diff --git a/dns-trace b/dns-trace index c3076d2..3721228 100755 Binary files a/dns-trace and b/dns-trace differ diff --git a/dns-trace_2025-02-08.log b/dns-trace_2025-02-08.log index aa9be6f..82cbda1 100644 --- a/dns-trace_2025-02-08.log +++ b/dns-trace_2025-02-08.log @@ -16,3 +16,7 @@ Feb 08 14:35:12 pc-geoffrey dns-trace: Query;tid=e7ae;192.168.1.37:53;cla Feb 08 14:35:16 pc-geoffrey dns-trace: Query;tid=ed16;192.168.1.37:53;class=IN;type=A; Feb 08 14:35:31 pc-geoffrey dns-trace: Query;tid=28a6;192.168.1.37:53;class=IN;type=A; Feb 08 14:50:39 pc-geoffrey dns-trace: Query;tid=b19f;192.168.1.37:53;class=IN;type=AAAA; +Feb 08 15:05:03 pc-geoffrey dns-trace: Query;tid=cf01;192.168.1.37:53;class=IN;type=AAAA; +Feb 08 15:05:25 pc-geoffrey dns-trace: Query;tid=be09;192.168.1.37:53;class=IN;type=A; +Feb 08 15:05:25 pc-geoffrey dns-trace: Query;tid=67d8;192.168.1.37:53;class=IN;type=A; +Feb 08 15:10:50 pc-geoffrey dns-trace: Query;tid=acaf;192.168.1.37:53;class=IN;type=A; diff --git a/src/.dns-trace.c.swp b/src/.dns-trace.c.swp index 1e43af8..6ea0155 100644 Binary files a/src/.dns-trace.c.swp and b/src/.dns-trace.c.swp differ diff --git a/src/dns-trace.c b/src/dns-trace.c index 5bedaab..8b52883 100644 --- a/src/dns-trace.c +++ b/src/dns-trace.c @@ -37,7 +37,7 @@ struct arguments { */ static char doc[] = "DNS Trace usage:"; -static char args_doc[] = "ARG1 ARG2"; +static char args_doc[] = "[ARGS]"; static error_t parse_opts(int key, char *arg, struct argp_state *state){ struct arguments *arguments = state->input; @@ -86,8 +86,10 @@ struct arguments parse_args(int argc, char *argv[]){ static void signalHandler(int signum){ running = 0; } - -static int open_raw_sock(const char *name) { +/* + * This function create a raw socket and bind it to the ifname + */ +static int create_rsock(const char *name) { struct sockaddr_ll sll; int sock; @@ -110,6 +112,9 @@ static int open_raw_sock(const char *name) { return sock; } +/* + * This function map the type of DNS request + */ static char *mapReqType(const int req){ char *tmp = malloc(8); if (tmp == NULL) @@ -127,6 +132,9 @@ static char *mapReqType(const int req){ }; return tmp; } +/* + * This function map the DNS class RR + */ static char *mapClass(const int class){ char *tmp = malloc(8); if (tmp == NULL) @@ -152,6 +160,9 @@ static char *mapClass(const int class){ } return tmp; } +/* + * This function map the DNS type RR + */ static char *mapType(const int type){ char *tmp = malloc(8); if (tmp == NULL) @@ -231,6 +242,10 @@ static int syslog_time(time_t ts, char t[32], size_t l){ return -1; return 0; } +/* + * This function get the hostname of the system + * If not find, the hostname is ubuntu + */ static void get_hostname(){ /* Get the hostname */ if (gethostname(hostname, 127) == -1){ @@ -264,6 +279,7 @@ static void print_query(struct event *s_event){ free(type); printf("%s", s_event->qname); + printf("\n"); } /* * This function save to log file the query section in rsylog format @@ -413,6 +429,9 @@ static void print_answer(struct event *s_event){ printf("\n"); } } +/* + * This function is called when a new event is pushed in the ring buffer from the eBPf program + */ int handle_event(void *ctx, void *data, size_t data_sz){ struct event *s_event = (struct event*)data; if (s_event->req_type == REQ_QUERY){ @@ -428,8 +447,6 @@ int handle_event(void *ctx, void *data, size_t data_sz){ answer_to_log(s_event); } - printf("\n"); - return 0; } int main(int argc, char *argv[]){ @@ -449,7 +466,7 @@ int main(int argc, char *argv[]){ } printf("Listen to %s\n", arguments.interface); - sock = open_raw_sock(arguments.interface); + sock = create_rsock(arguments.interface); if (sock == -1){ printf("Failed to listen to the interface %s\n", arguments.interface); exit(-1);