Add DNS response address

PCanyi · Mar 29, 2019 · c496c79 · c496c79
1 parent 8dbe781
commit c496c79
Show file tree

Hide file tree

Showing 2 changed files with 17 additions and 0 deletions.
diff --git a/src/include/ndpi_typedefs.h b/src/include/ndpi_typedefs.h
@@ -1079,6 +1079,7 @@ struct ndpi_flow_struct {
     struct {
       u_int8_t num_queries, num_answers, reply_code;
       u_int16_t query_type, query_class, rsp_type;
+      ndpi_ip_addr_t rsp_addr; /* The first address in a DNS response packet */
     } dns;
 
     struct {

diff --git a/src/lib/protocols/dns.c b/src/lib/protocols/dns.c
@@ -186,6 +186,22 @@ void ndpi_search_dns(struct ndpi_detection_module_struct *ndpi_struct, struct nd
 
 		rsp_type = get16(&x, flow->packet.payload);
 		flow->protos.dns.rsp_type = rsp_type;
+
+		/* here x points to the response "class" field */
+		if((x+12) < flow->packet.payload_packet_len) {
+		  x += 6;
+		  data_len = get16(&x, flow->packet.payload);
+
+		  if(((x + data_len) < flow->packet.payload_packet_len)
+		    && (((rsp_type == 0x1) && (data_len == 4)) /* A */
+#ifdef NDPI_DETECTION_SUPPORT_IPV6
+		       || ((rsp_type == 0x1c) && (data_len == 16)) /* AAAA */
+#endif
+		  )) {
+		    memcpy(&flow->protos.dns.rsp_addr, flow->packet.payload + x, data_len);
+		  }
+		}
+
 		break;
 	      }
 	    }