diff options
Diffstat (limited to '')
-rw-r--r-- | CHANGES | 804 |
1 files changed, 0 insertions, 804 deletions
diff --git a/CHANGES b/CHANGES deleted file mode 100644 index b8fc6a2..0000000 --- a/CHANGES +++ /dev/null @@ -1,804 +0,0 @@ -2021-03-11 Jerry Lundström - - Release 2.0.1 - - Fixed incorrect line break in eventlog's (plugin) output. - - 5df363c remove trailing newline - -2021-02-12 Jerry Lundström - - Release 2.0.0 - - This major release contains three backward incompatible changes, two - new command line options and a completely restructured man-page(!), - please read the change notes carefully before upgrading! - - The first backward incompatible change has to do with the removal of - libbind dependency. This library was causing segfaults on OpenBSD due to - shared (and overwritten) symbols with OpenBSD's libc. - It was replaced with LDNS and LDNS renders domain names as Fully - Qualified Domain Names (FQDN, the trailing dot!) so every output of a - domain name has been changed to a FQDN. - This also changes `-X`/`-x`, which will now match against FQDNs. - - The second backward incompatible change is that `-6` has been removed. - This was used to alter the BPF in order to "fix" it, dnscap adds - specific filters to IP and UDP headers which does not work for IPv6 - traffic. - The generated BPF has been changed to allow IPv6 to always pass, making - the option obsolete. IPv6 filtering is then done in dnscap. - - The last backward incompatible change has to do with the output format - of `-g` related to EDNS0 and is now more consistent with the rest of - the parsable output: - - No more spaces in the output - - Fix incorrect `\` and extra empty new-line - - All EDNS0 options are added after `edns0[...]` using comma separation, example: `edns0[],edns0opt[],...` - - Client Subnet format: `edns0opt[ECS,family=nn,source=nn,scope=nn,addr=...]` - - Unknown/unsupported code: `edns0opt[code=nn,codelen=nn]` - - Parsing error messages have changed, they came from libbind, now comes from LDNS - - New options: - - Add `-q` and `-Q` to filter on matched/not matched QTYPE - - Bugfixes: - - Fix memory leak in EDNS0 ECS address parsing - - `network`: Fix sonarcloud issues, potential `memcpy()` of null pointer - - Other changes: - - Fix CBOR output inclusion, LDNS is always available now - - Add macros for Apple and Windows endian functions - - Restructure and correct the man-page - - 557e5f5 man-page - 025529f v6bug, interval - 37b79e9 FQDN - ebcf434 QTYPE match, args, tests - 0cb5562 v6bug - 75f6115 Endian - aaeb213 Sonarcloud - 8685946 CBOR output - 3e26802 Sonarcloud - 30aa366 libbind - 3f94d0b Mattermost - -2020-10-22 Jerry Lundström - - Release 1.12.0 - - This release fixes the handling of `-?` option for dnscap and all plugins, - previously the handling varied between places and depending on `getopt()` - implementation an invalid option could return the wrong exit code. - - Other changes: - - Fix typo in configure help text - - `plugins/anonmask`: Fix typo in help text - - `plugins/rzkeychange`: - - Add `-D`, dry run mode, for testing - - Fix handling of `-a` and error on too many - - KNOWN ISSUES: - - On OpenBSD the system library libc exports the same symbols as libbind - does and this causes runtime warnings. Until now this has not caused any - known problems but is now also causing segfaults if the packet filter used - (BPF) includes IPv6 addresses. - On all other platforms OARC supports, these symbols are macros and in so - should not cause any problem. - - ee478c0 Known issues - 2f9d957 Tests - 3c663a2 Tests - c88efc5 rzkeychange test - f062f33 Tests - -2020-08-20 Jerry Lundström - - Release 1.11.1 - - This release fixes a lot of issues found by code analysis, adds a - explicit memory zeroing function to remove account information (read - when dropping privileges) and adds code coverage reporting. - - The `dnscap_memzero()` will use `explicit_bzero()` on FreeBSD and - OpenBSD, or `memset_s()` (if supported), otherwise it will manually - set the memory to zero. This will hopefully ensure that the memory - is zeroed as compilers can optimize out `memset()`'s that is just - before `free()`. - - The plugins exit code for the help option `-?` has been changed to 0 - to have the same as `dnscap -?`. - - d9747ee memzero - 1cf17c6 Coverage - 19c7120 Coverage - 7435676 Sonarcloud - 928e181 Sonarcloud - ca4afd0 Sonarcloud - 028f5e0 Badges - db0d6a1 LGTM - -2020-06-01 Jerry Lundström - - Release 1.11.0 - - This release includes a new plugin called `eventlog`, contributed - by Byron Darrah (@ByronDarrah), output DNS activity as log events, - including answers to A and AAAA queries. - - Other changes includes compile warning and code analysis fixes. - - 382eac4 COPR - 4c03650 Compile warn - 21d6a67 Slight change -- wording now matches usage() output. - dd19b0b Added the eventlog.so plugin... - 1ebf504 Added new dnscap plugin: evenlog.so... - f3f9aaa Compile warnings - -2020-03-02 Jerry Lundström - - Release 1.10.4 - - Fixed a bug that would not drop privileges when not specifying any - interface (which is equal to capturing on all interfaces). - Added functionality to set the supplemental groups when dropping - privileges and changing user, or clear them if that is not supported. - Other changes includes corrected man-page about '-w' and update to - documentation. - - a0285e4 drop privileges errors, initgroups/setgroups - 96336f3 daemon: Attempt to drop supplemental groups - 467a9a7 Drop privileges - de940a8 man-page -w - 187ec43 README - -2019-10-02 Jerry Lundström - - Release 1.10.3 - - Fixed plugins inclusion in deb packages for Debian and Ubuntu. - - 017ebb2 Deb packages - cf59143 COPR, spec - -2019-08-05 Jerry Lundström - - Release 1.10.2 - - Fixed bug in the handling of defragmentation configuration which lead - to the use of a local scope variable later on and caused unexpected - behavior. - - 91692b8 Frag conf - 6a74376 Package - d0d1a6d Package - -2019-07-08 Jerry Lundström - - Release 1.10.1 - - Fix various issues found by code analysis tools, a few compiler warnings - removed, undefined bit shift behavior fixed, parameter memory leaks - plugged and documentation updates. - - Fixes: - - `dump_dns`: Remove usage of `strcpy()` and use `snprintf()` instead - of `sprintf()` - - `bpft`: - - Use `text_ptr->len` to store length of generated text - - Use `memcpy()` instead of `strcat()` - - Remove unneeded `realloc()` and `strcpy()` - - `plugins/cryptopan`: Fix strict-aliasing warnings - - `network`: Rework part of `dl_pkt()` to remove usage of `strcpy()` - and use `snprintf()` instead of `sprintf()` - - `plugins/anonaes128`: Use `a6` as dest when copying v4 addresses for - readability and code analysis - - `plugins/cryptopan`: Run first pass separate to eliminate a 32bit - shift by 32 (undefined behavior) - - `plugins/cryptopant`: Fix memory leak of `keyfile` if `-k` is - specified more then once - - Documentation: - - Update `README.md` with correction to building from git and note - about PCAP on OpenBSD - - Fix #190: Update link to `libbind` source - - 074923c Funding - 5d2e84c libbind - 8ee9f2a Travis-CI - 6babd09 Fixes - bb2d1c7 README, compile warnings - 0d9cd9c LGTM, Travis-CI - -2018-12-03 Jerry Lundström - - Release 1.10.0 - - This release adds a new plugin type "filter" and 5 new plugins that can - do anonymization, deanonymization and masking of the IP addresses. - - New features: - - Check plugins for `pluginname_type()` which returns `enum plugin_type`, - if missing the plugin is counted as an "output" plugin - - New plugin type "filter" which calls `pluginname_filter()` prior of - outputting any data or calling of "output" plugins, if the new function - returns non-zero then the packet is filtered out (dropped) - - New extension `DNSCAP_EXT_SET_IADDR` that gives access to a function - for setting the from and to IP addresses both in the extracted data - and the wire - - New plugins: - - `anonaes128`: Anonymize IP addresses using AES128 - - `anonmask`: Pseudo-anonymize IP addresses by masking them - - `cryptopan`: Anonymize IP addresses using an extension to Crypto-PAn - (College of Computing, Georgia Tech) made by David Stott (Lucent) - - `cryptopant`: Anonymize IP addresses using cryptopANT, a different - implementation of Crypto-PAn made by the ANT project at USC/ISI - - `ipcrypt`: Anonymize IP addresses using ipcrypt create by - Jean-Philippe Aumasson - - Bugfixes: - - Fix changing `royparse` and `txtout` with other plugins (thanks to - Duane Wessels and Paul Hoffman) - - Free pointers to allocated strings in `text_free()` (thanks to Michał - Kępień) - - Fix IP checksum calculation - - Other changes: - - `-B` and `-E` can be used without `-w` (thanks to Duane Wessels) - - Use `pcap_findalldevs()` instead of `pcap_lookupdev()` (thanks to - Michał Kępień) - - Document and add `-?` option to all plugins - - Fix clang `scan-build` bugs and LGTM alerts - - Use `gmtime_r()` instead of `gmtime()` - - Update `pcap-thread` to v4.0.0 - - 67d8e2c Fix - fb0ed02 Plugin documentation - a2c9a6c cryptopant - 39db1ca Deanonymize, IPv6 test - afc7107 Crypto-PAn, cryptopANT - f1912cc OpenSSL, anonaes128 - f2bab62 ipcrypt, anonmask - 158b1e7 anonmask help - 60ece58 anonmask - 8f1b138 Plugin types, filter plugin, set iaddr extension, anonymization - by masking - b7d7991 IP checksum - 641a23a Free pointers to allocated strings in text_free() - 4d313bf pcap_findalldevs() - 091e0ca Use pcap_findalldevs() instead of pcap_lookupdev() - 6a7b25e Clean up use of feature test macros on Linux - cbba14c Configure, uninitialized - f228c9c Code formatting - 3fd738c man-page - 770168a Test - 714e4f5 Fix -B <begin> so that it works when reading offline pcap files. - 8675bea Test - 911fec9 Implementing test9 as a test of -B and -E command line args. - a7cc72d -B <begin> and -E <end> can work fine without -w <base>. - 04c4928 Made the same changes to txtout as were in 165a786 - 165a786 Workaround for stdio mystery causing duplicate royparse output. - -2018-02-28 Jerry Lundström - - Release 1.9.0 - - This release adds a new option to change how the Berkeley Packet Filter - is generated to include the host restrictions for all selections, - previously this restriction would only apply to specific parts. - - Additional tweaks to the RSSM plugin has been made to conform to the - RSSAC002v3 specification. One noticeable change is that the plugin now - requires the DNS to be parsed before counted, any error in the parsing - will result in the message being left out of the statistics. - - Changes: - - Fix spacing in BPF filter to look better - - Fix #146: Add `bpf_hosts_apply_all`, apply any host restriction to all - - `plugin/rssm`: - - Remove quoting of `start-period` and correctly handle empty hashes - - Issue #152, Issue #91: Parse DNS before processing RSSM counters - - `plugin/rssm/dnscap-rssm-rssac002`: Use `YAML::Dump()` for output - - 47d892b Issue #152: RSSM YAML output - d4f1466 Issue #152, Issue #91: Parse DNS before processing RSSM counters - 68fc1ff BPF, `bpf_hosts_apply_all` - -2018-02-07 Jerry Lundström - - Release 1.8.0 - - This release updates the TCP stream code in order to be able to look - at more then just the first query, for handling already ongoing TCP - connections without having seen SYN/ACK and for reassembly of the TCP - stream prior of parsing it for DNS with an additional layer of parsing - (see `reassemble_tcp_bfbparsedns`). - - Updates to the Root Server Scaling Measurement (RSSM) plugin have also - been made to bring it up to date with RSSAC002v3 specification, be - able to output the YAML format described and an additional script to - merge YAML files if the interval is less then the RSSAC002v3 24 hour - period. See "Updates to the RSSM plugin" below and - `plugins/rssm/README.md`. - - New extended options: - - `parse_ongoing_tcp`: Start tracking TCP connections even if SYN/ACK - has not been seen - - `allow_reset_tcpstate`: Allow external reset of TCP state - - `reassemble_tcp`: Use to enable TCP stream reassembly - - `reassemble_tcp_faultreset`: Number of faults before reseting TCP - state when reassembly is enabled - - `reassemble_tcp_bfbparsedns`: Enable an experimental additional layer - of reassemble that uses `libbind` to parse the payload before accepting - it. If the DNS is invalid it will move 2 bytes within the payload and - treat it as a new payload, taking the DNS length again and restart - the process. Requires `libbind` and `reassemble_tcp`. - - New extension functions for plugins: - - `DNSCAP_EXT_TCPSTATE_GETCURR`: Function to get a pointer for the - current TCP state - - `DNSCAP_EXT_TCPSTATE_RESET`: Function to reset a TCP state - - New features: - - Parse additional DNS queries in TCP connections - - `-g` and the `txtout` plugin will reset TCP state (if allowed) on - failure to parse DNS - - Bugfixes: - - Fix `-g` output, separate error message with a space - - Fix TCP packets wrongfully flagged as DNS when using layers. - - Fix TCP debug output when using layers, `ia_str()` is not safe to call - twice in the same `printf` because of local buffer. - - Fix exported extension functions, need to be file local - - New tests for: - - Multiple DNS queries in one TCP connection - - Query over TCP without SYN - - Queries over TCP with first query missing length - - Queries over TCP with middle payloads missing - - Add test with TCP stream that missing multiple packets in the middle - - Updates to the RSSM plugin (`plugins/rssm`): - - Add info about saving counts and sources - - Fix memory leak on `fopen()` errors - - Update to RSSAC002v3 specification - - New options: - - `-D` to disable forking on close - - `-Y`: Use RSSAC002v3 YAML format when writing counters, the file - will contain multiple YAML documents, one for each RSSAC002v3 metric - Used with; -S adds custom metric `dnscap-rssm-sources` and -A adds - `dnscap-rssm-aggregated-sources` - - `-n`: Set the service name to use in RSSAC002v3 YAML - - `-S`: Write source IPs into counters file with the prefix `source` - - `-A`: Write aggregated IPv6(/64) sources into counters file with - the prefix `aggregated-source` - - `-a`: Write aggregated IPv6(/64) sources to - `<name>.<timesec>.<timeusec>` - - Add `dnscap-rssm-rssac002` Perl script for merging RSSAC002v3 YAML files - - Add README.md for the plugin man-page for `dnscap-rssm-rssac002` - - Add test for YAML output and merging of YAML files - - c7058c8 Use file local functions for all extensions - 66b352d RSSM RSSAC002v3 YAML Tool - b09efc2 `plugins/rssm` RSSAC002v3 - 709aba6 Fix #89: Add additional reassembly layers that parses the - payload byte for byte for valid DNS - 04fa013 Fix CID 1463944 (again) - b1cf623 RSSM saving data and forking - fb23305 Fix CID 1463944 - 0fca1a8 Issue #89: TCP stream reassemble - bb6428c CID 1463814: Check `ns_initparse()` for errors - a57066f Fix #88: TCP handling - -2017-12-27 Jerry Lundström - - Release 1.7.1 - - The library used for parsing DNS (libbind) is unable to parse DNS - messages when there is padding at the end (the UDP/TCP payload is larger - then the DNS message). This has been fixed by trying to find the actual - DNS message size, walking all labels and RR data, and then retry parsing. - - Other changes and bug-fixes: - - Fix size when there is a VLAN to match output of `use_layers` yes/no - - Add test of VLAN matching - - Fix `hashtbl.c` building in `rssm` - - Add test with padded DNS message - - 49e5400 Fix #127: If `ns_initparse()` returns `EMSGSIZE`, try and get - actual size and reparse - 99bda0b Fix #98: VLAN - -2017-12-19 Jerry Lundström - - Release 1.7.0 - - This release adds IP fragmentation handling by using layers in pcap-thread - which also adds a new flag to output and modules. `DNSCAP_OUTPUT_ISLAYER` - indicates that `pkt_copy` is equal to `payload` since the layers of the - traffic have already been parsed. IP fragments are reassembled with the - `pcap_thread_ext_frag` extension that is included in pcap-thread. - - New extended (`-o`) options: - - `use_layers`: Use pcap-thread layers to handle the traffic - - `defrag_ipv4`: Enabled IPv4 de-fragmentation - - `defrag_ipv6`: Enabled IPv6 de-fragmentation - - `max_ipv4_fragments`: Set maximum fragmented IPv4 packets to track - - `max_ipv4_fragments_per_packet`: Set the maximum IPv4 fragments per - tracked packet - - `max_ipv6_fragments`: Set maximum fragmented IPv6 packets to track - - `max_ipv6_fragments_per_packet`: Set the maximum IPv6 fragments per - tracked packet - - Currently `-w` does not work with `use_layers` and the plugins `pcapdump` - and `royparse` will discard output with the flag `DNSCAP_OUTPUT_ISLAYER` - because they need access to the original packet. - - The `rzkeychange` plugin now encodes certain flag bits in the data that - it reports for RFC8145 key tag signaling. The flags of interest are: - `DO`, `CD`, and `RD`. These are encoded in an bit-mask as a hexadecimal - value before the `_ta` component of the query name. - - Other changes and bug-fixes: - - Fix #115: document `-g` output, see `OUTPUT FORMATS` `diagnostic` in - `dnscap(1)` man-page - - Add test to match output from non-layers runs with those using layers - - Add test with fragmented DNS queries - - Fix #120: CBOR/CDS compiles again, update tinycbor to v0.4.2 - - Fix `ip->ip_len` byte order - - Fix parsing of IP packets with padding or missing parts of payload - - 0347f74 Add AUTHORS section in man-page - ef1b68c Fix CID 1463073 - 8a79f89 Layers - a404d08 Update pcap-thread to v3.1.0, add test for padding fixes - 08402f1 Fix byte order bug. ip->ip_len must be evaluated with ntohs(). - d6d2340 CBOR/CDS and formatting - 85ec2d8 Fix #87: IP fragmentation reassembly - 22bfd4a Documentation - c35f19f Adding flag bits to rzkeychange RFC8145 key tag signaling data. - This may be useful to find "false" key tag signals from sources - that don't actually perform DNSSEC validation. - -2017-12-01 Jerry Lundström - - Release 1.6.0 - - New additions to the plugins: - - `rzkeychange` can now collect RFC8145 key tag signaling. Signals are - saved during the collection interval, and then sent to the specified - `-k <zone>`, one at a time, at the end of the interval. Only root zone - signals are collected. Added by Duane Wessels (@wessels). - - `royparse` is a new plugin to splits a PCAP into two streams, queries - in PCAP format and responses in ASCII format. Created by Roy Arends - (@RoyArends). - - `txtout` new option `-s` for short output, only print QTYPE and QNAME - for IN records. Added by Paul Hoffman (@paulehoffman) - - The extension interface has been extended with `DNSCAP_EXT_IA_STR` to - export the `ia_str()` function. - - Bugfixes and other changes: - - Remove duplicated hashtbl code - - `rssm`: fix bug where count in table was taken out as `uint16_t` but - was a `uint64_t` - - Handle return values from hashtbl functions - - `txtout`: removed unused `-f` options - - Change `ia_str()` to use buffers with correct sizes, thanks to - @RoyArends for spotting this! - - Commits: - 3f78a31 Add copy/author text - 1bd914d Fix CID 1462343, 1462344, 1462345 - f9bb955 Fix `fprintf()` format for message size - abedf84 Fix #105: `inet_ntop` buffers - bfdcd0d Addresses the suggestions from Jerry. - dda0996 royparse :) - 4f6520a royparse plugin finished - f1aa4f2 Fix #103: Remove `opt_f` - 32355b7 Rearrange code to keep the change smaller and fix indentation - d6612c1 Added -s to txtout for short output - 9d8d1ef Check return of `snprintf()` - 55f5aba Format code - 9f19ec3 Fixed memory leak in rzkeychange_keytagsignal() - 58b8784 Fix memory leaks and better return value checks in - rzkeychange_submit_counts() - b06659f Add server and node to keytag signal query name - 705a866 Always free response packets in rzkeychange plugin. - e802843 Implement RFC8145 key tag signal collection in rzkeychange plugin - 5fbf6d0 Added extension for ia_str() so it can be used by rzkeychange - plugin. - 3be8b8f Split `dnscap.c` into more files - e431d14 Fix #92: hashtbl - -2017-08-21 Jerry Lundström - - Release 1.5.1 - - Compatibility fixes for FreeBSD 11.1+ which is now packing `struct ip` - and for OpenBSD. - - Commits: - 17e3c92 FreeBSD is packing `struct ip`, need to `memcpy()` - f8add66 Code formatting - 38cd585 Add documentation about libbind - d1dd55b Fix #82: Update dependencies for OpenBSD - -2017-06-06 Jerry Lundström - - Release 1.5.0 - - Added support for writing gzipped PCAP if the `-W` suffix ends with - `.gz` and made `-X` work without `-x`. New inteface for plugins to - tell them what extensions are available and a new plugin `rzkeychange`. - - Plugin extensions: - - Call `plugin_extension(ext, arg)` to tell plugin what extensions exists - - Add extension for checking responder (`is_responder()`) - - The rzkeychange plugin was developed by Duane Wessels 2016 in support - of the root zone ZSK size increase. It is also being used in support of - the 2017 root KSK rollover and collects the following measurements: - - total number of responses sent - - number of responses with TC bit set - - number of responses over TCP - - number of DNSKEY responses - - number of ICMP_UNREACH_NEEDFRAG messages received - - number of ICMP_TIMXCEED_INTRANS messages received - - number of ICMP_TIMXCEED_REASS messages received - - Other fixes (author Duane Wessels): - - 232cbd0: Correct comment description for meaning of IPPROTO_AH - - 181eaa4: Add #include <sys/time.h> for struct timeval on NetBSD - - Commits: - - 1d894e2 Make -x and -X work correctly together and update man-page - 34bc54c Make the -X option work without requiring a -x option. - f43222e Fix CID 1440488, 1440489, 1440490 - aa54395 Update pcap-thread to v2.1.3 - 81174ce Prepare SPEC for OSB/COPR - 21d7468 New plugin rzkeychange and plugin extensions - 38491a3 Config header is generated by autotools - 419a8ab Small tweaks and fixes for gzip support - 1967abc updated for earlier BSD versions - f135c90 added auto gzip if the -W suffix ends with .gz - - Commits during development of rzkeychange (author Duane Wessels): - - 620828d: Add rzkeychange -z option to specify resolver IP addresses - - 1f77987: Add -p and -t options to rzkeychange plugin to configure an - alternate port and TCP. Useful for ssh tunnels. - - 2a571f1: Split ICMP time exceeded counter into two counters for time - exceeded due to TTL and another due to fragmentation - - e4ee2d3: The rzkeychange data collection plugin uses - `DNSCAP_EXT_IS_RESPONDER` extension to know if an IP address is a - "responder" or not, because when dnscap is instructed to collect ICMP - with -I, it processes all ICMP packets, not just those limited to - responders (or initiators). - - cee16b8: Add ICMP Time Exceeded to counters - - ad8a227: Counting source IPs has performance impacts. #ifdef'd out for - now add ICMP "frag needed" counts - - c25e72b: Implemented DNS queries with ldns. First there will be some - test queries to ensure the zone is reachable and configured to receive - data. Then a query naming the fields, followed by the periodic queries - delivering counts. - - fd23be7: Make report zone, server, node command line argumements mandatory - - 137789b: Adding rzkeychange plugin files - -2017-03-29 Jerry Lundström - - Release 1.4.1 - - Fixed an issue that when compiled with libpcap that had a specific - feature enabled it would result in a runtime error which could not be - worked around. - - Also fixed various compatibility issues and updated dependency - documentation for CentOS. - - Commits: - - 785d4c4 Fix compiler warnings - 2d4df8d Fix #65: Update pcap-thread to v2.1.2 - 26d3fbc Fix #64: Add missing dependency - 55e6741 Update pcap-thread to v2.1.1, fix issue with libpcap timestamp - type - c6fdb7a Fix typo and remove unused variables - -2017-02-27 Jerry Lundström - - Release 1.4.0 - - Until it can be confirmed that the threaded code works as well as the - non-threaded code it has been made optional and requires a configuration - option to enable it during compilation. - - New extended option: - - `-o pcap_buffer_size=<bytes>` can be used to increase the capture - buffer within pcap-thread/libpcap, this can help mitigate dropped - packets by the kernel during breaks (like when closing dump file). - - Commits: - - 1c6fbb2 Update copyright year - 63ef665 Suppress OpenBSD warnings about symbols - 2c99946 pcap-thread v2.0.0, disable threads, errors handling - 4cade97 Fix #56: Update pcap-thread to v1.2.2 and add test - -2016-12-23 Jerry Lundström - - Release 1.3.0 - - Rare lockup has been fixed that could happen if a signal was received - in the wrong thread at the wrong time due to `pcap_thread_stop()` - canceling and waiting on threads to join again. The handling of signals - have been improved for threaded and non-threaded operations. - - New features: - - Experimental CBOR DNS Stream format output, see `CBOR_DNS_STREAM.md` - - Extended options to specify user and group to use when dropping - privileges, see EXTENDED OPTIONS in man-page - - Commits: - - a5fa14e Signal and threads - 3868104 Use old style C comments - 7946be5 Clarify building - d5463b4 RPM spec and various automake fixes - df206bf Resource data indexing and documentation - 0e2d0fe Fix #22, fix #43: Update README - 5921d73 Add stream option RLABELS and RLABEL_MIN_SIZE - 6dd6ec1 Implement experimental CBOR DNS Stream Format - 4baf695 Fix #37: Extended options to specifty user/group to use when - dropping privileges - 61d830a Fix #35: Use `AC_HEADER_TIME` and fix warning - -2016-10-27 Jerry Lundström - - Release 1.2.0 - - Update `pcap-thread` to v1.2.0 to get the new callback queue mode which - puts that mode into using pthread conditions if all pcaps are offline and - keeps us from losing packets. - - Use `pcap_thread_dropback()` callback to get the notification when a - packet was dropped because the queue was full, indicating that we can't - process all the packets. Added this stats to the `-S` output as total - and per interface as `ptdrop`. Changed the output for each interface - to not cut of information, for example interface name was cut to - 4 characters. - - Other changes: - - - Add extended options `-o <option>=<value>` because we are running out - of short options. - - Better handling of library checks and automake rules - - New option `-F <format>` to specify the format of the output in `-w` - - Add experimental CBOR output support - - LDNS is used to parse the packets - - Tinycbor is used to construct the CBOR output - - DNS-in-JSON draft [1] for representing the objects - - Check CBOR topic in README.md for more information - - When only reading offline pcap files it will not attempt to drop - privileges and add new option `-N` to explicitly not drop privileges. - - Commits: - - f42e23f Extended options and CBOR output format - a28f498 Fix #24: Handle packet drops - 2308eaa Fix #26: Unable to drop GID to nobody, exiting. - 82d65f2 Update pcap-thread to v1.1.2 - - [1] https://datatracker.ietf.org/doc/draft-hoffman-dns-in-json/ - -2016-10-11 Jerry Lundström - - Release 1.1.0 - - The ownership of DNSCAP was transferred from ISC to DNS-OARC in - the summer of 2016 and this is the first release since that. - - This project now uses Semantic Versioning and these are the changes - since the `dnscap-20160205` release (which can also be found using - the tag `v0.0.0-20160205`). - - Highlights: - - Restructure repository and use autotools - - Compiled and tested on Debian, Ubuntu, CentOS, FreeBSD and OpenBSD - using Jenkins and Travis-CI - - Source code static analysis using Coverity Scan - - Compatibility fixes for FreeBSD, OpenBSD and OS X - - ABI change to `output()`, previous `isfrag` is now a `flags` that - represents what the packet is through a bitmask - - Use helper library `pcap-thread` when capturing to solve missing - packets during very low traffic - - New command line options: - - `-V`: Prints version and then exits - - `-M`: Enable monitor mode on interfaces - - `-D`: Enable immediate mode on interfaces - - `-W`: Allow to specify a suffix for the pcap dump file - - `-C`: Limit/rotate capture after a certain amount of bytes - - Special thanks to: - - Duane Wessels - - Paul Vixie - - Klaus Darilion - - Commits: - - bc7eb22 Update license after ownership transfer from ISC to DNS-OARC, - update contributors, add build badges and removed SuperFastHash - since apparently it was not used. - 778e457 Add `-V` for displaying version and the exiting - 71c2d79 Fix #12: Sync man-page and help text - 33576ef Swap option C and D, C for this makes more sense. Also ensure - that `capturedbytes` is zero on start. - 0077aff Correct dump trace with new `flags` - f9cbba0 Do not use dump suffix unless it set - 4dd81d6 Update the man page - 7435c49 Change new option C to D because C was already taken - 813dddb Fix -B and -E, these options are supported only once - 76f19d1 fix usage of -W - 519b64f Add -Y option to short usage instructions - 348c738 Fix -C feature: capturedbytes was not increased - 3db6f94 Improve logging - b567bef New option -C: limit/rotate capture after a certain amount - of bytes - 341abdf Add -W feature: allow to specify a suffix for the pcap dump - file, e. g.: '.pcap' - 097a3b4 Count every packet which is sent to output(), not only - the normal ones. - 75e5968 Close PCAPs after dumper_close() to have statistics still - available during dumper_close(). Otherwise we get a segfault - on shutdown. - c09d61a Add debian/ubuntu package files. - 020f2aa Forgot about the compiler warnings and fix the last - Coverity Scan issue - 00c834d More Coverity Scan fixes - ad2f230 Fix various Coverity Scan issues - 606f0cd Update pcap thread to version 1.1.1 - f065cd7 Fix #14: Add options `-M` and `-C` for monitor and - immediate mode, update help and man-page. - b872035 Update to pcap-thread version 1.1.0 - 1f30637 Update pcap_thread to v1.0.1, add travis check that dnscap - can run - b19efaa Building from Git repository instructions - b5460df Use `calloc()` instead of `malloc()` to be sure the memory - is zeroed - ae6a04d Use pcap_thread v1.0.0 - 9426a2d Update pcap_thread and add pcap stats - 820b2f2 Update pcap_thread and support offline pcaps - a47dd67 Update pcap_thread - 237a7a7 CentOS autoreconf complained - 7b5568c Use pcap_thread - 11d0388 Revert the changes on all lines that had NULL, 0 before. - 7d6a7e4 Passing IPv6 fragment payloads may not currently be safe. - Needs more work. For now pass pkt=NULL to be safe for plugins. - ea8f9a4 Make the family of output() functions future proof with a flags - bitmask. Rather than separate 'isfrag' and 'isdns' flags, - they are now set as bitmasks in a single 'flags' value passed - to output() f - 472a172 A change to the interface of the family of output() functions. - 95a6e62 timeval.* are not unsigned - d3f32de Fix #1: Use NS_*SZ - e555871 Fix compiler warnings - 3ed8f29 Fix #1 - 864cbd7 Can you change #ifdef __APPLE__ to check for the - arpa/nameser_compat.h header and include it if it exists? - 796e8ea plugin/rssm needs to include arpa/nameser_compat.h for OS X - so that the HEADER struct is declared. - daf4bd3 In plugin/txtout silence compiler warnings about int vs short - e5bc24b plugin/pcapdump needs to include arpa/nameser_compat.h for OS X - so that the HEADER struct is declared. - 0061b57 Work around configure problem detecting libresolv on Mac OS X - Without some #include files, the configure test won't find - the symbol res_mkquery() in libresolv on OS X. It is called - res_9_mkquery() - 5309655 Mac OS X doesn't have setresuid() and setresgid(). - This patch adds configure checks for setreuid() and setregid() - and will use those instead if the other versions are - not available. - d257a1c Fix compilation on FreeBSD and OpenBSD - 07b2a75 Restructure repository and move to Automake. |