日志dns拦截记录

2021-10-05 13:50:55 +08:00 · 2021-10-05 13:50:55 +08:00 · 44960eb4fc
commit 44960eb4fc
parent 1163fa4678
2 changed files with 22 additions and 23 deletions
--- a/FastGithub.PacketIntercept/Dns/DnsInterceptor.cs
+++ b/FastGithub.PacketIntercept/Dns/DnsInterceptor.cs
@ -22,12 +22,12 @@ namespace FastGithub.PacketIntercept.Dns
    [SupportedOSPlatform("windows")]
    sealed class DnsInterceptor : IDnsInterceptor
    {
-        private const string DNS_FILTER = "udp.DstPort == 53";
+        private const string DNS_FILTER = "ip and udp.DstPort == 53";
        private readonly FastGithubConfig fastGithubConfig;
        private readonly ILogger<DnsInterceptor> logger;
-        private readonly TimeSpan ttl = TimeSpan.FromMinutes(10d);
+        private readonly TimeSpan ttl = TimeSpan.FromMinutes(1d);
        /// <summary>
        /// 刷新DNS缓存
@ -35,6 +35,15 @@ namespace FastGithub.PacketIntercept.Dns
        [DllImport("dnsapi.dll", EntryPoint = "DnsFlushResolverCache", SetLastError = true)]
        private static extern void DnsFlushResolverCache();
        /// <summary>
        /// 首次加载驱动往往有异常，所以要提前加载
        /// </summary>
        static DnsInterceptor()
        {
            var handle = WinDivert.WinDivertOpen("false", WinDivertLayer.Network, 0, WinDivertOpenFlags.None);
            WinDivert.WinDivertClose(handle);
        }
        /// <summary>
        /// dns拦截器
        /// </summary>
@ -142,20 +151,10 @@ namespace FastGithub.PacketIntercept.Dns
            packetLength = (uint)((int)packetLength + responsePayload.Length - requestPayload.Length);
            // 修改ip包
-            if (packet.IPv4Header != null)
+            var destAddress = packet.IPv4Header->DstAddr;
-            {
+            packet.IPv4Header->DstAddr = packet.IPv4Header->SrcAddr;
-                var destAddress = packet.IPv4Header->DstAddr;
+            packet.IPv4Header->SrcAddr = destAddress;
-                packet.IPv4Header->DstAddr = packet.IPv4Header->SrcAddr;
+            packet.IPv4Header->Length = (ushort)packetLength;
                packet.IPv4Header->SrcAddr = destAddress;
                packet.IPv4Header->Length = (ushort)packetLength;
            }
            else
            {
                var destAddress = packet.IPv6Header->DstAddr;
                packet.IPv6Header->DstAddr = packet.IPv6Header->SrcAddr;
                packet.IPv6Header->SrcAddr = destAddress;
                packet.IPv6Header->Length = (ushort)packetLength;
            }
            // 修改udp包
            var destPort = packet.UdpHeader->DstPort;
@ -164,7 +163,12 @@ namespace FastGithub.PacketIntercept.Dns
            packet.UdpHeader->Length = (ushort)(sizeof(UdpHeader) + responsePayload.Length);
            winDivertAddress.Impostor = true;
            winDivertAddress.Direction = winDivertAddress.Loopback
                ? WinDivertDirection.Outbound
                : WinDivertDirection.Inbound;
            WinDivert.WinDivertHelperCalcChecksums(winDivertBuffer, packetLength, ref winDivertAddress, WinDivertChecksumHelperParam.All);
            this.logger.LogInformation($"已拦截向dns://{destAddress}:{destPort}查询{domain}");
        }
--- a/FastGithub.PacketIntercept/DnsInterceptHostedService.cs
+++ b/FastGithub.PacketIntercept/DnsInterceptHostedService.cs
@ -1,5 +1,4 @@
-using FastGithub.WinDiverts;
+using Microsoft.Extensions.Hosting;
 using Microsoft.Extensions.Hosting;
 using Microsoft.Extensions.Logging;
 using System;
 using System.Collections.Generic;
@ -45,11 +44,7 @@ namespace FastGithub.PacketIntercept
        /// <param name="cancellationToken"></param>
        /// <returns></returns>
        public override async Task StartAsync(CancellationToken cancellationToken)
-        {
+        {          
            // 首次加载驱动往往有异常，所以要提前加载
            var handle = WinDivert.WinDivertOpen("true", WinDivertLayer.Network, 0, WinDivertOpenFlags.None);
            WinDivert.WinDivertClose(handle);
            foreach (var solver in this.conflictSolvers)
            {
                await solver.SolveAsync(cancellationToken);