Inicio Explorar Axuda
Rexistro Iniciar sesión
FangSoftSoft
/
FastGithub
réplica de https://github.com/dotnetcore/FastGithub
2
0
Fork 0
Ficheiros Incidencias 0 Wiki
Explorar o código

日志dns拦截记录

老九 %!s(int64=3) %!d(string=hai) anos
pai
1163fa4678
achega
44960eb4fc
Modificáronse 2 ficheiros con 22 adicións e 23 borrados
Unificar vista Mostrar estatísticas de Diff
  1. 20 16
      FastGithub.PacketIntercept/Dns/DnsInterceptor.cs
  2. 2 7
      FastGithub.PacketIntercept/DnsInterceptHostedService.cs

+ 20 - 16
FastGithub.PacketIntercept/Dns/DnsInterceptor.cs
Ver ficheiro 

@@ -22,12 +22,12 @@ namespace FastGithub.PacketIntercept.Dns
 
     [SupportedOSPlatform("windows")]
 
     [SupportedOSPlatform("windows")]
 
     sealed class DnsInterceptor : IDnsInterceptor
 
     sealed class DnsInterceptor : IDnsInterceptor
 
     {
 
     {
 
-        private const string DNS_FILTER = "udp.DstPort == 53";
 
+        private const string DNS_FILTER = "ip and udp.DstPort == 53";
 
 
 
         private readonly FastGithubConfig fastGithubConfig;
 
         private readonly FastGithubConfig fastGithubConfig;
 
         private readonly ILogger<DnsInterceptor> logger;
 
         private readonly ILogger<DnsInterceptor> logger;
 
 
 
-        private readonly TimeSpan ttl = TimeSpan.FromMinutes(10d);
 
+        private readonly TimeSpan ttl = TimeSpan.FromMinutes(1d);
 
 
 
         /// <summary>
 
         /// <summary>
 
         /// 刷新DNS缓存
 
         /// 刷新DNS缓存
 
@@ -35,6 +35,15 @@ namespace FastGithub.PacketIntercept.Dns
 
         [DllImport("dnsapi.dll", EntryPoint = "DnsFlushResolverCache", SetLastError = true)]
 
         [DllImport("dnsapi.dll", EntryPoint = "DnsFlushResolverCache", SetLastError = true)]
 
         private static extern void DnsFlushResolverCache();
 
         private static extern void DnsFlushResolverCache();
 
 
 
+        /// <summary>
 
+        /// 首次加载驱动往往有异常,所以要提前加载
 
+        /// </summary>
 
+        static DnsInterceptor()
 
+        {
 
+            var handle = WinDivert.WinDivertOpen("false", WinDivertLayer.Network, 0, WinDivertOpenFlags.None);
 
+            WinDivert.WinDivertClose(handle);
 
+        }
 
+
 
         /// <summary>
 
         /// <summary>
 
         /// dns拦截器
 
         /// dns拦截器
 
         /// </summary>
 
         /// </summary>
 
@@ -142,20 +151,10 @@ namespace FastGithub.PacketIntercept.Dns
 
             packetLength = (uint)((int)packetLength + responsePayload.Length - requestPayload.Length);
 
             packetLength = (uint)((int)packetLength + responsePayload.Length - requestPayload.Length);
 
 
 
             // 修改ip包
 
             // 修改ip包
 
-            if (packet.IPv4Header != null)
 
-            {
 
-                var destAddress = packet.IPv4Header->DstAddr;
 
-                packet.IPv4Header->DstAddr = packet.IPv4Header->SrcAddr;
 
-                packet.IPv4Header->SrcAddr = destAddress;
 
-                packet.IPv4Header->Length = (ushort)packetLength;
 
-            }
 
-            else
 
-            {
 
-                var destAddress = packet.IPv6Header->DstAddr;
 
-                packet.IPv6Header->DstAddr = packet.IPv6Header->SrcAddr;
 
-                packet.IPv6Header->SrcAddr = destAddress;
 
-                packet.IPv6Header->Length = (ushort)packetLength;
 
-            }
 
+            var destAddress = packet.IPv4Header->DstAddr;
 
+            packet.IPv4Header->DstAddr = packet.IPv4Header->SrcAddr;
 
+            packet.IPv4Header->SrcAddr = destAddress;
 
+            packet.IPv4Header->Length = (ushort)packetLength;
 
 
 
             // 修改udp包
 
             // 修改udp包
 
             var destPort = packet.UdpHeader->DstPort;
 
             var destPort = packet.UdpHeader->DstPort;
 
@@ -164,7 +163,12 @@ namespace FastGithub.PacketIntercept.Dns
 
             packet.UdpHeader->Length = (ushort)(sizeof(UdpHeader) + responsePayload.Length);
 
             packet.UdpHeader->Length = (ushort)(sizeof(UdpHeader) + responsePayload.Length);
 
 
 
             winDivertAddress.Impostor = true;
 
             winDivertAddress.Impostor = true;
 
+            winDivertAddress.Direction = winDivertAddress.Loopback
 
+                ? WinDivertDirection.Outbound
 
+                : WinDivertDirection.Inbound;
 
+
 
             WinDivert.WinDivertHelperCalcChecksums(winDivertBuffer, packetLength, ref winDivertAddress, WinDivertChecksumHelperParam.All);
 
             WinDivert.WinDivertHelperCalcChecksums(winDivertBuffer, packetLength, ref winDivertAddress, WinDivertChecksumHelperParam.All);
 
+            this.logger.LogInformation($"已拦截向dns://{destAddress}:{destPort}查询{domain}");
 
         }
 
         }

+ 2 - 7
FastGithub.PacketIntercept/DnsInterceptHostedService.cs
Ver ficheiro 

@@ -1,5 +1,4 @@
 
-using FastGithub.WinDiverts;
 
-using Microsoft.Extensions.Hosting;
 
+using Microsoft.Extensions.Hosting;
 
 using Microsoft.Extensions.Logging;
 
 using Microsoft.Extensions.Logging;
 
 using System;
 
 using System;
 
 using System.Collections.Generic;
 
 using System.Collections.Generic;
 
@@ -45,11 +44,7 @@ namespace FastGithub.PacketIntercept
 
         /// <param name="cancellationToken"></param>
 
         /// <param name="cancellationToken"></param>
 
         /// <returns></returns>
 
         /// <returns></returns>
 
         public override async Task StartAsync(CancellationToken cancellationToken)
 
         public override async Task StartAsync(CancellationToken cancellationToken)
 
-        {
 
-            // 首次加载驱动往往有异常,所以要提前加载
 
-            var handle = WinDivert.WinDivertOpen("true", WinDivertLayer.Network, 0, WinDivertOpenFlags.None);
 
-            WinDivert.WinDivertClose(handle);
 
-
 
+        {          
             foreach (var solver in this.conflictSolvers)
 
             foreach (var solver in this.conflictSolvers)
 
             {
 
             {
 
                 await solver.SolveAsync(cancellationToken);
 
                 await solver.SolveAsync(cancellationToken);