forked from DNS-OARC/dnscap
-
Notifications
You must be signed in to change notification settings - Fork 0
/
CHANGES
290 lines (242 loc) · 12.2 KB
/
CHANGES
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
2017-08-21 Jerry Lundström
Release 1.5.1
Compatibility fixes for FreeBSD 11.1+ which is now packing `struct ip`
and for OpenBSD.
Commits:
17e3c92 FreeBSD is packing `struct ip`, need to `memcpy()`
f8add66 Code formatting
38cd585 Add documentation about libbind
d1dd55b Fix #82: Update dependencies for OpenBSD
2017-06-06 Jerry Lundström
Release 1.5.0
Added support for writing gzipped PCAP if the `-W` suffix ends with
`.gz` and made `-X` work without `-x`. New inteface for plugins to
tell them what extensions are available and a new plugin `rzkeychange`.
Plugin extensions:
- Call `plugin_extension(ext, arg)` to tell plugin what extensions exists
- Add extension for checking responder (`is_responder()`)
The rzkeychange plugin was developed by Duane Wessels 2016 in support
of the root zone ZSK size increase. It is also being used in support of
the 2017 root KSK rollover and collects the following measurements:
- total number of responses sent
- number of responses with TC bit set
- number of responses over TCP
- number of DNSKEY responses
- number of ICMP_UNREACH_NEEDFRAG messages received
- number of ICMP_TIMXCEED_INTRANS messages received
- number of ICMP_TIMXCEED_REASS messages received
Other fixes (author Duane Wessels):
- 232cbd0: Correct comment description for meaning of IPPROTO_AH
- 181eaa4: Add #include <sys/time.h> for struct timeval on NetBSD
Commits:
1d894e2 Make -x and -X work correctly together and update man-page
34bc54c Make the -X option work without requiring a -x option.
f43222e Fix CID 1440488, 1440489, 1440490
aa54395 Update pcap-thread to v2.1.3
81174ce Prepare SPEC for OSB/COPR
21d7468 New plugin rzkeychange and plugin extensions
38491a3 Config header is generated by autotools
419a8ab Small tweaks and fixes for gzip support
1967abc updated for earlier BSD versions
f135c90 added auto gzip if the -W suffix ends with .gz
Commits during development of rzkeychange (author Duane Wessels):
- 620828d: Add rzkeychange -z option to specify resolver IP addresses
- 1f77987: Add -p and -t options to rzkeychange plugin to configure an
alternate port and TCP. Useful for ssh tunnels.
- 2a571f1: Split ICMP time exceeded counter into two counters for time
exceeded due to TTL and another due to fragmentation
- e4ee2d3: The rzkeychange data collection plugin uses
`DNSCAP_EXT_IS_RESPONDER` extension to know if an IP address is a
"responder" or not, because when dnscap is instructed to collect ICMP
with -I, it processes all ICMP packets, not just those limited to
responders (or initiators).
- cee16b8: Add ICMP Time Exceeded to counters
- ad8a227: Counting source IPs has performance impacts. #ifdef'd out for
now add ICMP "frag needed" counts
- c25e72b: Implemented DNS queries with ldns. First there will be some
test queries to ensure the zone is reachable and configured to receive
data. Then a query naming the fields, followed by the periodic queries
delivering counts.
- fd23be7: Make report zone, server, node command line argumements mandatory
- 137789b: Adding rzkeychange plugin files
2017-03-29 Jerry Lundström
Release 1.4.1
Fixed an issue that when compiled with libpcap that had a specific
feature enabled it would result in a runtime error which could not be
worked around.
Also fixed various compatibility issues and updated dependency
documentation for CentOS.
Commits:
785d4c4 Fix compiler warnings
2d4df8d Fix #65: Update pcap-thread to v2.1.2
26d3fbc Fix #64: Add missing dependency
55e6741 Update pcap-thread to v2.1.1, fix issue with libpcap timestamp
type
c6fdb7a Fix typo and remove unused variables
2017-02-27 Jerry Lundström
Release 1.4.0
Until it can be confirmed that the threaded code works as well as the
non-threaded code it has been made optional and requires a configuration
option to enable it during compilation.
New extended option:
- `-o pcap_buffer_size=<bytes>` can be used to increase the capture
buffer within pcap-thread/libpcap, this can help mitigate dropped
packets by the kernel during breaks (like when closing dump file).
Commits:
1c6fbb2 Update copyright year
63ef665 Suppress OpenBSD warnings about symbols
2c99946 pcap-thread v2.0.0, disable threads, errors handling
4cade97 Fix #56: Update pcap-thread to v1.2.2 and add test
2016-12-23 Jerry Lundström
Release 1.3.0
Rare lockup has been fixed that could happen if a signal was received
in the wrong thread at the wrong time due to `pcap_thread_stop()`
canceling and waiting on threads to join again. The handling of signals
have been improved for threaded and non-threaded operations.
New features:
- Experimental CBOR DNS Stream format output, see `CBOR_DNS_STREAM.md`
- Extended options to specify user and group to use when dropping
privileges, see EXTENDED OPTIONS in man-page
Commits:
a5fa14e Signal and threads
3868104 Use old style C comments
7946be5 Clarify building
d5463b4 RPM spec and various automake fixes
df206bf Resource data indexing and documentation
0e2d0fe Fix #22, fix #43: Update README
5921d73 Add stream option RLABELS and RLABEL_MIN_SIZE
6dd6ec1 Implement experimental CBOR DNS Stream Format
4baf695 Fix #37: Extended options to specifty user/group to use when
dropping privileges
61d830a Fix #35: Use `AC_HEADER_TIME` and fix warning
2016-10-27 Jerry Lundström
Release 1.2.0
Update `pcap-thread` to v1.2.0 to get the new callback queue mode which
puts that mode into using pthread conditions if all pcaps are offline and
keeps us from losing packets.
Use `pcap_thread_dropback()` callback to get the notification when a
packet was dropped because the queue was full, indicating that we can't
process all the packets. Added this stats to the `-S` output as total
and per interface as `ptdrop`. Changed the output for each interface
to not cut of information, for example interface name was cut to
4 characters.
Other changes:
- Add extended options `-o <option>=<value>` because we are running out
of short options.
- Better handling of library checks and automake rules
- New option `-F <format>` to specify the format of the output in `-w`
- Add experimental CBOR output support
- LDNS is used to parse the packets
- Tinycbor is used to construct the CBOR output
- DNS-in-JSON draft [1] for representing the objects
- Check CBOR topic in README.md for more information
- When only reading offline pcap files it will not attempt to drop
privileges and add new option `-N` to explicitly not drop privileges.
Commits:
f42e23f Extended options and CBOR output format
a28f498 Fix #24: Handle packet drops
2308eaa Fix #26: Unable to drop GID to nobody, exiting.
82d65f2 Update pcap-thread to v1.1.2
[1] https://datatracker.ietf.org/doc/draft-hoffman-dns-in-json/
2016-10-11 Jerry Lundström
Release 1.1.0
The ownership of DNSCAP was transferred from ISC to DNS-OARC in
the summer of 2016 and this is the first release since that.
This project now uses Semantic Versioning and these are the changes
since the `dnscap-20160205` release (which can also be found using
the tag `v0.0.0-20160205`).
Highlights:
- Restructure repository and use autotools
- Compiled and tested on Debian, Ubuntu, CentOS, FreeBSD and OpenBSD
using Jenkins and Travis-CI
- Source code static analysis using Coverity Scan
- Compatibility fixes for FreeBSD, OpenBSD and OS X
- ABI change to `output()`, previous `isfrag` is now a `flags` that
represents what the packet is through a bitmask
- Use helper library `pcap-thread` when capturing to solve missing
packets during very low traffic
New command line options:
- `-V`: Prints version and then exits
- `-M`: Enable monitor mode on interfaces
- `-D`: Enable immediate mode on interfaces
- `-W`: Allow to specify a suffix for the pcap dump file
- `-C`: Limit/rotate capture after a certain amount of bytes
Special thanks to:
- Duane Wessels
- Paul Vixie
- Klaus Darilion
Commits:
bc7eb22 Update license after ownership transfer from ISC to DNS-OARC,
update contributors, add build badges and removed SuperFastHash
since apparently it was not used.
778e457 Add `-V` for displaying version and the exiting
71c2d79 Fix #12: Sync man-page and help text
33576ef Swap option C and D, C for this makes more sense. Also ensure
that `capturedbytes` is zero on start.
0077aff Correct dump trace with new `flags`
f9cbba0 Do not use dump suffix unless it set
4dd81d6 Update the man page
7435c49 Change new option C to D because C was already taken
813dddb Fix -B and -E, these options are supported only once
76f19d1 fix usage of -W
519b64f Add -Y option to short usage instructions
348c738 Fix -C feature: capturedbytes was not increased
3db6f94 Improve logging
b567bef New option -C: limit/rotate capture after a certain amount
of bytes
341abdf Add -W feature: allow to specify a suffix for the pcap dump
file, e. g.: '.pcap'
097a3b4 Count every packet which is sent to output(), not only
the normal ones.
75e5968 Close PCAPs after dumper_close() to have statistics still
available during dumper_close(). Otherwise we get a segfault
on shutdown.
c09d61a Add debian/ubuntu package files.
020f2aa Forgot about the compiler warnings and fix the last
Coverity Scan issue
00c834d More Coverity Scan fixes
ad2f230 Fix various Coverity Scan issues
606f0cd Update pcap thread to version 1.1.1
f065cd7 Fix #14: Add options `-M` and `-C` for monitor and
immediate mode, update help and man-page.
b872035 Update to pcap-thread version 1.1.0
1f30637 Update pcap_thread to v1.0.1, add travis check that dnscap
can run
b19efaa Building from Git repository instructions
b5460df Use `calloc()` instead of `malloc()` to be sure the memory
is zeroed
ae6a04d Use pcap_thread v1.0.0
9426a2d Update pcap_thread and add pcap stats
820b2f2 Update pcap_thread and support offline pcaps
a47dd67 Update pcap_thread
237a7a7 CentOS autoreconf complained
7b5568c Use pcap_thread
11d0388 Revert the changes on all lines that had NULL, 0 before.
7d6a7e4 Passing IPv6 fragment payloads may not currently be safe.
Needs more work. For now pass pkt=NULL to be safe for plugins.
ea8f9a4 Make the family of output() functions future proof with a flags
bitmask. Rather than separate 'isfrag' and 'isdns' flags,
they are now set as bitmasks in a single 'flags' value passed
to output() f
472a172 A change to the interface of the family of output() functions.
95a6e62 timeval.* are not unsigned
d3f32de Fix #1: Use NS_*SZ
e555871 Fix compiler warnings
3ed8f29 Fix #1
864cbd7 Can you change #ifdef __APPLE__ to check for the
arpa/nameser_compat.h header and include it if it exists?
796e8ea plugin/rssm needs to include arpa/nameser_compat.h for OS X
so that the HEADER struct is declared.
daf4bd3 In plugin/txtout silence compiler warnings about int vs short
e5bc24b plugin/pcapdump needs to include arpa/nameser_compat.h for OS X
so that the HEADER struct is declared.
0061b57 Work around configure problem detecting libresolv on Mac OS X
Without some #include files, the configure test won't find
the symbol res_mkquery() in libresolv on OS X. It is called
res_9_mkquery()
5309655 Mac OS X doesn't have setresuid() and setresgid().
This patch adds configure checks for setreuid() and setregid()
and will use those instead if the other versions are
not available.
d257a1c Fix compilation on FreeBSD and OpenBSD
07b2a75 Restructure repository and move to Automake.