| 196 | |
| 197 | |
| 198 | def parseDNSdata(paket): |
| 199 | |
| 200 | def getWord(DNSdata, addr): |
| 201 | return (ord(DNSdata[addr])<<8)+ord(DNSdata[addr+1]) |
| 202 | |
| 203 | DNSstruct = {} |
| 204 | adr = 0 |
| 205 | |
| 206 | # header |
| 207 | DNSstruct['head'] = { \ |
| 208 | 'id': getWord(paket, adr+0), \ |
| 209 | 'flags': getWord(paket, adr+2), \ |
| 210 | 'qdcnt': getWord(paket, adr+4), \ |
| 211 | 'ancnt': getWord(paket, adr+6), \ |
| 212 | 'nscnt': getWord(paket, adr+8), \ |
| 213 | 'arcnt': getWord(paket, adr+10) } |
| 214 | adr = adr + 12 |
| 215 | |
| 216 | # query |
| 217 | DNSstruct['query'] = [] |
| 218 | for i in range(DNSstruct['head']['qdcnt']): |
| 219 | DNSstruct['query'].append({}) |
| 220 | host_nolink = DNSToHost(paket, adr, followlink=False) |
| 221 | host_link = DNSToHost(paket, adr, followlink=True) |
| 222 | DNSstruct['query'][i]['host'] = host_link |
| 223 | adr = adr + len(host_nolink)+2 |
| 224 | DNSstruct['query'][i]['type'] = getWord(paket, adr+0) |
| 225 | DNSstruct['query'][i]['class'] = getWord(paket, adr+2) |
| 226 | adr = adr + 4 |
| 227 | |
| 228 | # resource records |
| 229 | DNSstruct['resrc'] = [] |
| 230 | for i in range(DNSstruct['head']['ancnt'] + DNSstruct['head']['nscnt'] + DNSstruct['head']['arcnt']): |
| 231 | DNSstruct['resrc'].append({}) |
| 232 | host_nolink = DNSToHost(paket, adr, followlink=False) |
| 233 | host_link = DNSToHost(paket, adr, followlink=True) |
| 234 | DNSstruct['resrc'][i]['host'] = host_link |
| 235 | adr = adr + len(host_nolink)+2 |
| 236 | DNSstruct['resrc'][i]['type'] = getWord(paket, adr+0) |
| 237 | DNSstruct['resrc'][i]['class'] = getWord(paket, adr+2) |
| 238 | DNSstruct['resrc'][i]['ttl'] = (getWord(paket, adr+4)<<16)+getWord(paket, adr+6) |
| 239 | DNSstruct['resrc'][i]['rdlen'] = getWord(paket, adr+8) |
| 240 | adr = adr + 10 |
| 241 | DNSstruct['resrc'][i]['rdata'] = [] |
| 242 | if DNSstruct['resrc'][i]['type']==5: # 5=redirect, evaluate name |
| 243 | host = DNSToHost(paket, adr, followlink=True) |
| 244 | DNSstruct['resrc'][i]['rdata'] = host |
| 245 | adr = adr + DNSstruct['resrc'][i]['rdlen'] |
| 246 | DNSstruct['resrc'][i]['rdlen'] = len(host) |
| 247 | else: # 1=IP, ... |
| 248 | for j in range(DNSstruct['resrc'][i]['rdlen']): |
| 249 | DNSstruct['resrc'][i]['rdata'].append( paket[adr+j] ) |
| 250 | adr = adr + DNSstruct['resrc'][i]['rdlen'] |
| 251 | |
| 252 | return DNSstruct |
| 253 | |
| 254 | def encodeDNSstruct(DNSstruct): |
| 255 | |