int dns_tcp_parser(MolochSession_t *session, void *uw, const unsigned char *data, int len, int which)
{
DNSInfo_t *info = uw;
while (len >= 2) {
// First packet of request
if (info->len[which] == 0) {
int dnslength = ((data[0]&0xff) << 8) | (data[1] & 0xff);
if (dnslength < 18) {
moloch_parsers_unregister(session, uw);
return 0;
}
if (info->size[which] == 0) {
info->size[which] = MAX(1024,dnslength);
info->data[which] = malloc(info->size[which]);
} else if (info->size[which] < dnslength) {
free(info->data[which]);
info->data[which] = malloc(dnslength);
info->size[which] = dnslength;
}
// Have all the data in this first packet, just parse it
if (dnslength <= len-2) {
dns_parser(session, data+2, dnslength);
data += 2 + dnslength;
len -= 2 + dnslength;
} else {
memcpy(info->data[which], data+2, len-2);
info->len[which] = dnslength;
info->pos[which] = len-2;
return 0;
}
} else {
int rem = info->len[which] - info->pos[which];
if (rem <= len) {
memcpy(info->data[which] + info->pos[which], data, rem);
len -= rem;
data += rem;
dns_parser(session, info->data[which], info->len[which]);
info->len[which] = 0;
} else {
memcpy(info->data[which] + info->pos[which], data, len);
info->pos[which] += len;
return 0;
}
}
}
return 0;
}
int dns_tcp_parser(MolochSession_t *session, void *UNUSED(uw), const unsigned char *data, int len, int which)
{
if (which == 1) {
int l = ((data[0]&0xff) << 8) | (data[1] & 0xff);
dns_parser(session, data+2, MIN(l, len)-2);
}
return 0;
}
void parse_udp(packetinfo *pi)
{
if (pi->plen <= 0) return;
/* Reliable traffic comes from the servers (normally on port 53 or 5353)
* and the client has sent at least one packet on that
* connecton (Maybe asking for an aswer :) */
dlog("[D] Parsing UDP packet...\n");
dns_parser(pi);
}
void parse_udp (packetinfo *pi)
{
if (pi->plen <= 0) return;
/* Reliable traffic comes from the servers (normally on port 53 or 5353)
* and the client has sent at least one package on that
* connecton (Maybe asking for an aswer :) */
//if ( pi->sc == SC_SERVER && pi->cxt->s_total_pkts > 0 ) {
dlog("[D] Parsing UDP packet...\n");
dns_parser(pi);
//}
return;
}
void dns_udp_classify(MolochSession_t *session, const unsigned char *UNUSED(data), int UNUSED(len), int UNUSED(which))
{
if (session->port1 == 53 || session->port2 == 53)
dns_parser(session, data, len);
}
int dns_udp_parser(MolochSession_t *session, void *UNUSED(uw), const unsigned char *data, int len, int UNUSED(which))
{
dns_parser(session, data, len);
return 0;
}