Improve handling of nested compression pointers and add columns for multiple answers, authorities and additionals.

src/dns.cpp

@@ -37,6 +37,7 @@
 #include <cctype>
 #include "output.h"
 #include "dns.h"
+#include <sstream>
 
 namespace se {
 
@@ -64,6 +65,9 @@ void Parse_dns::add_packet_columns()
 
     add_packet_column("qname",          "", Coltype::_text, COLUMN_QNAME);
     add_packet_column("aname",          "", Coltype::_text, COLUMN_ANAME);
+    add_packet_column("answers",        "", Coltype::_text, COLUMN_ANSWERS);
+    add_packet_column("authorities",    "", Coltype::_text, COLUMN_AUTHORITIES);
+    add_packet_column("additionals",    "", Coltype::_text, COLUMN_ADDITIONALS);
     add_packet_column("msg_id",         "", Coltype::_int, COLUMN_MSG_ID);
     add_packet_column("msg_size",       "", Coltype::_int, COLUMN_MSG_SIZE);
     add_packet_column("opcode",         "", Coltype::_int, COLUMN_OPCODE);
@@ -184,6 +188,12 @@ void Parse_dns::add_lookup_tables()
     g_db.add_lut( "rcode", 20 ,"BADNAME" );
     g_db.add_lut( "rcode", 21 ,"BADALG" );
     g_db.add_lut( "rcode", 22 ,"BADTRUNC" );
+
+    g_db.add_lut( "qclass", 1,   "IN" );
+    g_db.add_lut( "qclass", 3,   "CH" );
+    g_db.add_lut( "qclass", 4,   "HS" );
+    g_db.add_lut( "qclass", 254, "NONE" );
+    g_db.add_lut( "qclass", 255, "ANY" );
 }
 
 void Parse_dns::on_table_created(Table *table, const std::vector<int> &columns)
@@ -220,6 +230,30 @@ void Parse_dns::on_table_created(Table *table, const std::vector<int> &columns)
 
     acc_qname          = table->get_accessor<text_column>("qname");
     acc_aname          = table->get_accessor<text_column>("aname");
+    acc_answers        = table->get_accessor<text_column>("answers");
+    acc_authorities    = table->get_accessor<text_column>("authorities");
+    acc_additionals    = table->get_accessor<text_column>("additionals");
+}
+
+#define SSTR(x) dynamic_cast<std::ostringstream &>((std::ostringstream() << std::dec << x)).str()
+RefCountString* Parse_dns::get_rrs(DNSMessage::Header &header, int count, DNSMessage::RR* rrs)
+{
+    std::string tmp;
+    for (int i=0;i<(count < MAX_RRS ? count : MAX_RRS);i++) {
+        if (i > 0) {
+            tmp.append(",");
+        }
+        tmp.append(rrs[i].name);
+        tmp.append(" ");
+        tmp.append(SSTR(rrs[i].ttl));
+        tmp.append(" ");
+        RefCountString* h = g_db.get_value("qclass",rrs[i].rr_class);
+        h ? tmp.append(h->data) : tmp.append(SSTR(rrs[i].rr_class));
+        tmp.append(" ");
+        h = g_db.get_value("qtype",rrs[i].type);
+        h ? tmp.append(h->data) : tmp.append(SSTR(rrs[i].type));
+    }
+    return RefCountString::construct(tmp.c_str());
 }
 
 Packet::ParseResult Parse_dns::parse(Packet &packet, const std::vector<int> &columns, Row &destination_row, bool sample)
@@ -355,6 +389,18 @@ Packet::ParseResult Parse_dns::parse(Packet &packet, const std::vector<int> &col
             acc_udp_size.value(r) = message.m_edns0 ? message.m_udp_size : 0;
             break;
 
+        case COLUMN_ANSWERS:
+            acc_answers.value(r) = get_rrs(header, header.ancount, message.m_answer);
+            break;
+
+        case COLUMN_AUTHORITIES:
+            acc_authorities.value(r) = get_rrs(header, header.nscount, message.m_authority);
+            break;
+
+        case COLUMN_ADDITIONALS:
+            acc_additionals.value(r) = get_rrs(header, header.arcount, message.m_additional);
+            break;
+
         case COLUMN_ANAME:
             acc_aname.value(r) = header.ancount ? RefCountString::construct(message.m_answer[0].name) : RefCountString::construct("");
             break;

src/dns.h

@@ -40,6 +40,7 @@
 #include <assert.h>
 
 #define IPPROTO_ICMP 1
+#define MAX_RRS 32
 
 namespace se {
 
@@ -173,9 +174,9 @@ class DNSMessage
         int              m_length;
         Header           m_header;
         Question         m_questions[2];
-        RR               m_answer[2];
-        RR               m_authority[2];
-        RR               m_additional[2];
+        RR               m_answer[MAX_RRS + 1];
+        RR               m_authority[MAX_RRS + 1];
+        RR               m_additional[MAX_RRS + 1];
         RR               *m_opt_rr;
         int              m_error;
         bool             m_edns0;
@@ -213,12 +214,10 @@ class DNSMessage
             {
                 while(n>=192)
                 {
-                    if (savedoffs)
+                    if (savedoffs == 0)
                     {
-                        out[p++]=0;
-                        return savedoffs;
+                    	savedoffs=offs+1;
                     }
-                    savedoffs=offs+1;
                     int n2=get_ubyte(offs++);
                     int ptr =(n&63)*0x100+n2;
                     offs=ptr;
@@ -262,8 +261,8 @@ class DNSMessage
             cnt=m_header.ancount;
             while (cnt-->0)
             {
-                offs = m_answer[q].parse(*this,offs);
-                q=1;    // not ++ ignore further Q's
+                offs = m_answer[q % MAX_RRS].parse(*this,offs);
+                q++;
                 if (offs>m_length)
                 {
                     m_error=offs;
@@ -274,8 +273,8 @@ class DNSMessage
             cnt=m_header.nscount;
             while (cnt-->0)
             {
-                offs = m_authority[q].parse(*this,offs);
-                q=1;    // not ++ ignore further Q's
+                offs = m_authority[q % MAX_RRS].parse(*this,offs);
+                q++;
                 if (offs>m_length)
                 {
                     m_error=offs;
@@ -286,8 +285,8 @@ class DNSMessage
             cnt=m_header.arcount;
             while (cnt-->0)
             {
-                offs = m_additional[q].parse(*this,offs);
-                q=1;    // not ++ ignore further Q's
+                offs = m_additional[q % MAX_RRS].parse(*this,offs);
+                q++;
                 if (offs>m_length)
                 {
                     m_error=offs;
@@ -326,6 +325,9 @@ class Parse_dns : public Packet_handler
     enum {
         COLUMN_QNAME = IP_header_to_table::COLUMN_FRAGMENTS + 1,
         COLUMN_ANAME,
+        COLUMN_ANSWERS,
+        COLUMN_AUTHORITIES,
+        COLUMN_ADDITIONALS,
         COLUMN_MSG_ID,
         COLUMN_MSG_SIZE,
         COLUMN_OPCODE,
@@ -367,6 +369,8 @@ class Parse_dns : public Packet_handler
 
     IP_header_to_table m_ip_helper;
 
+    RefCountString* get_rrs(DNSMessage::Header&, int count, DNSMessage::RR*);
+
     Int_accessor acc_s;
     Int_accessor acc_us;
     Int_accessor acc_ether_type;
@@ -400,6 +404,9 @@ class Parse_dns : public Packet_handler
     Bool_accessor acc_edns0;
     Text_accessor acc_qname;
     Text_accessor acc_aname;
+    Text_accessor acc_answers;
+    Text_accessor acc_authorities;
+    Text_accessor acc_additionals;
     Text_accessor acc_src_addr;
     Text_accessor acc_dst_addr;
 };