diff options
| author | liuxueli <[email protected]> | 2024-08-03 03:14:12 +0000 |
|---|---|---|
| committer | liuxueli <[email protected]> | 2024-08-03 03:14:12 +0000 |
| commit | 256211094a27e09832ab06b7602446bc23a38e25 (patch) | |
| tree | 30dc032cc7c67373d368954fa38caa86218e2455 /src/dns_decoder.cpp | |
| parent | da0a82039f1974a4b3e5ad80116c93c0e6b1ca9c (diff) | |
Diffstat (limited to 'src/dns_decoder.cpp')
| -rw-r--r-- | src/dns_decoder.cpp | 66 |
1 files changed, 48 insertions, 18 deletions
diff --git a/src/dns_decoder.cpp b/src/dns_decoder.cpp index c48cf85..784ad07 100644 --- a/src/dns_decoder.cpp +++ b/src/dns_decoder.cpp @@ -12,6 +12,11 @@ #include "fieldstat/fieldstat_easy.h" +#include "uuid_v4/uuid_v4.h" + +std::random_device rd; +thread_local UUIDv4::UUIDGenerator<std::mt19937_64> dns_decoder_uuidGenerator(rd()); + #ifdef __cplusplus extern "C" { @@ -27,6 +32,8 @@ extern "C" } #endif +#define DNS_UUID_BYTES_SZ 16 + #define DNS_HEADER_SIZE 12 #define DNS_DECODER_FALSE 0 @@ -67,7 +74,7 @@ struct dns_message int32_t magic; enum dns_message_type type; - int32_t current_trans_idx; + char uuid_bytes[DNS_UUID_BYTES_SZ]; uint8_t decode_rr_status; uint16_t trans_identifier_id; struct dns_flag flag; @@ -134,6 +141,7 @@ struct dns_decoder_plugin_env struct dns_transaction { + char uuid_bytes[DNS_UUID_BYTES_SZ]; int32_t message_id; int32_t trans_idx; UT_hash_handle hh; @@ -352,27 +360,27 @@ int32_t dns_dstring_decode(uint8_t *payload, size_t payload_sz, size_t *payload_ } -static size_t integer_tag_fill(struct fieldstat_tag *tag, const char *key, long long value) +static size_t integer_tag_fill(struct field *tag, const char *key, long long value) { if(tag==NULL || key==NULL || strlen(key)==0) { return 0; } - tag->type=TAG_INTEGER; + tag->type=FIELD_VALUE_INTEGER; tag->key=key; tag->value_longlong=value; return 1; } -static size_t string_tag_fill(struct fieldstat_tag *tag, const char *key, const char *value) +static size_t string_tag_fill(struct field *tag, const char *key, const char *value) { if(tag==NULL || key==NULL || value==NULL || strlen(key)==0 || strlen(value)==0) { return 0; } - tag->type=TAG_CSTRING; + tag->type=FIELD_VALUE_CSTRING; tag->key=key; tag->value_str=value; return 1; @@ -386,7 +394,7 @@ void dns_decoder_local_file_counter_incby(struct dns_decoder_plugin_env *plugin_ } size_t tags_offset=0; - struct fieldstat_tag tags[n_tags+2]={0}; + struct field tags[n_tags+2]={0}; tags_offset+=string_tag_fill(&(tags[tags_offset]), "decoder", "dns"); @@ -1203,12 +1211,12 @@ void dns_decoder_session_transaction_del(struct dns_decoder_context *per_ss_ctx, FREE(current_trans); } -void dns_message_transaction_publish(struct session *ss, enum dns_message_type type, int32_t topic_id, int32_t current_trans_idx) +void dns_message_transaction_publish(struct session *ss, enum dns_message_type type, int32_t topic_id, char *uuid_bytes, size_t uuid_bytes_sz) { struct dns_message *msg=(struct dns_message *)CALLOC(struct dns_message, 1); msg->magic=DNS_MESSAGE_MAGIC; msg->type=type; - msg->current_trans_idx=current_trans_idx; + memcpy(msg->uuid_bytes, uuid_bytes, MIN(uuid_bytes_sz, sizeof(msg->uuid_bytes))); session_mq_publish_message(ss, topic_id, msg); } @@ -1234,6 +1242,16 @@ const char *dns_decoder_ipproto_string_get(struct session *ss) return TAG_VALUE_UNKNOWN; } +void dns_response_packet() +{ + +} + +void dns_query_packet() +{ + +} + void dns_decoder_entry(struct session *ss, uint8_t *payload, size_t payload_sz, void *per_session_ctx, void *plugin_env_str) { struct dns_header dns_hdr={0}; @@ -1283,6 +1301,7 @@ void dns_decoder_entry(struct session *ss, uint8_t *payload, size_t payload_sz, } int32_t current_trans_idx=0; + struct dns_transaction response_transaction={0}; struct dns_transaction *current_trans=NULL; struct dns_decoder_context *per_ss_ctx=(struct dns_decoder_context *)per_session_ctx; @@ -1292,7 +1311,7 @@ void dns_decoder_entry(struct session *ss, uint8_t *payload, size_t payload_sz, HASH_FIND_INT(per_ss_ctx->trans_hash, &message_id, current_trans); if(current_trans!=NULL && msg_type==DNS_MESSAGE_QUERY) { - dns_message_transaction_publish(ss, DNS_MESSAGE_TRANSACTION_END, plugin_env->dns.topic_id, current_trans->trans_idx); + dns_message_transaction_publish(ss, DNS_MESSAGE_TRANSACTION_END, plugin_env->dns.topic_id, current_trans->uuid_bytes, sizeof(current_trans->uuid_bytes)); dns_decoder_session_transaction_del(per_ss_ctx, current_trans); current_trans=NULL; @@ -1310,10 +1329,20 @@ void dns_decoder_entry(struct session *ss, uint8_t *payload, size_t payload_sz, current_trans=(struct dns_transaction *)CALLOC(struct dns_transaction, 1); current_trans->trans_idx=current_trans_idx; current_trans->message_id=message_id; + UUIDv4::UUID uid=dns_decoder_uuidGenerator.getUUID(); + uid.bytes(current_trans->uuid_bytes); dns_decoder_session_transaction_add(per_ss_ctx, current_trans); } + else + { + current_trans=&response_transaction; + current_trans->trans_idx=current_trans_idx; + current_trans->message_id=message_id; + UUIDv4::UUID uid=dns_decoder_uuidGenerator.getUUID(); + uid.bytes(current_trans->uuid_bytes); + } - dns_message_transaction_publish(ss, DNS_MESSAGE_TRANSACTION_BEGIN, plugin_env->dns.topic_id, current_trans_idx); + dns_message_transaction_publish(ss, DNS_MESSAGE_TRANSACTION_BEGIN, plugin_env->dns.topic_id, current_trans->uuid_bytes, sizeof(current_trans->uuid_bytes)); size_t tag_offset=3; const char *tag_key[tag_offset]={TAG_KEY_IPPROTO, TAG_KEY_MESSAGE_TYPE, TAG_KEY_MESSAGE_STATUS}; @@ -1327,7 +1356,7 @@ void dns_decoder_entry(struct session *ss, uint8_t *payload, size_t payload_sz, data_msg->payload_sz=payload_sz; data_msg->payload_offset=payload_offset; data_msg->decode_rr_status=DNS_RR_STATUS_INIT; - data_msg->current_trans_idx=current_trans_idx; + memcpy(data_msg->uuid_bytes, current_trans->uuid_bytes, MIN(sizeof(data_msg->uuid_bytes), sizeof(current_trans->uuid_bytes))); session_mq_publish_message(ss, plugin_env->dns.topic_id, data_msg); @@ -1339,7 +1368,7 @@ void dns_decoder_entry(struct session *ss, uint8_t *payload, size_t payload_sz, if(msg_type==DNS_MESSAGE_RESPONSE) { - dns_message_transaction_publish(ss, DNS_MESSAGE_TRANSACTION_END, plugin_env->dns.topic_id, current_trans_idx); + dns_message_transaction_publish(ss, DNS_MESSAGE_TRANSACTION_END, plugin_env->dns.topic_id, current_trans->uuid_bytes, sizeof(current_trans->uuid_bytes)); dns_decoder_session_transaction_del(per_ss_ctx, current_trans); size_t tag_offset=3; @@ -1351,7 +1380,7 @@ void dns_decoder_entry(struct session *ss, uint8_t *payload, size_t payload_sz, if(per_ss_ctx->trans_list_num > plugin_env->max_cache_trans_num) { current_trans=per_ss_ctx->trans_list_head; - dns_message_transaction_publish(ss, DNS_MESSAGE_TRANSACTION_END, plugin_env->dns.topic_id, current_trans->trans_idx); + dns_message_transaction_publish(ss, DNS_MESSAGE_TRANSACTION_END, plugin_env->dns.topic_id, current_trans->uuid_bytes, sizeof(current_trans->uuid_bytes)); dns_decoder_session_transaction_del(per_ss_ctx, current_trans); size_t tag_offset=3; @@ -1381,7 +1410,7 @@ int dns_decoder_transaction_end_in_closing(struct session *ss, void *per_session struct dns_transaction *current_trans=NULL, *tmp_trans=NULL; HASH_ITER(hh, per_ss_ctx->trans_hash, current_trans, tmp_trans) { - dns_message_transaction_publish(ss, DNS_MESSAGE_TRANSACTION_END, plugin_env->dns.topic_id, current_trans->trans_idx); + dns_message_transaction_publish(ss, DNS_MESSAGE_TRANSACTION_END, plugin_env->dns.topic_id, current_trans->uuid_bytes, sizeof(current_trans->uuid_bytes)); dns_decoder_session_transaction_del(per_ss_ctx, current_trans); } @@ -1852,14 +1881,15 @@ extern "C" void dns_decoder_exit(void *plugin_env_str) FREE(plugin_env_str); } -int32_t dns_message_transaction_index_get(struct dns_message *msg) +void dns_message_uuid_get0(struct dns_message *msg, char **value, size_t *value_sz) { if(NULL==msg || msg->magic!=DNS_MESSAGE_MAGIC) { - return -1; + return ; } - - return msg->current_trans_idx; + + (*value)=msg->uuid_bytes; + (*value_sz)=sizeof(msg->uuid_bytes); } enum dns_message_type dns_message_type_get(struct dns_message *msg) |