diff options
Diffstat (limited to 'mDNSResponder/mDNSPosix/NetMonitor.c')
| -rw-r--r-- | mDNSResponder/mDNSPosix/NetMonitor.c | 69 |
1 files changed, 60 insertions, 9 deletions
diff --git a/mDNSResponder/mDNSPosix/NetMonitor.c b/mDNSResponder/mDNSPosix/NetMonitor.c index 1354f1f8..a3823c54 100644 --- a/mDNSResponder/mDNSPosix/NetMonitor.c +++ b/mDNSResponder/mDNSPosix/NetMonitor.c @@ -120,6 +120,7 @@ struct timeval tv_start, tv_end, tv_interval; static int FilterInterface = 0; static FilterList *Filters; #define ExactlyOneFilter (Filters && !Filters->next) +static mDNSBool AddressType = mDNSAddrType_IPv4; static int NumPktQ, NumPktL, NumPktR, NumPktB; // Query/Legacy/Response/Bad static int NumProbes, NumGoodbyes, NumQuestions, NumLegacy, NumAnswers, NumAdditionals; @@ -464,9 +465,9 @@ mDNSlocal const mDNSu8 *FindUpdate(mDNS *const m, const DNSMessage *const query, mDNSlocal void DisplayPacketHeader(mDNS *const m, const DNSMessage *const msg, const mDNSu8 *const end, const mDNSAddr *srcaddr, mDNSIPPort srcport, const mDNSAddr *dstaddr, const mDNSInterfaceID InterfaceID) { - const char *const ptype = (msg->h.flags.b[0] & kDNSFlag0_QR_Response) ? "-R- " : + const char *const ptype = (msg->h.flags.b[0] & kDNSFlag0_QR_Response) ? "-R- " : (srcport.NotAnInteger == MulticastDNSPort.NotAnInteger) ? "-Q- " : "-LQ-"; - + const unsigned length = end - (mDNSu8 *)msg; struct timeval tv; struct tm tm; const mDNSu32 index = mDNSPlatformInterfaceIndexfromInterfaceID(m, InterfaceID, mDNSfalse); @@ -477,7 +478,7 @@ mDNSlocal void DisplayPacketHeader(mDNS *const m, const DNSMessage *const msg, c mprintf("\n%d:%02d:%02d.%06d Interface %d/%s\n", tm.tm_hour, tm.tm_min, tm.tm_sec, tv.tv_usec, index, if_name); mprintf("%#-16a %s Q:%3d Ans:%3d Auth:%3d Add:%3d Size:%5d bytes", - srcaddr, ptype, msg->h.numQuestions, msg->h.numAnswers, msg->h.numAuthorities, msg->h.numAdditionals, end - (mDNSu8 *)msg); + srcaddr, ptype, msg->h.numQuestions, msg->h.numAnswers, msg->h.numAuthorities, msg->h.numAdditionals, length); if (msg->h.id.NotAnInteger) mprintf(" ID:%u", mDNSVal16(msg->h.id)); @@ -488,7 +489,27 @@ mDNSlocal void DisplayPacketHeader(mDNS *const m, const DNSMessage *const msg, c if (msg->h.flags.b[0] & kDNSFlag0_QR_Response) mprintf(" Truncated"); else mprintf(" Truncated (KA list continues in next packet)"); } + mprintf("\n"); + + if (length < sizeof(DNSMessageHeader) + NormalMaxDNSMessageData - 192) + if (msg->h.flags.b[0] & kDNSFlag0_TC) + mprintf("%#-16a **** WARNING: Packet suspiciously small. Payload size (excluding IP and UDP headers)\n" + "%#-16a **** should usually be closer to %d bytes before truncation becomes necessary.\n", + srcaddr, srcaddr, sizeof(DNSMessageHeader) + NormalMaxDNSMessageData); +} + +mDNSlocal void DisplaySizeCheck(const DNSMessage *const msg, const mDNSu8 *const end, const mDNSAddr *srcaddr, int num_opts) +{ + const unsigned length = end - (mDNSu8 *)msg; + const int num_records = msg->h.numAnswers + msg->h.numAuthorities + msg->h.numAdditionals - num_opts; + + if (length > sizeof(DNSMessageHeader) + NormalMaxDNSMessageData) + if (num_records > 1) + mprintf("%#-16a **** ERROR: Oversized packet with %d records.\n" + "%#-16a **** Many network devices cannot receive packets larger than %d bytes.\n" + "%#-16a **** To minimize interoperability failures, oversized packets MUST be limited to a single resource record.\n", + srcaddr, num_records, srcaddr, 40 + 8 + sizeof(DNSMessageHeader) + NormalMaxDNSMessageData, srcaddr); } mDNSlocal void DisplayResourceRecord(const mDNSAddr *const srcaddr, const char *const op, const ResourceRecord *const pktrr) @@ -594,7 +615,7 @@ mDNSlocal void HexDump(const mDNSu8 *ptr, const mDNSu8 *const end) mDNSlocal void DisplayError(const mDNSAddr *srcaddr, const mDNSu8 *ptr, const mDNSu8 *const end, char *msg) { - mprintf("%#-16a **** ERROR: FAILED TO READ %s **** \n", srcaddr, msg); + mprintf("%#-16a **** ERROR: FAILED TO READ %s ****\n", srcaddr, msg); HexDump(ptr, end); } @@ -602,6 +623,7 @@ mDNSlocal void DisplayQuery(mDNS *const m, const DNSMessage *const msg, const mD const mDNSAddr *srcaddr, mDNSIPPort srcport, const mDNSAddr *dstaddr, const mDNSInterfaceID InterfaceID) { int i; + int num_opts = 0; const mDNSu8 *ptr = msg->data; const mDNSu8 *auth = LocateAuthorities(msg, end); mDNSBool MQ = (srcport.NotAnInteger == MulticastDNSPort.NotAnInteger); @@ -611,7 +633,7 @@ mDNSlocal void DisplayQuery(mDNS *const m, const DNSMessage *const msg, const mD DisplayPacketHeader(m, msg, end, srcaddr, srcport, dstaddr, InterfaceID); if (msg->h.id.NotAnInteger != 0xFFFF) { - if (MQ) NumPktQ++;else NumPktL++; + if (MQ) NumPktQ++; else NumPktL++; } for (i=0; i<msg->h.numQuestions; i++) @@ -648,6 +670,8 @@ mDNSlocal void DisplayQuery(mDNS *const m, const DNSMessage *const msg, const mD ptr = GetLargeResourceRecord(m, msg, ptr, end, InterfaceID, kDNSRecordTypePacketAns, &pkt); if (!ptr) { DisplayError(srcaddr, ep, end, "KNOWN ANSWER"); return; } DisplayResourceRecord(srcaddr, "(KA)", &pkt.r.resrec); + if (pkt.r.resrec.rrtype == kDNSType_OPT) + { num_opts++; mprintf("%#-16a **** ERROR: OPT RECORD IN ANSWER SECTION ****\n", srcaddr); } // In the case of queries with long multi-packet KA lists, we count each subsequent KA packet // the same as a single query, to more accurately reflect the burden on the network @@ -664,6 +688,8 @@ mDNSlocal void DisplayQuery(mDNS *const m, const DNSMessage *const msg, const mD // After we display an Update record with its matching question (above) we zero out its type and class // If any remain that haven't been zero'd out, display them here if (pkt.r.resrec.rrtype || pkt.r.resrec.rrclass) DisplayResourceRecord(srcaddr, "(AU)", &pkt.r.resrec); + if (pkt.r.resrec.rrtype == kDNSType_OPT) + { num_opts++; mprintf("%#-16a **** ERROR: OPT RECORD IN AUTHORITY SECTION ****\n", srcaddr); } } for (i=0; i<msg->h.numAdditionals; i++) @@ -672,8 +698,15 @@ mDNSlocal void DisplayQuery(mDNS *const m, const DNSMessage *const msg, const mD ptr = GetLargeResourceRecord(m, msg, ptr, end, InterfaceID, kDNSRecordTypePacketAdd, &pkt); if (!ptr) { DisplayError(srcaddr, ep, end, "ADDITIONAL"); return; } DisplayResourceRecord(srcaddr, pkt.r.resrec.rrtype == kDNSType_OPT ? "(OP)" : "(AD)", &pkt.r.resrec); + if (pkt.r.resrec.rrtype == kDNSType_OPT) num_opts++; } + DisplaySizeCheck(msg, end, srcaddr, num_opts); + + // We don't hexdump the DNSMessageHeader here because those six fields (id, flags, numQuestions, numAnswers, numAuthorities, numAdditionals) + // have already been swapped to host byte order and displayed, so including them in the hexdump is confusing + if (num_opts > 1) { mprintf("%#-16a **** ERROR: MULTIPLE OPT RECORDS ****\n", srcaddr); HexDump(msg->data, end); } + if (entry) AnalyseHost(m, entry, InterfaceID); } @@ -681,6 +714,7 @@ mDNSlocal void DisplayResponse(mDNS *const m, const DNSMessage *const msg, const const mDNSAddr *srcaddr, mDNSIPPort srcport, const mDNSAddr *dstaddr, const mDNSInterfaceID InterfaceID) { int i; + int num_opts = 0; const mDNSu8 *ptr = msg->data; HostEntry *entry = GotPacketFromHost(srcaddr, HostPkt_R, msg->h.id); LargeCacheRecord pkt; @@ -718,6 +752,8 @@ mDNSlocal void DisplayResponse(mDNS *const m, const DNSMessage *const msg, const DisplayResourceRecord(srcaddr, "(DE)", &pkt.r.resrec); recordstat(entry, pkt.r.resrec.name, OP_goodbye, pkt.r.resrec.rrtype); } + if (pkt.r.resrec.rrtype == kDNSType_OPT) + { num_opts++; mprintf("%#-16a **** ERROR: OPT RECORD IN ANSWER SECTION ****\n", srcaddr); } } for (i=0; i<msg->h.numAuthorities; i++) @@ -725,9 +761,12 @@ mDNSlocal void DisplayResponse(mDNS *const m, const DNSMessage *const msg, const const mDNSu8 *ep = ptr; ptr = GetLargeResourceRecord(m, msg, ptr, end, InterfaceID, kDNSRecordTypePacketAuth, &pkt); if (!ptr) { DisplayError(srcaddr, ep, end, "AUTHORITY"); return; } - if (pkt.r.resrec.rrtype != kDNSType_NSEC3) + DisplayResourceRecord(srcaddr, "(AU)", &pkt.r.resrec); + if (pkt.r.resrec.rrtype == kDNSType_OPT) + { num_opts++; mprintf("%#-16a **** ERROR: OPT RECORD IN AUTHORITY SECTION ****\n", srcaddr); } + else if (pkt.r.resrec.rrtype != kDNSType_NSEC3) mprintf("%#-16a (?) **** ERROR: SHOULD NOT HAVE AUTHORITY IN mDNS RESPONSE **** %-5s %##s\n", - srcaddr, DNSTypeName(pkt.r.resrec.rrtype), pkt.r.resrec.name->c); + srcaddr, DNSTypeName(pkt.r.resrec.rrtype), pkt.r.resrec.name->c); } for (i=0; i<msg->h.numAdditionals; i++) @@ -736,12 +775,19 @@ mDNSlocal void DisplayResponse(mDNS *const m, const DNSMessage *const msg, const ptr = GetLargeResourceRecord(m, msg, ptr, end, InterfaceID, kDNSRecordTypePacketAdd, &pkt); if (!ptr) { DisplayError(srcaddr, ep, end, "ADDITIONAL"); return; } NumAdditionals++; + if (pkt.r.resrec.rrtype == kDNSType_OPT) num_opts++; DisplayResourceRecord(srcaddr, pkt.r.resrec.rrtype == kDNSType_OPT ? "(OP)" : (pkt.r.resrec.RecordType & kDNSRecordTypePacketUniqueMask) ? "(AD)" : "(AD+)", &pkt.r.resrec); if (entry) RecordHostInfo(entry, &pkt.r.resrec); } + DisplaySizeCheck(msg, end, srcaddr, num_opts); + + // We don't hexdump the DNSMessageHeader here because those six fields (id, flags, numQuestions, numAnswers, numAuthorities, numAdditionals) + // have already been swapped to host byte order and displayed, so including them in the hexdump is confusing + if (num_opts > 1) { mprintf("%#-16a **** ERROR: MULTIPLE OPT RECORDS ****\n", srcaddr); HexDump(msg->data, end); } + if (entry) AnalyseHost(m, entry, InterfaceID); } @@ -763,7 +809,7 @@ mDNSlocal void ProcessUnicastResponse(mDNS *const m, const DNSMessage *const msg mDNSlocal mDNSBool AddressMatchesFilterList(const mDNSAddr *srcaddr) { FilterList *f; - if (!Filters) return(srcaddr->type == mDNSAddrType_IPv4); + if (!Filters) return(srcaddr->type == AddressType); for (f=Filters; f; f=f->next) if (mDNSSameAddress(srcaddr, &f->FilterAddr)) return(mDNStrue); return(mDNSfalse); } @@ -930,9 +976,14 @@ mDNSexport int main(int argc, char **argv) if (i+1 < argc && !strcmp(argv[i], "-i") && atoi(argv[i+1])) { FilterInterface = atoi(argv[i+1]); - i += 2; + i += 1; printf("Monitoring interface %d\n", FilterInterface); } + else if (!strcmp(argv[i], "-6")) + { + AddressType = mDNSAddrType_IPv6; + printf("Monitoring IPv6 traffic\n"); + } else { struct in_addr s4; |