 }
2123
2124 /*
2125 * SIG, KEY, and CERT RR algorithms.
2126 * http://www.iana.org/assignments/dns-sec-alg-numbers/dns-sec-alg-numbers.txt (last updated 2017-01-09)
2127 */
2128 #define DNS_ALGO_RSAMD5 1 /* RSA/MD5 */
2129 #define DNS_ALGO_DH 2 /* Diffie-Hellman */
2130 #define DNS_ALGO_DSA 3 /* DSA */
2131 #define DNS_ALGO_ECC 4 /* Elliptic curve crypto */
2132 #define DNS_ALGO_RSASHA1 5 /* RSA/SHA1 */
2133 #define DNS_ALGO_DSA_NSEC3_SHA1 6 /* DSA + NSEC3/SHA1 */
2134 #define DNS_ALGO_RSASHA1_NSEC3_SHA1 7 /* RSA/SHA1 + NSEC3/SHA1 */
2135 #define DNS_ALGO_RSASHA256 8 /* RSA/SHA-256 */
2136 #define DNS_ALGO_RSASHA512 10 /* RSA/SHA-512 */
2137 #define DNS_ALGO_ECCGOST 12 /* GOST R 34.10-2001 */
2138 #define DNS_ALGO_ECDSAP256SHA256 13 /* ECDSA Curve P-256 with SHA-256 */
2139 #define DNS_ALGO_ECDSAP384SHA384 14 /* ECDSA Curve P-384 with SHA-384 */
2140 #define DNS_ALGO_ED25519 15 /* Ed25519 */
2141 #define DNS_ALGO_ED448 16 /* Ed448 */
2142 #define DNS_ALGO_HMACMD5 157 /* HMAC/MD5 */
2143 #define DNS_ALGO_INDIRECT 252 /* Indirect key */
2144 #define DNS_ALGO_PRIVATEDNS 253 /* Private, domain name */
2145 #define DNS_ALGO_PRIVATEOID 254 /* Private, OID */
2146
2147 static const value_string dnssec_algo_vals[] = {
2148 { DNS_ALGO_RSAMD5, "RSA/MD5" },
2149 { DNS_ALGO_DH, "Diffie-Hellman" },
2150 { DNS_ALGO_DSA, "DSA" },
2151 { DNS_ALGO_ECC, "Elliptic curve crypto" },
2152 { DNS_ALGO_RSASHA1, "RSA/SHA1" },
2153 { DNS_ALGO_DSA_NSEC3_SHA1, "DSA + NSEC3/SHA1" },
2154 { DNS_ALGO_RSASHA1_NSEC3_SHA1,"RSA/SHA1 + NSEC3/SHA1" },
2155 { DNS_ALGO_RSASHA256, "RSA/SHA-256" },
2156 { DNS_ALGO_RSASHA512, "RSA/SHA-512" },
2157 { DNS_ALGO_ECCGOST, "GOST R 34.10-2001" },
2158 { DNS_ALGO_ECDSAP256SHA256, "ECDSA Curve P-256 with SHA-256" },
2159 { DNS_ALGO_ECDSAP384SHA384, "ECDSA Curve P-384 with SHA-384" },
2160 { DNS_ALGO_ED25519, "Ed25519" },
2161 { DNS_ALGO_ED448, "Ed448" },
2162 { DNS_ALGO_HMACMD5, "HMAC/MD5" },
2163 { DNS_ALGO_INDIRECT, "Indirect key" },
2164 { DNS_ALGO_PRIVATEDNS, "Private, domain name" },
2165 { DNS_ALGO_PRIVATEOID, "Private, OID" },
2166 { 0, NULL }
2167 };
2168
2169 /*
2170 Delegation Signer (DS) Resource Record (RR) Type Digest Algorithms
2171 https://www.iana.org/assignments/ds-rr-types/ds-rr-types.txt (last-updated 2012-04-13)
2172 */
2173 #define DS_DIGEST_RESERVED 0
2174 #define DS_DIGEST_SHA1 1 /* MANDATORY [RFC3658] */
2175 #define DS_DIGEST_SHA256 2 /* MANDATORY [RFC4509] */
2176 #define DS_DIGEST_GOST 3 /* OPTIONAL [RFC5933] */
2177 #define DS_DIGEST_SHA384 4 /*OPTIONAL [RFC6605] */
2178
2179 static const value_string dns_ds_digest_vals[] = {
2180 { DS_DIGEST_RESERVED, "Reserved digest" },
2181 { DS_DIGEST_SHA1, "SHA-1" },
2182 { DS_DIGEST_SHA256, "SHA-256" },
2183 { DS_DIGEST_GOST, "GOST R 34.11-94" },
2184 { DS_DIGEST_SHA384, "SHA-384" },
2185 { 0, NULL }
2186 };
2187 /* DNSKEY : RFC4034 */
2188 #define DNSKEY_FLAGS_ZK 0x0100
2189 #define DNSKEY_FLAGS_KR 0x0080
2190 #define DNSKEY_FLAGS_SEP 0x0001
2191 #define DNSKEY_FLAGS_RSV 0xFE7E
2192
2193 static const true_false_string dns_dnskey_zone_key_tfs = { "This is the zone key for specified zone", "This it not a zone key" };
2194
2195 /* See RFC 4398 */
2196 #define DNS_CERT_PKIX 1 /* X509 certificate */
2197 #define DNS_CERT_SPKI 2 /* Simple public key certificate */
2198 #define DNS_CERT_PGP 3 /* OpenPGP packet */
2199 #define DNS_CERT_IPKIX 4 /* Indirect PKIX */
2200 #define DNS_CERT_ISPKI 5 /* Indirect SPKI */
2201 #define DNS_CERT_IPGP 6 /* Indirect PGP */
2202 #define DNS_CERT_ACPKIX 7 /* Attribute certificate */
2203 #define DNS_CERT_IACPKIX 8 /* Indirect ACPKIX */
2204 #define DNS_CERT_PRIVATEURI 253 /* Private, URI */
2205 #define DNS_CERT_PRIVATEOID 254 /* Private, OID */
2206
2207 static const value_string dns_cert_type_vals[] = {
2208 { DNS_CERT_PKIX, "PKIX" },
2209 { DNS_CERT_SPKI, "SPKI" },
2210 { DNS_CERT_PGP, "PGP" },
2211 { DNS_CERT_IPKIX, "IPKIX" },
2212 { DNS_CERT_ISPKI, "ISPKI" },
2213 { DNS_CERT_IPGP, "IPGP" },
2214 { DNS_CERT_ACPKIX, "ACPKIX" },
2215 { DNS_CERT_IACPKIX, "IACPKIX" },
2216 { DNS_CERT_PRIVATEURI, "Private, URI" },
2217 { DNS_CERT_PRIVATEOID, "Private, OID" },
2218 { 0, NULL }
2219 };
2220
2221 #define XSALSA20_POLY1305 0x0001
2222 #define XCHACHA20_POLY1305 0x0002
2223
2224 static const value_string esversions[] = {
2225 { XSALSA20_POLY1305, "XSalsa20Poly1305" },
2226 { XCHACHA20_POLY1305, "XChacha20Poly1305" },
2227 { 0, NULL }
2228 };
2229
2230 /**
2231 * Compute the key id of a KEY RR depending of the algorithm used.
2232 */
2233 static bool
2234 compute_key_id(proto_tree *tree, packet_info *pinfo, tvbuff_t *tvb, int offset, int size, uint8_t algo, uint16_t *key_id)
2235 {
2236 uint32_t ac;
2237 uint8_t c1, c2;
2238
2239 if (size < 4) {
2240 proto_item *item;
2241 *key_id = 0;
2242 item = proto_tree_add_expert(tree, pinfo, &ei_dns_key_id_buffer_too_short, tvb, offset, size);
2243 proto_item_set_generated(item);
2244 return false;
2245 }
2246
2247 switch( algo ) {
2248 case DNS_ALGO_RSAMD5:
2249 *key_id = (uint16_t)(tvb_get_uint8(tvb, offset + size - 3) << 8) + tvb_get_uint8( tvb, offset + size - 2 );
2250 break;
2251 default:
2252 for (ac = 0; size > 1; size -= 2, offset += 2) {
2253 c1 = tvb_get_uint8( tvb, offset );
2254 c2 = tvb_get_uint8( tvb, offset + 1 );
2255 ac += (c1 << 8) + c2 ;
2256 }
2257 if (size > 0) {
2258 c1 = tvb_get_uint8( tvb, offset );
2259 ac += c1 << 8;
2260 }
2261 ac += (ac >> 16) & 0xffff;
2262 *key_id = (uint16_t)(ac & 0xffff);
2263 break;
2264 }
2265 return true;
2266 }
2267
2268 /* Dissect a SvbParam where the presentation format of the value is base64. */
2269 static void
2270 dissect_dns_svcparam_base64(proto_tree *param_tree, proto_item *param_item, int hf_id, tvbuff_t *tvb, int offset, unsigned length)
2271 {
2272 char *str = g_base64_encode((uint8_t *)tvb_memdup(wmem_packet_scope(), tvb, offset, length), length);
2273 proto_tree_add_bytes_format_value(param_tree, hf_id, tvb, offset, length, NULL, "%s", str);
2274 proto_item_append_text(param_item, "=%s", str);
2275 g_free(str);
2276 }
2277
2278 static void
2279 add_timestamp(proto_tree *tree, int hf_id, tvbuff_t *tvb, int offset)
2280 {
2281 time_t date = tvb_get_ntohl(tvb, offset);
2282 nstime_t tv= {0, 0};
2283 tv.secs = (time_t)(date);
2284 proto_tree_add_time(tree, hf_id, tvb, offset, 4, &tv);
2285 }
2286
2287 /* The client begins a DNSCrypt session by sending a regular unencrypted
2288 TXT DNS query to the resolver IP address
2289 https://dnscrypt.info/protocol/
2290 https://www.ietf.org/archive/id/draft-denis-dprive-dnscrypt-01.html
2291 https://github.com/DNSCrypt/dnscrypt-proxy/blob/master/dnscrypt-proxy/dnscrypt_certs.go
2292 */
2293 static int
2294 dissect_dnscrypt(proto_tree *tree, tvbuff_t *tvb, int offset, unsigned length)
2295 {
2296 proto_item *sub_item;
2297 proto_tree *sub_tree;
2298
2299 sub_item = proto_tree_add_item(tree, hf_dns_dnscrypt, tvb, offset, length, ENC_NA);
2300 sub_tree = proto_item_add_subtree(sub_item, ett_dns_dnscrypt);
2301
2302 proto_tree_add_item(sub_tree, hf_dns_dnscrypt_magic, tvb, offset, 4, ENC_ASCII);
2303 offset+= 4;
2304
2305 proto_tree_add_item(sub_tree, hf_dns_dnscrypt_esversion, tvb, offset, 2, ENC_BIG_ENDIAN);
2306 offset+= 2;
2307
2308 proto_tree_add_item(sub_tree, hf_dns_dnscrypt_protocol_version, tvb, offset, 2, ENC_BIG_ENDIAN);
2309 offset+= 2;
2310
2311 proto_tree_add_item(sub_tree, hf_dns_dnscrypt_signature, tvb, offset, 64, ENC_NA);
2312 offset+= 64;
2313
2314 proto_tree_add_item(sub_tree, hf_dns_dnscrypt_resolver_pk, tvb, offset, 32, ENC_NA);
2315 offset+= 32;
2316
2317 proto_tree_add_item(sub_tree, hf_dns_dnscrypt_client_magic, tvb, offset, 8, ENC_NA);
2318 offset+= 8;
2319
2320 proto_tree_add_item(sub_tree, hf_dns_dnscrypt_serial_number, tvb, offset, 4, ENC_NA);
2321 offset+= 4;
2322
2323 add_timestamp(sub_tree, hf_dns_dnscrypt_ts_start, tvb, offset);
2324 offset += 4;
2325
2326 add_timestamp(sub_tree, hf_dns_dnscrypt_ts_end, tvb, offset);
2327 offset += 4;
2328
2329 return offset;
2330 }
2331
2332 static int
2333 dissect_dns_answer(tvbuff_t *tvb, int offsetx, int dns_data_offset,
2334 proto_tree *dns_tree, packet_info *pinfo,
2335 bool is_mdns, wmem_list_t *dns_type_list)
2336 {
2337 const char *name;
2338 char *name_out;
2339 int name_len;
2340 uint16_t dns_type;
2341 uint16_t dns_class;
2342 int flush;
2343 const char *class_name;
2344 const char *type_name;
2345 int data_offset;
2346 int cur_offset;
2347 int data_start;
2348 uint16_t data_len;
2349 proto_tree *rr_tree = NULL;
2350 proto_item *trr = NULL;
2351 unsigned used_bytes;
2352
2353 data_start = data_offset = offsetx;
2354 cur_offset = offsetx;
2355
2356 used_bytes = get_dns_name_type_class(tvb, offsetx, dns_data_offset, &name, &name_len,
2357 &dns_type, &dns_class);
2358
2359 /* The offset if the total used bytes minus 2 bytes for qtype and 2 bytes for qclass */
2360 data_offset += used_bytes;
2361 cur_offset += used_bytes;
2362 if (is_mdns) {
2363 /* Split the FLUSH flag and the class */
2364 flush = dns_class & C_FLUSH;
2365 dns_class &= ~C_FLUSH;
2366 } else {
2367 flush = 0;
2368 }
2369 type_name = val_to_str_ext(dns_type, &dns_types_vals_ext, "Unknown (%d)");
2370 class_name = val_to_str_const(dns_class, dns_classes, "Unknown");
2371
2372 data_offset += 4;
2373 cur_offset += 4;
2374
2375 data_len = tvb_get_ntohs(tvb, data_offset);
2376
2377 data_offset += 2;
2378 cur_offset += 2;
2379
2380 col_append_fstr(pinfo->cinfo, COL_INFO, " %s", type_name);
2381 if (is_mdns && flush) {
2382 col_append_str(pinfo->cinfo, COL_INFO, ", cache flush");
2383 }
2384
2385 wmem_list_append(dns_type_list, GINT_TO_POINTER(dns_type));
2386
2387 /*
2388 * The name might contain octets that aren't printable characters,
2389 * format it for display.
2390 */
2391 name_out = format_text(pinfo->pool, (const unsigned char*)name, name_len);
2392 if (dns_type != T_OPT) {
2393 rr_tree = proto_tree_add_subtree_format(dns_tree, tvb, offsetx,
2394 (data_offset - data_start) + data_len,
2395 ett_dns_rr, &trr, "%s: type %s, class %s",
2396 name_out, type_name, class_name);
2397 add_rr_to_tree(rr_tree, tvb, offsetx, name_out, used_bytes - 4,
2398 dns_type, pinfo, is_mdns);
2399 } else {
2400 rr_tree = proto_tree_add_subtree_format(dns_tree, tvb, offsetx,
2401 (data_offset - data_start) + data_len,
2402 ett_dns_rr, &trr, "%s: type %s", name_out, type_name);
2403 add_opt_rr_to_tree(rr_tree, tvb, offsetx, name_out, used_bytes - 4, is_mdns);
2404 }
2405 if (is_mdns && flush) {
2406 proto_item_append_text(trr, ", cache flush");
2407 }
2408
2409 if (data_len == 0) {
2410 return data_offset - data_start;
2411 }
2412
2413 switch (dns_type) {
2414
2415 case T_A: /* a host Address (1) */
2416 {
2417 switch (dns_class) {
2418 /* RFC 1034 Section 3.6
2419 * RDATA
2420 * A For the IN class, a 32 bit IP address
2421 *
2422 * For the CH class, a domain name followed
2423 * by a 16 bit octal Chaos address.
2424 */
2425 case C_IN:
2426 {
2427 const char *addr;
2428
2429 addr = tvb_ip_to_str(pinfo->pool, tvb, cur_offset);
2430 col_append_fstr(pinfo->cinfo, COL_INFO, " %s", addr);
2431
2432 proto_item_append_text(trr, ", addr %s", addr);
2433 proto_tree_add_item(rr_tree, hf_dns_a, tvb, cur_offset, 4, ENC_BIG_ENDIAN);
2434
2435 if (gbl_resolv_flags.dns_pkt_addr_resolution && dns_class == C_IN &&
2436 !PINFO_FD_VISITED(pinfo)) {
2437 uint32_t addr_int;
2438 tvb_memcpy(tvb, &addr_int, cur_offset, sizeof(addr_int));
2439 add_ipv4_name(addr_int, name, false);
2440 }
2441 }
2442 break;
2443
2444 case C_CH:
2445 {
2446 const char *domain_name;
2447 int domain_name_len;
2448 uint32_t ch_addr;
2449
2450 used_bytes = get_dns_name(tvb, cur_offset, 0, dns_data_offset, &domain_name, &domain_name_len);
2451 name_out = format_text(pinfo->pool, (const unsigned char*)domain_name, domain_name_len);
2452 col_append_fstr(pinfo->cinfo, COL_INFO, " %s", name_out);
2453 proto_item_append_text(trr, ", domain/addr %s", name_out);
2454 proto_tree_add_string(rr_tree, hf_dns_a_ch_domain, tvb, cur_offset, used_bytes, name_out);
2455
2456 proto_tree_add_item_ret_uint(rr_tree, hf_dns_a_ch_addr, tvb, cur_offset + used_bytes, 2, ENC_BIG_ENDIAN, &ch_addr);
2457 col_append_fstr(pinfo->cinfo, COL_INFO, "/0%o", ch_addr);
2458 proto_item_append_text(trr, "/0%o", ch_addr);
2459 }
2460 break;
2461
2462 default:
2463 {
2464 expert_add_info_format(pinfo, trr, &ei_dns_a_class_undecoded,
2465 "A record dissection for class (%d)"
2466 " code not implemented, Contact Wireshark developers"
2467 " if you want this supported", dns_class);
2468 proto_tree_add_item(rr_tree, hf_dns_data, tvb, cur_offset, data_len, ENC_NA);
2469 }
2470 break;
2471 }
2472 }
2473 break;
2474
2475 case T_NS: /* an authoritative Name Server (2) */
2476 {
2477 const char *ns_name;
2478 int ns_name_len;
2479
2480 used_bytes = get_dns_name(tvb, cur_offset, 0, dns_data_offset, &ns_name, &ns_name_len);
2481 name_out = format_text(pinfo->pool, (const unsigned char*)ns_name, ns_name_len);
2482 col_append_fstr(pinfo->cinfo, COL_INFO, " %s", name_out);
2483 proto_item_append_text(trr, ", ns %s", name_out);
2484 proto_tree_add_string(rr_tree, hf_dns_ns, tvb, cur_offset, used_bytes, name_out);
2485
2486 }
2487 break;
2488
2489 case T_MD: /* Mail Destination (3) */
2490 {
2491 int hostname_len;
2492 const char *hostname_str;
2493
2494 col_append_fstr(pinfo->cinfo, COL_INFO, " %s", name_out);
2495
2496 used_bytes = get_dns_name(tvb, cur_offset, 0, dns_data_offset, &hostname_str, &hostname_len);
2497 name_out = format_text(pinfo->pool, (const unsigned char*)hostname_str, hostname_len);
2498 proto_tree_add_string(rr_tree, hf_dns_md, tvb, cur_offset, used_bytes, name_out);
2499 }
2500 break;
2501
2502 case T_MF: /* Mail Forwarder (4) */
2503 {
2504 int hostname_len;
2505 const char *hostname_str;
2506
2507 col_append_fstr(pinfo->cinfo, COL_INFO, " %s", name_out);
2508
2509 used_bytes = get_dns_name(tvb, cur_offset, 0, dns_data_offset, &hostname_str, &hostname_len);
2510 name_out = format_text(pinfo->pool, (const unsigned char*)hostname_str, hostname_len);
2511 proto_tree_add_string(rr_tree, hf_dns_mf, tvb, cur_offset, used_bytes, name_out);
2512 }
2513 break;
2514
2515 case T_CNAME: /* the Canonical NAME for an alias (5) */
2516 {
2517 const char *cname;
2518 int cname_len;
2519
2520 used_bytes = get_dns_name(tvb, cur_offset, 0, dns_data_offset, &cname, &cname_len);
2521 name_out = format_text(pinfo->pool, (const unsigned char*)cname, cname_len);
2522 col_append_fstr(pinfo->cinfo, COL_INFO, " %s", name_out);
2523 proto_item_append_text(trr, ", cname %s", name_out);
2524 proto_tree_add_string(rr_tree, hf_dns_cname, tvb, cur_offset, used_bytes, name_out);
2525
2526 }
2527 break;
2528
2529 case T_SOA: /* Start Of Authority zone (6) */
2530 {
2531 const char *mname;
2532 int mname_len;
2533 const char *rname;
2534 int rname_len;
2535 proto_item *ti_soa;
2536
2537 used_bytes = get_dns_name(tvb, cur_offset, 0, dns_data_offset, &mname, &mname_len);
2538 name_out = format_text(pinfo->pool, (const unsigned char*)mname, mname_len);
2539 col_append_fstr(pinfo->cinfo, COL_INFO, " %s", name_out);
2540 proto_item_append_text(trr, ", mname %s", name_out);
2541 proto_tree_add_string(rr_tree, hf_dns_soa_mname, tvb, cur_offset, used_bytes, name_out);
2542 cur_offset += used_bytes;
2543
2544 used_bytes = get_dns_name(tvb, cur_offset, 0, dns_data_offset, &rname, &rname_len);
2545 name_out = format_text(pinfo->pool, (const unsigned char*)rname, rname_len);
2546 proto_tree_add_string(rr_tree, hf_dns_soa_rname, tvb, cur_offset, used_bytes, name_out);
2547 cur_offset += used_bytes;
2548
2549 proto_tree_add_item(rr_tree, hf_dns_soa_serial_number, tvb, cur_offset, 4, ENC_BIG_ENDIAN);
2550 cur_offset += 4;
2551
2552 ti_soa = proto_tree_add_item(rr_tree, hf_dns_soa_refresh_interval, tvb, cur_offset, 4, ENC_BIG_ENDIAN);
2553 proto_item_append_text(ti_soa, " (%s)", unsigned_time_secs_to_str(pinfo->pool, tvb_get_ntohl(tvb, cur_offset)));
2554 cur_offset += 4;
2555
2556 ti_soa = proto_tree_add_item(rr_tree, hf_dns_soa_retry_interval, tvb, cur_offset, 4, ENC_BIG_ENDIAN);
2557 proto_item_append_text(ti_soa, " (%s)", unsigned_time_secs_to_str(pinfo->pool, tvb_get_ntohl(tvb, cur_offset)));
2558 cur_offset += 4;
2559
2560 ti_soa = proto_tree_add_item(rr_tree, hf_dns_soa_expire_limit, tvb, cur_offset, 4, ENC_BIG_ENDIAN);
2561 proto_item_append_text(ti_soa, " (%s)", unsigned_time_secs_to_str(pinfo->pool, tvb_get_ntohl(tvb, cur_offset)));
2562 cur_offset += 4;
2563
2564 ti_soa = proto_tree_add_item(rr_tree, hf_dns_soa_minimum_ttl, tvb, cur_offset, 4, ENC_BIG_ENDIAN);
2565 proto_item_append_text(ti_soa, " (%s)", unsigned_time_secs_to_str(pinfo->pool, tvb_get_ntohl(tvb, cur_offset)));
2566 }
2567 break;
2568
2569 case T_MB: /* MailBox domain (7) */
2570 {
2571 int hostname_len;
2572 const char *hostname_str;
2573
2574 col_append_fstr(pinfo->cinfo, COL_INFO, " %s", name_out);
2575
2576 used_bytes = get_dns_name(tvb, cur_offset, 0, dns_data_offset, &hostname_str, &hostname_len);
2577 name_out = format_text(pinfo->pool, (const unsigned char*)hostname_str, hostname_len);
2578 proto_tree_add_string(rr_tree, hf_dns_mb, tvb, cur_offset, used_bytes, name_out);
2579 }
2580 break;
2581
2582 case T_MG: /* Mail Group member (8) */
2583 {
2584 int hostname_len;
2585 const char *hostname_str;
2586
2587 col_append_fstr(pinfo->cinfo, COL_INFO, " %s", name_out);
2588
2589 used_bytes = get_dns_name(tvb, cur_offset, 0, dns_data_offset, &hostname_str, &hostname_len);
2590 name_out = format_text(pinfo->pool, (const unsigned char*)hostname_str, hostname_len);
2591 proto_tree_add_string(rr_tree, hf_dns_mg, tvb, cur_offset, used_bytes, name_out);
2592 }
2593 break;
2594
2595 case T_MR: /* Mail Rename domain (9) */
2596 {
2597 int hostname_len;
2598 const char *hostname_str;
2599
2600 col_append_fstr(pinfo->cinfo, COL_INFO, " %s", name_out);
2601
2602 used_bytes = get_dns_name(tvb, cur_offset, 0, dns_data_offset, &hostname_str, &hostname_len);
2603 name_out = format_text(pinfo->pool, (const unsigned char*)hostname_str, hostname_len);
2604 proto_tree_add_string(rr_tree, hf_dns_mr, tvb, cur_offset, used_bytes, name_out);
2605 }
2606 break;
2607
2608 case T_NULL: /* Null (10) */
2609 {
2610 col_append_fstr(pinfo->cinfo, COL_INFO, " %s", name_out);
2611 proto_tree_add_item(rr_tree, hf_dns_null, tvb, cur_offset, data_len, ENC_NA);
2612 }
2613 break;
2614
2615 case T_WKS: /* Well Known Service (11) */
2616 {
2617 int rr_len = data_len;
2618 const char *wks_addr;
2619 uint8_t protocol;
2620 uint8_t bits;
2621 int mask;
2622 int port_num;
2623 int i;
2624 proto_item *ti_wks;
2625 wmem_strbuf_t *bitnames = wmem_strbuf_create(pinfo->pool);
2626
2627 wks_addr = tvb_ip_to_str(pinfo->pool, tvb, cur_offset);
2628 col_append_fstr(pinfo->cinfo, COL_INFO, " %s", wks_addr);
2629 proto_item_append_text(trr, ", addr %s", wks_addr);
2630 proto_tree_add_item(rr_tree, hf_dns_wks_address, tvb, cur_offset, 4, ENC_BIG_ENDIAN);
2631 cur_offset += 4;
2632 rr_len -= 4;
2633
2634 proto_tree_add_item(rr_tree, hf_dns_wks_protocol, tvb, cur_offset, 1, ENC_BIG_ENDIAN);
2635 protocol = tvb_get_uint8(tvb, cur_offset);
2636 cur_offset += 1;
2637 rr_len -= 1;
2638
2639 port_num = 0;
2640 while (rr_len != 0) {
2641 bits = tvb_get_uint8(tvb, cur_offset);
2642 if (bits != 0) {
2643 mask = 1<<7;
2644 wmem_strbuf_truncate(bitnames, 0);
2645 for (i = 0; i < 8; i++) {
2646 if (bits & mask) {
2647 if (wmem_strbuf_get_len(bitnames) > 0) {
2648 wmem_strbuf_append(bitnames, ", ");
2649 }
2650 switch (protocol) {
2651
2652 case IP_PROTO_TCP:
2653 wmem_strbuf_append(bitnames, tcp_port_to_display(pinfo->pool, port_num));
2654 break;
2655
2656 case IP_PROTO_UDP:
2657 wmem_strbuf_append(bitnames, udp_port_to_display(pinfo->pool, port_num));
2658 break;
2659
2660 default:
2661 wmem_strbuf_append_printf(bitnames, "%u", port_num);
2662 break;
2663 }
2664 }
2665 mask >>= 1;
2666 port_num++;
2667 }
2668
2669 ti_wks = proto_tree_add_item(rr_tree, hf_dns_wks_bits, tvb, cur_offset, 1, ENC_BIG_ENDIAN);
2670 proto_item_append_text(ti_wks, " (%s)", wmem_strbuf_get_str(bitnames));
2671 } else {
2672 port_num += 8;
2673 }
2674 cur_offset += 1;
2675 rr_len -= 1;
2676 }
2677 }
2678 break;
2679
2680 case T_PTR: /* Domain Name Pointer (12) */
2681 {
2682 const char *pname;
2683 int pname_len;
2684
2685 used_bytes = get_dns_name(tvb, cur_offset, 0, dns_data_offset, &pname, &pname_len);
2686 name_out = format_text(pinfo->pool, (const unsigned char*)pname, pname_len);
2687 col_append_fstr(pinfo->cinfo, COL_INFO, " %s", name_out);
2688 proto_item_append_text(trr, ", %s", name_out);
2689 proto_tree_add_string(rr_tree, hf_dns_ptr_domain_name, tvb, cur_offset, used_bytes, name_out);
2690
2691 if (gbl_resolv_flags.dns_pkt_addr_resolution && (dns_class & 0x7f) == C_IN &&
2692 !PINFO_FD_VISITED(pinfo)) {
2693 uint32_t addr_int;
2694 char** name_tokens;
2695
2696 name_tokens = g_strsplit(name, ".", 33);
2697
2698 if (g_strv_length(name_tokens) == 6) {
2699 if (g_ascii_strcasecmp(name_tokens[4], "in-addr") == 0 &&
2700 g_ascii_strcasecmp(name_tokens[5], "arpa") == 0) {
2701 char* addr_str = g_strjoin(".", name_tokens[3], name_tokens[2], name_tokens[1], name_tokens[0], NULL);
2702 if (ws_inet_pton4(addr_str, &addr_int)) {
2703 add_ipv4_name(addr_int, name_out, false);
2704 }
2705 g_free(addr_str);
2706 }
2707 } else if (g_strv_length(name_tokens) == 33) {
2708 if (g_ascii_strcasecmp(name_tokens[32], "ip6.arpa") == 0) {
2709 ws_in6_addr address_ipv6;
2710
2711 wmem_strbuf_t *address_buf = wmem_strbuf_new_sized(pinfo->pool, 40);
2712 for (size_t i = 31; i > 0; i--) {
2713 wmem_strbuf_append(address_buf, name_tokens[i]);
2714 if (i % 4 == 0) {
2715 wmem_strbuf_append_c(address_buf, ':');
2716 }
2717 }
2718 wmem_strbuf_append(address_buf, name_tokens[0]);
2719 if (ws_inet_pton6(wmem_strbuf_get_str(address_buf), &address_ipv6)) {
2720 add_ipv6_name(&address_ipv6, name_out, false);
2721 }
2722 wmem_strbuf_destroy(address_buf);
2723 }
2724 }
2725 g_strfreev(name_tokens);
2726 }
2727 }
2728 break;
2729
2730 case T_HINFO: /* Host Information (13) */
2731 {
2732 int cpu_offset;
2733 int cpu_len;
2734 const char *cpu;
2735 int os_offset;
2736 int os_len;
2737 const char *os;
2738
2739 cpu_offset = cur_offset;
2740 cpu_len = tvb_get_uint8(tvb, cpu_offset);
2741 cpu = (const char* )tvb_get_string_enc(pinfo->pool, tvb, cpu_offset + 1, cpu_len, ENC_ASCII|ENC_NA);
2742 os_offset = cpu_offset + 1 + cpu_len;
2743 os_len = tvb_get_uint8(tvb, os_offset);
2744 os = (const char*)tvb_get_string_enc(pinfo->pool, tvb, os_offset + 1, os_len, ENC_ASCII|ENC_NA);
2745 col_append_fstr(pinfo->cinfo, COL_INFO, " %s %s", cpu, os);
2746 proto_item_append_text(trr, ", CPU %s, OS %s", cpu, os);
2747
2748 proto_tree_add_item(rr_tree, hf_dns_hinfo_cpu_length, tvb, cur_offset, 1, ENC_BIG_ENDIAN);
2749 cur_offset += 1;
2750 proto_tree_add_item(rr_tree, hf_dns_hinfo_cpu, tvb, cur_offset, cpu_len, ENC_ASCII);
2751 cur_offset += cpu_len;
2752
2753 proto_tree_add_item(rr_tree, hf_dns_hinfo_os_length, tvb, cur_offset, 1, ENC_BIG_ENDIAN);
2754 cur_offset += 1;
2755 proto_tree_add_item(rr_tree, hf_dns_hinfo_os, tvb, cur_offset, os_len, ENC_ASCII);
2756 /* cur_offset += os_len;*/
2757 }
2758 break;
2759
2760 case T_MINFO: /* Mailbox or Mail list INFOrmation (14) */
2761 {
2762 int rmailbx_len, emailbx_len;
2763 const char *rmailbx_str, *emailbx_str;
2764
2765 col_append_fstr(pinfo->cinfo, COL_INFO, " %s", name_out);
2766
2767 used_bytes = get_dns_name(tvb, cur_offset, 0, dns_data_offset, &rmailbx_str, &rmailbx_len);
2768 name_out = format_text(pinfo->pool, (const unsigned char*)rmailbx_str, rmailbx_len);
2769 proto_tree_add_string(rr_tree, hf_dns_minfo_r_mailbox, tvb, cur_offset, used_bytes, name_out);
2770 cur_offset += used_bytes;
2771
2772 used_bytes = get_dns_name(tvb, cur_offset, 0, dns_data_offset, &emailbx_str, &emailbx_len);
2773 name_out = format_text(pinfo->pool, (const unsigned char*)emailbx_str, emailbx_len);
2774 proto_tree_add_string(rr_tree, hf_dns_minfo_e_mailbox, tvb, cur_offset, used_bytes, name_out);
2775 }
2776 break;
2777
2778 case T_MX: /* Mail eXchange (15) */
2779 {
2780 uint16_t preference = 0;
2781 const char *mx_name;
2782 int mx_name_len;
2783
2784 preference = tvb_get_ntohs(tvb, cur_offset);
2785
2786 used_bytes = get_dns_name(tvb, cur_offset + 2, 0, dns_data_offset, &mx_name, &mx_name_len);
2787 name_out = format_text(pinfo->pool, (const unsigned char*)mx_name, mx_name_len);
2788 col_append_fstr(pinfo->cinfo, COL_INFO, " %u %s", preference, name_out);
2789 proto_item_append_text(trr, ", preference %u, mx %s",
2790 preference, name_out);
2791 proto_tree_add_item(rr_tree, hf_dns_mx_preference, tvb, cur_offset, 2, ENC_BIG_ENDIAN);
2792 cur_offset += 2;
2793 proto_tree_add_string(rr_tree, hf_dns_mx_mail_exchange, tvb, cur_offset, used_bytes, name_out);
2794 /* cur_offset += used_bytes; */
2795 }
2796 break;
2797
2798 case T_TXT: /* TeXT strings (16) */
2799 {
2800 int rr_len = data_len;
2801 int txt_offset;
2802 int txt_len;
2803 const bool is_dnscrypt_name = (strstr(name, "2.dnscrypt-cert.") != NULL);
2804 #define DNSCRYPT_CERT_MAGIC 0x444E5343
2805
2806 txt_offset = cur_offset;
2807 while (rr_len != 0) {
2808 txt_len = tvb_get_uint8(tvb, txt_offset);
2809 proto_tree_add_item(rr_tree, hf_dns_txt_length, tvb, txt_offset, 1, ENC_BIG_ENDIAN);
2810 txt_offset += 1;
2811 rr_len -= 1;
2812 if( is_dnscrypt_name
2813 && txt_len == 124
2814 && rr_len >= txt_len
2815 && tvb_get_uint32(tvb, txt_offset, ENC_BIG_ENDIAN) == DNSCRYPT_CERT_MAGIC){
2816 dissect_dnscrypt(rr_tree, tvb, txt_offset, txt_len);
2817 } else {
2818 proto_tree_add_item(rr_tree, hf_dns_txt, tvb, txt_offset, txt_len, is_mdns ? ENC_UTF_8|ENC_NA : ENC_ASCII|ENC_NA);
2819 }
2820 txt_offset += txt_len;
2821 rr_len -= txt_len;
2822 }
2823 }
2824 break;
2825
2826 case T_RP: /* Responsible Person (17) */
2827 {
2828 int mbox_dname_len, txt_dname_len;
2829 const char *mbox_dname, *txt_dname;
2830
2831 col_append_fstr(pinfo->cinfo, COL_INFO, " %s", name_out);
2832
2833 used_bytes = get_dns_name(tvb, cur_offset, 0, dns_data_offset, &mbox_dname, &mbox_dname_len);
2834 name_out = format_text(pinfo->pool, (const unsigned char*)mbox_dname, mbox_dname_len);
2835 proto_tree_add_string(rr_tree, hf_dns_rp_mailbox, tvb, cur_offset, used_bytes, name_out);
2836 cur_offset += used_bytes;
2837
2838 used_bytes = get_dns_name(tvb, cur_offset, 0, dns_data_offset, &txt_dname, &txt_dname_len);
2839 name_out = format_text(pinfo->pool, (const unsigned char*)txt_dname, txt_dname_len);
2840 proto_tree_add_string(rr_tree, hf_dns_rp_txt_rr, tvb, cur_offset, used_bytes, name_out);
2841 }
2842 break;
2843
2844 case T_AFSDB: /* AFS data base location (18) */
2845 {
2846 const char *host_name;
2847 int host_name_len;
2848
2849 col_append_fstr(pinfo->cinfo, COL_INFO, " %s", name_out);
2850
2851 used_bytes = get_dns_name(tvb, cur_offset + 2, 0, dns_data_offset, &host_name, &host_name_len);
2852 name_out = format_text(pinfo->pool, (const unsigned char*)host_name, host_name_len);
2853
2854 proto_tree_add_item(rr_tree, hf_dns_afsdb_subtype, tvb, cur_offset, 2, ENC_BIG_ENDIAN);
2855 cur_offset += 2;
2856
2857 proto_tree_add_string(rr_tree, hf_dns_afsdb_hostname, tvb, cur_offset, used_bytes, name_out);
2858 }
2859 break;
2860
2861 case T_X25: /* X.25 address (19) */
2862 {
2863 uint8_t x25_len;
2864
2865 col_append_fstr(pinfo->cinfo, COL_INFO, " %s", name_out);
2866
2867 proto_tree_add_item(rr_tree, hf_dns_x25_length, tvb, cur_offset, 1, ENC_BIG_ENDIAN);
2868 x25_len = tvb_get_uint8(tvb, cur_offset);
2869 cur_offset += 1;
2870
2871 proto_tree_add_item(rr_tree, hf_dns_x25_psdn_address, tvb, cur_offset, x25_len, ENC_ASCII);
2872 /*cur_offset += x25_len;*/
2873 }
2874 break;
2875
2876 case T_ISDN: /* ISDN address (20) */
2877 {
2878 uint8_t isdn_address_len, isdn_sa_len;
2879 int rr_len = data_len;
2880
2881 col_append_fstr(pinfo->cinfo, COL_INFO, " %s", name_out);
2882
2883 proto_tree_add_item(rr_tree, hf_dns_isdn_length, tvb, cur_offset, 1, ENC_BIG_ENDIAN);
2884 isdn_address_len = tvb_get_uint8(tvb, cur_offset);
2885 cur_offset += 1;
2886 rr_len -= 1;
2887
2888 proto_tree_add_item(rr_tree, hf_dns_isdn_address, tvb, cur_offset, isdn_address_len, ENC_ASCII);
2889 cur_offset += isdn_address_len;
2890 rr_len -= isdn_address_len;
2891
2892 if (rr_len > 1) /* ISDN SA is optional */ {
2893 proto_tree_add_item(rr_tree, hf_dns_isdn_sa_length, tvb, cur_offset, 1, ENC_BIG_ENDIAN);
2894 isdn_sa_len = tvb_get_uint8(tvb, cur_offset);
2895 cur_offset += 1;
2896
2897 proto_tree_add_item(rr_tree, hf_dns_isdn_sa, tvb, cur_offset, isdn_sa_len, ENC_ASCII);
2898 }
2899 }
2900 break;
2901
2902 case T_RT: /* Route-Through (21) */
2903 {
2904 const char *host_name;
2905 int host_name_len;
2906
2907 col_append_fstr(pinfo->cinfo, COL_INFO, " %s", name_out);
2908
2909 used_bytes = get_dns_name(tvb, cur_offset + 2, 0, dns_data_offset, &host_name, &host_name_len);
2910 name_out = format_text(pinfo->pool, (const unsigned char*)host_name, host_name_len);
2911
2912 proto_tree_add_item(rr_tree, hf_dns_rt_preference, tvb, cur_offset, 2, ENC_BIG_ENDIAN);
2913 cur_offset += 2;
2914
2915 proto_tree_add_string(rr_tree, hf_dns_rt_intermediate_host, tvb, cur_offset, used_bytes, name_out);
2916 }
2917 break;
2918
2919 case T_NSAP: /* for NSAP address, NSAP style A record (22) */
2920 {
2921 col_append_fstr(pinfo->cinfo, COL_INFO, " %s", name_out);
2922 proto_tree_add_item(rr_tree, hf_dns_nsap_rdata, tvb, cur_offset, data_len, ENC_NA);
2923 }
2924 break;
2925
2926 case T_NSAP_PTR: /* for domain name pointer, NSAP style (23) */
2927 {
2928 int nsap_ptr_owner_len;
2929 const char *nsap_ptr_owner;
2930
2931 col_append_fstr(pinfo->cinfo, COL_INFO, " %s", name_out);
2932
2933 used_bytes = get_dns_name(tvb, cur_offset, 0, dns_data_offset, &nsap_ptr_owner, &nsap_ptr_owner_len);
2934 name_out = format_text(pinfo->pool, (const unsigned char*)nsap_ptr_owner, nsap_ptr_owner_len);
2935 proto_tree_add_string(rr_tree, hf_dns_nsap_ptr_owner, tvb, cur_offset, used_bytes, name_out);
2936 }
2937 break;
2938
2939
2940 case T_KEY: /* Public Key (25) */
2941 {
2942 int rr_len = data_len;
2943 uint16_t flags;
2944 proto_item *tf, *ti_gen;
2945 proto_tree *flags_tree;
2946 uint8_t algo;
2947 uint16_t key_id;
2948
2949 tf = proto_tree_add_item(rr_tree, hf_dns_key_flags, tvb, cur_offset, 2, ENC_BIG_ENDIAN);
2950 flags_tree = proto_item_add_subtree(tf, ett_key_flags);
2951 flags = tvb_get_ntohs(tvb, cur_offset);
2952
2953 proto_tree_add_item(flags_tree, hf_dns_key_flags_authentication, tvb, cur_offset, 2, ENC_BIG_ENDIAN);
2954 proto_tree_add_item(flags_tree, hf_dns_key_flags_confidentiality, tvb, cur_offset, 2, ENC_BIG_ENDIAN);
2955 if ((flags & 0xC000) != 0xC000) {
2956 /* We have a key */
2957 proto_tree_add_item(flags_tree, hf_dns_key_flags_key_required, tvb, cur_offset, 2, ENC_BIG_ENDIAN);
2958 proto_tree_add_item(flags_tree, hf_dns_key_flags_associated_user, tvb, cur_offset, 2, ENC_BIG_ENDIAN);
2959 proto_tree_add_item(flags_tree, hf_dns_key_flags_associated_named_entity, tvb, cur_offset, 2, ENC_BIG_ENDIAN);
2960 proto_tree_add_item(flags_tree, hf_dns_key_flags_ipsec, tvb, cur_offset, 2, ENC_BIG_ENDIAN);
2961 proto_tree_add_item(flags_tree, hf_dns_key_flags_mime, tvb, cur_offset, 2, ENC_BIG_ENDIAN);
2962 proto_tree_add_item(flags_tree, hf_dns_key_flags_signatory, tvb, cur_offset, 2, ENC_BIG_ENDIAN);
2963 }
2964 cur_offset += 2;
2965 rr_len -= 2;
2966
2967 proto_tree_add_item(rr_tree, hf_dns_key_protocol, tvb, cur_offset, 1, ENC_BIG_ENDIAN);
2968 cur_offset += 1;
2969 rr_len -= 1;
2970
2971 proto_tree_add_item(rr_tree, hf_dns_key_algorithm, tvb, cur_offset, 1, ENC_BIG_ENDIAN);
2972 algo = tvb_get_uint8(tvb, cur_offset);
2973 cur_offset += 1;
2974 rr_len -= 1;
2975
2976 if (compute_key_id(rr_tree, pinfo, tvb, cur_offset-4, rr_len+4, algo, &key_id)) {
2977 ti_gen = proto_tree_add_uint(rr_tree, hf_dns_key_key_id, tvb, 0, 0, key_id);
2978 proto_item_set_generated(ti_gen);
2979 }
2980
2981 if (rr_len != 0) {
2982 proto_tree_add_item(rr_tree, hf_dns_key_public_key, tvb, cur_offset, rr_len, ENC_NA);
2983 }
2984 }
2985 break;
2986
2987 case T_PX: /* Pointer to X.400/RFC822 mapping info (26)*/
2988 {
2989 int px_map822_len, px_mapx400_len;
2990 const char *px_map822_dnsname, *px_mapx400_dnsname;
2991
2992 col_append_fstr(pinfo->cinfo, COL_INFO, " %s", name_out);
2993 proto_tree_add_item(rr_tree, hf_dns_px_preference, tvb, cur_offset, 2, ENC_BIG_ENDIAN);
2994 cur_offset += 2;
2995
2996 used_bytes = get_dns_name(tvb, cur_offset, 0, dns_data_offset, &px_map822_dnsname, &px_map822_len);
2997 name_out = format_text(pinfo->pool, (const unsigned char*)px_map822_dnsname, px_map822_len);
2998 proto_tree_add_string(rr_tree, hf_dns_px_map822, tvb, cur_offset, used_bytes, name_out);
2999 cur_offset += used_bytes;
3000
3001 used_bytes = get_dns_name(tvb, cur_offset, 0, dns_data_offset, &px_mapx400_dnsname, &px_mapx400_len);
3002 name_out = format_text(pinfo->pool, (const unsigned char*)px_mapx400_dnsname, px_mapx400_len);
3003 proto_tree_add_string(rr_tree, hf_dns_px_mapx400, tvb, cur_offset, used_bytes, name_out);
3004 /*cur_offset += used_bytes;*/
3005 }
3006 break;
3007
3008 case T_GPOS: /* Geographical POSition (27) */
3009 {
3010 uint8_t long_len, lat_len, alt_len;
3011
3012 col_append_fstr(pinfo->cinfo, COL_INFO, " %s", name_out);
3013 proto_tree_add_item(rr_tree, hf_dns_gpos_longitude_length, tvb, cur_offset, 1, ENC_BIG_ENDIAN);
3014 long_len = tvb_get_uint8(tvb, cur_offset);
3015 cur_offset += 1;
3016
3017 proto_tree_add_item(rr_tree, hf_dns_gpos_longitude, tvb, cur_offset, long_len, ENC_ASCII);
3018 cur_offset += long_len;
3019
3020 proto_tree_add_item(rr_tree, hf_dns_gpos_latitude_length, tvb, cur_offset, 1, ENC_BIG_ENDIAN);
3021 lat_len = tvb_get_uint8(tvb, cur_offset);
3022 cur_offset += 1;
3023
3024 proto_tree_add_item(rr_tree, hf_dns_gpos_latitude, tvb, cur_offset, lat_len, ENC_ASCII);
3025 cur_offset += lat_len;
3026
3027 proto_tree_add_item(rr_tree, hf_dns_gpos_altitude_length, tvb, cur_offset, 1, ENC_BIG_ENDIAN);
3028 alt_len = tvb_get_uint8(tvb, cur_offset);
3029 cur_offset += 1;
3030
3031 proto_tree_add_item(rr_tree, hf_dns_gpos_altitude, tvb, cur_offset, alt_len, ENC_ASCII);
3032 /*cur_offset += alt_len;*/
3033 }
3034 break;
3035
3036 case T_AAAA: /* IPv6 Address (28) */
3037 {
3038 const char *addr6;
3039
3040 addr6 = tvb_ip6_to_str(pinfo->pool, tvb, cur_offset);
3041 col_append_fstr(pinfo->cinfo, COL_INFO, " %s", addr6);
3042
3043 proto_item_append_text(trr, ", addr %s", addr6);
3044 proto_tree_add_item(rr_tree, hf_dns_aaaa, tvb, cur_offset, 16, ENC_NA);
3045
3046 if (gbl_resolv_flags.dns_pkt_addr_resolution && (dns_class & 0x7f) == C_IN &&
3047 !PINFO_FD_VISITED(pinfo)) {
3048 ws_in6_addr addr_in6;
3049 tvb_memcpy(tvb, &addr_in6, cur_offset, sizeof(addr_in6));
3050 add_ipv6_name(&addr_in6, name, false);
3051 }
3052 }
3053 break;
3054
3055 case T_LOC: /* Geographical Location (29) */
3056 {
3057 uint8_t version;
3058 proto_item *ti;
3059
3060 version = tvb_get_uint8(tvb, cur_offset);
3061 proto_tree_add_item(rr_tree, hf_dns_loc_version, tvb, cur_offset, 1, ENC_BIG_ENDIAN);
3062 if (version == 0) {
3063 /* Version 0, the only version RFC 1876 discusses. */
3064 cur_offset++;
3065
3066 ti = proto_tree_add_item(rr_tree, hf_dns_loc_size, tvb, cur_offset, 1, ENC_BIG_ENDIAN);
3067 proto_item_append_text(ti, " (%g m)", rfc1867_size(tvb, cur_offset));
3068 cur_offset++;
3069
3070 ti = proto_tree_add_item(rr_tree, hf_dns_loc_horizontal_precision, tvb, cur_offset, 1, ENC_BIG_ENDIAN);
3071 proto_item_append_text(ti, " (%g m)", rfc1867_size(tvb, cur_offset));
3072 cur_offset++;
3073
3074 ti = proto_tree_add_item(rr_tree, hf_dns_loc_vertical_precision, tvb, cur_offset, 1, ENC_BIG_ENDIAN);
3075 proto_item_append_text(ti, " (%g m)", rfc1867_size(tvb, cur_offset));
3076 cur_offset++;
3077
3078 ti = proto_tree_add_item(rr_tree, hf_dns_loc_latitude, tvb, cur_offset, 4, ENC_BIG_ENDIAN);
3079 proto_item_append_text(ti, " (%s)", rfc1867_angle(tvb, cur_offset, false));
3080 cur_offset += 4;
3081
3082 ti = proto_tree_add_item(rr_tree, hf_dns_loc_longitude, tvb, cur_offset, 4, ENC_BIG_ENDIAN);
3083 proto_item_append_text(ti, " (%s)", rfc1867_angle(tvb, cur_offset, true));
3084 cur_offset += 4;
3085
3086 ti = proto_tree_add_item(rr_tree, hf_dns_loc_altitude, tvb, cur_offset, 4, ENC_BIG_ENDIAN);
3087 proto_item_append_text(ti, " (%g m)", (tvb_get_ntohil(tvb, cur_offset) - 10000000)/100.0);
3088 } else {
3089 proto_tree_add_item(rr_tree, hf_dns_loc_unknown_data, tvb, cur_offset, data_len, ENC_NA);
3090 }
3091 }
3092 break;
3093
3094 case T_NXT: /* Next name (30) */
3095 {
3096 int rr_len = data_len;
3097 const char *next_domain_name;
3098 int next_domain_name_len;
3099
3100 used_bytes = get_dns_name(tvb, cur_offset, 0, dns_data_offset,
3101 &next_domain_name, &next_domain_name_len);
3102 name_out = format_text(pinfo->pool, (const unsigned char*)next_domain_name, next_domain_name_len);
3103 col_append_fstr(pinfo->cinfo, COL_INFO, " %s", name_out);
3104 proto_item_append_text(trr, ", next domain name %s", name_out);
3105 proto_tree_add_string(rr_tree, hf_dns_nxt_next_domain_name, tvb, cur_offset, used_bytes, name_out);
3106 cur_offset += used_bytes;
3107 rr_len -= used_bytes;
3108 dissect_type_bitmap_nxt(rr_tree, tvb, cur_offset, rr_len);
3109 }
3110 break;
3111
3112 case T_SRV: /* Service Location (33) */
3113 {
3114 uint16_t priority = 0;
3115 uint16_t weight = 0;
3116 uint16_t port = 0;
3117 const char *target;
3118 int target_len;
3119
3120 proto_tree_add_item(rr_tree, hf_dns_srv_priority, tvb, cur_offset, 2, ENC_BIG_ENDIAN);
3121 priority = tvb_get_ntohs(tvb, cur_offset);
3122 cur_offset += 2;
3123
3124 proto_tree_add_item(rr_tree, hf_dns_srv_weight, tvb, cur_offset, 2, ENC_BIG_ENDIAN);
3125 weight = tvb_get_ntohs(tvb, cur_offset);
3126 cur_offset += 2;
3127
3128 proto_tree_add_item(rr_tree, hf_dns_srv_port, tvb, cur_offset, 2, ENC_BIG_ENDIAN);
3129 port = tvb_get_ntohs(tvb, cur_offset);
3130 cur_offset += 2;
3131
3132 used_bytes = get_dns_name(tvb, cur_offset, 0, dns_data_offset, &target, &target_len);
3133 name_out = format_text(pinfo->pool, (const unsigned char*)target, target_len);
3134
3135 proto_tree_add_string(rr_tree, hf_dns_srv_target, tvb, cur_offset, used_bytes, name_out);
3136
3137 col_append_fstr(pinfo->cinfo, COL_INFO, " %u %u %u %s", priority, weight, port, name_out);
3138 proto_item_append_text(trr,
3139 ", priority %u, weight %u, port %u, target %s",
3140 priority, weight, port, name_out);
3141 }
3142 break;
3143
3144 case T_NAPTR: /* Naming Authority PoinTeR (35) */
3145 {
3146 proto_item *ti_len;
3147 int offset = cur_offset;
3148 uint16_t order;
3149 uint16_t preference;
3150 const uint8_t *flags;
3151 uint8_t flags_len;
3152 uint8_t service_len;
3153 uint8_t regex_len;
3154 const char *replacement;
3155 int replacement_len;
3156
3157 /* Order */
3158 proto_tree_add_item(rr_tree, hf_dns_naptr_order, tvb, offset, 2, ENC_BIG_ENDIAN);
3159 order = tvb_get_ntohs(tvb, offset);
3160 offset += 2;
3161
3162 /* Preference */
3163 proto_tree_add_item(rr_tree, hf_dns_naptr_preference, tvb, offset, 2, ENC_BIG_ENDIAN);
3164 preference = tvb_get_ntohs(tvb, offset);
3165 offset += 2;
3166
3167 /* Flags */
3168 proto_tree_add_item(rr_tree, hf_dns_naptr_flags_length, tvb, offset, 1, ENC_BIG_ENDIAN);
3169 flags_len = tvb_get_uint8(tvb, offset);
3170 offset += 1;
3171 proto_tree_add_item_ret_string(rr_tree, hf_dns_naptr_flags, tvb, offset, flags_len, ENC_ASCII|ENC_NA, pinfo->pool, &flags);
3172 offset += flags_len;
3173
3174 /* Service */
3175 proto_tree_add_item(rr_tree, hf_dns_naptr_service_length, tvb, offset, 1, ENC_BIG_ENDIAN);
3176 service_len = tvb_get_uint8(tvb, offset);
3177 offset += 1;
3178 proto_tree_add_item(rr_tree, hf_dns_naptr_service, tvb, offset, service_len, ENC_ASCII);
3179 offset += service_len;
3180
3181 /* Regex */
3182 proto_tree_add_item(rr_tree, hf_dns_naptr_regex_length, tvb, offset, 1, ENC_BIG_ENDIAN);
3183 regex_len = tvb_get_uint8(tvb, offset);
3184 offset += 1;
3185 proto_tree_add_item(rr_tree, hf_dns_naptr_regex, tvb, offset, regex_len, ENC_ASCII);
3186 offset += regex_len;
3187
3188 /* Replacement */
3189 used_bytes = get_dns_name(tvb, offset, 0, dns_data_offset, &replacement, &replacement_len);
3190 name_out = format_text(pinfo->pool, (const unsigned char*)replacement, replacement_len);
3191 ti_len = proto_tree_add_uint(rr_tree, hf_dns_naptr_replacement_length, tvb, offset, 0, replacement_len);
3192 proto_item_set_generated(ti_len);
3193
3194 proto_tree_add_string(rr_tree, hf_dns_naptr_replacement, tvb, offset, used_bytes, name_out);
3195
3196 col_append_fstr(pinfo->cinfo, COL_INFO, " %u %u %s", order, preference, flags);
3197
3198 proto_item_append_text(trr, ", order %u, preference %u, flags %s",
3199 order, preference, flags);
3200 }
3201 break;
3202
3203 case T_KX: /* Key Exchange (36) */
3204 {
3205 const char *kx_name;
3206 int kx_name_len;
3207
3208 used_bytes = get_dns_name(tvb, cur_offset + 2, 0, dns_data_offset, &kx_name, &kx_name_len);
3209 name_out = format_text(pinfo->pool, (const unsigned char*)kx_name, kx_name_len);
3210 col_append_fstr(pinfo->cinfo, COL_INFO, " %u %s", tvb_get_ntohs(tvb, cur_offset), name_out);
3211 proto_item_append_text(trr, ", preference %u, kx %s",
3212 tvb_get_ntohs(tvb, cur_offset), name_out);
3213 proto_tree_add_item(rr_tree, hf_dns_kx_preference, tvb, cur_offset, 2, ENC_BIG_ENDIAN);
3214 proto_tree_add_string(rr_tree, hf_dns_kx_key_exchange, tvb, cur_offset + 2, used_bytes, name_out);
3215 }
3216 break;
3217
3218 case T_CERT: /* Certificate (37) */
3219 {
3220 int rr_len = data_len;
3221
3222 proto_tree_add_item(rr_tree, hf_dns_cert_type, tvb, cur_offset, 2, ENC_BIG_ENDIAN);
3223 cur_offset += 2;
3224 rr_len -= 2;
3225
3226 proto_tree_add_item(rr_tree, hf_dns_cert_key_tag, tvb, cur_offset, 2, ENC_BIG_ENDIAN);
3227 cur_offset += 2;
3228 rr_len -= 2;
3229
3230 proto_tree_add_item(rr_tree, hf_dns_cert_algorithm, tvb, cur_offset, 1, ENC_BIG_ENDIAN);
3231 cur_offset += 1;
3232 rr_len -= 1;
3233
3234 if (rr_len != 0) {
3235 proto_tree_add_item(rr_tree, hf_dns_cert_certificate, tvb, cur_offset, rr_len, ENC_NA);
3236 }
3237 }
3238 break;
3239
3240 case T_A6: /* IPv6 address with indirection (38) Obso */
3241 {
3242 unsigned short pre_len;
3243 unsigned short suf_len;
3244 unsigned short suf_octet_count;
3245 const char *pname;
3246 int pname_len;
3247 int a6_offset;
3248 int suf_offset;
3249 ws_in6_addr suffix;
3250 address suffix_addr;
3251
3252 a6_offset = cur_offset;
3253 pre_len = tvb_get_uint8(tvb, cur_offset);
3254 cur_offset++;
3255 suf_len = 128 - pre_len;
3256 suf_octet_count = suf_len ? (suf_len - 1) / 8 + 1 : 0;
3257 /* Pad prefix */
3258 for (suf_offset = 0; suf_offset < 16 - suf_octet_count; suf_offset++) {
3259 suffix.bytes[suf_offset] = 0;
3260 }
3261 for (; suf_offset < 16; suf_offset++) {
3262 suffix.bytes[suf_offset] = tvb_get_uint8(tvb, cur_offset);
3263 cur_offset++;
3264 }
3265
3266 if (pre_len > 0) {
3267 used_bytes = get_dns_name(tvb, cur_offset, 0, dns_data_offset,
3268 &pname, &pname_len);
3269 } else {
3270 pname = "";
3271 pname_len = 0;
3272 }
3273 name_out = format_text(pinfo->pool, (const unsigned char*)pname, pname_len);
3274
3275 set_address(&suffix_addr, AT_IPv6, 16, suffix.bytes);
3276 col_append_fstr(pinfo->cinfo, COL_INFO, " %d %s %s",
3277 pre_len,
3278 address_to_str(pinfo->pool, &suffix_addr),
3279 name_out);
3280
3281 proto_tree_add_item(rr_tree, hf_dns_a6_prefix_len,tvb, a6_offset, 1, ENC_BIG_ENDIAN);
3282 a6_offset++;
3283 if (suf_len) {
3284 proto_tree_add_ipv6(rr_tree, hf_dns_a6_address_suffix,tvb, a6_offset, suf_octet_count, &suffix);
3285 a6_offset += suf_octet_count;
3286 }
3287 if (pre_len > 0) {
3288 proto_tree_add_string(rr_tree, hf_dns_a6_prefix_name, tvb, a6_offset, used_bytes, name_out);
3289 }
3290 proto_item_append_text(trr, ", addr %d %s %s",
3291 pre_len,
3292 address_to_str(pinfo->pool, &suffix_addr),
3293 name_out);
3294 }
3295 break;
3296
3297 case T_DNAME: /* Non-terminal DNS name redirection (39) */
3298 {
3299 const char *dname;
3300 int dname_len;
3301
3302 used_bytes = get_dns_name(tvb, cur_offset, 0, dns_data_offset,
3303 &dname, &dname_len);
3304 name_out = format_text(pinfo->pool, (const unsigned char*)dname, dname_len);
3305 col_append_fstr(pinfo->cinfo, COL_INFO, " %s", name_out);
3306 proto_item_append_text(trr, ", dname %s", name_out);
3307 proto_tree_add_string(rr_tree, hf_dns_dname, tvb, cur_offset, used_bytes, name_out);
3308 }
3309 break;
3310
3311 case T_OPT: /* Option (41) */
3312 {
3313 int rropt_len = data_len;
3314 uint16_t optcode, optlen;
3315 proto_item *rropt, *rroptlen;
3316 proto_tree *rropt_tree;
3317
3318 while (rropt_len > 0) {
3319 optcode = tvb_get_ntohs(tvb, cur_offset);
3320 rropt_len -= 2;
3321
3322 optlen = tvb_get_ntohs(tvb, cur_offset + 2);
3323 rropt_len -= 2;
3324
3325 rropt = proto_tree_add_item(rr_tree, hf_dns_opt, tvb, cur_offset, 4 + optlen, ENC_NA);
3326 proto_item_append_text(rropt, ": %s", val_to_str(optcode, edns0_opt_code_vals, "Unknown (%d)"));
3327 rropt_tree = proto_item_add_subtree(rropt, ett_dns_opts);
3328 rropt = proto_tree_add_item(rropt_tree, hf_dns_opt_code, tvb, cur_offset, 2, ENC_BIG_ENDIAN);
3329 cur_offset += 2;
3330 rroptlen = proto_tree_add_item(rropt_tree, hf_dns_opt_len, tvb, cur_offset, 2, ENC_BIG_ENDIAN);
3331 cur_offset += 2;
3332
3333 proto_tree_add_item(rropt_tree, hf_dns_opt_data, tvb, cur_offset, optlen, ENC_NA);
3334 switch(optcode) {
3335
3336 case O_DAU: /* DNSSEC Algorithm Understood (RFC6975) */
3337 {
3338 while (optlen != 0) {
3339 proto_tree_add_item(rropt_tree, hf_dns_opt_dau, tvb, cur_offset, 1, ENC_BIG_ENDIAN);
3340 cur_offset += 1;
3341 rropt_len -= 1;
3342 optlen -= 1;
3343 }
3344 }
3345 break;
3346
3347 case O_DHU: /* DS Hash Understood (RFC6975) */
3348 {
3349 while (optlen != 0) {
3350 proto_tree_add_item(rropt_tree, hf_dns_opt_dhu, tvb, cur_offset, 1, ENC_BIG_ENDIAN);
3351 cur_offset += 1;
3352 rropt_len -= 1;
3353 optlen -= 1;
3354 }
3355 }
3356 break;
3357
3358 case O_N3U: /* N3SEC Hash Understood (RFC6975) */
3359 {
3360 while (optlen != 0) {
3361 proto_tree_add_item(rropt_tree, hf_dns_opt_n3u, tvb, cur_offset, 1, ENC_BIG_ENDIAN);
3362 cur_offset += 1;
3363 rropt_len -= 1;
3364 optlen -= 1;
3365 }
3366 }
3367 break;
3368
3369 case O_CLIENT_SUBNET_EXP: /* draft-vandergaast-edns-client-subnet */
3370 expert_add_info_format(pinfo, rropt, &ei_dns_depr_opc,
3371 "Deprecated opcode. Client subnet OPT assigned as %d.", O_CLIENT_SUBNET);
3372 /* Intentional fall-through */
3373
3374 case O_CLIENT_SUBNET:
3375 {
3376 uint16_t family;
3377 uint16_t addr_len = optlen - 4;
3378 union {
3379 uint32_t addr;
3380 uint8_t bytes[16];
3381 } ip_addr = {0};
3382
3383 family = tvb_get_ntohs(tvb, cur_offset);
3384 proto_tree_add_item(rropt_tree, hf_dns_opt_client_family, tvb, cur_offset, 2, ENC_BIG_ENDIAN);
3385 cur_offset += 2;
3386 proto_tree_add_item(rropt_tree, hf_dns_opt_client_netmask, tvb, cur_offset, 1, ENC_BIG_ENDIAN);
3387 cur_offset += 1;
3388 proto_tree_add_item(rropt_tree, hf_dns_opt_client_scope, tvb, cur_offset, 1, ENC_BIG_ENDIAN);
3389 cur_offset += 1;
3390
3391 if (addr_len > 16) {
3392 expert_add_info(pinfo, rroptlen, &ei_dns_opt_bad_length);
3393 /* Avoid stack-smashing which occurs otherwise with the
3394 * following tvb_memcpy. */
3395 addr_len = 16;
3396 }
3397 tvb_memcpy(tvb, ip_addr.bytes, cur_offset, addr_len);
3398 switch (family) {
3399
3400 case AFNUM_INET:
3401 {
3402 proto_tree_add_ipv4(rropt_tree, hf_dns_opt_client_addr4, tvb,
3403 cur_offset, addr_len, ip_addr.addr);
3404 }
3405 break;
3406
3407 case AFNUM_INET6:
3408 {
3409 proto_tree_add_ipv6(rropt_tree, hf_dns_opt_client_addr6, tvb,
3410 cur_offset, addr_len, (ws_in6_addr *)&ip_addr);
3411 }
3412 break;
3413
3414 default:
3415 {
3416 proto_tree_add_item(rropt_tree, hf_dns_opt_client_addr, tvb, cur_offset, (optlen - 4),
3417 ENC_NA);
3418 }
3419 break;
3420 }
3421 cur_offset += (optlen - 4);
3422 rropt_len -= optlen;
3423 }
3424 break;
3425
3426 case O_COOKIE:
3427 {
3428 proto_tree_add_item(rropt_tree, hf_dns_opt_cookie_client, tvb, cur_offset, 8, ENC_NA);
3429 cur_offset += 8;
3430 rropt_len -= 8;
3431 optlen -= 8;
3432 proto_tree_add_item(rropt_tree, hf_dns_opt_cookie_server, tvb, cur_offset, optlen, ENC_NA);
3433 cur_offset += optlen;
3434 rropt_len -= optlen;
3435 }
3436 break;
3437
3438 case O_EDNS_TCP_KA:
3439 {
3440 if (optlen == 2) {
3441 proto_tree_add_item(rropt_tree, hf_dns_opt_edns_tcp_keepalive_timeout, tvb, cur_offset, 2, ENC_BIG_ENDIAN);
3442 }
3443 cur_offset += optlen;
3444 rropt_len -= optlen;
3445 }
3446 break;
3447
3448 case O_PADDING:
3449 {
3450 proto_tree_add_item(rropt_tree, hf_dns_opt_padding, tvb, cur_offset, optlen, ENC_NA);
3451 cur_offset += optlen;
3452 rropt_len -= optlen;
3453 }
3454 break;
3455
3456 case O_CHAIN:
3457 {
3458 if (optlen) {
3459 proto_tree_add_item(rropt_tree, hf_dns_opt_chain_fqdn, tvb, cur_offset, optlen, ENC_ASCII);
3460 }
3461 cur_offset += optlen;
3462 rropt_len -= optlen;
3463 }
3464 break;
3465
3466 case O_EXT_ERROR:
3467 {
3468 if (optlen >= 2) {
3469 proto_tree_add_item(rropt_tree, hf_dns_opt_ext_error_info_code, tvb, cur_offset, 2, ENC_BIG_ENDIAN);
3470 cur_offset += 2;
3471 rropt_len -= 2;
3472 if (optlen > 2) {
3473 proto_tree_add_item(rropt_tree, hf_dns_opt_ext_error_extra_text, tvb, cur_offset, optlen - 2, ENC_UTF_8);
3474 cur_offset += (optlen - 2);
3475 rropt_len -= (optlen - 2);
3476 }
3477 }
3478 }
3479 break;
3480
3481 case O_REPORT_CHANNEL:
3482 {
3483
3484 const char *dname;
3485 int dname_len;
3486
3487 used_bytes = get_dns_name(tvb, cur_offset, 0, dns_data_offset,
3488 &dname, &dname_len);
3489 name_out = format_text(wmem_packet_scope(), (const unsigned char*)dname, dname_len);
3490 proto_tree_add_string(rropt_tree, hf_dns_opt_agent_domain, tvb, cur_offset, used_bytes, name_out);
3491
3492 cur_offset += used_bytes;
3493 rropt_len -= used_bytes;
3494 }
3495 break;
3496
3497 case O_ZONEVERSION:
3498 {
3499 uint32_t type;
3500 if (optlen >= 2) {
3501 proto_tree_add_item(rropt_tree, hf_dns_opt_zoneversion_labelcount, tvb, cur_offset, 1, ENC_NA);
3502 cur_offset += 1;
3503 rropt_len -= 1;
3504 proto_tree_add_item_ret_uint(rropt_tree, hf_dns_opt_zoneversion_type, tvb, cur_offset, 1, ENC_NA, &type);
3505 cur_offset += 1;
3506 rropt_len -= 1;
3507 if (optlen > 2) {
3508 switch (type) {
3509 case DNS_ZONEVERSION_TYPE_SOA_SERIAL:
3510 proto_tree_add_item(rropt_tree, hf_dns_opt_zoneversion_soa, tvb, cur_offset, 4, ENC_BIG_ENDIAN);
3511 cur_offset += 4;
3512 rropt_len -= 4;
3513 break;
3514 default:
3515 proto_tree_add_item(rropt_tree, hf_dns_opt_zoneversion_version, tvb, cur_offset, optlen - 2, ENC_NA);
3516 cur_offset += (optlen - 2);
3517 rropt_len -= (optlen - 2);
3518 }
3519 }
3520 }
3521 }
3522 break;
3523 default:
3524 {
3525 cur_offset += optlen;
3526 rropt_len -= optlen;
3527 }
3528 break;
3529 }
3530 }
3531 }
3532 break;
3533
3534 case T_APL: /* Lists of Address Prefixes (42) */
3535 {
3536 int rr_len = data_len;
3537 uint16_t afamily;
3538 uint8_t afdpart_len;
3539
3540 col_append_fstr(pinfo->cinfo, COL_INFO, " %s", name_out);
3541
3542 while (rr_len > 1) {
3543 afamily = tvb_get_ntohs(tvb, cur_offset);
3544 proto_tree_add_item(rr_tree, hf_dns_apl_address_family, tvb, cur_offset, 2, ENC_BIG_ENDIAN);
3545 cur_offset += 2;
3546 rr_len -= 2;
3547
3548 proto_tree_add_item(rr_tree, hf_dns_apl_coded_prefix, tvb, cur_offset, 1, ENC_BIG_ENDIAN);
3549 cur_offset += 1;
3550 rr_len -= 1;
3551
3552 afdpart_len = tvb_get_uint8(tvb, cur_offset) & DNS_APL_AFDLENGTH;
3553 proto_tree_add_item(rr_tree, hf_dns_apl_negation, tvb, cur_offset, 1, ENC_BIG_ENDIAN);
3554 proto_tree_add_item(rr_tree, hf_dns_apl_afdlength, tvb, cur_offset, 1, ENC_BIG_ENDIAN);
3555 cur_offset += 1;
3556 rr_len -= 1;
3557
3558 if (afamily == AFNUM_INET && afdpart_len <= 4) {
3559 ws_in4_addr *addr4_copy;
3560
3561 addr4_copy = (ws_in4_addr *)wmem_alloc0(pinfo->pool, 4);
3562 tvb_memcpy(tvb, (void *)addr4_copy, cur_offset, afdpart_len);
3563 proto_tree_add_ipv4(rr_tree, hf_dns_apl_afdpart_ipv4, tvb, cur_offset, afdpart_len, *addr4_copy);
3564 } else if (afamily == AFNUM_INET6 && afdpart_len <= 16) {
3565 ws_in6_addr *addr6_copy;
3566
3567 addr6_copy = (ws_in6_addr *)wmem_alloc0(pinfo->pool, 16);
3568 tvb_memcpy(tvb, (void *)addr6_copy, cur_offset, afdpart_len);
3569 proto_tree_add_ipv6(rr_tree, hf_dns_apl_afdpart_ipv6, tvb, cur_offset, afdpart_len, addr6_copy);
3570 } else { /* Other... */
3571 proto_tree_add_item(rr_tree, hf_dns_apl_afdpart_data, tvb, cur_offset, afdpart_len, ENC_NA);
3572 }
3573 cur_offset += afdpart_len;
3574 rr_len -= afdpart_len;
3575 }
3576 }
3577 break;
3578
3579 case T_DS: /* Delegation Signature (43) */
3580 case T_CDS: /* Child DS (59) */
3581 case T_DLV:
3582 {
3583 int rr_len = data_len;
3584
3585 proto_tree_add_item(rr_tree, hf_dns_ds_key_id, tvb, cur_offset, 2, ENC_BIG_ENDIAN);
3586 cur_offset += 2;
3587 rr_len -= 2;
3588
3589 proto_tree_add_item(rr_tree, hf_dns_ds_algorithm, tvb, cur_offset, 1, ENC_BIG_ENDIAN);
3590 cur_offset += 1;
3591 rr_len -= 1;
3592
3593 proto_tree_add_item(rr_tree, hf_dns_ds_digest_type, tvb, cur_offset, 1, ENC_BIG_ENDIAN);
3594 cur_offset += 1;
3595 rr_len -= 1;
3596
3597 proto_tree_add_item(rr_tree, hf_dns_ds_digest, tvb, cur_offset, rr_len, ENC_NA);
3598 }
3599 break;
3600
3601 case T_SSHFP: /* Securely Publish SSH Key Fingerprints (44) */
3602 {
3603 int rr_len = data_len;
3604
3605 proto_tree_add_item(rr_tree, hf_dns_sshfp_algorithm, tvb, cur_offset, 1, ENC_BIG_ENDIAN);
3606 cur_offset += 1;
3607 rr_len -= 1;
3608
3609 proto_tree_add_item(rr_tree, hf_dns_sshfp_fingerprint_type, tvb, cur_offset, 1, ENC_BIG_ENDIAN);
3610 cur_offset += 1;
3611 rr_len -= 1;
3612
3613
3614 if (rr_len != 0) {
3615 proto_tree_add_item(rr_tree, hf_dns_sshfp_fingerprint, tvb, cur_offset, rr_len, ENC_NA);
3616 }
3617 }
3618 break;
3619
3620 case T_IPSECKEY: /* IPsec Key (45) */
3621 {
3622 int rr_len = data_len;
3623 uint8_t gw_type;
3624 const char *gw;
3625 int gw_name_len;
3626
3627 proto_tree_add_item(rr_tree, hf_dns_ipseckey_gateway_precedence, tvb, cur_offset, 1, ENC_BIG_ENDIAN);
3628 cur_offset += 1;
3629 rr_len -= 1;
3630
3631 proto_tree_add_item(rr_tree, hf_dns_ipseckey_gateway_type, tvb, cur_offset, 1, ENC_BIG_ENDIAN);
3632 gw_type = tvb_get_uint8(tvb, cur_offset);
3633 cur_offset += 1;
3634 rr_len -= 1;
3635
3636 proto_tree_add_item(rr_tree, hf_dns_ipseckey_gateway_algorithm, tvb, cur_offset, 1, ENC_BIG_ENDIAN);
3637 cur_offset += 1;
3638 rr_len -= 1;
3639
3640 switch (gw_type) {
3641
3642 case 0:
3643 {
3644 /* No Gateway */
3645 }
3646 break;
3647
3648 case 1:
3649 {
3650 proto_tree_add_item(rr_tree, hf_dns_ipseckey_gateway_ipv4, tvb, cur_offset, 4, ENC_BIG_ENDIAN);
3651 cur_offset += 4;
3652 rr_len -= 4;
3653 }
3654 break;
3655
3656 case 2:
3657 {
3658 proto_tree_add_item(rr_tree, hf_dns_ipseckey_gateway_ipv6, tvb, cur_offset, 16, ENC_NA);
3659 cur_offset += 16;
3660 rr_len -= 16;
3661 }
3662 break;
3663
3664 case 3:
3665 {
3666 used_bytes = get_dns_name(tvb, cur_offset, 0, dns_data_offset, &gw, &gw_name_len);
3667 name_out = format_text(pinfo->pool, (const unsigned char*)gw, gw_name_len);
3668 proto_tree_add_string(rr_tree, hf_dns_ipseckey_gateway_dns, tvb, cur_offset, used_bytes, name_out);
3669
3670 cur_offset += used_bytes;
3671 rr_len -= used_bytes;
3672 }
3673 break;
3674
3675 default:
3676 break;
3677 }
3678 if (rr_len != 0) {
3679 proto_tree_add_item(rr_tree, hf_dns_ipseckey_public_key, tvb, cur_offset, rr_len, ENC_NA);
3680 }
3681 }
3682 break;
3683
3684 case T_RRSIG: /* RRSIG (46) */
3685 case T_SIG: /* Security SIgnature (24) */
3686 {
3687 int rr_len = data_len;
3688 const char *signer_name;
3689 int signer_name_len;
3690 proto_item *ti;
3691 uint32_t type;
3692
3693 ti = proto_tree_add_item_ret_uint(rr_tree, hf_dns_rrsig_type_covered, tvb, cur_offset, 2, ENC_BIG_ENDIAN, &type);
3694 proto_item_append_text(ti, " %s", val_to_str_ext(type, &dns_types_description_vals_ext, "Unknown (%d)"));
3695 cur_offset += 2;
3696 rr_len -= 2;
3697
3698 proto_tree_add_item(rr_tree, hf_dns_rrsig_algorithm, tvb, cur_offset, 1, ENC_BIG_ENDIAN);
3699 cur_offset += 1;
3700 rr_len -= 1;
3701
3702 proto_tree_add_item(rr_tree, hf_dns_rrsig_labels, tvb, cur_offset, 1, ENC_BIG_ENDIAN);
3703 cur_offset += 1;
3704 rr_len -= 1;
3705
3706 ti = proto_tree_add_item(rr_tree, hf_dns_rrsig_original_ttl, tvb, cur_offset, 4, ENC_BIG_ENDIAN);
3707 proto_item_append_text(ti, " (%s)", unsigned_time_secs_to_str(pinfo->pool, tvb_get_ntohl(tvb, cur_offset)));
3708 cur_offset += 4;
3709 rr_len -= 4;
3710
3711 proto_tree_add_item(rr_tree, hf_dns_rrsig_signature_expiration, tvb, cur_offset, 4, ENC_BIG_ENDIAN);
3712 cur_offset += 4;
3713 rr_len -= 4;
3714
3715 proto_tree_add_item(rr_tree, hf_dns_rrsig_signature_inception, tvb, cur_offset, 4, ENC_BIG_ENDIAN);
3716 cur_offset += 4;
3717 rr_len -= 4;
3718
3719 proto_tree_add_item(rr_tree, hf_dns_rrsig_key_tag, tvb, cur_offset, 2, ENC_BIG_ENDIAN);
3720 cur_offset += 2;
3721 rr_len -= 2;
3722
3723 used_bytes = get_dns_name(tvb, cur_offset, 0, dns_data_offset, &signer_name, &signer_name_len);
3724 name_out = format_text(pinfo->pool, (const unsigned char*)signer_name, signer_name_len);
3725 proto_tree_add_string(rr_tree, hf_dns_rrsig_signers_name, tvb, cur_offset, used_bytes, name_out);
3726 cur_offset += used_bytes;
3727 rr_len -= used_bytes;
3728
3729 if (rr_len != 0) {
3730 proto_tree_add_item(rr_tree, hf_dns_rrsig_signature, tvb, cur_offset, rr_len, ENC_NA);
3731 }
3732 }
3733 break;
3734
3735 case T_NSEC: /* NSEC (47) */
3736 {
3737 int rr_len = data_len;
3738 const char *next_domain_name;
3739 int next_domain_name_len;
3740
3741 used_bytes = get_dns_name(tvb, cur_offset, 0, dns_data_offset,
3742 &next_domain_name, &next_domain_name_len);
3743 name_out = format_text(pinfo->pool, (const unsigned char*)next_domain_name, next_domain_name_len);
3744 col_append_fstr(pinfo->cinfo, COL_INFO, " %s", name_out);
3745 proto_item_append_text(trr, ", next domain name %s", name_out);
3746 proto_tree_add_string(rr_tree, hf_dns_nsec_next_domain_name, tvb, cur_offset, used_bytes, name_out);
3747 cur_offset += used_bytes;
3748 rr_len -= used_bytes;
3749
3750 dissect_type_bitmap(rr_tree, tvb, cur_offset, rr_len);
3751 }
3752 break;
3753
3754 case T_DNSKEY: /* DNSKEY (48) */
3755 case T_CDNSKEY: /* CDNSKEY (60) */
3756 {
3757 int rr_len = data_len;
3758 proto_item *tf, *ti_gen;
3759 proto_tree *flags_tree;
3760 uint16_t key_id;
3761 uint8_t algo;
3762
3763 tf = proto_tree_add_item(rr_tree, hf_dns_dnskey_flags, tvb, cur_offset, 2, ENC_BIG_ENDIAN);
3764 flags_tree = proto_item_add_subtree(tf, ett_key_flags);
3765 proto_tree_add_item(flags_tree, hf_dns_dnskey_flags_zone_key, tvb, cur_offset, 2, ENC_BIG_ENDIAN);
3766 proto_tree_add_item(flags_tree, hf_dns_dnskey_flags_key_revoked, tvb, cur_offset, 2, ENC_BIG_ENDIAN);
3767 proto_tree_add_item(flags_tree, hf_dns_dnskey_flags_secure_entry_point, tvb, cur_offset, 2, ENC_BIG_ENDIAN);
3768 proto_tree_add_item(flags_tree, hf_dns_dnskey_flags_reserved, tvb, cur_offset, 2, ENC_BIG_ENDIAN);
3769
3770 cur_offset += 2;
3771 rr_len -= 2;
3772
3773 /* Must have value 3, Add check ? */
3774 proto_tree_add_item(rr_tree, hf_dns_dnskey_protocol, tvb, cur_offset, 1, ENC_BIG_ENDIAN);
3775 cur_offset += 1;
3776 rr_len -= 1;
3777
3778 proto_tree_add_item(rr_tree, hf_dns_dnskey_algorithm, tvb, cur_offset, 1, ENC_BIG_ENDIAN);
3779 algo = tvb_get_uint8(tvb, cur_offset);
3780
3781 cur_offset += 1;
3782 rr_len -= 1;
3783
3784 if (compute_key_id(rr_tree, pinfo, tvb, cur_offset-4, rr_len+4, algo, &key_id)) {
3785 ti_gen = proto_tree_add_uint(rr_tree, hf_dns_dnskey_key_id, tvb, 0, 0, key_id);
3786 proto_item_set_generated(ti_gen);
3787 }
3788
3789 proto_tree_add_item(rr_tree, hf_dns_dnskey_public_key, tvb, cur_offset, rr_len, ENC_NA);
3790 }
3791 break;
3792
3793 case T_DHCID: /* DHCID (49) */
3794 {
3795 col_append_fstr(pinfo->cinfo, COL_INFO, " %s", name_out);
3796 proto_tree_add_item(rr_tree, hf_dns_dhcid_rdata, tvb, cur_offset, data_len, ENC_NA);
3797 }
3798 break;
3799
3800 case T_NSEC3: /* NSEC3 (50) */
3801 {
3802 int rr_len, initial_offset = cur_offset;
3803 uint8_t salt_len, hash_len;
3804 proto_item *flags_item, *hash_item;
3805 proto_tree *flags_tree;
3806
3807 proto_tree_add_item(rr_tree, hf_dns_nsec3_algo, tvb, cur_offset, 1, ENC_BIG_ENDIAN);
3808 cur_offset += 1;
3809
3810 flags_item = proto_tree_add_item(rr_tree, hf_dns_nsec3_flags, tvb, cur_offset, 1, ENC_BIG_ENDIAN);
3811 flags_tree = proto_item_add_subtree(flags_item, ett_nsec3_flags);
3812 proto_tree_add_item(flags_tree, hf_dns_nsec3_flag_optout, tvb, cur_offset, 1, ENC_BIG_ENDIAN);
3813 cur_offset += 1;
3814
3815 proto_tree_add_item(rr_tree, hf_dns_nsec3_iterations, tvb, cur_offset, 2, ENC_BIG_ENDIAN);
3816 cur_offset += 2;
3817
3818 proto_tree_add_item(rr_tree, hf_dns_nsec3_salt_length, tvb, cur_offset, 1, ENC_BIG_ENDIAN);
3819 salt_len = tvb_get_uint8(tvb, cur_offset);
3820 cur_offset += 1;
3821
3822 proto_tree_add_item(rr_tree, hf_dns_nsec3_salt_value, tvb, cur_offset, salt_len, ENC_NA);
3823 cur_offset += salt_len;
3824
3825 proto_tree_add_item(rr_tree, hf_dns_nsec3_hash_length, tvb, cur_offset, 1, ENC_BIG_ENDIAN);
3826 hash_len = tvb_get_uint8(tvb, cur_offset);
3827 cur_offset += 1;
3828
3829 /*
3830 * The code below is optimized for simplicity as trailing padding
3831 * characters ("=") are not used in the NSEC3 specification (see RFC 5155
3832 * section 1.3).
3833 */
3834 if (hash_len) {
3835 /* Base 32 Encoding with Extended Hex Alphabet (see RFC 4648 section 7) */
3836 const char *base32hex = "0123456789abcdefghijklmnopqrstuv";
3837 wmem_strbuf_t *hash_value_base32hex = wmem_strbuf_new(pinfo->pool, "");
3838 int group, in_offset, out_offset;
3839 for (in_offset = 0, out_offset = 0;
3840 in_offset / 8 < hash_len;
3841 in_offset += 5, out_offset += 1) {
3842 group = tvb_get_bits8(tvb, cur_offset * 8 + in_offset, 5);
3843 wmem_strbuf_append_c(hash_value_base32hex, base32hex[group]);
3844 }
3845 hash_item = proto_tree_add_string(rr_tree, hf_dns_nsec3_hash_value, tvb, cur_offset, hash_len, wmem_strbuf_finalize(hash_value_base32hex));
3846 proto_item_set_generated(hash_item);
3847 cur_offset += hash_len;
3848 }
3849
3850 rr_len = data_len - (cur_offset - initial_offset);
3851 dissect_type_bitmap(rr_tree, tvb, cur_offset, rr_len);
3852 }
3853 break;
3854
3855 case T_NSEC3PARAM: /* NSEC3PARAM (51) */
3856 {
3857 int salt_len;
3858 col_append_fstr(pinfo->cinfo, COL_INFO, " %s", name_out);
3859
3860 proto_tree_add_item(rr_tree, hf_dns_nsec3_algo, tvb, cur_offset, 1, ENC_BIG_ENDIAN);
3861 cur_offset +=1;
3862
3863 proto_tree_add_item(rr_tree, hf_dns_nsec3_flags, tvb, cur_offset, 1, ENC_BIG_ENDIAN);
3864 cur_offset +=1;
3865
3866 proto_tree_add_item(rr_tree, hf_dns_nsec3_iterations, tvb, cur_offset, 2, ENC_BIG_ENDIAN);
3867 cur_offset += 2;
3868
3869 proto_tree_add_item(rr_tree, hf_dns_nsec3_salt_length, tvb, cur_offset, 1, ENC_BIG_ENDIAN);
3870 salt_len = tvb_get_uint8(tvb, cur_offset);
3871 cur_offset +=1;
3872
3873 proto_tree_add_item(rr_tree, hf_dns_nsec3_salt_value, tvb, cur_offset, salt_len, ENC_NA);
3874 }
3875 break;
3876
3877 case T_TLSA: /* DNS-Based Authentication of Named Entities (52) */
3878 {
3879 int rr_len = data_len;
3880 col_append_fstr(pinfo->cinfo, COL_INFO, " %s", name_out);
3881
3882 proto_tree_add_item(rr_tree, hf_dns_tlsa_certificate_usage, tvb, cur_offset, 1, ENC_BIG_ENDIAN);
3883 cur_offset ++;
3884 rr_len --;
3885
3886 proto_tree_add_item(rr_tree, hf_dns_tlsa_selector, tvb, cur_offset, 1, ENC_BIG_ENDIAN);
3887 cur_offset ++;
3888 rr_len --;
3889
3890 proto_tree_add_item(rr_tree, hf_dns_tlsa_matching_type, tvb, cur_offset, 1, ENC_BIG_ENDIAN);
3891 cur_offset ++;
3892 rr_len --;
3893
3894 proto_tree_add_item(rr_tree, hf_dns_tlsa_certificate_association_data, tvb, cur_offset, rr_len, ENC_NA);
3895 }
3896 break;
3897
3898 case T_HIP: /* Host Identity Protocol (55) */
3899 {
3900 uint8_t hit_len;
3901 uint16_t pk_len;
3902 int rr_len = data_len;
3903 int rendezvous_len;
3904 const char *rend_server_dns_name;
3905
3906 col_append_fstr(pinfo->cinfo, COL_INFO, " %s", name_out);
3907
3908 hit_len = tvb_get_uint8(tvb, cur_offset);
3909 proto_tree_add_item(rr_tree, hf_dns_hip_hit_length, tvb, cur_offset, 1, ENC_BIG_ENDIAN);
3910 cur_offset += 1;
3911 rr_len -= 1;
3912
3913 proto_tree_add_item(rr_tree, hf_dns_hip_pk_algo, tvb, cur_offset, 1, ENC_BIG_ENDIAN);
3914 cur_offset += 1;
3915 rr_len -= 1;
3916
3917 pk_len = tvb_get_ntohs(tvb, cur_offset);
3918 proto_tree_add_item(rr_tree, hf_dns_hip_pk_length, tvb, cur_offset, 2, ENC_BIG_ENDIAN);
3919 cur_offset += 2;
3920 rr_len -= 2;
3921
3922 proto_tree_add_item(rr_tree, hf_dns_hip_hit, tvb, cur_offset, hit_len, ENC_NA);
3923 cur_offset += hit_len;
3924 rr_len -= hit_len;
3925
3926 proto_tree_add_item(rr_tree, hf_dns_hip_pk, tvb, cur_offset, pk_len, ENC_NA);
3927 cur_offset += pk_len;
3928 rr_len -= pk_len;
3929
3930 while (rr_len > 1) {
3931 used_bytes = get_dns_name(tvb, cur_offset, 0, dns_data_offset, &rend_server_dns_name, &rendezvous_len);
3932 name_out = format_text(pinfo->pool, (const unsigned char*)rend_server_dns_name, rendezvous_len);
3933 proto_tree_add_string(rr_tree, hf_dns_hip_rendezvous_server, tvb, cur_offset, used_bytes, name_out);
3934 cur_offset += used_bytes;
3935 rr_len -= used_bytes;
3936 }
3937 }
3938 break;
3939
3940 case T_OPENPGPKEY: /* OpenPGP Key (61) */
3941 {
3942 proto_tree_add_item(rr_tree, hf_dns_openpgpkey, tvb, cur_offset, data_len, ENC_ASCII);
3943 }
3944 break;
3945
3946 case T_CSYNC: /* Child-to-Parent Synchronization (62) */
3947 {
3948 int rr_len, initial_offset = cur_offset;
3949
3950 proto_tree_add_item(rr_tree, hf_dns_csync_soa, tvb, cur_offset, 4, ENC_ASCII|ENC_NA);
3951 cur_offset += 4;
3952
3953 proto_tree_add_bitmask_with_flags(rr_tree, tvb, cur_offset,
3954 hf_dns_csync_flags, ett_dns_csdync_flags, dns_csync_flags, ENC_BIG_ENDIAN, BMT_NO_APPEND);
3955 cur_offset += 2;
3956
3957 rr_len = data_len - (cur_offset - initial_offset);
3958 proto_tree_add_item(rr_tree, hf_dns_csync_type_bitmap, tvb, cur_offset, rr_len, ENC_NA);
3959
3960 dissect_type_bitmap(rr_tree, tvb, cur_offset, rr_len);
3961 }
3962 break;
3963
3964 case T_ZONEMD: /* Message Digest for DNS Zones (63) */
3965 {
3966 proto_tree_add_item(rr_tree, hf_dns_zonemd_serial, tvb, cur_offset, 4, ENC_BIG_ENDIAN);
3967 cur_offset += 4;
3968 proto_tree_add_item(rr_tree, hf_dns_zonemd_scheme, tvb, cur_offset, 1, ENC_NA);
3969 cur_offset += 1;
3970 proto_tree_add_item(rr_tree, hf_dns_zonemd_hash_algo, tvb, cur_offset, 1, ENC_NA);
3971 cur_offset += 1;
3972 proto_tree_add_item(rr_tree, hf_dns_zonemd_digest, tvb, cur_offset, data_len - 6 , ENC_NA);
3973 }
3974 break;
3975
3976 case T_SVCB: /* Service binding and parameter specification (64) */
3977 case T_HTTPS: /* Service binding and parameter specification (65) */
3978 {
3979 uint32_t priority = 0, value;
3980 uint32_t svc_param_key;
3981 uint32_t svc_param_offset;
3982 uint32_t svc_param_length;
3983 uint32_t svc_param_alpn_length;
3984 const char *target;
3985 int target_len;
3986 const uint8_t *dohpath;
3987 int start_offset = cur_offset;
3988 proto_item *svcb_param_ti;
3989 proto_tree *svcb_param_tree;
3990
3991 proto_tree_add_item_ret_uint(rr_tree, hf_dns_svcb_priority, tvb, cur_offset, 2, ENC_BIG_ENDIAN, &priority);
3992 cur_offset += 2;
3993
3994 used_bytes = get_dns_name(tvb, cur_offset, 0, dns_data_offset, &target, &target_len);
3995 name_out = format_text(pinfo->pool, (const unsigned char*)target, target_len);
3996
3997 proto_tree_add_string(rr_tree, hf_dns_svcb_target, tvb, cur_offset, used_bytes, name_out);
3998 cur_offset += used_bytes;
3999
4000 if (data_len > cur_offset - start_offset) {
4001 while (data_len > cur_offset - start_offset) {
4002 svcb_param_ti = proto_tree_add_item(rr_tree, hf_dns_svcb_param, tvb, cur_offset, -1, ENC_NA);
4003 svcb_param_tree = proto_item_add_subtree(svcb_param_ti, ett_dns_svcb);
4004
4005 proto_tree_add_item_ret_uint(svcb_param_tree, hf_dns_svcb_param_key, tvb, cur_offset, 2, ENC_BIG_ENDIAN, &svc_param_key);
4006 cur_offset += 2;
4007
4008 proto_tree_add_item_ret_uint(svcb_param_tree, hf_dns_svcb_param_length, tvb, cur_offset, 2, ENC_BIG_ENDIAN, &svc_param_length);
4009 cur_offset += 2;
4010
4011 proto_item_append_text(svcb_param_ti, ": %s", val_to_str(svc_param_key, dns_svcb_param_key_vals, "key%u"));
4012 proto_item_set_len(svcb_param_ti, svc_param_length + 4);
4013
4014 switch(svc_param_key) {
4015 case DNS_SVCB_KEY_MANDATORY:
4016 for (svc_param_offset = 0; svc_param_offset < svc_param_length; svc_param_offset += 2) {
4017 uint32_t key;
4018 proto_tree_add_item_ret_uint(svcb_param_tree, hf_dns_svcb_param_mandatory_key, tvb, cur_offset, 2, ENC_BIG_ENDIAN, &key);
4019 proto_item_append_text(svcb_param_ti, "%c%s", (svc_param_offset == 0 ? '=' : ','), val_to_str(key, dns_svcb_param_key_vals, "key%u"));
4020 cur_offset += 2;
4021 }
4022 break;
4023 case DNS_SVCB_KEY_ALPN:
4024 for (svc_param_offset = 0; svc_param_offset < svc_param_length; ) {
4025 const uint8_t *alpn;
4026 proto_tree_add_item_ret_uint(svcb_param_tree, hf_dns_svcb_param_alpn_length, tvb, cur_offset, 1, ENC_BIG_ENDIAN, &svc_param_alpn_length);
4027 cur_offset += 1;
4028 proto_tree_add_item_ret_string(svcb_param_tree, hf_dns_svcb_param_alpn, tvb, cur_offset, svc_param_alpn_length, ENC_ASCII|ENC_NA, pinfo->pool, &alpn);
4029 cur_offset += svc_param_alpn_length;
4030 proto_item_append_text(svcb_param_ti, "%c%s", (svc_param_offset == 0 ? '=' : ','), alpn);
4031 svc_param_offset += 1 + svc_param_alpn_length;
4032 }
4033 break;
4034 case DNS_SVCB_KEY_NOALPN:
4035 break;
4036 case DNS_SVCB_KEY_PORT:
4037 proto_tree_add_item_ret_uint(svcb_param_tree, hf_dns_svcb_param_port, tvb, cur_offset, 2, ENC_BIG_ENDIAN, &value);
4038 proto_item_append_text(svcb_param_ti, "=%u", value);
4039 cur_offset += 2;
4040 break;
4041 case DNS_SVCB_KEY_IPV4HINT:
4042 for (svc_param_offset = 0; svc_param_offset < svc_param_length; svc_param_offset += 4) {
4043 proto_tree_add_item(svcb_param_tree, hf_dns_svcb_param_ipv4hint_ip, tvb, cur_offset, 4, ENC_NA);
4044 proto_item_append_text(svcb_param_ti, "%c%s", (svc_param_offset == 0 ? '=' : ','), tvb_ip_to_str(pinfo->pool, tvb, cur_offset));
4045 cur_offset += 4;
4046 }
4047 break;
4048 case DNS_SVCB_KEY_ECH:
4049 {
4050 tvbuff_t *next_tvb = tvb_new_subset_length(tvb, cur_offset, svc_param_length);
4051 cur_offset += call_dissector(tls_echconfig_handle, next_tvb, pinfo, svcb_param_tree);
4052 break;
4053 }
4054 case DNS_SVCB_KEY_IPV6HINT:
4055 for (svc_param_offset = 0; svc_param_offset < svc_param_length; svc_param_offset += 16) {
4056 proto_tree_add_item(svcb_param_tree, hf_dns_svcb_param_ipv6hint_ip, tvb, cur_offset, 16, ENC_NA);
4057 proto_item_append_text(svcb_param_ti, "%c%s", (svc_param_offset == 0 ? '=' : ','), tvb_ip6_to_str(pinfo->pool, tvb, cur_offset));
4058 cur_offset += 16;
4059 }
4060 break;
4061 case DNS_SVCB_KEY_DOHPATH:
4062 proto_tree_add_item_ret_string(svcb_param_tree, hf_dns_svcb_param_dohpath, tvb, cur_offset, svc_param_length, ENC_UTF_8|ENC_NA, pinfo->pool, &dohpath);
4063 cur_offset += svc_param_length;
4064 proto_item_append_text(svcb_param_ti, "=%s", dohpath);
4065 break;
4066 case DNS_SVCB_KEY_ODOHCONFIG:
4067 dissect_dns_svcparam_base64(svcb_param_tree, svcb_param_ti, hf_dns_svcb_param_odohconfig, tvb, cur_offset, svc_param_length);
4068 cur_offset += svc_param_length;
4069 break;
4070 default:
4071 if (svc_param_length > 0) {
4072 proto_tree_add_item(svcb_param_tree, hf_dns_svcb_param_value, tvb, cur_offset, svc_param_length, ENC_NA);
4073 proto_item_append_text(svcb_param_ti, "=%s", tvb_format_text(pinfo->pool, tvb, cur_offset, svc_param_length));
4074 cur_offset += svc_param_length;
4075 }
4076 break;
4077 }
4078 }
4079 }
4080 }
4081 break;
4082
4083 case T_SPF: /* Sender Policy Framework (99) */
4084 {
4085 int rr_len = data_len;
4086 int spf_offset;
4087 int spf_len;
4088
4089 spf_offset = cur_offset;
4090 while (rr_len != 0) {
4091 spf_len = tvb_get_uint8(tvb, spf_offset);
4092 proto_tree_add_item(rr_tree, hf_dns_spf_length, tvb, spf_offset, 1, ENC_BIG_ENDIAN);
4093 spf_offset += 1;
4094 rr_len -= 1;
4095 proto_tree_add_item(rr_tree, hf_dns_spf, tvb, spf_offset, spf_len, ENC_ASCII);
4096 spf_offset += spf_len;
4097 rr_len -= spf_len;
4098 }
4099 }
4100 break;
4101
4102 case T_NID: /* NodeID (104) */
4103 {
4104 proto_tree_add_item(rr_tree, hf_dns_ilnp_nodeid_preference, tvb, cur_offset, 2, ENC_BIG_ENDIAN);
4105 cur_offset += 2;
4106
4107 proto_tree_add_item(rr_tree, hf_dns_ilnp_nodeid, tvb, cur_offset, 8, ENC_NA);
4108 /*cur_offset += 8;*/
4109 }
4110 break;
4111
4112 case T_L32: /* Locator (105) */
4113 {
4114 proto_tree_add_item(rr_tree, hf_dns_ilnp_locator32_preference, tvb, cur_offset, 2, ENC_BIG_ENDIAN);
4115 cur_offset += 2;
4116
4117 proto_tree_add_item(rr_tree, hf_dns_ilnp_locator32, tvb, cur_offset, 4, ENC_NA);
4118 /*cur_offset += 4;*/
4119 }
4120 break;
4121
4122 case T_L64: /* Locator64 (106) */
4123 {
4124 proto_tree_add_item(rr_tree, hf_dns_ilnp_locator64_preference, tvb, cur_offset, 2, ENC_BIG_ENDIAN);
4125 cur_offset += 2;
4126
4127 proto_tree_add_item(rr_tree, hf_dns_ilnp_locator64, tvb, cur_offset, 8, ENC_NA);
4128 /*cur_offset += 8;*/
4129 }
4130 break;
4131
4132 case T_LP: /* Locator FQDN (107) */
4133 {
4134 int lp_len;
4135 const char *lp_str;
4136
4137 proto_tree_add_item(rr_tree, hf_dns_ilnp_locatorfqdn_preference, tvb, cur_offset, 2, ENC_BIG_ENDIAN);
4138 cur_offset += 2;
4139
4140 used_bytes = get_dns_name(tvb, cur_offset, 0, dns_data_offset, &lp_str, &lp_len);
4141 name_out = format_text(pinfo->pool, (const unsigned char*)lp_str, lp_len);
4142 proto_tree_add_string(rr_tree, hf_dns_ilnp_locatorfqdn, tvb, cur_offset, used_bytes, name_out);
4143 /*cur_offset += used_bytes;*/
4144 }
4145 break;
4146
4147 case T_EUI48: /* EUI48 (108) */
4148 {
4149 proto_tree_add_item(rr_tree, hf_dns_eui48, tvb, cur_offset, 6, ENC_NA);
4150 /*cur_offset += 6;*/
4151 }
4152 break;
4153
4154 case T_EUI64: /* EUI64 (109) */
4155 {
4156 proto_tree_add_item(rr_tree, hf_dns_eui64, tvb, cur_offset, 8, ENC_NA);
4157 /*cur_offset += 8;*/
4158 }
4159 break;
4160
4161 case T_TKEY: /* Transaction Key (249) */
4162 {
4163 const char *tkey_algname;
4164 int tkey_algname_len;
4165 uint16_t tkey_mode, tkey_keylen, tkey_otherlen;
4166
4167 proto_tree *key_tree;
4168 proto_item *key_item;
4169
4170 used_bytes = get_dns_name(tvb, cur_offset, 0, dns_data_offset, &tkey_algname, &tkey_algname_len);
4171 name_out = format_text(pinfo->pool, (const unsigned char*)tkey_algname, tkey_algname_len);
4172 proto_tree_add_string(rr_tree, hf_dns_tkey_algo_name, tvb, cur_offset, used_bytes, name_out);
4173 cur_offset += used_bytes;
4174
4175 proto_tree_add_item(rr_tree, hf_dns_tkey_signature_inception, tvb, cur_offset, 4, ENC_BIG_ENDIAN);
4176 cur_offset += 4;
4177
4178 proto_tree_add_item(rr_tree, hf_dns_tkey_signature_expiration, tvb, cur_offset, 4, ENC_BIG_ENDIAN);
4179 cur_offset += 4;
4180
4181 proto_tree_add_item(rr_tree, hf_dns_tkey_mode, tvb, cur_offset, 2, ENC_BIG_ENDIAN);
4182 tkey_mode = tvb_get_ntohs(tvb, cur_offset);
4183 cur_offset += 2;
4184
4185 proto_tree_add_item(rr_tree, hf_dns_tkey_error, tvb, cur_offset, 2, ENC_BIG_ENDIAN);
4186 cur_offset += 2;
4187
4188 proto_tree_add_item(rr_tree, hf_dns_tkey_key_size, tvb, cur_offset, 2, ENC_BIG_ENDIAN);
4189 tkey_keylen = tvb_get_ntohs(tvb, cur_offset);
4190 cur_offset += 2;
4191
4192 if (tkey_keylen != 0) {
4193 key_item = proto_tree_add_item(rr_tree, hf_dns_tkey_key_data, tvb, cur_offset, tkey_keylen, ENC_NA);
4194
4195 key_tree = proto_item_add_subtree(key_item, ett_t_key);
4196
4197 switch(tkey_mode) {
4198 case TKEYMODE_GSSAPI:
4199 {
4200 tvbuff_t *gssapi_tvb;
4201
4202 /*
4203 * XXX - in at least one capture, this appears to
4204 * be an NTLMSSP blob, with no ASN.1 in it, in
4205 * a query.
4206 *
4207 * See RFC 3645 which might indicate what's going
4208 * on here. (The key is an output_token from
4209 * GSS_Init_sec_context.)
4210 *
4211 * How the heck do we know what method is being
4212 * used, so we know how to decode the key? Do we
4213 * have to look at the algorithm name, e.g.
4214 * "gss.microsoft.com"? We currently do as the
4215 * the SMB dissector does in some cases, and check
4216 * whether the security blob begins with "NTLMSSP".
4217 */
4218 gssapi_tvb = tvb_new_subset_length(tvb, cur_offset, tkey_keylen);
4219 if (tvb_strneql(gssapi_tvb, 0, "NTLMSSP", 7) == 0) {
4220 call_dissector(ntlmssp_handle, gssapi_tvb, pinfo, key_tree);
4221 } else {
4222 call_dissector(gssapi_handle, gssapi_tvb, pinfo, key_tree);
4223 }
4224 }
4225 break;
4226
4227 default:
4228 /* No dissector for this key mode */
4229 break;
4230 }
4231
4232 cur_offset += tkey_keylen;
4233 }
4234
4235 proto_tree_add_item(rr_tree, hf_dns_tkey_other_size, tvb, cur_offset, 2, ENC_BIG_ENDIAN);
4236 tkey_otherlen = tvb_get_ntohs(tvb, cur_offset);
4237 cur_offset += 2;
4238
4239 if (tkey_otherlen != 0) {
4240 proto_tree_add_item(rr_tree, hf_dns_tkey_other_data, tvb, cur_offset, tkey_otherlen, ENC_NA);
4241 }
4242 }
4243 break;
4244
4245 case T_TSIG: /* Transaction Signature (250) */
4246 {
4247 uint16_t tsig_siglen, tsig_otherlen;
4248 const char *tsig_algname;
4249 int tsig_algname_len;
4250 proto_item *ti;
4251
4252 used_bytes = get_dns_name(tvb, cur_offset, 0, dns_data_offset, &tsig_algname, &tsig_algname_len);
4253 name_out = format_text(pinfo->pool, (const unsigned char*)tsig_algname, tsig_algname_len);
4254 proto_tree_add_string(rr_tree, hf_dns_tsig_algorithm_name, tvb, cur_offset, used_bytes, name_out);
4255 cur_offset += used_bytes;
4256
4257 ti = proto_tree_add_item(rr_tree, hf_dns_tsig_time_signed ,tvb, cur_offset, 6, ENC_TIME_SECS|ENC_BIG_ENDIAN);
4258 if(tvb_get_ntohs(tvb, cur_offset)) /* Time High */
4259 {
4260 proto_item_append_text(ti, " (high bits set)");
4261 }
4262 cur_offset += 6;
4263
4264 proto_tree_add_item(rr_tree, hf_dns_tsig_fudge, tvb, cur_offset, 2, ENC_BIG_ENDIAN);
4265 cur_offset += 2;
4266
4267 tsig_siglen = tvb_get_ntohs(tvb, cur_offset);
4268 proto_tree_add_item(rr_tree, hf_dns_tsig_mac_size, tvb, cur_offset, 2, ENC_BIG_ENDIAN);
4269 cur_offset += 2;
4270
4271 if (tsig_siglen != 0) {
4272 proto_item *mac_item;
4273 proto_tree *mac_tree;
4274 tvbuff_t *sub_tvb;
4275
4276 mac_item = proto_tree_add_item(rr_tree, hf_dns_tsig_mac, tvb, cur_offset, tsig_siglen, ENC_NA);
4277 mac_tree = proto_item_add_subtree(mac_item, ett_dns_mac);
4278
4279 sub_tvb=tvb_new_subset_length(tvb, cur_offset, tsig_siglen);
4280
4281 if (!dissector_try_string(dns_tsig_dissector_table, tsig_algname, sub_tvb, pinfo, mac_tree, NULL)) {
4282 expert_add_info_format(pinfo, mac_item, &ei_dns_tsig_alg,
4283 "No dissector for algorithm:%s", name_out);
4284 }
4285
4286 cur_offset += tsig_siglen;
4287 }
4288
4289 proto_tree_add_item(rr_tree, hf_dns_tsig_original_id, tvb, cur_offset, 2, ENC_BIG_ENDIAN);
4290 cur_offset += 2;
4291
4292 proto_tree_add_item(rr_tree, hf_dns_tsig_error, tvb, cur_offset, 2, ENC_BIG_ENDIAN);
4293 cur_offset += 2;
4294
4295 proto_tree_add_item(rr_tree, hf_dns_tsig_other_len, tvb, cur_offset, 2, ENC_BIG_ENDIAN);
4296 tsig_otherlen = tvb_get_ntohs(tvb, cur_offset);
4297 cur_offset += 2;
4298
4299 if (tsig_otherlen != 0) {
4300 proto_tree_add_item(rr_tree, hf_dns_tsig_other_data, tvb, cur_offset, tsig_otherlen, ENC_NA);
4301 }
4302 }
4303 break;
4304
4305 case T_URI: /* Uniform Resource Locator (256) */
4306 {
4307 int rr_len = data_len;
4308 uint16_t priority = 0;
4309 uint16_t weight = 0;
4310 int target_len = rr_len - 4;
4311 const char *target;
4312
4313 proto_tree_add_item(rr_tree, hf_dns_srv_priority, tvb, cur_offset, 2, ENC_BIG_ENDIAN);
4314 priority = tvb_get_ntohs(tvb, cur_offset);
4315 cur_offset += 2;
4316
4317 proto_tree_add_item(rr_tree, hf_dns_srv_weight, tvb, cur_offset, 2, ENC_BIG_ENDIAN);
4318 weight = tvb_get_ntohs(tvb, cur_offset);
4319 cur_offset += 2;
4320
4321 target = (const char*)tvb_get_string_enc(pinfo->pool, tvb, cur_offset, target_len, ENC_ASCII|ENC_NA);
4322
4323 proto_tree_add_string(rr_tree, hf_dns_srv_target, tvb, cur_offset, used_bytes, target);
4324
4325 col_append_fstr(pinfo->cinfo, COL_INFO, " %u %u %s", priority, weight, target);
4326 proto_item_append_text(trr,
4327 ", priority %u, weight %u, target %s",
4328 priority, weight, target);
4329 }
4330 break;
4331
4332
4333 case T_CAA: /* Certification Authority Restriction (257) */
4334 {
4335 proto_item *caa_item;
4336 proto_tree *caa_tree;
4337 uint8_t tag_len;
4338 const char *tag;
4339 uint16_t value_len;
4340 const unsigned char *value;
4341 int cur_hf = -1;
4342
4343 caa_item = proto_tree_add_item(rr_tree, hf_dns_caa_flags, tvb, cur_offset, 1, ENC_BIG_ENDIAN);
4344 caa_tree = proto_item_add_subtree(caa_item, ett_caa_flags);
4345 proto_tree_add_item(caa_tree, hf_dns_caa_flag_issuer_critical, tvb, cur_offset, 1, ENC_BIG_ENDIAN);
4346 cur_offset++;
4347
4348 tag_len = tvb_get_uint8(tvb, cur_offset);
4349 tag = (const char*)tvb_get_string_enc(pinfo->pool, tvb, cur_offset + 1, tag_len, ENC_ASCII|ENC_NA);
4350
4351 value_len = data_len - (tag_len + 2);
4352 value = (unsigned char*)tvb_get_string_enc(pinfo->pool, tvb, cur_offset + 1 + tag_len, value_len, ENC_ASCII|ENC_NA);
4353
4354 value = (unsigned char*)format_text(pinfo->pool, value, value_len);
4355
4356 if (strncmp(tag, "issue", tag_len) == 0) {
4357 cur_hf = hf_dns_caa_issue;
4358 } else if (strncmp(tag, "issuewild", tag_len) == 0) {
4359 cur_hf = hf_dns_caa_issuewild;
4360 } else if (strncmp(tag, "iodef", tag_len) == 0) {
4361 cur_hf = hf_dns_caa_iodef;
4362 } else {
4363 cur_hf = hf_dns_caa_unknown;
4364 }
4365
4366 caa_item = proto_tree_add_string(rr_tree, cur_hf, tvb, cur_offset, 1 + tag_len + value_len, (const char*)value);
4367 caa_tree = proto_item_add_subtree(caa_item, ett_caa_data);
4368
4369 proto_tree_add_uint(caa_tree, hf_dns_caa_tag_length, tvb, cur_offset, 1, tag_len);
4370 proto_tree_add_string(caa_tree, hf_dns_caa_tag, tvb, cur_offset + 1, tag_len, tag);
4371 proto_tree_add_string(caa_tree, hf_dns_caa_value, tvb, cur_offset + 1 + tag_len, value_len, (const char*)value);
4372 }
4373 break;
4374
4375 case T_WINS: /* Microsoft's WINS (65281)*/
4376 {
4377 int rr_len = data_len;
4378 uint32_t nservers;
4379
4380 proto_tree_add_item(rr_tree, hf_dns_wins_local_flag, tvb, cur_offset, 4, ENC_BIG_ENDIAN);
4381 cur_offset += 4;
4382 rr_len -= 4;
4383
4384 proto_tree_add_item(rr_tree, hf_dns_wins_lookup_timeout, tvb, cur_offset, 4, ENC_BIG_ENDIAN);
4385 cur_offset += 4;
4386 rr_len -= 4;
4387
4388 proto_tree_add_item(rr_tree, hf_dns_wins_cache_timeout, tvb, cur_offset, 4, ENC_BIG_ENDIAN);
4389 cur_offset += 4;
4390 rr_len -= 4;
4391
4392 proto_tree_add_item(rr_tree, hf_dns_wins_nb_wins_servers, tvb, cur_offset, 4, ENC_BIG_ENDIAN);
4393 nservers = tvb_get_ntohl(tvb, cur_offset);
4394 cur_offset += 4;
4395 rr_len -= 4;
4396
4397 while (rr_len != 0 && nservers != 0) {
4398 proto_tree_add_item(rr_tree, hf_dns_wins_server, tvb, cur_offset, 4, ENC_NA);
4399
4400 cur_offset += 4;
4401 rr_len -= 4;
4402 nservers--;
4403 }
4404 }
4405 break;
4406
4407 case T_WINS_R: /* Microsoft's WINS-R (65282)*/
4408 {
4409 const char *dname;
4410 int dname_len;
4411
4412 proto_tree_add_item(rr_tree, hf_dns_winsr_local_flag, tvb, cur_offset, 4, ENC_BIG_ENDIAN);
4413 cur_offset += 4;
4414
4415 proto_tree_add_item(rr_tree, hf_dns_winsr_lookup_timeout, tvb, cur_offset, 4, ENC_BIG_ENDIAN);
4416 cur_offset += 4;
4417
4418 proto_tree_add_item(rr_tree, hf_dns_winsr_cache_timeout, tvb, cur_offset, 4, ENC_BIG_ENDIAN);
4419 cur_offset += 4;
4420
4421 used_bytes = get_dns_name(tvb, cur_offset, 0, dns_data_offset, &dname, &dname_len);
4422 name_out = format_text(pinfo->pool, (const unsigned char*)dname, dname_len);
4423 proto_tree_add_string(rr_tree, hf_dns_winsr_name_result_domain, tvb, cur_offset, used_bytes, name_out);
4424 col_append_fstr(pinfo->cinfo, COL_INFO, " %s", name_out);
4425 proto_item_append_text(trr, ", name result domain %s", name_out);
4426 }
4427 break;
4428
4429 case T_XPF: /* XPF draft-bellis-dnsop-xpf */
4430 {
4431 uint32_t address_family;
4432
4433 proto_tree_add_item_ret_uint(rr_tree, hf_dns_xpf_ip_version, tvb, cur_offset, 1, ENC_BIG_ENDIAN, &address_family);
4434 cur_offset++;
4435
4436 switch (address_family) {
4437 case IP_VERSION_NUM_INET:
4438 proto_tree_add_item(rr_tree, hf_dns_xpf_protocol, tvb, cur_offset, 1, ENC_BIG_ENDIAN);
4439 cur_offset++;
4440 proto_tree_add_item(rr_tree, hf_dns_xpf_source_ipv4, tvb, cur_offset, 4, ENC_BIG_ENDIAN);
4441 cur_offset += 4;
4442 proto_tree_add_item(rr_tree, hf_dns_xpf_destination_ipv4, tvb, cur_offset, 4, ENC_BIG_ENDIAN);
4443 cur_offset += 4;
4444 proto_tree_add_item(rr_tree, hf_dns_xpf_sport, tvb, cur_offset, 2, ENC_BIG_ENDIAN);
4445 cur_offset += 2;
4446 proto_tree_add_item(rr_tree, hf_dns_xpf_dport, tvb, cur_offset, 2, ENC_BIG_ENDIAN);
4447 break;
4448 case IP_VERSION_NUM_INET6:
4449 proto_tree_add_item(rr_tree, hf_dns_xpf_protocol, tvb, cur_offset, 1, ENC_BIG_ENDIAN);
4450 cur_offset++;
4451 proto_tree_add_item(rr_tree, hf_dns_xpf_source_ipv6, tvb, cur_offset, 16, ENC_NA);
4452 cur_offset += 16;
4453 proto_tree_add_item(rr_tree, hf_dns_xpf_destination_ipv6, tvb, cur_offset, 16, ENC_NA);
4454 cur_offset += 16;
4455 proto_tree_add_item(rr_tree, hf_dns_xpf_sport, tvb, cur_offset, 2, ENC_BIG_ENDIAN);
4456 cur_offset += 2;
4457 proto_tree_add_item(rr_tree, hf_dns_xpf_dport, tvb, cur_offset, 2, ENC_BIG_ENDIAN);
4458 break;
4459 default: /* Add Expert info ? */
4460 break;
4461 }
4462 }
4463
4464
4465 break;
4466
4467 /* TODO: parse more record types */
4468 default:
4469 {
4470 expert_add_info_format(pinfo, trr, &ei_dns_undecoded_option,
4471 "Dissector for DNS Type (%d)"
4472 " code not implemented, Contact Wireshark developers"
4473 " if you want this supported", dns_type);
4474 proto_tree_add_item(rr_tree, hf_dns_data, tvb, cur_offset, data_len, ENC_NA);
4475 }
4476 break;
4477 }
4478
4479 data_offset += data_len;
4480
4481 return data_offset - data_start;
4482 }
4483
4484 static int
4485 dissect_query_records(tvbuff_t *tvb, int cur_off, int dns_data_offset,
4486 int count, packet_info *pinfo, proto_tree *dns_tree, bool isupdate,
4487 bool is_mdns, bool *is_multiple_responds)
4488 {
4489 int start_off, add_off;
4490 proto_tree *qatree;
4491 proto_item *ti;
4492 const char *s = (isupdate ? "Zone" : "Queries");
4493
4494 start_off = cur_off;
4495
4496 qatree = proto_tree_add_subtree(dns_tree, tvb, start_off, -1, ett_dns_qry, &ti, s);
4497
4498 while (count-- > 0) {
4499 add_off = dissect_dns_query(tvb, cur_off, dns_data_offset, pinfo, qatree,
4500 is_mdns, is_multiple_responds);
4501 cur_off += add_off;
4502 }
4503 proto_item_set_len(ti, cur_off - start_off);
4504 return cur_off - start_off;
4505 }
4506
4507 static int
4508 dissect_answer_records(tvbuff_t *tvb, int cur_off, int dns_data_offset,
4509 int count, proto_tree *dns_tree, const char *name,
4510 packet_info *pinfo, bool is_mdns, wmem_list_t *answers)
4511 {
4512 int start_off, add_off;
4513 proto_tree *qatree;
4514 proto_item *ti;
4515
4516 start_off = cur_off;
4517 qatree = proto_tree_add_subtree(dns_tree, tvb, start_off, -1, ett_dns_ans, &ti, name);
4518 while (count-- > 0) {
4519 add_off = dissect_dns_answer(
4520 tvb, cur_off, dns_data_offset, qatree, pinfo, is_mdns, answers);
4521 cur_off += add_off;
4522 }
4523 proto_item_set_len(ti, cur_off - start_off);
4524 return cur_off - start_off;
4525 }
4526
4527 static int
4528 dissect_dso_data(tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *dns_tree)
4529 {
4530 proto_tree *dso_tree;
4531 proto_tree *dso_tlv_tree;
4532 proto_item *dso_ti;
4533 proto_item *dso_tlv_ti;
4534 uint16_t dso_tlv_length;
4535 uint32_t dso_tlv_type;
4536 int start_offset;
4537
4538 start_offset = offset;
4539 dso_ti = proto_tree_add_item(dns_tree, hf_dns_dso, tvb, offset, -1, ENC_NA);
4540 dso_tree = proto_item_add_subtree(dso_ti, ett_dns_dso);
4541
4542 while(tvb_reported_length_remaining(tvb, offset) >= 4) {
4543 dso_tlv_length = tvb_get_ntohs(tvb, offset + 2);
4544 dso_tlv_ti = proto_tree_add_item(dso_tree, hf_dns_dso_tlv, tvb, offset, dso_tlv_length + 4, ENC_NA);
4545 dso_tlv_tree = proto_item_add_subtree(dso_tlv_ti, ett_dns_dso_tlv);
4546
4547 proto_tree_add_item_ret_uint(dso_tlv_tree, hf_dns_dso_tlv_type, tvb, offset, 2, ENC_BIG_ENDIAN, &dso_tlv_type);
4548 offset += 2;
4549 proto_item_append_text(dso_tlv_ti, ": %s", rval_to_str_const(dso_tlv_type, dns_dso_type_rvals, "Unknown Type"));
4550
4551 proto_tree_add_item(dso_tlv_tree, hf_dns_dso_tlv_length, tvb, offset, 2, ENC_BIG_ENDIAN);
4552 offset += 2;
4553
4554 switch(dso_tlv_type) {
4555 case DSO_TYPE_KEEPALIVE:
4556 proto_tree_add_item(dso_tlv_tree, hf_dns_dso_tlv_keepalive_inactivity, tvb, offset, 4, ENC_BIG_ENDIAN);
4557 offset += 4;
4558 proto_tree_add_item(dso_tlv_tree, hf_dns_dso_tlv_keepalive_interval, tvb, offset, 4, ENC_BIG_ENDIAN);
4559 offset += 4;
4560 break;
4561 case DSO_TYPE_RETRYDELAY:
4562 proto_tree_add_item(dso_tlv_tree, hf_dns_dso_tlv_retrydelay_retrydelay, tvb, offset, 4, ENC_BIG_ENDIAN);
4563 offset += 4;
4564 break;
4565 case DSO_TYPE_ENCPAD:
4566 if (dso_tlv_length > 0) {
4567 proto_tree_add_item(dso_tlv_tree, hf_dns_dso_tlv_encpad_padding, tvb, offset, dso_tlv_length, ENC_NA);
4568 offset += dso_tlv_length;
4569 }
4570 break;
4571 default:
4572 if (dso_tlv_length > 0) {
4573 proto_tree_add_item(dso_tlv_tree, hf_dns_dso_tlv_data, tvb, offset, dso_tlv_length, ENC_NA);
4574 offset += dso_tlv_length;
4575 }
4576 break;
4577 }
4578 }
4579
4580 proto_item_set_len(dso_ti, offset - start_offset);
4581 return offset - start_offset;
4582 }
4583
4584 static void
4585 dissect_dns_common(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree,
4586 enum DnsTransport transport, bool is_mdns, bool is_llmnr)
4587 {
4588 int offset = (transport == DNS_TRANSPORT_TCP || transport == DNS_TRANSPORT_QUIC) ? 2 : 0;
4589 int dns_data_offset;
4590 proto_tree *dns_tree, *field_tree;
4591 proto_item *ti, *tf, *transaction_item;
4592 uint16_t flags, opcode, rcode, quest, ans, auth, add;
4593 unsigned id;
4594 uint32_t reqresp_id = 0;
4595 int cur_off;
4596 bool isupdate;
4597 conversation_t *conversation;
4598 dns_conv_info_t *dns_info;
4599 dns_transaction_t *dns_trans = NULL;
4600 wmem_tree_key_t key[3];
4601 struct DnsTap *dns_stats;
4602 wmem_list_t *rr_types;
4603 uint16_t qtype = 0;
4604 uint16_t qclass = 0;
4605 bool retransmission = false;
4606 const char *name;
4607 int name_len;
4608 nstime_t delta = NSTIME_INIT_ZERO;
4609 bool is_multiple_responds = false;
4610
4611 dns_data_offset = offset;
4612
4613 col_clear(pinfo->cinfo, COL_INFO);
4614
4615 /* To do: check for errs, etc. */
4616 id = tvb_get_ntohs(tvb, offset + DNS_ID);
4617 flags = tvb_get_ntohs(tvb, offset + DNS_FLAGS);
4618 opcode = (uint16_t) ((flags & F_OPCODE) >> OPCODE_SHIFT);
4619 rcode = (uint16_t) (flags & F_RCODE);
4620
4621 col_append_sep_fstr(pinfo->cinfo, COL_INFO, NULL, "%s%s 0x%04x",
4622 val_to_str(opcode, opcode_vals, "Unknown operation (%u)"),
4623 (flags&F_RESPONSE)?" response":"", id);
4624
4625 if (flags & F_RESPONSE) {
4626 if (rcode != RCODE_NOERROR) {
4627 col_append_fstr(pinfo->cinfo, COL_INFO, " %s",
4628 val_to_str(rcode, rcode_vals, "Unknown error (%u)"));
4629 }
4630 }
4631
4632 if (opcode == OPCODE_UPDATE) {
4633 isupdate = true;
4634 } else {
4635 isupdate = false;
4636 }
4637
4638 if (is_llmnr) {
4639 ti = proto_tree_add_protocol_format(tree, proto_llmnr, tvb, 0, -1,
4640 "Link-local Multicast Name Resolution (%s)", (flags & F_RESPONSE) ? "response" : "query");
4641 } else if (is_mdns){
4642 ti = proto_tree_add_protocol_format(tree, proto_mdns, tvb, 0, -1,
4643 "Multicast Domain Name System (%s)", (flags & F_RESPONSE) ? "response" : "query");
4644 } else {
4645 ti = proto_tree_add_protocol_format(tree, proto_dns, tvb, 0, -1,
4646 "Domain Name System (%s)", (flags & F_RESPONSE) ? "response" : "query");
4647 }
4648
4649 dns_tree = proto_item_add_subtree(ti, ett_dns);
4650
4651 /*
4652 * Do we have a conversation for this connection?
4653 */
4654 conversation = find_or_create_conversation(pinfo);
4655
4656 /*
4657 * DoH: Each DNS query-response pair is mapped into an HTTP exchange.
4658 * For other transports, just use the DNS transaction ID as usual.
4659 */
4660 if (transport == DNS_TRANSPORT_HTTP) {
4661 /* For DoH using HTTP/2, use the Stream ID if available. For HTTP/1,
4662 * hopefully there is no pipelining or the DNS ID is unique enough. */
4663 reqresp_id = http2_get_stream_id(pinfo);
4664 }
4665 if (reqresp_id == 0) {
4666 reqresp_id = id;
4667 }
4668
4669 /*
4670 * Do we already have a state structure for this conv
4671 */
4672 dns_info = (dns_conv_info_t *)conversation_get_proto_data(conversation, proto_dns);
4673 if (!dns_info) {
4674 /* No. Attach that information to the conversation, and add
4675 * it to the list of information structures.
4676 */
4677 dns_info = wmem_new(wmem_file_scope(), dns_conv_info_t);
4678 dns_info->pdus=wmem_tree_new(wmem_file_scope());
4679 conversation_add_proto_data(conversation, proto_dns, dns_info);
4680 }
4681
4682 key[0].length = 1;
4683 key[0].key = &reqresp_id;
4684 key[1].length = 1;
4685 key[1].key = &pinfo->num;
4686 key[2].length = 0;
4687 key[2].key = NULL;
4688
4689 if (!pinfo->flags.in_error_pkt) {
4690 if (!pinfo->fd->visited) {
4691 if (!(flags&F_RESPONSE)) {
4692 /* This is a request */
4693 bool new_transaction = false;
4694
4695 /* Check if we've seen this transaction before */
4696 dns_trans=(dns_transaction_t *)wmem_tree_lookup32_array_le(dns_info->pdus, key);
4697 if ((dns_trans == NULL) || (dns_trans->id != reqresp_id) || (dns_trans->rep_frame > 0)) {
4698 new_transaction = true;
4699 } else {
4700 nstime_t request_delta;
4701
4702 /* Has not enough time elapsed that we consider this request a retransmission? */
4703 nstime_delta(&request_delta, &pinfo->abs_ts, &dns_trans->req_time);
4704 if (nstime_to_sec(&request_delta) < (double)retransmission_timer) {
4705 retransmission = true;
4706 } else {
4707 new_transaction = true;
4708 }
4709 }
4710
4711 if (new_transaction) {
4712 dns_trans=wmem_new(wmem_file_scope(), dns_transaction_t);
4713 dns_trans->req_frame=pinfo->num;
4714 dns_trans->rep_frame=0;
4715 dns_trans->req_time=pinfo->abs_ts;
4716 dns_trans->id = reqresp_id;
4717 dns_trans->multiple_responds=false;
4718 wmem_tree_insert32_array(dns_info->pdus, key, (void *)dns_trans);
4719 }
4720 } else {
4721 dns_trans=(dns_transaction_t *)wmem_tree_lookup32_array_le(dns_info->pdus, key);
4722 if (dns_trans) {
4723 if (dns_trans->id != reqresp_id) {
4724 dns_trans = NULL;
4725 } else if (dns_trans->rep_frame == 0) {
4726 dns_trans->rep_frame=pinfo->num;
4727 } else if (!dns_trans->multiple_responds) {
4728 retransmission = true;
4729 }
4730 }
4731 }
4732 } else {
4733 dns_trans=(dns_transaction_t *)wmem_tree_lookup32_array_le(dns_info->pdus, key);
4734 if (dns_trans) {
4735 if (dns_trans->id != reqresp_id) {
4736 dns_trans = NULL;
4737 } else if ((!(flags & F_RESPONSE)) && (dns_trans->req_frame != pinfo->num)) {
4738 /* This is a request retransmission, create a "fake" dns_trans structure*/
4739 dns_transaction_t *retrans_dns = wmem_new(pinfo->pool, dns_transaction_t);
4740 retrans_dns->req_frame=dns_trans->req_frame;
4741 retrans_dns->rep_frame=0;
4742 retrans_dns->req_time=pinfo->abs_ts;
4743 dns_trans = retrans_dns;
4744
4745 retransmission = true;
4746 } else if ((flags & F_RESPONSE) && (dns_trans->rep_frame != pinfo->num) && (!dns_trans->multiple_responds)) {
4747 retransmission = true;
4748 }
4749 }
4750 }
4751 }
4752 if (!dns_trans) {
4753 /* create a "fake" dns_trans structure */
4754 dns_trans=wmem_new(pinfo->pool, dns_transaction_t);
4755 dns_trans->req_frame=0;
4756 dns_trans->rep_frame=0;
4757 dns_trans->req_time=pinfo->abs_ts;
4758 }
4759
4760 if (transport == DNS_TRANSPORT_TCP) {
4761 /* Put the length indication into the tree. */
4762 proto_tree_add_item(dns_tree, hf_dns_length, tvb, offset - 2, 2, ENC_BIG_ENDIAN);
4763 }
4764
4765 transaction_item = proto_tree_add_uint(dns_tree, hf_dns_transaction_id, tvb,
4766 offset + DNS_ID, 2, id);
4767
4768 tf = proto_tree_add_item(dns_tree, hf_dns_flags, tvb,
4769 offset + DNS_FLAGS, 2, ENC_BIG_ENDIAN);
4770 proto_item_append_text(tf, " %s",
4771 val_to_str_const(opcode, opcode_vals, "Unknown operation"));
4772 if (flags & F_RESPONSE) {
4773 proto_item_append_text(tf, " response, %s",
4774 val_to_str_const(rcode, rcode_vals, "Unknown error"));
4775 }
4776 field_tree = proto_item_add_subtree(tf, ett_dns_flags);
4777 proto_tree_add_item(field_tree, hf_dns_flags_response,
4778 tvb, offset + DNS_FLAGS, 2, ENC_BIG_ENDIAN);
4779 proto_tree_add_item(field_tree, hf_dns_flags_opcode,
4780 tvb, offset + DNS_FLAGS, 2, ENC_BIG_ENDIAN);
4781 if (is_llmnr) {
4782 if (flags & F_RESPONSE) {
4783 proto_tree_add_item(field_tree, hf_dns_flags_conflict_response,
4784 tvb, offset + DNS_FLAGS, 2, ENC_BIG_ENDIAN);
4785 } else {
4786 proto_tree_add_item(field_tree, hf_dns_flags_conflict_query,
4787 tvb, offset + DNS_FLAGS, 2, ENC_BIG_ENDIAN);
4788 }
4789 proto_tree_add_item(field_tree, hf_dns_flags_truncated,
4790 tvb, offset + DNS_FLAGS, 2, ENC_BIG_ENDIAN);
4791 proto_tree_add_item(field_tree, hf_dns_flags_tentative,
4792 tvb, offset + DNS_FLAGS, 2, ENC_BIG_ENDIAN);
4793 if (flags & F_RESPONSE) {
4794 proto_tree_add_item(field_tree, hf_dns_flags_rcode,
4795 tvb, offset + DNS_FLAGS, 2, ENC_BIG_ENDIAN);
4796 }
4797 } else {
4798 if (flags & F_RESPONSE) {
4799 proto_tree_add_item(field_tree, hf_dns_flags_authoritative,
4800 tvb, offset + DNS_FLAGS, 2, ENC_BIG_ENDIAN);
4801 }
4802 proto_tree_add_item(field_tree, hf_dns_flags_truncated,
4803 tvb, offset + DNS_FLAGS, 2, ENC_BIG_ENDIAN);
4804 proto_tree_add_item(field_tree, hf_dns_flags_recdesired,
4805 tvb, offset + DNS_FLAGS, 2, ENC_BIG_ENDIAN);
4806 if (flags & F_RESPONSE) {
4807 proto_tree_add_item(field_tree, hf_dns_flags_recavail,
4808 tvb, offset + DNS_FLAGS, 2, ENC_BIG_ENDIAN);
4809 }
4810 proto_tree_add_item(field_tree, hf_dns_flags_z,
4811 tvb, offset + DNS_FLAGS, 2, ENC_BIG_ENDIAN);
4812 if (flags & F_RESPONSE) {
4813 proto_tree_add_item(field_tree, hf_dns_flags_authenticated,
4814 tvb, offset + DNS_FLAGS, 2, ENC_BIG_ENDIAN);
4815 } else if (flags & F_AUTHENTIC) {
4816 proto_tree_add_item(field_tree, hf_dns_flags_ad,
4817 tvb, offset + DNS_FLAGS, 2, ENC_BIG_ENDIAN);
4818 }
4819 proto_tree_add_item(field_tree, hf_dns_flags_checkdisable,
4820 tvb, offset + DNS_FLAGS, 2, ENC_BIG_ENDIAN);
4821 if (flags & F_RESPONSE) {
4822 proto_tree_add_item(field_tree, hf_dns_flags_rcode,
4823 tvb, offset + DNS_FLAGS, 2, ENC_BIG_ENDIAN);
4824 }
4825 }
4826
4827 quest = tvb_get_ntohs(tvb, offset + DNS_QUEST);
4828 if (isupdate) {
4829 proto_tree_add_uint(dns_tree, hf_dns_count_zones, tvb,
4830 offset + DNS_QUEST, 2, quest);
4831 } else {
4832 proto_tree_add_uint(dns_tree, hf_dns_count_questions, tvb,
4833 offset + DNS_QUEST, 2, quest);
4834 }
4835 ans = tvb_get_ntohs(tvb, offset + DNS_ANS);
4836 if (isupdate) {
4837 proto_tree_add_uint(dns_tree, hf_dns_count_prerequisites, tvb,
4838 offset + DNS_ANS, 2, ans);
4839 } else {
4840 proto_tree_add_uint(dns_tree, hf_dns_count_answers, tvb,
4841 offset + DNS_ANS, 2, ans);
4842 }
4843 auth = tvb_get_ntohs(tvb, offset + DNS_AUTH);
4844 if (isupdate) {
4845 proto_tree_add_uint(dns_tree, hf_dns_count_updates, tvb,
4846 offset + DNS_AUTH, 2, auth);
4847 } else {
4848 proto_tree_add_uint(dns_tree, hf_dns_count_auth_rr, tvb,
4849 offset + DNS_AUTH, 2, auth);
4850 }
4851 add = tvb_get_ntohs(tvb, offset + DNS_ADD);
4852 proto_tree_add_uint(dns_tree, hf_dns_count_add_rr, tvb,
4853 offset + DNS_ADD, 2, add);
4854
4855 cur_off = offset + DNS_HDRLEN;
4856
4857 if (opcode == OPCODE_DSO && quest == 0 && ans == 0 && auth == 0 && add == 0) {
4858 /* DSO messages differs somewhat from the traditional DNS message format.
4859 the four count fields (QDCOUNT, ANCOUNT, NSCOUNT, ARCOUNT) are set to zero */
4860 cur_off += dissect_dso_data(tvb, cur_off, pinfo, dns_tree);
4861 }
4862
4863 rr_types = wmem_list_new(pinfo->pool);
4864
4865 if (quest > 0) {
4866 /* If this is a response, don't add information about the queries
4867 to the summary, just add information about the answers. */
4868 cur_off += dissect_query_records(tvb, cur_off, dns_data_offset, quest, pinfo,
4869 dns_tree, isupdate, is_mdns, &is_multiple_responds);
4870 dns_trans->multiple_responds = is_multiple_responds;
4871 }
4872
4873 if (ans > 0) {
4874 // set answer array and its index
4875 p_dns_qr_r_rx_ttls = dns_qr_r_ra_ttls;
4876 p_dns_qr_r_rx_ttl_index = &dns_qr_r_ra_ttl_index;
4877 /* If this is a request, don't add information about the answers
4878 to the summary, just add information about the queries. */
4879 cur_off += dissect_answer_records(tvb, cur_off, dns_data_offset, ans,
4880 dns_tree,
4881 (isupdate ? "Prerequisites" : "Answers"),
4882 pinfo, is_mdns, rr_types);
4883 }
4884
4885 /* Don't add information about the authoritative name servers, or the
4886 additional records, to the summary. */
4887 if (auth > 0) {
4888 // set authority array and its index
4889 p_dns_qr_r_rx_ttls = dns_qr_r_ru_ttls;
4890 p_dns_qr_r_rx_ttl_index = &dns_qr_r_ru_ttl_index;
4891 cur_off += dissect_answer_records(tvb, cur_off, dns_data_offset, auth, dns_tree,
4892 (isupdate ? "Updates" :
4893 "Authoritative nameservers"),
4894 pinfo, is_mdns, rr_types);
4895 }
4896
4897 if (add > 0) {
4898 // set additional array and its index
4899 p_dns_qr_r_rx_ttls = dns_qr_r_rd_ttls;
4900 p_dns_qr_r_rx_ttl_index = &dns_qr_r_rd_ttl_index;
4901 cur_off += dissect_answer_records(tvb, cur_off, dns_data_offset, add, dns_tree, "Additional records",
4902 pinfo, is_mdns, rr_types);
4903 }
4904 col_set_fence(pinfo->cinfo, COL_INFO);
4905
4906 /* print state tracking in the tree */
4907 if (!(flags&F_RESPONSE)) {
4908 proto_item *it;
4909 /* This is a request */
4910 if ((retransmission) && (dns_trans->req_frame) && (!pinfo->flags.in_error_pkt)) {
4911 expert_add_info_format(pinfo, transaction_item, &ei_dns_retransmit_request, "DNS query retransmission. Original request in frame %d", dns_trans->req_frame);
4912
4913 it=proto_tree_add_uint(dns_tree, hf_dns_retransmit_request_in, tvb, 0, 0, dns_trans->req_frame);
4914 proto_item_set_generated(it);
4915
4916 it=proto_tree_add_boolean(dns_tree, hf_dns_retransmission, tvb, 0, 0, true);
4917 proto_item_set_generated(it);
4918 } else if (dns_trans->rep_frame) {
4919
4920 it=proto_tree_add_uint(dns_tree, hf_dns_response_in, tvb, 0, 0, dns_trans->rep_frame);
4921 proto_item_set_generated(it);
4922 } else if PINFO_FD_VISITED(pinfo) {
4923 expert_add_info(pinfo, transaction_item, &ei_dns_response_missing);
4924 }
4925 } else {
4926 /* This is a reply */
4927 proto_item *it;
4928 if (dns_trans->req_frame) {
4929 if ((retransmission) && (dns_trans->rep_frame) && (!pinfo->flags.in_error_pkt)) {
4930 expert_add_info_format(pinfo, transaction_item, &ei_dns_retransmit_response, "DNS response retransmission. Original response in frame %d", dns_trans->rep_frame);
4931
4932 it=proto_tree_add_uint(dns_tree, hf_dns_retransmit_response_in, tvb, 0, 0, dns_trans->rep_frame);
4933 proto_item_set_generated(it);
4934
4935 it=proto_tree_add_boolean(dns_tree, hf_dns_retransmission, tvb, 0, 0, true);
4936 proto_item_set_generated(it);
4937 } else {
4938 it=proto_tree_add_uint(dns_tree, hf_dns_response_to, tvb, 0, 0, dns_trans->req_frame);
4939 proto_item_set_generated(it);
4940
4941 nstime_delta(&delta, &pinfo->abs_ts, &dns_trans->req_time);
4942 it=proto_tree_add_time(dns_tree, hf_dns_time, tvb, 0, 0, &delta);
4943 proto_item_set_generated(it);
4944 }
4945 } else {
4946 if (!retransmission) {
4947 it=proto_tree_add_boolean(dns_tree, hf_dns_unsolicited, tvb, 0, 0, true);
4948 proto_item_set_generated(it);
4949 }
4950 }
4951 }
4952
4953 /* Do we have any extraneous data? */
4954 int extraneous_length = tvb_reported_length_remaining(tvb, cur_off);
4955 if(extraneous_length > 0) {
4956 proto_tree *ext_tree;
4957 proto_item *it;
4958
4959 ext_tree = proto_tree_add_subtree_format(dns_tree, tvb, cur_off, extraneous_length,
4960 ett_dns_extraneous, &it, "Extraneous Data (%d bytes)", extraneous_length);
4961
4962 proto_tree_add_item(ext_tree, hf_dns_extraneous_data, tvb, cur_off, extraneous_length, ENC_NA);
4963
4964 it = proto_tree_add_int(ext_tree, hf_dns_extraneous_length, tvb, 0, 0, extraneous_length);
4965 proto_item_set_generated(it);
4966
4967 it = proto_tree_add_expert(ext_tree, pinfo, &ei_dns_extraneous_data, tvb, cur_off, extraneous_length);
4968 proto_item_set_hidden(it);
4969 }
4970
4971 /* Collect stats */
4972 if (pinfo->flags.in_error_pkt) {
4973 return;
4974 }
4975 if (is_mdns) {
4976 /* TODO */
4977 } else if (is_llmnr) {
4978 /* TODO */
4979 } else {
4980 dns_stats = wmem_new0(pinfo->pool, struct DnsTap);
4981 dns_stats->packet_rcode = rcode;
4982 dns_stats->packet_opcode = opcode;
4983 dns_stats->packet_qr = flags >> 15;
4984 if (quest > 0) {
4985 get_dns_name_type_class(tvb, offset + DNS_HDRLEN, dns_data_offset, &name, &name_len, &qtype, &qclass);
4986 dns_stats->packet_qtype = qtype;
4987 dns_stats->packet_qclass = qclass;
4988 }
4989 dns_stats->payload_size = tvb_captured_length(tvb);
4990 dns_stats->nquestions = quest;
4991 dns_stats->nanswers = ans;
4992 dns_stats->nauthorities = auth;
4993 dns_stats->nadditionals = add;
4994 if (quest > 0) {
4995 dns_stats->qname_len = name_len;
4996 dns_stats->qname_labels = qname_labels_count(name, name_len);
4997 dns_stats->qname = format_text(pinfo->pool, (const unsigned char *)name, name_len);
4998 // split into host and domain
4999 qname_host_and_domain(dns_stats->qname, name_len, dns_stats->qhost, dns_stats->qdomain);
5000 // queries could also be retransmitted
5001 if (retransmission) {
5002 dns_stats->retransmission = true;
5003 }
5004 }
5005 if (flags & F_RESPONSE) {
5006 if (dns_trans->req_frame == 0) {
5007 /* we don't have a request. This is an unsolicited response */
5008 dns_stats->unsolicited = true;
5009 } else {
5010 if (retransmission)
5011 dns_stats->retransmission = true;
5012 else
5013 dns_stats->rrt = delta;
5014 }
5015 }
5016 dns_stats->rr_types = rr_types;
5017 // storing ip (for "from" category in query and response)
5018 if (pinfo->src.type == AT_IPv4) {
5019 ip_addr_to_str_buf(pinfo->src.data, dns_stats->source, sizeof(dns_stats->source));
5020 }
5021 else if (pinfo->src.type == AT_IPv6) {
5022 ip6_to_str_buf(pinfo->src.data, dns_stats->source, sizeof(dns_stats->source));
5023 }
5024 else {
5025 ws_label_strcpy(dns_stats->source, sizeof(dns_stats->source), 0, "n/a",0);
5026 }
5027 // resetting to zero for the next response
5028 dns_qr_r_ra_ttl_index = 0;
5029 dns_qr_r_ru_ttl_index = 0;
5030 dns_qr_r_rd_ttl_index = 0;
5031 tap_queue_packet(dns_tap, pinfo, dns_stats);
5032 }
5033 }
5034
5035 static int
5036 dissect_dns_udp_sctp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _U_)
5037 {
5038 col_set_str(pinfo->cinfo, COL_PROTOCOL, "DNS");
5039
5040 dissect_dns_common(tvb, pinfo, tree, DNS_TRANSPORT_UDP, false, false);
5041 return tvb_captured_length(tvb);
5042 }
5043
5044 static int
5045 dissect_dns_doh(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _U_)
5046 {
5047 col_set_str(pinfo->cinfo, COL_PROTOCOL, "DoH");
5048
5049 dissect_dns_common(tvb, pinfo, tree, DNS_TRANSPORT_HTTP, false, false);
5050 return tvb_captured_length(tvb);
5051 }
5052
5053 static int
5054 dissect_dns_doq(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _U_)
5055 {
5056 col_set_str(pinfo->cinfo, COL_PROTOCOL, "DNS");
5057
5058 dissect_dns_common(tvb, pinfo, tree, DNS_TRANSPORT_QUIC, false, false);
5059 return tvb_captured_length(tvb);
5060 }
5061
5062 static int
5063 dissect_mdns_udp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _U_)
5064 {
5065 col_set_str(pinfo->cinfo, COL_PROTOCOL, "MDNS");
5066
5067 dissect_dns_common(tvb, pinfo, tree, DNS_TRANSPORT_UDP, true, false);
5068 return tvb_captured_length(tvb);
5069 }
5070
5071 static int
5072 dissect_llmnr_udp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _U_)
5073 {
5074 col_set_str(pinfo->cinfo, COL_PROTOCOL, "LLMNR");
5075
5076 dissect_dns_common(tvb, pinfo, tree, DNS_TRANSPORT_UDP, false, true);
5077 return tvb_captured_length(tvb);
5078 }
5079
5080 static unsigned
5081 get_dns_pdu_len(packet_info *pinfo _U_, tvbuff_t *tvb, int offset, void *data _U_)
5082 {
5083 uint16_t plen;
5084
5085 /*
5086 * Get the length of the DNS packet.
5087 */
5088 plen = tvb_get_ntohs(tvb, offset);
5089
5090 /*
5091 * That length doesn't include the length field itself; add that in.
5092 */
5093 return plen + 2;
5094 }
5095
5096 static int
5097 dissect_dns_tcp_pdu(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _U_)
5098 {
5099 col_set_str(pinfo->cinfo, COL_PROTOCOL, "DNS");
5100
5101 dissect_dns_common(tvb, pinfo, tree, DNS_TRANSPORT_TCP, false, false);
5102 return tvb_reported_length(tvb);
5103 }
5104
5105 static int
5106 dissect_dns_tcp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data)
5107 {
5108 tcp_dissect_pdus(tvb, pinfo, tree, dns_desegment, 2, get_dns_pdu_len,
5109 dissect_dns_tcp_pdu, data);
5110 return tvb_reported_length(tvb);
5111 }
5112
5113 static int
5114 dissect_dns(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data)
5115 {
5116 /* since draft-ietf-doh-dns-over-https-07 */
5117 bool is_doh = !g_strcmp0(pinfo->match_string, "application/dns-message");
5118
5119 if (is_doh) {
5120 return dissect_dns_doh(tvb, pinfo, tree, data);
5121 } else if (pinfo->ptype == PT_TCP) {
5122 return dissect_dns_tcp(tvb, pinfo, tree, data);
5123 } else {
5124 dissect_dns_udp_sctp(tvb, pinfo, tree, data);
5125 return tvb_captured_length(tvb);
5126 }
5127 }
5128
5129 static bool
5130 dissect_dns_heur(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data _U_)
5131 {
5132 /*
5133 * Try hard to match DNS messages while avoiding false positives. Look for:
5134 *
5135 * - Non-empty DNS messages (more than just a header).
5136 * - Flags: QR bit (0-Query, 1-Response); Opcode bits: Standard Query (0000)
5137 * - Questions: 1 (for queries), or 0 or 1 (for responses like AXFR)
5138 * - Answer RRs: 0 (for queries) or a low number (for responses)
5139 * - Authority RRs: 0 (for queries) or a low number (for responses)
5140 * - Additional RRs: assume a low number.
5141 * - Require that the question and answer count cannot both be zero. Perhaps
5142 * some protocols have large sequences of zero bytes, this check reduces the
5143 * probability of matching such payloads.
5144 * - Check that the packet is long enough to carry the Questions and RRs.
5145 *
5146 * Not implemented, but perhaps we could check for:
5147 * - Assume a valid QNAME in the question section. (Is there sufficient data
5148 * for a valid name?)
5149 * - Assume a common QTYPE and QCLASS (IN/CH).
5150 * - Potentially implement heuristics for TCP by checking the length prefix?
5151 */
5152 int offset = 0;
5153 uint16_t flags, quest, ans, auth, add;
5154 /*
5155 * max_ans=10 was sufficient for recognizing the majority of DNS messages from
5156 * the rrdns test suite, but four "huge record" test cases have 100 answers.
5157 * The max_auth and max_add numbers were picked arbitrarily.
5158 */
5159 const uint16_t max_ans = 100;
5160 const uint16_t max_auth = 10;
5161 const uint16_t max_add = 10;
5162
5163 if (tvb_reported_length(tvb) <= DNS_HDRLEN)
5164 return false;
5165
5166 flags = tvb_get_ntohs(tvb, offset + DNS_FLAGS);
5167 if ((flags & F_OPCODE) != 0)
5168 return false;
5169
5170 quest = tvb_get_ntohs(tvb, offset + DNS_QUEST);
5171 ans = tvb_get_ntohs(tvb, offset + DNS_ANS);
5172 auth = tvb_get_ntohs(tvb, offset + DNS_AUTH);
5173 if (!(flags & F_RESPONSE)) {
5174 if (quest != 1 || ans != 0 || auth != 0)
5175 return false;
5176 } else {
5177 if (quest > 1 || ans > max_ans || auth > max_auth)
5178 return false;
5179 }
5180
5181 add = tvb_get_ntohs(tvb, offset + DNS_ADD);
5182 if (add > max_add)
5183 return false;
5184
5185 if (quest + ans == 0)
5186 return false;
5187
5188 /* Do we even have enough space left? */
5189 if ( (quest * 6 + (ans + auth + add) * 11) > tvb_reported_length_remaining(tvb, offset + DNS_HDRLEN))
5190 return false;
5191
5192 dissect_dns(tvb, pinfo, tree, NULL);
5193 return true;
5194 }
5195
5196 static void dns_stats_tree_init(stats_tree* st)
5197 {
5198 stats_tree_create_node(st, st_str_packets, 0, STAT_DT_INT, true);
5199 stat_node_set_flags(st, st_str_packets, 0, false, ST_FLG_SORT_TOP);
5200 st_node_packet_qr = stats_tree_create_pivot(st, st_str_packet_qr, 0);
5201 st_node_packet_qtypes = stats_tree_create_pivot(st, st_str_packet_qtypes, 0);
5202 st_node_rr_types = stats_tree_create_pivot(st, st_str_rr_types, 0);
5203 st_node_packet_qnames = stats_tree_create_pivot(st, st_str_packet_qnames, 0);
5204 st_node_packet_qclasses = stats_tree_create_pivot(st, st_str_packet_qclasses, 0);
5205 st_node_packet_rcodes = stats_tree_create_pivot(st, st_str_packet_rcodes, 0);
5206 st_node_packet_opcodes = stats_tree_create_pivot(st, st_str_packet_opcodes, 0);
5207 st_node_packets_avg_size = stats_tree_create_node(st, st_str_packets_avg_size, 0, STAT_DT_INT, false);
5208 st_node_query_stats = stats_tree_create_node(st, st_str_query_stats, 0, STAT_DT_INT, true);
5209 st_node_query_qname_len = stats_tree_create_node(st, st_str_query_qname_len, st_node_query_stats, STAT_DT_INT, false);
5210 st_node_query_domains = stats_tree_create_node(st, st_str_query_domains, st_node_query_stats, STAT_DT_INT, true);
5211 st_node_query_domains_l1 = stats_tree_create_node(st, st_str_query_domains_l1, st_node_query_domains, STAT_DT_INT, false);
5212 st_node_query_domains_l2 = stats_tree_create_node(st, st_str_query_domains_l2, st_node_query_domains, STAT_DT_INT, false);
5213 st_node_query_domains_l3 = stats_tree_create_node(st, st_str_query_domains_l3, st_node_query_domains, STAT_DT_INT, false);
5214 st_node_query_domains_lmore = stats_tree_create_node(st, st_str_query_domains_lmore, st_node_query_domains, STAT_DT_INT, false);
5215 st_node_response_stats = stats_tree_create_node(st, st_str_response_stats, 0, STAT_DT_INT, true);
5216 st_node_response_nquestions = stats_tree_create_node(st, st_str_response_nquestions,
5217 st_node_response_stats, STAT_DT_INT, false);
5218 st_node_response_nanswers = stats_tree_create_node(st, st_str_response_nanswers,
5219 st_node_response_stats, STAT_DT_INT, false);
5220 st_node_response_nauthorities = stats_tree_create_node(st, st_str_response_nauthorities,
5221 st_node_response_stats, STAT_DT_INT, false);
5222 st_node_response_nadditionals = stats_tree_create_node(st, st_str_response_nadditionals,
5223 st_node_response_stats, STAT_DT_INT, false);
5224 st_node_service_stats = stats_tree_create_node(st, st_str_service_stats, 0, STAT_DT_INT, true);
5225 st_node_service_unsolicited = stats_tree_create_node(st, st_str_service_unsolicited, st_node_service_stats, STAT_DT_INT, false);
5226 st_node_service_retransmission = stats_tree_create_node(st, st_str_service_retransmission, st_node_service_stats, STAT_DT_INT, false);
5227 st_node_service_rrt = stats_tree_create_node(st, st_str_service_rrt, st_node_service_stats, STAT_DT_FLOAT, false);
5228 }
5229
5230 static tap_packet_status dns_stats_tree_packet(stats_tree* st, packet_info* pinfo _U_, epan_dissect_t* edt _U_, const void* p, tap_flags_t flags _U_)
5231 {
5232 const struct DnsTap *pi = (const struct DnsTap *)p;
5233 tick_stat_node(st, st_str_packets, 0, false);
5234 stats_tree_tick_pivot(st, st_node_packet_qr,
5235 val_to_str(pi->packet_qr, dns_qr_vals, "Unknown qr (%d)"));
5236 stats_tree_tick_pivot(st, st_node_packet_qtypes,
5237 val_to_str(pi->packet_qtype, dns_types_vals, "Unknown packet type (%d)"));
5238 if (dns_qname_stats) {
5239 stats_tree_tick_pivot(st, st_node_packet_qnames, pi->qname);
5240 }
5241 stats_tree_tick_pivot(st, st_node_packet_qclasses,
5242 val_to_str(pi->packet_qclass, dns_classes, "Unknown class (%d)"));
5243 stats_tree_tick_pivot(st, st_node_packet_rcodes,
5244 val_to_str(pi->packet_rcode, rcode_vals, "Unknown rcode (%d)"));
5245 stats_tree_tick_pivot(st, st_node_packet_opcodes,
5246 val_to_str(pi->packet_opcode, opcode_vals, "Unknown opcode (%d)"));
5247 avg_stat_node_add_value_int(st, st_str_packets_avg_size, 0, false,
5248 pi->payload_size);
5249
5250 /* split up stats for queries and responses */
5251 if (pi->packet_qr == 0) {
5252 avg_stat_node_add_value_int(st, st_str_query_qname_len, 0, false, pi->qname_len);
5253 switch(pi->qname_labels) {
5254 case 1:
5255 tick_stat_node(st, st_str_query_domains_l1, 0, false);
5256 break;
5257 case 2:
5258 tick_stat_node(st, st_str_query_domains_l2, 0, false);
5259 break;
5260 case 3:
5261 tick_stat_node(st, st_str_query_domains_l3, 0, false);
5262 break;
5263 default:
5264 tick_stat_node(st, st_str_query_domains_lmore, 0, false);
5265 break;
5266 }
5267 } else {
5268 avg_stat_node_add_value_int(st, st_str_response_nquestions, 0, false, pi->nquestions);
5269 avg_stat_node_add_value_int(st, st_str_response_nanswers, 0, false, pi->nanswers);
5270 avg_stat_node_add_value_int(st, st_str_response_nauthorities, 0, false, pi->nauthorities);
5271 avg_stat_node_add_value_int(st, st_str_response_nadditionals, 0, false, pi->nadditionals);
5272
5273 /* add answer types to stats */
5274 for (wmem_list_frame_t *type_entry = wmem_list_head(pi->rr_types); type_entry != NULL; type_entry = wmem_list_frame_next(type_entry)) {
5275 int qtype_val = GPOINTER_TO_INT(wmem_list_frame_data(type_entry));
5276 stats_tree_tick_pivot(st, st_node_rr_types,
5277 val_to_str(qtype_val, dns_types_vals, "Unknown packet type (%d)"));
5278 }
5279
5280 if (pi->unsolicited) {
5281 tick_stat_node(st, st_str_service_unsolicited, 0, false);
5282 } else {
5283 avg_stat_node_add_value_int(st, st_str_response_nquestions, 0, false, pi->nquestions);
5284 avg_stat_node_add_value_int(st, st_str_response_nanswers, 0, false, pi->nanswers);
5285 avg_stat_node_add_value_int(st, st_str_response_nauthorities, 0, false, pi->nauthorities);
5286 avg_stat_node_add_value_int(st, st_str_response_nadditionals, 0, false, pi->nadditionals);
5287 if (pi->unsolicited) {
5288 tick_stat_node(st, st_str_service_unsolicited, 0, false);
5289 } else {
5290 if (pi->retransmission)
5291 tick_stat_node(st, st_str_service_retransmission, 0, false);
5292 else
5293 avg_stat_node_add_value_float(st, st_str_service_rrt, 0, false, (float)(pi->rrt.secs*1000. + pi->rrt.nsecs/1000000.0));
5294 }
5295 }
5296 }
5297 return TAP_PACKET_REDRAW;
5298 }
5299
5300 static void dns_qr_stats_tree_init(stats_tree* st)
5301 {
5302 dns_qr_statistics_enabled = prefs_get_bool_value(perf_qr_enable_statistics, pref_current);
5303 dns_qr_qrn_statistics_enabled = prefs_get_bool_value(perf_qr_qrn_enable_statistics, pref_current);
5304 dns_qr_qrn_aud_zv_statistics_enabled = prefs_get_bool_value(perf_qr_qrn_aud_zv_enable_statistics, pref_current);
5305
5306 if (!dns_qr_statistics_enabled) {
5307 return;
5308 }
5309
5310 // t = Total
5311 if (dns_qr_t_statistics_enabled) {
5312 st_node_qr_t_packets = stats_tree_create_node(st, st_str_qr_t_packets, 0, STAT_DT_INT, true);
5313 }
5314
5315 // q = Query
5316 if (dns_qr_q_statistics_enabled) {
5317 st_node_qr_q_packets = stats_tree_create_node(st, st_str_qr_q_packets, 0, STAT_DT_INT, true);
5318
5319 // qf = Query-From
5320 if (dns_qr_qf_statistics_enabled) {
5321 st_node_qr_qf_packets = stats_tree_create_pivot(st, st_str_qr_qf_packets, st_node_qr_q_packets);
5322 }
5323
5324 // qo = Query-Opcode
5325 if (dns_qr_qo_statistics_enabled) {
5326 st_node_qr_qo_packets = stats_tree_create_pivot(st, st_str_qr_qo_packets, st_node_qr_q_packets);
5327 }
5328
5329 // qk = Query-Kind
5330 if (dns_qr_qk_statistics_enabled) {
5331 st_node_qr_qk_packets = stats_tree_create_pivot(st, st_str_qr_qk_packets, st_node_qr_q_packets);
5332 }
5333
5334 // qt = Query-Type
5335 if (dns_qr_qt_statistics_enabled) {
5336 st_node_qr_qt_packets = stats_tree_create_pivot(st, st_str_qr_qt_packets, st_node_qr_q_packets);
5337 }
5338
5339 // ql = Query-Label
5340 if (dns_qr_ql_statistics_enabled) {
5341 st_node_qr_ql_packets = stats_tree_create_pivot(st, st_str_qr_ql_packets, st_node_qr_q_packets);
5342 }
5343
5344 // qp = Query-Payload
5345 if (dns_qr_qp_statistics_enabled) {
5346 st_node_qr_qp_packets = stats_tree_create_pivot(st, st_str_qr_qp_packets, st_node_qr_q_packets);
5347 }
5348
5349 // qs = Query-Servicing
5350 if (dns_qr_qs_statistics_enabled) {
5351 st_node_qr_qs_packets = stats_tree_create_node(st, st_str_qr_qs_packets, st_node_qr_q_packets, STAT_DT_INT, true);
5352
5353 // qs_a = Answered (ms)
5354 if (dns_qr_qs_a_statistics_enabled) {
5355 st_node_qr_qs_a_packets = stats_tree_create_node(st, st_str_qr_qs_a_packets, st_node_qr_qs_packets, STAT_DT_FLOAT, true);
5356 }
5357
5358 // qs_u = Unanswered
5359 if (dns_qr_qs_u_statistics_enabled) {
5360 st_node_qr_qs_u_packets = stats_tree_create_pivot(st, st_str_qr_qs_u_packets, st_node_qr_qs_packets);
5361 }
5362
5363 // qs_r = Retransmission
5364 if (dns_qr_qs_r_statistics_enabled) {
5365 st_node_qr_qs_r_packets = stats_tree_create_pivot(st, st_str_qr_qs_r_packets, st_node_qr_qs_packets);
5366 }
5367 }
5368 }
5369
5370 // r = Response
5371 if (dns_qr_r_statistics_enabled) {
5372 st_node_qr_r_packets = stats_tree_create_node(st, st_str_qr_r_packets, 0, STAT_DT_INT, true);
5373
5374 // rf = Response-From
5375 if (dns_qr_rf_statistics_enabled) {
5376 st_node_qr_rf_packets = stats_tree_create_pivot(st, st_str_qr_rf_packets, st_node_qr_r_packets);
5377 }
5378
5379 // rc = Response-Code
5380 if (dns_qr_rc_statistics_enabled) {
5381 st_node_qr_rc_packets = stats_tree_create_pivot(st, st_str_qr_rc_packets, st_node_qr_r_packets);
5382 }
5383
5384 // rk = Response-Kind
5385 if (dns_qr_rk_statistics_enabled) {
5386 st_node_qr_rk_packets = stats_tree_create_pivot(st, st_str_qr_rk_packets, st_node_qr_r_packets);
5387 }
5388
5389 // ra = Response-Answer
5390 if (dns_qr_ra_statistics_enabled) {
5391 st_node_qr_ra_packets = stats_tree_create_pivot(st, st_str_qr_ra_packets, st_node_qr_r_packets);
5392 }
5393
5394 // ru = Response-aUthority
5395 if (dns_qr_ru_statistics_enabled) {
5396 st_node_qr_ru_packets = stats_tree_create_pivot(st, st_str_qr_ru_packets, st_node_qr_r_packets);
5397 }
5398
5399 // ru = Response-aDditional
5400 if (dns_qr_rd_statistics_enabled) {
5401 st_node_qr_rd_packets = stats_tree_create_pivot(st, st_str_qr_rd_packets, st_node_qr_r_packets);
5402 }
5403
5404 // rp = Response-Payload
5405 if (dns_qr_rp_statistics_enabled) {
5406 st_node_qr_rp_packets = stats_tree_create_pivot(st, st_str_qr_rp_packets, st_node_qr_r_packets);
5407 }
5408
5409 // rs = Response-Servicing
5410 if (dns_qr_rs_statistics_enabled) {
5411 st_node_qr_rs_packets = stats_tree_create_node(st, st_str_qr_rs_packets, st_node_qr_r_packets, STAT_DT_INT, true);
5412
5413 // rs_a = Answered (ms)
5414 if (dns_qr_rs_a_statistics_enabled) {
5415 st_node_qr_rs_a_packets = stats_tree_create_node(st, st_str_qr_rs_a_packets, st_node_qr_rs_packets, STAT_DT_FLOAT, true);
5416 }
5417
5418 // rs_n = Unsolicited
5419 if (dns_qr_rs_u_statistics_enabled) {
5420 st_node_qr_rs_u_packets = stats_tree_create_pivot(st, st_str_qr_rs_u_packets, st_node_qr_rs_packets);
5421 }
5422
5423 // rs_r = Retransmission
5424 if (dns_qr_rs_r_statistics_enabled) {
5425 st_node_qr_rs_r_packets = stats_tree_create_pivot(st, st_str_qr_rs_r_packets, st_node_qr_rs_packets);
5426 }
5427 }
5428
5429 // rt = Response-TTL
5430 if (dns_qr_rt_statistics_enabled) {
5431 st_node_qr_rt_packets = stats_tree_create_pivot(st, st_str_qr_rt_packets, st_node_qr_r_packets);
5432
5433 // rt_a = Answer
5434 if (dns_qr_rt_a_statistics_enabled) {
5435 st_node_qr_rt_a_packets = stats_tree_create_pivot(st, st_str_qr_rt_a_packets, st_node_qr_rt_packets);
5436 }
5437
5438 // rt_u = aUthority
5439 if (dns_qr_rt_u_statistics_enabled) {
5440 st_node_qr_rt_u_packets = stats_tree_create_pivot(st, st_str_qr_rt_u_packets, st_node_qr_rt_packets);
5441 }
5442
5443 // rt_d = aDditional
5444 if (dns_qr_rt_d_statistics_enabled) {
5445 st_node_qr_rt_d_packets = stats_tree_create_pivot(st, st_str_qr_rt_d_packets, st_node_qr_rt_packets);
5446 }
5447 }
5448 }
5449 }
5450
5451 static tap_packet_status dns_qr_stats_tree_packet(stats_tree* st, packet_info* pinfo _U_, epan_dissect_t* edt _U_, const void* p, tap_flags_t flags _U_)
5452 {
5453 // log frame number
5454 ws_debug("total packets: %u\n", pinfo->num);
5455
5456 if (!dns_qr_statistics_enabled) {
5457 ws_debug("dns_qr_statistics_enabled = false\n");
5458 goto _exit_;
5459 }
5460
5461 char buf[256];
5462 static int st_node = 1;
5463 const struct DnsTap* pi = (const struct DnsTap*)p;
5464
5465 // t = Total
5466 if (dns_qr_t_statistics_enabled) {
5467 ws_debug(" t = Total\n");
5468 stats_tree_tick_pivot(st, st_node_qr_t_packets, val_to_str(pi->packet_qr, dns_qr_vals, "Unknown qr (%d)"));
5469 }
5470
5471 // query
5472 if (pi->packet_qr == 0) { // query
5473
5474 // q = Query
5475 if (!dns_qr_q_statistics_enabled) {
5476 ws_debug("dns_qr_q_statistics_enabled = false\n");
5477 goto _exit_;
5478 }
5479
5480 // qf = Query-From
5481 if (dns_qr_qf_statistics_enabled) {
5482 ws_debug("qo = Query-From\n");
5483 tick_stat_node(st, st_str_qr_qf_packets, st_node_qr_q_packets, true);
5484 buf[0] = '\0';
5485 if (pinfo->src.type == AT_IPv4) {
5486 ip_addr_to_str_buf(pinfo->src.data, buf, sizeof(buf));
5487 }
5488 else if (pinfo->src.type == AT_IPv6) {
5489 ip6_to_str_buf(pinfo->src.data, buf, sizeof(buf));
5490 }
5491 st_node = tick_stat_node(st, buf, st_node_qr_qf_packets, true);
5492 if (dns_qr_qrn_statistics_enabled) {
5493 tick_stat_node(st, pi->qname, st_node, false);
5494 }
5495 }
5496
5497 // qo = Query-Opcode
5498 if (dns_qr_qo_statistics_enabled) {
5499 ws_debug("qo = Query-Opcode\n");
5500 tick_stat_node(st, st_str_qr_qo_packets, st_node_qr_q_packets, true);
5501 st_node = tick_stat_node(st, val_to_str(pi->packet_opcode, opcode_vals, "Unknown opcode (%d)"), st_node_qr_qo_packets, true);
5502 if (dns_qr_qrn_statistics_enabled) {
5503 tick_stat_node(st, pi->qname, st_node, false);
5504 }
5505 }
5506
5507 // qk = Query-Kind
5508 if (dns_qr_qk_statistics_enabled) {
5509 ws_debug("qk = Query-Kind\n");
5510 tick_stat_node(st, st_str_qr_qk_packets, st_node_qr_q_packets, true);
5511 if (pi->flags & F_RECDESIRED) {
5512 st_node = tick_stat_node(st, "Recursion Desired", st_node_qr_qk_packets, true);
5513 }
5514 else {
5515 st_node = tick_stat_node(st, "Iteration Desired", st_node_qr_qk_packets, true);
5516 }
5517 if (dns_qr_qrn_statistics_enabled) {
5518 tick_stat_node(st, pi->qname, st_node, false);
5519 }
5520 }
5521
5522 // qt = Query-Type
5523 if (dns_qr_qt_statistics_enabled) {
5524 ws_debug("qt = Query-Type\n");
5525 tick_stat_node(st, st_str_qr_qt_packets, st_node_qr_q_packets, true);
5526 st_node = tick_stat_node(st, val_to_str(pi->packet_qtype, dns_types_vals, "Unknown packet type (%d)"), st_node_qr_qt_packets, true);
5527 if (dns_qr_qrn_statistics_enabled) {
5528 tick_stat_node(st, pi->qname, st_node, false);
5529 }
5530 }
5531
5532 // ql = Query-Label
5533 if (dns_qr_ql_statistics_enabled) {
5534 ws_debug("ql = Query-Label\n");
5535 tick_stat_node(st, st_str_qr_ql_packets, st_node_qr_q_packets, true);
5536 switch (pi->qname_labels) {
5537 case 1:
5538 st_node = tick_stat_node(st, "1st Level", st_node_qr_ql_packets, true);
5539 break;
5540 case 2:
5541 st_node = tick_stat_node(st, "2nd Level", st_node_qr_ql_packets, true);
5542 break;
5543 case 3:
5544 st_node = tick_stat_node(st, "3rd Level", st_node_qr_ql_packets, true);
5545 break;
5546 case 4:
5547 st_node = tick_stat_node(st, "4th Level", st_node_qr_ql_packets, true);
5548 break;
5549 case 5:
5550 st_node = tick_stat_node(st, "5th Level", st_node_qr_ql_packets, true);
5551 break;
5552 case 6:
5553 st_node = tick_stat_node(st, "6th Level", st_node_qr_ql_packets, true);
5554 break;
5555 case 7:
5556 st_node = tick_stat_node(st, "7th Level", st_node_qr_ql_packets, true);
5557 break;
5558 case 8:
5559 st_node = tick_stat_node(st, "8th Level", st_node_qr_ql_packets, true);
5560 break;
5561 default:
5562 st_node = tick_stat_node(st, "9+ Level", st_node_qr_ql_packets, true);
5563 break;
5564 }
5565 if (dns_qr_qrn_statistics_enabled) {
5566 st_node = tick_stat_node(st, pi->qdomain, st_node, true);
5567 tick_stat_node(st, pi->qhost, st_node, false);
5568 }
5569 }
5570
5571 // qp = Query-Payload
5572 if (dns_qr_qp_statistics_enabled) {
5573 ws_debug("qp = Query-Payloadl\n");
5574 tick_stat_node(st, st_str_qr_qp_packets, st_node_qr_q_packets, false);
5575 if (pi->payload_size == 0) {
5576 st_node = tick_stat_node(st, "zero", st_node_qr_qp_packets, true);
5577 }
5578 else if (pi->payload_size == 0x1) {
5579 st_node = tick_stat_node(st, "= 1B", st_node_qr_qp_packets, true);
5580 }
5581 else if (pi->payload_size == 0x2) {
5582 st_node = tick_stat_node(st, "= 2B", st_node_qr_qp_packets, true);
5583 }
5584 else if (pi->payload_size <= 0x4) {
5585 st_node = tick_stat_node(st, "<= 4B", st_node_qr_qp_packets, true);
5586 }
5587 else if (pi->payload_size < 0x8) {
5588 st_node = tick_stat_node(st, "<= 8B", st_node_qr_qp_packets, true);
5589 }
5590 else if (pi->payload_size < 0x10) {
5591 st_node = tick_stat_node(st, "<= 16B", st_node_qr_qp_packets, true);
5592 }
5593 else if (pi->payload_size < 0x20) {
5594 st_node = tick_stat_node(st, "<= 32B", st_node_qr_qp_packets, true);
5595 }
5596 else if (pi->payload_size < 0x40) {
5597 st_node = tick_stat_node(st, "<= 64B", st_node_qr_qp_packets, true);
5598 }
5599 else if (pi->payload_size < 0x80) {
5600 st_node = tick_stat_node(st, "<= 128B", st_node_qr_qp_packets, true);
5601 }
5602 else if (pi->payload_size < 0x100) {
5603 st_node = tick_stat_node(st, "<= 256B", st_node_qr_qp_packets, true);
5604 }
5605 else if (pi->payload_size < 0x200) {
5606 st_node = tick_stat_node(st, "<= 512B", st_node_qr_qp_packets, true);
5607 }
5608 else if (pi->payload_size < 0x400) {
5609 st_node = tick_stat_node(st, "<= 1KB", st_node_qr_qp_packets, true);
5610 }
5611 else if (pi->payload_size < 0x800) {
5612 st_node = tick_stat_node(st, "<= 2KB", st_node_qr_qp_packets, true);
5613 }
5614 else if (pi->payload_size < 0x1000) {
5615 st_node = tick_stat_node(st, "<= 4KB", st_node_qr_qp_packets, true);
5616 }
5617 else if (pi->payload_size < 0x2000) {
5618 st_node = tick_stat_node(st, "<= 8KB", st_node_qr_qp_packets, true);
5619 }
5620 else if (pi->payload_size < 0x4000) {
5621 st_node = tick_stat_node(st, "<= 16KB", st_node_qr_qp_packets, true);
5622 }
5623 else if (pi->payload_size < 0x8000) {
5624 st_node = tick_stat_node(st, "<= 32KB", st_node_qr_qp_packets, true);
5625 }
5626 else if (pi->payload_size < 0x10000) {
5627 st_node = tick_stat_node(st, "<= 64KB", st_node_qr_qp_packets, true);
5628 }
5629 else {
5630 st_node = tick_stat_node(st, "> 64KB", st_node_qr_qp_packets, true);
5631 }
5632 if (dns_qr_qrn_statistics_enabled) {
5633 tick_stat_node(st, pi->qname, st_node, false);
5634 }
5635 }
5636
5637 // qs = Query-Servicing
5638 if (dns_qr_qs_statistics_enabled) {
5639
5640 ws_debug("qs = Query-Servicing\n");
5641 tick_stat_node(st, st_str_qr_qs_packets, st_node_qr_q_packets, true);
5642
5643 // qs_a = Query-Service_Answered (ms)
5644 if (dns_qr_qs_a_statistics_enabled) {
5645 ws_debug("qs_a = Query-Service_Answered (ms)\n");
5646 // data is populated from responses
5647 // check rs_a = Response-Servicing_Answered
5648 }
5649
5650 // qs_u = Query-Service_Unanswered
5651 if (dns_qr_qs_u_statistics_enabled) {
5652 ws_debug("qs_u = Query-Service_Unanswered\n");
5653 if (!pi->retransmission) {
5654 if (dns_qr_qrn_statistics_enabled) {
5655 stats_tree_tick_pivot(st, st_node_qr_qs_u_packets, pi->qname);
5656 }
5657 else {
5658 tick_stat_node(st, st_str_qr_qs_u_packets, st_node_qr_qs_packets, false);
5659 }
5660 }
5661 }
5662
5663 // qs_r = Query-Service_Retransmission
5664 if (dns_qr_qs_r_statistics_enabled) {
5665 ws_debug("qs_r = Query-Service_Retransmission\n");
5666 if (pi->retransmission) {
5667 if (dns_qr_qrn_statistics_enabled) {
5668 stats_tree_tick_pivot(st, st_node_qr_qs_r_packets, pi->qname);
5669 }
5670 else {
5671 tick_stat_node(st, st_str_qr_qs_r_packets, st_node_qr_qs_packets, false);
5672 }
5673 }
5674 }
5675 }
5676 }
5677
5678 // response
5679 else {
5680
5681 // r = Response
5682 if (!dns_qr_r_statistics_enabled) {
5683 ws_debug("dns_qr_r_statistics_enabled = false\n");
5684 goto _exit_;
5685 }
5686
5687 // rf = Response-From
5688 if (dns_qr_rf_statistics_enabled) {
5689 ws_debug("rf = Response-From\n");
5690 tick_stat_node(st, st_str_qr_rf_packets, st_node_qr_r_packets, true);
5691 buf[0] = '\0';
5692 if (pinfo->src.type == AT_IPv4) {
5693 ip_addr_to_str_buf(pinfo->src.data, buf, sizeof(buf));
5694 }
5695 else if (pinfo->src.type == AT_IPv6) {
5696 ip6_to_str_buf(pinfo->src.data, buf, sizeof(buf));
5697 }
5698 st_node = tick_stat_node(st, buf, st_node_qr_rf_packets, true);
5699 if (dns_qr_qrn_statistics_enabled) {
5700 tick_stat_node(st, pi->qname, st_node, false);
5701 }
5702 }
5703
5704 // rc = Response-Code
5705 if (dns_qr_rc_statistics_enabled) {
5706 ws_debug("rc = Response-Code\n");
5707 tick_stat_node(st, st_str_qr_rc_packets, st_node_qr_r_packets, true);
5708 st_node = tick_stat_node(st, val_to_str(pi->packet_rcode, rcode_vals, "Unknown rcode (%d)"), st_node_qr_rc_packets, true);
5709 if (dns_qr_qrn_statistics_enabled) {
5710 tick_stat_node(st, pi->qname, st_node, false);
5711 }
5712 }
5713
5714 // rk = Response-Kind
5715 if (dns_qr_rk_statistics_enabled) {
5716 ws_debug("rk = Response-Kind\n");
5717 tick_stat_node(st, st_str_qr_rk_packets, st_node_qr_r_packets, true);
5718 if (pi->flags & F_AUTHORITATIVE) {
5719 st_node = tick_stat_node(st, "Authoritative", st_node_qr_rk_packets, true);
5720 }
5721 else {
5722 st_node = tick_stat_node(st, "Non-Authoritative", st_node_qr_rk_packets, true);
5723 }
5724 if (dns_qr_qrn_statistics_enabled) {
5725 tick_stat_node(st, pi->qname, st_node, false);
5726 }
5727 }
5728
5729 // ra = Response-Answer
5730 if (dns_qr_ra_statistics_enabled) {
5731 ws_debug("ra = Response-Answer\n");
5732 tick_stat_node(st, st_str_qr_ra_packets, st_node_qr_r_packets, true);
5733 if (pi->nanswers == 0) {
5734 st_node = tick_stat_node(st, "zero", st_node_qr_ra_packets, true);
5735 }
5736 else if (pi->nanswers == 0x1) {
5737 st_node = tick_stat_node(st, "= 1", st_node_qr_ra_packets, true);
5738 }
5739 else if (pi->nanswers == 0x2) {
5740 st_node = tick_stat_node(st, "= 2", st_node_qr_ra_packets, true);
5741 }
5742 else if (pi->nanswers <= 0x4) {
5743 st_node = tick_stat_node(st, "<= 4", st_node_qr_ra_packets, true);
5744 }
5745 else if (pi->nanswers <= 0x8) {
5746 st_node = tick_stat_node(st, "<= 8", st_node_qr_ra_packets, true);
5747 }
5748 else if (pi->nanswers <= 0x10) {
5749 st_node = tick_stat_node(st, "<= 16", st_node_qr_ra_packets, true);
5750 }
5751 else if (pi->nanswers <= 0x20) {
5752 st_node = tick_stat_node(st, "<= 32", st_node_qr_ra_packets, true);
5753 }
5754 else if (pi->nanswers <= 0x40) {
5755 st_node = tick_stat_node(st, "<= 64", st_node_qr_ra_packets, true);
5756 }
5757 else if (pi->nanswers <= 0x80) {
5758 st_node = tick_stat_node(st, "<= 128", st_node_qr_ra_packets, true);
5759 }
5760 else if (pi->nanswers <= 0x100) {
5761 st_node = tick_stat_node(st, "<= 256", st_node_qr_ra_packets, true);
5762 }
5763 else if (pi->nanswers <= 0x200) {
5764 st_node = tick_stat_node(st, "<= 512", st_node_qr_ra_packets, true);
5765 }
5766 else if (pi->nanswers <= 0x400) {
5767 st_node = tick_stat_node(st, "<= 1K", st_node_qr_ra_packets, true);
5768 }
5769 else if (pi->nanswers <= 0x800) {
5770 st_node = tick_stat_node(st, "<= 2K", st_node_qr_ra_packets, true);
5771 }
5772 else if (pi->nanswers <= 0x1000) {
5773 st_node = tick_stat_node(st, "<= 4K", st_node_qr_ra_packets, true);
5774 }
5775 else {
5776 st_node = tick_stat_node(st, "> 4K", st_node_qr_ra_packets, true);
5777 }
5778 if (dns_qr_qrn_statistics_enabled) {
5779 if (pi->nanswers == 0) {
5780 if (dns_qr_qrn_aud_zv_statistics_enabled) {
5781 tick_stat_node(st, pi->qname, st_node, false);
5782 }
5783 }
5784 else {
5785 tick_stat_node(st, pi->qname, st_node, false);
5786 }
5787 }
5788 }
5789
5790 // ru = Response-aUthority
5791 if (dns_qr_ru_statistics_enabled) {
5792 ws_debug("ru = Response-aUthority\n");
5793 tick_stat_node(st, st_str_qr_ru_packets, st_node_qr_r_packets, true);
5794 if (pi->nauthorities == 0) {
5795 st_node = tick_stat_node(st, "zero", st_node_qr_ru_packets, true);
5796 }
5797 else if (pi->nauthorities == 0x1) {
5798 st_node = tick_stat_node(st, "= 1", st_node_qr_ru_packets, true);
5799 }
5800 else if (pi->nauthorities == 0x2) {
5801 st_node = tick_stat_node(st, "= 2", st_node_qr_ru_packets, true);
5802 }
5803 else if (pi->nauthorities <= 0x4) {
5804 st_node = tick_stat_node(st, "<= 4", st_node_qr_ru_packets, true);
5805 }
5806 else if (pi->nauthorities <= 0x8) {
5807 st_node = tick_stat_node(st, "<= 8", st_node_qr_ru_packets, true);
5808 }
5809 else if (pi->nauthorities <= 0x10) {
5810 st_node = tick_stat_node(st, "<= 16", st_node_qr_ru_packets, true);
5811 }
5812 else if (pi->nauthorities <= 0x20) {
5813 st_node = tick_stat_node(st, "<= 32", st_node_qr_ru_packets, true);
5814 }
5815 else if (pi->nauthorities <= 0x40) {
5816 st_node = tick_stat_node(st, "<= 64", st_node_qr_ru_packets, true);
5817 }
5818 else if (pi->nauthorities <= 0x80) {
5819 st_node = tick_stat_node(st, "<= 128", st_node_qr_ru_packets, true);
5820 }
5821 else if (pi->nauthorities <= 0x100) {
5822 st_node = tick_stat_node(st, "<= 256", st_node_qr_ru_packets, true);
5823 }
5824 else if (pi->nauthorities <= 0x200) {
5825 st_node = tick_stat_node(st, "<= 512", st_node_qr_ru_packets, true);
5826 }
5827 else if (pi->nauthorities <= 0x400) {
5828 st_node = tick_stat_node(st, "<= 1K", st_node_qr_ru_packets, true);
5829 }
5830 else if (pi->nauthorities <= 0x800) {
5831 st_node = tick_stat_node(st, "<= 2K", st_node_qr_ru_packets, true);
5832 }
5833 else if (pi->nauthorities <= 0x1000) {
5834 st_node = tick_stat_node(st, "<= 4K", st_node_qr_ru_packets, true);
5835 }
5836 else {
5837 st_node = tick_stat_node(st, "> 4K", st_node_qr_ru_packets, true);
5838 }
5839 if (dns_qr_qrn_statistics_enabled) {
5840 if (pi->nauthorities == 0) {
5841 if (dns_qr_qrn_aud_zv_statistics_enabled) {
5842 tick_stat_node(st, pi->qname, st_node, false);
5843 }
5844 }
5845 else {
5846 tick_stat_node(st, pi->qname, st_node, false);
5847 }
5848 }
5849 }
5850
5851 // rd = Response-aDditional
5852 if (dns_qr_rd_statistics_enabled) {
5853 ws_debug("rd = Response-aDditional\n");
5854 tick_stat_node(st, st_str_qr_rd_packets, st_node_qr_r_packets, true);
5855 if (pi->nadditionals == 0) {
5856 st_node = tick_stat_node(st, "zero", st_node_qr_rd_packets, true);
5857 }
5858 else if (pi->nadditionals == 0x1) {
5859 st_node = tick_stat_node(st, "= 1", st_node_qr_rd_packets, true);
5860 }
5861 else if (pi->nadditionals == 0x2) {
5862 st_node = tick_stat_node(st, "= 2", st_node_qr_rd_packets, true);
5863 }
5864 else if (pi->nadditionals <= 0x4) {
5865 st_node = tick_stat_node(st, "<= 4", st_node_qr_rd_packets, true);
5866 }
5867 else if (pi->nadditionals <= 0x8) {
5868 st_node = tick_stat_node(st, "<= 8", st_node_qr_rd_packets, true);
5869 }
5870 else if (pi->nadditionals <= 0x10) {
5871 st_node = tick_stat_node(st, "<= 16", st_node_qr_rd_packets, true);
5872 }
5873 else if (pi->nadditionals <= 0x20) {
5874 st_node = tick_stat_node(st, "<= 32", st_node_qr_rd_packets, true);
5875 }
5876 else if (pi->nadditionals <= 0x40) {
5877 st_node = tick_stat_node(st, "<= 64", st_node_qr_rd_packets, true);
5878 }
5879 else if (pi->nadditionals <= 0x80) {
5880 st_node = tick_stat_node(st, "<= 128", st_node_qr_rd_packets, true);
5881 }
5882 else if (pi->nadditionals <= 0x100) {
5883 st_node = tick_stat_node(st, "<= 256", st_node_qr_rd_packets, true);
5884 }
5885 else if (pi->nadditionals <= 0x200) {
5886 st_node = tick_stat_node(st, "<= 512", st_node_qr_rd_packets, true);
5887 }
5888 else if (pi->nadditionals <= 0x400) {
5889 st_node = tick_stat_node(st, "<= 1K", st_node_qr_rd_packets, true);
5890 }
5891 else if (pi->nadditionals <= 0x800) {
5892 st_node = tick_stat_node(st, "<= 2K", st_node_qr_rd_packets, true);
5893 }
5894 else if (pi->nadditionals <= 0x1000) {
5895 st_node = tick_stat_node(st, "<= 4K", st_node_qr_rd_packets, true);
5896 }
5897 else {
5898 st_node = tick_stat_node(st, "> 4K", st_node_qr_rd_packets, true);
5899 }
5900 if (dns_qr_qrn_statistics_enabled) {
5901 if (pi->nadditionals == 0) {
5902 if (dns_qr_qrn_aud_zv_statistics_enabled) {
5903 tick_stat_node(st, pi->qname, st_node, false);
5904 }
5905 }
5906 else {
5907 tick_stat_node(st, pi->qname, st_node, false);
5908 }
5909 }
5910 }
5911
5912 // rp = Response-Payload
5913 if (dns_qr_rp_statistics_enabled) {
5914 ws_debug("rp = Response-Payloadl\n");
5915 tick_stat_node(st, st_str_qr_rp_packets, st_node_qr_r_packets, false);
5916 if (pi->payload_size == 0) {
5917 st_node = tick_stat_node(st, "zero", st_node_qr_rp_packets, true);
5918 }
5919 else if (pi->payload_size == 0x1) {
5920 st_node = tick_stat_node(st, "= 1B", st_node_qr_rp_packets, true);
5921 }
5922 else if (pi->payload_size == 0x2) {
5923 st_node = tick_stat_node(st, "= 2B", st_node_qr_rp_packets, true);
5924 }
5925 else if (pi->payload_size <= 0x4) {
5926 st_node = tick_stat_node(st, "<= 4B", st_node_qr_rp_packets, true);
5927 }
5928 else if (pi->payload_size <= 0x8) {
5929 st_node = tick_stat_node(st, "<= 8B", st_node_qr_rp_packets, true);
5930 }
5931 else if (pi->payload_size <= 0x10) {
5932 st_node = tick_stat_node(st, "<= 16B", st_node_qr_rp_packets, true);
5933 }
5934 else if (pi->payload_size <= 0x20) {
5935 st_node = tick_stat_node(st, "<= 32B", st_node_qr_rp_packets, true);
5936 }
5937 else if (pi->payload_size <= 0x40) {
5938 st_node = tick_stat_node(st, "<= 64B", st_node_qr_rp_packets, true);
5939 }
5940 else if (pi->payload_size <= 0x80) {
5941 st_node = tick_stat_node(st, "<= 128B", st_node_qr_rp_packets, true);
5942 }
5943 else if (pi->payload_size <= 0x100) {
5944 st_node = tick_stat_node(st, "<= 256B", st_node_qr_rp_packets, true);
5945 }
5946 else if (pi->payload_size <= 0x200) {
5947 st_node = tick_stat_node(st, "<= 512B", st_node_qr_rp_packets, true);
5948 }
5949 else if (pi->payload_size <= 0x400) {
5950 st_node = tick_stat_node(st, "<= 1KB", st_node_qr_rp_packets, true);
5951 }
5952 else if (pi->payload_size <= 0x800) {
5953 st_node = tick_stat_node(st, "<= 2KB", st_node_qr_rp_packets, true);
5954 }
5955 else if (pi->payload_size <= 0x1000) {
5956 st_node = tick_stat_node(st, "<= 4KB", st_node_qr_rp_packets, true);
5957 }
5958 else if (pi->payload_size <= 0x2000) {
5959 st_node = tick_stat_node(st, "<= 8KB", st_node_qr_rp_packets, true);
5960 }
5961 else if (pi->payload_size <= 0x4000) {
5962 st_node = tick_stat_node(st, "<= 16KB", st_node_qr_rp_packets, true);
5963 }
5964 else if (pi->payload_size <= 0x8000) {
5965 st_node = tick_stat_node(st, "<= 32KB", st_node_qr_rp_packets, true);
5966 }
5967 else if (pi->payload_size <= 0x10000) {
5968 st_node = tick_stat_node(st, "<= 64KB", st_node_qr_rp_packets, true);
5969 }
5970 else {
5971 st_node = tick_stat_node(st, "> 64KB", st_node_qr_rp_packets, true);
5972 }
5973 if (dns_qr_qrn_statistics_enabled) {
5974 tick_stat_node(st, pi->qname, st_node, false);
5975 }
5976 }
5977
5978 // rs = Response-Servicing
5979 if (dns_qr_rs_statistics_enabled) {
5980
5981 ws_debug("rs = Response-Servicing\n");
5982 tick_stat_node(st, st_str_qr_rs_packets, st_node_qr_r_packets, true);
5983
5984 // rs_a = Response-Service_Answered (ms)
5985 if (dns_qr_rs_a_statistics_enabled) {
5986 ws_debug("rs_a = Response-Service_Answered (ms)\n");
5987 if (!pi->retransmission && !pi->unsolicited) {
5988 st_node = avg_stat_node_add_value_float(st, st_str_qr_rs_a_packets, st_node_qr_rs_packets, true, (float)(pi->rrt.secs * 1000. + pi->rrt.nsecs / 1000000.0));
5989 if (dns_qr_qrn_statistics_enabled) {
5990 avg_stat_node_add_value_float(st, pi->qname, st_node, false, (float)(pi->rrt.secs * 1000. + pi->rrt.nsecs / 1000000.0));
5991 }
5992 // filling in qs_a = Answered (ms)
5993 if (dns_qr_qs_a_statistics_enabled) {
5994 st_node = avg_stat_node_add_value_float(st, st_str_qr_qs_a_packets, st_node_qr_qs_packets, true, (float)(pi->rrt.secs * 1000. + pi->rrt.nsecs / 1000000.0));
5995 if (dns_qr_qrn_statistics_enabled) {
5996 avg_stat_node_add_value_float(st, pi->qname, st_node, false, (float)(pi->rrt.secs * 1000. + pi->rrt.nsecs / 1000000.0));
5997 }
5998 }
5999 // decrementing qs_u = Unanswered
6000 if (dns_qr_qs_u_statistics_enabled) {
6001 increase_stat_node(st, st_str_qr_qs_u_packets, st_node_qr_qs_packets, false, -1);
6002 if (dns_qr_qrn_statistics_enabled) {
6003 increase_stat_node(st, pi->qname, st_node_qr_qs_u_packets, false, -1);
6004 }
6005 }
6006 }
6007 }
6008
6009 // rs_u = Response-Service_Unsolicited
6010 if (dns_qr_rs_u_statistics_enabled) {
6011 ws_debug("rs_u = Response-Service_Unsolicited\n");
6012 // service statistics (total responses = unsolicited + retransmissions + non-retransmissions)
6013 if (pi->unsolicited) { // unsolicited = responses without queries being present in this capture
6014 if (dns_qr_qrn_statistics_enabled) {
6015 stats_tree_tick_pivot(st, st_node_qr_rs_u_packets, pi->qname);
6016 }
6017 else {
6018 tick_stat_node(st, st_str_qr_rs_u_packets, st_node_qr_rs_packets, false);
6019 }
6020 }
6021 }
6022
6023 // rs_r = Response-Service_Retransmission
6024 if (dns_qr_rs_r_statistics_enabled) {
6025 ws_debug("rs_r = Response-Service_Retransmission\n");
6026 if (pi->retransmission && !pi->unsolicited) {
6027 if (dns_qr_qrn_statistics_enabled) {
6028 stats_tree_tick_pivot(st, st_node_qr_rs_r_packets, pi->qname);
6029 }
6030 else {
6031 tick_stat_node(st, st_str_qr_rs_r_packets, st_node_qr_rs_packets, false);
6032 }
6033 }
6034 }
6035 }
6036
6037 // rt = Response-TTL
6038 if (dns_qr_rt_statistics_enabled) {
6039 ws_debug("rt = Response-TTL\n");
6040
6041 // counting of ttl should stay disabled to avoid confusion with summation
6042 // of its child nodes and its count. for example, if there are only 2
6043 // responses, ttl count will be 2 but summation of answers, authorities
6044 // and additionals could be more as each response could contain multiple
6045 // answers, authorities and additionals. if ttl count is changed to
6046 // reflect summation, then it would standout withing its siblings like
6047 // rcode, payload etc.
6048 //tick_stat_node(st, st_str_qr_rt_packets, st_node_qr_r_packets, true);
6049
6050 // rt_a = Answers
6051 if (dns_qr_rt_a_statistics_enabled) {
6052 ws_debug("rt_a = Response-TTL_Answers\n");
6053 unsigned ui_limit = pi->nanswers;
6054 if (ui_limit > TTL_MAXIMUM_ELEMENTS) { // limit check to avoid overflow
6055 ws_debug("rt_a = Response-TTL_Answers (answers(%u) > (%u)TTL_MAXIMUM_ELEMENTS) (iterating upto TTL_MAXIMUM_ELEMENTS)\n", ui_limit, TTL_MAXIMUM_ELEMENTS);
6056 ui_limit = TTL_MAXIMUM_ELEMENTS;
6057 }
6058 for (unsigned ui = 0; ui < ui_limit; ui++) {
6059 tick_stat_node(st, st_str_qr_rt_a_packets, st_node_qr_rt_packets, true);
6060 if (dns_qr_r_ra_ttls[ui] == 0) {
6061 st_node = tick_stat_node(st, "zero", st_node_qr_rt_a_packets, true);
6062 }
6063 else if (dns_qr_r_ra_ttls[ui] <= 60) {
6064 st_node = tick_stat_node(st, "<= minute", st_node_qr_rt_a_packets, true);
6065 }
6066 else if (dns_qr_r_ra_ttls[ui] <= 3600) {
6067 st_node = tick_stat_node(st, "<= hour", st_node_qr_rt_a_packets, true);
6068 }
6069 else if (dns_qr_r_ra_ttls[ui] <= 86400) {
6070 st_node = tick_stat_node(st, "<= day", st_node_qr_rt_a_packets, true);
6071 }
6072 else if (dns_qr_r_ra_ttls[ui] <= 604800) {
6073 st_node = tick_stat_node(st, "<= week", st_node_qr_rt_a_packets, true);
6074 }
6075 else if (dns_qr_r_ra_ttls[ui] <= 2628000) {
6076 st_node = tick_stat_node(st, "<= month", st_node_qr_rt_a_packets, true);
6077 }
6078 else if (dns_qr_r_ra_ttls[ui] <= 31536000) {
6079 st_node = tick_stat_node(st, "<= year", st_node_qr_rt_a_packets, true);
6080 }
6081 else {
6082 st_node = tick_stat_node(st, "> year", st_node_qr_rt_a_packets, true);
6083 }
6084 if (dns_qr_qrn_statistics_enabled) {
6085 tick_stat_node(st, pi->qname, st_node, false);
6086 }
6087 }
6088 }
6089
6090 // rt_u = aUthority
6091 if (dns_qr_rt_u_statistics_enabled) {
6092 ws_debug("rt_u = Response-TTL_aUthority\n");
6093 unsigned ui_limit = pi->nauthorities;
6094 if (ui_limit > TTL_MAXIMUM_ELEMENTS) { // limit check to avoid overflow
6095 ws_debug("rt_a = Response-TTL_Answers (authorities(%u) > (%u)TTL_MAXIMUM_ELEMENTS) (iterating upto TTL_MAXIMUM_ELEMENTS)\n", ui_limit, TTL_MAXIMUM_ELEMENTS);
6096 ui_limit = TTL_MAXIMUM_ELEMENTS;
6097 }
6098 for (unsigned ui = 0; ui < ui_limit; ui++) {
6099 tick_stat_node(st, st_str_qr_rt_u_packets, st_node_qr_rt_packets, true);
6100 if (dns_qr_r_ru_ttls[ui] == 0) {
6101 st_node = tick_stat_node(st, "zero", st_node_qr_rt_u_packets, true);
6102 }
6103 else if (dns_qr_r_ru_ttls[ui] <= 60) {
6104 st_node = tick_stat_node(st, "<= minute", st_node_qr_rt_u_packets, true);
6105 }
6106 else if (dns_qr_r_ru_ttls[ui] <= 3600) {
6107 st_node = tick_stat_node(st, "<= hour", st_node_qr_rt_u_packets, true);
6108 }
6109 else if (dns_qr_r_ru_ttls[ui] <= 86400) {
6110 st_node = tick_stat_node(st, "<= day", st_node_qr_rt_u_packets, true);
6111 }
6112 else if (dns_qr_r_ru_ttls[ui] <= 604800) {
6113 st_node = tick_stat_node(st, "<= week", st_node_qr_rt_u_packets, true);
6114 }
6115 else if (dns_qr_r_ru_ttls[ui] <= 2628000) {
6116 st_node = tick_stat_node(st, "<= month", st_node_qr_rt_u_packets, true);
6117 }
6118 else if (dns_qr_r_ru_ttls[ui] <= 31536000) {
6119 st_node = tick_stat_node(st, "<= year", st_node_qr_rt_u_packets, true);
6120 }
6121 else {
6122 st_node = tick_stat_node(st, "> year", st_node_qr_rt_u_packets, true);
6123 }
6124 if (dns_qr_qrn_statistics_enabled) {
6125 tick_stat_node(st, pi->qname, st_node, false);
6126 }
6127 }
6128 }
6129
6130 // rt_d = aDditional
6131 if (dns_qr_rt_d_statistics_enabled) {
6132 ws_debug("rt_d = Response-TTL_aDditional\n");
6133 unsigned ui_limit = pi->nadditionals;
6134 if (ui_limit > TTL_MAXIMUM_ELEMENTS) { // limit check to avoid overflow
6135 ws_debug("rt_a = Response-TTL_Answers (additionals(%u) > (%u)TTL_MAXIMUM_ELEMENTS) (iterating upto TTL_MAXIMUM_ELEMENTS)\n", ui_limit, TTL_MAXIMUM_ELEMENTS);
6136 ui_limit = TTL_MAXIMUM_ELEMENTS;
6137 }
6138 for (unsigned ui = 0; ui < ui_limit; ui++) {
6139 tick_stat_node(st, st_str_qr_rt_d_packets, st_node_qr_rt_packets, true);
6140 if (dns_qr_r_rd_ttls[ui] == 0) {
6141 st_node = tick_stat_node(st, "zero", st_node_qr_rt_d_packets, true);
6142 }
6143 else if (dns_qr_r_rd_ttls[ui] <= 60) {
6144 st_node = tick_stat_node(st, "<= minute", st_node_qr_rt_d_packets, true);
6145 }
6146 else if (dns_qr_r_rd_ttls[ui] <= 3600) {
6147 st_node = tick_stat_node(st, "<= hour", st_node_qr_rt_d_packets, true);
6148 }
6149 else if (dns_qr_r_rd_ttls[ui] <= 86400) {
6150 st_node = tick_stat_node(st, "<= day", st_node_qr_rt_d_packets, true);
6151 }
6152 else if (dns_qr_r_rd_ttls[ui] <= 604800) {
6153 st_node = tick_stat_node(st, "<= week", st_node_qr_rt_d_packets, true);
6154 }
6155 else if (dns_qr_r_rd_ttls[ui] <= 2628000) {
6156 st_node = tick_stat_node(st, "<= month", st_node_qr_rt_d_packets, true);
6157 }
6158 else if (dns_qr_r_rd_ttls[ui] <= 31536000) {
6159 st_node = tick_stat_node(st, "<= year", st_node_qr_rt_d_packets, true);
6160 }
6161 else {
6162 st_node = tick_stat_node(st, "> year", st_node_qr_rt_d_packets, true);
6163 }
6164 if (dns_qr_qrn_statistics_enabled) {
6165 tick_stat_node(st, pi->qname, st_node, false);
6166 }
6167 }
6168 }
6169 }
6170 }
6171 _exit_:
6172 return TAP_PACKET_REDRAW;
6173 }
6174
6175 static void dns_qr_stats_tree_cleanup(stats_tree* st)
6176 {
6177 ws_debug("cleanup with st=%p\n", st);
6178 }
6179
6180 void
6181 proto_reg_handoff_dns(void)
6182 {
6183 dissector_add_uint_with_preference("udp.port", UDP_PORT_MDNS, mdns_udp_handle);
6184 dissector_add_uint_with_preference("udp.port", UDP_PORT_LLMNR, llmnr_udp_handle);
6185 dissector_add_uint("sctp.port", SCTP_PORT_DNS, dns_handle);
6186 #if 0
6187 dissector_add_uint("sctp.ppi", DNS_PAYLOAD_PROTOCOL_ID, dns_handle);
6188 #endif
6189 stats_tree_cfg *st_config = stats_tree_register("dns", "dns", "DNS", 0, dns_stats_tree_packet, dns_stats_tree_init, NULL);
6190 stats_tree_set_first_column_name(st_config, "Packet Type");
6191 stats_tree_register("dns", "dns_qr", "DNS/Query-Response", 0, dns_qr_stats_tree_packet, dns_qr_stats_tree_init, dns_qr_stats_tree_cleanup);
6192 gssapi_handle = find_dissector_add_dependency("gssapi", proto_dns);
6193 ntlmssp_handle = find_dissector_add_dependency("ntlmssp", proto_dns);
6194 tls_echconfig_handle = find_dissector("tls-echconfig");
6195 ssl_dissector_add(TCP_PORT_DNS_TLS, dns_handle);
6196 // RFC 7858 - registration via https://mailarchive.ietf.org/arch/msg/dns-privacy/iZ2rDIhFB2ZWsGC3PcdBVLGa8Do
6197 dissector_add_string("tls.alpn", "dot", dns_handle);
6198 dtls_dissector_add(UDP_PORT_DNS_DTLS, dns_handle);
6199 dissector_add_uint_range_with_preference("tcp.port", DEFAULT_DNS_TCP_PORT_RANGE, dns_handle);
6200 dissector_add_uint_range_with_preference("udp.port", DEFAULT_DNS_PORT_RANGE, dns_handle);
6201 dissector_add_string("media_type", "application/dns-message", dns_handle); /* since draft-ietf-doh-dns-over-https-07 */
6202 dissector_add_string("quic.proto", "doq", doq_handle); /* https://www.ietf.org/archive/id/draft-ietf-dprive-dnsoquic-03.txt */
6203 heur_dissector_add("udp", dissect_dns_heur, "DNS over UDP", "dns_udp", proto_dns, HEURISTIC_ENABLE);
6204 }
6205
6206 void
6207 proto_register_dns(void)
6208 {
6209 static hf_register_info hf[] = {
6210 { &hf_dns_length,
6211 { "Length", "dns.length",
6212 FT_UINT16, BASE_DEC, NULL, 0x0,
6213 "Length of DNS-over-TCP request or response", HFILL }},
6214
6215 { &hf_dns_flags,
6216 { "Flags", "dns.flags",
6217 FT_UINT16, BASE_HEX, NULL, 0x0,
6218 NULL, HFILL }},
6219
6220 { &hf_dns_flags_response,
6221 { "Response", "dns.flags.response",
6222 FT_BOOLEAN, 16, TFS(&tfs_flags_response), F_RESPONSE,
6223 "Is the message a response?", HFILL }},
6224
6225 { &hf_dns_flags_opcode,
6226 { "Opcode", "dns.flags.opcode",
6227 FT_UINT16, BASE_DEC, VALS(opcode_vals), F_OPCODE,
6228 "Operation code", HFILL }},
6229
6230 { &hf_dns_flags_authoritative,
6231 { "Authoritative", "dns.flags.authoritative",
6232 FT_BOOLEAN, 16, TFS(&tfs_flags_authoritative), F_AUTHORITATIVE,
6233 "Is the server is an authority for the domain?", HFILL }},
6234
6235 { &hf_dns_flags_conflict_query,
6236 { "Conflict", "dns.flags.conflict",
6237 FT_BOOLEAN, 16, TFS(&tfs_flags_conflict_query), F_CONFLICT,
6238 "Did we receive multiple responses to a query?", HFILL }},
6239
6240 { &hf_dns_flags_conflict_response,
6241 { "Conflict", "dns.flags.conflict",
6242 FT_BOOLEAN, 16, TFS(&tfs_flags_conflict_response), F_CONFLICT,
6243 "Is the name considered unique?", HFILL }},
6244
6245 { &hf_dns_flags_truncated,
6246 { "Truncated", "dns.flags.truncated",
6247 FT_BOOLEAN, 16, TFS(&tfs_flags_truncated), F_TRUNCATED,
6248 "Is the message truncated?", HFILL }},
6249
6250 { &hf_dns_flags_recdesired,
6251 { "Recursion desired", "dns.flags.recdesired",
6252 FT_BOOLEAN, 16, TFS(&tfs_flags_recdesired), F_RECDESIRED,
6253 "Do query recursively?", HFILL }},
6254
6255 { &hf_dns_flags_tentative,
6256 { "Tentative", "dns.flags.tentative",
6257 FT_BOOLEAN, 16, TFS(&tfs_flags_tentative), F_TENTATIVE,
6258 "Is the responder authoritative for the name, but not yet verified the uniqueness?", HFILL }},
6259
6260 { &hf_dns_flags_recavail,
6261 { "Recursion available", "dns.flags.recavail",
6262 FT_BOOLEAN, 16, TFS(&tfs_flags_recavail), F_RECAVAIL,
6263 "Can the server do recursive queries?", HFILL }},
6264
6265 { &hf_dns_flags_z,
6266 { "Z", "dns.flags.z",
6267 FT_BOOLEAN, 16, TFS(&tfs_flags_z), F_Z,
6268 "Z flag", HFILL }},
6269
6270 { &hf_dns_flags_authenticated,
6271 { "Answer authenticated", "dns.flags.authenticated",
6272 FT_BOOLEAN, 16, TFS(&tfs_flags_authenticated), F_AUTHENTIC,
6273 "Was the reply data authenticated by the server?", HFILL }},
6274
6275 { &hf_dns_flags_ad,
6276 { "AD bit", "dns.flags.ad",
6277 FT_BOOLEAN, 16, TFS(&tfs_set_notset), F_AUTHENTIC,
6278 NULL, HFILL }},
6279
6280 { &hf_dns_flags_checkdisable,
6281 { "Non-authenticated data", "dns.flags.checkdisable",
6282 FT_BOOLEAN, 16, TFS(&tfs_flags_checkdisable), F_CHECKDISABLE,
6283 "Is non-authenticated data acceptable?", HFILL }},
6284
6285 { &hf_dns_flags_rcode,
6286 { "Reply code", "dns.flags.rcode",
6287 FT_UINT16, BASE_DEC, VALS(rcode_vals), F_RCODE,
6288 NULL, HFILL }},
6289
6290 { &hf_dns_transaction_id,
6291 { "Transaction ID", "dns.id",
6292 FT_UINT16, BASE_HEX, NULL, 0x0,
6293 "Identification of transaction", HFILL }},
6294
6295 { &hf_dns_qry_type,
6296 { "Type", "dns.qry.type",
6297 FT_UINT16, BASE_DEC|BASE_EXT_STRING, &dns_types_vals_ext, 0,
6298 "Query Type", HFILL }},
6299
6300 { &hf_dns_qry_class,
6301 { "Class", "dns.qry.class",
6302 FT_UINT16, BASE_HEX, VALS(dns_classes), 0x0,
6303 "Query Class", HFILL }},
6304
6305 { &hf_dns_qry_class_mdns,
6306 { "Class", "dns.qry.class",
6307 FT_UINT16, BASE_HEX, VALS(dns_classes), 0x7FFF,
6308 "Query Class", HFILL }},
6309
6310 { &hf_dns_qry_qu,
6311 { "\"QU\" question", "dns.qry.qu",
6312 FT_BOOLEAN, 16, NULL, C_QU,
6313 "QU flag", HFILL }},
6314
6315 { &hf_dns_qry_name,
6316 { "Name", "dns.qry.name",
6317 FT_STRING, BASE_NONE, NULL, 0x0,
6318 "Query Name", HFILL }},
6319
6320 { &hf_dns_qry_name_len,
6321 { "Name Length", "dns.qry.name.len",
6322 FT_UINT16, BASE_DEC, NULL, 0x0,
6323 "Query Name Len", HFILL }},
6324
6325 { &hf_dns_count_labels,
6326 { "Label Count", "dns.count.labels",
6327 FT_UINT16, BASE_DEC, NULL, 0x0,
6328 "Query Label Count", HFILL }},
6329
6330 { &hf_dns_rr_type,
6331 { "Type", "dns.resp.type",
6332 FT_UINT16, BASE_DEC|BASE_EXT_STRING, &dns_types_vals_ext, 0x0,
6333 "Response Type", HFILL }},
6334
6335 { &hf_dns_rr_class,
6336 { "Class", "dns.resp.class",
6337 FT_UINT16, BASE_HEX, VALS(dns_classes), 0x0,
6338 "Response Class", HFILL }},
6339
6340 { &hf_dns_rr_class_mdns,
6341 { "Class", "dns.resp.class",
6342 FT_UINT16, BASE_HEX, VALS(dns_classes), 0x7FFF,
6343 "Response Class", HFILL }},
6344
6345 { &hf_dns_rr_cache_flush,
6346 { "Cache flush", "dns.resp.cache_flush",
6347 FT_BOOLEAN, 16, NULL, C_FLUSH,
6348 "Cache flush flag", HFILL }},
6349
6350 { &hf_dns_rr_ext_rcode,
6351 { "Higher bits in extended RCODE", "dns.resp.ext_rcode",
6352 FT_UINT8, BASE_HEX, NULL, 0x0,
6353 NULL, HFILL }},
6354
6355 { &hf_dns_rr_edns0_version,
6356 { "EDNS0 version", "dns.resp.edns0_version",
6357 FT_UINT8, BASE_DEC, NULL, 0x0,
6358 NULL, HFILL }},
6359
6360 { &hf_dns_rr_z,
6361 { "Z", "dns.resp.z",
6362 FT_UINT16, BASE_HEX, NULL, 0x0,
6363 NULL, HFILL }},
6364
6365 { &hf_dns_rr_z_do,
6366 { "DO bit", "dns.resp.z.do",
6367 FT_BOOLEAN, 16, TFS(&tfs_dns_rr_z_do), 0x8000,
6368 "DNSSEC OK", HFILL }},
6369
6370 { &hf_dns_rr_z_reserved,
6371 { "Reserved", "dns.resp.z.reserved",
6372 FT_UINT16, BASE_HEX, NULL, 0x7FFF,
6373 NULL, HFILL }},
6374
6375 { &hf_dns_srv_instance,
6376 { "Instance", "dns.srv.instance",
6377 FT_STRING, BASE_NONE, NULL, 0x0,
6378 "Desired service instance", HFILL }},
6379
6380 { &hf_dns_srv_service,
6381 { "Service", "dns.srv.service",
6382 FT_STRING, BASE_NONE, NULL, 0x0,
6383 "Desired service", HFILL }},
6384
6385 { &hf_dns_srv_proto,
6386 { "Protocol", "dns.srv.proto",
6387 FT_STRING, BASE_NONE, NULL, 0x0,
6388 "Desired protocol", HFILL }},
6389
6390 { &hf_dns_srv_name,
6391 { "Name", "dns.srv.name",
6392 FT_STRING, BASE_NONE, NULL, 0x0,
6393 "Domain this resource record refers to", HFILL }},
6394
6395 { &hf_dns_srv_priority,
6396 { "Priority", "dns.srv.priority",
6397 FT_UINT16, BASE_DEC, NULL, 0x0,
6398 NULL, HFILL }},
6399
6400 { &hf_dns_srv_weight,
6401 { "Weight", "dns.srv.weight",
6402 FT_UINT16, BASE_DEC, NULL, 0x0,
6403 NULL, HFILL }},
6404
6405 { &hf_dns_srv_port,
6406 { "Port", "dns.srv.port",
6407 FT_UINT16, BASE_DEC, NULL, 0x0,
6408 NULL, HFILL }},
6409
6410 { &hf_dns_srv_target,
6411 { "Target", "dns.srv.target",
6412 FT_STRING, BASE_NONE, NULL, 0x0,
6413 NULL, HFILL }},
6414
6415 { &hf_dns_naptr_order,
6416 { "Order", "dns.naptr.order",
6417 FT_UINT16, BASE_DEC, NULL, 0x0,
6418 NULL, HFILL }},
6419
6420 { &hf_dns_naptr_preference,
6421 { "Preference", "dns.naptr.preference",
6422 FT_UINT16, BASE_DEC, NULL, 0x0,
6423 NULL, HFILL }},
6424
6425 { &hf_dns_naptr_flags_length,
6426 { "Flags Length", "dns.naptr.flags_length",
6427 FT_UINT8, BASE_DEC, NULL, 0x0,
6428 NULL, HFILL }},
6429
6430 { &hf_dns_naptr_flags,
6431 { "Flags", "dns.naptr.flags",
6432 FT_STRING, BASE_NONE, NULL, 0x0,
6433 NULL, HFILL }},
6434
6435 { &hf_dns_naptr_service_length,
6436 { "Service Length", "dns.naptr.service_length",
6437 FT_UINT8, BASE_DEC, NULL, 0x0,
6438 NULL, HFILL }},
6439
6440 { &hf_dns_naptr_service,
6441 { "Service", "dns.naptr.service",
6442 FT_STRING, BASE_NONE, NULL, 0x0,
6443 NULL, HFILL }},
6444
6445 { &hf_dns_naptr_regex_length,
6446 { "Regex Length", "dns.naptr.regex_length",
6447 FT_UINT8, BASE_DEC, NULL, 0x0,
6448 NULL, HFILL }},
6449
6450 { &hf_dns_naptr_regex,
6451 { "Regex", "dns.naptr.regex",
6452 FT_STRING, BASE_NONE, NULL, 0x0,
6453 NULL, HFILL }},
6454
6455 { &hf_dns_naptr_replacement_length,
6456 { "Replacement Length", "dns.naptr.replacement_length",
6457 FT_UINT8, BASE_DEC, NULL, 0x0,
6458 NULL, HFILL }},
6459
6460 { &hf_dns_naptr_replacement,
6461 { "Replacement", "dns.naptr.replacement",
6462 FT_STRING, BASE_NONE, NULL, 0x0,
6463 NULL, HFILL }},
6464
6465 { &hf_dns_rr_name,
6466 { "Name", "dns.resp.name",
6467 FT_STRING, BASE_NONE, NULL, 0x0,
6468 "Response Name", HFILL }},
6469
6470 { &hf_dns_rr_ttl,
6471 { "Time to live", "dns.resp.ttl",
6472 FT_UINT32, BASE_DEC, NULL, 0x0,
6473 "Response TTL", HFILL }},
6474
6475 { &hf_dns_rr_len,
6476 { "Data length", "dns.resp.len",
6477 FT_UINT16, BASE_DEC, NULL, 0x0,
6478 "Response Length", HFILL }},
6479
6480 { &hf_dns_a,
6481 { "Address", "dns.a",
6482 FT_IPv4, BASE_NONE, NULL, 0x0,
6483 "Response IPv4 Address", HFILL }},
6484
6485 { &hf_dns_a_ch_domain,
6486 { "Chaos Domain", "dns.a.ch.domain",
6487 FT_STRING, BASE_NONE, NULL, 0x0,
6488 "Response Chaos Domain", HFILL }},
6489
6490 { &hf_dns_a_ch_addr,
6491 { "Chaos Address", "dns.a.ch.addr",
6492 FT_UINT16, BASE_OCT, NULL, 0x0,
6493 "Response Chaos Address", HFILL }},
6494
6495 { &hf_dns_md,
6496 { "Mail Destination", "dns.md",
6497 FT_STRING, BASE_NONE, NULL, 0x0,
6498 NULL, HFILL }},
6499
6500 { &hf_dns_mf,
6501 { "Mail Forwarder", "dns.mf",
6502 FT_STRING, BASE_NONE, NULL, 0x0,
6503 NULL, HFILL }},
6504
6505 { &hf_dns_mb,
6506 { "MailBox Domain", "dns.mb",
6507 FT_STRING, BASE_NONE, NULL, 0x0,
6508 NULL, HFILL }},
6509
6510 { &hf_dns_mg,
6511 { "Mail Group member", "dns.mg",
6512 FT_STRING, BASE_NONE, NULL, 0x0,
6513 NULL, HFILL }},
6514
6515 { &hf_dns_mr,
6516 { "Mail Rename domain", "dns.mr",
6517 FT_STRING, BASE_NONE, NULL, 0x0,
6518 NULL, HFILL }},
6519
6520 { &hf_dns_null,
6521 { "Null (data)", "dns.null",
6522 FT_BYTES, BASE_NONE, NULL, 0x0,
6523 NULL, HFILL }},
6524
6525 { &hf_dns_aaaa,
6526 { "AAAA Address", "dns.aaaa",
6527 FT_IPv6, BASE_NONE, NULL, 0x0,
6528 "AAAA Response Address", HFILL }},
6529
6530 { &hf_dns_cname,
6531 { "CNAME", "dns.cname",
6532 FT_STRING, BASE_NONE, NULL, 0x0,
6533 "Response Primary Name", HFILL }},
6534
6535 { &hf_dns_rr_udp_payload_size_mdns,
6536 { "UDP payload size", "dns.rr.udp_payload_size",
6537 FT_UINT16, BASE_HEX, NULL, 0x7FFF,
6538 NULL, HFILL }},
6539
6540 { &hf_dns_rr_udp_payload_size,
6541 { "UDP payload size", "dns.rr.udp_payload_size",
6542 FT_UINT16, BASE_DEC, NULL, 0x0,
6543 NULL, HFILL }},
6544
6545 { &hf_dns_soa_mname,
6546 { "Primary name server", "dns.soa.mname",
6547 FT_STRING, BASE_NONE, NULL, 0x0,
6548 NULL, HFILL }},
6549
6550 { &hf_dns_soa_rname,
6551 { "Responsible authority's mailbox", "dns.soa.rname",
6552 FT_STRING, BASE_NONE, NULL, 0x0,
6553 NULL, HFILL }},
6554
6555 { &hf_dns_soa_serial_number,
6556 { "Serial Number", "dns.soa.serial_number",
6557 FT_UINT32, BASE_DEC, NULL, 0x0,
6558 NULL, HFILL }},
6559
6560 { &hf_dns_soa_refresh_interval,
6561 { "Refresh Interval", "dns.soa.refresh_interval",
6562 FT_UINT32, BASE_DEC, NULL, 0x0,
6563 NULL, HFILL }},
6564
6565 { &hf_dns_soa_retry_interval,
6566 { "Retry Interval", "dns.soa.retry_interval",
6567 FT_UINT32, BASE_DEC, NULL, 0x0,
6568 NULL, HFILL }},
6569
6570 { &hf_dns_soa_expire_limit,
6571 { "Expire limit", "dns.soa.expire_limit",
6572 FT_UINT32, BASE_DEC, NULL, 0x0,
6573 NULL, HFILL }},
6574
6575 { &hf_dns_soa_minimum_ttl,
6576 { "Minimum TTL", "dns.soa.minimum_ttl",
6577 FT_UINT32, BASE_DEC, NULL, 0x0,
6578 NULL, HFILL }},
6579
6580 { &hf_dns_ptr_domain_name,
6581 { "Domain Name", "dns.ptr.domain_name",
6582 FT_STRING, BASE_NONE, NULL, 0x0,
6583 NULL, HFILL }},
6584
6585 { &hf_dns_wks_address,
6586 { "Address", "dns.wks.address",
6587 FT_IPv4, BASE_NONE, NULL, 0x0,
6588 NULL, HFILL }},
6589
6590 { &hf_dns_wks_protocol,
6591 { "Protocol", "dns.wks.protocol",
6592 FT_UINT8, BASE_DEC | BASE_EXT_STRING, &ipproto_val_ext, 0x0,
6593 NULL, HFILL }},
6594
6595 { &hf_dns_wks_bits,
6596 { "Bits", "dns.wks.bits",
6597 FT_UINT8, BASE_HEX, NULL, 0x0,
6598 NULL, HFILL }},
6599
6600 { &hf_dns_hinfo_cpu_length,
6601 { "CPU Length", "dns.hinfo.cpu_length",
6602 FT_UINT8, BASE_DEC, NULL, 0x0,
6603 NULL, HFILL }},
6604
6605 { &hf_dns_hinfo_cpu,
6606 { "CPU", "dns.hinfo.cpu",
6607 FT_STRING, BASE_NONE, NULL, 0x0,
6608 NULL, HFILL }},
6609
6610 { &hf_dns_hinfo_os_length,
6611 { "OS Length", "dns.hinfo.os_length",
6612 FT_UINT8, BASE_DEC, NULL, 0x0,
6613 NULL, HFILL }},
6614
6615 { &hf_dns_hinfo_os,
6616 { "OS", "dns.hinfo.os",
6617 FT_STRING, BASE_NONE, NULL, 0x0,
6618 NULL, HFILL }},
6619
6620 { &hf_dns_minfo_r_mailbox,
6621 { "Responsible Mailbox", "dns.minfo.r",
6622 FT_STRING, BASE_NONE, NULL, 0x0,
6623 NULL, HFILL }},
6624
6625 { &hf_dns_minfo_e_mailbox,
6626 { "Error Mailbox", "dns.minfo.e",
6627 FT_STRING, BASE_NONE, NULL, 0x0,
6628 NULL, HFILL }},
6629
6630 { &hf_dns_mx_preference,
6631 { "Preference", "dns.mx.preference",
6632 FT_UINT16, BASE_DEC, NULL, 0x0,
6633 NULL, HFILL }},
6634
6635 { &hf_dns_mx_mail_exchange,
6636 { "Mail Exchange", "dns.mx.mail_exchange",
6637 FT_STRING, BASE_NONE, NULL, 0x0,
6638 NULL, HFILL }},
6639
6640 { &hf_dns_txt_length,
6641 { "TXT Length", "dns.txt.length",
6642 FT_UINT8, BASE_DEC, NULL, 0x0,
6643 NULL, HFILL }},
6644
6645 { &hf_dns_txt,
6646 { "TXT", "dns.txt",
6647 FT_STRING, BASE_NONE, NULL, 0x0,
6648 NULL, HFILL }},
6649
6650 { &hf_dns_openpgpkey,
6651 { "OpenPGP Key", "dns.openpgpkey",
6652 FT_STRING, BASE_NONE, NULL, 0x0,
6653 NULL, HFILL }},
6654
6655 { &hf_dns_csync_soa,
6656 { "SOA", "dns.csync.soa",
6657 FT_UINT32, BASE_DEC, NULL, 0x0,
6658 NULL, HFILL }},
6659
6660 { &hf_dns_csync_flags,
6661 { "Flags", "dns.csync.flags",
6662 FT_UINT16, BASE_HEX, NULL, 0x0,
6663 NULL, HFILL }},
6664
6665 { &hf_dns_csync_flags_immediate,
6666 { "immediate", "dns.csync.flags.immediate",
6667 FT_BOOLEAN, 16, NULL, 0x0001,
6668 NULL, HFILL }},
6669
6670 { &hf_dns_csync_flags_soaminimum,
6671 { "soaminimum", "dns.csync.flags.soaminimum",
6672 FT_BOOLEAN, 16, NULL, 0x0002,
6673 NULL, HFILL }},
6674
6675 { &hf_dns_csync_type_bitmap,
6676 { "Type Bitmap", "dns.csync.type_bitmap",
6677 FT_BYTES, BASE_NONE, NULL, 0x0,
6678 NULL, HFILL }},
6679
6680 { &hf_dns_zonemd_serial,
6681 { "Serial", "dns.zonemd.serial",
6682 FT_UINT32, BASE_DEC, NULL, 0x0,
6683 NULL, HFILL }},
6684
6685 { &hf_dns_zonemd_scheme,
6686 { "Scheme", "dns.zonemd.scheme",
6687 FT_UINT8, BASE_DEC | BASE_RANGE_STRING, RVALS(dns_zonemd_scheme), 0x0,
6688 NULL, HFILL }},
6689
6690 { &hf_dns_zonemd_hash_algo,
6691 { "Hash Algorithm", "dns.zonemd.hash_algo",
6692 FT_UINT8, BASE_DEC | BASE_RANGE_STRING, RVALS(dns_zonemd_hash_algo), 0x0,
6693 NULL, HFILL }},
6694
6695 { &hf_dns_zonemd_digest,
6696 { "Digest", "dns.zonemd.digest",
6697 FT_BYTES, BASE_NONE, NULL, 0x0,
6698 NULL, HFILL }},
6699
6700 { &hf_dns_svcb_priority,
6701 { "SvcPriority", "dns.svcb.svcpriority",
6702 FT_UINT16, BASE_DEC, NULL, 0x0,
6703 NULL, HFILL }},
6704
6705 { &hf_dns_svcb_target,
6706 { "TargetName", "dns.svcb.targetname",
6707 FT_STRING, BASE_NONE, NULL, 0x0,
6708 NULL, HFILL }},
6709
6710 { &hf_dns_svcb_param_key,
6711 { "SvcParamKey", "dns.svcb.svcparam.key",
6712 FT_UINT16, BASE_DEC, VALS(dns_svcb_param_key_vals), 0x0,
6713 NULL, HFILL }},
6714
6715 { &hf_dns_svcb_param_length,
6716 { "SvcParamValue length", "dns.svcb.svcparam.value.length",
6717 FT_UINT16, BASE_DEC, NULL, 0x0,
6718 NULL, HFILL }},
6719
6720 { &hf_dns_svcb_param_value,
6721 { "SvcParamValue", "dns.svcb.svcparam.value",
6722 FT_BYTES, BASE_NONE, NULL, 0x0,
6723 NULL, HFILL }},
6724
6725 { &hf_dns_svcb_param,
6726 { "SvcParam", "dns.svcb.svcparam",
6727 FT_NONE, BASE_NONE, NULL, 0x0,
6728 NULL, HFILL }},
6729
6730 { &hf_dns_svcb_param_mandatory_key,
6731 { "Mandatory key", "dns.svcb.svcparam.mandatory.key",
6732 FT_UINT16, BASE_DEC, VALS(dns_svcb_param_key_vals), 0x0,
6733 "Mandatory keys in this RR", HFILL }},
6734
6735 { &hf_dns_svcb_param_alpn_length,
6736 { "ALPN length", "dns.svcb.svcparam.alpn.length",
6737 FT_UINT8, BASE_DEC, NULL, 0x0,
6738 NULL, HFILL }},
6739
6740 { &hf_dns_svcb_param_alpn,
6741 { "ALPN", "dns.svcb.svcparam.alpn",
6742 FT_STRING, BASE_NONE, NULL, 0x0,
6743 "Additional supported protocols", HFILL }},
6744
6745 { &hf_dns_svcb_param_port,
6746 { "Port", "dns.svcb.svcparam.port",
6747 FT_UINT16, BASE_DEC, NULL, 0x0,
6748 "Port for alternative endpoint", HFILL }},
6749
6750 { &hf_dns_svcb_param_ipv4hint_ip,
6751 { "IP", "dns.svcb.svcparam.ipv4hint.ip",
6752 FT_IPv4, BASE_NONE, NULL, 0x0,
6753 "IPv4 address hints", HFILL }},
6754
6755 { &hf_dns_svcb_param_ipv6hint_ip,
6756 { "IP", "dns.svcb.svcparam.ipv6hint.ip",
6757 FT_IPv6, BASE_NONE, NULL, 0x0,
6758 "IPv6 address hints", HFILL }},
6759
6760 { &hf_dns_svcb_param_dohpath,
6761 { "DoH path", "dns.svcb.svcparam.dohpath",
6762 FT_STRING, BASE_NONE, NULL, 0x0,
6763 "DoH URI template", HFILL}},
6764
6765 { &hf_dns_svcb_param_odohconfig,
6766 { "ODoHConfig", "dns.svcb.svcparam.odohconfig",
6767 FT_BYTES, BASE_NONE, NULL, 0x0,
6768 "Oblivious DoH keys", HFILL }},
6769
6770 { &hf_dns_spf_length,
6771 { "SPF Length", "dns.spf.length",
6772 FT_UINT8, BASE_DEC, NULL, 0x0,
6773 NULL, HFILL }},
6774
6775 { &hf_dns_spf,
6776 { "SPF", "dns.spf",
6777 FT_STRING, BASE_NONE, NULL, 0x0,
6778 NULL, HFILL }},
6779
6780 { &hf_dns_ilnp_nodeid_preference,
6781 { "Preference", "dns.ilnp.nid.preference",
6782 FT_UINT16, BASE_DEC, NULL, 0x0,
6783 NULL, HFILL }},
6784
6785 { &hf_dns_ilnp_nodeid,
6786 { "NodeID", "dns.ilnp.nid",
6787 FT_BYTES, BASE_NONE, NULL, 0x0,
6788 NULL, HFILL }},
6789
6790 { &hf_dns_ilnp_locator32_preference,
6791 { "Preference", "dns.ilnp.l32.preference",
6792 FT_UINT16, BASE_DEC, NULL, 0x0,
6793 NULL, HFILL }},
6794
6795 { &hf_dns_ilnp_locator32,
6796 { "Locator32", "dns.ilnp.l32",
6797 FT_IPv4, BASE_NONE, NULL, 0x0,
6798 NULL, HFILL }},
6799
6800 { &hf_dns_ilnp_locator64_preference,
6801 { "Preference", "dns.ilnp.l64.preference",
6802 FT_UINT16, BASE_DEC, NULL, 0x0,
6803 NULL, HFILL }},
6804
6805 { &hf_dns_ilnp_locator64,
6806 { "Locator64", "dns.ilnp.l64",
6807 FT_BYTES, BASE_NONE, NULL, 0x0,
6808 NULL, HFILL }},
6809
6810 { &hf_dns_ilnp_locatorfqdn_preference,
6811 { "Preference", "dns.ilnp.lp.preference",
6812 FT_UINT16, BASE_DEC, NULL, 0x0,
6813 NULL, HFILL }},
6814
6815 { &hf_dns_ilnp_locatorfqdn,
6816 { "Locator FQDN", "dns.ilnp.lp",
6817 FT_STRING, BASE_NONE, NULL, 0x0,
6818 NULL, HFILL }},
6819
6820 { &hf_dns_eui48,
6821 { "EUI48 Address", "dns.eui48",
6822 FT_ETHER, BASE_NONE, NULL, 0x0,
6823 NULL, HFILL }},
6824
6825 { &hf_dns_eui64,
6826 { "EUI64 Address", "dns.eui64",
6827 FT_EUI64, BASE_NONE, NULL, 0x0,
6828 NULL, HFILL }},
6829
6830 { &hf_dns_rrsig_type_covered,
6831 { "Type Covered", "dns.rrsig.type_covered",
6832 FT_UINT16, BASE_DEC|BASE_EXT_STRING, &dns_types_vals_ext, 0x0,
6833 "Identifies the type of the RRset that is covered by this RRSIG record", HFILL }},
6834
6835 { &hf_dns_rrsig_algorithm,
6836 { "Algorithm", "dns.rrsig.algorithm",
6837 FT_UINT8, BASE_DEC, VALS(dnssec_algo_vals), 0x0,
6838 "Identifies the cryptographic algorithm used to create the signature", HFILL }},
6839
6840 { &hf_dns_rrsig_labels,
6841 { "Labels", "dns.rrsig.labels",
6842 FT_UINT8, BASE_DEC, NULL, 0x0,
6843 "Specifies the number of labels in the original RRSIG RR owner name", HFILL }},
6844
6845 { &hf_dns_rrsig_original_ttl,
6846 { "Original TTL", "dns.rrsig.original_ttl",
6847 FT_UINT32, BASE_DEC, NULL, 0x0,
6848 "Specifies the TTL of the covered RRset as it appears in the authoritative zone", HFILL }},
6849
6850 { &hf_dns_rrsig_signature_expiration,
6851 { "Signature Expiration", "dns.rrsig.signature_expiration",
6852 FT_ABSOLUTE_TIME, ABSOLUTE_TIME_LOCAL, NULL, 0x0,
6853 "Specify a validity period for the signature", HFILL }},
6854
6855 { &hf_dns_rrsig_signature_inception,
6856 { "Signature Inception", "dns.rrsig.signature_inception",
6857 FT_ABSOLUTE_TIME, ABSOLUTE_TIME_LOCAL, NULL, 0x0,
6858 "Specify a validity period for the signature", HFILL }},
6859
6860 { &hf_dns_rrsig_key_tag,
6861 { "Key Tag", "dns.rrsig.key_tag",
6862 FT_UINT16, BASE_DEC, NULL, 0x0,
6863 "Contains the key tag value of the DNSKEY RR that validates this signature", HFILL }},
6864
6865 { &hf_dns_rrsig_signers_name,
6866 { "Signer's name", "dns.rrsig.signers_name",
6867 FT_STRING, BASE_NONE, NULL, 0x0,
6868 "Identifies the owner name of the DNSKEY RR that a validator is supposed to use to validate this signature", HFILL }},
6869
6870 { &hf_dns_rrsig_signature,
6871 { "Signature", "dns.rrsig.signature",
6872 FT_BYTES, BASE_NONE, NULL, 0x0,
6873 "Contains the cryptographic signature that covers the RRSIG RDATA", HFILL }},
6874
6875 { &hf_dns_dnskey_flags,
6876 { "Flags", "dns.dnskey.flags",
6877 FT_UINT16, BASE_HEX, NULL, 0x0,
6878 NULL, HFILL }},
6879
6880 { &hf_dns_dnskey_flags_zone_key,
6881 { "Zone Key", "dns.dnskey.flags.zone_key",
6882 FT_BOOLEAN, 16, TFS(&dns_dnskey_zone_key_tfs), DNSKEY_FLAGS_ZK,
6883 NULL, HFILL }},
6884
6885 { &hf_dns_dnskey_flags_key_revoked,
6886 { "Key Revoked", "dns.dnskey.flags.key_revoked",
6887 FT_BOOLEAN, 16, TFS(&tfs_yes_no), DNSKEY_FLAGS_KR,
6888 NULL, HFILL }},
6889
6890 { &hf_dns_dnskey_flags_secure_entry_point,
6891 { "Key Signing Key", "dns.dnskey.flags.secure_entry_point",
6892 FT_BOOLEAN, 16, TFS(&tfs_yes_no), DNSKEY_FLAGS_SEP,
6893 NULL, HFILL }},
6894
6895 { &hf_dns_dnskey_flags_reserved,
6896 { "Key Signing Key", "dns.dnskey.flags.reserved",
6897 FT_UINT16, BASE_HEX, NULL, DNSKEY_FLAGS_RSV,
6898 "Must be zero", HFILL }},
6899
6900 { &hf_dns_dnskey_protocol,
6901 { "Protocol", "dns.dnskey.protocol",
6902 FT_UINT8, BASE_DEC, NULL, 0x0,
6903 "Must be 3", HFILL }},
6904
6905 { &hf_dns_dnskey_algorithm,
6906 { "Algorithm", "dns.dnskey.algorithm",
6907 FT_UINT8, BASE_DEC, VALS(dnssec_algo_vals), 0x0,
6908 "Identifies the public key's cryptographic algorithm and determines the format of the Public Key field", HFILL }},
6909
6910 { &hf_dns_dnskey_key_id,
6911 { "Key id", "dns.dnskey.key_id",
6912 FT_UINT16, BASE_DEC, NULL, 0x0,
6913 NULL, HFILL }},
6914
6915 { &hf_dns_dnskey_public_key,
6916 { "Public Key", "dns.dnskey.public_key",
6917 FT_BYTES, BASE_NONE, NULL, 0x0,
6918 NULL, HFILL }},
6919
6920 { &hf_dns_key_flags,
6921 { "Flags", "dns.key.flags",
6922 FT_UINT16, BASE_HEX, NULL, 0x0,
6923 NULL, HFILL }},
6924
6925 { &hf_dns_key_flags_authentication,
6926 { "Key allowed for authentication", "dns.key.flags.authentication",
6927 FT_BOOLEAN, 16, TFS(&tfs_not_allowed_allowed), 0x8000,
6928 NULL, HFILL }},
6929
6930 { &hf_dns_key_flags_confidentiality,
6931 { "Key allowed for confidentiality", "dns.key.flags.confidentiality",
6932 FT_BOOLEAN, 16, TFS(&tfs_not_allowed_allowed), 0x4000,
6933 NULL, HFILL }},
6934
6935 { &hf_dns_key_flags_key_required,
6936 { "Key required", "dns.key.flags.required",
6937 FT_BOOLEAN, 16, TFS(&tfs_required_experimental), 0x2000,
6938 NULL, HFILL }},
6939
6940 { &hf_dns_key_flags_associated_user,
6941 { "Key is associated with a user", "dns.key.flags.associated_user",
6942 FT_BOOLEAN, 16, TFS(&tfs_yes_no), 0x0400,
6943 NULL, HFILL }},
6944
6945 { &hf_dns_key_flags_associated_named_entity,
6946 { "Key is associated with the named entity", "dns.key.flags.associated_named_entity",
6947 FT_BOOLEAN, 16, TFS(&tfs_yes_no), 0x0200,
6948 NULL, HFILL }},
6949
6950 { &hf_dns_key_flags_ipsec,
6951 { "Key use with IPSEC", "dns.key.flags.ipsec",
6952 FT_BOOLEAN, 16, TFS(&tfs_valid_invalid), 0x0080,
6953 NULL, HFILL }},
6954
6955 { &hf_dns_key_flags_mime,
6956 { "Key use with MIME security multiparts", "dns.key.flags.mime",
6957 FT_BOOLEAN, 16, TFS(&tfs_valid_invalid), 0x0040,
6958 NULL, HFILL }},
6959
6960 { &hf_dns_key_flags_signatory,
6961 { "Signatory", "dns.key.flags.signatory",
6962 FT_UINT16, BASE_DEC, NULL, 0x000F,
6963 NULL, HFILL }},
6964
6965 { &hf_dns_key_protocol,
6966 { "Protocol", "dns.key.protocol",
6967 FT_UINT8, BASE_DEC, NULL, 0x0,
6968 NULL, HFILL }},
6969
6970 { &hf_dns_key_algorithm,
6971 { "Algorithm", "dns.key.algorithm",
6972 FT_UINT8, BASE_DEC, VALS(dnssec_algo_vals), 0x0,
6973 NULL, HFILL }},
6974
6975 { &hf_dns_key_key_id,
6976 { "Key ID", "dns.key.key_id",
6977 FT_UINT16, BASE_DEC, NULL, 0x0,
6978 NULL, HFILL }},
6979
6980 { &hf_dns_key_public_key,
6981 { "Public Key", "dns.key.public_key",
6982 FT_BYTES, BASE_NONE, NULL, 0x0,
6983 NULL, HFILL }},
6984
6985 { &hf_dns_px_preference,
6986 { "Preference", "dns.px.preference",
6987 FT_UINT16, BASE_DEC, NULL, 0x0,
6988 NULL, HFILL }},
6989
6990 { &hf_dns_px_map822,
6991 { "MAP822", "dns.px.map822",
6992 FT_STRING, BASE_NONE, NULL, 0x0,
6993 NULL, HFILL }},
6994
6995 { &hf_dns_px_mapx400,
6996 { "MAPX400", "dns.px.map400",
6997 FT_STRING, BASE_NONE, NULL, 0x0,
6998 NULL, HFILL }},
6999
7000 { &hf_dns_tkey_algo_name,
7001 { "Algorithm name", "dns.tkey.algo_name",
7002 FT_STRING, BASE_NONE, NULL, 0x0,
7003 NULL, HFILL }},
7004
7005 { &hf_dns_tkey_signature_expiration,
7006 { "Signature Expiration", "dns.tkey.signature_expiration",
7007 FT_ABSOLUTE_TIME, ABSOLUTE_TIME_LOCAL, NULL, 0x0,
7008 "Specify a validity period for the signature", HFILL }},
7009
7010 { &hf_dns_tkey_signature_inception,
7011 { "Signature Inception", "dns.tkey.signature_inception",
7012 FT_ABSOLUTE_TIME, ABSOLUTE_TIME_LOCAL, NULL, 0x0,
7013 "Specify a validity period for the signature", HFILL }},
7014
7015 { &hf_dns_tkey_mode,
7016 { "Mode", "dns.tkey.mode",
7017 FT_UINT16, BASE_DEC, VALS(tkey_mode_vals), 0x0,
7018 NULL, HFILL }},
7019
7020 { &hf_dns_tkey_error,
7021 { "Error", "dns.tkey.error",
7022 FT_UINT16, BASE_DEC, VALS(rcode_vals), 0x0,
7023 NULL, HFILL }},
7024
7025 { &hf_dns_tkey_key_size,
7026 { "Key Size", "dns.tkey.key_size",
7027 FT_UINT16, BASE_DEC, NULL, 0x0,
7028 NULL, HFILL }},
7029
7030 { &hf_dns_tkey_key_data,
7031 { "Key Data", "dns.tkey.key_data",
7032 FT_BYTES, BASE_NONE, NULL, 0x0,
7033 NULL, HFILL }},
7034
7035 { &hf_dns_tkey_other_size,
7036 { "Other Size", "dns.tkey.other_size",
7037 FT_UINT16, BASE_DEC, NULL, 0x0,
7038 NULL, HFILL }},
7039
7040 { &hf_dns_tkey_other_data,
7041 { "Other Data", "dns.tkey.other_data",
7042 FT_BYTES, BASE_NONE, NULL, 0x0,
7043 NULL, HFILL }},
7044
7045 { &hf_dns_ipseckey_gateway_precedence,
7046 { "Gateway Precedence", "dns.ipseckey.gateway_precedence",
7047 FT_UINT8, BASE_DEC, NULL, 0x0,
7048 NULL, HFILL }},
7049
7050 { &hf_dns_ipseckey_gateway_algorithm,
7051 { "Gateway Algorithm", "dns.ipseckey.gateway_algorithm",
7052 FT_UINT8, BASE_DEC, VALS(gw_algo_vals), 0x0,
7053 NULL, HFILL }},
7054
7055 { &hf_dns_ipseckey_gateway_type,
7056 { "Gateway Type", "dns.ipseckey.gateway_type",
7057 FT_UINT8, BASE_DEC, VALS(gw_type_vals), 0x0,
7058 NULL, HFILL }},
7059
7060 { &hf_dns_ipseckey_gateway_ipv4,
7061 { "IPv4 Gateway", "dns.ipseckey.gateway_ipv4",
7062 FT_IPv4, BASE_NONE, NULL, 0x0,
7063 NULL, HFILL }},
7064
7065 { &hf_dns_ipseckey_gateway_ipv6,
7066 { "IPv6 Gateway", "dns.ipseckey.gateway_ipv6",
7067 FT_IPv6, BASE_NONE, NULL, 0x0,
7068 NULL, HFILL }},
7069
7070 { &hf_dns_ipseckey_gateway_dns,
7071 { "DNS Gateway", "dns.ipseckey.gateway_dns",
7072 FT_STRING, BASE_NONE, NULL, 0x0,
7073 NULL, HFILL }},
7074
7075 { &hf_dns_ipseckey_public_key,
7076 { "Public Key", "dns.ipseckey.public_key",
7077 FT_BYTES, BASE_NONE, NULL, 0x0,
7078 NULL, HFILL }},
7079
7080 { &hf_dns_xpf_ip_version,
7081 { "IP Version", "dns.xpf.ip_version",
7082 FT_UINT16, BASE_DEC,
7083 VALS(ip_version_vals), 0x0,
7084 NULL, HFILL }},
7085
7086 { &hf_dns_xpf_protocol,
7087 { "Protocol", "dns.xpf.protocol",
7088 FT_UINT8, BASE_DEC|BASE_EXT_STRING,
7089 &ipproto_val_ext, 0x0,
7090 NULL, HFILL }},
7091
7092 { &hf_dns_xpf_source_ipv4,
7093 { "IPv4 Source", "dns.xpf.source_ipv4",
7094 FT_IPv4, BASE_NONE, NULL, 0x0,
7095 NULL, HFILL }},
7096
7097 { &hf_dns_xpf_destination_ipv4,
7098 { "IPv4 Destination", "dns.xpf.destination_ipv4",
7099 FT_IPv4, BASE_NONE, NULL, 0x0,
7100 NULL, HFILL }},
7101
7102 { &hf_dns_xpf_source_ipv6,
7103 { "IPv6 Source", "dns.xpf.source_ipv6",
7104 FT_IPv6, BASE_NONE, NULL, 0x0,
7105 NULL, HFILL }},
7106
7107 { &hf_dns_xpf_destination_ipv6,
7108 { "IPv6 Destination", "dns.xpf.destination_ipv6",
7109 FT_IPv6, BASE_NONE, NULL, 0x0,
7110 NULL, HFILL }},
7111
7112 { &hf_dns_xpf_sport,
7113 { "Source port", "dns.xpf.sport",
7114 FT_UINT16, BASE_DEC, NULL, 0x0,
7115 NULL, HFILL }},
7116
7117 { &hf_dns_xpf_dport,
7118 { "Destination port", "dns.xpf.dport",
7119 FT_UINT16, BASE_DEC, NULL, 0x0,
7120 NULL, HFILL }},
7121
7122 { &hf_dns_a6_prefix_len,
7123 { "Prefix len", "dns.a6.prefix_len",
7124 FT_UINT8, BASE_DEC, NULL, 0x0,
7125 NULL, HFILL }},
7126
7127 { &hf_dns_a6_address_suffix,
7128 { "Address Suffix", "dns.a6.address_suffix",
7129 FT_IPv6, BASE_NONE, NULL, 0x0,
7130 NULL, HFILL }},
7131
7132 { &hf_dns_a6_prefix_name,
7133 { "Prefix name", "dns.a6.prefix_name",
7134 FT_STRING, BASE_NONE, NULL, 0x0,
7135 NULL, HFILL }},
7136
7137 { &hf_dns_dname,
7138 { "Dname", "dns.dname",
7139 FT_STRING, BASE_NONE, NULL, 0x0,
7140 NULL, HFILL }},
7141
7142 { &hf_dns_loc_version,
7143 { "Version", "dns.loc.version",
7144 FT_UINT8, BASE_DEC, NULL, 0x0,
7145 NULL, HFILL }},
7146
7147 { &hf_dns_loc_size,
7148 { "Size", "dns.loc.size",
7149 FT_UINT8, BASE_DEC, NULL, 0x0,
7150 NULL, HFILL }},
7151
7152 { &hf_dns_loc_horizontal_precision,
7153 { "Horizontal Precision", "dns.loc.horizontal_precision",
7154 FT_UINT8, BASE_DEC, NULL, 0x0,
7155 NULL, HFILL }},
7156
7157 { &hf_dns_loc_vertical_precision,
7158 { "Vertical Precision", "dns.loc.vertical_precision",
7159 FT_UINT8, BASE_DEC, NULL, 0x0,
7160 NULL, HFILL }},
7161
7162 { &hf_dns_loc_latitude,
7163 { "Latitude", "dns.loc.latitude",
7164 FT_UINT32, BASE_DEC, NULL, 0x0,
7165 NULL, HFILL }},
7166
7167 { &hf_dns_loc_longitude,
7168 { "Longitude", "dns.loc.longitude",
7169 FT_UINT32, BASE_DEC, NULL, 0x0,
7170 NULL, HFILL }},
7171
7172 { &hf_dns_loc_altitude,
7173 { "Altitude", "dns.loc.altitude",
7174 FT_UINT32, BASE_DEC, NULL, 0x0,
7175 NULL, HFILL }},
7176
7177 { &hf_dns_loc_unknown_data,
7178 { "Unknown data", "dns.loc.unknown_data",
7179 FT_BYTES, BASE_NONE, NULL, 0x0,
7180 NULL, HFILL }},
7181
7182 { &hf_dns_nxt_next_domain_name,
7183 { "Next Domain Name", "dns.nxt.next_domain_name",
7184 FT_STRING, BASE_NONE, NULL, 0x0,
7185 NULL, HFILL }},
7186
7187 { &hf_dns_kx_preference,
7188 { "Preference", "dns.kx.preference",
7189 FT_UINT16, BASE_DEC, NULL, 0x0,
7190 NULL, HFILL }},
7191
7192 { &hf_dns_kx_key_exchange,
7193 { "Key Exchange", "dns.kx.key_exchange",
7194 FT_STRING, BASE_NONE, NULL, 0x0,
7195 NULL, HFILL }},
7196
7197 { &hf_dns_cert_type,
7198 { "Type", "dns.cert.type",
7199 FT_UINT16, BASE_DEC, VALS(dns_cert_type_vals), 0x0,
7200 NULL, HFILL }},
7201
7202 { &hf_dns_cert_key_tag,
7203 { "Key Tag", "dns.cert.key_tag",
7204 FT_UINT16, BASE_HEX, NULL, 0x0,
7205 NULL, HFILL }},
7206
7207 { &hf_dns_cert_algorithm,
7208 { "Algorithm", "dns.cert.algorithm",
7209 FT_UINT8, BASE_DEC, VALS(dnssec_algo_vals), 0x0,
7210 NULL, HFILL }},
7211
7212 { &hf_dns_cert_certificate,
7213 { "Certificate (or CRL)", "dns.cert.certificate",
7214 FT_BYTES, BASE_NONE, NULL, 0x0,
7215 NULL, HFILL }},
7216
7217 { &hf_dns_nsec_next_domain_name,
7218 { "Next Domain Name", "dns.nsec.next_domain_name",
7219 FT_STRING, BASE_NONE, NULL, 0x0,
7220 NULL, HFILL }},
7221
7222 { &hf_dns_ns,
7223 { "Name Server", "dns.ns",
7224 FT_STRING, BASE_NONE, NULL, 0x0,
7225 NULL, HFILL }},
7226
7227 { &hf_dns_opt,
7228 { "Option", "dns.opt",
7229 FT_NONE, BASE_NONE,
7230 NULL, 0x0,
7231 NULL, HFILL }},
7232
7233 { &hf_dns_opt_code,
7234 { "Option Code", "dns.opt.code",
7235 FT_UINT16, BASE_DEC,
7236 VALS(edns0_opt_code_vals), 0x0,
7237 NULL, HFILL }},
7238
7239 { &hf_dns_opt_len,
7240 { "Option Length", "dns.opt.len",
7241 FT_UINT16, BASE_DEC, NULL, 0x0,
7242 NULL, HFILL }},
7243
7244 { &hf_dns_opt_data,
7245 { "Option Data", "dns.opt.data",
7246 FT_BYTES, BASE_NONE, NULL, 0x0,
7247 NULL, HFILL }},
7248
7249 { &hf_dns_opt_dau,
7250 { "DAU", "dns.opt.dau",
7251 FT_UINT8, BASE_DEC, VALS(dnssec_algo_vals), 0x0,
7252 "DNSSEC Algorithm Understood", HFILL }},
7253
7254 { &hf_dns_opt_dhu,
7255 { "DHU", "dns.opt.dhu",
7256 FT_UINT8, BASE_DEC, VALS(dns_ds_digest_vals), 0x0,
7257 "DS Hash Understood", HFILL }},
7258
7259 { &hf_dns_opt_n3u,
7260 { "N3U", "dns.opt.n3u",
7261 FT_UINT8, BASE_DEC, VALS(hash_algorithms), 0x0,
7262 "NSEC3 Hash Understood", HFILL }},
7263
7264 { &hf_dns_opt_client_family,
7265 { "Family", "dns.opt.client.family",
7266 FT_UINT16, BASE_DEC,
7267 VALS(afn_vals), 0x0,
7268 NULL, HFILL }},
7269
7270 { &hf_dns_opt_client_netmask,
7271 { "Source Netmask", "dns.opt.client.netmask",
7272 FT_UINT8, BASE_DEC, NULL, 0x0,
7273 NULL, HFILL }},
7274
7275 { &hf_dns_opt_client_scope,
7276 { "Scope Netmask", "dns.opt.client.scope",
7277 FT_UINT8, BASE_DEC, NULL, 0x0,
7278 NULL, HFILL }},
7279
7280 { &hf_dns_opt_client_addr,
7281 { "Client Subnet", "dns.opt.client.addr",
7282 FT_BYTES, BASE_NONE, NULL, 0x0,
7283 NULL, HFILL }},
7284
7285 { &hf_dns_opt_client_addr4,
7286 { "Client Subnet", "dns.opt.client.addr4",
7287 FT_IPv4, BASE_NONE, NULL, 0x0,
7288 NULL, HFILL }},
7289
7290 { &hf_dns_opt_client_addr6,
7291 { "Client Subnet", "dns.opt.client.addr6",
7292 FT_IPv6, BASE_NONE, NULL, 0x0,
7293 NULL, HFILL }},
7294
7295 { &hf_dns_opt_cookie_client,
7296 { "Client Cookie", "dns.opt.cookie.client",
7297 FT_BYTES, BASE_NONE, NULL, 0x0,
7298 NULL, HFILL }},
7299
7300 { &hf_dns_opt_cookie_server,
7301 { "Server Cookie", "dns.opt.cookie.server",
7302 FT_BYTES, BASE_NONE, NULL, 0x0,
7303 NULL, HFILL }},
7304
7305 { &hf_dns_opt_edns_tcp_keepalive_timeout,
7306 { "Timeout", "dns.opt.edns_tcp_keepalive.timeout",
7307 FT_UINT16, BASE_DEC, NULL, 0x0,
7308 "an idle timeout value for the TCP connection, specified in units of 100 milliseconds", HFILL }},
7309
7310 { &hf_dns_opt_padding,
7311 { "Padding", "dns.opt.padding",
7312 FT_BYTES, BASE_NONE, NULL, 0x0,
7313 "The PADDING octets SHOULD be set to 0x00", HFILL }},
7314
7315 { &hf_dns_opt_chain_fqdn,
7316 { "Closest Trust Point", "dns.opt.chain.fqdn",
7317 FT_STRING, BASE_NONE, NULL, 0x0,
7318 "A variable length Fully Qualified Domain Name (FQDN) in DNS wire format of the requested start point of the chain", HFILL }},
7319
7320 { &hf_dns_opt_ext_error_info_code,
7321 { "Info Code", "dns.opt.ext_error.info_code",
7322 FT_UINT16, BASE_DEC | BASE_RANGE_STRING, RVALS(dns_ext_err_info_code), 0x0,
7323 NULL, HFILL }},
7324
7325 { &hf_dns_opt_ext_error_extra_text,
7326 { "Extra Text", "dns.opt.ext_error.extra_text",
7327 FT_STRING, BASE_NONE, NULL, 0x0,
7328 NULL, HFILL }},
7329
7330 { &hf_dns_opt_agent_domain,
7331 { "Agent Domain", "dns.opt.agent_domain",
7332 FT_STRING, BASE_NONE, NULL, 0x0,
7333 NULL, HFILL }},
7334
7335 { &hf_dns_opt_zoneversion_labelcount,
7336 { "Labelcount", "dns.opt.zoneversion.labelcount",
7337 FT_UINT8, BASE_DEC, NULL, 0x0,
7338 NULL, HFILL }},
7339
7340 { &hf_dns_opt_zoneversion_type,
7341 { "Type", "dns.opt.zoneversion.type",
7342 FT_UINT8, BASE_DEC | BASE_RANGE_STRING, RVALS(dns_zoneversion_type), 0x0,
7343 NULL, HFILL }},
7344
7345 { &hf_dns_opt_zoneversion_soa,
7346 { "SOA-SERIAL", "dns.opt.zoneversion.soa",
7347 FT_UINT32, BASE_DEC, NULL, 0x0,
7348 NULL, HFILL }},
7349
7350 { &hf_dns_opt_zoneversion_version,
7351 { "Version", "dns.opt.zoneversion.version",
7352 FT_BYTES, BASE_NONE, NULL, 0x0,
7353 NULL, HFILL }},
7354
7355 { &hf_dns_count_questions,
7356 { "Questions", "dns.count.queries",
7357 FT_UINT16, BASE_DEC, NULL, 0x0,
7358 "Number of queries in packet", HFILL }},
7359
7360 { &hf_dns_count_zones,
7361 { "Zones", "dns.count.zones",
7362 FT_UINT16, BASE_DEC, NULL, 0x0,
7363 "Number of zones in packet", HFILL }},
7364
7365 { &hf_dns_count_answers,
7366 { "Answer RRs", "dns.count.answers",
7367 FT_UINT16, BASE_DEC, NULL, 0x0,
7368 "Number of answers in packet", HFILL }},
7369
7370 { &hf_dns_count_prerequisites,
7371 { "Prerequisites", "dns.count.prerequisites",
7372 FT_UINT16, BASE_DEC, NULL, 0x0,
7373 "Number of prerequisites in packet", HFILL }},
7374
7375 { &hf_dns_count_auth_rr,
7376 { "Authority RRs", "dns.count.auth_rr",
7377 FT_UINT16, BASE_DEC, NULL, 0x0,
7378 "Number of authoritative records in packet", HFILL }},
7379
7380 { &hf_dns_count_updates,
7381 { "Updates", "dns.count.updates",
7382 FT_UINT16, BASE_DEC, NULL, 0x0,
7383 "Number of updates records in packet", HFILL }},
7384
7385 { &hf_dns_nsec3_algo,
7386 { "Hash algorithm", "dns.nsec3.algo",
7387 FT_UINT8, BASE_DEC, VALS(hash_algorithms), 0,
7388 NULL, HFILL }},
7389
7390 { &hf_dns_nsec3_flags,
7391 { "NSEC3 flags", "dns.nsec3.flags",
7392 FT_UINT8, BASE_DEC, NULL, 0,
7393 NULL, HFILL }},
7394
7395 { &hf_dns_nsec3_flag_optout,
7396 { "NSEC3 Opt-out flag", "dns.nsec3.flags.opt_out",
7397 FT_BOOLEAN, 8, TFS(&tfs_flags_nsec3_optout), NSEC3_FLAG_OPTOUT,
7398 NULL, HFILL }},
7399
7400 { &hf_dns_nsec3_iterations,
7401 { "NSEC3 iterations", "dns.nsec3.iterations",
7402 FT_UINT16, BASE_DEC, NULL, 0,
7403 "Number of hashing iterations", HFILL }},
7404
7405 { &hf_dns_nsec3_salt_length,
7406 { "Salt length", "dns.nsec3.salt_length",
7407 FT_UINT8, BASE_DEC, NULL, 0,
7408 "Length of salt in bytes", HFILL }},
7409
7410 { &hf_dns_nsec3_salt_value,
7411 { "Salt value", "dns.nsec3.salt_value",
7412 FT_BYTES, BASE_NONE, NULL, 0,
7413 NULL, HFILL }},
7414
7415 { &hf_dns_nsec3_hash_length,
7416 { "Hash length", "dns.nsec3.hash_length",
7417 FT_UINT8, BASE_DEC, NULL, 0,
7418 "Length in bytes of next hashed owner", HFILL }},
7419
7420 { &hf_dns_nsec3_hash_value,
7421 { "Next hashed owner", "dns.nsec3.hash_value",
7422 FT_STRING, BASE_NONE, NULL, 0,
7423 NULL, HFILL }},
7424
7425 { &hf_dns_tlsa_certificate_usage,
7426 { "Certificate Usage", "dns.tlsa.certificate_usage",
7427 FT_UINT8, BASE_DEC, VALS(tlsa_certificate_usage_vals), 0,
7428 "Specifies the provided association that will be used to match the certificate presented in the TLS handshake", HFILL }},
7429
7430 { &hf_dns_tlsa_selector,
7431 { "Selector", "dns.tlsa.selector",
7432 FT_UINT8, BASE_DEC, VALS(tlsa_selector_vals), 0,
7433 "Specifies which part of the TLS certificate presented by the server will be matched against the association data", HFILL }},
7434
7435 { &hf_dns_tlsa_matching_type,
7436 { "Matching Type", "dns.tlsa.matching_type",
7437 FT_UINT8, BASE_DEC, VALS(tlsa_matching_type_vals), 0,
7438 "Specifies how the certificate association is presented", HFILL }},
7439
7440 { &hf_dns_tlsa_certificate_association_data,
7441 { "Certificate Association Data", "dns.tlsa.certificate_association_data",
7442 FT_BYTES, BASE_NONE, NULL, 0,
7443 "The data refers to the certificate in the association", HFILL }},
7444
7445 { &hf_dns_tsig_algorithm_name,
7446 { "Algorithm Name", "dns.tsig.algorithm_name",
7447 FT_STRING, BASE_NONE, NULL, 0x0,
7448 "Name of algorithm used for the MAC", HFILL }},
7449
7450 { &hf_dns_tsig_time_signed,
7451 { "Time Signed", "dns.tsig.time_signed",
7452 FT_ABSOLUTE_TIME, ABSOLUTE_TIME_LOCAL, NULL, 0x0,
7453 NULL, HFILL }},
7454
7455
7456 { &hf_dns_tsig_original_id,
7457 { "Original Id", "dns.tsig.original_id",
7458 FT_UINT16, BASE_DEC, NULL, 0x0,
7459 NULL, HFILL }},
7460
7461 { &hf_dns_tsig_error,
7462 { "Error", "dns.tsig.error",
7463 FT_UINT16, BASE_DEC, VALS(rcode_vals), 0x0,
7464 "Expanded RCODE for TSIG", HFILL }},
7465
7466 { &hf_dns_tsig_fudge,
7467 { "Fudge", "dns.tsig.fudge",
7468 FT_UINT16, BASE_DEC, NULL, 0x0,
7469 "Number of bytes for the MAC", HFILL }},
7470
7471 { &hf_dns_tsig_mac_size,
7472 { "MAC Size", "dns.tsig.mac_size",
7473 FT_UINT16, BASE_DEC, NULL, 0x0,
7474 "Number of bytes for the MAC", HFILL }},
7475
7476 { &hf_dns_tsig_other_len,
7477 { "Other Len", "dns.tsig.other_len",
7478 FT_UINT16, BASE_DEC, NULL, 0x0,
7479 "Number of bytes for Other Data", HFILL }},
7480
7481 { &hf_dns_tsig_mac,
7482 { "MAC", "dns.tsig.mac",
7483 FT_NONE, BASE_NONE, NULL, 0x0,
7484 NULL, HFILL }},
7485
7486 { &hf_dns_tsig_other_data,
7487 { "Other Data", "dns.tsig.other_data",
7488 FT_BYTES, BASE_NONE, NULL, 0x0,
7489 NULL, HFILL }},
7490
7491 { &hf_dns_response_in,
7492 { "Response In", "dns.response_in",
7493 FT_FRAMENUM, BASE_NONE, FRAMENUM_TYPE(FT_FRAMENUM_RESPONSE), 0x0,
7494 "The response to this DNS query is in this frame", HFILL }},
7495
7496 { &hf_dns_response_to,
7497 { "Request In", "dns.response_to",
7498 FT_FRAMENUM, BASE_NONE, FRAMENUM_TYPE(FT_FRAMENUM_REQUEST), 0x0,
7499 "This is a response to the DNS query in this frame", HFILL }},
7500
7501 { &hf_dns_retransmission,
7502 { "Retransmission", "dns.retransmission",
7503 FT_BOOLEAN, BASE_NONE, NULL, 0x0,
7504 "This is a retransmission", HFILL }},
7505
7506 { &hf_dns_retransmit_request_in,
7507 { "Retransmitted request. Original request in", "dns.retransmit_request_in",
7508 FT_FRAMENUM, BASE_NONE, NULL, 0x0,
7509 "This is a retransmitted DNS query", HFILL }},
7510
7511 { &hf_dns_retransmit_response_in,
7512 { "Retransmitted response. Original response in", "dns.retransmit_response_in",
7513 FT_FRAMENUM, BASE_NONE, NULL, 0x0,
7514 "This is a retransmitted DNS response", HFILL }},
7515
7516 { &hf_dns_time,
7517 { "Time", "dns.time",
7518 FT_RELATIVE_TIME, BASE_NONE, NULL, 0x0,
7519 "The time between the Query and the Response", HFILL }},
7520
7521 { &hf_dns_unsolicited,
7522 { "Unsolicited", "dns.unsolicited",
7523 FT_BOOLEAN, BASE_NONE, NULL, 0x0,
7524 "This is an unsolicited response", HFILL }},
7525
7526 { &hf_dns_count_add_rr,
7527 { "Additional RRs", "dns.count.add_rr",
7528 FT_UINT16, BASE_DEC, NULL, 0x0,
7529 "Number of additional records in packet", HFILL }},
7530
7531 { &hf_dns_sshfp_algorithm,
7532 { "Algorithm", "dns.sshfp.algorithm",
7533 FT_UINT8, BASE_DEC, VALS(sshfp_algo_vals), 0,
7534 NULL, HFILL }},
7535
7536 { &hf_dns_sshfp_fingerprint_type,
7537 { "Fingerprint type", "dns.sshfp.fingerprint.type",
7538 FT_UINT8, BASE_DEC, VALS(sshfp_fingertype_vals), 0,
7539 NULL, HFILL }},
7540
7541 { &hf_dns_sshfp_fingerprint,
7542 { "Fingerprint", "dns.sshfp.fingerprint",
7543 FT_BYTES, BASE_NONE, NULL, 0,
7544 NULL, HFILL }},
7545
7546 { &hf_dns_hip_hit_length,
7547 { "HIT length", "dns.hip.hit.length",
7548 FT_UINT8, BASE_DEC, NULL, 0,
7549 NULL, HFILL }},
7550
7551 { &hf_dns_hip_pk_algo,
7552 { "HIT length", "dns.hip.hit.pk.algo",
7553 FT_UINT8, BASE_DEC, VALS(hip_algo_vals), 0,
7554 NULL, HFILL }},
7555
7556 { &hf_dns_hip_pk_length,
7557 { "PK length", "dns.hip.pk.length",
7558 FT_UINT16, BASE_DEC, NULL, 0,
7559 NULL, HFILL }},
7560
7561 { &hf_dns_hip_hit,
7562 { "Host Identity Tag", "dns.hip.hit",
7563 FT_BYTES, BASE_NONE, NULL, 0,
7564 NULL, HFILL }},
7565
7566 { &hf_dns_hip_pk,
7567 { "HIP Public Key", "dns.hip.pk",
7568 FT_BYTES, BASE_NONE, NULL, 0,
7569 NULL, HFILL }},
7570
7571 { &hf_dns_hip_rendezvous_server,
7572 { "Rendezvous Server", "dns.hip.rendezvous_server",
7573 FT_STRING, BASE_NONE, NULL, 0,
7574 NULL, HFILL }},
7575
7576 { &hf_dns_dhcid_rdata,
7577 { "DHCID Data", "dns.dhcid.rdata",
7578 FT_BYTES, BASE_NONE, NULL, 0,
7579 NULL, HFILL }},
7580
7581 { &hf_dns_ds_key_id,
7582 { "Key id", "dns.ds.key_id",
7583 FT_UINT16, BASE_HEX, NULL, 0,
7584 NULL, HFILL }},
7585
7586 { &hf_dns_ds_algorithm,
7587 { "Algorithm", "dns.ds.algorithm",
7588 FT_UINT8, BASE_DEC, VALS(dnssec_algo_vals), 0,
7589 NULL, HFILL }},
7590
7591 { &hf_dns_ds_digest_type,
7592 { "Digest Type", "dns.ds.digest_type",
7593 FT_UINT8, BASE_DEC, VALS(dns_ds_digest_vals), 0,
7594 NULL, HFILL }},
7595
7596 { &hf_dns_ds_digest,
7597 { "Digest", "dns.ds.digest",
7598 FT_BYTES, BASE_NONE, NULL, 0,
7599 NULL, HFILL }},
7600
7601 { &hf_dns_apl_address_family,
7602 { "Address Family", "dns.apl.address_family",
7603 FT_UINT16, BASE_DEC, VALS(afn_vals), 0,
7604 NULL, HFILL }},
7605
7606 { &hf_dns_apl_coded_prefix,
7607 { "Prefix Length", "dns.apl.coded_prefix",
7608 FT_UINT8, BASE_DEC, NULL, 0,
7609 NULL, HFILL }},
7610
7611 { &hf_dns_apl_negation,
7612 { "Negation Flag", "dns.apl.negation",
7613 FT_BOOLEAN, 8, TFS(&tfs_dns_apl_negation), DNS_APL_NEGATION,
7614 NULL, HFILL }},
7615
7616 { &hf_dns_apl_afdlength,
7617 { "Address Length","dns.apl.afdlength",
7618 FT_UINT8, BASE_DEC, NULL, DNS_APL_AFDLENGTH,
7619 "in octets", HFILL }},
7620
7621 { &hf_dns_apl_afdpart_ipv4,
7622 { "Address","dns.apl.afdpart.ipv4",
7623 FT_IPv4, BASE_NONE, NULL, 0,
7624 NULL, HFILL }},
7625
7626 { &hf_dns_apl_afdpart_ipv6,
7627 { "Address","dns.apl.afdpart.ipv6",
7628 FT_IPv6, BASE_NONE, NULL, 0,
7629 NULL, HFILL }},
7630
7631 { &hf_dns_apl_afdpart_data,
7632 { "Address","dns.apl.afdpart.data",
7633 FT_BYTES, BASE_NONE, NULL, 0,
7634 NULL, HFILL }},
7635
7636 { &hf_dns_gpos_longitude_length,
7637 { "Longitude length","dns.gpos.longitude_length",
7638 FT_UINT8, BASE_DEC, NULL, 0,
7639 NULL, HFILL }},
7640
7641 { &hf_dns_gpos_longitude,
7642 { "Longitude","dns.gpos.longitude",
7643 FT_STRING, BASE_NONE, NULL, 0,
7644 NULL, HFILL }},
7645
7646 { &hf_dns_gpos_latitude_length,
7647 { "Latitude length","dns.gpos.latitude_length",
7648 FT_UINT8, BASE_DEC, NULL, 0,
7649 NULL, HFILL }},
7650
7651 { &hf_dns_gpos_latitude,
7652 { "Latitude","dns.gpos.latitude",
7653 FT_STRING, BASE_NONE, NULL, 0,
7654 NULL, HFILL }},
7655
7656 { &hf_dns_gpos_altitude_length,
7657 { "Altitude length","dns.gpos.altitude_length",
7658 FT_UINT8, BASE_DEC, NULL, 0,
7659 NULL, HFILL }},
7660
7661 { &hf_dns_gpos_altitude,
7662 { "Altitude","dns.gpos.altitude",
7663 FT_STRING, BASE_NONE, NULL, 0,
7664 NULL, HFILL }},
7665
7666 { &hf_dns_rp_mailbox,
7667 { "Mailbox","dns.rp.mailbox",
7668 FT_STRING, BASE_NONE, NULL, 0,
7669 NULL, HFILL }},
7670
7671 { &hf_dns_rp_txt_rr,
7672 { "TXT RR","dns.rp.txt_rr",
7673 FT_STRING, BASE_NONE, NULL, 0,
7674 NULL, HFILL }},
7675
7676 { &hf_dns_afsdb_subtype,
7677 { "Subtype","dns.afsdb.subtype",
7678 FT_UINT16, BASE_DEC, NULL, 0,
7679 NULL, HFILL }},
7680
7681 { &hf_dns_afsdb_hostname,
7682 { "Hostname","dns.afsdb.hostname",
7683 FT_STRING, BASE_NONE, NULL, 0,
7684 NULL, HFILL }},
7685
7686 { &hf_dns_x25_length,
7687 { "Length","dns.x25.length",
7688 FT_UINT8, BASE_DEC, NULL, 0,
7689 NULL, HFILL }},
7690
7691 { &hf_dns_x25_psdn_address,
7692 { "PSDN-Address","dns.x25.psdn_address",
7693 FT_STRING, BASE_NONE, NULL, 0,
7694 NULL, HFILL }},
7695
7696 { &hf_dns_isdn_length,
7697 { "Length","dns.idsn.length",
7698 FT_UINT8, BASE_DEC, NULL, 0,
7699 NULL, HFILL }},
7700
7701 { &hf_dns_isdn_address,
7702 { "ISDN Address","dns.idsn.address",
7703 FT_STRING, BASE_NONE, NULL, 0,
7704 NULL, HFILL }},
7705
7706 { &hf_dns_isdn_sa_length,
7707 { "Length","dns.idsn.sa.length",
7708 FT_UINT8, BASE_DEC, NULL, 0,
7709 NULL, HFILL }},
7710
7711 { &hf_dns_isdn_sa,
7712 { "Sub Address","dns.idsn.sa.address",
7713 FT_STRING, BASE_NONE, NULL, 0,
7714 NULL, HFILL }},
7715
7716 { &hf_dns_rt_preference,
7717 { "Preference","dns.rt.subtype",
7718 FT_UINT16, BASE_DEC, NULL, 0,
7719 NULL, HFILL }},
7720
7721 { &hf_dns_rt_intermediate_host,
7722 { "Intermediate Hostname","dns.rt.intermediate_host",
7723 FT_STRING, BASE_NONE, NULL, 0,
7724 NULL, HFILL }},
7725
7726 { &hf_dns_nsap_rdata,
7727 { "NSAP Data", "dns.nsap.rdata",
7728 FT_BYTES, BASE_NONE, NULL, 0,
7729 NULL, HFILL }},
7730
7731 { &hf_dns_nsap_ptr_owner,
7732 { "Owner", "dns.nsap_ptr.owner",
7733 FT_STRING, BASE_NONE, NULL, 0,
7734 NULL, HFILL }},
7735
7736 { &hf_dns_caa_flags,
7737 { "CAA Flags", "dns.caa.flags",
7738 FT_UINT8, BASE_HEX, NULL, 0x0,
7739 NULL, HFILL }},
7740
7741 { &hf_dns_caa_flag_issuer_critical,
7742 { "Issuer Critical", "dns.caa.flags.issuer_critical",
7743 FT_BOOLEAN, 8, TFS(&tfs_critical_not_critical), CAA_FLAG_ISSUER_CRITICAL,
7744 "Other CAs must not issue certificates", HFILL }},
7745
7746 { &hf_dns_caa_issue,
7747 { "Issue", "dns.caa.issue",
7748 FT_STRING, BASE_NONE, NULL, 0x0,
7749 "CA which is allowed to issue certificates", HFILL }},
7750
7751 { &hf_dns_caa_issuewild,
7752 { "Issue Wildcard", "dns.caa.issuewild",
7753 FT_STRING, BASE_NONE, NULL, 0x0,
7754 "CA which is allowed to issue wildcard certificates", HFILL }},
7755
7756 { &hf_dns_caa_iodef,
7757 { "Report URL", "dns.caa.iodef",
7758 FT_STRING, BASE_NONE, NULL, 0x0,
7759 "URL or email address for certificate issue requests and violation reports", HFILL }},
7760
7761 { &hf_dns_caa_unknown,
7762 { "Unknown tag", "dns.caa.unknown",
7763 FT_STRING, BASE_NONE, NULL, 0x0,
7764 NULL, HFILL }},
7765
7766 { &hf_dns_caa_tag_length,
7767 { "Tag length", "dns.caa.tag_length",
7768 FT_UINT8, BASE_DEC, NULL, 0,
7769 NULL, HFILL }},
7770
7771 { &hf_dns_caa_tag,
7772 { "Tag", "dns.caa.tag",
7773 FT_STRING, BASE_NONE, NULL, 0x0,
7774 NULL, HFILL }},
7775
7776 { &hf_dns_caa_value,
7777 { "Value", "dns.caa.value",
7778 FT_STRING, BASE_NONE, NULL, 0x0,
7779 NULL, HFILL }},
7780
7781 { &hf_dns_extraneous_data,
7782 { "Extraneous Data Bytes", "dns.extraneous.data",
7783 FT_BYTES, BASE_NONE, NULL, 0x0,
7784 NULL, HFILL }},
7785
7786 { &hf_dns_extraneous_length,
7787 { "Extraneous Data Length", "dns.extraneous.length",
7788 FT_INT32, BASE_DEC, NULL, 0x0,
7789 NULL, HFILL }},
7790
7791 { &hf_dns_wins_local_flag,
7792 { "Local Flag", "dns.wins.local_flag",
7793 FT_BOOLEAN, 32, NULL, 0x1,
7794 NULL, HFILL }},
7795
7796 { &hf_dns_wins_lookup_timeout,
7797 { "Lookup timeout", "dns.wins.lookup_timeout",
7798 FT_UINT32, BASE_DEC, NULL, 0x0,
7799 "In seconds", HFILL }},
7800
7801 { &hf_dns_wins_cache_timeout,
7802 { "Cache timeout", "dns.wins.cache_timeout",
7803 FT_UINT32, BASE_DEC, NULL, 0x0,
7804 "In seconds", HFILL }},
7805
7806 { &hf_dns_wins_nb_wins_servers,
7807 { "Number of WINS servers", "dns.wins.nb_wins_servers",
7808 FT_UINT32, BASE_DEC, NULL, 0x0,
7809 NULL, HFILL }},
7810
7811 { &hf_dns_wins_server,
7812 { "WINS Server Address", "dns.wins.wins_server",
7813 FT_IPv4, BASE_NONE, NULL, 0x0,
7814 NULL, HFILL }},
7815
7816 { &hf_dns_winsr_local_flag,
7817 { "Local Flag", "dns.winsr.local_flag",
7818 FT_BOOLEAN, 32, NULL, 0x1,
7819 NULL, HFILL }},
7820
7821 { &hf_dns_winsr_lookup_timeout,
7822 { "Lookup timeout", "dns.winsr.lookup_timeout",
7823 FT_UINT32, BASE_DEC, NULL, 0x0,
7824 "In seconds", HFILL }},
7825
7826 { &hf_dns_winsr_cache_timeout,
7827 { "Cache timeout", "dns.winsr.cache_timeout",
7828 FT_UINT32, BASE_DEC, NULL, 0x0,
7829 "In seconds", HFILL }},
7830
7831 { &hf_dns_winsr_name_result_domain,
7832 { "Name Result Domain", "dns.winsr.name_result_domain",
7833 FT_STRING, BASE_NONE, NULL, 0x0,
7834 NULL, HFILL }},
7835
7836 { &hf_dns_data,
7837 { "Data", "dns.data",
7838 FT_BYTES, BASE_NONE, NULL, 0x0,
7839 NULL, HFILL }},
7840
7841 { &hf_dns_dso,
7842 { "DNS Stateful Operation", "dns.dso",
7843 FT_NONE, BASE_NONE, NULL, 0x0,
7844 NULL, HFILL }},
7845 { &hf_dns_dso_tlv,
7846 { "DSO TLV", "dns.dso.tlv",
7847 FT_NONE, BASE_NONE, NULL, 0x0,
7848 NULL, HFILL }},
7849 { &hf_dns_dso_tlv_type,
7850 { "Type", "dns.dso.tlv.type",
7851 FT_UINT16, BASE_DEC | BASE_RANGE_STRING, RVALS(dns_dso_type_rvals), 0x0,
7852 NULL, HFILL }},
7853 { &hf_dns_dso_tlv_length,
7854 { "Length", "dns.dso.tlv.length",
7855 FT_UINT16, BASE_DEC, NULL, 0x0,
7856 NULL, HFILL }},
7857 { &hf_dns_dso_tlv_data,
7858 { "Data", "dns.dso.tlv.data",
7859 FT_BYTES, BASE_NONE, NULL, 0x0,
7860 NULL, HFILL }},
7861 { &hf_dns_dso_tlv_keepalive_inactivity,
7862 { "Inactivity Timeout", "dns.dso.tlv.keepalive.inactivity",
7863 FT_UINT32, BASE_DEC, NULL, 0x0,
7864 "Inactivity Timeout (ms)", HFILL }},
7865 { &hf_dns_dso_tlv_keepalive_interval,
7866 { "Keepalive Interval", "dns.dso.tlv.keepalive.interval",
7867 FT_UINT32, BASE_DEC, NULL, 0x0,
7868 "Keepalive Interval (ms)", HFILL }},
7869 { &hf_dns_dso_tlv_retrydelay_retrydelay,
7870 { "Retry Delay", "dns.dso.tlv.retrydelay.retrydelay",
7871 FT_UINT32, BASE_DEC, NULL, 0x0,
7872 "Retry Delay (ms)", HFILL }},
7873 { &hf_dns_dso_tlv_encpad_padding,
7874 { "Padding", "dns.dso.tlv.encpad.padding",
7875 FT_BYTES, BASE_NONE, NULL, 0x0,
7876 NULL, HFILL }},
7877
7878 { &hf_dns_dnscrypt,
7879 { "DNSCrypt", "dns.dnscrypt",
7880 FT_NONE, BASE_NONE, NULL, 0x0,
7881 NULL, HFILL }},
7882 { &hf_dns_dnscrypt_magic,
7883 { "Magic", "dns.dnscrypt.magic",
7884 FT_STRING, BASE_NONE, NULL, 0x0,
7885 NULL, HFILL }},
7886 { &hf_dns_dnscrypt_esversion,
7887 { "ES Version", "dns.dnscrypt.esversion",
7888 FT_UINT16, BASE_HEX, VALS(esversions), 0,
7889 NULL, HFILL }},
7890 { &hf_dns_dnscrypt_protocol_version,
7891 { "Protocol Version", "dns.dnscrypt.protocol_version",
7892 FT_UINT16, BASE_HEX, NULL, 0x0, NULL, HFILL }},
7893 { &hf_dns_dnscrypt_signature,
7894 { "Signature", "dns.dnscrypt.signature",
7895 FT_BYTES, BASE_NONE, NULL, 0, NULL, HFILL }},
7896 { &hf_dns_dnscrypt_resolver_pk,
7897 { "Resolver PK", "dns.dnscrypt.resolver_public_key",
7898 FT_BYTES, BASE_NONE, NULL, 0, NULL, HFILL }},
7899 { &hf_dns_dnscrypt_client_magic,
7900 { "Client Magic", "dns.dnscrypt.client_magic",
7901 FT_BYTES, BASE_NONE, NULL, 0, NULL, HFILL }},
7902 { &hf_dns_dnscrypt_serial_number,
7903 { "Serial Number", "dns.dnscrypt.serial_number",
7904 FT_BYTES, BASE_NONE, NULL, 0, NULL, HFILL }},
7905 {&hf_dns_dnscrypt_ts_start,
7906 { "Valid From", "dns.dnscrypt.valid_from",
7907 FT_ABSOLUTE_TIME, ABSOLUTE_TIME_LOCAL, NULL, 0x0, NULL, HFILL}},
7908 {&hf_dns_dnscrypt_ts_end,
7909 { "Valid To", "dns.dnscrypt.valid_to",
7910 FT_ABSOLUTE_TIME, ABSOLUTE_TIME_LOCAL, NULL, 0x0, NULL, HFILL}},
7911 };
7912
7913 static ei_register_info ei[] = {
7914 { &ei_dns_a_class_undecoded, { "dns.a.class.undecoded", PI_UNDECODED, PI_NOTE, "Undecoded class", EXPFILL }},
7915 { &ei_dns_opt_bad_length, { "dns.rr.opt.bad_length", PI_MALFORMED, PI_ERROR, "Length too long for any type of IP address.", EXPFILL }},
7916 { &ei_dns_undecoded_option, { "dns.undecoded.type", PI_UNDECODED, PI_NOTE, "Undecoded option", EXPFILL }},
7917 { &ei_dns_depr_opc, { "dns.depr.opc", PI_PROTOCOL, PI_WARN, "Deprecated opcode", EXPFILL }},
7918 { &ei_ttl_high_bit_set, { "dns.ttl.high_bit_set", PI_PROTOCOL, PI_WARN, "The uppermost bit of the TTL is set (RFC 2181, section 8)", EXPFILL }},
7919 { &ei_dns_tsig_alg, { "dns.tsig.noalg", PI_UNDECODED, PI_WARN, "No dissector for algorithm", EXPFILL }},
7920 { &ei_dns_key_id_buffer_too_short, { "dns.key_id_buffer_too_short", PI_PROTOCOL, PI_WARN, "Buffer too short to compute a key id", EXPFILL }},
7921 { &ei_dns_retransmit_request, { "dns.retransmit_request", PI_PROTOCOL, PI_WARN, "DNS query retransmission", EXPFILL }},
7922 { &ei_dns_retransmit_response, { "dns.retransmit_response", PI_PROTOCOL, PI_WARN, "DNS response retransmission", EXPFILL }},
7923 { &ei_dns_extraneous_data, { "dns.extraneous", PI_UNDECODED, PI_NOTE, "Extraneous data", EXPFILL }},
7924 { &ei_dns_response_missing, { "dns.response_missing", PI_PROTOCOL, PI_WARN, "DNS response missing", EXPFILL }},
7925 };
7926
7927 static int *ett[] = {
7928 &ett_dns,
7929 &ett_dns_qd,
7930 &ett_dns_rr,
7931 &ett_dns_qry,
7932 &ett_dns_ans,
7933 &ett_dns_flags,
7934 &ett_dns_opts,
7935 &ett_nsec3_flags,
7936 &ett_key_flags,
7937 &ett_t_key,
7938 &ett_dns_mac,
7939 &ett_caa_flags,
7940 &ett_caa_data,
7941 &ett_dns_csdync_flags,
7942 &ett_dns_dso,
7943 &ett_dns_dso_tlv,
7944 &ett_dns_svcb,
7945 &ett_dns_extraneous,
7946 };
7947
7948 module_t *dns_module;
7949 expert_module_t* expert_dns;
7950
7951 proto_dns = proto_register_protocol("Domain Name System", "DNS", "dns");
7952 proto_mdns = proto_register_protocol("Multicast Domain Name System", "mDNS", "mdns");
7953 proto_llmnr = proto_register_protocol("Link-local Multicast Name Resolution", "LLMNR", "llmnr");
7954 proto_register_field_array(proto_dns, hf, array_length(hf));
7955 proto_register_subtree_array(ett, array_length(ett));
7956 expert_dns = expert_register_protocol(proto_dns);
7957 expert_register_field_array(expert_dns, ei, array_length(ei));
7958
7959 dns_module = prefs_register_protocol(proto_dns, NULL);
7960
7961 // preferences for dns_qr_statistics
7962 prefs_register_bool_preference(dns_module, "qr_enable_statistics", "Enable Query-Response Statistics", "Enable Query-Response Statistics", &dns_qr_statistics_enabled);
7963 perf_qr_enable_statistics = prefs_find_preference(dns_module, "qr_enable_statistics");
7964 dns_qr_statistics_enabled = prefs_get_bool_value(perf_qr_enable_statistics, pref_current);
7965 prefs_register_bool_preference(dns_module, "qr_qrn_enable_statistics", "Enable Display of Query-Record-Name", "Enable Display of Query-Record-Name", &dns_qr_qrn_statistics_enabled);
7966 perf_qr_qrn_enable_statistics = prefs_find_preference(dns_module, "qr_qrn_enable_statistics");
7967 dns_qr_qrn_statistics_enabled = prefs_get_bool_value(perf_qr_qrn_enable_statistics, pref_current);
7968 prefs_register_bool_preference(dns_module, "qr_qrn_aud_zv_enable_statistics", "Enable Display of Query-Record-Name for Nodes with Zero-Values", "Enable Display of Query-Record-Name for Answers-Authorities-Additionals with Zero-Values. If this is set, it also requires dns.qr_qrn_enable_statistics to be set for it to work.", &dns_qr_qrn_aud_zv_statistics_enabled);
7969 perf_qr_qrn_aud_zv_enable_statistics = prefs_find_preference(dns_module, "qr_qrn_aud_zv_enable_statistics");
7970 dns_qr_qrn_aud_zv_statistics_enabled = prefs_get_bool_value(perf_qr_qrn_aud_zv_enable_statistics, pref_current);
7971
7972 prefs_register_bool_preference(dns_module, "desegment_dns_messages",
7973 "Reassemble DNS messages spanning multiple TCP segments",
7974 "Whether the DNS dissector should reassemble messages spanning multiple TCP segments."
7975 " To use this option, you must also enable \"Allow subdissectors to reassemble TCP streams\" in the TCP protocol settings.",
7976 &dns_desegment);
7977
7978 prefs_register_uint_preference(dns_module, "retransmission_timer",
7979 "Number of seconds allowed between retransmissions",
7980 "Number of seconds allowed between DNS requests with the same transaction ID to consider it a retransmission."
7981 " Otherwise its considered a new request.",
7982 10, &retransmission_timer);
7983
7984 prefs_register_obsolete_preference(dns_module, "use_for_addr_resolution");
7985
7986 prefs_register_static_text_preference(dns_module, "text_use_for_addr_resolution",
7987 "DNS address resolution settings can be changed in the Name Resolution preferences",
7988 "DNS address resolution settings can be changed in the Name Resolution preferences");
7989
7990 prefs_register_bool_preference(dns_module, "enable_qname_stats",
7991 "Add queried names to DNS statistics",
7992 "Whether the DNS dissector should add queried names to DNS statistics.",
7993 &dns_qname_stats);
7994
7995
7996 dns_tsig_dissector_table = register_dissector_table("dns.tsig.mac", "DNS TSIG MAC", proto_dns, FT_STRING, STRING_CASE_SENSITIVE);
7997
7998 dns_handle = register_dissector("dns", dissect_dns, proto_dns);
7999 mdns_udp_handle = register_dissector("mdns", dissect_mdns_udp, proto_mdns);
8000 llmnr_udp_handle = register_dissector("llmnr", dissect_llmnr_udp, proto_llmnr);
8001 doq_handle = register_dissector("dns.doq", dissect_dns_doq, proto_dns);
8002
8003 dns_tap = register_tap("dns");
8004 }
8005
8006 /*
8007 * Editor modelines
8008 *
8009 * Local Variables:
8010 * c-basic-offset: 2
8011 * tab-width: 8
8012 * indent-tabs-mode: nil
8013 * End:
8014 *
8015 * ex: set shiftwidth=2 tabstop=8 expandtab:
8016 * :indentSize=2:tabSize=8:noTabs=true:
8017 */
Metzes wireshark repo