1 /* -*- Mode: C; tab-width: 4 -*-
3 * Copyright (c) 2002-2004 Apple Computer, Inc. All rights reserved.
5 * Licensed under the Apache License, Version 2.0 (the "License");
6 * you may not use this file except in compliance with the License.
7 * You may obtain a copy of the License at
9 * http://www.apache.org/licenses/LICENSE-2.0
11 * Unless required by applicable law or agreed to in writing, software
12 * distributed under the License is distributed on an "AS IS" BASIS,
13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 * See the License for the specific language governing permissions and
15 * limitations under the License.
18 * This code follows the "Whitesmiths style" C indentation rules. Plenty of discussion
19 * on C indentation can be found on the web, such as <http://www.kafejo.com/komp/1tbs.htm>,
20 * but for the sake of brevity here I will say just this: Curly braces are not syntactially
21 * part of an "if" statement; they are the beginning and ending markers of a compound statement;
22 * therefore common sense dictates that if they are part of a compound statement then they
23 * should be indented to the same level as everything else in that compound statement.
24 * Indenting curly braces at the same level as the "if" implies that curly braces are
25 * part of the "if", which is false. (This is as misleading as people who write "char* x,y;"
26 * thinking that variables x and y are both of type "char*" -- and anyone who doesn't
27 * understand why variable y is not of type "char*" just proves the point that poor code
28 * layout leads people to unfortunate misunderstandings about how the C language really works.)
30 Change History (most recent first):
32 $Log: NetMonitor.c,v $
33 Revision 1.94 2009/04/24 00:31:56 cheshire
34 <rdar://problem/3476350> Return negative answers when host knows authoritatively that no answer exists
35 Added code to display NSEC records
37 Revision 1.93 2009/01/13 05:31:34 mkrochma
38 <rdar://problem/6491367> Replace bzero, bcopy with mDNSPlatformMemZero, mDNSPlatformMemCopy, memset, memcpy
40 Revision 1.92 2009/01/11 03:20:06 mkrochma
41 <rdar://problem/5797526> Fixes from Igor Seleznev to get mdnsd working on Solaris
43 Revision 1.91 2008/11/13 22:08:07 cheshire
44 Show additional records in Query packets
46 Revision 1.90 2008/09/05 22:20:26 cheshire
47 <rdar://problem/3988320> Should use randomized source ports and transaction IDs to avoid DNS cache poisoning
48 Add "UDPSocket *src" parameter in mDNSPlatformSendUDP call
50 Revision 1.89 2007/05/17 19:12:42 cheshire
53 Revision 1.88 2007/04/22 20:16:25 cheshire
54 Fix compiler errors (const parameter declarations)
56 Revision 1.87 2007/04/16 20:49:39 cheshire
57 Fix compile errors for mDNSPosix build
59 Revision 1.86 2007/03/22 18:31:48 cheshire
60 Put dst parameter first in mDNSPlatformStrCopy/mDNSPlatformMemCopy, like conventional Posix strcpy/memcpy
62 Revision 1.85 2007/02/28 01:51:22 cheshire
63 Added comment about reverse-order IP address
65 Revision 1.84 2007/01/05 08:30:52 cheshire
66 Trim excessive "$Log" checkin history from before 2006
67 (checkin history still available via "cvs log ..." of course)
69 Revision 1.83 2006/11/18 05:01:32 cheshire
70 Preliminary support for unifying the uDNS and mDNS code,
71 including caching of uDNS answers
73 Revision 1.82 2006/08/14 23:24:46 cheshire
74 Re-licensed mDNSResponder daemon source code under Apache License, Version 2.0
76 Revision 1.81 2006/07/06 00:01:44 cheshire
77 <rdar://problem/4472014> Add Private DNS client functionality to mDNSResponder
78 Update mDNSSendDNSMessage() to use uDNS_TCPSocket type instead of "int"
80 Revision 1.80 2006/06/12 18:22:42 cheshire
81 <rdar://problem/4580067> mDNSResponder building warnings under Red Hat 64-bit (LP64) Linux
83 Revision 1.79 2006/04/26 20:48:33 cheshire
84 Make final count of unique source addresses show IPv4 and IPv6 counts separately
86 Revision 1.78 2006/04/25 00:42:24 cheshire
87 Add ability to specify a single interface index to capture on,
88 e.g. typically "-i 4" for Ethernet and "-i 5" for AirPort
90 Revision 1.77 2006/03/02 21:50:45 cheshire
91 Removed strange backslash at the end of a line
93 Revision 1.76 2006/02/23 23:38:43 cheshire
94 <rdar://problem/4427969> On FreeBSD 4 "arpa/inet.h" requires "netinet/in.h" be included first
96 Revision 1.75 2006/01/05 22:33:58 cheshire
97 Use IFNAMSIZ (more portable) instead of IF_NAMESIZE
101 //*************************************************************************************************************
102 // Incorporate mDNS.c functionality
104 // We want to use much of the functionality provided by "mDNS.c",
105 // except we'll steal the packets that would be sent to normal mDNSCoreReceive() routine
106 #define mDNSCoreReceive __NOT__mDNSCoreReceive__NOT__
108 #undef mDNSCoreReceive
110 //*************************************************************************************************************
113 #include <stdio.h> // For printf()
114 #include <stdlib.h> // For malloc()
115 #include <string.h> // For strrchr(), strcmp()
116 #include <time.h> // For "struct tm" etc.
117 #include <signal.h> // For SIGINT, SIGTERM
118 #include <netdb.h> // For gethostbyname()
119 #include <sys/socket.h> // For AF_INET, AF_INET6, etc.
120 #include <net/if.h> // For IF_NAMESIZE
121 #include <netinet/in.h> // For INADDR_NONE
122 #include <arpa/inet.h> // For inet_addr()
124 #include "mDNSPosix.h" // Defines the specific types needed to run mDNS on this platform
125 #include "ExampleClientApp.h"
127 //*************************************************************************************************************
128 // Types and structures
132 // Primitive operations
136 // These are meta-categories;
137 // Query and Answer operations are actually subdivided into two classes:
138 // Browse query/answer and
139 // Resolve query/answer
143 // The "Browse" variants of query/answer
148 // The "Resolve" variants of query/answer
156 typedef struct ActivityStat_struct ActivityStat
;
157 struct ActivityStat_struct
163 int stat
[OP_NumTypes
];
166 typedef struct FilterList_struct FilterList
;
167 struct FilterList_struct
173 //*************************************************************************************************************
176 #define kReportTopServices 15
177 #define kReportTopHosts 15
179 //*************************************************************************************************************
182 static mDNS mDNSStorage
; // mDNS core uses this to store its globals
183 static mDNS_PlatformSupport PlatformStorage
; // Stores this platform's globals
184 mDNSexport
const char ProgramName
[] = "mDNSNetMonitor";
186 struct timeval tv_start
, tv_end
, tv_interval
;
187 static int FilterInterface
= 0;
188 static FilterList
*Filters
;
189 #define ExactlyOneFilter (Filters && !Filters->next)
191 static int NumPktQ
, NumPktL
, NumPktR
, NumPktB
; // Query/Legacy/Response/Bad
192 static int NumProbes
, NumGoodbyes
, NumQuestions
, NumLegacy
, NumAnswers
, NumAdditionals
;
194 static ActivityStat
*stats
;
196 #define OPBanner "Total Ops Probe Goodbye BrowseQ BrowseA ResolveQ ResolveA"
198 //*************************************************************************************************************
201 // Special version of printf that knows how to print IP addresses, DNS-format name strings, etc.
202 mDNSlocal mDNSu32
mprintf(const char *format
, ...) IS_A_PRINTF_STYLE_FUNCTION(1,2);
203 mDNSlocal mDNSu32
mprintf(const char *format
, ...)
206 unsigned char buffer
[512];
208 va_start(ptr
,format
);
209 length
= mDNS_vsnprintf((char *)buffer
, sizeof(buffer
), format
, ptr
);
211 printf("%s", buffer
);
215 //*************************************************************************************************************
218 // Would benefit from a hash
222 HostPkt_Q
= 0, // Query
223 HostPkt_L
= 1, // Legacy Query
224 HostPkt_R
= 2, // Response
225 HostPkt_B
= 3, // Bad
232 unsigned long pkts
[HostPkt_NumTypes
];
233 unsigned long totalops
;
234 unsigned long stat
[OP_NumTypes
];
237 UTF8str255 HIHardware
;
238 UTF8str255 HISoftware
;
243 #define HostEntryTotalPackets(H) ((H)->pkts[HostPkt_Q] + (H)->pkts[HostPkt_L] + (H)->pkts[HostPkt_R] + (H)->pkts[HostPkt_B])
252 static HostList IPv4HostList
= { 0, 0, 0 };
253 static HostList IPv6HostList
= { 0, 0, 0 };
255 mDNSlocal HostEntry
*FindHost(const mDNSAddr
*addr
, HostList
*list
)
259 for (i
= 0; i
< list
->num
; i
++)
261 HostEntry
*entry
= list
->hosts
+ i
;
262 if (mDNSSameAddress(addr
, &entry
->addr
))
269 mDNSlocal HostEntry
*AddHost(const mDNSAddr
*addr
, HostList
*list
)
273 if (list
->num
>= list
->max
)
275 long newMax
= list
->max
+ 64;
276 HostEntry
*newHosts
= realloc(list
->hosts
, newMax
* sizeof(HostEntry
));
277 if (newHosts
== NULL
)
280 list
->hosts
= newHosts
;
283 entry
= list
->hosts
+ list
->num
++;
286 for (i
=0; i
<HostPkt_NumTypes
; i
++) entry
->pkts
[i
] = 0;
288 for (i
=0; i
<OP_NumTypes
; i
++) entry
->stat
[i
] = 0;
289 entry
->hostname
.c
[0] = 0;
290 entry
->revname
.c
[0] = 0;
291 entry
->HIHardware
.c
[0] = 0;
292 entry
->HISoftware
.c
[0] = 0;
293 entry
->NumQueries
= 0;
295 if (entry
->addr
.type
== mDNSAddrType_IPv4
)
297 mDNSv4Addr ip
= entry
->addr
.ip
.v4
;
299 // Note: This is reverse order compared to a normal dotted-decimal IP address, so we can't use our customary "%.4a" format code
300 mDNS_snprintf(buffer
, sizeof(buffer
), "%d.%d.%d.%d.in-addr.arpa.", ip
.b
[3], ip
.b
[2], ip
.b
[1], ip
.b
[0]);
301 MakeDomainNameFromDNSNameString(&entry
->revname
, buffer
);
307 mDNSlocal HostEntry
*GotPacketFromHost(const mDNSAddr
*addr
, HostPkt_Type t
, mDNSOpaque16 id
)
309 if (ExactlyOneFilter
) return(NULL
);
312 HostList
*list
= (addr
->type
== mDNSAddrType_IPv4
) ? &IPv4HostList
: &IPv6HostList
;
313 HostEntry
*entry
= FindHost(addr
, list
);
314 if (!entry
) entry
= AddHost(addr
, list
);
315 if (!entry
) return(NULL
);
316 // Don't count our own interrogation packets
317 if (id
.NotAnInteger
!= 0xFFFF) entry
->pkts
[t
]++;
322 mDNSlocal
void RecordHostInfo(HostEntry
*entry
, const ResourceRecord
*const pktrr
)
324 if (!entry
->hostname
.c
[0])
326 if (pktrr
->rrtype
== kDNSType_A
|| pktrr
->rrtype
== kDNSType_AAAA
)
328 // Should really check that the rdata in the address record matches the source address of this packet
329 entry
->NumQueries
= 0;
330 AssignDomainName(&entry
->hostname
, pktrr
->name
);
333 if (pktrr
->rrtype
== kDNSType_PTR
)
334 if (SameDomainName(&entry
->revname
, pktrr
->name
))
336 entry
->NumQueries
= 0;
337 AssignDomainName(&entry
->hostname
, &pktrr
->rdata
->u
.name
);
340 else if (pktrr
->rrtype
== kDNSType_HINFO
)
342 RDataBody
*rd
= &pktrr
->rdata
->u
;
343 mDNSu8
*rdend
= (mDNSu8
*)rd
+ pktrr
->rdlength
;
344 mDNSu8
*hw
= rd
->txt
.c
;
345 mDNSu8
*sw
= hw
+ 1 + (mDNSu32
)hw
[0];
346 if (sw
+ 1 + sw
[0] <= rdend
)
348 AssignDomainName(&entry
->hostname
, pktrr
->name
);
349 mDNSPlatformMemCopy(entry
->HIHardware
.c
, hw
, 1 + (mDNSu32
)hw
[0]);
350 mDNSPlatformMemCopy(entry
->HISoftware
.c
, sw
, 1 + (mDNSu32
)sw
[0]);
355 mDNSlocal
void SendUnicastQuery(mDNS
*const m
, HostEntry
*entry
, domainname
*name
, mDNSu16 rrtype
, mDNSInterfaceID InterfaceID
)
357 const mDNSOpaque16 id
= { { 0xFF, 0xFF } };
359 mDNSu8
*qptr
= query
.data
;
360 const mDNSu8
*const limit
= query
.data
+ sizeof(query
.data
);
361 const mDNSAddr
*target
= &entry
->addr
;
362 InitializeDNSMessage(&query
.h
, id
, QueryFlags
);
363 qptr
= putQuestion(&query
, qptr
, limit
, name
, rrtype
, kDNSClass_IN
);
364 entry
->LastQuery
= m
->timenow
;
367 // Note: When there are multiple mDNSResponder agents running on a single machine
368 // (e.g. Apple mDNSResponder plus a SliMP3 server with embedded mDNSResponder)
369 // it is possible that unicast queries may not go to the primary system responder.
370 // We try the first query using unicast, but if that doesn't work we try again via multicast.
371 if (entry
->NumQueries
> 2)
373 target
= &AllDNSLinkGroup_v4
;
377 //mprintf("%#a Q\n", target);
378 InterfaceID
= mDNSInterface_Any
; // Send query from our unicast reply socket
381 mDNSSendDNSMessage(&mDNSStorage
, &query
, qptr
, InterfaceID
, mDNSNULL
, target
, MulticastDNSPort
, mDNSNULL
, mDNSNULL
);
384 mDNSlocal
void AnalyseHost(mDNS
*const m
, HostEntry
*entry
, const mDNSInterfaceID InterfaceID
)
386 // If we've done four queries without answer, give up
387 if (entry
->NumQueries
>= 4) return;
389 // If we've done a query in the last second, give the host a chance to reply before trying again
390 if (entry
->NumQueries
&& m
->timenow
- entry
->LastQuery
< mDNSPlatformOneSecond
) return;
392 // If we don't know the host name, try to find that first
393 if (!entry
->hostname
.c
[0])
395 if (entry
->revname
.c
[0])
397 SendUnicastQuery(m
, entry
, &entry
->revname
, kDNSType_PTR
, InterfaceID
);
398 //mprintf("%##s PTR %d\n", entry->revname.c, entry->NumQueries);
401 // If we have the host name but no HINFO, now ask for that
402 else if (!entry
->HIHardware
.c
[0])
404 SendUnicastQuery(m
, entry
, &entry
->hostname
, kDNSType_HINFO
, InterfaceID
);
405 //mprintf("%##s HINFO %d\n", entry->hostname.c, entry->NumQueries);
409 mDNSlocal
int CompareHosts(const void *p1
, const void *p2
)
411 return (int)(HostEntryTotalPackets((HostEntry
*)p2
) - HostEntryTotalPackets((HostEntry
*)p1
));
414 mDNSlocal
void ShowSortedHostList(HostList
*list
, int max
)
416 HostEntry
*e
, *end
= &list
->hosts
[(max
< list
->num
) ? max
: list
->num
];
417 qsort(list
->hosts
, list
->num
, sizeof(HostEntry
), CompareHosts
);
418 if (list
->num
) mprintf("\n%-25s%s%s\n", "Source Address", OPBanner
, " Pkts Query LegacyQ Response");
419 for (e
= &list
->hosts
[0]; e
< end
; e
++)
421 int len
= mprintf("%#-25a", &e
->addr
);
422 if (len
> 25) mprintf("\n%25s", "");
423 mprintf("%8lu %8lu %8lu %8lu %8lu %8lu %8lu", e
->totalops
,
424 e
->stat
[OP_probe
], e
->stat
[OP_goodbye
],
425 e
->stat
[OP_browseq
], e
->stat
[OP_browsea
],
426 e
->stat
[OP_resolveq
], e
->stat
[OP_resolvea
]);
427 mprintf(" %8lu %8lu %8lu %8lu",
428 HostEntryTotalPackets(e
), e
->pkts
[HostPkt_Q
], e
->pkts
[HostPkt_L
], e
->pkts
[HostPkt_R
]);
429 if (e
->pkts
[HostPkt_B
]) mprintf("Bad: %8lu", e
->pkts
[HostPkt_B
]);
431 if (!e
->HISoftware
.c
[0] && e
->NumQueries
> 2)
432 mDNSPlatformMemCopy(&e
->HISoftware
, "\x27*** Unknown (Jaguar, Windows, etc.) ***", 0x28);
433 if (e
->hostname
.c
[0] || e
->HIHardware
.c
[0] || e
->HISoftware
.c
[0])
434 mprintf("%##-45s %#-14s %#s\n", e
->hostname
.c
, e
->HIHardware
.c
, e
->HISoftware
.c
);
438 //*************************************************************************************************************
439 // Receive and process packets
441 mDNSexport mDNSBool
ExtractServiceType(const domainname
*const fqdn
, domainname
*const srvtype
)
444 const mDNSu8
*src
= fqdn
->c
;
445 mDNSu8
*dst
= srvtype
->c
;
448 if (len
== 0 || len
>= 0x40) return(mDNSfalse
);
449 if (src
[1] != '_') src
+= 1 + len
;
452 if (len
== 0 || len
>= 0x40 || src
[1] != '_') return(mDNSfalse
);
453 for (i
=0; i
<=len
; i
++) *dst
++ = *src
++;
456 if (len
== 0 || len
>= 0x40 || src
[1] != '_') return(mDNSfalse
);
457 for (i
=0; i
<=len
; i
++) *dst
++ = *src
++;
459 *dst
++ = 0; // Put the null root label on the end of the service type
464 mDNSlocal
void recordstat(HostEntry
*entry
, const domainname
*fqdn
, int op
, mDNSu16 rrtype
)
466 ActivityStat
**s
= &stats
;
471 if (rrtype
== kDNSType_SRV
|| rrtype
== kDNSType_TXT
) op
= op
- OP_browsegroup
+ OP_resolvegroup
;
472 else if (rrtype
!= kDNSType_PTR
) return;
475 if (!ExtractServiceType(fqdn
, &srvtype
)) return;
477 while (*s
&& !SameDomainName(&(*s
)->srvtype
, &srvtype
)) s
= &(*s
)->next
;
481 *s
= malloc(sizeof(ActivityStat
));
484 (*s
)->srvtype
= srvtype
;
487 for (i
=0; i
<OP_NumTypes
; i
++) (*s
)->stat
[i
] = 0;
499 mDNSlocal
void printstats(int max
)
503 for (i
=0; i
<max
; i
++)
506 ActivityStat
*s
, *m
= NULL
;
507 for (s
= stats
; s
; s
=s
->next
)
508 if (!s
->printed
&& max
< s
->totalops
)
509 { m
= s
; max
= s
->totalops
; }
511 m
->printed
= mDNStrue
;
512 if (i
==0) mprintf("%-25s%s\n", "Service Type", OPBanner
);
513 mprintf("%##-25s%8d %8d %8d %8d %8d %8d %8d\n", m
->srvtype
.c
, m
->totalops
, m
->stat
[OP_probe
],
514 m
->stat
[OP_goodbye
], m
->stat
[OP_browseq
], m
->stat
[OP_browsea
], m
->stat
[OP_resolveq
], m
->stat
[OP_resolvea
]);
518 mDNSlocal
const mDNSu8
*FindUpdate(mDNS
*const m
, const DNSMessage
*const query
, const mDNSu8
*ptr
, const mDNSu8
*const end
,
519 DNSQuestion
*q
, LargeCacheRecord
*pkt
)
522 for (i
= 0; i
< query
->h
.numAuthorities
; i
++)
524 const mDNSu8
*p2
= ptr
;
525 ptr
= GetLargeResourceRecord(m
, query
, ptr
, end
, q
->InterfaceID
, kDNSRecordTypePacketAuth
, pkt
);
527 if (ResourceRecordAnswersQuestion(&pkt
->r
.resrec
, q
)) return(p2
);
532 mDNSlocal
void DisplayPacketHeader(mDNS
*const m
, const DNSMessage
*const msg
, const mDNSu8
*const end
, const mDNSAddr
*srcaddr
, mDNSIPPort srcport
, const mDNSAddr
*dstaddr
, const mDNSInterfaceID InterfaceID
)
534 const char *const ptype
= (msg
->h
.flags
.b
[0] & kDNSFlag0_QR_Response
) ? "-R- " :
535 (srcport
.NotAnInteger
== MulticastDNSPort
.NotAnInteger
) ? "-Q- " : "-LQ-";
539 const mDNSu32 index
= mDNSPlatformInterfaceIndexfromInterfaceID(m
, InterfaceID
);
540 char if_name
[IFNAMSIZ
]; // Older Linux distributions don't define IF_NAMESIZE
541 if_indextoname(index
, if_name
);
542 gettimeofday(&tv
, NULL
);
543 localtime_r((time_t*)&tv
.tv_sec
, &tm
);
544 mprintf("\n%d:%02d:%02d.%06d Interface %d/%s\n", tm
.tm_hour
, tm
.tm_min
, tm
.tm_sec
, tv
.tv_usec
, index
, if_name
);
546 mprintf("%#-16a %s Q:%3d Ans:%3d Auth:%3d Add:%3d Size:%5d bytes",
547 srcaddr
, ptype
, msg
->h
.numQuestions
, msg
->h
.numAnswers
, msg
->h
.numAuthorities
, msg
->h
.numAdditionals
, end
- (mDNSu8
*)msg
);
549 if (msg
->h
.id
.NotAnInteger
) mprintf(" ID:%u", mDNSVal16(msg
->h
.id
));
551 if (!mDNSAddrIsDNSMulticast(dstaddr
)) mprintf(" To: %#a", dstaddr
);
553 if (msg
->h
.flags
.b
[0] & kDNSFlag0_TC
)
555 if (msg
->h
.flags
.b
[0] & kDNSFlag0_QR_Response
) mprintf(" Truncated");
556 else mprintf(" Truncated (KA list continues in next packet)");
561 mDNSlocal
void DisplayResourceRecord(const mDNSAddr
*const srcaddr
, const char *const op
, const ResourceRecord
*const pktrr
)
563 static const char hexchars
[16] = "0123456789ABCDEF";
565 char buffer
[MaxWidth
+8];
568 RDataBody
*rd
= &pktrr
->rdata
->u
;
569 mDNSu8
*rdend
= (mDNSu8
*)rd
+ pktrr
->rdlength
;
570 int n
= mprintf("%#-16a %-5s %-5s%5lu %##s -> ", srcaddr
, op
, DNSTypeName(pktrr
->rrtype
), pktrr
->rroriginalttl
, pktrr
->name
->c
);
572 switch(pktrr
->rrtype
)
574 case kDNSType_A
: n
+= mprintf("%.4a", &rd
->ipv4
); break;
575 case kDNSType_PTR
: n
+= mprintf("%##.*s", MaxWidth
- n
, rd
->name
.c
); break;
576 case kDNSType_HINFO
:// same as kDNSType_TXT below
578 mDNSu8
*t
= rd
->txt
.c
;
579 while (t
< rdend
&& t
[0] && p
< buffer
+MaxWidth
)
582 for (i
=1; i
<=t
[0] && p
< buffer
+MaxWidth
; i
++)
584 if (t
[i
] == '\\') *p
++ = '\\';
585 if (t
[i
] >= ' ') *p
++ = t
[i
];
591 *p
++ = hexchars
[t
[i
] >> 4];
592 *p
++ = hexchars
[t
[i
] & 0xF];
596 if (t
< rdend
&& t
[0]) { *p
++ = '\\'; *p
++ = ' '; }
599 n
+= mprintf("%.*s", MaxWidth
- n
, buffer
);
601 case kDNSType_AAAA
: n
+= mprintf("%.16a", &rd
->ipv6
); break;
602 case kDNSType_SRV
: n
+= mprintf("%##s:%d", rd
->srv
.target
.c
, mDNSVal16(rd
->srv
.port
)); break;
603 case kDNSType_NSEC
: {
605 for (i
=0; i
<255; i
++)
606 if (rd
->nsec
.bitmap
[i
>>3] & (128 >> (i
&7)))
607 n
+= mprintf("%s ", DNSTypeName(i
));
610 mDNSu8
*s
= rd
->data
;
611 while (s
< rdend
&& p
< buffer
+MaxWidth
)
613 if (*s
== '\\') *p
++ = '\\';
614 if (*s
>= ' ') *p
++ = *s
;
620 *p
++ = hexchars
[*s
>> 4];
621 *p
++ = hexchars
[*s
& 0xF];
626 n
+= mprintf("%.*s", MaxWidth
- n
, buffer
);
633 mDNSlocal
void HexDump(const mDNSu8
*ptr
, const mDNSu8
*const end
)
639 if (&ptr
[i
] < end
) mprintf("%02X ", ptr
[i
]);
642 if (&ptr
[i
] < end
) mprintf("%c", ptr
[i
] <= ' ' || ptr
[i
] >= 126 ? '.' : ptr
[i
]);
648 mDNSlocal
void DisplayError(const mDNSAddr
*srcaddr
, const mDNSu8
*ptr
, const mDNSu8
*const end
, char *msg
)
650 mprintf("%#-16a **** ERROR: FAILED TO READ %s **** \n", srcaddr
, msg
);
654 mDNSlocal
void DisplayQuery(mDNS
*const m
, const DNSMessage
*const msg
, const mDNSu8
*const end
,
655 const mDNSAddr
*srcaddr
, mDNSIPPort srcport
, const mDNSAddr
*dstaddr
, const mDNSInterfaceID InterfaceID
)
658 const mDNSu8
*ptr
= msg
->data
;
659 const mDNSu8
*auth
= LocateAuthorities(msg
, end
);
660 mDNSBool MQ
= (srcport
.NotAnInteger
== MulticastDNSPort
.NotAnInteger
);
661 HostEntry
*entry
= GotPacketFromHost(srcaddr
, MQ
? HostPkt_Q
: HostPkt_L
, msg
->h
.id
);
662 LargeCacheRecord pkt
;
664 DisplayPacketHeader(m
, msg
, end
, srcaddr
, srcport
, dstaddr
, InterfaceID
);
665 if (msg
->h
.id
.NotAnInteger
!= 0xFFFF)
667 if (MQ
) NumPktQ
++; else NumPktL
++;
670 for (i
=0; i
<msg
->h
.numQuestions
; i
++)
673 mDNSu8
*p2
= (mDNSu8
*)getQuestion(msg
, ptr
, end
, InterfaceID
, &q
);
674 mDNSu16 ucbit
= q
.qclass
& kDNSQClass_UnicastResponse
;
675 q
.qclass
&= ~kDNSQClass_UnicastResponse
;
676 if (!p2
) { DisplayError(srcaddr
, ptr
, end
, "QUESTION"); return; }
678 p2
= (mDNSu8
*)FindUpdate(m
, msg
, auth
, end
, &q
, &pkt
);
682 DisplayResourceRecord(srcaddr
, ucbit
? "(PU)" : "(PM)", &pkt
.r
.resrec
);
683 recordstat(entry
, &q
.qname
, OP_probe
, q
.qtype
);
684 p2
= (mDNSu8
*)skipDomainName(msg
, p2
, end
);
685 // Having displayed this update record, clear type and class so we don't display the same one again.
686 p2
[0] = p2
[1] = p2
[2] = p2
[3] = 0;
690 const char *ptype
= ucbit
? "(QU)" : "(QM)";
691 if (srcport
.NotAnInteger
== MulticastDNSPort
.NotAnInteger
) NumQuestions
++;
692 else { NumLegacy
++; ptype
= "(LQ)"; }
693 mprintf("%#-16a %-5s %-5s %##s\n", srcaddr
, ptype
, DNSTypeName(q
.qtype
), q
.qname
.c
);
694 if (msg
->h
.id
.NotAnInteger
!= 0xFFFF) recordstat(entry
, &q
.qname
, OP_query
, q
.qtype
);
698 for (i
=0; i
<msg
->h
.numAnswers
; i
++)
700 const mDNSu8
*ep
= ptr
;
701 ptr
= GetLargeResourceRecord(m
, msg
, ptr
, end
, InterfaceID
, kDNSRecordTypePacketAns
, &pkt
);
702 if (!ptr
) { DisplayError(srcaddr
, ep
, end
, "KNOWN ANSWER"); return; }
703 DisplayResourceRecord(srcaddr
, "(KA)", &pkt
.r
.resrec
);
705 // In the case of queries with long multi-packet KA lists, we count each subsequent KA packet
706 // the same as a single query, to more accurately reflect the burden on the network
707 // (A query with a six-packet KA list is *at least* six times the burden on the network as a single-packet query.)
708 if (msg
->h
.numQuestions
== 0 && i
== 0)
709 recordstat(entry
, pkt
.r
.resrec
.name
, OP_query
, pkt
.r
.resrec
.rrtype
);
712 for (i
=0; i
<msg
->h
.numAuthorities
; i
++)
714 const mDNSu8
*ep
= ptr
;
715 ptr
= skipResourceRecord(msg
, ptr
, end
);
716 if (!ptr
) { DisplayError(srcaddr
, ep
, end
, "AUTHORITY"); return; }
719 for (i
=0; i
<msg
->h
.numAdditionals
; i
++)
721 const mDNSu8
*ep
= ptr
;
722 ptr
= GetLargeResourceRecord(m
, msg
, ptr
, end
, InterfaceID
, kDNSRecordTypePacketAns
, &pkt
);
723 if (!ptr
) { DisplayError(srcaddr
, ep
, end
, "ADDITIONAL"); return; }
724 DisplayResourceRecord(srcaddr
, " ", &pkt
.r
.resrec
);
727 if (entry
) AnalyseHost(m
, entry
, InterfaceID
);
730 mDNSlocal
void DisplayResponse(mDNS
*const m
, const DNSMessage
*const msg
, const mDNSu8
*end
,
731 const mDNSAddr
*srcaddr
, mDNSIPPort srcport
, const mDNSAddr
*dstaddr
, const mDNSInterfaceID InterfaceID
)
734 const mDNSu8
*ptr
= msg
->data
;
735 HostEntry
*entry
= GotPacketFromHost(srcaddr
, HostPkt_R
, msg
->h
.id
);
736 LargeCacheRecord pkt
;
738 DisplayPacketHeader(m
, msg
, end
, srcaddr
, srcport
, dstaddr
, InterfaceID
);
739 if (msg
->h
.id
.NotAnInteger
!= 0xFFFF) NumPktR
++;
741 for (i
=0; i
<msg
->h
.numQuestions
; i
++)
744 const mDNSu8
*ep
= ptr
;
745 ptr
= getQuestion(msg
, ptr
, end
, InterfaceID
, &q
);
746 if (!ptr
) { DisplayError(srcaddr
, ep
, end
, "QUESTION"); return; }
747 if (mDNSAddrIsDNSMulticast(dstaddr
))
748 mprintf("%#-16a (?) **** ERROR: SHOULD NOT HAVE Q IN mDNS RESPONSE **** %-5s %##s\n", srcaddr
, DNSTypeName(q
.qtype
), q
.qname
.c
);
750 mprintf("%#-16a (Q) %-5s %##s\n", srcaddr
, DNSTypeName(q
.qtype
), q
.qname
.c
);
753 for (i
=0; i
<msg
->h
.numAnswers
; i
++)
755 const mDNSu8
*ep
= ptr
;
756 ptr
= GetLargeResourceRecord(m
, msg
, ptr
, end
, InterfaceID
, kDNSRecordTypePacketAns
, &pkt
);
757 if (!ptr
) { DisplayError(srcaddr
, ep
, end
, "ANSWER"); return; }
758 if (pkt
.r
.resrec
.rroriginalttl
)
761 DisplayResourceRecord(srcaddr
, (pkt
.r
.resrec
.RecordType
& kDNSRecordTypePacketUniqueMask
) ? "(AN)" : "(AN+)", &pkt
.r
.resrec
);
762 if (msg
->h
.id
.NotAnInteger
!= 0xFFFF) recordstat(entry
, pkt
.r
.resrec
.name
, OP_answer
, pkt
.r
.resrec
.rrtype
);
763 if (entry
) RecordHostInfo(entry
, &pkt
.r
.resrec
);
768 DisplayResourceRecord(srcaddr
, "(DE)", &pkt
.r
.resrec
);
769 recordstat(entry
, pkt
.r
.resrec
.name
, OP_goodbye
, pkt
.r
.resrec
.rrtype
);
773 for (i
=0; i
<msg
->h
.numAuthorities
; i
++)
775 const mDNSu8
*ep
= ptr
;
776 ptr
= GetLargeResourceRecord(m
, msg
, ptr
, end
, InterfaceID
, kDNSRecordTypePacketAuth
, &pkt
);
777 if (!ptr
) { DisplayError(srcaddr
, ep
, end
, "AUTHORITY"); return; }
778 mprintf("%#-16a (?) **** ERROR: SHOULD NOT HAVE AUTHORITY IN mDNS RESPONSE **** %-5s %##s\n",
779 srcaddr
, DNSTypeName(pkt
.r
.resrec
.rrtype
), pkt
.r
.resrec
.name
->c
);
782 for (i
=0; i
<msg
->h
.numAdditionals
; i
++)
784 const mDNSu8
*ep
= ptr
;
785 ptr
= GetLargeResourceRecord(m
, msg
, ptr
, end
, InterfaceID
, kDNSRecordTypePacketAdd
, &pkt
);
786 if (!ptr
) { DisplayError(srcaddr
, ep
, end
, "ADDITIONAL"); return; }
788 DisplayResourceRecord(srcaddr
, (pkt
.r
.resrec
.RecordType
& kDNSRecordTypePacketUniqueMask
) ? "(AD)" : "(AD+)", &pkt
.r
.resrec
);
789 if (entry
) RecordHostInfo(entry
, &pkt
.r
.resrec
);
792 if (entry
) AnalyseHost(m
, entry
, InterfaceID
);
795 mDNSlocal
void ProcessUnicastResponse(mDNS
*const m
, const DNSMessage
*const msg
, const mDNSu8
*end
, const mDNSAddr
*srcaddr
, const mDNSInterfaceID InterfaceID
)
798 const mDNSu8
*ptr
= LocateAnswers(msg
, end
);
799 HostEntry
*entry
= GotPacketFromHost(srcaddr
, HostPkt_R
, msg
->h
.id
);
800 //mprintf("%#a R\n", srcaddr);
802 for (i
=0; i
<msg
->h
.numAnswers
+ msg
->h
.numAuthorities
+ msg
->h
.numAdditionals
; i
++)
804 LargeCacheRecord pkt
;
805 ptr
= GetLargeResourceRecord(m
, msg
, ptr
, end
, InterfaceID
, kDNSRecordTypePacketAns
, &pkt
);
806 if (pkt
.r
.resrec
.rroriginalttl
&& entry
) RecordHostInfo(entry
, &pkt
.r
.resrec
);
810 mDNSlocal mDNSBool
AddressMatchesFilterList(const mDNSAddr
*srcaddr
)
813 if (!Filters
) return(srcaddr
->type
== mDNSAddrType_IPv4
);
814 for (f
=Filters
; f
; f
=f
->next
) if (mDNSSameAddress(srcaddr
, &f
->FilterAddr
)) return(mDNStrue
);
818 mDNSexport
void mDNSCoreReceive(mDNS
*const m
, DNSMessage
*const msg
, const mDNSu8
*const end
,
819 const mDNSAddr
*srcaddr
, mDNSIPPort srcport
, const mDNSAddr
*dstaddr
, mDNSIPPort dstport
, const mDNSInterfaceID InterfaceID
)
821 const mDNSu8 StdQ
= kDNSFlag0_QR_Query
| kDNSFlag0_OP_StdQuery
;
822 const mDNSu8 StdR
= kDNSFlag0_QR_Response
| kDNSFlag0_OP_StdQuery
;
823 const mDNSu8 QR_OP
= (mDNSu8
)(msg
->h
.flags
.b
[0] & kDNSFlag0_QROP_Mask
);
824 mDNSu8
*ptr
= (mDNSu8
*)&msg
->h
.numQuestions
;
825 int goodinterface
= (FilterInterface
== 0);
827 (void)dstaddr
; // Unused
828 (void)dstport
; // Unused
830 // Read the integer parts which are in IETF byte-order (MSB first, LSB second)
831 msg
->h
.numQuestions
= (mDNSu16
)((mDNSu16
)ptr
[0] << 8 | ptr
[1]);
832 msg
->h
.numAnswers
= (mDNSu16
)((mDNSu16
)ptr
[2] << 8 | ptr
[3]);
833 msg
->h
.numAuthorities
= (mDNSu16
)((mDNSu16
)ptr
[4] << 8 | ptr
[5]);
834 msg
->h
.numAdditionals
= (mDNSu16
)((mDNSu16
)ptr
[6] << 8 | ptr
[7]);
836 // For now we're only interested in monitoring IPv4 traffic.
837 // All IPv6 packets should just be duplicates of the v4 packets.
838 if (!goodinterface
) goodinterface
= (FilterInterface
== (int)mDNSPlatformInterfaceIndexfromInterfaceID(m
, InterfaceID
));
839 if (goodinterface
&& AddressMatchesFilterList(srcaddr
))
842 if (!mDNSAddrIsDNSMulticast(dstaddr
))
844 if (QR_OP
== StdQ
) mprintf("Unicast query from %#a\n", srcaddr
);
845 else if (QR_OP
== StdR
) ProcessUnicastResponse(m
, msg
, end
, srcaddr
, InterfaceID
);
849 if (QR_OP
== StdQ
) DisplayQuery (m
, msg
, end
, srcaddr
, srcport
, dstaddr
, InterfaceID
);
850 else if (QR_OP
== StdR
) DisplayResponse (m
, msg
, end
, srcaddr
, srcport
, dstaddr
, InterfaceID
);
853 debugf("Unknown DNS packet type %02X%02X (ignored)", msg
->h
.flags
.b
[0], msg
->h
.flags
.b
[1]);
854 GotPacketFromHost(srcaddr
, HostPkt_B
, msg
->h
.id
);
862 mDNSlocal mStatus
mDNSNetMonitor(void)
865 int h
, m
, s
, mul
, div
, TotPkt
;
868 mStatus status
= mDNS_Init(&mDNSStorage
, &PlatformStorage
,
869 mDNS_Init_NoCache
, mDNS_Init_ZeroCacheSize
,
870 mDNS_Init_DontAdvertiseLocalAddresses
,
871 mDNS_Init_NoInitCallback
, mDNS_Init_NoInitCallbackContext
);
872 if (status
) return(status
);
874 gettimeofday(&tv_start
, NULL
);
875 mDNSPosixListenForSignalInEventLoop(SIGINT
);
876 mDNSPosixListenForSignalInEventLoop(SIGTERM
);
880 struct timeval timeout
= { 0x3FFFFFFF, 0 }; // wait until SIGINT or SIGTERM
881 mDNSBool gotSomething
;
882 mDNSPosixRunEventLoopOnce(&mDNSStorage
, &timeout
, &signals
, &gotSomething
);
884 while ( !( sigismember( &signals
, SIGINT
) || sigismember( &signals
, SIGTERM
)));
886 // Now display final summary
887 TotPkt
= NumPktQ
+ NumPktL
+ NumPktR
;
888 gettimeofday(&tv_end
, NULL
);
889 tv_interval
= tv_end
;
890 if (tv_start
.tv_usec
> tv_interval
.tv_usec
)
891 { tv_interval
.tv_usec
+= 1000000; tv_interval
.tv_sec
--; }
892 tv_interval
.tv_sec
-= tv_start
.tv_sec
;
893 tv_interval
.tv_usec
-= tv_start
.tv_usec
;
894 h
= (tv_interval
.tv_sec
/ 3600);
895 m
= (tv_interval
.tv_sec
% 3600) / 60;
896 s
= (tv_interval
.tv_sec
% 60);
897 if (tv_interval
.tv_sec
> 10)
900 div
= tv_interval
.tv_sec
;
905 div
= tv_interval
.tv_sec
* 1000 + tv_interval
.tv_usec
/ 1000;
910 localtime_r((time_t*)&tv_start
.tv_sec
, &tm
);
911 mprintf("Started %3d:%02d:%02d.%06d\n", tm
.tm_hour
, tm
.tm_min
, tm
.tm_sec
, tv_start
.tv_usec
);
912 localtime_r((time_t*)&tv_end
.tv_sec
, &tm
);
913 mprintf("End %3d:%02d:%02d.%06d\n", tm
.tm_hour
, tm
.tm_min
, tm
.tm_sec
, tv_end
.tv_usec
);
914 mprintf("Captured for %3d:%02d:%02d.%06d\n", h
, m
, s
, tv_interval
.tv_usec
);
917 mprintf("Unique source addresses seen on network:");
918 if (IPv4HostList
.num
) mprintf(" %ld (IPv4)", IPv4HostList
.num
);
919 if (IPv6HostList
.num
) mprintf(" %ld (IPv6)", IPv6HostList
.num
);
920 if (!IPv4HostList
.num
&& !IPv6HostList
.num
) mprintf(" None");
924 mprintf("Modern Query Packets: %7d (avg%5d/min)\n", NumPktQ
, NumPktQ
* mul
/ div
);
925 mprintf("Legacy Query Packets: %7d (avg%5d/min)\n", NumPktL
, NumPktL
* mul
/ div
);
926 mprintf("Multicast Response Packets: %7d (avg%5d/min)\n", NumPktR
, NumPktR
* mul
/ div
);
927 mprintf("Total Multicast Packets: %7d (avg%5d/min)\n", TotPkt
, TotPkt
* mul
/ div
);
929 mprintf("Total New Service Probes: %7d (avg%5d/min)\n", NumProbes
, NumProbes
* mul
/ div
);
930 mprintf("Total Goodbye Announcements: %7d (avg%5d/min)\n", NumGoodbyes
, NumGoodbyes
* mul
/ div
);
931 mprintf("Total Query Questions: %7d (avg%5d/min)\n", NumQuestions
, NumQuestions
* mul
/ div
);
932 mprintf("Total Queries from Legacy Clients:%7d (avg%5d/min)\n", NumLegacy
, NumLegacy
* mul
/ div
);
933 mprintf("Total Answers/Announcements: %7d (avg%5d/min)\n", NumAnswers
, NumAnswers
* mul
/ div
);
934 mprintf("Total Additional Records: %7d (avg%5d/min)\n", NumAdditionals
, NumAdditionals
* mul
/ div
);
936 printstats(kReportTopServices
);
938 if (!ExactlyOneFilter
)
940 ShowSortedHostList(&IPv4HostList
, kReportTopHosts
);
941 ShowSortedHostList(&IPv6HostList
, kReportTopHosts
);
944 mDNS_Close(&mDNSStorage
);
948 mDNSexport
int main(int argc
, char **argv
)
950 const char *progname
= strrchr(argv
[0], '/') ? strrchr(argv
[0], '/') + 1 : argv
[0];
954 setlinebuf(stdout
); // Want to see lines as they appear, not block buffered
956 for (i
=1; i
<argc
; i
++)
958 if (i
+1 < argc
&& !strcmp(argv
[i
], "-i") && atoi(argv
[i
+1]))
960 FilterInterface
= atoi(argv
[i
+1]);
962 printf("Monitoring interface %d\n", FilterInterface
);
970 a
.type
= mDNSAddrType_IPv4
;
972 if (inet_pton(AF_INET
, argv
[i
], &s4
) == 1)
973 a
.ip
.v4
.NotAnInteger
= s4
.s_addr
;
974 else if (inet_pton(AF_INET6
, argv
[i
], &s6
) == 1)
976 a
.type
= mDNSAddrType_IPv6
;
977 mDNSPlatformMemCopy(&a
.ip
.v6
, &s6
, sizeof(a
.ip
.v6
));
981 struct hostent
*h
= gethostbyname(argv
[i
]);
982 if (h
) a
.ip
.v4
.NotAnInteger
= *(long*)h
->h_addr
;
986 f
= malloc(sizeof(*f
));
993 status
= mDNSNetMonitor();
994 if (status
) { fprintf(stderr
, "%s: mDNSNetMonitor failed %d\n", progname
, (int)status
); return(status
); }
998 fprintf(stderr
, "\nmDNS traffic monitor\n");
999 fprintf(stderr
, "Usage: %s (<host>)\n", progname
);
1000 fprintf(stderr
, "Optional <host> parameter displays only packets from that host\n");
1002 fprintf(stderr
, "\nPer-packet header output:\n");
1003 fprintf(stderr
, "-Q- Multicast Query from mDNS client that accepts multicast responses\n");
1004 fprintf(stderr
, "-R- Multicast Response packet containing answers/announcements\n");
1005 fprintf(stderr
, "-LQ- Multicast Query from legacy client that does *not* listen for multicast responses\n");
1006 fprintf(stderr
, "Q/Ans/Auth/Add Number of questions, answers, authority records and additional records in packet\n");
1008 fprintf(stderr
, "\nPer-record display:\n");
1009 fprintf(stderr
, "(PM) Probe Question (new service starting), requesting multicast response\n");
1010 fprintf(stderr
, "(PU) Probe Question (new service starting), requesting unicast response\n");
1011 fprintf(stderr
, "(DE) Deletion/Goodbye (service going away)\n");
1012 fprintf(stderr
, "(LQ) Legacy Query Question\n");
1013 fprintf(stderr
, "(QM) Query Question, requesting multicast response\n");
1014 fprintf(stderr
, "(QU) Query Question, requesting unicast response\n");
1015 fprintf(stderr
, "(KA) Known Answer (information querier already knows)\n");
1016 fprintf(stderr
, "(AN) Unique Answer to question (or periodic announcment) (entire RR Set)\n");
1017 fprintf(stderr
, "(AN+) Answer to question (or periodic announcment) (add to existing RR Set members)\n");
1018 fprintf(stderr
, "(AD) Unique Additional Record Set (entire RR Set)\n");
1019 fprintf(stderr
, "(AD+) Additional records (add to existing RR Set members)\n");
1021 fprintf(stderr
, "\nFinal summary, sorted by service type:\n");
1022 fprintf(stderr
, "Probe Probes for this service type starting up\n");
1023 fprintf(stderr
, "Goodbye Goodbye (deletion) packets for this service type shutting down\n");
1024 fprintf(stderr
, "BrowseQ Browse questions from clients browsing to find a list of instances of this service\n");
1025 fprintf(stderr
, "BrowseA Browse answers/announcments advertising instances of this service\n");
1026 fprintf(stderr
, "ResolveQ Resolve questions from clients actively connecting to an instance of this service\n");
1027 fprintf(stderr
, "ResolveA Resolve answers/announcments giving connection information for an instance of this service\n");
1028 fprintf(stderr
, "\n");
projects / apple / mdnsresponder.git / blob