forked from DNS-OARC/dnsjit
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- `README`/`examples/readme.lua`: Update example to use `filter.coro` - `examples/dumpdns-qr.lua`: Use `core.objects`, `filter.coro` and local variables - `examples/dumpdns.lua`: Use `core.objects`, `filter.coro` and `core.object.dns:print()` - `examples/filter_rcode.lua`: Use `core.objects` and `filter.coro` - `examples/playqr.lua`: Add example of replaying DNS queries and showing the original response vs received response - `examples/replay.lua`: - Add `-t` to use `output.tcpcli` - Add `-u` to use `output.udpcli` - Use `core.object.dns:print()` - `core.compat`: Add documentation - `core.object`: - Add `core.object.payload` - `core_object_copy()`: Disable copying of `core.object.udp` - `core.object.dns`: - Issue DNS-OARC#39: Parse `core.object.payload` instead of `core.object.udp` - Add `rr_reset()` to reset the walking of resource records - Add `print()` to print the DNS message - `core.object.ip`: - Remove payload attributes in favor of `core.object.payload` - Add `source()` and `destination()` to get a string representation of the IP addresses - `core.object.ip6`: - Remove payload attributes in favor of `core.object.payload` - Add `source(pretty)` and `destination(pretty)` to get a string representation of the IP addresses, if `pretty` is true then return easier to read addresses (RFC 5952) - `core.object.payload`: Add new object to hold the payload of any other object with the option to have padding - `core.object.tcp`: Remove payload attributes in favor of `core.object.payload` - `core.object.udp`: Remove payload attributes in favor of `core.object.payload` - `core.objects`: Add new module to easier `require()` all objects - `filter.coro`: Handle error on resume - `filter.layer`: Use `core.object.payload` for all payloads - `core.output.tcpcli`: - Use `core.object.payload` on receive instead of `core.object.tcp` or `core.object.udp` - Issue DNS-OARC#47: Add producer to receive responses - Use non-blocking mode as default - `core.output.udpcli`: - Use `core.object.payload` on receive instead of `core.object.tcp` or `core.object.udp` - Issue DNS-OARC#46: Add producer to receive responses - Use non-blocking mode as default
- Loading branch information
Showing
45 changed files
with
1,044 additions
and
317 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,120 @@ | ||
| #!/usr/bin/env dnsjit | ||
| local ffi = require("ffi") | ||
| local getopt = require("dnsjit.lib.getopt").new({ | ||
| }) | ||
| local pcap, host, port = unpack(getopt:parse()) | ||
|
|
||
| if pcap == nil or host == nil or port == nil then | ||
| print("usage: "..arg[1].." <pcap> <host> <port>") | ||
| return | ||
| end | ||
|
|
||
| local object = require("dnsjit.core.objects") | ||
|
|
||
| function tohex(p, l) | ||
| local o, n = "", 0 | ||
| for n = 0, l do | ||
| o = o .. string.format("%02x", p[n]) | ||
| end | ||
| return o | ||
| end | ||
|
|
||
| local input = require("dnsjit.input.mmpcap").new() | ||
| input:open(pcap) | ||
| local layer = require("dnsjit.filter.layer").new() | ||
| layer:producer(input) | ||
|
|
||
| local udpcli, tcpcli | ||
| local udprecv, udpctx, tcprecv, tcpctx | ||
| local udpprod, tcpprod | ||
|
|
||
| local prod, pctx = layer:produce() | ||
| local queries = {} | ||
| local clipayload = ffi.new("core_object_payload_t") | ||
| clipayload.obj_type = object.CORE_OBJECT_PAYLOAD | ||
| local cliobject = ffi.cast("core_object_t*", clipayload) | ||
|
|
||
| print("id", "query", "original response") | ||
| print("", "", "received response") | ||
|
|
||
| while true do | ||
| local obj = prod(pctx) | ||
| if obj == nil then | ||
| break | ||
| end | ||
| local dns = require("dnsjit.core.object.dns").new(obj) | ||
| if dns and dns:parse() == 0 then | ||
| local ip, proto, payload = obj, obj, obj:cast() | ||
| while ip ~= nil and ip:type() ~= "ip" and ip:type() ~= "ip6" do | ||
| ip = ip.obj_prev | ||
| end | ||
| while proto ~= nil and proto:type() ~= "udp" and proto:type() ~= "tcp" do | ||
| proto = proto.obj_prev | ||
| end | ||
| if ip ~= nil and proto ~= nil then | ||
| ip = ip:cast() | ||
| proto = proto:cast() | ||
| if dns.qr == 0 then | ||
| local k = string.format("%s %d %s %d", ip:source(), proto.sport, ip:destination(), proto.dport) | ||
| local q = { | ||
| id = dns.id, | ||
| proto = proto:type(), | ||
| payload = ffi.new("uint8_t[?]", payload.len), | ||
| len = tonumber(payload.len) | ||
| } | ||
| ffi.copy(q.payload, payload.payload, payload.len) | ||
| queries[k] = q | ||
| else | ||
| local k = string.format("%s %d %s %d", ip:destination(), proto.dport, ip:source(), proto.sport) | ||
| local q = queries[k] | ||
| if q then | ||
| queries[k] = nil | ||
| clipayload.payload = q.payload | ||
| clipayload.len = q.len | ||
|
|
||
| local responses, response = {}, nil | ||
| if q.proto == "udp" then | ||
| if not udpcli then | ||
| udpcli = require("dnsjit.output.udpcli").new() | ||
| udpcli:connect(host, port) | ||
| udprecv, udpctx = udpcli:receive() | ||
| udpprod, _ = udpcli:produce() | ||
| end | ||
| udprecv(udpctx, cliobject) | ||
| while response == nil do | ||
| response = udpprod(udpctx) | ||
| end | ||
| while response ~= nil do | ||
| table.insert(responses, response) | ||
| response = udpprod(udpctx) | ||
| end | ||
| elseif q.proto == "tcp" then | ||
| if not tcpcli then | ||
| tcpcli = require("dnsjit.output.tcpcli").new() | ||
| tcpcli:connect(host, port) | ||
| tcprecv, tcpctx = tcpcli:receive() | ||
| tcpprod, _ = tcpcli:produce() | ||
| end | ||
| tcprecv(tcpctx, cliobject) | ||
| while response == nil do | ||
| response = tcpprod(tcpctx) | ||
| end | ||
| while response ~= nil do | ||
| table.insert(responses, response) | ||
| response = tcpprod(tcpctx) | ||
| end | ||
| end | ||
|
|
||
| print(dns.id, tohex(q.payload, q.len), tohex(payload.payload, tonumber(payload.len))) | ||
| for _, response in pairs(responses) do | ||
| local dns = require("dnsjit.core.object.dns").new(response) | ||
| if dns and dns:parse() == 0 and dns.id == q.id then | ||
| response = response:cast() | ||
| print("", "", tohex(response.payload, tonumber(response.len))) | ||
| end | ||
| end | ||
| end | ||
| end | ||
| end | ||
| end | ||
| end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.