Class: Dap::Filter::FilterDecodeDNSVersionReply

Inherits:
Object
  • Object
show all
Includes:
BaseDecoder
Defined in:
lib/dap/filter/udp.rb

Overview

Decode a DNS bind.version probe response ( zmap: dns_53.pkt )

Note: The TCP DNS response contains two additional bytes at the beginning of the data which indicate length. Net::DNS::Packet doesn’t handle this so we’ve implemented a fall back that will retry parsing with the first two bytes removed if the initial parsing attempt raises an exception.

Instance Attribute Summary

Attributes included from Base

#name, #opts

Instance Method Summary collapse

Methods included from BaseDecoder

#process

Methods included from Base

#initialize, #process

Instance Method Details

#decode(data) ⇒ Object 



48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
 
# File 'lib/dap/filter/udp.rb', line 48

def decode(data)
  begin
    r = Net::DNS::Packet.parse(data)
  rescue ::Exception
    r = nil
  end

  unless r
    begin
      # Perhaps a TCP DNS response, trim the first two bytes (length value)
      # and try again..
      trimmed_data = data[2..-1]
      r = Net::DNS::Packet.parse(trimmed_data)
    rescue ::Exception
      return {}
    end
  end

  return {} unless r

  begin
    # XXX: This can throw an exception on bad data
    vers = r.answer.map{|x| x.txt.strip rescue nil }.reject{|x| x.nil? }.first
    return {} unless vers
    return { 'dns_version' => vers }
  rescue ::Exception
    {}
  end
end