Class: Dap::Filter::FilterDecodeDNSVersionReply
- Inherits:
-
Object
- Object
- Dap::Filter::FilterDecodeDNSVersionReply
- Includes:
- BaseDecoder
- Defined in:
- lib/dap/filter/udp.rb
Overview
Decode a DNS bind.version probe response ( zmap: dns_53.pkt )
Note: The TCP DNS response contains two additional bytes at the beginning of the data which indicate length. Net::DNS::Packet doesn’t handle this so we’ve implemented a fall back that will retry parsing with the first two bytes removed if the initial parsing attempt raises an exception.
Instance Attribute Summary
Attributes included from Base
Instance Method Summary collapse
Methods included from BaseDecoder
Methods included from Base
Instance Method Details
#decode(data) ⇒ Object
48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 |
# File 'lib/dap/filter/udp.rb', line 48 def decode(data) begin r = Net::DNS::Packet.parse(data) rescue ::Exception r = nil end unless r begin # Perhaps a TCP DNS response, trim the first two bytes (length value) # and try again.. trimmed_data = data[2..-1] r = Net::DNS::Packet.parse(trimmed_data) rescue ::Exception return {} end end return {} unless r begin # XXX: This can throw an exception on bad data vers = r.answer.map{|x| x.txt.strip rescue nil }.reject{|x| x.nil? }.first return {} unless vers return { 'dns_version' => vers } rescue ::Exception {} end end |