I have a requirement to obtain the domain name from the destination IP from an outgoing packet. I am successful in capturing and obtaining the destination IP packets using the netfilter hook as shown below.
unsigned int hook_func_out(unsigned int hooknum, struct sk_buff * skb, const struct net_device *in, const struct net_device *out, int (*okfn)(struct sk_buff*))
{
ofs = 20; // Set theoffset to skip over the IP header.
{
struct iphdr *ip_header = (struct iphdr *)skb_network_header(skb);
struct udphdr *udp_header;
struct tcphdr * tcp_header;
//Ican obtain the destination IP address of the packet
//like this
unsigned int dest_ip = (unsigned int)ip_header->daddr;
//or like this
char pkt_tbuf[16];
snprintf(pkt_tbuf, 16, "%pI4", &ip_header->daddr);
//here I need to obtain the domain name of the obtained destination address
}
}
However, I have no idea on how to use that IP to obtain the domain name of the obtained IP.
I tried many sources (https://www.google.com/search?client=ubuntu&channel=fs&q=linux+kernel+programming+domain+name+from+IP+&ie=utf-8&oe=utf-8) but did find any related information on the subject and will be really grateful if you experts would provide any sample code/ references to perform this task :)
Thank you
For kernel space, You can use DNS Resolver Module to query DNS from kernel space.
Check the documentation here
Enable and compile the module
The module should be enabled by turning on the kernel configuration options:
CONFIG_DNS_RESOLVER - tristate "DNS Resolver support"
Modify /etc/request-key.conf file as mentioned in document
Include dns_resolver.h
#include <linux/dns_resolver.h>
Use dns_query function to query. Use PTR or CNAME as type to perform reverse DNS lookups
int dns_query(const char *type, const char *name, size_t namelen,
const char *options, char **_result, time_t *_expiry);