Ethereal-dev: [Ethereal-dev] [patch, capture] MDNS changes

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Brad Hards <bhards@xxxxxxxxxxxxxx>
Date: Fri, 29 Nov 2002 10:29:42 +1100
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I've been studying the multicast DNS behaviour of Apple's OS 10.2, aka 
Rendezvous.

I've noted a couple of minor issues that are addressed by the attached patch.

1. The mDNS responder in OS 10.2 sets the high bit in the Class field for 
certain query responses (in the Answer field). This shows up in Ethereal as 
"unknown". See the attached example capture. I asked Apple about this, and 
received the following answer:
<quote>
The difference you are seeing is that the top bit of the class field is 
the "cache flush" bit.

Normally when you see a record in a response packet, it means, "This is 
an assertion that this information is true." When you see a record with 
the top bit of the class set, it means, "This is an assertion that this 
information is the truth and the whole truth, and anything you may have 
heard before regarding records of this name/type/class is no longer 
valid".
</quote>

2. It is a bit confusing to see mDNS and DNS packets interspersed in the same 
capture file. It would be clearer if we used different labels for MDNS and 
DNS. I'd also be quite happy to see LLMNR and DNS - the important part is 
that it is different.

3. PTR records are used a lot, and I noted a redundant "ptr" label that looked 
ugly and didn't provide any extra information.

Can someone have a look at this, and commit it if OK? Comments also very 
welcome. If anyone wants additional captures, please let me know.

Future: LLMNR and DNS are probably going to diverge a bit. It may be useful to 
split the DNS code into two dissectors, sharing some common code. Not really 
warrented yet, but something to keep in mind.

Brad
- -- 
http://linux.conf.au. 22-25Jan2003. Perth, Aust. I'm registered. Are you?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE95qbmW6pHgIdAuOMRAnaIAJ0T7jBuHSppr1/8EoH84MKt91JrkACeNq4j
Hs64is2FyxJpw3ogjHKrk1Q=
=TsNz
-----END PGP SIGNATURE-----

--- clean/ethereal-0.9.7/packet-dns.c	Sat Aug 31 10:13:46 2002
+++ ethereal-0.9.7/packet-dns.c	Fri Nov 29 10:13:09 2002
@@ -143,6 +143,7 @@
 #define C_HS		4		/* Hesiod */
 #define	C_NONE		254		/* none */
 #define	C_ANY		255		/* any */
+#define C_FLUSH         (1<<15)         /* High bit is set for MDNS cache flush */
 
 /* Bit fields in the flags */
 #define F_RESPONSE      (1<<15)         /* packet is response */
@@ -461,6 +462,9 @@
   case C_IN:
     class_name = "inet";
     break;
+  case ( C_IN | C_FLUSH ):
+    class_name = "inet (data flush)";
+    break;
   case C_CS:
     class_name = "csnet";
     break;
@@ -925,7 +929,7 @@
 	proto_tree_add_text(rr_tree, tvb, cur_offset, 4, "Addr: %s",
 		     ip_to_str(addr));
       }
-      if (class == C_IN) {
+      if ((class & 0x7f) == C_IN) {
 	memcpy(&addr_int, addr, sizeof(addr_int));
 	add_host_name(addr_int, name);
       }
@@ -1026,7 +1030,7 @@
       if (cinfo != NULL)
 	col_append_fstr(cinfo, COL_INFO, " %s", pname);
       if (dns_tree != NULL) {
-	proto_item_append_text(trr, ", ptr %s", pname);
+	proto_item_append_text(trr, ", %s", pname);
 	proto_tree_add_text(rr_tree, tvb, cur_offset, pname_len, "Domain name: %s",
 			pname);
       }
@@ -1871,8 +1875,6 @@
 
   dns_data_offset = offset;
 
-  if (check_col(pinfo->cinfo, COL_PROTOCOL))
-    col_set_str(pinfo->cinfo, COL_PROTOCOL, "DNS");
   if (check_col(pinfo->cinfo, COL_INFO))
     col_clear(pinfo->cinfo, COL_INFO);
 
@@ -2015,9 +2017,22 @@
 static void
 dissect_dns_udp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
 {
+  if (check_col(pinfo->cinfo, COL_PROTOCOL))
+    col_set_str(pinfo->cinfo, COL_PROTOCOL, "DNS");
+
+  dissect_dns_common(tvb, pinfo, tree, FALSE);
+}
+
+static void
+dissect_mdns_udp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
+{
+  if (check_col(pinfo->cinfo, COL_PROTOCOL))
+    col_set_str(pinfo->cinfo, COL_PROTOCOL, "MDNS");
+
   dissect_dns_common(tvb, pinfo, tree, FALSE);
 }
 
+
 static guint
 get_dns_pdu_len(tvbuff_t *tvb, int offset)
 {
@@ -2037,6 +2052,9 @@
 static void
 dissect_dns_tcp_pdu(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
 {
+  if (check_col(pinfo->cinfo, COL_PROTOCOL))
+    col_set_str(pinfo->cinfo, COL_PROTOCOL, "DNS");
+
   dissect_dns_common(tvb, pinfo, tree, TRUE);
 }
 
@@ -2143,11 +2161,14 @@
 {
   dissector_handle_t dns_udp_handle;
   dissector_handle_t dns_tcp_handle;
+  dissector_handle_t mdns_udp_handle;
 
   dns_udp_handle = create_dissector_handle(dissect_dns_udp, proto_dns);
   dns_tcp_handle = create_dissector_handle(dissect_dns_tcp, proto_dns);
+  mdns_udp_handle = create_dissector_handle(dissect_mdns_udp, proto_dns);
+
   dissector_add("udp.port", UDP_PORT_DNS, dns_udp_handle);
   dissector_add("tcp.port", TCP_PORT_DNS, dns_tcp_handle);
-  dissector_add("udp.port", UDP_PORT_MDNS, dns_udp_handle);
+  dissector_add("udp.port", UDP_PORT_MDNS, mdns_udp_handle);
   dissector_add("tcp.port", TCP_PORT_MDNS, dns_tcp_handle);
 }

Attachment: mdns-response.dump
Description: Binary data