Wireshark 4.7.0
The Wireshark network protocol analyzer
Loading...
Searching...
No Matches
packet-dns.h
1/* packet-dns.h
2 * Definitions for packet disassembly structures and routines used both by
3 * DNS and NBNS.
4 *
5 * Wireshark - Network traffic analyzer
6 * By Gerald Combs <[email protected]>
7 * Copyright 1998 Gerald Combs
8 *
9 * SPDX-License-Identifier: GPL-2.0-or-later
10 */
11
12
13#ifndef __PACKET_DNS_H__
14#define __PACKET_DNS_H__
15
16
17/* type values */
18#define DNS_T_A 1 /* host address */
19#define DNS_T_NS 2 /* authoritative name server */
20#define DNS_T_MD 3 /* mail destination (obsolete) */
21#define DNS_T_MF 4 /* mail forwarder (obsolete) */
22#define DNS_T_CNAME 5 /* canonical name */
23#define DNS_T_SOA 6 /* start of authority zone */
24#define DNS_T_MB 7 /* mailbox domain name (experimental) */
25#define DNS_T_MG 8 /* mail group member (experimental) */
26#define DNS_T_MR 9 /* mail rename domain name (experimental) */
27#define DNS_T_NULL 10 /* null RR (experimental) */
28#define DNS_T_WKS 11 /* well known service */
29#define DNS_T_PTR 12 /* domain name pointer */
30#define DNS_T_HINFO 13 /* host information */
31#define DNS_T_MINFO 14 /* mailbox or mail list information */
32#define DNS_T_MX 15 /* mail routing information */
33#define DNS_T_TXT 16 /* text strings */
34#define DNS_T_RP 17 /* responsible person (RFC 1183) */
35#define DNS_T_AFSDB 18 /* AFS data base location (RFC 1183) */
36#define DNS_T_X25 19 /* X.25 address (RFC 1183) */
37#define DNS_T_ISDN 20 /* ISDN address (RFC 1183) */
38#define DNS_T_RT 21 /* route-through (RFC 1183) */
39#define DNS_T_NSAP 22 /* OSI NSAP (RFC 1706) */
40#define DNS_T_NSAP_PTR 23 /* PTR equivalent for OSI NSAP (RFC 1348 - obsolete) */
41#define DNS_T_SIG 24 /* digital signature (RFC 2535) */
42#define DNS_T_KEY 25 /* public key (RFC 2535) */
43#define DNS_T_PX 26 /* pointer to X.400/RFC822 mapping info (RFC 1664) */
44#define DNS_T_GPOS 27 /* geographical position (RFC 1712) */
45#define DNS_T_AAAA 28 /* IPv6 address (RFC 1886) */
46#define DNS_T_LOC 29 /* geographical location (RFC 1876) */
47#define DNS_T_NXT 30 /* "next" name (RFC 2535) */
48#define DNS_T_EID 31 /* Endpoint Identifier */
49#define DNS_T_NIMLOC 32 /* Nimrod Locator */
50#define DNS_T_SRV 33 /* service location (RFC 2052) */
51#define DNS_T_ATMA 34 /* ATM Address */
52#define DNS_T_NAPTR 35 /* naming authority pointer (RFC 3403) */
53#define DNS_T_KX 36 /* Key Exchange (RFC 2230) */
54#define DNS_T_CERT 37 /* Certificate (RFC 4398) */
55#define DNS_T_A6 38 /* IPv6 address with indirection (RFC 2874 - obsolete) */
56#define DNS_T_DNAME 39 /* Non-terminal DNS name redirection (RFC 2672) */
57#define DNS_T_SINK 40 /* SINK */
58#define DNS_T_OPT 41 /* OPT pseudo-RR (RFC 2671) */
59#define DNS_T_APL 42 /* Lists of Address Prefixes (APL RR) (RFC 3123) */
60#define DNS_T_DS 43 /* Delegation Signer (RFC 4034) */
61#define DNS_T_SSHFP 44 /* Using DNS to Securely Publish SSH Key Fingerprints (RFC 4255) */
62#define DNS_T_IPSECKEY 45 /* RFC 4025 */
63#define DNS_T_RRSIG 46 /* RFC 4034 */
64#define DNS_T_NSEC 47 /* RFC 4034 */
65#define DNS_T_DNSKEY 48 /* RFC 4034 */
66#define DNS_T_DHCID 49 /* DHCID RR (RFC 4701) */
67#define DNS_T_NSEC3 50 /* Next secure hash (RFC 5155) */
68#define DNS_T_NSEC3PARAM 51 /* NSEC3 parameters (RFC 5155) */
69#define DNS_T_TLSA 52 /* TLSA (RFC 6698) */
70#define DNS_T_HIP 55 /* Host Identity Protocol (HIP) RR (RFC 5205) */
71#define DNS_T_NINFO 56 /* NINFO */
72#define DNS_T_RKEY 57 /* RKEY */
73#define DNS_T_TALINK 58 /* Trust Anchor LINK */
74#define DNS_T_CDS 59 /* Child DS (RFC7344)*/
75#define DNS_T_CDNSKEY 60 /* DNSKEY(s) the Child wants reflected in DS ( [RFC7344])*/
76#define DNS_T_OPENPGPKEY 61 /* OPENPGPKEY draft-ietf-dane-openpgpkey-00 */
77#define DNS_T_CSYNC 62 /* Child To Parent Synchronization (RFC7477) */
78#define DNS_T_ZONEMD 63 /* Message Digest for DNS Zones (RFC8976) */
79#define DNS_T_SVCB 64 /* draft-ietf-dnsop-svcb-https-01 */
80#define DNS_T_HTTPS 65 /* draft-ietf-dnsop-svcb-https-01 */
81#define DNS_T_DSYNC 66 /* draft-ietf-dnsop-generalized-notify */
82#define DNS_T_SPF 99 /* SPF RR (RFC 4408) section 3 */
83#define DNS_T_UINFO 100 /* [IANA-Reserved] */
84#define DNS_T_UID 101 /* [IANA-Reserved] */
85#define DNS_T_GID 102 /* [IANA-Reserved] */
86#define DNS_T_UNSPEC 103 /* [IANA-Reserved] */
87#define DNS_T_NID 104 /* ILNP [RFC6742] */
88#define DNS_T_L32 105 /* ILNP [RFC6742] */
89#define DNS_T_L64 106 /* ILNP [RFC6742] */
90#define DNS_T_LP 107 /* ILNP [RFC6742] */
91#define DNS_T_EUI48 108 /* EUI 48 Address (RFC7043) */
92#define DNS_T_EUI64 109 /* EUI 64 Address (RFC7043) */
93#define DNS_T_TKEY 249 /* Transaction Key (RFC 2930) */
94#define DNS_T_TSIG 250 /* Transaction Signature (RFC 2845) */
95#define DNS_T_IXFR 251 /* incremental transfer (RFC 1995) */
96#define DNS_T_AXFR 252 /* transfer of an entire zone (RFC 5936) */
97#define DNS_T_MAILB 253 /* mailbox-related RRs (MB, MG or MR) (RFC 1035) */
98#define DNS_T_MAILA 254 /* mail agent RRs (OBSOLETE - see MX) (RFC 1035) */
99#define DNS_T_ANY 255 /* A request for all records (RFC 1035) */
100#define DNS_T_URI 256 /* URI */
101#define DNS_T_CAA 257 /* Certification Authority Authorization (RFC 6844) */
102#define DNS_T_AVC 258 /* Application Visibility and Control (Wolfgang_Riedel) */
103#define DNS_T_DOA 259 /* Digital Object Architecture (draft-durand-doa-over-dns) */
104#define DNS_T_AMTRELAY 260 /* Automatic Multicast Tunneling Relay (RFC8777) */
105#define DNS_T_RESINFO 261 /* Resolver Information */
106#define DNS_T_WALLET 262 /* Public wallet address */
107#define DNS_T_TA 32768 /* DNSSEC Trust Authorities */
108#define DNS_T_DLV 32769 /* DNSSEC Lookaside Validation (DLV) DNS Resource Record (RFC 4431) */
109#define DNS_T_WINS 65281 /* Microsoft's WINS RR */
110#define DNS_T_WINS_R 65282 /* Microsoft's WINS-R RR */
111#define DNS_T_XPF 65422 /* XPF draft-bellis-dnsop-xpf */
112
113/* Class values */
114#define DNS_C_IN 1 /* the Internet */
115#define DNS_C_CS 2 /* CSNET (obsolete) */
116#define DNS_C_CH 3 /* CHAOS */
117#define DNS_C_HS 4 /* Hesiod */
118#define DNS_C_NONE 254 /* none */
119#define DNS_C_ANY 255 /* any */
120
121#define DNS_C_QU (1<<15) /* High bit is set in queries for unicast queries */
122#define DNS_C_FLUSH (1<<15) /* High bit is set for MDNS cache flush */
123
124/* Opcodes */
125#define DNS_OPCODE_QUERY 0 /* standard query */
126#define DNS_OPCODE_IQUERY 1 /* inverse query */
127#define DNS_OPCODE_STATUS 2 /* server status request */
128#define DNS_OPCODE_NOTIFY 4 /* zone change notification */
129#define DNS_OPCODE_UPDATE 5 /* dynamic update */
130#define DNS_OPCODE_DSO 6 /* DNS stateful operations */
131
132/* Reply codes */
133#define DNS_RCODE_NOERROR 0
134#define DNS_RCODE_FORMERR 1
135#define DNS_RCODE_SERVFAIL 2
136#define DNS_RCODE_NXDOMAIN 3
137#define DNS_RCODE_NOTIMPL 4
138#define DNS_RCODE_REFUSED 5
139#define DNS_RCODE_YXDOMAIN 6
140#define DNS_RCODE_YXRRSET 7
141#define DNS_RCODE_NXRRSET 8
142#define DNS_RCODE_NOTAUTH 9
143#define DNS_RCODE_NOTZONE 10
144#define DNS_RCODE_DSOTYPENI 11
145
146#define DNS_RCODE_BAD 16
147#define DNS_RCODE_BADKEY 17
148#define DNS_RCODE_BADTIME 18
149#define DNS_RCODE_BADMODE 19
150#define DNS_RCODE_BADNAME 20
151#define DNS_RCODE_BADALG 21
152#define DNS_RCODE_BADTRUNC 22
153#define DNS_RCODE_BADCOOKIE 23
154
155WS_DLL_PUBLIC
156const value_string dns_classes[];
157
158/*
159 * DNS stats/information provided for tapping
160 */
161typedef struct DnsTap {
162 unsigned packet_qr; // query (0) or response (1)
163 unsigned packet_qtype; // query type (DNS_T_*)
164 int packet_qclass; // query class (DNS_C_*)
165 unsigned packet_rcode; // reply code (DNS_RCODE_*)
166 unsigned packet_opcode; // query opcode (DNS_OPCODE_*)
167 unsigned payload_size; // full packet payload size
168 unsigned qname_len; // length of query name
169 unsigned qname_labels; // query name label count
170 char* qname; // query name
171 unsigned nquestions; // number of questions
172 unsigned nanswers; // number of answers
173 unsigned nauthorities; // number of authority records
174 unsigned nadditionals; // number of additional records
175 bool unsolicited; // true if unsolicitated response
176 bool retransmission; // true if retransmitted query
177 nstime_t rrt; // time between query and response
178 wmem_list_t *rr_types; // list of resource record types
179 char source[256]; // source of request/response (stringified IPv4 or IPv6 address; "n/a" if unexpected address type)
180 char qhost[256]; // host or left-most part of query name
181 char qdomain[256]; // domain or remaining part of query name
182 unsigned flags; // raw header flags
183} dns_tap_t;
184
185/*
186 * Expands DNS name from TVB into a byte string.
187 *
188 * Returns int: byte size of DNS data.
189 * Returns char *name: a dot (.) separated raw string of DNS domain name labels.
190 * This string is null terminated. Labels are copied directly from raw packet
191 * data without any validation for a string encoding. This is the callers responsibility.
192 * Return int name_len: byte length of "name".
193 */
194WS_DLL_PUBLIC
195int get_dns_name(wmem_allocator_t* scope, tvbuff_t *tvb, int offset, int max_len, int dns_data_offset,
196 const char **name, int* name_len);
197
198
199#define MIN_DNAME_LEN 2 /* minimum domain name length */
200#define MAX_DNAME_LEN 255 /* maximum domain name length */
201
202#endif /* packet-dns.h */
_value_string
Mapping between a 32-bit integer value and its string representation.
Definition value_string.h:33
_wmem_allocator_t
Internal memory allocator interface used by the wmem subsystem.
Definition wmem_allocator.h:34
_wmem_list_t
Definition wmem_list.c:23
DnsTap
Definition packet-dns.h:161
nstime_t
Definition nstime.h:26
tvbuff
Definition tvbuff-int.h:36
Generated by doxygen 1.9.8