package-analysis icon indicating copy to clipboard operation
package-analysis copied to clipboard

Published 20 hours ago verified publisher icon ossf

DNS requests appear to be missing or incomplete.

Open maxfisher-g opened this issue 2 years ago • 3 comments
trafficstars

It seems like in some cases we have a race condition in our packet capture, which is causing noise/imprecision in logging of DNS requests.

maxfisher-g avatar Mar 20 '23 00:03 maxfisher-g

One possible cause is a race condition in the package capture. This would occur if there are packets that are still in transit after the packet capture has been stopped.

calebbrown avatar Apr 28 '23 02:04 calebbrown

Another cause that is likely happening is DNS over UDP being truncated due to the message size limitations. The DNS traffic is then issued over TCP, however this is not being observed or recorded.

Note: DNS truncation happening does not exclude the possibility of race condition existing as well.

calebbrown avatar Apr 28 '23 02:04 calebbrown

Support for DNS over TCP is not handled easily in gopacket, and likely requires some redesign over the packet capture logic.

calebbrown avatar Apr 28 '23 02:04 calebbrown