update
This commit is contained in:
parent
adbff3257a
commit
08bc7e98d0
BIN
dns-trace
BIN
dns-trace
Binary file not shown.
@ -218,10 +218,8 @@ static void print_query(struct event *s_event){
|
||||
printf("%s ", req_type);
|
||||
free(req_type);
|
||||
|
||||
printf("%5s:%d\t", inet_ntoa(*(struct in_addr*)&s_event->client), s_event->dport);
|
||||
printf("%-5x", s_event->tid);
|
||||
|
||||
printf("%-30s", s_event->qname);
|
||||
printf("%5s:%d\t\t", inet_ntoa(*(struct in_addr*)&s_event->client), s_event->dport);
|
||||
printf("%x\t", s_event->tid);
|
||||
|
||||
class = mapClass(s_event->class);
|
||||
printf("%-5s", class);
|
||||
@ -230,6 +228,8 @@ static void print_query(struct event *s_event){
|
||||
type = mapType(s_event->type);
|
||||
printf("%-5s", type);
|
||||
free(type);
|
||||
|
||||
printf("%s", s_event->qname);
|
||||
}
|
||||
static void get_labels(unsigned char *buf, char *qname){
|
||||
int pos = 0;
|
||||
@ -244,10 +244,11 @@ static void get_labels(unsigned char *buf, char *qname){
|
||||
}
|
||||
qname[pos - 1] = '\0';
|
||||
}
|
||||
static void print_answer_hdr(struct event *s_event, int *pos, uint16_t *type, uint16_t *size, uint32_t *ttl){
|
||||
static void print_answer_hdr(struct event *s_event, int *pos, uint16_t *type, uint16_t *size, uint16_t *class, uint32_t *ttl){
|
||||
int p = *pos;
|
||||
uint16_t msg = s_event->buf[p++];
|
||||
msg |= s_event->buf[p++] << 8;
|
||||
// printf("%x\n", ntohs(msg));
|
||||
|
||||
char *req_type;
|
||||
req_type = mapReqType(s_event->req_type);
|
||||
@ -255,13 +256,13 @@ static void print_answer_hdr(struct event *s_event, int *pos, uint16_t *type, ui
|
||||
free(req_type);
|
||||
|
||||
printf("%5s:%5d\t", inet_ntoa(*(struct in_addr*)&s_event->client), s_event->dport);
|
||||
printf("%-10x", s_event->tid);
|
||||
printf("%x\t", s_event->tid);
|
||||
|
||||
*type = s_event->buf[p++];
|
||||
*type |= s_event->buf[p++] << 8;
|
||||
|
||||
uint16_t class = s_event->buf[p++];
|
||||
class |= s_event->buf[p++] << 8;
|
||||
*class = s_event->buf[p++];
|
||||
*class |= s_event->buf[p++] << 8;
|
||||
|
||||
*ttl = s_event->buf[p++];
|
||||
*ttl |= s_event->buf[p++] << 8;
|
||||
@ -272,7 +273,7 @@ static void print_answer_hdr(struct event *s_event, int *pos, uint16_t *type, ui
|
||||
*size |= s_event->buf[p++] << 8;
|
||||
|
||||
*type = ntohs(*type);
|
||||
class = ntohs(class);
|
||||
*class = ntohs(*class);
|
||||
*ttl = ntohl(*ttl);
|
||||
*size = ntohs(*size);
|
||||
|
||||
@ -287,13 +288,23 @@ int handle_event(void *ctx, void *data, size_t data_sz){
|
||||
int pos = 0;
|
||||
for (int i = 0; i < s_event->numAns; i++){
|
||||
// print_query(s_event);
|
||||
uint16_t type, size;
|
||||
uint16_t type, size, class;
|
||||
uint32_t ttl;
|
||||
print_answer_hdr(s_event, &pos, &type, &size, &ttl);
|
||||
char *s_type, *s_class;
|
||||
print_answer_hdr(s_event, &pos, &type, &size, &class, &ttl);
|
||||
|
||||
s_class = mapClass(class);
|
||||
printf("%-5s", s_class);
|
||||
free(s_class);
|
||||
|
||||
s_type = mapType(type);
|
||||
printf("%s\t", s_type);
|
||||
free(s_type);
|
||||
|
||||
|
||||
if (type == 1) { // -> A
|
||||
uint32_t ip = s_event->buf[pos] + (s_event->buf[pos+1] << 8) + (s_event->buf[pos+2] << 16) + (s_event->buf[pos+3] << 24);
|
||||
printf("%s (%d)%5d", inet_ntoa(*(struct in_addr*)&ip), type, ttl);
|
||||
printf("%s %5d", inet_ntoa(*(struct in_addr*)&ip), ttl);
|
||||
}
|
||||
if (type == 5) { // -> CNAME
|
||||
char cname[size];
|
||||
|
||||
@ -113,13 +113,13 @@ static unsigned int get_answer(struct __sk_buff *skb, struct event *s_event, siz
|
||||
*/
|
||||
|
||||
// Get the class and type
|
||||
if ((void*)(offset) >= MAX_UDP_PAYLOAD - sizeof(uint16_t))
|
||||
if ((offset) >= MAX_UDP_PAYLOAD - sizeof(uint16_t))
|
||||
return 0;
|
||||
|
||||
bpf_skb_load_bytes(skb, tlen, s_event->buf + offset, sizeof(uint16_t));
|
||||
uint16_t type = s_event->buf[0] + (s_event->buf[1] << 8);
|
||||
tlen += 2;
|
||||
if ((void*)(offset += 2) >= MAX_UDP_PAYLOAD - sizeof(uint16_t))
|
||||
if ((offset += 2) >= MAX_UDP_PAYLOAD - sizeof(uint16_t))
|
||||
return 0;
|
||||
//offset += 2;
|
||||
|
||||
@ -127,13 +127,13 @@ static unsigned int get_answer(struct __sk_buff *skb, struct event *s_event, siz
|
||||
if(bpf_skb_load_bytes(skb, tlen, s_event->buf + offset, sizeof(uint16_t)) < 0)
|
||||
return 0;
|
||||
tlen += 2;
|
||||
if ((void*)(offset += 2) >= MAX_UDP_PAYLOAD - sizeof(uint16_t))
|
||||
if ((offset += 2) >= MAX_UDP_PAYLOAD - sizeof(uint16_t))
|
||||
return 0;
|
||||
|
||||
// Get ttl
|
||||
if(bpf_skb_load_bytes(skb, tlen, s_event->buf + offset, sizeof(uint32_t)) < 0)
|
||||
return 0;
|
||||
if ((void*)(offset += 4) >= MAX_UDP_PAYLOAD - sizeof(uint32_t))
|
||||
if ((offset += 4) >= MAX_UDP_PAYLOAD - sizeof(uint32_t))
|
||||
return 0;
|
||||
tlen += 4;
|
||||
|
||||
@ -141,7 +141,7 @@ static unsigned int get_answer(struct __sk_buff *skb, struct event *s_event, siz
|
||||
uint16_t size;
|
||||
bpf_skb_load_bytes(skb, tlen, &size, sizeof(uint16_t));
|
||||
bpf_skb_load_bytes(skb, tlen, s_event->buf + offset, sizeof(uint16_t));
|
||||
if ((void*)(offset += 2) >= MAX_UDP_PAYLOAD - sizeof(uint16_t))
|
||||
if ((offset += 2) >= MAX_UDP_PAYLOAD - sizeof(uint16_t))
|
||||
return 0;
|
||||
tlen += 2;
|
||||
|
||||
@ -149,7 +149,7 @@ static unsigned int get_answer(struct __sk_buff *skb, struct event *s_event, siz
|
||||
if (s_event->type == 1) { // -> A
|
||||
bpf_skb_load_bytes(skb, tlen, s_event->buf + offset, sizeof(uint32_t));
|
||||
}
|
||||
if ((void*)(offset += ntohs(size)) >= MAX_UDP_PAYLOAD - sizeof(uint16_t))
|
||||
if ((offset += ntohs(size)) >= MAX_UDP_PAYLOAD - sizeof(uint16_t))
|
||||
return 0;
|
||||
tlen += ntohs(size);
|
||||
}
|
||||
|
||||
Loading…
Reference in New Issue
Block a user