fix(linux-dns): capture sendmsg and sendmmsg DNS queries

[Karib0u]

Description

Linux DNS IOC and Sigma dns.question.name detection silently misses DNS queries sent via sendmsg() and sendmmsg() syscalls. Common real-world clients — including dig, glibc getaddrinfo(), Python socket, and modern DNS libraries — use these syscalls rather than sendto(). This means domain-based IOC and Sigma detection does not fire for the most common DNS clients on Linux.

Environment

• Rustinel version: current
• OS / platform: Linux (eBPF-capable kernel)
• Installed as: binary / built from source

Steps to reproduce

1. Start Rustinel with a domain IOC or Sigma DNS rule loaded
2. Run dig google.com A @8.8.8.8
3. Observe: no DNS event is generated, the IOC/Sigma rule does not trigger

Expected behaviour

dig google.com A @8.8.8.8, Python socket.sendmsg, and socket.getaddrinfo() all generate dns.question.name events and trigger matching domain IOC/Sigma rules.

Actual behaviour

DNS queries sent via sendmsg() or sendmmsg() are not captured. Only sendto() is currently hooked. The most common DNS clients on Linux are invisible to detection.

Relevant logs or output

Config (redacted)

Fix scope:

• Add sys_enter_sendmsg and sys_enter_sendmmsg eBPF tracepoint handlers
• Reuse existing raw DNS payload event format and userspace QNAME parsing
• Attach new handlers in the Linux eBPF loader
• Add a manual DNS matrix regression script covering sendto, sendmsg, sendmmsg