update
This commit is contained in:
parent
adbff3257a
commit
08bc7e98d0
BIN
dns-trace
BIN
dns-trace
Binary file not shown.
@ -218,10 +218,8 @@ static void print_query(struct event *s_event){
|
|||||||
printf("%s ", req_type);
|
printf("%s ", req_type);
|
||||||
free(req_type);
|
free(req_type);
|
||||||
|
|
||||||
printf("%5s:%d\t", inet_ntoa(*(struct in_addr*)&s_event->client), s_event->dport);
|
printf("%5s:%d\t\t", inet_ntoa(*(struct in_addr*)&s_event->client), s_event->dport);
|
||||||
printf("%-5x", s_event->tid);
|
printf("%x\t", s_event->tid);
|
||||||
|
|
||||||
printf("%-30s", s_event->qname);
|
|
||||||
|
|
||||||
class = mapClass(s_event->class);
|
class = mapClass(s_event->class);
|
||||||
printf("%-5s", class);
|
printf("%-5s", class);
|
||||||
@ -230,6 +228,8 @@ static void print_query(struct event *s_event){
|
|||||||
type = mapType(s_event->type);
|
type = mapType(s_event->type);
|
||||||
printf("%-5s", type);
|
printf("%-5s", type);
|
||||||
free(type);
|
free(type);
|
||||||
|
|
||||||
|
printf("%s", s_event->qname);
|
||||||
}
|
}
|
||||||
static void get_labels(unsigned char *buf, char *qname){
|
static void get_labels(unsigned char *buf, char *qname){
|
||||||
int pos = 0;
|
int pos = 0;
|
||||||
@ -244,10 +244,11 @@ static void get_labels(unsigned char *buf, char *qname){
|
|||||||
}
|
}
|
||||||
qname[pos - 1] = '\0';
|
qname[pos - 1] = '\0';
|
||||||
}
|
}
|
||||||
static void print_answer_hdr(struct event *s_event, int *pos, uint16_t *type, uint16_t *size, uint32_t *ttl){
|
static void print_answer_hdr(struct event *s_event, int *pos, uint16_t *type, uint16_t *size, uint16_t *class, uint32_t *ttl){
|
||||||
int p = *pos;
|
int p = *pos;
|
||||||
uint16_t msg = s_event->buf[p++];
|
uint16_t msg = s_event->buf[p++];
|
||||||
msg |= s_event->buf[p++] << 8;
|
msg |= s_event->buf[p++] << 8;
|
||||||
|
// printf("%x\n", ntohs(msg));
|
||||||
|
|
||||||
char *req_type;
|
char *req_type;
|
||||||
req_type = mapReqType(s_event->req_type);
|
req_type = mapReqType(s_event->req_type);
|
||||||
@ -255,13 +256,13 @@ static void print_answer_hdr(struct event *s_event, int *pos, uint16_t *type, ui
|
|||||||
free(req_type);
|
free(req_type);
|
||||||
|
|
||||||
printf("%5s:%5d\t", inet_ntoa(*(struct in_addr*)&s_event->client), s_event->dport);
|
printf("%5s:%5d\t", inet_ntoa(*(struct in_addr*)&s_event->client), s_event->dport);
|
||||||
printf("%-10x", s_event->tid);
|
printf("%x\t", s_event->tid);
|
||||||
|
|
||||||
*type = s_event->buf[p++];
|
*type = s_event->buf[p++];
|
||||||
*type |= s_event->buf[p++] << 8;
|
*type |= s_event->buf[p++] << 8;
|
||||||
|
|
||||||
uint16_t class = s_event->buf[p++];
|
*class = s_event->buf[p++];
|
||||||
class |= s_event->buf[p++] << 8;
|
*class |= s_event->buf[p++] << 8;
|
||||||
|
|
||||||
*ttl = s_event->buf[p++];
|
*ttl = s_event->buf[p++];
|
||||||
*ttl |= s_event->buf[p++] << 8;
|
*ttl |= s_event->buf[p++] << 8;
|
||||||
@ -272,7 +273,7 @@ static void print_answer_hdr(struct event *s_event, int *pos, uint16_t *type, ui
|
|||||||
*size |= s_event->buf[p++] << 8;
|
*size |= s_event->buf[p++] << 8;
|
||||||
|
|
||||||
*type = ntohs(*type);
|
*type = ntohs(*type);
|
||||||
class = ntohs(class);
|
*class = ntohs(*class);
|
||||||
*ttl = ntohl(*ttl);
|
*ttl = ntohl(*ttl);
|
||||||
*size = ntohs(*size);
|
*size = ntohs(*size);
|
||||||
|
|
||||||
@ -287,13 +288,23 @@ int handle_event(void *ctx, void *data, size_t data_sz){
|
|||||||
int pos = 0;
|
int pos = 0;
|
||||||
for (int i = 0; i < s_event->numAns; i++){
|
for (int i = 0; i < s_event->numAns; i++){
|
||||||
// print_query(s_event);
|
// print_query(s_event);
|
||||||
uint16_t type, size;
|
uint16_t type, size, class;
|
||||||
uint32_t ttl;
|
uint32_t ttl;
|
||||||
print_answer_hdr(s_event, &pos, &type, &size, &ttl);
|
char *s_type, *s_class;
|
||||||
|
print_answer_hdr(s_event, &pos, &type, &size, &class, &ttl);
|
||||||
|
|
||||||
|
s_class = mapClass(class);
|
||||||
|
printf("%-5s", s_class);
|
||||||
|
free(s_class);
|
||||||
|
|
||||||
|
s_type = mapType(type);
|
||||||
|
printf("%s\t", s_type);
|
||||||
|
free(s_type);
|
||||||
|
|
||||||
|
|
||||||
if (type == 1) { // -> A
|
if (type == 1) { // -> A
|
||||||
uint32_t ip = s_event->buf[pos] + (s_event->buf[pos+1] << 8) + (s_event->buf[pos+2] << 16) + (s_event->buf[pos+3] << 24);
|
uint32_t ip = s_event->buf[pos] + (s_event->buf[pos+1] << 8) + (s_event->buf[pos+2] << 16) + (s_event->buf[pos+3] << 24);
|
||||||
printf("%s (%d)%5d", inet_ntoa(*(struct in_addr*)&ip), type, ttl);
|
printf("%s %5d", inet_ntoa(*(struct in_addr*)&ip), ttl);
|
||||||
}
|
}
|
||||||
if (type == 5) { // -> CNAME
|
if (type == 5) { // -> CNAME
|
||||||
char cname[size];
|
char cname[size];
|
||||||
|
|||||||
@ -113,13 +113,13 @@ static unsigned int get_answer(struct __sk_buff *skb, struct event *s_event, siz
|
|||||||
*/
|
*/
|
||||||
|
|
||||||
// Get the class and type
|
// Get the class and type
|
||||||
if ((void*)(offset) >= MAX_UDP_PAYLOAD - sizeof(uint16_t))
|
if ((offset) >= MAX_UDP_PAYLOAD - sizeof(uint16_t))
|
||||||
return 0;
|
return 0;
|
||||||
|
|
||||||
bpf_skb_load_bytes(skb, tlen, s_event->buf + offset, sizeof(uint16_t));
|
bpf_skb_load_bytes(skb, tlen, s_event->buf + offset, sizeof(uint16_t));
|
||||||
uint16_t type = s_event->buf[0] + (s_event->buf[1] << 8);
|
uint16_t type = s_event->buf[0] + (s_event->buf[1] << 8);
|
||||||
tlen += 2;
|
tlen += 2;
|
||||||
if ((void*)(offset += 2) >= MAX_UDP_PAYLOAD - sizeof(uint16_t))
|
if ((offset += 2) >= MAX_UDP_PAYLOAD - sizeof(uint16_t))
|
||||||
return 0;
|
return 0;
|
||||||
//offset += 2;
|
//offset += 2;
|
||||||
|
|
||||||
@ -127,13 +127,13 @@ static unsigned int get_answer(struct __sk_buff *skb, struct event *s_event, siz
|
|||||||
if(bpf_skb_load_bytes(skb, tlen, s_event->buf + offset, sizeof(uint16_t)) < 0)
|
if(bpf_skb_load_bytes(skb, tlen, s_event->buf + offset, sizeof(uint16_t)) < 0)
|
||||||
return 0;
|
return 0;
|
||||||
tlen += 2;
|
tlen += 2;
|
||||||
if ((void*)(offset += 2) >= MAX_UDP_PAYLOAD - sizeof(uint16_t))
|
if ((offset += 2) >= MAX_UDP_PAYLOAD - sizeof(uint16_t))
|
||||||
return 0;
|
return 0;
|
||||||
|
|
||||||
// Get ttl
|
// Get ttl
|
||||||
if(bpf_skb_load_bytes(skb, tlen, s_event->buf + offset, sizeof(uint32_t)) < 0)
|
if(bpf_skb_load_bytes(skb, tlen, s_event->buf + offset, sizeof(uint32_t)) < 0)
|
||||||
return 0;
|
return 0;
|
||||||
if ((void*)(offset += 4) >= MAX_UDP_PAYLOAD - sizeof(uint32_t))
|
if ((offset += 4) >= MAX_UDP_PAYLOAD - sizeof(uint32_t))
|
||||||
return 0;
|
return 0;
|
||||||
tlen += 4;
|
tlen += 4;
|
||||||
|
|
||||||
@ -141,7 +141,7 @@ static unsigned int get_answer(struct __sk_buff *skb, struct event *s_event, siz
|
|||||||
uint16_t size;
|
uint16_t size;
|
||||||
bpf_skb_load_bytes(skb, tlen, &size, sizeof(uint16_t));
|
bpf_skb_load_bytes(skb, tlen, &size, sizeof(uint16_t));
|
||||||
bpf_skb_load_bytes(skb, tlen, s_event->buf + offset, sizeof(uint16_t));
|
bpf_skb_load_bytes(skb, tlen, s_event->buf + offset, sizeof(uint16_t));
|
||||||
if ((void*)(offset += 2) >= MAX_UDP_PAYLOAD - sizeof(uint16_t))
|
if ((offset += 2) >= MAX_UDP_PAYLOAD - sizeof(uint16_t))
|
||||||
return 0;
|
return 0;
|
||||||
tlen += 2;
|
tlen += 2;
|
||||||
|
|
||||||
@ -149,7 +149,7 @@ static unsigned int get_answer(struct __sk_buff *skb, struct event *s_event, siz
|
|||||||
if (s_event->type == 1) { // -> A
|
if (s_event->type == 1) { // -> A
|
||||||
bpf_skb_load_bytes(skb, tlen, s_event->buf + offset, sizeof(uint32_t));
|
bpf_skb_load_bytes(skb, tlen, s_event->buf + offset, sizeof(uint32_t));
|
||||||
}
|
}
|
||||||
if ((void*)(offset += ntohs(size)) >= MAX_UDP_PAYLOAD - sizeof(uint16_t))
|
if ((offset += ntohs(size)) >= MAX_UDP_PAYLOAD - sizeof(uint16_t))
|
||||||
return 0;
|
return 0;
|
||||||
tlen += ntohs(size);
|
tlen += ntohs(size);
|
||||||
}
|
}
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user