From 133f2a73bc6a0c4ae4d7d2e45ecd5ef1ffb44962 Mon Sep 17 00:00:00 2001
From: jhughesbiot <jonathan.hughes@buildingsiot.com>
Date: Mon, 7 Oct 2024 11:14:13 -0600
Subject: [PATCH 1/2] Add resolved ip addresses from dns queries to dns module
 report

---
 modules/test/dns/python/src/dns_module.py | 32 +++++++++++++++++------
 1 file changed, 24 insertions(+), 8 deletions(-)
diff --git a/modules/test/dns/python/src/dns_module.py b/modules/test/dns/python/src/dns_module.py
index c04e289d3..1be69d59a 100644
--- a/modules/test/dns/python/src/dns_module.py
+++ b/modules/test/dns/python/src/dns_module.py
@@ -97,6 +97,7 @@ def generate_module_report(self):
             <tr>
               <th>Source</th>
               <th>Destination</th>
+              <th>Resolved IP</th>
               <th>Type</th>
               <th>URL</th>
               <th>Count</th>
@@ -105,16 +106,16 @@ def generate_module_report(self):
           <tbody>'''
 
       # Count unique combinations
-      counter = Counter(
-          (row['Source'], row['Destination'], row['Type'], row['Data'])
-          for row in dns_table_data)
+      counter = Counter((row['Source'], row['Destination'], row['ResolvedIP'],
+                         row['Type'], row['Data']) for row in dns_table_data)
 
       # Generate the HTML table with the count column
-      for (src, dst, typ, dat), count in counter.items():
+      for (src, dst, res_ip, typ, dat), count in counter.items():
         table_content += f'''
               <tr>
                 <td>{src}</td>
                 <td>{dst}</td>
+                <td>{res_ip}</td>
                 <td>{typ}</td>
                 <td>{dat}</td>
                 <td>{count}</td>
@@ -166,23 +167,38 @@ def extract_dns_data(self):
           # 'qr' field indicates query (0) or response (1)
           dns_type = 'Query' if dns_layer.qr == 0 else 'Response'
 
-          # Check for the presence of DNS query name
-          if hasattr(dns_layer, 'qd') and dns_layer.qd is not None:
+          # Check if 'qd' (query data) exists and has at least one entry
+          if hasattr(dns_layer, 'qd') and dns_layer.qdcount > 0:
             qname = dns_layer.qd.qname.decode() if dns_layer.qd.qname else 'N/A'
           else:
             qname = 'N/A'
 
+          resolved_ip = 'N/A'
+          # If it's a response packet, extract the resolved IP address
+          # from the answer section
+          if dns_layer.qr == 1 and hasattr(dns_layer,
+                                           'an') and dns_layer.ancount > 0:
+            # Loop through all answers in the DNS response
+            for i in range(dns_layer.ancount):
+              answer = dns_layer.an[i]
+              # Check for IPv4 (A record) or IPv6 (AAAA record)
+              if answer.type == 1:  # Indicates an A record (IPv4 address)
+                resolved_ip = answer.rdata  # Extract IPv4 address
+                break  # Stop after finding the first valid resolved IP
+              elif answer.type == 28:  # Indicates an AAAA record (IPv6 address)
+                resolved_ip = answer.rdata  # Extract IPv6 address
+                break  # Stop after finding the first valid resolved IP
+
           dns_data.append({
               'Timestamp': float(packet.time),  # Timestamp of the DNS packet
               'Source': source_ip,
               'Destination': destination_ip,
+              'ResolvedIP': resolved_ip,  # Adding the resolved IP address
               'Type': dns_type,
               'Data': qname[:-1]
           })
 
     # Filter unique entries based on 'Timestamp'
-    # DNS Server will duplicate messages caught by
-    # startup and monitor
     filtered_unique_dns_data = []
     seen_timestamps = set()
 

From 744077b49b85e418880bb036a1f6fcbb113db8d9 Mon Sep 17 00:00:00 2001
From: jhughesbiot <jonathan.hughes@buildingsiot.com>
Date: Mon, 7 Oct 2024 11:43:08 -0600
Subject: [PATCH 2/2] update dns report

---
 .../unit/dns/reports/dns_report_local.html    | 99 ++++++++++++++++++-
 1 file changed, 98 insertions(+), 1 deletion(-)

diff --git a/testing/unit/dns/reports/dns_report_local.html b/testing/unit/dns/reports/dns_report_local.html
index f62357a95..d107c66b1 100644
--- a/testing/unit/dns/reports/dns_report_local.html
+++ b/testing/unit/dns/reports/dns_report_local.html
@@ -1 +1,98 @@
-<h1>DNS Module</h1>      <table class="module-summary">        <thead>          <tr>            <th>Requests to local DNS server</th>            <th>Requests to external DNS servers</th>            <th>Total DNS requests</th>            <th>Total DNS responses</th>          </tr>        </thead>        <tbody>          <tr>            <td>71</td>            <td>0</td>            <td>71</td>            <td>84</td>             </tr>      </table>                             <table class="module-data">          <thead>            <tr>              <th>Source</th>              <th>Destination</th>              <th>Type</th>              <th>URL</th>              <th>Count</th>            </tr>          </thead>          <tbody>              <tr>                <td>10.10.10.14</td>                <td>10.10.10.4</td>                <td>Query</td>                <td>mqtt.googleapis.com</td>                <td>64</td>              </tr>              <tr>                <td>10.10.10.4</td>                <td>10.10.10.14</td>                <td>Response</td>                <td>mqtt.googleapis.com</td>                <td>76</td>              </tr>              <tr>                <td>10.10.10.14</td>                <td>10.10.10.4</td>                <td>Query</td>                <td>pool.ntp.org</td>                <td>7</td>              </tr>              <tr>                <td>10.10.10.4</td>                <td>10.10.10.14</td>                <td>Response</td>                <td>pool.ntp.org</td>                <td>8</td>              </tr>            </tbody>          </table>                       
\ No newline at end of file
+<h1>DNS Module</h1>
+      <table class="module-summary">
+        <thead>
+          <tr>
+            <th>Requests to local DNS server</th>
+            <th>Requests to external DNS servers</th>
+            <th>Total DNS requests</th>
+            <th>Total DNS responses</th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <td>71</td>
+            <td>0</td>
+            <td>71</td>
+            <td>84</td>   
+          </tr>
+      </table>
+                     
+        <table class="module-data">
+          <thead>
+            <tr>
+              <th>Source</th>
+              <th>Destination</th>
+              <th>Resolved IP</th>
+              <th>Type</th>
+              <th>URL</th>
+              <th>Count</th>
+            </tr>
+          </thead>
+          <tbody>
+              <tr>
+                <td>10.10.10.14</td>
+                <td>10.10.10.4</td>
+                <td>N/A</td>
+                <td>Query</td>
+                <td>mqtt.googleapis.com</td>
+                <td>64</td>
+              </tr>
+              <tr>
+                <td>10.10.10.4</td>
+                <td>10.10.10.14</td>
+                <td>173.194.195.206</td>
+                <td>Response</td>
+                <td>mqtt.googleapis.com</td>
+                <td>38</td>
+              </tr>
+              <tr>
+                <td>10.10.10.4</td>
+                <td>10.10.10.14</td>
+                <td>2607:f8b0:4001:c11::ce</td>
+                <td>Response</td>
+                <td>mqtt.googleapis.com</td>
+                <td>32</td>
+              </tr>
+              <tr>
+                <td>10.10.10.14</td>
+                <td>10.10.10.4</td>
+                <td>N/A</td>
+                <td>Query</td>
+                <td>pool.ntp.org</td>
+                <td>7</td>
+              </tr>
+              <tr>
+                <td>10.10.10.4</td>
+                <td>10.10.10.14</td>
+                <td>N/A</td>
+                <td>Response</td>
+                <td>pool.ntp.org</td>
+                <td>4</td>
+              </tr>
+              <tr>
+                <td>10.10.10.4</td>
+                <td>10.10.10.14</td>
+                <td>5.78.89.3</td>
+                <td>Response</td>
+                <td>pool.ntp.org</td>
+                <td>2</td>
+              </tr>
+              <tr>
+                <td>10.10.10.4</td>
+                <td>10.10.10.14</td>
+                <td>199.68.201.234</td>
+                <td>Response</td>
+                <td>pool.ntp.org</td>
+                <td>2</td>
+              </tr>
+              <tr>
+                <td>10.10.10.4</td>
+                <td>10.10.10.14</td>
+                <td>2607:f8b0:4001:c08::ce</td>
+                <td>Response</td>
+                <td>mqtt.googleapis.com</td>
+                <td>6</td>
+              </tr>
+            </tbody>
+          </table>
+                       
\ No newline at end of file

Source	Destination	Type	URL	Count
10.10.10.14	10.10.10.4	Query	mqtt.googleapis.com	64
10.10.10.4	10.10.10.14	Response	mqtt.googleapis.com	76
10.10.10.14	10.10.10.4	Query	pool.ntp.org	7
10.10.10.4	10.10.10.14	Response	pool.ntp.org	8