-
Notifications
You must be signed in to change notification settings - Fork 4.9k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #643 from McStork/cherry1.1-dns-tcp
Backport - DNS over TCP clean-up and improvements
- Loading branch information
Showing
10 changed files
with
1,537 additions
and
1,220 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,43 @@ | ||
| #### UDP | ||
|
|
||
| **Parsing** | ||
|
|
||
| 1. Attempt to decode each UDP packet. | ||
| 2. If it succeeds, a transaction is sent. | ||
|
|
||
| **Error management** | ||
| * Debug information is printed if: | ||
| * A packet fails to decode. | ||
|
|
||
| * Error Notes are published if: | ||
| * Never | ||
|
|
||
| #### TCP | ||
|
|
||
| **Parsing** | ||
|
|
||
| 1. Fetch the first two bytes of a message containing the length of the message ([RFC 1035](https://www.ietf.org/rfc/rfc1035.txt)). | ||
| 2. Fill the buffer ```DnsStream.rawData``` with each new ```Parse```. | ||
| 3. Once the buffer has the expected length (first two bytes), it is decoded and the message is published. | ||
|
|
||
| **Error management** | ||
| * Debug information is printed if: | ||
| * A message has an unexpected length at any point of the transmission (```Parse```, ```GapInStream```, ```ReceivedFin```). | ||
| * A message fails to decode. | ||
|
|
||
| * Error Notes are published if: | ||
| * A response following a request (```dnsConnectionData.prevRequest```) fails to decode. | ||
| * A response following a request (```dnsConnectionData.prevRequest```) has an unexpected length at any point of the transmission (```Parse```, ```GapInStream```, ```ReceivedFin```). | ||
|
|
||
| When response error Notes are linked to the previous request, the transaction is then published and removed from the cache (see ```publishResponseError()```). | ||
|
|
||
| #### TODO | ||
|
|
||
| **General** | ||
| * Publish an event with Notes when a Query or a lone Response cannot be decoded. | ||
| * Add EDNS and DNSSEC support (consider using miekg/dns instead | ||
| of gopacket). | ||
| * Consider adding ICMP support to | ||
| - correlate ICMP type 3, code 4 (datagram too big) with DNS messages, | ||
| - correlate ICMP type 3, code 13 (administratively prohibited) or | ||
| ICMP type 3, code 3 (port unreachable) with blocked DNS messages. |
Oops, something went wrong.