void HTTPBL::queryHTTPBL(char* numeric_ip) { char dns_query_str[256] = { 0 }, query_resp[256], alert_msg[512], *iface; int rc; /* Format numeric_ip@interface_name */ iface = strchr(numeric_ip, '@'); if(iface) { iface[0] = '\0'; iface = &iface[1]; } else iface = (char*)""; if(prepare_dns_query_string(api_key, numeric_ip, dns_query_str, sizeof(dns_query_str)) < 0) { ntop->getTrace()->traceEvent(TRACE_ERROR, "HTTP:BL resolution: invalid query with [%s]", numeric_ip); num_httpblized_fails++; return; } rc = dns_query_execute(dns_query_str, query_resp, sizeof(query_resp)); switch (rc) { case 0: // failure while querying the dns, just return ntop->getTrace()->traceEvent(TRACE_INFO, "HTTP:BL resolution: unable to query the DNS for [%s][%s]", dns_query_str, query_resp); num_httpblized_fails++; return; case 1: // the host is not blacklisted snprintf(query_resp, sizeof(query_resp), "%s", NULL_BL); break; case 2: // the host is blacklisted: get the response /* https://www.projecthoneypot.org/httpbl_api.php */ /* We need to figure out the current list of peers speaking with this host */ snprintf(alert_msg, sizeof(alert_msg), "Host <A HREF='/lua/host_details.lua?host=%s&ifname=%s'>%s</A> blacklisted on HTTP:BL [code=%s]", numeric_ip, iface, numeric_ip, query_resp); ntop->getRedis()->queueAlert(alert_level_warning, alert_dangerous_host, alert_msg); break; } num_httpblized_categorizations++; /* ntop->getTrace()->traceEvent(TRACE_ERROR, "HTTPBL resolution stats [%u categorized][%u failures][%s][%s][%s]", num_httpblized_categorizations, num_httpblized_fails, numeric_ip, dns_query_str, query_resp); */ // Always set the response, even if not in blacklist, to avoid // consulting the blacklist again ntop->getRedis()->setHTTPBLAddress(numeric_ip, query_resp); }
static int dns_execute(struct dns_q *query, struct dns_result *out_result) { int ret; union dns_msg msg_in, msg_out; size_t msg_in_sz = 0; size_t msg_out_sz; ret = dns_query_format(query, &msg_out, &msg_out_sz); if (ret != 0) { return ret; } ret = dns_query_execute(&msg_out, msg_out_sz, &msg_in, &msg_in_sz); if (ret != 0) { return ret; } ret = dns_result_parse(&msg_in, msg_in_sz, out_result); if (ret != 0) { return ret; } return 0; }