Update

src/dns-trace.c

@@ -239,32 +239,49 @@ int handle_event(void *ctx, void *data, size_t data_sz){
     }
     if (s_event->req_type == REQ_ANSWER){
         int pos = 0;
-        for (int i = 0; i < 32; i++)
+        /*for (int i = 0; i < 50; i++)
             printf("%d ", s_event->buf[i]);
-        printf("\n");
+        printf("\n");*/
         for (int i = 0; i < s_event->numAns; i++){
             print_query(s_event);
-        }
-        /*for (int i = 0; i < s_event->numAns; i++){
-            print_query(s_event);
-            uint16_t type2 = (s_event->buf[pos++]) + (s_event->buf[pos++] << 8);
-            uint16_t class2 = (s_event->buf[pos++]) + (s_event->buf[pos++] << 8);
-            uint32_t ttl2 = (s_event->buf[pos++]) + (s_event->buf[pos++] << 8) + (s_event->buf[pos++] << 16) + (s_event->buf[pos++] << 24);
-            uint16_t size2 = (s_event->buf[pos++]) + (s_event->buf[pos++] << 8);
-            type2 = ntohs(type2);
-            class2 = ntohs(class2);
-	    ttl2 = ntohl(ttl2);
-	    size2 = ntohs(size2);
-            if (type2 == 1) {// -> A
-                uint32_t ip = s_event->buf[pos++] + (s_event->buf[pos++] << 8) + (s_event->buf[pos++] << 16) + (s_event->buf[pos++] << 24);
-                printf("%s (%d)%5d", inet_ntoa(*(struct in_addr*)&ip), type2, ttl2);
+
+            uint16_t msg = s_event->buf[pos++];
+            msg |= s_event->buf[pos++] << 8;
+
+            uint16_t type = s_event->buf[pos++];
+            type |= s_event->buf[pos++] << 8;
+            uint16_t class = s_event->buf[pos++];
+            class |= s_event->buf[pos++] << 8;
+
+            uint32_t ttl = s_event->buf[pos++];
+            ttl |= s_event->buf[pos++] << 8;
+            ttl |= s_event->buf[pos++] << 16;
+            ttl |= s_event->buf[pos++] << 24;
+            uint16_t size = s_event->buf[pos++];
+            size |= s_event->buf[pos++] << 8;
+
+            type = ntohs(type);
+            class = ntohs(class);
+            ttl = ntohl(ttl);
+            size = ntohs(size);
+            if (type == 1) { // -> A
+                uint32_t ip = s_event->buf[pos] + (s_event->buf[pos+1] << 8) + (s_event->buf[pos+2] << 16) + (s_event->buf[pos+3] << 24);
+                printf("%s (%d)%5d", inet_ntoa(*(struct in_addr*)&ip), type, ttl);
             }
-            if (type2 == 28){ // -> AAAA
+            if (type == 5) { // -> CNAME
+                char cname[size];
+                int j = 0;
+                for (j = 0; j < size; j++)
+                    cname[j] = s_event->buf[pos + j];
+                printf("%s ", cname);
+            }
+            if (type == 28){ // -> AAAA
 
             }
+            pos += size;
+            //printf("\n %d ", pos);
             printf("\n");
-            printf("%d\n", pos);
-        }*/
+        }
     }
 
     printf("\n");

src/dns-trace.ebpf.c

@@ -154,7 +154,7 @@ static unsigned int get_answer(struct __sk_buff *skb, struct event *s_event, siz
             return 0;
         //offset += 2;
 
-	// For class
+        // For class
         if(bpf_skb_load_bytes(skb, tlen, s_event->buf + offset, sizeof(uint16_t)) < 0)
             return 0;
         tlen += 2;
@@ -343,7 +343,7 @@ static void dnsanswer(struct __sk_buff *skb, struct iphdr ip, struct udphdr udp,
      * otherwise, I have an issue with the eBPF verifier
      */
     offset += sizeof(struct dnshdr) + query_len;
-    offset += 2; // We bypass message compression
+    //offset += 2; // We bypass message compression
     while (index < tlen){
         bpf_skb_load_bytes(skb, offset + index, s_event->buf + index, 1);
         index++;