From a1081609b31d6df08d1fdc2ef3cf0bc7f9796a45 Mon Sep 17 00:00:00 2001 From: Parsa Yousefi Date: Sun, 30 Jun 2024 18:02:11 +0200 Subject: [PATCH] result: add server to packet result --- docs/content/en/docs/Outputs/_index.md | 2 +- internal/capture/packet.go | 1 + internal/output/parquet.go | 1 + internal/util/gob.go | 2 ++ internal/util/types.go | 1 + 5 files changed, 6 insertions(+), 1 deletion(-) diff --git a/docs/content/en/docs/Outputs/_index.md b/docs/content/en/docs/Outputs/_index.md index 007a02b..3272e5a 100755 --- a/docs/content/en/docs/Outputs/_index.md +++ b/docs/content/en/docs/Outputs/_index.md @@ -24,7 +24,7 @@ Other than `Type`, each output module may require additional configuration param - `json`: the standard JSON output. The output looks like below sample ```json -{"Timestamp":"2020-08-08T00:19:42.567768Z","DNS":{"Id":54443,"Response":true,"Opcode":0,"Authoritative":false,"Truncated":false,"RecursionDesired":true,"RecursionAvailable":true,"Zero":false,"AuthenticatedData":false,"CheckingDisabled":false,"Rcode":0,"Question":[{"Name":"imap.gmail.com.","Qtype":1,"Qclass":1}],"Answer":[{"Hdr":{"Name":"imap.gmail.com.","Rrtype":1,"Class":1,"Ttl":242,"Rdlength":4},"A":"172.217.194.108"},{"Hdr":{"Name":"imap.gmail.com.","Rrtype":1,"Class":1,"Ttl":242,"Rdlength":4},"A":"172.217.194.109"}],"Ns":null,"Extra":null},"IPVersion":4,"SrcIP":"1.1.1.1","DstIP":"2.2.2.2","Protocol":"udp","PacketLength":64} +{"Timestamp":"2020-08-08T00:19:42.567768Z","Server": "default","DNS":{"Id":54443,"Response":true,"Opcode":0,"Authoritative":false,"Truncated":false,"RecursionDesired":true,"RecursionAvailable":true,"Zero":false,"AuthenticatedData":false,"CheckingDisabled":false,"Rcode":0,"Question":[{"Name":"imap.gmail.com.","Qtype":1,"Qclass":1}],"Answer":[{"Hdr":{"Name":"imap.gmail.com.","Rrtype":1,"Class":1,"Ttl":242,"Rdlength":4},"A":"172.217.194.108"},{"Hdr":{"Name":"imap.gmail.com.","Rrtype":1,"Class":1,"Ttl":242,"Rdlength":4},"A":"172.217.194.109"}],"Ns":null,"Extra":null},"IPVersion":4,"SrcIP":"1.1.1.1","DstIP":"2.2.2.2","Protocol":"udp","PacketLength":64} ``` - `csv`: the CSV output. The fields and headers are non-customizable at the moment. to get a custom output, please look at `gotemplate`. ```csv diff --git a/internal/capture/packet.go b/internal/capture/packet.go index 4fce6ba..b7214e0 100644 --- a/internal/capture/packet.go +++ b/internal/capture/packet.go @@ -45,6 +45,7 @@ func (config captureConfig) processTransport(foundLayerTypes *[]gopacket.LayerTy } config.resultChannel <- util.DNSResult{ Timestamp: timestamp, + Server: util.GeneralFlags.ServerName, DNS: msg, IPVersion: IPVersion, SrcIP: SrcIP.Mask(net.CIDRMask(MaskSize, BitSize)), DstIP: DstIP.Mask(net.CIDRMask(MaskSize, BitSize)), Protocol: "udp", PacketLength: uint16(len(udp.Payload)), } diff --git a/internal/output/parquet.go b/internal/output/parquet.go index 5f56530..37cdc89 100644 --- a/internal/output/parquet.go +++ b/internal/output/parquet.go @@ -50,6 +50,7 @@ type parquetConfig struct { type parquetRow struct { Timestamp time.Time `parquet:"timestamp,snappy"` + Server string `parquet:"server,snappy"` IPVersion uint32 `parquet:"ip_version,snappy,dict"` SrcIP net.IP `parquet:"src_ip,snappy"` DstIP net.IP `parquet:"dst_ip,snappy"` diff --git a/internal/util/gob.go b/internal/util/gob.go index a306bbf..f3e4ad2 100644 --- a/internal/util/gob.go +++ b/internal/util/gob.go @@ -25,6 +25,7 @@ import ( type gobOutput struct{} type DNSResultBinary struct { Timestamp time.Time + Server string DNS []byte //packed version of dns.msg (dns.Msg.Pack()) IPVersion uint8 SrcIP net.IP @@ -42,6 +43,7 @@ func (g gobOutput) Marshal(d DNSResult) []byte { bMsg, _ := d.DNS.Pack() dnsBin := DNSResultBinary{ Timestamp: d.Timestamp, + Server: d.Server, DNS: bMsg, IPVersion: d.IPVersion, SrcIP: d.SrcIP, diff --git a/internal/util/types.go b/internal/util/types.go index 91f136f..05f5aac 100644 --- a/internal/util/types.go +++ b/internal/util/types.go @@ -27,6 +27,7 @@ import ( // For DNStap, this is probably going to be replaced with something else. type DNSResult struct { Timestamp time.Time + Server string DNS mkdns.Msg IPVersion uint8 SrcIP net.IP