dns: update

Author: wtfbbqhax

include/packet/dns.h

@@ -1,7 +1,12 @@
 #ifndef LIBPACKET_DECODE_DNS_H
 #define LIBPACKET_DECODE_DNS_H
 
+// See RFC 1035,
+// https://datatracker.ietf.org/doc/html/rfc1035
+
+#include <string>
 #include <cstdint>
+
 struct dns_stats {
     uint64_t dns_tooshort;
     uint64_t dns_too_many_queries; // > 256 DNS Questions
@@ -20,13 +25,8 @@ struct dns_header {
     uint16_t arcount;
 } __attribute__((packed));
 
-struct dns_label {
-    uint8_t *p;
-    uint8_t len;
-};
-
 struct dns_query {
-    //struct dns_label labels[32];
+    std::string label;
     // Store QTYPE and QCLASS (assuming a structure in Packet to store this information)
     uint16_t dns_qtype;
     uint16_t dns_qclass;
@@ -36,8 +36,7 @@ struct dns_answer {
     uint16_t dns_atype;
     uint16_t dns_aclass;
     uint16_t dns_ttl;
-    uint16_t dns_rdlength;
-    uint16_t dns_rdata;
+    std::string data;
 };
 
 struct dns {
@@ -46,6 +45,25 @@ struct dns {
     struct dns_answer answers[256];
 };
 
+enum dns_types {
+    TYPE_A, // 1
+    TYPE_NS, // 2
+    TYPE_MD, // 3
+    TYPE_MF, // 4
+    TYPE_CNAME, // 5
+    TYPE_SOA, // 6
+    TYPE_MB, // 7
+    TYPE_MG, // 8
+    TYPE_MR, // 9
+    TYPE_NULL, // 10
+    TYPE_WKS, // 11
+    TYPE_PTR, // 12
+    TYPE_HINFO, // 13
+    TYPE_MINFO, // 14
+    TYPE_MX, // 15
+    TYPE_TXT // 16
+};
+
 int decode_dns(uint8_t const *pkt, uint32_t const len, dns* dns);
 
 #endif /* LIBPACKET_DECODE_DNS_H */

src/dns.cc

@@ -1,5 +1,5 @@
-// 
-// libpacket/src/dns.c: DNS protocol decoder 
+//
+// libpacket/src/dns.c: DNS protocol decoder
 // Victor Roemer (wtfbbqhax), <[email protected]>.
 //
 #include <assert.h>
@@ -10,6 +10,9 @@
 
 #include <arpa/inet.h>
 
+#include <iostream>
+#include <string>
+
 #include "packet_private.h"
 #include "packet/dns.h"
 
@@ -27,7 +30,7 @@ decode_dns(uint8_t const * pkt, uint32_t const len, dns* dns)
     }
 
     struct dns_header const* raw =
-	    (struct dns_header const*)pkt;
+            (struct dns_header const*)pkt;
 
     dns->h.id = ntohs(raw->id);
     dns->h.flags = ntohs(raw->flags);
@@ -48,8 +51,8 @@ decode_dns(uint8_t const * pkt, uint32_t const len, dns* dns)
     // Parsing Question Section
     for (int i = 0; i < dns->h.qdcount; i++)
     {
-        struct dns_query *q = &dns->questions[i];
-        
+        struct dns_query* q = &dns->questions[i];
+
         // Parse QNAME
         while (remaining_len > 0 && *ptr != 0)
         {
@@ -63,10 +66,13 @@ decode_dns(uint8_t const * pkt, uint32_t const len, dns* dns)
                 return -1;
             }
 
+            q->label.append(reinterpret_cast<char const*>(ptr), label_len);
+            q->label.append(".");
+
             ptr += label_len;
             remaining_len -= label_len;
         }
-        
+
         // Null byte at the end of QNAME
         if (remaining_len == 0)
         {
@@ -152,8 +158,35 @@ decode_dns(uint8_t const * pkt, uint32_t const len, dns* dns)
         a->dns_atype = atype;
         a->dns_aclass = aclass;
         a->dns_ttl = ttl;
-        a->dns_rdlength = rdlength;
-        a->dns_rdata = *((uint16_t*)rdata);
+
+        // Parse rdata
+        while (rdata < ptr)
+        {
+            uint16_t us = *reinterpret_cast<uint16_t const*>(rdata);
+            if (us == name)
+            {
+                rdata += 2;
+                rdlength -= 2;
+                continue;
+            }
+
+            uint8_t len = 0;
+            if (rdlength >= 1)
+            {
+                len = *rdata;
+                rdata += 1;
+            }
+            // abort if len == 0 && rdatalength > 0 // ANOMALY?
+
+            len = rdlength > len ? len : rdlength;
+
+            if (len)
+            {
+                a->data.append(reinterpret_cast<char const*>(rdata), len);
+                a->data.append(".");
+            }
+            rdata += len;
+        }
     }
 
     return 0;