diff --git a/libs/visor_dns/dns.h b/libs/visor_dns/dns.h index a8d105f1b..20606f1a9 100644 --- a/libs/visor_dns/dns.h +++ b/libs/visor_dns/dns.h @@ -24,6 +24,11 @@ namespace visor::lib::dns { +inline bool isDnsPort(uint16_t port) +{ + return pcpp::DnsLayer::isDnsPort(port) || port == 53000; +} + inline std::unique_ptr createDnsOverTcp(pcpp::TcpLayer *tcpLayer, pcpp::Packet *packet) { return std::make_unique(tcpLayer->getData() + sizeof(pcpp::tcphdr), tcpLayer->getDataLen() - sizeof(pcpp::tcphdr), tcpLayer, packet); diff --git a/src/handlers/dns/v1/DnsStreamHandler.cpp b/src/handlers/dns/v1/DnsStreamHandler.cpp index 0a5615bf4..4ba4ea83e 100644 --- a/src/handlers/dns/v1/DnsStreamHandler.cpp +++ b/src/handlers/dns/v1/DnsStreamHandler.cpp @@ -279,9 +279,9 @@ void DnsStreamHandler::process_udp_packet_cb(pcpp::Packet &payload, PacketDirect auto src_port = udpLayer->getSrcPort(); // note we want to capture metrics only when one of the ports is dns, // but metrics on the port which is _not_ the dns port - if (pcpp::DnsLayer::isDnsPort(dst_port)) { + if (isDnsPort(dst_port)) { metric_port = src_port; - } else if (pcpp::DnsLayer::isDnsPort(src_port)) { + } else if (isDnsPort(src_port)) { metric_port = dst_port; } if (metric_port) { @@ -313,9 +313,9 @@ void DnsStreamHandler::process_tcp_reassembled_packet_cb(pcpp::Packet &payload, auto src_port = tcpLayer->getSrcPort(); // note we want to capture metrics only when one of the ports is dns, // but metrics on the port which is _not_ the dns port - if (pcpp::DnsLayer::isDnsPort(dst_port)) { + if (isDnsPort(dst_port)) { metric_port = src_port; - } else if (pcpp::DnsLayer::isDnsPort(src_port)) { + } else if (isDnsPort(src_port)) { metric_port = dst_port; } if (metric_port) { @@ -385,9 +385,9 @@ void DnsStreamHandler::tcp_message_ready_cb(int8_t side, const pcpp::TcpStreamDa // note we want to capture metrics only when one of the ports is dns, // but metrics on the port which is _not_ the dns port uint16_t metric_port{0}; - if (pcpp::DnsLayer::isDnsPort(tcpData.getConnectionData().dstPort)) { + if (isDnsPort(tcpData.getConnectionData().dstPort)) { metric_port = tcpData.getConnectionData().srcPort; - } else if (pcpp::DnsLayer::isDnsPort(tcpData.getConnectionData().srcPort)) { + } else if (isDnsPort(tcpData.getConnectionData().srcPort)) { metric_port = tcpData.getConnectionData().dstPort; } if (metric_port) { @@ -445,9 +445,9 @@ void DnsStreamHandler::tcp_connection_start_cb(const pcpp::ConnectionData &conne // note we want to capture metrics only when one of the ports is dns, // but metrics on the port which is _not_ the dns port uint16_t metric_port{0}; - if (pcpp::DnsLayer::isDnsPort(connectionData.dstPort)) { + if (isDnsPort(connectionData.dstPort)) { metric_port = connectionData.srcPort; - } else if (pcpp::DnsLayer::isDnsPort(connectionData.srcPort)) { + } else if (isDnsPort(connectionData.srcPort)) { metric_port = connectionData.dstPort; } if (iter == _tcp_connections.end() && metric_port) { @@ -497,7 +497,6 @@ inline void DnsStreamHandler::_register_predicate_filter(Filters filter, std::st cache.flowKey = flowkey; cache.timestamp = stamp; cache.dnsLayer = createDnsOverUdp(udpLayer, &payload); - ; } auto dnsLayer = cache.dnsLayer.get(); // return the 'jump key' for pcap to make O(1) call to appropriate signals @@ -515,7 +514,6 @@ inline void DnsStreamHandler::_register_predicate_filter(Filters filter, std::st cache.flowKey = flowkey; cache.timestamp = stamp; cache.dnsLayer = createDnsOverUdp(udpLayer, &payload); - ; } auto dnsLayer = cache.dnsLayer.get(); // return the 'jump key' for pcap to make O(1) call to appropriate signals diff --git a/src/handlers/dns/v2/DnsStreamHandler.cpp b/src/handlers/dns/v2/DnsStreamHandler.cpp index 333c71e3b..1f47bb23c 100644 --- a/src/handlers/dns/v2/DnsStreamHandler.cpp +++ b/src/handlers/dns/v2/DnsStreamHandler.cpp @@ -278,9 +278,9 @@ void DnsStreamHandler::process_udp_packet_cb(pcpp::Packet &payload, PacketDirect auto src_port = udpLayer->getSrcPort(); // note we want to capture metrics only when one of the ports is dns, // but metrics on the port which is _not_ the dns port - if (pcpp::DnsLayer::isDnsPort(dst_port)) { + if (isDnsPort(dst_port)) { metric_port = src_port; - } else if (pcpp::DnsLayer::isDnsPort(src_port)) { + } else if (isDnsPort(src_port)) { metric_port = dst_port; } if (metric_port) { @@ -312,9 +312,9 @@ void DnsStreamHandler::process_tcp_reassembled_packet_cb(pcpp::Packet &payload, auto src_port = tcpLayer->getSrcPort(); // note we want to capture metrics only when one of the ports is dns, // but metrics on the port which is _not_ the dns port - if (pcpp::DnsLayer::isDnsPort(dst_port)) { + if (isDnsPort(dst_port)) { metric_port = src_port; - } else if (pcpp::DnsLayer::isDnsPort(src_port)) { + } else if (isDnsPort(src_port)) { metric_port = dst_port; } if (metric_port) { @@ -384,9 +384,9 @@ void DnsStreamHandler::tcp_message_ready_cb(int8_t side, const pcpp::TcpStreamDa // note we want to capture metrics only when one of the ports is dns, // but metrics on the port which is _not_ the dns port uint16_t metric_port{0}; - if (pcpp::DnsLayer::isDnsPort(tcpData.getConnectionData().dstPort)) { + if (isDnsPort(tcpData.getConnectionData().dstPort)) { metric_port = tcpData.getConnectionData().srcPort; - } else if (pcpp::DnsLayer::isDnsPort(tcpData.getConnectionData().srcPort)) { + } else if (isDnsPort(tcpData.getConnectionData().srcPort)) { metric_port = tcpData.getConnectionData().dstPort; } if (metric_port) { @@ -444,9 +444,9 @@ void DnsStreamHandler::tcp_connection_start_cb(const pcpp::ConnectionData &conne // note we want to capture metrics only when one of the ports is dns, // but metrics on the port which is _not_ the dns port uint16_t metric_port{0}; - if (pcpp::DnsLayer::isDnsPort(connectionData.dstPort)) { + if (isDnsPort(connectionData.dstPort)) { metric_port = connectionData.srcPort; - } else if (pcpp::DnsLayer::isDnsPort(connectionData.srcPort)) { + } else if (isDnsPort(connectionData.srcPort)) { metric_port = connectionData.dstPort; } if (iter == _tcp_connections.end() && metric_port) {