Ejemplo n.º 1
0
int dns_tcp_parser(MolochSession_t *session, void *uw, const unsigned char *data, int len, int which)
{
    DNSInfo_t *info = uw;
    while (len >= 2) {

        // First packet of request
        if (info->len[which] == 0) {
            int dnslength = ((data[0]&0xff) << 8) | (data[1] & 0xff);

            if (dnslength < 18) {
                moloch_parsers_unregister(session, uw);
                return 0;
            }

            if (info->size[which] == 0) {
                info->size[which] = MAX(1024,dnslength);
                info->data[which] = malloc(info->size[which]);
            } else if (info->size[which] < dnslength) {
                free(info->data[which]);
                info->data[which] = malloc(dnslength);
                info->size[which] = dnslength;
            }

            // Have all the data in this first packet, just parse it
            if (dnslength <= len-2) {
                dns_parser(session, data+2, dnslength);
                data += 2 + dnslength;
                len -= 2 + dnslength;
            } else {
                memcpy(info->data[which], data+2, len-2);
                info->len[which] = dnslength;
                info->pos[which] = len-2;
                return 0;
            }
        } else {
            int rem = info->len[which] - info->pos[which];
            if (rem <= len) {
                memcpy(info->data[which] + info->pos[which], data, rem);
                len -= rem;
                data += rem;
                dns_parser(session, info->data[which], info->len[which]);
                info->len[which] = 0;
            } else {
                memcpy(info->data[which] + info->pos[which], data, len);
                info->pos[which] += len;
                return 0;
            }
        }
    }
    return 0;
}
Ejemplo n.º 2
0
int dns_tcp_parser(MolochSession_t *session, void *UNUSED(uw), const unsigned char *data, int len, int which) 
{
    if (which == 1) {
        int l = ((data[0]&0xff) << 8) | (data[1] & 0xff);
        dns_parser(session, data+2, MIN(l, len)-2);
    }
    return 0;
}
Ejemplo n.º 3
0
void parse_udp(packetinfo *pi)
{
    if (pi->plen <= 0) return;

    /* Reliable traffic comes from the servers (normally on port 53 or 5353)
     * and the client has sent at least one packet on that
     * connecton (Maybe asking for an aswer :) */
    dlog("[D] Parsing UDP packet...\n");
    dns_parser(pi);
}
Ejemplo n.º 4
0
void parse_udp (packetinfo *pi)
{
    if (pi->plen <= 0) return;

    /* Reliable traffic comes from the servers (normally on port 53 or 5353)
     * and the client has sent at least one package on that
     * connecton (Maybe asking for an aswer :) */
    //if ( pi->sc == SC_SERVER && pi->cxt->s_total_pkts > 0 ) {
        dlog("[D] Parsing UDP packet...\n");
        dns_parser(pi);
    //}
    return;
}
Ejemplo n.º 5
0
void dns_udp_classify(MolochSession_t *session, const unsigned char *UNUSED(data), int UNUSED(len), int UNUSED(which))
{
    if (session->port1 == 53 || session->port2 == 53)
        dns_parser(session, data, len);
}
Ejemplo n.º 6
0
int dns_udp_parser(MolochSession_t *session, void *UNUSED(uw), const unsigned char *data, int len, int UNUSED(which))
{
    dns_parser(session, data, len);
    return 0;
}