Re: interested in this patch?

[Peter J. Philipp]

On 05/16/14 17:35, Stuart Henderson wrote:
> On 2014-05-16, Peter J. Philipp <p...@centroid.eu> wrote:
>> Hi,
>>
>> While working on putting notify (RFC 1996) support into my DNS server, I
>> came across this puzzling output (with OpenBSD's tcpdump):
>>
>> 10:14:48.292789 192.168.34.5.26837 > 192.168.35.1.53: [udp sum ok] 48054
>> notify [b2&3=0x2400] SOA? centroid.eu. (29) (ttl 64, id 4395, len 57)
>>
>> Notice the b2&3=0x2400.  It struck me as odd so I googled and found a
>> patch for tcpdump that perhaps OpenBSD is interested in?
>>
>> http://marc.info/?l=tcpdump-patches&m=98115734907026&w=2
>>
>> Regards,
>>
>> -peter
>>
> 
> The equivalent for our tree would be this (tested on BE and LE).
> Any OKs? (I note that tcpdump.org haven't taken it, though that doesn't
> mean anything in itself)..
> 


I tested.  The output now looks like this:


# tcpdump -v -n -i em0 -s 1500 -X port 53 and host 192.168.35.1
tcpdump: listening on em0, link-type EN10MB
tcpdump: WARNING: compensating for unaligned libpcap packets
17:54:48.388854 192.168.34.5.5362 > 192.168.35.1.53: [udp sum ok] 10088
notify SOA? centroid.eu. (29) (ttl 64, id 31235, len 57)

This is just like I had hoped it would do.  Thanks for the work on
porting this patch!


-peter


> Index: nameser.h
> ===================================================================
> RCS file: /cvs/src/usr.sbin/tcpdump/nameser.h,v
> retrieving revision 1.6
> diff -u -p -r1.6 nameser.h
> --- nameser.h 4 Nov 2010 17:37:05 -0000       1.6
> +++ nameser.h 16 May 2014 15:33:12 -0000
> @@ -82,6 +82,8 @@
>  #if 0
>  #define xxx          0x3             /* 0x3 reserved */
>  #endif
> +#define NS_NOTIFY_OP 0x4             /* notify secondary of SOA change */
> +
>       /* non standard - supports ALLOW_UPDATES stuff from Mike Schwartz */
>  #define UPDATEA              0x9             /* add resource record */
>  #define UPDATED              0xa             /* delete a specific resource 
> record */
> Index: print-domain.c
> ===================================================================
> RCS file: /cvs/src/usr.sbin/tcpdump/print-domain.c,v
> retrieving revision 1.18
> diff -u -p -r1.18 print-domain.c
> --- print-domain.c    4 Nov 2010 17:37:05 -0000       1.18
> +++ print-domain.c    16 May 2014 15:33:12 -0000
> @@ -663,9 +663,10 @@ ns_print(register const u_char *bp, u_in
>                   DNS_RD(np) ? "+" : "",
>                   DNS_CD(np) ? "%" : "");
>  
> -             /* any weirdness? */
> +             /* any weirdness? AA is expected in NOTIFY. */
>               b2 = EXTRACT_16BITS(((u_short *)np)+1);
> -             if (b2 & 0x6cf)
> +             if ((b2 & 0x6cf) !=
> +                 (DNS_OPCODE(np) == NS_NOTIFY_OP ? 0x400 : 0))
>                       printf(" [b2&3=0x%x]", b2);
>  
>               if (DNS_OPCODE(np) == IQUERY) {