2018-08-13 07:48:32 +00:00
|
|
|
package dns
|
|
|
|
|
|
|
|
import (
|
|
|
|
"bytes"
|
|
|
|
"encoding/binary"
|
|
|
|
|
2018-08-15 07:17:18 +00:00
|
|
|
osm "git.loafle.net/overflow/service_matcher-go"
|
2018-08-13 07:48:32 +00:00
|
|
|
)
|
|
|
|
|
|
|
|
type Dns_frame_header struct {
|
|
|
|
Transaction_id uint16
|
|
|
|
Flags uint16
|
|
|
|
Questions uint16
|
|
|
|
Answer_rrs uint16
|
|
|
|
Authority_rrs uint16
|
|
|
|
Additional_rrs uint16
|
|
|
|
}
|
|
|
|
|
|
|
|
type Dns_query_section struct {
|
|
|
|
Name uint8
|
|
|
|
Query_type uint16
|
|
|
|
Class_type uint16
|
|
|
|
}
|
|
|
|
|
|
|
|
type Dns_authority_section struct {
|
|
|
|
Name uint8
|
|
|
|
Auth_type uint16
|
|
|
|
Class_type uint16
|
|
|
|
Time_to_live uint32
|
|
|
|
Data_length uint16
|
|
|
|
Primary_name_server [20]uint8
|
|
|
|
Responsible_authority_mailbox [24]uint8
|
|
|
|
Serial_number uint32
|
|
|
|
Refresh_interval uint32
|
|
|
|
Retry_interval uint32
|
|
|
|
Expire_limit uint32
|
|
|
|
Minium_ttl uint32
|
|
|
|
}
|
|
|
|
|
|
|
|
type DNSMatcher struct {
|
2018-08-15 07:17:18 +00:00
|
|
|
osm.Matchers
|
2018-08-13 07:48:32 +00:00
|
|
|
}
|
|
|
|
|
2018-10-23 04:31:25 +00:00
|
|
|
func (m *DNSMatcher) Key(matchCtx *osm.MatchCtx) string {
|
2018-08-13 07:48:32 +00:00
|
|
|
return "DNS"
|
|
|
|
}
|
|
|
|
|
2018-10-23 04:31:25 +00:00
|
|
|
func (m *DNSMatcher) Type(matchCtx *osm.MatchCtx) string {
|
2018-09-12 04:26:27 +00:00
|
|
|
return "NETWORK"
|
|
|
|
}
|
2018-09-13 08:31:11 +00:00
|
|
|
func (m *DNSMatcher) Vendor(matchCtx *osm.MatchCtx) string {
|
|
|
|
return "UNKNOWN"
|
|
|
|
}
|
|
|
|
|
|
|
|
func (m *DNSMatcher) Version(matchCtx *osm.MatchCtx) string {
|
|
|
|
return "UNKNOWN"
|
|
|
|
}
|
|
|
|
|
|
|
|
func (m *DNSMatcher) OsType(matchCtx *osm.MatchCtx) string {
|
|
|
|
return "UNKNOWN"
|
|
|
|
}
|
|
|
|
|
|
|
|
func (m *DNSMatcher) OsVersion(matchCtx *osm.MatchCtx) string {
|
|
|
|
return "UNKNOWN"
|
|
|
|
}
|
2018-09-12 04:26:27 +00:00
|
|
|
|
2018-09-03 13:36:57 +00:00
|
|
|
func (m *DNSMatcher) Name(matchCtx *osm.MatchCtx) string {
|
2018-08-13 07:48:32 +00:00
|
|
|
return "DNS"
|
|
|
|
}
|
|
|
|
|
2018-09-03 13:41:28 +00:00
|
|
|
func (m *DNSMatcher) IsPrePacket() bool {
|
2018-08-13 07:48:32 +00:00
|
|
|
return false
|
|
|
|
}
|
|
|
|
|
2018-09-03 13:36:57 +00:00
|
|
|
func (m *DNSMatcher) HasResponse(matchCtx *osm.MatchCtx, index int) bool {
|
2018-08-13 07:48:32 +00:00
|
|
|
return true
|
|
|
|
}
|
|
|
|
|
2018-09-03 13:36:57 +00:00
|
|
|
func (m *DNSMatcher) IsError(matchCtx *osm.MatchCtx, index int, packet *osm.Packet) bool {
|
2018-08-13 07:48:32 +00:00
|
|
|
return false
|
|
|
|
}
|
|
|
|
|
2018-09-03 13:36:57 +00:00
|
|
|
func (m *DNSMatcher) Match(matchCtx *osm.MatchCtx, index int, packet *osm.Packet) error {
|
2018-09-03 06:42:56 +00:00
|
|
|
if packet == nil || !packet.Valid() {
|
2018-08-15 07:17:18 +00:00
|
|
|
return osm.NoPacketReceivedError()
|
2018-08-13 07:48:32 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
reader := new(bytes.Buffer)
|
2018-09-03 07:23:25 +00:00
|
|
|
reader.Write(packet.Buffer)
|
2018-08-13 07:48:32 +00:00
|
|
|
|
|
|
|
h := Dns_frame_header{}
|
|
|
|
if err := binary.Read(reader, binary.BigEndian, &h); err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
|
|
|
|
if h.Transaction_id != 0x2a88 {
|
2018-08-15 07:17:18 +00:00
|
|
|
return osm.NotMatchedError()
|
2018-08-13 07:48:32 +00:00
|
|
|
}
|
|
|
|
if h.Flags != 0x8180 && h.Flags != 0x8182 {
|
2018-08-15 07:17:18 +00:00
|
|
|
return osm.NotMatchedError()
|
2018-08-13 07:48:32 +00:00
|
|
|
}
|
|
|
|
if h.Questions != 1 {
|
2018-08-15 07:17:18 +00:00
|
|
|
return osm.NotMatchedError()
|
2018-08-13 07:48:32 +00:00
|
|
|
}
|
|
|
|
if h.Answer_rrs != 0 {
|
2018-08-15 07:17:18 +00:00
|
|
|
return osm.NotMatchedError()
|
2018-08-13 07:48:32 +00:00
|
|
|
}
|
|
|
|
if h.Authority_rrs != 0 && h.Authority_rrs != 1 {
|
2018-08-15 07:17:18 +00:00
|
|
|
return osm.NotMatchedError()
|
2018-08-13 07:48:32 +00:00
|
|
|
}
|
|
|
|
if h.Additional_rrs != 0 && h.Additional_rrs != 1 {
|
2018-08-15 07:17:18 +00:00
|
|
|
return osm.NotMatchedError()
|
2018-08-13 07:48:32 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
q := Dns_query_section{}
|
|
|
|
if err := binary.Read(reader, binary.BigEndian, &q); err != nil {
|
2018-08-15 07:17:18 +00:00
|
|
|
return osm.NotMatchedError()
|
2018-08-13 07:48:32 +00:00
|
|
|
}
|
|
|
|
if q.Name != 0 {
|
2018-08-15 07:17:18 +00:00
|
|
|
return osm.NotMatchedError()
|
2018-08-13 07:48:32 +00:00
|
|
|
}
|
|
|
|
if q.Query_type != 1 {
|
2018-08-15 07:17:18 +00:00
|
|
|
return osm.NotMatchedError()
|
2018-08-13 07:48:32 +00:00
|
|
|
}
|
|
|
|
if q.Class_type != 1 {
|
2018-08-15 07:17:18 +00:00
|
|
|
return osm.NotMatchedError()
|
2018-08-13 07:48:32 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
2018-09-03 13:36:57 +00:00
|
|
|
func (m *DNSMatcher) IsSend(port int) bool {
|
2018-08-13 07:48:32 +00:00
|
|
|
if 53 == port {
|
|
|
|
return true
|
|
|
|
}
|
|
|
|
return false
|
|
|
|
}
|
|
|
|
|
2018-08-15 07:17:18 +00:00
|
|
|
func NewMatcher() osm.UDPMatcher {
|
2018-08-13 07:48:32 +00:00
|
|
|
|
|
|
|
m := &DNSMatcher{}
|
|
|
|
|
|
|
|
header := Dns_frame_header{
|
|
|
|
Transaction_id: 0x2a88,
|
|
|
|
Flags: 0x0100,
|
|
|
|
Questions: 1,
|
|
|
|
Answer_rrs: 0,
|
|
|
|
Authority_rrs: 0,
|
|
|
|
Additional_rrs: 0,
|
|
|
|
}
|
|
|
|
|
|
|
|
query := Dns_query_section{
|
|
|
|
Name: 0,
|
|
|
|
Query_type: 1,
|
|
|
|
Class_type: 1,
|
|
|
|
}
|
|
|
|
|
|
|
|
buf := new(bytes.Buffer)
|
|
|
|
binary.Write(buf, binary.BigEndian, header)
|
|
|
|
binary.Write(buf, binary.BigEndian, query)
|
|
|
|
|
2018-08-15 07:17:18 +00:00
|
|
|
m.AddPacket(osm.NewPacket(buf.Bytes(), buf.Len()))
|
2018-08-13 07:48:32 +00:00
|
|
|
|
|
|
|
return m
|
|
|
|
}
|