File: dumpdns.lua

package info (click to toggle)
dnsjit 1.5.0-3
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid
  • size: 3,268 kB
  • sloc: ansic: 9,449; sh: 4,746; makefile: 252
file content (95 lines) | stat: -rwxr-xr-x 2,789 bytes parent folder | download | duplicates (2) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
 
#!/usr/bin/env dnsjit
local pcap = arg[2]
local compression = arg[3]
local mmap = arg[4]

if pcap == nil then
    print("usage: "..arg[1].." <pcap | '-' for stdin> [compression] [mmap]")
    return
end

local object = require("dnsjit.core.objects")
local input = require("dnsjit.input.pcap").new()
local zinput = require("dnsjit.input.zpcap").new()
if mmap then
    zinput = require("dnsjit.input.zmmpcap").new()
end
local layer = require("dnsjit.filter.layer").new()
local dns = require("dnsjit.core.object.dns").new()

if string.lower(string.sub(pcap, -4)) == ".zst" or compression == "zstd" then
    zinput:zstd()
    if pcap == "-" then
        zinput:openfp(io.stdin)
    else
        zinput:open(pcap)
    end
    layer:producer(zinput)
elseif string.lower(string.sub(pcap, -4)) == ".lz4" or compression == "lz4" then
    zinput:lz4()
    if pcap == "-" then
        zinput:openfp(io.stdin)
    else
        zinput:open(pcap)
    end
    layer:producer(zinput)
elseif string.lower(string.sub(pcap, -3)) == ".xz" or compression == "xz" then
    zinput:lzma()
    if pcap == "-" then
        zinput:openfp(io.stdin)
    else
        zinput:open(pcap)
    end
    layer:producer(zinput)
elseif string.lower(string.sub(pcap, -3)) == ".gz" or compression == "gz" then
    zinput:gzip()
    if pcap == "-" then
        zinput:openfp(io.stdin)
    else
        zinput:open(pcap)
    end
    layer:producer(zinput)
else
    if mmap then
        input = require("dnsjit.input.mmpcap").new()
        input:open(pcap)
    else
        input:open_offline(pcap)
    end
    layer:producer(input)
end
local producer, ctx = layer:produce()

while true do
    local obj = producer(ctx)
    if obj == nil then break end
    local pl = obj:cast()
    if obj:type() == "payload" and pl.len > 0 then
        local transport = obj.obj_prev
        while transport ~= nil do
            if transport.obj_type == object.IP or transport.obj_type == object.IP6 then
                break
            end
            transport = transport.obj_prev
        end
        local protocol = obj.obj_prev
        while protocol ~= nil do
            if protocol.obj_type == object.UDP or protocol.obj_type == object.TCP then
                break
            end
            protocol = protocol.obj_prev
        end

        dns:reset()
        if protocol ~= nil and protocol.obj_type == object.TCP then
            dns.includes_dnslen = 1
        end
        dns.obj_prev = obj
        if transport ~= nil and protocol ~= nil then
            transport = transport:cast()
            protocol = protocol:cast()
            print(protocol:type().." "..transport:source()..":"..tonumber(protocol.sport).." -> "..transport:destination()..":"..tonumber(protocol.dport))
            dns:print()
        end
    end
end