diff --git a/Cargo.toml b/Cargo.toml index fd20099..b4021e4 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -1,2 +1,3 @@ [workspace] members = ["xtask", "app", "common"] +resolver = "2" diff --git a/README.md b/README.md index 5232c16..190fff1 100644 --- a/README.md +++ b/README.md @@ -1,2 +1,56 @@ # dnstop An efficient DNS monitoring tool based on eBPF + +## Introduction + +`dnstop` is attached to a specific network interface and simply outputs the results of DNS queries and responses that are forwarded to it in the form shown below. + +```sh +REQ: ID=40797 SRC=192.168.64.6:54110 DST=192.168.64.1:53 DNS_NAME=www.google.com DNS_TYPE=A DNS_CLASS=IN +REQ: ID=39114 SRC=192.168.64.6:40193 DST=192.168.64.1:53 DNS_NAME=www.google.com DNS_TYPE=AAAA DNS_CLASS=IN +OK: ID=40797 DNS_NAME=www.google.com DNS_TYPE=A DNS_CLASS=IN +OK: ID=39114 DNS_NAME=www.google.com DNS_TYPE=AAAA DNS_CLASS=IN +REQ: ID=25132 SRC=192.168.64.6:44543 DST=192.168.64.1:53 DNS_NAME=www.woogole.com DNS_TYPE=A DNS_CLASS=IN +REQ: ID=55755 SRC=192.168.64.6:39533 DST=192.168.64.1:53 DNS_NAME=www.woogole.com DNS_TYPE=AAAA DNS_CLASS=IN +NXDOMAIN: ID=25132 DNS_NAME=www.woogole.com DNS_TYPE=A DNS_CLASS=IN +NXDOMAIN: ID=55755 DNS_NAME=www.woogole.com DNS_TYPE=AAAA DNS_CLASS=IN +REQ: ID=42662 SRC=192.168.64.6:34430 DST=192.168.64.1:53 DNS_NAME=www.woogole.com DNS_TYPE=A DNS_CLASS=IN +REQ: ID=42543 SRC=192.168.64.6:48084 DST=192.168.64.1:53 DNS_NAME=www.woogole.com DNS_TYPE=AAAA DNS_CLASS=IN +NXDOMAIN: ID=42662 DNS_NAME=www.woogole.com DNS_TYPE=A DNS_CLASS=IN +NXDOMAIN: ID=42543 DNS_NAME=www.woogole.com DNS_TYPE=AAAA DNS_CLASS=IN +``` + +## Prerequisites + +- Rust +- Docker +- Justfile + +## How to use + +### 1. clone the repository + +```bash +git clone https://github.com/wqld/dnstop.git +``` + +### 2. build the project + +```bash +just build-image +``` + +You can specify the target architecture as follows. (The default is aarch64). + +```bash +just build-image --arch x86_64 +``` + +### 3. run the container + +It requires privileged privileges because it needs to run the eBPF program. +Specify the network interface to watch for DNS packets with the `--iface` option. + +```bash +docker run --privileged --rm --network host dnstop:manually --iface enp0s1 +``` diff --git a/justfile b/justfile index 0a0592c..bf8d26d 100644 --- a/justfile +++ b/justfile @@ -1,4 +1,6 @@ +arch := "aarch64" + build-image: cargo xtask build-ebpf - cargo build --target aarch64-unknown-linux-musl - docker build --build-arg ARCH=aarch64 -t dnstop:test . + cargo build --target {{ arch }}-unknown-linux-musl + docker build --build-arg ARCH={{ arch }} -t dnstop:manually .