dns-oarc/dnscap
1
0
Fork 0
Code Issues Activity

Merging upstream version 2.0.3.

Browse source 
Signed-off-by: Daniel Baumann <daniel@debian.org>
This commit is contained in:
Daniel Baumann 2025-02-08 12:04:12 +01:00
parent 984bd82aff
commit 0fdb83aa2d
Signed by: daniel
GPG key ID: FBB4F0E80A80222F
3 changed files with 161 additions and 226 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

20
configure vendored
View file

@ -1,6 +1,6 @@
#! /bin/sh #! /bin/sh
# Guess values for system-dependent variables and create Makefiles. # Guess values for system-dependent variables and create Makefiles.
# Generated by GNU Autoconf 2.69 for dnscap 2.0.2. # Generated by GNU Autoconf 2.69 for dnscap 2.0.3.
# #
# Report bugs to <dnscap-users@dns-oarc.net>. # Report bugs to <dnscap-users@dns-oarc.net>.
# #
@ -590,8 +590,8 @@ MAKEFLAGS=
# Identity of this package. # Identity of this package.
PACKAGE_NAME='dnscap' PACKAGE_NAME='dnscap'
PACKAGE_TARNAME='dnscap' PACKAGE_TARNAME='dnscap'
PACKAGE_VERSION='2.0.2' PACKAGE_VERSION='2.0.3'
PACKAGE_STRING='dnscap 2.0.2' PACKAGE_STRING='dnscap 2.0.3'
PACKAGE_BUGREPORT='dnscap-users@dns-oarc.net' PACKAGE_BUGREPORT='dnscap-users@dns-oarc.net'
PACKAGE_URL='https://github.com/DNS-OARC/dnscap/issues' PACKAGE_URL='https://github.com/DNS-OARC/dnscap/issues'
@ -1353,7 +1353,7 @@ if test "$ac_init_help" = "long"; then
# Omit some internal or obsolete options to make the list less imposing. # Omit some internal or obsolete options to make the list less imposing.
# This message is too long to be a string in the A/UX 3.1 sh. # This message is too long to be a string in the A/UX 3.1 sh.
cat <<_ACEOF cat <<_ACEOF
\`configure' configures dnscap 2.0.2 to adapt to many kinds of systems. \`configure' configures dnscap 2.0.3 to adapt to many kinds of systems.
Usage: $0 [OPTION]... [VAR=VALUE]... Usage: $0 [OPTION]... [VAR=VALUE]...
@ -1424,7 +1424,7 @@ fi
if test -n "$ac_init_help"; then if test -n "$ac_init_help"; then
case $ac_init_help in case $ac_init_help in
short | recursive ) echo "Configuration of dnscap 2.0.2:";; short | recursive ) echo "Configuration of dnscap 2.0.3:";;
esac esac
cat <<\_ACEOF cat <<\_ACEOF
@ -1556,7 +1556,7 @@ fi
test -n "$ac_init_help" && exit $ac_status test -n "$ac_init_help" && exit $ac_status
if $ac_init_version; then if $ac_init_version; then
cat <<\_ACEOF cat <<\_ACEOF
dnscap configure 2.0.2 dnscap configure 2.0.3
generated by GNU Autoconf 2.69 generated by GNU Autoconf 2.69
Copyright (C) 2012 Free Software Foundation, Inc. Copyright (C) 2012 Free Software Foundation, Inc.
@ -1979,7 +1979,7 @@ cat >config.log <<_ACEOF
This file contains any messages produced by compilers while This file contains any messages produced by compilers while
running configure, to aid debugging if configure makes a mistake. running configure, to aid debugging if configure makes a mistake.
It was created by dnscap $as_me 2.0.2, which was It was created by dnscap $as_me 2.0.3, which was
generated by GNU Autoconf 2.69. Invocation command line was generated by GNU Autoconf 2.69. Invocation command line was
$ $0 $@ $ $0 $@
@ -2842,7 +2842,7 @@ fi
# Define the identity of the package. # Define the identity of the package.
PACKAGE='dnscap' PACKAGE='dnscap'
VERSION='2.0.2' VERSION='2.0.3'
cat >>confdefs.h <<_ACEOF cat >>confdefs.h <<_ACEOF
@ -15015,7 +15015,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
# report actual input values of CONFIG_FILES etc. instead of their # report actual input values of CONFIG_FILES etc. instead of their
# values after options handling. # values after options handling.
ac_log=" ac_log="
This file was extended by dnscap $as_me 2.0.2, which was This file was extended by dnscap $as_me 2.0.3, which was
generated by GNU Autoconf 2.69. Invocation command line was generated by GNU Autoconf 2.69. Invocation command line was
CONFIG_FILES = $CONFIG_FILES CONFIG_FILES = $CONFIG_FILES
@ -15082,7 +15082,7 @@ _ACEOF
cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
ac_cs_version="\\ ac_cs_version="\\
dnscap config.status 2.0.2 dnscap config.status 2.0.3
configured by $0, generated by GNU Autoconf 2.69, configured by $0, generated by GNU Autoconf 2.69,
with options \\"\$ac_cs_config\\" with options \\"\$ac_cs_config\\"

2
configure.ac
View file

@ -33,7 +33,7 @@
# POSSIBILITY OF SUCH DAMAGE. # POSSIBILITY OF SUCH DAMAGE.
AC_PREREQ(2.61) AC_PREREQ(2.61)
AC_INIT([dnscap], [2.0.2], [dnscap-users@dns-oarc.net], [dnscap], [https://github.com/DNS-OARC/dnscap/issues]) AC_INIT([dnscap], [2.0.3], [dnscap-users@dns-oarc.net], [dnscap], [https://github.com/DNS-OARC/dnscap/issues])
AM_INIT_AUTOMAKE([-Wall -Werror foreign subdir-objects]) AM_INIT_AUTOMAKE([-Wall -Werror foreign subdir-objects])
AC_CONFIG_SRCDIR([src/dnscap.c]) AC_CONFIG_SRCDIR([src/dnscap.c])
AC_CONFIG_HEADER([src/config.h]) AC_CONFIG_HEADER([src/config.h])

365
src/network.c
View file

@ -460,6 +460,143 @@ breakloop:
main_exit = TRUE; main_exit = TRUE;
} }
/*
* Determine if packet should be filtered based on query type
* return values: -1 error
* 0 don't filter
* 1 filter
* for non-zero return status, reason should be set to a
* static string.
*/
static int
_filter_by_qtype(const ldns_pkt* lpkt, char** reason)
{
ldns_rr_list* rrs = ldns_pkt_question(lpkt);
if (!rrs) {
*reason = "failed to get list of questions";
return -1;
}
/* Look at each RR in the section (or each QNAME in
the question section). */
size_t i, n;
for (i = 0, n = ldns_rr_list_rr_count(rrs); i < n; i++) {
ldns_rr* rr = ldns_rr_list_rr(rrs, i);
if (!rr) {
*reason = "failed to get question";
return -1;
}
if (match_qtype && ldns_rr_get_type(rr) == match_qtype) {
if (dumptrace >= 2)
fprintf(stderr, "Packet query type %u matches filter on type == %u\n", ldns_rr_get_type(rr), match_qtype);
return 0;
} else if (nmatch_qtype && ldns_rr_get_type(rr) == nmatch_qtype) {
if (dumptrace >= 2)
fprintf(stderr, "Packet query type %u matches filter on type != %u\n", ldns_rr_get_type(rr), nmatch_qtype);
*reason = "matched unwanted qtype";
return 1;
}
}
if (match_qtype) {
*reason = "didn't match wanted qtype";
return 1; // didn't match any question RRs
}
return 0;
}
/*
* Determine if packet should be filtered based on query name
* return values: -1 error
* 0 don't filter
* 1 filter
* for non-zero return status, reason should be set to a
* static string.
*/
static int
_filter_by_qname(const ldns_pkt* lpkt, char** reason)
{
int match = -1;
int negmatch = -1;
ldns_buffer* buf = ldns_buffer_new(512);
if (!buf) {
fprintf(stderr, "%s: out of memory", ProgramName);
exit(1);
}
/* Look at each section of the message:
question, answer, authority, additional */
ldns_rr_list* rrs = ldns_pkt_all(lpkt);
if (!rrs) {
ldns_buffer_free(buf);
*reason = "failed to get list of RRs";
return -1;
}
/*
* Initialize matching counters
*/
myregex_ptr myregex;
for (myregex = HEAD(myregexes); myregex != NULL; myregex = NEXT(myregex, link)) {
if (myregex->not) {
negmatch = 0;
} else {
match = 0;
}
}
/* Look at each RR in the section (or each QNAME in
the question section). */
size_t i, n;
for (i = 0, n = ldns_rr_list_rr_count(rrs); i < n; i++) {
ldns_rr* rr = ldns_rr_list_rr(rrs, i);
if (!rr) {
ldns_rr_list_deep_free(rrs);
ldns_buffer_free(buf);
*reason = "failed to get RR";
return -1;
}
ldns_buffer_clear(buf);
if (ldns_rdf2buffer_str(buf, ldns_rr_owner(rr)) != LDNS_STATUS_OK) {
ldns_rr_list_deep_free(rrs);
ldns_buffer_free(buf);
*reason = "failed to get RR";
return -1;
}
for (myregex = HEAD(myregexes);
myregex != NULL;
myregex = NEXT(myregex, link)) {
if (regexec(&myregex->reg, (char*)ldns_buffer_begin(buf), 0, NULL, 0) == 0) {
if (myregex->not)
negmatch++;
else
match++;
if (dumptrace >= 2)
fprintf(stderr,
"; \"%s\" %s~ /%s/ %d %d\n",
(char*)ldns_buffer_begin(buf),
myregex->not ? "!" : "",
myregex->str,
match,
negmatch);
}
}
}
ldns_rr_list_deep_free(rrs);
ldns_buffer_free(buf);
/*
* Fail if any negative matches or if no positive matches
*/
if (negmatch > 0 || match == 0) {
*reason = "failed regex match";
return 1;
}
return 0;
}
void network_pkt2(const char* descr, my_bpftimeval ts, const pcap_thread_packet_t* packet, const u_char* payload, size_t length) void network_pkt2(const char* descr, my_bpftimeval ts, const pcap_thread_packet_t* packet, const u_char* payload, size_t length)
{ {
u_char pkt_copy[SNAPLEN], *pkt = pkt_copy; u_char pkt_copy[SNAPLEN], *pkt = pkt_copy;
@ -471,7 +608,6 @@ void network_pkt2(const char* descr, my_bpftimeval ts, const pcap_thread_packet_
tcpstate_ptr tcpstate = NULL; tcpstate_ptr tcpstate = NULL;
size_t len, dnslen = 0; size_t len, dnslen = 0;
HEADER dns; HEADER dns;
ldns_pkt* lpkt = 0;
/* Make a writable copy of the packet and use that copy from now on. */ /* Make a writable copy of the packet and use that copy from now on. */
if (length > SNAPLEN) if (length > SNAPLEN)
@ -889,6 +1025,7 @@ void network_pkt2(const char* descr, my_bpftimeval ts, const pcap_thread_packet_
} }
} }
if (!EMPTY(myregexes) || match_qtype || nmatch_qtype) { if (!EMPTY(myregexes) || match_qtype || nmatch_qtype) {
ldns_pkt* lpkt = 0;
if (ldns_wire2pkt(&lpkt, dnspkt, dnslen) != LDNS_STATUS_OK) { if (ldns_wire2pkt(&lpkt, dnspkt, dnslen) != LDNS_STATUS_OK) {
/* DNS message may have padding, try get actual size */ /* DNS message may have padding, try get actual size */
size_t dnslen2 = calcdnslen(dnspkt, dnslen); size_t dnslen2 = calcdnslen(dnspkt, dnslen);
@ -902,121 +1039,17 @@ void network_pkt2(const char* descr, my_bpftimeval ts, const pcap_thread_packet_
return; return;
} }
} }
} char* reason = 0;
if (match_qtype || nmatch_qtype) { if ((match_qtype || nmatch_qtype) && _filter_by_qtype(lpkt, &reason)) {
ldns_rr_list* rrs = ldns_pkt_question(lpkt);
if (!rrs) {
ldns_pkt_free(lpkt); ldns_pkt_free(lpkt);
tcpstate_discard(tcpstate, "failed to get list of questions"); tcpstate_discard(tcpstate, reason);
return; return;
} }
/* Look at each RR in the section (or each QNAME in if (!EMPTY(myregexes) && _filter_by_qname(lpkt, &reason)) {
the question section). */
size_t i, n;
for (i = 0, n = ldns_rr_list_rr_count(rrs); i < n; i++) {
ldns_rr* rr = ldns_rr_list_rr(rrs, i);
if (!rr) {
ldns_pkt_free(lpkt);
tcpstate_discard(tcpstate, "failed to get question");
return;
}
if (match_qtype && ldns_rr_get_type(rr) != match_qtype) {
ldns_pkt_free(lpkt);
tcpstate_discard(tcpstate, "qtype not match");
return;
} else if (nmatch_qtype && ldns_rr_get_type(rr) == nmatch_qtype) {
ldns_pkt_free(lpkt);
tcpstate_discard(tcpstate, "!qtype match");
return;
}
}
}
if (!EMPTY(myregexes)) {
int match, negmatch;
ldns_buffer* buf = ldns_buffer_new(512);
if (!buf) {
fprintf(stderr, "%s: out of memory", ProgramName);
exit(1);
}
match = -1;
negmatch = -1;
/* Look at each section of the message:
question, answer, authority, additional */
ldns_rr_list* rrs = ldns_pkt_all(lpkt);
if (!rrs) {
ldns_pkt_free(lpkt); ldns_pkt_free(lpkt);
ldns_buffer_free(buf); tcpstate_discard(tcpstate, reason);
tcpstate_discard(tcpstate, "failed to get list of RRs");
return; return;
} }
/* Look at each RR in the section (or each QNAME in
the question section). */
size_t i, n;
for (i = 0, n = ldns_rr_list_rr_count(rrs); i < n; i++) {
ldns_rr* rr = ldns_rr_list_rr(rrs, i);
if (!rr) {
ldns_rr_list_deep_free(rrs);
ldns_pkt_free(lpkt);
ldns_buffer_free(buf);
tcpstate_discard(tcpstate, "failed to get RR");
return;
}
ldns_buffer_clear(buf);
if (ldns_rdf2buffer_str(buf, ldns_rr_owner(rr)) != LDNS_STATUS_OK) {
ldns_rr_list_deep_free(rrs);
ldns_pkt_free(lpkt);
ldns_buffer_free(buf);
tcpstate_discard(tcpstate, "failed to get RR");
return;
}
myregex_ptr myregex;
for (myregex = HEAD(myregexes);
myregex != NULL;
myregex = NEXT(myregex, link)) {
if (myregex->not ) {
if (negmatch < 0)
negmatch = 0;
} else {
if (match < 0)
match = 0;
}
if (regexec(&myregex->reg, (char*)ldns_buffer_begin(buf), 0, NULL, 0) == 0) {
if (myregex->not )
negmatch++;
else
match++;
if (dumptrace >= 2)
fprintf(stderr,
"; \"%s\" %s~ /%s/ %d %d\n",
(char*)ldns_buffer_begin(buf),
myregex->not ? "!" : "",
myregex->str,
match,
negmatch);
}
}
}
ldns_rr_list_deep_free(rrs);
ldns_buffer_free(buf);
/*
* Fail if any negative matching or if no match, match can be -1 which
* indicates that there are only negative matching
*/
if (negmatch > 0 || match == 0) {
ldns_pkt_free(lpkt);
tcpstate_discard(tcpstate, "failed regex match");
return;
}
}
if (lpkt) {
ldns_pkt_free(lpkt); ldns_pkt_free(lpkt);
} }
@ -1053,7 +1086,6 @@ void network_pkt(const char* descr, my_bpftimeval ts, unsigned pf,
struct ip* ip; struct ip* ip;
size_t len, dnslen = 0; size_t len, dnslen = 0;
HEADER dns; HEADER dns;
ldns_pkt* lpkt = 0;
if (dumptrace >= 4) if (dumptrace >= 4)
fprintf(stderr, "processing %s packet: len=%zu\n", (pf == PF_INET ? "IPv4" : (pf == PF_INET6 ? "IPv6" : "unknown")), olen); fprintf(stderr, "processing %s packet: len=%zu\n", (pf == PF_INET ? "IPv4" : (pf == PF_INET6 ? "IPv6" : "unknown")), olen);
@ -1559,6 +1591,7 @@ void network_pkt(const char* descr, my_bpftimeval ts, unsigned pf,
} }
} }
if (!EMPTY(myregexes) || match_qtype || nmatch_qtype) { if (!EMPTY(myregexes) || match_qtype || nmatch_qtype) {
ldns_pkt* lpkt = 0;
if (ldns_wire2pkt(&lpkt, dnspkt, dnslen) != LDNS_STATUS_OK) { if (ldns_wire2pkt(&lpkt, dnspkt, dnslen) != LDNS_STATUS_OK) {
/* DNS message may have padding, try get actual size */ /* DNS message may have padding, try get actual size */
size_t dnslen2 = calcdnslen(dnspkt, dnslen); size_t dnslen2 = calcdnslen(dnspkt, dnslen);
@ -1572,111 +1605,16 @@ void network_pkt(const char* descr, my_bpftimeval ts, unsigned pf,
goto network_pkt_end; goto network_pkt_end;
} }
} }
} char* reason = 0;
if (match_qtype || nmatch_qtype) { if ((match_qtype || nmatch_qtype) && _filter_by_qtype(lpkt, &reason)) {
ldns_rr_list* rrs = ldns_pkt_question(lpkt); tcpstate_discard(tcpstate, reason);
if (!rrs) {
tcpstate_discard(tcpstate, "failed to get list of questions");
goto network_pkt_end; goto network_pkt_end;
} }
/* Look at each RR in the section (or each QNAME in if (!EMPTY(myregexes) && _filter_by_qname(lpkt, &reason)) {
the question section). */ tcpstate_discard(tcpstate, reason);
size_t i, n;
for (i = 0, n = ldns_rr_list_rr_count(rrs); i < n; i++) {
ldns_rr* rr = ldns_rr_list_rr(rrs, i);
if (!rr) {
tcpstate_discard(tcpstate, "failed to get question");
goto network_pkt_end;
}
if (match_qtype && ldns_rr_get_type(rr) != match_qtype) {
tcpstate_discard(tcpstate, "qtype not match");
goto network_pkt_end;
} else if (nmatch_qtype && ldns_rr_get_type(rr) == nmatch_qtype) {
tcpstate_discard(tcpstate, "!qtype match");
goto network_pkt_end;
}
}
}
if (!EMPTY(myregexes)) {
int match, negmatch;
ldns_buffer* buf = ldns_buffer_new(512);
if (!buf) {
fprintf(stderr, "%s: out of memory", ProgramName);
exit(1);
}
match = -1;
negmatch = -1;
/* Look at each section of the message:
question, answer, authority, additional */
ldns_rr_list* rrs = ldns_pkt_all(lpkt);
if (!rrs) {
ldns_buffer_free(buf);
tcpstate_discard(tcpstate, "failed to get list of RRs");
goto network_pkt_end;
}
/* Look at each RR in the section (or each QNAME in
the question section). */
size_t i, n;
for (i = 0, n = ldns_rr_list_rr_count(rrs); i < n; i++) {
ldns_rr* rr = ldns_rr_list_rr(rrs, i);
if (!rr) {
ldns_rr_list_deep_free(rrs);
ldns_buffer_free(buf);
tcpstate_discard(tcpstate, "failed to get RR");
goto network_pkt_end;
}
ldns_buffer_clear(buf);
if (ldns_rdf2buffer_str(buf, ldns_rr_owner(rr)) != LDNS_STATUS_OK) {
ldns_rr_list_deep_free(rrs);
ldns_buffer_free(buf);
tcpstate_discard(tcpstate, "failed to get RR");
goto network_pkt_end;
}
myregex_ptr myregex;
for (myregex = HEAD(myregexes);
myregex != NULL;
myregex = NEXT(myregex, link)) {
if (myregex->not ) {
if (negmatch < 0)
negmatch = 0;
} else {
if (match < 0)
match = 0;
}
if (regexec(&myregex->reg, (char*)ldns_buffer_begin(buf), 0, NULL, 0) == 0) {
if (myregex->not )
negmatch++;
else
match++;
if (dumptrace >= 2)
fprintf(stderr,
"; \"%s\" %s~ /%s/ %d %d\n",
(char*)ldns_buffer_begin(buf),
myregex->not ? "!" : "",
myregex->str,
match,
negmatch);
}
}
}
ldns_rr_list_deep_free(rrs);
ldns_buffer_free(buf);
/*
* Fail if any negative matching or if no match, match can be -1 which
* indicates that there are only negative matching
*/
if (negmatch > 0 || match == 0) {
tcpstate_discard(tcpstate, "failed regex match");
goto network_pkt_end; goto network_pkt_end;
} }
ldns_pkt_free(lpkt);
} }
/* Policy hiding. */ /* Policy hiding. */
@ -1754,9 +1692,6 @@ void network_pkt(const char* descr, my_bpftimeval ts, unsigned pf,
network_pkt_end: network_pkt_end:
network_ip = 0; network_ip = 0;
network_ipv6 = 0; network_ipv6 = 0;
if (lpkt) {
ldns_pkt_free(lpkt);
}
} }
uint16_t in_checksum(const u_char* ptr, size_t len) uint16_t in_checksum(const u_char* ptr, size_t len)