void DNS::FromRaw(const RawLayer& raw_layer) {
/* Get size of the raw layer */
size_t data_size = raw_layer.GetSize();
/* Copy all the data */
byte* data = new byte[data_size];
raw_layer.GetData(data);
/* Create the header */
PutData(data);
/* Initialize the response parser */
ns_msg handle;
if (ns_initparse(data,data_size,&handle) < 0)
throw std::runtime_error("DNS::FromRaw() : Error initializing the parsing routines");
char* buff = new char[MAXDNAME];
/* First, parse the queries... Simple */
for(size_t i = 0 ; i < GetTotalQuestions() ; i++) {
/* RR data structure */
ns_rr rr;
/* Parse the data */
if (ns_parserr(&handle,ns_s_qd,i,&rr) < 0)
throw std::runtime_error("DNS::FromRaw() : Error Parsing the Queries");
/* Set the Query name */
string qname = string(ns_rr_name(rr));
/* Create a DNS Query and push it into the container */
DNSQuery dns_query(qname);
/* Set the class */
dns_query.SetClass(ns_rr_class(rr));
/* Set the type */
dns_query.SetType(ns_rr_type(rr));
Queries.push_back(dns_query);
}
delete [] buff;
SetContainerSection(Answers,ns_s_an,&handle);
SetContainerSection(Authority,ns_s_ns,&handle);
SetContainerSection(Additional,ns_s_ar,&handle);
delete [] data;
Craft();
}
/*
* Adapted from dhcpdump code
* http://dhcpdump.sourcearchive.com/documentation/1.8-2/dhcpdump_8c-source.html
*/
void DHCP::FromRaw(const RawLayer& raw_layer) {
/* Get size of the raw layer */
size_t data_size = raw_layer.GetSize();
/* Copy all the data */
byte* dhcp_data = new byte[data_size];
raw_layer.GetData(dhcp_data);
/* Create the header */
PutData(dhcp_data);
/* 236 bytes to reach the Magic Cookie*/
size_t magicookie_shift = 236;
/* Delete the Options */
std::vector<DHCPOptions*>::const_iterator it_opt;
for(it_opt = Options.begin() ; it_opt != Options.end() ; it_opt++)
delete (*it_opt);
Options.clear();
byte* data = dhcp_data + magicookie_shift + 4;
size_t j = 0 ;
vector<string> ip_addr;
int i = 0;
while (j < data_size && data[j] != 255) {
switch (data[j]) {
default:
Options.push_back(CreateDHCPOption(data[j],data + j + 2, data[j + 1]));
break;
case 0: // pad
break;
case 1: // Subnetmask
case 3: // Routers
case 16: // Swap server
case 28: // Broadcast address
case 32: // Router solicitation
case 50: // Requested IP address
case 54: // Server identifier
ip_addr.clear();
ip_addr.push_back(string(inet_ntoa( *((in_addr*)(data + j + 2)) )));
Options.push_back(CreateDHCPOption(data[j],ip_addr));
break;
case 12: // Hostname
case 14: // Merit dump file
case 15: // Domain name
case 17: // Root Path
case 18: // Extensions path
case 40: // NIS domain
case 56: // Message
case 62: // Netware/IP domain name
case 64: // NIS+ domain
case 66: // TFTP server name
case 67: // bootfile name
case 60: // Domain name
case 86: // NDS Tree name
case 87: // NDS context
Options.push_back(CreateDHCPOption(data[j], string((char *)&data[j + 2], data[j + 1])) );
break;
case 4: // Time servers
case 5: // Name servers
case 6: // DNS server
case 7: // Log server
case 8: // Cookie server
case 9: // LPR server
case 10: // Impress server
case 11: // Resource location server
case 41: // NIS servers
case 42: // NTP servers
case 44: // NetBIOS name server
case 45: // NetBIOS datagram distribution server
case 48: // X Window System font server
case 49: // X Window System display server
case 65: // NIS+ servers
case 68: // Mobile IP home agent
case 69: // SMTP server
case 70: // POP3 server
case 71: // NNTP server
case 72: // WWW server
case 73: // Finger server
case 74: // IRC server
case 75: // StreetTalk server
case 76: // StreetTalk directory assistance server
case 85: // NDS server
ip_addr.clear();
for (i = 0; i < data[j + 1] / 4; i++) {
ip_addr.push_back(string(inet_ntoa( *((in_addr*)(data + j + 2 + i * 4)) )));
}
Options.push_back(CreateDHCPOption(data[j],ip_addr));
break;
case 13: // bootfile size
case 22: // Maximum datagram reassembly size
case 26: // Interface MTU
case 57: // Maximum DHCP message size
Options.push_back(CreateDHCPOption(data[j], *((short_word *)(data + j + 2)), DHCPOptions::SHORT));
break;
case 19: // IP forwarding enabled/disable
case 20: // Non-local source routing
case 23: // Default IP TTL
case 27: // All subnets local
case 29: // Perform mask discovery
case 30: // Mask supplier
case 31: // Perform router discovery
case 34: // Trailer encapsulation
case 36: // Ethernet encapsulation
case 37: // TCP default TTL
case 39: // TCP keepalive garbage
case 46: // NetBIOS over TCP/IP node type
case 52: // Option overload
case 53: // DHCP message type
Options.push_back(CreateDHCPOption(data[j], *((byte *)(data + j + 2)), DHCPOptions::BYTE));
break;
case 2: // Time offset
case 24: // Path MTU aging timeout
case 35: // ARP cache timeout
case 38: // TCP keepalive interval
case 51: // IP address leasetime
case 58: // T1
case 59: // T2
Options.push_back(CreateDHCPOption(data[j], *((word *)(data + j + 2)), DHCPOptions::WORD));
break;
}
/*
* This might go wrong if a mallformed packet is received.
* Maybe from a bogus server which is instructed to reply
* with invalid data and thus causing an exploit.
* My head hurts... but I think it's solved by the checking
* for j<data_len at the begin of the while-loop.
*/
if (data[j]==0) // padding
j++;
else
j+=data[j + 1] + 2;
}
Craft();
}