gbucchino/dns-trace
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update

Browse Source
This commit is contained in:
geoffrey 2025-02-08 15:12:27 +01:00
parent be9022d0a6
commit 8abce2236f
4 changed files with 27 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
dns-trace
View File

Binary file not shown.

4
dns-trace_2025-02-08.log
View File

@ -16,3 +16,7 @@ Feb 08 14:35:12 pc-geoffrey dns-trace: <info> Query;tid=e7ae;192.168.1.37:53;cla
Feb 08 14:35:16 pc-geoffrey dns-trace: <info> Query;tid=ed16;192.168.1.37:53;class=IN;type=A;
Feb 08 14:35:31 pc-geoffrey dns-trace: <info> Query;tid=28a6;192.168.1.37:53;class=IN;type=A;
Feb 08 14:50:39 pc-geoffrey dns-trace: <info> Query;tid=b19f;192.168.1.37:53;class=IN;type=AAAA;
Feb 08 15:05:03 pc-geoffrey dns-trace: <info> Query;tid=cf01;192.168.1.37:53;class=IN;type=AAAA;
Feb 08 15:05:25 pc-geoffrey dns-trace: <info> Query;tid=be09;192.168.1.37:53;class=IN;type=A;
Feb 08 15:05:25 pc-geoffrey dns-trace: <info> Query;tid=67d8;192.168.1.37:53;class=IN;type=A;
Feb 08 15:10:50 pc-geoffrey dns-trace: <info> Query;tid=acaf;192.168.1.37:53;class=IN;type=A;

BIN
src/.dns-trace.c.swp
View File

Binary file not shown.

29
src/dns-trace.c
View File

@ -37,7 +37,7 @@ struct arguments {
*/
static char doc[] = "DNS Trace usage:";
static char args_doc[] = "ARG1 ARG2";
static char args_doc[] = "[ARGS]";
static error_t parse_opts(int key, char *arg, struct argp_state *state){
struct arguments *arguments = state->input;
@ -86,8 +86,10 @@ struct arguments parse_args(int argc, char *argv[]){
static void signalHandler(int signum){
running = 0;
}
static int open_raw_sock(const char *name) {
/*
* This function create a raw socket and bind it to the ifname
*/
static int create_rsock(const char *name) {
struct sockaddr_ll sll;
int sock;
@ -110,6 +112,9 @@ static int open_raw_sock(const char *name) {
return sock;
}
/*
* This function map the type of DNS request
*/
static char *mapReqType(const int req){
char *tmp = malloc(8);
if (tmp == NULL)
@ -127,6 +132,9 @@ static char *mapReqType(const int req){
};
return tmp;
}
/*
* This function map the DNS class RR
*/
static char *mapClass(const int class){
char *tmp = malloc(8);
if (tmp == NULL)
@ -152,6 +160,9 @@ static char *mapClass(const int class){
}
return tmp;
}
/*
* This function map the DNS type RR
*/
static char *mapType(const int type){
char *tmp = malloc(8);
if (tmp == NULL)
@ -231,6 +242,10 @@ static int syslog_time(time_t ts, char t[32], size_t l){
return -1;
return 0;
}
/*
* This function get the hostname of the system
* If not find, the hostname is ubuntu
*/
static void get_hostname(){
/* Get the hostname */
if (gethostname(hostname, 127) == -1){
@ -264,6 +279,7 @@ static void print_query(struct event *s_event){
free(type);
printf("%s", s_event->qname);
printf("\n");
}
/*
* This function save to log file the query section in rsylog format
@ -413,6 +429,9 @@ static void print_answer(struct event *s_event){
printf("\n");
}
}
/*
* This function is called when a new event is pushed in the ring buffer from the eBPf program
*/
int handle_event(void *ctx, void *data, size_t data_sz){
struct event *s_event = (struct event*)data;
if (s_event->req_type == REQ_QUERY){
@ -428,8 +447,6 @@ int handle_event(void *ctx, void *data, size_t data_sz){
answer_to_log(s_event);
}
printf("\n");
return 0;
}
int main(int argc, char *argv[]){
@ -449,7 +466,7 @@ int main(int argc, char *argv[]){
}
printf("Listen to %s\n", arguments.interface);
sock = open_raw_sock(arguments.interface);
sock = create_rsock(arguments.interface);
if (sock == -1){
printf("Failed to listen to the interface %s\n", arguments.interface);
exit(-1);