Release 1.10.0

.travis.yml

@@ -1,7 +1,7 @@
 addons:
   apt:
     sources:
-    - sourceline: 'ppa:dns-oarc/cryptopant-pr'
+    - sourceline: 'ppa:dns-oarc/dnscap-pr'
     update: true
     packages:
     - libpcap-dev

CHANGES

@@ -1,3 +1,73 @@
+2018-12-03 Jerry Lundström
+
+    Release 1.10.0
+
+    This release adds a new plugin type "filter" and 5 new plugins that can
+    do anonymization, deanonymization and masking of the IP addresses.
+
+    New features:
+    - Check plugins for `pluginname_type()` which returns `enum plugin_type`,
+      if missing the plugin is counted as an "output" plugin
+    - New plugin type "filter" which calls `pluginname_filter()` prior of
+      outputting any data or calling of "output" plugins, if the new function
+      returns non-zero then the packet is filtered out (dropped)
+    - New extension `DNSCAP_EXT_SET_IADDR` that gives access to a function
+      for setting the from and to IP addresses both in the extracted data
+      and the wire
+
+    New plugins:
+    - `anonaes128`: Anonymize IP addresses using AES128
+    - `anonmask`: Pseudo-anonymize IP addresses by masking them
+    - `cryptopan`: Anonymize IP addresses using an extension to Crypto-PAn
+      (College of Computing, Georgia Tech) made by David Stott (Lucent)
+    - `cryptopant`: Anonymize IP addresses using cryptopANT, a different
+      implementation of Crypto-PAn made by the ANT project at USC/ISI
+    - `ipcrypt`: Anonymize IP addresses using ipcrypt create by
+      Jean-Philippe Aumasson
+
+    Bugfixes:
+    - Fix changing `royparse` and `txtout` with other plugins (thanks to
+      Duane Wessels and Paul Hoffman)
+    - Free pointers to allocated strings in `text_free()` (thanks to Michał
+      Kępień)
+    - Fix IP checksum calculation
+
+    Other changes:
+    - `-B` and `-E` can be used without `-w` (thanks to Duane Wessels)
+    - Use `pcap_findalldevs()` instead of `pcap_lookupdev()` (thanks to
+      Michał Kępień)
+    - Document and add `-?` option to all plugins
+    - Fix clang `scan-build` bugs and LGTM alerts
+    - Use `gmtime_r()` instead of `gmtime()`
+    - Update `pcap-thread` to v4.0.0
+
+    67d8e2c Fix
+    fb0ed02 Plugin documentation
+    a2c9a6c cryptopant
+    39db1ca Deanonymize, IPv6 test
+    afc7107 Crypto-PAn, cryptopANT
+    f1912cc OpenSSL, anonaes128
+    f2bab62 ipcrypt, anonmask
+    158b1e7 anonmask help
+    60ece58 anonmask
+    8f1b138 Plugin types, filter plugin, set iaddr extension, anonymization
+            by masking
+    b7d7991 IP checksum
+    641a23a Free pointers to allocated strings in text_free()
+    4d313bf pcap_findalldevs()
+    091e0ca Use pcap_findalldevs() instead of pcap_lookupdev()
+    6a7b25e Clean up use of feature test macros on Linux
+    cbba14c Configure, uninitialized
+    f228c9c Code formatting
+    3fd738c man-page
+    770168a Test
+    714e4f5 Fix -B <begin> so that it works when reading offline pcap files.
+    8675bea Test
+    911fec9 Implementing test9 as a test of -B and -E command line args.
+    a7cc72d -B <begin> and -E <end> can work fine without -w <base>.
+    04c4928 Made the same changes to txtout as were in 165a786
+    165a786 Workaround for stdio mystery causing duplicate royparse output.
+
 2018-02-28 Jerry Lundström
 
     Release 1.9.0

README.md

@@ -28,14 +28,17 @@ Mailinglist:
 
 ## Dependencies
 
+`dnscap` requires a couple of libraries beside a normal C compiling
+environment with autoconf, automake, libtool and pkgconfig.
+
 `dnscap` has a non-optional dependency on the PCAP library and optional
 dependencies on LDNS. BIND library `libbind` is considered optional but it
 is needed under OpenBSD for various `arpa/nameser*` include headers, see
 [Linking with libbind](#linking-with-libbind).
 
 To install the dependencies under Debian/Ubuntu:
 ```
-apt-get install -y libpcap-dev libldns-dev libbind-dev zlib1g-dev libyaml-perl
+apt-get install -y libpcap-dev libldns-dev libbind-dev zlib1g-dev libyaml-perl libssl-dev
 ```
 
 To install the dependencies under CentOS (with EPEL enabled):
@@ -48,14 +51,24 @@ from source or Ports, these instructions are not included.
 
 To install some of the dependencies under FreeBSD 10+ using `pkg`:
 ```
-pkg install -y libpcap ldns p5-YAML
+pkg install -y libpcap ldns p5-YAML openssl-devel
 ```
 
 To install some of the dependencies under OpenBSD 5+ using `pkg_add`:
 ```
 pkg_add libldns p5-YAML
 ```
 
+### Dependencies for `cryptopant.so` plugin
+
+For this plugin a library call `cryptopANT` is required and the original
+can be found here: https://ant.isi.edu/software/cryptopANT/index.html .
+
+For DNS-OARC packages we build our own fork, with slight modifications to
+conform across distributions, of this library which is included in the same
+package repository as `dnscap`. The modifications and packaging files can be
+found here: https://github.com/DNS-OARC/cryptopANT .
+
 ## Building from source tarball
 
 The source tarball from DNS-OARC comes prepared with `configure`:

configure.ac

@@ -33,7 +33,7 @@
 # POSSIBILITY OF SUCH DAMAGE.
 
 AC_PREREQ(2.61)
-AC_INIT([dnscap], [1.9.0], [[email protected]], [dnscap], [https://github.com/DNS-OARC/dnscap/issues])
+AC_INIT([dnscap], [1.10.0], [[email protected]], [dnscap], [https://github.com/DNS-OARC/dnscap/issues])
 AM_INIT_AUTOMAKE([-Wall -Werror foreign subdir-objects])
 AC_CONFIG_SRCDIR([src/dnscap.c])
 AC_CONFIG_HEADER([src/config.h])

debian/changelog

@@ -1,3 +1,75 @@
+dnscap (1.10.0-1~unstable+1) unstable; urgency=low
+
+  * Release 1.10.0
+
+    This release adds a new plugin type "filter" and 5 new plugins that can
+    do anonymization, deanonymization and masking of the IP addresses.
+
+    New features:
+    - Check plugins for `pluginname_type()` which returns `enum plugin_type`,
+      if missing the plugin is counted as an "output" plugin
+    - New plugin type "filter" which calls `pluginname_filter()` prior of
+      outputting any data or calling of "output" plugins, if the new function
+      returns non-zero then the packet is filtered out (dropped)
+    - New extension `DNSCAP_EXT_SET_IADDR` that gives access to a function
+      for setting the from and to IP addresses both in the extracted data
+      and the wire
+
+    New plugins:
+    - `anonaes128`: Anonymize IP addresses using AES128
+    - `anonmask`: Pseudo-anonymize IP addresses by masking them
+    - `cryptopan`: Anonymize IP addresses using an extension to Crypto-PAn
+      (College of Computing, Georgia Tech) made by David Stott (Lucent)
+    - `cryptopant`: Anonymize IP addresses using cryptopANT, a different
+      implementation of Crypto-PAn made by the ANT project at USC/ISI
+    - `ipcrypt`: Anonymize IP addresses using ipcrypt create by
+      Jean-Philippe Aumasson
+
+    Bugfixes:
+    - Fix changing `royparse` and `txtout` with other plugins (thanks to
+      Duane Wessels and Paul Hoffman)
+    - Free pointers to allocated strings in `text_free()` (thanks to Michał
+      Kępień)
+    - Fix IP checksum calculation
+
+    Other changes:
+    - `-B` and `-E` can be used without `-w` (thanks to Duane Wessels)
+    - Use `pcap_findalldevs()` instead of `pcap_lookupdev()` (thanks to
+      Michał Kępień)
+    - Document and add `-?` option to all plugins
+    - Fix clang `scan-build` bugs and LGTM alerts
+    - Use `gmtime_r()` instead of `gmtime()`
+    - Update `pcap-thread` to v4.0.0
+
+    67d8e2c Fix
+    fb0ed02 Plugin documentation
+    a2c9a6c cryptopant
+    39db1ca Deanonymize, IPv6 test
+    afc7107 Crypto-PAn, cryptopANT
+    f1912cc OpenSSL, anonaes128
+    f2bab62 ipcrypt, anonmask
+    158b1e7 anonmask help
+    60ece58 anonmask
+    8f1b138 Plugin types, filter plugin, set iaddr extension, anonymization
+            by masking
+    b7d7991 IP checksum
+    641a23a Free pointers to allocated strings in text_free()
+    4d313bf pcap_findalldevs()
+    091e0ca Use pcap_findalldevs() instead of pcap_lookupdev()
+    6a7b25e Clean up use of feature test macros on Linux
+    cbba14c Configure, uninitialized
+    f228c9c Code formatting
+    3fd738c man-page
+    770168a Test
+    714e4f5 Fix -B <begin> so that it works when reading offline pcap files.
+    8675bea Test
+    911fec9 Implementing test9 as a test of -B and -E command line args.
+    a7cc72d -B <begin> and -E <end> can work fine without -w <base>.
+    04c4928 Made the same changes to txtout as were in 165a786
+    165a786 Workaround for stdio mystery causing duplicate royparse output.
+
+ -- Jerry Lundström <[email protected]>  Mon, 03 Dec 2018 14:34:17 +0100
+
 dnscap (1.9.0-1~unstable+1) unstable; urgency=low
 
   * Release 1.9.0

debian/control

@@ -3,15 +3,16 @@ Section: net
 Priority: optional
 Maintainer: Jerry Lundström <[email protected]>
 Build-Depends: debhelper (>= 8.0.0), build-essential, automake, autoconf,
- libpcap-dev, netbase, libldns-dev, libtool, zlib1g-dev, libyaml-perl
+ libpcap-dev, netbase, libldns-dev, libtool, zlib1g-dev, libyaml-perl,
+ libssl-dev, libcryptopant-dev, pkg-config
 Standards-Version: 3.9.4
 Homepage: https://www.dns-oarc.net/tools/dnscap
 Vcs-Git: https://github.com/DNS-OARC/dnscap.git
 Vcs-Browser: https://github.com/DNS-OARC/dnscap
 
 Package: dnscap
 Architecture: any
-Depends: ${shlibs:Depends}, ${misc:Depends}
+Depends: ${shlibs:Depends}, ${misc:Depends}, ${perl:Depends}
 Description: Network capture utility designed specifically for DNS traffic
  dnscap is a network capture utility designed specifically for DNS
  traffic. It produces binary data in pcap(3) format. This utility

rpm/dnscap.spec

@@ -1,5 +1,5 @@
 Name:           dnscap
-Version:        1.9.0
+Version:        1.10.0
 Release:        1%{?dist}
 Summary:        Network capture utility designed specifically for DNS traffic
 Group:          Productivity/Networking/DNS/Utilities
@@ -18,6 +18,8 @@ BuildRequires:  autoconf
 BuildRequires:  automake
 BuildRequires:  libtool
 BuildRequires:  perl-YAML
+BuildRequires:  cryptopant-devel
+BuildRequires:  pkgconfig
 
 %description
 dnscap is a network capture utility designed specifically for DNS
@@ -36,6 +38,10 @@ sh autogen.sh
 make %{?_smp_mflags}
 
 
+%check
+make test
+
+
 %install
 rm -rf $RPM_BUILD_ROOT
 make install DESTDIR=$RPM_BUILD_ROOT
@@ -54,6 +60,69 @@ rm -rf $RPM_BUILD_ROOT
 
 
 %changelog
+* Mon Dec 03 2018 Jerry Lundström <[email protected]> 1.10.0-1
+- Release 1.10.0
+  * This release adds a new plugin type "filter" and 5 new plugins that can
+    do anonymization, deanonymization and masking of the IP addresses.
+  * New features:
+    - Check plugins for `pluginname_type()` which returns `enum plugin_type`,
+      if missing the plugin is counted as an "output" plugin
+    - New plugin type "filter" which calls `pluginname_filter()` prior of
+      outputting any data or calling of "output" plugins, if the new function
+      returns non-zero then the packet is filtered out (dropped)
+    - New extension `DNSCAP_EXT_SET_IADDR` that gives access to a function
+      for setting the from and to IP addresses both in the extracted data
+      and the wire
+  * New plugins:
+    - `anonaes128`: Anonymize IP addresses using AES128
+    - `anonmask`: Pseudo-anonymize IP addresses by masking them
+    - `cryptopan`: Anonymize IP addresses using an extension to Crypto-PAn
+      (College of Computing, Georgia Tech) made by David Stott (Lucent)
+    - `cryptopant`: Anonymize IP addresses using cryptopANT, a different
+      implementation of Crypto-PAn made by the ANT project at USC/ISI
+    - `ipcrypt`: Anonymize IP addresses using ipcrypt create by
+      Jean-Philippe Aumasson
+  * Bugfixes:
+    - Fix changing `royparse` and `txtout` with other plugins (thanks to
+      Duane Wessels and Paul Hoffman)
+    - Free pointers to allocated strings in `text_free()` (thanks to Michał
+      Kępień)
+    - Fix IP checksum calculation
+  * Other changes:
+    - `-B` and `-E` can be used without `-w` (thanks to Duane Wessels)
+    - Use `pcap_findalldevs()` instead of `pcap_lookupdev()` (thanks to
+      Michał Kępień)
+    - Document and add `-?` option to all plugins
+    - Fix clang `scan-build` bugs and LGTM alerts
+    - Use `gmtime_r()` instead of `gmtime()`
+    - Update `pcap-thread` to v4.0.0
+  * Commits:
+    67d8e2c Fix
+    fb0ed02 Plugin documentation
+    a2c9a6c cryptopant
+    39db1ca Deanonymize, IPv6 test
+    afc7107 Crypto-PAn, cryptopANT
+    f1912cc OpenSSL, anonaes128
+    f2bab62 ipcrypt, anonmask
+    158b1e7 anonmask help
+    60ece58 anonmask
+    8f1b138 Plugin types, filter plugin, set iaddr extension, anonymization
+            by masking
+    b7d7991 IP checksum
+    641a23a Free pointers to allocated strings in text_free()
+    4d313bf pcap_findalldevs()
+    091e0ca Use pcap_findalldevs() instead of pcap_lookupdev()
+    6a7b25e Clean up use of feature test macros on Linux
+    cbba14c Configure, uninitialized
+    f228c9c Code formatting
+    3fd738c man-page
+    770168a Test
+    714e4f5 Fix -B <begin> so that it works when reading offline pcap files.
+    8675bea Test
+    911fec9 Implementing test9 as a test of -B and -E command line args.
+    a7cc72d -B <begin> and -E <end> can work fine without -w <base>.
+    04c4928 Made the same changes to txtout as were in 165a786
+    165a786 Workaround for stdio mystery causing duplicate royparse output.
 * Wed Feb 28 2018 Jerry Lundström <[email protected]> 1.9.0-1
 - Release 1.9.0
   * This release adds a new option to change how the Berkeley Packet Filter