mass client ip simulation

Updated Jun 2, 2017

This change is an alternative/continuation of "preserve query client ip", for the sake of the network it might be easier to simulate large amount of clients by having an address translation table from the source IP in the PCAP to an IP address within a configured local network (a.b.c.d => 10.x.x.x). The output will still need to be spoofed and the input sniffed but as network configuration for switches and routers it might be a lot less painful to get this working.

preserve query client ip

Updated Jun 2, 2017

Current version uses the system to send the queries, allowing only to be sent from the system configured addresses.

This change would allow drool to use the source address from the query in the PCAP, if the system supports it, and would use packet sniffing to retrieve the response. This would require a very specialized system and network setup, for example the network must allow the host to spoof addresses, and might only work for UDP.

Current version binds a PCAP to a client_pool and uses the same client_pool configuration for all PCAPs but in different contexts.

This change would add a lot of configuration options around contexts and client_pools so a user could configure drool as they see fit, having multiple different client_pool configurations and controlling which PCAP gets read into what context.

preserve/change ip protocol

Updated Jun 2, 2017

Current version does nothing with the IP protocol version when it finds an query in the PCAP.

This change would allow drool to use the same IP protocol version for the query sent as found in the PCAP.

Current version lets the system decide the sender of the queries.

This change would allow drool to bind to different addresses that has been configured on the system and use them to direct queries from multiple sources, it would also add a lot of options around how to distribute the queries found in the PCAP files out on the configured addresses.

filtering of input data

Updated Jun 2, 2017

Current version has no other option to filter input then to create a PCAP filter.

This change would add simple filtering of DNS, such as QNAME, QTYPE etc.

control channel + gui

Updated Jun 2, 2017

Current version only output information on the console as text.

This change would add a control channel using a binary messaging format, CBOR, for controlling drool and receiving progress information. On top of that there will be a daemon written in Go which acts as a web server to deliver the GUI. This enable easy creation of a GUI that you can use with any flavor of browser and it can be setup and exposed on a server allowing for remote testing.

Current version only shows statistics at end of run.

This change will add the option to display statistics every N seconds and because of the internal changes needed to do this, a reevaluation of what statistics are gathered is mandatory so more can be added.