nettrace-dns and nettrace-sni

1 files changed, 21 insertions, 1 deletions

diff --git a/src/fnettrace-dns/main.c b/src/fnettrace-dns/main.c
index 0281b5157..28c76a901 100644
--- a/src/fnettrace-dns/main.c
+++ b/src/fnettrace-dns/main.c
@@ -24,6 +24,8 @@
 #include <linux/if_ether.h>
 #define MAX_BUF_SIZE (64 * 1024)
 
+static char last[512] = {'\0'};
+
 // pkt - start of DNS layer
 void print_dns(uint32_t ip_src, unsigned char *pkt) {
         assert(pkt);
@@ -33,6 +35,8 @@ void print_dns(uint32_t ip_src, unsigned char *pkt) {
         time_t seconds = time(NULL);
         struct tm *t = localtime(&seconds);
 
+        int nxdomain = (*(pkt + 3) & 0x03 == 0x03)? 1: 0;
+
         // expecting a single question count
         if (pkt[4] != 0 || pkt[5] != 1)
                 goto errout;
@@ -49,8 +53,24 @@ void print_dns(uint32_t ip_src, unsigned char *pkt) {
                 len += delta;;
                 ptr += delta;
         }
+        if (*ptr  != 0)
+                goto errout;
+
+        ptr++;
+        uint16_t type;
+        memcpy(&type, ptr, 2);
+        type = ntohs(type);
+
+        // filter output
+        char tmp[sizeof(last)];
+        snprintf(tmp, sizeof(last), "%02d:%02d:%02d  %-15s  %s (type %u)%s",
+                t->tm_hour, t->tm_min, t->tm_sec, ip, pkt + 12 + 1,
+                type, (nxdomain)? " NXDOMAIN": "");
+        if (strcmp(tmp, last)) {
+                printf("%s\n", tmp);
+                strcpy(last, tmp);
+        }
 
-        printf("%02d:%02d:%02d  %15s  %s\n", t->tm_hour, t->tm_min, t->tm_sec, ip, pkt + 12 + 1);
         return;
 
 errout: