On Mon, Jan 30, 2017 at 10:33 AM, Vadim Kochan <vadi...@gmail.com> wrote: > Add trafgen_l7.c module with DNS proto header generation with > support of filling DNS query/answer/authority/additional sections > as sub headers. > > Introcuded new concept as 'sub header' which is needed to easy handle > DNS sections which might be added on-demand, and to simplify using > sub-header as regular header with a fields, offset, etc. There is a > parent header which contains array of pointers of sub-headers, and the > array is ordered as they are located in the parent header. The > sub-headers mostly encapsulated by the parent header which 'knows' > the semantic of them. The new proto_hdr->push_sub_header(...) callback > was added to tell the parent header to push the sub-header's fields, > sub-header also may have proto_ops which must be filled by the parent. > This sub-header concept might be used in the future if it will be needed > to support DHCP, WLAN headers. > > There are 4 kinds of DNS sub-headers - query, answer, authority, > additional. 'id' of each sub-header is used to only differentiate these > types of sections. These sections have strict order inside DNS header, > and there was added the proto_hdr_move_sub_header(...) to sort them in > required order. > > Actually there are only 2 proto_hdr's which describes 4 DNS sections - > query & rrecord, because rrecord covers another 3 - answer, auhority, > additional which have the same layout. > > Add new syntax for DNS header generation via 'dns()' proto function. > > The fields are supported: > > id - 16 bit identifier > qr - message is a query(0) or response(1) > op|oper - specified kind of query > aanswer - authoritative answer flag > trunc - message was truncated flag > rdesired - recursion desired flag > ravail - recursion available flag > zero - reserved for future use > rcode - response code > qdcount - number of entries in question section > ancount - number of entries in answer section > nscount - number of entries in authority section > arcount - number of entries in additional section > > Also there are functions to generate DNS sections: > > 'qry()' function to generate separate query entry: > > name - variable domain name > type - type of the query > class - class of the query > > 'ans()', 'auth()', 'add' functions to generate separate answer, > authoritative, adidditional entry with the same fields layout: > > name - variable domain name > type - resource record type > class - class of the data > ttl - time interval that the record may be cached > len - length of data > data - variable length of bytes > > All the DNS section entries will be automaticlly sorted by DNS proto API > in the way which is required by DNS header: > > query entries > answer entries > authoritative entries > additional entries > > 'name' field in qry/ans/auth/add functions is automatically converted to > FQDN format if it was specified as "string". > > There are also added functions to simplify the way of filling > some often used RR types for using them inside ans/auth/add functions: > > addr(ipv4_addr | ipv6_addr) - fills the following RR fields: > len - 4 or 16 depends on IPv4 or IPv6 address was specified > data - is filled with IPv4 or IPv6 address > type - 1 for IPv4 address, 28 - for IPv6 > > ns(string) > type - 2 > > cname(string) > type - 5 > > ptr(string) > type - 12 > > EXAMPLES: > > { > dns(qr=1, > auth(name="ns1", ns("ns1.org")), > ans(name="www.google.com", cname("google.com")), > auth(name="aa", ns("bb")), > qry(name="www.google.com")) > } > > { > dns(qr=1, ans(name="www.google.com", addr(1.2.3.4))) > } > > { > dns(qr=1, ans(name="www.google.com", addr(1::))) > } > > Vadim Kochan (7): > trafgen: parser: Rename bytes -> mac > trafgen: proto: Add 'len' parameter to *_set_bytes(...) functions > trafgen: proto: Allow to set field with variable length > trafgen: parser: Use proto_field_set_xxx where it is possible > str: Add function for converting string into DNS name > trafgen: l7: Add DNS header generation API > trafgen: parser: Add syntax to generate DNS header > > str.c | 37 +++++++++ > str.h | 1 + > trafgen/Makefile | 1 + > trafgen_l2.c | 6 +- > trafgen_l4.c | 32 ++++++++ > trafgen_l7.c | 175 +++++++++++++++++++++++++++++++++++++++++ > trafgen_l7.h | 45 +++++++++++ > trafgen_lexer.l | 26 ++++++- > trafgen_parser.y | 216 ++++++++++++++++++++++++++++++++++++++++++++++++--- > trafgen_proto.c | 231 > +++++++++++++++++++++++++++++++++++++++++++++++++------ > trafgen_proto.h | 23 +++++- > 11 files changed, 750 insertions(+), 43 deletions(-) > create mode 100644 trafgen_l7.c > create mode 100644 trafgen_l7.h > > -- > 2.11.0 >
Hi Tobias, I am sorry for the reminder, just want clarify if you will continue to review this. Thanks, Vadim Kochan -- You received this message because you are subscribed to the Google Groups "netsniff-ng" group. To unsubscribe from this group and stop receiving emails from it, send an email to netsniff-ng+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.