1
0
mirror of https://github.com/SoftEtherVPN/SoftEtherVPN.git synced 2024-11-23 01:49:53 +03:00

Added the function to save the DNS query log on the packet logs.

This commit is contained in:
Daiyuu Nobori 2017-12-21 23:23:17 +09:00
parent 4a01c41d09
commit 97e7a82be2
5 changed files with 138 additions and 100 deletions

View File

@ -1307,6 +1307,11 @@ UINT CalcPacketLoggingLevelEx(HUB_LOG *g, PKT *packet)
// OpenVPN connection request // OpenVPN connection request
ret = MAX(ret, g->PacketLogConfig[PACKET_LOG_TCP_CONN]); ret = MAX(ret, g->PacketLogConfig[PACKET_LOG_TCP_CONN]);
break; break;
case L7_DNS:
// DNS request
ret = MAX(ret, g->PacketLogConfig[PACKET_LOG_TCP_CONN]);
break;
} }
break; break;
@ -1354,6 +1359,11 @@ UINT CalcPacketLoggingLevelEx(HUB_LOG *g, PKT *packet)
// OpenVPN connection request // OpenVPN connection request
ret = MAX(ret, g->PacketLogConfig[PACKET_LOG_TCP_CONN]); ret = MAX(ret, g->PacketLogConfig[PACKET_LOG_TCP_CONN]);
break; break;
case L7_DNS:
// DNS request
ret = MAX(ret, g->PacketLogConfig[PACKET_LOG_TCP_CONN]);
break;
} }
break; break;
@ -1759,6 +1769,13 @@ char *PacketLogParseProc(RECORD *rec)
} }
break; break;
case L7_DNS:
// DNS query
t->Token[6] = CopyStr("DNSv4");
t->Token[7] = CopyStr("DNS_Query");
t->Token[14] = CopyStr(p->DnsQueryHost);
break;
default: default:
// Unknown Packet // Unknown Packet
t->Token[6] = CopyStr("UDPv4"); t->Token[6] = CopyStr("UDPv4");
@ -2024,6 +2041,13 @@ char *PacketLogParseProc(RECORD *rec)
} }
break; break;
case L7_DNS:
// DNS query
t->Token[6] = CopyStr("DNSv6");
t->Token[7] = CopyStr("DNS_Query");
t->Token[14] = CopyStr(p->DnsQueryHost);
break;
default: default:
t->Token[6] = CopyStr("UDPv6"); t->Token[6] = CopyStr("UDPv6");
break; break;

View File

@ -6955,104 +6955,6 @@ NAT_ENTRY *CreateNatDns(VH *v, UINT src_ip, UINT src_port, UINT dest_ip, UINT de
return n; return n;
} }
// Get the next byte
UCHAR GetNextByte(BUF *b)
{
UCHAR c = 0;
// Validate arguments
if (b == NULL)
{
return 0;
}
if (ReadBuf(b, &c, 1) != 1)
{
return 0;
}
return c;
}
// Interpret the DNS query
bool ParseDnsQuery(char *name, UINT name_size, void *data, UINT data_size)
{
BUF *b;
char tmp[257];
bool ok = true;
USHORT val;
// Validate arguments
if (name == NULL || data == NULL || data_size == 0)
{
return false;
}
StrCpy(name, name_size, "");
b = NewBuf();
WriteBuf(b, data, data_size);
SeekBuf(b, 0, 0);
while (true)
{
UINT next_len = (UINT)GetNextByte(b);
if (next_len > 0)
{
// Read only the specified length
Zero(tmp, sizeof(tmp));
if (ReadBuf(b, tmp, next_len) != next_len)
{
ok = false;
break;
}
// Append
if (StrLen(name) != 0)
{
StrCat(name, name_size, ".");
}
StrCat(name, name_size, tmp);
}
else
{
// Read all
break;
}
}
if (ReadBuf(b, &val, sizeof(val)) != sizeof(val))
{
ok = false;
}
else
{
if (Endian16(val) != 0x01 && Endian16(val) != 0x0c)
{
ok = false;
}
}
if (ReadBuf(b, &val, sizeof(val)) != sizeof(val))
{
ok = false;
}
else
{
if (Endian16(val) != 0x01)
{
ok = false;
}
}
FreeBuf(b);
if (ok == false || StrLen(name) == 0)
{
return false;
}
else
{
return true;
}
}
// Set the VGS host name // Set the VGS host name
void SetDnsProxyVgsHostname(char *hostname) void SetDnsProxyVgsHostname(char *hostname)
{ {

View File

@ -594,9 +594,7 @@ void SendTcp(VH *v, UINT src_ip, UINT src_port, UINT dest_ip, UINT dest_port, UI
void DnsProxy(VH *v, UINT src_ip, UINT src_port, UINT dest_ip, UINT dest_port, void *data, UINT size); void DnsProxy(VH *v, UINT src_ip, UINT src_port, UINT dest_ip, UINT dest_port, void *data, UINT size);
bool ParseDnsPacket(VH *v, UINT src_ip, UINT src_port, UINT dest_ip, UINT dest_port, void *data, UINT size); bool ParseDnsPacket(VH *v, UINT src_ip, UINT src_port, UINT dest_ip, UINT dest_port, void *data, UINT size);
bool ParseDnsPacketEx(VH *v, UINT src_ip, UINT src_port, UINT dest_ip, UINT dest_port, void *data, UINT size, DNS_PARSED_PACKET *parsed_result); bool ParseDnsPacketEx(VH *v, UINT src_ip, UINT src_port, UINT dest_ip, UINT dest_port, void *data, UINT size, DNS_PARSED_PACKET *parsed_result);
bool ParseDnsQuery(char *name, UINT name_size, void *data, UINT data_size);
void SetDnsProxyVgsHostname(char *hostname); void SetDnsProxyVgsHostname(char *hostname);
UCHAR GetNextByte(BUF *b);
bool NatTransactDns(VH *v, NAT_ENTRY *n); bool NatTransactDns(VH *v, NAT_ENTRY *n);
void NatDnsThread(THREAD *t, void *param); void NatDnsThread(THREAD *t, void *param);
bool NatGetIP(IP *ip, char *hostname); bool NatGetIP(IP *ip, char *hostname);

View File

@ -1688,6 +1688,10 @@ PKT *ClonePacket(PKT *p, bool copy_data)
ret->L7.IkeHeader = MallocFast(sizeof(IKE_HEADER)); ret->L7.IkeHeader = MallocFast(sizeof(IKE_HEADER));
Copy(ret->L7.IkeHeader, p->L7.IkeHeader, sizeof(IKE_HEADER)); Copy(ret->L7.IkeHeader, p->L7.IkeHeader, sizeof(IKE_HEADER));
break; break;
case L7_DNS:
StrCpy(ret->DnsQueryHost, sizeof(ret->DnsQueryHost), p->DnsQueryHost);
break;
} }
// Address data // Address data
@ -3010,6 +3014,104 @@ bool ParseTCP(PKT *p, UCHAR *buf, UINT size)
return true; return true;
} }
// Get the next byte
UCHAR GetNextByte(BUF *b)
{
UCHAR c = 0;
// Validate arguments
if (b == NULL)
{
return 0;
}
if (ReadBuf(b, &c, 1) != 1)
{
return 0;
}
return c;
}
// Interpret the DNS query
bool ParseDnsQuery(char *name, UINT name_size, void *data, UINT data_size)
{
BUF *b;
char tmp[257];
bool ok = true;
USHORT val;
// Validate arguments
if (name == NULL || data == NULL || data_size == 0)
{
return false;
}
StrCpy(name, name_size, "");
b = NewBuf();
WriteBuf(b, data, data_size);
SeekBuf(b, 0, 0);
while (true)
{
UINT next_len = (UINT)GetNextByte(b);
if (next_len > 0)
{
// Read only the specified length
Zero(tmp, sizeof(tmp));
if (ReadBuf(b, tmp, next_len) != next_len)
{
ok = false;
break;
}
// Append
if (StrLen(name) != 0)
{
StrCat(name, name_size, ".");
}
StrCat(name, name_size, tmp);
}
else
{
// Read all
break;
}
}
if (ReadBuf(b, &val, sizeof(val)) != sizeof(val))
{
ok = false;
}
else
{
if (Endian16(val) != 0x01 && Endian16(val) != 0x0c)
{
ok = false;
}
}
if (ReadBuf(b, &val, sizeof(val)) != sizeof(val))
{
ok = false;
}
else
{
if (Endian16(val) != 0x01)
{
ok = false;
}
}
FreeBuf(b);
if (ok == false || StrLen(name) == 0)
{
return false;
}
else
{
return true;
}
}
// UDP parsing // UDP parsing
bool ParseUDP(PKT *p, UCHAR *buf, UINT size) bool ParseUDP(PKT *p, UCHAR *buf, UINT size)
{ {
@ -3053,6 +3155,13 @@ bool ParseUDP(PKT *p, UCHAR *buf, UINT size)
} }
} }
if (dst_port == 53)
{
ParseDNS(p, buf, size);
return true;
}
if (src_port == 500 || dst_port == 500 || src_port == 4500 || dst_port == 4500) if (src_port == 500 || dst_port == 500 || src_port == 4500 || dst_port == 4500)
{ {
if (p->PayloadSize >= sizeof(IKE_HEADER)) if (p->PayloadSize >= sizeof(IKE_HEADER))

View File

@ -705,6 +705,7 @@ struct PKT
UCHAR *Payload; // Pointer to the payload of TCP or UDP UCHAR *Payload; // Pointer to the payload of TCP or UDP
UINT PayloadSize; // Payload size UINT PayloadSize; // Payload size
struct HTTPLOG *HttpLog; // HTTP log struct HTTPLOG *HttpLog; // HTTP log
char DnsQueryHost[64]; // DNS hostname
} GCC_PACKED; } GCC_PACKED;
// Layer-3 packet classification // Layer-3 packet classification
@ -728,6 +729,7 @@ struct PKT
#define L7_DHCPV4 1 // DHCPv4 packet #define L7_DHCPV4 1 // DHCPv4 packet
#define L7_IKECONN 2 // IKE connection request packet #define L7_IKECONN 2 // IKE connection request packet
#define L7_OPENVPNCONN 3 // OpenVPN connection request packet #define L7_OPENVPNCONN 3 // OpenVPN connection request packet
#define L7_DNS 4 // DNS packet
// IKE header // IKE header
@ -869,6 +871,7 @@ bool ParseICMPv6(PKT *p, UCHAR *buf, UINT size);
bool ParseTCP(PKT *p, UCHAR *buf, UINT size); bool ParseTCP(PKT *p, UCHAR *buf, UINT size);
bool ParseUDP(PKT *p, UCHAR *buf, UINT size); bool ParseUDP(PKT *p, UCHAR *buf, UINT size);
void ParseDHCPv4(PKT *p, UCHAR *buf, UINT size); void ParseDHCPv4(PKT *p, UCHAR *buf, UINT size);
void ParseDNS(PKT *p, UCHAR *buf, UINT size);
PKT *ClonePacket(PKT *p, bool copy_data); PKT *ClonePacket(PKT *p, bool copy_data);
void FreeClonePacket(PKT *p); void FreeClonePacket(PKT *p);
@ -901,6 +904,8 @@ void FreeDHCPv4Data(DHCPV4_DATA *d);
bool AdjustTcpMssL3(UCHAR *src, UINT src_size, UINT mss); bool AdjustTcpMssL3(UCHAR *src, UINT src_size, UINT mss);
bool AdjustTcpMssL2(UCHAR *src, UINT src_size, UINT mss, USHORT tag_vlan_tpid); bool AdjustTcpMssL2(UCHAR *src, UINT src_size, UINT mss, USHORT tag_vlan_tpid);
UINT GetIpHeaderSize(UCHAR *src, UINT src_size); UINT GetIpHeaderSize(UCHAR *src, UINT src_size);
bool ParseDnsQuery(char *name, UINT name_size, void *data, UINT data_size);
UCHAR GetNextByte(BUF *b);
bool IsDhcpPacketForSpecificMac(UCHAR *data, UINT size, UCHAR *mac_address); bool IsDhcpPacketForSpecificMac(UCHAR *data, UINT size, UCHAR *mac_address);