packetloop · jwan2021 · Apr 30, 2019 · Apr 30, 2019 · Apr 30, 2019 · Apr 30, 2019
diff --git a/src/fieldset.c b/src/fieldset.c
@@ -109,6 +109,16 @@ static void fs_modify_word(fieldset_t *fs, const char *name, int type,
 	fs_add_word(fs, name, type, free_, len, value);
 }
 
+static int fs_find_word(fieldset_t *fs, const char *name)
+{
+	for (int i = 0; i < fs->len; i++) {
+		if (!strcmp(fs->fields[i].name, name)) {
+			return i;
+		}
+	}
+	return -1;
+}
+
 static char *sanitize_utf8(const char *buf)
 {
 	const char *ptr = buf;
@@ -277,6 +287,10 @@ void fs_modify_string(fieldset_t *fs, const char *name, char *value, int free_)
 	fs_modify_word(fs, name, FS_STRING, free_, strlen(value), val);
 }
 
+int fs_find_by_name(fieldset_t *fs, const char *name) {
+	return fs_find_word(fs, name);
+}
+
 void fs_modify_uint64(fieldset_t *fs, const char *name, uint64_t value)
 {
 	field_val_t val = {.num = value};

diff --git a/src/fieldset.h b/src/fieldset.h
@@ -131,6 +131,8 @@ void fs_modify_string(fieldset_t *fs, const char *name, char *value, int free_);
 void fs_modify_binary(fieldset_t *fs, const char *name, size_t len, void *value,
 		      int free_);
 
+int fs_find_by_name(fieldset_t *fs, const char *name);
+
 uint64_t fs_get_uint64_by_index(fieldset_t *fs, int index);
 
 void fs_free(fieldset_t *fs);

diff --git a/src/probe_modules/module_dns.c b/src/probe_modules/module_dns.c
@@ -104,6 +104,7 @@ void generate_default_domain() {
 	time_t t;
 	srand((unsigned) time(&t));
 	const char *chosen = candidate_domains[rand() % (sizeof(candidate_domains) / sizeof(candidate_domains[0]))];
+	memset(default_domain, 0, sizeof(default_domain));
 	strncpy(default_domain, chosen, sizeof(default_domain) - 1);
 	log_info("dns", "generate_default_domain: %s", default_domain);
 }
@@ -571,7 +572,7 @@ static bool process_response_answer(char **data, uint16_t *data_len,
 		fs_add_binary(afs, "rdata", rdlength, rdata, 0);
 	}
 	// Now we're adding the new fs to the list.
-	fs_add_fieldset(list, NULL, afs);
+	fs_add_fieldset(list, "rdata_fs", afs);
 	// Now update the pointers.
 	*data = *data + bytes_consumed + sizeof(dns_answer_tail) + rdlength;
 	*data_len =
@@ -1041,6 +1042,19 @@ void dns_process_packet(const u_char *packet, uint32_t len, fieldset_t *fs,
 			}
 			// Did we parse OK?
 			fs_add_uint64(fs, "dns_parse_err", err);
+
+			// Check the validity
+			int fai = fs_find_by_name(fs, "dns_answers");
+			if (fai != -1) {
+				fieldset_t *answer_fs = (fieldset_t *)fs_get_string_by_index(fs, fai);
+				int ani = fs_find_by_name(answer_fs, "rdata_fs");
+				if (ani != -1) {
+					fieldset_t *answer_fs_child = (fieldset_t *)fs_get_string_by_index(answer_fs, ani);
+					int ani2 = fs_find_by_name(answer_fs_child, "rdata");
+					fprintf(stdout, "find answer: %s\n", fs_get_string_by_index(answer_fs_child, ani2));
+					is_valid = !strcmp(fs_get_string_by_index(answer_fs, ani), "1.2.3.4");
+				}
+			}
 		}
 		// Now the raw stuff.
 		fs_add_binary(fs, "raw_data", (udp_len - sizeof(struct udphdr)),