From fc9598dd2850c5036ad19696c7429b07f171bbc8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jerry=20Lundstr=C3=B6m?= Date: Fri, 30 Nov 2018 14:29:59 +0100 Subject: [PATCH] Release 1.10.0 --- .travis.yml | 2 +- CHANGES | 70 ++++++++++++++++++++++++++++++++++++++++++++++ README.md | 17 ++++++++++-- configure.ac | 2 +- debian/changelog | 72 ++++++++++++++++++++++++++++++++++++++++++++++++ debian/control | 5 ++-- rpm/dnscap.spec | 71 ++++++++++++++++++++++++++++++++++++++++++++++- 7 files changed, 232 insertions(+), 7 deletions(-) diff --git a/.travis.yml b/.travis.yml index 30a7784..f6bdfd9 100644 --- a/.travis.yml +++ b/.travis.yml @@ -1,7 +1,7 @@ addons: apt: sources: - - sourceline: 'ppa:dns-oarc/cryptopant-pr' + - sourceline: 'ppa:dns-oarc/dnscap-pr' update: true packages: - libpcap-dev diff --git a/CHANGES b/CHANGES index a7cc16c..58c8f93 100644 --- a/CHANGES +++ b/CHANGES @@ -1,3 +1,73 @@ +2018-12-03 Jerry Lundström + + Release 1.10.0 + + This release adds a new plugin type "filter" and 5 new plugins that can + do anonymization, deanonymization and masking of the IP addresses. + + New features: + - Check plugins for `pluginname_type()` which returns `enum plugin_type`, + if missing the plugin is counted as an "output" plugin + - New plugin type "filter" which calls `pluginname_filter()` prior of + outputting any data or calling of "output" plugins, if the new function + returns non-zero then the packet is filtered out (dropped) + - New extension `DNSCAP_EXT_SET_IADDR` that gives access to a function + for setting the from and to IP addresses both in the extracted data + and the wire + + New plugins: + - `anonaes128`: Anonymize IP addresses using AES128 + - `anonmask`: Pseudo-anonymize IP addresses by masking them + - `cryptopan`: Anonymize IP addresses using an extension to Crypto-PAn + (College of Computing, Georgia Tech) made by David Stott (Lucent) + - `cryptopant`: Anonymize IP addresses using cryptopANT, a different + implementation of Crypto-PAn made by the ANT project at USC/ISI + - `ipcrypt`: Anonymize IP addresses using ipcrypt create by + Jean-Philippe Aumasson + + Bugfixes: + - Fix changing `royparse` and `txtout` with other plugins (thanks to + Duane Wessels and Paul Hoffman) + - Free pointers to allocated strings in `text_free()` (thanks to Michał + Kępień) + - Fix IP checksum calculation + + Other changes: + - `-B` and `-E` can be used without `-w` (thanks to Duane Wessels) + - Use `pcap_findalldevs()` instead of `pcap_lookupdev()` (thanks to + Michał Kępień) + - Document and add `-?` option to all plugins + - Fix clang `scan-build` bugs and LGTM alerts + - Use `gmtime_r()` instead of `gmtime()` + - Update `pcap-thread` to v4.0.0 + + 67d8e2c Fix + fb0ed02 Plugin documentation + a2c9a6c cryptopant + 39db1ca Deanonymize, IPv6 test + afc7107 Crypto-PAn, cryptopANT + f1912cc OpenSSL, anonaes128 + f2bab62 ipcrypt, anonmask + 158b1e7 anonmask help + 60ece58 anonmask + 8f1b138 Plugin types, filter plugin, set iaddr extension, anonymization + by masking + b7d7991 IP checksum + 641a23a Free pointers to allocated strings in text_free() + 4d313bf pcap_findalldevs() + 091e0ca Use pcap_findalldevs() instead of pcap_lookupdev() + 6a7b25e Clean up use of feature test macros on Linux + cbba14c Configure, uninitialized + f228c9c Code formatting + 3fd738c man-page + 770168a Test + 714e4f5 Fix -B so that it works when reading offline pcap files. + 8675bea Test + 911fec9 Implementing test9 as a test of -B and -E command line args. + a7cc72d -B and -E can work fine without -w . + 04c4928 Made the same changes to txtout as were in 165a786 + 165a786 Workaround for stdio mystery causing duplicate royparse output. + 2018-02-28 Jerry Lundström Release 1.9.0 diff --git a/README.md b/README.md index 310d493..cf896da 100644 --- a/README.md +++ b/README.md @@ -28,6 +28,9 @@ Mailinglist: ## Dependencies +`dnscap` requires a couple of libraries beside a normal C compiling +environment with autoconf, automake, libtool and pkgconfig. + `dnscap` has a non-optional dependency on the PCAP library and optional dependencies on LDNS. BIND library `libbind` is considered optional but it is needed under OpenBSD for various `arpa/nameser*` include headers, see @@ -35,7 +38,7 @@ is needed under OpenBSD for various `arpa/nameser*` include headers, see To install the dependencies under Debian/Ubuntu: ``` -apt-get install -y libpcap-dev libldns-dev libbind-dev zlib1g-dev libyaml-perl +apt-get install -y libpcap-dev libldns-dev libbind-dev zlib1g-dev libyaml-perl libssl-dev ``` To install the dependencies under CentOS (with EPEL enabled): @@ -48,7 +51,7 @@ from source or Ports, these instructions are not included. To install some of the dependencies under FreeBSD 10+ using `pkg`: ``` -pkg install -y libpcap ldns p5-YAML +pkg install -y libpcap ldns p5-YAML openssl-devel ``` To install some of the dependencies under OpenBSD 5+ using `pkg_add`: @@ -56,6 +59,16 @@ To install some of the dependencies under OpenBSD 5+ using `pkg_add`: pkg_add libldns p5-YAML ``` +### Dependencies for `cryptopant.so` plugin + +For this plugin a library call `cryptopANT` is required and the original +can be found here: https://ant.isi.edu/software/cryptopANT/index.html . + +For DNS-OARC packages we build our own fork, with slight modifications to +conform across distributions, of this library which is included in the same +package repository as `dnscap`. The modifications and packaging files can be +found here: https://github.com/DNS-OARC/cryptopANT . + ## Building from source tarball The source tarball from DNS-OARC comes prepared with `configure`: diff --git a/configure.ac b/configure.ac index 3d82c50..3b32697 100644 --- a/configure.ac +++ b/configure.ac @@ -33,7 +33,7 @@ # POSSIBILITY OF SUCH DAMAGE. AC_PREREQ(2.61) -AC_INIT([dnscap], [1.9.0], [dnscap-users@dns-oarc.net], [dnscap], [https://github.com/DNS-OARC/dnscap/issues]) +AC_INIT([dnscap], [1.10.0], [dnscap-users@dns-oarc.net], [dnscap], [https://github.com/DNS-OARC/dnscap/issues]) AM_INIT_AUTOMAKE([-Wall -Werror foreign subdir-objects]) AC_CONFIG_SRCDIR([src/dnscap.c]) AC_CONFIG_HEADER([src/config.h]) diff --git a/debian/changelog b/debian/changelog index 7197313..c0a2c96 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,75 @@ +dnscap (1.10.0-1~unstable+1) unstable; urgency=low + + * Release 1.10.0 + + This release adds a new plugin type "filter" and 5 new plugins that can + do anonymization, deanonymization and masking of the IP addresses. + + New features: + - Check plugins for `pluginname_type()` which returns `enum plugin_type`, + if missing the plugin is counted as an "output" plugin + - New plugin type "filter" which calls `pluginname_filter()` prior of + outputting any data or calling of "output" plugins, if the new function + returns non-zero then the packet is filtered out (dropped) + - New extension `DNSCAP_EXT_SET_IADDR` that gives access to a function + for setting the from and to IP addresses both in the extracted data + and the wire + + New plugins: + - `anonaes128`: Anonymize IP addresses using AES128 + - `anonmask`: Pseudo-anonymize IP addresses by masking them + - `cryptopan`: Anonymize IP addresses using an extension to Crypto-PAn + (College of Computing, Georgia Tech) made by David Stott (Lucent) + - `cryptopant`: Anonymize IP addresses using cryptopANT, a different + implementation of Crypto-PAn made by the ANT project at USC/ISI + - `ipcrypt`: Anonymize IP addresses using ipcrypt create by + Jean-Philippe Aumasson + + Bugfixes: + - Fix changing `royparse` and `txtout` with other plugins (thanks to + Duane Wessels and Paul Hoffman) + - Free pointers to allocated strings in `text_free()` (thanks to Michał + Kępień) + - Fix IP checksum calculation + + Other changes: + - `-B` and `-E` can be used without `-w` (thanks to Duane Wessels) + - Use `pcap_findalldevs()` instead of `pcap_lookupdev()` (thanks to + Michał Kępień) + - Document and add `-?` option to all plugins + - Fix clang `scan-build` bugs and LGTM alerts + - Use `gmtime_r()` instead of `gmtime()` + - Update `pcap-thread` to v4.0.0 + + 67d8e2c Fix + fb0ed02 Plugin documentation + a2c9a6c cryptopant + 39db1ca Deanonymize, IPv6 test + afc7107 Crypto-PAn, cryptopANT + f1912cc OpenSSL, anonaes128 + f2bab62 ipcrypt, anonmask + 158b1e7 anonmask help + 60ece58 anonmask + 8f1b138 Plugin types, filter plugin, set iaddr extension, anonymization + by masking + b7d7991 IP checksum + 641a23a Free pointers to allocated strings in text_free() + 4d313bf pcap_findalldevs() + 091e0ca Use pcap_findalldevs() instead of pcap_lookupdev() + 6a7b25e Clean up use of feature test macros on Linux + cbba14c Configure, uninitialized + f228c9c Code formatting + 3fd738c man-page + 770168a Test + 714e4f5 Fix -B so that it works when reading offline pcap files. + 8675bea Test + 911fec9 Implementing test9 as a test of -B and -E command line args. + a7cc72d -B and -E can work fine without -w . + 04c4928 Made the same changes to txtout as were in 165a786 + 165a786 Workaround for stdio mystery causing duplicate royparse output. + + -- Jerry Lundström Mon, 03 Dec 2018 14:34:17 +0100 + dnscap (1.9.0-1~unstable+1) unstable; urgency=low * Release 1.9.0 diff --git a/debian/control b/debian/control index 03aa319..3157fec 100644 --- a/debian/control +++ b/debian/control @@ -3,7 +3,8 @@ Section: net Priority: optional Maintainer: Jerry Lundström Build-Depends: debhelper (>= 8.0.0), build-essential, automake, autoconf, - libpcap-dev, netbase, libldns-dev, libtool, zlib1g-dev, libyaml-perl + libpcap-dev, netbase, libldns-dev, libtool, zlib1g-dev, libyaml-perl, + libssl-dev, libcryptopant-dev, pkg-config Standards-Version: 3.9.4 Homepage: https://www.dns-oarc.net/tools/dnscap Vcs-Git: https://github.com/DNS-OARC/dnscap.git @@ -11,7 +12,7 @@ Vcs-Browser: https://github.com/DNS-OARC/dnscap Package: dnscap Architecture: any -Depends: ${shlibs:Depends}, ${misc:Depends} +Depends: ${shlibs:Depends}, ${misc:Depends}, ${perl:Depends} Description: Network capture utility designed specifically for DNS traffic dnscap is a network capture utility designed specifically for DNS traffic. It produces binary data in pcap(3) format. This utility diff --git a/rpm/dnscap.spec b/rpm/dnscap.spec index 63a7991..5e36be1 100644 --- a/rpm/dnscap.spec +++ b/rpm/dnscap.spec @@ -1,5 +1,5 @@ Name: dnscap -Version: 1.9.0 +Version: 1.10.0 Release: 1%{?dist} Summary: Network capture utility designed specifically for DNS traffic Group: Productivity/Networking/DNS/Utilities @@ -18,6 +18,8 @@ BuildRequires: autoconf BuildRequires: automake BuildRequires: libtool BuildRequires: perl-YAML +BuildRequires: cryptopant-devel +BuildRequires: pkgconfig %description dnscap is a network capture utility designed specifically for DNS @@ -36,6 +38,10 @@ sh autogen.sh make %{?_smp_mflags} +%check +make test + + %install rm -rf $RPM_BUILD_ROOT make install DESTDIR=$RPM_BUILD_ROOT @@ -54,6 +60,69 @@ rm -rf $RPM_BUILD_ROOT %changelog +* Mon Dec 03 2018 Jerry Lundström 1.10.0-1 +- Release 1.10.0 + * This release adds a new plugin type "filter" and 5 new plugins that can + do anonymization, deanonymization and masking of the IP addresses. + * New features: + - Check plugins for `pluginname_type()` which returns `enum plugin_type`, + if missing the plugin is counted as an "output" plugin + - New plugin type "filter" which calls `pluginname_filter()` prior of + outputting any data or calling of "output" plugins, if the new function + returns non-zero then the packet is filtered out (dropped) + - New extension `DNSCAP_EXT_SET_IADDR` that gives access to a function + for setting the from and to IP addresses both in the extracted data + and the wire + * New plugins: + - `anonaes128`: Anonymize IP addresses using AES128 + - `anonmask`: Pseudo-anonymize IP addresses by masking them + - `cryptopan`: Anonymize IP addresses using an extension to Crypto-PAn + (College of Computing, Georgia Tech) made by David Stott (Lucent) + - `cryptopant`: Anonymize IP addresses using cryptopANT, a different + implementation of Crypto-PAn made by the ANT project at USC/ISI + - `ipcrypt`: Anonymize IP addresses using ipcrypt create by + Jean-Philippe Aumasson + * Bugfixes: + - Fix changing `royparse` and `txtout` with other plugins (thanks to + Duane Wessels and Paul Hoffman) + - Free pointers to allocated strings in `text_free()` (thanks to Michał + Kępień) + - Fix IP checksum calculation + * Other changes: + - `-B` and `-E` can be used without `-w` (thanks to Duane Wessels) + - Use `pcap_findalldevs()` instead of `pcap_lookupdev()` (thanks to + Michał Kępień) + - Document and add `-?` option to all plugins + - Fix clang `scan-build` bugs and LGTM alerts + - Use `gmtime_r()` instead of `gmtime()` + - Update `pcap-thread` to v4.0.0 + * Commits: + 67d8e2c Fix + fb0ed02 Plugin documentation + a2c9a6c cryptopant + 39db1ca Deanonymize, IPv6 test + afc7107 Crypto-PAn, cryptopANT + f1912cc OpenSSL, anonaes128 + f2bab62 ipcrypt, anonmask + 158b1e7 anonmask help + 60ece58 anonmask + 8f1b138 Plugin types, filter plugin, set iaddr extension, anonymization + by masking + b7d7991 IP checksum + 641a23a Free pointers to allocated strings in text_free() + 4d313bf pcap_findalldevs() + 091e0ca Use pcap_findalldevs() instead of pcap_lookupdev() + 6a7b25e Clean up use of feature test macros on Linux + cbba14c Configure, uninitialized + f228c9c Code formatting + 3fd738c man-page + 770168a Test + 714e4f5 Fix -B so that it works when reading offline pcap files. + 8675bea Test + 911fec9 Implementing test9 as a test of -B and -E command line args. + a7cc72d -B and -E can work fine without -w . + 04c4928 Made the same changes to txtout as were in 165a786 + 165a786 Workaround for stdio mystery causing duplicate royparse output. * Wed Feb 28 2018 Jerry Lundström 1.9.0-1 - Release 1.9.0 * This release adds a new option to change how the Berkeley Packet Filter