Added basic parsing of DNS queries and answers

shadowy-pycoder · shadowy-pycoder · commit c38b68b24bd2 · 2024-08-31T18:10:01.000+03:00
diff --git a/layers/dns.go b/layers/dns.go
@@ -3,9 +3,11 @@ package layers
 import (
 	"encoding/binary"
 	"fmt"
+	"strings"
+	"unsafe"
 )
 
-const dnsHeaderSize = 12
+const headerSizeDNS = 12
 
 type DNSMessage struct {
 	TransactionID uint16 // Used for matching response to queries.
@@ -27,6 +29,7 @@ func (d *DNSMessage) String() string {
 - Authority RRs: %d
 - Additional RRs: %d
 - Payload: %d bytes
+%s
 `,
 		d.TransactionID,
 		d.Flags,
@@ -36,21 +39,22 @@ func (d *DNSMessage) String() string {
 		d.AuthorityRRs,
 		d.AdditionalRRs,
 		len(d.payload),
+		d.queries(),
 	)
 }
 
 // Parse parses the given byte data into a DNSMessage struct.
 func (d *DNSMessage) Parse(data []byte) error {
-	if len(data) < dnsHeaderSize {
-		return fmt.Errorf("minimum header size for DNS is %d bytes, got %d bytes", dnsHeaderSize, len(data))
+	if len(data) < headerSizeDNS {
+		return fmt.Errorf("minimum header size for DNS is %d bytes, got %d bytes", headerSizeDNS, len(data))
 	}
 	d.TransactionID = binary.BigEndian.Uint16(data[0:2])
 	d.Flags = binary.BigEndian.Uint16(data[2:4])
 	d.Questions = binary.BigEndian.Uint16(data[4:6])
 	d.AnswerRRs = binary.BigEndian.Uint16(data[6:8])
 	d.AuthorityRRs = binary.BigEndian.Uint16(data[8:10])
-	d.AdditionalRRs = binary.BigEndian.Uint16(data[10:dnsHeaderSize])
-	d.payload = data[dnsHeaderSize:]
+	d.AdditionalRRs = binary.BigEndian.Uint16(data[10:headerSizeDNS])
+	d.payload = data[headerSizeDNS:]
 	return nil
 }
 
@@ -79,15 +83,15 @@ func (d *DNSMessage) flags() string {
 	default:
 		opcodes = "Unknown"
 	}
+	tc := (d.Flags >> 9) & 1
+	rd := (d.Flags >> 8) & 1
+	z := (d.Flags >> 6) & 1
+	na := (d.Flags >> 4) & 1
 	qr := (d.Flags >> 15) & 1
 	var qrs string
 	switch qr {
 	case 0:
 		qrs = "query"
-		tc := (d.Flags >> 9) & 1
-		rd := (d.Flags >> 8) & 1
-		z := (d.Flags >> 6) & 1
-		na := (d.Flags >> 4) & 1
 		flags = fmt.Sprintf(`  - Response: Message is a %s (%d)
   - Opcode: %s (%d)
   - Truncated: %d
@@ -97,12 +101,8 @@ func (d *DNSMessage) flags() string {
 	case 1:
 		qrs = "reply"
 		a := (d.Flags >> 10) & 1
-		tc := (d.Flags >> 9) & 1
-		rd := (d.Flags >> 8) & 1
 		ra := (d.Flags >> 7) & 1
-		z := (d.Flags >> 6) & 1
 		aa := (d.Flags >> 5) & 1
-		na := (d.Flags >> 4) & 1
 		rcode := d.Flags & 15
 		var rcodes string
 		switch rcode {
@@ -142,3 +142,72 @@ func (d *DNSMessage) flags() string {
 	}
 	return flags
 }
+
+func bytesToStr(myBytes []byte) string {
+	return unsafe.String(unsafe.SliceData(myBytes), len(myBytes))
+}
+
+func extractDomain(data []byte, offset int) (string, int) {
+	var parts []string
+	for {
+		blen := int(data[offset])
+		offset++
+		if blen == 0 {
+			break
+		}
+		if blen == 0xc0 {
+			offset = int(data[offset]) - headerSizeDNS
+			blen = int(data[offset])
+			offset++
+		}
+		parts = append(parts, bytesToStr(data[offset:offset+blen]))
+		offset += blen
+	}
+	return strings.Join(parts, "."), offset
+}
+
+func (d *DNSMessage) queries() string {
+	var (
+		sb     strings.Builder
+		offset int
+	)
+	if d.Questions > 0 {
+		sb.WriteString("- Queries:\n")
+		for range d.Questions {
+			var domain string
+			domain, offset = extractDomain(d.payload, offset)
+			typ := binary.BigEndian.Uint16(d.payload[offset : offset+2])
+			offset += 2
+			class := binary.BigEndian.Uint16(d.payload[offset : offset+2])
+			offset += 2
+			// TODO: add type and class description https://en.wikipedia.org/wiki/List_of_DNS_record_types
+			sb.WriteString(fmt.Sprintf("  %s: type %d class %d\n", domain, typ, class))
+		}
+	}
+	if d.AnswerRRs > 0 {
+		sb.WriteString("- Answers:\n")
+		for range d.AnswerRRs {
+			no := binary.BigEndian.Uint16(d.payload[offset : offset+2])
+			offset += 2
+			domain, _ := extractDomain(d.payload, int(no&0xFF)-headerSizeDNS)
+			typ := binary.BigEndian.Uint16(d.payload[offset : offset+2])
+			offset += 2
+			class := binary.BigEndian.Uint16(d.payload[offset : offset+2])
+			offset += 2
+			ttl := binary.BigEndian.Uint32(d.payload[offset : offset+4])
+			offset += 4
+			rdl := int(binary.BigEndian.Uint16(d.payload[offset : offset+2]))
+			offset += 2
+			//rdata := d.payload[offset : offset+rdl]
+			offset += rdl
+			sb.WriteString(fmt.Sprintf("  %s: type %d class %d ttl %d rdl %d\n", domain, typ, class, ttl, rdl))
+		}
+	}
+	if d.AuthorityRRs > 0 {
+
+	}
+	if d.AdditionalRRs > 0 {
+
+	}
+	return sb.String()
+}
diff --git a/layers/ethernet.go b/layers/ethernet.go
@@ -7,7 +7,7 @@ import (
 	"net"
 )
 
-const ethernetHeaderSize = 14
+const headerSizeEthernet = 14
 
 // An Ethernet frame is a data link layer protocol data unit.
 type EthernetFrame struct {
@@ -35,13 +35,13 @@ func (ef *EthernetFrame) String() string {
 
 // Parse parses the given byte data into an Ethernet frame.
 func (ef *EthernetFrame) Parse(data []byte) error {
-	if len(data) < ethernetHeaderSize {
+	if len(data) < headerSizeEthernet {
 		return fmt.Errorf("did not read a complete Ethernet frame, only %d bytes read", len(data))
 	}
 	ef.DstMAC = net.HardwareAddr(data[0:6])
 	ef.SrcMAC = net.HardwareAddr(data[6:12])
 	ef.EtherType = binary.BigEndian.Uint16(data[12:14])
-	ef.payload = data[ethernetHeaderSize:]
+	ef.payload = data[headerSizeEthernet:]
 	return nil
 }
 
