diff options
| author | Luca <deri@ntop.org> | 2024-10-02 15:55:35 +0200 |
|---|---|---|
| committer | Luca <deri@ntop.org> | 2024-10-02 15:55:35 +0200 |
| commit | 45323e3bf8a0fc56fd5f74c12f78e2f27429e701 (patch) | |
| tree | 7c49dc82092a43b645ac8cfd54344fcfa1017604 /src/lib/protocols | |
| parent | 4df60a888b374e4b41298d0d63f98fcaff05786d (diff) | |
Exports DNS A/AAAA responses (up to 4 addresses)
Changed the default to IPv4 (used to be IPv6) in case of DNS error response
Diffstat (limited to 'src/lib/protocols')
| -rw-r--r-- | src/lib/protocols/dns.c | 14 |
1 files changed, 9 insertions, 5 deletions
diff --git a/src/lib/protocols/dns.c b/src/lib/protocols/dns.c index 4e3b09d5b..8a6e2d1a8 100644 --- a/src/lib/protocols/dns.c +++ b/src/lib/protocols/dns.c @@ -445,6 +445,8 @@ static int search_valid_dns(struct ndpi_detection_module_struct *ndpi_struct, /* x points to the response "class" field */ if((x+12) <= packet->payload_packet_len) { + u_int32_t ttl = ntohl(*((u_int32_t*)&packet->payload[x+2])); + x += 6; data_len = get16(&x, packet->payload); @@ -473,16 +475,18 @@ static int search_valid_dns(struct ndpi_detection_module_struct *ndpi_struct, || ((rsp_type == 0x1c) && (data_len == 16)) /* AAAA */ )) { if(found == 0) { - memcpy(&flow->protos.dns.rsp_addr, packet->payload + x, data_len); - flow->protos.dns.is_rsp_addr_ipv6 = (data_len == 16) ? 1 : 0; - found = 1; + memcpy(&flow->protos.dns.rsp_addr[flow->protos.dns.num_rsp_addr], packet->payload + x, data_len); + flow->protos.dns.is_rsp_addr_ipv6[flow->protos.dns.num_rsp_addr] = (data_len == 16) ? 1 : 0; + flow->protos.dns.rsp_addr_ttl[flow->protos.dns.num_rsp_addr] = ttl; + if(++flow->protos.dns.num_rsp_addr == MAX_NUM_DNS_RSP_ADDRESSES) + found = 1; } } - + x += data_len; } } - + if(found && (dns_header->additional_rrs == 0)) { /* In case we have RR we need to iterate |