On Mon, Jan 30, 2017 at 10:33 AM, Vadim Kochan <vadi...@gmail.com> wrote:
> Add trafgen_l7.c module with DNS proto header generation with
> support of filling DNS query/answer/authority/additional sections
> as sub headers.
>
> Introcuded new concept as 'sub header' which is needed to easy handle
> DNS sections which might be added on-demand, and to simplify using
> sub-header as regular header with a fields, offset, etc. There is a
> parent header which contains array of pointers of sub-headers, and the
> array is ordered as they are located in the parent header. The
> sub-headers mostly encapsulated by the parent header which 'knows'
> the semantic of them. The new proto_hdr->push_sub_header(...) callback
> was added to tell the parent header to push the sub-header's fields,
> sub-header also may have proto_ops which must be filled by the parent.
> This sub-header concept might be used in the future if it will be needed
> to support DHCP, WLAN headers.
>
> There are 4 kinds of DNS sub-headers - query, answer, authority,
> additional. 'id' of each sub-header is used to only differentiate these
> types of sections. These sections have strict order inside DNS header,
> and there was added the proto_hdr_move_sub_header(...) to sort them in
> required order.
>
> Actually there are only 2 proto_hdr's which describes 4 DNS sections -
> query & rrecord, because rrecord covers another 3 - answer, auhority,
> additional which have the same layout.
>
> Add new syntax for DNS header generation via 'dns()' proto function.
>
> The fields are supported:
>
> id - 16 bit identifier
> qr - message is a query(0) or response(1)
> op|oper - specified kind of query
> aanswer - authoritative answer flag
> trunc - message was truncated flag
> rdesired - recursion desired flag
> ravail - recursion available flag
> zero - reserved for future use
> rcode - response code
> qdcount - number of entries in question section
> ancount - number of entries in answer section
> nscount - number of entries in authority section
> arcount - number of entries in additional section
>
> Also there are functions to generate DNS sections:
>
> 'qry()' function to generate separate query entry:
>
> name - variable domain name
> type - type of the query
> class - class of the query
>
> 'ans()', 'auth()', 'add' functions to generate separate answer,
> authoritative, adidditional entry with the same fields layout:
>
> name - variable domain name
> type - resource record type
> class - class of the data
> ttl - time interval that the record may be cached
> len - length of data
> data - variable length of bytes
>
> All the DNS section entries will be automaticlly sorted by DNS proto API
> in the way which is required by DNS header:
>
> query entries
> answer entries
> authoritative entries
> additional entries
>
> 'name' field in qry/ans/auth/add functions is automatically converted to
> FQDN format if it was specified as "string".
>
> There are also added functions to simplify the way of filling
> some often used RR types for using them inside ans/auth/add functions:
>
> addr(ipv4_addr | ipv6_addr) - fills the following RR fields:
> len - 4 or 16 depends on IPv4 or IPv6 address was specified
> data - is filled with IPv4 or IPv6 address
> type - 1 for IPv4 address, 28 - for IPv6
>
> ns(string)
> type - 2
>
> cname(string)
> type - 5
>
> ptr(string)
> type - 12
>
> EXAMPLES:
>
> {
> dns(qr=1,
> auth(name="ns1", ns("ns1.org")),
> ans(name="www.google.com", cname("google.com")),
> auth(name="aa", ns("bb")),
> qry(name="www.google.com"))
> }
>
> {
> dns(qr=1, ans(name="www.google.com", addr(1.2.3.4)))
> }
>
> {
> dns(qr=1, ans(name="www.google.com", addr(1::)))
> }
>
> Vadim Kochan (7):
> trafgen: parser: Rename bytes -> mac
> trafgen: proto: Add 'len' parameter to *_set_bytes(...) functions
> trafgen: proto: Allow to set field with variable length
> trafgen: parser: Use proto_field_set_xxx where it is possible
> str: Add function for converting string into DNS name
> trafgen: l7: Add DNS header generation API
> trafgen: parser: Add syntax to generate DNS header
>
> str.c | 37 +++++++++
> str.h | 1 +
> trafgen/Makefile | 1 +
> trafgen_l2.c | 6 +-
> trafgen_l4.c | 32 ++++++++
> trafgen_l7.c | 175 +++++++++++++++++++++++++++++++++++++++++
> trafgen_l7.h | 45 +++++++++++
> trafgen_lexer.l | 26 ++++++-
> trafgen_parser.y | 216 ++++++++++++++++++++++++++++++++++++++++++++++++---
> trafgen_proto.c | 231
> +++++++++++++++++++++++++++++++++++++++++++++++++------
> trafgen_proto.h | 23 +++++-
> 11 files changed, 750 insertions(+), 43 deletions(-)
> create mode 100644 trafgen_l7.c
> create mode 100644 trafgen_l7.h
>
> --
> 2.11.0
>
Hi Tobias,
I am sorry for the reminder, just want clarify if you will continue to
review this.
Thanks,
Vadim Kochan
--
You received this message because you are subscribed to the Google Groups
"netsniff-ng" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to netsniff-ng+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
