2

我需要从传出数据包中获取目标 IP 的域名。我成功地使用netfilter钩子捕获并获取了目标 IP 数据包,如下所示。

unsigned int hook_func_out(unsigned int hooknum, struct sk_buff * skb, const struct net_device *in, const struct net_device *out, int (*okfn)(struct sk_buff*)) 
{

    ofs = 20;   // Set theoffset to skip over the IP header.

    {   
            struct iphdr *ip_header = (struct iphdr *)skb_network_header(skb);  
            struct udphdr *udp_header;  
            struct tcphdr * tcp_header;

        //Ican obtain the destination IP address of the packet 
        //like this
        unsigned int dest_ip = (unsigned int)ip_header->daddr;

        //or like this          
        char pkt_tbuf[16];          
        snprintf(pkt_tbuf, 16, "%pI4", &ip_header->daddr);

        //here I need to obtain the domain name of the obtained destination address
    }
}

但是,我不知道如何使用该IP来获取所获得IP的域名。

我尝试了很多来源(https://www.google.com/search?client=ubuntu&channel=fs&q=linux+kernel+programming+domain+name+from+IP+&ie=utf-8&oe=utf-8)但确实找到了有关该主题的任何相关信息,如果您的专家能提供任何示例代码/参考来执行此任务,我们将不胜感激:)

谢谢

4

1 回答 1

1

对于内核空间,您可以使用DNS Resolver Module从内核空间查询 DNS。在此处查看文档

启用并编译模块

The module should be enabled by turning on the kernel configuration options:

CONFIG_DNS_RESOLVER - tristate "DNS Resolver support"

修改/etc/request-key.conf文件中提到的文件

包括 dns_resolver.h

 #include <linux/dns_resolver.h>

使用 dns_query 函数进行查询。使用PTRorCNAME作为类型来执行反向 DNS 查找

int dns_query(const char *type, const char *name, size_t namelen,
       const char *options, char **_result, time_t *_expiry);
于 2014-07-08T11:46:15.683 回答