Skip to content

Commit

Permalink
minor bugfixes in ipv6 and multiple outputs
Browse files Browse the repository at this point in the history
  • Loading branch information
@mosajjal
mosajjal committed Sep 1, 2021
1 parent fbd668f commit 17e8836
Show file tree
Hide file tree
Showing 7 changed files with 21 additions and 9 deletions.
3 changes: 2 additions & 1 deletion src/afpacket_linux.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -39,6 +39,7 @@ func (h *afpacketHandle) SetBPFFilter(filter string, snaplen int) (err error) {
}
bpfIns = append(bpfIns, bpfIns2)
}
log.Infof("Filter: %s", filter)
if h.TPacket.SetBPF(bpfIns); err != nil {
return err
}
Expand Down Expand Up @@ -91,7 +92,7 @@ func initializeLiveAFpacket(devName, filter string) *afpacketHandle {
errorHandler(err)

handle.SetBPFFilter(filter, 1024)

log.Infof("Opened: %s", devName)
return handle
}

Expand Down
2 changes: 1 addition & 1 deletion src/capture_pcap.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@ var pcapStats captureStats

func initializeLivePcap(devName, filter string) *pcap.Handle {
// Open device
handle, err := pcap.OpenLive(devName, 65536, true, pcap.BlockForever)
handle, err := pcap.OpenLive(devName, 65536, true, time.Second*30)
errorHandler(err)

// Set Filter
Expand Down
7 changes: 7 additions & 0 deletions src/dispatch.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,8 @@ package main
import (
"sync"
"time"

log "github.com/sirupsen/logrus"
)

func dispatchOutput(resultChannel chan DNSResult, exiting chan bool, wg *sync.WaitGroup) {
Expand All @@ -19,7 +21,10 @@ func dispatchOutput(resultChannel chan DNSResult, exiting chan bool, wg *sync.Wa
allowDomainsFileTicker := time.NewTicker(generalOptions.AllowDomainsRefreshInterval)
allowDomainsFileTickerChan := allowDomainsFileTicker.C
if generalOptions.AllowDomainsFile == "" {
log.Infof("skipping allowDomains refresh since it's empty")
allowDomainsFileTicker.Stop()
} else {
log.Infof("allowDomains refresh interval is %s", generalOptions.AllowDomainsRefreshInterval)
}

for {
Expand Down Expand Up @@ -49,12 +54,14 @@ func dispatchOutput(resultChannel chan DNSResult, exiting chan bool, wg *sync.Wa
case <-exiting:
return
case <-skipDomainsFileTickerChan:
log.Infof("reached skipDomains tick")
if skipDomainMapBool {
skipDomainMap = loadDomainsToMap(generalOptions.SkipDomainsFile)
} else {
skipDomainList = loadDomainsToList(generalOptions.SkipDomainsFile)
}
case <-allowDomainsFileTickerChan:
log.Infof("reached allowDomains tick")
if allowDomainMapBool {
allowDomainMap = loadDomainsToMap(generalOptions.AllowDomainsFile)
} else {
Expand Down
10 changes: 7 additions & 3 deletions src/output_clickhouse.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -141,10 +141,14 @@ func clickhouseSendData(connect clickhouse.Clickhouse, batch []DNSResult, chConf
}

// getting variables ready
ip := batch[k].DstIP
var ip uint32
if batch[k].IPVersion == 4 {
ip = ip.Mask(net.CIDRMask(chConfig.general.maskSize, 32))
ipTemp := batch[k].DstIP.Mask(net.CIDRMask(chConfig.general.maskSize, 32))
ip = binary.BigEndian.Uint32(ipTemp[:4])
} else {
ip = binary.BigEndian.Uint32(batch[k].DstIP[:4]) //ipv6 with no mask but only 32 bits
}

QR := uint8(0)
if batch[k].DNS.Response {
QR = 1
Expand All @@ -163,7 +167,7 @@ func clickhouseSendData(connect clickhouse.Clickhouse, batch []DNSResult, chConf
b.WriteDateTime(1, batch[k].Timestamp)
b.WriteBytes(2, []byte(chConfig.general.serverName))
b.WriteUInt8(3, batch[k].IPVersion)
b.WriteUInt32(4, binary.BigEndian.Uint32(ip[:4]))
b.WriteUInt32(4, ip) //TODO: fix this for ipv6
b.WriteFixedString(5, []byte(batch[k].Protocol))
b.WriteUInt8(6, QR)
b.WriteUInt8(7, uint8(batch[k].DNS.Opcode))
Expand Down
2 changes: 1 addition & 1 deletion src/output_kafka.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -61,7 +61,7 @@ func kafkaOutput(kafConfig kafkaConfig) {

for {
select {
case data := <-resultChannel:
case data := <-kafConfig.resultChannel:
if kafConfig.general.packetLimit == 0 || len(batch) < kafConfig.general.packetLimit {
batch = append(batch, data)
}
Expand Down
2 changes: 1 addition & 1 deletion src/output_splunk.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -109,7 +109,7 @@ func splunkOutput(spConfig splunkConfig) {

for {
select {
case data := <-resultChannel:
case data := <-spConfig.resultChannel:
if spConfig.general.packetLimit == 0 || len(batch) < spConfig.general.packetLimit {
batch = append(batch, data)
}
Expand Down
4 changes: 2 additions & 2 deletions src/output_stdout_file.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@ func stdoutOutput(stdConfig stdoutConfig) {

for {
select {
case data := <-resultChannel:
case data := <-stdConfig.resultChannel:
for _, dnsQuery := range data.DNS.Question {

if checkIfWeSkip(stdConfig.stdoutOutputType, dnsQuery.Name) {
Expand Down Expand Up @@ -54,7 +54,7 @@ func fileOutput(fConfig fileConfig) {

for {
select {
case data := <-resultChannel:
case data := <-fConfig.resultChannel:
for _, dnsQuery := range data.DNS.Question {

if checkIfWeSkip(fConfig.fileOutputType, dnsQuery.Name) {
Expand Down

0 comments on commit 17e8836

Please sign in to comment.