33 lines
1002 B
Rust
33 lines
1002 B
Rust
use crate::report::LeakTransport;
|
|
use hickory_proto::op::{Message, MessageType};
|
|
use serde::{Deserialize, Serialize};
|
|
use std::net::IpAddr;
|
|
use wtfnet_platform::FlowProtocol;
|
|
|
|
#[derive(Debug, Clone, Serialize, Deserialize)]
|
|
pub struct ClassifiedEvent {
|
|
pub timestamp_ms: u128,
|
|
pub proto: FlowProtocol,
|
|
pub src_ip: IpAddr,
|
|
pub src_port: u16,
|
|
pub dst_ip: IpAddr,
|
|
pub dst_port: u16,
|
|
pub iface_name: Option<String>,
|
|
pub transport: LeakTransport,
|
|
pub qname: Option<String>,
|
|
pub qtype: Option<String>,
|
|
pub rcode: Option<String>,
|
|
}
|
|
|
|
pub fn classify_dns_query(payload: &[u8]) -> Option<(String, String, String)> {
|
|
let message = Message::from_vec(payload).ok()?;
|
|
if message.message_type() != MessageType::Query {
|
|
return None;
|
|
}
|
|
let query = message.queries().first()?;
|
|
let qname = query.name().to_utf8();
|
|
let qtype = query.query_type().to_string();
|
|
let rcode = message.response_code().to_string();
|
|
Some((qname, qtype, rcode))
|
|
}
|