1 files changed, 441 insertions, 0 deletions
diff --git a/src/dnscap.h b/src/dnscap.h
new file mode 100644
index 0000000..dd03ddd
--- /dev/null
+++ b/src/dnscap.h
@@ -0,0 +1,441 @@
+/*
+ * Copyright (c) 2016-2021, OARC, Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. Neither the name of the copyright holder nor the names of its
+ *    contributors may be used to endorse or promote products derived
+ *    from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+ * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+ * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
+ * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef __dnscap_dnscap_h
+#define __dnscap_dnscap_h
+
+#ifdef __linux__
+#define _GNU_SOURCE
+#endif
+
+#include <sys/param.h>
+#include <sys/types.h>
+#include <sys/select.h>
+#include <sys/socket.h>
+#include <sys/fcntl.h> /* for open() */
+#include <sys/ioctl.h> /* for TIOCNOTTY */
+#include <stdarg.h>
+#include <syslog.h>
+#include <dlfcn.h>
+#include <sys/stat.h>
+#include <sys/resource.h>
+#if HAVE_PTHREAD
+#include <pthread.h>
+#endif
+
+#ifdef __linux__
+#define __FAVOR_BSD
+#include <net/ethernet.h>
+#ifdef USE_SECCOMP
+#include <seccomp.h>
+#endif
+#endif
+
+#ifdef __FreeBSD__
+#include <net/ethernet.h>
+#endif
+
+#ifdef __NetBSD__
+#include <net/ethertypes.h>
+#include <net/if.h>
+#include <net/if_ether.h>
+#endif
+
+#ifdef __OpenBSD__
+#include <net/ethertypes.h>
+#include <net/if.h>
+#include <netinet/in.h>
+#include <netinet/in_var.h>
+#include <netinet/if_ether.h>
+#endif
+
+#ifdef __APPLE__
+#include <net/ethernet.h>
+#include <net/bpf.h>
+#endif
+
+#ifdef __hpux
+#include <net/if.h>
+#include <netinet/if_ether.h>
+#define ETHER_HDR_LEN ETHER_HLEN
+#define __BIT_TYPES_DEFINED
+#define __HPLX
+#endif
+
+#ifdef __SVR4
+#include <stdarg.h>
+#include <net/if.h>
+#include <net/if_arp.h>
+#include <netinet/if_ether.h>
+#include "snprintf.h"
+#define IP_OFFMASK 0x1fff
+#define u_int32_t uint32_t
+#ifndef ETHER_HDR_LEN
+#define ETHER_HDR_LEN 14
+#endif
+#endif
+
+#ifndef MY_BPFTIMEVAL
+#define MY_BPFTIMEVAL timeval
+#endif
+
+#include <netinet/in_systm.h>
+#include <netinet/in.h>
+#include <netinet/ip.h>
+#include <netinet/ip6.h>
+#include <netinet/udp.h>
+#include <netinet/tcp.h>
+#include <arpa/nameser.h>
+#if HAVE_ARPA_NAMESER_COMPAT_H
+#include <arpa/nameser_compat.h>
+#endif
+#include <arpa/inet.h>
+
+#include <assert.h>
+#include <errno.h>
+#include <netdb.h>
+#include <pcap.h>
+#include <regex.h>
+#include <signal.h>
+#include <stdarg.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+#include <pwd.h>
+#include <grp.h>
+
+#if HAVE_ZLIB_H
+#include <zlib.h>
+#endif
+
+#include <ldns/ldns.h>
+
+#ifndef IPV6_VERSION
+#define IPV6_VERSION 0x60
+#endif
+#ifndef IPV6_VERSION_MASK
+#define IPV6_VERSION_MASK 0xf0
+#endif
+
+#define UDP10_QR_MASK 0x80
+#define UDP10_QR_SHIFT 7
+#define UDP10_OP_MASK 0x78
+#define UDP10_OP_SHIFT 3
+#define UDP10_AA_MASK 0x04
+#define UDP10_AA_SHIFT 2
+#define UDP10_TC_MASK 0x02
+#define UDP10_TC_SHIFT 1
+#define UDP10_RD_MASK 0x01
+#define UDP10_RD_SHIFT 0
+
+#define UDP11_RC_MASK 0x0f
+#define UDP11_RC_SHIFT 0
+
+#define MSG_QUERY 0x0001
+#define MSG_UPDATE 0x0002
+#define MSG_NOTIFY 0x0004
+
+#define ERR_TRUNC 0x0001
+#define ERR_RCODE_BASE 0x0002
+#define ERR_NO (ERR_RCODE_BASE << 0)
+#define ERR_FORMERR (ERR_RCODE_BASE << 1)
+#define ERR_SERVFAIL (ERR_RCODE_BASE << 2)
+#define ERR_NXDOMAIN (ERR_RCODE_BASE << 3)
+#define ERR_NOTIMPL (ERR_RCODE_BASE << 4)
+#define ERR_REFUSED (ERR_RCODE_BASE << 5)
+#define ERR_YES (0xffffffff & ~ERR_NO)
+
+#define END_INITIATOR 0x0001
+#define END_RESPONDER 0x0002
+
+#define HIDE_INET "\177\177\177\177"
+#define HIDE_INET6 "\177\177\177\177\177\177\177\177" \
+                   "\177\177\177\177\177\177\177\177"
+#define HIDE_PORT 54321
+
+#ifndef ETHERTYPE_VLAN
+#define ETHERTYPE_VLAN 0x8100
+#endif
+#ifndef ETHERTYPE_IPV6
+#define ETHERTYPE_IPV6 0x86DD
+#endif
+
+#define THOUSAND 1000
+#define MILLION (THOUSAND * THOUSAND)
+#define MAX_VLAN 4095
+#define DNS_PORT 53
+#define TO_MS 1
+#define SNAPLEN 65536
+#define TRUE 1
+#define FALSE 0
+#define REGEX_CFLAGS (REG_EXTENDED | REG_ICASE | REG_NOSUB | REG_NEWLINE)
+#define MAX_TCP_WINDOW (0xFFFF << 14)
+#define MEM_MAX 20000000000 /* SETTING MAX MEMORY USAGE TO 2GB */
+
+#define ISC_CHECK_NONE 1
+#include "isc/list.h"
+#include "isc/assertions.h"
+
+#include "dnscap_common.h"
+
+#include "dump_dns.h"
+#include "dump_cbor.h"
+#include "dump_cds.h"
+#include "options.h"
+#include "pcap-thread/pcap_thread.h"
+
+struct text {
+    LINK(struct text)
+    link;
+    size_t len;
+    char*  text;
+};
+typedef struct text* text_ptr;
+typedef LIST(struct text) text_list;
+#define text_size(len) (sizeof(struct text) + len)
+
+struct mypcap {
+    LINK(struct mypcap)
+    link;
+    const char*      name;
+    struct pcap_stat ps0, ps1;
+    uint64_t         drops;
+};
+typedef struct mypcap* mypcap_ptr;
+typedef LIST(struct mypcap) mypcap_list;
+
+struct vlan {
+    LINK(struct vlan)
+    link;
+    unsigned vlan;
+};
+typedef struct vlan* vlan_ptr;
+typedef LIST(struct vlan) vlan_list;
+
+#define MAX_TCP_WINDOW_SIZE (0xFFFF << 14)
+#define MAX_TCP_MSGS 8
+#define MAX_TCP_SEGS 8
+#define MAX_TCP_HOLES 8
+#define MAX_TCP_DNS_MSG 8
+
+typedef struct tcphole    tcphole_t;
+typedef struct tcp_msgbuf tcp_msgbuf_t;
+typedef struct tcp_segbuf tcp_segbuf_t;
+typedef struct tcpdnsmsg  tcpdnsmsg_t;
+typedef struct tcpreasm   tcpreasm_t;
+
+struct tcphole {
+    uint16_t start;
+    uint16_t len;
+};
+
+struct tcp_msgbuf {
+    uint32_t  seq;
+    uint16_t  dnslen;
+    tcphole_t hole[MAX_TCP_HOLES];
+    int       holes;
+    u_char    buf[];
+};
+
+struct tcp_segbuf {
+    uint32_t seq;
+    uint16_t len;
+    u_char   buf[];
+};
+
+struct tcpdnsmsg {
+    size_t   segments_seen;
+    uint16_t dnslen;
+    u_char   dnspkt[];
+};
+
+struct tcpreasm {
+    uint32_t      seq_start;
+    size_t        msgbufs;
+    u_char        dnslen_buf[2];
+    u_char        dnslen_bytes_seen_mask;
+    tcp_msgbuf_t* msgbuf[MAX_TCP_MSGS];
+    tcp_segbuf_t* segbuf[MAX_TCP_SEGS];
+    size_t        segments_seen;
+    size_t        dnsmsgs;
+    tcpdnsmsg_t*  dnsmsg[MAX_TCP_DNS_MSG];
+    uint32_t      seq_bfb;
+    tcp_segbuf_t* bfb_seg[MAX_TCP_SEGS];
+    u_char*       bfb_buf;
+    size_t        bfb_at;
+};
+
+struct tcpstate {
+    LINK(struct tcpstate)
+    link;
+    iaddr    saddr;
+    iaddr    daddr;
+    uint16_t sport;
+    uint16_t dport;
+    uint32_t start; /* seq# of tcp payload start */
+    uint32_t maxdiff; /* maximum (seq# - start) */
+    uint16_t dnslen;
+    time_t   last_use;
+    uint32_t lastdns;
+    uint32_t currseq;
+    size_t   currlen;
+
+    tcpreasm_t* reasm;
+    size_t      reasm_faults;
+};
+typedef struct tcpstate* tcpstate_ptr;
+typedef LIST(struct tcpstate) tcpstate_list;
+
+struct endpoint {
+    LINK(struct endpoint)
+    link;
+    iaddr ia;
+};
+typedef struct endpoint* endpoint_ptr;
+typedef LIST(struct endpoint) endpoint_list;
+
+struct myregex {
+    LINK(struct myregex)
+    link;
+    regex_t reg;
+    char*   str;
+    int not ;
+};
+typedef struct myregex* myregex_ptr;
+typedef LIST(struct myregex) myregex_list;
+
+struct plugin {
+    LINK(struct plugin)
+    link;
+
+    char*            name;
+    void*            handle;
+    enum plugin_type pt;
+
+    type_t(*type);
+    int (*start)(logerr_t*);
+    void (*stop)();
+    int (*open)(my_bpftimeval);
+    int (*close)();
+    output_t(*output);
+    filter_t(*filter);
+    void (*getopt)(int*, char**[]);
+    void (*usage)();
+    void (*extension)(int, void*);
+};
+typedef LIST(struct plugin) plugin_list;
+
+enum dump_type {
+    nowhere,
+    to_stdout,
+    to_file
+};
+enum dump_state {
+    dumper_opened,
+    dumper_closed
+};
+
+extern plugin_list plugins;
+extern const char* ProgramName;
+extern char*       dump_suffix;
+extern int         wantgzip;
+
+extern plugin_list     plugins;
+extern const char*     ProgramName;
+extern int             dumptrace;
+extern int             flush;
+extern vlan_list       vlans_excl;
+extern vlan_list       vlans_incl;
+extern unsigned        msg_wanted;
+extern unsigned        dir_wanted;
+extern unsigned        end_hide;
+extern unsigned        err_wanted;
+extern tcpstate_list   tcpstates;
+extern int             tcpstate_count;
+extern endpoint_list   initiators, not_initiators;
+extern endpoint_list   responders, not_responders;
+extern endpoint_list   drop_responders;
+extern myregex_list    myregexes;
+extern mypcap_list     mypcaps;
+extern mypcap_ptr      pcap_offline;
+extern const char*     dump_base;
+extern char*           dump_suffix;
+extern char*           extra_bpf;
+extern enum dump_type  dump_type;
+extern enum dump_state dump_state;
+extern const char*     kick_cmd;
+extern unsigned        limit_seconds;
+extern time_t          next_interval;
+extern unsigned        limit_packets;
+extern size_t          limit_pcapfilesize;
+extern pcap_t*         pcap_dead;
+extern pcap_dumper_t*  dumper;
+extern time_t          dumpstart;
+extern unsigned        msgcount;
+extern size_t          capturedbytes;
+extern char *          dumpname, *dumpnamepart;
+extern char*           bpft;
+extern unsigned        dns_port;
+extern int             promisc;
+extern int             monitor_mode;
+extern int             immediate_mode;
+extern int             background;
+extern char            errbuf[PCAP_ERRBUF_SIZE];
+extern int             wantgzip;
+extern int             wantfrags;
+extern int             wanticmp;
+extern int             wanttcp;
+extern int             preso;
+#ifdef USE_SECCOMP
+extern int use_seccomp;
+#endif
+extern int                main_exit;
+extern int                alarm_set;
+extern time_t             start_time;
+extern time_t             stop_time;
+extern int                print_pcap_stats;
+extern uint64_t           pcap_drops;
+extern my_bpftimeval      last_ts;
+extern unsigned long long mem_limit;
+extern int                mem_limit_set;
+extern const char         DROPTOUSER[];
+extern pcap_thread_t      pcap_thread;
+extern int                only_offline_pcaps;
+extern int                dont_drop_privileges;
+extern options_t          options;
+
+extern ldns_rr_type match_qtype, nmatch_qtype;
+
+#endif /* __dnscap_dnscap_h */