From b3eba9ba734dbf7ed7604523a6f08e272a9676fd Mon Sep 17 00:00:00 2001 From: Jean-Louis Huynen Date: Fri, 21 Apr 2023 16:28:25 +0200 Subject: [PATCH] Rename Extract/response_payload into dns_payload (#281) * adds: [logger] raw DNS response * chg: [doc] adds response_payload directive * chg: [transformer] extract transformer in place of response_payload directive * chg: [doc] restore * chg: [transformers] extract - rename response_payload to dns_payload --- config.yml | 2 +- dnsutils/message.go | 2 +- doc/transformers.md | 9 ++++----- 3 files changed, 6 insertions(+), 7 deletions(-) diff --git a/config.yml b/config.yml index 8e9106e0..87c1bcb2 100644 --- a/config.yml +++ b/config.yml @@ -54,7 +54,7 @@ global: # - edns-csubnet: client subnet # - df: ip defragmentation flag # - tr: tcp reassembled flag - # - response_payload: base64-encoded raw DNS response payload + # - dns_payload: base64-encoded raw DNS payload text-format: "timestamp-rfc3339ns identity operation rcode queryip queryport family protocol length qname qtype latency" # default text field delimiter text-format-delimiter: " " diff --git a/dnsutils/message.go b/dnsutils/message.go index 0d5abc51..e9fb5910 100644 --- a/dnsutils/message.go +++ b/dnsutils/message.go @@ -174,7 +174,7 @@ type DnsMessage struct { } type Extracted struct { - Base64Payload []byte `json:"response_payload" msgpack:"response_payload"` + Base64Payload []byte `json:"dns_payload" msgpack:"dns_payload"` } func (dm *DnsMessage) Init() { diff --git a/doc/transformers.md b/doc/transformers.md index 17c9208a..b3173284 100644 --- a/doc/transformers.md +++ b/doc/transformers.md @@ -265,10 +265,10 @@ Example of DNS messages in text format ### Extract -Use this transformer to extract the raw response payload encoded in base64: +Use this transformer to extract the raw dns payload encoded in base64: Options: -- `add-payload`: (boolean) add base64 encoded response payload +- `add-payload`: (boolean) add base64 encoded dns payload ```yaml transforms: @@ -276,9 +276,8 @@ transforms: add-payload: true ``` -When the feature is enabled, an "extracted" field appears in the DNS message and is populated with a "response_payload" field: +When the feature is enabled, an "extracted" field appears in the DNS message and is populated with a "dns_payload" field: ``` -{"network":{"family":"IPv4","protocol":"UDP","query-ip":"10.1.0.123","query-port":"56357","response-ip":"10.7.0.252","response-port":"53","ip-defragmented":false,"tcp-reassembled":false},"dns":{"length":63,"opcode":0,"rcode":"NOERROR","qname":"orange-sanguine.fr","qtype":"A","flags":{"qr":true,"tc":false,"aa":false,"ra":true,"ad":false},"resource-records":{"an":[{"name":"orange-sanguine.fr","rdatatype":"A","ttl":21600,"rdata":"193.203.239.81"}],"ns":[],"ar":[]},"malformed-packet":false},"edns":{"udp-size":1232,"rcode":0,"version":0,"dnssec-ok":0,"options":[]},"dnstap":{"operation":"CLIENT_RESPONSE","identity":"dns-collector","version":"-","timestamp-rfc3339ns":"2023-04-19T11:23:56.018192608Z","latency":"0.000000"},"extracted":{"response_payload":"P6CBgAABAAEAAAABD29yYW5nZS1zYW5ndWluZQJmcgAAAQABwAwAAQABAABUYAAEwcvvUQAAKQTQAAAAAAAA"}} - +{"network":{"family":"IPv4","protocol":"UDP","query-ip":"10.1.0.123","query-port":"56357","response-ip":"10.7.0.252","response-port":"53","ip-defragmented":false,"tcp-reassembled":false},"dns":{"length":63,"opcode":0,"rcode":"NOERROR","qname":"orange-sanguine.fr","qtype":"A","flags":{"qr":true,"tc":false,"aa":false,"ra":true,"ad":false},"resource-records":{"an":[{"name":"orange-sanguine.fr","rdatatype":"A","ttl":21600,"rdata":"193.203.239.81"}],"ns":[],"ar":[]},"malformed-packet":false},"edns":{"udp-size":1232,"rcode":0,"version":0,"dnssec-ok":0,"options":[]},"dnstap":{"operation":"CLIENT_RESPONSE","identity":"dns-collector","version":"-","timestamp-rfc3339ns":"2023-04-19T11:23:56.018192608Z","latency":"0.000000"},"extracted":{"dns_payload":"P6CBgAABAAEAAAABD29yYW5nZS1zYW5ndWluZQJmcgAAAQABwAwAAQABAABUYAAEwcvvUQAAKQTQAAAAAAAA"}} ``` \ No newline at end of file