Adding upstream version 2.0.0+debian.

Signed-off-by: Daniel Baumann <daniel@debian.org>
2025-02-08 11:57:11 +01:00 · 2025-02-08 11:57:11 +01:00 · 1cf0d30d41
commit 1cf0d30d41
parent 65eb8bc08a
191 changed files with 48816 additions and 0 deletions
--- a/plugins/cryptopant/Makefile.am
+++ b/plugins/cryptopant/Makefile.am
@ -0,0 +1,24 @@
+MAINTAINERCLEANFILES = $(srcdir)/Makefile.in
+CLEANFILES = *.gcda *.gcno *.gcov
+
+AM_CFLAGS = -I$(srcdir) \
+    -I$(top_srcdir)/src \
+    -I$(top_srcdir)/isc \
+    $(SECCOMPFLAGS) $(libcrypto_CFLAGS)
+
+pkglib_LTLIBRARIES = cryptopant.la
+cryptopant_la_SOURCES = cryptopant.c
+cryptopant_la_LDFLAGS = -module -avoid-version $(libcrypto_LIBS)
+
+TESTS = test1.sh test2.sh test3.sh test4.sh
+
+EXTRA_DIST = $(TESTS) test1.gold keyfile test2.gold test3.gold
+CLEANFILES += test1.out test2.out test3.out test3.pcap.20161020.152301.075993 \
+  test3.pcap.20181127.155200.414188
+
+if ENABLE_GCOV
+gcov-local:
+	for src in $(cryptopant_la_SOURCES); do \
+	  gcov -o .libs -l -r -s "$(srcdir)" "$$src"; \
+	done
+endif
--- a/plugins/cryptopant/cryptopant.c
+++ b/plugins/cryptopant/cryptopant.c
@ -0,0 +1,241 @@
+/*
+ * Copyright (c) 2018-2021, OARC, Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. Neither the name of the copyright holder nor the names of its
+ *    contributors may be used to endorse or promote products derived
+ *    from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+ * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+ * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
+ * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "config.h"
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <unistd.h>
+#include <string.h>
+#include <sys/socket.h>
+
+#include "dnscap_common.h"
+
+#if defined(HAVE_LIBCRYPTOPANT) && defined(HAVE_CRYPTOPANT_H)
+#include <cryptopANT.h>
+#define USE_CRYPTOPANT 1
+#endif
+
+static set_iaddr_t cryptopant_set_iaddr = 0;
+
+static logerr_t* logerr;
+static int       only_clients = 0, only_servers = 0, dns_port = 53, pass4 = 0, pass6 = 0, decrypt = 0;
+
+enum plugin_type cryptopant_type()
+{
+    return plugin_filter;
+}
+
+void usage(const char* msg)
+{
+    fprintf(stderr, "cryptopant.so usage error: %s\n", msg);
+    exit(1);
+}
+
+void cryptopant_usage()
+{
+    fprintf(stderr,
+        "\ncryptopant.so options:\n"
+        "\t-?            print these instructions and exit\n"
+        "\t-k <file>     Keyfile to use (generated by scramble_ips -G)\n"
+        "\t-4 <num>      pass <num> higher bits of IPv4 through unchanged\n"
+        "\t-6 <num>      pass <num> higher bits of IPv6 through unchanged\n"
+        "\t-D            Decrypt IP addresses\n"
+        "\t-c            Only encrypt clients (port != 53)\n"
+        "\t-s            Only encrypt servers (port == 53)\n"
+        "\t-p <port>     Set port for -c/-s, default 53\n");
+}
+
+void cryptopant_extension(int ext, void* arg)
+{
+    switch (ext) {
+    case DNSCAP_EXT_SET_IADDR:
+        cryptopant_set_iaddr = (set_iaddr_t)arg;
+        break;
+    }
+}
+
+void cryptopant_getopt(int* argc, char** argv[])
+{
+    int           c;
+    unsigned long ul;
+    char *        p, *keyfile = 0;
+
+    while ((c = getopt(*argc, *argv, "?k:4:6:Dcsp:")) != EOF) {
+        switch (c) {
+        case 'k':
+            if (keyfile) {
+                free(keyfile);
+            }
+            keyfile = strdup(optarg);
+            break;
+        case '4':
+            ul = strtoul(optarg, &p, 0);
+            if (*p != '\0' || ul > 31U)
+                usage("pass IPv4 bits must be an integer 0..31");
+            pass4 = (unsigned)ul;
+            break;
+        case '6':
+            ul = strtoul(optarg, &p, 0);
+            if (*p != '\0' || ul > 127U)
+                usage("pass IPv6 bits must be an integer 0..127");
+            pass6 = (unsigned)ul;
+            break;
+        case 'D':
+            decrypt = 1;
+            break;
+        case 'c':
+            only_clients = 1;
+            break;
+        case 's':
+            only_servers = 1;
+            break;
+        case 'p':
+            ul = strtoul(optarg, &p, 0);
+            if (*p != '\0' || ul < 1U || ul > 65535U)
+                usage("port must be an integer 1..65535");
+            dns_port = (unsigned)ul;
+            break;
+        case '?':
+            cryptopant_usage();
+            if (!optopt || optopt == '?') {
+                exit(0);
+            }
+            // fallthrough
+        default:
+            exit(1);
+        }
+    }
+
+#ifdef USE_CRYPTOPANT
+    if (!keyfile) {
+        usage("must have a -k keyfile");
+    }
+
+    if (scramble_init_from_file(keyfile, SCRAMBLE_NONE, SCRAMBLE_NONE, 0)) {
+        usage("unable to initialize cryptopANT");
+    }
+#else
+    usage("no cryptopANT support built in, can't encrypt IP addresses");
+#endif
+
+    if (only_clients && only_servers) {
+        usage("-c and -s options are mutually exclusive");
+    }
+
+    if (keyfile) {
+        free(keyfile);
+    }
+}
+
+int cryptopant_start(logerr_t* a_logerr)
+{
+    logerr = a_logerr;
+    return 0;
+}
+
+void cryptopant_stop()
+{
+}
+
+int cryptopant_open(my_bpftimeval ts)
+{
+    return 0;
+}
+
+int cryptopant_close(my_bpftimeval ts)
+{
+    return 0;
+}
+
+int cryptopant_filter(const char* descr, iaddr* from, iaddr* to, uint8_t proto, unsigned flags,
+    unsigned sport, unsigned dport, my_bpftimeval ts,
+    const u_char* pkt_copy, const unsigned olen,
+    const u_char* payload, const unsigned payloadlen)
+{
+#ifdef USE_CRYPTOPANT
+    for (;;) {
+        if (only_clients && sport == dns_port) {
+            from = 0;
+            break;
+        }
+        if (only_servers && sport != dns_port) {
+            from = 0;
+            break;
+        }
+
+        switch (from->af) {
+        case AF_INET:
+            from->u.a4.s_addr = decrypt ? unscramble_ip4(from->u.a4.s_addr, pass4) : scramble_ip4(from->u.a4.s_addr, pass4);
+            break;
+        case AF_INET6:
+            decrypt ? unscramble_ip6(&from->u.a6, pass6) : scramble_ip6(&from->u.a6, pass6);
+            break;
+        default:
+            from = 0;
+            break;
+        }
+        break;
+    }
+
+    for (;;) {
+        if (only_clients && dport == dns_port) {
+            to = 0;
+            break;
+        }
+        if (only_servers && dport != dns_port) {
+            to = 0;
+            break;
+        }
+
+        switch (to->af) {
+        case AF_INET:
+            to->u.a4.s_addr = decrypt ? unscramble_ip4(to->u.a4.s_addr, pass4) : scramble_ip4(to->u.a4.s_addr, pass4);
+            break;
+        case AF_INET6:
+            decrypt ? unscramble_ip6(&to->u.a6, pass6) : scramble_ip6(&to->u.a6, pass6);
+            break;
+        default:
+            to = 0;
+            break;
+        }
+        break;
+    }
+
+    if (cryptopant_set_iaddr && (from || to)) {
+        cryptopant_set_iaddr(from, to);
+    }
+#endif
+    return 0;
+}
--- a/plugins/cryptopant/keyfile
+++ b/plugins/cryptopant/keyfile
@ -0,0 +1 @@
+02:02:cd6adc7b7dcaf5b926c657190ab7e05a:1df8f74f976ad7ff7a443ce7d2e2ce44235fa2a7080107b19a6785698064f121::54d9e7a215dbd120f70f054a176ca398
--- a/plugins/cryptopant/test1.gold
+++ b/plugins/cryptopant/test1.gold
--- a/plugins/cryptopant/test1.sh
+++ b/plugins/cryptopant/test1.sh
@ -0,0 +1,31 @@
+#!/bin/sh -xe
+
+plugin=`find . -name 'cryptopant.so' | head -n 1`
+if [ -z "$plugin" ]; then
+    echo "Unable to find the cryptopant plugin"
+    exit 1
+fi
+
+ln -fs "$srcdir/../../src/test/dns.pcap" dns.pcap-dist
+
+../../src/dnscap -r dns.pcap-dist -g -P "$plugin" 2>test1.out || true
+if grep -q "no cryptopANT support built in" test1.out 2>/dev/null; then
+    echo "No cryptopANT support, skipping tests"
+    exit 0
+fi
+
+! ../../src/dnscap -r dns.pcap-dist -g -P "$plugin" 2>test1.out
+../../src/dnscap -r dns.pcap-dist -g -P "$plugin" -k "$srcdir/keyfile" 2>>test1.out
+../../src/dnscap -r dns.pcap-dist -g -P "$plugin" -k "$srcdir/keyfile" -4 8 2>>test1.out
+../../src/dnscap -r dns.pcap-dist -g -P "$plugin" -k "$srcdir/keyfile" -c 2>>test1.out
+../../src/dnscap -r dns.pcap-dist -g -P "$plugin" -k "$srcdir/keyfile" -s 2>>test1.out
+! ../../src/dnscap -r dns.pcap-dist -g -P "$plugin" -k "$srcdir/keyfile" -c -s 2>>test1.out
+
+osrel=`uname -s`
+if [ "$osrel" = "OpenBSD" ]; then
+    mv test1.out test1.out.old
+    grep -v "^dnscap.*WARNING.*symbol.*relink" test1.out.old > test1.out
+    rm test1.out.old
+fi
+
+diff test1.out "$srcdir/test1.gold"
--- a/plugins/cryptopant/test2.gold
+++ b/plugins/cryptopant/test2.gold
@ -0,0 +1,33 @@
+[87] 2018-11-27 15:52:00.414188 [#0 dns6.pcap-dist 4095] \
+	[2a01:3a0:52c7:8483:3fd2:892c:443c:197e].51972 [2001:48e7:eb7b:8330:a6b3:e29f:c7a1:a114].53  \
+	dns QUERY,NOERROR,51420,rd|ad \
+	1 google.com.,IN,A 0 0 \
+	1 .,4096,4096,0,edns0[len=0,UDP=4096,ver=0,rcode=0,DO=0,z=0]
+[103] 2018-11-27 15:52:00.428453 [#1 dns6.pcap-dist 4095] \
+	[2001:48e7:eb7b:8330:a6b3:e29f:c7a1:a114].53 [2a01:3a0:52c7:8483:3fd2:892c:443c:197e].51972  \
+	dns QUERY,NOERROR,51420,qr|rd|ra \
+	1 google.com.,IN,A \
+	1 google.com.,IN,A,299,172.217.20.46 0 \
+	1 .,512,512,0,edns0[len=0,UDP=512,ver=0,rcode=0,DO=0,z=0]
+[87] 2018-11-27 15:52:00.414188 [#0 dns6.pcap-dist 4095] \
+	[f97c:c1a0:52c7:8483:3fd2:892c:443c:197e].51972 [2001:4860:4860::8888].53  \
+	dns QUERY,NOERROR,51420,rd|ad \
+	1 google.com.,IN,A 0 0 \
+	1 .,4096,4096,0,edns0[len=0,UDP=4096,ver=0,rcode=0,DO=0,z=0]
+[103] 2018-11-27 15:52:00.428453 [#1 dns6.pcap-dist 4095] \
+	[2001:4860:4860::8888].53 [f97c:c1a0:52c7:8483:3fd2:892c:443c:197e].51972  \
+	dns QUERY,NOERROR,51420,qr|rd|ra \
+	1 google.com.,IN,A \
+	1 google.com.,IN,A,299,172.217.20.46 0 \
+	1 .,512,512,0,edns0[len=0,UDP=512,ver=0,rcode=0,DO=0,z=0]
+[87] 2018-11-27 15:52:00.414188 [#0 dns6.pcap-dist 4095] \
+	[2a01:3f0:0:57::245].51972 [f29a:ede7:eb7b:8330:a6b3:e29f:c7a1:a114].53  \
+	dns QUERY,NOERROR,51420,rd|ad \
+	1 google.com.,IN,A 0 0 \
+	1 .,4096,4096,0,edns0[len=0,UDP=4096,ver=0,rcode=0,DO=0,z=0]
+[103] 2018-11-27 15:52:00.428453 [#1 dns6.pcap-dist 4095] \
+	[f29a:ede7:eb7b:8330:a6b3:e29f:c7a1:a114].53 [2a01:3f0:0:57::245].51972  \
+	dns QUERY,NOERROR,51420,qr|rd|ra \
+	1 google.com.,IN,A \
+	1 google.com.,IN,A,299,172.217.20.46 0 \
+	1 .,512,512,0,edns0[len=0,UDP=512,ver=0,rcode=0,DO=0,z=0]
--- a/plugins/cryptopant/test2.sh
+++ b/plugins/cryptopant/test2.sh
@ -0,0 +1,37 @@
+#!/bin/sh -xe
+
+plugin=`find . -name 'cryptopant.so' | head -n 1`
+if [ -z "$plugin" ]; then
+    echo "Unable to find the cryptopant plugin"
+    exit 1
+fi
+
+ln -fs "$srcdir/../../src/test/dns6.pcap" dns6.pcap-dist
+
+../../src/dnscap -r dns6.pcap-dist -g -P "$plugin" 2>test2.out || true
+if grep -q "no cryptopANT support built in" test2.out 2>/dev/null; then
+    echo "No cryptopANT support, skipping tests"
+    exit 0
+fi
+
+../../src/dnscap -r dns6.pcap-dist -g -P "$plugin" -k "$srcdir/keyfile" 2>test2.out
+../../src/dnscap -r dns6.pcap-dist -g -P "$plugin" -k "$srcdir/keyfile" -6 24 2>test2.out
+../../src/dnscap -r dns6.pcap-dist -g -P "$plugin" -k "$srcdir/keyfile" -c 2>>test2.out
+../../src/dnscap -r dns6.pcap-dist -g -P "$plugin" -k "$srcdir/keyfile" -s 2>>test2.out
+
+osrel=`uname -s`
+if [ "$osrel" = "OpenBSD" ]; then
+    mv test2.out test2.out.old
+    grep -v "^dnscap.*WARNING.*symbol.*relink" test2.out.old > test2.out
+    rm test2.out.old
+fi
+
+# TODO: Remove when #133 is fixed
+cat test2.out | \
+  sed 's%,CLASS4096,OPT,%,4096,4096,%' | \
+  sed 's%,CLASS512,OPT,%,512,512,%' | \
+  sed 's%,41,41,0,edns0\[len=0,UDP=4096,%,4096,4096,0,edns0[len=0,UDP=4096,%' | \
+  sed 's%,41,41,0,edns0\[len=0,UDP=512,%,512,512,0,edns0[len=0,UDP=512,%' >test2.new
+mv test2.new test2.out
+
+diff test2.out "$srcdir/test2.gold"
--- a/plugins/cryptopant/test3.gold
+++ b/plugins/cryptopant/test3.gold
@ -0,0 +1,725 @@
+[56] 2016-10-20 15:23:01.075993 [#0 test3.pcap.20161020.152301.075993 4095] \
+	[172.17.0.10].53199 [8.8.8.8].53  \
+	dns QUERY,NOERROR,59311,rd \
+	1 google.com.,IN,A 0 0 0
+[208] 2016-10-20 15:23:01.077982 [#1 test3.pcap.20161020.152301.075993 4095] \
+	[8.8.8.8].53 [172.17.0.10].53199  \
+	dns QUERY,NOERROR,59311,qr|rd|ra \
+	1 google.com.,IN,A \
+	1 google.com.,IN,A,44,216.58.218.206 \
+	4 google.com.,IN,NS,157880,ns4.google.com. \
+	google.com.,IN,NS,157880,ns3.google.com. \
+	google.com.,IN,NS,157880,ns1.google.com. \
+	google.com.,IN,NS,157880,ns2.google.com. \
+	4 ns2.google.com.,IN,A,157880,216.239.34.10 \
+	ns1.google.com.,IN,A,331882,216.239.32.10 \
+	ns3.google.com.,IN,A,157880,216.239.36.10 \
+	ns4.google.com.,IN,A,157880,216.239.38.10
+[73] 2016-10-20 15:23:01.082865 [#2 test3.pcap.20161020.152301.075993 4095] \
+	[172.17.0.10].57822 [8.8.8.8].53  \
+	dns QUERY,NOERROR,35665,rd \
+	1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0
+[289] 2016-10-20 15:23:01.084107 [#3 test3.pcap.20161020.152301.075993 4095] \
+	[8.8.8.8].53 [172.17.0.10].57822  \
+	dns QUERY,NOERROR,35665,qr|rd|ra \
+	1 206.218.58.216.in-addr.arpa.,IN,PTR \
+	2 206.218.58.216.in-addr.arpa.,IN,PTR,72125,dfw06s47-in-f14.1e100.net. \
+	206.218.58.216.in-addr.arpa.,IN,PTR,72125,dfw06s47-in-f206.1e100.net. \
+	4 218.58.216.in-addr.arpa.,IN,NS,71608,ns2.google.com. \
+	218.58.216.in-addr.arpa.,IN,NS,71608,ns3.google.com. \
+	218.58.216.in-addr.arpa.,IN,NS,71608,ns1.google.com. \
+	218.58.216.in-addr.arpa.,IN,NS,71608,ns4.google.com. \
+	4 ns1.google.com.,IN,A,331882,216.239.32.10 \
+	ns3.google.com.,IN,A,157880,216.239.36.10 \
+	ns4.google.com.,IN,A,157880,216.239.38.10 \
+	ns2.google.com.,IN,A,157880,216.239.34.10
+[56] 2016-10-20 15:23:01.087291 [#4 test3.pcap.20161020.152301.075993 4095] \
+	[172.17.0.10].40043 [8.8.8.8].53  \
+	dns QUERY,NOERROR,5337,rd \
+	1 google.com.,IN,A 0 0 0
+[208] 2016-10-20 15:23:01.088733 [#5 test3.pcap.20161020.152301.075993 4095] \
+	[8.8.8.8].53 [172.17.0.10].40043  \
+	dns QUERY,NOERROR,5337,qr|rd|ra \
+	1 google.com.,IN,A \
+	1 google.com.,IN,A,44,216.58.218.206 \
+	4 google.com.,IN,NS,157880,ns1.google.com. \
+	google.com.,IN,NS,157880,ns2.google.com. \
+	google.com.,IN,NS,157880,ns3.google.com. \
+	google.com.,IN,NS,157880,ns4.google.com. \
+	4 ns2.google.com.,IN,A,157880,216.239.34.10 \
+	ns1.google.com.,IN,A,331882,216.239.32.10 \
+	ns3.google.com.,IN,A,157880,216.239.36.10 \
+	ns4.google.com.,IN,A,157880,216.239.38.10
+[56] 2016-10-20 15:23:10.322117 [#6 test3.pcap.20161020.152301.075993 4095] \
+	[172.17.0.10].37953 [8.8.8.8].53  \
+	dns QUERY,NOERROR,22982,rd \
+	1 google.com.,IN,A 0 0 0
+[208] 2016-10-20 15:23:10.323399 [#7 test3.pcap.20161020.152301.075993 4095] \
+	[8.8.8.8].53 [172.17.0.10].37953  \
+	dns QUERY,NOERROR,22982,qr|rd|ra \
+	1 google.com.,IN,A \
+	1 google.com.,IN,A,34,216.58.218.206 \
+	4 google.com.,IN,NS,157870,ns4.google.com. \
+	google.com.,IN,NS,157870,ns1.google.com. \
+	google.com.,IN,NS,157870,ns2.google.com. \
+	google.com.,IN,NS,157870,ns3.google.com. \
+	4 ns2.google.com.,IN,A,157870,216.239.34.10 \
+	ns1.google.com.,IN,A,331872,216.239.32.10 \
+	ns3.google.com.,IN,A,157870,216.239.36.10 \
+	ns4.google.com.,IN,A,157870,216.239.38.10
+[73] 2016-10-20 15:23:10.328324 [#8 test3.pcap.20161020.152301.075993 4095] \
+	[172.17.0.10].48658 [8.8.8.8].53  \
+	dns QUERY,NOERROR,18718,rd \
+	1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0
+[289] 2016-10-20 15:23:10.329572 [#9 test3.pcap.20161020.152301.075993 4095] \
+	[8.8.8.8].53 [172.17.0.10].48658  \
+	dns QUERY,NOERROR,18718,qr|rd|ra \
+	1 206.218.58.216.in-addr.arpa.,IN,PTR \
+	2 206.218.58.216.in-addr.arpa.,IN,PTR,72115,dfw06s47-in-f206.1e100.net. \
+	206.218.58.216.in-addr.arpa.,IN,PTR,72115,dfw06s47-in-f14.1e100.net. \
+	4 218.58.216.in-addr.arpa.,IN,NS,71598,ns2.google.com. \
+	218.58.216.in-addr.arpa.,IN,NS,71598,ns3.google.com. \
+	218.58.216.in-addr.arpa.,IN,NS,71598,ns4.google.com. \
+	218.58.216.in-addr.arpa.,IN,NS,71598,ns1.google.com. \
+	4 ns1.google.com.,IN,A,331872,216.239.32.10 \
+	ns3.google.com.,IN,A,157870,216.239.36.10 \
+	ns4.google.com.,IN,A,157870,216.239.38.10 \
+	ns2.google.com.,IN,A,157870,216.239.34.10
+[56] 2016-10-20 15:23:52.860937 [#10 test3.pcap.20161020.152301.075993 4095] \
+	[172.17.0.10].40953 [8.8.8.8].53  \
+	dns QUERY,NOERROR,22531,rd \
+	1 google.com.,IN,A 0 0 0
+[208] 2016-10-20 15:23:52.863771 [#11 test3.pcap.20161020.152301.075993 4095] \
+	[8.8.8.8].53 [172.17.0.10].40953  \
+	dns QUERY,NOERROR,22531,qr|rd|ra \
+	1 google.com.,IN,A \
+	1 google.com.,IN,A,297,216.58.218.206 \
+	4 google.com.,IN,NS,157828,ns2.google.com. \
+	google.com.,IN,NS,157828,ns4.google.com. \
+	google.com.,IN,NS,157828,ns1.google.com. \
+	google.com.,IN,NS,157828,ns3.google.com. \
+	4 ns2.google.com.,IN,A,157828,216.239.34.10 \
+	ns1.google.com.,IN,A,331830,216.239.32.10 \
+	ns3.google.com.,IN,A,157828,216.239.36.10 \
+	ns4.google.com.,IN,A,157828,216.239.38.10
+[56] 2016-10-20 15:23:59.083869 [#12 test3.pcap.20161020.152301.075993 4095] \
+	[172.17.0.10].45174 [8.8.8.8].53  \
+	dns QUERY,NOERROR,58510,rd \
+	1 google.com.,IN,A 0 0 0
+[208] 2016-10-20 15:23:59.086104 [#13 test3.pcap.20161020.152301.075993 4095] \
+	[8.8.8.8].53 [172.17.0.10].45174  \
+	dns QUERY,NOERROR,58510,qr|rd|ra \
+	1 google.com.,IN,A \
+	1 google.com.,IN,A,291,216.58.218.206 \
+	4 google.com.,IN,NS,157822,ns2.google.com. \
+	google.com.,IN,NS,157822,ns3.google.com. \
+	google.com.,IN,NS,157822,ns1.google.com. \
+	google.com.,IN,NS,157822,ns4.google.com. \
+	4 ns2.google.com.,IN,A,157822,216.239.34.10 \
+	ns1.google.com.,IN,A,331824,216.239.32.10 \
+	ns3.google.com.,IN,A,157822,216.239.36.10 \
+	ns4.google.com.,IN,A,157822,216.239.38.10
+[73] 2016-10-20 15:23:59.090911 [#14 test3.pcap.20161020.152301.075993 4095] \
+	[172.17.0.10].33916 [8.8.8.8].53  \
+	dns QUERY,NOERROR,45248,rd \
+	1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0
+[289] 2016-10-20 15:23:59.092204 [#15 test3.pcap.20161020.152301.075993 4095] \
+	[8.8.8.8].53 [172.17.0.10].33916  \
+	dns QUERY,NOERROR,45248,qr|rd|ra \
+	1 206.218.58.216.in-addr.arpa.,IN,PTR \
+	2 206.218.58.216.in-addr.arpa.,IN,PTR,72067,dfw06s47-in-f14.1e100.net. \
+	206.218.58.216.in-addr.arpa.,IN,PTR,72067,dfw06s47-in-f206.1e100.net. \
+	4 218.58.216.in-addr.arpa.,IN,NS,71550,ns3.google.com. \
+	218.58.216.in-addr.arpa.,IN,NS,71550,ns4.google.com. \
+	218.58.216.in-addr.arpa.,IN,NS,71550,ns2.google.com. \
+	218.58.216.in-addr.arpa.,IN,NS,71550,ns1.google.com. \
+	4 ns1.google.com.,IN,A,331824,216.239.32.10 \
+	ns3.google.com.,IN,A,157822,216.239.36.10 \
+	ns4.google.com.,IN,A,157822,216.239.38.10 \
+	ns2.google.com.,IN,A,157822,216.239.34.10
+[56] 2016-10-20 15:24:04.323868 [#16 test3.pcap.20161020.152301.075993 4095] \
+	[172.17.0.10].43559 [8.8.8.8].53  \
+	dns QUERY,NOERROR,49483,rd \
+	1 google.com.,IN,A 0 0 0
+[208] 2016-10-20 15:24:04.325597 [#17 test3.pcap.20161020.152301.075993 4095] \
+	[8.8.8.8].53 [172.17.0.10].43559  \
+	dns QUERY,NOERROR,49483,qr|rd|ra \
+	1 google.com.,IN,A \
+	1 google.com.,IN,A,285,216.58.218.206 \
+	4 google.com.,IN,NS,157816,ns4.google.com. \
+	google.com.,IN,NS,157816,ns3.google.com. \
+	google.com.,IN,NS,157816,ns1.google.com. \
+	google.com.,IN,NS,157816,ns2.google.com. \
+	4 ns2.google.com.,IN,A,157816,216.239.34.10 \
+	ns1.google.com.,IN,A,331818,216.239.32.10 \
+	ns3.google.com.,IN,A,157816,216.239.36.10 \
+	ns4.google.com.,IN,A,157816,216.239.38.10
+[56] 2016-10-20 15:24:06.332239 [#18 test3.pcap.20161020.152301.075993 4095] \
+	[172.17.0.10].54859 [8.8.8.8].53  \
+	dns QUERY,NOERROR,31669,rd \
+	1 google.com.,IN,A 0 0 0
+[208] 2016-10-20 15:24:06.333743 [#19 test3.pcap.20161020.152301.075993 4095] \
+	[8.8.8.8].53 [172.17.0.10].54859  \
+	dns QUERY,NOERROR,31669,qr|rd|ra \
+	1 google.com.,IN,A \
+	1 google.com.,IN,A,283,216.58.218.206 \
+	4 google.com.,IN,NS,157814,ns2.google.com. \
+	google.com.,IN,NS,157814,ns1.google.com. \
+	google.com.,IN,NS,157814,ns4.google.com. \
+	google.com.,IN,NS,157814,ns3.google.com. \
+	4 ns2.google.com.,IN,A,157814,216.239.34.10 \
+	ns1.google.com.,IN,A,331816,216.239.32.10 \
+	ns3.google.com.,IN,A,157814,216.239.36.10 \
+	ns4.google.com.,IN,A,157814,216.239.38.10
+[73] 2016-10-20 15:24:06.339145 [#20 test3.pcap.20161020.152301.075993 4095] \
+	[172.17.0.10].58176 [8.8.8.8].53  \
+	dns QUERY,NOERROR,25433,rd \
+	1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0
+[289] 2016-10-20 15:24:06.340820 [#21 test3.pcap.20161020.152301.075993 4095] \
+	[8.8.8.8].53 [172.17.0.10].58176  \
+	dns QUERY,NOERROR,25433,qr|rd|ra \
+	1 206.218.58.216.in-addr.arpa.,IN,PTR \
+	2 206.218.58.216.in-addr.arpa.,IN,PTR,72059,dfw06s47-in-f206.1e100.net. \
+	206.218.58.216.in-addr.arpa.,IN,PTR,72059,dfw06s47-in-f14.1e100.net. \
+	4 218.58.216.in-addr.arpa.,IN,NS,71542,ns4.google.com. \
+	218.58.216.in-addr.arpa.,IN,NS,71542,ns1.google.com. \
+	218.58.216.in-addr.arpa.,IN,NS,71542,ns3.google.com. \
+	218.58.216.in-addr.arpa.,IN,NS,71542,ns2.google.com. \
+	4 ns1.google.com.,IN,A,331816,216.239.32.10 \
+	ns3.google.com.,IN,A,157814,216.239.36.10 \
+	ns4.google.com.,IN,A,157814,216.239.38.10 \
+	ns2.google.com.,IN,A,157814,216.239.34.10
+[56] 2016-10-20 15:24:07.346429 [#22 test3.pcap.20161020.152301.075993 4095] \
+	[172.17.0.10].41266 [8.8.8.8].53  \
+	dns QUERY,NOERROR,63798,rd \
+	1 google.com.,IN,A 0 0 0
+[208] 2016-10-20 15:24:07.348160 [#23 test3.pcap.20161020.152301.075993 4095] \
+	[8.8.8.8].53 [172.17.0.10].41266  \
+	dns QUERY,NOERROR,63798,qr|rd|ra \
+	1 google.com.,IN,A \
+	1 google.com.,IN,A,282,216.58.218.206 \
+	4 google.com.,IN,NS,157813,ns4.google.com. \
+	google.com.,IN,NS,157813,ns1.google.com. \
+	google.com.,IN,NS,157813,ns3.google.com. \
+	google.com.,IN,NS,157813,ns2.google.com. \
+	4 ns2.google.com.,IN,A,157813,216.239.34.10 \
+	ns1.google.com.,IN,A,331815,216.239.32.10 \
+	ns3.google.com.,IN,A,157813,216.239.36.10 \
+	ns4.google.com.,IN,A,157813,216.239.38.10
+[73] 2016-10-20 15:24:07.353123 [#24 test3.pcap.20161020.152301.075993 4095] \
+	[172.17.0.10].34607 [8.8.8.8].53  \
+	dns QUERY,NOERROR,8470,rd \
+	1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0
+[289] 2016-10-20 15:24:07.354682 [#25 test3.pcap.20161020.152301.075993 4095] \
+	[8.8.8.8].53 [172.17.0.10].34607  \
+	dns QUERY,NOERROR,8470,qr|rd|ra \
+	1 206.218.58.216.in-addr.arpa.,IN,PTR \
+	2 206.218.58.216.in-addr.arpa.,IN,PTR,72058,dfw06s47-in-f14.1e100.net. \
+	206.218.58.216.in-addr.arpa.,IN,PTR,72058,dfw06s47-in-f206.1e100.net. \
+	4 218.58.216.in-addr.arpa.,IN,NS,71541,ns1.google.com. \
+	218.58.216.in-addr.arpa.,IN,NS,71541,ns2.google.com. \
+	218.58.216.in-addr.arpa.,IN,NS,71541,ns4.google.com. \
+	218.58.216.in-addr.arpa.,IN,NS,71541,ns3.google.com. \
+	4 ns1.google.com.,IN,A,331815,216.239.32.10 \
+	ns3.google.com.,IN,A,157813,216.239.36.10 \
+	ns4.google.com.,IN,A,157813,216.239.38.10 \
+	ns2.google.com.,IN,A,157813,216.239.34.10
+[56] 2016-10-20 15:24:08.360528 [#26 test3.pcap.20161020.152301.075993 4095] \
+	[172.17.0.10].60437 [8.8.8.8].53  \
+	dns QUERY,NOERROR,60258,rd \
+	1 google.com.,IN,A 0 0 0
+[208] 2016-10-20 15:24:08.362206 [#27 test3.pcap.20161020.152301.075993 4095] \
+	[8.8.8.8].53 [172.17.0.10].60437  \
+	dns QUERY,NOERROR,60258,qr|rd|ra \
+	1 google.com.,IN,A \
+	1 google.com.,IN,A,281,216.58.218.206 \
+	4 google.com.,IN,NS,157812,ns3.google.com. \
+	google.com.,IN,NS,157812,ns2.google.com. \
+	google.com.,IN,NS,157812,ns4.google.com. \
+	google.com.,IN,NS,157812,ns1.google.com. \
+	4 ns2.google.com.,IN,A,157812,216.239.34.10 \
+	ns1.google.com.,IN,A,331814,216.239.32.10 \
+	ns3.google.com.,IN,A,157812,216.239.36.10 \
+	ns4.google.com.,IN,A,157812,216.239.38.10
+[73] 2016-10-20 15:24:08.368516 [#28 test3.pcap.20161020.152301.075993 4095] \
+	[172.17.0.10].37149 [8.8.8.8].53  \
+	dns QUERY,NOERROR,44985,rd \
+	1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0
+[289] 2016-10-20 15:24:08.370119 [#29 test3.pcap.20161020.152301.075993 4095] \
+	[8.8.8.8].53 [172.17.0.10].37149  \
+	dns QUERY,NOERROR,44985,qr|rd|ra \
+	1 206.218.58.216.in-addr.arpa.,IN,PTR \
+	2 206.218.58.216.in-addr.arpa.,IN,PTR,72057,dfw06s47-in-f206.1e100.net. \
+	206.218.58.216.in-addr.arpa.,IN,PTR,72057,dfw06s47-in-f14.1e100.net. \
+	4 218.58.216.in-addr.arpa.,IN,NS,71540,ns4.google.com. \
+	218.58.216.in-addr.arpa.,IN,NS,71540,ns3.google.com. \
+	218.58.216.in-addr.arpa.,IN,NS,71540,ns1.google.com. \
+	218.58.216.in-addr.arpa.,IN,NS,71540,ns2.google.com. \
+	4 ns1.google.com.,IN,A,331814,216.239.32.10 \
+	ns3.google.com.,IN,A,157812,216.239.36.10 \
+	ns4.google.com.,IN,A,157812,216.239.38.10 \
+	ns2.google.com.,IN,A,157812,216.239.34.10
+[56] 2016-10-20 15:24:09.375942 [#30 test3.pcap.20161020.152301.075993 4095] \
+	[172.17.0.10].53820 [8.8.8.8].53  \
+	dns QUERY,NOERROR,45512,rd \
+	1 google.com.,IN,A 0 0 0
+[208] 2016-10-20 15:24:09.378425 [#31 test3.pcap.20161020.152301.075993 4095] \
+	[8.8.8.8].53 [172.17.0.10].53820  \
+	dns QUERY,NOERROR,45512,qr|rd|ra \
+	1 google.com.,IN,A \
+	1 google.com.,IN,A,280,216.58.218.206 \
+	4 google.com.,IN,NS,157811,ns3.google.com. \
+	google.com.,IN,NS,157811,ns4.google.com. \
+	google.com.,IN,NS,157811,ns1.google.com. \
+	google.com.,IN,NS,157811,ns2.google.com. \
+	4 ns2.google.com.,IN,A,157811,216.239.34.10 \
+	ns1.google.com.,IN,A,331813,216.239.32.10 \
+	ns3.google.com.,IN,A,157811,216.239.36.10 \
+	ns4.google.com.,IN,A,157811,216.239.38.10
+[73] 2016-10-20 15:24:09.384057 [#32 test3.pcap.20161020.152301.075993 4095] \
+	[172.17.0.10].52368 [8.8.8.8].53  \
+	dns QUERY,NOERROR,22980,rd \
+	1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0
+[289] 2016-10-20 15:24:09.385463 [#33 test3.pcap.20161020.152301.075993 4095] \
+	[8.8.8.8].53 [172.17.0.10].52368  \
+	dns QUERY,NOERROR,22980,qr|rd|ra \
+	1 206.218.58.216.in-addr.arpa.,IN,PTR \
+	2 206.218.58.216.in-addr.arpa.,IN,PTR,72056,dfw06s47-in-f14.1e100.net. \
+	206.218.58.216.in-addr.arpa.,IN,PTR,72056,dfw06s47-in-f206.1e100.net. \
+	4 218.58.216.in-addr.arpa.,IN,NS,71539,ns2.google.com. \
+	218.58.216.in-addr.arpa.,IN,NS,71539,ns3.google.com. \
+	218.58.216.in-addr.arpa.,IN,NS,71539,ns4.google.com. \
+	218.58.216.in-addr.arpa.,IN,NS,71539,ns1.google.com. \
+	4 ns1.google.com.,IN,A,331813,216.239.32.10 \
+	ns3.google.com.,IN,A,157811,216.239.36.10 \
+	ns4.google.com.,IN,A,157811,216.239.38.10 \
+	ns2.google.com.,IN,A,157811,216.239.34.10
+[56] 2016-10-20 15:24:10.391358 [#34 test3.pcap.20161020.152301.075993 4095] \
+	[172.17.0.10].47637 [8.8.8.8].53  \
+	dns QUERY,NOERROR,1834,rd \
+	1 google.com.,IN,A 0 0 0
+[208] 2016-10-20 15:24:10.392886 [#35 test3.pcap.20161020.152301.075993 4095] \
+	[8.8.8.8].53 [172.17.0.10].47637  \
+	dns QUERY,NOERROR,1834,qr|rd|ra \
+	1 google.com.,IN,A \
+	1 google.com.,IN,A,279,216.58.218.206 \
+	4 google.com.,IN,NS,157810,ns1.google.com. \
+	google.com.,IN,NS,157810,ns2.google.com. \
+	google.com.,IN,NS,157810,ns4.google.com. \
+	google.com.,IN,NS,157810,ns3.google.com. \
+	4 ns2.google.com.,IN,A,157810,216.239.34.10 \
+	ns1.google.com.,IN,A,331812,216.239.32.10 \
+	ns3.google.com.,IN,A,157810,216.239.36.10 \
+	ns4.google.com.,IN,A,157810,216.239.38.10
+[73] 2016-10-20 15:24:10.398099 [#36 test3.pcap.20161020.152301.075993 4095] \
+	[172.17.0.10].34426 [8.8.8.8].53  \
+	dns QUERY,NOERROR,25431,rd \
+	1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0
+[289] 2016-10-20 15:24:10.400317 [#37 test3.pcap.20161020.152301.075993 4095] \
+	[8.8.8.8].53 [172.17.0.10].34426  \
+	dns QUERY,NOERROR,25431,qr|rd|ra \
+	1 206.218.58.216.in-addr.arpa.,IN,PTR \
+	2 206.218.58.216.in-addr.arpa.,IN,PTR,72055,dfw06s47-in-f206.1e100.net. \
+	206.218.58.216.in-addr.arpa.,IN,PTR,72055,dfw06s47-in-f14.1e100.net. \
+	4 218.58.216.in-addr.arpa.,IN,NS,71538,ns1.google.com. \
+	218.58.216.in-addr.arpa.,IN,NS,71538,ns4.google.com. \
+	218.58.216.in-addr.arpa.,IN,NS,71538,ns3.google.com. \
+	218.58.216.in-addr.arpa.,IN,NS,71538,ns2.google.com. \
+	4 ns1.google.com.,IN,A,331812,216.239.32.10 \
+	ns3.google.com.,IN,A,157810,216.239.36.10 \
+	ns4.google.com.,IN,A,157810,216.239.38.10 \
+	ns2.google.com.,IN,A,157810,216.239.34.10
+[56] 2016-10-20 15:24:11.406297 [#38 test3.pcap.20161020.152301.075993 4095] \
+	[172.17.0.10].41059 [8.8.8.8].53  \
+	dns QUERY,NOERROR,48432,rd \
+	1 google.com.,IN,A 0 0 0
+[208] 2016-10-20 15:24:11.407460 [#39 test3.pcap.20161020.152301.075993 4095] \
+	[8.8.8.8].53 [172.17.0.10].41059  \
+	dns QUERY,NOERROR,48432,qr|rd|ra \
+	1 google.com.,IN,A \
+	1 google.com.,IN,A,278,216.58.218.206 \
+	4 google.com.,IN,NS,157809,ns3.google.com. \
+	google.com.,IN,NS,157809,ns4.google.com. \
+	google.com.,IN,NS,157809,ns2.google.com. \
+	google.com.,IN,NS,157809,ns1.google.com. \
+	4 ns2.google.com.,IN,A,157809,216.239.34.10 \
+	ns1.google.com.,IN,A,331811,216.239.32.10 \
+	ns3.google.com.,IN,A,157809,216.239.36.10 \
+	ns4.google.com.,IN,A,157809,216.239.38.10
+[73] 2016-10-20 15:24:11.412133 [#40 test3.pcap.20161020.152301.075993 4095] \
+	[172.17.0.10].51181 [8.8.8.8].53  \
+	dns QUERY,NOERROR,47411,rd \
+	1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0
+[289] 2016-10-20 15:24:11.413370 [#41 test3.pcap.20161020.152301.075993 4095] \
+	[8.8.8.8].53 [172.17.0.10].51181  \
+	dns QUERY,NOERROR,47411,qr|rd|ra \
+	1 206.218.58.216.in-addr.arpa.,IN,PTR \
+	2 206.218.58.216.in-addr.arpa.,IN,PTR,72054,dfw06s47-in-f14.1e100.net. \
+	206.218.58.216.in-addr.arpa.,IN,PTR,72054,dfw06s47-in-f206.1e100.net. \
+	4 218.58.216.in-addr.arpa.,IN,NS,71537,ns2.google.com. \
+	218.58.216.in-addr.arpa.,IN,NS,71537,ns1.google.com. \
+	218.58.216.in-addr.arpa.,IN,NS,71537,ns3.google.com. \
+	218.58.216.in-addr.arpa.,IN,NS,71537,ns4.google.com. \
+	4 ns1.google.com.,IN,A,331811,216.239.32.10 \
+	ns3.google.com.,IN,A,157809,216.239.36.10 \
+	ns4.google.com.,IN,A,157809,216.239.38.10 \
+	ns2.google.com.,IN,A,157809,216.239.34.10
+[56] 2016-10-20 15:24:12.419936 [#42 test3.pcap.20161020.152301.075993 4095] \
+	[172.17.0.10].32976 [8.8.8.8].53  \
+	dns QUERY,NOERROR,12038,rd \
+	1 google.com.,IN,A 0 0 0
+[208] 2016-10-20 15:24:12.421228 [#43 test3.pcap.20161020.152301.075993 4095] \
+	[8.8.8.8].53 [172.17.0.10].32976  \
+	dns QUERY,NOERROR,12038,qr|rd|ra \
+	1 google.com.,IN,A \
+	1 google.com.,IN,A,277,216.58.218.206 \
+	4 google.com.,IN,NS,157808,ns2.google.com. \
+	google.com.,IN,NS,157808,ns3.google.com. \
+	google.com.,IN,NS,157808,ns1.google.com. \
+	google.com.,IN,NS,157808,ns4.google.com. \
+	4 ns2.google.com.,IN,A,157808,216.239.34.10 \
+	ns1.google.com.,IN,A,331810,216.239.32.10 \
+	ns3.google.com.,IN,A,157808,216.239.36.10 \
+	ns4.google.com.,IN,A,157808,216.239.38.10
+[56] 2016-10-20 15:24:14.428524 [#44 test3.pcap.20161020.152301.075993 4095] \
+	[172.17.0.10].53467 [8.8.8.8].53  \
+	dns QUERY,NOERROR,11614,rd \
+	1 google.com.,IN,A 0 0 0
+[208] 2016-10-20 15:24:14.429863 [#45 test3.pcap.20161020.152301.075993 4095] \
+	[8.8.8.8].53 [172.17.0.10].53467  \
+	dns QUERY,NOERROR,11614,qr|rd|ra \
+	1 google.com.,IN,A \
+	1 google.com.,IN,A,275,216.58.218.206 \
+	4 google.com.,IN,NS,157806,ns3.google.com. \
+	google.com.,IN,NS,157806,ns1.google.com. \
+	google.com.,IN,NS,157806,ns4.google.com. \
+	google.com.,IN,NS,157806,ns2.google.com. \
+	4 ns2.google.com.,IN,A,157806,216.239.34.10 \
+	ns1.google.com.,IN,A,331808,216.239.32.10 \
+	ns3.google.com.,IN,A,157806,216.239.36.10 \
+	ns4.google.com.,IN,A,157806,216.239.38.10
+[56] 2016-10-20 15:24:16.435733 [#46 test3.pcap.20161020.152301.075993 4095] \
+	[172.17.0.10].41532 [8.8.8.8].53  \
+	dns QUERY,NOERROR,59173,rd \
+	1 google.com.,IN,A 0 0 0
+[208] 2016-10-20 15:24:16.437471 [#47 test3.pcap.20161020.152301.075993 4095] \
+	[8.8.8.8].53 [172.17.0.10].41532  \
+	dns QUERY,NOERROR,59173,qr|rd|ra \
+	1 google.com.,IN,A \
+	1 google.com.,IN,A,273,216.58.218.206 \
+	4 google.com.,IN,NS,157804,ns1.google.com. \
+	google.com.,IN,NS,157804,ns3.google.com. \
+	google.com.,IN,NS,157804,ns2.google.com. \
+	google.com.,IN,NS,157804,ns4.google.com. \
+	4 ns2.google.com.,IN,A,157804,216.239.34.10 \
+	ns1.google.com.,IN,A,331806,216.239.32.10 \
+	ns3.google.com.,IN,A,157804,216.239.36.10 \
+	ns4.google.com.,IN,A,157804,216.239.38.10
+[56] 2016-10-20 15:24:18.445519 [#48 test3.pcap.20161020.152301.075993 4095] \
+	[172.17.0.10].44982 [8.8.8.8].53  \
+	dns QUERY,NOERROR,45535,rd \
+	1 google.com.,IN,A 0 0 0
+[208] 2016-10-20 15:24:18.446775 [#49 test3.pcap.20161020.152301.075993 4095] \
+	[8.8.8.8].53 [172.17.0.10].44982  \
+	dns QUERY,NOERROR,45535,qr|rd|ra \
+	1 google.com.,IN,A \
+	1 google.com.,IN,A,271,216.58.218.206 \
+	4 google.com.,IN,NS,157802,ns4.google.com. \
+	google.com.,IN,NS,157802,ns2.google.com. \
+	google.com.,IN,NS,157802,ns1.google.com. \
+	google.com.,IN,NS,157802,ns3.google.com. \
+	4 ns2.google.com.,IN,A,157802,216.239.34.10 \
+	ns1.google.com.,IN,A,331804,216.239.32.10 \
+	ns3.google.com.,IN,A,157802,216.239.36.10 \
+	ns4.google.com.,IN,A,157802,216.239.38.10
+[73] 2016-10-20 15:24:18.452451 [#50 test3.pcap.20161020.152301.075993 4095] \
+	[172.17.0.10].40224 [8.8.8.8].53  \
+	dns QUERY,NOERROR,60808,rd \
+	1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0
+[289] 2016-10-20 15:24:18.454030 [#51 test3.pcap.20161020.152301.075993 4095] \
+	[8.8.8.8].53 [172.17.0.10].40224  \
+	dns QUERY,NOERROR,60808,qr|rd|ra \
+	1 206.218.58.216.in-addr.arpa.,IN,PTR \
+	2 206.218.58.216.in-addr.arpa.,IN,PTR,72047,dfw06s47-in-f206.1e100.net. \
+	206.218.58.216.in-addr.arpa.,IN,PTR,72047,dfw06s47-in-f14.1e100.net. \
+	4 218.58.216.in-addr.arpa.,IN,NS,71530,ns3.google.com. \
+	218.58.216.in-addr.arpa.,IN,NS,71530,ns4.google.com. \
+	218.58.216.in-addr.arpa.,IN,NS,71530,ns2.google.com. \
+	218.58.216.in-addr.arpa.,IN,NS,71530,ns1.google.com. \
+	4 ns1.google.com.,IN,A,331804,216.239.32.10 \
+	ns3.google.com.,IN,A,157802,216.239.36.10 \
+	ns4.google.com.,IN,A,157802,216.239.38.10 \
+	ns2.google.com.,IN,A,157802,216.239.34.10
+[56] 2016-10-20 15:24:19.460087 [#52 test3.pcap.20161020.152301.075993 4095] \
+	[172.17.0.10].45658 [8.8.8.8].53  \
+	dns QUERY,NOERROR,64325,rd \
+	1 google.com.,IN,A 0 0 0
+[208] 2016-10-20 15:24:19.462224 [#53 test3.pcap.20161020.152301.075993 4095] \
+	[8.8.8.8].53 [172.17.0.10].45658  \
+	dns QUERY,NOERROR,64325,qr|rd|ra \
+	1 google.com.,IN,A \
+	1 google.com.,IN,A,270,216.58.218.206 \
+	4 google.com.,IN,NS,157801,ns1.google.com. \
+	google.com.,IN,NS,157801,ns3.google.com. \
+	google.com.,IN,NS,157801,ns4.google.com. \
+	google.com.,IN,NS,157801,ns2.google.com. \
+	4 ns2.google.com.,IN,A,157801,216.239.34.10 \
+	ns1.google.com.,IN,A,331803,216.239.32.10 \
+	ns3.google.com.,IN,A,157801,216.239.36.10 \
+	ns4.google.com.,IN,A,157801,216.239.38.10
+[73] 2016-10-20 15:24:19.467324 [#54 test3.pcap.20161020.152301.075993 4095] \
+	[172.17.0.10].60457 [8.8.8.8].53  \
+	dns QUERY,NOERROR,25543,rd \
+	1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0
+[289] 2016-10-20 15:24:19.468895 [#55 test3.pcap.20161020.152301.075993 4095] \
+	[8.8.8.8].53 [172.17.0.10].60457  \
+	dns QUERY,NOERROR,25543,qr|rd|ra \
+	1 206.218.58.216.in-addr.arpa.,IN,PTR \
+	2 206.218.58.216.in-addr.arpa.,IN,PTR,72046,dfw06s47-in-f14.1e100.net. \
+	206.218.58.216.in-addr.arpa.,IN,PTR,72046,dfw06s47-in-f206.1e100.net. \
+	4 218.58.216.in-addr.arpa.,IN,NS,71529,ns2.google.com. \
+	218.58.216.in-addr.arpa.,IN,NS,71529,ns3.google.com. \
+	218.58.216.in-addr.arpa.,IN,NS,71529,ns4.google.com. \
+	218.58.216.in-addr.arpa.,IN,NS,71529,ns1.google.com. \
+	4 ns1.google.com.,IN,A,331803,216.239.32.10 \
+	ns3.google.com.,IN,A,157801,216.239.36.10 \
+	ns4.google.com.,IN,A,157801,216.239.38.10 \
+	ns2.google.com.,IN,A,157801,216.239.34.10
+[56] 2016-10-20 15:24:20.475086 [#56 test3.pcap.20161020.152301.075993 4095] \
+	[172.17.0.10].59762 [8.8.8.8].53  \
+	dns QUERY,NOERROR,20736,rd \
+	1 google.com.,IN,A 0 0 0
+[208] 2016-10-20 15:24:20.476841 [#57 test3.pcap.20161020.152301.075993 4095] \
+	[8.8.8.8].53 [172.17.0.10].59762  \
+	dns QUERY,NOERROR,20736,qr|rd|ra \
+	1 google.com.,IN,A \
+	1 google.com.,IN,A,269,216.58.218.206 \
+	4 google.com.,IN,NS,157800,ns3.google.com. \
+	google.com.,IN,NS,157800,ns1.google.com. \
+	google.com.,IN,NS,157800,ns4.google.com. \
+	google.com.,IN,NS,157800,ns2.google.com. \
+	4 ns2.google.com.,IN,A,157800,216.239.34.10 \
+	ns1.google.com.,IN,A,331802,216.239.32.10 \
+	ns3.google.com.,IN,A,157800,216.239.36.10 \
+	ns4.google.com.,IN,A,157800,216.239.38.10
+[73] 2016-10-20 15:24:20.482188 [#58 test3.pcap.20161020.152301.075993 4095] \
+	[172.17.0.10].56022 [8.8.8.8].53  \
+	dns QUERY,NOERROR,25911,rd \
+	1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0
+[289] 2016-10-20 15:24:20.483927 [#59 test3.pcap.20161020.152301.075993 4095] \
+	[8.8.8.8].53 [172.17.0.10].56022  \
+	dns QUERY,NOERROR,25911,qr|rd|ra \
+	1 206.218.58.216.in-addr.arpa.,IN,PTR \
+	2 206.218.58.216.in-addr.arpa.,IN,PTR,72045,dfw06s47-in-f206.1e100.net. \
+	206.218.58.216.in-addr.arpa.,IN,PTR,72045,dfw06s47-in-f14.1e100.net. \
+	4 218.58.216.in-addr.arpa.,IN,NS,71528,ns1.google.com. \
+	218.58.216.in-addr.arpa.,IN,NS,71528,ns4.google.com. \
+	218.58.216.in-addr.arpa.,IN,NS,71528,ns2.google.com. \
+	218.58.216.in-addr.arpa.,IN,NS,71528,ns3.google.com. \
+	4 ns1.google.com.,IN,A,331802,216.239.32.10 \
+	ns3.google.com.,IN,A,157800,216.239.36.10 \
+	ns4.google.com.,IN,A,157800,216.239.38.10 \
+	ns2.google.com.,IN,A,157800,216.239.34.10
+[56] 2016-10-20 15:24:21.489468 [#60 test3.pcap.20161020.152301.075993 4095] \
+	[172.17.0.10].37669 [8.8.8.8].53  \
+	dns QUERY,NOERROR,64358,rd \
+	1 google.com.,IN,A 0 0 0
+[208] 2016-10-20 15:24:21.490573 [#61 test3.pcap.20161020.152301.075993 4095] \
+	[8.8.8.8].53 [172.17.0.10].37669  \
+	dns QUERY,NOERROR,64358,qr|rd|ra \
+	1 google.com.,IN,A \
+	1 google.com.,IN,A,268,216.58.218.206 \
+	4 google.com.,IN,NS,157799,ns2.google.com. \
+	google.com.,IN,NS,157799,ns1.google.com. \
+	google.com.,IN,NS,157799,ns4.google.com. \
+	google.com.,IN,NS,157799,ns3.google.com. \
+	4 ns2.google.com.,IN,A,157799,216.239.34.10 \
+	ns1.google.com.,IN,A,331801,216.239.32.10 \
+	ns3.google.com.,IN,A,157799,216.239.36.10 \
+	ns4.google.com.,IN,A,157799,216.239.38.10
+[73] 2016-10-20 15:24:21.495324 [#62 test3.pcap.20161020.152301.075993 4095] \
+	[172.17.0.10].42978 [8.8.8.8].53  \
+	dns QUERY,NOERROR,37698,rd \
+	1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0
+[289] 2016-10-20 15:24:21.496815 [#63 test3.pcap.20161020.152301.075993 4095] \
+	[8.8.8.8].53 [172.17.0.10].42978  \
+	dns QUERY,NOERROR,37698,qr|rd|ra \
+	1 206.218.58.216.in-addr.arpa.,IN,PTR \
+	2 206.218.58.216.in-addr.arpa.,IN,PTR,72044,dfw06s47-in-f14.1e100.net. \
+	206.218.58.216.in-addr.arpa.,IN,PTR,72044,dfw06s47-in-f206.1e100.net. \
+	4 218.58.216.in-addr.arpa.,IN,NS,71527,ns1.google.com. \
+	218.58.216.in-addr.arpa.,IN,NS,71527,ns4.google.com. \
+	218.58.216.in-addr.arpa.,IN,NS,71527,ns3.google.com. \
+	218.58.216.in-addr.arpa.,IN,NS,71527,ns2.google.com. \
+	4 ns1.google.com.,IN,A,331801,216.239.32.10 \
+	ns3.google.com.,IN,A,157799,216.239.36.10 \
+	ns4.google.com.,IN,A,157799,216.239.38.10 \
+	ns2.google.com.,IN,A,157799,216.239.34.10
+[56] 2016-10-20 15:24:22.502667 [#64 test3.pcap.20161020.152301.075993 4095] \
+	[172.17.0.10].49829 [8.8.8.8].53  \
+	dns QUERY,NOERROR,54706,rd \
+	1 google.com.,IN,A 0 0 0
+[208] 2016-10-20 15:24:22.504738 [#65 test3.pcap.20161020.152301.075993 4095] \
+	[8.8.8.8].53 [172.17.0.10].49829  \
+	dns QUERY,NOERROR,54706,qr|rd|ra \
+	1 google.com.,IN,A \
+	1 google.com.,IN,A,267,216.58.218.206 \
+	4 google.com.,IN,NS,157798,ns2.google.com. \
+	google.com.,IN,NS,157798,ns4.google.com. \
+	google.com.,IN,NS,157798,ns3.google.com. \
+	google.com.,IN,NS,157798,ns1.google.com. \
+	4 ns2.google.com.,IN,A,157798,216.239.34.10 \
+	ns1.google.com.,IN,A,331800,216.239.32.10 \
+	ns3.google.com.,IN,A,157798,216.239.36.10 \
+	ns4.google.com.,IN,A,157798,216.239.38.10
+[73] 2016-10-20 15:24:22.510176 [#66 test3.pcap.20161020.152301.075993 4095] \
+	[172.17.0.10].50599 [8.8.8.8].53  \
+	dns QUERY,NOERROR,32142,rd \
+	1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0
+[289] 2016-10-20 15:24:22.511746 [#67 test3.pcap.20161020.152301.075993 4095] \
+	[8.8.8.8].53 [172.17.0.10].50599  \
+	dns QUERY,NOERROR,32142,qr|rd|ra \
+	1 206.218.58.216.in-addr.arpa.,IN,PTR \
+	2 206.218.58.216.in-addr.arpa.,IN,PTR,72043,dfw06s47-in-f206.1e100.net. \
+	206.218.58.216.in-addr.arpa.,IN,PTR,72043,dfw06s47-in-f14.1e100.net. \
+	4 218.58.216.in-addr.arpa.,IN,NS,71526,ns3.google.com. \
+	218.58.216.in-addr.arpa.,IN,NS,71526,ns1.google.com. \
+	218.58.216.in-addr.arpa.,IN,NS,71526,ns2.google.com. \
+	218.58.216.in-addr.arpa.,IN,NS,71526,ns4.google.com. \
+	4 ns1.google.com.,IN,A,331800,216.239.32.10 \
+	ns3.google.com.,IN,A,157798,216.239.36.10 \
+	ns4.google.com.,IN,A,157798,216.239.38.10 \
+	ns2.google.com.,IN,A,157798,216.239.34.10
+[56] 2016-10-20 15:24:23.520203 [#68 test3.pcap.20161020.152301.075993 4095] \
+	[172.17.0.10].44980 [8.8.8.8].53  \
+	dns QUERY,NOERROR,41808,rd \
+	1 google.com.,IN,A 0 0 0
+[208] 2016-10-20 15:24:23.521976 [#69 test3.pcap.20161020.152301.075993 4095] \
+	[8.8.8.8].53 [172.17.0.10].44980  \
+	dns QUERY,NOERROR,41808,qr|rd|ra \
+	1 google.com.,IN,A \
+	1 google.com.,IN,A,266,216.58.218.206 \
+	4 google.com.,IN,NS,157797,ns2.google.com. \
+	google.com.,IN,NS,157797,ns4.google.com. \
+	google.com.,IN,NS,157797,ns1.google.com. \
+	google.com.,IN,NS,157797,ns3.google.com. \
+	4 ns2.google.com.,IN,A,157797,216.239.34.10 \
+	ns1.google.com.,IN,A,331799,216.239.32.10 \
+	ns3.google.com.,IN,A,157797,216.239.36.10 \
+	ns4.google.com.,IN,A,157797,216.239.38.10
+[73] 2016-10-20 15:24:23.527449 [#70 test3.pcap.20161020.152301.075993 4095] \
+	[172.17.0.10].60063 [8.8.8.8].53  \
+	dns QUERY,NOERROR,18886,rd \
+	1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0
+[289] 2016-10-20 15:24:23.529385 [#71 test3.pcap.20161020.152301.075993 4095] \
+	[8.8.8.8].53 [172.17.0.10].60063  \
+	dns QUERY,NOERROR,18886,qr|rd|ra \
+	1 206.218.58.216.in-addr.arpa.,IN,PTR \
+	2 206.218.58.216.in-addr.arpa.,IN,PTR,72042,dfw06s47-in-f14.1e100.net. \
+	206.218.58.216.in-addr.arpa.,IN,PTR,72042,dfw06s47-in-f206.1e100.net. \
+	4 218.58.216.in-addr.arpa.,IN,NS,71525,ns3.google.com. \
+	218.58.216.in-addr.arpa.,IN,NS,71525,ns1.google.com. \
+	218.58.216.in-addr.arpa.,IN,NS,71525,ns4.google.com. \
+	218.58.216.in-addr.arpa.,IN,NS,71525,ns2.google.com. \
+	4 ns1.google.com.,IN,A,331799,216.239.32.10 \
+	ns3.google.com.,IN,A,157797,216.239.36.10 \
+	ns4.google.com.,IN,A,157797,216.239.38.10 \
+	ns2.google.com.,IN,A,157797,216.239.34.10
+[56] 2016-10-20 15:24:24.537264 [#72 test3.pcap.20161020.152301.075993 4095] \
+	[172.17.0.10].42042 [8.8.8.8].53  \
+	dns QUERY,NOERROR,10624,rd \
+	1 google.com.,IN,A 0 0 0
+[208] 2016-10-20 15:24:24.539398 [#73 test3.pcap.20161020.152301.075993 4095] \
+	[8.8.8.8].53 [172.17.0.10].42042  \
+	dns QUERY,NOERROR,10624,qr|rd|ra \
+	1 google.com.,IN,A \
+	1 google.com.,IN,A,265,216.58.218.206 \
+	4 google.com.,IN,NS,157796,ns3.google.com. \
+	google.com.,IN,NS,157796,ns4.google.com. \
+	google.com.,IN,NS,157796,ns1.google.com. \
+	google.com.,IN,NS,157796,ns2.google.com. \
+	4 ns2.google.com.,IN,A,157796,216.239.34.10 \
+	ns1.google.com.,IN,A,331798,216.239.32.10 \
+	ns3.google.com.,IN,A,157796,216.239.36.10 \
+	ns4.google.com.,IN,A,157796,216.239.38.10
+[73] 2016-10-20 15:24:24.544538 [#74 test3.pcap.20161020.152301.075993 4095] \
+	[172.17.0.10].60469 [8.8.8.8].53  \
+	dns QUERY,NOERROR,33139,rd \
+	1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0
+[289] 2016-10-20 15:24:24.546172 [#75 test3.pcap.20161020.152301.075993 4095] \
+	[8.8.8.8].53 [172.17.0.10].60469  \
+	dns QUERY,NOERROR,33139,qr|rd|ra \
+	1 206.218.58.216.in-addr.arpa.,IN,PTR \
+	2 206.218.58.216.in-addr.arpa.,IN,PTR,72041,dfw06s47-in-f206.1e100.net. \
+	206.218.58.216.in-addr.arpa.,IN,PTR,72041,dfw06s47-in-f14.1e100.net. \
+	4 218.58.216.in-addr.arpa.,IN,NS,71524,ns2.google.com. \
+	218.58.216.in-addr.arpa.,IN,NS,71524,ns4.google.com. \
+	218.58.216.in-addr.arpa.,IN,NS,71524,ns3.google.com. \
+	218.58.216.in-addr.arpa.,IN,NS,71524,ns1.google.com. \
+	4 ns1.google.com.,IN,A,331798,216.239.32.10 \
+	ns3.google.com.,IN,A,157796,216.239.36.10 \
+	ns4.google.com.,IN,A,157796,216.239.38.10 \
+	ns2.google.com.,IN,A,157796,216.239.34.10
+[56] 2016-10-20 15:24:25.554744 [#76 test3.pcap.20161020.152301.075993 4095] \
+	[172.17.0.10].45703 [8.8.8.8].53  \
+	dns QUERY,NOERROR,61415,rd \
+	1 google.com.,IN,A 0 0 0
+[208] 2016-10-20 15:24:25.556513 [#77 test3.pcap.20161020.152301.075993 4095] \
+	[8.8.8.8].53 [172.17.0.10].45703  \
+	dns QUERY,NOERROR,61415,qr|rd|ra \
+	1 google.com.,IN,A \
+	1 google.com.,IN,A,264,216.58.218.206 \
+	4 google.com.,IN,NS,157795,ns3.google.com. \
+	google.com.,IN,NS,157795,ns4.google.com. \
+	google.com.,IN,NS,157795,ns2.google.com. \
+	google.com.,IN,NS,157795,ns1.google.com. \
+	4 ns2.google.com.,IN,A,157795,216.239.34.10 \
+	ns1.google.com.,IN,A,331797,216.239.32.10 \
+	ns3.google.com.,IN,A,157795,216.239.36.10 \
+	ns4.google.com.,IN,A,157795,216.239.38.10
+[73] 2016-10-20 15:24:25.562608 [#78 test3.pcap.20161020.152301.075993 4095] \
+	[172.17.0.10].33507 [8.8.8.8].53  \
+	dns QUERY,NOERROR,59258,rd \
+	1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0
+[289] 2016-10-20 15:24:25.564509 [#79 test3.pcap.20161020.152301.075993 4095] \
+	[8.8.8.8].53 [172.17.0.10].33507  \
+	dns QUERY,NOERROR,59258,qr|rd|ra \
+	1 206.218.58.216.in-addr.arpa.,IN,PTR \
+	2 206.218.58.216.in-addr.arpa.,IN,PTR,72040,dfw06s47-in-f14.1e100.net. \
+	206.218.58.216.in-addr.arpa.,IN,PTR,72040,dfw06s47-in-f206.1e100.net. \
+	4 218.58.216.in-addr.arpa.,IN,NS,71523,ns1.google.com. \
+	218.58.216.in-addr.arpa.,IN,NS,71523,ns4.google.com. \
+	218.58.216.in-addr.arpa.,IN,NS,71523,ns3.google.com. \
+	218.58.216.in-addr.arpa.,IN,NS,71523,ns2.google.com. \
+	4 ns1.google.com.,IN,A,331797,216.239.32.10 \
+	ns3.google.com.,IN,A,157795,216.239.36.10 \
+	ns4.google.com.,IN,A,157795,216.239.38.10 \
+	ns2.google.com.,IN,A,157795,216.239.34.10
+[56] 2016-10-20 15:24:26.572784 [#80 test3.pcap.20161020.152301.075993 4095] \
+	[172.17.0.10].46798 [8.8.8.8].53  \
+	dns QUERY,NOERROR,17700,rd \
+	1 google.com.,IN,A 0 0 0
+[208] 2016-10-20 15:24:26.574350 [#81 test3.pcap.20161020.152301.075993 4095] \
+	[8.8.8.8].53 [172.17.0.10].46798  \
+	dns QUERY,NOERROR,17700,qr|rd|ra \
+	1 google.com.,IN,A \
+	1 google.com.,IN,A,263,216.58.218.206 \
+	4 google.com.,IN,NS,157794,ns1.google.com. \
+	google.com.,IN,NS,157794,ns4.google.com. \
+	google.com.,IN,NS,157794,ns3.google.com. \
+	google.com.,IN,NS,157794,ns2.google.com. \
+	4 ns2.google.com.,IN,A,157794,216.239.34.10 \
+	ns1.google.com.,IN,A,331796,216.239.32.10 \
+	ns3.google.com.,IN,A,157794,216.239.36.10 \
+	ns4.google.com.,IN,A,157794,216.239.38.10
+[87] 2018-11-27 15:52:00.414188 [#0 test3.pcap.20181127.155200.414188 4095] \
+	[2a01:3f0:0:57::245].51972 [2001:4860:4860::8888].53  \
+	dns QUERY,NOERROR,51420,rd|ad \
+	1 google.com.,IN,A 0 0 \
+	1 .,4096,4096,0,edns0[len=0,UDP=4096,ver=0,rcode=0,DO=0,z=0]
+[103] 2018-11-27 15:52:00.428453 [#1 test3.pcap.20181127.155200.414188 4095] \
+	[2001:4860:4860::8888].53 [2a01:3f0:0:57::245].51972  \
+	dns QUERY,NOERROR,51420,qr|rd|ra \
+	1 google.com.,IN,A \
+	1 google.com.,IN,A,299,172.217.20.46 0 \
+	1 .,512,512,0,edns0[len=0,UDP=512,ver=0,rcode=0,DO=0,z=0]
--- a/plugins/cryptopant/test3.sh
+++ b/plugins/cryptopant/test3.sh
@ -0,0 +1,38 @@
+#!/bin/sh -xe
+
+plugin=`find . -name 'cryptopant.so' | head -n 1`
+if [ -z "$plugin" ]; then
+    echo "Unable to find the cryptopant plugin"
+    exit 1
+fi
+
+ln -fs "$srcdir/../../src/test/dns.pcap" dns.pcap-dist
+ln -fs "$srcdir/../../src/test/dns6.pcap" dns6.pcap-dist
+
+../../src/dnscap -r dns.pcap-dist -g -P "$plugin" 2>test3.out || true
+if grep -q "no cryptopANT support built in" test3.out 2>/dev/null; then
+    echo "No cryptopANT support, skipping tests"
+    exit 0
+fi
+
+../../src/dnscap -w test3.pcap -r dns.pcap-dist -P "$plugin" -k "$srcdir/keyfile" 2>test3.out
+../../src/dnscap -w test3.pcap -r dns6.pcap-dist -P "$plugin" -k "$srcdir/keyfile" 2>>test3.out
+../../src/dnscap -r test3.pcap.20161020.152301.075993 -g -P "$plugin" -k "$srcdir/keyfile" -D 2>>test3.out
+../../src/dnscap -r test3.pcap.20181127.155200.414188 -g -P "$plugin" -k "$srcdir/keyfile" -D 2>>test3.out
+
+osrel=`uname -s`
+if [ "$osrel" = "OpenBSD" ]; then
+    mv test3.out test3.out.old
+    grep -v "^dnscap.*WARNING.*symbol.*relink" test3.out.old > test3.out
+    rm test3.out.old
+fi
+
+# TODO: Remove when #133 is fixed
+cat test3.out | \
+  sed 's%,CLASS4096,OPT,%,4096,4096,%' | \
+  sed 's%,CLASS512,OPT,%,512,512,%' | \
+  sed 's%,41,41,0,edns0\[len=0,UDP=4096,%,4096,4096,0,edns0[len=0,UDP=4096,%' | \
+  sed 's%,41,41,0,edns0\[len=0,UDP=512,%,512,512,0,edns0[len=0,UDP=512,%' >test3.new
+mv test3.new test3.out
+
+diff test3.out "$srcdir/test3.gold"
--- a/plugins/cryptopant/test4.sh
+++ b/plugins/cryptopant/test4.sh
@ -0,0 +1,22 @@
+#!/bin/sh -xe
+
+plugin=`find . -name 'cryptopant.so' | head -n 1`
+if [ -z "$plugin" ]; then
+    echo "Unable to find the cryptopant plugin"
+    exit 1
+fi
+
+ln -fs "$srcdir/../../src/test/dns.pcap" dns.pcap-dist
+
+# ../../src/dnscap -r dns.pcap-dist -g -P "$plugin" 2>test1.out || true
+# if grep -q "no cryptopANT support built in" test1.out 2>/dev/null; then
+#     echo "No cryptopANT support, skipping tests"
+#     exit 0
+# fi
+
+../../src/dnscap -r dns.pcap-dist -g -P "$plugin" -?
+! ../../src/dnscap -r dns.pcap-dist -g -P "$plugin" -X
+! ../../src/dnscap -r dns.pcap-dist -g -P "$plugin" -p 0
+! ../../src/dnscap -r dns.pcap-dist -g -P "$plugin" -p 1
+! ../../src/dnscap -r dns.pcap-dist -g -P "$plugin" -4 99
+! ../../src/dnscap -r dns.pcap-dist -g -P "$plugin" -6 999
				`@ -0,0 +1 @@`
				`02:02:cd6adc7b7dcaf5b926c657190ab7e05a:1df8f74f976ad7ff7a443ce7d2e2ce44235fa2a7080107b19a6785698064f121::54d9e7a215dbd120f70f054a176ca398`