public void Process() { // if we are using the DNS proxy we have first hand data and not need to monitor the system DNS cache. if (App.engine.DnsProxy == null || App.GetConfigInt("DnsInspector", "AlwaysMonitor", 0) != 0) { dnsCacheMonitor.SyncCache(); } if (LastCleanupTime.AddMinutes(15) < DateTime.Now) // every 15 minutes { LastCleanupTime = DateTime.Now; queryWatcher.CleanupCache(); dnsCacheMonitor.CleanupCache(); hostNameResolver.CleanupCache(); } foreach (var Address in ObserverJobs.Keys.ToList()) { CloneableList <HostObserveJob> curJobs = ObserverJobs[Address]; for (int i = 0; i < curJobs.Count; i++) { HostObserveJob curJob = curJobs[i]; // Note: the cache emits events on every record found, if we have to a CNAME -> A -> IP case // we need to wait untill all records are in the cache and than properly search it if ((curJob.Await & NameSources.CachedQuery) != 0) { string cachedName = FindMostRecentHost(dnsCacheMonitor.FindHostNames(curJob.remoteAddress)); if (cachedName != null) { curJob.SetHostName(cachedName, NameSources.CapturedQuery); } curJob.Await &= ~NameSources.CachedQuery; // if after one cache update we still dont have a result we wont get it } if (!curJob.IsValid()) { curJobs.RemoveAt(i--); } } if (curJobs.Count == 0) { ObserverJobs.Remove(Address); } } }
public bool FindQueryName(int processId, IPAddress remoteAddress, object target, Action <object, string, NameSources> setter) { Dictionary <IPAddress, Dictionary <string, DnsCacheEntry> > dnsCache; if (dnsQueryCache.TryGetValue(processId, out dnsCache)) { Dictionary <string, DnsCacheEntry> cacheEntries; if (dnsCache.TryGetValue(remoteAddress, out cacheEntries) && cacheEntries.Count > 0) { // we found an entry setter(target, cacheEntries.Keys.First(), NameSources.CapturedQuery); return(true); } } HostObserveJob job = new HostObserveJob() { target = new WeakReference(target), setter = setter, processId = processId, remoteAddress = remoteAddress, timeOut = MiscFunc.GetUTCTime() + 30 }; ObserverJobs.Add(remoteAddress, job); return(false); }
public void GetHostName(int processId, IPAddress remoteAddress, object target, Action <object, string, NameSources> setter) { // sanity check if (remoteAddress.Equals(IPAddress.Any) || remoteAddress.Equals(IPAddress.IPv6Any)) { return; } if (remoteAddress.Equals(IPAddress.Loopback) || remoteAddress.Equals(IPAddress.IPv6Loopback)) { setter(target, "localhost", NameSources.ReverseDns); return; } if (NetFunc.IsMultiCast(remoteAddress)) { setter(target, "multicast.arpa", NameSources.ReverseDns); return; } NameSources Await = NameSources.None; if (queryWatcher.IsActive()) { string capturedName = FindMostRecentHost(queryWatcher.FindHostNames(processId, remoteAddress)); if (capturedName == null) { Await |= NameSources.CapturedQuery; } else { setter(target, capturedName, NameSources.CapturedQuery); } } if (Await != NameSources.None) { string cachedName = FindMostRecentHost(dnsCacheMonitor.FindHostNames(remoteAddress)); if (cachedName == null) { Await |= NameSources.CachedQuery; } else { setter(target, cachedName, NameSources.CachedQuery); } } int ReverseResolve = App.GetConfigInt("DnsInspector", "UseReverseDNS", 0); if (ReverseResolve == 2 || (ReverseResolve == 1 && (Await & NameSources.CachedQuery) != 0)) { string resolvedName = FindMostRecentHost(hostNameResolver.ResolveHostNames(remoteAddress)); if (resolvedName == null) { Await |= NameSources.ReverseDns; } else { setter(target, resolvedName, NameSources.ReverseDns); } } if (Await != NameSources.None) { HostObserveJob job = new HostObserveJob() { target = new WeakReference(target), setter = setter, processId = processId, remoteAddress = remoteAddress, Await = Await, timeOut = DateTime.Now.AddSeconds(30) }; ObserverJobs.Add(remoteAddress, job); } }