Skip to content

Releases: DNS-OARC/dnscap

Release 1.12.0

22 Oct 09:23
Compare
Choose a tag to compare

This release fixes the handling of -? option for dnscap and all plugins, previously the handling varied between places and depending on getopt() implementation an invalid option could return the wrong exit code.

Other changes:

  • Fix typo in configure help text
  • plugins/anonmask: Fix typo in help text
  • plugins/rzkeychange:
    • Add -D, dry run mode, for testing
    • Fix handling of -a and error on too many

KNOWN ISSUES:

On OpenBSD the system library libc exports the same symbols as libbind does and this causes runtime warnings. Until now this has not caused any known problems but is now also causing segfaults if the packet filter used (BPF) includes IPv6 addresses.
On all other platforms OARC supports, these symbols are macros and in so should not cause any problem.

Due to submodules in the repository please download this tarball:
https://www.dns-oarc.net/files/dnscap/dnscap-1.12.0.tar.gz
sha256: 564deb3b7abc5197950bf223bdc9ed7d2a2a04fbadf2f04ed7cd7d57e9d175c7

Packages are available at: https://dev.dns-oarc.net/packages/

ee478c0 Known issues
2f9d957 Tests
3c663a2 Tests
c88efc5 rzkeychange test
f062f33 Tests

Release 1.11.1

20 Aug 12:19
Compare
Choose a tag to compare

This release fixes a lot of issues found by code analysis, adds a explicit memory zeroing function to remove account information (read when dropping privileges) and adds code coverage reporting.

Due to submodules in the repository please download this tarball:
https://www.dns-oarc.net/files/dnscap/dnscap-1.11.1.tar.gz
sha256: c1bd61012c6733e2e9aef6cc67cda25462cf8f81cd656968bdb988e80cc68a1f

Packages are available at: https://dev.dns-oarc.net/packages/

The dnscap_memzero() will use explicit_bzero() on FreeBSD and OpenBSD, or memset_s() (if supported), otherwise it will manually set the memory to zero. This will hopefully ensure that the memory is zeroed as compilers can optimize out memset()'s that is just before free().

The plugins exit code for the help option -? has been changed to 0 to have the same as dnscap -?.

d9747ee memzero
1cf17c6 Coverage
19c7120 Coverage
7435676 Sonarcloud
928e181 Sonarcloud
ca4afd0 Sonarcloud
028f5e0 Badges
db0d6a1 LGTM

Release 1.11.0

01 Jun 12:33
Compare
Choose a tag to compare

This release includes a new plugin called eventlog, contributed by Byron Darrah (@ByronDarrah), output DNS activity as log events, including answers to A and AAAA queries.

Other changes includes compile warning and code analysis fixes.

Due to submodules in the repository please download this tarball:
https://www.dns-oarc.net/files/dnscap/dnscap-1.11.0.tar.gz
sha256: 1207b75c9d532b4e9359d12c15e681e381310ff71824c75404632b383a625725

Packages are available at: https://dev.dns-oarc.net/packages/

382eac4 COPR
4c03650 Compile warn
21d6a67 Slight change -- wording now matches usage() output.
dd19b0b Added the eventlog.so plugin...
1ebf504 Added new dnscap plugin: evenlog.so...
f3f9aaa Compile warnings

Release 1.10.4

02 Mar 13:42
Compare
Choose a tag to compare

Fixed a bug that would not drop privileges when not specifying any interface (which is equal to capturing on all interfaces). Added functionality to set the supplemental groups when dropping privileges and changing user, or clear them if that is not supported. Other changes includes corrected man-page about '-w' and update to documentation.

Due to submodules in the repository please download this tarball:
https://www.dns-oarc.net/files/dnscap/dnscap-1.10.4.tar.gz
sha256: e24c05c8e3f65fdbf3e40ce34acc1a3b97829d91b4f20da34041042b9dbb4269

Packages are available at: https://dev.dns-oarc.net/packages/

a0285e4 drop privileges errors, initgroups/setgroups
96336f3 daemon: Attempt to drop supplemental groups
467a9a7 Drop privileges
de940a8 man-page -w
187ec43 README

Release 1.10.3

02 Oct 09:48
Compare
Choose a tag to compare

Fixed plugins inclusion in deb packages for Debian and Ubuntu.

Due to submodules in the repository please download this tarball:
https://www.dns-oarc.net/files/dnscap/dnscap-1.10.3.tar.gz
sha256: 1be6fa745c8654fb99fd951e767d0dddb50131c96806fa920a92a294f8f36e18

Packages are available at: https://dev.dns-oarc.net/packages/

017ebb2 Deb packages
cf59143 COPR, spec

Release 1.10.2

05 Aug 10:48
Compare
Choose a tag to compare

Fixed bug in the handling of defragmentation configuration which lead to the use of a local scope variable later on and caused unexpected behavior.

Due to submodules in the repository please download this tarball:
https://www.dns-oarc.net/files/dnscap/dnscap-1.10.2.tar.gz
sha256: fabeb5e037b80f572808e10aafcbf12190e0e62a89c2695d0cc52bd7de30c28b

Packages are available at: https://dev.dns-oarc.net/packages/

91692b8 Frag conf
6a74376 Package
d0d1a6d Package

Release 1.10.1

08 Jul 13:44
Compare
Choose a tag to compare

Fix various issues found by code analysis tools, a few compiler warnings removed, undefined bit shift behavior fixed, parameter memory leaks plugged and documentation updates.

Due to submodules in the repository please download this tarball:
https://www.dns-oarc.net/files/dnscap/dnscap-1.10.1.tar.gz
sha256: f919e6a8494e35b4a3428999fe4665ecb35c2ae1452d0c35da823f608c77a84f

Packages are available at: https://dev.dns-oarc.net/packages/

Fixes:

  • dump_dns: Remove usage of strcpy() and use snprintf() instead of sprintf()
  • bpft:
    • Use text_ptr->len to store length of generated text
    • Use memcpy() instead of strcat()
    • Remove unneeded realloc() and strcpy()
  • plugins/cryptopan: Fix strict-aliasing warnings
  • network: Rework part of dl_pkt() to remove usage of strcpy() and use snprintf() instead of sprintf()
  • plugins/anonaes128: Use a6 as dest when copying v4 addresses for readability and code analysis
  • plugins/cryptopan: Run first pass separate to eliminate a 32bit shift by 32 (undefined behavior)
  • plugins/cryptopant: Fix memory leak of keyfile if -k is specified more then once

Documentation:

  • Update README.md with correction to building from git and note about PCAP on OpenBSD
  • Fix #190: Update link to libbind source

074923c Funding
5d2e84c libbind
8ee9f2a Travis-CI
6babd09 Fixes
bb2d1c7 README, compile warnings
0d9cd9c LGTM, Travis-CI

Release 1.10.0

04 Dec 07:54
Compare
Choose a tag to compare

This release adds a new plugin type "filter" and 5 new plugins that can do anonymization, deanonymization and masking of the IP addresses.

Due to submodules in the repository please download this tarball:
https://www.dns-oarc.net/files/dnscap/dnscap-1.10.0.tar.gz
sha256: 00f4b04a179e2a7c81a426c72ab228efe408868c1caf0c6cb0aa7906055222f4

Packages are available at: https://dev.dns-oarc.net/packages/

New features:

  • Check plugins for pluginname_type() which returns enum plugin_type, if missing the plugin is counted as an "output" plugin
  • New plugin type "filter" which calls pluginname_filter() prior of outputting any data or calling of "output" plugins, if the new function returns non-zero then the packet is filtered out (dropped)
  • New extension DNSCAP_EXT_SET_IADDR that gives access to a function for setting the from and to IP addresses both in the extracted data and the wire

New plugins:

  • anonaes128: Anonymize IP addresses using AES128
  • anonmask: Pseudo-anonymize IP addresses by masking them
  • cryptopan: Anonymize IP addresses using an extension to Crypto-PAn (College of Computing, Georgia Tech) made by David Stott (Lucent)
  • cryptopant: Anonymize IP addresses using cryptopANT, a different implementation of Crypto-PAn made by the ANT project at USC/ISI
  • ipcrypt: Anonymize IP addresses using ipcrypt create by Jean-Philippe Aumasson @veorq

Bugfixes:

  • Fix changing royparse and txtout with other plugins (thanks to Duane Wessels @wessels and Paul Hoffman @paulehoffman)
  • Free pointers to allocated strings in text_free() (thanks to Michał Kępień @kempniu)
  • Fix IP checksum calculation

Other changes:

  • -B and -E can be used without -w (thanks to Duane Wessels @wessels)
  • Use pcap_findalldevs() instead of pcap_lookupdev() (thanks to Michał Kępień @kempniu)
  • Document and add -? option to all plugins
  • Fix clang scan-build bugs and LGTM alerts
  • Use gmtime_r() instead of gmtime()
  • Update pcap-thread to v4.0.0

67d8e2c Fix
fb0ed02 Plugin documentation
a2c9a6c cryptopant
39db1ca Deanonymize, IPv6 test
afc7107 Crypto-PAn, cryptopANT
f1912cc OpenSSL, anonaes128
f2bab62 ipcrypt, anonmask
158b1e7 anonmask help
60ece58 anonmask
8f1b138 Plugin types, filter plugin, set iaddr extension, anonymization by masking
b7d7991 IP checksum
641a23a Free pointers to allocated strings in text_free()
4d313bf pcap_findalldevs()
091e0ca Use pcap_findalldevs() instead of pcap_lookupdev()
6a7b25e Clean up use of feature test macros on Linux
cbba14c Configure, uninitialized
f228c9c Code formatting
3fd738c man-page
770168a Test
714e4f5 Fix -B so that it works when reading offline pcap files.
8675bea Test
911fec9 Implementing test9 as a test of -B and -E command line args.
a7cc72d -B and -E can work fine without -w .
04c4928 Made the same changes to txtout as were in 165a786
165a786 Workaround for stdio mystery causing duplicate royparse output.

Release 1.9.0

28 Feb 14:26
Compare
Choose a tag to compare

This release adds a new option to change how the Berkeley Packet Filter is generated to include the host restrictions for all selections, previously this restriction would only apply to specific parts.

Additional tweaks to the RSSM plugin has been made to conform to the RSSAC002v3 specification. One noticeable change is that the plugin now requires the DNS to be parsed before counted, any error in the parsing will result in the message being left out of the statistics.

Due to submodules in the repository please download this tarball:
https://www.dns-oarc.net/files/dnscap/dnscap-1.9.0.tar.gz
sha256: 1c3793a65948e90be65730c915d808cfdc894ec3b61ee9a266c080eb1fac5382

Packages are available at: https://dev.dns-oarc.net/packages/

Changes:

  • Fix spacing in BPF filter to look better
  • Fix #146: Add bpf_hosts_apply_all, apply any host restriction to all
  • plugin/rssm:
    • Remove quoting of start-period and correctly handle empty hashes
    • Issue #152, Issue #91: Parse DNS before processing RSSM counters
  • plugin/rssm/dnscap-rssm-rssac002: Use YAML::Dump() for output

47d892b Issue #152: RSSM YAML output
d4f1466 Issue #152, Issue #91: Parse DNS before processing RSSM counters
68fc1ff BPF, bpf_hosts_apply_all

Release 1.8.0

07 Feb 12:27
Compare
Choose a tag to compare

This release updates the TCP stream code in order to be able to look at more then just the first query, for handling already ongoing TCP connections without having seen SYN/ACK and for reassembly of the TCP stream prior of parsing it for DNS with an additional layer of parsing (see reassemble_tcp_bfbparsedns).

Updates to the Root Server Scaling Measurement (RSSM) plugin have also been made to bring it up to date with RSSAC002v3 specification, be able to output the YAML format described and an additional script to merge YAML files if the interval is less then the RSSAC002v3 24 hour period. See "Updates to the RSSM plugin" below and plugins/rssm/README.md.

Due to submodules in the repository please download this tarball:
https://www.dns-oarc.net/files/dnscap/dnscap-1.8.0.tar.gz
sha256: 5440fecc1a3f98948207e23549afe0c102b45eda5cde2a2b80ed446d88457558

Packages are available at: https://dev.dns-oarc.net/packages/

New extended options:

  • parse_ongoing_tcp: Start tracking TCP connections even if SYN/ACK has not been seen
  • allow_reset_tcpstate: Allow external reset of TCP state
  • reassemble_tcp: Use to enable TCP stream reassembly
  • reassemble_tcp_faultreset: Number of faults before reseting TCP state when reassembly is enabled
  • reassemble_tcp_bfbparsedns: Enable an experimental additional layer of reassemble that uses libbind to parse the payload before accepting it. If the DNS is invalid it will move 2 bytes within the payload and treat it as a new payload, taking the DNS length again and restart the process. Requires libbind and reassemble_tcp.

New extension functions for plugins:

  • DNSCAP_EXT_TCPSTATE_GETCURR: Function to get a pointer for the current TCP state
  • DNSCAP_EXT_TCPSTATE_RESET: Function to reset a TCP state

New features:

  • Parse additional DNS queries in TCP connections
  • -g and the txtout plugin will reset TCP state (if allowed) on failure to parse DNS

Bugfixes:

  • Fix -g output, separate error message with a space
  • Fix TCP packets wrongfully flagged as DNS when using layers.
  • Fix TCP debug output when using layers, ia_str() is not safe to call twice in the same printf because of local buffer.
  • Fix exported extension functions, need to be file local

New tests for:

  • Multiple DNS queries in one TCP connection
  • Query over TCP without SYN
  • Queries over TCP with first query missing length
  • Queries over TCP with middle payloads missing
  • Add test with TCP stream that missing multiple packets in the middle

Updates to the RSSM plugin (plugins/rssm):

  • Add info about saving counts and sources
  • Fix memory leak on fopen() errors
  • Update to RSSAC002v3 specification
  • New options:
    • -D to disable forking on close
    • -Y: Use RSSAC002v3 YAML format when writing counters, the file will contain multiple YAML documents, one for each RSSAC002v3 metric
      Used with; -S adds custom metric dnscap-rssm-sources and -A adds dnscap-rssm-aggregated-sources
    • -n: Set the service name to use in RSSAC002v3 YAML
    • -S: Write source IPs into counters file with the prefix source
    • -A: Write aggregated IPv6(/64) sources into counters file with the prefix aggregated-source
    • -a: Write aggregated IPv6(/64) sources to <name>.<timesec>.<timeusec>
  • Add dnscap-rssm-rssac002 Perl script for merging RSSAC002v3 YAML files
  • Add README.md for the plugin man-page for dnscap-rssm-rssac002
  • Add test for YAML output and merging of YAML files

c7058c8 Use file local functions for all extensions
66b352d RSSM RSSAC002v3 YAML Tool
b09efc2 plugins/rssm RSSAC002v3
709aba6 Fix #89: Add additional reassembly layers that parses the payload byte for byte for valid DNS
04fa013 Fix CID 1463944 (again)
b1cf623 RSSM saving data and forking
fb23305 Fix CID 1463944
0fca1a8 Issue #89: TCP stream reassemble
bb6428c CID 1463814: Check ns_initparse() for errors
a57066f Fix #88: TCP handling