diff options
| author | emanuele-f <black.silver@hotmail.it> | 2019-03-29 19:58:10 +0100 |
|---|---|---|
| committer | emanuele-f <black.silver@hotmail.it> | 2019-03-29 19:58:10 +0100 |
| commit | c496c7975f5d95fb4e1b9774c3592713cda78206 (patch) | |
| tree | 00f43b39be5641dbc3180c2d32015179fdca199a /src | |
| parent | 8dbe7818eb1755523093029255986982837290a5 (diff) | |
Add DNS response address
Diffstat (limited to 'src')
| -rw-r--r-- | src/include/ndpi_typedefs.h | 1 | ||||
| -rw-r--r-- | src/lib/protocols/dns.c | 16 |
2 files changed, 17 insertions, 0 deletions
diff --git a/src/include/ndpi_typedefs.h b/src/include/ndpi_typedefs.h index 92c011b3d..1bd8fd2db 100644 --- a/src/include/ndpi_typedefs.h +++ b/src/include/ndpi_typedefs.h @@ -1079,6 +1079,7 @@ struct ndpi_flow_struct { struct { u_int8_t num_queries, num_answers, reply_code; u_int16_t query_type, query_class, rsp_type; + ndpi_ip_addr_t rsp_addr; /* The first address in a DNS response packet */ } dns; struct { diff --git a/src/lib/protocols/dns.c b/src/lib/protocols/dns.c index d17acd2bd..b99e5a5da 100644 --- a/src/lib/protocols/dns.c +++ b/src/lib/protocols/dns.c @@ -186,6 +186,22 @@ void ndpi_search_dns(struct ndpi_detection_module_struct *ndpi_struct, struct nd rsp_type = get16(&x, flow->packet.payload); flow->protos.dns.rsp_type = rsp_type; + + /* here x points to the response "class" field */ + if((x+12) < flow->packet.payload_packet_len) { + x += 6; + data_len = get16(&x, flow->packet.payload); + + if(((x + data_len) < flow->packet.payload_packet_len) + && (((rsp_type == 0x1) && (data_len == 4)) /* A */ +#ifdef NDPI_DETECTION_SUPPORT_IPV6 + || ((rsp_type == 0x1c) && (data_len == 16)) /* AAAA */ +#endif + )) { + memcpy(&flow->protos.dns.rsp_addr, flow->packet.payload + x, data_len); + } + } + break; } } |