DNS: Add support of DNS over TLS and over DTLS

See http://tools.ietf.org/html/draft-ietf-dprive-dns-over-tls-01
and https://www.ietf.org/id/draft-ietf-dprive-dnsodtls-02.txt

Bug: 11679
Change-Id: I5ebc43008951ddbb4570f5aeb55093aaf84f3401
Reviewed-on: https://code.wireshark.org/review/11528
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>

1 files changed, 22 insertions, 12 deletions

diff --git a/epan/dissectors/packet-dns.c b/epan/dissectors/packet-dns.c
index d0a018666d..cedd7d9154 100644
--- a/epan/dissectors/packet-dns.c
+++ b/epan/dissectors/packet-dns.c
@@ -44,6 +44,8 @@
 #include <epan/afn.h>
 #include <epan/tap.h>
 #include <epan/stats_tree.h>
+#include "packet-ssl.h"
+#include "packet-dtls.h"
 
 void proto_register_dns(void);
 void proto_reg_handoff_dns(void);
@@ -449,6 +451,8 @@ typedef struct _dns_conv_info_t {
 #define UDP_PORT_MDNS           5353
 #define TCP_PORT_MDNS           5353
 #define UDP_PORT_LLMNR          5355
+#define TCP_PORT_DNS_TLS         853
+#define UDP_PORT_DNS_DTLS        853
 #if 0
 /* PPID used for DNS/SCTP (will be changed when IANA assigned) */
 #define DNS_PAYLOAD_PROTOCOL_ID 1000
@@ -3911,15 +3915,7 @@ dissect_dns_common(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree,
 }
 
 static void
-dissect_dns_udp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
-{
-  col_set_str(pinfo->cinfo, COL_PROTOCOL, "DNS");
-
-  dissect_dns_common(tvb, pinfo, tree, FALSE, FALSE, FALSE);
-}
-
-static void
-dissect_dns_sctp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
+dissect_dns_udp_sctp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
 {
   col_set_str(pinfo->cinfo, COL_PROTOCOL, "DNS");
 
@@ -3975,6 +3971,17 @@ dissect_dns_tcp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data)
   return tvb_reported_length(tvb);
 }
 
+static int
+dissect_dns(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data)
+{
+    if (pinfo->ptype == PT_TCP) {
+        return dissect_dns_tcp(tvb, pinfo, tree, data);
+    } else {
+        dissect_dns_udp_sctp(tvb, pinfo, tree);
+        return tvb_captured_length(tvb);
+    }
+}
+
 static void dns_stats_tree_init(stats_tree* st)
 {
     st_node_packets = stats_tree_create_node(st, st_str_packets, 0, TRUE);
@@ -4058,8 +4065,9 @@ proto_reg_handoff_dns(void)
     dissector_handle_t mdns_udp_handle;
     dissector_handle_t llmnr_udp_handle;
 
-    dns_udp_handle = create_dissector_handle(dissect_dns_udp, proto_dns);
-    dns_sctp_handle  = create_dissector_handle(dissect_dns_sctp, proto_dns);
+    dns_udp_handle = create_dissector_handle(dissect_dns_udp_sctp, proto_dns);
+    dns_tcp_handle = new_create_dissector_handle(dissect_dns_tcp, proto_dns);
+    dns_sctp_handle  = create_dissector_handle(dissect_dns_udp_sctp, proto_dns);
     mdns_udp_handle  = create_dissector_handle(dissect_mdns_udp, proto_mdns);
     llmnr_udp_handle = create_dissector_handle(dissect_llmnr_udp, proto_llmnr);
     dissector_add_uint("udp.port", UDP_PORT_MDNS, mdns_udp_handle);
@@ -4072,6 +4080,8 @@ proto_reg_handoff_dns(void)
     stats_tree_register("dns", "dns", "DNS", 0, dns_stats_tree_packet, dns_stats_tree_init, NULL);
     gssapi_handle  = find_dissector("gssapi");
     ntlmssp_handle = find_dissector("ntlmssp");
+    ssl_dissector_add(TCP_PORT_DNS_TLS, dns_tcp_handle);
+    dtls_dissector_add(UDP_PORT_DNS_DTLS, dns_udp_handle);
     Initialized    = TRUE;
 
   } else {
@@ -5562,7 +5572,7 @@ proto_register_dns(void)
 
   dns_tsig_dissector_table = register_dissector_table("dns.tsig.mac", "DNS TSIG MAC Dissectors", FT_STRING, BASE_NONE, DISSECTOR_TABLE_NOT_ALLOW_DUPLICATE);
 
-  dns_tcp_handle = new_register_dissector("dns", dissect_dns_tcp, proto_dns);
+  new_register_dissector("dns", dissect_dns, proto_dns);
 
   dns_tap = register_tap("dns");
 }