summaryrefslogtreecommitdiff
path: root/decoders/dns
diff options
context:
space:
mode:
Diffstat (limited to 'decoders/dns')
-rw-r--r--decoders/dns/dns_decoder.c465
-rw-r--r--decoders/dns/dns_resource_record.h29
-rw-r--r--decoders/dns/dns_resource_record_exporter.c74
-rw-r--r--decoders/dns/version.map21
4 files changed, 156 insertions, 433 deletions
diff --git a/decoders/dns/dns_decoder.c b/decoders/dns/dns_decoder.c
index 55463d6..f986521 100644
--- a/decoders/dns/dns_decoder.c
+++ b/decoders/dns/dns_decoder.c
@@ -15,13 +15,9 @@
#include "stellar/utils.h"
#include "stellar/session.h"
#include "stellar/mq.h"
-#include "stellar/session_manager.h"
#define DNS_HEADER_SIZE 12
-#define DNS_DECODER_FALSE 0
-#define DNS_DECODER_TRUE 1
-
// INIT, SUCCESS, FAILURE
#define DNS_RR_STATUS_INIT 1
#define DNS_RR_STATUS_SUCCESS 2
@@ -54,22 +50,6 @@
#define DNS_DECODER_MOUDLE_NAME "dns_decoder"
-struct dns_resource_record_resolver
-{
- uint8_t decode_rr_status;
- uint16_t n_answer_rr;
- uint16_t n_authority_rr;
- uint16_t n_additional_rr;
- struct dns_resource_record *answer_rr;
- struct dns_resource_record *authority_rr;
- struct dns_resource_record *additional_rr;
- int32_t rr_capacity_offset;
- int32_t rr_capacity_sz;
- struct dns_resource_record *rr_capacity;
- struct session *sess;
- struct dns_decoder_plugin_env *plugin_env;
-};
-
struct dns_decoder_stat
{
int *metric_id;
@@ -102,25 +82,12 @@ struct dns_decoder_plugin_env
struct dns_decoder_stat stat;
};
-struct dns_transaction
-{
- int32_t message_id;
- int32_t trans_idx;
- UT_hash_handle hh;
- struct dns_transaction *prev;
- struct dns_transaction *next;
-};
-
struct dns_decoder_context
{
int32_t trans_count;
size_t cache_sz;
uint8_t cache_ptr[2];
-
const char *ipproto;
- short trans_list_num;
- struct dns_transaction *trans_list_head;
- struct dns_transaction *trans_hash;
};
struct dns_header
@@ -1112,82 +1079,43 @@ int32_t dns_query_question_decode(struct dns_query_question *question, uint8_t *
void dns_message_free(void *expr_str, void *msg_free_arg __attribute__((unused)))
{
- struct dns_message *msg=(struct dns_message *)expr_str;
- if(msg->magic!=DNS_MESSAGE_MAGIC)
- {
- // abort();
- }
-
- if(msg->type==DNS_MESSAGE_TRANSACTION_BEGIN || msg->type==DNS_MESSAGE_TRANSACTION_END)
- {
- FREE(msg);
- return ;
- }
-
- msg->magic=0;
- msg->type=DNS_MESSAGE_MAX;
-
- msg->sess=NULL;
- msg->payload=NULL;
- msg->payload_sz=0;
- msg->payload_offset=0;
-
- msg->n_question=0;
- msg->n_answer_rr=0;
- msg->n_authority_rr=0;
- msg->n_additional_rr=0;
-
- msg->n_real_answer_rr=0;
- msg->n_real_authority_rr=0;
- msg->n_real_additional_rr=0;
-
- msg->answer_rr=NULL;
- msg->authority_rr=NULL;
- msg->additional_rr=NULL;
-
- msg->trans_identifier_id=0;
- msg->decode_rr_status=DNS_RR_STATUS_INIT;
- memset(&(msg->flag), 0, sizeof(struct dns_flag));
- //memset(&(msg->question), 0, sizeof(struct dns_query_question));
-
- msg->rr_capacity_offset=0;
-}
-
-void dns_decoder_session_transaction_add(struct dns_decoder_context *per_ss_ctx, struct dns_transaction *current_trans)
-{
- HASH_ADD_INT(per_ss_ctx->trans_hash, message_id, current_trans);
- DL_APPEND(per_ss_ctx->trans_list_head, current_trans);
- per_ss_ctx->trans_list_num++;
-}
-
-void dns_decoder_session_transaction_del(struct dns_decoder_context *per_ss_ctx, struct dns_transaction *current_trans)
-{
- if(per_ss_ctx->trans_list_head==NULL || current_trans==NULL)
+ if(expr_str==NULL)
{
return ;
}
- DL_DELETE(per_ss_ctx->trans_list_head, current_trans);
- per_ss_ctx->trans_list_num--;
+ struct dns_message *dns_msg=(struct dns_message *)expr_str;
- HASH_DEL(per_ss_ctx->trans_hash, current_trans);
- FREE(current_trans);
-}
-
-void dns_message_transaction_publish(enum dns_message_type type, struct mq_runtime *mq_rt, int32_t topic_id, uint16_t trans_identifier_id)
-{
- struct dns_message *msg=(struct dns_message *)CALLOC(struct dns_message, 1);
- msg->magic=DNS_MESSAGE_MAGIC;
- msg->type=type;
- msg->trans_identifier_id=trans_identifier_id;
-
- mq_runtime_publish_message(mq_rt, topic_id, msg);
+ dns_msg->transaction_id=0;
+ dns_msg->n_question=0;
+ dns_msg->n_answer_rr=0;
+ dns_msg->n_authority_rr=0;
+ dns_msg->n_additional_rr=0;
+ dns_msg->rr_payload=NULL;
+ dns_msg->rr_payload_sz=0;
+ dns_msg->rr_payload_offset=0;
+ dns_msg->rr_resolver->sess=NULL;
+ dns_msg->rr_resolver->n_real_answer_rr=0;
+ dns_msg->rr_resolver->n_real_authority_rr=0;
+ dns_msg->rr_resolver->n_real_additional_rr=0;
+ dns_msg->rr_resolver->rr_capacity_offset=0;
+ dns_msg->rr_resolver->decode_rr_status=DNS_RR_STATUS_INIT;
+ dns_msg->rr_resolver->type=0;
+ dns_msg->rr_resolver->plugin_env=NULL;
+ dns_msg->rr_resolver->sess=NULL;
+ dns_msg->rr_resolver->n_answer_rr=0;
+ dns_msg->rr_resolver->n_authority_rr=0;
+ dns_msg->rr_resolver->n_additional_rr=0;
+ dns_msg->rr_resolver->answer_rr=NULL;
+ dns_msg->rr_resolver->authority_rr=NULL;
+ dns_msg->rr_resolver->additional_rr=NULL;
+ dns_msg->rr_resolver->rr_capacity_offset=0;
}
const char *dns_decoder_ipproto_string_get(struct session *sess)
{
enum layer_proto layer4_proto=LAYER_PROTO_NONE;
- const struct packet *rawpkt=session_get0_current_packet(sess);
+ const struct packet *rawpkt=session_get_current_packet(sess);
int layer_count=packet_get_layer_count(rawpkt);
for(int i=layer_count; i>0; i--)
{
@@ -1256,14 +1184,13 @@ void dns_decoder_entry(struct session *sess, uint8_t *payload, size_t payload_sz
int32_t thread_id=stellar_module_manager_get_thread_id(plugin_env->mod_mgr);
struct dns_message *data_msg=&(plugin_env->per_thread_data_msg[thread_id]);
- data_msg->sess=NULL;
- data_msg->n_real_answer_rr=0;
- data_msg->n_real_authority_rr=0;
- data_msg->n_real_additional_rr=0;
- data_msg->rr_capacity_offset=0;
-
- data_msg->magic=DNS_MESSAGE_MAGIC;
- data_msg->trans_identifier_id=dns_hdr.id;
+ data_msg->rr_resolver->sess=NULL;
+ data_msg->rr_resolver->n_real_answer_rr=0;
+ data_msg->rr_resolver->n_real_authority_rr=0;
+ data_msg->rr_resolver->n_real_additional_rr=0;
+ data_msg->rr_resolver->rr_capacity_offset=0;
+
+ data_msg->transaction_id=dns_hdr.id;
dns_flag_copy(&(data_msg->flag), &dns_hdr);
data_msg->n_question=dns_hdr.qdcount;
@@ -1286,114 +1213,24 @@ void dns_decoder_entry(struct session *sess, uint8_t *payload, size_t payload_sz
dns_decoder_local_file_counter_incby(plugin_env, LOCAL_STAT_COUNTER_OK, tag_key, tag_value, sizeof(tag_key)/sizeof(tag_key[0]), 1);
}
- int32_t current_trans_idx=0;
- struct dns_transaction response_transaction={0};
- struct dns_transaction *current_trans=NULL;
-
- int32_t message_id=data_msg->trans_identifier_id;
- enum dns_message_type msg_type=((dns_hdr.qr==0) ? DNS_MESSAGE_QUERY : DNS_MESSAGE_RESPONSE);
-
- HASH_FIND_INT(per_ss_ctx->trans_hash, &message_id, current_trans);
- if(current_trans!=NULL && msg_type==DNS_MESSAGE_QUERY)
- {
- dns_message_transaction_publish(DNS_MESSAGE_TRANSACTION_END, stellar_module_manager_get_mq_runtime(plugin_env->mod_mgr), plugin_env->dns.topic_id, current_trans->trans_idx);
- dns_decoder_session_transaction_del(per_ss_ctx, current_trans);
- current_trans=NULL;
-
- const char *tag_key[]={TAG_KEY_IPPROTO, TAG_KEY_MESSAGE_TYPE, TAG_KEY_MESSAGE_STATUS};
- const char *tag_value[]={per_ss_ctx->ipproto, "transaction_end", "duplicate"};
- dns_decoder_local_file_counter_incby(plugin_env, LOCAL_STAT_COUNTER_SEND, tag_key, tag_value, sizeof(tag_key)/sizeof(tag_key[0]), 1);
- }
-
- if(current_trans==NULL)
- {
- current_trans_idx=(++per_ss_ctx->trans_count);
- if(msg_type==DNS_MESSAGE_QUERY)
- {
- current_trans=(struct dns_transaction *)CALLOC(struct dns_transaction, 1);
- current_trans->trans_idx=current_trans_idx;
- current_trans->message_id=message_id;
- dns_decoder_session_transaction_add(per_ss_ctx, current_trans);
- }
- else
- {
- current_trans=&response_transaction;
- current_trans->trans_idx=current_trans_idx;
- current_trans->message_id=message_id;
- }
-
- dns_message_transaction_publish(DNS_MESSAGE_TRANSACTION_BEGIN, stellar_module_manager_get_mq_runtime(plugin_env->mod_mgr), plugin_env->dns.topic_id, current_trans->trans_idx);
-
- const char *tag_key[]={TAG_KEY_IPPROTO, TAG_KEY_MESSAGE_TYPE, TAG_KEY_MESSAGE_STATUS};
- const char *tag_value[]={per_ss_ctx->ipproto, "transaction_begin", "normal"};
- dns_decoder_local_file_counter_incby(plugin_env, LOCAL_STAT_COUNTER_SEND, tag_key, tag_value, sizeof(tag_key)/sizeof(tag_key[0]), 1);
- }
-
- data_msg->sess=sess;
- data_msg->type=msg_type;
- data_msg->payload=payload;
- data_msg->payload_sz=payload_sz;
- data_msg->payload_offset=payload_offset;
- data_msg->decode_rr_status=DNS_RR_STATUS_INIT;
+ data_msg->rr_payload=(char *)payload;
+ data_msg->rr_payload_sz=payload_sz;
+ data_msg->rr_payload_offset=payload_offset;
+ data_msg->rr_resolver->sess=sess;
+ data_msg->rr_resolver->plugin_env=plugin_env;
+ data_msg->rr_resolver->n_answer_rr=data_msg->n_answer_rr;
+ data_msg->rr_resolver->n_authority_rr=data_msg->n_authority_rr;
+ data_msg->rr_resolver->n_additional_rr=data_msg->n_additional_rr;
+ data_msg->rr_resolver->type=((dns_hdr.qr==0) ? DNS_MESSAGE_QUERY : DNS_MESSAGE_RESPONSE);;
+ data_msg->rr_resolver->decode_rr_status=DNS_RR_STATUS_INIT;
mq_runtime_publish_message(stellar_module_manager_get_mq_runtime(plugin_env->mod_mgr), plugin_env->dns.topic_id, data_msg);
-
- {
- const char *tag_key[]={TAG_KEY_IPPROTO, TAG_KEY_MESSAGE_TYPE, TAG_KEY_MESSAGE_STATUS};
- const char *tag_value[]={per_ss_ctx->ipproto, ((msg_type==DNS_MESSAGE_RESPONSE) ? "response" : "query"), "normal"};
- dns_decoder_local_file_counter_incby(plugin_env, LOCAL_STAT_COUNTER_SEND, tag_key, tag_value, sizeof(tag_key)/sizeof(tag_key[0]), 1);
- }
-
- if(msg_type==DNS_MESSAGE_RESPONSE)
- {
- dns_message_transaction_publish(DNS_MESSAGE_TRANSACTION_END, stellar_module_manager_get_mq_runtime(plugin_env->mod_mgr), plugin_env->dns.topic_id, current_trans->trans_idx);
- // dns_decoder_session_transaction_del(per_ss_ctx, current_trans);
-
- const char *tag_key[]={TAG_KEY_IPPROTO, TAG_KEY_MESSAGE_TYPE, TAG_KEY_MESSAGE_STATUS};
- const char *tag_value[]={per_ss_ctx->ipproto, "transaction_end", "normal"};
- dns_decoder_local_file_counter_incby(plugin_env, LOCAL_STAT_COUNTER_SEND, tag_key, tag_value, sizeof(tag_key)/sizeof(tag_key[0]), 1);
- }
-
- if(per_ss_ctx->trans_list_num > plugin_env->max_cache_trans_num)
- {
- current_trans=per_ss_ctx->trans_list_head;
- dns_message_transaction_publish(DNS_MESSAGE_TRANSACTION_END, stellar_module_manager_get_mq_runtime(plugin_env->mod_mgr), plugin_env->dns.topic_id, current_trans->trans_idx);
- dns_decoder_session_transaction_del(per_ss_ctx, current_trans);
-
- const char *tag_key[]={TAG_KEY_IPPROTO, TAG_KEY_MESSAGE_TYPE, TAG_KEY_MESSAGE_STATUS};
- const char *tag_value[]={per_ss_ctx->ipproto, "transaction_end", "terminate"};
- dns_decoder_local_file_counter_incby(plugin_env, LOCAL_STAT_COUNTER_SEND, tag_key, tag_value, sizeof(tag_key)/sizeof(tag_key[0]), 1);
- }
-}
-
-void dns_decoder_transaction_end_in_closed(struct session *sess, void *args)
-{
- struct dns_decoder_plugin_env *plugin_env=(struct dns_decoder_plugin_env *)stellar_module_get_ctx((struct stellar_module *)args);
- struct dns_decoder_context *per_ss_ctx=session_get_exdata(sess, plugin_env->exdata_idx);
-
- if(per_ss_ctx==NULL)
- {
- return ;
- }
-
- const char *tag_key[]={TAG_KEY_IPPROTO, TAG_KEY_MESSAGE_TYPE, TAG_KEY_MESSAGE_STATUS};
- const char *tag_value[]={per_ss_ctx->ipproto, "transaction_end", "closed"};
- dns_decoder_local_file_counter_incby(plugin_env, LOCAL_STAT_COUNTER_SEND, tag_key, tag_value, sizeof(tag_key)/sizeof(tag_key[0]), per_ss_ctx->trans_list_num);
-
- struct dns_transaction *current_trans=NULL, *tmp_trans=NULL;
- HASH_ITER(hh, per_ss_ctx->trans_hash, current_trans, tmp_trans)
- {
- dns_message_transaction_publish(DNS_MESSAGE_TRANSACTION_END, stellar_module_manager_get_mq_runtime(plugin_env->mod_mgr), plugin_env->dns.topic_id, current_trans->trans_idx);
- dns_decoder_session_transaction_del(per_ss_ctx, current_trans);
- }
-
- return ;
}
void dns_decoder_per_session_exdata_new(struct session *sess, struct dns_decoder_context *per_ss_ctx, void *plugin_env_str)
{
uint16_t sport=0,dport=0;
- const struct packet *rawpkt=session_get0_current_packet(sess);
+ const struct packet *rawpkt=session_get_current_packet(sess);
int layer_count=packet_get_layer_count(rawpkt);
for(int i=layer_count; i>0; i--)
{
@@ -1436,7 +1273,7 @@ void dns_decoder_per_session_exdata_free(int idx __attribute__((unused)), void *
}
}
-void dns_udp_session_ingress_packet_cb(struct session *sess, struct packet *pkt __attribute__((unused)), void *args)
+void dns_udp_session_ingress_packet_cb(struct session *sess, enum session_state state __attribute__((unused)), struct packet *pkt __attribute__((unused)), void *args)
{
struct dns_decoder_plugin_env *plugin_env=(struct dns_decoder_plugin_env *)stellar_module_get_ctx((struct stellar_module *)args);
@@ -1453,7 +1290,7 @@ void dns_udp_session_ingress_packet_cb(struct session *sess, struct packet *pkt
return ;
}
- const struct packet *rawpkt=session_get0_current_packet(sess);
+ const struct packet *rawpkt=session_get_current_packet(sess);
size_t pdata_sz=packet_get_payload_len(rawpkt);
uint8_t *pdata=(uint8_t *)packet_get_payload_data(rawpkt);
if(pdata_sz<DNS_HEADER_SIZE || pdata==NULL)
@@ -1464,7 +1301,7 @@ void dns_udp_session_ingress_packet_cb(struct session *sess, struct packet *pkt
dns_decoder_entry(sess, pdata, pdata_sz, per_ss_ctx, plugin_env);
}
-void dns_tcp_stream_session_segment_data_cb(struct session *sess, const char *pdata, uint32_t pdata_sz, void *args)
+void dns_tcp_stream_session_segment_data_cb(struct session *sess, enum session_state state __attribute__((unused)), const char *pdata, uint32_t pdata_sz, void *args)
{
if(pdata_sz==0 || pdata==NULL)
{
@@ -1472,7 +1309,6 @@ void dns_tcp_stream_session_segment_data_cb(struct session *sess, const char *pd
}
struct dns_decoder_plugin_env *plugin_env=(struct dns_decoder_plugin_env *)stellar_module_get_ctx((struct stellar_module *)args);
-
struct dns_decoder_context *per_ss_ctx=session_get_exdata(sess, plugin_env->exdata_idx);
if(per_ss_ctx==NULL)
{
@@ -1750,7 +1586,7 @@ void on_dns_message_dispatch(int topic_id __attribute__((unused)), void *msg, o
#pragma GCC diagnostic pop
struct dns_message *dns_msg=(struct dns_message *)msg;
- dns_msg_cb(dns_msg->sess, dns_msg->type, dns_msg, on_msg_cb_arg);
+ dns_msg_cb(dns_msg->rr_resolver->sess, dns_msg->transaction_id, dns_msg->rr_resolver->type, dns_msg, on_msg_cb_arg);
}
int dns_decoder_subscribe_dns_message(struct stellar_module_manager *mod_mgr, on_dns_message_callback *on_dns_msg_cb, void *args)
@@ -1805,13 +1641,6 @@ struct stellar_module *dns_decoder_load(struct stellar_module_manager *mod_mgr)
exit(0);
}
- ret=session_manager_subscribe_free(sess_mgr, dns_decoder_transaction_end_in_closed, (void *)dns_module);
- if(ret<0)
- {
- printf("dns_decoder_load: session_manager_subscribe_free failed\n");
- exit(0);
- }
-
plugin_env->exdata_idx=session_manager_new_session_exdata_index(sess_mgr, "DNS_DECODER_MODULE", dns_decoder_per_session_exdata_free, NULL);
if(plugin_env->exdata_idx<0)
{
@@ -1838,9 +1667,10 @@ struct stellar_module *dns_decoder_load(struct stellar_module_manager *mod_mgr)
plugin_env->per_thread_data_msg=(struct dns_message *)CALLOC(struct dns_message, thread_count);
for(int i=0; i<thread_count; i++)
{
- plugin_env->per_thread_data_msg[i].plugin_env=plugin_env;
- plugin_env->per_thread_data_msg[i].rr_capacity_sz=plugin_env->max_rr_num;
- plugin_env->per_thread_data_msg[i].rr_capacity=(struct dns_resource_record *)CALLOC(struct dns_resource_record, plugin_env->max_rr_num);
+ plugin_env->per_thread_data_msg[i].rr_resolver=(struct dns_resource_record_resolver *)CALLOC(struct dns_resource_record_resolver, 1);
+ plugin_env->per_thread_data_msg[i].rr_resolver->plugin_env=plugin_env;
+ plugin_env->per_thread_data_msg[i].rr_resolver->rr_capacity_sz=plugin_env->max_rr_num;
+ plugin_env->per_thread_data_msg[i].rr_resolver->rr_capacity=(struct dns_resource_record *)CALLOC(struct dns_resource_record, plugin_env->max_rr_num);
}
printf("dns_decoder_load: n_net_port: %d exdata_idx: %d, topic: [{name: %s -> id: %d}] \n",
@@ -1868,7 +1698,8 @@ void dns_decoder_unload(struct stellar_module_manager *mod_mgr, struct stellar_m
int32_t thread_count=stellar_module_manager_get_max_thread_num(mod_mgr);
for(int32_t i=0; i<thread_count; i++)
{
- FREE(plugin_env->per_thread_data_msg[i].rr_capacity);
+ FREE(plugin_env->per_thread_data_msg[i].rr_resolver->rr_capacity);
+ FREE(plugin_env->per_thread_data_msg[i].rr_resolver);
}
plugin_env->max_rr_num=0;
@@ -1895,74 +1726,6 @@ void dns_decoder_unload(struct stellar_module_manager *mod_mgr, struct stellar_m
stellar_module_free(mod);
}
-enum dns_message_type dns_message_type_get(struct dns_message *msg)
-{
- return ((NULL==msg) ? DNS_MESSAGE_MAX : msg->type);
-}
-
-int32_t dns_message_header_id_get(struct dns_message *msg)
-{
- return ((NULL==msg || msg->magic!=DNS_MESSAGE_MAGIC || msg->type==DNS_MESSAGE_TRANSACTION_BEGIN || msg->type==DNS_MESSAGE_TRANSACTION_END) ? -1 : msg->trans_identifier_id);
-}
-
-int32_t dns_message_header_qdcount_get(struct dns_message *msg)
-{
- return ((NULL==msg || msg->magic!=DNS_MESSAGE_MAGIC || msg->type==DNS_MESSAGE_TRANSACTION_BEGIN || msg->type==DNS_MESSAGE_TRANSACTION_END) ? -1 : msg->n_question);
-}
-
-int32_t dns_message_header_ancount_get(struct dns_message *msg)
-{
- return ((NULL==msg || msg->magic!=DNS_MESSAGE_MAGIC || msg->type==DNS_MESSAGE_TRANSACTION_BEGIN || msg->type==DNS_MESSAGE_TRANSACTION_END) ? -1 : msg->n_answer_rr);
-}
-
-int32_t dns_message_header_aucount_get(struct dns_message *msg)
-{
- return ((NULL==msg || msg->magic!=DNS_MESSAGE_MAGIC || msg->type==DNS_MESSAGE_TRANSACTION_BEGIN || msg->type==DNS_MESSAGE_TRANSACTION_END) ? -1 : msg->n_authority_rr);
-}
-
-int32_t dns_message_header_adcount_get(struct dns_message *msg)
-{
- return ((NULL==msg || msg->magic!=DNS_MESSAGE_MAGIC || msg->type==DNS_MESSAGE_TRANSACTION_BEGIN || msg->type==DNS_MESSAGE_TRANSACTION_END) ? -1 : msg->n_additional_rr);
-}
-
-struct dns_flag *dns_message_header_flag_get0(struct dns_message *msg)
-{
- if(NULL==msg || msg->magic!=DNS_MESSAGE_MAGIC || msg->type==DNS_MESSAGE_TRANSACTION_BEGIN || msg->type==DNS_MESSAGE_TRANSACTION_END)
- {
- return NULL;
- }
-
- return &(msg->flag);
-}
-
-const char *dns_query_question_qname_get0(struct dns_query_question *question)
-{
- return ((question!=NULL) ? (char *)(question->qname) : NULL);
-}
-
-int32_t dns_query_question_qtype_get0(struct dns_query_question *question)
-{
- return ((question!=NULL) ? (int32_t)question->qtype : (int32_t)(DNS_RR_TYPE_UNKNOWN));
-}
-
-int32_t dns_query_question_qclass_get0(struct dns_query_question *question)
-{
- return ((question!=NULL) ? question->qclass : -1);
-}
-
-void dns_message_query_question_get0(struct dns_message *msg, struct dns_query_question **question, uint16_t *n_question)
-{
- if(msg==NULL || msg->magic!=DNS_MESSAGE_MAGIC || msg->type==DNS_MESSAGE_TRANSACTION_BEGIN || msg->type==DNS_MESSAGE_TRANSACTION_END || msg->n_question==0)
- {
- (*question)=NULL;
- (*n_question)=0;
- return ;
- }
-
- (*question)=&(msg->question);
- (*n_question)=msg->n_question;
-}
-
int32_t dns_resource_record_buff_get0(struct dns_resource_record *rr_capacity, int32_t rr_capacity_sz, int32_t *rr_capacity_offset, struct dns_resource_record **rr, uint16_t n_rr, uint16_t *n_real_rr)
{
if(n_rr==0)
@@ -1987,24 +1750,11 @@ int32_t dns_resource_record_buff_get0(struct dns_resource_record *rr_capacity, i
return DNS_DECODER_TRUE;
}
-int32_t dns_message_resource_record_serialize(struct dns_message *msg)
+int32_t dns_message_resource_record_serialize(struct dns_resource_record_resolver *rr_resolver, char *rr_payload, size_t rr_payload_sz, size_t rr_payload_offset)
{
- if(msg==NULL || msg->magic!=DNS_MESSAGE_MAGIC)
- {
- return DNS_DECODER_FALSE;
- }
-
- const char *ipproto=dns_decoder_ipproto_string_get(msg->sess);
+ const char *ipproto=dns_decoder_ipproto_string_get(rr_resolver->sess);
- if(msg->type==DNS_MESSAGE_TRANSACTION_BEGIN || msg->type==DNS_MESSAGE_TRANSACTION_END)
- {
- const char *tag_key[]={TAG_KEY_IPPROTO, TAG_KEY_DNS_QR, TAG_KEY_DNS_SECTION};
- const char *tag_value[]={ipproto, ((msg->type==DNS_MESSAGE_TRANSACTION_BEGIN) ? "begin" : "end"), "none"};
- dns_decoder_local_file_counter_incby(msg->plugin_env, LOCAL_STAT_COUNTER_ERROR, tag_key, tag_value, sizeof(tag_key)/sizeof(tag_key[0]), 1);
- return DNS_DECODER_FALSE;
- }
-
- switch(msg->decode_rr_status)
+ switch(rr_resolver->decode_rr_status)
{
case DNS_RR_STATUS_INIT:
break;
@@ -2016,95 +1766,78 @@ int32_t dns_message_resource_record_serialize(struct dns_message *msg)
abort();
}
- if(msg->payload_offset>=msg->payload_sz)
+ if(rr_payload_offset>=rr_payload_sz)
{
- msg->answer_rr=NULL;
- msg->n_real_answer_rr=0;
- msg->authority_rr=NULL;
- msg->n_real_authority_rr=0;
- msg->additional_rr=NULL;
- msg->n_real_additional_rr=0;
- msg->decode_rr_status=DNS_RR_STATUS_SUCCESS;
+ rr_resolver->answer_rr=NULL;
+ rr_resolver->n_real_answer_rr=0;
+ rr_resolver->authority_rr=NULL;
+ rr_resolver->n_real_authority_rr=0;
+ rr_resolver->additional_rr=NULL;
+ rr_resolver->n_real_additional_rr=0;
+ rr_resolver->decode_rr_status=DNS_RR_STATUS_SUCCESS;
return DNS_DECODER_TRUE;
}
- if(msg->n_answer_rr>0)
+ uint8_t *payload=(uint8_t *)rr_payload;
+ size_t payload_sz=rr_payload_sz;
+ size_t payload_offset=rr_payload_offset;
+
+ if(rr_resolver->n_answer_rr>0)
{
const char *tag_key[]={TAG_KEY_IPPROTO, TAG_KEY_DNS_QR, TAG_KEY_DNS_SECTION};
- const char *tag_value[]={ipproto, ((msg->type==DNS_MESSAGE_QUERY) ? "query" : "response"), "answer"};
- dns_resource_record_buff_get0(msg->rr_capacity, msg->rr_capacity_sz, &(msg->rr_capacity_offset), &(msg->answer_rr), msg->n_answer_rr, &(msg->n_real_answer_rr));
- int32_t ret=dns_resource_record_decode(msg->payload, msg->payload_sz, &(msg->payload_offset), msg->answer_rr, msg->n_real_answer_rr);
+ const char *tag_value[]={ipproto, ((rr_resolver->type==DNS_MESSAGE_QUERY) ? "query" : "response"), "answer"};
+ dns_resource_record_buff_get0(rr_resolver->rr_capacity, rr_resolver->rr_capacity_sz, &(rr_resolver->rr_capacity_offset), &(rr_resolver->answer_rr), rr_resolver->n_answer_rr, &(rr_resolver->n_real_answer_rr));
+ int32_t ret=dns_resource_record_decode(payload, payload_sz, &(payload_offset), rr_resolver->answer_rr, rr_resolver->n_real_answer_rr);
if(ret==DNS_DECODER_FALSE)
{
- msg->answer_rr=NULL;
- msg->n_real_answer_rr=0;
- msg->decode_rr_status=DNS_RR_STATUS_FAILURE;
+ rr_resolver->answer_rr=NULL;
+ rr_resolver->n_real_answer_rr=0;
+ rr_resolver->decode_rr_status=DNS_RR_STATUS_FAILURE;
- dns_decoder_local_file_counter_incby(msg->plugin_env, LOCAL_STAT_COUNTER_ERROR, tag_key, tag_value, sizeof(tag_key)/sizeof(tag_key[0]), 1);
+ dns_decoder_local_file_counter_incby(rr_resolver->plugin_env, LOCAL_STAT_COUNTER_ERROR, tag_key, tag_value, sizeof(tag_key)/sizeof(tag_key[0]), 1);
return DNS_DECODER_FALSE;
}
- dns_decoder_local_file_counter_incby(msg->plugin_env, LOCAL_STAT_COUNTER_OK, tag_key, tag_value, sizeof(tag_key)/sizeof(tag_key[0]), 1);
+ dns_decoder_local_file_counter_incby(rr_resolver->plugin_env, LOCAL_STAT_COUNTER_OK, tag_key, tag_value, sizeof(tag_key)/sizeof(tag_key[0]), 1);
}
- if(msg->n_authority_rr>0)
+ if(rr_resolver->n_authority_rr>0)
{
const char *tag_key[]={TAG_KEY_IPPROTO, TAG_KEY_DNS_QR, TAG_KEY_DNS_SECTION};
- const char *tag_value[]={ipproto, ((msg->type==DNS_MESSAGE_QUERY) ? "query" : "response"), "authority"};
- dns_resource_record_buff_get0(msg->rr_capacity, msg->rr_capacity_sz, &(msg->rr_capacity_offset), &(msg->authority_rr), msg->n_authority_rr, &(msg->n_real_authority_rr));
- int32_t ret=dns_resource_record_decode(msg->payload, msg->payload_sz, &(msg->payload_offset), msg->authority_rr, msg->n_real_authority_rr);
+ const char *tag_value[]={ipproto, ((rr_resolver->type==DNS_MESSAGE_QUERY) ? "query" : "response"), "authority"};
+ dns_resource_record_buff_get0(rr_resolver->rr_capacity, rr_resolver->rr_capacity_sz, &(rr_resolver->rr_capacity_offset), &(rr_resolver->authority_rr), rr_resolver->n_authority_rr, &(rr_resolver->n_real_authority_rr));
+ int32_t ret=dns_resource_record_decode(payload, payload_sz, &(payload_offset), rr_resolver->authority_rr, rr_resolver->n_real_authority_rr);
if(ret==DNS_DECODER_FALSE)
{
- msg->authority_rr=NULL;
- msg->n_real_authority_rr=0;
- msg->decode_rr_status=DNS_RR_STATUS_FAILURE;
+ rr_resolver->authority_rr=NULL;
+ rr_resolver->n_real_authority_rr=0;
+ rr_resolver->decode_rr_status=DNS_RR_STATUS_FAILURE;
- dns_decoder_local_file_counter_incby(msg->plugin_env, LOCAL_STAT_COUNTER_ERROR, tag_key, tag_value, sizeof(tag_key)/sizeof(tag_key[0]), 1);
+ dns_decoder_local_file_counter_incby(rr_resolver->plugin_env, LOCAL_STAT_COUNTER_ERROR, tag_key, tag_value, sizeof(tag_key)/sizeof(tag_key[0]), 1);
return DNS_DECODER_FALSE;
}
- dns_decoder_local_file_counter_incby(msg->plugin_env, LOCAL_STAT_COUNTER_OK, tag_key, tag_value, sizeof(tag_key)/sizeof(tag_key[0]), 1);
+ dns_decoder_local_file_counter_incby(rr_resolver->plugin_env, LOCAL_STAT_COUNTER_OK, tag_key, tag_value, sizeof(tag_key)/sizeof(tag_key[0]), 1);
}
- if(msg->n_additional_rr>0)
+ if(rr_resolver->n_additional_rr>0)
{
const char *tag_key[]={TAG_KEY_IPPROTO, TAG_KEY_DNS_QR, TAG_KEY_DNS_SECTION};
- const char *tag_value[]={ipproto, ((msg->type==DNS_MESSAGE_QUERY) ? "query" : "response"), "additional"};
- dns_resource_record_buff_get0(msg->rr_capacity, msg->rr_capacity_sz, &(msg->rr_capacity_offset), &(msg->additional_rr), msg->n_additional_rr, &(msg->n_real_additional_rr));
- int32_t ret=dns_resource_record_decode(msg->payload, msg->payload_sz, &(msg->payload_offset), msg->additional_rr, msg->n_real_additional_rr);
+ const char *tag_value[]={ipproto, ((rr_resolver->type==DNS_MESSAGE_QUERY) ? "query" : "response"), "additional"};
+ dns_resource_record_buff_get0(rr_resolver->rr_capacity, rr_resolver->rr_capacity_sz, &(rr_resolver->rr_capacity_offset), &(rr_resolver->additional_rr), rr_resolver->n_additional_rr, &(rr_resolver->n_real_additional_rr));
+ int32_t ret=dns_resource_record_decode(payload, payload_sz, &(payload_offset), rr_resolver->additional_rr, rr_resolver->n_real_additional_rr);
if(ret==DNS_DECODER_FALSE)
{
- msg->additional_rr=NULL;
- msg->n_real_additional_rr=0;
- msg->decode_rr_status=DNS_RR_STATUS_FAILURE;
- dns_decoder_local_file_counter_incby(msg->plugin_env, LOCAL_STAT_COUNTER_ERROR, tag_key, tag_value, (sizeof(tag_key)/sizeof(tag_key[0])), 1);
+ rr_resolver->additional_rr=NULL;
+ rr_resolver->n_real_additional_rr=0;
+ rr_resolver->decode_rr_status=DNS_RR_STATUS_FAILURE;
+ dns_decoder_local_file_counter_incby(rr_resolver->plugin_env, LOCAL_STAT_COUNTER_ERROR, tag_key, tag_value, (sizeof(tag_key)/sizeof(tag_key[0])), 1);
return DNS_DECODER_FALSE;
}
- dns_decoder_local_file_counter_incby(msg->plugin_env, LOCAL_STAT_COUNTER_OK, tag_key, tag_value, (sizeof(tag_key)/sizeof(tag_key[0])), 1);
+ dns_decoder_local_file_counter_incby(rr_resolver->plugin_env, LOCAL_STAT_COUNTER_OK, tag_key, tag_value, (sizeof(tag_key)/sizeof(tag_key[0])), 1);
}
- msg->decode_rr_status=DNS_RR_STATUS_SUCCESS;
+ rr_resolver->decode_rr_status=DNS_RR_STATUS_SUCCESS;
return DNS_DECODER_TRUE;
-}
-
-void dns_message_answer_resource_record_get0(struct dns_message *msg, struct dns_resource_record **answer_rr, uint16_t *n_answer_rr)
-{
- int32_t ret=dns_message_resource_record_serialize(msg);
- (*answer_rr)=((ret==DNS_DECODER_TRUE) ? msg->answer_rr : NULL);
- (*n_answer_rr)=((ret==DNS_DECODER_TRUE) ? msg->n_real_answer_rr : 0);
-}
-
-void dns_message_authority_resource_record_get0(struct dns_message *msg, struct dns_resource_record **authority_rr, uint16_t *n_authority_rr)
-{
- int32_t ret=dns_message_resource_record_serialize(msg);
- (*authority_rr)=((ret==DNS_DECODER_TRUE) ? msg->authority_rr : NULL);
- (*n_authority_rr)=((ret==DNS_DECODER_TRUE) ? msg->n_real_authority_rr : 0);
-}
-
-void dns_message_additional_resource_record_get0(struct dns_message *msg, struct dns_resource_record **additional_rr, uint16_t *n_additional_rr)
-{
- int32_t ret=dns_message_resource_record_serialize(msg);
- (*additional_rr)=((ret==DNS_DECODER_TRUE) ? msg->additional_rr : NULL);
- (*n_additional_rr)=((ret==DNS_DECODER_TRUE) ? msg->n_real_additional_rr : 0);
-}
+} \ No newline at end of file
diff --git a/decoders/dns/dns_resource_record.h b/decoders/dns/dns_resource_record.h
index 0a7d0cd..31d1644 100644
--- a/decoders/dns/dns_resource_record.h
+++ b/decoders/dns/dns_resource_record.h
@@ -1,10 +1,12 @@
#pragma once
#include <stdint.h>
-#include <linux/limits.h>
#include <stddef.h>
#include <sys/uio.h>
+#define DNS_DECODER_FALSE 0
+#define DNS_DECODER_TRUE 1
+
#define IPV6_LEN 16
#define IPV4_LEN 4
#define IPV6_STR_LEN 40
@@ -186,7 +188,24 @@ struct dns_resource_record
} rdata;
};
-int32_t dns_message_contains_resource_record(struct dns_message *msg);
-void dns_message_answer_resource_record_get0(struct dns_message *msg, struct dns_resource_record **answer_rr, uint16_t *n_answer_rr);
-void dns_message_authority_resource_record_get0(struct dns_message *msg, struct dns_resource_record **authority_rr, uint16_t *n_authority_rr);
-void dns_message_additional_resource_record_get0(struct dns_message *msg, struct dns_resource_record **additional_rr, uint16_t *n_additional_rr); \ No newline at end of file
+struct dns_resource_record_resolver
+{
+ uint8_t decode_rr_status;
+ uint16_t n_answer_rr;
+ uint16_t n_authority_rr;
+ uint16_t n_additional_rr;
+ uint16_t n_real_answer_rr;
+ uint16_t n_real_authority_rr;
+ uint16_t n_real_additional_rr;
+ struct dns_resource_record *answer_rr;
+ struct dns_resource_record *authority_rr;
+ struct dns_resource_record *additional_rr;
+ int32_t rr_capacity_offset;
+ int32_t rr_capacity_sz;
+ struct dns_resource_record *rr_capacity;
+ struct session *sess;
+ struct dns_decoder_plugin_env *plugin_env;
+ enum dns_message_type type;
+};
+
+int32_t dns_message_resource_record_serialize(struct dns_resource_record_resolver *rr_resolver, char *rr_payload, size_t rr_payload_sz, size_t rr_payload_offset); \ No newline at end of file
diff --git a/decoders/dns/dns_resource_record_exporter.c b/decoders/dns/dns_resource_record_exporter.c
index 304c769..1bc74b8 100644
--- a/decoders/dns/dns_resource_record_exporter.c
+++ b/decoders/dns/dns_resource_record_exporter.c
@@ -232,21 +232,15 @@ yyjson_mut_val *dns_resource_record_json_create(yyjson_mut_doc *doc, struct dns_
return dns_rr_array;
}
-const char *dns_message_resource_record_json_exporter(struct dns_message *msg)
+const char *dns_decoder_resource_record_json_exporter(struct dns_resource_record_resolver *rr_resolver, char *rr_payload, size_t rr_payload_sz, size_t rr_payload_offset)
{
- uint16_t n_answer_rr=0;
- struct dns_resource_record *answer_rr=NULL;
- dns_message_answer_resource_record_get0(msg, &answer_rr, &n_answer_rr);
+ int32_t ret=dns_message_resource_record_serialize(rr_resolver, rr_payload, rr_payload_sz, rr_payload_offset);
+ if(ret!=DNS_DECODER_TRUE)
+ {
+ return NULL;
+ }
- uint16_t n_authority_rr=0;
- struct dns_resource_record *authority_rr=NULL;
- dns_message_authority_resource_record_get0(msg, &authority_rr, &n_authority_rr);
-
- uint16_t n_additional_rr=0;
- struct dns_resource_record *additional_rr=NULL;
- dns_message_additional_resource_record_get0(msg, &additional_rr, &n_additional_rr);
-
- if(n_answer_rr==0 && n_authority_rr==0 && n_additional_rr==0)
+ if(rr_resolver->n_answer_rr==0 && rr_resolver->n_authority_rr==0 && rr_resolver->n_additional_rr==0)
{
return NULL;
}
@@ -254,19 +248,19 @@ const char *dns_message_resource_record_json_exporter(struct dns_message *msg)
yyjson_mut_doc *doc=yyjson_mut_doc_new(0);
yyjson_mut_val *rr_array=yyjson_mut_obj(doc);
- yyjson_mut_val *answer=dns_resource_record_json_create(doc, answer_rr, n_answer_rr);
+ yyjson_mut_val *answer=dns_resource_record_json_create(doc, rr_resolver->answer_rr, rr_resolver->n_answer_rr);
if(answer!=NULL)
{
yyjson_mut_obj_add_val(doc, rr_array, "answer", answer);
}
- yyjson_mut_val *authority=dns_resource_record_json_create(doc, authority_rr, n_authority_rr);
+ yyjson_mut_val *authority=dns_resource_record_json_create(doc, rr_resolver->authority_rr, rr_resolver->n_authority_rr);
if(authority!=NULL)
{
yyjson_mut_obj_add_val(doc, rr_array, "authority", authority);
}
- yyjson_mut_val *additional=dns_resource_record_json_create(doc, additional_rr, n_additional_rr);
+ yyjson_mut_val *additional=dns_resource_record_json_create(doc, rr_resolver->additional_rr, rr_resolver->n_additional_rr);
if(additional!=NULL)
{
yyjson_mut_obj_add_val(doc, rr_array, "additional", additional);
@@ -300,28 +294,25 @@ int dns_resource_record_is_dnssec(struct dns_resource_record *rr_array, uint16_t
return 0;
}
-int dns_message_resource_record_is_dnssec(struct dns_message *msg)
+int dns_decoder_resource_record_is_dnssec(struct dns_resource_record_resolver *rr_resolver, char *rr_payload, size_t rr_payload_sz, size_t rr_payload_offset)
{
- uint16_t n_answer_rr=0;
- struct dns_resource_record *answer_rr=NULL;
- dns_message_answer_resource_record_get0(msg, &answer_rr, &n_answer_rr);
- if(dns_resource_record_is_dnssec(answer_rr, n_answer_rr)==1)
+ int32_t ret=dns_message_resource_record_serialize(rr_resolver, rr_payload, rr_payload_sz, rr_payload_offset);
+ if(ret!=DNS_DECODER_TRUE)
+ {
+ return 0;
+ }
+
+ if(dns_resource_record_is_dnssec(rr_resolver->answer_rr, rr_resolver->n_answer_rr)==1)
{
return 1;
}
- uint16_t n_authority_rr=0;
- struct dns_resource_record *authority_rr=NULL;
- dns_message_authority_resource_record_get0(msg, &authority_rr, &n_authority_rr);
- if(dns_resource_record_is_dnssec(authority_rr, n_authority_rr)==1)
+ if(dns_resource_record_is_dnssec(rr_resolver->authority_rr, rr_resolver->n_authority_rr)==1)
{
return 1;
}
- uint16_t n_additional_rr=0;
- struct dns_resource_record *additional_rr=NULL;
- dns_message_additional_resource_record_get0(msg, &additional_rr, &n_additional_rr);
- if(dns_resource_record_is_dnssec(additional_rr, n_additional_rr)==1)
+ if(dns_resource_record_is_dnssec(rr_resolver->additional_rr, rr_resolver->n_additional_rr)==1)
{
return 1;
}
@@ -347,20 +338,15 @@ void dns_resource_record_cname_get(yyjson_mut_doc *doc, yyjson_mut_val *cname_ar
}
}
-const char *dns_message_resource_record_cname_json_exporter(struct dns_message *msg)
+const char *dns_decoder_resource_record_cname_json_exporter(struct dns_resource_record_resolver *rr_resolver, char *rr_payload, size_t rr_payload_sz, size_t rr_payload_offset)
{
- uint16_t n_answer_rr=0;
- struct dns_resource_record *answer_rr=NULL;
- dns_message_answer_resource_record_get0(msg, &answer_rr, &n_answer_rr);
+ int32_t ret=dns_message_resource_record_serialize(rr_resolver, rr_payload, rr_payload_sz, rr_payload_offset);
+ if(ret!=DNS_DECODER_TRUE)
+ {
+ return NULL;
+ }
- uint16_t n_authority_rr=0;
- struct dns_resource_record *authority_rr=NULL;
- dns_message_authority_resource_record_get0(msg, &authority_rr, &n_authority_rr);
-
- uint16_t n_additional_rr=0;
- struct dns_resource_record *additional_rr=NULL;
- dns_message_additional_resource_record_get0(msg, &additional_rr, &n_additional_rr);
- if(n_answer_rr==0 && n_authority_rr==0 && n_additional_rr==0)
+ if(rr_resolver->n_answer_rr==0 && rr_resolver->n_authority_rr==0 && rr_resolver->n_additional_rr==0)
{
return NULL;
}
@@ -368,9 +354,9 @@ const char *dns_message_resource_record_cname_json_exporter(struct dns_message *
yyjson_mut_doc *doc=yyjson_mut_doc_new(0);
yyjson_mut_val *cname_array=yyjson_mut_arr(doc);
yyjson_mut_doc_set_root(doc, cname_array);
- dns_resource_record_cname_get(doc, cname_array, answer_rr, n_answer_rr);
- dns_resource_record_cname_get(doc, cname_array, authority_rr, n_authority_rr);
- dns_resource_record_cname_get(doc, cname_array, additional_rr, n_additional_rr);
+ dns_resource_record_cname_get(doc, cname_array, rr_resolver->answer_rr, rr_resolver->n_answer_rr);
+ dns_resource_record_cname_get(doc, cname_array, rr_resolver->authority_rr, rr_resolver->n_authority_rr);
+ dns_resource_record_cname_get(doc, cname_array, rr_resolver->additional_rr, rr_resolver->n_additional_rr);
yyjson_mut_doc_set_root(doc, cname_array);
const char *json_str=yyjson_mut_write(doc, 0, 0);
diff --git a/decoders/dns/version.map b/decoders/dns/version.map
index 220a1a9..b32ea5c 100644
--- a/decoders/dns/version.map
+++ b/decoders/dns/version.map
@@ -3,24 +3,9 @@ global:
extern "C" {
*dns_decoder_load*;
*dns_decoder_unload*;
- *dns_message_type_get*;
- *dns_message_header_id_get*;
- *dns_message_header_flag_get0*;
- *dns_message_header_qdcount_get*;
- *dns_message_header_ancount_get*;
- *dns_message_header_aucount_get*;
- *dns_message_header_adcount_get*;
- *dns_message_query_question_get0*;
- *dns_query_question_qname_get0*;
- *dns_query_question_qtype_get0*;
- *dns_query_question_qclass_get0*;
- *dns_message_answer_resource_record_get0*;
- *dns_message_authority_resource_record_get0*;
- *dns_message_additional_resource_record_get0*;
- *dns_message_resource_record_json_exporter*;
- *dns_message_uuid_get0*;
- *dns_message_resource_record_is_dnssec*;
- *dns_message_resource_record_cname_json_exporter*;
+ *dns_decoder_resource_record_json_exporter*;
+ *dns_decoder_resource_record_is_dnssec*;
+ *dns_decoder_resource_record_cname_json_exporter*;
*GIT*;
};
local: *;
generated by cgit v1.2.3 (git 2.39.1) at 2025-12-30 19:09:49 +0000