forked from luainkernel/lunatik
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathcommon.lua
51 lines (41 loc) · 1.28 KB
/
common.lua
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
--
-- SPDX-FileCopyrightText: (c) 2024 Mohammad Shehar Yaar Tausif <[email protected]>
-- SPDX-License-Identifier: MIT OR GPL-2.0-only
--
-- Common code for new netfilter framework and legacy iptables dns doctoring example
local nf = require("netfilter")
local linux = require("linux")
local action = nf.action
local dns = 0x35
local common = {}
local function get_domain(skb, off)
local _, nameoff, name = skb:getstring(off):find("([^\0]*)")
return name, nameoff + 1
end
function common.hook(skb, thoff, target_dns, target_ip, dst_ip)
local packetdst = skb:getuint32(16)
if packetdst ~= linux.hton32(dst_ip) then
return action.ACCEPT
end
local srcport = linux.ntoh16(skb:getuint16(thoff))
if srcport == dns then
local dnsoff = thoff + 8
local nanswers = linux.ntoh16(skb:getuint16(dnsoff + 6))
-- check the domain name
dnsoff = dnsoff + 12
local domainname, nameoff = get_domain(skb, dnsoff)
if domainname == target_dns then
dnsoff = dnsoff + nameoff + 4 -- skip over type, label fields
-- iterate over answers
for i = 1, nanswers do
local atype = linux.hton16(skb:getuint16(dnsoff + 2))
if atype == 1 then
skb:setuint32(dnsoff + 12, linux.hton32(target_ip))
end
dnsoff = dnsoff + 16
end
end
end
return action.ACCEPT
end
return common