DNS object, parsing, respdiff

- `core.object.dns`: - Issue DNS-OARC#39: Remove private struct and pull in `omg-dns` code - Issue DNS-OARC#39: Add constants and strings for class, type, opcode, rcode etc - Add new objects `core.object.dns.label`, `core.object.dns.q` and `core.object.dns.rr` - Make it possible to reuse a `core.object.dns` for parsing another payload - Rework the way parsing more then just the header is done: - Remove functions `rr_reset()`, `rr_ok()`, `rr_label()`, `rr_type()`, `rr_class()` and `rr_ttl()` - Remove attributes `questions`, `answers`, `authorities` and `additionals` - Add function `parse_q()` and `parse_rr()` - Payload object is now optional for `new()` - Change `parse()`, see documentation - Remove old (non-working) functions `src()` and `dst()` - Remove old (unused) attributes `src_id`, `qr_id`, `dst_id`, `sport` and `dport` - `print()` now displays textual representation of types and codes - `core.object`: Remove prefix for constants - `examples/*`: - Add `respdiff.lua`, based on `playqr.lua` but only uses `output.respdiff` - Remove `playqr.lua` - Update all examples with changes made to `core.object` and `core.object.dns` - `README.md`/Makefiles: Remove `omg-dns` dependency - `filter.layer`: Update parsing to use `memcpy()` and `bswap_nn()` for possible assembler optimization - `input.fpcap`: Update parsing to use `bswap_nn()` for possible assembler optimization - `input.mmpcap`: Update parsing to use `bswap_nn()` for possible assembler optimization
jelu · Jun 22, 2018 · 7681d91 · 7681d91
1 parent 06a11cb
commit 7681d91
Show file tree

Hide file tree

Showing 25 changed files with 1,683 additions and 1,091 deletions.
diff --git a/.gitmodules b/.gitmodules
diff --git a/README.md b/README.md
@@ -56,7 +56,6 @@ OpenBSD: `pkg_add luajit` + manual install of libpcap, liblmdb and libck
 ```shell
 git clone https://github.com/DNS-OARC/dnsjit
 cd dnsjit
-git submodule update --init
 sh autogen.sh
 ./configure
 make
@@ -98,6 +97,7 @@ Following example display the DNS ID found in queries.
 require("dnsjit.core.objects")
 local input = require("dnsjit.input.pcap").new()
 local layer = require("dnsjit.filter.layer").new()
+local dns = require("dnsjit.core.object.dns").new()
 
 input:open_offline(arg[2])
 layer:producer(input)
@@ -107,8 +107,8 @@ while true do
     local object = producer(ctx)
     if object == nil then break end
     if object:type() == "payload" then
-        local dns = require("dnsjit.core.object.dns").new(object)
-        if dns and dns:parse() == 0 then
+        dns.obj_prev = object
+        if dns:parse_header() == 0 then
             print(dns.id)
         end
     end

diff --git a/examples/Makefile.am b/examples/Makefile.am
@@ -16,5 +16,5 @@
 # You should have received a copy of the GNU General Public License
 # along with dnsjit.  If not, see <http://www.gnu.org/licenses/>.
 
-dist_doc_DATA = dumpdns.lua dumpdns-qr.lua filter_rcode.lua playqr.lua \
+dist_doc_DATA = dumpdns.lua dumpdns-qr.lua filter_rcode.lua respdiff.lua \
   readme.lua replay.lua test_pcap_read.lua test_throughput.lua
diff --git a/examples/dumpdns-qr.lua b/examples/dumpdns-qr.lua
@@ -9,6 +9,12 @@ end
 local object = require("dnsjit.core.objects")
 local input = require("dnsjit.input.pcap").new()
 local layer = require("dnsjit.filter.layer").new()
+local dns = require("dnsjit.core.object.dns").new()
+local label = require("dnsjit.core.object.dns.label")
+
+local ffi = require("ffi")
+local labels = require("dnsjit.core.object.dns.label").new(16)
+local q = require("dnsjit.core.object.dns.q").new()
 
 input:open_offline(pcap)
 layer:producer(input)
@@ -20,24 +26,25 @@ local responses = {}
 while true do
     local obj = producer(ctx)
     if obj == nil then break end
-    if obj:type() == "payload" then
+    local pl = obj:cast()
+    if obj:type() == "payload" and pl.len > 0 then
         local transport = obj.obj_prev
         while transport do
-            if transport.obj_type == object.CORE_OBJECT_IP or transport.obj_type == object.CORE_OBJECT_IP6 then
+            if transport.obj_type == object.IP or transport.obj_type == object.IP6 then
                 break
             end
             transport = transport.obj_prev
         end
         local protocol = obj.obj_prev
         while protocol do
-            if protocol.obj_type == object.CORE_OBJECT_UDP or protocol.obj_type == object.CORE_OBJECT_TCP then
+            if protocol.obj_type == object.UDP or protocol.obj_type == object.TCP then
                 break
             end
             protocol = protocol.obj_prev
         end
 
-        local dns = require("dnsjit.core.object.dns").new(obj)
-        if transport and protocol and dns and dns:parse() == 0 then
+        dns.obj_prev = obj
+        if transport and protocol and dns:parse_header() == 0 then
             transport = transport:cast()
             protocol = protocol:cast()
 
@@ -48,18 +55,18 @@ while true do
                     dst = transport:destination(),
                     dport = protocol.dport,
                     id = dns.id,
-                    rcode = dns.rcode,
+                    rcode = dns.rcode_tostring(dns.rcode),
                 })
             else
-                if dns.questions > 0 and dns:rr_next() == 0 and dns:rr_ok() then
+                if dns.qdcount > 0 and dns:parse_q(q, labels, 16) == 0 then
                     table.insert(queries, {
                         src = transport:source(),
                         sport = protocol.sport,
                         dst = transport:destination(),
                         dport = protocol.dport,
                         id = dns.id,
-                        qname = dns:rr_label(),
-                        qtype = dns:rr_type(),
+                        qname = label.tooffstr(dns, labels, 16),
+                        qtype = dns.type_tostring(q.type)
                     })
                 end
             end

diff --git a/examples/dumpdns.lua b/examples/dumpdns.lua
@@ -9,6 +9,7 @@ end
 local object = require("dnsjit.core.objects")
 local input = require("dnsjit.input.pcap").new()
 local layer = require("dnsjit.filter.layer").new()
+local dns = require("dnsjit.core.object.dns").new()
 
 input:open_offline(pcap)
 layer:producer(input)
@@ -17,24 +18,25 @@ local producer, ctx = layer:produce()
 while true do
     local obj = producer(ctx)
     if obj == nil then break end
-    if obj:type() == "payload" then
+    local pl = obj:cast()
+    if obj:type() == "payload" and pl.len > 0 then
         local transport = obj.obj_prev
         while transport do
-            if transport.obj_type == object.CORE_OBJECT_IP or transport.obj_type == object.CORE_OBJECT_IP6 then
+            if transport.obj_type == object.IP or transport.obj_type == object.IP6 then
                 break
             end
             transport = transport.obj_prev
         end
         local protocol = obj.obj_prev
         while protocol do
-            if protocol.obj_type == object.CORE_OBJECT_UDP or protocol.obj_type == object.CORE_OBJECT_TCP then
+            if protocol.obj_type == object.UDP or protocol.obj_type == object.TCP then
                 break
             end
             protocol = protocol.obj_prev
         end
 
-        local dns = require("dnsjit.core.object.dns").new(obj)
-        if transport and protocol and dns and dns:parse() == 0 then
+        dns.obj_prev = obj
+        if transport and protocol then
             transport = transport:cast()
             protocol = protocol:cast()
             print(protocol:type().." "..transport:source()..":"..tonumber(protocol.sport).." -> "..transport:destination()..":"..tonumber(protocol.dport))

diff --git a/examples/filter_rcode.lua b/examples/filter_rcode.lua
@@ -10,6 +10,7 @@ end
 local object = require("dnsjit.core.objects")
 local input = require("dnsjit.input.pcap").new()
 local layer = require("dnsjit.filter.layer").new()
+local dns = require("dnsjit.core.object.dns").new()
 
 input:open_offline(pcap)
 layer:producer(input)
@@ -18,17 +19,18 @@ local producer, ctx = layer:produce()
 while true do
     local obj = producer(ctx)
     if obj == nil then break end
-    if obj:type() == "payload" then
+    local pl = obj:cast()
+    if obj:type() == "payload" and pl.len > 0 then
         local transport = obj.obj_prev
         while transport do
-            if transport.obj_type == object.CORE_OBJECT_IP or transport.obj_type == object.CORE_OBJECT_IP6 then
+            if transport.obj_type == object.IP or transport.obj_type == object.IP6 then
                 break
             end
             transport = transport.obj_prev
         end
 
-        local dns = require("dnsjit.core.object.dns").new(obj)
-        if transport and dns and dns:parse() == 0 and dns.have_rcode == 1 and dns.rcode == rcode then
+        dns.obj_prev = obj
+        if transport and dns and dns:parse_header() == 0 and dns.have_rcode == 1 and dns.rcode == rcode then
             transport = transport:cast()
             print(dns.id, transport:source().." -> "..transport:destination())
         end