2019-11-27 16:10:55 +00:00
package dns
import (
"fmt"
2019-11-29 13:32:07 +00:00
"git.darknebu.la/maride/pancap/common"
2019-11-27 16:10:55 +00:00
"github.com/google/gopacket/layers"
"golang.org/x/net/publicsuffix"
"log"
)
var (
numQuestions int
questionDomains [ ] string
questionBaseDomains [ ] string
questionPrivateDomains [ ] string
questionType = make ( map [ layers . DNSType ] int )
)
// Called on every DNS packet to process questions
func processDNSQuestion ( questions [ ] layers . DNSQuestion ) {
// Iterate over all questions
for _ , question := range questions {
// Raise stats
numQuestions ++
// Add question to questions array
name := string ( question . Name )
basename , basenameErr := publicsuffix . EffectiveTLDPlusOne ( name )
if basenameErr != nil {
// Encountered error while checking for the basename
log . Printf ( "Encountered error while checking '%s' domain for its basename: %s" , name , basenameErr . Error ( ) )
continue
}
// Process type questions
processType ( questionType , question . Type )
// Append full domain and base domain
2019-11-29 13:32:07 +00:00
questionDomains = common . AppendIfUnique ( name , questionDomains )
2019-11-27 16:10:55 +00:00
// Check if we need to add the base name to the private list
_ , icannManaged := publicsuffix . PublicSuffix ( name )
if icannManaged {
// TLD is managed by ICANN, add to the base list
2019-11-29 13:32:07 +00:00
questionBaseDomains = common . AppendIfUnique ( basename , questionBaseDomains )
2019-11-27 16:10:55 +00:00
} else {
// it's not managed by ICANN, so it's private - add it to the private list
2019-11-29 13:32:07 +00:00
questionPrivateDomains = common . AppendIfUnique ( name , questionPrivateDomains )
2019-11-27 16:10:55 +00:00
}
}
}
2019-12-03 22:51:03 +00:00
// Generates a summary of all DNS questions
func generateDNSQuestionSummary ( ) string {
summary := ""
2019-11-27 16:10:55 +00:00
// Overall question stats
2019-12-03 22:51:03 +00:00
summary = fmt . Sprintf ( "%s%d DNS questions in total\n" , summary , numQuestions )
summary = fmt . Sprintf ( "%s%s records\n" , summary , generateDNSTypeSummary ( questionType ) )
summary = fmt . Sprintf ( "%s%d unique domains of %d base domains, of which are %d private (non-ICANN) TLDs.\n" , summary , len ( questionDomains ) , len ( questionBaseDomains ) , len ( questionPrivateDomains ) )
2019-11-27 16:10:55 +00:00
// Output base domains asked for
if len ( questionBaseDomains ) > 0 {
2019-12-03 22:51:03 +00:00
summary = fmt . Sprintf ( "%sAsked for these base domains:\n%s" , summary , common . GenerateTree ( questionBaseDomains ) )
2019-11-27 16:10:55 +00:00
}
// Output private domains
if len ( questionPrivateDomains ) > 0 {
2019-12-03 22:51:03 +00:00
summary = fmt . Sprintf ( "%sAsked for these private (non-ICANN managed) domains:\n%s" , summary , common . GenerateTree ( questionPrivateDomains ) )
2019-11-27 16:10:55 +00:00
}
2019-12-03 22:51:03 +00:00
// And return summary
return summary
2019-11-27 16:10:55 +00:00
}