Skip to content

Release 1.5.0
Compare
Choose a tag to compare
@jelu jelu released this 07 Jun 05:49
· 328 commits to develop since this release
v1.5.0
73bc64c

Added support for writing gzipped PCAP if the -W suffix ends with .gz and made -X work without -x. New interface for plugins to tell them what extensions are available and a new plugin rzkeychange.

Due to submodules in the repository please download this tarball:
https://www.dns-oarc.net/files/dnscap/dnscap-1.5.0.tar.gz
sha256: 6dd3359a73b4f13846b045493262fabb88a1e4c49ffd2b66e43a2f3b623af651

Packages are available at: https://dev.dns-oarc.net/packages/

Plugin extensions:

  • Call plugin_extension(ext, arg) to tell plugin what extensions exists
  • Add extension for checking responder (is_responder())

The rzkeychange plugin was developed by Duane Wessels 2016 in support of the root zone ZSK size increase. It is also being used in support of the 2017 root KSK rollover and collects the following measurements:

  • total number of responses sent
  • number of responses with TC bit set
  • number of responses over TCP
  • number of DNSKEY responses
  • number of ICMP_UNREACH_NEEDFRAG messages received
  • number of ICMP_TIMXCEED_INTRANS messages received
  • number of ICMP_TIMXCEED_REASS messages received

Other fixes (author Duane Wessels):

  • 232cbd0: Correct comment description for meaning of IPPROTO_AH
  • 181eaa4: Add #include <sys/time.h> for struct timeval on NetBSD

Commits:

1d894e2 Make -x and -X work correctly together and update man-page
34bc54c Make the -X option work without requiring a -x option.
f43222e Fix CID 1440488, 1440489, 1440490
aa54395 Update pcap-thread to v2.1.3
81174ce Prepare SPEC for OSB/COPR
21d7468 New plugin rzkeychange and plugin extensions
38491a3 Config header is generated by autotools
419a8ab Small tweaks and fixes for gzip support
1967abc updated for earlier BSD versions
f135c90 added auto gzip if the -W suffix ends with .gz

Commits during development of rzkeychange (author Duane Wessels):

  • 620828d: Add rzkeychange -z option to specify resolver IP addresses
  • 1f77987: Add -p and -t options to rzkeychange plugin to configure an alternate port and TCP. Useful for ssh tunnels.
  • 2a571f1: Split ICMP time exceeded counter into two counters for time exceeded due to TTL and another due to fragmentation
  • e4ee2d3: The rzkeychange data collection plugin uses DNSCAP_EXT_IS_RESPONDER extension to know if an IP address is a "responder" or not, because when dnscap is instructed to collect ICMP with -I, it processes all ICMP packets, not just those limited to responders (or initiators).
  • cee16b8: Add ICMP Time Exceeded to counters
  • ad8a227: Counting source IPs has performance impacts. #ifdef'd out for now add ICMP "frag needed" counts
  • c25e72b: Implemented DNS queries with ldns. First there will be some test queries to ensure the zone is reachable and configured to receive data. Then a query naming the fields, followed by the periodic queries delivering counts.
  • fd23be7: Make report zone, server, node command line argumements mandatory
  • 137789b: Adding rzkeychange plugin files
Assets 2
Loading