Wireshark · Ethereal-dev: [ethereal-dev] Quick hack to provide details about name lookups

Ethereal-dev: [ethereal-dev] Quick hack to provide details about name lookups

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: "Brian J. Murrell" <b2a2606a93e67a4d03ac45a88f7296c3@xxxxxxxxxxxxxxx>

Date: Sun, 7 Nov 1999 04:48:02 -0800 (PST)

Here is a small patch which allows some brief details about a DNS query/response to percolate upward to the packet summary pane. I always find it a PIA to have to open the tree view on every single DNS packet to find out just what was being asked and what was answered.

Please let me know if there is a better way to do this and I will rework it.

Please CC me on replies, as I am not on the list. I can't really devote any real time to another open source project, let alone it's mailing list :-), as much as I like sniffer software. I will contribute as I add stuff that I need to make the software more useful here. Thanx.

Oh, sweet looking package BTW folks. Great work!!

b.

? .packet-dns.c.swp
? dns.cap
Index: packet-dns.c
===================================================================
RCS file: /cvsroot/ethereal/packet-dns.c,v
retrieving revision 1.25
diff -u -r1.25 packet-dns.c
--- packet-dns.c	1999/10/16 15:08:11	1.25
+++ packet-dns.c	1999/11/07 12:44:25
@@ -466,7 +466,7 @@
 
 static int
 dissect_dns_query(const u_char *pd, int offset, int dns_data_offset,
-  proto_tree *dns_tree)
+  proto_tree *dns_tree, char *more_info)
 {
   int len;
   char name[MAXDNAME];
@@ -480,6 +480,7 @@
   const u_char *data_start;
   proto_tree *q_tree;
   proto_item *tq;
+  char info_text[1024];
 
   data_start = dptr = pd + offset;
 
@@ -495,6 +496,10 @@
   class_name = dns_class_name(class);
   long_type_name = dns_long_type_name(type);
 
+  snprintf(info_text, 1024, "%s %s", type_name, name);
+  strcat(more_info, info_text);
+  if (!dns_tree)
+    return dptr - data_start;
   tq = proto_tree_add_text(dns_tree, offset, len, "%s: type %s, class %s", 
 		   name, type_name, class_name);
   q_tree = proto_item_add_subtree(tq, ETT_DNS_QD);
@@ -535,7 +540,7 @@
 
 static int
 dissect_dns_answer(const u_char *pd, int offset, int dns_data_offset,
-  proto_tree *dns_tree)
+  proto_tree *dns_tree, char *more_info)
 {
   int len;
   char name[MAXDNAME];
@@ -552,6 +557,7 @@
   u_short data_len;
   proto_tree *rr_tree;
   proto_item *trr;
+  char info_text[1024];
 
   data_start = dptr = pd + offset;
   cur_offset = offset;
@@ -587,6 +593,10 @@
 
   switch (type) {
   case T_A:
+    snprintf(info_text, 1024, "%s %s", type_name, ip_to_str((guint8 *)dptr));
+    strcat(more_info, info_text);
+    if (!dns_tree)
+      break;
     trr = proto_tree_add_text(dns_tree, offset, (dptr - data_start) + data_len,
 		     "%s: type %s, class %s, addr %s",
 		     name, type_name, class_name,
@@ -607,6 +617,10 @@
       int ns_name_len;
       
       ns_name_len = get_dns_name(pd, cur_offset, dns_data_offset, ns_name, sizeof(ns_name));
+      snprintf(info_text, 1024, "%s %s", type_name, ns_name);
+      strcat(more_info, info_text);
+      if (!dns_tree)
+        break;
       trr = proto_tree_add_text(dns_tree, offset, (dptr - data_start) + data_len,
 		       "%s: type %s, class %s, ns %s",
 		       name, type_name, class_name, ns_name);
@@ -627,6 +641,10 @@
       int cname_len;
       
       cname_len = get_dns_name(pd, cur_offset, dns_data_offset, cname, sizeof(cname));
+      snprintf(info_text, 1024, "%s %s", type_name, cname);
+      strcat(more_info, info_text);
+      if (!dns_tree)
+        break;
       trr = proto_tree_add_text(dns_tree, offset, (dptr - data_start) + data_len,
 		     "%s: type %s, class %s, cname %s",
 		     name, type_name, class_name, cname);
@@ -660,6 +678,10 @@
       	/* We ran past the end of the captured data in the packet. */
         rname_len = -1;
       }
+      snprintf(info_text, 1024, "%s %s", type_name, mname);
+      strcat(more_info, info_text);
+      if (!dns_tree)
+        break;
       trr = proto_tree_add_text(dns_tree, offset, (dptr - data_start) + data_len,
 		     "%s: type %s, class %s, mname %s",
 		     name, type_name, class_name, mname);
@@ -733,6 +755,10 @@
       int pname_len;
       
       pname_len = get_dns_name(pd, cur_offset, dns_data_offset, pname, sizeof(pname));
+      snprintf(info_text, 1024, "%s %s", type_name, pname);
+      strcat(more_info, info_text);
+      if (!dns_tree)
+        break;
       trr = proto_tree_add_text(dns_tree, offset, (dptr - data_start) + data_len,
 		     "%s: type %s, class %s, ptr %s",
 		     name, type_name, class_name, pname);
@@ -762,6 +788,10 @@
 		       name, type_name, class_name, preference, mx_name);
       } else {
         preference = pntohs(&pd[cur_offset]);
+        snprintf(info_text, 1024, "%s %u %s", type_name, preference, mx_name);
+        strcat(more_info, info_text);
+        if (!dns_tree)
+          break;
         trr = proto_tree_add_text(dns_tree, offset, (dptr - data_start) + data_len,
 		       "%s: type %s, class %s, preference %u, mx %s",
 		       name, type_name, class_name, preference, mx_name);
@@ -784,6 +814,10 @@
       
   case T_LOC:
     {
+      snprintf(info_text, 1024, "%s", type_name);
+      strcat(more_info, info_text);
+      if (!dns_tree)
+	break;
       trr = proto_tree_add_text(dns_tree, offset, (dptr - data_start) + data_len,
 		     "%s: type %s, class %s",
 		     name, type_name, class_name);
@@ -853,6 +887,10 @@
     /* TODO: parse more record types */
 
   default:
+    snprintf(info_text, 1024, "%s", type_name);
+    strcat(more_info, info_text);
+    if (!dns_tree)
+      break;
     trr = proto_tree_add_text(dns_tree, offset, (dptr - data_start) + data_len,
                      "%s: type %s, class %s",
 		     name, type_name, class_name);
@@ -868,48 +906,60 @@
 
 static int
 dissect_query_records(const u_char *pd, int cur_off, int dns_data_offset,
-    int count, proto_tree *dns_tree)
+    int count, proto_tree *dns_tree, char *more_info)
 {
   int start_off, add_off;
-  proto_tree *qatree;
-  proto_item *ti;
+  proto_tree *qatree = NULL;
+  proto_item *ti = NULL;
   
   start_off = cur_off;
-  ti = proto_tree_add_text(dns_tree, start_off, 0, "Queries");
-  qatree = proto_item_add_subtree(ti, ETT_DNS_QRY);
+  if (dns_tree) {
+    ti = proto_tree_add_text(dns_tree, start_off, 0, "Queries");
+    qatree = proto_item_add_subtree(ti, ETT_DNS_QRY);
+  }
   while (count-- > 0) {
-    add_off = dissect_dns_query(pd, cur_off, dns_data_offset, qatree);
+    add_off = dissect_dns_query(pd, cur_off, dns_data_offset, qatree,
+				more_info);
+    strcat(more_info, " ");
     if (add_off <= 0) {
       /* We ran past the end of the captured data in the packet. */
       break;
     }
     cur_off += add_off;
   }
-  proto_item_set_len(ti, cur_off - start_off);
+  more_info[strlen(more_info) - 1] = '\0';
+  if (ti)
+    proto_item_set_len(ti, cur_off - start_off);
 
   return cur_off - start_off;
 }
 
 static int
 dissect_answer_records(const u_char *pd, int cur_off, int dns_data_offset,
-    int count, proto_tree *dns_tree, char *name)
+    int count, proto_tree *dns_tree, char *name, char *more_info)
 {
   int start_off, add_off;
-  proto_tree *qatree;
-  proto_item *ti;
+  proto_tree *qatree = NULL;
+  proto_item *ti = NULL;
   
   start_off = cur_off;
-  ti = proto_tree_add_text(dns_tree, start_off, 0, name);
-  qatree = proto_item_add_subtree(ti, ETT_DNS_ANS);
+  if (dns_tree) {
+    ti = proto_tree_add_text(dns_tree, start_off, 0, name);
+    qatree = proto_item_add_subtree(ti, ETT_DNS_ANS);
+  }
   while (count-- > 0) {
-    add_off = dissect_dns_answer(pd, cur_off, dns_data_offset, qatree);
+    add_off = dissect_dns_answer(pd, cur_off, dns_data_offset, qatree,
+				 more_info);
+    strcat(more_info, " ");
     if (add_off <= 0) {
       /* We ran past the end of the captured data in the packet. */
       break;
     }
     cur_off += add_off;
   }
-  proto_item_set_len(ti, cur_off - start_off);
+  more_info[strlen(more_info) - 1] = '\0';
+  if (ti)
+    proto_item_set_len(ti, cur_off - start_off);
 
   return cur_off - start_off;
 }
@@ -918,10 +968,10 @@
 dissect_dns(const u_char *pd, int offset, frame_data *fd, proto_tree *tree)
 {
   int dns_data_offset;
-  proto_tree *dns_tree, *field_tree;
+  proto_tree *dns_tree = NULL, *field_tree;
   proto_item *ti, *tf;
   guint16    id, flags, quest, ans, auth, add;
-  char buf[128+1];
+  char buf[128+1], more_info[1024];
   int cur_off;
   static const value_string opcode_vals[] = {
 		  { OPCODE_QUERY,  "Standard query"        },
@@ -956,13 +1006,6 @@
   auth  = pntohs(&pd[offset + DNS_AUTH]);
   add   = pntohs(&pd[offset + DNS_ADD]);
   
-  if (check_col(fd, COL_INFO)) {
-    col_add_fstr(fd, COL_INFO, "%s%s",
-                val_to_str(flags & F_OPCODE, opcode_vals,
-                           "Unknown operation (%x)"),
-                (flags & F_RESPONSE) ? " response" : "");
-  }
-  
   if (tree) {
     ti = proto_tree_add_item_format(tree, proto_dns, offset, 4, NULL,
 			  (flags & F_RESPONSE) ? "DNS response" : "DNS query");
@@ -1032,24 +1075,40 @@
     proto_tree_add_item(dns_tree, hf_dns_count_add_rr, 
 			offset + DNS_ADD, 2, add);
 
-    cur_off = offset + DNS_HDRLEN;
-    
-    if (quest > 0)
-      cur_off += dissect_query_records(pd, cur_off, dns_data_offset, quest,
-					dns_tree);
+  }
+  cur_off = offset + DNS_HDRLEN;
+
+  if (quest > 0) {
+    more_info[0] = '\0';
+    cur_off += dissect_query_records(pd, cur_off, dns_data_offset, quest,
+					dns_tree, more_info);
+  }
     
-    if (ans > 0)
-      cur_off += dissect_answer_records(pd, cur_off, dns_data_offset, ans,
-          dns_tree, "Answers");
+  if (ans > 0) {
+    more_info[0] = '\0';
+    cur_off += dissect_answer_records(pd, cur_off, dns_data_offset, ans,
+          dns_tree, "Answers", more_info);
+  }
     
+  if (tree) {
+    char no_more_info[1024];
     if (auth > 0)
       cur_off += dissect_answer_records(pd, cur_off, dns_data_offset, auth,
-          dns_tree, "Authoritative nameservers");
+          dns_tree, "Authoritative nameservers", no_more_info);
 
     if (add > 0)
       cur_off += dissect_answer_records(pd, cur_off, dns_data_offset, add,
-          dns_tree, "Additional records");
+          dns_tree, "Additional records", no_more_info);
+  }
+
+  if (check_col(fd, COL_INFO)) {
+    col_add_fstr(fd, COL_INFO, "%s%s %s",
+                val_to_str(flags & F_OPCODE, opcode_vals,
+                           "Unknown operation (%x)"),
+                (flags & F_RESPONSE) ? " response" : "",
+				more_info);
   }
+  
 }
 
 void

Brian J. Murrell
InterLinx Support Services, Inc. North Vancouver, B.C.
brian@xxxxxxxxxxxxxxxInternet Security and Connectivity

Follow-Ups:
- Re: [ethereal-dev] Quick hack to provide details about name lookups
  - From: Guy Harris

Prev by Date: Re: [gtk-list] Re: [ethereal-dev] Re: gtk-1.2.6 + AIX 4.3.2 == coredump
Next by Date: [ethereal-dev] Re: gtk-1.2.6 + AIX 4.3.2 == coredump
Previous by thread: [ethereal-dev] Re: gtk-1.2.6 + AIX 4.3.2 == coredump
Next by thread: Re: [ethereal-dev] Quick hack to provide details about name lookups
Index(es):
- Date
- Thread

Riverbed Cascade Pilot: Take Wireshark to the Next Level - Advanced Triggers and Alerts; Web and VoIP Analytics; Long-Term Trending and Forensics; Deep Packet Analysis with Wireshark

Riverbed Cascade Pilot Personal Edition: Take Wireshark to the Next Level - Advanced Triggers and Alerts; Web and VoIP Analytics; Long-Term Trending and Forensics; Deep Packet Analysis with Wireshark

Riverbed AirPcap: Complete Visibility of Your Wireless Networks; Multi-Channel, Aggregated Analysis; Portable and Versatile; Easy to Setup and Easy to Use; Ready to Power Your Application

$Riverbed TurboCap: Full-Speed GbE Capture; Port Aggregation; Pass-thru Mode; Aggregating Tap; Full-Speed GbE Injection; Exported Interfaces; TurboCap API Developer\'s Pack$