pancap/protocol/dns/answer.go

package dns

import (
	"fmt"
	"github.com/google/gopacket/layers"
	"github.com/maride/pancap/common"
	"golang.org/x/net/publicsuffix"
	"log"
)

var (
	numAnswers           int
	answerDomains        []string
	answerBaseDomains    []string
	answerPrivateDomains []string
	answerType           = make(map[layers.DNSType]int)
	answerPublicIPv4     []string
	answerPrivateIPv4    []string
)

// Called on every DNS packet to process response(s)
func (p *Protocol) processDNSAnswer(answers []layers.DNSResourceRecord) {
	for _, answer := range answers {
		// Raise stats
		numAnswers++

		// Add answer to answers array
		name := string(answer.Name)
		basename, basenameErr := publicsuffix.EffectiveTLDPlusOne(name)

		if basenameErr != nil {
			// Encountered error while checking for the basename
			log.Printf("Encountered error while checking '%s' domain for its basename: %s", name, basenameErr.Error())
			continue
		}

		// Process type answers
		p.processType(answerType, answer.Type)

		// Append full domain and base domain
		answerDomains = common.AppendIfUnique(name, answerDomains)

		// Check if we need to add the base name to the private list
		_, icannManaged := publicsuffix.PublicSuffix(name)
		if icannManaged {
			// TLD is managed by ICANN, add to the base list
			answerBaseDomains = common.AppendIfUnique(basename, answerBaseDomains)
		} else {
			// it's not managed by ICANN, so it's private - add it to the private list
			answerPrivateDomains = common.AppendIfUnique(name, answerPrivateDomains)
		}

		// Check if we got an A record answer
		if answer.Type == layers.DNSTypeA {
			// A record, check IP for being private
			if ipIsPrivate(answer.IP) {
				answerPrivateIPv4 = common.AppendIfUnique(answer.IP.String(), answerPrivateIPv4)
			} else {
				answerPublicIPv4 = common.AppendIfUnique(answer.IP.String(), answerPublicIPv4)
			}
		}
	}
}

// Generates a summary of all DNS answers
func (p *Protocol) generateDNSAnswerSummary() string {
	summary := ""

	// Overall question stats
	summary = fmt.Sprintf("%s%d DNS answers in total\n", summary, numAnswers)
	summary = fmt.Sprintf("%s%s records\n", summary, p.generateDNSTypeSummary(answerType))
	summary = fmt.Sprintf("%s%d unique domains of %d base domains, of which are %d private (non-ICANN) TLDs.\n", summary, len(answerDomains), len(answerBaseDomains), len(answerPrivateDomains))

	// Output base domains answered with
	if len(answerBaseDomains) > 0 {
		summary = fmt.Sprintf("Answered with these base domains:\n%s", common.GenerateTree(answerBaseDomains))
	}

	// Output private domains
	if len(answerPrivateDomains) > 0 {
		summary = fmt.Sprintf("%sAnswered with these private (non-ICANN managed) domains:\n%s", summary, common.GenerateTree(answerPrivateDomains))
	}

	// Check for public and private IPs
	summary = fmt.Sprintf("%sAnswered with %d public IP addresses and %d private IP addresses\n", summary, len(answerPublicIPv4), len(answerPrivateIPv4))
	if len(answerPrivateIPv4) > 0 {
		summary = fmt.Sprintf("%sPrivate IP addresses in answer:\n%s", summary, common.GenerateTree(answerPrivateIPv4))
	}

	// Return summary
	return summary
}
Move DNS to its own package, and unclutter dns.go in that step 2019-11-27 16:10:55 +00:00			`package dns`

			`import (`
			`"fmt"`
			`"github.com/google/gopacket/layers"`
Reformat code 2023-09-02 21:49:02 +00:00			`"github.com/maride/pancap/common"`
Move DNS to its own package, and unclutter dns.go in that step 2019-11-27 16:10:55 +00:00			`"golang.org/x/net/publicsuffix"`
			`"log"`
			`)`

			`var (`
Reformat code 2023-09-02 21:49:02 +00:00			`numAnswers int`
			`answerDomains []string`
			`answerBaseDomains []string`
Move DNS to its own package, and unclutter dns.go in that step 2019-11-27 16:10:55 +00:00			`answerPrivateDomains []string`
Reformat code 2023-09-02 21:49:02 +00:00			`answerType = make(map[layers.DNSType]int)`
			`answerPublicIPv4 []string`
			`answerPrivateIPv4 []string`
Move DNS to its own package, and unclutter dns.go in that step 2019-11-27 16:10:55 +00:00			`)`

			`// Called on every DNS packet to process response(s)`
Get rid of LinkType-style branching: different LinkTypes may use the same Protocol modules. 2019-12-09 11:14:01 +00:00			`func (p *Protocol) processDNSAnswer(answers []layers.DNSResourceRecord) {`
Move DNS to its own package, and unclutter dns.go in that step 2019-11-27 16:10:55 +00:00			`for _, answer := range answers {`
			`// Raise stats`
			`numAnswers++`

			`// Add answer to answers array`
			`name := string(answer.Name)`
			`basename, basenameErr := publicsuffix.EffectiveTLDPlusOne(name)`

			`if basenameErr != nil {`
			`// Encountered error while checking for the basename`
			`log.Printf("Encountered error while checking '%s' domain for its basename: %s", name, basenameErr.Error())`
			`continue`
			`}`

			`// Process type answers`
Get rid of LinkType-style branching: different LinkTypes may use the same Protocol modules. 2019-12-09 11:14:01 +00:00			`p.processType(answerType, answer.Type)`
Move DNS to its own package, and unclutter dns.go in that step 2019-11-27 16:10:55 +00:00
			`// Append full domain and base domain`
Move common code into new package, 'common' 2019-11-29 13:32:07 +00:00			`answerDomains = common.AppendIfUnique(name, answerDomains)`
Move DNS to its own package, and unclutter dns.go in that step 2019-11-27 16:10:55 +00:00
			`// Check if we need to add the base name to the private list`
			`_, icannManaged := publicsuffix.PublicSuffix(name)`
			`if icannManaged {`
			`// TLD is managed by ICANN, add to the base list`
Move common code into new package, 'common' 2019-11-29 13:32:07 +00:00			`answerBaseDomains = common.AppendIfUnique(basename, answerBaseDomains)`
Move DNS to its own package, and unclutter dns.go in that step 2019-11-27 16:10:55 +00:00			`} else {`
			`// it's not managed by ICANN, so it's private - add it to the private list`
Move common code into new package, 'common' 2019-11-29 13:32:07 +00:00			`answerPrivateDomains = common.AppendIfUnique(name, answerPrivateDomains)`
Move DNS to its own package, and unclutter dns.go in that step 2019-11-27 16:10:55 +00:00			`}`

			`// Check if we got an A record answer`
			`if answer.Type == layers.DNSTypeA {`
			`// A record, check IP for being private`
			`if ipIsPrivate(answer.IP) {`
Check for doubles before adding IP addresses to DNS answer list 2019-12-03 17:14:49 +00:00			`answerPrivateIPv4 = common.AppendIfUnique(answer.IP.String(), answerPrivateIPv4)`
Move DNS to its own package, and unclutter dns.go in that step 2019-11-27 16:10:55 +00:00			`} else {`
Check for doubles before adding IP addresses to DNS answer list 2019-12-03 17:14:49 +00:00			`answerPublicIPv4 = common.AppendIfUnique(answer.IP.String(), answerPublicIPv4)`
Move DNS to its own package, and unclutter dns.go in that step 2019-11-27 16:10:55 +00:00			`}`
			`}`
			`}`
			`}`

Unify logging process 2019-12-03 22:51:03 +00:00			`// Generates a summary of all DNS answers`
Get rid of LinkType-style branching: different LinkTypes may use the same Protocol modules. 2019-12-09 11:14:01 +00:00			`func (p *Protocol) generateDNSAnswerSummary() string {`
Unify logging process 2019-12-03 22:51:03 +00:00			`summary := ""`

Move DNS to its own package, and unclutter dns.go in that step 2019-11-27 16:10:55 +00:00			`// Overall question stats`
Unify logging process 2019-12-03 22:51:03 +00:00			`summary = fmt.Sprintf("%s%d DNS answers in total\n", summary, numAnswers)`
Get rid of LinkType-style branching: different LinkTypes may use the same Protocol modules. 2019-12-09 11:14:01 +00:00			`summary = fmt.Sprintf("%s%s records\n", summary, p.generateDNSTypeSummary(answerType))`
Unify logging process 2019-12-03 22:51:03 +00:00			`summary = fmt.Sprintf("%s%d unique domains of %d base domains, of which are %d private (non-ICANN) TLDs.\n", summary, len(answerDomains), len(answerBaseDomains), len(answerPrivateDomains))`
Move DNS to its own package, and unclutter dns.go in that step 2019-11-27 16:10:55 +00:00
			`// Output base domains answered with`
			`if len(answerBaseDomains) > 0 {`
Unify logging process 2019-12-03 22:51:03 +00:00			`summary = fmt.Sprintf("Answered with these base domains:\n%s", common.GenerateTree(answerBaseDomains))`
Move DNS to its own package, and unclutter dns.go in that step 2019-11-27 16:10:55 +00:00			`}`

			`// Output private domains`
			`if len(answerPrivateDomains) > 0 {`
Unify logging process 2019-12-03 22:51:03 +00:00			`summary = fmt.Sprintf("%sAnswered with these private (non-ICANN managed) domains:\n%s", summary, common.GenerateTree(answerPrivateDomains))`
Move DNS to its own package, and unclutter dns.go in that step 2019-11-27 16:10:55 +00:00			`}`

			`// Check for public and private IPs`
Unify logging process 2019-12-03 22:51:03 +00:00			`summary = fmt.Sprintf("%sAnswered with %d public IP addresses and %d private IP addresses\n", summary, len(answerPublicIPv4), len(answerPrivateIPv4))`
Move DNS to its own package, and unclutter dns.go in that step 2019-11-27 16:10:55 +00:00			`if len(answerPrivateIPv4) > 0 {`
Unify logging process 2019-12-03 22:51:03 +00:00			`summary = fmt.Sprintf("%sPrivate IP addresses in answer:\n%s", summary, common.GenerateTree(answerPrivateIPv4))`
Move DNS to its own package, and unclutter dns.go in that step 2019-11-27 16:10:55 +00:00			`}`
Unify logging process 2019-12-03 22:51:03 +00:00
			`// Return summary`
			`return summary`
Move DNS to its own package, and unclutter dns.go in that step 2019-11-27 16:10:55 +00:00			`}`