From 95a725b61cd9b96cacb73ecef254db9860afb38d Mon Sep 17 00:00:00 2001 From: netblue30 Date: Tue, 11 Oct 2022 11:01:01 -0400 Subject: nettrace-dns and nettrace-sni --- src/fnettrace-dns/main.c | 22 +++++++++++++++++++++- 1 file changed, 21 insertions(+), 1 deletion(-) (limited to 'src/fnettrace-dns/main.c') diff --git a/src/fnettrace-dns/main.c b/src/fnettrace-dns/main.c index 0281b5157..28c76a901 100644 --- a/src/fnettrace-dns/main.c +++ b/src/fnettrace-dns/main.c @@ -24,6 +24,8 @@ #include #define MAX_BUF_SIZE (64 * 1024) +static char last[512] = {'\0'}; + // pkt - start of DNS layer void print_dns(uint32_t ip_src, unsigned char *pkt) { assert(pkt); @@ -33,6 +35,8 @@ void print_dns(uint32_t ip_src, unsigned char *pkt) { time_t seconds = time(NULL); struct tm *t = localtime(&seconds); + int nxdomain = (*(pkt + 3) & 0x03 == 0x03)? 1: 0; + // expecting a single question count if (pkt[4] != 0 || pkt[5] != 1) goto errout; @@ -49,8 +53,24 @@ void print_dns(uint32_t ip_src, unsigned char *pkt) { len += delta;; ptr += delta; } + if (*ptr != 0) + goto errout; + + ptr++; + uint16_t type; + memcpy(&type, ptr, 2); + type = ntohs(type); + + // filter output + char tmp[sizeof(last)]; + snprintf(tmp, sizeof(last), "%02d:%02d:%02d %-15s %s (type %u)%s", + t->tm_hour, t->tm_min, t->tm_sec, ip, pkt + 12 + 1, + type, (nxdomain)? " NXDOMAIN": ""); + if (strcmp(tmp, last)) { + printf("%s\n", tmp); + strcpy(last, tmp); + } - printf("%02d:%02d:%02d %15s %s\n", t->tm_hour, t->tm_min, t->tm_sec, ip, pkt + 12 + 1); return; errout: -- cgit v1.2.3-70-g09d2