Browse files

Merged fixes from wrong branch :/

  • Loading branch information...
2 parents b7c67db + c04111e commit a475433b86304a1b74b11efece1103b3e83e25d4 @gamelinux committed Mar 24, 2012
Showing with 49 additions and 16 deletions.
  1. +14 −0 doc/AUTHORS
  2. +30 −0 src/dns.c
  3. +4 −10 src/passivedns.c
  4. +1 −6 src/passivedns.h
View
14 doc/AUTHORS
@@ -0,0 +1,14 @@
+Primary authors:
+ Edward Fjellskål <edwardfjellskaal@gmail.com>
+
+Code from earlier projects:
+ Kacper Wysocki <kacper.wysocki@redpill-linpro.com>
+
+Some initially code ideas/borrowed from (Changes has been made):
+ DNS parsing with lib ldns:
+ www.nlnetlabs.nl (https://www.nlnetlabs.nl/projects/ldns/)
+ Mark Ellzey (https://github.com/ellzey/dns-archiver)
+
+If you've been left off the list, it's not intentional. Please let us know!
+
+Thanks!
View
30 src/dns.c
@@ -10,6 +10,20 @@
#include "passivedns.h"
#include "dns.h"
+<<<<<<< HEAD
+=======
+static int archive(packetinfo *pi, ldns_pkt *decoded_dns);
+static int archive_lname_list(packetinfo *pi, ldns_rdf *lname,ldns_rr_list *list, ldns_buffer *buf, ldns_pkt *decoded_dns);
+void associated_lookup_or_make_insert(pdns_record *lname_node, packetinfo *pi, unsigned char *rname_str, ldns_rr *rr);
+pdns_record *pdnsr_lookup_or_make_new(uint64_t dnshash, packetinfo *pi, unsigned char *lname_str);
+void print_passet(pdns_asset *p, pdns_record *l);
+void print_passet_nxd(pdns_record *l, ldns_rdf *lname, ldns_rr *rr);
+const char *u_ntop(const struct in6_addr ip_addr, int af, char *dest);
+void expire_dns_assets(pdns_record *pdnsr, time_t expire_t);
+void delete_dns_record (pdns_record * pdnsr, pdns_record ** bucket_ptr);
+void delete_dns_asset(pdns_asset **passet_head, pdns_asset *passet);
+
+>>>>>>> c04111e126e481dbac97aa6a2fa1a091ae2ef32b
globalconfig config;
/* The 12th Carol number and 7th Carol prime, 16769023, is also a Carol emirp */
@@ -180,11 +194,27 @@ void dns_parser (packetinfo *pi) {
ldns_pkt_free(dns_pkt);
}
+<<<<<<< HEAD
int process_dns_answer(packetinfo *pi, ldns_pkt *dns_pkt) {
int rrcount_query;
int j;
ldns_rr_list *dns_query_domains;
ldns_buffer *dns_buff;
+=======
+static int
+archive(packetinfo *pi, ldns_pkt *decoded_dns)
+{
+ ldns_buffer *dns_buffer;
+ int qa_rrcount;
+ int i;
+ ldns_rr_list *questions;
+ ldns_rr_list *answers;
+
+ questions = ldns_pkt_question(decoded_dns);
+ answers = ldns_pkt_answer(decoded_dns); // Move -> archive_lname_list
+
+ qa_rrcount = ldns_rr_list_rr_count(questions);
+>>>>>>> c04111e126e481dbac97aa6a2fa1a091ae2ef32b
dns_query_domains = ldns_pkt_question(dns_pkt);
rrcount_query = ldns_rr_list_rr_count(dns_query_domains);
View
14 src/passivedns.c
@@ -28,7 +28,7 @@
#include <netinet/in.h>
#include <signal.h>
#include <pcap.h>
-#include <resolv.h>
+//#include <resolv.h>
#include <getopt.h>
#include <time.h>
#include <sys/types.h>
@@ -457,8 +457,6 @@ connection *cxt_new(packetinfo *pi)
cxt->proto = pi->proto;
cxt->check = 0x00;
- cxt->c_asset = NULL;
- cxt->s_asset = NULL;
cxt->reversed = 0;
config.curcxt++;
@@ -475,8 +473,6 @@ int cxt_update_client(connection *cxt, packetinfo *pi)
pi->cxt = cxt;
pi->sc = SC_CLIENT;
- //if(!cxt->c_asset)
- // cxt->c_asset = pi->asset; // connection client asset
if (cxt->s_total_bytes > MAX_BYTE_CHECK
|| cxt->s_total_pkts > MAX_PKT_CHECK) {
return 0; // Dont Check!
@@ -494,8 +490,6 @@ int cxt_update_server(connection *cxt, packetinfo *pi)
pi->cxt = cxt;
pi->sc = SC_SERVER;
- //if(!cxt->s_asset)
- // cxt->s_asset = pi->asset; // server asset
if (cxt->d_total_bytes > MAX_BYTE_CHECK
|| cxt->d_total_pkts > MAX_PKT_CHECK) {
return 0; // Dont check!
@@ -978,7 +972,7 @@ void usage()
olog(" -i <iface> Network device <iface> (default: eth0).\n");
olog(" -r <file> Read pcap <file>.\n");
olog(" -l <file> Name of the logfile (default: /var/log/passivedns.log).\n");
- olog(" -L <file> Name of NXDOMAIN logfile (default: /var/log/passivedns-nxd.log).\n");
+ olog(" -L <file> Name of NXDOMAIN logfile (default: /var/log/passivedns.log).\n");
olog(" -b 'BPF' Berkley Packet Filter (default: 'port 53').\n");
olog(" -p <file> Name of pid file (default: /var/run/passivedns.pid).\n");
olog(" -S <mem> Soft memory limit in MB (default: 256).\n");
@@ -1013,7 +1007,7 @@ int main(int argc, char *argv[])
#define BPFF "port 53"
config.bpff = BPFF;
config.logfile = "/var/log/passivedns.log";
- config.logfile_nxd = "/var/log/passivedns-nxd.log";
+ config.logfile_nxd = "/var/log/passivedns.log";
config.pidfile = "/var/run/passivedns.pid";
config.mem_limit_max = (256 * 1024 * 1024); // 256 MB - default try to limit dns caching to this
config.dnsprinttime = DNSPRINTTIME;
@@ -1031,7 +1025,7 @@ int main(int argc, char *argv[])
// config.dnsf |= DNS_CHK_SOA;
// config.dnsf |= DNS_CHK_NS;
// config.dnsf |= DNS_CHK_MX;
- config.dnsf |= DNS_CHK_NXDOMAIN;
+// config.dnsf |= DNS_CHK_NXDOMAIN;
signal(SIGTERM, game_over);
signal(SIGINT, game_over);
View
7 src/passivedns.h
@@ -22,7 +22,7 @@
/* I N C L U D E S **********************************************************/
/* D E F I N E S ************************************************************/
-#define VERSION "0.3.3"
+#define VERSION "0.5.0"
#define TIMEOUT 60
#define BUCKET_SIZE 1211
#define SNAPLENGTH 1600
@@ -246,8 +246,6 @@ typedef struct _connection {
uint8_t d_tcpFlags; /* tcpflags sent by destination */
uint8_t check; /* Flags spesifying checking */
uint16_t plid; /* Protocol layer ID (DNS TID) */
- struct _asset *c_asset; /* pointer to src asset */
- struct _asset *s_asset; /* pointer to server asset */
} connection;
#define CXT_DONT_CHECK_SERVER 0x01 /* Dont check server packets */
#define CXT_DONT_CHECK_CLIENT 0x02 /* Dont check client packets */
@@ -477,8 +475,6 @@ typedef struct _globalconfig {
uint8_t chroot_flag; /* Flag for going chroot */
uint8_t daemon_flag; /* Flag for going daemon */
uint64_t dnsf; /* Flags for DNS RR Type checks to do */
- uint8_t ctf; /* Flags for TCP checks, SYN,RST,FIN.... */
- uint8_t cof; /* Flags for other; icmp,udp,other,.... */
uint32_t payload; /* dump how much of the payload ? */
uint32_t curcxt;
uint32_t llcxt;
@@ -493,7 +489,6 @@ typedef struct _globalconfig {
char *net_ip_string; /**/
char *logfile; /* Filename of /var/log/passivedns.log */
char *logfile_nxd; /* Filename for NXDOMAIN logging /var/log/passivedns-nxd.log */
- char *fifo; /* Path to FIFO output */
char *pcap_file; /* Filename to pcap too read */
char *dev; /* Device name to use for sniffing */
char *dpath; /* ... ??? seriously ???... */

0 comments on commit a475433

Please sign in to comment.