Add trafgen_l7.c module with DNS proto header generation with
support of filling DNS query/answer/authority/additional sections
as sub headers.
Introcuded new concept as 'sub header' which is needed to easy handle
DNS sections which might be added on-demand, and to simplify using
sub-header as regular header with a fields, offset, etc. There is a
parent header which contains array of pointers of sub-headers, and the
array is ordered as they are located in the parent header. The
sub-headers mostly encapsulated by the parent header which 'knows'
the semantic of them. The new proto_hdr->push_sub_header(...) callback
was added to tell the parent header to push the sub-header's fields,
sub-header also may have proto_ops which must be filled by the parent.
This sub-header concept might be used in the future if it will be needed
to support DHCP, WLAN headers.
There are 4 kinds of DNS sub-headers - query, answer, authority,
additional. 'id' of each sub-header is used to only differentiate these
types of sections. These sections have strict order inside DNS header,
and there was added the proto_hdr_move_sub_header(...) to sort them in
required order.
Actually there are only 2 proto_hdr's which describes 4 DNS sections -
query & rrecord, because rrecord covers another 3 - answer, auhority,
additional which have the same layout.
Add new syntax for DNS header generation via 'dns()' proto function.
The fields are supported:
id - 16 bit identifier
qr - message is a query(0) or response(1)
op|oper - specified kind of query
aanswer - authoritative answer flag
trunc - message was truncated flag
rdesired - recursion desired flag
ravail - recursion available flag
zero - reserved for future use
rcode - response code
qdcount - number of entries in question section
ancount - number of entries in answer section
nscount - number of entries in authority section
arcount - number of entries in additional section
Also there are functions to generate DNS sections:
'qry()' function to generate separate query entry:
name - variable domain name
type - type of the query
class - class of the query
'ans()', 'auth()', 'add' functions to generate separate answer,
authoritative, adidditional entry with the same fields layout:
name - variable domain name
type - resource record type
class - class of the data
ttl - time interval that the record may be cached
len - length of data
data - variable length of bytes
All the DNS section entries will be automaticlly sorted by DNS proto API
in the way which is required by DNS header:
query entries
answer entries
authoritative entries
additional entries
'name' field in qry/ans/auth/add functions is automatically converted to
FQDN format if it was specified as "string".
There are also added functions to simplify the way of filling
some often used RR types for using them inside ans/auth/add functions:
addr(ipv4_addr | ipv6_addr) - fills the following RR fields:
len - 4 or 16 depends on IPv4 or IPv6 address was specified
data - is filled with IPv4 or IPv6 address
type - 1 for IPv4 address, 28 - for IPv6
ns(string)
type - 2
cname(string)
type - 5
ptr(string)
type - 12
EXAMPLES:
{
dns(qr=1,
auth(name="ns1", ns("ns1.org")),
ans(name="www.google.com", cname("google.com")),
auth(name="aa", ns("bb")),
qry(name="www.google.com"))
}
{
dns(qr=1, ans(name="www.google.com", addr(1.2.3.4)))
}
{
dns(qr=1, ans(name="www.google.com", addr(1::)))
}
Vadim Kochan (7):
trafgen: parser: Rename bytes -> mac
trafgen: proto: Add 'len' parameter to *_set_bytes(...) functions
trafgen: proto: Allow to set field with variable length
trafgen: parser: Use proto_field_set_xxx where it is possible
str: Add function for converting string into DNS name
trafgen: l7: Add DNS header generation API
trafgen: parser: Add syntax to generate DNS header
str.c | 37 +++++++++
str.h | 1 +
trafgen/Makefile | 1 +
trafgen_l2.c | 6 +-
trafgen_l4.c | 32 ++++++++
trafgen_l7.c | 175 +++++++++++++++++++++++++++++++++++++++++
trafgen_l7.h | 45 +++++++++++
trafgen_lexer.l | 26 ++++++-
trafgen_parser.y | 216 ++++++++++++++++++++++++++++++++++++++++++++++++---
trafgen_proto.c | 231 +++++++++++++++++++++++++++++++++++++++++++++++++------
trafgen_proto.h | 23 +++++-
11 files changed, 750 insertions(+), 43 deletions(-)
create mode 100644 trafgen_l7.c
create mode 100644 trafgen_l7.h
--
2.11.0
--
You received this message because you are subscribed to the Google Groups
"netsniff-ng" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
