gbucchino/dns-trace
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update

Browse Source
This commit is contained in:
geoffrey 2025-01-31 18:36:55 +00:00
parent c775f97f3c
commit 1436099101
5 changed files with 38 additions and 131858 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
dns-trace
View File

Binary file not shown.

55
src/dns-trace.c
View File

@ -239,32 +239,49 @@ int handle_event(void *ctx, void *data, size_t data_sz){
} }
if (s_event->req_type == REQ_ANSWER){ if (s_event->req_type == REQ_ANSWER){
int pos = 0; int pos = 0;
for (int i = 0; i < 32; i++) /*for (int i = 0; i < 50; i++)
printf("%d ", s_event->buf[i]); printf("%d ", s_event->buf[i]);
printf("\n"); printf("\n");*/
for (int i = 0; i < s_event->numAns; i++){ for (int i = 0; i < s_event->numAns; i++){
print_query(s_event); print_query(s_event);
}
/*for (int i = 0; i < s_event->numAns; i++){ uint16_t msg = s_event->buf[pos++];
print_query(s_event); msg |= s_event->buf[pos++] << 8;
uint16_t type2 = (s_event->buf[pos++]) + (s_event->buf[pos++] << 8);
uint16_t class2 = (s_event->buf[pos++]) + (s_event->buf[pos++] << 8); uint16_t type = s_event->buf[pos++];
uint32_t ttl2 = (s_event->buf[pos++]) + (s_event->buf[pos++] << 8) + (s_event->buf[pos++] << 16) + (s_event->buf[pos++] << 24); type |= s_event->buf[pos++] << 8;
uint16_t size2 = (s_event->buf[pos++]) + (s_event->buf[pos++] << 8); uint16_t class = s_event->buf[pos++];
type2 = ntohs(type2); class |= s_event->buf[pos++] << 8;
class2 = ntohs(class2);
ttl2 = ntohl(ttl2); uint32_t ttl = s_event->buf[pos++];
size2 = ntohs(size2); ttl |= s_event->buf[pos++] << 8;
if (type2 == 1) {// -> A ttl |= s_event->buf[pos++] << 16;
uint32_t ip = s_event->buf[pos++] + (s_event->buf[pos++] << 8) + (s_event->buf[pos++] << 16) + (s_event->buf[pos++] << 24); ttl |= s_event->buf[pos++] << 24;
printf("%s (%d)%5d", inet_ntoa(*(struct in_addr*)&ip), type2, ttl2); uint16_t size = s_event->buf[pos++];
size |= s_event->buf[pos++] << 8;
type = ntohs(type);
class = ntohs(class);
ttl = ntohl(ttl);
size = ntohs(size);
if (type == 1) { // -> A
uint32_t ip = s_event->buf[pos] + (s_event->buf[pos+1] << 8) + (s_event->buf[pos+2] << 16) + (s_event->buf[pos+3] << 24);
printf("%s (%d)%5d", inet_ntoa(*(struct in_addr*)&ip), type, ttl);
} }
if (type2 == 28){ // -> AAAA if (type == 5) { // -> CNAME
char cname[size];
int j = 0;
for (j = 0; j < size; j++)
cname[j] = s_event->buf[pos + j];
printf("%s ", cname);
}
if (type == 28){ // -> AAAA
} }
pos += size;
//printf("\n %d ", pos);
printf("\n"); printf("\n");
printf("%d\n", pos); }
}*/
} }
printf("\n"); printf("\n");

4
src/dns-trace.ebpf.c
View File

@ -154,7 +154,7 @@ static unsigned int get_answer(struct __sk_buff *skb, struct event *s_event, siz
return 0; return 0;
//offset += 2; //offset += 2;
// For class // For class
if(bpf_skb_load_bytes(skb, tlen, s_event->buf + offset, sizeof(uint16_t)) < 0) if(bpf_skb_load_bytes(skb, tlen, s_event->buf + offset, sizeof(uint16_t)) < 0)
return 0; return 0;
tlen += 2; tlen += 2;
@ -343,7 +343,7 @@ static void dnsanswer(struct __sk_buff *skb, struct iphdr ip, struct udphdr udp,
* otherwise, I have an issue with the eBPF verifier * otherwise, I have an issue with the eBPF verifier
*/ */
offset += sizeof(struct dnshdr) + query_len; offset += sizeof(struct dnshdr) + query_len;
offset += 2; // We bypass message compression //offset += 2; // We bypass message compression
while (index < tlen){ while (index < tlen){
bpf_skb_load_bytes(skb, offset + index, s_event->buf + index, 1); bpf_skb_load_bytes(skb, offset + index, s_event->buf + index, 1);
index++; index++;

BIN
src/dns-trace.ebpf.o
View File

Binary file not shown.

131837
src/vmlinux.h
View File

File diff suppressed because it is too large Load Diff