Update

2025-01-29 15:05:09 +01:00 · 2025-01-29 15:05:09 +01:00 · 6aa1eed6ee
commit 6aa1eed6ee
parent b57efa5cad
4 changed files with 123141 additions and 69923 deletions
--- a/BIN
+++ b/BIN
--- a/src/dns-trace.ebpf.c
+++ b/src/dns-trace.ebpf.c
@ -126,7 +126,7 @@ static unsigned int get_answer(struct __sk_buff *skb, struct event *s_event, siz
    if(bpf_skb_load_bytes(skb, tlen, &buf, 2) < 0)
        return 0;
    bpf_printk("tlen: %d", tlen);
-    tlen += 2;
+    tlen += 4; // For the message compression
    /*
     * According to the RFC 1035 (https://datatracker.ietf.org/doc/html/rfc1035#section-4.1.4)
     * In the section 4.1.4, message compression, the first two bits are set at 11 (0xc),
@ -156,7 +156,7 @@ static unsigned int get_answer(struct __sk_buff *skb, struct event *s_event, siz
            return 0;
        if(bpf_skb_load_bytes(skb, tlen, s_event->buf + offset, sizeof(uint16_t)) < 0)
            return 0;
-        tlen += 4;
+        tlen += 2;

        // Get ttl
        if(bpf_skb_load_bytes(skb, tlen, s_event->buf + offset, sizeof(uint32_t)) < 0)
--- a/src/dns-trace.ebpf.o
+++ b/src/dns-trace.ebpf.o
--- a/src/vmlinux.h
+++ b/src/vmlinux.h