dns events: support dns events over tcp (aquasecurity#1807)

output dns events which are on top of tcp, not just udp.
EBWi11 · Jun 7, 2022 · 5626d26 · 5626d26
1 parent 69c7765
commit 5626d26
Showing 1 changed file with 4 additions and 10 deletions.
diff --git a/pkg/ebpf/c/tracee.bpf.c b/pkg/ebpf/c/tracee.bpf.c
@@ -5378,16 +5378,10 @@ static __always_inline void set_net_event_id(net_packet_t *pkt)
         DNS = 53,
     };
 
-    switch (pkt->protocol) {
-        case IPPROTO_UDP:
-            if (pkt->dst_port == DNS)
-                pkt->event_id = DNS_REQUEST;
-            if (pkt->src_port == DNS)
-                pkt->event_id = DNS_RESPONSE;
-            break;
-        default:
-            pkt->event_id = NET_PACKET;
-    }
+    if (pkt->dst_port == DNS)
+        pkt->event_id = DNS_REQUEST;
+    if (pkt->src_port == DNS)
+        pkt->event_id = DNS_RESPONSE;
 }
 
 // some network events might need payload (even without capture)