MCPcopy
hub / github.com/evilsocket/opensnitch / dnsWorker

Function dnsWorker

daemon/dns/ebpfhook.go:254–291  ·  view source on GitHub ↗
(id int, channel chan []byte, exitChannel chan struct{})

Source from the content-addressed store, hash-verified

252}
253
254func dnsWorker(id int, channel chan []byte, exitChannel chan struct{}) {
255
256 log.Debug("[eBPF DNS] worker initialized #%d", id)
257 var event nameLookupEvent
258 var ip net.IP
259
260 for data := range channel {
261 select {
262 case <-exitChannel:
263 goto Exit
264 // case data := <-channel:
265 default:
266 event = nameLookupEvent{}
267 if len(data) > 0 {
268 log.Trace("(%d) [eBPF DNS]: LookupEvent %d %x %x %x", id, len(data), data[:4], data[4:20], data[20:])
269 }
270 err := binary.Read(bytes.NewBuffer(data), binary.LittleEndian, &event)
271 if err != nil {
272 log.Warning("(%d) [eBPF DNS]: Failed to decode ebpf nameLookupEvent: %s\n", id, err)
273 continue
274 }
275 // Convert C string (null-terminated) to Go string
276 host := string(event.Host[:bytes.IndexByte(event.Host[:], 0)])
277 // 2 -> AF_INET (ipv4)
278 if event.AddrType == 2 {
279 ip = net.IP(event.IP[:4])
280 } else {
281 ip = net.IP(event.IP[:])
282 }
283
284 log.Debug("(%d) [eBPF DNS]: Tracking Resolved Message: %s -> %s\n", id, host, ip.String())
285 Track(ip.String(), host)
286 }
287 }
288
289Exit:
290 log.Debug("[eBPF DNS] worker #%d closed", id)
291}

Callers 1

ListenerEbpfFunction · 0.85

Calls 3

TrackFunction · 0.85
ReadMethod · 0.80
StringMethod · 0.45

Tested by

no test coverage detected