aboutsummaryrefslogtreecommitdiff
path: root/src/lib/protocols
diff options
context:
space:
mode:
authorLuca Deri <deri@ntop.org>2024-10-07 20:06:45 +0200
committerLuca Deri <deri@ntop.org>2024-10-07 20:08:53 +0200
commit55fa92490af593358a0b13ad1708ee9b14eec128 (patch)
tree519b80f2f48583efbd8090ca9ad7e48ae347f99c /src/lib/protocols
parent5475625c463a0c9066986db3263fba4f076ea69c (diff)
Implemented (disabled by default) DNS host cache. You can set the cache size as follows:
ndpiReader --cfg=dpi.address_cache_size,1000 -i <pcap>.pcap In the above example the cache has up to 1000 entries. In jcase ndpiReader exports data in JSON, the cache hostname (if found) is exported in the field server_hostname
Diffstat (limited to 'src/lib/protocols')
-rw-r--r--src/lib/protocols/dns.c11
1 files changed, 11 insertions, 0 deletions
diff --git a/src/lib/protocols/dns.c b/src/lib/protocols/dns.c
index 8a6e2d1a8..d109098d1 100644
--- a/src/lib/protocols/dns.c
+++ b/src/lib/protocols/dns.c
@@ -475,9 +475,20 @@ static int search_valid_dns(struct ndpi_detection_module_struct *ndpi_struct,
|| ((rsp_type == 0x1c) && (data_len == 16)) /* AAAA */
)) {
if(found == 0) {
+ /* Necessary for IP address comparison */
+ memset(&flow->protos.dns.rsp_addr[flow->protos.dns.num_rsp_addr], 0, sizeof(ndpi_ip_addr_t));
+
memcpy(&flow->protos.dns.rsp_addr[flow->protos.dns.num_rsp_addr], packet->payload + x, data_len);
flow->protos.dns.is_rsp_addr_ipv6[flow->protos.dns.num_rsp_addr] = (data_len == 16) ? 1 : 0;
flow->protos.dns.rsp_addr_ttl[flow->protos.dns.num_rsp_addr] = ttl;
+
+ if(ndpi_struct->cfg.address_cache_size)
+ ndpi_cache_address(ndpi_struct,
+ flow->protos.dns.rsp_addr[flow->protos.dns.num_rsp_addr],
+ flow->host_server_name,
+ packet->current_time_ms/1000,
+ flow->protos.dns.rsp_addr_ttl[flow->protos.dns.num_rsp_addr]);
+
if(++flow->protos.dns.num_rsp_addr == MAX_NUM_DNS_RSP_ADDRESSES)
found = 1;
}
Powered by cgit, Themed by Ted Yin.