package dns import ( "bytes" "encoding/binary" "git.loafle.net/overflow/overflow_discovery/service/matcher" ) type Dns_frame_header struct { Transaction_id uint16 Flags uint16 Questions uint16 Answer_rrs uint16 Authority_rrs uint16 Additional_rrs uint16 } type Dns_query_section struct { Name uint8 Query_type uint16 Class_type uint16 } type Dns_authority_section struct { Name uint8 Auth_type uint16 Class_type uint16 Time_to_live uint32 Data_length uint16 Primary_name_server [20]uint8 Responsible_authority_mailbox [24]uint8 Serial_number uint32 Refresh_interval uint32 Retry_interval uint32 Expire_limit uint32 Minium_ttl uint32 } type DNSMatcher struct { matcher.Matchers } func (t *DNSMatcher) ServiceName() string { return "DNS" } func (t *DNSMatcher) IsPrePacket() bool { return false } func (t *DNSMatcher) HasResponse(index int) bool { return true } func (t *DNSMatcher) IsError(info matcher.MatchInfo, index int, packet *matcher.Packet) bool { return false } func (t *DNSMatcher) Match(info matcher.MatchInfo, index int, packet *matcher.Packet) bool { if packet == nil { return false } if packet.Len <= 0 { return false } reader := new(bytes.Buffer) reader.Write(packet.Buffer) h := Dns_frame_header{} if err := binary.Read(reader, binary.BigEndian, &h); err != nil { return false } if h.Transaction_id != 0x2a88 { return false } if h.Flags != 0x8180 && h.Flags != 0x8182 { return false } if h.Questions != 1 { return false } if h.Answer_rrs != 0 { return false } if h.Authority_rrs != 0 && h.Authority_rrs != 1 { return false } if h.Additional_rrs != 0 && h.Additional_rrs != 1 { return false } q := Dns_query_section{} if err := binary.Read(reader, binary.BigEndian, &q); err != nil { return false } if q.Name != 0 { return false } if q.Query_type != 1 { return false } if q.Class_type != 1 { return false } return true } func (t *DNSMatcher) IsSend(port int) bool { if 53 == port { return true } return false } func NewMatcher() matcher.UDPMatcher { m := &DNSMatcher{} header := Dns_frame_header{ Transaction_id: 0x2a88, Flags: 0x0100, Questions: 1, Answer_rrs: 0, Authority_rrs: 0, Additional_rrs: 0, } query := Dns_query_section{ Name: 0, Query_type: 1, Class_type: 1, } buf := new(bytes.Buffer) binary.Write(buf, binary.BigEndian, header) binary.Write(buf, binary.BigEndian, query) m.AddPacket(matcher.NewPacket(buf.Bytes(), buf.Len())) return m }