热门标签
热门文章
- 1Python实战开发及案例分析(8)—— 聚类算法_python实战多个变量进行聚类分析
- 2python读取文件夹下所有文件并进行内容提取_文件夹名称爬虫 txt
- 3Web安全—Web框架组成和各部分作用(持续更新)_web系统安全架构
- 4VSCode 配置python虚拟环境(激活环境细节)_vscode python conda虚拟环境(1)_vscode设置conda虚拟环境
- 5如何修改文件的 “创建时间” 和 “修改时间” (macOS, Linux, Windows)_修改文件的创建日期和修改日期
- 6C语言入门(什么是C语言,C语言的编程机制以及一些基础计算机概念)_主流高级语言的翻译机制。c语言
- 7【Hadoop】四、Hadoop生态综合案例 ——陌陌聊天数据分析_hadoop陌陌聊天
- 8pycharm到期激活--mac(附踩坑攻略)_pycharm试用30天过了怎么弄
- 9用Spark实现的词频统计_使用spark完成词频分析
- 10Oracle数据库存储过程---在存储过程中返回结果集
当前位置: article > 正文
C/C++ 提取DNS请求/响应数据包之中的 Quesion 内容
作者:酷酷是懒虫 | 2024-06-27 16:35:13
赞
踩
C/C++ 提取DNS请求/响应数据包之中的 Quesion 内容
它主要是提取DNS数据包之中查询问题的信息,如:问题类型、问题类别、问题内容(域/IP),我们如果想要对于某个DNS数据包需要进行遥测的时,或者进行NS缓存生命周期管理,那么就需要类似这样的函数实现了。
例子:
- uint16_t queries_type = 0;
- uint16_t queries_clazz = 0;
- ppp::string domain = ppp::net::native::dns::ExtractHostY((Byte*)packet, packet_length,
- [&queries_type, &queries_clazz](ppp::net::native::dns::dns_hdr* h, ppp::string& domain, uint16_t type, uint16_t clazz) noexcept -> bool {
- queries_type = type;
- queries_clazz = clazz;
- return true;
- });
源声明:
- #pragma pack(push, 1)
- struct dns_hdr {
- uint16_t usTransID; // 标识符
- uint16_t usFlags; // 各种标志位
- uint16_t usQuestionCount; // Question字段个数
- uint16_t usAnswerCount; // Answer字段个数
- uint16_t usAuthorityCount; // Authority字段个数
- uint16_t usAdditionalCount; // Additional字段个数
- };
- #pragma pack(pop)
-
- static constexpr int MAX_DOMAINNAME_LEN = 255; /* MAX: 253 +. ≈ 254 BYTE or 254 CHAR+. ≈ 255 BYTE */
- static constexpr int DNS_PORT = PPP_DNS_SYS_PORT;
- static constexpr int DNS_TYPE_SIZE = 2;
- static constexpr int DNS_CLASS_SIZE = 2;
- static constexpr int DNS_TTL_SIZE = 4;
- static constexpr int DNS_DATALEN_SIZE = 2;
- static constexpr int DNS_TYPE_A = 0x0001; //1 a host address
- static constexpr int DNS_TYPE_AAAA = 0x001c; //1 a host address
- static constexpr int DNS_TYPE_CNAME = 0x0005; //5 the canonical name for an alias
- static constexpr int DNS_CLASS_IN = 0x0001;
- static constexpr int DNS_PACKET_MAX_SIZE = (sizeof(struct dns_hdr) + MAX_DOMAINNAME_LEN + DNS_TYPE_SIZE + DNS_CLASS_SIZE);
-
- ppp::string ExtractHost(
- const Byte* szPacketStartPos,
- int nPacketLength) noexcept;
-
- ppp::string ExtractHostX(
- const Byte* szPacketStartPos,
- int nPacketLength,
- const ppp::function<bool(dns_hdr*)>& fPredicateB) noexcept;
-
- ppp::string ExtractHostY(
- const Byte* szPacketStartPos,
- int nPacketLength,
- const ppp::function<bool(dns_hdr*, ppp::string&, uint16_t, uint16_t)>& fPredicateE) noexcept;
-
- ppp::string ExtractHostZ(
- const Byte* szPacketStartPos,
- int nPacketLength,
- const ppp::function<bool(dns_hdr*)>& fPredicateB,
- const ppp::function<bool(dns_hdr*, ppp::string&, uint16_t, uint16_t)>& fPredicateE) noexcept;
源实现:
- static bool ExtractName(char* szEncodedStr, uint16_t* pusEncodedStrLen, char* szDotStr, uint16_t nDotStrSize, char* szPacketStartPos, char* szPacketEndPos, char** ppDecodePos) noexcept
- {
- if (NULL == szEncodedStr || NULL == pusEncodedStrLen || NULL == szDotStr || szEncodedStr >= szPacketEndPos)
- {
- return false;
- }
-
- char*& pDecodePos = *ppDecodePos;
- pDecodePos = szEncodedStr;
-
- uint16_t usPlainStrLen = 0;
- uint8_t nLabelDataLen = 0;
- *pusEncodedStrLen = 0;
-
- while ((nLabelDataLen = *pDecodePos) != 0x00)
- {
- // Normal Format,LabelDataLen + Label
- if ((nLabelDataLen & 0xc0) == 0)
- {
- if ((usPlainStrLen + nLabelDataLen + 1) > nDotStrSize || (pDecodePos + nLabelDataLen + 1) >= szPacketEndPos)
- {
- return false;
- }
-
- memcpy(szDotStr + usPlainStrLen, pDecodePos + 1, nLabelDataLen);
- memcpy(szDotStr + usPlainStrLen + nLabelDataLen, ".", 1);
-
- pDecodePos += (nLabelDataLen + 1);
- usPlainStrLen += (nLabelDataLen + 1);
- *pusEncodedStrLen += (nLabelDataLen + 1);
- }
- else
- {
- // Message compression format is 11000000 00000000, consisting of two bytes.
- // The first two bits are the jump flag, and the last 14 bits are the offset of the jump。
- if (NULL == szPacketStartPos)
- {
- return false;
- }
-
- uint16_t usJumpPos = ntohs(*(uint16_t*)(pDecodePos)) & 0x3fff;
- uint16_t nEncodeStrLen = 0;
- if (!ExtractName(szPacketStartPos + usJumpPos, &nEncodeStrLen, szDotStr + usPlainStrLen, nDotStrSize - usPlainStrLen, szPacketStartPos, szPacketEndPos, ppDecodePos))
- {
- return false;
- }
- else
- {
- *pusEncodedStrLen += 2;
- return true;
- }
- }
- }
-
- ++pDecodePos;
- szDotStr[usPlainStrLen - 1] = '\0';
- *pusEncodedStrLen += 1;
- return true;
- }
-
- static bool ExtractHost_DefaultPredicateB(dns_hdr* h) noexcept
- {
- uint16_t usFlags = htons(h->usFlags) & htons(DNS_TYPE_A);
- return usFlags != 0;
- }
-
- ppp::string ExtractHost(const Byte* szPacketStartPos, int nPacketLength) noexcept
- {
- ppp::function<bool(dns_hdr*)> predicate = ExtractHost_DefaultPredicateB;
- return ExtractHostX(szPacketStartPos, nPacketLength, predicate);
- }
-
- ppp::string ExtractHostX(const Byte* szPacketStartPos, int nPacketLength, const ppp::function<bool(dns_hdr*)>& fPredicateB) noexcept
- {
- ppp::function<bool(dns_hdr*, ppp::string&, uint16_t, uint16_t)> fPredicateE =
- [](dns_hdr* h, ppp::string& domain, uint16_t type, uint16_t clazz) noexcept -> bool
- {
- return true;
- };
- return ExtractHostZ(szPacketStartPos, nPacketLength, fPredicateB, fPredicateE);
- }
-
- ppp::string ExtractHostY(const Byte* szPacketStartPos, int nPacketLength, const ppp::function<bool(dns_hdr*, ppp::string&, uint16_t, uint16_t)>& fPredicateE) noexcept
- {
- ppp::function<bool(dns_hdr*)> fPredicateB = ExtractHost_DefaultPredicateB;
- return ExtractHostZ(szPacketStartPos, nPacketLength, fPredicateB, fPredicateE);
- }
-
- ppp::string ExtractHostZ(const Byte* szPacketStartPos,
- int nPacketLength,
- const ppp::function<bool(dns_hdr*)>& fPredicateB,
- const ppp::function<bool(dns_hdr*, ppp::string&, uint16_t, uint16_t)>& fPredicateE) noexcept
- {
- static constexpr int MAX_DOMAINNAME_LEN_STR = MAX_DOMAINNAME_LEN + 1;
-
- if (NULL == fPredicateB || NULL == fPredicateE)
- {
- return ppp::string();
- }
-
- struct dns_hdr* pDNSHeader = (struct dns_hdr*)szPacketStartPos;
- if (NULL == pDNSHeader || nPacketLength < sizeof(pDNSHeader))
- {
- return ppp::string();
- }
-
- if (!fPredicateB(pDNSHeader))
- {
- return ppp::string();
- }
-
- int nQuestionCount = htons(pDNSHeader->usQuestionCount);
- if (nQuestionCount < 1)
- {
- return ppp::string();
- }
-
- std::shared_ptr<Byte> pioBuffers = make_shared_alloc<Byte>(MAX_DOMAINNAME_LEN_STR);
- if (NULL == pioBuffers)
- {
- return ppp::string();
- }
-
- uint16_t pusEncodedStrLen = 0;
- char* pDecodePos = NULL;
- char* szDomainDotStr = (char*)pioBuffers.get();
-
- if (!ExtractName((char*)(pDNSHeader + 1), &pusEncodedStrLen, szDomainDotStr,
- (uint16_t)MAX_DOMAINNAME_LEN_STR, (char*)szPacketStartPos, (char*)szPacketStartPos + nPacketLength, &pDecodePos))
- {
- return ppp::string();
- }
-
- while (pusEncodedStrLen > 0 && szDomainDotStr[pusEncodedStrLen - 1] == '\x0')
- {
- pusEncodedStrLen--;
- }
-
- if (pusEncodedStrLen == 0)
- {
- return ppp::string();
- }
-
- uint16_t* pusDecodePos = (uint16_t*)pDecodePos;
- uint16_t usQueriesType = ntohs(pusDecodePos[0]);
- uint16_t usQueriesClass = ntohs(pusDecodePos[1]);
-
- ppp::string strDomianStr(szDomainDotStr, pusEncodedStrLen);
- if (!fPredicateE(pDNSHeader, strDomianStr, usQueriesType, usQueriesClass))
- {
- return ppp::string();
- }
-
- return strDomianStr.data();
- }
声明:本文内容由网友自发贡献,不代表【wpsshop博客】立场,版权归原作者所有,本站不承担相应法律责任。如您发现有侵权的内容,请联系我们。转载请注明出处:https://www.wpsshop.cn/w/酷酷是懒虫/article/detail/763058
推荐阅读
相关标签
