From 1b9e4de637d112a3a21e7dc2209dd6d5f78c434f Mon Sep 17 00:00:00 2001 From: Henry Aidan Leta Date: Thu, 12 May 2022 15:17:46 -0400 Subject: [PATCH 1/4] add dns ttl to dns dissector and ndpi dns proto struct --- src/include/ndpi_typedefs.h | 1 + src/lib/protocols/dns.c | 15 ++++++++++++++- 2 files changed, 15 insertions(+), 1 deletion(-) diff --git a/src/include/ndpi_typedefs.h b/src/include/ndpi_typedefs.h index c5e98ec7884..8ff0d92e9c0 100644 --- a/src/include/ndpi_typedefs.h +++ b/src/include/ndpi_typedefs.h @@ -1221,6 +1221,7 @@ struct ndpi_flow_struct { struct { u_int8_t num_queries, num_answers, reply_code, is_query; u_int16_t query_type, query_class, rsp_type; + u_int32_t answer_ttl; ndpi_ip_addr_t rsp_addr; /* The first address in a DNS response packet */ } dns; diff --git a/src/lib/protocols/dns.c b/src/lib/protocols/dns.c index 6537b8b2e0d..3eaa96cad82 100644 --- a/src/lib/protocols/dns.c +++ b/src/lib/protocols/dns.c @@ -140,6 +140,16 @@ static u_int16_t get16(int *i, const u_int8_t *payload) { /* *********************************************** */ +static u_int32_t get32(int *i, const u_int8_t *payload) { + u_int32_t v = *(u_int32_t*)&payload[*i]; + + (*i) += 4; + + return(ntohl(v)); +} + +/* *********************************************** */ + static u_int getNameLength(u_int i, const u_int8_t *payload, u_int payloadLen) { if(i >= payloadLen) return(0); @@ -277,6 +287,7 @@ static int search_valid_dns(struct ndpi_detection_module_struct *ndpi_struct, rsp_type = get16(&x, packet->payload); + #ifdef DNS_DEBUG printf("[DNS] [response] response_type=%d\n", rsp_type); #endif @@ -287,7 +298,9 @@ static int search_valid_dns(struct ndpi_detection_module_struct *ndpi_struct, /* here x points to the response "class" field */ if((x+12) <= packet->payload_packet_len) { - x += 6; + x += 2; + uint32_t ttl = get32(&x,packet->payload); + flow->protos.dns.answer_ttl = ttl; data_len = get16(&x, packet->payload); if((x + data_len) <= packet->payload_packet_len) { From a72fc26d9192e2ab52e6d8072eec23b276128bf3 Mon Sep 17 00:00:00 2001 From: Henry Aidan Leta Date: Wed, 18 May 2022 10:31:07 -0400 Subject: [PATCH 2/4] spaces over tabs to match ndpi upstream format --- src/lib/protocols/dns.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/lib/protocols/dns.c b/src/lib/protocols/dns.c index 3eaa96cad82..ca42f948bc5 100644 --- a/src/lib/protocols/dns.c +++ b/src/lib/protocols/dns.c @@ -301,7 +301,7 @@ static int search_valid_dns(struct ndpi_detection_module_struct *ndpi_struct, x += 2; uint32_t ttl = get32(&x,packet->payload); flow->protos.dns.answer_ttl = ttl; - data_len = get16(&x, packet->payload); + data_len = get16(&x, packet->payload); if((x + data_len) <= packet->payload_packet_len) { // printf("[rsp_type: %u][data_len: %u]\n", rsp_type, data_len); From 9e455602d3bdccd8205898cb4b61bc92ebc42fc2 Mon Sep 17 00:00:00 2001 From: Henry Aidan Leta Date: Wed, 18 May 2022 10:39:02 -0400 Subject: [PATCH 3/4] more spaces --- src/lib/protocols/dns.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/lib/protocols/dns.c b/src/lib/protocols/dns.c index ca42f948bc5..ca09055b256 100644 --- a/src/lib/protocols/dns.c +++ b/src/lib/protocols/dns.c @@ -298,10 +298,10 @@ static int search_valid_dns(struct ndpi_detection_module_struct *ndpi_struct, /* here x points to the response "class" field */ if((x+12) <= packet->payload_packet_len) { - x += 2; - uint32_t ttl = get32(&x,packet->payload); - flow->protos.dns.answer_ttl = ttl; - data_len = get16(&x, packet->payload); + x += 2; + uint32_t ttl = get32(&x,packet->payload); + flow->protos.dns.answer_ttl = ttl; + data_len = get16(&x, packet->payload); if((x + data_len) <= packet->payload_packet_len) { // printf("[rsp_type: %u][data_len: %u]\n", rsp_type, data_len); From bda10da86f1b6eba2265ad805d03e6b19b1f513b Mon Sep 17 00:00:00 2001 From: Henry Leta <101420697+hl33ta@users.noreply.github.com> Date: Wed, 18 May 2022 10:40:19 -0400 Subject: [PATCH 4/4] Update src/lib/protocols/dns.c remove extra line Co-authored-by: shla2022 <105384421+shla2022@users.noreply.github.com> --- src/lib/protocols/dns.c | 1 - 1 file changed, 1 deletion(-) diff --git a/src/lib/protocols/dns.c b/src/lib/protocols/dns.c index ca09055b256..51eb20eb570 100644 --- a/src/lib/protocols/dns.c +++ b/src/lib/protocols/dns.c @@ -287,7 +287,6 @@ static int search_valid_dns(struct ndpi_detection_module_struct *ndpi_struct, rsp_type = get16(&x, packet->payload); - #ifdef DNS_DEBUG printf("[DNS] [response] response_type=%d\n", rsp_type); #endif