Re: Linux Kernel Module program to obtain domain name from IP
On Tue, Jul 8, 2014 at 4:52 PM, shhuiw shh...@163.com wrote: Hi, I think you need refer to some open source DNS client utilities, e.g http://en.wikipedia.org/wiki/Nslookup. - shhuiw just have a look at the source code of nslookup command ... it does the same thing as what u want ... but in many cases it will not work , as many domain names have shared ip address . At 2014-07-08 06:26:23, Hettiarachchige Hasitha Shan hh_s...@live.com wrote: I have a requirement to obtain the domain name from the destination IP from an outgoing packet. I am successful in capturing and obtaining the destination IP packets using the `netfilter` hook as shown below. unsigned int hook_func_out(unsigned int hooknum, struct sk_buff * skb, const struct net_device *in, const struct net_device *out, int (*okfn)(struct sk_buff*)) { ofs = 20;// Set theoffset to skip over the IP header. { struct iphdr *ip_header = (struct iphdr *)skb_network_header(skb); struct udphdr *udp_header; struct tcphdr * tcp_header; //Ican obtain the destination IP address of the packet //like this unsigned int dest_ip = (unsigned int)ip_header-daddr; //or like this char pkt_tbuf[16]; snprintf(pkt_tbuf, 16, %pI4, ip_header-daddr); //here I need to obtain the domain name of the obtained destination address } } However, I have no idea on how to use that IP to obtain the domain name of the obtained IP. I tried many sources (https://www.google.com/search?client=ubuntuchannel=fsq=linux+kernel+programming+domain+name+from+IP+ie=utf-8oe=utf-8) but did find any related information on the subject and will be really grateful if you experts would provide any sample code/ references to perform this task :) Thank you very much :) ___ Kernelnewbies mailing list Kernelnewbies@kernelnewbies.org http://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies ___ Kernelnewbies mailing list Kernelnewbies@kernelnewbies.org http://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies
Re: Re: Linux Kernel Module program to obtain domain name from IP
On 2014-07-08 20:19:09 (+0800), shhuiw shh...@163.com wrote: DNS loopkup should use UDP packet, and you have to construct UDP request based on your captured IP addresses in your module. DNS can actually use both TCP and UDP. And you have to use DNS server fallback lists and time-out control if some DNS server cannot work well. Yeah. Doing DNS lookups (forward or reverse) is complicated. There's a dns_query function in the kernel (net/dns_resolver), which apparently upcalls into user space, but I'd avoid dealing with DNS in the kernel at all. Just pass the IP address to user space and let it deal with it. There are plenty of DNS libraries available. Odds are you need to pass the resulting information to user space anyway, so you're not really losing anything. What are you trying to accomplish anyway? Regards, Kristof ___ Kernelnewbies mailing list Kernelnewbies@kernelnewbies.org http://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies
Re: Re: Linux Kernel Module program to obtain domain name from IP
There's a research project called Name Based Sockets where this have been done. Take a look at: https://www.sics.se/projects/name-based-sockets If you search for name based sockets on Google you will find a kernel module and user space code doing this. On 8 Jul 2014 15:07, Kristof Provost kris...@sigsegv.be wrote: On 2014-07-08 20:19:09 (+0800), shhuiw shh...@163.com wrote: DNS loopkup should use UDP packet, and you have to construct UDP request based on your captured IP addresses in your module. DNS can actually use both TCP and UDP. And you have to use DNS server fallback lists and time-out control if some DNS server cannot work well. Yeah. Doing DNS lookups (forward or reverse) is complicated. There's a dns_query function in the kernel (net/dns_resolver), which apparently upcalls into user space, but I'd avoid dealing with DNS in the kernel at all. Just pass the IP address to user space and let it deal with it. There are plenty of DNS libraries available. Odds are you need to pass the resulting information to user space anyway, so you're not really losing anything. What are you trying to accomplish anyway? Regards, Kristof ___ Kernelnewbies mailing list Kernelnewbies@kernelnewbies.org http://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies ___ Kernelnewbies mailing list Kernelnewbies@kernelnewbies.org http://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies
RE: Linux Kernel Module program to obtain domain name from IP
Thank you for your responses sirs and the advice. My target is to, 1. Intercept SYN packet 2. Obtain the destination IP address 3. Resolve the TLD of that IP 4. then bind each packet to queues depending on the TLD I will check on nslookup, open DNS client utilities and dns_resolver libraries as you experts suggested :) Best Regards, H. Hasitha Shan Date: Tue, 8 Jul 2014 15:20:16 +0200 Subject: Re: Re: Linux Kernel Module program to obtain domain name from IP From: kristofer.hal...@gmail.com To: kris...@sigsegv.be CC: kernelnewbies@kernelnewbies.org; shh...@163.com; sudipm.mukher...@gmail.com; hh_s...@live.com There's a research project called Name Based Sockets where this have been done. Take a look at: https://www.sics.se/projects/name-based-sockets If you search for name based sockets on Google you will find a kernel module and user space code doing this. On 8 Jul 2014 15:07, Kristof Provost kris...@sigsegv.be wrote: On 2014-07-08 20:19:09 (+0800), shhuiw shh...@163.com wrote: DNS loopkup should use UDP packet, and you have to construct UDP request based on your captured IP addresses in your module. DNS can actually use both TCP and UDP. And you have to use DNS server fallback lists and time-out control if some DNS server cannot work well. Yeah. Doing DNS lookups (forward or reverse) is complicated. There's a dns_query function in the kernel (net/dns_resolver), which apparently upcalls into user space, but I'd avoid dealing with DNS in the kernel at all. Just pass the IP address to user space and let it deal with it. There are plenty of DNS libraries available. Odds are you need to pass the resulting information to user space anyway, so you're not really losing anything. What are you trying to accomplish anyway? Regards, Kristof ___ Kernelnewbies mailing list Kernelnewbies@kernelnewbies.org http://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies ___ Kernelnewbies mailing list Kernelnewbies@kernelnewbies.org http://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies