layers: support decoding DNS over TCP

google / gopacket

Provides packet processing capabilities for Go

BSD 3-Clause "New" or "Revised" License

6.27k stars 1.12k forks source link

layers: support decoding DNS over TCP #236

Open 2opremio opened 7 years ago

2opremio commented 7 years ago

Gopacket seems to assume that DNS messages are always encapsulated on UDP, not supporting RFC5966

The following self-contained code fails to decode DNS requests over TCP: https://github.com/weaveworks/scope/blob/c5ac315b383fdf47c57cebb30bb2b7edd437ec74/probe/endpoint/dns_snooper_linux_amd64.go#L148

To reproduce:

Call NewDNSSnooper() to start decoding
Type host -T www.google.com 8.8.8.8 on a shell
You will get errors like DNSSnooper: error decoding packet: No decoder for layer type Payload

jimmystewpot commented 7 years ago

I have been dealing with this problem. It is not immediately obvious but I found this source to be very useful.

https://github.com/Phillipmartin/gopassivedns/blob/master/packets.go

2opremio commented 7 years ago

I've also ended up doing my own implementation https://github.com/weaveworks/scope/blob/45a9367d97db5fd4cdd6e79ff55819718dcc7456/probe/endpoint/dns_snooper_linux_amd64.go#L116

It still doesn't deal with fragmentation or out-of-order segments but it's good enough for now. That said, it's something I would had expected to be present in gopacket.

pocketwalker commented 6 years ago

Is this issue resolved? I'm still meeting it...

kevsjh commented 3 years ago

has this been resolved?