From 7682d4155b88660c4c0286b70f2c5285f69e625f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jerry=20Lundstr=C3=B6m?= Date: Thu, 13 Jul 2023 10:28:40 +0200 Subject: [PATCH 1/7] hashtbl - Include hashtbl in a different way then copying --- plugins/rssm/.gitignore | 1 - plugins/rssm/Makefile.am | 11 +---------- plugins/rssm/rssm.c | 2 +- 3 files changed, 2 insertions(+), 12 deletions(-) delete mode 100644 plugins/rssm/.gitignore diff --git a/plugins/rssm/.gitignore b/plugins/rssm/.gitignore deleted file mode 100644 index 7d3ffec2..00000000 --- a/plugins/rssm/.gitignore +++ /dev/null @@ -1 +0,0 @@ -hashtbl.c diff --git a/plugins/rssm/Makefile.am b/plugins/rssm/Makefile.am index 08e44294..cce61819 100644 --- a/plugins/rssm/Makefile.am +++ b/plugins/rssm/Makefile.am @@ -1,6 +1,5 @@ MAINTAINERCLEANFILES = $(srcdir)/Makefile.in -CLEANFILES = $(srcdir)/hashtbl.c \ - hashtbl.c *.gcda *.gcno *.gcov +CLEANFILES = *.gcda *.gcno *.gcov AM_CFLAGS = -I$(srcdir) \ -I$(top_srcdir)/src \ @@ -10,8 +9,6 @@ AM_CFLAGS = -I$(srcdir) \ pkglib_LTLIBRARIES = rssm.la rssm_la_SOURCES = rssm.c -nodist_rssm_la_SOURCES = hashtbl.c -BUILT_SOURCES = hashtbl.c rssm_la_LDFLAGS = -module -avoid-version $(libldns_LIBS) TESTS = test1.sh test2.sh test3.sh test4.sh test5.sh EXTRA_DIST = $(TESTS) test1.gold test2.gold dnscap-rssm-rssac002.1.in \ @@ -29,12 +26,6 @@ gcov-local: done endif -hashtbl.c: $(top_srcdir)/src/hashtbl.c - cp $(top_srcdir)/src/hashtbl.c ./ - -$(srcdir)/hashtbl.c: $(top_srcdir)/src/hashtbl.c - cp $(top_srcdir)/src/hashtbl.c $(srcdir)/ - dnscap-rssm-rssac002.1: dnscap-rssm-rssac002.1.in Makefile sed -e 's,[@]PACKAGE_VERSION[@],$(PACKAGE_VERSION),g' \ -e 's,[@]PACKAGE_URL[@],$(PACKAGE_URL),g' \ diff --git a/plugins/rssm/rssm.c b/plugins/rssm/rssm.c index 91cbd931..83f1ca8b 100644 --- a/plugins/rssm/rssm.c +++ b/plugins/rssm/rssm.c @@ -60,7 +60,7 @@ #include "dnscap_common.h" -#include "hashtbl.h" +#include "hashtbl.c" static logerr_t* logerr; static my_bpftimeval open_ts; From b76f74539c7b635c6bb5dfb0761de5dfdc882417 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jerry=20Lundstr=C3=B6m?= Date: Fri, 14 Jul 2023 08:33:20 +0200 Subject: [PATCH 2/7] Cleanup - Remove old workarounds before #133 --- plugins/anonaes128/test2.sh | 8 -------- plugins/anonaes128/test3.sh | 8 -------- plugins/anonmask/test2.sh | 8 -------- plugins/cryptopan/test2.sh | 8 -------- plugins/cryptopan/test3.sh | 8 -------- plugins/cryptopant/test2.sh | 8 -------- plugins/cryptopant/test3.sh | 8 -------- plugins/ipcrypt/test2.sh | 8 -------- plugins/ipcrypt/test3.sh | 8 -------- 9 files changed, 72 deletions(-) diff --git a/plugins/anonaes128/test2.sh b/plugins/anonaes128/test2.sh index ff21327d..ab10f4a1 100755 --- a/plugins/anonaes128/test2.sh +++ b/plugins/anonaes128/test2.sh @@ -19,12 +19,4 @@ if [ "$osrel" = "OpenBSD" ]; then rm test2.out.old fi -# TODO: Remove when #133 is fixed -cat test2.out | \ - sed 's%,CLASS4096,OPT,%,4096,4096,%' | \ - sed 's%,CLASS512,OPT,%,512,512,%' | \ - sed 's%,41,41,0,edns0\[len=0,UDP=4096,%,4096,4096,0,edns0[len=0,UDP=4096,%' | \ - sed 's%,41,41,0,edns0\[len=0,UDP=512,%,512,512,0,edns0[len=0,UDP=512,%' >test2.new -mv test2.new test2.out - diff test2.out "$srcdir/test2.gold" diff --git a/plugins/anonaes128/test3.sh b/plugins/anonaes128/test3.sh index 09fb1166..4edab93c 100755 --- a/plugins/anonaes128/test3.sh +++ b/plugins/anonaes128/test3.sh @@ -18,12 +18,4 @@ if [ "$osrel" = "OpenBSD" ]; then rm test3.out.old fi -# TODO: Remove when #133 is fixed -cat test3.out | \ - sed 's%,CLASS4096,OPT,%,4096,4096,%' | \ - sed 's%,CLASS512,OPT,%,512,512,%' | \ - sed 's%,41,41,0,edns0\[len=0,UDP=4096,%,4096,4096,0,edns0[len=0,UDP=4096,%' | \ - sed 's%,41,41,0,edns0\[len=0,UDP=512,%,512,512,0,edns0[len=0,UDP=512,%' >test3.new -mv test3.new test3.out - diff test3.out "$srcdir/test3.gold" diff --git a/plugins/anonmask/test2.sh b/plugins/anonmask/test2.sh index 7a155c5f..dbfba517 100755 --- a/plugins/anonmask/test2.sh +++ b/plugins/anonmask/test2.sh @@ -23,12 +23,4 @@ if [ "$osrel" = "OpenBSD" ]; then rm test2.out.old fi -# TODO: Remove when #133 is fixed -cat test2.out | \ - sed 's%,CLASS4096,OPT,%,4096,4096,%' | \ - sed 's%,CLASS512,OPT,%,512,512,%' | \ - sed 's%,41,41,0,edns0\[len=0,UDP=4096,%,4096,4096,0,edns0[len=0,UDP=4096,%' | \ - sed 's%,41,41,0,edns0\[len=0,UDP=512,%,512,512,0,edns0[len=0,UDP=512,%' >test2.new -mv test2.new test2.out - diff test2.out "$srcdir/test2.gold" diff --git a/plugins/cryptopan/test2.sh b/plugins/cryptopan/test2.sh index 3f41fc44..3e92b53f 100755 --- a/plugins/cryptopan/test2.sh +++ b/plugins/cryptopan/test2.sh @@ -19,12 +19,4 @@ if [ "$osrel" = "OpenBSD" ]; then rm test2.out.old fi -# TODO: Remove when #133 is fixed -cat test2.out | \ - sed 's%,CLASS4096,OPT,%,4096,4096,%' | \ - sed 's%,CLASS512,OPT,%,512,512,%' | \ - sed 's%,41,41,0,edns0\[len=0,UDP=4096,%,4096,4096,0,edns0[len=0,UDP=4096,%' | \ - sed 's%,41,41,0,edns0\[len=0,UDP=512,%,512,512,0,edns0[len=0,UDP=512,%' >test2.new -mv test2.new test2.out - diff test2.out "$srcdir/test2.gold" diff --git a/plugins/cryptopan/test3.sh b/plugins/cryptopan/test3.sh index 48dc90f4..61110f7e 100755 --- a/plugins/cryptopan/test3.sh +++ b/plugins/cryptopan/test3.sh @@ -21,12 +21,4 @@ if [ "$osrel" = "OpenBSD" ]; then rm test3.out.old fi -# TODO: Remove when #133 is fixed -cat test3.out | \ - sed 's%,CLASS4096,OPT,%,4096,4096,%' | \ - sed 's%,CLASS512,OPT,%,512,512,%' | \ - sed 's%,41,41,0,edns0\[len=0,UDP=4096,%,4096,4096,0,edns0[len=0,UDP=4096,%' | \ - sed 's%,41,41,0,edns0\[len=0,UDP=512,%,512,512,0,edns0[len=0,UDP=512,%' >test3.new -mv test3.new test3.out - diff test3.out "$srcdir/test3.gold" diff --git a/plugins/cryptopant/test2.sh b/plugins/cryptopant/test2.sh index 9d502695..7e6b1cf7 100755 --- a/plugins/cryptopant/test2.sh +++ b/plugins/cryptopant/test2.sh @@ -26,12 +26,4 @@ if [ "$osrel" = "OpenBSD" ]; then rm test2.out.old fi -# TODO: Remove when #133 is fixed -cat test2.out | \ - sed 's%,CLASS4096,OPT,%,4096,4096,%' | \ - sed 's%,CLASS512,OPT,%,512,512,%' | \ - sed 's%,41,41,0,edns0\[len=0,UDP=4096,%,4096,4096,0,edns0[len=0,UDP=4096,%' | \ - sed 's%,41,41,0,edns0\[len=0,UDP=512,%,512,512,0,edns0[len=0,UDP=512,%' >test2.new -mv test2.new test2.out - diff test2.out "$srcdir/test2.gold" diff --git a/plugins/cryptopant/test3.sh b/plugins/cryptopant/test3.sh index 1ebb5245..a30a7f08 100755 --- a/plugins/cryptopant/test3.sh +++ b/plugins/cryptopant/test3.sh @@ -27,12 +27,4 @@ if [ "$osrel" = "OpenBSD" ]; then rm test3.out.old fi -# TODO: Remove when #133 is fixed -cat test3.out | \ - sed 's%,CLASS4096,OPT,%,4096,4096,%' | \ - sed 's%,CLASS512,OPT,%,512,512,%' | \ - sed 's%,41,41,0,edns0\[len=0,UDP=4096,%,4096,4096,0,edns0[len=0,UDP=4096,%' | \ - sed 's%,41,41,0,edns0\[len=0,UDP=512,%,512,512,0,edns0[len=0,UDP=512,%' >test3.new -mv test3.new test3.out - diff test3.out "$srcdir/test3.gold" diff --git a/plugins/ipcrypt/test2.sh b/plugins/ipcrypt/test2.sh index 7b991221..2c97bba3 100755 --- a/plugins/ipcrypt/test2.sh +++ b/plugins/ipcrypt/test2.sh @@ -19,12 +19,4 @@ if [ "$osrel" = "OpenBSD" ]; then rm test2.out.old fi -# TODO: Remove when #133 is fixed -cat test2.out | \ - sed 's%,CLASS4096,OPT,%,4096,4096,%' | \ - sed 's%,CLASS512,OPT,%,512,512,%' | \ - sed 's%,41,41,0,edns0\[len=0,UDP=4096,%,4096,4096,0,edns0[len=0,UDP=4096,%' | \ - sed 's%,41,41,0,edns0\[len=0,UDP=512,%,512,512,0,edns0[len=0,UDP=512,%' >test2.new -mv test2.new test2.out - diff test2.out "$srcdir/test2.gold" diff --git a/plugins/ipcrypt/test3.sh b/plugins/ipcrypt/test3.sh index 860f272a..1eb21f3a 100755 --- a/plugins/ipcrypt/test3.sh +++ b/plugins/ipcrypt/test3.sh @@ -21,12 +21,4 @@ if [ "$osrel" = "OpenBSD" ]; then rm test3.out.old fi -# TODO: Remove when #133 is fixed -cat test3.out | \ - sed 's%,CLASS4096,OPT,%,4096,4096,%' | \ - sed 's%,CLASS512,OPT,%,512,512,%' | \ - sed 's%,41,41,0,edns0\[len=0,UDP=4096,%,4096,4096,0,edns0[len=0,UDP=4096,%' | \ - sed 's%,41,41,0,edns0\[len=0,UDP=512,%,512,512,0,edns0[len=0,UDP=512,%' >test3.new -mv test3.new test3.out - diff test3.out "$srcdir/test3.gold" From c9ed7be75a87544b05b06a56471f1b1416bed913 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jerry=20Lundstr=C3=B6m?= Date: Fri, 14 Jul 2023 13:06:35 +0200 Subject: [PATCH 3/7] pcap-dist - Change tests to not need to link to .pcap-dist --- src/test/Makefile.am | 38 +- src/test/dns.gold | 164 ++++----- src/test/dnspad.gold | 4 +- src/test/test1.sh | 4 +- src/test/test10.gold | 8 +- src/test/test10.sh | 6 +- src/test/test11.sh | 10 +- src/test/test12.sh | 4 +- src/test/test13.sh | 28 +- src/test/test14.gold | 656 ++++++++++++++++----------------- src/test/test14.sh | 18 +- src/test/test2.sh | 6 +- src/test/test3.sh | 6 +- src/test/test4.sh | 6 +- src/test/test5.sh | 18 +- src/test/test6.sh | 6 +- src/test/test7.gold | 574 ++++++++++++++--------------- src/test/test7.sh | 8 +- src/test/test8.gold | 230 ++++++------ src/test/test8.sh | 8 +- src/test/test9.gold | 24 +- src/test/test9.sh | 6 +- src/test/test_regex_match.gold | 164 ++++----- src/test/test_regex_match.sh | 6 +- src/test/vlan11.gold | 164 ++++----- 25 files changed, 1081 insertions(+), 1085 deletions(-) diff --git a/src/test/Makefile.am b/src/test/Makefile.am index 85611fb3..c2221b6b 100644 --- a/src/test/Makefile.am +++ b/src/test/Makefile.am @@ -1,10 +1,9 @@ MAINTAINERCLEANFILES = $(srcdir)/Makefile.in CLEANFILES = test*.log test*.trs \ - *.pcap-dist \ dns.out \ no-layers.out layers.out \ - frags.out \ + frags.out frags.gold \ padding-no-layers.out padding-layers.out \ vlan11.out \ dnspad.out \ @@ -22,41 +21,6 @@ TESTS = test1.sh test2.sh test3.sh test4.sh test5.sh test6.sh test7.sh \ test8.sh test9.sh test10.sh test11.sh test12.sh test13.sh test14.sh \ test_regex_match.sh -test1.sh: dns.pcap-dist - -test2.sh: dns.pcap-dist - -test3.sh: frags.pcap-dist - -test4.sh: 1qtcppadd.pcap-dist - -test5.sh: vlan11.pcap-dist - -test6.sh: dnspad.pcap-dist - -test7.sh: 1qtcpnosyn.pcap-dist dnso1tcp.pcap-dist \ - do1t-nosyn-1nolen.pcap-dist dnso1tcp-midmiss.pcap-dist - -test8.sh: dnsotcp-many1pkt.pcap-dist dnsotcp-manyopkts.pcap-dist \ - dnso1tcp-bighole.pcap-dist - -test9.sh: dns.pcap-dist - -test10.sh: dns6.pcap-dist - -test11.sh: dns.pcap-dist - -test12.sh: dns.pcap-dist - -test13.sh: dns.pcap-dist - -test14.sh: dns.pcap-dist - -test_regex_match.sh: dns.pcap-dist - -.pcap.pcap-dist: - cp "$<" "$@" - EXTRA_DIST = $(TESTS) \ dns.gold dns.pcap \ frags.pcap \ diff --git a/src/test/dns.gold b/src/test/dns.gold index b1cdd8f4..170f2c3b 100644 --- a/src/test/dns.gold +++ b/src/test/dns.gold @@ -1,8 +1,8 @@ -[56] 2016-10-20 15:23:01.075993 [#0 dns.pcap-dist 4095] \ +[56] 2016-10-20 15:23:01.075993 [#0 dns.pcap 4095] \ [172.17.0.10].53199 [8.8.8.8].53 \ dns QUERY,NOERROR,59311,rd \ 1 google.com.,IN,A 0 0 0 -[208] 2016-10-20 15:23:01.077982 [#1 dns.pcap-dist 4095] \ +[208] 2016-10-20 15:23:01.077982 [#1 dns.pcap 4095] \ [8.8.8.8].53 [172.17.0.10].53199 \ dns QUERY,NOERROR,59311,qr|rd|ra \ 1 google.com.,IN,A \ @@ -15,11 +15,11 @@ ns1.google.com.,IN,A,331882,216.239.32.10 \ ns3.google.com.,IN,A,157880,216.239.36.10 \ ns4.google.com.,IN,A,157880,216.239.38.10 -[73] 2016-10-20 15:23:01.082865 [#2 dns.pcap-dist 4095] \ +[73] 2016-10-20 15:23:01.082865 [#2 dns.pcap 4095] \ [172.17.0.10].57822 [8.8.8.8].53 \ dns QUERY,NOERROR,35665,rd \ 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 -[289] 2016-10-20 15:23:01.084107 [#3 dns.pcap-dist 4095] \ +[289] 2016-10-20 15:23:01.084107 [#3 dns.pcap 4095] \ [8.8.8.8].53 [172.17.0.10].57822 \ dns QUERY,NOERROR,35665,qr|rd|ra \ 1 206.218.58.216.in-addr.arpa.,IN,PTR \ @@ -33,11 +33,11 @@ ns3.google.com.,IN,A,157880,216.239.36.10 \ ns4.google.com.,IN,A,157880,216.239.38.10 \ ns2.google.com.,IN,A,157880,216.239.34.10 -[56] 2016-10-20 15:23:01.087291 [#4 dns.pcap-dist 4095] \ +[56] 2016-10-20 15:23:01.087291 [#4 dns.pcap 4095] \ [172.17.0.10].40043 [8.8.8.8].53 \ dns QUERY,NOERROR,5337,rd \ 1 google.com.,IN,A 0 0 0 -[208] 2016-10-20 15:23:01.088733 [#5 dns.pcap-dist 4095] \ +[208] 2016-10-20 15:23:01.088733 [#5 dns.pcap 4095] \ [8.8.8.8].53 [172.17.0.10].40043 \ dns QUERY,NOERROR,5337,qr|rd|ra \ 1 google.com.,IN,A \ @@ -50,11 +50,11 @@ ns1.google.com.,IN,A,331882,216.239.32.10 \ ns3.google.com.,IN,A,157880,216.239.36.10 \ ns4.google.com.,IN,A,157880,216.239.38.10 -[56] 2016-10-20 15:23:10.322117 [#6 dns.pcap-dist 4095] \ +[56] 2016-10-20 15:23:10.322117 [#6 dns.pcap 4095] \ [172.17.0.10].37953 [8.8.8.8].53 \ dns QUERY,NOERROR,22982,rd \ 1 google.com.,IN,A 0 0 0 -[208] 2016-10-20 15:23:10.323399 [#7 dns.pcap-dist 4095] \ +[208] 2016-10-20 15:23:10.323399 [#7 dns.pcap 4095] \ [8.8.8.8].53 [172.17.0.10].37953 \ dns QUERY,NOERROR,22982,qr|rd|ra \ 1 google.com.,IN,A \ @@ -67,11 +67,11 @@ ns1.google.com.,IN,A,331872,216.239.32.10 \ ns3.google.com.,IN,A,157870,216.239.36.10 \ ns4.google.com.,IN,A,157870,216.239.38.10 -[73] 2016-10-20 15:23:10.328324 [#8 dns.pcap-dist 4095] \ +[73] 2016-10-20 15:23:10.328324 [#8 dns.pcap 4095] \ [172.17.0.10].48658 [8.8.8.8].53 \ dns QUERY,NOERROR,18718,rd \ 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 -[289] 2016-10-20 15:23:10.329572 [#9 dns.pcap-dist 4095] \ +[289] 2016-10-20 15:23:10.329572 [#9 dns.pcap 4095] \ [8.8.8.8].53 [172.17.0.10].48658 \ dns QUERY,NOERROR,18718,qr|rd|ra \ 1 206.218.58.216.in-addr.arpa.,IN,PTR \ @@ -85,11 +85,11 @@ ns3.google.com.,IN,A,157870,216.239.36.10 \ ns4.google.com.,IN,A,157870,216.239.38.10 \ ns2.google.com.,IN,A,157870,216.239.34.10 -[56] 2016-10-20 15:23:52.860937 [#10 dns.pcap-dist 4095] \ +[56] 2016-10-20 15:23:52.860937 [#10 dns.pcap 4095] \ [172.17.0.10].40953 [8.8.8.8].53 \ dns QUERY,NOERROR,22531,rd \ 1 google.com.,IN,A 0 0 0 -[208] 2016-10-20 15:23:52.863771 [#11 dns.pcap-dist 4095] \ +[208] 2016-10-20 15:23:52.863771 [#11 dns.pcap 4095] \ [8.8.8.8].53 [172.17.0.10].40953 \ dns QUERY,NOERROR,22531,qr|rd|ra \ 1 google.com.,IN,A \ @@ -102,11 +102,11 @@ ns1.google.com.,IN,A,331830,216.239.32.10 \ ns3.google.com.,IN,A,157828,216.239.36.10 \ ns4.google.com.,IN,A,157828,216.239.38.10 -[56] 2016-10-20 15:23:59.083869 [#12 dns.pcap-dist 4095] \ +[56] 2016-10-20 15:23:59.083869 [#12 dns.pcap 4095] \ [172.17.0.10].45174 [8.8.8.8].53 \ dns QUERY,NOERROR,58510,rd \ 1 google.com.,IN,A 0 0 0 -[208] 2016-10-20 15:23:59.086104 [#13 dns.pcap-dist 4095] \ +[208] 2016-10-20 15:23:59.086104 [#13 dns.pcap 4095] \ [8.8.8.8].53 [172.17.0.10].45174 \ dns QUERY,NOERROR,58510,qr|rd|ra \ 1 google.com.,IN,A \ @@ -119,11 +119,11 @@ ns1.google.com.,IN,A,331824,216.239.32.10 \ ns3.google.com.,IN,A,157822,216.239.36.10 \ ns4.google.com.,IN,A,157822,216.239.38.10 -[73] 2016-10-20 15:23:59.090911 [#14 dns.pcap-dist 4095] \ +[73] 2016-10-20 15:23:59.090911 [#14 dns.pcap 4095] \ [172.17.0.10].33916 [8.8.8.8].53 \ dns QUERY,NOERROR,45248,rd \ 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 -[289] 2016-10-20 15:23:59.092204 [#15 dns.pcap-dist 4095] \ +[289] 2016-10-20 15:23:59.092204 [#15 dns.pcap 4095] \ [8.8.8.8].53 [172.17.0.10].33916 \ dns QUERY,NOERROR,45248,qr|rd|ra \ 1 206.218.58.216.in-addr.arpa.,IN,PTR \ @@ -137,11 +137,11 @@ ns3.google.com.,IN,A,157822,216.239.36.10 \ ns4.google.com.,IN,A,157822,216.239.38.10 \ ns2.google.com.,IN,A,157822,216.239.34.10 -[56] 2016-10-20 15:24:04.323868 [#16 dns.pcap-dist 4095] \ +[56] 2016-10-20 15:24:04.323868 [#16 dns.pcap 4095] \ [172.17.0.10].43559 [8.8.8.8].53 \ dns QUERY,NOERROR,49483,rd \ 1 google.com.,IN,A 0 0 0 -[208] 2016-10-20 15:24:04.325597 [#17 dns.pcap-dist 4095] \ +[208] 2016-10-20 15:24:04.325597 [#17 dns.pcap 4095] \ [8.8.8.8].53 [172.17.0.10].43559 \ dns QUERY,NOERROR,49483,qr|rd|ra \ 1 google.com.,IN,A \ @@ -154,11 +154,11 @@ ns1.google.com.,IN,A,331818,216.239.32.10 \ ns3.google.com.,IN,A,157816,216.239.36.10 \ ns4.google.com.,IN,A,157816,216.239.38.10 -[56] 2016-10-20 15:24:06.332239 [#18 dns.pcap-dist 4095] \ +[56] 2016-10-20 15:24:06.332239 [#18 dns.pcap 4095] \ [172.17.0.10].54859 [8.8.8.8].53 \ dns QUERY,NOERROR,31669,rd \ 1 google.com.,IN,A 0 0 0 -[208] 2016-10-20 15:24:06.333743 [#19 dns.pcap-dist 4095] \ +[208] 2016-10-20 15:24:06.333743 [#19 dns.pcap 4095] \ [8.8.8.8].53 [172.17.0.10].54859 \ dns QUERY,NOERROR,31669,qr|rd|ra \ 1 google.com.,IN,A \ @@ -171,11 +171,11 @@ ns1.google.com.,IN,A,331816,216.239.32.10 \ ns3.google.com.,IN,A,157814,216.239.36.10 \ ns4.google.com.,IN,A,157814,216.239.38.10 -[73] 2016-10-20 15:24:06.339145 [#20 dns.pcap-dist 4095] \ +[73] 2016-10-20 15:24:06.339145 [#20 dns.pcap 4095] \ [172.17.0.10].58176 [8.8.8.8].53 \ dns QUERY,NOERROR,25433,rd \ 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 -[289] 2016-10-20 15:24:06.340820 [#21 dns.pcap-dist 4095] \ +[289] 2016-10-20 15:24:06.340820 [#21 dns.pcap 4095] \ [8.8.8.8].53 [172.17.0.10].58176 \ dns QUERY,NOERROR,25433,qr|rd|ra \ 1 206.218.58.216.in-addr.arpa.,IN,PTR \ @@ -189,11 +189,11 @@ ns3.google.com.,IN,A,157814,216.239.36.10 \ ns4.google.com.,IN,A,157814,216.239.38.10 \ ns2.google.com.,IN,A,157814,216.239.34.10 -[56] 2016-10-20 15:24:07.346429 [#22 dns.pcap-dist 4095] \ +[56] 2016-10-20 15:24:07.346429 [#22 dns.pcap 4095] \ [172.17.0.10].41266 [8.8.8.8].53 \ dns QUERY,NOERROR,63798,rd \ 1 google.com.,IN,A 0 0 0 -[208] 2016-10-20 15:24:07.348160 [#23 dns.pcap-dist 4095] \ +[208] 2016-10-20 15:24:07.348160 [#23 dns.pcap 4095] \ [8.8.8.8].53 [172.17.0.10].41266 \ dns QUERY,NOERROR,63798,qr|rd|ra \ 1 google.com.,IN,A \ @@ -206,11 +206,11 @@ ns1.google.com.,IN,A,331815,216.239.32.10 \ ns3.google.com.,IN,A,157813,216.239.36.10 \ ns4.google.com.,IN,A,157813,216.239.38.10 -[73] 2016-10-20 15:24:07.353123 [#24 dns.pcap-dist 4095] \ +[73] 2016-10-20 15:24:07.353123 [#24 dns.pcap 4095] \ [172.17.0.10].34607 [8.8.8.8].53 \ dns QUERY,NOERROR,8470,rd \ 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 -[289] 2016-10-20 15:24:07.354682 [#25 dns.pcap-dist 4095] \ +[289] 2016-10-20 15:24:07.354682 [#25 dns.pcap 4095] \ [8.8.8.8].53 [172.17.0.10].34607 \ dns QUERY,NOERROR,8470,qr|rd|ra \ 1 206.218.58.216.in-addr.arpa.,IN,PTR \ @@ -224,11 +224,11 @@ ns3.google.com.,IN,A,157813,216.239.36.10 \ ns4.google.com.,IN,A,157813,216.239.38.10 \ ns2.google.com.,IN,A,157813,216.239.34.10 -[56] 2016-10-20 15:24:08.360528 [#26 dns.pcap-dist 4095] \ +[56] 2016-10-20 15:24:08.360528 [#26 dns.pcap 4095] \ [172.17.0.10].60437 [8.8.8.8].53 \ dns QUERY,NOERROR,60258,rd \ 1 google.com.,IN,A 0 0 0 -[208] 2016-10-20 15:24:08.362206 [#27 dns.pcap-dist 4095] \ +[208] 2016-10-20 15:24:08.362206 [#27 dns.pcap 4095] \ [8.8.8.8].53 [172.17.0.10].60437 \ dns QUERY,NOERROR,60258,qr|rd|ra \ 1 google.com.,IN,A \ @@ -241,11 +241,11 @@ ns1.google.com.,IN,A,331814,216.239.32.10 \ ns3.google.com.,IN,A,157812,216.239.36.10 \ ns4.google.com.,IN,A,157812,216.239.38.10 -[73] 2016-10-20 15:24:08.368516 [#28 dns.pcap-dist 4095] \ +[73] 2016-10-20 15:24:08.368516 [#28 dns.pcap 4095] \ [172.17.0.10].37149 [8.8.8.8].53 \ dns QUERY,NOERROR,44985,rd \ 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 -[289] 2016-10-20 15:24:08.370119 [#29 dns.pcap-dist 4095] \ +[289] 2016-10-20 15:24:08.370119 [#29 dns.pcap 4095] \ [8.8.8.8].53 [172.17.0.10].37149 \ dns QUERY,NOERROR,44985,qr|rd|ra \ 1 206.218.58.216.in-addr.arpa.,IN,PTR \ @@ -259,11 +259,11 @@ ns3.google.com.,IN,A,157812,216.239.36.10 \ ns4.google.com.,IN,A,157812,216.239.38.10 \ ns2.google.com.,IN,A,157812,216.239.34.10 -[56] 2016-10-20 15:24:09.375942 [#30 dns.pcap-dist 4095] \ +[56] 2016-10-20 15:24:09.375942 [#30 dns.pcap 4095] \ [172.17.0.10].53820 [8.8.8.8].53 \ dns QUERY,NOERROR,45512,rd \ 1 google.com.,IN,A 0 0 0 -[208] 2016-10-20 15:24:09.378425 [#31 dns.pcap-dist 4095] \ +[208] 2016-10-20 15:24:09.378425 [#31 dns.pcap 4095] \ [8.8.8.8].53 [172.17.0.10].53820 \ dns QUERY,NOERROR,45512,qr|rd|ra \ 1 google.com.,IN,A \ @@ -276,11 +276,11 @@ ns1.google.com.,IN,A,331813,216.239.32.10 \ ns3.google.com.,IN,A,157811,216.239.36.10 \ ns4.google.com.,IN,A,157811,216.239.38.10 -[73] 2016-10-20 15:24:09.384057 [#32 dns.pcap-dist 4095] \ +[73] 2016-10-20 15:24:09.384057 [#32 dns.pcap 4095] \ [172.17.0.10].52368 [8.8.8.8].53 \ dns QUERY,NOERROR,22980,rd \ 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 -[289] 2016-10-20 15:24:09.385463 [#33 dns.pcap-dist 4095] \ +[289] 2016-10-20 15:24:09.385463 [#33 dns.pcap 4095] \ [8.8.8.8].53 [172.17.0.10].52368 \ dns QUERY,NOERROR,22980,qr|rd|ra \ 1 206.218.58.216.in-addr.arpa.,IN,PTR \ @@ -294,11 +294,11 @@ ns3.google.com.,IN,A,157811,216.239.36.10 \ ns4.google.com.,IN,A,157811,216.239.38.10 \ ns2.google.com.,IN,A,157811,216.239.34.10 -[56] 2016-10-20 15:24:10.391358 [#34 dns.pcap-dist 4095] \ +[56] 2016-10-20 15:24:10.391358 [#34 dns.pcap 4095] \ [172.17.0.10].47637 [8.8.8.8].53 \ dns QUERY,NOERROR,1834,rd \ 1 google.com.,IN,A 0 0 0 -[208] 2016-10-20 15:24:10.392886 [#35 dns.pcap-dist 4095] \ +[208] 2016-10-20 15:24:10.392886 [#35 dns.pcap 4095] \ [8.8.8.8].53 [172.17.0.10].47637 \ dns QUERY,NOERROR,1834,qr|rd|ra \ 1 google.com.,IN,A \ @@ -311,11 +311,11 @@ ns1.google.com.,IN,A,331812,216.239.32.10 \ ns3.google.com.,IN,A,157810,216.239.36.10 \ ns4.google.com.,IN,A,157810,216.239.38.10 -[73] 2016-10-20 15:24:10.398099 [#36 dns.pcap-dist 4095] \ +[73] 2016-10-20 15:24:10.398099 [#36 dns.pcap 4095] \ [172.17.0.10].34426 [8.8.8.8].53 \ dns QUERY,NOERROR,25431,rd \ 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 -[289] 2016-10-20 15:24:10.400317 [#37 dns.pcap-dist 4095] \ +[289] 2016-10-20 15:24:10.400317 [#37 dns.pcap 4095] \ [8.8.8.8].53 [172.17.0.10].34426 \ dns QUERY,NOERROR,25431,qr|rd|ra \ 1 206.218.58.216.in-addr.arpa.,IN,PTR \ @@ -329,11 +329,11 @@ ns3.google.com.,IN,A,157810,216.239.36.10 \ ns4.google.com.,IN,A,157810,216.239.38.10 \ ns2.google.com.,IN,A,157810,216.239.34.10 -[56] 2016-10-20 15:24:11.406297 [#38 dns.pcap-dist 4095] \ +[56] 2016-10-20 15:24:11.406297 [#38 dns.pcap 4095] \ [172.17.0.10].41059 [8.8.8.8].53 \ dns QUERY,NOERROR,48432,rd \ 1 google.com.,IN,A 0 0 0 -[208] 2016-10-20 15:24:11.407460 [#39 dns.pcap-dist 4095] \ +[208] 2016-10-20 15:24:11.407460 [#39 dns.pcap 4095] \ [8.8.8.8].53 [172.17.0.10].41059 \ dns QUERY,NOERROR,48432,qr|rd|ra \ 1 google.com.,IN,A \ @@ -346,11 +346,11 @@ ns1.google.com.,IN,A,331811,216.239.32.10 \ ns3.google.com.,IN,A,157809,216.239.36.10 \ ns4.google.com.,IN,A,157809,216.239.38.10 -[73] 2016-10-20 15:24:11.412133 [#40 dns.pcap-dist 4095] \ +[73] 2016-10-20 15:24:11.412133 [#40 dns.pcap 4095] \ [172.17.0.10].51181 [8.8.8.8].53 \ dns QUERY,NOERROR,47411,rd \ 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 -[289] 2016-10-20 15:24:11.413370 [#41 dns.pcap-dist 4095] \ +[289] 2016-10-20 15:24:11.413370 [#41 dns.pcap 4095] \ [8.8.8.8].53 [172.17.0.10].51181 \ dns QUERY,NOERROR,47411,qr|rd|ra \ 1 206.218.58.216.in-addr.arpa.,IN,PTR \ @@ -364,11 +364,11 @@ ns3.google.com.,IN,A,157809,216.239.36.10 \ ns4.google.com.,IN,A,157809,216.239.38.10 \ ns2.google.com.,IN,A,157809,216.239.34.10 -[56] 2016-10-20 15:24:12.419936 [#42 dns.pcap-dist 4095] \ +[56] 2016-10-20 15:24:12.419936 [#42 dns.pcap 4095] \ [172.17.0.10].32976 [8.8.8.8].53 \ dns QUERY,NOERROR,12038,rd \ 1 google.com.,IN,A 0 0 0 -[208] 2016-10-20 15:24:12.421228 [#43 dns.pcap-dist 4095] \ +[208] 2016-10-20 15:24:12.421228 [#43 dns.pcap 4095] \ [8.8.8.8].53 [172.17.0.10].32976 \ dns QUERY,NOERROR,12038,qr|rd|ra \ 1 google.com.,IN,A \ @@ -381,11 +381,11 @@ ns1.google.com.,IN,A,331810,216.239.32.10 \ ns3.google.com.,IN,A,157808,216.239.36.10 \ ns4.google.com.,IN,A,157808,216.239.38.10 -[56] 2016-10-20 15:24:14.428524 [#44 dns.pcap-dist 4095] \ +[56] 2016-10-20 15:24:14.428524 [#44 dns.pcap 4095] \ [172.17.0.10].53467 [8.8.8.8].53 \ dns QUERY,NOERROR,11614,rd \ 1 google.com.,IN,A 0 0 0 -[208] 2016-10-20 15:24:14.429863 [#45 dns.pcap-dist 4095] \ +[208] 2016-10-20 15:24:14.429863 [#45 dns.pcap 4095] \ [8.8.8.8].53 [172.17.0.10].53467 \ dns QUERY,NOERROR,11614,qr|rd|ra \ 1 google.com.,IN,A \ @@ -398,11 +398,11 @@ ns1.google.com.,IN,A,331808,216.239.32.10 \ ns3.google.com.,IN,A,157806,216.239.36.10 \ ns4.google.com.,IN,A,157806,216.239.38.10 -[56] 2016-10-20 15:24:16.435733 [#46 dns.pcap-dist 4095] \ +[56] 2016-10-20 15:24:16.435733 [#46 dns.pcap 4095] \ [172.17.0.10].41532 [8.8.8.8].53 \ dns QUERY,NOERROR,59173,rd \ 1 google.com.,IN,A 0 0 0 -[208] 2016-10-20 15:24:16.437471 [#47 dns.pcap-dist 4095] \ +[208] 2016-10-20 15:24:16.437471 [#47 dns.pcap 4095] \ [8.8.8.8].53 [172.17.0.10].41532 \ dns QUERY,NOERROR,59173,qr|rd|ra \ 1 google.com.,IN,A \ @@ -415,11 +415,11 @@ ns1.google.com.,IN,A,331806,216.239.32.10 \ ns3.google.com.,IN,A,157804,216.239.36.10 \ ns4.google.com.,IN,A,157804,216.239.38.10 -[56] 2016-10-20 15:24:18.445519 [#48 dns.pcap-dist 4095] \ +[56] 2016-10-20 15:24:18.445519 [#48 dns.pcap 4095] \ [172.17.0.10].44982 [8.8.8.8].53 \ dns QUERY,NOERROR,45535,rd \ 1 google.com.,IN,A 0 0 0 -[208] 2016-10-20 15:24:18.446775 [#49 dns.pcap-dist 4095] \ +[208] 2016-10-20 15:24:18.446775 [#49 dns.pcap 4095] \ [8.8.8.8].53 [172.17.0.10].44982 \ dns QUERY,NOERROR,45535,qr|rd|ra \ 1 google.com.,IN,A \ @@ -432,11 +432,11 @@ ns1.google.com.,IN,A,331804,216.239.32.10 \ ns3.google.com.,IN,A,157802,216.239.36.10 \ ns4.google.com.,IN,A,157802,216.239.38.10 -[73] 2016-10-20 15:24:18.452451 [#50 dns.pcap-dist 4095] \ +[73] 2016-10-20 15:24:18.452451 [#50 dns.pcap 4095] \ [172.17.0.10].40224 [8.8.8.8].53 \ dns QUERY,NOERROR,60808,rd \ 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 -[289] 2016-10-20 15:24:18.454030 [#51 dns.pcap-dist 4095] \ +[289] 2016-10-20 15:24:18.454030 [#51 dns.pcap 4095] \ [8.8.8.8].53 [172.17.0.10].40224 \ dns QUERY,NOERROR,60808,qr|rd|ra \ 1 206.218.58.216.in-addr.arpa.,IN,PTR \ @@ -450,11 +450,11 @@ ns3.google.com.,IN,A,157802,216.239.36.10 \ ns4.google.com.,IN,A,157802,216.239.38.10 \ ns2.google.com.,IN,A,157802,216.239.34.10 -[56] 2016-10-20 15:24:19.460087 [#52 dns.pcap-dist 4095] \ +[56] 2016-10-20 15:24:19.460087 [#52 dns.pcap 4095] \ [172.17.0.10].45658 [8.8.8.8].53 \ dns QUERY,NOERROR,64325,rd \ 1 google.com.,IN,A 0 0 0 -[208] 2016-10-20 15:24:19.462224 [#53 dns.pcap-dist 4095] \ +[208] 2016-10-20 15:24:19.462224 [#53 dns.pcap 4095] \ [8.8.8.8].53 [172.17.0.10].45658 \ dns QUERY,NOERROR,64325,qr|rd|ra \ 1 google.com.,IN,A \ @@ -467,11 +467,11 @@ ns1.google.com.,IN,A,331803,216.239.32.10 \ ns3.google.com.,IN,A,157801,216.239.36.10 \ ns4.google.com.,IN,A,157801,216.239.38.10 -[73] 2016-10-20 15:24:19.467324 [#54 dns.pcap-dist 4095] \ +[73] 2016-10-20 15:24:19.467324 [#54 dns.pcap 4095] \ [172.17.0.10].60457 [8.8.8.8].53 \ dns QUERY,NOERROR,25543,rd \ 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 -[289] 2016-10-20 15:24:19.468895 [#55 dns.pcap-dist 4095] \ +[289] 2016-10-20 15:24:19.468895 [#55 dns.pcap 4095] \ [8.8.8.8].53 [172.17.0.10].60457 \ dns QUERY,NOERROR,25543,qr|rd|ra \ 1 206.218.58.216.in-addr.arpa.,IN,PTR \ @@ -485,11 +485,11 @@ ns3.google.com.,IN,A,157801,216.239.36.10 \ ns4.google.com.,IN,A,157801,216.239.38.10 \ ns2.google.com.,IN,A,157801,216.239.34.10 -[56] 2016-10-20 15:24:20.475086 [#56 dns.pcap-dist 4095] \ +[56] 2016-10-20 15:24:20.475086 [#56 dns.pcap 4095] \ [172.17.0.10].59762 [8.8.8.8].53 \ dns QUERY,NOERROR,20736,rd \ 1 google.com.,IN,A 0 0 0 -[208] 2016-10-20 15:24:20.476841 [#57 dns.pcap-dist 4095] \ +[208] 2016-10-20 15:24:20.476841 [#57 dns.pcap 4095] \ [8.8.8.8].53 [172.17.0.10].59762 \ dns QUERY,NOERROR,20736,qr|rd|ra \ 1 google.com.,IN,A \ @@ -502,11 +502,11 @@ ns1.google.com.,IN,A,331802,216.239.32.10 \ ns3.google.com.,IN,A,157800,216.239.36.10 \ ns4.google.com.,IN,A,157800,216.239.38.10 -[73] 2016-10-20 15:24:20.482188 [#58 dns.pcap-dist 4095] \ +[73] 2016-10-20 15:24:20.482188 [#58 dns.pcap 4095] \ [172.17.0.10].56022 [8.8.8.8].53 \ dns QUERY,NOERROR,25911,rd \ 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 -[289] 2016-10-20 15:24:20.483927 [#59 dns.pcap-dist 4095] \ +[289] 2016-10-20 15:24:20.483927 [#59 dns.pcap 4095] \ [8.8.8.8].53 [172.17.0.10].56022 \ dns QUERY,NOERROR,25911,qr|rd|ra \ 1 206.218.58.216.in-addr.arpa.,IN,PTR \ @@ -520,11 +520,11 @@ ns3.google.com.,IN,A,157800,216.239.36.10 \ ns4.google.com.,IN,A,157800,216.239.38.10 \ ns2.google.com.,IN,A,157800,216.239.34.10 -[56] 2016-10-20 15:24:21.489468 [#60 dns.pcap-dist 4095] \ +[56] 2016-10-20 15:24:21.489468 [#60 dns.pcap 4095] \ [172.17.0.10].37669 [8.8.8.8].53 \ dns QUERY,NOERROR,64358,rd \ 1 google.com.,IN,A 0 0 0 -[208] 2016-10-20 15:24:21.490573 [#61 dns.pcap-dist 4095] \ +[208] 2016-10-20 15:24:21.490573 [#61 dns.pcap 4095] \ [8.8.8.8].53 [172.17.0.10].37669 \ dns QUERY,NOERROR,64358,qr|rd|ra \ 1 google.com.,IN,A \ @@ -537,11 +537,11 @@ ns1.google.com.,IN,A,331801,216.239.32.10 \ ns3.google.com.,IN,A,157799,216.239.36.10 \ ns4.google.com.,IN,A,157799,216.239.38.10 -[73] 2016-10-20 15:24:21.495324 [#62 dns.pcap-dist 4095] \ +[73] 2016-10-20 15:24:21.495324 [#62 dns.pcap 4095] \ [172.17.0.10].42978 [8.8.8.8].53 \ dns QUERY,NOERROR,37698,rd \ 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 -[289] 2016-10-20 15:24:21.496815 [#63 dns.pcap-dist 4095] \ +[289] 2016-10-20 15:24:21.496815 [#63 dns.pcap 4095] \ [8.8.8.8].53 [172.17.0.10].42978 \ dns QUERY,NOERROR,37698,qr|rd|ra \ 1 206.218.58.216.in-addr.arpa.,IN,PTR \ @@ -555,11 +555,11 @@ ns3.google.com.,IN,A,157799,216.239.36.10 \ ns4.google.com.,IN,A,157799,216.239.38.10 \ ns2.google.com.,IN,A,157799,216.239.34.10 -[56] 2016-10-20 15:24:22.502667 [#64 dns.pcap-dist 4095] \ +[56] 2016-10-20 15:24:22.502667 [#64 dns.pcap 4095] \ [172.17.0.10].49829 [8.8.8.8].53 \ dns QUERY,NOERROR,54706,rd \ 1 google.com.,IN,A 0 0 0 -[208] 2016-10-20 15:24:22.504738 [#65 dns.pcap-dist 4095] \ +[208] 2016-10-20 15:24:22.504738 [#65 dns.pcap 4095] \ [8.8.8.8].53 [172.17.0.10].49829 \ dns QUERY,NOERROR,54706,qr|rd|ra \ 1 google.com.,IN,A \ @@ -572,11 +572,11 @@ ns1.google.com.,IN,A,331800,216.239.32.10 \ ns3.google.com.,IN,A,157798,216.239.36.10 \ ns4.google.com.,IN,A,157798,216.239.38.10 -[73] 2016-10-20 15:24:22.510176 [#66 dns.pcap-dist 4095] \ +[73] 2016-10-20 15:24:22.510176 [#66 dns.pcap 4095] \ [172.17.0.10].50599 [8.8.8.8].53 \ dns QUERY,NOERROR,32142,rd \ 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 -[289] 2016-10-20 15:24:22.511746 [#67 dns.pcap-dist 4095] \ +[289] 2016-10-20 15:24:22.511746 [#67 dns.pcap 4095] \ [8.8.8.8].53 [172.17.0.10].50599 \ dns QUERY,NOERROR,32142,qr|rd|ra \ 1 206.218.58.216.in-addr.arpa.,IN,PTR \ @@ -590,11 +590,11 @@ ns3.google.com.,IN,A,157798,216.239.36.10 \ ns4.google.com.,IN,A,157798,216.239.38.10 \ ns2.google.com.,IN,A,157798,216.239.34.10 -[56] 2016-10-20 15:24:23.520203 [#68 dns.pcap-dist 4095] \ +[56] 2016-10-20 15:24:23.520203 [#68 dns.pcap 4095] \ [172.17.0.10].44980 [8.8.8.8].53 \ dns QUERY,NOERROR,41808,rd \ 1 google.com.,IN,A 0 0 0 -[208] 2016-10-20 15:24:23.521976 [#69 dns.pcap-dist 4095] \ +[208] 2016-10-20 15:24:23.521976 [#69 dns.pcap 4095] \ [8.8.8.8].53 [172.17.0.10].44980 \ dns QUERY,NOERROR,41808,qr|rd|ra \ 1 google.com.,IN,A \ @@ -607,11 +607,11 @@ ns1.google.com.,IN,A,331799,216.239.32.10 \ ns3.google.com.,IN,A,157797,216.239.36.10 \ ns4.google.com.,IN,A,157797,216.239.38.10 -[73] 2016-10-20 15:24:23.527449 [#70 dns.pcap-dist 4095] \ +[73] 2016-10-20 15:24:23.527449 [#70 dns.pcap 4095] \ [172.17.0.10].60063 [8.8.8.8].53 \ dns QUERY,NOERROR,18886,rd \ 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 -[289] 2016-10-20 15:24:23.529385 [#71 dns.pcap-dist 4095] \ +[289] 2016-10-20 15:24:23.529385 [#71 dns.pcap 4095] \ [8.8.8.8].53 [172.17.0.10].60063 \ dns QUERY,NOERROR,18886,qr|rd|ra \ 1 206.218.58.216.in-addr.arpa.,IN,PTR \ @@ -625,11 +625,11 @@ ns3.google.com.,IN,A,157797,216.239.36.10 \ ns4.google.com.,IN,A,157797,216.239.38.10 \ ns2.google.com.,IN,A,157797,216.239.34.10 -[56] 2016-10-20 15:24:24.537264 [#72 dns.pcap-dist 4095] \ +[56] 2016-10-20 15:24:24.537264 [#72 dns.pcap 4095] \ [172.17.0.10].42042 [8.8.8.8].53 \ dns QUERY,NOERROR,10624,rd \ 1 google.com.,IN,A 0 0 0 -[208] 2016-10-20 15:24:24.539398 [#73 dns.pcap-dist 4095] \ +[208] 2016-10-20 15:24:24.539398 [#73 dns.pcap 4095] \ [8.8.8.8].53 [172.17.0.10].42042 \ dns QUERY,NOERROR,10624,qr|rd|ra \ 1 google.com.,IN,A \ @@ -642,11 +642,11 @@ ns1.google.com.,IN,A,331798,216.239.32.10 \ ns3.google.com.,IN,A,157796,216.239.36.10 \ ns4.google.com.,IN,A,157796,216.239.38.10 -[73] 2016-10-20 15:24:24.544538 [#74 dns.pcap-dist 4095] \ +[73] 2016-10-20 15:24:24.544538 [#74 dns.pcap 4095] \ [172.17.0.10].60469 [8.8.8.8].53 \ dns QUERY,NOERROR,33139,rd \ 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 -[289] 2016-10-20 15:24:24.546172 [#75 dns.pcap-dist 4095] \ +[289] 2016-10-20 15:24:24.546172 [#75 dns.pcap 4095] \ [8.8.8.8].53 [172.17.0.10].60469 \ dns QUERY,NOERROR,33139,qr|rd|ra \ 1 206.218.58.216.in-addr.arpa.,IN,PTR \ @@ -660,11 +660,11 @@ ns3.google.com.,IN,A,157796,216.239.36.10 \ ns4.google.com.,IN,A,157796,216.239.38.10 \ ns2.google.com.,IN,A,157796,216.239.34.10 -[56] 2016-10-20 15:24:25.554744 [#76 dns.pcap-dist 4095] \ +[56] 2016-10-20 15:24:25.554744 [#76 dns.pcap 4095] \ [172.17.0.10].45703 [8.8.8.8].53 \ dns QUERY,NOERROR,61415,rd \ 1 google.com.,IN,A 0 0 0 -[208] 2016-10-20 15:24:25.556513 [#77 dns.pcap-dist 4095] \ +[208] 2016-10-20 15:24:25.556513 [#77 dns.pcap 4095] \ [8.8.8.8].53 [172.17.0.10].45703 \ dns QUERY,NOERROR,61415,qr|rd|ra \ 1 google.com.,IN,A \ @@ -677,11 +677,11 @@ ns1.google.com.,IN,A,331797,216.239.32.10 \ ns3.google.com.,IN,A,157795,216.239.36.10 \ ns4.google.com.,IN,A,157795,216.239.38.10 -[73] 2016-10-20 15:24:25.562608 [#78 dns.pcap-dist 4095] \ +[73] 2016-10-20 15:24:25.562608 [#78 dns.pcap 4095] \ [172.17.0.10].33507 [8.8.8.8].53 \ dns QUERY,NOERROR,59258,rd \ 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 -[289] 2016-10-20 15:24:25.564509 [#79 dns.pcap-dist 4095] \ +[289] 2016-10-20 15:24:25.564509 [#79 dns.pcap 4095] \ [8.8.8.8].53 [172.17.0.10].33507 \ dns QUERY,NOERROR,59258,qr|rd|ra \ 1 206.218.58.216.in-addr.arpa.,IN,PTR \ @@ -695,11 +695,11 @@ ns3.google.com.,IN,A,157795,216.239.36.10 \ ns4.google.com.,IN,A,157795,216.239.38.10 \ ns2.google.com.,IN,A,157795,216.239.34.10 -[56] 2016-10-20 15:24:26.572784 [#80 dns.pcap-dist 4095] \ +[56] 2016-10-20 15:24:26.572784 [#80 dns.pcap 4095] \ [172.17.0.10].46798 [8.8.8.8].53 \ dns QUERY,NOERROR,17700,rd \ 1 google.com.,IN,A 0 0 0 -[208] 2016-10-20 15:24:26.574350 [#81 dns.pcap-dist 4095] \ +[208] 2016-10-20 15:24:26.574350 [#81 dns.pcap 4095] \ [8.8.8.8].53 [172.17.0.10].46798 \ dns QUERY,NOERROR,17700,qr|rd|ra \ 1 google.com.,IN,A \ diff --git a/src/test/dnspad.gold b/src/test/dnspad.gold index 8a5275ac..82ae5fa3 100644 --- a/src/test/dnspad.gold +++ b/src/test/dnspad.gold @@ -1,8 +1,8 @@ -[59] 2016-10-20 15:23:01.075993 [#0 dnspad.pcap-dist 4095] \ +[59] 2016-10-20 15:23:01.075993 [#0 dnspad.pcap 4095] \ [172.17.0.10].53199 [8.8.8.8].53 \ dns QUERY,NOERROR,59311,rd \ 1 google.com.,IN,A 0 0 0 -[59] 2016-10-20 15:23:01.075993 [#0 dnspad.pcap-dist 4095] \ +[59] 2016-10-20 15:23:01.075993 [#0 dnspad.pcap 4095] \ [172.17.0.10].53199 [8.8.8.8].53 \ dns QUERY,NOERROR,59311,rd \ 1 google.com.,IN,A 0 0 0 diff --git a/src/test/test1.sh b/src/test/test1.sh index 03142c95..deec4bf5 100755 --- a/src/test/test1.sh +++ b/src/test/test1.sh @@ -1,6 +1,8 @@ #!/bin/sh -xe -../dnscap -g -r dns.pcap-dist 2>dns.out +test -e dns.pcap || ln -s "$srcdir/dns.pcap" dns.pcap + +../dnscap -g -r dns.pcap 2>dns.out mv dns.out dns.out.old grep -v "^libgcov profiling error:" dns.out.old > dns.out diff --git a/src/test/test10.gold b/src/test/test10.gold index 69f51ef7..d03011be 100644 --- a/src/test/test10.gold +++ b/src/test/test10.gold @@ -1,20 +1,20 @@ -[87] 2018-11-27 15:52:00.414188 [#0 dns6.pcap-dist 4095] \ +[87] 2018-11-27 15:52:00.414188 [#0 dns6.pcap 4095] \ [2a01:3f0:0:57::245].51972 [2001:4860:4860::8888].53 \ dns QUERY,NOERROR,51420,rd|ad \ 1 google.com.,IN,A 0 0 \ 1 .,4096,4096,0,edns0[len=0,UDP=4096,ver=0,rcode=0,DO=0,z=0] -[103] 2018-11-27 15:52:00.428453 [#1 dns6.pcap-dist 4095] \ +[103] 2018-11-27 15:52:00.428453 [#1 dns6.pcap 4095] \ [2001:4860:4860::8888].53 [2a01:3f0:0:57::245].51972 \ dns QUERY,NOERROR,51420,qr|rd|ra \ 1 google.com.,IN,A \ 1 google.com.,IN,A,299,172.217.20.46 0 \ 1 .,512,512,0,edns0[len=0,UDP=512,ver=0,rcode=0,DO=0,z=0] -[87] 2018-11-27 15:52:00.414188 [#0 dns6.pcap-dist 4095] \ +[87] 2018-11-27 15:52:00.414188 [#0 dns6.pcap 4095] \ [2a01:3f0:0:57::245].51972 [2001:4860:4860::8888].53 \ dns QUERY,NOERROR,51420,rd|ad \ 1 google.com.,IN,A 0 0 \ 1 .,4096,4096,0,edns0[len=0,UDP=4096,ver=0,rcode=0,DO=0,z=0] -[103] 2018-11-27 15:52:00.428453 [#1 dns6.pcap-dist 4095] \ +[103] 2018-11-27 15:52:00.428453 [#1 dns6.pcap 4095] \ [2001:4860:4860::8888].53 [2a01:3f0:0:57::245].51972 \ dns QUERY,NOERROR,51420,qr|rd|ra \ 1 google.com.,IN,A \ diff --git a/src/test/test10.sh b/src/test/test10.sh index 2779cb0f..81375ed2 100755 --- a/src/test/test10.sh +++ b/src/test/test10.sh @@ -1,6 +1,8 @@ #!/bin/sh -xe -../dnscap -r dns6.pcap-dist -g 2>test10.out -../dnscap -r dns6.pcap-dist -o use_layers=yes -g 2>>test10.out +test -e dns6.pcap || ln -s "$srcdir/dns6.pcap" dns6.pcap + +../dnscap -r dns6.pcap -g 2>test10.out +../dnscap -r dns6.pcap -o use_layers=yes -g 2>>test10.out diff test10.out "$srcdir/test10.gold" diff --git a/src/test/test11.sh b/src/test/test11.sh index 7f58c890..d8f4d405 100755 --- a/src/test/test11.sh +++ b/src/test/test11.sh @@ -1,5 +1,7 @@ #!/bin/sh -xe +test -e dns.pcap || ln -s "$srcdir/dns.pcap" dns.pcap + ../dnscap -? ! ../dnscap -j @@ -42,13 +44,13 @@ fi ../dnscap -V -../dnscap -r dns.pcap-dist -g -ddddd -../dnscap -r dns.pcap-dist -x '.*' -X '.*' -g -ddddd +../dnscap -r dns.pcap -g -ddddd +../dnscap -r dns.pcap -x '.*' -X '.*' -g -ddddd -! ../dnscap -r dns.pcap-dist -i fake 2>test11.out +! ../dnscap -r dns.pcap -i fake 2>test11.out cat test11.out grep -qF -- "-i makes no sense after -r" test11.out -! ../dnscap -i fake -r dns.pcap-dist 2>test11.out +! ../dnscap -i fake -r dns.pcap 2>test11.out cat test11.out grep -qF -- "-r makes no sense after -i" test11.out diff --git a/src/test/test12.sh b/src/test/test12.sh index 76b0e015..9243ed98 100755 --- a/src/test/test12.sh +++ b/src/test/test12.sh @@ -1,6 +1,8 @@ #!/bin/sh -xe -if ! ../dnscap -g -r dns.pcap-dist -w test12 -W .gz 2>test12.out; then +test -e dns.pcap || ln -s "$srcdir/dns.pcap" dns.pcap + +if ! ../dnscap -g -r dns.pcap -w test12 -W .gz 2>test12.out; then grep -qF "gzip compression requested but not supported" test12.out && exit 0 exit 1 fi diff --git a/src/test/test13.sh b/src/test/test13.sh index 4749a92d..4b8d5237 100755 --- a/src/test/test13.sh +++ b/src/test/test13.sh @@ -2,6 +2,8 @@ test -f /etc/resolv.conf || exit 0 +test -e dns.pcap || ln -s "$srcdir/dns.pcap" dns.pcap + ! ../dnscap -a "fake_host-should+not/work" 2>test13.out cat test13.out grep -qF "invalid host address" test13.out @@ -9,20 +11,20 @@ grep -qF "invalid host address" test13.out if [ "`uname`" = "OpenBSD" ]; then # IPv6 addresses in BPF seems to segfault on OpenBSD and doing host and # not host throws generic pcap_compile error - ../dnscap -a 127.0.0.1 -r dns.pcap-dist -g -dddd - ../dnscap -z 127.0.0.1 -r dns.pcap-dist -g -dddd - ../dnscap -A 127.0.0.1 -r dns.pcap-dist -g -dddd - ../dnscap -Z 127.0.0.1 -r dns.pcap-dist -g -dddd - ../dnscap -Y 127.0.0.1 -r dns.pcap-dist -g -dddd + ../dnscap -a 127.0.0.1 -r dns.pcap -g -dddd + ../dnscap -z 127.0.0.1 -r dns.pcap -g -dddd + ../dnscap -A 127.0.0.1 -r dns.pcap -g -dddd + ../dnscap -Z 127.0.0.1 -r dns.pcap -g -dddd + ../dnscap -Y 127.0.0.1 -r dns.pcap -g -dddd else - ../dnscap -a 127.0.0.1 -a ::1 -r dns.pcap-dist -g -dddd - ../dnscap -z 127.0.0.1 -z ::1 -r dns.pcap-dist -g -dddd - ../dnscap -A 127.0.0.1 -A ::1 -r dns.pcap-dist -g -dddd - ../dnscap -Z 127.0.0.1 -Z ::1 -r dns.pcap-dist -g -dddd - ../dnscap -Y 127.0.0.1 -Y ::1 -r dns.pcap-dist -g -dddd + ../dnscap -a 127.0.0.1 -a ::1 -r dns.pcap -g -dddd + ../dnscap -z 127.0.0.1 -z ::1 -r dns.pcap -g -dddd + ../dnscap -A 127.0.0.1 -A ::1 -r dns.pcap -g -dddd + ../dnscap -Z 127.0.0.1 -Z ::1 -r dns.pcap -g -dddd + ../dnscap -Y 127.0.0.1 -Y ::1 -r dns.pcap -g -dddd fi if [ "$TEST_DNSCAP_WITH_NETWORK" = "1" ]; then - ../dnscap -a google.com -r dns.pcap-dist -g -dddd + ../dnscap -a google.com -r dns.pcap -g -dddd fi -../dnscap -Y 127.0.0.1 -r dns.pcap-dist -g -../dnscap -Y 8.8.8.8 -r dns.pcap-dist -g +../dnscap -Y 127.0.0.1 -r dns.pcap -g +../dnscap -Y 8.8.8.8 -r dns.pcap -g diff --git a/src/test/test14.gold b/src/test/test14.gold index fb342e22..183d0429 100644 --- a/src/test/test14.gold +++ b/src/test/test14.gold @@ -1,9 +1,9 @@ -- only 1 -[56] 2016-10-20 15:23:01.075993 [#0 dns.pcap-dist 4095] \ +[56] 2016-10-20 15:23:01.075993 [#0 dns.pcap 4095] \ [172.17.0.10].53199 [8.8.8.8].53 \ dns QUERY,NOERROR,59311,rd \ 1 google.com.,IN,A 0 0 0 -[208] 2016-10-20 15:23:01.077982 [#1 dns.pcap-dist 4095] \ +[208] 2016-10-20 15:23:01.077982 [#1 dns.pcap 4095] \ [8.8.8.8].53 [172.17.0.10].53199 \ dns QUERY,NOERROR,59311,qr|rd|ra \ 1 google.com.,IN,A \ @@ -16,11 +16,11 @@ ns1.google.com.,IN,A,331882,216.239.32.10 \ ns3.google.com.,IN,A,157880,216.239.36.10 \ ns4.google.com.,IN,A,157880,216.239.38.10 -[56] 2016-10-20 15:23:01.087291 [#2 dns.pcap-dist 4095] \ +[56] 2016-10-20 15:23:01.087291 [#2 dns.pcap 4095] \ [172.17.0.10].40043 [8.8.8.8].53 \ dns QUERY,NOERROR,5337,rd \ 1 google.com.,IN,A 0 0 0 -[208] 2016-10-20 15:23:01.088733 [#3 dns.pcap-dist 4095] \ +[208] 2016-10-20 15:23:01.088733 [#3 dns.pcap 4095] \ [8.8.8.8].53 [172.17.0.10].40043 \ dns QUERY,NOERROR,5337,qr|rd|ra \ 1 google.com.,IN,A \ @@ -33,11 +33,11 @@ ns1.google.com.,IN,A,331882,216.239.32.10 \ ns3.google.com.,IN,A,157880,216.239.36.10 \ ns4.google.com.,IN,A,157880,216.239.38.10 -[56] 2016-10-20 15:23:10.322117 [#4 dns.pcap-dist 4095] \ +[56] 2016-10-20 15:23:10.322117 [#4 dns.pcap 4095] \ [172.17.0.10].37953 [8.8.8.8].53 \ dns QUERY,NOERROR,22982,rd \ 1 google.com.,IN,A 0 0 0 -[208] 2016-10-20 15:23:10.323399 [#5 dns.pcap-dist 4095] \ +[208] 2016-10-20 15:23:10.323399 [#5 dns.pcap 4095] \ [8.8.8.8].53 [172.17.0.10].37953 \ dns QUERY,NOERROR,22982,qr|rd|ra \ 1 google.com.,IN,A \ @@ -50,11 +50,11 @@ ns1.google.com.,IN,A,331872,216.239.32.10 \ ns3.google.com.,IN,A,157870,216.239.36.10 \ ns4.google.com.,IN,A,157870,216.239.38.10 -[56] 2016-10-20 15:23:52.860937 [#6 dns.pcap-dist 4095] \ +[56] 2016-10-20 15:23:52.860937 [#6 dns.pcap 4095] \ [172.17.0.10].40953 [8.8.8.8].53 \ dns QUERY,NOERROR,22531,rd \ 1 google.com.,IN,A 0 0 0 -[208] 2016-10-20 15:23:52.863771 [#7 dns.pcap-dist 4095] \ +[208] 2016-10-20 15:23:52.863771 [#7 dns.pcap 4095] \ [8.8.8.8].53 [172.17.0.10].40953 \ dns QUERY,NOERROR,22531,qr|rd|ra \ 1 google.com.,IN,A \ @@ -67,11 +67,11 @@ ns1.google.com.,IN,A,331830,216.239.32.10 \ ns3.google.com.,IN,A,157828,216.239.36.10 \ ns4.google.com.,IN,A,157828,216.239.38.10 -[56] 2016-10-20 15:23:59.083869 [#8 dns.pcap-dist 4095] \ +[56] 2016-10-20 15:23:59.083869 [#8 dns.pcap 4095] \ [172.17.0.10].45174 [8.8.8.8].53 \ dns QUERY,NOERROR,58510,rd \ 1 google.com.,IN,A 0 0 0 -[208] 2016-10-20 15:23:59.086104 [#9 dns.pcap-dist 4095] \ +[208] 2016-10-20 15:23:59.086104 [#9 dns.pcap 4095] \ [8.8.8.8].53 [172.17.0.10].45174 \ dns QUERY,NOERROR,58510,qr|rd|ra \ 1 google.com.,IN,A \ @@ -84,11 +84,11 @@ ns1.google.com.,IN,A,331824,216.239.32.10 \ ns3.google.com.,IN,A,157822,216.239.36.10 \ ns4.google.com.,IN,A,157822,216.239.38.10 -[56] 2016-10-20 15:24:04.323868 [#10 dns.pcap-dist 4095] \ +[56] 2016-10-20 15:24:04.323868 [#10 dns.pcap 4095] \ [172.17.0.10].43559 [8.8.8.8].53 \ dns QUERY,NOERROR,49483,rd \ 1 google.com.,IN,A 0 0 0 -[208] 2016-10-20 15:24:04.325597 [#11 dns.pcap-dist 4095] \ +[208] 2016-10-20 15:24:04.325597 [#11 dns.pcap 4095] \ [8.8.8.8].53 [172.17.0.10].43559 \ dns QUERY,NOERROR,49483,qr|rd|ra \ 1 google.com.,IN,A \ @@ -101,11 +101,11 @@ ns1.google.com.,IN,A,331818,216.239.32.10 \ ns3.google.com.,IN,A,157816,216.239.36.10 \ ns4.google.com.,IN,A,157816,216.239.38.10 -[56] 2016-10-20 15:24:06.332239 [#12 dns.pcap-dist 4095] \ +[56] 2016-10-20 15:24:06.332239 [#12 dns.pcap 4095] \ [172.17.0.10].54859 [8.8.8.8].53 \ dns QUERY,NOERROR,31669,rd \ 1 google.com.,IN,A 0 0 0 -[208] 2016-10-20 15:24:06.333743 [#13 dns.pcap-dist 4095] \ +[208] 2016-10-20 15:24:06.333743 [#13 dns.pcap 4095] \ [8.8.8.8].53 [172.17.0.10].54859 \ dns QUERY,NOERROR,31669,qr|rd|ra \ 1 google.com.,IN,A \ @@ -118,11 +118,11 @@ ns1.google.com.,IN,A,331816,216.239.32.10 \ ns3.google.com.,IN,A,157814,216.239.36.10 \ ns4.google.com.,IN,A,157814,216.239.38.10 -[56] 2016-10-20 15:24:07.346429 [#14 dns.pcap-dist 4095] \ +[56] 2016-10-20 15:24:07.346429 [#14 dns.pcap 4095] \ [172.17.0.10].41266 [8.8.8.8].53 \ dns QUERY,NOERROR,63798,rd \ 1 google.com.,IN,A 0 0 0 -[208] 2016-10-20 15:24:07.348160 [#15 dns.pcap-dist 4095] \ +[208] 2016-10-20 15:24:07.348160 [#15 dns.pcap 4095] \ [8.8.8.8].53 [172.17.0.10].41266 \ dns QUERY,NOERROR,63798,qr|rd|ra \ 1 google.com.,IN,A \ @@ -135,11 +135,11 @@ ns1.google.com.,IN,A,331815,216.239.32.10 \ ns3.google.com.,IN,A,157813,216.239.36.10 \ ns4.google.com.,IN,A,157813,216.239.38.10 -[56] 2016-10-20 15:24:08.360528 [#16 dns.pcap-dist 4095] \ +[56] 2016-10-20 15:24:08.360528 [#16 dns.pcap 4095] \ [172.17.0.10].60437 [8.8.8.8].53 \ dns QUERY,NOERROR,60258,rd \ 1 google.com.,IN,A 0 0 0 -[208] 2016-10-20 15:24:08.362206 [#17 dns.pcap-dist 4095] \ +[208] 2016-10-20 15:24:08.362206 [#17 dns.pcap 4095] \ [8.8.8.8].53 [172.17.0.10].60437 \ dns QUERY,NOERROR,60258,qr|rd|ra \ 1 google.com.,IN,A \ @@ -152,11 +152,11 @@ ns1.google.com.,IN,A,331814,216.239.32.10 \ ns3.google.com.,IN,A,157812,216.239.36.10 \ ns4.google.com.,IN,A,157812,216.239.38.10 -[56] 2016-10-20 15:24:09.375942 [#18 dns.pcap-dist 4095] \ +[56] 2016-10-20 15:24:09.375942 [#18 dns.pcap 4095] \ [172.17.0.10].53820 [8.8.8.8].53 \ dns QUERY,NOERROR,45512,rd \ 1 google.com.,IN,A 0 0 0 -[208] 2016-10-20 15:24:09.378425 [#19 dns.pcap-dist 4095] \ +[208] 2016-10-20 15:24:09.378425 [#19 dns.pcap 4095] \ [8.8.8.8].53 [172.17.0.10].53820 \ dns QUERY,NOERROR,45512,qr|rd|ra \ 1 google.com.,IN,A \ @@ -169,11 +169,11 @@ ns1.google.com.,IN,A,331813,216.239.32.10 \ ns3.google.com.,IN,A,157811,216.239.36.10 \ ns4.google.com.,IN,A,157811,216.239.38.10 -[56] 2016-10-20 15:24:10.391358 [#20 dns.pcap-dist 4095] \ +[56] 2016-10-20 15:24:10.391358 [#20 dns.pcap 4095] \ [172.17.0.10].47637 [8.8.8.8].53 \ dns QUERY,NOERROR,1834,rd \ 1 google.com.,IN,A 0 0 0 -[208] 2016-10-20 15:24:10.392886 [#21 dns.pcap-dist 4095] \ +[208] 2016-10-20 15:24:10.392886 [#21 dns.pcap 4095] \ [8.8.8.8].53 [172.17.0.10].47637 \ dns QUERY,NOERROR,1834,qr|rd|ra \ 1 google.com.,IN,A \ @@ -186,11 +186,11 @@ ns1.google.com.,IN,A,331812,216.239.32.10 \ ns3.google.com.,IN,A,157810,216.239.36.10 \ ns4.google.com.,IN,A,157810,216.239.38.10 -[56] 2016-10-20 15:24:11.406297 [#22 dns.pcap-dist 4095] \ +[56] 2016-10-20 15:24:11.406297 [#22 dns.pcap 4095] \ [172.17.0.10].41059 [8.8.8.8].53 \ dns QUERY,NOERROR,48432,rd \ 1 google.com.,IN,A 0 0 0 -[208] 2016-10-20 15:24:11.407460 [#23 dns.pcap-dist 4095] \ +[208] 2016-10-20 15:24:11.407460 [#23 dns.pcap 4095] \ [8.8.8.8].53 [172.17.0.10].41059 \ dns QUERY,NOERROR,48432,qr|rd|ra \ 1 google.com.,IN,A \ @@ -203,11 +203,11 @@ ns1.google.com.,IN,A,331811,216.239.32.10 \ ns3.google.com.,IN,A,157809,216.239.36.10 \ ns4.google.com.,IN,A,157809,216.239.38.10 -[56] 2016-10-20 15:24:12.419936 [#24 dns.pcap-dist 4095] \ +[56] 2016-10-20 15:24:12.419936 [#24 dns.pcap 4095] \ [172.17.0.10].32976 [8.8.8.8].53 \ dns QUERY,NOERROR,12038,rd \ 1 google.com.,IN,A 0 0 0 -[208] 2016-10-20 15:24:12.421228 [#25 dns.pcap-dist 4095] \ +[208] 2016-10-20 15:24:12.421228 [#25 dns.pcap 4095] \ [8.8.8.8].53 [172.17.0.10].32976 \ dns QUERY,NOERROR,12038,qr|rd|ra \ 1 google.com.,IN,A \ @@ -220,11 +220,11 @@ ns1.google.com.,IN,A,331810,216.239.32.10 \ ns3.google.com.,IN,A,157808,216.239.36.10 \ ns4.google.com.,IN,A,157808,216.239.38.10 -[56] 2016-10-20 15:24:14.428524 [#26 dns.pcap-dist 4095] \ +[56] 2016-10-20 15:24:14.428524 [#26 dns.pcap 4095] \ [172.17.0.10].53467 [8.8.8.8].53 \ dns QUERY,NOERROR,11614,rd \ 1 google.com.,IN,A 0 0 0 -[208] 2016-10-20 15:24:14.429863 [#27 dns.pcap-dist 4095] \ +[208] 2016-10-20 15:24:14.429863 [#27 dns.pcap 4095] \ [8.8.8.8].53 [172.17.0.10].53467 \ dns QUERY,NOERROR,11614,qr|rd|ra \ 1 google.com.,IN,A \ @@ -237,11 +237,11 @@ ns1.google.com.,IN,A,331808,216.239.32.10 \ ns3.google.com.,IN,A,157806,216.239.36.10 \ ns4.google.com.,IN,A,157806,216.239.38.10 -[56] 2016-10-20 15:24:16.435733 [#28 dns.pcap-dist 4095] \ +[56] 2016-10-20 15:24:16.435733 [#28 dns.pcap 4095] \ [172.17.0.10].41532 [8.8.8.8].53 \ dns QUERY,NOERROR,59173,rd \ 1 google.com.,IN,A 0 0 0 -[208] 2016-10-20 15:24:16.437471 [#29 dns.pcap-dist 4095] \ +[208] 2016-10-20 15:24:16.437471 [#29 dns.pcap 4095] \ [8.8.8.8].53 [172.17.0.10].41532 \ dns QUERY,NOERROR,59173,qr|rd|ra \ 1 google.com.,IN,A \ @@ -254,11 +254,11 @@ ns1.google.com.,IN,A,331806,216.239.32.10 \ ns3.google.com.,IN,A,157804,216.239.36.10 \ ns4.google.com.,IN,A,157804,216.239.38.10 -[56] 2016-10-20 15:24:18.445519 [#30 dns.pcap-dist 4095] \ +[56] 2016-10-20 15:24:18.445519 [#30 dns.pcap 4095] \ [172.17.0.10].44982 [8.8.8.8].53 \ dns QUERY,NOERROR,45535,rd \ 1 google.com.,IN,A 0 0 0 -[208] 2016-10-20 15:24:18.446775 [#31 dns.pcap-dist 4095] \ +[208] 2016-10-20 15:24:18.446775 [#31 dns.pcap 4095] \ [8.8.8.8].53 [172.17.0.10].44982 \ dns QUERY,NOERROR,45535,qr|rd|ra \ 1 google.com.,IN,A \ @@ -271,11 +271,11 @@ ns1.google.com.,IN,A,331804,216.239.32.10 \ ns3.google.com.,IN,A,157802,216.239.36.10 \ ns4.google.com.,IN,A,157802,216.239.38.10 -[56] 2016-10-20 15:24:19.460087 [#32 dns.pcap-dist 4095] \ +[56] 2016-10-20 15:24:19.460087 [#32 dns.pcap 4095] \ [172.17.0.10].45658 [8.8.8.8].53 \ dns QUERY,NOERROR,64325,rd \ 1 google.com.,IN,A 0 0 0 -[208] 2016-10-20 15:24:19.462224 [#33 dns.pcap-dist 4095] \ +[208] 2016-10-20 15:24:19.462224 [#33 dns.pcap 4095] \ [8.8.8.8].53 [172.17.0.10].45658 \ dns QUERY,NOERROR,64325,qr|rd|ra \ 1 google.com.,IN,A \ @@ -288,11 +288,11 @@ ns1.google.com.,IN,A,331803,216.239.32.10 \ ns3.google.com.,IN,A,157801,216.239.36.10 \ ns4.google.com.,IN,A,157801,216.239.38.10 -[56] 2016-10-20 15:24:20.475086 [#34 dns.pcap-dist 4095] \ +[56] 2016-10-20 15:24:20.475086 [#34 dns.pcap 4095] \ [172.17.0.10].59762 [8.8.8.8].53 \ dns QUERY,NOERROR,20736,rd \ 1 google.com.,IN,A 0 0 0 -[208] 2016-10-20 15:24:20.476841 [#35 dns.pcap-dist 4095] \ +[208] 2016-10-20 15:24:20.476841 [#35 dns.pcap 4095] \ [8.8.8.8].53 [172.17.0.10].59762 \ dns QUERY,NOERROR,20736,qr|rd|ra \ 1 google.com.,IN,A \ @@ -305,11 +305,11 @@ ns1.google.com.,IN,A,331802,216.239.32.10 \ ns3.google.com.,IN,A,157800,216.239.36.10 \ ns4.google.com.,IN,A,157800,216.239.38.10 -[56] 2016-10-20 15:24:21.489468 [#36 dns.pcap-dist 4095] \ +[56] 2016-10-20 15:24:21.489468 [#36 dns.pcap 4095] \ [172.17.0.10].37669 [8.8.8.8].53 \ dns QUERY,NOERROR,64358,rd \ 1 google.com.,IN,A 0 0 0 -[208] 2016-10-20 15:24:21.490573 [#37 dns.pcap-dist 4095] \ +[208] 2016-10-20 15:24:21.490573 [#37 dns.pcap 4095] \ [8.8.8.8].53 [172.17.0.10].37669 \ dns QUERY,NOERROR,64358,qr|rd|ra \ 1 google.com.,IN,A \ @@ -322,11 +322,11 @@ ns1.google.com.,IN,A,331801,216.239.32.10 \ ns3.google.com.,IN,A,157799,216.239.36.10 \ ns4.google.com.,IN,A,157799,216.239.38.10 -[56] 2016-10-20 15:24:22.502667 [#38 dns.pcap-dist 4095] \ +[56] 2016-10-20 15:24:22.502667 [#38 dns.pcap 4095] \ [172.17.0.10].49829 [8.8.8.8].53 \ dns QUERY,NOERROR,54706,rd \ 1 google.com.,IN,A 0 0 0 -[208] 2016-10-20 15:24:22.504738 [#39 dns.pcap-dist 4095] \ +[208] 2016-10-20 15:24:22.504738 [#39 dns.pcap 4095] \ [8.8.8.8].53 [172.17.0.10].49829 \ dns QUERY,NOERROR,54706,qr|rd|ra \ 1 google.com.,IN,A \ @@ -339,11 +339,11 @@ ns1.google.com.,IN,A,331800,216.239.32.10 \ ns3.google.com.,IN,A,157798,216.239.36.10 \ ns4.google.com.,IN,A,157798,216.239.38.10 -[56] 2016-10-20 15:24:23.520203 [#40 dns.pcap-dist 4095] \ +[56] 2016-10-20 15:24:23.520203 [#40 dns.pcap 4095] \ [172.17.0.10].44980 [8.8.8.8].53 \ dns QUERY,NOERROR,41808,rd \ 1 google.com.,IN,A 0 0 0 -[208] 2016-10-20 15:24:23.521976 [#41 dns.pcap-dist 4095] \ +[208] 2016-10-20 15:24:23.521976 [#41 dns.pcap 4095] \ [8.8.8.8].53 [172.17.0.10].44980 \ dns QUERY,NOERROR,41808,qr|rd|ra \ 1 google.com.,IN,A \ @@ -356,11 +356,11 @@ ns1.google.com.,IN,A,331799,216.239.32.10 \ ns3.google.com.,IN,A,157797,216.239.36.10 \ ns4.google.com.,IN,A,157797,216.239.38.10 -[56] 2016-10-20 15:24:24.537264 [#42 dns.pcap-dist 4095] \ +[56] 2016-10-20 15:24:24.537264 [#42 dns.pcap 4095] \ [172.17.0.10].42042 [8.8.8.8].53 \ dns QUERY,NOERROR,10624,rd \ 1 google.com.,IN,A 0 0 0 -[208] 2016-10-20 15:24:24.539398 [#43 dns.pcap-dist 4095] \ +[208] 2016-10-20 15:24:24.539398 [#43 dns.pcap 4095] \ [8.8.8.8].53 [172.17.0.10].42042 \ dns QUERY,NOERROR,10624,qr|rd|ra \ 1 google.com.,IN,A \ @@ -373,11 +373,11 @@ ns1.google.com.,IN,A,331798,216.239.32.10 \ ns3.google.com.,IN,A,157796,216.239.36.10 \ ns4.google.com.,IN,A,157796,216.239.38.10 -[56] 2016-10-20 15:24:25.554744 [#44 dns.pcap-dist 4095] \ +[56] 2016-10-20 15:24:25.554744 [#44 dns.pcap 4095] \ [172.17.0.10].45703 [8.8.8.8].53 \ dns QUERY,NOERROR,61415,rd \ 1 google.com.,IN,A 0 0 0 -[208] 2016-10-20 15:24:25.556513 [#45 dns.pcap-dist 4095] \ +[208] 2016-10-20 15:24:25.556513 [#45 dns.pcap 4095] \ [8.8.8.8].53 [172.17.0.10].45703 \ dns QUERY,NOERROR,61415,qr|rd|ra \ 1 google.com.,IN,A \ @@ -390,11 +390,11 @@ ns1.google.com.,IN,A,331797,216.239.32.10 \ ns3.google.com.,IN,A,157795,216.239.36.10 \ ns4.google.com.,IN,A,157795,216.239.38.10 -[56] 2016-10-20 15:24:26.572784 [#46 dns.pcap-dist 4095] \ +[56] 2016-10-20 15:24:26.572784 [#46 dns.pcap 4095] \ [172.17.0.10].46798 [8.8.8.8].53 \ dns QUERY,NOERROR,17700,rd \ 1 google.com.,IN,A 0 0 0 -[208] 2016-10-20 15:24:26.574350 [#47 dns.pcap-dist 4095] \ +[208] 2016-10-20 15:24:26.574350 [#47 dns.pcap 4095] \ [8.8.8.8].53 [172.17.0.10].46798 \ dns QUERY,NOERROR,17700,qr|rd|ra \ 1 google.com.,IN,A \ @@ -408,11 +408,11 @@ ns3.google.com.,IN,A,157794,216.239.36.10 \ ns4.google.com.,IN,A,157794,216.239.38.10 -- not 1 -[73] 2016-10-20 15:23:01.082865 [#0 dns.pcap-dist 4095] \ +[73] 2016-10-20 15:23:01.082865 [#0 dns.pcap 4095] \ [172.17.0.10].57822 [8.8.8.8].53 \ dns QUERY,NOERROR,35665,rd \ 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 -[289] 2016-10-20 15:23:01.084107 [#1 dns.pcap-dist 4095] \ +[289] 2016-10-20 15:23:01.084107 [#1 dns.pcap 4095] \ [8.8.8.8].53 [172.17.0.10].57822 \ dns QUERY,NOERROR,35665,qr|rd|ra \ 1 206.218.58.216.in-addr.arpa.,IN,PTR \ @@ -426,11 +426,11 @@ ns3.google.com.,IN,A,157880,216.239.36.10 \ ns4.google.com.,IN,A,157880,216.239.38.10 \ ns2.google.com.,IN,A,157880,216.239.34.10 -[73] 2016-10-20 15:23:10.328324 [#2 dns.pcap-dist 4095] \ +[73] 2016-10-20 15:23:10.328324 [#2 dns.pcap 4095] \ [172.17.0.10].48658 [8.8.8.8].53 \ dns QUERY,NOERROR,18718,rd \ 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 -[289] 2016-10-20 15:23:10.329572 [#3 dns.pcap-dist 4095] \ +[289] 2016-10-20 15:23:10.329572 [#3 dns.pcap 4095] \ [8.8.8.8].53 [172.17.0.10].48658 \ dns QUERY,NOERROR,18718,qr|rd|ra \ 1 206.218.58.216.in-addr.arpa.,IN,PTR \ @@ -444,11 +444,11 @@ ns3.google.com.,IN,A,157870,216.239.36.10 \ ns4.google.com.,IN,A,157870,216.239.38.10 \ ns2.google.com.,IN,A,157870,216.239.34.10 -[73] 2016-10-20 15:23:59.090911 [#4 dns.pcap-dist 4095] \ +[73] 2016-10-20 15:23:59.090911 [#4 dns.pcap 4095] \ [172.17.0.10].33916 [8.8.8.8].53 \ dns QUERY,NOERROR,45248,rd \ 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 -[289] 2016-10-20 15:23:59.092204 [#5 dns.pcap-dist 4095] \ +[289] 2016-10-20 15:23:59.092204 [#5 dns.pcap 4095] \ [8.8.8.8].53 [172.17.0.10].33916 \ dns QUERY,NOERROR,45248,qr|rd|ra \ 1 206.218.58.216.in-addr.arpa.,IN,PTR \ @@ -462,11 +462,11 @@ ns3.google.com.,IN,A,157822,216.239.36.10 \ ns4.google.com.,IN,A,157822,216.239.38.10 \ ns2.google.com.,IN,A,157822,216.239.34.10 -[73] 2016-10-20 15:24:06.339145 [#6 dns.pcap-dist 4095] \ +[73] 2016-10-20 15:24:06.339145 [#6 dns.pcap 4095] \ [172.17.0.10].58176 [8.8.8.8].53 \ dns QUERY,NOERROR,25433,rd \ 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 -[289] 2016-10-20 15:24:06.340820 [#7 dns.pcap-dist 4095] \ +[289] 2016-10-20 15:24:06.340820 [#7 dns.pcap 4095] \ [8.8.8.8].53 [172.17.0.10].58176 \ dns QUERY,NOERROR,25433,qr|rd|ra \ 1 206.218.58.216.in-addr.arpa.,IN,PTR \ @@ -480,11 +480,11 @@ ns3.google.com.,IN,A,157814,216.239.36.10 \ ns4.google.com.,IN,A,157814,216.239.38.10 \ ns2.google.com.,IN,A,157814,216.239.34.10 -[73] 2016-10-20 15:24:07.353123 [#8 dns.pcap-dist 4095] \ +[73] 2016-10-20 15:24:07.353123 [#8 dns.pcap 4095] \ [172.17.0.10].34607 [8.8.8.8].53 \ dns QUERY,NOERROR,8470,rd \ 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 -[289] 2016-10-20 15:24:07.354682 [#9 dns.pcap-dist 4095] \ +[289] 2016-10-20 15:24:07.354682 [#9 dns.pcap 4095] \ [8.8.8.8].53 [172.17.0.10].34607 \ dns QUERY,NOERROR,8470,qr|rd|ra \ 1 206.218.58.216.in-addr.arpa.,IN,PTR \ @@ -498,11 +498,11 @@ ns3.google.com.,IN,A,157813,216.239.36.10 \ ns4.google.com.,IN,A,157813,216.239.38.10 \ ns2.google.com.,IN,A,157813,216.239.34.10 -[73] 2016-10-20 15:24:08.368516 [#10 dns.pcap-dist 4095] \ +[73] 2016-10-20 15:24:08.368516 [#10 dns.pcap 4095] \ [172.17.0.10].37149 [8.8.8.8].53 \ dns QUERY,NOERROR,44985,rd \ 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 -[289] 2016-10-20 15:24:08.370119 [#11 dns.pcap-dist 4095] \ +[289] 2016-10-20 15:24:08.370119 [#11 dns.pcap 4095] \ [8.8.8.8].53 [172.17.0.10].37149 \ dns QUERY,NOERROR,44985,qr|rd|ra \ 1 206.218.58.216.in-addr.arpa.,IN,PTR \ @@ -516,11 +516,11 @@ ns3.google.com.,IN,A,157812,216.239.36.10 \ ns4.google.com.,IN,A,157812,216.239.38.10 \ ns2.google.com.,IN,A,157812,216.239.34.10 -[73] 2016-10-20 15:24:09.384057 [#12 dns.pcap-dist 4095] \ +[73] 2016-10-20 15:24:09.384057 [#12 dns.pcap 4095] \ [172.17.0.10].52368 [8.8.8.8].53 \ dns QUERY,NOERROR,22980,rd \ 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 -[289] 2016-10-20 15:24:09.385463 [#13 dns.pcap-dist 4095] \ +[289] 2016-10-20 15:24:09.385463 [#13 dns.pcap 4095] \ [8.8.8.8].53 [172.17.0.10].52368 \ dns QUERY,NOERROR,22980,qr|rd|ra \ 1 206.218.58.216.in-addr.arpa.,IN,PTR \ @@ -534,11 +534,11 @@ ns3.google.com.,IN,A,157811,216.239.36.10 \ ns4.google.com.,IN,A,157811,216.239.38.10 \ ns2.google.com.,IN,A,157811,216.239.34.10 -[73] 2016-10-20 15:24:10.398099 [#14 dns.pcap-dist 4095] \ +[73] 2016-10-20 15:24:10.398099 [#14 dns.pcap 4095] \ [172.17.0.10].34426 [8.8.8.8].53 \ dns QUERY,NOERROR,25431,rd \ 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 -[289] 2016-10-20 15:24:10.400317 [#15 dns.pcap-dist 4095] \ +[289] 2016-10-20 15:24:10.400317 [#15 dns.pcap 4095] \ [8.8.8.8].53 [172.17.0.10].34426 \ dns QUERY,NOERROR,25431,qr|rd|ra \ 1 206.218.58.216.in-addr.arpa.,IN,PTR \ @@ -552,11 +552,11 @@ ns3.google.com.,IN,A,157810,216.239.36.10 \ ns4.google.com.,IN,A,157810,216.239.38.10 \ ns2.google.com.,IN,A,157810,216.239.34.10 -[73] 2016-10-20 15:24:11.412133 [#16 dns.pcap-dist 4095] \ +[73] 2016-10-20 15:24:11.412133 [#16 dns.pcap 4095] \ [172.17.0.10].51181 [8.8.8.8].53 \ dns QUERY,NOERROR,47411,rd \ 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 -[289] 2016-10-20 15:24:11.413370 [#17 dns.pcap-dist 4095] \ +[289] 2016-10-20 15:24:11.413370 [#17 dns.pcap 4095] \ [8.8.8.8].53 [172.17.0.10].51181 \ dns QUERY,NOERROR,47411,qr|rd|ra \ 1 206.218.58.216.in-addr.arpa.,IN,PTR \ @@ -570,11 +570,11 @@ ns3.google.com.,IN,A,157809,216.239.36.10 \ ns4.google.com.,IN,A,157809,216.239.38.10 \ ns2.google.com.,IN,A,157809,216.239.34.10 -[73] 2016-10-20 15:24:18.452451 [#18 dns.pcap-dist 4095] \ +[73] 2016-10-20 15:24:18.452451 [#18 dns.pcap 4095] \ [172.17.0.10].40224 [8.8.8.8].53 \ dns QUERY,NOERROR,60808,rd \ 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 -[289] 2016-10-20 15:24:18.454030 [#19 dns.pcap-dist 4095] \ +[289] 2016-10-20 15:24:18.454030 [#19 dns.pcap 4095] \ [8.8.8.8].53 [172.17.0.10].40224 \ dns QUERY,NOERROR,60808,qr|rd|ra \ 1 206.218.58.216.in-addr.arpa.,IN,PTR \ @@ -588,11 +588,11 @@ ns3.google.com.,IN,A,157802,216.239.36.10 \ ns4.google.com.,IN,A,157802,216.239.38.10 \ ns2.google.com.,IN,A,157802,216.239.34.10 -[73] 2016-10-20 15:24:19.467324 [#20 dns.pcap-dist 4095] \ +[73] 2016-10-20 15:24:19.467324 [#20 dns.pcap 4095] \ [172.17.0.10].60457 [8.8.8.8].53 \ dns QUERY,NOERROR,25543,rd \ 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 -[289] 2016-10-20 15:24:19.468895 [#21 dns.pcap-dist 4095] \ +[289] 2016-10-20 15:24:19.468895 [#21 dns.pcap 4095] \ [8.8.8.8].53 [172.17.0.10].60457 \ dns QUERY,NOERROR,25543,qr|rd|ra \ 1 206.218.58.216.in-addr.arpa.,IN,PTR \ @@ -606,11 +606,11 @@ ns3.google.com.,IN,A,157801,216.239.36.10 \ ns4.google.com.,IN,A,157801,216.239.38.10 \ ns2.google.com.,IN,A,157801,216.239.34.10 -[73] 2016-10-20 15:24:20.482188 [#22 dns.pcap-dist 4095] \ +[73] 2016-10-20 15:24:20.482188 [#22 dns.pcap 4095] \ [172.17.0.10].56022 [8.8.8.8].53 \ dns QUERY,NOERROR,25911,rd \ 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 -[289] 2016-10-20 15:24:20.483927 [#23 dns.pcap-dist 4095] \ +[289] 2016-10-20 15:24:20.483927 [#23 dns.pcap 4095] \ [8.8.8.8].53 [172.17.0.10].56022 \ dns QUERY,NOERROR,25911,qr|rd|ra \ 1 206.218.58.216.in-addr.arpa.,IN,PTR \ @@ -624,11 +624,11 @@ ns3.google.com.,IN,A,157800,216.239.36.10 \ ns4.google.com.,IN,A,157800,216.239.38.10 \ ns2.google.com.,IN,A,157800,216.239.34.10 -[73] 2016-10-20 15:24:21.495324 [#24 dns.pcap-dist 4095] \ +[73] 2016-10-20 15:24:21.495324 [#24 dns.pcap 4095] \ [172.17.0.10].42978 [8.8.8.8].53 \ dns QUERY,NOERROR,37698,rd \ 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 -[289] 2016-10-20 15:24:21.496815 [#25 dns.pcap-dist 4095] \ +[289] 2016-10-20 15:24:21.496815 [#25 dns.pcap 4095] \ [8.8.8.8].53 [172.17.0.10].42978 \ dns QUERY,NOERROR,37698,qr|rd|ra \ 1 206.218.58.216.in-addr.arpa.,IN,PTR \ @@ -642,11 +642,11 @@ ns3.google.com.,IN,A,157799,216.239.36.10 \ ns4.google.com.,IN,A,157799,216.239.38.10 \ ns2.google.com.,IN,A,157799,216.239.34.10 -[73] 2016-10-20 15:24:22.510176 [#26 dns.pcap-dist 4095] \ +[73] 2016-10-20 15:24:22.510176 [#26 dns.pcap 4095] \ [172.17.0.10].50599 [8.8.8.8].53 \ dns QUERY,NOERROR,32142,rd \ 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 -[289] 2016-10-20 15:24:22.511746 [#27 dns.pcap-dist 4095] \ +[289] 2016-10-20 15:24:22.511746 [#27 dns.pcap 4095] \ [8.8.8.8].53 [172.17.0.10].50599 \ dns QUERY,NOERROR,32142,qr|rd|ra \ 1 206.218.58.216.in-addr.arpa.,IN,PTR \ @@ -660,11 +660,11 @@ ns3.google.com.,IN,A,157798,216.239.36.10 \ ns4.google.com.,IN,A,157798,216.239.38.10 \ ns2.google.com.,IN,A,157798,216.239.34.10 -[73] 2016-10-20 15:24:23.527449 [#28 dns.pcap-dist 4095] \ +[73] 2016-10-20 15:24:23.527449 [#28 dns.pcap 4095] \ [172.17.0.10].60063 [8.8.8.8].53 \ dns QUERY,NOERROR,18886,rd \ 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 -[289] 2016-10-20 15:24:23.529385 [#29 dns.pcap-dist 4095] \ +[289] 2016-10-20 15:24:23.529385 [#29 dns.pcap 4095] \ [8.8.8.8].53 [172.17.0.10].60063 \ dns QUERY,NOERROR,18886,qr|rd|ra \ 1 206.218.58.216.in-addr.arpa.,IN,PTR \ @@ -678,11 +678,11 @@ ns3.google.com.,IN,A,157797,216.239.36.10 \ ns4.google.com.,IN,A,157797,216.239.38.10 \ ns2.google.com.,IN,A,157797,216.239.34.10 -[73] 2016-10-20 15:24:24.544538 [#30 dns.pcap-dist 4095] \ +[73] 2016-10-20 15:24:24.544538 [#30 dns.pcap 4095] \ [172.17.0.10].60469 [8.8.8.8].53 \ dns QUERY,NOERROR,33139,rd \ 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 -[289] 2016-10-20 15:24:24.546172 [#31 dns.pcap-dist 4095] \ +[289] 2016-10-20 15:24:24.546172 [#31 dns.pcap 4095] \ [8.8.8.8].53 [172.17.0.10].60469 \ dns QUERY,NOERROR,33139,qr|rd|ra \ 1 206.218.58.216.in-addr.arpa.,IN,PTR \ @@ -696,11 +696,11 @@ ns3.google.com.,IN,A,157796,216.239.36.10 \ ns4.google.com.,IN,A,157796,216.239.38.10 \ ns2.google.com.,IN,A,157796,216.239.34.10 -[73] 2016-10-20 15:24:25.562608 [#32 dns.pcap-dist 4095] \ +[73] 2016-10-20 15:24:25.562608 [#32 dns.pcap 4095] \ [172.17.0.10].33507 [8.8.8.8].53 \ dns QUERY,NOERROR,59258,rd \ 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 -[289] 2016-10-20 15:24:25.564509 [#33 dns.pcap-dist 4095] \ +[289] 2016-10-20 15:24:25.564509 [#33 dns.pcap 4095] \ [8.8.8.8].53 [172.17.0.10].33507 \ dns QUERY,NOERROR,59258,qr|rd|ra \ 1 206.218.58.216.in-addr.arpa.,IN,PTR \ @@ -715,11 +715,11 @@ ns4.google.com.,IN,A,157795,216.239.38.10 \ ns2.google.com.,IN,A,157795,216.239.34.10 -- only PTR -[73] 2016-10-20 15:23:01.082865 [#0 dns.pcap-dist 4095] \ +[73] 2016-10-20 15:23:01.082865 [#0 dns.pcap 4095] \ [172.17.0.10].57822 [8.8.8.8].53 \ dns QUERY,NOERROR,35665,rd \ 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 -[289] 2016-10-20 15:23:01.084107 [#1 dns.pcap-dist 4095] \ +[289] 2016-10-20 15:23:01.084107 [#1 dns.pcap 4095] \ [8.8.8.8].53 [172.17.0.10].57822 \ dns QUERY,NOERROR,35665,qr|rd|ra \ 1 206.218.58.216.in-addr.arpa.,IN,PTR \ @@ -733,11 +733,11 @@ ns3.google.com.,IN,A,157880,216.239.36.10 \ ns4.google.com.,IN,A,157880,216.239.38.10 \ ns2.google.com.,IN,A,157880,216.239.34.10 -[73] 2016-10-20 15:23:10.328324 [#2 dns.pcap-dist 4095] \ +[73] 2016-10-20 15:23:10.328324 [#2 dns.pcap 4095] \ [172.17.0.10].48658 [8.8.8.8].53 \ dns QUERY,NOERROR,18718,rd \ 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 -[289] 2016-10-20 15:23:10.329572 [#3 dns.pcap-dist 4095] \ +[289] 2016-10-20 15:23:10.329572 [#3 dns.pcap 4095] \ [8.8.8.8].53 [172.17.0.10].48658 \ dns QUERY,NOERROR,18718,qr|rd|ra \ 1 206.218.58.216.in-addr.arpa.,IN,PTR \ @@ -751,11 +751,11 @@ ns3.google.com.,IN,A,157870,216.239.36.10 \ ns4.google.com.,IN,A,157870,216.239.38.10 \ ns2.google.com.,IN,A,157870,216.239.34.10 -[73] 2016-10-20 15:23:59.090911 [#4 dns.pcap-dist 4095] \ +[73] 2016-10-20 15:23:59.090911 [#4 dns.pcap 4095] \ [172.17.0.10].33916 [8.8.8.8].53 \ dns QUERY,NOERROR,45248,rd \ 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 -[289] 2016-10-20 15:23:59.092204 [#5 dns.pcap-dist 4095] \ +[289] 2016-10-20 15:23:59.092204 [#5 dns.pcap 4095] \ [8.8.8.8].53 [172.17.0.10].33916 \ dns QUERY,NOERROR,45248,qr|rd|ra \ 1 206.218.58.216.in-addr.arpa.,IN,PTR \ @@ -769,11 +769,11 @@ ns3.google.com.,IN,A,157822,216.239.36.10 \ ns4.google.com.,IN,A,157822,216.239.38.10 \ ns2.google.com.,IN,A,157822,216.239.34.10 -[73] 2016-10-20 15:24:06.339145 [#6 dns.pcap-dist 4095] \ +[73] 2016-10-20 15:24:06.339145 [#6 dns.pcap 4095] \ [172.17.0.10].58176 [8.8.8.8].53 \ dns QUERY,NOERROR,25433,rd \ 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 -[289] 2016-10-20 15:24:06.340820 [#7 dns.pcap-dist 4095] \ +[289] 2016-10-20 15:24:06.340820 [#7 dns.pcap 4095] \ [8.8.8.8].53 [172.17.0.10].58176 \ dns QUERY,NOERROR,25433,qr|rd|ra \ 1 206.218.58.216.in-addr.arpa.,IN,PTR \ @@ -787,11 +787,11 @@ ns3.google.com.,IN,A,157814,216.239.36.10 \ ns4.google.com.,IN,A,157814,216.239.38.10 \ ns2.google.com.,IN,A,157814,216.239.34.10 -[73] 2016-10-20 15:24:07.353123 [#8 dns.pcap-dist 4095] \ +[73] 2016-10-20 15:24:07.353123 [#8 dns.pcap 4095] \ [172.17.0.10].34607 [8.8.8.8].53 \ dns QUERY,NOERROR,8470,rd \ 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 -[289] 2016-10-20 15:24:07.354682 [#9 dns.pcap-dist 4095] \ +[289] 2016-10-20 15:24:07.354682 [#9 dns.pcap 4095] \ [8.8.8.8].53 [172.17.0.10].34607 \ dns QUERY,NOERROR,8470,qr|rd|ra \ 1 206.218.58.216.in-addr.arpa.,IN,PTR \ @@ -805,11 +805,11 @@ ns3.google.com.,IN,A,157813,216.239.36.10 \ ns4.google.com.,IN,A,157813,216.239.38.10 \ ns2.google.com.,IN,A,157813,216.239.34.10 -[73] 2016-10-20 15:24:08.368516 [#10 dns.pcap-dist 4095] \ +[73] 2016-10-20 15:24:08.368516 [#10 dns.pcap 4095] \ [172.17.0.10].37149 [8.8.8.8].53 \ dns QUERY,NOERROR,44985,rd \ 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 -[289] 2016-10-20 15:24:08.370119 [#11 dns.pcap-dist 4095] \ +[289] 2016-10-20 15:24:08.370119 [#11 dns.pcap 4095] \ [8.8.8.8].53 [172.17.0.10].37149 \ dns QUERY,NOERROR,44985,qr|rd|ra \ 1 206.218.58.216.in-addr.arpa.,IN,PTR \ @@ -823,11 +823,11 @@ ns3.google.com.,IN,A,157812,216.239.36.10 \ ns4.google.com.,IN,A,157812,216.239.38.10 \ ns2.google.com.,IN,A,157812,216.239.34.10 -[73] 2016-10-20 15:24:09.384057 [#12 dns.pcap-dist 4095] \ +[73] 2016-10-20 15:24:09.384057 [#12 dns.pcap 4095] \ [172.17.0.10].52368 [8.8.8.8].53 \ dns QUERY,NOERROR,22980,rd \ 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 -[289] 2016-10-20 15:24:09.385463 [#13 dns.pcap-dist 4095] \ +[289] 2016-10-20 15:24:09.385463 [#13 dns.pcap 4095] \ [8.8.8.8].53 [172.17.0.10].52368 \ dns QUERY,NOERROR,22980,qr|rd|ra \ 1 206.218.58.216.in-addr.arpa.,IN,PTR \ @@ -841,11 +841,11 @@ ns3.google.com.,IN,A,157811,216.239.36.10 \ ns4.google.com.,IN,A,157811,216.239.38.10 \ ns2.google.com.,IN,A,157811,216.239.34.10 -[73] 2016-10-20 15:24:10.398099 [#14 dns.pcap-dist 4095] \ +[73] 2016-10-20 15:24:10.398099 [#14 dns.pcap 4095] \ [172.17.0.10].34426 [8.8.8.8].53 \ dns QUERY,NOERROR,25431,rd \ 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 -[289] 2016-10-20 15:24:10.400317 [#15 dns.pcap-dist 4095] \ +[289] 2016-10-20 15:24:10.400317 [#15 dns.pcap 4095] \ [8.8.8.8].53 [172.17.0.10].34426 \ dns QUERY,NOERROR,25431,qr|rd|ra \ 1 206.218.58.216.in-addr.arpa.,IN,PTR \ @@ -859,11 +859,11 @@ ns3.google.com.,IN,A,157810,216.239.36.10 \ ns4.google.com.,IN,A,157810,216.239.38.10 \ ns2.google.com.,IN,A,157810,216.239.34.10 -[73] 2016-10-20 15:24:11.412133 [#16 dns.pcap-dist 4095] \ +[73] 2016-10-20 15:24:11.412133 [#16 dns.pcap 4095] \ [172.17.0.10].51181 [8.8.8.8].53 \ dns QUERY,NOERROR,47411,rd \ 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 -[289] 2016-10-20 15:24:11.413370 [#17 dns.pcap-dist 4095] \ +[289] 2016-10-20 15:24:11.413370 [#17 dns.pcap 4095] \ [8.8.8.8].53 [172.17.0.10].51181 \ dns QUERY,NOERROR,47411,qr|rd|ra \ 1 206.218.58.216.in-addr.arpa.,IN,PTR \ @@ -877,11 +877,11 @@ ns3.google.com.,IN,A,157809,216.239.36.10 \ ns4.google.com.,IN,A,157809,216.239.38.10 \ ns2.google.com.,IN,A,157809,216.239.34.10 -[73] 2016-10-20 15:24:18.452451 [#18 dns.pcap-dist 4095] \ +[73] 2016-10-20 15:24:18.452451 [#18 dns.pcap 4095] \ [172.17.0.10].40224 [8.8.8.8].53 \ dns QUERY,NOERROR,60808,rd \ 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 -[289] 2016-10-20 15:24:18.454030 [#19 dns.pcap-dist 4095] \ +[289] 2016-10-20 15:24:18.454030 [#19 dns.pcap 4095] \ [8.8.8.8].53 [172.17.0.10].40224 \ dns QUERY,NOERROR,60808,qr|rd|ra \ 1 206.218.58.216.in-addr.arpa.,IN,PTR \ @@ -895,11 +895,11 @@ ns3.google.com.,IN,A,157802,216.239.36.10 \ ns4.google.com.,IN,A,157802,216.239.38.10 \ ns2.google.com.,IN,A,157802,216.239.34.10 -[73] 2016-10-20 15:24:19.467324 [#20 dns.pcap-dist 4095] \ +[73] 2016-10-20 15:24:19.467324 [#20 dns.pcap 4095] \ [172.17.0.10].60457 [8.8.8.8].53 \ dns QUERY,NOERROR,25543,rd \ 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 -[289] 2016-10-20 15:24:19.468895 [#21 dns.pcap-dist 4095] \ +[289] 2016-10-20 15:24:19.468895 [#21 dns.pcap 4095] \ [8.8.8.8].53 [172.17.0.10].60457 \ dns QUERY,NOERROR,25543,qr|rd|ra \ 1 206.218.58.216.in-addr.arpa.,IN,PTR \ @@ -913,11 +913,11 @@ ns3.google.com.,IN,A,157801,216.239.36.10 \ ns4.google.com.,IN,A,157801,216.239.38.10 \ ns2.google.com.,IN,A,157801,216.239.34.10 -[73] 2016-10-20 15:24:20.482188 [#22 dns.pcap-dist 4095] \ +[73] 2016-10-20 15:24:20.482188 [#22 dns.pcap 4095] \ [172.17.0.10].56022 [8.8.8.8].53 \ dns QUERY,NOERROR,25911,rd \ 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 -[289] 2016-10-20 15:24:20.483927 [#23 dns.pcap-dist 4095] \ +[289] 2016-10-20 15:24:20.483927 [#23 dns.pcap 4095] \ [8.8.8.8].53 [172.17.0.10].56022 \ dns QUERY,NOERROR,25911,qr|rd|ra \ 1 206.218.58.216.in-addr.arpa.,IN,PTR \ @@ -931,11 +931,11 @@ ns3.google.com.,IN,A,157800,216.239.36.10 \ ns4.google.com.,IN,A,157800,216.239.38.10 \ ns2.google.com.,IN,A,157800,216.239.34.10 -[73] 2016-10-20 15:24:21.495324 [#24 dns.pcap-dist 4095] \ +[73] 2016-10-20 15:24:21.495324 [#24 dns.pcap 4095] \ [172.17.0.10].42978 [8.8.8.8].53 \ dns QUERY,NOERROR,37698,rd \ 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 -[289] 2016-10-20 15:24:21.496815 [#25 dns.pcap-dist 4095] \ +[289] 2016-10-20 15:24:21.496815 [#25 dns.pcap 4095] \ [8.8.8.8].53 [172.17.0.10].42978 \ dns QUERY,NOERROR,37698,qr|rd|ra \ 1 206.218.58.216.in-addr.arpa.,IN,PTR \ @@ -949,11 +949,11 @@ ns3.google.com.,IN,A,157799,216.239.36.10 \ ns4.google.com.,IN,A,157799,216.239.38.10 \ ns2.google.com.,IN,A,157799,216.239.34.10 -[73] 2016-10-20 15:24:22.510176 [#26 dns.pcap-dist 4095] \ +[73] 2016-10-20 15:24:22.510176 [#26 dns.pcap 4095] \ [172.17.0.10].50599 [8.8.8.8].53 \ dns QUERY,NOERROR,32142,rd \ 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 -[289] 2016-10-20 15:24:22.511746 [#27 dns.pcap-dist 4095] \ +[289] 2016-10-20 15:24:22.511746 [#27 dns.pcap 4095] \ [8.8.8.8].53 [172.17.0.10].50599 \ dns QUERY,NOERROR,32142,qr|rd|ra \ 1 206.218.58.216.in-addr.arpa.,IN,PTR \ @@ -967,11 +967,11 @@ ns3.google.com.,IN,A,157798,216.239.36.10 \ ns4.google.com.,IN,A,157798,216.239.38.10 \ ns2.google.com.,IN,A,157798,216.239.34.10 -[73] 2016-10-20 15:24:23.527449 [#28 dns.pcap-dist 4095] \ +[73] 2016-10-20 15:24:23.527449 [#28 dns.pcap 4095] \ [172.17.0.10].60063 [8.8.8.8].53 \ dns QUERY,NOERROR,18886,rd \ 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 -[289] 2016-10-20 15:24:23.529385 [#29 dns.pcap-dist 4095] \ +[289] 2016-10-20 15:24:23.529385 [#29 dns.pcap 4095] \ [8.8.8.8].53 [172.17.0.10].60063 \ dns QUERY,NOERROR,18886,qr|rd|ra \ 1 206.218.58.216.in-addr.arpa.,IN,PTR \ @@ -985,11 +985,11 @@ ns3.google.com.,IN,A,157797,216.239.36.10 \ ns4.google.com.,IN,A,157797,216.239.38.10 \ ns2.google.com.,IN,A,157797,216.239.34.10 -[73] 2016-10-20 15:24:24.544538 [#30 dns.pcap-dist 4095] \ +[73] 2016-10-20 15:24:24.544538 [#30 dns.pcap 4095] \ [172.17.0.10].60469 [8.8.8.8].53 \ dns QUERY,NOERROR,33139,rd \ 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 -[289] 2016-10-20 15:24:24.546172 [#31 dns.pcap-dist 4095] \ +[289] 2016-10-20 15:24:24.546172 [#31 dns.pcap 4095] \ [8.8.8.8].53 [172.17.0.10].60469 \ dns QUERY,NOERROR,33139,qr|rd|ra \ 1 206.218.58.216.in-addr.arpa.,IN,PTR \ @@ -1003,11 +1003,11 @@ ns3.google.com.,IN,A,157796,216.239.36.10 \ ns4.google.com.,IN,A,157796,216.239.38.10 \ ns2.google.com.,IN,A,157796,216.239.34.10 -[73] 2016-10-20 15:24:25.562608 [#32 dns.pcap-dist 4095] \ +[73] 2016-10-20 15:24:25.562608 [#32 dns.pcap 4095] \ [172.17.0.10].33507 [8.8.8.8].53 \ dns QUERY,NOERROR,59258,rd \ 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 -[289] 2016-10-20 15:24:25.564509 [#33 dns.pcap-dist 4095] \ +[289] 2016-10-20 15:24:25.564509 [#33 dns.pcap 4095] \ [8.8.8.8].53 [172.17.0.10].33507 \ dns QUERY,NOERROR,59258,qr|rd|ra \ 1 206.218.58.216.in-addr.arpa.,IN,PTR \ @@ -1022,11 +1022,11 @@ ns4.google.com.,IN,A,157795,216.239.38.10 \ ns2.google.com.,IN,A,157795,216.239.34.10 -- not PTR -[56] 2016-10-20 15:23:01.075993 [#0 dns.pcap-dist 4095] \ +[56] 2016-10-20 15:23:01.075993 [#0 dns.pcap 4095] \ [172.17.0.10].53199 [8.8.8.8].53 \ dns QUERY,NOERROR,59311,rd \ 1 google.com.,IN,A 0 0 0 -[208] 2016-10-20 15:23:01.077982 [#1 dns.pcap-dist 4095] \ +[208] 2016-10-20 15:23:01.077982 [#1 dns.pcap 4095] \ [8.8.8.8].53 [172.17.0.10].53199 \ dns QUERY,NOERROR,59311,qr|rd|ra \ 1 google.com.,IN,A \ @@ -1039,11 +1039,11 @@ ns1.google.com.,IN,A,331882,216.239.32.10 \ ns3.google.com.,IN,A,157880,216.239.36.10 \ ns4.google.com.,IN,A,157880,216.239.38.10 -[56] 2016-10-20 15:23:01.087291 [#2 dns.pcap-dist 4095] \ +[56] 2016-10-20 15:23:01.087291 [#2 dns.pcap 4095] \ [172.17.0.10].40043 [8.8.8.8].53 \ dns QUERY,NOERROR,5337,rd \ 1 google.com.,IN,A 0 0 0 -[208] 2016-10-20 15:23:01.088733 [#3 dns.pcap-dist 4095] \ +[208] 2016-10-20 15:23:01.088733 [#3 dns.pcap 4095] \ [8.8.8.8].53 [172.17.0.10].40043 \ dns QUERY,NOERROR,5337,qr|rd|ra \ 1 google.com.,IN,A \ @@ -1056,11 +1056,11 @@ ns1.google.com.,IN,A,331882,216.239.32.10 \ ns3.google.com.,IN,A,157880,216.239.36.10 \ ns4.google.com.,IN,A,157880,216.239.38.10 -[56] 2016-10-20 15:23:10.322117 [#4 dns.pcap-dist 4095] \ +[56] 2016-10-20 15:23:10.322117 [#4 dns.pcap 4095] \ [172.17.0.10].37953 [8.8.8.8].53 \ dns QUERY,NOERROR,22982,rd \ 1 google.com.,IN,A 0 0 0 -[208] 2016-10-20 15:23:10.323399 [#5 dns.pcap-dist 4095] \ +[208] 2016-10-20 15:23:10.323399 [#5 dns.pcap 4095] \ [8.8.8.8].53 [172.17.0.10].37953 \ dns QUERY,NOERROR,22982,qr|rd|ra \ 1 google.com.,IN,A \ @@ -1073,11 +1073,11 @@ ns1.google.com.,IN,A,331872,216.239.32.10 \ ns3.google.com.,IN,A,157870,216.239.36.10 \ ns4.google.com.,IN,A,157870,216.239.38.10 -[56] 2016-10-20 15:23:52.860937 [#6 dns.pcap-dist 4095] \ +[56] 2016-10-20 15:23:52.860937 [#6 dns.pcap 4095] \ [172.17.0.10].40953 [8.8.8.8].53 \ dns QUERY,NOERROR,22531,rd \ 1 google.com.,IN,A 0 0 0 -[208] 2016-10-20 15:23:52.863771 [#7 dns.pcap-dist 4095] \ +[208] 2016-10-20 15:23:52.863771 [#7 dns.pcap 4095] \ [8.8.8.8].53 [172.17.0.10].40953 \ dns QUERY,NOERROR,22531,qr|rd|ra \ 1 google.com.,IN,A \ @@ -1090,11 +1090,11 @@ ns1.google.com.,IN,A,331830,216.239.32.10 \ ns3.google.com.,IN,A,157828,216.239.36.10 \ ns4.google.com.,IN,A,157828,216.239.38.10 -[56] 2016-10-20 15:23:59.083869 [#8 dns.pcap-dist 4095] \ +[56] 2016-10-20 15:23:59.083869 [#8 dns.pcap 4095] \ [172.17.0.10].45174 [8.8.8.8].53 \ dns QUERY,NOERROR,58510,rd \ 1 google.com.,IN,A 0 0 0 -[208] 2016-10-20 15:23:59.086104 [#9 dns.pcap-dist 4095] \ +[208] 2016-10-20 15:23:59.086104 [#9 dns.pcap 4095] \ [8.8.8.8].53 [172.17.0.10].45174 \ dns QUERY,NOERROR,58510,qr|rd|ra \ 1 google.com.,IN,A \ @@ -1107,11 +1107,11 @@ ns1.google.com.,IN,A,331824,216.239.32.10 \ ns3.google.com.,IN,A,157822,216.239.36.10 \ ns4.google.com.,IN,A,157822,216.239.38.10 -[56] 2016-10-20 15:24:04.323868 [#10 dns.pcap-dist 4095] \ +[56] 2016-10-20 15:24:04.323868 [#10 dns.pcap 4095] \ [172.17.0.10].43559 [8.8.8.8].53 \ dns QUERY,NOERROR,49483,rd \ 1 google.com.,IN,A 0 0 0 -[208] 2016-10-20 15:24:04.325597 [#11 dns.pcap-dist 4095] \ +[208] 2016-10-20 15:24:04.325597 [#11 dns.pcap 4095] \ [8.8.8.8].53 [172.17.0.10].43559 \ dns QUERY,NOERROR,49483,qr|rd|ra \ 1 google.com.,IN,A \ @@ -1124,11 +1124,11 @@ ns1.google.com.,IN,A,331818,216.239.32.10 \ ns3.google.com.,IN,A,157816,216.239.36.10 \ ns4.google.com.,IN,A,157816,216.239.38.10 -[56] 2016-10-20 15:24:06.332239 [#12 dns.pcap-dist 4095] \ +[56] 2016-10-20 15:24:06.332239 [#12 dns.pcap 4095] \ [172.17.0.10].54859 [8.8.8.8].53 \ dns QUERY,NOERROR,31669,rd \ 1 google.com.,IN,A 0 0 0 -[208] 2016-10-20 15:24:06.333743 [#13 dns.pcap-dist 4095] \ +[208] 2016-10-20 15:24:06.333743 [#13 dns.pcap 4095] \ [8.8.8.8].53 [172.17.0.10].54859 \ dns QUERY,NOERROR,31669,qr|rd|ra \ 1 google.com.,IN,A \ @@ -1141,11 +1141,11 @@ ns1.google.com.,IN,A,331816,216.239.32.10 \ ns3.google.com.,IN,A,157814,216.239.36.10 \ ns4.google.com.,IN,A,157814,216.239.38.10 -[56] 2016-10-20 15:24:07.346429 [#14 dns.pcap-dist 4095] \ +[56] 2016-10-20 15:24:07.346429 [#14 dns.pcap 4095] \ [172.17.0.10].41266 [8.8.8.8].53 \ dns QUERY,NOERROR,63798,rd \ 1 google.com.,IN,A 0 0 0 -[208] 2016-10-20 15:24:07.348160 [#15 dns.pcap-dist 4095] \ +[208] 2016-10-20 15:24:07.348160 [#15 dns.pcap 4095] \ [8.8.8.8].53 [172.17.0.10].41266 \ dns QUERY,NOERROR,63798,qr|rd|ra \ 1 google.com.,IN,A \ @@ -1158,11 +1158,11 @@ ns1.google.com.,IN,A,331815,216.239.32.10 \ ns3.google.com.,IN,A,157813,216.239.36.10 \ ns4.google.com.,IN,A,157813,216.239.38.10 -[56] 2016-10-20 15:24:08.360528 [#16 dns.pcap-dist 4095] \ +[56] 2016-10-20 15:24:08.360528 [#16 dns.pcap 4095] \ [172.17.0.10].60437 [8.8.8.8].53 \ dns QUERY,NOERROR,60258,rd \ 1 google.com.,IN,A 0 0 0 -[208] 2016-10-20 15:24:08.362206 [#17 dns.pcap-dist 4095] \ +[208] 2016-10-20 15:24:08.362206 [#17 dns.pcap 4095] \ [8.8.8.8].53 [172.17.0.10].60437 \ dns QUERY,NOERROR,60258,qr|rd|ra \ 1 google.com.,IN,A \ @@ -1175,11 +1175,11 @@ ns1.google.com.,IN,A,331814,216.239.32.10 \ ns3.google.com.,IN,A,157812,216.239.36.10 \ ns4.google.com.,IN,A,157812,216.239.38.10 -[56] 2016-10-20 15:24:09.375942 [#18 dns.pcap-dist 4095] \ +[56] 2016-10-20 15:24:09.375942 [#18 dns.pcap 4095] \ [172.17.0.10].53820 [8.8.8.8].53 \ dns QUERY,NOERROR,45512,rd \ 1 google.com.,IN,A 0 0 0 -[208] 2016-10-20 15:24:09.378425 [#19 dns.pcap-dist 4095] \ +[208] 2016-10-20 15:24:09.378425 [#19 dns.pcap 4095] \ [8.8.8.8].53 [172.17.0.10].53820 \ dns QUERY,NOERROR,45512,qr|rd|ra \ 1 google.com.,IN,A \ @@ -1192,11 +1192,11 @@ ns1.google.com.,IN,A,331813,216.239.32.10 \ ns3.google.com.,IN,A,157811,216.239.36.10 \ ns4.google.com.,IN,A,157811,216.239.38.10 -[56] 2016-10-20 15:24:10.391358 [#20 dns.pcap-dist 4095] \ +[56] 2016-10-20 15:24:10.391358 [#20 dns.pcap 4095] \ [172.17.0.10].47637 [8.8.8.8].53 \ dns QUERY,NOERROR,1834,rd \ 1 google.com.,IN,A 0 0 0 -[208] 2016-10-20 15:24:10.392886 [#21 dns.pcap-dist 4095] \ +[208] 2016-10-20 15:24:10.392886 [#21 dns.pcap 4095] \ [8.8.8.8].53 [172.17.0.10].47637 \ dns QUERY,NOERROR,1834,qr|rd|ra \ 1 google.com.,IN,A \ @@ -1209,11 +1209,11 @@ ns1.google.com.,IN,A,331812,216.239.32.10 \ ns3.google.com.,IN,A,157810,216.239.36.10 \ ns4.google.com.,IN,A,157810,216.239.38.10 -[56] 2016-10-20 15:24:11.406297 [#22 dns.pcap-dist 4095] \ +[56] 2016-10-20 15:24:11.406297 [#22 dns.pcap 4095] \ [172.17.0.10].41059 [8.8.8.8].53 \ dns QUERY,NOERROR,48432,rd \ 1 google.com.,IN,A 0 0 0 -[208] 2016-10-20 15:24:11.407460 [#23 dns.pcap-dist 4095] \ +[208] 2016-10-20 15:24:11.407460 [#23 dns.pcap 4095] \ [8.8.8.8].53 [172.17.0.10].41059 \ dns QUERY,NOERROR,48432,qr|rd|ra \ 1 google.com.,IN,A \ @@ -1226,11 +1226,11 @@ ns1.google.com.,IN,A,331811,216.239.32.10 \ ns3.google.com.,IN,A,157809,216.239.36.10 \ ns4.google.com.,IN,A,157809,216.239.38.10 -[56] 2016-10-20 15:24:12.419936 [#24 dns.pcap-dist 4095] \ +[56] 2016-10-20 15:24:12.419936 [#24 dns.pcap 4095] \ [172.17.0.10].32976 [8.8.8.8].53 \ dns QUERY,NOERROR,12038,rd \ 1 google.com.,IN,A 0 0 0 -[208] 2016-10-20 15:24:12.421228 [#25 dns.pcap-dist 4095] \ +[208] 2016-10-20 15:24:12.421228 [#25 dns.pcap 4095] \ [8.8.8.8].53 [172.17.0.10].32976 \ dns QUERY,NOERROR,12038,qr|rd|ra \ 1 google.com.,IN,A \ @@ -1243,11 +1243,11 @@ ns1.google.com.,IN,A,331810,216.239.32.10 \ ns3.google.com.,IN,A,157808,216.239.36.10 \ ns4.google.com.,IN,A,157808,216.239.38.10 -[56] 2016-10-20 15:24:14.428524 [#26 dns.pcap-dist 4095] \ +[56] 2016-10-20 15:24:14.428524 [#26 dns.pcap 4095] \ [172.17.0.10].53467 [8.8.8.8].53 \ dns QUERY,NOERROR,11614,rd \ 1 google.com.,IN,A 0 0 0 -[208] 2016-10-20 15:24:14.429863 [#27 dns.pcap-dist 4095] \ +[208] 2016-10-20 15:24:14.429863 [#27 dns.pcap 4095] \ [8.8.8.8].53 [172.17.0.10].53467 \ dns QUERY,NOERROR,11614,qr|rd|ra \ 1 google.com.,IN,A \ @@ -1260,11 +1260,11 @@ ns1.google.com.,IN,A,331808,216.239.32.10 \ ns3.google.com.,IN,A,157806,216.239.36.10 \ ns4.google.com.,IN,A,157806,216.239.38.10 -[56] 2016-10-20 15:24:16.435733 [#28 dns.pcap-dist 4095] \ +[56] 2016-10-20 15:24:16.435733 [#28 dns.pcap 4095] \ [172.17.0.10].41532 [8.8.8.8].53 \ dns QUERY,NOERROR,59173,rd \ 1 google.com.,IN,A 0 0 0 -[208] 2016-10-20 15:24:16.437471 [#29 dns.pcap-dist 4095] \ +[208] 2016-10-20 15:24:16.437471 [#29 dns.pcap 4095] \ [8.8.8.8].53 [172.17.0.10].41532 \ dns QUERY,NOERROR,59173,qr|rd|ra \ 1 google.com.,IN,A \ @@ -1277,11 +1277,11 @@ ns1.google.com.,IN,A,331806,216.239.32.10 \ ns3.google.com.,IN,A,157804,216.239.36.10 \ ns4.google.com.,IN,A,157804,216.239.38.10 -[56] 2016-10-20 15:24:18.445519 [#30 dns.pcap-dist 4095] \ +[56] 2016-10-20 15:24:18.445519 [#30 dns.pcap 4095] \ [172.17.0.10].44982 [8.8.8.8].53 \ dns QUERY,NOERROR,45535,rd \ 1 google.com.,IN,A 0 0 0 -[208] 2016-10-20 15:24:18.446775 [#31 dns.pcap-dist 4095] \ +[208] 2016-10-20 15:24:18.446775 [#31 dns.pcap 4095] \ [8.8.8.8].53 [172.17.0.10].44982 \ dns QUERY,NOERROR,45535,qr|rd|ra \ 1 google.com.,IN,A \ @@ -1294,11 +1294,11 @@ ns1.google.com.,IN,A,331804,216.239.32.10 \ ns3.google.com.,IN,A,157802,216.239.36.10 \ ns4.google.com.,IN,A,157802,216.239.38.10 -[56] 2016-10-20 15:24:19.460087 [#32 dns.pcap-dist 4095] \ +[56] 2016-10-20 15:24:19.460087 [#32 dns.pcap 4095] \ [172.17.0.10].45658 [8.8.8.8].53 \ dns QUERY,NOERROR,64325,rd \ 1 google.com.,IN,A 0 0 0 -[208] 2016-10-20 15:24:19.462224 [#33 dns.pcap-dist 4095] \ +[208] 2016-10-20 15:24:19.462224 [#33 dns.pcap 4095] \ [8.8.8.8].53 [172.17.0.10].45658 \ dns QUERY,NOERROR,64325,qr|rd|ra \ 1 google.com.,IN,A \ @@ -1311,11 +1311,11 @@ ns1.google.com.,IN,A,331803,216.239.32.10 \ ns3.google.com.,IN,A,157801,216.239.36.10 \ ns4.google.com.,IN,A,157801,216.239.38.10 -[56] 2016-10-20 15:24:20.475086 [#34 dns.pcap-dist 4095] \ +[56] 2016-10-20 15:24:20.475086 [#34 dns.pcap 4095] \ [172.17.0.10].59762 [8.8.8.8].53 \ dns QUERY,NOERROR,20736,rd \ 1 google.com.,IN,A 0 0 0 -[208] 2016-10-20 15:24:20.476841 [#35 dns.pcap-dist 4095] \ +[208] 2016-10-20 15:24:20.476841 [#35 dns.pcap 4095] \ [8.8.8.8].53 [172.17.0.10].59762 \ dns QUERY,NOERROR,20736,qr|rd|ra \ 1 google.com.,IN,A \ @@ -1328,11 +1328,11 @@ ns1.google.com.,IN,A,331802,216.239.32.10 \ ns3.google.com.,IN,A,157800,216.239.36.10 \ ns4.google.com.,IN,A,157800,216.239.38.10 -[56] 2016-10-20 15:24:21.489468 [#36 dns.pcap-dist 4095] \ +[56] 2016-10-20 15:24:21.489468 [#36 dns.pcap 4095] \ [172.17.0.10].37669 [8.8.8.8].53 \ dns QUERY,NOERROR,64358,rd \ 1 google.com.,IN,A 0 0 0 -[208] 2016-10-20 15:24:21.490573 [#37 dns.pcap-dist 4095] \ +[208] 2016-10-20 15:24:21.490573 [#37 dns.pcap 4095] \ [8.8.8.8].53 [172.17.0.10].37669 \ dns QUERY,NOERROR,64358,qr|rd|ra \ 1 google.com.,IN,A \ @@ -1345,11 +1345,11 @@ ns1.google.com.,IN,A,331801,216.239.32.10 \ ns3.google.com.,IN,A,157799,216.239.36.10 \ ns4.google.com.,IN,A,157799,216.239.38.10 -[56] 2016-10-20 15:24:22.502667 [#38 dns.pcap-dist 4095] \ +[56] 2016-10-20 15:24:22.502667 [#38 dns.pcap 4095] \ [172.17.0.10].49829 [8.8.8.8].53 \ dns QUERY,NOERROR,54706,rd \ 1 google.com.,IN,A 0 0 0 -[208] 2016-10-20 15:24:22.504738 [#39 dns.pcap-dist 4095] \ +[208] 2016-10-20 15:24:22.504738 [#39 dns.pcap 4095] \ [8.8.8.8].53 [172.17.0.10].49829 \ dns QUERY,NOERROR,54706,qr|rd|ra \ 1 google.com.,IN,A \ @@ -1362,11 +1362,11 @@ ns1.google.com.,IN,A,331800,216.239.32.10 \ ns3.google.com.,IN,A,157798,216.239.36.10 \ ns4.google.com.,IN,A,157798,216.239.38.10 -[56] 2016-10-20 15:24:23.520203 [#40 dns.pcap-dist 4095] \ +[56] 2016-10-20 15:24:23.520203 [#40 dns.pcap 4095] \ [172.17.0.10].44980 [8.8.8.8].53 \ dns QUERY,NOERROR,41808,rd \ 1 google.com.,IN,A 0 0 0 -[208] 2016-10-20 15:24:23.521976 [#41 dns.pcap-dist 4095] \ +[208] 2016-10-20 15:24:23.521976 [#41 dns.pcap 4095] \ [8.8.8.8].53 [172.17.0.10].44980 \ dns QUERY,NOERROR,41808,qr|rd|ra \ 1 google.com.,IN,A \ @@ -1379,11 +1379,11 @@ ns1.google.com.,IN,A,331799,216.239.32.10 \ ns3.google.com.,IN,A,157797,216.239.36.10 \ ns4.google.com.,IN,A,157797,216.239.38.10 -[56] 2016-10-20 15:24:24.537264 [#42 dns.pcap-dist 4095] \ +[56] 2016-10-20 15:24:24.537264 [#42 dns.pcap 4095] \ [172.17.0.10].42042 [8.8.8.8].53 \ dns QUERY,NOERROR,10624,rd \ 1 google.com.,IN,A 0 0 0 -[208] 2016-10-20 15:24:24.539398 [#43 dns.pcap-dist 4095] \ +[208] 2016-10-20 15:24:24.539398 [#43 dns.pcap 4095] \ [8.8.8.8].53 [172.17.0.10].42042 \ dns QUERY,NOERROR,10624,qr|rd|ra \ 1 google.com.,IN,A \ @@ -1396,11 +1396,11 @@ ns1.google.com.,IN,A,331798,216.239.32.10 \ ns3.google.com.,IN,A,157796,216.239.36.10 \ ns4.google.com.,IN,A,157796,216.239.38.10 -[56] 2016-10-20 15:24:25.554744 [#44 dns.pcap-dist 4095] \ +[56] 2016-10-20 15:24:25.554744 [#44 dns.pcap 4095] \ [172.17.0.10].45703 [8.8.8.8].53 \ dns QUERY,NOERROR,61415,rd \ 1 google.com.,IN,A 0 0 0 -[208] 2016-10-20 15:24:25.556513 [#45 dns.pcap-dist 4095] \ +[208] 2016-10-20 15:24:25.556513 [#45 dns.pcap 4095] \ [8.8.8.8].53 [172.17.0.10].45703 \ dns QUERY,NOERROR,61415,qr|rd|ra \ 1 google.com.,IN,A \ @@ -1413,11 +1413,11 @@ ns1.google.com.,IN,A,331797,216.239.32.10 \ ns3.google.com.,IN,A,157795,216.239.36.10 \ ns4.google.com.,IN,A,157795,216.239.38.10 -[56] 2016-10-20 15:24:26.572784 [#46 dns.pcap-dist 4095] \ +[56] 2016-10-20 15:24:26.572784 [#46 dns.pcap 4095] \ [172.17.0.10].46798 [8.8.8.8].53 \ dns QUERY,NOERROR,17700,rd \ 1 google.com.,IN,A 0 0 0 -[208] 2016-10-20 15:24:26.574350 [#47 dns.pcap-dist 4095] \ +[208] 2016-10-20 15:24:26.574350 [#47 dns.pcap 4095] \ [8.8.8.8].53 [172.17.0.10].46798 \ dns QUERY,NOERROR,17700,qr|rd|ra \ 1 google.com.,IN,A \ @@ -1431,11 +1431,11 @@ ns3.google.com.,IN,A,157794,216.239.36.10 \ ns4.google.com.,IN,A,157794,216.239.38.10 -- only 1 -[56] 2016-10-20 15:23:01.075993 [#0 dns.pcap-dist 4095] \ +[56] 2016-10-20 15:23:01.075993 [#0 dns.pcap 4095] \ [172.17.0.10].53199 [8.8.8.8].53 \ dns QUERY,NOERROR,59311,rd \ 1 google.com.,IN,A 0 0 0 -[208] 2016-10-20 15:23:01.077982 [#1 dns.pcap-dist 4095] \ +[208] 2016-10-20 15:23:01.077982 [#1 dns.pcap 4095] \ [8.8.8.8].53 [172.17.0.10].53199 \ dns QUERY,NOERROR,59311,qr|rd|ra \ 1 google.com.,IN,A \ @@ -1448,11 +1448,11 @@ ns1.google.com.,IN,A,331882,216.239.32.10 \ ns3.google.com.,IN,A,157880,216.239.36.10 \ ns4.google.com.,IN,A,157880,216.239.38.10 -[56] 2016-10-20 15:23:01.087291 [#2 dns.pcap-dist 4095] \ +[56] 2016-10-20 15:23:01.087291 [#2 dns.pcap 4095] \ [172.17.0.10].40043 [8.8.8.8].53 \ dns QUERY,NOERROR,5337,rd \ 1 google.com.,IN,A 0 0 0 -[208] 2016-10-20 15:23:01.088733 [#3 dns.pcap-dist 4095] \ +[208] 2016-10-20 15:23:01.088733 [#3 dns.pcap 4095] \ [8.8.8.8].53 [172.17.0.10].40043 \ dns QUERY,NOERROR,5337,qr|rd|ra \ 1 google.com.,IN,A \ @@ -1465,11 +1465,11 @@ ns1.google.com.,IN,A,331882,216.239.32.10 \ ns3.google.com.,IN,A,157880,216.239.36.10 \ ns4.google.com.,IN,A,157880,216.239.38.10 -[56] 2016-10-20 15:23:10.322117 [#4 dns.pcap-dist 4095] \ +[56] 2016-10-20 15:23:10.322117 [#4 dns.pcap 4095] \ [172.17.0.10].37953 [8.8.8.8].53 \ dns QUERY,NOERROR,22982,rd \ 1 google.com.,IN,A 0 0 0 -[208] 2016-10-20 15:23:10.323399 [#5 dns.pcap-dist 4095] \ +[208] 2016-10-20 15:23:10.323399 [#5 dns.pcap 4095] \ [8.8.8.8].53 [172.17.0.10].37953 \ dns QUERY,NOERROR,22982,qr|rd|ra \ 1 google.com.,IN,A \ @@ -1482,11 +1482,11 @@ ns1.google.com.,IN,A,331872,216.239.32.10 \ ns3.google.com.,IN,A,157870,216.239.36.10 \ ns4.google.com.,IN,A,157870,216.239.38.10 -[56] 2016-10-20 15:23:52.860937 [#6 dns.pcap-dist 4095] \ +[56] 2016-10-20 15:23:52.860937 [#6 dns.pcap 4095] \ [172.17.0.10].40953 [8.8.8.8].53 \ dns QUERY,NOERROR,22531,rd \ 1 google.com.,IN,A 0 0 0 -[208] 2016-10-20 15:23:52.863771 [#7 dns.pcap-dist 4095] \ +[208] 2016-10-20 15:23:52.863771 [#7 dns.pcap 4095] \ [8.8.8.8].53 [172.17.0.10].40953 \ dns QUERY,NOERROR,22531,qr|rd|ra \ 1 google.com.,IN,A \ @@ -1499,11 +1499,11 @@ ns1.google.com.,IN,A,331830,216.239.32.10 \ ns3.google.com.,IN,A,157828,216.239.36.10 \ ns4.google.com.,IN,A,157828,216.239.38.10 -[56] 2016-10-20 15:23:59.083869 [#8 dns.pcap-dist 4095] \ +[56] 2016-10-20 15:23:59.083869 [#8 dns.pcap 4095] \ [172.17.0.10].45174 [8.8.8.8].53 \ dns QUERY,NOERROR,58510,rd \ 1 google.com.,IN,A 0 0 0 -[208] 2016-10-20 15:23:59.086104 [#9 dns.pcap-dist 4095] \ +[208] 2016-10-20 15:23:59.086104 [#9 dns.pcap 4095] \ [8.8.8.8].53 [172.17.0.10].45174 \ dns QUERY,NOERROR,58510,qr|rd|ra \ 1 google.com.,IN,A \ @@ -1516,11 +1516,11 @@ ns1.google.com.,IN,A,331824,216.239.32.10 \ ns3.google.com.,IN,A,157822,216.239.36.10 \ ns4.google.com.,IN,A,157822,216.239.38.10 -[56] 2016-10-20 15:24:04.323868 [#10 dns.pcap-dist 4095] \ +[56] 2016-10-20 15:24:04.323868 [#10 dns.pcap 4095] \ [172.17.0.10].43559 [8.8.8.8].53 \ dns QUERY,NOERROR,49483,rd \ 1 google.com.,IN,A 0 0 0 -[208] 2016-10-20 15:24:04.325597 [#11 dns.pcap-dist 4095] \ +[208] 2016-10-20 15:24:04.325597 [#11 dns.pcap 4095] \ [8.8.8.8].53 [172.17.0.10].43559 \ dns QUERY,NOERROR,49483,qr|rd|ra \ 1 google.com.,IN,A \ @@ -1533,11 +1533,11 @@ ns1.google.com.,IN,A,331818,216.239.32.10 \ ns3.google.com.,IN,A,157816,216.239.36.10 \ ns4.google.com.,IN,A,157816,216.239.38.10 -[56] 2016-10-20 15:24:06.332239 [#12 dns.pcap-dist 4095] \ +[56] 2016-10-20 15:24:06.332239 [#12 dns.pcap 4095] \ [172.17.0.10].54859 [8.8.8.8].53 \ dns QUERY,NOERROR,31669,rd \ 1 google.com.,IN,A 0 0 0 -[208] 2016-10-20 15:24:06.333743 [#13 dns.pcap-dist 4095] \ +[208] 2016-10-20 15:24:06.333743 [#13 dns.pcap 4095] \ [8.8.8.8].53 [172.17.0.10].54859 \ dns QUERY,NOERROR,31669,qr|rd|ra \ 1 google.com.,IN,A \ @@ -1550,11 +1550,11 @@ ns1.google.com.,IN,A,331816,216.239.32.10 \ ns3.google.com.,IN,A,157814,216.239.36.10 \ ns4.google.com.,IN,A,157814,216.239.38.10 -[56] 2016-10-20 15:24:07.346429 [#14 dns.pcap-dist 4095] \ +[56] 2016-10-20 15:24:07.346429 [#14 dns.pcap 4095] \ [172.17.0.10].41266 [8.8.8.8].53 \ dns QUERY,NOERROR,63798,rd \ 1 google.com.,IN,A 0 0 0 -[208] 2016-10-20 15:24:07.348160 [#15 dns.pcap-dist 4095] \ +[208] 2016-10-20 15:24:07.348160 [#15 dns.pcap 4095] \ [8.8.8.8].53 [172.17.0.10].41266 \ dns QUERY,NOERROR,63798,qr|rd|ra \ 1 google.com.,IN,A \ @@ -1567,11 +1567,11 @@ ns1.google.com.,IN,A,331815,216.239.32.10 \ ns3.google.com.,IN,A,157813,216.239.36.10 \ ns4.google.com.,IN,A,157813,216.239.38.10 -[56] 2016-10-20 15:24:08.360528 [#16 dns.pcap-dist 4095] \ +[56] 2016-10-20 15:24:08.360528 [#16 dns.pcap 4095] \ [172.17.0.10].60437 [8.8.8.8].53 \ dns QUERY,NOERROR,60258,rd \ 1 google.com.,IN,A 0 0 0 -[208] 2016-10-20 15:24:08.362206 [#17 dns.pcap-dist 4095] \ +[208] 2016-10-20 15:24:08.362206 [#17 dns.pcap 4095] \ [8.8.8.8].53 [172.17.0.10].60437 \ dns QUERY,NOERROR,60258,qr|rd|ra \ 1 google.com.,IN,A \ @@ -1584,11 +1584,11 @@ ns1.google.com.,IN,A,331814,216.239.32.10 \ ns3.google.com.,IN,A,157812,216.239.36.10 \ ns4.google.com.,IN,A,157812,216.239.38.10 -[56] 2016-10-20 15:24:09.375942 [#18 dns.pcap-dist 4095] \ +[56] 2016-10-20 15:24:09.375942 [#18 dns.pcap 4095] \ [172.17.0.10].53820 [8.8.8.8].53 \ dns QUERY,NOERROR,45512,rd \ 1 google.com.,IN,A 0 0 0 -[208] 2016-10-20 15:24:09.378425 [#19 dns.pcap-dist 4095] \ +[208] 2016-10-20 15:24:09.378425 [#19 dns.pcap 4095] \ [8.8.8.8].53 [172.17.0.10].53820 \ dns QUERY,NOERROR,45512,qr|rd|ra \ 1 google.com.,IN,A \ @@ -1601,11 +1601,11 @@ ns1.google.com.,IN,A,331813,216.239.32.10 \ ns3.google.com.,IN,A,157811,216.239.36.10 \ ns4.google.com.,IN,A,157811,216.239.38.10 -[56] 2016-10-20 15:24:10.391358 [#20 dns.pcap-dist 4095] \ +[56] 2016-10-20 15:24:10.391358 [#20 dns.pcap 4095] \ [172.17.0.10].47637 [8.8.8.8].53 \ dns QUERY,NOERROR,1834,rd \ 1 google.com.,IN,A 0 0 0 -[208] 2016-10-20 15:24:10.392886 [#21 dns.pcap-dist 4095] \ +[208] 2016-10-20 15:24:10.392886 [#21 dns.pcap 4095] \ [8.8.8.8].53 [172.17.0.10].47637 \ dns QUERY,NOERROR,1834,qr|rd|ra \ 1 google.com.,IN,A \ @@ -1618,11 +1618,11 @@ ns1.google.com.,IN,A,331812,216.239.32.10 \ ns3.google.com.,IN,A,157810,216.239.36.10 \ ns4.google.com.,IN,A,157810,216.239.38.10 -[56] 2016-10-20 15:24:11.406297 [#22 dns.pcap-dist 4095] \ +[56] 2016-10-20 15:24:11.406297 [#22 dns.pcap 4095] \ [172.17.0.10].41059 [8.8.8.8].53 \ dns QUERY,NOERROR,48432,rd \ 1 google.com.,IN,A 0 0 0 -[208] 2016-10-20 15:24:11.407460 [#23 dns.pcap-dist 4095] \ +[208] 2016-10-20 15:24:11.407460 [#23 dns.pcap 4095] \ [8.8.8.8].53 [172.17.0.10].41059 \ dns QUERY,NOERROR,48432,qr|rd|ra \ 1 google.com.,IN,A \ @@ -1635,11 +1635,11 @@ ns1.google.com.,IN,A,331811,216.239.32.10 \ ns3.google.com.,IN,A,157809,216.239.36.10 \ ns4.google.com.,IN,A,157809,216.239.38.10 -[56] 2016-10-20 15:24:12.419936 [#24 dns.pcap-dist 4095] \ +[56] 2016-10-20 15:24:12.419936 [#24 dns.pcap 4095] \ [172.17.0.10].32976 [8.8.8.8].53 \ dns QUERY,NOERROR,12038,rd \ 1 google.com.,IN,A 0 0 0 -[208] 2016-10-20 15:24:12.421228 [#25 dns.pcap-dist 4095] \ +[208] 2016-10-20 15:24:12.421228 [#25 dns.pcap 4095] \ [8.8.8.8].53 [172.17.0.10].32976 \ dns QUERY,NOERROR,12038,qr|rd|ra \ 1 google.com.,IN,A \ @@ -1652,11 +1652,11 @@ ns1.google.com.,IN,A,331810,216.239.32.10 \ ns3.google.com.,IN,A,157808,216.239.36.10 \ ns4.google.com.,IN,A,157808,216.239.38.10 -[56] 2016-10-20 15:24:14.428524 [#26 dns.pcap-dist 4095] \ +[56] 2016-10-20 15:24:14.428524 [#26 dns.pcap 4095] \ [172.17.0.10].53467 [8.8.8.8].53 \ dns QUERY,NOERROR,11614,rd \ 1 google.com.,IN,A 0 0 0 -[208] 2016-10-20 15:24:14.429863 [#27 dns.pcap-dist 4095] \ +[208] 2016-10-20 15:24:14.429863 [#27 dns.pcap 4095] \ [8.8.8.8].53 [172.17.0.10].53467 \ dns QUERY,NOERROR,11614,qr|rd|ra \ 1 google.com.,IN,A \ @@ -1669,11 +1669,11 @@ ns1.google.com.,IN,A,331808,216.239.32.10 \ ns3.google.com.,IN,A,157806,216.239.36.10 \ ns4.google.com.,IN,A,157806,216.239.38.10 -[56] 2016-10-20 15:24:16.435733 [#28 dns.pcap-dist 4095] \ +[56] 2016-10-20 15:24:16.435733 [#28 dns.pcap 4095] \ [172.17.0.10].41532 [8.8.8.8].53 \ dns QUERY,NOERROR,59173,rd \ 1 google.com.,IN,A 0 0 0 -[208] 2016-10-20 15:24:16.437471 [#29 dns.pcap-dist 4095] \ +[208] 2016-10-20 15:24:16.437471 [#29 dns.pcap 4095] \ [8.8.8.8].53 [172.17.0.10].41532 \ dns QUERY,NOERROR,59173,qr|rd|ra \ 1 google.com.,IN,A \ @@ -1686,11 +1686,11 @@ ns1.google.com.,IN,A,331806,216.239.32.10 \ ns3.google.com.,IN,A,157804,216.239.36.10 \ ns4.google.com.,IN,A,157804,216.239.38.10 -[56] 2016-10-20 15:24:18.445519 [#30 dns.pcap-dist 4095] \ +[56] 2016-10-20 15:24:18.445519 [#30 dns.pcap 4095] \ [172.17.0.10].44982 [8.8.8.8].53 \ dns QUERY,NOERROR,45535,rd \ 1 google.com.,IN,A 0 0 0 -[208] 2016-10-20 15:24:18.446775 [#31 dns.pcap-dist 4095] \ +[208] 2016-10-20 15:24:18.446775 [#31 dns.pcap 4095] \ [8.8.8.8].53 [172.17.0.10].44982 \ dns QUERY,NOERROR,45535,qr|rd|ra \ 1 google.com.,IN,A \ @@ -1703,11 +1703,11 @@ ns1.google.com.,IN,A,331804,216.239.32.10 \ ns3.google.com.,IN,A,157802,216.239.36.10 \ ns4.google.com.,IN,A,157802,216.239.38.10 -[56] 2016-10-20 15:24:19.460087 [#32 dns.pcap-dist 4095] \ +[56] 2016-10-20 15:24:19.460087 [#32 dns.pcap 4095] \ [172.17.0.10].45658 [8.8.8.8].53 \ dns QUERY,NOERROR,64325,rd \ 1 google.com.,IN,A 0 0 0 -[208] 2016-10-20 15:24:19.462224 [#33 dns.pcap-dist 4095] \ +[208] 2016-10-20 15:24:19.462224 [#33 dns.pcap 4095] \ [8.8.8.8].53 [172.17.0.10].45658 \ dns QUERY,NOERROR,64325,qr|rd|ra \ 1 google.com.,IN,A \ @@ -1720,11 +1720,11 @@ ns1.google.com.,IN,A,331803,216.239.32.10 \ ns3.google.com.,IN,A,157801,216.239.36.10 \ ns4.google.com.,IN,A,157801,216.239.38.10 -[56] 2016-10-20 15:24:20.475086 [#34 dns.pcap-dist 4095] \ +[56] 2016-10-20 15:24:20.475086 [#34 dns.pcap 4095] \ [172.17.0.10].59762 [8.8.8.8].53 \ dns QUERY,NOERROR,20736,rd \ 1 google.com.,IN,A 0 0 0 -[208] 2016-10-20 15:24:20.476841 [#35 dns.pcap-dist 4095] \ +[208] 2016-10-20 15:24:20.476841 [#35 dns.pcap 4095] \ [8.8.8.8].53 [172.17.0.10].59762 \ dns QUERY,NOERROR,20736,qr|rd|ra \ 1 google.com.,IN,A \ @@ -1737,11 +1737,11 @@ ns1.google.com.,IN,A,331802,216.239.32.10 \ ns3.google.com.,IN,A,157800,216.239.36.10 \ ns4.google.com.,IN,A,157800,216.239.38.10 -[56] 2016-10-20 15:24:21.489468 [#36 dns.pcap-dist 4095] \ +[56] 2016-10-20 15:24:21.489468 [#36 dns.pcap 4095] \ [172.17.0.10].37669 [8.8.8.8].53 \ dns QUERY,NOERROR,64358,rd \ 1 google.com.,IN,A 0 0 0 -[208] 2016-10-20 15:24:21.490573 [#37 dns.pcap-dist 4095] \ +[208] 2016-10-20 15:24:21.490573 [#37 dns.pcap 4095] \ [8.8.8.8].53 [172.17.0.10].37669 \ dns QUERY,NOERROR,64358,qr|rd|ra \ 1 google.com.,IN,A \ @@ -1754,11 +1754,11 @@ ns1.google.com.,IN,A,331801,216.239.32.10 \ ns3.google.com.,IN,A,157799,216.239.36.10 \ ns4.google.com.,IN,A,157799,216.239.38.10 -[56] 2016-10-20 15:24:22.502667 [#38 dns.pcap-dist 4095] \ +[56] 2016-10-20 15:24:22.502667 [#38 dns.pcap 4095] \ [172.17.0.10].49829 [8.8.8.8].53 \ dns QUERY,NOERROR,54706,rd \ 1 google.com.,IN,A 0 0 0 -[208] 2016-10-20 15:24:22.504738 [#39 dns.pcap-dist 4095] \ +[208] 2016-10-20 15:24:22.504738 [#39 dns.pcap 4095] \ [8.8.8.8].53 [172.17.0.10].49829 \ dns QUERY,NOERROR,54706,qr|rd|ra \ 1 google.com.,IN,A \ @@ -1771,11 +1771,11 @@ ns1.google.com.,IN,A,331800,216.239.32.10 \ ns3.google.com.,IN,A,157798,216.239.36.10 \ ns4.google.com.,IN,A,157798,216.239.38.10 -[56] 2016-10-20 15:24:23.520203 [#40 dns.pcap-dist 4095] \ +[56] 2016-10-20 15:24:23.520203 [#40 dns.pcap 4095] \ [172.17.0.10].44980 [8.8.8.8].53 \ dns QUERY,NOERROR,41808,rd \ 1 google.com.,IN,A 0 0 0 -[208] 2016-10-20 15:24:23.521976 [#41 dns.pcap-dist 4095] \ +[208] 2016-10-20 15:24:23.521976 [#41 dns.pcap 4095] \ [8.8.8.8].53 [172.17.0.10].44980 \ dns QUERY,NOERROR,41808,qr|rd|ra \ 1 google.com.,IN,A \ @@ -1788,11 +1788,11 @@ ns1.google.com.,IN,A,331799,216.239.32.10 \ ns3.google.com.,IN,A,157797,216.239.36.10 \ ns4.google.com.,IN,A,157797,216.239.38.10 -[56] 2016-10-20 15:24:24.537264 [#42 dns.pcap-dist 4095] \ +[56] 2016-10-20 15:24:24.537264 [#42 dns.pcap 4095] \ [172.17.0.10].42042 [8.8.8.8].53 \ dns QUERY,NOERROR,10624,rd \ 1 google.com.,IN,A 0 0 0 -[208] 2016-10-20 15:24:24.539398 [#43 dns.pcap-dist 4095] \ +[208] 2016-10-20 15:24:24.539398 [#43 dns.pcap 4095] \ [8.8.8.8].53 [172.17.0.10].42042 \ dns QUERY,NOERROR,10624,qr|rd|ra \ 1 google.com.,IN,A \ @@ -1805,11 +1805,11 @@ ns1.google.com.,IN,A,331798,216.239.32.10 \ ns3.google.com.,IN,A,157796,216.239.36.10 \ ns4.google.com.,IN,A,157796,216.239.38.10 -[56] 2016-10-20 15:24:25.554744 [#44 dns.pcap-dist 4095] \ +[56] 2016-10-20 15:24:25.554744 [#44 dns.pcap 4095] \ [172.17.0.10].45703 [8.8.8.8].53 \ dns QUERY,NOERROR,61415,rd \ 1 google.com.,IN,A 0 0 0 -[208] 2016-10-20 15:24:25.556513 [#45 dns.pcap-dist 4095] \ +[208] 2016-10-20 15:24:25.556513 [#45 dns.pcap 4095] \ [8.8.8.8].53 [172.17.0.10].45703 \ dns QUERY,NOERROR,61415,qr|rd|ra \ 1 google.com.,IN,A \ @@ -1822,11 +1822,11 @@ ns1.google.com.,IN,A,331797,216.239.32.10 \ ns3.google.com.,IN,A,157795,216.239.36.10 \ ns4.google.com.,IN,A,157795,216.239.38.10 -[56] 2016-10-20 15:24:26.572784 [#46 dns.pcap-dist 4095] \ +[56] 2016-10-20 15:24:26.572784 [#46 dns.pcap 4095] \ [172.17.0.10].46798 [8.8.8.8].53 \ dns QUERY,NOERROR,17700,rd \ 1 google.com.,IN,A 0 0 0 -[208] 2016-10-20 15:24:26.574350 [#47 dns.pcap-dist 4095] \ +[208] 2016-10-20 15:24:26.574350 [#47 dns.pcap 4095] \ [8.8.8.8].53 [172.17.0.10].46798 \ dns QUERY,NOERROR,17700,qr|rd|ra \ 1 google.com.,IN,A \ @@ -1840,11 +1840,11 @@ ns3.google.com.,IN,A,157794,216.239.36.10 \ ns4.google.com.,IN,A,157794,216.239.38.10 -- not 1 -[73] 2016-10-20 15:23:01.082865 [#0 dns.pcap-dist 4095] \ +[73] 2016-10-20 15:23:01.082865 [#0 dns.pcap 4095] \ [172.17.0.10].57822 [8.8.8.8].53 \ dns QUERY,NOERROR,35665,rd \ 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 -[289] 2016-10-20 15:23:01.084107 [#1 dns.pcap-dist 4095] \ +[289] 2016-10-20 15:23:01.084107 [#1 dns.pcap 4095] \ [8.8.8.8].53 [172.17.0.10].57822 \ dns QUERY,NOERROR,35665,qr|rd|ra \ 1 206.218.58.216.in-addr.arpa.,IN,PTR \ @@ -1858,11 +1858,11 @@ ns3.google.com.,IN,A,157880,216.239.36.10 \ ns4.google.com.,IN,A,157880,216.239.38.10 \ ns2.google.com.,IN,A,157880,216.239.34.10 -[73] 2016-10-20 15:23:10.328324 [#2 dns.pcap-dist 4095] \ +[73] 2016-10-20 15:23:10.328324 [#2 dns.pcap 4095] \ [172.17.0.10].48658 [8.8.8.8].53 \ dns QUERY,NOERROR,18718,rd \ 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 -[289] 2016-10-20 15:23:10.329572 [#3 dns.pcap-dist 4095] \ +[289] 2016-10-20 15:23:10.329572 [#3 dns.pcap 4095] \ [8.8.8.8].53 [172.17.0.10].48658 \ dns QUERY,NOERROR,18718,qr|rd|ra \ 1 206.218.58.216.in-addr.arpa.,IN,PTR \ @@ -1876,11 +1876,11 @@ ns3.google.com.,IN,A,157870,216.239.36.10 \ ns4.google.com.,IN,A,157870,216.239.38.10 \ ns2.google.com.,IN,A,157870,216.239.34.10 -[73] 2016-10-20 15:23:59.090911 [#4 dns.pcap-dist 4095] \ +[73] 2016-10-20 15:23:59.090911 [#4 dns.pcap 4095] \ [172.17.0.10].33916 [8.8.8.8].53 \ dns QUERY,NOERROR,45248,rd \ 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 -[289] 2016-10-20 15:23:59.092204 [#5 dns.pcap-dist 4095] \ +[289] 2016-10-20 15:23:59.092204 [#5 dns.pcap 4095] \ [8.8.8.8].53 [172.17.0.10].33916 \ dns QUERY,NOERROR,45248,qr|rd|ra \ 1 206.218.58.216.in-addr.arpa.,IN,PTR \ @@ -1894,11 +1894,11 @@ ns3.google.com.,IN,A,157822,216.239.36.10 \ ns4.google.com.,IN,A,157822,216.239.38.10 \ ns2.google.com.,IN,A,157822,216.239.34.10 -[73] 2016-10-20 15:24:06.339145 [#6 dns.pcap-dist 4095] \ +[73] 2016-10-20 15:24:06.339145 [#6 dns.pcap 4095] \ [172.17.0.10].58176 [8.8.8.8].53 \ dns QUERY,NOERROR,25433,rd \ 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 -[289] 2016-10-20 15:24:06.340820 [#7 dns.pcap-dist 4095] \ +[289] 2016-10-20 15:24:06.340820 [#7 dns.pcap 4095] \ [8.8.8.8].53 [172.17.0.10].58176 \ dns QUERY,NOERROR,25433,qr|rd|ra \ 1 206.218.58.216.in-addr.arpa.,IN,PTR \ @@ -1912,11 +1912,11 @@ ns3.google.com.,IN,A,157814,216.239.36.10 \ ns4.google.com.,IN,A,157814,216.239.38.10 \ ns2.google.com.,IN,A,157814,216.239.34.10 -[73] 2016-10-20 15:24:07.353123 [#8 dns.pcap-dist 4095] \ +[73] 2016-10-20 15:24:07.353123 [#8 dns.pcap 4095] \ [172.17.0.10].34607 [8.8.8.8].53 \ dns QUERY,NOERROR,8470,rd \ 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 -[289] 2016-10-20 15:24:07.354682 [#9 dns.pcap-dist 4095] \ +[289] 2016-10-20 15:24:07.354682 [#9 dns.pcap 4095] \ [8.8.8.8].53 [172.17.0.10].34607 \ dns QUERY,NOERROR,8470,qr|rd|ra \ 1 206.218.58.216.in-addr.arpa.,IN,PTR \ @@ -1930,11 +1930,11 @@ ns3.google.com.,IN,A,157813,216.239.36.10 \ ns4.google.com.,IN,A,157813,216.239.38.10 \ ns2.google.com.,IN,A,157813,216.239.34.10 -[73] 2016-10-20 15:24:08.368516 [#10 dns.pcap-dist 4095] \ +[73] 2016-10-20 15:24:08.368516 [#10 dns.pcap 4095] \ [172.17.0.10].37149 [8.8.8.8].53 \ dns QUERY,NOERROR,44985,rd \ 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 -[289] 2016-10-20 15:24:08.370119 [#11 dns.pcap-dist 4095] \ +[289] 2016-10-20 15:24:08.370119 [#11 dns.pcap 4095] \ [8.8.8.8].53 [172.17.0.10].37149 \ dns QUERY,NOERROR,44985,qr|rd|ra \ 1 206.218.58.216.in-addr.arpa.,IN,PTR \ @@ -1948,11 +1948,11 @@ ns3.google.com.,IN,A,157812,216.239.36.10 \ ns4.google.com.,IN,A,157812,216.239.38.10 \ ns2.google.com.,IN,A,157812,216.239.34.10 -[73] 2016-10-20 15:24:09.384057 [#12 dns.pcap-dist 4095] \ +[73] 2016-10-20 15:24:09.384057 [#12 dns.pcap 4095] \ [172.17.0.10].52368 [8.8.8.8].53 \ dns QUERY,NOERROR,22980,rd \ 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 -[289] 2016-10-20 15:24:09.385463 [#13 dns.pcap-dist 4095] \ +[289] 2016-10-20 15:24:09.385463 [#13 dns.pcap 4095] \ [8.8.8.8].53 [172.17.0.10].52368 \ dns QUERY,NOERROR,22980,qr|rd|ra \ 1 206.218.58.216.in-addr.arpa.,IN,PTR \ @@ -1966,11 +1966,11 @@ ns3.google.com.,IN,A,157811,216.239.36.10 \ ns4.google.com.,IN,A,157811,216.239.38.10 \ ns2.google.com.,IN,A,157811,216.239.34.10 -[73] 2016-10-20 15:24:10.398099 [#14 dns.pcap-dist 4095] \ +[73] 2016-10-20 15:24:10.398099 [#14 dns.pcap 4095] \ [172.17.0.10].34426 [8.8.8.8].53 \ dns QUERY,NOERROR,25431,rd \ 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 -[289] 2016-10-20 15:24:10.400317 [#15 dns.pcap-dist 4095] \ +[289] 2016-10-20 15:24:10.400317 [#15 dns.pcap 4095] \ [8.8.8.8].53 [172.17.0.10].34426 \ dns QUERY,NOERROR,25431,qr|rd|ra \ 1 206.218.58.216.in-addr.arpa.,IN,PTR \ @@ -1984,11 +1984,11 @@ ns3.google.com.,IN,A,157810,216.239.36.10 \ ns4.google.com.,IN,A,157810,216.239.38.10 \ ns2.google.com.,IN,A,157810,216.239.34.10 -[73] 2016-10-20 15:24:11.412133 [#16 dns.pcap-dist 4095] \ +[73] 2016-10-20 15:24:11.412133 [#16 dns.pcap 4095] \ [172.17.0.10].51181 [8.8.8.8].53 \ dns QUERY,NOERROR,47411,rd \ 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 -[289] 2016-10-20 15:24:11.413370 [#17 dns.pcap-dist 4095] \ +[289] 2016-10-20 15:24:11.413370 [#17 dns.pcap 4095] \ [8.8.8.8].53 [172.17.0.10].51181 \ dns QUERY,NOERROR,47411,qr|rd|ra \ 1 206.218.58.216.in-addr.arpa.,IN,PTR \ @@ -2002,11 +2002,11 @@ ns3.google.com.,IN,A,157809,216.239.36.10 \ ns4.google.com.,IN,A,157809,216.239.38.10 \ ns2.google.com.,IN,A,157809,216.239.34.10 -[73] 2016-10-20 15:24:18.452451 [#18 dns.pcap-dist 4095] \ +[73] 2016-10-20 15:24:18.452451 [#18 dns.pcap 4095] \ [172.17.0.10].40224 [8.8.8.8].53 \ dns QUERY,NOERROR,60808,rd \ 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 -[289] 2016-10-20 15:24:18.454030 [#19 dns.pcap-dist 4095] \ +[289] 2016-10-20 15:24:18.454030 [#19 dns.pcap 4095] \ [8.8.8.8].53 [172.17.0.10].40224 \ dns QUERY,NOERROR,60808,qr|rd|ra \ 1 206.218.58.216.in-addr.arpa.,IN,PTR \ @@ -2020,11 +2020,11 @@ ns3.google.com.,IN,A,157802,216.239.36.10 \ ns4.google.com.,IN,A,157802,216.239.38.10 \ ns2.google.com.,IN,A,157802,216.239.34.10 -[73] 2016-10-20 15:24:19.467324 [#20 dns.pcap-dist 4095] \ +[73] 2016-10-20 15:24:19.467324 [#20 dns.pcap 4095] \ [172.17.0.10].60457 [8.8.8.8].53 \ dns QUERY,NOERROR,25543,rd \ 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 -[289] 2016-10-20 15:24:19.468895 [#21 dns.pcap-dist 4095] \ +[289] 2016-10-20 15:24:19.468895 [#21 dns.pcap 4095] \ [8.8.8.8].53 [172.17.0.10].60457 \ dns QUERY,NOERROR,25543,qr|rd|ra \ 1 206.218.58.216.in-addr.arpa.,IN,PTR \ @@ -2038,11 +2038,11 @@ ns3.google.com.,IN,A,157801,216.239.36.10 \ ns4.google.com.,IN,A,157801,216.239.38.10 \ ns2.google.com.,IN,A,157801,216.239.34.10 -[73] 2016-10-20 15:24:20.482188 [#22 dns.pcap-dist 4095] \ +[73] 2016-10-20 15:24:20.482188 [#22 dns.pcap 4095] \ [172.17.0.10].56022 [8.8.8.8].53 \ dns QUERY,NOERROR,25911,rd \ 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 -[289] 2016-10-20 15:24:20.483927 [#23 dns.pcap-dist 4095] \ +[289] 2016-10-20 15:24:20.483927 [#23 dns.pcap 4095] \ [8.8.8.8].53 [172.17.0.10].56022 \ dns QUERY,NOERROR,25911,qr|rd|ra \ 1 206.218.58.216.in-addr.arpa.,IN,PTR \ @@ -2056,11 +2056,11 @@ ns3.google.com.,IN,A,157800,216.239.36.10 \ ns4.google.com.,IN,A,157800,216.239.38.10 \ ns2.google.com.,IN,A,157800,216.239.34.10 -[73] 2016-10-20 15:24:21.495324 [#24 dns.pcap-dist 4095] \ +[73] 2016-10-20 15:24:21.495324 [#24 dns.pcap 4095] \ [172.17.0.10].42978 [8.8.8.8].53 \ dns QUERY,NOERROR,37698,rd \ 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 -[289] 2016-10-20 15:24:21.496815 [#25 dns.pcap-dist 4095] \ +[289] 2016-10-20 15:24:21.496815 [#25 dns.pcap 4095] \ [8.8.8.8].53 [172.17.0.10].42978 \ dns QUERY,NOERROR,37698,qr|rd|ra \ 1 206.218.58.216.in-addr.arpa.,IN,PTR \ @@ -2074,11 +2074,11 @@ ns3.google.com.,IN,A,157799,216.239.36.10 \ ns4.google.com.,IN,A,157799,216.239.38.10 \ ns2.google.com.,IN,A,157799,216.239.34.10 -[73] 2016-10-20 15:24:22.510176 [#26 dns.pcap-dist 4095] \ +[73] 2016-10-20 15:24:22.510176 [#26 dns.pcap 4095] \ [172.17.0.10].50599 [8.8.8.8].53 \ dns QUERY,NOERROR,32142,rd \ 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 -[289] 2016-10-20 15:24:22.511746 [#27 dns.pcap-dist 4095] \ +[289] 2016-10-20 15:24:22.511746 [#27 dns.pcap 4095] \ [8.8.8.8].53 [172.17.0.10].50599 \ dns QUERY,NOERROR,32142,qr|rd|ra \ 1 206.218.58.216.in-addr.arpa.,IN,PTR \ @@ -2092,11 +2092,11 @@ ns3.google.com.,IN,A,157798,216.239.36.10 \ ns4.google.com.,IN,A,157798,216.239.38.10 \ ns2.google.com.,IN,A,157798,216.239.34.10 -[73] 2016-10-20 15:24:23.527449 [#28 dns.pcap-dist 4095] \ +[73] 2016-10-20 15:24:23.527449 [#28 dns.pcap 4095] \ [172.17.0.10].60063 [8.8.8.8].53 \ dns QUERY,NOERROR,18886,rd \ 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 -[289] 2016-10-20 15:24:23.529385 [#29 dns.pcap-dist 4095] \ +[289] 2016-10-20 15:24:23.529385 [#29 dns.pcap 4095] \ [8.8.8.8].53 [172.17.0.10].60063 \ dns QUERY,NOERROR,18886,qr|rd|ra \ 1 206.218.58.216.in-addr.arpa.,IN,PTR \ @@ -2110,11 +2110,11 @@ ns3.google.com.,IN,A,157797,216.239.36.10 \ ns4.google.com.,IN,A,157797,216.239.38.10 \ ns2.google.com.,IN,A,157797,216.239.34.10 -[73] 2016-10-20 15:24:24.544538 [#30 dns.pcap-dist 4095] \ +[73] 2016-10-20 15:24:24.544538 [#30 dns.pcap 4095] \ [172.17.0.10].60469 [8.8.8.8].53 \ dns QUERY,NOERROR,33139,rd \ 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 -[289] 2016-10-20 15:24:24.546172 [#31 dns.pcap-dist 4095] \ +[289] 2016-10-20 15:24:24.546172 [#31 dns.pcap 4095] \ [8.8.8.8].53 [172.17.0.10].60469 \ dns QUERY,NOERROR,33139,qr|rd|ra \ 1 206.218.58.216.in-addr.arpa.,IN,PTR \ @@ -2128,11 +2128,11 @@ ns3.google.com.,IN,A,157796,216.239.36.10 \ ns4.google.com.,IN,A,157796,216.239.38.10 \ ns2.google.com.,IN,A,157796,216.239.34.10 -[73] 2016-10-20 15:24:25.562608 [#32 dns.pcap-dist 4095] \ +[73] 2016-10-20 15:24:25.562608 [#32 dns.pcap 4095] \ [172.17.0.10].33507 [8.8.8.8].53 \ dns QUERY,NOERROR,59258,rd \ 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 -[289] 2016-10-20 15:24:25.564509 [#33 dns.pcap-dist 4095] \ +[289] 2016-10-20 15:24:25.564509 [#33 dns.pcap 4095] \ [8.8.8.8].53 [172.17.0.10].33507 \ dns QUERY,NOERROR,59258,qr|rd|ra \ 1 206.218.58.216.in-addr.arpa.,IN,PTR \ @@ -2147,11 +2147,11 @@ ns4.google.com.,IN,A,157795,216.239.38.10 \ ns2.google.com.,IN,A,157795,216.239.34.10 -- only PTR -[73] 2016-10-20 15:23:01.082865 [#0 dns.pcap-dist 4095] \ +[73] 2016-10-20 15:23:01.082865 [#0 dns.pcap 4095] \ [172.17.0.10].57822 [8.8.8.8].53 \ dns QUERY,NOERROR,35665,rd \ 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 -[289] 2016-10-20 15:23:01.084107 [#1 dns.pcap-dist 4095] \ +[289] 2016-10-20 15:23:01.084107 [#1 dns.pcap 4095] \ [8.8.8.8].53 [172.17.0.10].57822 \ dns QUERY,NOERROR,35665,qr|rd|ra \ 1 206.218.58.216.in-addr.arpa.,IN,PTR \ @@ -2165,11 +2165,11 @@ ns3.google.com.,IN,A,157880,216.239.36.10 \ ns4.google.com.,IN,A,157880,216.239.38.10 \ ns2.google.com.,IN,A,157880,216.239.34.10 -[73] 2016-10-20 15:23:10.328324 [#2 dns.pcap-dist 4095] \ +[73] 2016-10-20 15:23:10.328324 [#2 dns.pcap 4095] \ [172.17.0.10].48658 [8.8.8.8].53 \ dns QUERY,NOERROR,18718,rd \ 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 -[289] 2016-10-20 15:23:10.329572 [#3 dns.pcap-dist 4095] \ +[289] 2016-10-20 15:23:10.329572 [#3 dns.pcap 4095] \ [8.8.8.8].53 [172.17.0.10].48658 \ dns QUERY,NOERROR,18718,qr|rd|ra \ 1 206.218.58.216.in-addr.arpa.,IN,PTR \ @@ -2183,11 +2183,11 @@ ns3.google.com.,IN,A,157870,216.239.36.10 \ ns4.google.com.,IN,A,157870,216.239.38.10 \ ns2.google.com.,IN,A,157870,216.239.34.10 -[73] 2016-10-20 15:23:59.090911 [#4 dns.pcap-dist 4095] \ +[73] 2016-10-20 15:23:59.090911 [#4 dns.pcap 4095] \ [172.17.0.10].33916 [8.8.8.8].53 \ dns QUERY,NOERROR,45248,rd \ 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 -[289] 2016-10-20 15:23:59.092204 [#5 dns.pcap-dist 4095] \ +[289] 2016-10-20 15:23:59.092204 [#5 dns.pcap 4095] \ [8.8.8.8].53 [172.17.0.10].33916 \ dns QUERY,NOERROR,45248,qr|rd|ra \ 1 206.218.58.216.in-addr.arpa.,IN,PTR \ @@ -2201,11 +2201,11 @@ ns3.google.com.,IN,A,157822,216.239.36.10 \ ns4.google.com.,IN,A,157822,216.239.38.10 \ ns2.google.com.,IN,A,157822,216.239.34.10 -[73] 2016-10-20 15:24:06.339145 [#6 dns.pcap-dist 4095] \ +[73] 2016-10-20 15:24:06.339145 [#6 dns.pcap 4095] \ [172.17.0.10].58176 [8.8.8.8].53 \ dns QUERY,NOERROR,25433,rd \ 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 -[289] 2016-10-20 15:24:06.340820 [#7 dns.pcap-dist 4095] \ +[289] 2016-10-20 15:24:06.340820 [#7 dns.pcap 4095] \ [8.8.8.8].53 [172.17.0.10].58176 \ dns QUERY,NOERROR,25433,qr|rd|ra \ 1 206.218.58.216.in-addr.arpa.,IN,PTR \ @@ -2219,11 +2219,11 @@ ns3.google.com.,IN,A,157814,216.239.36.10 \ ns4.google.com.,IN,A,157814,216.239.38.10 \ ns2.google.com.,IN,A,157814,216.239.34.10 -[73] 2016-10-20 15:24:07.353123 [#8 dns.pcap-dist 4095] \ +[73] 2016-10-20 15:24:07.353123 [#8 dns.pcap 4095] \ [172.17.0.10].34607 [8.8.8.8].53 \ dns QUERY,NOERROR,8470,rd \ 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 -[289] 2016-10-20 15:24:07.354682 [#9 dns.pcap-dist 4095] \ +[289] 2016-10-20 15:24:07.354682 [#9 dns.pcap 4095] \ [8.8.8.8].53 [172.17.0.10].34607 \ dns QUERY,NOERROR,8470,qr|rd|ra \ 1 206.218.58.216.in-addr.arpa.,IN,PTR \ @@ -2237,11 +2237,11 @@ ns3.google.com.,IN,A,157813,216.239.36.10 \ ns4.google.com.,IN,A,157813,216.239.38.10 \ ns2.google.com.,IN,A,157813,216.239.34.10 -[73] 2016-10-20 15:24:08.368516 [#10 dns.pcap-dist 4095] \ +[73] 2016-10-20 15:24:08.368516 [#10 dns.pcap 4095] \ [172.17.0.10].37149 [8.8.8.8].53 \ dns QUERY,NOERROR,44985,rd \ 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 -[289] 2016-10-20 15:24:08.370119 [#11 dns.pcap-dist 4095] \ +[289] 2016-10-20 15:24:08.370119 [#11 dns.pcap 4095] \ [8.8.8.8].53 [172.17.0.10].37149 \ dns QUERY,NOERROR,44985,qr|rd|ra \ 1 206.218.58.216.in-addr.arpa.,IN,PTR \ @@ -2255,11 +2255,11 @@ ns3.google.com.,IN,A,157812,216.239.36.10 \ ns4.google.com.,IN,A,157812,216.239.38.10 \ ns2.google.com.,IN,A,157812,216.239.34.10 -[73] 2016-10-20 15:24:09.384057 [#12 dns.pcap-dist 4095] \ +[73] 2016-10-20 15:24:09.384057 [#12 dns.pcap 4095] \ [172.17.0.10].52368 [8.8.8.8].53 \ dns QUERY,NOERROR,22980,rd \ 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 -[289] 2016-10-20 15:24:09.385463 [#13 dns.pcap-dist 4095] \ +[289] 2016-10-20 15:24:09.385463 [#13 dns.pcap 4095] \ [8.8.8.8].53 [172.17.0.10].52368 \ dns QUERY,NOERROR,22980,qr|rd|ra \ 1 206.218.58.216.in-addr.arpa.,IN,PTR \ @@ -2273,11 +2273,11 @@ ns3.google.com.,IN,A,157811,216.239.36.10 \ ns4.google.com.,IN,A,157811,216.239.38.10 \ ns2.google.com.,IN,A,157811,216.239.34.10 -[73] 2016-10-20 15:24:10.398099 [#14 dns.pcap-dist 4095] \ +[73] 2016-10-20 15:24:10.398099 [#14 dns.pcap 4095] \ [172.17.0.10].34426 [8.8.8.8].53 \ dns QUERY,NOERROR,25431,rd \ 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 -[289] 2016-10-20 15:24:10.400317 [#15 dns.pcap-dist 4095] \ +[289] 2016-10-20 15:24:10.400317 [#15 dns.pcap 4095] \ [8.8.8.8].53 [172.17.0.10].34426 \ dns QUERY,NOERROR,25431,qr|rd|ra \ 1 206.218.58.216.in-addr.arpa.,IN,PTR \ @@ -2291,11 +2291,11 @@ ns3.google.com.,IN,A,157810,216.239.36.10 \ ns4.google.com.,IN,A,157810,216.239.38.10 \ ns2.google.com.,IN,A,157810,216.239.34.10 -[73] 2016-10-20 15:24:11.412133 [#16 dns.pcap-dist 4095] \ +[73] 2016-10-20 15:24:11.412133 [#16 dns.pcap 4095] \ [172.17.0.10].51181 [8.8.8.8].53 \ dns QUERY,NOERROR,47411,rd \ 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 -[289] 2016-10-20 15:24:11.413370 [#17 dns.pcap-dist 4095] \ +[289] 2016-10-20 15:24:11.413370 [#17 dns.pcap 4095] \ [8.8.8.8].53 [172.17.0.10].51181 \ dns QUERY,NOERROR,47411,qr|rd|ra \ 1 206.218.58.216.in-addr.arpa.,IN,PTR \ @@ -2309,11 +2309,11 @@ ns3.google.com.,IN,A,157809,216.239.36.10 \ ns4.google.com.,IN,A,157809,216.239.38.10 \ ns2.google.com.,IN,A,157809,216.239.34.10 -[73] 2016-10-20 15:24:18.452451 [#18 dns.pcap-dist 4095] \ +[73] 2016-10-20 15:24:18.452451 [#18 dns.pcap 4095] \ [172.17.0.10].40224 [8.8.8.8].53 \ dns QUERY,NOERROR,60808,rd \ 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 -[289] 2016-10-20 15:24:18.454030 [#19 dns.pcap-dist 4095] \ +[289] 2016-10-20 15:24:18.454030 [#19 dns.pcap 4095] \ [8.8.8.8].53 [172.17.0.10].40224 \ dns QUERY,NOERROR,60808,qr|rd|ra \ 1 206.218.58.216.in-addr.arpa.,IN,PTR \ @@ -2327,11 +2327,11 @@ ns3.google.com.,IN,A,157802,216.239.36.10 \ ns4.google.com.,IN,A,157802,216.239.38.10 \ ns2.google.com.,IN,A,157802,216.239.34.10 -[73] 2016-10-20 15:24:19.467324 [#20 dns.pcap-dist 4095] \ +[73] 2016-10-20 15:24:19.467324 [#20 dns.pcap 4095] \ [172.17.0.10].60457 [8.8.8.8].53 \ dns QUERY,NOERROR,25543,rd \ 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 -[289] 2016-10-20 15:24:19.468895 [#21 dns.pcap-dist 4095] \ +[289] 2016-10-20 15:24:19.468895 [#21 dns.pcap 4095] \ [8.8.8.8].53 [172.17.0.10].60457 \ dns QUERY,NOERROR,25543,qr|rd|ra \ 1 206.218.58.216.in-addr.arpa.,IN,PTR \ @@ -2345,11 +2345,11 @@ ns3.google.com.,IN,A,157801,216.239.36.10 \ ns4.google.com.,IN,A,157801,216.239.38.10 \ ns2.google.com.,IN,A,157801,216.239.34.10 -[73] 2016-10-20 15:24:20.482188 [#22 dns.pcap-dist 4095] \ +[73] 2016-10-20 15:24:20.482188 [#22 dns.pcap 4095] \ [172.17.0.10].56022 [8.8.8.8].53 \ dns QUERY,NOERROR,25911,rd \ 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 -[289] 2016-10-20 15:24:20.483927 [#23 dns.pcap-dist 4095] \ +[289] 2016-10-20 15:24:20.483927 [#23 dns.pcap 4095] \ [8.8.8.8].53 [172.17.0.10].56022 \ dns QUERY,NOERROR,25911,qr|rd|ra \ 1 206.218.58.216.in-addr.arpa.,IN,PTR \ @@ -2363,11 +2363,11 @@ ns3.google.com.,IN,A,157800,216.239.36.10 \ ns4.google.com.,IN,A,157800,216.239.38.10 \ ns2.google.com.,IN,A,157800,216.239.34.10 -[73] 2016-10-20 15:24:21.495324 [#24 dns.pcap-dist 4095] \ +[73] 2016-10-20 15:24:21.495324 [#24 dns.pcap 4095] \ [172.17.0.10].42978 [8.8.8.8].53 \ dns QUERY,NOERROR,37698,rd \ 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 -[289] 2016-10-20 15:24:21.496815 [#25 dns.pcap-dist 4095] \ +[289] 2016-10-20 15:24:21.496815 [#25 dns.pcap 4095] \ [8.8.8.8].53 [172.17.0.10].42978 \ dns QUERY,NOERROR,37698,qr|rd|ra \ 1 206.218.58.216.in-addr.arpa.,IN,PTR \ @@ -2381,11 +2381,11 @@ ns3.google.com.,IN,A,157799,216.239.36.10 \ ns4.google.com.,IN,A,157799,216.239.38.10 \ ns2.google.com.,IN,A,157799,216.239.34.10 -[73] 2016-10-20 15:24:22.510176 [#26 dns.pcap-dist 4095] \ +[73] 2016-10-20 15:24:22.510176 [#26 dns.pcap 4095] \ [172.17.0.10].50599 [8.8.8.8].53 \ dns QUERY,NOERROR,32142,rd \ 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 -[289] 2016-10-20 15:24:22.511746 [#27 dns.pcap-dist 4095] \ +[289] 2016-10-20 15:24:22.511746 [#27 dns.pcap 4095] \ [8.8.8.8].53 [172.17.0.10].50599 \ dns QUERY,NOERROR,32142,qr|rd|ra \ 1 206.218.58.216.in-addr.arpa.,IN,PTR \ @@ -2399,11 +2399,11 @@ ns3.google.com.,IN,A,157798,216.239.36.10 \ ns4.google.com.,IN,A,157798,216.239.38.10 \ ns2.google.com.,IN,A,157798,216.239.34.10 -[73] 2016-10-20 15:24:23.527449 [#28 dns.pcap-dist 4095] \ +[73] 2016-10-20 15:24:23.527449 [#28 dns.pcap 4095] \ [172.17.0.10].60063 [8.8.8.8].53 \ dns QUERY,NOERROR,18886,rd \ 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 -[289] 2016-10-20 15:24:23.529385 [#29 dns.pcap-dist 4095] \ +[289] 2016-10-20 15:24:23.529385 [#29 dns.pcap 4095] \ [8.8.8.8].53 [172.17.0.10].60063 \ dns QUERY,NOERROR,18886,qr|rd|ra \ 1 206.218.58.216.in-addr.arpa.,IN,PTR \ @@ -2417,11 +2417,11 @@ ns3.google.com.,IN,A,157797,216.239.36.10 \ ns4.google.com.,IN,A,157797,216.239.38.10 \ ns2.google.com.,IN,A,157797,216.239.34.10 -[73] 2016-10-20 15:24:24.544538 [#30 dns.pcap-dist 4095] \ +[73] 2016-10-20 15:24:24.544538 [#30 dns.pcap 4095] \ [172.17.0.10].60469 [8.8.8.8].53 \ dns QUERY,NOERROR,33139,rd \ 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 -[289] 2016-10-20 15:24:24.546172 [#31 dns.pcap-dist 4095] \ +[289] 2016-10-20 15:24:24.546172 [#31 dns.pcap 4095] \ [8.8.8.8].53 [172.17.0.10].60469 \ dns QUERY,NOERROR,33139,qr|rd|ra \ 1 206.218.58.216.in-addr.arpa.,IN,PTR \ @@ -2435,11 +2435,11 @@ ns3.google.com.,IN,A,157796,216.239.36.10 \ ns4.google.com.,IN,A,157796,216.239.38.10 \ ns2.google.com.,IN,A,157796,216.239.34.10 -[73] 2016-10-20 15:24:25.562608 [#32 dns.pcap-dist 4095] \ +[73] 2016-10-20 15:24:25.562608 [#32 dns.pcap 4095] \ [172.17.0.10].33507 [8.8.8.8].53 \ dns QUERY,NOERROR,59258,rd \ 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 -[289] 2016-10-20 15:24:25.564509 [#33 dns.pcap-dist 4095] \ +[289] 2016-10-20 15:24:25.564509 [#33 dns.pcap 4095] \ [8.8.8.8].53 [172.17.0.10].33507 \ dns QUERY,NOERROR,59258,qr|rd|ra \ 1 206.218.58.216.in-addr.arpa.,IN,PTR \ @@ -2454,11 +2454,11 @@ ns4.google.com.,IN,A,157795,216.239.38.10 \ ns2.google.com.,IN,A,157795,216.239.34.10 -- not PTR -[56] 2016-10-20 15:23:01.075993 [#0 dns.pcap-dist 4095] \ +[56] 2016-10-20 15:23:01.075993 [#0 dns.pcap 4095] \ [172.17.0.10].53199 [8.8.8.8].53 \ dns QUERY,NOERROR,59311,rd \ 1 google.com.,IN,A 0 0 0 -[208] 2016-10-20 15:23:01.077982 [#1 dns.pcap-dist 4095] \ +[208] 2016-10-20 15:23:01.077982 [#1 dns.pcap 4095] \ [8.8.8.8].53 [172.17.0.10].53199 \ dns QUERY,NOERROR,59311,qr|rd|ra \ 1 google.com.,IN,A \ @@ -2471,11 +2471,11 @@ ns1.google.com.,IN,A,331882,216.239.32.10 \ ns3.google.com.,IN,A,157880,216.239.36.10 \ ns4.google.com.,IN,A,157880,216.239.38.10 -[56] 2016-10-20 15:23:01.087291 [#2 dns.pcap-dist 4095] \ +[56] 2016-10-20 15:23:01.087291 [#2 dns.pcap 4095] \ [172.17.0.10].40043 [8.8.8.8].53 \ dns QUERY,NOERROR,5337,rd \ 1 google.com.,IN,A 0 0 0 -[208] 2016-10-20 15:23:01.088733 [#3 dns.pcap-dist 4095] \ +[208] 2016-10-20 15:23:01.088733 [#3 dns.pcap 4095] \ [8.8.8.8].53 [172.17.0.10].40043 \ dns QUERY,NOERROR,5337,qr|rd|ra \ 1 google.com.,IN,A \ @@ -2488,11 +2488,11 @@ ns1.google.com.,IN,A,331882,216.239.32.10 \ ns3.google.com.,IN,A,157880,216.239.36.10 \ ns4.google.com.,IN,A,157880,216.239.38.10 -[56] 2016-10-20 15:23:10.322117 [#4 dns.pcap-dist 4095] \ +[56] 2016-10-20 15:23:10.322117 [#4 dns.pcap 4095] \ [172.17.0.10].37953 [8.8.8.8].53 \ dns QUERY,NOERROR,22982,rd \ 1 google.com.,IN,A 0 0 0 -[208] 2016-10-20 15:23:10.323399 [#5 dns.pcap-dist 4095] \ +[208] 2016-10-20 15:23:10.323399 [#5 dns.pcap 4095] \ [8.8.8.8].53 [172.17.0.10].37953 \ dns QUERY,NOERROR,22982,qr|rd|ra \ 1 google.com.,IN,A \ @@ -2505,11 +2505,11 @@ ns1.google.com.,IN,A,331872,216.239.32.10 \ ns3.google.com.,IN,A,157870,216.239.36.10 \ ns4.google.com.,IN,A,157870,216.239.38.10 -[56] 2016-10-20 15:23:52.860937 [#6 dns.pcap-dist 4095] \ +[56] 2016-10-20 15:23:52.860937 [#6 dns.pcap 4095] \ [172.17.0.10].40953 [8.8.8.8].53 \ dns QUERY,NOERROR,22531,rd \ 1 google.com.,IN,A 0 0 0 -[208] 2016-10-20 15:23:52.863771 [#7 dns.pcap-dist 4095] \ +[208] 2016-10-20 15:23:52.863771 [#7 dns.pcap 4095] \ [8.8.8.8].53 [172.17.0.10].40953 \ dns QUERY,NOERROR,22531,qr|rd|ra \ 1 google.com.,IN,A \ @@ -2522,11 +2522,11 @@ ns1.google.com.,IN,A,331830,216.239.32.10 \ ns3.google.com.,IN,A,157828,216.239.36.10 \ ns4.google.com.,IN,A,157828,216.239.38.10 -[56] 2016-10-20 15:23:59.083869 [#8 dns.pcap-dist 4095] \ +[56] 2016-10-20 15:23:59.083869 [#8 dns.pcap 4095] \ [172.17.0.10].45174 [8.8.8.8].53 \ dns QUERY,NOERROR,58510,rd \ 1 google.com.,IN,A 0 0 0 -[208] 2016-10-20 15:23:59.086104 [#9 dns.pcap-dist 4095] \ +[208] 2016-10-20 15:23:59.086104 [#9 dns.pcap 4095] \ [8.8.8.8].53 [172.17.0.10].45174 \ dns QUERY,NOERROR,58510,qr|rd|ra \ 1 google.com.,IN,A \ @@ -2539,11 +2539,11 @@ ns1.google.com.,IN,A,331824,216.239.32.10 \ ns3.google.com.,IN,A,157822,216.239.36.10 \ ns4.google.com.,IN,A,157822,216.239.38.10 -[56] 2016-10-20 15:24:04.323868 [#10 dns.pcap-dist 4095] \ +[56] 2016-10-20 15:24:04.323868 [#10 dns.pcap 4095] \ [172.17.0.10].43559 [8.8.8.8].53 \ dns QUERY,NOERROR,49483,rd \ 1 google.com.,IN,A 0 0 0 -[208] 2016-10-20 15:24:04.325597 [#11 dns.pcap-dist 4095] \ +[208] 2016-10-20 15:24:04.325597 [#11 dns.pcap 4095] \ [8.8.8.8].53 [172.17.0.10].43559 \ dns QUERY,NOERROR,49483,qr|rd|ra \ 1 google.com.,IN,A \ @@ -2556,11 +2556,11 @@ ns1.google.com.,IN,A,331818,216.239.32.10 \ ns3.google.com.,IN,A,157816,216.239.36.10 \ ns4.google.com.,IN,A,157816,216.239.38.10 -[56] 2016-10-20 15:24:06.332239 [#12 dns.pcap-dist 4095] \ +[56] 2016-10-20 15:24:06.332239 [#12 dns.pcap 4095] \ [172.17.0.10].54859 [8.8.8.8].53 \ dns QUERY,NOERROR,31669,rd \ 1 google.com.,IN,A 0 0 0 -[208] 2016-10-20 15:24:06.333743 [#13 dns.pcap-dist 4095] \ +[208] 2016-10-20 15:24:06.333743 [#13 dns.pcap 4095] \ [8.8.8.8].53 [172.17.0.10].54859 \ dns QUERY,NOERROR,31669,qr|rd|ra \ 1 google.com.,IN,A \ @@ -2573,11 +2573,11 @@ ns1.google.com.,IN,A,331816,216.239.32.10 \ ns3.google.com.,IN,A,157814,216.239.36.10 \ ns4.google.com.,IN,A,157814,216.239.38.10 -[56] 2016-10-20 15:24:07.346429 [#14 dns.pcap-dist 4095] \ +[56] 2016-10-20 15:24:07.346429 [#14 dns.pcap 4095] \ [172.17.0.10].41266 [8.8.8.8].53 \ dns QUERY,NOERROR,63798,rd \ 1 google.com.,IN,A 0 0 0 -[208] 2016-10-20 15:24:07.348160 [#15 dns.pcap-dist 4095] \ +[208] 2016-10-20 15:24:07.348160 [#15 dns.pcap 4095] \ [8.8.8.8].53 [172.17.0.10].41266 \ dns QUERY,NOERROR,63798,qr|rd|ra \ 1 google.com.,IN,A \ @@ -2590,11 +2590,11 @@ ns1.google.com.,IN,A,331815,216.239.32.10 \ ns3.google.com.,IN,A,157813,216.239.36.10 \ ns4.google.com.,IN,A,157813,216.239.38.10 -[56] 2016-10-20 15:24:08.360528 [#16 dns.pcap-dist 4095] \ +[56] 2016-10-20 15:24:08.360528 [#16 dns.pcap 4095] \ [172.17.0.10].60437 [8.8.8.8].53 \ dns QUERY,NOERROR,60258,rd \ 1 google.com.,IN,A 0 0 0 -[208] 2016-10-20 15:24:08.362206 [#17 dns.pcap-dist 4095] \ +[208] 2016-10-20 15:24:08.362206 [#17 dns.pcap 4095] \ [8.8.8.8].53 [172.17.0.10].60437 \ dns QUERY,NOERROR,60258,qr|rd|ra \ 1 google.com.,IN,A \ @@ -2607,11 +2607,11 @@ ns1.google.com.,IN,A,331814,216.239.32.10 \ ns3.google.com.,IN,A,157812,216.239.36.10 \ ns4.google.com.,IN,A,157812,216.239.38.10 -[56] 2016-10-20 15:24:09.375942 [#18 dns.pcap-dist 4095] \ +[56] 2016-10-20 15:24:09.375942 [#18 dns.pcap 4095] \ [172.17.0.10].53820 [8.8.8.8].53 \ dns QUERY,NOERROR,45512,rd \ 1 google.com.,IN,A 0 0 0 -[208] 2016-10-20 15:24:09.378425 [#19 dns.pcap-dist 4095] \ +[208] 2016-10-20 15:24:09.378425 [#19 dns.pcap 4095] \ [8.8.8.8].53 [172.17.0.10].53820 \ dns QUERY,NOERROR,45512,qr|rd|ra \ 1 google.com.,IN,A \ @@ -2624,11 +2624,11 @@ ns1.google.com.,IN,A,331813,216.239.32.10 \ ns3.google.com.,IN,A,157811,216.239.36.10 \ ns4.google.com.,IN,A,157811,216.239.38.10 -[56] 2016-10-20 15:24:10.391358 [#20 dns.pcap-dist 4095] \ +[56] 2016-10-20 15:24:10.391358 [#20 dns.pcap 4095] \ [172.17.0.10].47637 [8.8.8.8].53 \ dns QUERY,NOERROR,1834,rd \ 1 google.com.,IN,A 0 0 0 -[208] 2016-10-20 15:24:10.392886 [#21 dns.pcap-dist 4095] \ +[208] 2016-10-20 15:24:10.392886 [#21 dns.pcap 4095] \ [8.8.8.8].53 [172.17.0.10].47637 \ dns QUERY,NOERROR,1834,qr|rd|ra \ 1 google.com.,IN,A \ @@ -2641,11 +2641,11 @@ ns1.google.com.,IN,A,331812,216.239.32.10 \ ns3.google.com.,IN,A,157810,216.239.36.10 \ ns4.google.com.,IN,A,157810,216.239.38.10 -[56] 2016-10-20 15:24:11.406297 [#22 dns.pcap-dist 4095] \ +[56] 2016-10-20 15:24:11.406297 [#22 dns.pcap 4095] \ [172.17.0.10].41059 [8.8.8.8].53 \ dns QUERY,NOERROR,48432,rd \ 1 google.com.,IN,A 0 0 0 -[208] 2016-10-20 15:24:11.407460 [#23 dns.pcap-dist 4095] \ +[208] 2016-10-20 15:24:11.407460 [#23 dns.pcap 4095] \ [8.8.8.8].53 [172.17.0.10].41059 \ dns QUERY,NOERROR,48432,qr|rd|ra \ 1 google.com.,IN,A \ @@ -2658,11 +2658,11 @@ ns1.google.com.,IN,A,331811,216.239.32.10 \ ns3.google.com.,IN,A,157809,216.239.36.10 \ ns4.google.com.,IN,A,157809,216.239.38.10 -[56] 2016-10-20 15:24:12.419936 [#24 dns.pcap-dist 4095] \ +[56] 2016-10-20 15:24:12.419936 [#24 dns.pcap 4095] \ [172.17.0.10].32976 [8.8.8.8].53 \ dns QUERY,NOERROR,12038,rd \ 1 google.com.,IN,A 0 0 0 -[208] 2016-10-20 15:24:12.421228 [#25 dns.pcap-dist 4095] \ +[208] 2016-10-20 15:24:12.421228 [#25 dns.pcap 4095] \ [8.8.8.8].53 [172.17.0.10].32976 \ dns QUERY,NOERROR,12038,qr|rd|ra \ 1 google.com.,IN,A \ @@ -2675,11 +2675,11 @@ ns1.google.com.,IN,A,331810,216.239.32.10 \ ns3.google.com.,IN,A,157808,216.239.36.10 \ ns4.google.com.,IN,A,157808,216.239.38.10 -[56] 2016-10-20 15:24:14.428524 [#26 dns.pcap-dist 4095] \ +[56] 2016-10-20 15:24:14.428524 [#26 dns.pcap 4095] \ [172.17.0.10].53467 [8.8.8.8].53 \ dns QUERY,NOERROR,11614,rd \ 1 google.com.,IN,A 0 0 0 -[208] 2016-10-20 15:24:14.429863 [#27 dns.pcap-dist 4095] \ +[208] 2016-10-20 15:24:14.429863 [#27 dns.pcap 4095] \ [8.8.8.8].53 [172.17.0.10].53467 \ dns QUERY,NOERROR,11614,qr|rd|ra \ 1 google.com.,IN,A \ @@ -2692,11 +2692,11 @@ ns1.google.com.,IN,A,331808,216.239.32.10 \ ns3.google.com.,IN,A,157806,216.239.36.10 \ ns4.google.com.,IN,A,157806,216.239.38.10 -[56] 2016-10-20 15:24:16.435733 [#28 dns.pcap-dist 4095] \ +[56] 2016-10-20 15:24:16.435733 [#28 dns.pcap 4095] \ [172.17.0.10].41532 [8.8.8.8].53 \ dns QUERY,NOERROR,59173,rd \ 1 google.com.,IN,A 0 0 0 -[208] 2016-10-20 15:24:16.437471 [#29 dns.pcap-dist 4095] \ +[208] 2016-10-20 15:24:16.437471 [#29 dns.pcap 4095] \ [8.8.8.8].53 [172.17.0.10].41532 \ dns QUERY,NOERROR,59173,qr|rd|ra \ 1 google.com.,IN,A \ @@ -2709,11 +2709,11 @@ ns1.google.com.,IN,A,331806,216.239.32.10 \ ns3.google.com.,IN,A,157804,216.239.36.10 \ ns4.google.com.,IN,A,157804,216.239.38.10 -[56] 2016-10-20 15:24:18.445519 [#30 dns.pcap-dist 4095] \ +[56] 2016-10-20 15:24:18.445519 [#30 dns.pcap 4095] \ [172.17.0.10].44982 [8.8.8.8].53 \ dns QUERY,NOERROR,45535,rd \ 1 google.com.,IN,A 0 0 0 -[208] 2016-10-20 15:24:18.446775 [#31 dns.pcap-dist 4095] \ +[208] 2016-10-20 15:24:18.446775 [#31 dns.pcap 4095] \ [8.8.8.8].53 [172.17.0.10].44982 \ dns QUERY,NOERROR,45535,qr|rd|ra \ 1 google.com.,IN,A \ @@ -2726,11 +2726,11 @@ ns1.google.com.,IN,A,331804,216.239.32.10 \ ns3.google.com.,IN,A,157802,216.239.36.10 \ ns4.google.com.,IN,A,157802,216.239.38.10 -[56] 2016-10-20 15:24:19.460087 [#32 dns.pcap-dist 4095] \ +[56] 2016-10-20 15:24:19.460087 [#32 dns.pcap 4095] \ [172.17.0.10].45658 [8.8.8.8].53 \ dns QUERY,NOERROR,64325,rd \ 1 google.com.,IN,A 0 0 0 -[208] 2016-10-20 15:24:19.462224 [#33 dns.pcap-dist 4095] \ +[208] 2016-10-20 15:24:19.462224 [#33 dns.pcap 4095] \ [8.8.8.8].53 [172.17.0.10].45658 \ dns QUERY,NOERROR,64325,qr|rd|ra \ 1 google.com.,IN,A \ @@ -2743,11 +2743,11 @@ ns1.google.com.,IN,A,331803,216.239.32.10 \ ns3.google.com.,IN,A,157801,216.239.36.10 \ ns4.google.com.,IN,A,157801,216.239.38.10 -[56] 2016-10-20 15:24:20.475086 [#34 dns.pcap-dist 4095] \ +[56] 2016-10-20 15:24:20.475086 [#34 dns.pcap 4095] \ [172.17.0.10].59762 [8.8.8.8].53 \ dns QUERY,NOERROR,20736,rd \ 1 google.com.,IN,A 0 0 0 -[208] 2016-10-20 15:24:20.476841 [#35 dns.pcap-dist 4095] \ +[208] 2016-10-20 15:24:20.476841 [#35 dns.pcap 4095] \ [8.8.8.8].53 [172.17.0.10].59762 \ dns QUERY,NOERROR,20736,qr|rd|ra \ 1 google.com.,IN,A \ @@ -2760,11 +2760,11 @@ ns1.google.com.,IN,A,331802,216.239.32.10 \ ns3.google.com.,IN,A,157800,216.239.36.10 \ ns4.google.com.,IN,A,157800,216.239.38.10 -[56] 2016-10-20 15:24:21.489468 [#36 dns.pcap-dist 4095] \ +[56] 2016-10-20 15:24:21.489468 [#36 dns.pcap 4095] \ [172.17.0.10].37669 [8.8.8.8].53 \ dns QUERY,NOERROR,64358,rd \ 1 google.com.,IN,A 0 0 0 -[208] 2016-10-20 15:24:21.490573 [#37 dns.pcap-dist 4095] \ +[208] 2016-10-20 15:24:21.490573 [#37 dns.pcap 4095] \ [8.8.8.8].53 [172.17.0.10].37669 \ dns QUERY,NOERROR,64358,qr|rd|ra \ 1 google.com.,IN,A \ @@ -2777,11 +2777,11 @@ ns1.google.com.,IN,A,331801,216.239.32.10 \ ns3.google.com.,IN,A,157799,216.239.36.10 \ ns4.google.com.,IN,A,157799,216.239.38.10 -[56] 2016-10-20 15:24:22.502667 [#38 dns.pcap-dist 4095] \ +[56] 2016-10-20 15:24:22.502667 [#38 dns.pcap 4095] \ [172.17.0.10].49829 [8.8.8.8].53 \ dns QUERY,NOERROR,54706,rd \ 1 google.com.,IN,A 0 0 0 -[208] 2016-10-20 15:24:22.504738 [#39 dns.pcap-dist 4095] \ +[208] 2016-10-20 15:24:22.504738 [#39 dns.pcap 4095] \ [8.8.8.8].53 [172.17.0.10].49829 \ dns QUERY,NOERROR,54706,qr|rd|ra \ 1 google.com.,IN,A \ @@ -2794,11 +2794,11 @@ ns1.google.com.,IN,A,331800,216.239.32.10 \ ns3.google.com.,IN,A,157798,216.239.36.10 \ ns4.google.com.,IN,A,157798,216.239.38.10 -[56] 2016-10-20 15:24:23.520203 [#40 dns.pcap-dist 4095] \ +[56] 2016-10-20 15:24:23.520203 [#40 dns.pcap 4095] \ [172.17.0.10].44980 [8.8.8.8].53 \ dns QUERY,NOERROR,41808,rd \ 1 google.com.,IN,A 0 0 0 -[208] 2016-10-20 15:24:23.521976 [#41 dns.pcap-dist 4095] \ +[208] 2016-10-20 15:24:23.521976 [#41 dns.pcap 4095] \ [8.8.8.8].53 [172.17.0.10].44980 \ dns QUERY,NOERROR,41808,qr|rd|ra \ 1 google.com.,IN,A \ @@ -2811,11 +2811,11 @@ ns1.google.com.,IN,A,331799,216.239.32.10 \ ns3.google.com.,IN,A,157797,216.239.36.10 \ ns4.google.com.,IN,A,157797,216.239.38.10 -[56] 2016-10-20 15:24:24.537264 [#42 dns.pcap-dist 4095] \ +[56] 2016-10-20 15:24:24.537264 [#42 dns.pcap 4095] \ [172.17.0.10].42042 [8.8.8.8].53 \ dns QUERY,NOERROR,10624,rd \ 1 google.com.,IN,A 0 0 0 -[208] 2016-10-20 15:24:24.539398 [#43 dns.pcap-dist 4095] \ +[208] 2016-10-20 15:24:24.539398 [#43 dns.pcap 4095] \ [8.8.8.8].53 [172.17.0.10].42042 \ dns QUERY,NOERROR,10624,qr|rd|ra \ 1 google.com.,IN,A \ @@ -2828,11 +2828,11 @@ ns1.google.com.,IN,A,331798,216.239.32.10 \ ns3.google.com.,IN,A,157796,216.239.36.10 \ ns4.google.com.,IN,A,157796,216.239.38.10 -[56] 2016-10-20 15:24:25.554744 [#44 dns.pcap-dist 4095] \ +[56] 2016-10-20 15:24:25.554744 [#44 dns.pcap 4095] \ [172.17.0.10].45703 [8.8.8.8].53 \ dns QUERY,NOERROR,61415,rd \ 1 google.com.,IN,A 0 0 0 -[208] 2016-10-20 15:24:25.556513 [#45 dns.pcap-dist 4095] \ +[208] 2016-10-20 15:24:25.556513 [#45 dns.pcap 4095] \ [8.8.8.8].53 [172.17.0.10].45703 \ dns QUERY,NOERROR,61415,qr|rd|ra \ 1 google.com.,IN,A \ @@ -2845,11 +2845,11 @@ ns1.google.com.,IN,A,331797,216.239.32.10 \ ns3.google.com.,IN,A,157795,216.239.36.10 \ ns4.google.com.,IN,A,157795,216.239.38.10 -[56] 2016-10-20 15:24:26.572784 [#46 dns.pcap-dist 4095] \ +[56] 2016-10-20 15:24:26.572784 [#46 dns.pcap 4095] \ [172.17.0.10].46798 [8.8.8.8].53 \ dns QUERY,NOERROR,17700,rd \ 1 google.com.,IN,A 0 0 0 -[208] 2016-10-20 15:24:26.574350 [#47 dns.pcap-dist 4095] \ +[208] 2016-10-20 15:24:26.574350 [#47 dns.pcap 4095] \ [8.8.8.8].53 [172.17.0.10].46798 \ dns QUERY,NOERROR,17700,qr|rd|ra \ 1 google.com.,IN,A \ diff --git a/src/test/test14.sh b/src/test/test14.sh index 1788f108..c4205098 100755 --- a/src/test/test14.sh +++ b/src/test/test14.sh @@ -1,22 +1,24 @@ #!/bin/sh -xe +test -e dns.pcap || ln -s "$srcdir/dns.pcap" dns.pcap + echo "-- only 1" >test14.out -../dnscap -g -q 1 -r dns.pcap-dist 2>>test14.out +../dnscap -g -q 1 -r dns.pcap 2>>test14.out echo "-- not 1" >>test14.out -../dnscap -g -Q 1 -r dns.pcap-dist 2>>test14.out +../dnscap -g -Q 1 -r dns.pcap 2>>test14.out echo "-- only PTR" >>test14.out -../dnscap -g -q PTR -r dns.pcap-dist 2>>test14.out +../dnscap -g -q PTR -r dns.pcap 2>>test14.out echo "-- not PTR" >>test14.out -../dnscap -g -Q PTR -r dns.pcap-dist 2>>test14.out +../dnscap -g -Q PTR -r dns.pcap 2>>test14.out echo "-- only 1" >>test14.out -../dnscap -g -o use_layers=yes -q 1 -r dns.pcap-dist 2>>test14.out +../dnscap -g -o use_layers=yes -q 1 -r dns.pcap 2>>test14.out echo "-- not 1" >>test14.out -../dnscap -g -o use_layers=yes -Q 1 -r dns.pcap-dist 2>>test14.out +../dnscap -g -o use_layers=yes -Q 1 -r dns.pcap 2>>test14.out echo "-- only PTR" >>test14.out -../dnscap -g -o use_layers=yes -q PTR -r dns.pcap-dist 2>>test14.out +../dnscap -g -o use_layers=yes -q PTR -r dns.pcap 2>>test14.out echo "-- not PTR" >>test14.out -../dnscap -g -o use_layers=yes -Q PTR -r dns.pcap-dist 2>>test14.out +../dnscap -g -o use_layers=yes -Q PTR -r dns.pcap 2>>test14.out mv test14.out test14.out.old grep -v "^libgcov profiling error:" test14.out.old > test14.out diff --git a/src/test/test2.sh b/src/test/test2.sh index 83cc8c01..7a5d981c 100755 --- a/src/test/test2.sh +++ b/src/test/test2.sh @@ -1,6 +1,8 @@ #!/bin/sh -xe -../dnscap -g -r dns.pcap-dist 2>no-layers.out -../dnscap -g -r dns.pcap-dist -o use_layers=yes 2>layers.out +test -e dns.pcap || ln -s "$srcdir/dns.pcap" dns.pcap + +../dnscap -g -r dns.pcap 2>no-layers.out +../dnscap -g -r dns.pcap -o use_layers=yes 2>layers.out diff no-layers.out layers.out diff --git a/src/test/test3.sh b/src/test/test3.sh index 4b651218..db521add 100755 --- a/src/test/test3.sh +++ b/src/test/test3.sh @@ -1,6 +1,8 @@ #!/bin/sh -xe -../dnscap -g -f -r frags.pcap-dist -o use_layers=yes -o defrag_ipv4=yes -o max_ipv4_fragments_per_packet=64 2>frags.out +test -e frags.pcap || ln -s "$srcdir/frags.pcap" frags.pcap + +../dnscap -g -f -r frags.pcap -o use_layers=yes -o defrag_ipv4=yes -o max_ipv4_fragments_per_packet=64 2>frags.out # remove timestamp sed -i -e 's%^\(\[[0-9]*\]\)[^\[]*\[%\1 [%g' frags.out @@ -8,6 +10,6 @@ sed -i -e 's%^\(\[[0-9]*\]\)[^\[]*\[%\1 [%g' frags.out # create gold file cp "$srcdir/dns.gold" frags.gold sed -i -e 's%^\(\[[0-9]*\]\)[^\[]*\[%\1 [%g' frags.gold -sed -i -e 's%dns.pcap-dist%frags.pcap-dist%g' frags.gold +sed -i -e 's%dns.pcap%frags.pcap%g' frags.gold diff frags.out frags.gold diff --git a/src/test/test4.sh b/src/test/test4.sh index 7cdf34ec..f5997352 100755 --- a/src/test/test4.sh +++ b/src/test/test4.sh @@ -1,6 +1,8 @@ #!/bin/sh -xe -../dnscap -g -T -r 1qtcppadd.pcap-dist 2>padding-no-layers.out -../dnscap -g -T -r 1qtcppadd.pcap-dist -o use_layers=yes 2>padding-layers.out +test -e 1qtcppadd.pcap || ln -s "$srcdir/1qtcppadd.pcap" 1qtcppadd.pcap + +../dnscap -g -T -r 1qtcppadd.pcap 2>padding-no-layers.out +../dnscap -g -T -r 1qtcppadd.pcap -o use_layers=yes 2>padding-layers.out diff padding-no-layers.out padding-layers.out diff --git a/src/test/test5.sh b/src/test/test5.sh index a4789d7a..e78d55b7 100755 --- a/src/test/test5.sh +++ b/src/test/test5.sh @@ -1,20 +1,22 @@ #!/bin/sh -xe +test -e vlan11.pcap || ln -s "$srcdir/vlan11.pcap" vlan11.pcap + osrel=`uname -s` -../dnscap -g -r vlan11.pcap-dist 2>vlan11.out +../dnscap -g -r vlan11.pcap 2>vlan11.out test -f vlan11.out && ! test -s vlan11.out -../dnscap -g -r vlan11.pcap-dist -L 10 2>vlan11.out +../dnscap -g -r vlan11.pcap -L 10 2>vlan11.out test -f vlan11.out && ! test -s vlan11.out -../dnscap -g -r vlan11.pcap-dist -L 4095 2>vlan11.out +../dnscap -g -r vlan11.pcap -L 4095 2>vlan11.out diff vlan11.out "$srcdir/vlan11.gold" -../dnscap -g -r vlan11.pcap-dist -L 11 2>vlan11.out +../dnscap -g -r vlan11.pcap -L 11 2>vlan11.out diff vlan11.out "$srcdir/vlan11.gold" -../dnscap -g -r vlan11.pcap-dist -o use_layers=yes 2>vlan11.out +../dnscap -g -r vlan11.pcap -o use_layers=yes 2>vlan11.out test -f vlan11.out && ! test -s vlan11.out -../dnscap -g -r vlan11.pcap-dist -o use_layers=yes -L 10 2>vlan11.out +../dnscap -g -r vlan11.pcap -o use_layers=yes -L 10 2>vlan11.out test -f vlan11.out && ! test -s vlan11.out -../dnscap -g -r vlan11.pcap-dist -o use_layers=yes -L 4095 2>vlan11.out +../dnscap -g -r vlan11.pcap -o use_layers=yes -L 4095 2>vlan11.out diff vlan11.out "$srcdir/vlan11.gold" -../dnscap -g -r vlan11.pcap-dist -o use_layers=yes -L 11 2>vlan11.out +../dnscap -g -r vlan11.pcap -o use_layers=yes -L 11 2>vlan11.out diff vlan11.out "$srcdir/vlan11.gold" diff --git a/src/test/test6.sh b/src/test/test6.sh index f05713bd..18a68879 100755 --- a/src/test/test6.sh +++ b/src/test/test6.sh @@ -1,6 +1,8 @@ #!/bin/sh -xe -../dnscap -g -r dnspad.pcap-dist 2>dnspad.out -../dnscap -o use_layers=yes -g -r dnspad.pcap-dist 2>>dnspad.out +test -e dnspad.pcap || ln -s "$srcdir/dnspad.pcap" dnspad.pcap + +../dnscap -g -r dnspad.pcap 2>dnspad.out +../dnscap -o use_layers=yes -g -r dnspad.pcap 2>>dnspad.out diff dnspad.out "$srcdir/dnspad.gold" diff --git a/src/test/test7.gold b/src/test/test7.gold index c3bb6831..0c4c34c2 100644 --- a/src/test/test7.gold +++ b/src/test/test7.gold @@ -1,25 +1,25 @@ -[60] 2018-01-10 11:22:41.543825 [#0 dnso1tcp.pcap-dist 4095] \ +[60] 2018-01-10 11:22:41.543825 [#0 dnso1tcp.pcap 4095] \ [172.17.0.8].51388 [8.8.8.8].53 -[60] 2018-01-10 11:22:41.548834 [#1 dnso1tcp.pcap-dist 4095] \ +[60] 2018-01-10 11:22:41.548834 [#1 dnso1tcp.pcap 4095] \ [8.8.8.8].53 [172.17.0.8].51388 -[54] 2018-01-10 11:22:41.548947 [#2 dnso1tcp.pcap-dist 4095] \ +[54] 2018-01-10 11:22:41.548947 [#2 dnso1tcp.pcap 4095] \ [172.17.0.8].51388 [8.8.8.8].53 -[80] 2018-01-10 11:22:41.552406 [#3 dnso1tcp.pcap-dist 4095] \ +[80] 2018-01-10 11:22:41.552406 [#3 dnso1tcp.pcap 4095] \ [172.17.0.8].51388 [8.8.8.8].53 \ dns QUERY,NOERROR,59311,rd \ 1 google.com.,IN,A 0 0 0 -[98] 2018-01-10 11:22:41.555912 [#4 dnso1tcp.pcap-dist 4095] \ +[98] 2018-01-10 11:22:41.555912 [#4 dnso1tcp.pcap 4095] \ [8.8.8.8].53 [172.17.0.8].51388 \ dns QUERY,NOERROR,59311,qr|rd|ra \ 1 google.com.,IN,A \ 1 google.com.,IN,A,58,216.58.211.142 0 0 -[54] 2018-01-10 11:22:41.556032 [#5 dnso1tcp.pcap-dist 4095] \ +[54] 2018-01-10 11:22:41.556032 [#5 dnso1tcp.pcap 4095] \ [172.17.0.8].51388 [8.8.8.8].53 -[97] 2018-01-10 11:22:41.600183 [#6 dnso1tcp.pcap-dist 4095] \ +[97] 2018-01-10 11:22:41.600183 [#6 dnso1tcp.pcap 4095] \ [172.17.0.8].51388 [8.8.8.8].53 \ dns QUERY,NOERROR,35665,rd \ 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 -[197] 2018-01-10 11:22:41.616460 [#7 dnso1tcp.pcap-dist 4095] \ +[197] 2018-01-10 11:22:41.616460 [#7 dnso1tcp.pcap 4095] \ [8.8.8.8].53 [172.17.0.8].51388 \ dns QUERY,NOERROR,35665,qr|rd|ra \ 1 206.218.58.216.in-addr.arpa.,IN,PTR \ @@ -27,35 +27,35 @@ 206.218.58.216.in-addr.arpa.,IN,PTR,21599,dfw06s47-in-f14.1e100.net. \ 206.218.58.216.in-addr.arpa.,IN,PTR,21599,dfw06s47-in-f206.1e100.net. \ 206.218.58.216.in-addr.arpa.,IN,PTR,21599,dfw06s47-in-f14.1e100.net. 0 0 -[54] 2018-01-10 11:22:41.616663 [#8 dnso1tcp.pcap-dist 4095] \ +[54] 2018-01-10 11:22:41.616663 [#8 dnso1tcp.pcap 4095] \ [172.17.0.8].51388 [8.8.8.8].53 -[80] 2018-01-10 11:22:41.659921 [#9 dnso1tcp.pcap-dist 4095] \ +[80] 2018-01-10 11:22:41.659921 [#9 dnso1tcp.pcap 4095] \ [172.17.0.8].51388 [8.8.8.8].53 \ dns QUERY,NOERROR,5337,rd \ 1 google.com.,IN,A 0 0 0 -[98] 2018-01-10 11:22:41.663576 [#10 dnso1tcp.pcap-dist 4095] \ +[98] 2018-01-10 11:22:41.663576 [#10 dnso1tcp.pcap 4095] \ [8.8.8.8].53 [172.17.0.8].51388 \ dns QUERY,NOERROR,5337,qr|rd|ra \ 1 google.com.,IN,A \ 1 google.com.,IN,A,58,216.58.211.142 0 0 -[54] 2018-01-10 11:22:41.663734 [#11 dnso1tcp.pcap-dist 4095] \ +[54] 2018-01-10 11:22:41.663734 [#11 dnso1tcp.pcap 4095] \ [172.17.0.8].51388 [8.8.8.8].53 -[80] 2018-01-10 11:22:41.706183 [#12 dnso1tcp.pcap-dist 4095] \ +[80] 2018-01-10 11:22:41.706183 [#12 dnso1tcp.pcap 4095] \ [172.17.0.8].51388 [8.8.8.8].53 \ dns QUERY,NOERROR,22982,rd \ 1 google.com.,IN,A 0 0 0 -[98] 2018-01-10 11:22:41.709680 [#13 dnso1tcp.pcap-dist 4095] \ +[98] 2018-01-10 11:22:41.709680 [#13 dnso1tcp.pcap 4095] \ [8.8.8.8].53 [172.17.0.8].51388 \ dns QUERY,NOERROR,22982,qr|rd|ra \ 1 google.com.,IN,A \ 1 google.com.,IN,A,58,216.58.211.142 0 0 -[54] 2018-01-10 11:22:41.709779 [#14 dnso1tcp.pcap-dist 4095] \ +[54] 2018-01-10 11:22:41.709779 [#14 dnso1tcp.pcap 4095] \ [172.17.0.8].51388 [8.8.8.8].53 -[97] 2018-01-10 11:22:41.754101 [#15 dnso1tcp.pcap-dist 4095] \ +[97] 2018-01-10 11:22:41.754101 [#15 dnso1tcp.pcap 4095] \ [172.17.0.8].51388 [8.8.8.8].53 \ dns QUERY,NOERROR,18718,rd \ 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 -[197] 2018-01-10 11:22:41.757876 [#16 dnso1tcp.pcap-dist 4095] \ +[197] 2018-01-10 11:22:41.757876 [#16 dnso1tcp.pcap 4095] \ [8.8.8.8].53 [172.17.0.8].51388 \ dns QUERY,NOERROR,18718,qr|rd|ra \ 1 206.218.58.216.in-addr.arpa.,IN,PTR \ @@ -63,35 +63,35 @@ 206.218.58.216.in-addr.arpa.,IN,PTR,21599,dfw06s47-in-f14.1e100.net. \ 206.218.58.216.in-addr.arpa.,IN,PTR,21599,dfw06s47-in-f206.1e100.net. \ 206.218.58.216.in-addr.arpa.,IN,PTR,21599,dfw06s47-in-f14.1e100.net. 0 0 -[54] 2018-01-10 11:22:41.758191 [#17 dnso1tcp.pcap-dist 4095] \ +[54] 2018-01-10 11:22:41.758191 [#17 dnso1tcp.pcap 4095] \ [172.17.0.8].51388 [8.8.8.8].53 -[80] 2018-01-10 11:22:41.804255 [#18 dnso1tcp.pcap-dist 4095] \ +[80] 2018-01-10 11:22:41.804255 [#18 dnso1tcp.pcap 4095] \ [172.17.0.8].51388 [8.8.8.8].53 \ dns QUERY,NOERROR,22531,rd \ 1 google.com.,IN,A 0 0 0 -[98] 2018-01-10 11:22:41.809483 [#19 dnso1tcp.pcap-dist 4095] \ +[98] 2018-01-10 11:22:41.809483 [#19 dnso1tcp.pcap 4095] \ [8.8.8.8].53 [172.17.0.8].51388 \ dns QUERY,NOERROR,22531,qr|rd|ra \ 1 google.com.,IN,A \ 1 google.com.,IN,A,58,216.58.211.142 0 0 -[54] 2018-01-10 11:22:41.809780 [#20 dnso1tcp.pcap-dist 4095] \ +[54] 2018-01-10 11:22:41.809780 [#20 dnso1tcp.pcap 4095] \ [172.17.0.8].51388 [8.8.8.8].53 -[80] 2018-01-10 11:22:41.854113 [#21 dnso1tcp.pcap-dist 4095] \ +[80] 2018-01-10 11:22:41.854113 [#21 dnso1tcp.pcap 4095] \ [172.17.0.8].51388 [8.8.8.8].53 \ dns QUERY,NOERROR,58510,rd \ 1 google.com.,IN,A 0 0 0 -[98] 2018-01-10 11:22:41.857788 [#22 dnso1tcp.pcap-dist 4095] \ +[98] 2018-01-10 11:22:41.857788 [#22 dnso1tcp.pcap 4095] \ [8.8.8.8].53 [172.17.0.8].51388 \ dns QUERY,NOERROR,58510,qr|rd|ra \ 1 google.com.,IN,A \ 1 google.com.,IN,A,58,216.58.211.142 0 0 -[54] 2018-01-10 11:22:41.858002 [#23 dnso1tcp.pcap-dist 4095] \ +[54] 2018-01-10 11:22:41.858002 [#23 dnso1tcp.pcap 4095] \ [172.17.0.8].51388 [8.8.8.8].53 -[97] 2018-01-10 11:22:41.902165 [#24 dnso1tcp.pcap-dist 4095] \ +[97] 2018-01-10 11:22:41.902165 [#24 dnso1tcp.pcap 4095] \ [172.17.0.8].51388 [8.8.8.8].53 \ dns QUERY,NOERROR,45248,rd \ 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 -[197] 2018-01-10 11:22:41.905802 [#25 dnso1tcp.pcap-dist 4095] \ +[197] 2018-01-10 11:22:41.905802 [#25 dnso1tcp.pcap 4095] \ [8.8.8.8].53 [172.17.0.8].51388 \ dns QUERY,NOERROR,45248,qr|rd|ra \ 1 206.218.58.216.in-addr.arpa.,IN,PTR \ @@ -99,35 +99,35 @@ 206.218.58.216.in-addr.arpa.,IN,PTR,21599,dfw06s47-in-f14.1e100.net. \ 206.218.58.216.in-addr.arpa.,IN,PTR,21599,dfw06s47-in-f206.1e100.net. \ 206.218.58.216.in-addr.arpa.,IN,PTR,21599,dfw06s47-in-f14.1e100.net. 0 0 -[54] 2018-01-10 11:22:41.905918 [#26 dnso1tcp.pcap-dist 4095] \ +[54] 2018-01-10 11:22:41.905918 [#26 dnso1tcp.pcap 4095] \ [172.17.0.8].51388 [8.8.8.8].53 -[80] 2018-01-10 11:22:41.950164 [#27 dnso1tcp.pcap-dist 4095] \ +[80] 2018-01-10 11:22:41.950164 [#27 dnso1tcp.pcap 4095] \ [172.17.0.8].51388 [8.8.8.8].53 \ dns QUERY,NOERROR,49483,rd \ 1 google.com.,IN,A 0 0 0 -[98] 2018-01-10 11:22:41.954138 [#28 dnso1tcp.pcap-dist 4095] \ +[98] 2018-01-10 11:22:41.954138 [#28 dnso1tcp.pcap 4095] \ [8.8.8.8].53 [172.17.0.8].51388 \ dns QUERY,NOERROR,49483,qr|rd|ra \ 1 google.com.,IN,A \ 1 google.com.,IN,A,57,216.58.211.142 0 0 -[54] 2018-01-10 11:22:41.954452 [#29 dnso1tcp.pcap-dist 4095] \ +[54] 2018-01-10 11:22:41.954452 [#29 dnso1tcp.pcap 4095] \ [172.17.0.8].51388 [8.8.8.8].53 -[80] 2018-01-10 11:22:41.999121 [#30 dnso1tcp.pcap-dist 4095] \ +[80] 2018-01-10 11:22:41.999121 [#30 dnso1tcp.pcap 4095] \ [172.17.0.8].51388 [8.8.8.8].53 \ dns QUERY,NOERROR,31669,rd \ 1 google.com.,IN,A 0 0 0 -[98] 2018-01-10 11:22:42.002657 [#31 dnso1tcp.pcap-dist 4095] \ +[98] 2018-01-10 11:22:42.002657 [#31 dnso1tcp.pcap 4095] \ [8.8.8.8].53 [172.17.0.8].51388 \ dns QUERY,NOERROR,31669,qr|rd|ra \ 1 google.com.,IN,A \ 1 google.com.,IN,A,57,216.58.211.142 0 0 -[54] 2018-01-10 11:22:42.002831 [#32 dnso1tcp.pcap-dist 4095] \ +[54] 2018-01-10 11:22:42.002831 [#32 dnso1tcp.pcap 4095] \ [172.17.0.8].51388 [8.8.8.8].53 -[97] 2018-01-10 11:22:42.047148 [#33 dnso1tcp.pcap-dist 4095] \ +[97] 2018-01-10 11:22:42.047148 [#33 dnso1tcp.pcap 4095] \ [172.17.0.8].51388 [8.8.8.8].53 \ dns QUERY,NOERROR,25433,rd \ 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 -[197] 2018-01-10 11:22:42.052425 [#34 dnso1tcp.pcap-dist 4095] \ +[197] 2018-01-10 11:22:42.052425 [#34 dnso1tcp.pcap 4095] \ [8.8.8.8].53 [172.17.0.8].51388 \ dns QUERY,NOERROR,25433,qr|rd|ra \ 1 206.218.58.216.in-addr.arpa.,IN,PTR \ @@ -135,24 +135,24 @@ 206.218.58.216.in-addr.arpa.,IN,PTR,21598,dfw06s47-in-f14.1e100.net. \ 206.218.58.216.in-addr.arpa.,IN,PTR,21598,dfw06s47-in-f206.1e100.net. \ 206.218.58.216.in-addr.arpa.,IN,PTR,21598,dfw06s47-in-f14.1e100.net. 0 0 -[54] 2018-01-10 11:22:42.052901 [#35 dnso1tcp.pcap-dist 4095] \ +[54] 2018-01-10 11:22:42.052901 [#35 dnso1tcp.pcap 4095] \ [172.17.0.8].51388 [8.8.8.8].53 -[80] 2018-01-10 11:22:42.097899 [#36 dnso1tcp.pcap-dist 4095] \ +[80] 2018-01-10 11:22:42.097899 [#36 dnso1tcp.pcap 4095] \ [172.17.0.8].51388 [8.8.8.8].53 \ dns QUERY,NOERROR,63798,rd \ 1 google.com.,IN,A 0 0 0 -[98] 2018-01-10 11:22:42.101443 [#37 dnso1tcp.pcap-dist 4095] \ +[98] 2018-01-10 11:22:42.101443 [#37 dnso1tcp.pcap 4095] \ [8.8.8.8].53 [172.17.0.8].51388 \ dns QUERY,NOERROR,63798,qr|rd|ra \ 1 google.com.,IN,A \ 1 google.com.,IN,A,57,216.58.211.142 0 0 -[54] 2018-01-10 11:22:42.101553 [#38 dnso1tcp.pcap-dist 4095] \ +[54] 2018-01-10 11:22:42.101553 [#38 dnso1tcp.pcap 4095] \ [172.17.0.8].51388 [8.8.8.8].53 -[97] 2018-01-10 11:22:42.145005 [#39 dnso1tcp.pcap-dist 4095] \ +[97] 2018-01-10 11:22:42.145005 [#39 dnso1tcp.pcap 4095] \ [172.17.0.8].51388 [8.8.8.8].53 \ dns QUERY,NOERROR,8470,rd \ 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 -[197] 2018-01-10 11:22:42.148639 [#40 dnso1tcp.pcap-dist 4095] \ +[197] 2018-01-10 11:22:42.148639 [#40 dnso1tcp.pcap 4095] \ [8.8.8.8].53 [172.17.0.8].51388 \ dns QUERY,NOERROR,8470,qr|rd|ra \ 1 206.218.58.216.in-addr.arpa.,IN,PTR \ @@ -160,24 +160,24 @@ 206.218.58.216.in-addr.arpa.,IN,PTR,21598,dfw06s47-in-f14.1e100.net. \ 206.218.58.216.in-addr.arpa.,IN,PTR,21598,dfw06s47-in-f206.1e100.net. \ 206.218.58.216.in-addr.arpa.,IN,PTR,21598,dfw06s47-in-f14.1e100.net. 0 0 -[54] 2018-01-10 11:22:42.148770 [#41 dnso1tcp.pcap-dist 4095] \ +[54] 2018-01-10 11:22:42.148770 [#41 dnso1tcp.pcap 4095] \ [172.17.0.8].51388 [8.8.8.8].53 -[80] 2018-01-10 11:22:42.192777 [#42 dnso1tcp.pcap-dist 4095] \ +[80] 2018-01-10 11:22:42.192777 [#42 dnso1tcp.pcap 4095] \ [172.17.0.8].51388 [8.8.8.8].53 \ dns QUERY,NOERROR,60258,rd \ 1 google.com.,IN,A 0 0 0 -[98] 2018-01-10 11:22:42.196256 [#43 dnso1tcp.pcap-dist 4095] \ +[98] 2018-01-10 11:22:42.196256 [#43 dnso1tcp.pcap 4095] \ [8.8.8.8].53 [172.17.0.8].51388 \ dns QUERY,NOERROR,60258,qr|rd|ra \ 1 google.com.,IN,A \ 1 google.com.,IN,A,57,216.58.211.142 0 0 -[54] 2018-01-10 11:22:42.196471 [#44 dnso1tcp.pcap-dist 4095] \ +[54] 2018-01-10 11:22:42.196471 [#44 dnso1tcp.pcap 4095] \ [172.17.0.8].51388 [8.8.8.8].53 -[97] 2018-01-10 11:22:42.240395 [#45 dnso1tcp.pcap-dist 4095] \ +[97] 2018-01-10 11:22:42.240395 [#45 dnso1tcp.pcap 4095] \ [172.17.0.8].51388 [8.8.8.8].53 \ dns QUERY,NOERROR,44985,rd \ 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 -[197] 2018-01-10 11:22:42.245103 [#46 dnso1tcp.pcap-dist 4095] \ +[197] 2018-01-10 11:22:42.245103 [#46 dnso1tcp.pcap 4095] \ [8.8.8.8].53 [172.17.0.8].51388 \ dns QUERY,NOERROR,44985,qr|rd|ra \ 1 206.218.58.216.in-addr.arpa.,IN,PTR \ @@ -185,24 +185,24 @@ 206.218.58.216.in-addr.arpa.,IN,PTR,21598,dfw06s47-in-f14.1e100.net. \ 206.218.58.216.in-addr.arpa.,IN,PTR,21598,dfw06s47-in-f206.1e100.net. \ 206.218.58.216.in-addr.arpa.,IN,PTR,21598,dfw06s47-in-f14.1e100.net. 0 0 -[54] 2018-01-10 11:22:42.245585 [#47 dnso1tcp.pcap-dist 4095] \ +[54] 2018-01-10 11:22:42.245585 [#47 dnso1tcp.pcap 4095] \ [172.17.0.8].51388 [8.8.8.8].53 -[80] 2018-01-10 11:22:42.290257 [#48 dnso1tcp.pcap-dist 4095] \ +[80] 2018-01-10 11:22:42.290257 [#48 dnso1tcp.pcap 4095] \ [172.17.0.8].51388 [8.8.8.8].53 \ dns QUERY,NOERROR,45512,rd \ 1 google.com.,IN,A 0 0 0 -[98] 2018-01-10 11:22:42.293978 [#49 dnso1tcp.pcap-dist 4095] \ +[98] 2018-01-10 11:22:42.293978 [#49 dnso1tcp.pcap 4095] \ [8.8.8.8].53 [172.17.0.8].51388 \ dns QUERY,NOERROR,45512,qr|rd|ra \ 1 google.com.,IN,A \ 1 google.com.,IN,A,57,216.58.211.142 0 0 -[54] 2018-01-10 11:22:42.294300 [#50 dnso1tcp.pcap-dist 4095] \ +[54] 2018-01-10 11:22:42.294300 [#50 dnso1tcp.pcap 4095] \ [172.17.0.8].51388 [8.8.8.8].53 -[97] 2018-01-10 11:22:42.337985 [#51 dnso1tcp.pcap-dist 4095] \ +[97] 2018-01-10 11:22:42.337985 [#51 dnso1tcp.pcap 4095] \ [172.17.0.8].51388 [8.8.8.8].53 \ dns QUERY,NOERROR,22980,rd \ 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 -[197] 2018-01-10 11:22:42.341559 [#52 dnso1tcp.pcap-dist 4095] \ +[197] 2018-01-10 11:22:42.341559 [#52 dnso1tcp.pcap 4095] \ [8.8.8.8].53 [172.17.0.8].51388 \ dns QUERY,NOERROR,22980,qr|rd|ra \ 1 206.218.58.216.in-addr.arpa.,IN,PTR \ @@ -210,24 +210,24 @@ 206.218.58.216.in-addr.arpa.,IN,PTR,21598,dfw06s47-in-f14.1e100.net. \ 206.218.58.216.in-addr.arpa.,IN,PTR,21598,dfw06s47-in-f206.1e100.net. \ 206.218.58.216.in-addr.arpa.,IN,PTR,21598,dfw06s47-in-f14.1e100.net. 0 0 -[54] 2018-01-10 11:22:42.341648 [#53 dnso1tcp.pcap-dist 4095] \ +[54] 2018-01-10 11:22:42.341648 [#53 dnso1tcp.pcap 4095] \ [172.17.0.8].51388 [8.8.8.8].53 -[80] 2018-01-10 11:22:42.385009 [#54 dnso1tcp.pcap-dist 4095] \ +[80] 2018-01-10 11:22:42.385009 [#54 dnso1tcp.pcap 4095] \ [172.17.0.8].51388 [8.8.8.8].53 \ dns QUERY,NOERROR,1834,rd \ 1 google.com.,IN,A 0 0 0 -[98] 2018-01-10 11:22:42.389082 [#55 dnso1tcp.pcap-dist 4095] \ +[98] 2018-01-10 11:22:42.389082 [#55 dnso1tcp.pcap 4095] \ [8.8.8.8].53 [172.17.0.8].51388 \ dns QUERY,NOERROR,1834,qr|rd|ra \ 1 google.com.,IN,A \ 1 google.com.,IN,A,57,216.58.211.142 0 0 -[54] 2018-01-10 11:22:42.389343 [#56 dnso1tcp.pcap-dist 4095] \ +[54] 2018-01-10 11:22:42.389343 [#56 dnso1tcp.pcap 4095] \ [172.17.0.8].51388 [8.8.8.8].53 -[97] 2018-01-10 11:22:42.433458 [#57 dnso1tcp.pcap-dist 4095] \ +[97] 2018-01-10 11:22:42.433458 [#57 dnso1tcp.pcap 4095] \ [172.17.0.8].51388 [8.8.8.8].53 \ dns QUERY,NOERROR,25431,rd \ 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 -[197] 2018-01-10 11:22:42.438748 [#58 dnso1tcp.pcap-dist 4095] \ +[197] 2018-01-10 11:22:42.438748 [#58 dnso1tcp.pcap 4095] \ [8.8.8.8].53 [172.17.0.8].51388 \ dns QUERY,NOERROR,25431,qr|rd|ra \ 1 206.218.58.216.in-addr.arpa.,IN,PTR \ @@ -235,24 +235,24 @@ 206.218.58.216.in-addr.arpa.,IN,PTR,21598,dfw06s47-in-f14.1e100.net. \ 206.218.58.216.in-addr.arpa.,IN,PTR,21598,dfw06s47-in-f206.1e100.net. \ 206.218.58.216.in-addr.arpa.,IN,PTR,21598,dfw06s47-in-f14.1e100.net. 0 0 -[54] 2018-01-10 11:22:42.439060 [#59 dnso1tcp.pcap-dist 4095] \ +[54] 2018-01-10 11:22:42.439060 [#59 dnso1tcp.pcap 4095] \ [172.17.0.8].51388 [8.8.8.8].53 -[80] 2018-01-10 11:22:42.484005 [#60 dnso1tcp.pcap-dist 4095] \ +[80] 2018-01-10 11:22:42.484005 [#60 dnso1tcp.pcap 4095] \ [172.17.0.8].51388 [8.8.8.8].53 \ dns QUERY,NOERROR,48432,rd \ 1 google.com.,IN,A 0 0 0 -[98] 2018-01-10 11:22:42.487697 [#61 dnso1tcp.pcap-dist 4095] \ +[98] 2018-01-10 11:22:42.487697 [#61 dnso1tcp.pcap 4095] \ [8.8.8.8].53 [172.17.0.8].51388 \ dns QUERY,NOERROR,48432,qr|rd|ra \ 1 google.com.,IN,A \ 1 google.com.,IN,A,57,216.58.211.142 0 0 -[54] 2018-01-10 11:22:42.488035 [#62 dnso1tcp.pcap-dist 4095] \ +[54] 2018-01-10 11:22:42.488035 [#62 dnso1tcp.pcap 4095] \ [172.17.0.8].51388 [8.8.8.8].53 -[97] 2018-01-10 11:22:42.532414 [#63 dnso1tcp.pcap-dist 4095] \ +[97] 2018-01-10 11:22:42.532414 [#63 dnso1tcp.pcap 4095] \ [172.17.0.8].51388 [8.8.8.8].53 \ dns QUERY,NOERROR,47411,rd \ 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 -[197] 2018-01-10 11:22:42.537574 [#64 dnso1tcp.pcap-dist 4095] \ +[197] 2018-01-10 11:22:42.537574 [#64 dnso1tcp.pcap 4095] \ [8.8.8.8].53 [172.17.0.8].51388 \ dns QUERY,NOERROR,47411,qr|rd|ra \ 1 206.218.58.216.in-addr.arpa.,IN,PTR \ @@ -260,57 +260,57 @@ 206.218.58.216.in-addr.arpa.,IN,PTR,21598,dfw06s47-in-f14.1e100.net. \ 206.218.58.216.in-addr.arpa.,IN,PTR,21598,dfw06s47-in-f206.1e100.net. \ 206.218.58.216.in-addr.arpa.,IN,PTR,21598,dfw06s47-in-f14.1e100.net. 0 0 -[54] 2018-01-10 11:22:42.537941 [#65 dnso1tcp.pcap-dist 4095] \ +[54] 2018-01-10 11:22:42.537941 [#65 dnso1tcp.pcap 4095] \ [172.17.0.8].51388 [8.8.8.8].53 -[80] 2018-01-10 11:22:42.583021 [#66 dnso1tcp.pcap-dist 4095] \ +[80] 2018-01-10 11:22:42.583021 [#66 dnso1tcp.pcap 4095] \ [172.17.0.8].51388 [8.8.8.8].53 \ dns QUERY,NOERROR,12038,rd \ 1 google.com.,IN,A 0 0 0 -[98] 2018-01-10 11:22:42.586898 [#67 dnso1tcp.pcap-dist 4095] \ +[98] 2018-01-10 11:22:42.586898 [#67 dnso1tcp.pcap 4095] \ [8.8.8.8].53 [172.17.0.8].51388 \ dns QUERY,NOERROR,12038,qr|rd|ra \ 1 google.com.,IN,A \ 1 google.com.,IN,A,57,216.58.211.142 0 0 -[54] 2018-01-10 11:22:42.587050 [#68 dnso1tcp.pcap-dist 4095] \ +[54] 2018-01-10 11:22:42.587050 [#68 dnso1tcp.pcap 4095] \ [172.17.0.8].51388 [8.8.8.8].53 -[80] 2018-01-10 11:22:42.630221 [#69 dnso1tcp.pcap-dist 4095] \ +[80] 2018-01-10 11:22:42.630221 [#69 dnso1tcp.pcap 4095] \ [172.17.0.8].51388 [8.8.8.8].53 \ dns QUERY,NOERROR,11614,rd \ 1 google.com.,IN,A 0 0 0 -[98] 2018-01-10 11:22:42.633808 [#70 dnso1tcp.pcap-dist 4095] \ +[98] 2018-01-10 11:22:42.633808 [#70 dnso1tcp.pcap 4095] \ [8.8.8.8].53 [172.17.0.8].51388 \ dns QUERY,NOERROR,11614,qr|rd|ra \ 1 google.com.,IN,A \ 1 google.com.,IN,A,57,216.58.211.142 0 0 -[54] 2018-01-10 11:22:42.634006 [#71 dnso1tcp.pcap-dist 4095] \ +[54] 2018-01-10 11:22:42.634006 [#71 dnso1tcp.pcap 4095] \ [172.17.0.8].51388 [8.8.8.8].53 -[80] 2018-01-10 11:22:42.679168 [#72 dnso1tcp.pcap-dist 4095] \ +[80] 2018-01-10 11:22:42.679168 [#72 dnso1tcp.pcap 4095] \ [172.17.0.8].51388 [8.8.8.8].53 \ dns QUERY,NOERROR,59173,rd \ 1 google.com.,IN,A 0 0 0 -[98] 2018-01-10 11:22:42.682888 [#73 dnso1tcp.pcap-dist 4095] \ +[98] 2018-01-10 11:22:42.682888 [#73 dnso1tcp.pcap 4095] \ [8.8.8.8].53 [172.17.0.8].51388 \ dns QUERY,NOERROR,59173,qr|rd|ra \ 1 google.com.,IN,A \ 1 google.com.,IN,A,57,216.58.211.142 0 0 -[54] 2018-01-10 11:22:42.683273 [#74 dnso1tcp.pcap-dist 4095] \ +[54] 2018-01-10 11:22:42.683273 [#74 dnso1tcp.pcap 4095] \ [172.17.0.8].51388 [8.8.8.8].53 -[80] 2018-01-10 11:22:42.727254 [#75 dnso1tcp.pcap-dist 4095] \ +[80] 2018-01-10 11:22:42.727254 [#75 dnso1tcp.pcap 4095] \ [172.17.0.8].51388 [8.8.8.8].53 \ dns QUERY,NOERROR,45535,rd \ 1 google.com.,IN,A 0 0 0 -[98] 2018-01-10 11:22:42.732703 [#76 dnso1tcp.pcap-dist 4095] \ +[98] 2018-01-10 11:22:42.732703 [#76 dnso1tcp.pcap 4095] \ [8.8.8.8].53 [172.17.0.8].51388 \ dns QUERY,NOERROR,45535,qr|rd|ra \ 1 google.com.,IN,A \ 1 google.com.,IN,A,57,216.58.211.142 0 0 -[54] 2018-01-10 11:22:42.733029 [#77 dnso1tcp.pcap-dist 4095] \ +[54] 2018-01-10 11:22:42.733029 [#77 dnso1tcp.pcap 4095] \ [172.17.0.8].51388 [8.8.8.8].53 -[97] 2018-01-10 11:22:42.777184 [#78 dnso1tcp.pcap-dist 4095] \ +[97] 2018-01-10 11:22:42.777184 [#78 dnso1tcp.pcap 4095] \ [172.17.0.8].51388 [8.8.8.8].53 \ dns QUERY,NOERROR,60808,rd \ 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 -[197] 2018-01-10 11:22:42.781053 [#79 dnso1tcp.pcap-dist 4095] \ +[197] 2018-01-10 11:22:42.781053 [#79 dnso1tcp.pcap 4095] \ [8.8.8.8].53 [172.17.0.8].51388 \ dns QUERY,NOERROR,60808,qr|rd|ra \ 1 206.218.58.216.in-addr.arpa.,IN,PTR \ @@ -318,24 +318,24 @@ 206.218.58.216.in-addr.arpa.,IN,PTR,21598,dfw06s47-in-f14.1e100.net. \ 206.218.58.216.in-addr.arpa.,IN,PTR,21598,dfw06s47-in-f206.1e100.net. \ 206.218.58.216.in-addr.arpa.,IN,PTR,21598,dfw06s47-in-f14.1e100.net. 0 0 -[54] 2018-01-10 11:22:42.781416 [#80 dnso1tcp.pcap-dist 4095] \ +[54] 2018-01-10 11:22:42.781416 [#80 dnso1tcp.pcap 4095] \ [172.17.0.8].51388 [8.8.8.8].53 -[80] 2018-01-10 11:22:42.824222 [#81 dnso1tcp.pcap-dist 4095] \ +[80] 2018-01-10 11:22:42.824222 [#81 dnso1tcp.pcap 4095] \ [172.17.0.8].51388 [8.8.8.8].53 \ dns QUERY,NOERROR,64325,rd \ 1 google.com.,IN,A 0 0 0 -[98] 2018-01-10 11:22:42.828050 [#82 dnso1tcp.pcap-dist 4095] \ +[98] 2018-01-10 11:22:42.828050 [#82 dnso1tcp.pcap 4095] \ [8.8.8.8].53 [172.17.0.8].51388 \ dns QUERY,NOERROR,64325,qr|rd|ra \ 1 google.com.,IN,A \ 1 google.com.,IN,A,57,216.58.211.142 0 0 -[54] 2018-01-10 11:22:42.828346 [#83 dnso1tcp.pcap-dist 4095] \ +[54] 2018-01-10 11:22:42.828346 [#83 dnso1tcp.pcap 4095] \ [172.17.0.8].51388 [8.8.8.8].53 -[97] 2018-01-10 11:22:42.872186 [#84 dnso1tcp.pcap-dist 4095] \ +[97] 2018-01-10 11:22:42.872186 [#84 dnso1tcp.pcap 4095] \ [172.17.0.8].51388 [8.8.8.8].53 \ dns QUERY,NOERROR,25543,rd \ 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 -[197] 2018-01-10 11:22:42.875911 [#85 dnso1tcp.pcap-dist 4095] \ +[197] 2018-01-10 11:22:42.875911 [#85 dnso1tcp.pcap 4095] \ [8.8.8.8].53 [172.17.0.8].51388 \ dns QUERY,NOERROR,25543,qr|rd|ra \ 1 206.218.58.216.in-addr.arpa.,IN,PTR \ @@ -343,24 +343,24 @@ 206.218.58.216.in-addr.arpa.,IN,PTR,21598,dfw06s47-in-f14.1e100.net. \ 206.218.58.216.in-addr.arpa.,IN,PTR,21598,dfw06s47-in-f206.1e100.net. \ 206.218.58.216.in-addr.arpa.,IN,PTR,21598,dfw06s47-in-f14.1e100.net. 0 0 -[54] 2018-01-10 11:22:42.876226 [#86 dnso1tcp.pcap-dist 4095] \ +[54] 2018-01-10 11:22:42.876226 [#86 dnso1tcp.pcap 4095] \ [172.17.0.8].51388 [8.8.8.8].53 -[80] 2018-01-10 11:22:42.920231 [#87 dnso1tcp.pcap-dist 4095] \ +[80] 2018-01-10 11:22:42.920231 [#87 dnso1tcp.pcap 4095] \ [172.17.0.8].51388 [8.8.8.8].53 \ dns QUERY,NOERROR,20736,rd \ 1 google.com.,IN,A 0 0 0 -[98] 2018-01-10 11:22:42.923917 [#88 dnso1tcp.pcap-dist 4095] \ +[98] 2018-01-10 11:22:42.923917 [#88 dnso1tcp.pcap 4095] \ [8.8.8.8].53 [172.17.0.8].51388 \ dns QUERY,NOERROR,20736,qr|rd|ra \ 1 google.com.,IN,A \ 1 google.com.,IN,A,57,216.58.211.142 0 0 -[54] 2018-01-10 11:22:42.924082 [#89 dnso1tcp.pcap-dist 4095] \ +[54] 2018-01-10 11:22:42.924082 [#89 dnso1tcp.pcap 4095] \ [172.17.0.8].51388 [8.8.8.8].53 -[97] 2018-01-10 11:22:42.968961 [#90 dnso1tcp.pcap-dist 4095] \ +[97] 2018-01-10 11:22:42.968961 [#90 dnso1tcp.pcap 4095] \ [172.17.0.8].51388 [8.8.8.8].53 \ dns QUERY,NOERROR,25911,rd \ 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 -[197] 2018-01-10 11:22:42.972662 [#91 dnso1tcp.pcap-dist 4095] \ +[197] 2018-01-10 11:22:42.972662 [#91 dnso1tcp.pcap 4095] \ [8.8.8.8].53 [172.17.0.8].51388 \ dns QUERY,NOERROR,25911,qr|rd|ra \ 1 206.218.58.216.in-addr.arpa.,IN,PTR \ @@ -368,24 +368,24 @@ 206.218.58.216.in-addr.arpa.,IN,PTR,21597,dfw06s47-in-f14.1e100.net. \ 206.218.58.216.in-addr.arpa.,IN,PTR,21597,dfw06s47-in-f206.1e100.net. \ 206.218.58.216.in-addr.arpa.,IN,PTR,21597,dfw06s47-in-f14.1e100.net. 0 0 -[54] 2018-01-10 11:22:42.972972 [#92 dnso1tcp.pcap-dist 4095] \ +[54] 2018-01-10 11:22:42.972972 [#92 dnso1tcp.pcap 4095] \ [172.17.0.8].51388 [8.8.8.8].53 -[80] 2018-01-10 11:22:43.017364 [#93 dnso1tcp.pcap-dist 4095] \ +[80] 2018-01-10 11:22:43.017364 [#93 dnso1tcp.pcap 4095] \ [172.17.0.8].51388 [8.8.8.8].53 \ dns QUERY,NOERROR,64358,rd \ 1 google.com.,IN,A 0 0 0 -[98] 2018-01-10 11:22:43.022591 [#94 dnso1tcp.pcap-dist 4095] \ +[98] 2018-01-10 11:22:43.022591 [#94 dnso1tcp.pcap 4095] \ [8.8.8.8].53 [172.17.0.8].51388 \ dns QUERY,NOERROR,64358,qr|rd|ra \ 1 google.com.,IN,A \ 1 google.com.,IN,A,56,216.58.211.142 0 0 -[54] 2018-01-10 11:22:43.022938 [#95 dnso1tcp.pcap-dist 4095] \ +[54] 2018-01-10 11:22:43.022938 [#95 dnso1tcp.pcap 4095] \ [172.17.0.8].51388 [8.8.8.8].53 -[97] 2018-01-10 11:22:43.066765 [#96 dnso1tcp.pcap-dist 4095] \ +[97] 2018-01-10 11:22:43.066765 [#96 dnso1tcp.pcap 4095] \ [172.17.0.8].51388 [8.8.8.8].53 \ dns QUERY,NOERROR,37698,rd \ 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 -[197] 2018-01-10 11:22:43.070349 [#97 dnso1tcp.pcap-dist 4095] \ +[197] 2018-01-10 11:22:43.070349 [#97 dnso1tcp.pcap 4095] \ [8.8.8.8].53 [172.17.0.8].51388 \ dns QUERY,NOERROR,37698,qr|rd|ra \ 1 206.218.58.216.in-addr.arpa.,IN,PTR \ @@ -393,24 +393,24 @@ 206.218.58.216.in-addr.arpa.,IN,PTR,21597,dfw06s47-in-f14.1e100.net. \ 206.218.58.216.in-addr.arpa.,IN,PTR,21597,dfw06s47-in-f206.1e100.net. \ 206.218.58.216.in-addr.arpa.,IN,PTR,21597,dfw06s47-in-f14.1e100.net. 0 0 -[54] 2018-01-10 11:22:43.070484 [#98 dnso1tcp.pcap-dist 4095] \ +[54] 2018-01-10 11:22:43.070484 [#98 dnso1tcp.pcap 4095] \ [172.17.0.8].51388 [8.8.8.8].53 -[80] 2018-01-10 11:22:43.114332 [#99 dnso1tcp.pcap-dist 4095] \ +[80] 2018-01-10 11:22:43.114332 [#99 dnso1tcp.pcap 4095] \ [172.17.0.8].51388 [8.8.8.8].53 \ dns QUERY,NOERROR,54706,rd \ 1 google.com.,IN,A 0 0 0 -[98] 2018-01-10 11:22:43.119538 [#100 dnso1tcp.pcap-dist 4095] \ +[98] 2018-01-10 11:22:43.119538 [#100 dnso1tcp.pcap 4095] \ [8.8.8.8].53 [172.17.0.8].51388 \ dns QUERY,NOERROR,54706,qr|rd|ra \ 1 google.com.,IN,A \ 1 google.com.,IN,A,56,216.58.211.142 0 0 -[54] 2018-01-10 11:22:43.119857 [#101 dnso1tcp.pcap-dist 4095] \ +[54] 2018-01-10 11:22:43.119857 [#101 dnso1tcp.pcap 4095] \ [172.17.0.8].51388 [8.8.8.8].53 -[97] 2018-01-10 11:22:43.163857 [#102 dnso1tcp.pcap-dist 4095] \ +[97] 2018-01-10 11:22:43.163857 [#102 dnso1tcp.pcap 4095] \ [172.17.0.8].51388 [8.8.8.8].53 \ dns QUERY,NOERROR,32142,rd \ 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 -[197] 2018-01-10 11:22:43.167576 [#103 dnso1tcp.pcap-dist 4095] \ +[197] 2018-01-10 11:22:43.167576 [#103 dnso1tcp.pcap 4095] \ [8.8.8.8].53 [172.17.0.8].51388 \ dns QUERY,NOERROR,32142,qr|rd|ra \ 1 206.218.58.216.in-addr.arpa.,IN,PTR \ @@ -418,24 +418,24 @@ 206.218.58.216.in-addr.arpa.,IN,PTR,21597,dfw06s47-in-f14.1e100.net. \ 206.218.58.216.in-addr.arpa.,IN,PTR,21597,dfw06s47-in-f206.1e100.net. \ 206.218.58.216.in-addr.arpa.,IN,PTR,21597,dfw06s47-in-f14.1e100.net. 0 0 -[54] 2018-01-10 11:22:43.167733 [#104 dnso1tcp.pcap-dist 4095] \ +[54] 2018-01-10 11:22:43.167733 [#104 dnso1tcp.pcap 4095] \ [172.17.0.8].51388 [8.8.8.8].53 -[80] 2018-01-10 11:22:43.211417 [#105 dnso1tcp.pcap-dist 4095] \ +[80] 2018-01-10 11:22:43.211417 [#105 dnso1tcp.pcap 4095] \ [172.17.0.8].51388 [8.8.8.8].53 \ dns QUERY,NOERROR,41808,rd \ 1 google.com.,IN,A 0 0 0 -[98] 2018-01-10 11:22:43.216686 [#106 dnso1tcp.pcap-dist 4095] \ +[98] 2018-01-10 11:22:43.216686 [#106 dnso1tcp.pcap 4095] \ [8.8.8.8].53 [172.17.0.8].51388 \ dns QUERY,NOERROR,41808,qr|rd|ra \ 1 google.com.,IN,A \ 1 google.com.,IN,A,56,216.58.211.142 0 0 -[54] 2018-01-10 11:22:43.217042 [#107 dnso1tcp.pcap-dist 4095] \ +[54] 2018-01-10 11:22:43.217042 [#107 dnso1tcp.pcap 4095] \ [172.17.0.8].51388 [8.8.8.8].53 -[97] 2018-01-10 11:22:43.260995 [#108 dnso1tcp.pcap-dist 4095] \ +[97] 2018-01-10 11:22:43.260995 [#108 dnso1tcp.pcap 4095] \ [172.17.0.8].51388 [8.8.8.8].53 \ dns QUERY,NOERROR,18886,rd \ 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 -[197] 2018-01-10 11:22:43.265047 [#109 dnso1tcp.pcap-dist 4095] \ +[197] 2018-01-10 11:22:43.265047 [#109 dnso1tcp.pcap 4095] \ [8.8.8.8].53 [172.17.0.8].51388 \ dns QUERY,NOERROR,18886,qr|rd|ra \ 1 206.218.58.216.in-addr.arpa.,IN,PTR \ @@ -443,24 +443,24 @@ 206.218.58.216.in-addr.arpa.,IN,PTR,21597,dfw06s47-in-f14.1e100.net. \ 206.218.58.216.in-addr.arpa.,IN,PTR,21597,dfw06s47-in-f206.1e100.net. \ 206.218.58.216.in-addr.arpa.,IN,PTR,21597,dfw06s47-in-f14.1e100.net. 0 0 -[54] 2018-01-10 11:22:43.265399 [#110 dnso1tcp.pcap-dist 4095] \ +[54] 2018-01-10 11:22:43.265399 [#110 dnso1tcp.pcap 4095] \ [172.17.0.8].51388 [8.8.8.8].53 -[80] 2018-01-10 11:22:43.310017 [#111 dnso1tcp.pcap-dist 4095] \ +[80] 2018-01-10 11:22:43.310017 [#111 dnso1tcp.pcap 4095] \ [172.17.0.8].51388 [8.8.8.8].53 \ dns QUERY,NOERROR,10624,rd \ 1 google.com.,IN,A 0 0 0 -[98] 2018-01-10 11:22:43.313596 [#112 dnso1tcp.pcap-dist 4095] \ +[98] 2018-01-10 11:22:43.313596 [#112 dnso1tcp.pcap 4095] \ [8.8.8.8].53 [172.17.0.8].51388 \ dns QUERY,NOERROR,10624,qr|rd|ra \ 1 google.com.,IN,A \ 1 google.com.,IN,A,56,216.58.211.142 0 0 -[54] 2018-01-10 11:22:43.313685 [#113 dnso1tcp.pcap-dist 4095] \ +[54] 2018-01-10 11:22:43.313685 [#113 dnso1tcp.pcap 4095] \ [172.17.0.8].51388 [8.8.8.8].53 -[97] 2018-01-10 11:22:43.356802 [#114 dnso1tcp.pcap-dist 4095] \ +[97] 2018-01-10 11:22:43.356802 [#114 dnso1tcp.pcap 4095] \ [172.17.0.8].51388 [8.8.8.8].53 \ dns QUERY,NOERROR,33139,rd \ 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 -[197] 2018-01-10 11:22:43.360685 [#115 dnso1tcp.pcap-dist 4095] \ +[197] 2018-01-10 11:22:43.360685 [#115 dnso1tcp.pcap 4095] \ [8.8.8.8].53 [172.17.0.8].51388 \ dns QUERY,NOERROR,33139,qr|rd|ra \ 1 206.218.58.216.in-addr.arpa.,IN,PTR \ @@ -468,24 +468,24 @@ 206.218.58.216.in-addr.arpa.,IN,PTR,21597,dfw06s47-in-f14.1e100.net. \ 206.218.58.216.in-addr.arpa.,IN,PTR,21597,dfw06s47-in-f206.1e100.net. \ 206.218.58.216.in-addr.arpa.,IN,PTR,21597,dfw06s47-in-f14.1e100.net. 0 0 -[54] 2018-01-10 11:22:43.360864 [#116 dnso1tcp.pcap-dist 4095] \ +[54] 2018-01-10 11:22:43.360864 [#116 dnso1tcp.pcap 4095] \ [172.17.0.8].51388 [8.8.8.8].53 -[80] 2018-01-10 11:22:43.406308 [#117 dnso1tcp.pcap-dist 4095] \ +[80] 2018-01-10 11:22:43.406308 [#117 dnso1tcp.pcap 4095] \ [172.17.0.8].51388 [8.8.8.8].53 \ dns QUERY,NOERROR,61415,rd \ 1 google.com.,IN,A 0 0 0 -[98] 2018-01-10 11:22:43.410191 [#118 dnso1tcp.pcap-dist 4095] \ +[98] 2018-01-10 11:22:43.410191 [#118 dnso1tcp.pcap 4095] \ [8.8.8.8].53 [172.17.0.8].51388 \ dns QUERY,NOERROR,61415,qr|rd|ra \ 1 google.com.,IN,A \ 1 google.com.,IN,A,56,216.58.211.142 0 0 -[54] 2018-01-10 11:22:43.410440 [#119 dnso1tcp.pcap-dist 4095] \ +[54] 2018-01-10 11:22:43.410440 [#119 dnso1tcp.pcap 4095] \ [172.17.0.8].51388 [8.8.8.8].53 -[97] 2018-01-10 11:22:43.454193 [#120 dnso1tcp.pcap-dist 4095] \ +[97] 2018-01-10 11:22:43.454193 [#120 dnso1tcp.pcap 4095] \ [172.17.0.8].51388 [8.8.8.8].53 \ dns QUERY,NOERROR,59258,rd \ 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 -[197] 2018-01-10 11:22:43.458191 [#121 dnso1tcp.pcap-dist 4095] \ +[197] 2018-01-10 11:22:43.458191 [#121 dnso1tcp.pcap 4095] \ [8.8.8.8].53 [172.17.0.8].51388 \ dns QUERY,NOERROR,59258,qr|rd|ra \ 1 206.218.58.216.in-addr.arpa.,IN,PTR \ @@ -493,20 +493,20 @@ 206.218.58.216.in-addr.arpa.,IN,PTR,21597,dfw06s47-in-f14.1e100.net. \ 206.218.58.216.in-addr.arpa.,IN,PTR,21597,dfw06s47-in-f206.1e100.net. \ 206.218.58.216.in-addr.arpa.,IN,PTR,21597,dfw06s47-in-f14.1e100.net. 0 0 -[54] 2018-01-10 11:22:43.458511 [#122 dnso1tcp.pcap-dist 4095] \ +[54] 2018-01-10 11:22:43.458511 [#122 dnso1tcp.pcap 4095] \ [172.17.0.8].51388 [8.8.8.8].53 -[80] 2018-01-10 11:22:43.503242 [#123 dnso1tcp.pcap-dist 4095] \ +[80] 2018-01-10 11:22:43.503242 [#123 dnso1tcp.pcap 4095] \ [172.17.0.8].51388 [8.8.8.8].53 \ dns QUERY,NOERROR,17700,rd \ 1 google.com.,IN,A 0 0 0 -[98] 2018-01-10 11:22:43.506884 [#124 dnso1tcp.pcap-dist 4095] \ +[98] 2018-01-10 11:22:43.506884 [#124 dnso1tcp.pcap 4095] \ [8.8.8.8].53 [172.17.0.8].51388 \ dns QUERY,NOERROR,17700,qr|rd|ra \ 1 google.com.,IN,A \ 1 google.com.,IN,A,56,216.58.211.142 0 0 -[52] 2018-01-10 11:22:43.507821 [#125 dnso1tcp.pcap-dist 4095] \ +[52] 2018-01-10 11:22:43.507821 [#125 dnso1tcp.pcap 4095] \ [172.17.0.8].51388 [8.8.8.8].53 -[52] 2018-01-10 11:22:43.511351 [#126 dnso1tcp.pcap-dist 4095] \ +[52] 2018-01-10 11:22:43.511351 [#126 dnso1tcp.pcap 4095] \ [8.8.8.8].53 [172.17.0.8].51388 1515583361.543825 172.17.0.8 51388 8.8.8.8 53 6 1515583361.548834 8.8.8.8 53 172.17.0.8 51388 6 @@ -635,40 +635,40 @@ 1515583363.506884 8.8.8.8 53 172.17.0.8 51388 6 17700 0 0 |QR|RD|RA| IN A google.com. 1515583363.507821 172.17.0.8 51388 8.8.8.8 53 6 1515583363.511351 8.8.8.8 53 172.17.0.8 51388 6 -[52] 2017-12-11 13:59:04.957247 [#0 1qtcpnosyn.pcap-dist 4095] \ +[52] 2017-12-11 13:59:04.957247 [#0 1qtcpnosyn.pcap 4095] \ [172.17.0.9].48613 [8.8.8.8].53 -[52] 2017-12-11 13:59:04.960230 [#1 1qtcpnosyn.pcap-dist 4095] \ +[52] 2017-12-11 13:59:04.960230 [#1 1qtcpnosyn.pcap 4095] \ [8.8.8.8].53 [172.17.0.9].48613 1513000744.957247 172.17.0.9 48613 8.8.8.8 53 6 1513000744.960230 8.8.8.8 53 172.17.0.9 48613 6 -[60] 2018-01-10 11:22:41.543825 [#0 dnso1tcp-midmiss.pcap-dist 4095] \ +[60] 2018-01-10 11:22:41.543825 [#0 dnso1tcp-midmiss.pcap 4095] \ [172.17.0.8].51388 [8.8.8.8].53 -[60] 2018-01-10 11:22:41.548834 [#1 dnso1tcp-midmiss.pcap-dist 4095] \ +[60] 2018-01-10 11:22:41.548834 [#1 dnso1tcp-midmiss.pcap 4095] \ [8.8.8.8].53 [172.17.0.8].51388 -[54] 2018-01-10 11:22:41.548947 [#2 dnso1tcp-midmiss.pcap-dist 4095] \ +[54] 2018-01-10 11:22:41.548947 [#2 dnso1tcp-midmiss.pcap 4095] \ [172.17.0.8].51388 [8.8.8.8].53 -[80] 2018-01-10 11:22:41.552406 [#3 dnso1tcp-midmiss.pcap-dist 4095] \ +[80] 2018-01-10 11:22:41.552406 [#3 dnso1tcp-midmiss.pcap 4095] \ [172.17.0.8].51388 [8.8.8.8].53 \ dns QUERY,NOERROR,59311,rd \ 1 google.com.,IN,A 0 0 0 -[98] 2018-01-10 11:22:41.555912 [#4 dnso1tcp-midmiss.pcap-dist 4095] \ +[98] 2018-01-10 11:22:41.555912 [#4 dnso1tcp-midmiss.pcap 4095] \ [8.8.8.8].53 [172.17.0.8].51388 \ dns QUERY,NOERROR,59311,qr|rd|ra \ 1 google.com.,IN,A \ 1 google.com.,IN,A,58,216.58.211.142 0 0 -[54] 2018-01-10 11:22:41.556032 [#5 dnso1tcp-midmiss.pcap-dist 4095] \ +[54] 2018-01-10 11:22:41.556032 [#5 dnso1tcp-midmiss.pcap 4095] \ [172.17.0.8].51388 [8.8.8.8].53 -[97] 2018-01-10 11:22:41.600183 [#6 dnso1tcp-midmiss.pcap-dist 4095] \ +[97] 2018-01-10 11:22:41.600183 [#6 dnso1tcp-midmiss.pcap 4095] \ [172.17.0.8].51388 [8.8.8.8].53 \ dns QUERY,NOERROR,35665,rd \ 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 -[98] 2018-01-10 11:22:41.663576 [#7 dnso1tcp-midmiss.pcap-dist 4095] \ +[98] 2018-01-10 11:22:41.663576 [#7 dnso1tcp-midmiss.pcap 4095] \ [8.8.8.8].53 [172.17.0.8].51388 -[54] 2018-01-10 11:22:41.663734 [#8 dnso1tcp-midmiss.pcap-dist 4095] \ +[54] 2018-01-10 11:22:41.663734 [#8 dnso1tcp-midmiss.pcap 4095] \ [172.17.0.8].51388 [8.8.8.8].53 -[80] 2018-01-10 11:22:41.706183 [#9 dnso1tcp-midmiss.pcap-dist 4095] \ +[80] 2018-01-10 11:22:41.706183 [#9 dnso1tcp-midmiss.pcap 4095] \ [172.17.0.8].51388 [8.8.8.8].53 -[98] 2018-01-10 11:22:41.709680 [#10 dnso1tcp-midmiss.pcap-dist 4095] \ +[98] 2018-01-10 11:22:41.709680 [#10 dnso1tcp-midmiss.pcap 4095] \ [8.8.8.8].53 [172.17.0.8].51388 1515583361.543825 172.17.0.8 51388 8.8.8.8 53 6 1515583361.548834 8.8.8.8 53 172.17.0.8 51388 6 @@ -684,28 +684,28 @@ Enabling parse_ongoing_tcp and allow_reset_tcpstate -[60] 2018-01-10 11:22:41.543825 [#0 dnso1tcp.pcap-dist 4095] \ +[60] 2018-01-10 11:22:41.543825 [#0 dnso1tcp.pcap 4095] \ [172.17.0.8].51388 [8.8.8.8].53 -[60] 2018-01-10 11:22:41.548834 [#1 dnso1tcp.pcap-dist 4095] \ +[60] 2018-01-10 11:22:41.548834 [#1 dnso1tcp.pcap 4095] \ [8.8.8.8].53 [172.17.0.8].51388 -[54] 2018-01-10 11:22:41.548947 [#2 dnso1tcp.pcap-dist 4095] \ +[54] 2018-01-10 11:22:41.548947 [#2 dnso1tcp.pcap 4095] \ [172.17.0.8].51388 [8.8.8.8].53 -[80] 2018-01-10 11:22:41.552406 [#3 dnso1tcp.pcap-dist 4095] \ +[80] 2018-01-10 11:22:41.552406 [#3 dnso1tcp.pcap 4095] \ [172.17.0.8].51388 [8.8.8.8].53 \ dns QUERY,NOERROR,59311,rd \ 1 google.com.,IN,A 0 0 0 -[98] 2018-01-10 11:22:41.555912 [#4 dnso1tcp.pcap-dist 4095] \ +[98] 2018-01-10 11:22:41.555912 [#4 dnso1tcp.pcap 4095] \ [8.8.8.8].53 [172.17.0.8].51388 \ dns QUERY,NOERROR,59311,qr|rd|ra \ 1 google.com.,IN,A \ 1 google.com.,IN,A,58,216.58.211.142 0 0 -[54] 2018-01-10 11:22:41.556032 [#5 dnso1tcp.pcap-dist 4095] \ +[54] 2018-01-10 11:22:41.556032 [#5 dnso1tcp.pcap 4095] \ [172.17.0.8].51388 [8.8.8.8].53 -[97] 2018-01-10 11:22:41.600183 [#6 dnso1tcp.pcap-dist 4095] \ +[97] 2018-01-10 11:22:41.600183 [#6 dnso1tcp.pcap 4095] \ [172.17.0.8].51388 [8.8.8.8].53 \ dns QUERY,NOERROR,35665,rd \ 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 -[197] 2018-01-10 11:22:41.616460 [#7 dnso1tcp.pcap-dist 4095] \ +[197] 2018-01-10 11:22:41.616460 [#7 dnso1tcp.pcap 4095] \ [8.8.8.8].53 [172.17.0.8].51388 \ dns QUERY,NOERROR,35665,qr|rd|ra \ 1 206.218.58.216.in-addr.arpa.,IN,PTR \ @@ -713,35 +713,35 @@ Enabling parse_ongoing_tcp and allow_reset_tcpstate 206.218.58.216.in-addr.arpa.,IN,PTR,21599,dfw06s47-in-f14.1e100.net. \ 206.218.58.216.in-addr.arpa.,IN,PTR,21599,dfw06s47-in-f206.1e100.net. \ 206.218.58.216.in-addr.arpa.,IN,PTR,21599,dfw06s47-in-f14.1e100.net. 0 0 -[54] 2018-01-10 11:22:41.616663 [#8 dnso1tcp.pcap-dist 4095] \ +[54] 2018-01-10 11:22:41.616663 [#8 dnso1tcp.pcap 4095] \ [172.17.0.8].51388 [8.8.8.8].53 -[80] 2018-01-10 11:22:41.659921 [#9 dnso1tcp.pcap-dist 4095] \ +[80] 2018-01-10 11:22:41.659921 [#9 dnso1tcp.pcap 4095] \ [172.17.0.8].51388 [8.8.8.8].53 \ dns QUERY,NOERROR,5337,rd \ 1 google.com.,IN,A 0 0 0 -[98] 2018-01-10 11:22:41.663576 [#10 dnso1tcp.pcap-dist 4095] \ +[98] 2018-01-10 11:22:41.663576 [#10 dnso1tcp.pcap 4095] \ [8.8.8.8].53 [172.17.0.8].51388 \ dns QUERY,NOERROR,5337,qr|rd|ra \ 1 google.com.,IN,A \ 1 google.com.,IN,A,58,216.58.211.142 0 0 -[54] 2018-01-10 11:22:41.663734 [#11 dnso1tcp.pcap-dist 4095] \ +[54] 2018-01-10 11:22:41.663734 [#11 dnso1tcp.pcap 4095] \ [172.17.0.8].51388 [8.8.8.8].53 -[80] 2018-01-10 11:22:41.706183 [#12 dnso1tcp.pcap-dist 4095] \ +[80] 2018-01-10 11:22:41.706183 [#12 dnso1tcp.pcap 4095] \ [172.17.0.8].51388 [8.8.8.8].53 \ dns QUERY,NOERROR,22982,rd \ 1 google.com.,IN,A 0 0 0 -[98] 2018-01-10 11:22:41.709680 [#13 dnso1tcp.pcap-dist 4095] \ +[98] 2018-01-10 11:22:41.709680 [#13 dnso1tcp.pcap 4095] \ [8.8.8.8].53 [172.17.0.8].51388 \ dns QUERY,NOERROR,22982,qr|rd|ra \ 1 google.com.,IN,A \ 1 google.com.,IN,A,58,216.58.211.142 0 0 -[54] 2018-01-10 11:22:41.709779 [#14 dnso1tcp.pcap-dist 4095] \ +[54] 2018-01-10 11:22:41.709779 [#14 dnso1tcp.pcap 4095] \ [172.17.0.8].51388 [8.8.8.8].53 -[97] 2018-01-10 11:22:41.754101 [#15 dnso1tcp.pcap-dist 4095] \ +[97] 2018-01-10 11:22:41.754101 [#15 dnso1tcp.pcap 4095] \ [172.17.0.8].51388 [8.8.8.8].53 \ dns QUERY,NOERROR,18718,rd \ 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 -[197] 2018-01-10 11:22:41.757876 [#16 dnso1tcp.pcap-dist 4095] \ +[197] 2018-01-10 11:22:41.757876 [#16 dnso1tcp.pcap 4095] \ [8.8.8.8].53 [172.17.0.8].51388 \ dns QUERY,NOERROR,18718,qr|rd|ra \ 1 206.218.58.216.in-addr.arpa.,IN,PTR \ @@ -749,35 +749,35 @@ Enabling parse_ongoing_tcp and allow_reset_tcpstate 206.218.58.216.in-addr.arpa.,IN,PTR,21599,dfw06s47-in-f14.1e100.net. \ 206.218.58.216.in-addr.arpa.,IN,PTR,21599,dfw06s47-in-f206.1e100.net. \ 206.218.58.216.in-addr.arpa.,IN,PTR,21599,dfw06s47-in-f14.1e100.net. 0 0 -[54] 2018-01-10 11:22:41.758191 [#17 dnso1tcp.pcap-dist 4095] \ +[54] 2018-01-10 11:22:41.758191 [#17 dnso1tcp.pcap 4095] \ [172.17.0.8].51388 [8.8.8.8].53 -[80] 2018-01-10 11:22:41.804255 [#18 dnso1tcp.pcap-dist 4095] \ +[80] 2018-01-10 11:22:41.804255 [#18 dnso1tcp.pcap 4095] \ [172.17.0.8].51388 [8.8.8.8].53 \ dns QUERY,NOERROR,22531,rd \ 1 google.com.,IN,A 0 0 0 -[98] 2018-01-10 11:22:41.809483 [#19 dnso1tcp.pcap-dist 4095] \ +[98] 2018-01-10 11:22:41.809483 [#19 dnso1tcp.pcap 4095] \ [8.8.8.8].53 [172.17.0.8].51388 \ dns QUERY,NOERROR,22531,qr|rd|ra \ 1 google.com.,IN,A \ 1 google.com.,IN,A,58,216.58.211.142 0 0 -[54] 2018-01-10 11:22:41.809780 [#20 dnso1tcp.pcap-dist 4095] \ +[54] 2018-01-10 11:22:41.809780 [#20 dnso1tcp.pcap 4095] \ [172.17.0.8].51388 [8.8.8.8].53 -[80] 2018-01-10 11:22:41.854113 [#21 dnso1tcp.pcap-dist 4095] \ +[80] 2018-01-10 11:22:41.854113 [#21 dnso1tcp.pcap 4095] \ [172.17.0.8].51388 [8.8.8.8].53 \ dns QUERY,NOERROR,58510,rd \ 1 google.com.,IN,A 0 0 0 -[98] 2018-01-10 11:22:41.857788 [#22 dnso1tcp.pcap-dist 4095] \ +[98] 2018-01-10 11:22:41.857788 [#22 dnso1tcp.pcap 4095] \ [8.8.8.8].53 [172.17.0.8].51388 \ dns QUERY,NOERROR,58510,qr|rd|ra \ 1 google.com.,IN,A \ 1 google.com.,IN,A,58,216.58.211.142 0 0 -[54] 2018-01-10 11:22:41.858002 [#23 dnso1tcp.pcap-dist 4095] \ +[54] 2018-01-10 11:22:41.858002 [#23 dnso1tcp.pcap 4095] \ [172.17.0.8].51388 [8.8.8.8].53 -[97] 2018-01-10 11:22:41.902165 [#24 dnso1tcp.pcap-dist 4095] \ +[97] 2018-01-10 11:22:41.902165 [#24 dnso1tcp.pcap 4095] \ [172.17.0.8].51388 [8.8.8.8].53 \ dns QUERY,NOERROR,45248,rd \ 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 -[197] 2018-01-10 11:22:41.905802 [#25 dnso1tcp.pcap-dist 4095] \ +[197] 2018-01-10 11:22:41.905802 [#25 dnso1tcp.pcap 4095] \ [8.8.8.8].53 [172.17.0.8].51388 \ dns QUERY,NOERROR,45248,qr|rd|ra \ 1 206.218.58.216.in-addr.arpa.,IN,PTR \ @@ -785,35 +785,35 @@ Enabling parse_ongoing_tcp and allow_reset_tcpstate 206.218.58.216.in-addr.arpa.,IN,PTR,21599,dfw06s47-in-f14.1e100.net. \ 206.218.58.216.in-addr.arpa.,IN,PTR,21599,dfw06s47-in-f206.1e100.net. \ 206.218.58.216.in-addr.arpa.,IN,PTR,21599,dfw06s47-in-f14.1e100.net. 0 0 -[54] 2018-01-10 11:22:41.905918 [#26 dnso1tcp.pcap-dist 4095] \ +[54] 2018-01-10 11:22:41.905918 [#26 dnso1tcp.pcap 4095] \ [172.17.0.8].51388 [8.8.8.8].53 -[80] 2018-01-10 11:22:41.950164 [#27 dnso1tcp.pcap-dist 4095] \ +[80] 2018-01-10 11:22:41.950164 [#27 dnso1tcp.pcap 4095] \ [172.17.0.8].51388 [8.8.8.8].53 \ dns QUERY,NOERROR,49483,rd \ 1 google.com.,IN,A 0 0 0 -[98] 2018-01-10 11:22:41.954138 [#28 dnso1tcp.pcap-dist 4095] \ +[98] 2018-01-10 11:22:41.954138 [#28 dnso1tcp.pcap 4095] \ [8.8.8.8].53 [172.17.0.8].51388 \ dns QUERY,NOERROR,49483,qr|rd|ra \ 1 google.com.,IN,A \ 1 google.com.,IN,A,57,216.58.211.142 0 0 -[54] 2018-01-10 11:22:41.954452 [#29 dnso1tcp.pcap-dist 4095] \ +[54] 2018-01-10 11:22:41.954452 [#29 dnso1tcp.pcap 4095] \ [172.17.0.8].51388 [8.8.8.8].53 -[80] 2018-01-10 11:22:41.999121 [#30 dnso1tcp.pcap-dist 4095] \ +[80] 2018-01-10 11:22:41.999121 [#30 dnso1tcp.pcap 4095] \ [172.17.0.8].51388 [8.8.8.8].53 \ dns QUERY,NOERROR,31669,rd \ 1 google.com.,IN,A 0 0 0 -[98] 2018-01-10 11:22:42.002657 [#31 dnso1tcp.pcap-dist 4095] \ +[98] 2018-01-10 11:22:42.002657 [#31 dnso1tcp.pcap 4095] \ [8.8.8.8].53 [172.17.0.8].51388 \ dns QUERY,NOERROR,31669,qr|rd|ra \ 1 google.com.,IN,A \ 1 google.com.,IN,A,57,216.58.211.142 0 0 -[54] 2018-01-10 11:22:42.002831 [#32 dnso1tcp.pcap-dist 4095] \ +[54] 2018-01-10 11:22:42.002831 [#32 dnso1tcp.pcap 4095] \ [172.17.0.8].51388 [8.8.8.8].53 -[97] 2018-01-10 11:22:42.047148 [#33 dnso1tcp.pcap-dist 4095] \ +[97] 2018-01-10 11:22:42.047148 [#33 dnso1tcp.pcap 4095] \ [172.17.0.8].51388 [8.8.8.8].53 \ dns QUERY,NOERROR,25433,rd \ 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 -[197] 2018-01-10 11:22:42.052425 [#34 dnso1tcp.pcap-dist 4095] \ +[197] 2018-01-10 11:22:42.052425 [#34 dnso1tcp.pcap 4095] \ [8.8.8.8].53 [172.17.0.8].51388 \ dns QUERY,NOERROR,25433,qr|rd|ra \ 1 206.218.58.216.in-addr.arpa.,IN,PTR \ @@ -821,24 +821,24 @@ Enabling parse_ongoing_tcp and allow_reset_tcpstate 206.218.58.216.in-addr.arpa.,IN,PTR,21598,dfw06s47-in-f14.1e100.net. \ 206.218.58.216.in-addr.arpa.,IN,PTR,21598,dfw06s47-in-f206.1e100.net. \ 206.218.58.216.in-addr.arpa.,IN,PTR,21598,dfw06s47-in-f14.1e100.net. 0 0 -[54] 2018-01-10 11:22:42.052901 [#35 dnso1tcp.pcap-dist 4095] \ +[54] 2018-01-10 11:22:42.052901 [#35 dnso1tcp.pcap 4095] \ [172.17.0.8].51388 [8.8.8.8].53 -[80] 2018-01-10 11:22:42.097899 [#36 dnso1tcp.pcap-dist 4095] \ +[80] 2018-01-10 11:22:42.097899 [#36 dnso1tcp.pcap 4095] \ [172.17.0.8].51388 [8.8.8.8].53 \ dns QUERY,NOERROR,63798,rd \ 1 google.com.,IN,A 0 0 0 -[98] 2018-01-10 11:22:42.101443 [#37 dnso1tcp.pcap-dist 4095] \ +[98] 2018-01-10 11:22:42.101443 [#37 dnso1tcp.pcap 4095] \ [8.8.8.8].53 [172.17.0.8].51388 \ dns QUERY,NOERROR,63798,qr|rd|ra \ 1 google.com.,IN,A \ 1 google.com.,IN,A,57,216.58.211.142 0 0 -[54] 2018-01-10 11:22:42.101553 [#38 dnso1tcp.pcap-dist 4095] \ +[54] 2018-01-10 11:22:42.101553 [#38 dnso1tcp.pcap 4095] \ [172.17.0.8].51388 [8.8.8.8].53 -[97] 2018-01-10 11:22:42.145005 [#39 dnso1tcp.pcap-dist 4095] \ +[97] 2018-01-10 11:22:42.145005 [#39 dnso1tcp.pcap 4095] \ [172.17.0.8].51388 [8.8.8.8].53 \ dns QUERY,NOERROR,8470,rd \ 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 -[197] 2018-01-10 11:22:42.148639 [#40 dnso1tcp.pcap-dist 4095] \ +[197] 2018-01-10 11:22:42.148639 [#40 dnso1tcp.pcap 4095] \ [8.8.8.8].53 [172.17.0.8].51388 \ dns QUERY,NOERROR,8470,qr|rd|ra \ 1 206.218.58.216.in-addr.arpa.,IN,PTR \ @@ -846,24 +846,24 @@ Enabling parse_ongoing_tcp and allow_reset_tcpstate 206.218.58.216.in-addr.arpa.,IN,PTR,21598,dfw06s47-in-f14.1e100.net. \ 206.218.58.216.in-addr.arpa.,IN,PTR,21598,dfw06s47-in-f206.1e100.net. \ 206.218.58.216.in-addr.arpa.,IN,PTR,21598,dfw06s47-in-f14.1e100.net. 0 0 -[54] 2018-01-10 11:22:42.148770 [#41 dnso1tcp.pcap-dist 4095] \ +[54] 2018-01-10 11:22:42.148770 [#41 dnso1tcp.pcap 4095] \ [172.17.0.8].51388 [8.8.8.8].53 -[80] 2018-01-10 11:22:42.192777 [#42 dnso1tcp.pcap-dist 4095] \ +[80] 2018-01-10 11:22:42.192777 [#42 dnso1tcp.pcap 4095] \ [172.17.0.8].51388 [8.8.8.8].53 \ dns QUERY,NOERROR,60258,rd \ 1 google.com.,IN,A 0 0 0 -[98] 2018-01-10 11:22:42.196256 [#43 dnso1tcp.pcap-dist 4095] \ +[98] 2018-01-10 11:22:42.196256 [#43 dnso1tcp.pcap 4095] \ [8.8.8.8].53 [172.17.0.8].51388 \ dns QUERY,NOERROR,60258,qr|rd|ra \ 1 google.com.,IN,A \ 1 google.com.,IN,A,57,216.58.211.142 0 0 -[54] 2018-01-10 11:22:42.196471 [#44 dnso1tcp.pcap-dist 4095] \ +[54] 2018-01-10 11:22:42.196471 [#44 dnso1tcp.pcap 4095] \ [172.17.0.8].51388 [8.8.8.8].53 -[97] 2018-01-10 11:22:42.240395 [#45 dnso1tcp.pcap-dist 4095] \ +[97] 2018-01-10 11:22:42.240395 [#45 dnso1tcp.pcap 4095] \ [172.17.0.8].51388 [8.8.8.8].53 \ dns QUERY,NOERROR,44985,rd \ 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 -[197] 2018-01-10 11:22:42.245103 [#46 dnso1tcp.pcap-dist 4095] \ +[197] 2018-01-10 11:22:42.245103 [#46 dnso1tcp.pcap 4095] \ [8.8.8.8].53 [172.17.0.8].51388 \ dns QUERY,NOERROR,44985,qr|rd|ra \ 1 206.218.58.216.in-addr.arpa.,IN,PTR \ @@ -871,24 +871,24 @@ Enabling parse_ongoing_tcp and allow_reset_tcpstate 206.218.58.216.in-addr.arpa.,IN,PTR,21598,dfw06s47-in-f14.1e100.net. \ 206.218.58.216.in-addr.arpa.,IN,PTR,21598,dfw06s47-in-f206.1e100.net. \ 206.218.58.216.in-addr.arpa.,IN,PTR,21598,dfw06s47-in-f14.1e100.net. 0 0 -[54] 2018-01-10 11:22:42.245585 [#47 dnso1tcp.pcap-dist 4095] \ +[54] 2018-01-10 11:22:42.245585 [#47 dnso1tcp.pcap 4095] \ [172.17.0.8].51388 [8.8.8.8].53 -[80] 2018-01-10 11:22:42.290257 [#48 dnso1tcp.pcap-dist 4095] \ +[80] 2018-01-10 11:22:42.290257 [#48 dnso1tcp.pcap 4095] \ [172.17.0.8].51388 [8.8.8.8].53 \ dns QUERY,NOERROR,45512,rd \ 1 google.com.,IN,A 0 0 0 -[98] 2018-01-10 11:22:42.293978 [#49 dnso1tcp.pcap-dist 4095] \ +[98] 2018-01-10 11:22:42.293978 [#49 dnso1tcp.pcap 4095] \ [8.8.8.8].53 [172.17.0.8].51388 \ dns QUERY,NOERROR,45512,qr|rd|ra \ 1 google.com.,IN,A \ 1 google.com.,IN,A,57,216.58.211.142 0 0 -[54] 2018-01-10 11:22:42.294300 [#50 dnso1tcp.pcap-dist 4095] \ +[54] 2018-01-10 11:22:42.294300 [#50 dnso1tcp.pcap 4095] \ [172.17.0.8].51388 [8.8.8.8].53 -[97] 2018-01-10 11:22:42.337985 [#51 dnso1tcp.pcap-dist 4095] \ +[97] 2018-01-10 11:22:42.337985 [#51 dnso1tcp.pcap 4095] \ [172.17.0.8].51388 [8.8.8.8].53 \ dns QUERY,NOERROR,22980,rd \ 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 -[197] 2018-01-10 11:22:42.341559 [#52 dnso1tcp.pcap-dist 4095] \ +[197] 2018-01-10 11:22:42.341559 [#52 dnso1tcp.pcap 4095] \ [8.8.8.8].53 [172.17.0.8].51388 \ dns QUERY,NOERROR,22980,qr|rd|ra \ 1 206.218.58.216.in-addr.arpa.,IN,PTR \ @@ -896,24 +896,24 @@ Enabling parse_ongoing_tcp and allow_reset_tcpstate 206.218.58.216.in-addr.arpa.,IN,PTR,21598,dfw06s47-in-f14.1e100.net. \ 206.218.58.216.in-addr.arpa.,IN,PTR,21598,dfw06s47-in-f206.1e100.net. \ 206.218.58.216.in-addr.arpa.,IN,PTR,21598,dfw06s47-in-f14.1e100.net. 0 0 -[54] 2018-01-10 11:22:42.341648 [#53 dnso1tcp.pcap-dist 4095] \ +[54] 2018-01-10 11:22:42.341648 [#53 dnso1tcp.pcap 4095] \ [172.17.0.8].51388 [8.8.8.8].53 -[80] 2018-01-10 11:22:42.385009 [#54 dnso1tcp.pcap-dist 4095] \ +[80] 2018-01-10 11:22:42.385009 [#54 dnso1tcp.pcap 4095] \ [172.17.0.8].51388 [8.8.8.8].53 \ dns QUERY,NOERROR,1834,rd \ 1 google.com.,IN,A 0 0 0 -[98] 2018-01-10 11:22:42.389082 [#55 dnso1tcp.pcap-dist 4095] \ +[98] 2018-01-10 11:22:42.389082 [#55 dnso1tcp.pcap 4095] \ [8.8.8.8].53 [172.17.0.8].51388 \ dns QUERY,NOERROR,1834,qr|rd|ra \ 1 google.com.,IN,A \ 1 google.com.,IN,A,57,216.58.211.142 0 0 -[54] 2018-01-10 11:22:42.389343 [#56 dnso1tcp.pcap-dist 4095] \ +[54] 2018-01-10 11:22:42.389343 [#56 dnso1tcp.pcap 4095] \ [172.17.0.8].51388 [8.8.8.8].53 -[97] 2018-01-10 11:22:42.433458 [#57 dnso1tcp.pcap-dist 4095] \ +[97] 2018-01-10 11:22:42.433458 [#57 dnso1tcp.pcap 4095] \ [172.17.0.8].51388 [8.8.8.8].53 \ dns QUERY,NOERROR,25431,rd \ 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 -[197] 2018-01-10 11:22:42.438748 [#58 dnso1tcp.pcap-dist 4095] \ +[197] 2018-01-10 11:22:42.438748 [#58 dnso1tcp.pcap 4095] \ [8.8.8.8].53 [172.17.0.8].51388 \ dns QUERY,NOERROR,25431,qr|rd|ra \ 1 206.218.58.216.in-addr.arpa.,IN,PTR \ @@ -921,24 +921,24 @@ Enabling parse_ongoing_tcp and allow_reset_tcpstate 206.218.58.216.in-addr.arpa.,IN,PTR,21598,dfw06s47-in-f14.1e100.net. \ 206.218.58.216.in-addr.arpa.,IN,PTR,21598,dfw06s47-in-f206.1e100.net. \ 206.218.58.216.in-addr.arpa.,IN,PTR,21598,dfw06s47-in-f14.1e100.net. 0 0 -[54] 2018-01-10 11:22:42.439060 [#59 dnso1tcp.pcap-dist 4095] \ +[54] 2018-01-10 11:22:42.439060 [#59 dnso1tcp.pcap 4095] \ [172.17.0.8].51388 [8.8.8.8].53 -[80] 2018-01-10 11:22:42.484005 [#60 dnso1tcp.pcap-dist 4095] \ +[80] 2018-01-10 11:22:42.484005 [#60 dnso1tcp.pcap 4095] \ [172.17.0.8].51388 [8.8.8.8].53 \ dns QUERY,NOERROR,48432,rd \ 1 google.com.,IN,A 0 0 0 -[98] 2018-01-10 11:22:42.487697 [#61 dnso1tcp.pcap-dist 4095] \ +[98] 2018-01-10 11:22:42.487697 [#61 dnso1tcp.pcap 4095] \ [8.8.8.8].53 [172.17.0.8].51388 \ dns QUERY,NOERROR,48432,qr|rd|ra \ 1 google.com.,IN,A \ 1 google.com.,IN,A,57,216.58.211.142 0 0 -[54] 2018-01-10 11:22:42.488035 [#62 dnso1tcp.pcap-dist 4095] \ +[54] 2018-01-10 11:22:42.488035 [#62 dnso1tcp.pcap 4095] \ [172.17.0.8].51388 [8.8.8.8].53 -[97] 2018-01-10 11:22:42.532414 [#63 dnso1tcp.pcap-dist 4095] \ +[97] 2018-01-10 11:22:42.532414 [#63 dnso1tcp.pcap 4095] \ [172.17.0.8].51388 [8.8.8.8].53 \ dns QUERY,NOERROR,47411,rd \ 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 -[197] 2018-01-10 11:22:42.537574 [#64 dnso1tcp.pcap-dist 4095] \ +[197] 2018-01-10 11:22:42.537574 [#64 dnso1tcp.pcap 4095] \ [8.8.8.8].53 [172.17.0.8].51388 \ dns QUERY,NOERROR,47411,qr|rd|ra \ 1 206.218.58.216.in-addr.arpa.,IN,PTR \ @@ -946,57 +946,57 @@ Enabling parse_ongoing_tcp and allow_reset_tcpstate 206.218.58.216.in-addr.arpa.,IN,PTR,21598,dfw06s47-in-f14.1e100.net. \ 206.218.58.216.in-addr.arpa.,IN,PTR,21598,dfw06s47-in-f206.1e100.net. \ 206.218.58.216.in-addr.arpa.,IN,PTR,21598,dfw06s47-in-f14.1e100.net. 0 0 -[54] 2018-01-10 11:22:42.537941 [#65 dnso1tcp.pcap-dist 4095] \ +[54] 2018-01-10 11:22:42.537941 [#65 dnso1tcp.pcap 4095] \ [172.17.0.8].51388 [8.8.8.8].53 -[80] 2018-01-10 11:22:42.583021 [#66 dnso1tcp.pcap-dist 4095] \ +[80] 2018-01-10 11:22:42.583021 [#66 dnso1tcp.pcap 4095] \ [172.17.0.8].51388 [8.8.8.8].53 \ dns QUERY,NOERROR,12038,rd \ 1 google.com.,IN,A 0 0 0 -[98] 2018-01-10 11:22:42.586898 [#67 dnso1tcp.pcap-dist 4095] \ +[98] 2018-01-10 11:22:42.586898 [#67 dnso1tcp.pcap 4095] \ [8.8.8.8].53 [172.17.0.8].51388 \ dns QUERY,NOERROR,12038,qr|rd|ra \ 1 google.com.,IN,A \ 1 google.com.,IN,A,57,216.58.211.142 0 0 -[54] 2018-01-10 11:22:42.587050 [#68 dnso1tcp.pcap-dist 4095] \ +[54] 2018-01-10 11:22:42.587050 [#68 dnso1tcp.pcap 4095] \ [172.17.0.8].51388 [8.8.8.8].53 -[80] 2018-01-10 11:22:42.630221 [#69 dnso1tcp.pcap-dist 4095] \ +[80] 2018-01-10 11:22:42.630221 [#69 dnso1tcp.pcap 4095] \ [172.17.0.8].51388 [8.8.8.8].53 \ dns QUERY,NOERROR,11614,rd \ 1 google.com.,IN,A 0 0 0 -[98] 2018-01-10 11:22:42.633808 [#70 dnso1tcp.pcap-dist 4095] \ +[98] 2018-01-10 11:22:42.633808 [#70 dnso1tcp.pcap 4095] \ [8.8.8.8].53 [172.17.0.8].51388 \ dns QUERY,NOERROR,11614,qr|rd|ra \ 1 google.com.,IN,A \ 1 google.com.,IN,A,57,216.58.211.142 0 0 -[54] 2018-01-10 11:22:42.634006 [#71 dnso1tcp.pcap-dist 4095] \ +[54] 2018-01-10 11:22:42.634006 [#71 dnso1tcp.pcap 4095] \ [172.17.0.8].51388 [8.8.8.8].53 -[80] 2018-01-10 11:22:42.679168 [#72 dnso1tcp.pcap-dist 4095] \ +[80] 2018-01-10 11:22:42.679168 [#72 dnso1tcp.pcap 4095] \ [172.17.0.8].51388 [8.8.8.8].53 \ dns QUERY,NOERROR,59173,rd \ 1 google.com.,IN,A 0 0 0 -[98] 2018-01-10 11:22:42.682888 [#73 dnso1tcp.pcap-dist 4095] \ +[98] 2018-01-10 11:22:42.682888 [#73 dnso1tcp.pcap 4095] \ [8.8.8.8].53 [172.17.0.8].51388 \ dns QUERY,NOERROR,59173,qr|rd|ra \ 1 google.com.,IN,A \ 1 google.com.,IN,A,57,216.58.211.142 0 0 -[54] 2018-01-10 11:22:42.683273 [#74 dnso1tcp.pcap-dist 4095] \ +[54] 2018-01-10 11:22:42.683273 [#74 dnso1tcp.pcap 4095] \ [172.17.0.8].51388 [8.8.8.8].53 -[80] 2018-01-10 11:22:42.727254 [#75 dnso1tcp.pcap-dist 4095] \ +[80] 2018-01-10 11:22:42.727254 [#75 dnso1tcp.pcap 4095] \ [172.17.0.8].51388 [8.8.8.8].53 \ dns QUERY,NOERROR,45535,rd \ 1 google.com.,IN,A 0 0 0 -[98] 2018-01-10 11:22:42.732703 [#76 dnso1tcp.pcap-dist 4095] \ +[98] 2018-01-10 11:22:42.732703 [#76 dnso1tcp.pcap 4095] \ [8.8.8.8].53 [172.17.0.8].51388 \ dns QUERY,NOERROR,45535,qr|rd|ra \ 1 google.com.,IN,A \ 1 google.com.,IN,A,57,216.58.211.142 0 0 -[54] 2018-01-10 11:22:42.733029 [#77 dnso1tcp.pcap-dist 4095] \ +[54] 2018-01-10 11:22:42.733029 [#77 dnso1tcp.pcap 4095] \ [172.17.0.8].51388 [8.8.8.8].53 -[97] 2018-01-10 11:22:42.777184 [#78 dnso1tcp.pcap-dist 4095] \ +[97] 2018-01-10 11:22:42.777184 [#78 dnso1tcp.pcap 4095] \ [172.17.0.8].51388 [8.8.8.8].53 \ dns QUERY,NOERROR,60808,rd \ 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 -[197] 2018-01-10 11:22:42.781053 [#79 dnso1tcp.pcap-dist 4095] \ +[197] 2018-01-10 11:22:42.781053 [#79 dnso1tcp.pcap 4095] \ [8.8.8.8].53 [172.17.0.8].51388 \ dns QUERY,NOERROR,60808,qr|rd|ra \ 1 206.218.58.216.in-addr.arpa.,IN,PTR \ @@ -1004,24 +1004,24 @@ Enabling parse_ongoing_tcp and allow_reset_tcpstate 206.218.58.216.in-addr.arpa.,IN,PTR,21598,dfw06s47-in-f14.1e100.net. \ 206.218.58.216.in-addr.arpa.,IN,PTR,21598,dfw06s47-in-f206.1e100.net. \ 206.218.58.216.in-addr.arpa.,IN,PTR,21598,dfw06s47-in-f14.1e100.net. 0 0 -[54] 2018-01-10 11:22:42.781416 [#80 dnso1tcp.pcap-dist 4095] \ +[54] 2018-01-10 11:22:42.781416 [#80 dnso1tcp.pcap 4095] \ [172.17.0.8].51388 [8.8.8.8].53 -[80] 2018-01-10 11:22:42.824222 [#81 dnso1tcp.pcap-dist 4095] \ +[80] 2018-01-10 11:22:42.824222 [#81 dnso1tcp.pcap 4095] \ [172.17.0.8].51388 [8.8.8.8].53 \ dns QUERY,NOERROR,64325,rd \ 1 google.com.,IN,A 0 0 0 -[98] 2018-01-10 11:22:42.828050 [#82 dnso1tcp.pcap-dist 4095] \ +[98] 2018-01-10 11:22:42.828050 [#82 dnso1tcp.pcap 4095] \ [8.8.8.8].53 [172.17.0.8].51388 \ dns QUERY,NOERROR,64325,qr|rd|ra \ 1 google.com.,IN,A \ 1 google.com.,IN,A,57,216.58.211.142 0 0 -[54] 2018-01-10 11:22:42.828346 [#83 dnso1tcp.pcap-dist 4095] \ +[54] 2018-01-10 11:22:42.828346 [#83 dnso1tcp.pcap 4095] \ [172.17.0.8].51388 [8.8.8.8].53 -[97] 2018-01-10 11:22:42.872186 [#84 dnso1tcp.pcap-dist 4095] \ +[97] 2018-01-10 11:22:42.872186 [#84 dnso1tcp.pcap 4095] \ [172.17.0.8].51388 [8.8.8.8].53 \ dns QUERY,NOERROR,25543,rd \ 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 -[197] 2018-01-10 11:22:42.875911 [#85 dnso1tcp.pcap-dist 4095] \ +[197] 2018-01-10 11:22:42.875911 [#85 dnso1tcp.pcap 4095] \ [8.8.8.8].53 [172.17.0.8].51388 \ dns QUERY,NOERROR,25543,qr|rd|ra \ 1 206.218.58.216.in-addr.arpa.,IN,PTR \ @@ -1029,24 +1029,24 @@ Enabling parse_ongoing_tcp and allow_reset_tcpstate 206.218.58.216.in-addr.arpa.,IN,PTR,21598,dfw06s47-in-f14.1e100.net. \ 206.218.58.216.in-addr.arpa.,IN,PTR,21598,dfw06s47-in-f206.1e100.net. \ 206.218.58.216.in-addr.arpa.,IN,PTR,21598,dfw06s47-in-f14.1e100.net. 0 0 -[54] 2018-01-10 11:22:42.876226 [#86 dnso1tcp.pcap-dist 4095] \ +[54] 2018-01-10 11:22:42.876226 [#86 dnso1tcp.pcap 4095] \ [172.17.0.8].51388 [8.8.8.8].53 -[80] 2018-01-10 11:22:42.920231 [#87 dnso1tcp.pcap-dist 4095] \ +[80] 2018-01-10 11:22:42.920231 [#87 dnso1tcp.pcap 4095] \ [172.17.0.8].51388 [8.8.8.8].53 \ dns QUERY,NOERROR,20736,rd \ 1 google.com.,IN,A 0 0 0 -[98] 2018-01-10 11:22:42.923917 [#88 dnso1tcp.pcap-dist 4095] \ +[98] 2018-01-10 11:22:42.923917 [#88 dnso1tcp.pcap 4095] \ [8.8.8.8].53 [172.17.0.8].51388 \ dns QUERY,NOERROR,20736,qr|rd|ra \ 1 google.com.,IN,A \ 1 google.com.,IN,A,57,216.58.211.142 0 0 -[54] 2018-01-10 11:22:42.924082 [#89 dnso1tcp.pcap-dist 4095] \ +[54] 2018-01-10 11:22:42.924082 [#89 dnso1tcp.pcap 4095] \ [172.17.0.8].51388 [8.8.8.8].53 -[97] 2018-01-10 11:22:42.968961 [#90 dnso1tcp.pcap-dist 4095] \ +[97] 2018-01-10 11:22:42.968961 [#90 dnso1tcp.pcap 4095] \ [172.17.0.8].51388 [8.8.8.8].53 \ dns QUERY,NOERROR,25911,rd \ 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 -[197] 2018-01-10 11:22:42.972662 [#91 dnso1tcp.pcap-dist 4095] \ +[197] 2018-01-10 11:22:42.972662 [#91 dnso1tcp.pcap 4095] \ [8.8.8.8].53 [172.17.0.8].51388 \ dns QUERY,NOERROR,25911,qr|rd|ra \ 1 206.218.58.216.in-addr.arpa.,IN,PTR \ @@ -1054,24 +1054,24 @@ Enabling parse_ongoing_tcp and allow_reset_tcpstate 206.218.58.216.in-addr.arpa.,IN,PTR,21597,dfw06s47-in-f14.1e100.net. \ 206.218.58.216.in-addr.arpa.,IN,PTR,21597,dfw06s47-in-f206.1e100.net. \ 206.218.58.216.in-addr.arpa.,IN,PTR,21597,dfw06s47-in-f14.1e100.net. 0 0 -[54] 2018-01-10 11:22:42.972972 [#92 dnso1tcp.pcap-dist 4095] \ +[54] 2018-01-10 11:22:42.972972 [#92 dnso1tcp.pcap 4095] \ [172.17.0.8].51388 [8.8.8.8].53 -[80] 2018-01-10 11:22:43.017364 [#93 dnso1tcp.pcap-dist 4095] \ +[80] 2018-01-10 11:22:43.017364 [#93 dnso1tcp.pcap 4095] \ [172.17.0.8].51388 [8.8.8.8].53 \ dns QUERY,NOERROR,64358,rd \ 1 google.com.,IN,A 0 0 0 -[98] 2018-01-10 11:22:43.022591 [#94 dnso1tcp.pcap-dist 4095] \ +[98] 2018-01-10 11:22:43.022591 [#94 dnso1tcp.pcap 4095] \ [8.8.8.8].53 [172.17.0.8].51388 \ dns QUERY,NOERROR,64358,qr|rd|ra \ 1 google.com.,IN,A \ 1 google.com.,IN,A,56,216.58.211.142 0 0 -[54] 2018-01-10 11:22:43.022938 [#95 dnso1tcp.pcap-dist 4095] \ +[54] 2018-01-10 11:22:43.022938 [#95 dnso1tcp.pcap 4095] \ [172.17.0.8].51388 [8.8.8.8].53 -[97] 2018-01-10 11:22:43.066765 [#96 dnso1tcp.pcap-dist 4095] \ +[97] 2018-01-10 11:22:43.066765 [#96 dnso1tcp.pcap 4095] \ [172.17.0.8].51388 [8.8.8.8].53 \ dns QUERY,NOERROR,37698,rd \ 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 -[197] 2018-01-10 11:22:43.070349 [#97 dnso1tcp.pcap-dist 4095] \ +[197] 2018-01-10 11:22:43.070349 [#97 dnso1tcp.pcap 4095] \ [8.8.8.8].53 [172.17.0.8].51388 \ dns QUERY,NOERROR,37698,qr|rd|ra \ 1 206.218.58.216.in-addr.arpa.,IN,PTR \ @@ -1079,24 +1079,24 @@ Enabling parse_ongoing_tcp and allow_reset_tcpstate 206.218.58.216.in-addr.arpa.,IN,PTR,21597,dfw06s47-in-f14.1e100.net. \ 206.218.58.216.in-addr.arpa.,IN,PTR,21597,dfw06s47-in-f206.1e100.net. \ 206.218.58.216.in-addr.arpa.,IN,PTR,21597,dfw06s47-in-f14.1e100.net. 0 0 -[54] 2018-01-10 11:22:43.070484 [#98 dnso1tcp.pcap-dist 4095] \ +[54] 2018-01-10 11:22:43.070484 [#98 dnso1tcp.pcap 4095] \ [172.17.0.8].51388 [8.8.8.8].53 -[80] 2018-01-10 11:22:43.114332 [#99 dnso1tcp.pcap-dist 4095] \ +[80] 2018-01-10 11:22:43.114332 [#99 dnso1tcp.pcap 4095] \ [172.17.0.8].51388 [8.8.8.8].53 \ dns QUERY,NOERROR,54706,rd \ 1 google.com.,IN,A 0 0 0 -[98] 2018-01-10 11:22:43.119538 [#100 dnso1tcp.pcap-dist 4095] \ +[98] 2018-01-10 11:22:43.119538 [#100 dnso1tcp.pcap 4095] \ [8.8.8.8].53 [172.17.0.8].51388 \ dns QUERY,NOERROR,54706,qr|rd|ra \ 1 google.com.,IN,A \ 1 google.com.,IN,A,56,216.58.211.142 0 0 -[54] 2018-01-10 11:22:43.119857 [#101 dnso1tcp.pcap-dist 4095] \ +[54] 2018-01-10 11:22:43.119857 [#101 dnso1tcp.pcap 4095] \ [172.17.0.8].51388 [8.8.8.8].53 -[97] 2018-01-10 11:22:43.163857 [#102 dnso1tcp.pcap-dist 4095] \ +[97] 2018-01-10 11:22:43.163857 [#102 dnso1tcp.pcap 4095] \ [172.17.0.8].51388 [8.8.8.8].53 \ dns QUERY,NOERROR,32142,rd \ 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 -[197] 2018-01-10 11:22:43.167576 [#103 dnso1tcp.pcap-dist 4095] \ +[197] 2018-01-10 11:22:43.167576 [#103 dnso1tcp.pcap 4095] \ [8.8.8.8].53 [172.17.0.8].51388 \ dns QUERY,NOERROR,32142,qr|rd|ra \ 1 206.218.58.216.in-addr.arpa.,IN,PTR \ @@ -1104,24 +1104,24 @@ Enabling parse_ongoing_tcp and allow_reset_tcpstate 206.218.58.216.in-addr.arpa.,IN,PTR,21597,dfw06s47-in-f14.1e100.net. \ 206.218.58.216.in-addr.arpa.,IN,PTR,21597,dfw06s47-in-f206.1e100.net. \ 206.218.58.216.in-addr.arpa.,IN,PTR,21597,dfw06s47-in-f14.1e100.net. 0 0 -[54] 2018-01-10 11:22:43.167733 [#104 dnso1tcp.pcap-dist 4095] \ +[54] 2018-01-10 11:22:43.167733 [#104 dnso1tcp.pcap 4095] \ [172.17.0.8].51388 [8.8.8.8].53 -[80] 2018-01-10 11:22:43.211417 [#105 dnso1tcp.pcap-dist 4095] \ +[80] 2018-01-10 11:22:43.211417 [#105 dnso1tcp.pcap 4095] \ [172.17.0.8].51388 [8.8.8.8].53 \ dns QUERY,NOERROR,41808,rd \ 1 google.com.,IN,A 0 0 0 -[98] 2018-01-10 11:22:43.216686 [#106 dnso1tcp.pcap-dist 4095] \ +[98] 2018-01-10 11:22:43.216686 [#106 dnso1tcp.pcap 4095] \ [8.8.8.8].53 [172.17.0.8].51388 \ dns QUERY,NOERROR,41808,qr|rd|ra \ 1 google.com.,IN,A \ 1 google.com.,IN,A,56,216.58.211.142 0 0 -[54] 2018-01-10 11:22:43.217042 [#107 dnso1tcp.pcap-dist 4095] \ +[54] 2018-01-10 11:22:43.217042 [#107 dnso1tcp.pcap 4095] \ [172.17.0.8].51388 [8.8.8.8].53 -[97] 2018-01-10 11:22:43.260995 [#108 dnso1tcp.pcap-dist 4095] \ +[97] 2018-01-10 11:22:43.260995 [#108 dnso1tcp.pcap 4095] \ [172.17.0.8].51388 [8.8.8.8].53 \ dns QUERY,NOERROR,18886,rd \ 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 -[197] 2018-01-10 11:22:43.265047 [#109 dnso1tcp.pcap-dist 4095] \ +[197] 2018-01-10 11:22:43.265047 [#109 dnso1tcp.pcap 4095] \ [8.8.8.8].53 [172.17.0.8].51388 \ dns QUERY,NOERROR,18886,qr|rd|ra \ 1 206.218.58.216.in-addr.arpa.,IN,PTR \ @@ -1129,24 +1129,24 @@ Enabling parse_ongoing_tcp and allow_reset_tcpstate 206.218.58.216.in-addr.arpa.,IN,PTR,21597,dfw06s47-in-f14.1e100.net. \ 206.218.58.216.in-addr.arpa.,IN,PTR,21597,dfw06s47-in-f206.1e100.net. \ 206.218.58.216.in-addr.arpa.,IN,PTR,21597,dfw06s47-in-f14.1e100.net. 0 0 -[54] 2018-01-10 11:22:43.265399 [#110 dnso1tcp.pcap-dist 4095] \ +[54] 2018-01-10 11:22:43.265399 [#110 dnso1tcp.pcap 4095] \ [172.17.0.8].51388 [8.8.8.8].53 -[80] 2018-01-10 11:22:43.310017 [#111 dnso1tcp.pcap-dist 4095] \ +[80] 2018-01-10 11:22:43.310017 [#111 dnso1tcp.pcap 4095] \ [172.17.0.8].51388 [8.8.8.8].53 \ dns QUERY,NOERROR,10624,rd \ 1 google.com.,IN,A 0 0 0 -[98] 2018-01-10 11:22:43.313596 [#112 dnso1tcp.pcap-dist 4095] \ +[98] 2018-01-10 11:22:43.313596 [#112 dnso1tcp.pcap 4095] \ [8.8.8.8].53 [172.17.0.8].51388 \ dns QUERY,NOERROR,10624,qr|rd|ra \ 1 google.com.,IN,A \ 1 google.com.,IN,A,56,216.58.211.142 0 0 -[54] 2018-01-10 11:22:43.313685 [#113 dnso1tcp.pcap-dist 4095] \ +[54] 2018-01-10 11:22:43.313685 [#113 dnso1tcp.pcap 4095] \ [172.17.0.8].51388 [8.8.8.8].53 -[97] 2018-01-10 11:22:43.356802 [#114 dnso1tcp.pcap-dist 4095] \ +[97] 2018-01-10 11:22:43.356802 [#114 dnso1tcp.pcap 4095] \ [172.17.0.8].51388 [8.8.8.8].53 \ dns QUERY,NOERROR,33139,rd \ 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 -[197] 2018-01-10 11:22:43.360685 [#115 dnso1tcp.pcap-dist 4095] \ +[197] 2018-01-10 11:22:43.360685 [#115 dnso1tcp.pcap 4095] \ [8.8.8.8].53 [172.17.0.8].51388 \ dns QUERY,NOERROR,33139,qr|rd|ra \ 1 206.218.58.216.in-addr.arpa.,IN,PTR \ @@ -1154,24 +1154,24 @@ Enabling parse_ongoing_tcp and allow_reset_tcpstate 206.218.58.216.in-addr.arpa.,IN,PTR,21597,dfw06s47-in-f14.1e100.net. \ 206.218.58.216.in-addr.arpa.,IN,PTR,21597,dfw06s47-in-f206.1e100.net. \ 206.218.58.216.in-addr.arpa.,IN,PTR,21597,dfw06s47-in-f14.1e100.net. 0 0 -[54] 2018-01-10 11:22:43.360864 [#116 dnso1tcp.pcap-dist 4095] \ +[54] 2018-01-10 11:22:43.360864 [#116 dnso1tcp.pcap 4095] \ [172.17.0.8].51388 [8.8.8.8].53 -[80] 2018-01-10 11:22:43.406308 [#117 dnso1tcp.pcap-dist 4095] \ +[80] 2018-01-10 11:22:43.406308 [#117 dnso1tcp.pcap 4095] \ [172.17.0.8].51388 [8.8.8.8].53 \ dns QUERY,NOERROR,61415,rd \ 1 google.com.,IN,A 0 0 0 -[98] 2018-01-10 11:22:43.410191 [#118 dnso1tcp.pcap-dist 4095] \ +[98] 2018-01-10 11:22:43.410191 [#118 dnso1tcp.pcap 4095] \ [8.8.8.8].53 [172.17.0.8].51388 \ dns QUERY,NOERROR,61415,qr|rd|ra \ 1 google.com.,IN,A \ 1 google.com.,IN,A,56,216.58.211.142 0 0 -[54] 2018-01-10 11:22:43.410440 [#119 dnso1tcp.pcap-dist 4095] \ +[54] 2018-01-10 11:22:43.410440 [#119 dnso1tcp.pcap 4095] \ [172.17.0.8].51388 [8.8.8.8].53 -[97] 2018-01-10 11:22:43.454193 [#120 dnso1tcp.pcap-dist 4095] \ +[97] 2018-01-10 11:22:43.454193 [#120 dnso1tcp.pcap 4095] \ [172.17.0.8].51388 [8.8.8.8].53 \ dns QUERY,NOERROR,59258,rd \ 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 -[197] 2018-01-10 11:22:43.458191 [#121 dnso1tcp.pcap-dist 4095] \ +[197] 2018-01-10 11:22:43.458191 [#121 dnso1tcp.pcap 4095] \ [8.8.8.8].53 [172.17.0.8].51388 \ dns QUERY,NOERROR,59258,qr|rd|ra \ 1 206.218.58.216.in-addr.arpa.,IN,PTR \ @@ -1179,20 +1179,20 @@ Enabling parse_ongoing_tcp and allow_reset_tcpstate 206.218.58.216.in-addr.arpa.,IN,PTR,21597,dfw06s47-in-f14.1e100.net. \ 206.218.58.216.in-addr.arpa.,IN,PTR,21597,dfw06s47-in-f206.1e100.net. \ 206.218.58.216.in-addr.arpa.,IN,PTR,21597,dfw06s47-in-f14.1e100.net. 0 0 -[54] 2018-01-10 11:22:43.458511 [#122 dnso1tcp.pcap-dist 4095] \ +[54] 2018-01-10 11:22:43.458511 [#122 dnso1tcp.pcap 4095] \ [172.17.0.8].51388 [8.8.8.8].53 -[80] 2018-01-10 11:22:43.503242 [#123 dnso1tcp.pcap-dist 4095] \ +[80] 2018-01-10 11:22:43.503242 [#123 dnso1tcp.pcap 4095] \ [172.17.0.8].51388 [8.8.8.8].53 \ dns QUERY,NOERROR,17700,rd \ 1 google.com.,IN,A 0 0 0 -[98] 2018-01-10 11:22:43.506884 [#124 dnso1tcp.pcap-dist 4095] \ +[98] 2018-01-10 11:22:43.506884 [#124 dnso1tcp.pcap 4095] \ [8.8.8.8].53 [172.17.0.8].51388 \ dns QUERY,NOERROR,17700,qr|rd|ra \ 1 google.com.,IN,A \ 1 google.com.,IN,A,56,216.58.211.142 0 0 -[52] 2018-01-10 11:22:43.507821 [#125 dnso1tcp.pcap-dist 4095] \ +[52] 2018-01-10 11:22:43.507821 [#125 dnso1tcp.pcap 4095] \ [172.17.0.8].51388 [8.8.8.8].53 -[52] 2018-01-10 11:22:43.511351 [#126 dnso1tcp.pcap-dist 4095] \ +[52] 2018-01-10 11:22:43.511351 [#126 dnso1tcp.pcap 4095] \ [8.8.8.8].53 [172.17.0.8].51388 1515583361.543825 172.17.0.8 51388 8.8.8.8 53 6 1515583361.548834 8.8.8.8 53 172.17.0.8 51388 6 @@ -1321,40 +1321,40 @@ Enabling parse_ongoing_tcp and allow_reset_tcpstate 1515583363.506884 8.8.8.8 53 172.17.0.8 51388 6 17700 0 0 |QR|RD|RA| IN A google.com. 1515583363.507821 172.17.0.8 51388 8.8.8.8 53 6 1515583363.511351 8.8.8.8 53 172.17.0.8 51388 6 -[93] 2017-12-11 13:59:04.953122 [#0 1qtcpnosyn.pcap-dist 4095] \ +[93] 2017-12-11 13:59:04.953122 [#0 1qtcpnosyn.pcap 4095] \ [172.17.0.9].48613 [8.8.8.8].53 \ dns QUERY,NOERROR,4815,rd|ad \ 1 google.com.,IN,A 0 0 \ 1 .,4096,4096,0,edns0[len=0,UDP=4096,ver=0,rcode=0,DO=0,z=0] -[109] 2017-12-11 13:59:04.956698 [#1 1qtcpnosyn.pcap-dist 4095] \ +[109] 2017-12-11 13:59:04.956698 [#1 1qtcpnosyn.pcap 4095] \ [8.8.8.8].53 [172.17.0.9].48613 \ dns QUERY,NOERROR,4815,qr|rd|ra \ 1 google.com.,IN,A \ 1 google.com.,IN,A,47,172.217.22.174 0 \ 1 .,512,512,0,edns0[len=0,UDP=512,ver=0,rcode=0,DO=0,z=0] -[52] 2017-12-11 13:59:04.957247 [#2 1qtcpnosyn.pcap-dist 4095] \ +[52] 2017-12-11 13:59:04.957247 [#2 1qtcpnosyn.pcap 4095] \ [172.17.0.9].48613 [8.8.8.8].53 -[52] 2017-12-11 13:59:04.960230 [#3 1qtcpnosyn.pcap-dist 4095] \ +[52] 2017-12-11 13:59:04.960230 [#3 1qtcpnosyn.pcap 4095] \ [8.8.8.8].53 [172.17.0.9].48613 1513000744.953122 172.17.0.9 48613 8.8.8.8 53 6 4815 0 0 |RD|AD| IN A google.com. 1513000744.956698 8.8.8.8 53 172.17.0.9 48613 6 4815 0 0 |QR|RD|RA| IN A google.com. 1513000744.957247 172.17.0.9 48613 8.8.8.8 53 6 1513000744.960230 8.8.8.8 53 172.17.0.9 48613 6 -[80] 2018-01-10 11:22:41.552406 [#0 do1t-nosyn-1nolen.pcap-dist 4095] \ +[80] 2018-01-10 11:22:41.552406 [#0 do1t-nosyn-1nolen.pcap 4095] \ [172.17.0.8].51388 [8.8.8.8].53 \ dns Label length overflow -[98] 2018-01-10 11:22:41.555912 [#1 do1t-nosyn-1nolen.pcap-dist 4095] \ +[98] 2018-01-10 11:22:41.555912 [#1 do1t-nosyn-1nolen.pcap 4095] \ [8.8.8.8].53 [172.17.0.8].51388 \ dns QUERY,NOERROR,59311,qr|rd|ra \ 1 google.com.,IN,A \ 1 google.com.,IN,A,58,216.58.211.142 0 0 -[54] 2018-01-10 11:22:41.556032 [#2 do1t-nosyn-1nolen.pcap-dist 4095] \ +[54] 2018-01-10 11:22:41.556032 [#2 do1t-nosyn-1nolen.pcap 4095] \ [172.17.0.8].51388 [8.8.8.8].53 -[97] 2018-01-10 11:22:41.600183 [#3 do1t-nosyn-1nolen.pcap-dist 4095] \ +[97] 2018-01-10 11:22:41.600183 [#3 do1t-nosyn-1nolen.pcap 4095] \ [172.17.0.8].51388 [8.8.8.8].53 \ dns QUERY,NOERROR,35665,rd \ 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 -[197] 2018-01-10 11:22:41.616460 [#4 do1t-nosyn-1nolen.pcap-dist 4095] \ +[197] 2018-01-10 11:22:41.616460 [#4 do1t-nosyn-1nolen.pcap 4095] \ [8.8.8.8].53 [172.17.0.8].51388 \ dns QUERY,NOERROR,35665,qr|rd|ra \ 1 206.218.58.216.in-addr.arpa.,IN,PTR \ @@ -1367,39 +1367,39 @@ Enabling parse_ongoing_tcp and allow_reset_tcpstate 1515583361.556032 172.17.0.8 51388 8.8.8.8 53 6 1515583361.600183 172.17.0.8 51388 8.8.8.8 53 6 35665 0 0 |RD| IN PTR 206.218.58.216.in-addr.arpa. 1515583361.616460 8.8.8.8 53 172.17.0.8 51388 6 35665 0 0 |QR|RD|RA| IN PTR 206.218.58.216.in-addr.arpa. -[60] 2018-01-10 11:22:41.543825 [#0 dnso1tcp-midmiss.pcap-dist 4095] \ +[60] 2018-01-10 11:22:41.543825 [#0 dnso1tcp-midmiss.pcap 4095] \ [172.17.0.8].51388 [8.8.8.8].53 -[60] 2018-01-10 11:22:41.548834 [#1 dnso1tcp-midmiss.pcap-dist 4095] \ +[60] 2018-01-10 11:22:41.548834 [#1 dnso1tcp-midmiss.pcap 4095] \ [8.8.8.8].53 [172.17.0.8].51388 -[54] 2018-01-10 11:22:41.548947 [#2 dnso1tcp-midmiss.pcap-dist 4095] \ +[54] 2018-01-10 11:22:41.548947 [#2 dnso1tcp-midmiss.pcap 4095] \ [172.17.0.8].51388 [8.8.8.8].53 -[80] 2018-01-10 11:22:41.552406 [#3 dnso1tcp-midmiss.pcap-dist 4095] \ +[80] 2018-01-10 11:22:41.552406 [#3 dnso1tcp-midmiss.pcap 4095] \ [172.17.0.8].51388 [8.8.8.8].53 \ dns QUERY,NOERROR,59311,rd \ 1 google.com.,IN,A 0 0 0 -[98] 2018-01-10 11:22:41.555912 [#4 dnso1tcp-midmiss.pcap-dist 4095] \ +[98] 2018-01-10 11:22:41.555912 [#4 dnso1tcp-midmiss.pcap 4095] \ [8.8.8.8].53 [172.17.0.8].51388 \ dns QUERY,NOERROR,59311,qr|rd|ra \ 1 google.com.,IN,A \ 1 google.com.,IN,A,58,216.58.211.142 0 0 -[54] 2018-01-10 11:22:41.556032 [#5 dnso1tcp-midmiss.pcap-dist 4095] \ +[54] 2018-01-10 11:22:41.556032 [#5 dnso1tcp-midmiss.pcap 4095] \ [172.17.0.8].51388 [8.8.8.8].53 -[97] 2018-01-10 11:22:41.600183 [#6 dnso1tcp-midmiss.pcap-dist 4095] \ +[97] 2018-01-10 11:22:41.600183 [#6 dnso1tcp-midmiss.pcap 4095] \ [172.17.0.8].51388 [8.8.8.8].53 \ dns QUERY,NOERROR,35665,rd \ 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 -[98] 2018-01-10 11:22:41.663576 [#7 dnso1tcp-midmiss.pcap-dist 4095] \ +[98] 2018-01-10 11:22:41.663576 [#7 dnso1tcp-midmiss.pcap 4095] \ [8.8.8.8].53 [172.17.0.8].51388 \ dns QUERY,NOERROR,5337,qr|rd|ra \ 1 google.com.,IN,A \ 1 google.com.,IN,A,58,216.58.211.142 0 0 -[54] 2018-01-10 11:22:41.663734 [#8 dnso1tcp-midmiss.pcap-dist 4095] \ +[54] 2018-01-10 11:22:41.663734 [#8 dnso1tcp-midmiss.pcap 4095] \ [172.17.0.8].51388 [8.8.8.8].53 -[80] 2018-01-10 11:22:41.706183 [#9 dnso1tcp-midmiss.pcap-dist 4095] \ +[80] 2018-01-10 11:22:41.706183 [#9 dnso1tcp-midmiss.pcap 4095] \ [172.17.0.8].51388 [8.8.8.8].53 \ dns QUERY,NOERROR,22982,rd \ 1 google.com.,IN,A 0 0 0 -[98] 2018-01-10 11:22:41.709680 [#10 dnso1tcp-midmiss.pcap-dist 4095] \ +[98] 2018-01-10 11:22:41.709680 [#10 dnso1tcp-midmiss.pcap 4095] \ [8.8.8.8].53 [172.17.0.8].51388 \ dns QUERY,NOERROR,22982,qr|rd|ra \ 1 google.com.,IN,A \ diff --git a/src/test/test7.sh b/src/test/test7.sh index 6c9a4ec9..cdad698d 100755 --- a/src/test/test7.sh +++ b/src/test/test7.sh @@ -4,7 +4,9 @@ txtout="../../plugins/txtout/.libs/txtout.so" rm -f test7.out test7.layer.out -for what in dnso1tcp.pcap-dist 1qtcpnosyn.pcap-dist do1t-nosyn-1nolen.pcap-dist dnso1tcp-midmiss.pcap-dist; do +for what in dnso1tcp.pcap 1qtcpnosyn.pcap do1t-nosyn-1nolen.pcap dnso1tcp-midmiss.pcap; do + test -e "$what" || ln -s "$srcdir/$what" "$what" + ../dnscap -r "$what" -g -T 2>>test7.out ../dnscap -r "$what" -g -T -o use_layers=yes 2>>test7.layer.out if [ -f "$txtout" ]; then @@ -20,7 +22,9 @@ echo "" >>test7.layer.out echo "Enabling parse_ongoing_tcp and allow_reset_tcpstate" >>test7.layer.out echo "" >>test7.layer.out -for what in dnso1tcp.pcap-dist 1qtcpnosyn.pcap-dist do1t-nosyn-1nolen.pcap-dist dnso1tcp-midmiss.pcap-dist; do +for what in dnso1tcp.pcap 1qtcpnosyn.pcap do1t-nosyn-1nolen.pcap dnso1tcp-midmiss.pcap; do + test -e "$what" || ln -s "$srcdir/$what" "$what" + ../dnscap -r "$what" -g -T -o parse_ongoing_tcp=yes -o allow_reset_tcpstate=yes 2>>test7.out ../dnscap -r "$what" -g -T -o parse_ongoing_tcp=yes -o allow_reset_tcpstate=yes -o use_layers=yes 2>>test7.layer.out if [ -f "$txtout" ]; then diff --git a/src/test/test8.gold b/src/test/test8.gold index a4196e45..bd116f61 100644 --- a/src/test/test8.gold +++ b/src/test/test8.gold @@ -1,69 +1,69 @@ -[60] 2017-12-11 13:59:04.949707 [#0 dnsotcp-many1pkt.pcap-dist 4095] \ +[60] 2017-12-11 13:59:04.949707 [#0 dnsotcp-many1pkt.pcap 4095] \ [172.17.0.9].48613 [8.8.8.8].53 -[60] 2017-12-11 13:59:04.953026 [#1 dnsotcp-many1pkt.pcap-dist 4095] \ +[60] 2017-12-11 13:59:04.953026 [#1 dnsotcp-many1pkt.pcap 4095] \ [8.8.8.8].53 [172.17.0.9].48613 -[142] 2017-12-11 13:59:04.953122 [#2 dnsotcp-many1pkt.pcap-dist 4095] \ +[142] 2017-12-11 13:59:04.953122 [#2 dnsotcp-many1pkt.pcap 4095] \ [172.17.0.9].48613 [8.8.8.8].53 \ dns QUERY,NOERROR,59311,rd \ 1 google.com.,IN,A 0 0 0 -[142] 2017-12-11 13:59:04.953122 [#2 dnsotcp-many1pkt.pcap-dist 4095] \ +[142] 2017-12-11 13:59:04.953122 [#2 dnsotcp-many1pkt.pcap 4095] \ [172.17.0.9].48613 [8.8.8.8].53 \ dns QUERY,NOERROR,59311,rd \ 1 google.com.,IN,A 0 0 0 -[142] 2017-12-11 13:59:04.953122 [#2 dnsotcp-many1pkt.pcap-dist 4095] \ +[142] 2017-12-11 13:59:04.953122 [#2 dnsotcp-many1pkt.pcap 4095] \ [172.17.0.9].48613 [8.8.8.8].53 \ dns QUERY,NOERROR,59311,rd \ 1 google.com.,IN,A 0 0 0 -[109] 2017-12-11 13:59:04.956698 [#5 dnsotcp-many1pkt.pcap-dist 4095] \ +[109] 2017-12-11 13:59:04.956698 [#5 dnsotcp-many1pkt.pcap 4095] \ [8.8.8.8].53 [172.17.0.9].48613 \ dns QUERY,NOERROR,4815,qr|rd|ra \ 1 google.com.,IN,A \ 1 google.com.,IN,A,47,172.217.22.174 0 \ 1 .,512,512,0,edns0[len=0,UDP=512,ver=0,rcode=0,DO=0,z=0] -[52] 2017-12-11 13:59:04.957247 [#6 dnsotcp-many1pkt.pcap-dist 4095] \ +[52] 2017-12-11 13:59:04.957247 [#6 dnsotcp-many1pkt.pcap 4095] \ [172.17.0.9].48613 [8.8.8.8].53 -[52] 2017-12-11 13:59:04.960230 [#7 dnsotcp-many1pkt.pcap-dist 4095] \ +[52] 2017-12-11 13:59:04.960230 [#7 dnsotcp-many1pkt.pcap 4095] \ [8.8.8.8].53 [172.17.0.9].48613 -[60] 2018-01-10 11:22:41.543825 [#0 dnsotcp-manyopkts.pcap-dist 4095] \ +[60] 2018-01-10 11:22:41.543825 [#0 dnsotcp-manyopkts.pcap 4095] \ [172.17.0.8].51388 [8.8.8.8].53 -[60] 2018-01-10 11:22:41.548834 [#1 dnsotcp-manyopkts.pcap-dist 4095] \ +[60] 2018-01-10 11:22:41.548834 [#1 dnsotcp-manyopkts.pcap 4095] \ [8.8.8.8].53 [172.17.0.8].51388 -[97] 2018-01-10 11:22:41.548947 [#2 dnsotcp-manyopkts.pcap-dist 4095] \ +[97] 2018-01-10 11:22:41.548947 [#2 dnsotcp-manyopkts.pcap 4095] \ [172.17.0.8].51388 [8.8.8.8].53 \ dns QUERY,NOERROR,59311,rd \ 1 google.com.,IN,A 0 0 0 -[97] 2018-01-10 11:22:41.552406 [#3 dnsotcp-manyopkts.pcap-dist 4095] \ +[97] 2018-01-10 11:22:41.552406 [#3 dnsotcp-manyopkts.pcap 4095] \ [172.17.0.8].51388 [8.8.8.8].53 -[97] 2018-01-10 11:22:41.552406 [#3 dnsotcp-manyopkts.pcap-dist 4095] \ +[97] 2018-01-10 11:22:41.552406 [#3 dnsotcp-manyopkts.pcap 4095] \ [172.17.0.8].51388 [8.8.8.8].53 \ dns QUERY,NOERROR,59311,rd \ 1 google.com.,IN,A 0 0 0 -[97] 2018-01-10 11:22:41.552406 [#3 dnsotcp-manyopkts.pcap-dist 4095] \ +[97] 2018-01-10 11:22:41.552406 [#3 dnsotcp-manyopkts.pcap 4095] \ [172.17.0.8].51388 [8.8.8.8].53 \ dns QUERY,NOERROR,59311,rd \ 1 google.com.,IN,A 0 0 0 -[60] 2018-01-10 11:22:41.543825 [#0 dnso1tcp-bighole.pcap-dist 4095] \ +[60] 2018-01-10 11:22:41.543825 [#0 dnso1tcp-bighole.pcap 4095] \ [172.17.0.8].51388 [8.8.8.8].53 -[60] 2018-01-10 11:22:41.548834 [#1 dnso1tcp-bighole.pcap-dist 4095] \ +[60] 2018-01-10 11:22:41.548834 [#1 dnso1tcp-bighole.pcap 4095] \ [8.8.8.8].53 [172.17.0.8].51388 -[80] 2018-01-10 11:22:41.552406 [#2 dnso1tcp-bighole.pcap-dist 4095] \ +[80] 2018-01-10 11:22:41.552406 [#2 dnso1tcp-bighole.pcap 4095] \ [172.17.0.8].51388 [8.8.8.8].53 -[80] 2018-01-10 11:22:41.552406 [#2 dnso1tcp-bighole.pcap-dist 4095] \ +[80] 2018-01-10 11:22:41.552406 [#2 dnso1tcp-bighole.pcap 4095] \ [172.17.0.8].51388 [8.8.8.8].53 \ dns QUERY,NOERROR,59311,rd \ 1 google.com.,IN,A 0 0 0 -[98] 2018-01-10 11:22:41.555912 [#4 dnso1tcp-bighole.pcap-dist 4095] \ +[98] 2018-01-10 11:22:41.555912 [#4 dnso1tcp-bighole.pcap 4095] \ [8.8.8.8].53 [172.17.0.8].51388 \ dns QUERY,NOERROR,59311,qr|rd|ra \ 1 google.com.,IN,A \ 1 google.com.,IN,A,58,216.58.211.142 0 0 -[97] 2018-01-10 11:22:41.600183 [#5 dnso1tcp-bighole.pcap-dist 4095] \ +[97] 2018-01-10 11:22:41.600183 [#5 dnso1tcp-bighole.pcap 4095] \ [172.17.0.8].51388 [8.8.8.8].53 -[97] 2018-01-10 11:22:41.600183 [#5 dnso1tcp-bighole.pcap-dist 4095] \ +[97] 2018-01-10 11:22:41.600183 [#5 dnso1tcp-bighole.pcap 4095] \ [172.17.0.8].51388 [8.8.8.8].53 \ dns QUERY,NOERROR,35665,rd \ 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 -[197] 2018-01-10 11:22:41.616460 [#7 dnso1tcp-bighole.pcap-dist 4095] \ +[197] 2018-01-10 11:22:41.616460 [#7 dnso1tcp-bighole.pcap 4095] \ [8.8.8.8].53 [172.17.0.8].51388 \ dns QUERY,NOERROR,35665,qr|rd|ra \ 1 206.218.58.216.in-addr.arpa.,IN,PTR \ @@ -71,43 +71,43 @@ 206.218.58.216.in-addr.arpa.,IN,PTR,21599,dfw06s47-in-f14.1e100.net. \ 206.218.58.216.in-addr.arpa.,IN,PTR,21599,dfw06s47-in-f206.1e100.net. \ 206.218.58.216.in-addr.arpa.,IN,PTR,21599,dfw06s47-in-f14.1e100.net. 0 0 -[80] 2018-01-10 11:22:41.659921 [#8 dnso1tcp-bighole.pcap-dist 4095] \ +[80] 2018-01-10 11:22:41.659921 [#8 dnso1tcp-bighole.pcap 4095] \ [172.17.0.8].51388 [8.8.8.8].53 -[80] 2018-01-10 11:22:41.659921 [#8 dnso1tcp-bighole.pcap-dist 4095] \ +[80] 2018-01-10 11:22:41.659921 [#8 dnso1tcp-bighole.pcap 4095] \ [172.17.0.8].51388 [8.8.8.8].53 \ dns QUERY,NOERROR,5337,rd \ 1 google.com.,IN,A 0 0 0 -[97] 2018-01-10 11:22:42.047148 [#10 dnso1tcp-bighole.pcap-dist 4095] \ +[97] 2018-01-10 11:22:42.047148 [#10 dnso1tcp-bighole.pcap 4095] \ [172.17.0.8].51388 [8.8.8.8].53 -[97] 2018-01-10 11:22:42.047148 [#10 dnso1tcp-bighole.pcap-dist 4095] \ +[97] 2018-01-10 11:22:42.047148 [#10 dnso1tcp-bighole.pcap 4095] \ [172.17.0.8].51388 [8.8.8.8].53 \ dns QUERY,NOERROR,25433,rd \ 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 -[80] 2018-01-10 11:22:42.097899 [#12 dnso1tcp-bighole.pcap-dist 4095] \ +[80] 2018-01-10 11:22:42.097899 [#12 dnso1tcp-bighole.pcap 4095] \ [172.17.0.8].51388 [8.8.8.8].53 -[80] 2018-01-10 11:22:42.097899 [#12 dnso1tcp-bighole.pcap-dist 4095] \ +[80] 2018-01-10 11:22:42.097899 [#12 dnso1tcp-bighole.pcap 4095] \ [172.17.0.8].51388 [8.8.8.8].53 \ dns QUERY,NOERROR,63798,rd \ 1 google.com.,IN,A 0 0 0 -[97] 2018-01-10 11:22:42.145005 [#14 dnso1tcp-bighole.pcap-dist 4095] \ +[97] 2018-01-10 11:22:42.145005 [#14 dnso1tcp-bighole.pcap 4095] \ [172.17.0.8].51388 [8.8.8.8].53 -[97] 2018-01-10 11:22:42.145005 [#14 dnso1tcp-bighole.pcap-dist 4095] \ +[97] 2018-01-10 11:22:42.145005 [#14 dnso1tcp-bighole.pcap 4095] \ [172.17.0.8].51388 [8.8.8.8].53 \ dns QUERY,NOERROR,8470,rd \ 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 -[80] 2018-01-10 11:22:42.192777 [#16 dnso1tcp-bighole.pcap-dist 4095] \ +[80] 2018-01-10 11:22:42.192777 [#16 dnso1tcp-bighole.pcap 4095] \ [172.17.0.8].51388 [8.8.8.8].53 -[80] 2018-01-10 11:22:42.192777 [#16 dnso1tcp-bighole.pcap-dist 4095] \ +[80] 2018-01-10 11:22:42.192777 [#16 dnso1tcp-bighole.pcap 4095] \ [172.17.0.8].51388 [8.8.8.8].53 \ dns QUERY,NOERROR,60258,rd \ 1 google.com.,IN,A 0 0 0 -[97] 2018-01-10 11:22:42.240395 [#18 dnso1tcp-bighole.pcap-dist 4095] \ +[97] 2018-01-10 11:22:42.240395 [#18 dnso1tcp-bighole.pcap 4095] \ [172.17.0.8].51388 [8.8.8.8].53 -[97] 2018-01-10 11:22:42.240395 [#18 dnso1tcp-bighole.pcap-dist 4095] \ +[97] 2018-01-10 11:22:42.240395 [#18 dnso1tcp-bighole.pcap 4095] \ [172.17.0.8].51388 [8.8.8.8].53 \ dns QUERY,NOERROR,44985,rd \ 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 -[197] 2018-01-10 11:22:42.245103 [#20 dnso1tcp-bighole.pcap-dist 4095] \ +[197] 2018-01-10 11:22:42.245103 [#20 dnso1tcp-bighole.pcap 4095] \ [8.8.8.8].53 [172.17.0.8].51388 \ dns QUERY,NOERROR,44985,qr|rd|ra \ 1 206.218.58.216.in-addr.arpa.,IN,PTR \ @@ -115,24 +115,24 @@ 206.218.58.216.in-addr.arpa.,IN,PTR,21598,dfw06s47-in-f14.1e100.net. \ 206.218.58.216.in-addr.arpa.,IN,PTR,21598,dfw06s47-in-f206.1e100.net. \ 206.218.58.216.in-addr.arpa.,IN,PTR,21598,dfw06s47-in-f14.1e100.net. 0 0 -[80] 2018-01-10 11:22:42.290257 [#21 dnso1tcp-bighole.pcap-dist 4095] \ +[80] 2018-01-10 11:22:42.290257 [#21 dnso1tcp-bighole.pcap 4095] \ [172.17.0.8].51388 [8.8.8.8].53 -[80] 2018-01-10 11:22:42.290257 [#21 dnso1tcp-bighole.pcap-dist 4095] \ +[80] 2018-01-10 11:22:42.290257 [#21 dnso1tcp-bighole.pcap 4095] \ [172.17.0.8].51388 [8.8.8.8].53 \ dns QUERY,NOERROR,45512,rd \ 1 google.com.,IN,A 0 0 0 -[98] 2018-01-10 11:22:42.293978 [#23 dnso1tcp-bighole.pcap-dist 4095] \ +[98] 2018-01-10 11:22:42.293978 [#23 dnso1tcp-bighole.pcap 4095] \ [8.8.8.8].53 [172.17.0.8].51388 \ dns QUERY,NOERROR,45512,qr|rd|ra \ 1 google.com.,IN,A \ 1 google.com.,IN,A,57,216.58.211.142 0 0 -[97] 2018-01-10 11:22:42.337985 [#24 dnso1tcp-bighole.pcap-dist 4095] \ +[97] 2018-01-10 11:22:42.337985 [#24 dnso1tcp-bighole.pcap 4095] \ [172.17.0.8].51388 [8.8.8.8].53 -[97] 2018-01-10 11:22:42.337985 [#24 dnso1tcp-bighole.pcap-dist 4095] \ +[97] 2018-01-10 11:22:42.337985 [#24 dnso1tcp-bighole.pcap 4095] \ [172.17.0.8].51388 [8.8.8.8].53 \ dns QUERY,NOERROR,22980,rd \ 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 -[197] 2018-01-10 11:22:42.341559 [#26 dnso1tcp-bighole.pcap-dist 4095] \ +[197] 2018-01-10 11:22:42.341559 [#26 dnso1tcp-bighole.pcap 4095] \ [8.8.8.8].53 [172.17.0.8].51388 \ dns QUERY,NOERROR,22980,qr|rd|ra \ 1 206.218.58.216.in-addr.arpa.,IN,PTR \ @@ -140,24 +140,24 @@ 206.218.58.216.in-addr.arpa.,IN,PTR,21598,dfw06s47-in-f14.1e100.net. \ 206.218.58.216.in-addr.arpa.,IN,PTR,21598,dfw06s47-in-f206.1e100.net. \ 206.218.58.216.in-addr.arpa.,IN,PTR,21598,dfw06s47-in-f14.1e100.net. 0 0 -[80] 2018-01-10 11:22:42.385009 [#27 dnso1tcp-bighole.pcap-dist 4095] \ +[80] 2018-01-10 11:22:42.385009 [#27 dnso1tcp-bighole.pcap 4095] \ [172.17.0.8].51388 [8.8.8.8].53 -[80] 2018-01-10 11:22:42.385009 [#27 dnso1tcp-bighole.pcap-dist 4095] \ +[80] 2018-01-10 11:22:42.385009 [#27 dnso1tcp-bighole.pcap 4095] \ [172.17.0.8].51388 [8.8.8.8].53 \ dns QUERY,NOERROR,1834,rd \ 1 google.com.,IN,A 0 0 0 -[98] 2018-01-10 11:22:42.389082 [#29 dnso1tcp-bighole.pcap-dist 4095] \ +[98] 2018-01-10 11:22:42.389082 [#29 dnso1tcp-bighole.pcap 4095] \ [8.8.8.8].53 [172.17.0.8].51388 \ dns QUERY,NOERROR,1834,qr|rd|ra \ 1 google.com.,IN,A \ 1 google.com.,IN,A,57,216.58.211.142 0 0 -[97] 2018-01-10 11:22:42.433458 [#30 dnso1tcp-bighole.pcap-dist 4095] \ +[97] 2018-01-10 11:22:42.433458 [#30 dnso1tcp-bighole.pcap 4095] \ [172.17.0.8].51388 [8.8.8.8].53 -[97] 2018-01-10 11:22:42.433458 [#30 dnso1tcp-bighole.pcap-dist 4095] \ +[97] 2018-01-10 11:22:42.433458 [#30 dnso1tcp-bighole.pcap 4095] \ [172.17.0.8].51388 [8.8.8.8].53 \ dns QUERY,NOERROR,25431,rd \ 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 -[197] 2018-01-10 11:22:42.438748 [#32 dnso1tcp-bighole.pcap-dist 4095] \ +[197] 2018-01-10 11:22:42.438748 [#32 dnso1tcp-bighole.pcap 4095] \ [8.8.8.8].53 [172.17.0.8].51388 \ dns QUERY,NOERROR,25431,qr|rd|ra \ 1 206.218.58.216.in-addr.arpa.,IN,PTR \ @@ -165,24 +165,24 @@ 206.218.58.216.in-addr.arpa.,IN,PTR,21598,dfw06s47-in-f14.1e100.net. \ 206.218.58.216.in-addr.arpa.,IN,PTR,21598,dfw06s47-in-f206.1e100.net. \ 206.218.58.216.in-addr.arpa.,IN,PTR,21598,dfw06s47-in-f14.1e100.net. 0 0 -[80] 2018-01-10 11:22:42.484005 [#33 dnso1tcp-bighole.pcap-dist 4095] \ +[80] 2018-01-10 11:22:42.484005 [#33 dnso1tcp-bighole.pcap 4095] \ [172.17.0.8].51388 [8.8.8.8].53 -[80] 2018-01-10 11:22:42.484005 [#33 dnso1tcp-bighole.pcap-dist 4095] \ +[80] 2018-01-10 11:22:42.484005 [#33 dnso1tcp-bighole.pcap 4095] \ [172.17.0.8].51388 [8.8.8.8].53 \ dns QUERY,NOERROR,48432,rd \ 1 google.com.,IN,A 0 0 0 -[98] 2018-01-10 11:22:42.487697 [#35 dnso1tcp-bighole.pcap-dist 4095] \ +[98] 2018-01-10 11:22:42.487697 [#35 dnso1tcp-bighole.pcap 4095] \ [8.8.8.8].53 [172.17.0.8].51388 \ dns QUERY,NOERROR,48432,qr|rd|ra \ 1 google.com.,IN,A \ 1 google.com.,IN,A,57,216.58.211.142 0 0 -[97] 2018-01-10 11:22:42.532414 [#36 dnso1tcp-bighole.pcap-dist 4095] \ +[97] 2018-01-10 11:22:42.532414 [#36 dnso1tcp-bighole.pcap 4095] \ [172.17.0.8].51388 [8.8.8.8].53 -[97] 2018-01-10 11:22:42.532414 [#36 dnso1tcp-bighole.pcap-dist 4095] \ +[97] 2018-01-10 11:22:42.532414 [#36 dnso1tcp-bighole.pcap 4095] \ [172.17.0.8].51388 [8.8.8.8].53 \ dns QUERY,NOERROR,47411,rd \ 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 -[197] 2018-01-10 11:22:42.537574 [#38 dnso1tcp-bighole.pcap-dist 4095] \ +[197] 2018-01-10 11:22:42.537574 [#38 dnso1tcp-bighole.pcap 4095] \ [8.8.8.8].53 [172.17.0.8].51388 \ dns QUERY,NOERROR,47411,qr|rd|ra \ 1 206.218.58.216.in-addr.arpa.,IN,PTR \ @@ -190,57 +190,57 @@ 206.218.58.216.in-addr.arpa.,IN,PTR,21598,dfw06s47-in-f14.1e100.net. \ 206.218.58.216.in-addr.arpa.,IN,PTR,21598,dfw06s47-in-f206.1e100.net. \ 206.218.58.216.in-addr.arpa.,IN,PTR,21598,dfw06s47-in-f14.1e100.net. 0 0 -[80] 2018-01-10 11:22:42.583021 [#39 dnso1tcp-bighole.pcap-dist 4095] \ +[80] 2018-01-10 11:22:42.583021 [#39 dnso1tcp-bighole.pcap 4095] \ [172.17.0.8].51388 [8.8.8.8].53 -[80] 2018-01-10 11:22:42.583021 [#39 dnso1tcp-bighole.pcap-dist 4095] \ +[80] 2018-01-10 11:22:42.583021 [#39 dnso1tcp-bighole.pcap 4095] \ [172.17.0.8].51388 [8.8.8.8].53 \ dns QUERY,NOERROR,12038,rd \ 1 google.com.,IN,A 0 0 0 -[98] 2018-01-10 11:22:42.586898 [#41 dnso1tcp-bighole.pcap-dist 4095] \ +[98] 2018-01-10 11:22:42.586898 [#41 dnso1tcp-bighole.pcap 4095] \ [8.8.8.8].53 [172.17.0.8].51388 \ dns QUERY,NOERROR,12038,qr|rd|ra \ 1 google.com.,IN,A \ 1 google.com.,IN,A,57,216.58.211.142 0 0 -[80] 2018-01-10 11:22:42.630221 [#42 dnso1tcp-bighole.pcap-dist 4095] \ +[80] 2018-01-10 11:22:42.630221 [#42 dnso1tcp-bighole.pcap 4095] \ [172.17.0.8].51388 [8.8.8.8].53 -[80] 2018-01-10 11:22:42.630221 [#42 dnso1tcp-bighole.pcap-dist 4095] \ +[80] 2018-01-10 11:22:42.630221 [#42 dnso1tcp-bighole.pcap 4095] \ [172.17.0.8].51388 [8.8.8.8].53 \ dns QUERY,NOERROR,11614,rd \ 1 google.com.,IN,A 0 0 0 -[98] 2018-01-10 11:22:42.633808 [#44 dnso1tcp-bighole.pcap-dist 4095] \ +[98] 2018-01-10 11:22:42.633808 [#44 dnso1tcp-bighole.pcap 4095] \ [8.8.8.8].53 [172.17.0.8].51388 \ dns QUERY,NOERROR,11614,qr|rd|ra \ 1 google.com.,IN,A \ 1 google.com.,IN,A,57,216.58.211.142 0 0 -[80] 2018-01-10 11:22:42.679168 [#45 dnso1tcp-bighole.pcap-dist 4095] \ +[80] 2018-01-10 11:22:42.679168 [#45 dnso1tcp-bighole.pcap 4095] \ [172.17.0.8].51388 [8.8.8.8].53 -[80] 2018-01-10 11:22:42.679168 [#45 dnso1tcp-bighole.pcap-dist 4095] \ +[80] 2018-01-10 11:22:42.679168 [#45 dnso1tcp-bighole.pcap 4095] \ [172.17.0.8].51388 [8.8.8.8].53 \ dns QUERY,NOERROR,59173,rd \ 1 google.com.,IN,A 0 0 0 -[98] 2018-01-10 11:22:42.682888 [#47 dnso1tcp-bighole.pcap-dist 4095] \ +[98] 2018-01-10 11:22:42.682888 [#47 dnso1tcp-bighole.pcap 4095] \ [8.8.8.8].53 [172.17.0.8].51388 \ dns QUERY,NOERROR,59173,qr|rd|ra \ 1 google.com.,IN,A \ 1 google.com.,IN,A,57,216.58.211.142 0 0 -[80] 2018-01-10 11:22:42.727254 [#48 dnso1tcp-bighole.pcap-dist 4095] \ +[80] 2018-01-10 11:22:42.727254 [#48 dnso1tcp-bighole.pcap 4095] \ [172.17.0.8].51388 [8.8.8.8].53 -[80] 2018-01-10 11:22:42.727254 [#48 dnso1tcp-bighole.pcap-dist 4095] \ +[80] 2018-01-10 11:22:42.727254 [#48 dnso1tcp-bighole.pcap 4095] \ [172.17.0.8].51388 [8.8.8.8].53 \ dns QUERY,NOERROR,45535,rd \ 1 google.com.,IN,A 0 0 0 -[98] 2018-01-10 11:22:42.732703 [#50 dnso1tcp-bighole.pcap-dist 4095] \ +[98] 2018-01-10 11:22:42.732703 [#50 dnso1tcp-bighole.pcap 4095] \ [8.8.8.8].53 [172.17.0.8].51388 \ dns QUERY,NOERROR,45535,qr|rd|ra \ 1 google.com.,IN,A \ 1 google.com.,IN,A,57,216.58.211.142 0 0 -[97] 2018-01-10 11:22:42.777184 [#51 dnso1tcp-bighole.pcap-dist 4095] \ +[97] 2018-01-10 11:22:42.777184 [#51 dnso1tcp-bighole.pcap 4095] \ [172.17.0.8].51388 [8.8.8.8].53 -[97] 2018-01-10 11:22:42.777184 [#51 dnso1tcp-bighole.pcap-dist 4095] \ +[97] 2018-01-10 11:22:42.777184 [#51 dnso1tcp-bighole.pcap 4095] \ [172.17.0.8].51388 [8.8.8.8].53 \ dns QUERY,NOERROR,60808,rd \ 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 -[197] 2018-01-10 11:22:42.781053 [#53 dnso1tcp-bighole.pcap-dist 4095] \ +[197] 2018-01-10 11:22:42.781053 [#53 dnso1tcp-bighole.pcap 4095] \ [8.8.8.8].53 [172.17.0.8].51388 \ dns QUERY,NOERROR,60808,qr|rd|ra \ 1 206.218.58.216.in-addr.arpa.,IN,PTR \ @@ -248,24 +248,24 @@ 206.218.58.216.in-addr.arpa.,IN,PTR,21598,dfw06s47-in-f14.1e100.net. \ 206.218.58.216.in-addr.arpa.,IN,PTR,21598,dfw06s47-in-f206.1e100.net. \ 206.218.58.216.in-addr.arpa.,IN,PTR,21598,dfw06s47-in-f14.1e100.net. 0 0 -[80] 2018-01-10 11:22:42.824222 [#54 dnso1tcp-bighole.pcap-dist 4095] \ +[80] 2018-01-10 11:22:42.824222 [#54 dnso1tcp-bighole.pcap 4095] \ [172.17.0.8].51388 [8.8.8.8].53 -[80] 2018-01-10 11:22:42.824222 [#54 dnso1tcp-bighole.pcap-dist 4095] \ +[80] 2018-01-10 11:22:42.824222 [#54 dnso1tcp-bighole.pcap 4095] \ [172.17.0.8].51388 [8.8.8.8].53 \ dns QUERY,NOERROR,64325,rd \ 1 google.com.,IN,A 0 0 0 -[98] 2018-01-10 11:22:42.828050 [#56 dnso1tcp-bighole.pcap-dist 4095] \ +[98] 2018-01-10 11:22:42.828050 [#56 dnso1tcp-bighole.pcap 4095] \ [8.8.8.8].53 [172.17.0.8].51388 \ dns QUERY,NOERROR,64325,qr|rd|ra \ 1 google.com.,IN,A \ 1 google.com.,IN,A,57,216.58.211.142 0 0 -[97] 2018-01-10 11:22:42.872186 [#57 dnso1tcp-bighole.pcap-dist 4095] \ +[97] 2018-01-10 11:22:42.872186 [#57 dnso1tcp-bighole.pcap 4095] \ [172.17.0.8].51388 [8.8.8.8].53 -[97] 2018-01-10 11:22:42.872186 [#57 dnso1tcp-bighole.pcap-dist 4095] \ +[97] 2018-01-10 11:22:42.872186 [#57 dnso1tcp-bighole.pcap 4095] \ [172.17.0.8].51388 [8.8.8.8].53 \ dns QUERY,NOERROR,25543,rd \ 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 -[197] 2018-01-10 11:22:42.875911 [#59 dnso1tcp-bighole.pcap-dist 4095] \ +[197] 2018-01-10 11:22:42.875911 [#59 dnso1tcp-bighole.pcap 4095] \ [8.8.8.8].53 [172.17.0.8].51388 \ dns QUERY,NOERROR,25543,qr|rd|ra \ 1 206.218.58.216.in-addr.arpa.,IN,PTR \ @@ -273,24 +273,24 @@ 206.218.58.216.in-addr.arpa.,IN,PTR,21598,dfw06s47-in-f14.1e100.net. \ 206.218.58.216.in-addr.arpa.,IN,PTR,21598,dfw06s47-in-f206.1e100.net. \ 206.218.58.216.in-addr.arpa.,IN,PTR,21598,dfw06s47-in-f14.1e100.net. 0 0 -[80] 2018-01-10 11:22:42.920231 [#60 dnso1tcp-bighole.pcap-dist 4095] \ +[80] 2018-01-10 11:22:42.920231 [#60 dnso1tcp-bighole.pcap 4095] \ [172.17.0.8].51388 [8.8.8.8].53 -[80] 2018-01-10 11:22:42.920231 [#60 dnso1tcp-bighole.pcap-dist 4095] \ +[80] 2018-01-10 11:22:42.920231 [#60 dnso1tcp-bighole.pcap 4095] \ [172.17.0.8].51388 [8.8.8.8].53 \ dns QUERY,NOERROR,20736,rd \ 1 google.com.,IN,A 0 0 0 -[98] 2018-01-10 11:22:42.923917 [#62 dnso1tcp-bighole.pcap-dist 4095] \ +[98] 2018-01-10 11:22:42.923917 [#62 dnso1tcp-bighole.pcap 4095] \ [8.8.8.8].53 [172.17.0.8].51388 \ dns QUERY,NOERROR,20736,qr|rd|ra \ 1 google.com.,IN,A \ 1 google.com.,IN,A,57,216.58.211.142 0 0 -[97] 2018-01-10 11:22:42.968961 [#63 dnso1tcp-bighole.pcap-dist 4095] \ +[97] 2018-01-10 11:22:42.968961 [#63 dnso1tcp-bighole.pcap 4095] \ [172.17.0.8].51388 [8.8.8.8].53 -[97] 2018-01-10 11:22:42.968961 [#63 dnso1tcp-bighole.pcap-dist 4095] \ +[97] 2018-01-10 11:22:42.968961 [#63 dnso1tcp-bighole.pcap 4095] \ [172.17.0.8].51388 [8.8.8.8].53 \ dns QUERY,NOERROR,25911,rd \ 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 -[197] 2018-01-10 11:22:42.972662 [#65 dnso1tcp-bighole.pcap-dist 4095] \ +[197] 2018-01-10 11:22:42.972662 [#65 dnso1tcp-bighole.pcap 4095] \ [8.8.8.8].53 [172.17.0.8].51388 \ dns QUERY,NOERROR,25911,qr|rd|ra \ 1 206.218.58.216.in-addr.arpa.,IN,PTR \ @@ -298,24 +298,24 @@ 206.218.58.216.in-addr.arpa.,IN,PTR,21597,dfw06s47-in-f14.1e100.net. \ 206.218.58.216.in-addr.arpa.,IN,PTR,21597,dfw06s47-in-f206.1e100.net. \ 206.218.58.216.in-addr.arpa.,IN,PTR,21597,dfw06s47-in-f14.1e100.net. 0 0 -[80] 2018-01-10 11:22:43.017364 [#66 dnso1tcp-bighole.pcap-dist 4095] \ +[80] 2018-01-10 11:22:43.017364 [#66 dnso1tcp-bighole.pcap 4095] \ [172.17.0.8].51388 [8.8.8.8].53 -[80] 2018-01-10 11:22:43.017364 [#66 dnso1tcp-bighole.pcap-dist 4095] \ +[80] 2018-01-10 11:22:43.017364 [#66 dnso1tcp-bighole.pcap 4095] \ [172.17.0.8].51388 [8.8.8.8].53 \ dns QUERY,NOERROR,64358,rd \ 1 google.com.,IN,A 0 0 0 -[98] 2018-01-10 11:22:43.022591 [#68 dnso1tcp-bighole.pcap-dist 4095] \ +[98] 2018-01-10 11:22:43.022591 [#68 dnso1tcp-bighole.pcap 4095] \ [8.8.8.8].53 [172.17.0.8].51388 \ dns QUERY,NOERROR,64358,qr|rd|ra \ 1 google.com.,IN,A \ 1 google.com.,IN,A,56,216.58.211.142 0 0 -[97] 2018-01-10 11:22:43.066765 [#69 dnso1tcp-bighole.pcap-dist 4095] \ +[97] 2018-01-10 11:22:43.066765 [#69 dnso1tcp-bighole.pcap 4095] \ [172.17.0.8].51388 [8.8.8.8].53 -[97] 2018-01-10 11:22:43.066765 [#69 dnso1tcp-bighole.pcap-dist 4095] \ +[97] 2018-01-10 11:22:43.066765 [#69 dnso1tcp-bighole.pcap 4095] \ [172.17.0.8].51388 [8.8.8.8].53 \ dns QUERY,NOERROR,37698,rd \ 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 -[197] 2018-01-10 11:22:43.070349 [#71 dnso1tcp-bighole.pcap-dist 4095] \ +[197] 2018-01-10 11:22:43.070349 [#71 dnso1tcp-bighole.pcap 4095] \ [8.8.8.8].53 [172.17.0.8].51388 \ dns QUERY,NOERROR,37698,qr|rd|ra \ 1 206.218.58.216.in-addr.arpa.,IN,PTR \ @@ -323,24 +323,24 @@ 206.218.58.216.in-addr.arpa.,IN,PTR,21597,dfw06s47-in-f14.1e100.net. \ 206.218.58.216.in-addr.arpa.,IN,PTR,21597,dfw06s47-in-f206.1e100.net. \ 206.218.58.216.in-addr.arpa.,IN,PTR,21597,dfw06s47-in-f14.1e100.net. 0 0 -[80] 2018-01-10 11:22:43.114332 [#72 dnso1tcp-bighole.pcap-dist 4095] \ +[80] 2018-01-10 11:22:43.114332 [#72 dnso1tcp-bighole.pcap 4095] \ [172.17.0.8].51388 [8.8.8.8].53 -[80] 2018-01-10 11:22:43.114332 [#72 dnso1tcp-bighole.pcap-dist 4095] \ +[80] 2018-01-10 11:22:43.114332 [#72 dnso1tcp-bighole.pcap 4095] \ [172.17.0.8].51388 [8.8.8.8].53 \ dns QUERY,NOERROR,54706,rd \ 1 google.com.,IN,A 0 0 0 -[98] 2018-01-10 11:22:43.119538 [#74 dnso1tcp-bighole.pcap-dist 4095] \ +[98] 2018-01-10 11:22:43.119538 [#74 dnso1tcp-bighole.pcap 4095] \ [8.8.8.8].53 [172.17.0.8].51388 \ dns QUERY,NOERROR,54706,qr|rd|ra \ 1 google.com.,IN,A \ 1 google.com.,IN,A,56,216.58.211.142 0 0 -[97] 2018-01-10 11:22:43.163857 [#75 dnso1tcp-bighole.pcap-dist 4095] \ +[97] 2018-01-10 11:22:43.163857 [#75 dnso1tcp-bighole.pcap 4095] \ [172.17.0.8].51388 [8.8.8.8].53 -[97] 2018-01-10 11:22:43.163857 [#75 dnso1tcp-bighole.pcap-dist 4095] \ +[97] 2018-01-10 11:22:43.163857 [#75 dnso1tcp-bighole.pcap 4095] \ [172.17.0.8].51388 [8.8.8.8].53 \ dns QUERY,NOERROR,32142,rd \ 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 -[197] 2018-01-10 11:22:43.167576 [#77 dnso1tcp-bighole.pcap-dist 4095] \ +[197] 2018-01-10 11:22:43.167576 [#77 dnso1tcp-bighole.pcap 4095] \ [8.8.8.8].53 [172.17.0.8].51388 \ dns QUERY,NOERROR,32142,qr|rd|ra \ 1 206.218.58.216.in-addr.arpa.,IN,PTR \ @@ -348,24 +348,24 @@ 206.218.58.216.in-addr.arpa.,IN,PTR,21597,dfw06s47-in-f14.1e100.net. \ 206.218.58.216.in-addr.arpa.,IN,PTR,21597,dfw06s47-in-f206.1e100.net. \ 206.218.58.216.in-addr.arpa.,IN,PTR,21597,dfw06s47-in-f14.1e100.net. 0 0 -[80] 2018-01-10 11:22:43.211417 [#78 dnso1tcp-bighole.pcap-dist 4095] \ +[80] 2018-01-10 11:22:43.211417 [#78 dnso1tcp-bighole.pcap 4095] \ [172.17.0.8].51388 [8.8.8.8].53 -[80] 2018-01-10 11:22:43.211417 [#78 dnso1tcp-bighole.pcap-dist 4095] \ +[80] 2018-01-10 11:22:43.211417 [#78 dnso1tcp-bighole.pcap 4095] \ [172.17.0.8].51388 [8.8.8.8].53 \ dns QUERY,NOERROR,41808,rd \ 1 google.com.,IN,A 0 0 0 -[98] 2018-01-10 11:22:43.216686 [#80 dnso1tcp-bighole.pcap-dist 4095] \ +[98] 2018-01-10 11:22:43.216686 [#80 dnso1tcp-bighole.pcap 4095] \ [8.8.8.8].53 [172.17.0.8].51388 \ dns QUERY,NOERROR,41808,qr|rd|ra \ 1 google.com.,IN,A \ 1 google.com.,IN,A,56,216.58.211.142 0 0 -[97] 2018-01-10 11:22:43.260995 [#81 dnso1tcp-bighole.pcap-dist 4095] \ +[97] 2018-01-10 11:22:43.260995 [#81 dnso1tcp-bighole.pcap 4095] \ [172.17.0.8].51388 [8.8.8.8].53 -[97] 2018-01-10 11:22:43.260995 [#81 dnso1tcp-bighole.pcap-dist 4095] \ +[97] 2018-01-10 11:22:43.260995 [#81 dnso1tcp-bighole.pcap 4095] \ [172.17.0.8].51388 [8.8.8.8].53 \ dns QUERY,NOERROR,18886,rd \ 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 -[197] 2018-01-10 11:22:43.265047 [#83 dnso1tcp-bighole.pcap-dist 4095] \ +[197] 2018-01-10 11:22:43.265047 [#83 dnso1tcp-bighole.pcap 4095] \ [8.8.8.8].53 [172.17.0.8].51388 \ dns QUERY,NOERROR,18886,qr|rd|ra \ 1 206.218.58.216.in-addr.arpa.,IN,PTR \ @@ -373,24 +373,24 @@ 206.218.58.216.in-addr.arpa.,IN,PTR,21597,dfw06s47-in-f14.1e100.net. \ 206.218.58.216.in-addr.arpa.,IN,PTR,21597,dfw06s47-in-f206.1e100.net. \ 206.218.58.216.in-addr.arpa.,IN,PTR,21597,dfw06s47-in-f14.1e100.net. 0 0 -[80] 2018-01-10 11:22:43.310017 [#84 dnso1tcp-bighole.pcap-dist 4095] \ +[80] 2018-01-10 11:22:43.310017 [#84 dnso1tcp-bighole.pcap 4095] \ [172.17.0.8].51388 [8.8.8.8].53 -[80] 2018-01-10 11:22:43.310017 [#84 dnso1tcp-bighole.pcap-dist 4095] \ +[80] 2018-01-10 11:22:43.310017 [#84 dnso1tcp-bighole.pcap 4095] \ [172.17.0.8].51388 [8.8.8.8].53 \ dns QUERY,NOERROR,10624,rd \ 1 google.com.,IN,A 0 0 0 -[98] 2018-01-10 11:22:43.313596 [#86 dnso1tcp-bighole.pcap-dist 4095] \ +[98] 2018-01-10 11:22:43.313596 [#86 dnso1tcp-bighole.pcap 4095] \ [8.8.8.8].53 [172.17.0.8].51388 \ dns QUERY,NOERROR,10624,qr|rd|ra \ 1 google.com.,IN,A \ 1 google.com.,IN,A,56,216.58.211.142 0 0 -[97] 2018-01-10 11:22:43.356802 [#87 dnso1tcp-bighole.pcap-dist 4095] \ +[97] 2018-01-10 11:22:43.356802 [#87 dnso1tcp-bighole.pcap 4095] \ [172.17.0.8].51388 [8.8.8.8].53 -[97] 2018-01-10 11:22:43.356802 [#87 dnso1tcp-bighole.pcap-dist 4095] \ +[97] 2018-01-10 11:22:43.356802 [#87 dnso1tcp-bighole.pcap 4095] \ [172.17.0.8].51388 [8.8.8.8].53 \ dns QUERY,NOERROR,33139,rd \ 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 -[197] 2018-01-10 11:22:43.360685 [#89 dnso1tcp-bighole.pcap-dist 4095] \ +[197] 2018-01-10 11:22:43.360685 [#89 dnso1tcp-bighole.pcap 4095] \ [8.8.8.8].53 [172.17.0.8].51388 \ dns QUERY,NOERROR,33139,qr|rd|ra \ 1 206.218.58.216.in-addr.arpa.,IN,PTR \ @@ -398,24 +398,24 @@ 206.218.58.216.in-addr.arpa.,IN,PTR,21597,dfw06s47-in-f14.1e100.net. \ 206.218.58.216.in-addr.arpa.,IN,PTR,21597,dfw06s47-in-f206.1e100.net. \ 206.218.58.216.in-addr.arpa.,IN,PTR,21597,dfw06s47-in-f14.1e100.net. 0 0 -[80] 2018-01-10 11:22:43.406308 [#90 dnso1tcp-bighole.pcap-dist 4095] \ +[80] 2018-01-10 11:22:43.406308 [#90 dnso1tcp-bighole.pcap 4095] \ [172.17.0.8].51388 [8.8.8.8].53 -[80] 2018-01-10 11:22:43.406308 [#90 dnso1tcp-bighole.pcap-dist 4095] \ +[80] 2018-01-10 11:22:43.406308 [#90 dnso1tcp-bighole.pcap 4095] \ [172.17.0.8].51388 [8.8.8.8].53 \ dns QUERY,NOERROR,61415,rd \ 1 google.com.,IN,A 0 0 0 -[98] 2018-01-10 11:22:43.410191 [#92 dnso1tcp-bighole.pcap-dist 4095] \ +[98] 2018-01-10 11:22:43.410191 [#92 dnso1tcp-bighole.pcap 4095] \ [8.8.8.8].53 [172.17.0.8].51388 \ dns QUERY,NOERROR,61415,qr|rd|ra \ 1 google.com.,IN,A \ 1 google.com.,IN,A,56,216.58.211.142 0 0 -[97] 2018-01-10 11:22:43.454193 [#93 dnso1tcp-bighole.pcap-dist 4095] \ +[97] 2018-01-10 11:22:43.454193 [#93 dnso1tcp-bighole.pcap 4095] \ [172.17.0.8].51388 [8.8.8.8].53 -[97] 2018-01-10 11:22:43.454193 [#93 dnso1tcp-bighole.pcap-dist 4095] \ +[97] 2018-01-10 11:22:43.454193 [#93 dnso1tcp-bighole.pcap 4095] \ [172.17.0.8].51388 [8.8.8.8].53 \ dns QUERY,NOERROR,59258,rd \ 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 -[197] 2018-01-10 11:22:43.458191 [#95 dnso1tcp-bighole.pcap-dist 4095] \ +[197] 2018-01-10 11:22:43.458191 [#95 dnso1tcp-bighole.pcap 4095] \ [8.8.8.8].53 [172.17.0.8].51388 \ dns QUERY,NOERROR,59258,qr|rd|ra \ 1 206.218.58.216.in-addr.arpa.,IN,PTR \ @@ -423,18 +423,18 @@ 206.218.58.216.in-addr.arpa.,IN,PTR,21597,dfw06s47-in-f14.1e100.net. \ 206.218.58.216.in-addr.arpa.,IN,PTR,21597,dfw06s47-in-f206.1e100.net. \ 206.218.58.216.in-addr.arpa.,IN,PTR,21597,dfw06s47-in-f14.1e100.net. 0 0 -[80] 2018-01-10 11:22:43.503242 [#96 dnso1tcp-bighole.pcap-dist 4095] \ +[80] 2018-01-10 11:22:43.503242 [#96 dnso1tcp-bighole.pcap 4095] \ [172.17.0.8].51388 [8.8.8.8].53 -[80] 2018-01-10 11:22:43.503242 [#96 dnso1tcp-bighole.pcap-dist 4095] \ +[80] 2018-01-10 11:22:43.503242 [#96 dnso1tcp-bighole.pcap 4095] \ [172.17.0.8].51388 [8.8.8.8].53 \ dns QUERY,NOERROR,17700,rd \ 1 google.com.,IN,A 0 0 0 -[98] 2018-01-10 11:22:43.506884 [#98 dnso1tcp-bighole.pcap-dist 4095] \ +[98] 2018-01-10 11:22:43.506884 [#98 dnso1tcp-bighole.pcap 4095] \ [8.8.8.8].53 [172.17.0.8].51388 \ dns QUERY,NOERROR,17700,qr|rd|ra \ 1 google.com.,IN,A \ 1 google.com.,IN,A,56,216.58.211.142 0 0 -[52] 2018-01-10 11:22:43.507821 [#99 dnso1tcp-bighole.pcap-dist 4095] \ +[52] 2018-01-10 11:22:43.507821 [#99 dnso1tcp-bighole.pcap 4095] \ [172.17.0.8].51388 [8.8.8.8].53 -[52] 2018-01-10 11:22:43.511351 [#100 dnso1tcp-bighole.pcap-dist 4095] \ +[52] 2018-01-10 11:22:43.511351 [#100 dnso1tcp-bighole.pcap 4095] \ [8.8.8.8].53 [172.17.0.8].51388 diff --git a/src/test/test8.sh b/src/test/test8.sh index e091ff69..99c726e2 100755 --- a/src/test/test8.sh +++ b/src/test/test8.sh @@ -2,12 +2,16 @@ rm -f test8.out test8.layer.out -for what in dnsotcp-many1pkt.pcap-dist dnsotcp-manyopkts.pcap-dist; do +for what in dnsotcp-many1pkt.pcap dnsotcp-manyopkts.pcap; do + test -e "$what" || ln -s "$srcdir/$what" "$what" + ../dnscap -r "$what" -g -T -o reassemble_tcp=yes 2>>test8.out ../dnscap -r "$what" -g -T -o reassemble_tcp=yes -o use_layers=yes 2>>test8.layer.out done -for what in dnso1tcp-bighole.pcap-dist; do +for what in dnso1tcp-bighole.pcap; do + test -e "$what" || ln -s "$srcdir/$what" "$what" + ../dnscap -r "$what" -g -T -o reassemble_tcp=yes -o allow_reset_tcpstate=yes 2>>test8.out ../dnscap -r "$what" -g -T -o reassemble_tcp=yes -o allow_reset_tcpstate=yes -o use_layers=yes 2>>test8.layer.out done diff --git a/src/test/test9.gold b/src/test/test9.gold index 1c50c703..f3f69bfb 100644 --- a/src/test/test9.gold +++ b/src/test/test9.gold @@ -1,8 +1,8 @@ -[56] 2016-10-20 15:23:52.860937 [#0 dns.pcap-dist 4095] \ +[56] 2016-10-20 15:23:52.860937 [#0 dns.pcap 4095] \ [172.17.0.10].40953 [8.8.8.8].53 \ dns QUERY,NOERROR,22531,rd \ 1 google.com.,IN,A 0 0 0 -[208] 2016-10-20 15:23:52.863771 [#1 dns.pcap-dist 4095] \ +[208] 2016-10-20 15:23:52.863771 [#1 dns.pcap 4095] \ [8.8.8.8].53 [172.17.0.10].40953 \ dns QUERY,NOERROR,22531,qr|rd|ra \ 1 google.com.,IN,A \ @@ -15,11 +15,11 @@ ns1.google.com.,IN,A,331830,216.239.32.10 \ ns3.google.com.,IN,A,157828,216.239.36.10 \ ns4.google.com.,IN,A,157828,216.239.38.10 -[56] 2016-10-20 15:23:59.083869 [#2 dns.pcap-dist 4095] \ +[56] 2016-10-20 15:23:59.083869 [#2 dns.pcap 4095] \ [172.17.0.10].45174 [8.8.8.8].53 \ dns QUERY,NOERROR,58510,rd \ 1 google.com.,IN,A 0 0 0 -[208] 2016-10-20 15:23:59.086104 [#3 dns.pcap-dist 4095] \ +[208] 2016-10-20 15:23:59.086104 [#3 dns.pcap 4095] \ [8.8.8.8].53 [172.17.0.10].45174 \ dns QUERY,NOERROR,58510,qr|rd|ra \ 1 google.com.,IN,A \ @@ -32,11 +32,11 @@ ns1.google.com.,IN,A,331824,216.239.32.10 \ ns3.google.com.,IN,A,157822,216.239.36.10 \ ns4.google.com.,IN,A,157822,216.239.38.10 -[73] 2016-10-20 15:23:59.090911 [#4 dns.pcap-dist 4095] \ +[73] 2016-10-20 15:23:59.090911 [#4 dns.pcap 4095] \ [172.17.0.10].33916 [8.8.8.8].53 \ dns QUERY,NOERROR,45248,rd \ 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 -[289] 2016-10-20 15:23:59.092204 [#5 dns.pcap-dist 4095] \ +[289] 2016-10-20 15:23:59.092204 [#5 dns.pcap 4095] \ [8.8.8.8].53 [172.17.0.10].33916 \ dns QUERY,NOERROR,45248,qr|rd|ra \ 1 206.218.58.216.in-addr.arpa.,IN,PTR \ @@ -50,11 +50,11 @@ ns3.google.com.,IN,A,157822,216.239.36.10 \ ns4.google.com.,IN,A,157822,216.239.38.10 \ ns2.google.com.,IN,A,157822,216.239.34.10 -[56] 2016-10-20 15:23:52.860937 [#0 dns.pcap-dist 4095] \ +[56] 2016-10-20 15:23:52.860937 [#0 dns.pcap 4095] \ [172.17.0.10].40953 [8.8.8.8].53 \ dns QUERY,NOERROR,22531,rd \ 1 google.com.,IN,A 0 0 0 -[208] 2016-10-20 15:23:52.863771 [#1 dns.pcap-dist 4095] \ +[208] 2016-10-20 15:23:52.863771 [#1 dns.pcap 4095] \ [8.8.8.8].53 [172.17.0.10].40953 \ dns QUERY,NOERROR,22531,qr|rd|ra \ 1 google.com.,IN,A \ @@ -67,11 +67,11 @@ ns1.google.com.,IN,A,331830,216.239.32.10 \ ns3.google.com.,IN,A,157828,216.239.36.10 \ ns4.google.com.,IN,A,157828,216.239.38.10 -[56] 2016-10-20 15:23:59.083869 [#2 dns.pcap-dist 4095] \ +[56] 2016-10-20 15:23:59.083869 [#2 dns.pcap 4095] \ [172.17.0.10].45174 [8.8.8.8].53 \ dns QUERY,NOERROR,58510,rd \ 1 google.com.,IN,A 0 0 0 -[208] 2016-10-20 15:23:59.086104 [#3 dns.pcap-dist 4095] \ +[208] 2016-10-20 15:23:59.086104 [#3 dns.pcap 4095] \ [8.8.8.8].53 [172.17.0.10].45174 \ dns QUERY,NOERROR,58510,qr|rd|ra \ 1 google.com.,IN,A \ @@ -84,11 +84,11 @@ ns1.google.com.,IN,A,331824,216.239.32.10 \ ns3.google.com.,IN,A,157822,216.239.36.10 \ ns4.google.com.,IN,A,157822,216.239.38.10 -[73] 2016-10-20 15:23:59.090911 [#4 dns.pcap-dist 4095] \ +[73] 2016-10-20 15:23:59.090911 [#4 dns.pcap 4095] \ [172.17.0.10].33916 [8.8.8.8].53 \ dns QUERY,NOERROR,45248,rd \ 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 -[289] 2016-10-20 15:23:59.092204 [#5 dns.pcap-dist 4095] \ +[289] 2016-10-20 15:23:59.092204 [#5 dns.pcap 4095] \ [8.8.8.8].53 [172.17.0.10].33916 \ dns QUERY,NOERROR,45248,qr|rd|ra \ 1 206.218.58.216.in-addr.arpa.,IN,PTR \ diff --git a/src/test/test9.sh b/src/test/test9.sh index aff76105..34782568 100755 --- a/src/test/test9.sh +++ b/src/test/test9.sh @@ -1,6 +1,8 @@ #!/bin/sh -xe -../dnscap -r dns.pcap-dist -g -B '2016-10-20 15:23:30' -E '2016-10-20 15:24:00' 2>test9.out -../dnscap -r dns.pcap-dist -o use_layers=yes -g -B '2016-10-20 15:23:30' -E '2016-10-20 15:24:00' 2>>test9.out +test -e dns.pcap || ln -s "$srcdir/dns.pcap" dns.pcap + +../dnscap -r dns.pcap -g -B '2016-10-20 15:23:30' -E '2016-10-20 15:24:00' 2>test9.out +../dnscap -r dns.pcap -o use_layers=yes -g -B '2016-10-20 15:23:30' -E '2016-10-20 15:24:00' 2>>test9.out diff test9.out "$srcdir/test9.gold" diff --git a/src/test/test_regex_match.gold b/src/test/test_regex_match.gold index 891f7318..7037e48d 100644 --- a/src/test/test_regex_match.gold +++ b/src/test/test_regex_match.gold @@ -1,4 +1,4 @@ -[208] 2016-10-20 15:23:01.077982 [#0 dns.pcap-dist 4095] \ +[208] 2016-10-20 15:23:01.077982 [#0 dns.pcap 4095] \ [8.8.8.8].53 [172.17.0.10].53199 \ dns QUERY,NOERROR,59311,qr|rd|ra \ 1 google.com.,IN,A \ @@ -11,7 +11,7 @@ ns1.google.com.,IN,A,331882,216.239.32.10 \ ns3.google.com.,IN,A,157880,216.239.36.10 \ ns4.google.com.,IN,A,157880,216.239.38.10 -[289] 2016-10-20 15:23:01.084107 [#1 dns.pcap-dist 4095] \ +[289] 2016-10-20 15:23:01.084107 [#1 dns.pcap 4095] \ [8.8.8.8].53 [172.17.0.10].57822 \ dns QUERY,NOERROR,35665,qr|rd|ra \ 1 206.218.58.216.in-addr.arpa.,IN,PTR \ @@ -25,7 +25,7 @@ ns3.google.com.,IN,A,157880,216.239.36.10 \ ns4.google.com.,IN,A,157880,216.239.38.10 \ ns2.google.com.,IN,A,157880,216.239.34.10 -[208] 2016-10-20 15:23:01.088733 [#2 dns.pcap-dist 4095] \ +[208] 2016-10-20 15:23:01.088733 [#2 dns.pcap 4095] \ [8.8.8.8].53 [172.17.0.10].40043 \ dns QUERY,NOERROR,5337,qr|rd|ra \ 1 google.com.,IN,A \ @@ -38,7 +38,7 @@ ns1.google.com.,IN,A,331882,216.239.32.10 \ ns3.google.com.,IN,A,157880,216.239.36.10 \ ns4.google.com.,IN,A,157880,216.239.38.10 -[208] 2016-10-20 15:23:10.323399 [#3 dns.pcap-dist 4095] \ +[208] 2016-10-20 15:23:10.323399 [#3 dns.pcap 4095] \ [8.8.8.8].53 [172.17.0.10].37953 \ dns QUERY,NOERROR,22982,qr|rd|ra \ 1 google.com.,IN,A \ @@ -51,7 +51,7 @@ ns1.google.com.,IN,A,331872,216.239.32.10 \ ns3.google.com.,IN,A,157870,216.239.36.10 \ ns4.google.com.,IN,A,157870,216.239.38.10 -[289] 2016-10-20 15:23:10.329572 [#4 dns.pcap-dist 4095] \ +[289] 2016-10-20 15:23:10.329572 [#4 dns.pcap 4095] \ [8.8.8.8].53 [172.17.0.10].48658 \ dns QUERY,NOERROR,18718,qr|rd|ra \ 1 206.218.58.216.in-addr.arpa.,IN,PTR \ @@ -65,7 +65,7 @@ ns3.google.com.,IN,A,157870,216.239.36.10 \ ns4.google.com.,IN,A,157870,216.239.38.10 \ ns2.google.com.,IN,A,157870,216.239.34.10 -[208] 2016-10-20 15:23:52.863771 [#5 dns.pcap-dist 4095] \ +[208] 2016-10-20 15:23:52.863771 [#5 dns.pcap 4095] \ [8.8.8.8].53 [172.17.0.10].40953 \ dns QUERY,NOERROR,22531,qr|rd|ra \ 1 google.com.,IN,A \ @@ -78,7 +78,7 @@ ns1.google.com.,IN,A,331830,216.239.32.10 \ ns3.google.com.,IN,A,157828,216.239.36.10 \ ns4.google.com.,IN,A,157828,216.239.38.10 -[208] 2016-10-20 15:23:59.086104 [#6 dns.pcap-dist 4095] \ +[208] 2016-10-20 15:23:59.086104 [#6 dns.pcap 4095] \ [8.8.8.8].53 [172.17.0.10].45174 \ dns QUERY,NOERROR,58510,qr|rd|ra \ 1 google.com.,IN,A \ @@ -91,7 +91,7 @@ ns1.google.com.,IN,A,331824,216.239.32.10 \ ns3.google.com.,IN,A,157822,216.239.36.10 \ ns4.google.com.,IN,A,157822,216.239.38.10 -[289] 2016-10-20 15:23:59.092204 [#7 dns.pcap-dist 4095] \ +[289] 2016-10-20 15:23:59.092204 [#7 dns.pcap 4095] \ [8.8.8.8].53 [172.17.0.10].33916 \ dns QUERY,NOERROR,45248,qr|rd|ra \ 1 206.218.58.216.in-addr.arpa.,IN,PTR \ @@ -105,7 +105,7 @@ ns3.google.com.,IN,A,157822,216.239.36.10 \ ns4.google.com.,IN,A,157822,216.239.38.10 \ ns2.google.com.,IN,A,157822,216.239.34.10 -[208] 2016-10-20 15:24:04.325597 [#8 dns.pcap-dist 4095] \ +[208] 2016-10-20 15:24:04.325597 [#8 dns.pcap 4095] \ [8.8.8.8].53 [172.17.0.10].43559 \ dns QUERY,NOERROR,49483,qr|rd|ra \ 1 google.com.,IN,A \ @@ -118,7 +118,7 @@ ns1.google.com.,IN,A,331818,216.239.32.10 \ ns3.google.com.,IN,A,157816,216.239.36.10 \ ns4.google.com.,IN,A,157816,216.239.38.10 -[208] 2016-10-20 15:24:06.333743 [#9 dns.pcap-dist 4095] \ +[208] 2016-10-20 15:24:06.333743 [#9 dns.pcap 4095] \ [8.8.8.8].53 [172.17.0.10].54859 \ dns QUERY,NOERROR,31669,qr|rd|ra \ 1 google.com.,IN,A \ @@ -131,7 +131,7 @@ ns1.google.com.,IN,A,331816,216.239.32.10 \ ns3.google.com.,IN,A,157814,216.239.36.10 \ ns4.google.com.,IN,A,157814,216.239.38.10 -[289] 2016-10-20 15:24:06.340820 [#10 dns.pcap-dist 4095] \ +[289] 2016-10-20 15:24:06.340820 [#10 dns.pcap 4095] \ [8.8.8.8].53 [172.17.0.10].58176 \ dns QUERY,NOERROR,25433,qr|rd|ra \ 1 206.218.58.216.in-addr.arpa.,IN,PTR \ @@ -145,7 +145,7 @@ ns3.google.com.,IN,A,157814,216.239.36.10 \ ns4.google.com.,IN,A,157814,216.239.38.10 \ ns2.google.com.,IN,A,157814,216.239.34.10 -[208] 2016-10-20 15:24:07.348160 [#11 dns.pcap-dist 4095] \ +[208] 2016-10-20 15:24:07.348160 [#11 dns.pcap 4095] \ [8.8.8.8].53 [172.17.0.10].41266 \ dns QUERY,NOERROR,63798,qr|rd|ra \ 1 google.com.,IN,A \ @@ -158,7 +158,7 @@ ns1.google.com.,IN,A,331815,216.239.32.10 \ ns3.google.com.,IN,A,157813,216.239.36.10 \ ns4.google.com.,IN,A,157813,216.239.38.10 -[289] 2016-10-20 15:24:07.354682 [#12 dns.pcap-dist 4095] \ +[289] 2016-10-20 15:24:07.354682 [#12 dns.pcap 4095] \ [8.8.8.8].53 [172.17.0.10].34607 \ dns QUERY,NOERROR,8470,qr|rd|ra \ 1 206.218.58.216.in-addr.arpa.,IN,PTR \ @@ -172,7 +172,7 @@ ns3.google.com.,IN,A,157813,216.239.36.10 \ ns4.google.com.,IN,A,157813,216.239.38.10 \ ns2.google.com.,IN,A,157813,216.239.34.10 -[208] 2016-10-20 15:24:08.362206 [#13 dns.pcap-dist 4095] \ +[208] 2016-10-20 15:24:08.362206 [#13 dns.pcap 4095] \ [8.8.8.8].53 [172.17.0.10].60437 \ dns QUERY,NOERROR,60258,qr|rd|ra \ 1 google.com.,IN,A \ @@ -185,7 +185,7 @@ ns1.google.com.,IN,A,331814,216.239.32.10 \ ns3.google.com.,IN,A,157812,216.239.36.10 \ ns4.google.com.,IN,A,157812,216.239.38.10 -[289] 2016-10-20 15:24:08.370119 [#14 dns.pcap-dist 4095] \ +[289] 2016-10-20 15:24:08.370119 [#14 dns.pcap 4095] \ [8.8.8.8].53 [172.17.0.10].37149 \ dns QUERY,NOERROR,44985,qr|rd|ra \ 1 206.218.58.216.in-addr.arpa.,IN,PTR \ @@ -199,7 +199,7 @@ ns3.google.com.,IN,A,157812,216.239.36.10 \ ns4.google.com.,IN,A,157812,216.239.38.10 \ ns2.google.com.,IN,A,157812,216.239.34.10 -[208] 2016-10-20 15:24:09.378425 [#15 dns.pcap-dist 4095] \ +[208] 2016-10-20 15:24:09.378425 [#15 dns.pcap 4095] \ [8.8.8.8].53 [172.17.0.10].53820 \ dns QUERY,NOERROR,45512,qr|rd|ra \ 1 google.com.,IN,A \ @@ -212,7 +212,7 @@ ns1.google.com.,IN,A,331813,216.239.32.10 \ ns3.google.com.,IN,A,157811,216.239.36.10 \ ns4.google.com.,IN,A,157811,216.239.38.10 -[289] 2016-10-20 15:24:09.385463 [#16 dns.pcap-dist 4095] \ +[289] 2016-10-20 15:24:09.385463 [#16 dns.pcap 4095] \ [8.8.8.8].53 [172.17.0.10].52368 \ dns QUERY,NOERROR,22980,qr|rd|ra \ 1 206.218.58.216.in-addr.arpa.,IN,PTR \ @@ -226,7 +226,7 @@ ns3.google.com.,IN,A,157811,216.239.36.10 \ ns4.google.com.,IN,A,157811,216.239.38.10 \ ns2.google.com.,IN,A,157811,216.239.34.10 -[208] 2016-10-20 15:24:10.392886 [#17 dns.pcap-dist 4095] \ +[208] 2016-10-20 15:24:10.392886 [#17 dns.pcap 4095] \ [8.8.8.8].53 [172.17.0.10].47637 \ dns QUERY,NOERROR,1834,qr|rd|ra \ 1 google.com.,IN,A \ @@ -239,7 +239,7 @@ ns1.google.com.,IN,A,331812,216.239.32.10 \ ns3.google.com.,IN,A,157810,216.239.36.10 \ ns4.google.com.,IN,A,157810,216.239.38.10 -[289] 2016-10-20 15:24:10.400317 [#18 dns.pcap-dist 4095] \ +[289] 2016-10-20 15:24:10.400317 [#18 dns.pcap 4095] \ [8.8.8.8].53 [172.17.0.10].34426 \ dns QUERY,NOERROR,25431,qr|rd|ra \ 1 206.218.58.216.in-addr.arpa.,IN,PTR \ @@ -253,7 +253,7 @@ ns3.google.com.,IN,A,157810,216.239.36.10 \ ns4.google.com.,IN,A,157810,216.239.38.10 \ ns2.google.com.,IN,A,157810,216.239.34.10 -[208] 2016-10-20 15:24:11.407460 [#19 dns.pcap-dist 4095] \ +[208] 2016-10-20 15:24:11.407460 [#19 dns.pcap 4095] \ [8.8.8.8].53 [172.17.0.10].41059 \ dns QUERY,NOERROR,48432,qr|rd|ra \ 1 google.com.,IN,A \ @@ -266,7 +266,7 @@ ns1.google.com.,IN,A,331811,216.239.32.10 \ ns3.google.com.,IN,A,157809,216.239.36.10 \ ns4.google.com.,IN,A,157809,216.239.38.10 -[289] 2016-10-20 15:24:11.413370 [#20 dns.pcap-dist 4095] \ +[289] 2016-10-20 15:24:11.413370 [#20 dns.pcap 4095] \ [8.8.8.8].53 [172.17.0.10].51181 \ dns QUERY,NOERROR,47411,qr|rd|ra \ 1 206.218.58.216.in-addr.arpa.,IN,PTR \ @@ -280,7 +280,7 @@ ns3.google.com.,IN,A,157809,216.239.36.10 \ ns4.google.com.,IN,A,157809,216.239.38.10 \ ns2.google.com.,IN,A,157809,216.239.34.10 -[208] 2016-10-20 15:24:12.421228 [#21 dns.pcap-dist 4095] \ +[208] 2016-10-20 15:24:12.421228 [#21 dns.pcap 4095] \ [8.8.8.8].53 [172.17.0.10].32976 \ dns QUERY,NOERROR,12038,qr|rd|ra \ 1 google.com.,IN,A \ @@ -293,7 +293,7 @@ ns1.google.com.,IN,A,331810,216.239.32.10 \ ns3.google.com.,IN,A,157808,216.239.36.10 \ ns4.google.com.,IN,A,157808,216.239.38.10 -[208] 2016-10-20 15:24:14.429863 [#22 dns.pcap-dist 4095] \ +[208] 2016-10-20 15:24:14.429863 [#22 dns.pcap 4095] \ [8.8.8.8].53 [172.17.0.10].53467 \ dns QUERY,NOERROR,11614,qr|rd|ra \ 1 google.com.,IN,A \ @@ -306,7 +306,7 @@ ns1.google.com.,IN,A,331808,216.239.32.10 \ ns3.google.com.,IN,A,157806,216.239.36.10 \ ns4.google.com.,IN,A,157806,216.239.38.10 -[208] 2016-10-20 15:24:16.437471 [#23 dns.pcap-dist 4095] \ +[208] 2016-10-20 15:24:16.437471 [#23 dns.pcap 4095] \ [8.8.8.8].53 [172.17.0.10].41532 \ dns QUERY,NOERROR,59173,qr|rd|ra \ 1 google.com.,IN,A \ @@ -319,7 +319,7 @@ ns1.google.com.,IN,A,331806,216.239.32.10 \ ns3.google.com.,IN,A,157804,216.239.36.10 \ ns4.google.com.,IN,A,157804,216.239.38.10 -[208] 2016-10-20 15:24:18.446775 [#24 dns.pcap-dist 4095] \ +[208] 2016-10-20 15:24:18.446775 [#24 dns.pcap 4095] \ [8.8.8.8].53 [172.17.0.10].44982 \ dns QUERY,NOERROR,45535,qr|rd|ra \ 1 google.com.,IN,A \ @@ -332,7 +332,7 @@ ns1.google.com.,IN,A,331804,216.239.32.10 \ ns3.google.com.,IN,A,157802,216.239.36.10 \ ns4.google.com.,IN,A,157802,216.239.38.10 -[289] 2016-10-20 15:24:18.454030 [#25 dns.pcap-dist 4095] \ +[289] 2016-10-20 15:24:18.454030 [#25 dns.pcap 4095] \ [8.8.8.8].53 [172.17.0.10].40224 \ dns QUERY,NOERROR,60808,qr|rd|ra \ 1 206.218.58.216.in-addr.arpa.,IN,PTR \ @@ -346,7 +346,7 @@ ns3.google.com.,IN,A,157802,216.239.36.10 \ ns4.google.com.,IN,A,157802,216.239.38.10 \ ns2.google.com.,IN,A,157802,216.239.34.10 -[208] 2016-10-20 15:24:19.462224 [#26 dns.pcap-dist 4095] \ +[208] 2016-10-20 15:24:19.462224 [#26 dns.pcap 4095] \ [8.8.8.8].53 [172.17.0.10].45658 \ dns QUERY,NOERROR,64325,qr|rd|ra \ 1 google.com.,IN,A \ @@ -359,7 +359,7 @@ ns1.google.com.,IN,A,331803,216.239.32.10 \ ns3.google.com.,IN,A,157801,216.239.36.10 \ ns4.google.com.,IN,A,157801,216.239.38.10 -[289] 2016-10-20 15:24:19.468895 [#27 dns.pcap-dist 4095] \ +[289] 2016-10-20 15:24:19.468895 [#27 dns.pcap 4095] \ [8.8.8.8].53 [172.17.0.10].60457 \ dns QUERY,NOERROR,25543,qr|rd|ra \ 1 206.218.58.216.in-addr.arpa.,IN,PTR \ @@ -373,7 +373,7 @@ ns3.google.com.,IN,A,157801,216.239.36.10 \ ns4.google.com.,IN,A,157801,216.239.38.10 \ ns2.google.com.,IN,A,157801,216.239.34.10 -[208] 2016-10-20 15:24:20.476841 [#28 dns.pcap-dist 4095] \ +[208] 2016-10-20 15:24:20.476841 [#28 dns.pcap 4095] \ [8.8.8.8].53 [172.17.0.10].59762 \ dns QUERY,NOERROR,20736,qr|rd|ra \ 1 google.com.,IN,A \ @@ -386,7 +386,7 @@ ns1.google.com.,IN,A,331802,216.239.32.10 \ ns3.google.com.,IN,A,157800,216.239.36.10 \ ns4.google.com.,IN,A,157800,216.239.38.10 -[289] 2016-10-20 15:24:20.483927 [#29 dns.pcap-dist 4095] \ +[289] 2016-10-20 15:24:20.483927 [#29 dns.pcap 4095] \ [8.8.8.8].53 [172.17.0.10].56022 \ dns QUERY,NOERROR,25911,qr|rd|ra \ 1 206.218.58.216.in-addr.arpa.,IN,PTR \ @@ -400,7 +400,7 @@ ns3.google.com.,IN,A,157800,216.239.36.10 \ ns4.google.com.,IN,A,157800,216.239.38.10 \ ns2.google.com.,IN,A,157800,216.239.34.10 -[208] 2016-10-20 15:24:21.490573 [#30 dns.pcap-dist 4095] \ +[208] 2016-10-20 15:24:21.490573 [#30 dns.pcap 4095] \ [8.8.8.8].53 [172.17.0.10].37669 \ dns QUERY,NOERROR,64358,qr|rd|ra \ 1 google.com.,IN,A \ @@ -413,7 +413,7 @@ ns1.google.com.,IN,A,331801,216.239.32.10 \ ns3.google.com.,IN,A,157799,216.239.36.10 \ ns4.google.com.,IN,A,157799,216.239.38.10 -[289] 2016-10-20 15:24:21.496815 [#31 dns.pcap-dist 4095] \ +[289] 2016-10-20 15:24:21.496815 [#31 dns.pcap 4095] \ [8.8.8.8].53 [172.17.0.10].42978 \ dns QUERY,NOERROR,37698,qr|rd|ra \ 1 206.218.58.216.in-addr.arpa.,IN,PTR \ @@ -427,7 +427,7 @@ ns3.google.com.,IN,A,157799,216.239.36.10 \ ns4.google.com.,IN,A,157799,216.239.38.10 \ ns2.google.com.,IN,A,157799,216.239.34.10 -[208] 2016-10-20 15:24:22.504738 [#32 dns.pcap-dist 4095] \ +[208] 2016-10-20 15:24:22.504738 [#32 dns.pcap 4095] \ [8.8.8.8].53 [172.17.0.10].49829 \ dns QUERY,NOERROR,54706,qr|rd|ra \ 1 google.com.,IN,A \ @@ -440,7 +440,7 @@ ns1.google.com.,IN,A,331800,216.239.32.10 \ ns3.google.com.,IN,A,157798,216.239.36.10 \ ns4.google.com.,IN,A,157798,216.239.38.10 -[289] 2016-10-20 15:24:22.511746 [#33 dns.pcap-dist 4095] \ +[289] 2016-10-20 15:24:22.511746 [#33 dns.pcap 4095] \ [8.8.8.8].53 [172.17.0.10].50599 \ dns QUERY,NOERROR,32142,qr|rd|ra \ 1 206.218.58.216.in-addr.arpa.,IN,PTR \ @@ -454,7 +454,7 @@ ns3.google.com.,IN,A,157798,216.239.36.10 \ ns4.google.com.,IN,A,157798,216.239.38.10 \ ns2.google.com.,IN,A,157798,216.239.34.10 -[208] 2016-10-20 15:24:23.521976 [#34 dns.pcap-dist 4095] \ +[208] 2016-10-20 15:24:23.521976 [#34 dns.pcap 4095] \ [8.8.8.8].53 [172.17.0.10].44980 \ dns QUERY,NOERROR,41808,qr|rd|ra \ 1 google.com.,IN,A \ @@ -467,7 +467,7 @@ ns1.google.com.,IN,A,331799,216.239.32.10 \ ns3.google.com.,IN,A,157797,216.239.36.10 \ ns4.google.com.,IN,A,157797,216.239.38.10 -[289] 2016-10-20 15:24:23.529385 [#35 dns.pcap-dist 4095] \ +[289] 2016-10-20 15:24:23.529385 [#35 dns.pcap 4095] \ [8.8.8.8].53 [172.17.0.10].60063 \ dns QUERY,NOERROR,18886,qr|rd|ra \ 1 206.218.58.216.in-addr.arpa.,IN,PTR \ @@ -481,7 +481,7 @@ ns3.google.com.,IN,A,157797,216.239.36.10 \ ns4.google.com.,IN,A,157797,216.239.38.10 \ ns2.google.com.,IN,A,157797,216.239.34.10 -[208] 2016-10-20 15:24:24.539398 [#36 dns.pcap-dist 4095] \ +[208] 2016-10-20 15:24:24.539398 [#36 dns.pcap 4095] \ [8.8.8.8].53 [172.17.0.10].42042 \ dns QUERY,NOERROR,10624,qr|rd|ra \ 1 google.com.,IN,A \ @@ -494,7 +494,7 @@ ns1.google.com.,IN,A,331798,216.239.32.10 \ ns3.google.com.,IN,A,157796,216.239.36.10 \ ns4.google.com.,IN,A,157796,216.239.38.10 -[289] 2016-10-20 15:24:24.546172 [#37 dns.pcap-dist 4095] \ +[289] 2016-10-20 15:24:24.546172 [#37 dns.pcap 4095] \ [8.8.8.8].53 [172.17.0.10].60469 \ dns QUERY,NOERROR,33139,qr|rd|ra \ 1 206.218.58.216.in-addr.arpa.,IN,PTR \ @@ -508,7 +508,7 @@ ns3.google.com.,IN,A,157796,216.239.36.10 \ ns4.google.com.,IN,A,157796,216.239.38.10 \ ns2.google.com.,IN,A,157796,216.239.34.10 -[208] 2016-10-20 15:24:25.556513 [#38 dns.pcap-dist 4095] \ +[208] 2016-10-20 15:24:25.556513 [#38 dns.pcap 4095] \ [8.8.8.8].53 [172.17.0.10].45703 \ dns QUERY,NOERROR,61415,qr|rd|ra \ 1 google.com.,IN,A \ @@ -521,7 +521,7 @@ ns1.google.com.,IN,A,331797,216.239.32.10 \ ns3.google.com.,IN,A,157795,216.239.36.10 \ ns4.google.com.,IN,A,157795,216.239.38.10 -[289] 2016-10-20 15:24:25.564509 [#39 dns.pcap-dist 4095] \ +[289] 2016-10-20 15:24:25.564509 [#39 dns.pcap 4095] \ [8.8.8.8].53 [172.17.0.10].33507 \ dns QUERY,NOERROR,59258,qr|rd|ra \ 1 206.218.58.216.in-addr.arpa.,IN,PTR \ @@ -535,7 +535,7 @@ ns3.google.com.,IN,A,157795,216.239.36.10 \ ns4.google.com.,IN,A,157795,216.239.38.10 \ ns2.google.com.,IN,A,157795,216.239.34.10 -[208] 2016-10-20 15:24:26.574350 [#40 dns.pcap-dist 4095] \ +[208] 2016-10-20 15:24:26.574350 [#40 dns.pcap 4095] \ [8.8.8.8].53 [172.17.0.10].46798 \ dns QUERY,NOERROR,17700,qr|rd|ra \ 1 google.com.,IN,A \ @@ -548,167 +548,167 @@ ns1.google.com.,IN,A,331796,216.239.32.10 \ ns3.google.com.,IN,A,157794,216.239.36.10 \ ns4.google.com.,IN,A,157794,216.239.38.10 -[56] 2016-10-20 15:23:01.075993 [#0 dns.pcap-dist 4095] \ +[56] 2016-10-20 15:23:01.075993 [#0 dns.pcap 4095] \ [172.17.0.10].53199 [8.8.8.8].53 \ dns QUERY,NOERROR,59311,rd \ 1 google.com.,IN,A 0 0 0 -[73] 2016-10-20 15:23:01.082865 [#1 dns.pcap-dist 4095] \ +[73] 2016-10-20 15:23:01.082865 [#1 dns.pcap 4095] \ [172.17.0.10].57822 [8.8.8.8].53 \ dns QUERY,NOERROR,35665,rd \ 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 -[56] 2016-10-20 15:23:01.087291 [#2 dns.pcap-dist 4095] \ +[56] 2016-10-20 15:23:01.087291 [#2 dns.pcap 4095] \ [172.17.0.10].40043 [8.8.8.8].53 \ dns QUERY,NOERROR,5337,rd \ 1 google.com.,IN,A 0 0 0 -[56] 2016-10-20 15:23:10.322117 [#3 dns.pcap-dist 4095] \ +[56] 2016-10-20 15:23:10.322117 [#3 dns.pcap 4095] \ [172.17.0.10].37953 [8.8.8.8].53 \ dns QUERY,NOERROR,22982,rd \ 1 google.com.,IN,A 0 0 0 -[73] 2016-10-20 15:23:10.328324 [#4 dns.pcap-dist 4095] \ +[73] 2016-10-20 15:23:10.328324 [#4 dns.pcap 4095] \ [172.17.0.10].48658 [8.8.8.8].53 \ dns QUERY,NOERROR,18718,rd \ 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 -[56] 2016-10-20 15:23:52.860937 [#5 dns.pcap-dist 4095] \ +[56] 2016-10-20 15:23:52.860937 [#5 dns.pcap 4095] \ [172.17.0.10].40953 [8.8.8.8].53 \ dns QUERY,NOERROR,22531,rd \ 1 google.com.,IN,A 0 0 0 -[56] 2016-10-20 15:23:59.083869 [#6 dns.pcap-dist 4095] \ +[56] 2016-10-20 15:23:59.083869 [#6 dns.pcap 4095] \ [172.17.0.10].45174 [8.8.8.8].53 \ dns QUERY,NOERROR,58510,rd \ 1 google.com.,IN,A 0 0 0 -[73] 2016-10-20 15:23:59.090911 [#7 dns.pcap-dist 4095] \ +[73] 2016-10-20 15:23:59.090911 [#7 dns.pcap 4095] \ [172.17.0.10].33916 [8.8.8.8].53 \ dns QUERY,NOERROR,45248,rd \ 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 -[56] 2016-10-20 15:24:04.323868 [#8 dns.pcap-dist 4095] \ +[56] 2016-10-20 15:24:04.323868 [#8 dns.pcap 4095] \ [172.17.0.10].43559 [8.8.8.8].53 \ dns QUERY,NOERROR,49483,rd \ 1 google.com.,IN,A 0 0 0 -[56] 2016-10-20 15:24:06.332239 [#9 dns.pcap-dist 4095] \ +[56] 2016-10-20 15:24:06.332239 [#9 dns.pcap 4095] \ [172.17.0.10].54859 [8.8.8.8].53 \ dns QUERY,NOERROR,31669,rd \ 1 google.com.,IN,A 0 0 0 -[73] 2016-10-20 15:24:06.339145 [#10 dns.pcap-dist 4095] \ +[73] 2016-10-20 15:24:06.339145 [#10 dns.pcap 4095] \ [172.17.0.10].58176 [8.8.8.8].53 \ dns QUERY,NOERROR,25433,rd \ 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 -[56] 2016-10-20 15:24:07.346429 [#11 dns.pcap-dist 4095] \ +[56] 2016-10-20 15:24:07.346429 [#11 dns.pcap 4095] \ [172.17.0.10].41266 [8.8.8.8].53 \ dns QUERY,NOERROR,63798,rd \ 1 google.com.,IN,A 0 0 0 -[73] 2016-10-20 15:24:07.353123 [#12 dns.pcap-dist 4095] \ +[73] 2016-10-20 15:24:07.353123 [#12 dns.pcap 4095] \ [172.17.0.10].34607 [8.8.8.8].53 \ dns QUERY,NOERROR,8470,rd \ 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 -[56] 2016-10-20 15:24:08.360528 [#13 dns.pcap-dist 4095] \ +[56] 2016-10-20 15:24:08.360528 [#13 dns.pcap 4095] \ [172.17.0.10].60437 [8.8.8.8].53 \ dns QUERY,NOERROR,60258,rd \ 1 google.com.,IN,A 0 0 0 -[73] 2016-10-20 15:24:08.368516 [#14 dns.pcap-dist 4095] \ +[73] 2016-10-20 15:24:08.368516 [#14 dns.pcap 4095] \ [172.17.0.10].37149 [8.8.8.8].53 \ dns QUERY,NOERROR,44985,rd \ 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 -[56] 2016-10-20 15:24:09.375942 [#15 dns.pcap-dist 4095] \ +[56] 2016-10-20 15:24:09.375942 [#15 dns.pcap 4095] \ [172.17.0.10].53820 [8.8.8.8].53 \ dns QUERY,NOERROR,45512,rd \ 1 google.com.,IN,A 0 0 0 -[73] 2016-10-20 15:24:09.384057 [#16 dns.pcap-dist 4095] \ +[73] 2016-10-20 15:24:09.384057 [#16 dns.pcap 4095] \ [172.17.0.10].52368 [8.8.8.8].53 \ dns QUERY,NOERROR,22980,rd \ 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 -[56] 2016-10-20 15:24:10.391358 [#17 dns.pcap-dist 4095] \ +[56] 2016-10-20 15:24:10.391358 [#17 dns.pcap 4095] \ [172.17.0.10].47637 [8.8.8.8].53 \ dns QUERY,NOERROR,1834,rd \ 1 google.com.,IN,A 0 0 0 -[73] 2016-10-20 15:24:10.398099 [#18 dns.pcap-dist 4095] \ +[73] 2016-10-20 15:24:10.398099 [#18 dns.pcap 4095] \ [172.17.0.10].34426 [8.8.8.8].53 \ dns QUERY,NOERROR,25431,rd \ 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 -[56] 2016-10-20 15:24:11.406297 [#19 dns.pcap-dist 4095] \ +[56] 2016-10-20 15:24:11.406297 [#19 dns.pcap 4095] \ [172.17.0.10].41059 [8.8.8.8].53 \ dns QUERY,NOERROR,48432,rd \ 1 google.com.,IN,A 0 0 0 -[73] 2016-10-20 15:24:11.412133 [#20 dns.pcap-dist 4095] \ +[73] 2016-10-20 15:24:11.412133 [#20 dns.pcap 4095] \ [172.17.0.10].51181 [8.8.8.8].53 \ dns QUERY,NOERROR,47411,rd \ 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 -[56] 2016-10-20 15:24:12.419936 [#21 dns.pcap-dist 4095] \ +[56] 2016-10-20 15:24:12.419936 [#21 dns.pcap 4095] \ [172.17.0.10].32976 [8.8.8.8].53 \ dns QUERY,NOERROR,12038,rd \ 1 google.com.,IN,A 0 0 0 -[56] 2016-10-20 15:24:14.428524 [#22 dns.pcap-dist 4095] \ +[56] 2016-10-20 15:24:14.428524 [#22 dns.pcap 4095] \ [172.17.0.10].53467 [8.8.8.8].53 \ dns QUERY,NOERROR,11614,rd \ 1 google.com.,IN,A 0 0 0 -[56] 2016-10-20 15:24:16.435733 [#23 dns.pcap-dist 4095] \ +[56] 2016-10-20 15:24:16.435733 [#23 dns.pcap 4095] \ [172.17.0.10].41532 [8.8.8.8].53 \ dns QUERY,NOERROR,59173,rd \ 1 google.com.,IN,A 0 0 0 -[56] 2016-10-20 15:24:18.445519 [#24 dns.pcap-dist 4095] \ +[56] 2016-10-20 15:24:18.445519 [#24 dns.pcap 4095] \ [172.17.0.10].44982 [8.8.8.8].53 \ dns QUERY,NOERROR,45535,rd \ 1 google.com.,IN,A 0 0 0 -[73] 2016-10-20 15:24:18.452451 [#25 dns.pcap-dist 4095] \ +[73] 2016-10-20 15:24:18.452451 [#25 dns.pcap 4095] \ [172.17.0.10].40224 [8.8.8.8].53 \ dns QUERY,NOERROR,60808,rd \ 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 -[56] 2016-10-20 15:24:19.460087 [#26 dns.pcap-dist 4095] \ +[56] 2016-10-20 15:24:19.460087 [#26 dns.pcap 4095] \ [172.17.0.10].45658 [8.8.8.8].53 \ dns QUERY,NOERROR,64325,rd \ 1 google.com.,IN,A 0 0 0 -[73] 2016-10-20 15:24:19.467324 [#27 dns.pcap-dist 4095] \ +[73] 2016-10-20 15:24:19.467324 [#27 dns.pcap 4095] \ [172.17.0.10].60457 [8.8.8.8].53 \ dns QUERY,NOERROR,25543,rd \ 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 -[56] 2016-10-20 15:24:20.475086 [#28 dns.pcap-dist 4095] \ +[56] 2016-10-20 15:24:20.475086 [#28 dns.pcap 4095] \ [172.17.0.10].59762 [8.8.8.8].53 \ dns QUERY,NOERROR,20736,rd \ 1 google.com.,IN,A 0 0 0 -[73] 2016-10-20 15:24:20.482188 [#29 dns.pcap-dist 4095] \ +[73] 2016-10-20 15:24:20.482188 [#29 dns.pcap 4095] \ [172.17.0.10].56022 [8.8.8.8].53 \ dns QUERY,NOERROR,25911,rd \ 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 -[56] 2016-10-20 15:24:21.489468 [#30 dns.pcap-dist 4095] \ +[56] 2016-10-20 15:24:21.489468 [#30 dns.pcap 4095] \ [172.17.0.10].37669 [8.8.8.8].53 \ dns QUERY,NOERROR,64358,rd \ 1 google.com.,IN,A 0 0 0 -[73] 2016-10-20 15:24:21.495324 [#31 dns.pcap-dist 4095] \ +[73] 2016-10-20 15:24:21.495324 [#31 dns.pcap 4095] \ [172.17.0.10].42978 [8.8.8.8].53 \ dns QUERY,NOERROR,37698,rd \ 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 -[56] 2016-10-20 15:24:22.502667 [#32 dns.pcap-dist 4095] \ +[56] 2016-10-20 15:24:22.502667 [#32 dns.pcap 4095] \ [172.17.0.10].49829 [8.8.8.8].53 \ dns QUERY,NOERROR,54706,rd \ 1 google.com.,IN,A 0 0 0 -[73] 2016-10-20 15:24:22.510176 [#33 dns.pcap-dist 4095] \ +[73] 2016-10-20 15:24:22.510176 [#33 dns.pcap 4095] \ [172.17.0.10].50599 [8.8.8.8].53 \ dns QUERY,NOERROR,32142,rd \ 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 -[56] 2016-10-20 15:24:23.520203 [#34 dns.pcap-dist 4095] \ +[56] 2016-10-20 15:24:23.520203 [#34 dns.pcap 4095] \ [172.17.0.10].44980 [8.8.8.8].53 \ dns QUERY,NOERROR,41808,rd \ 1 google.com.,IN,A 0 0 0 -[73] 2016-10-20 15:24:23.527449 [#35 dns.pcap-dist 4095] \ +[73] 2016-10-20 15:24:23.527449 [#35 dns.pcap 4095] \ [172.17.0.10].60063 [8.8.8.8].53 \ dns QUERY,NOERROR,18886,rd \ 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 -[56] 2016-10-20 15:24:24.537264 [#36 dns.pcap-dist 4095] \ +[56] 2016-10-20 15:24:24.537264 [#36 dns.pcap 4095] \ [172.17.0.10].42042 [8.8.8.8].53 \ dns QUERY,NOERROR,10624,rd \ 1 google.com.,IN,A 0 0 0 -[73] 2016-10-20 15:24:24.544538 [#37 dns.pcap-dist 4095] \ +[73] 2016-10-20 15:24:24.544538 [#37 dns.pcap 4095] \ [172.17.0.10].60469 [8.8.8.8].53 \ dns QUERY,NOERROR,33139,rd \ 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 -[56] 2016-10-20 15:24:25.554744 [#38 dns.pcap-dist 4095] \ +[56] 2016-10-20 15:24:25.554744 [#38 dns.pcap 4095] \ [172.17.0.10].45703 [8.8.8.8].53 \ dns QUERY,NOERROR,61415,rd \ 1 google.com.,IN,A 0 0 0 -[73] 2016-10-20 15:24:25.562608 [#39 dns.pcap-dist 4095] \ +[73] 2016-10-20 15:24:25.562608 [#39 dns.pcap 4095] \ [172.17.0.10].33507 [8.8.8.8].53 \ dns QUERY,NOERROR,59258,rd \ 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 -[56] 2016-10-20 15:24:26.572784 [#40 dns.pcap-dist 4095] \ +[56] 2016-10-20 15:24:26.572784 [#40 dns.pcap 4095] \ [172.17.0.10].46798 [8.8.8.8].53 \ dns QUERY,NOERROR,17700,rd \ 1 google.com.,IN,A 0 0 0 diff --git a/src/test/test_regex_match.sh b/src/test/test_regex_match.sh index 184ca7b8..3159b8cf 100755 --- a/src/test/test_regex_match.sh +++ b/src/test/test_regex_match.sh @@ -1,8 +1,8 @@ #!/bin/sh -xe -../dnscap -g -r dns.pcap-dist -x 'ns1' 2>test_regex_match.out -../dnscap -g -r dns.pcap-dist -X 'ns1' 2>>test_regex_match.out -../dnscap -g -r dns.pcap-dist -x 'ns1' -X 'ns1' 2>>test_regex_match.out +../dnscap -g -r dns.pcap -x 'ns1' 2>test_regex_match.out +../dnscap -g -r dns.pcap -X 'ns1' 2>>test_regex_match.out +../dnscap -g -r dns.pcap -x 'ns1' -X 'ns1' 2>>test_regex_match.out mv test_regex_match.out test_regex_match.out.old grep -v "^libgcov profiling error:" test_regex_match.out.old > test_regex_match.out diff --git a/src/test/vlan11.gold b/src/test/vlan11.gold index 92f8d398..29991d4d 100644 --- a/src/test/vlan11.gold +++ b/src/test/vlan11.gold @@ -1,8 +1,8 @@ -[56] 2016-10-20 15:23:01.075993 [#0 vlan11.pcap-dist (vlan 11) 11] \ +[56] 2016-10-20 15:23:01.075993 [#0 vlan11.pcap (vlan 11) 11] \ [172.17.0.10].53199 [8.8.8.8].53 \ dns QUERY,NOERROR,59311,rd \ 1 google.com.,IN,A 0 0 0 -[208] 2016-10-20 15:23:01.077982 [#1 vlan11.pcap-dist (vlan 11) 11] \ +[208] 2016-10-20 15:23:01.077982 [#1 vlan11.pcap (vlan 11) 11] \ [8.8.8.8].53 [172.17.0.10].53199 \ dns QUERY,NOERROR,59311,qr|rd|ra \ 1 google.com.,IN,A \ @@ -15,11 +15,11 @@ ns1.google.com.,IN,A,331882,216.239.32.10 \ ns3.google.com.,IN,A,157880,216.239.36.10 \ ns4.google.com.,IN,A,157880,216.239.38.10 -[73] 2016-10-20 15:23:01.082865 [#2 vlan11.pcap-dist (vlan 11) 11] \ +[73] 2016-10-20 15:23:01.082865 [#2 vlan11.pcap (vlan 11) 11] \ [172.17.0.10].57822 [8.8.8.8].53 \ dns QUERY,NOERROR,35665,rd \ 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 -[289] 2016-10-20 15:23:01.084107 [#3 vlan11.pcap-dist (vlan 11) 11] \ +[289] 2016-10-20 15:23:01.084107 [#3 vlan11.pcap (vlan 11) 11] \ [8.8.8.8].53 [172.17.0.10].57822 \ dns QUERY,NOERROR,35665,qr|rd|ra \ 1 206.218.58.216.in-addr.arpa.,IN,PTR \ @@ -33,11 +33,11 @@ ns3.google.com.,IN,A,157880,216.239.36.10 \ ns4.google.com.,IN,A,157880,216.239.38.10 \ ns2.google.com.,IN,A,157880,216.239.34.10 -[56] 2016-10-20 15:23:01.087291 [#4 vlan11.pcap-dist (vlan 11) 11] \ +[56] 2016-10-20 15:23:01.087291 [#4 vlan11.pcap (vlan 11) 11] \ [172.17.0.10].40043 [8.8.8.8].53 \ dns QUERY,NOERROR,5337,rd \ 1 google.com.,IN,A 0 0 0 -[208] 2016-10-20 15:23:01.088733 [#5 vlan11.pcap-dist (vlan 11) 11] \ +[208] 2016-10-20 15:23:01.088733 [#5 vlan11.pcap (vlan 11) 11] \ [8.8.8.8].53 [172.17.0.10].40043 \ dns QUERY,NOERROR,5337,qr|rd|ra \ 1 google.com.,IN,A \ @@ -50,11 +50,11 @@ ns1.google.com.,IN,A,331882,216.239.32.10 \ ns3.google.com.,IN,A,157880,216.239.36.10 \ ns4.google.com.,IN,A,157880,216.239.38.10 -[56] 2016-10-20 15:23:10.322117 [#6 vlan11.pcap-dist (vlan 11) 11] \ +[56] 2016-10-20 15:23:10.322117 [#6 vlan11.pcap (vlan 11) 11] \ [172.17.0.10].37953 [8.8.8.8].53 \ dns QUERY,NOERROR,22982,rd \ 1 google.com.,IN,A 0 0 0 -[208] 2016-10-20 15:23:10.323399 [#7 vlan11.pcap-dist (vlan 11) 11] \ +[208] 2016-10-20 15:23:10.323399 [#7 vlan11.pcap (vlan 11) 11] \ [8.8.8.8].53 [172.17.0.10].37953 \ dns QUERY,NOERROR,22982,qr|rd|ra \ 1 google.com.,IN,A \ @@ -67,11 +67,11 @@ ns1.google.com.,IN,A,331872,216.239.32.10 \ ns3.google.com.,IN,A,157870,216.239.36.10 \ ns4.google.com.,IN,A,157870,216.239.38.10 -[73] 2016-10-20 15:23:10.328324 [#8 vlan11.pcap-dist (vlan 11) 11] \ +[73] 2016-10-20 15:23:10.328324 [#8 vlan11.pcap (vlan 11) 11] \ [172.17.0.10].48658 [8.8.8.8].53 \ dns QUERY,NOERROR,18718,rd \ 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 -[289] 2016-10-20 15:23:10.329572 [#9 vlan11.pcap-dist (vlan 11) 11] \ +[289] 2016-10-20 15:23:10.329572 [#9 vlan11.pcap (vlan 11) 11] \ [8.8.8.8].53 [172.17.0.10].48658 \ dns QUERY,NOERROR,18718,qr|rd|ra \ 1 206.218.58.216.in-addr.arpa.,IN,PTR \ @@ -85,11 +85,11 @@ ns3.google.com.,IN,A,157870,216.239.36.10 \ ns4.google.com.,IN,A,157870,216.239.38.10 \ ns2.google.com.,IN,A,157870,216.239.34.10 -[56] 2016-10-20 15:23:52.860937 [#10 vlan11.pcap-dist (vlan 11) 11] \ +[56] 2016-10-20 15:23:52.860937 [#10 vlan11.pcap (vlan 11) 11] \ [172.17.0.10].40953 [8.8.8.8].53 \ dns QUERY,NOERROR,22531,rd \ 1 google.com.,IN,A 0 0 0 -[208] 2016-10-20 15:23:52.863771 [#11 vlan11.pcap-dist (vlan 11) 11] \ +[208] 2016-10-20 15:23:52.863771 [#11 vlan11.pcap (vlan 11) 11] \ [8.8.8.8].53 [172.17.0.10].40953 \ dns QUERY,NOERROR,22531,qr|rd|ra \ 1 google.com.,IN,A \ @@ -102,11 +102,11 @@ ns1.google.com.,IN,A,331830,216.239.32.10 \ ns3.google.com.,IN,A,157828,216.239.36.10 \ ns4.google.com.,IN,A,157828,216.239.38.10 -[56] 2016-10-20 15:23:59.083869 [#12 vlan11.pcap-dist (vlan 11) 11] \ +[56] 2016-10-20 15:23:59.083869 [#12 vlan11.pcap (vlan 11) 11] \ [172.17.0.10].45174 [8.8.8.8].53 \ dns QUERY,NOERROR,58510,rd \ 1 google.com.,IN,A 0 0 0 -[208] 2016-10-20 15:23:59.086104 [#13 vlan11.pcap-dist (vlan 11) 11] \ +[208] 2016-10-20 15:23:59.086104 [#13 vlan11.pcap (vlan 11) 11] \ [8.8.8.8].53 [172.17.0.10].45174 \ dns QUERY,NOERROR,58510,qr|rd|ra \ 1 google.com.,IN,A \ @@ -119,11 +119,11 @@ ns1.google.com.,IN,A,331824,216.239.32.10 \ ns3.google.com.,IN,A,157822,216.239.36.10 \ ns4.google.com.,IN,A,157822,216.239.38.10 -[73] 2016-10-20 15:23:59.090911 [#14 vlan11.pcap-dist (vlan 11) 11] \ +[73] 2016-10-20 15:23:59.090911 [#14 vlan11.pcap (vlan 11) 11] \ [172.17.0.10].33916 [8.8.8.8].53 \ dns QUERY,NOERROR,45248,rd \ 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 -[289] 2016-10-20 15:23:59.092204 [#15 vlan11.pcap-dist (vlan 11) 11] \ +[289] 2016-10-20 15:23:59.092204 [#15 vlan11.pcap (vlan 11) 11] \ [8.8.8.8].53 [172.17.0.10].33916 \ dns QUERY,NOERROR,45248,qr|rd|ra \ 1 206.218.58.216.in-addr.arpa.,IN,PTR \ @@ -137,11 +137,11 @@ ns3.google.com.,IN,A,157822,216.239.36.10 \ ns4.google.com.,IN,A,157822,216.239.38.10 \ ns2.google.com.,IN,A,157822,216.239.34.10 -[56] 2016-10-20 15:24:04.323868 [#16 vlan11.pcap-dist (vlan 11) 11] \ +[56] 2016-10-20 15:24:04.323868 [#16 vlan11.pcap (vlan 11) 11] \ [172.17.0.10].43559 [8.8.8.8].53 \ dns QUERY,NOERROR,49483,rd \ 1 google.com.,IN,A 0 0 0 -[208] 2016-10-20 15:24:04.325597 [#17 vlan11.pcap-dist (vlan 11) 11] \ +[208] 2016-10-20 15:24:04.325597 [#17 vlan11.pcap (vlan 11) 11] \ [8.8.8.8].53 [172.17.0.10].43559 \ dns QUERY,NOERROR,49483,qr|rd|ra \ 1 google.com.,IN,A \ @@ -154,11 +154,11 @@ ns1.google.com.,IN,A,331818,216.239.32.10 \ ns3.google.com.,IN,A,157816,216.239.36.10 \ ns4.google.com.,IN,A,157816,216.239.38.10 -[56] 2016-10-20 15:24:06.332239 [#18 vlan11.pcap-dist (vlan 11) 11] \ +[56] 2016-10-20 15:24:06.332239 [#18 vlan11.pcap (vlan 11) 11] \ [172.17.0.10].54859 [8.8.8.8].53 \ dns QUERY,NOERROR,31669,rd \ 1 google.com.,IN,A 0 0 0 -[208] 2016-10-20 15:24:06.333743 [#19 vlan11.pcap-dist (vlan 11) 11] \ +[208] 2016-10-20 15:24:06.333743 [#19 vlan11.pcap (vlan 11) 11] \ [8.8.8.8].53 [172.17.0.10].54859 \ dns QUERY,NOERROR,31669,qr|rd|ra \ 1 google.com.,IN,A \ @@ -171,11 +171,11 @@ ns1.google.com.,IN,A,331816,216.239.32.10 \ ns3.google.com.,IN,A,157814,216.239.36.10 \ ns4.google.com.,IN,A,157814,216.239.38.10 -[73] 2016-10-20 15:24:06.339145 [#20 vlan11.pcap-dist (vlan 11) 11] \ +[73] 2016-10-20 15:24:06.339145 [#20 vlan11.pcap (vlan 11) 11] \ [172.17.0.10].58176 [8.8.8.8].53 \ dns QUERY,NOERROR,25433,rd \ 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 -[289] 2016-10-20 15:24:06.340820 [#21 vlan11.pcap-dist (vlan 11) 11] \ +[289] 2016-10-20 15:24:06.340820 [#21 vlan11.pcap (vlan 11) 11] \ [8.8.8.8].53 [172.17.0.10].58176 \ dns QUERY,NOERROR,25433,qr|rd|ra \ 1 206.218.58.216.in-addr.arpa.,IN,PTR \ @@ -189,11 +189,11 @@ ns3.google.com.,IN,A,157814,216.239.36.10 \ ns4.google.com.,IN,A,157814,216.239.38.10 \ ns2.google.com.,IN,A,157814,216.239.34.10 -[56] 2016-10-20 15:24:07.346429 [#22 vlan11.pcap-dist (vlan 11) 11] \ +[56] 2016-10-20 15:24:07.346429 [#22 vlan11.pcap (vlan 11) 11] \ [172.17.0.10].41266 [8.8.8.8].53 \ dns QUERY,NOERROR,63798,rd \ 1 google.com.,IN,A 0 0 0 -[208] 2016-10-20 15:24:07.348160 [#23 vlan11.pcap-dist (vlan 11) 11] \ +[208] 2016-10-20 15:24:07.348160 [#23 vlan11.pcap (vlan 11) 11] \ [8.8.8.8].53 [172.17.0.10].41266 \ dns QUERY,NOERROR,63798,qr|rd|ra \ 1 google.com.,IN,A \ @@ -206,11 +206,11 @@ ns1.google.com.,IN,A,331815,216.239.32.10 \ ns3.google.com.,IN,A,157813,216.239.36.10 \ ns4.google.com.,IN,A,157813,216.239.38.10 -[73] 2016-10-20 15:24:07.353123 [#24 vlan11.pcap-dist (vlan 11) 11] \ +[73] 2016-10-20 15:24:07.353123 [#24 vlan11.pcap (vlan 11) 11] \ [172.17.0.10].34607 [8.8.8.8].53 \ dns QUERY,NOERROR,8470,rd \ 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 -[289] 2016-10-20 15:24:07.354682 [#25 vlan11.pcap-dist (vlan 11) 11] \ +[289] 2016-10-20 15:24:07.354682 [#25 vlan11.pcap (vlan 11) 11] \ [8.8.8.8].53 [172.17.0.10].34607 \ dns QUERY,NOERROR,8470,qr|rd|ra \ 1 206.218.58.216.in-addr.arpa.,IN,PTR \ @@ -224,11 +224,11 @@ ns3.google.com.,IN,A,157813,216.239.36.10 \ ns4.google.com.,IN,A,157813,216.239.38.10 \ ns2.google.com.,IN,A,157813,216.239.34.10 -[56] 2016-10-20 15:24:08.360528 [#26 vlan11.pcap-dist (vlan 11) 11] \ +[56] 2016-10-20 15:24:08.360528 [#26 vlan11.pcap (vlan 11) 11] \ [172.17.0.10].60437 [8.8.8.8].53 \ dns QUERY,NOERROR,60258,rd \ 1 google.com.,IN,A 0 0 0 -[208] 2016-10-20 15:24:08.362206 [#27 vlan11.pcap-dist (vlan 11) 11] \ +[208] 2016-10-20 15:24:08.362206 [#27 vlan11.pcap (vlan 11) 11] \ [8.8.8.8].53 [172.17.0.10].60437 \ dns QUERY,NOERROR,60258,qr|rd|ra \ 1 google.com.,IN,A \ @@ -241,11 +241,11 @@ ns1.google.com.,IN,A,331814,216.239.32.10 \ ns3.google.com.,IN,A,157812,216.239.36.10 \ ns4.google.com.,IN,A,157812,216.239.38.10 -[73] 2016-10-20 15:24:08.368516 [#28 vlan11.pcap-dist (vlan 11) 11] \ +[73] 2016-10-20 15:24:08.368516 [#28 vlan11.pcap (vlan 11) 11] \ [172.17.0.10].37149 [8.8.8.8].53 \ dns QUERY,NOERROR,44985,rd \ 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 -[289] 2016-10-20 15:24:08.370119 [#29 vlan11.pcap-dist (vlan 11) 11] \ +[289] 2016-10-20 15:24:08.370119 [#29 vlan11.pcap (vlan 11) 11] \ [8.8.8.8].53 [172.17.0.10].37149 \ dns QUERY,NOERROR,44985,qr|rd|ra \ 1 206.218.58.216.in-addr.arpa.,IN,PTR \ @@ -259,11 +259,11 @@ ns3.google.com.,IN,A,157812,216.239.36.10 \ ns4.google.com.,IN,A,157812,216.239.38.10 \ ns2.google.com.,IN,A,157812,216.239.34.10 -[56] 2016-10-20 15:24:09.375942 [#30 vlan11.pcap-dist (vlan 11) 11] \ +[56] 2016-10-20 15:24:09.375942 [#30 vlan11.pcap (vlan 11) 11] \ [172.17.0.10].53820 [8.8.8.8].53 \ dns QUERY,NOERROR,45512,rd \ 1 google.com.,IN,A 0 0 0 -[208] 2016-10-20 15:24:09.378425 [#31 vlan11.pcap-dist (vlan 11) 11] \ +[208] 2016-10-20 15:24:09.378425 [#31 vlan11.pcap (vlan 11) 11] \ [8.8.8.8].53 [172.17.0.10].53820 \ dns QUERY,NOERROR,45512,qr|rd|ra \ 1 google.com.,IN,A \ @@ -276,11 +276,11 @@ ns1.google.com.,IN,A,331813,216.239.32.10 \ ns3.google.com.,IN,A,157811,216.239.36.10 \ ns4.google.com.,IN,A,157811,216.239.38.10 -[73] 2016-10-20 15:24:09.384057 [#32 vlan11.pcap-dist (vlan 11) 11] \ +[73] 2016-10-20 15:24:09.384057 [#32 vlan11.pcap (vlan 11) 11] \ [172.17.0.10].52368 [8.8.8.8].53 \ dns QUERY,NOERROR,22980,rd \ 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 -[289] 2016-10-20 15:24:09.385463 [#33 vlan11.pcap-dist (vlan 11) 11] \ +[289] 2016-10-20 15:24:09.385463 [#33 vlan11.pcap (vlan 11) 11] \ [8.8.8.8].53 [172.17.0.10].52368 \ dns QUERY,NOERROR,22980,qr|rd|ra \ 1 206.218.58.216.in-addr.arpa.,IN,PTR \ @@ -294,11 +294,11 @@ ns3.google.com.,IN,A,157811,216.239.36.10 \ ns4.google.com.,IN,A,157811,216.239.38.10 \ ns2.google.com.,IN,A,157811,216.239.34.10 -[56] 2016-10-20 15:24:10.391358 [#34 vlan11.pcap-dist (vlan 11) 11] \ +[56] 2016-10-20 15:24:10.391358 [#34 vlan11.pcap (vlan 11) 11] \ [172.17.0.10].47637 [8.8.8.8].53 \ dns QUERY,NOERROR,1834,rd \ 1 google.com.,IN,A 0 0 0 -[208] 2016-10-20 15:24:10.392886 [#35 vlan11.pcap-dist (vlan 11) 11] \ +[208] 2016-10-20 15:24:10.392886 [#35 vlan11.pcap (vlan 11) 11] \ [8.8.8.8].53 [172.17.0.10].47637 \ dns QUERY,NOERROR,1834,qr|rd|ra \ 1 google.com.,IN,A \ @@ -311,11 +311,11 @@ ns1.google.com.,IN,A,331812,216.239.32.10 \ ns3.google.com.,IN,A,157810,216.239.36.10 \ ns4.google.com.,IN,A,157810,216.239.38.10 -[73] 2016-10-20 15:24:10.398099 [#36 vlan11.pcap-dist (vlan 11) 11] \ +[73] 2016-10-20 15:24:10.398099 [#36 vlan11.pcap (vlan 11) 11] \ [172.17.0.10].34426 [8.8.8.8].53 \ dns QUERY,NOERROR,25431,rd \ 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 -[289] 2016-10-20 15:24:10.400317 [#37 vlan11.pcap-dist (vlan 11) 11] \ +[289] 2016-10-20 15:24:10.400317 [#37 vlan11.pcap (vlan 11) 11] \ [8.8.8.8].53 [172.17.0.10].34426 \ dns QUERY,NOERROR,25431,qr|rd|ra \ 1 206.218.58.216.in-addr.arpa.,IN,PTR \ @@ -329,11 +329,11 @@ ns3.google.com.,IN,A,157810,216.239.36.10 \ ns4.google.com.,IN,A,157810,216.239.38.10 \ ns2.google.com.,IN,A,157810,216.239.34.10 -[56] 2016-10-20 15:24:11.406297 [#38 vlan11.pcap-dist (vlan 11) 11] \ +[56] 2016-10-20 15:24:11.406297 [#38 vlan11.pcap (vlan 11) 11] \ [172.17.0.10].41059 [8.8.8.8].53 \ dns QUERY,NOERROR,48432,rd \ 1 google.com.,IN,A 0 0 0 -[208] 2016-10-20 15:24:11.407460 [#39 vlan11.pcap-dist (vlan 11) 11] \ +[208] 2016-10-20 15:24:11.407460 [#39 vlan11.pcap (vlan 11) 11] \ [8.8.8.8].53 [172.17.0.10].41059 \ dns QUERY,NOERROR,48432,qr|rd|ra \ 1 google.com.,IN,A \ @@ -346,11 +346,11 @@ ns1.google.com.,IN,A,331811,216.239.32.10 \ ns3.google.com.,IN,A,157809,216.239.36.10 \ ns4.google.com.,IN,A,157809,216.239.38.10 -[73] 2016-10-20 15:24:11.412133 [#40 vlan11.pcap-dist (vlan 11) 11] \ +[73] 2016-10-20 15:24:11.412133 [#40 vlan11.pcap (vlan 11) 11] \ [172.17.0.10].51181 [8.8.8.8].53 \ dns QUERY,NOERROR,47411,rd \ 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 -[289] 2016-10-20 15:24:11.413370 [#41 vlan11.pcap-dist (vlan 11) 11] \ +[289] 2016-10-20 15:24:11.413370 [#41 vlan11.pcap (vlan 11) 11] \ [8.8.8.8].53 [172.17.0.10].51181 \ dns QUERY,NOERROR,47411,qr|rd|ra \ 1 206.218.58.216.in-addr.arpa.,IN,PTR \ @@ -364,11 +364,11 @@ ns3.google.com.,IN,A,157809,216.239.36.10 \ ns4.google.com.,IN,A,157809,216.239.38.10 \ ns2.google.com.,IN,A,157809,216.239.34.10 -[56] 2016-10-20 15:24:12.419936 [#42 vlan11.pcap-dist (vlan 11) 11] \ +[56] 2016-10-20 15:24:12.419936 [#42 vlan11.pcap (vlan 11) 11] \ [172.17.0.10].32976 [8.8.8.8].53 \ dns QUERY,NOERROR,12038,rd \ 1 google.com.,IN,A 0 0 0 -[208] 2016-10-20 15:24:12.421228 [#43 vlan11.pcap-dist (vlan 11) 11] \ +[208] 2016-10-20 15:24:12.421228 [#43 vlan11.pcap (vlan 11) 11] \ [8.8.8.8].53 [172.17.0.10].32976 \ dns QUERY,NOERROR,12038,qr|rd|ra \ 1 google.com.,IN,A \ @@ -381,11 +381,11 @@ ns1.google.com.,IN,A,331810,216.239.32.10 \ ns3.google.com.,IN,A,157808,216.239.36.10 \ ns4.google.com.,IN,A,157808,216.239.38.10 -[56] 2016-10-20 15:24:14.428524 [#44 vlan11.pcap-dist (vlan 11) 11] \ +[56] 2016-10-20 15:24:14.428524 [#44 vlan11.pcap (vlan 11) 11] \ [172.17.0.10].53467 [8.8.8.8].53 \ dns QUERY,NOERROR,11614,rd \ 1 google.com.,IN,A 0 0 0 -[208] 2016-10-20 15:24:14.429863 [#45 vlan11.pcap-dist (vlan 11) 11] \ +[208] 2016-10-20 15:24:14.429863 [#45 vlan11.pcap (vlan 11) 11] \ [8.8.8.8].53 [172.17.0.10].53467 \ dns QUERY,NOERROR,11614,qr|rd|ra \ 1 google.com.,IN,A \ @@ -398,11 +398,11 @@ ns1.google.com.,IN,A,331808,216.239.32.10 \ ns3.google.com.,IN,A,157806,216.239.36.10 \ ns4.google.com.,IN,A,157806,216.239.38.10 -[56] 2016-10-20 15:24:16.435733 [#46 vlan11.pcap-dist (vlan 11) 11] \ +[56] 2016-10-20 15:24:16.435733 [#46 vlan11.pcap (vlan 11) 11] \ [172.17.0.10].41532 [8.8.8.8].53 \ dns QUERY,NOERROR,59173,rd \ 1 google.com.,IN,A 0 0 0 -[208] 2016-10-20 15:24:16.437471 [#47 vlan11.pcap-dist (vlan 11) 11] \ +[208] 2016-10-20 15:24:16.437471 [#47 vlan11.pcap (vlan 11) 11] \ [8.8.8.8].53 [172.17.0.10].41532 \ dns QUERY,NOERROR,59173,qr|rd|ra \ 1 google.com.,IN,A \ @@ -415,11 +415,11 @@ ns1.google.com.,IN,A,331806,216.239.32.10 \ ns3.google.com.,IN,A,157804,216.239.36.10 \ ns4.google.com.,IN,A,157804,216.239.38.10 -[56] 2016-10-20 15:24:18.445519 [#48 vlan11.pcap-dist (vlan 11) 11] \ +[56] 2016-10-20 15:24:18.445519 [#48 vlan11.pcap (vlan 11) 11] \ [172.17.0.10].44982 [8.8.8.8].53 \ dns QUERY,NOERROR,45535,rd \ 1 google.com.,IN,A 0 0 0 -[208] 2016-10-20 15:24:18.446775 [#49 vlan11.pcap-dist (vlan 11) 11] \ +[208] 2016-10-20 15:24:18.446775 [#49 vlan11.pcap (vlan 11) 11] \ [8.8.8.8].53 [172.17.0.10].44982 \ dns QUERY,NOERROR,45535,qr|rd|ra \ 1 google.com.,IN,A \ @@ -432,11 +432,11 @@ ns1.google.com.,IN,A,331804,216.239.32.10 \ ns3.google.com.,IN,A,157802,216.239.36.10 \ ns4.google.com.,IN,A,157802,216.239.38.10 -[73] 2016-10-20 15:24:18.452451 [#50 vlan11.pcap-dist (vlan 11) 11] \ +[73] 2016-10-20 15:24:18.452451 [#50 vlan11.pcap (vlan 11) 11] \ [172.17.0.10].40224 [8.8.8.8].53 \ dns QUERY,NOERROR,60808,rd \ 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 -[289] 2016-10-20 15:24:18.454030 [#51 vlan11.pcap-dist (vlan 11) 11] \ +[289] 2016-10-20 15:24:18.454030 [#51 vlan11.pcap (vlan 11) 11] \ [8.8.8.8].53 [172.17.0.10].40224 \ dns QUERY,NOERROR,60808,qr|rd|ra \ 1 206.218.58.216.in-addr.arpa.,IN,PTR \ @@ -450,11 +450,11 @@ ns3.google.com.,IN,A,157802,216.239.36.10 \ ns4.google.com.,IN,A,157802,216.239.38.10 \ ns2.google.com.,IN,A,157802,216.239.34.10 -[56] 2016-10-20 15:24:19.460087 [#52 vlan11.pcap-dist (vlan 11) 11] \ +[56] 2016-10-20 15:24:19.460087 [#52 vlan11.pcap (vlan 11) 11] \ [172.17.0.10].45658 [8.8.8.8].53 \ dns QUERY,NOERROR,64325,rd \ 1 google.com.,IN,A 0 0 0 -[208] 2016-10-20 15:24:19.462224 [#53 vlan11.pcap-dist (vlan 11) 11] \ +[208] 2016-10-20 15:24:19.462224 [#53 vlan11.pcap (vlan 11) 11] \ [8.8.8.8].53 [172.17.0.10].45658 \ dns QUERY,NOERROR,64325,qr|rd|ra \ 1 google.com.,IN,A \ @@ -467,11 +467,11 @@ ns1.google.com.,IN,A,331803,216.239.32.10 \ ns3.google.com.,IN,A,157801,216.239.36.10 \ ns4.google.com.,IN,A,157801,216.239.38.10 -[73] 2016-10-20 15:24:19.467324 [#54 vlan11.pcap-dist (vlan 11) 11] \ +[73] 2016-10-20 15:24:19.467324 [#54 vlan11.pcap (vlan 11) 11] \ [172.17.0.10].60457 [8.8.8.8].53 \ dns QUERY,NOERROR,25543,rd \ 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 -[289] 2016-10-20 15:24:19.468895 [#55 vlan11.pcap-dist (vlan 11) 11] \ +[289] 2016-10-20 15:24:19.468895 [#55 vlan11.pcap (vlan 11) 11] \ [8.8.8.8].53 [172.17.0.10].60457 \ dns QUERY,NOERROR,25543,qr|rd|ra \ 1 206.218.58.216.in-addr.arpa.,IN,PTR \ @@ -485,11 +485,11 @@ ns3.google.com.,IN,A,157801,216.239.36.10 \ ns4.google.com.,IN,A,157801,216.239.38.10 \ ns2.google.com.,IN,A,157801,216.239.34.10 -[56] 2016-10-20 15:24:20.475086 [#56 vlan11.pcap-dist (vlan 11) 11] \ +[56] 2016-10-20 15:24:20.475086 [#56 vlan11.pcap (vlan 11) 11] \ [172.17.0.10].59762 [8.8.8.8].53 \ dns QUERY,NOERROR,20736,rd \ 1 google.com.,IN,A 0 0 0 -[208] 2016-10-20 15:24:20.476841 [#57 vlan11.pcap-dist (vlan 11) 11] \ +[208] 2016-10-20 15:24:20.476841 [#57 vlan11.pcap (vlan 11) 11] \ [8.8.8.8].53 [172.17.0.10].59762 \ dns QUERY,NOERROR,20736,qr|rd|ra \ 1 google.com.,IN,A \ @@ -502,11 +502,11 @@ ns1.google.com.,IN,A,331802,216.239.32.10 \ ns3.google.com.,IN,A,157800,216.239.36.10 \ ns4.google.com.,IN,A,157800,216.239.38.10 -[73] 2016-10-20 15:24:20.482188 [#58 vlan11.pcap-dist (vlan 11) 11] \ +[73] 2016-10-20 15:24:20.482188 [#58 vlan11.pcap (vlan 11) 11] \ [172.17.0.10].56022 [8.8.8.8].53 \ dns QUERY,NOERROR,25911,rd \ 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 -[289] 2016-10-20 15:24:20.483927 [#59 vlan11.pcap-dist (vlan 11) 11] \ +[289] 2016-10-20 15:24:20.483927 [#59 vlan11.pcap (vlan 11) 11] \ [8.8.8.8].53 [172.17.0.10].56022 \ dns QUERY,NOERROR,25911,qr|rd|ra \ 1 206.218.58.216.in-addr.arpa.,IN,PTR \ @@ -520,11 +520,11 @@ ns3.google.com.,IN,A,157800,216.239.36.10 \ ns4.google.com.,IN,A,157800,216.239.38.10 \ ns2.google.com.,IN,A,157800,216.239.34.10 -[56] 2016-10-20 15:24:21.489468 [#60 vlan11.pcap-dist (vlan 11) 11] \ +[56] 2016-10-20 15:24:21.489468 [#60 vlan11.pcap (vlan 11) 11] \ [172.17.0.10].37669 [8.8.8.8].53 \ dns QUERY,NOERROR,64358,rd \ 1 google.com.,IN,A 0 0 0 -[208] 2016-10-20 15:24:21.490573 [#61 vlan11.pcap-dist (vlan 11) 11] \ +[208] 2016-10-20 15:24:21.490573 [#61 vlan11.pcap (vlan 11) 11] \ [8.8.8.8].53 [172.17.0.10].37669 \ dns QUERY,NOERROR,64358,qr|rd|ra \ 1 google.com.,IN,A \ @@ -537,11 +537,11 @@ ns1.google.com.,IN,A,331801,216.239.32.10 \ ns3.google.com.,IN,A,157799,216.239.36.10 \ ns4.google.com.,IN,A,157799,216.239.38.10 -[73] 2016-10-20 15:24:21.495324 [#62 vlan11.pcap-dist (vlan 11) 11] \ +[73] 2016-10-20 15:24:21.495324 [#62 vlan11.pcap (vlan 11) 11] \ [172.17.0.10].42978 [8.8.8.8].53 \ dns QUERY,NOERROR,37698,rd \ 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 -[289] 2016-10-20 15:24:21.496815 [#63 vlan11.pcap-dist (vlan 11) 11] \ +[289] 2016-10-20 15:24:21.496815 [#63 vlan11.pcap (vlan 11) 11] \ [8.8.8.8].53 [172.17.0.10].42978 \ dns QUERY,NOERROR,37698,qr|rd|ra \ 1 206.218.58.216.in-addr.arpa.,IN,PTR \ @@ -555,11 +555,11 @@ ns3.google.com.,IN,A,157799,216.239.36.10 \ ns4.google.com.,IN,A,157799,216.239.38.10 \ ns2.google.com.,IN,A,157799,216.239.34.10 -[56] 2016-10-20 15:24:22.502667 [#64 vlan11.pcap-dist (vlan 11) 11] \ +[56] 2016-10-20 15:24:22.502667 [#64 vlan11.pcap (vlan 11) 11] \ [172.17.0.10].49829 [8.8.8.8].53 \ dns QUERY,NOERROR,54706,rd \ 1 google.com.,IN,A 0 0 0 -[208] 2016-10-20 15:24:22.504738 [#65 vlan11.pcap-dist (vlan 11) 11] \ +[208] 2016-10-20 15:24:22.504738 [#65 vlan11.pcap (vlan 11) 11] \ [8.8.8.8].53 [172.17.0.10].49829 \ dns QUERY,NOERROR,54706,qr|rd|ra \ 1 google.com.,IN,A \ @@ -572,11 +572,11 @@ ns1.google.com.,IN,A,331800,216.239.32.10 \ ns3.google.com.,IN,A,157798,216.239.36.10 \ ns4.google.com.,IN,A,157798,216.239.38.10 -[73] 2016-10-20 15:24:22.510176 [#66 vlan11.pcap-dist (vlan 11) 11] \ +[73] 2016-10-20 15:24:22.510176 [#66 vlan11.pcap (vlan 11) 11] \ [172.17.0.10].50599 [8.8.8.8].53 \ dns QUERY,NOERROR,32142,rd \ 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 -[289] 2016-10-20 15:24:22.511746 [#67 vlan11.pcap-dist (vlan 11) 11] \ +[289] 2016-10-20 15:24:22.511746 [#67 vlan11.pcap (vlan 11) 11] \ [8.8.8.8].53 [172.17.0.10].50599 \ dns QUERY,NOERROR,32142,qr|rd|ra \ 1 206.218.58.216.in-addr.arpa.,IN,PTR \ @@ -590,11 +590,11 @@ ns3.google.com.,IN,A,157798,216.239.36.10 \ ns4.google.com.,IN,A,157798,216.239.38.10 \ ns2.google.com.,IN,A,157798,216.239.34.10 -[56] 2016-10-20 15:24:23.520203 [#68 vlan11.pcap-dist (vlan 11) 11] \ +[56] 2016-10-20 15:24:23.520203 [#68 vlan11.pcap (vlan 11) 11] \ [172.17.0.10].44980 [8.8.8.8].53 \ dns QUERY,NOERROR,41808,rd \ 1 google.com.,IN,A 0 0 0 -[208] 2016-10-20 15:24:23.521976 [#69 vlan11.pcap-dist (vlan 11) 11] \ +[208] 2016-10-20 15:24:23.521976 [#69 vlan11.pcap (vlan 11) 11] \ [8.8.8.8].53 [172.17.0.10].44980 \ dns QUERY,NOERROR,41808,qr|rd|ra \ 1 google.com.,IN,A \ @@ -607,11 +607,11 @@ ns1.google.com.,IN,A,331799,216.239.32.10 \ ns3.google.com.,IN,A,157797,216.239.36.10 \ ns4.google.com.,IN,A,157797,216.239.38.10 -[73] 2016-10-20 15:24:23.527449 [#70 vlan11.pcap-dist (vlan 11) 11] \ +[73] 2016-10-20 15:24:23.527449 [#70 vlan11.pcap (vlan 11) 11] \ [172.17.0.10].60063 [8.8.8.8].53 \ dns QUERY,NOERROR,18886,rd \ 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 -[289] 2016-10-20 15:24:23.529385 [#71 vlan11.pcap-dist (vlan 11) 11] \ +[289] 2016-10-20 15:24:23.529385 [#71 vlan11.pcap (vlan 11) 11] \ [8.8.8.8].53 [172.17.0.10].60063 \ dns QUERY,NOERROR,18886,qr|rd|ra \ 1 206.218.58.216.in-addr.arpa.,IN,PTR \ @@ -625,11 +625,11 @@ ns3.google.com.,IN,A,157797,216.239.36.10 \ ns4.google.com.,IN,A,157797,216.239.38.10 \ ns2.google.com.,IN,A,157797,216.239.34.10 -[56] 2016-10-20 15:24:24.537264 [#72 vlan11.pcap-dist (vlan 11) 11] \ +[56] 2016-10-20 15:24:24.537264 [#72 vlan11.pcap (vlan 11) 11] \ [172.17.0.10].42042 [8.8.8.8].53 \ dns QUERY,NOERROR,10624,rd \ 1 google.com.,IN,A 0 0 0 -[208] 2016-10-20 15:24:24.539398 [#73 vlan11.pcap-dist (vlan 11) 11] \ +[208] 2016-10-20 15:24:24.539398 [#73 vlan11.pcap (vlan 11) 11] \ [8.8.8.8].53 [172.17.0.10].42042 \ dns QUERY,NOERROR,10624,qr|rd|ra \ 1 google.com.,IN,A \ @@ -642,11 +642,11 @@ ns1.google.com.,IN,A,331798,216.239.32.10 \ ns3.google.com.,IN,A,157796,216.239.36.10 \ ns4.google.com.,IN,A,157796,216.239.38.10 -[73] 2016-10-20 15:24:24.544538 [#74 vlan11.pcap-dist (vlan 11) 11] \ +[73] 2016-10-20 15:24:24.544538 [#74 vlan11.pcap (vlan 11) 11] \ [172.17.0.10].60469 [8.8.8.8].53 \ dns QUERY,NOERROR,33139,rd \ 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 -[289] 2016-10-20 15:24:24.546172 [#75 vlan11.pcap-dist (vlan 11) 11] \ +[289] 2016-10-20 15:24:24.546172 [#75 vlan11.pcap (vlan 11) 11] \ [8.8.8.8].53 [172.17.0.10].60469 \ dns QUERY,NOERROR,33139,qr|rd|ra \ 1 206.218.58.216.in-addr.arpa.,IN,PTR \ @@ -660,11 +660,11 @@ ns3.google.com.,IN,A,157796,216.239.36.10 \ ns4.google.com.,IN,A,157796,216.239.38.10 \ ns2.google.com.,IN,A,157796,216.239.34.10 -[56] 2016-10-20 15:24:25.554744 [#76 vlan11.pcap-dist (vlan 11) 11] \ +[56] 2016-10-20 15:24:25.554744 [#76 vlan11.pcap (vlan 11) 11] \ [172.17.0.10].45703 [8.8.8.8].53 \ dns QUERY,NOERROR,61415,rd \ 1 google.com.,IN,A 0 0 0 -[208] 2016-10-20 15:24:25.556513 [#77 vlan11.pcap-dist (vlan 11) 11] \ +[208] 2016-10-20 15:24:25.556513 [#77 vlan11.pcap (vlan 11) 11] \ [8.8.8.8].53 [172.17.0.10].45703 \ dns QUERY,NOERROR,61415,qr|rd|ra \ 1 google.com.,IN,A \ @@ -677,11 +677,11 @@ ns1.google.com.,IN,A,331797,216.239.32.10 \ ns3.google.com.,IN,A,157795,216.239.36.10 \ ns4.google.com.,IN,A,157795,216.239.38.10 -[73] 2016-10-20 15:24:25.562608 [#78 vlan11.pcap-dist (vlan 11) 11] \ +[73] 2016-10-20 15:24:25.562608 [#78 vlan11.pcap (vlan 11) 11] \ [172.17.0.10].33507 [8.8.8.8].53 \ dns QUERY,NOERROR,59258,rd \ 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 -[289] 2016-10-20 15:24:25.564509 [#79 vlan11.pcap-dist (vlan 11) 11] \ +[289] 2016-10-20 15:24:25.564509 [#79 vlan11.pcap (vlan 11) 11] \ [8.8.8.8].53 [172.17.0.10].33507 \ dns QUERY,NOERROR,59258,qr|rd|ra \ 1 206.218.58.216.in-addr.arpa.,IN,PTR \ @@ -695,11 +695,11 @@ ns3.google.com.,IN,A,157795,216.239.36.10 \ ns4.google.com.,IN,A,157795,216.239.38.10 \ ns2.google.com.,IN,A,157795,216.239.34.10 -[56] 2016-10-20 15:24:26.572784 [#80 vlan11.pcap-dist (vlan 11) 11] \ +[56] 2016-10-20 15:24:26.572784 [#80 vlan11.pcap (vlan 11) 11] \ [172.17.0.10].46798 [8.8.8.8].53 \ dns QUERY,NOERROR,17700,rd \ 1 google.com.,IN,A 0 0 0 -[208] 2016-10-20 15:24:26.574350 [#81 vlan11.pcap-dist (vlan 11) 11] \ +[208] 2016-10-20 15:24:26.574350 [#81 vlan11.pcap (vlan 11) 11] \ [8.8.8.8].53 [172.17.0.10].46798 \ dns QUERY,NOERROR,17700,qr|rd|ra \ 1 google.com.,IN,A \ From 12ea06181881e6d4a3f8c486d89d60215606967b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jerry=20Lundstr=C3=B6m?= Date: Wed, 12 Jul 2023 15:43:37 +0200 Subject: [PATCH 4/7] EDNS Client Subnet anonymization - Fix #245: Add ECS anonymization to plugins - `-e`: also anonymize ECS - `-E`: only anonymize ECS - `plugins`: Drop `const` on filter interfaces --- plugins/Makefile.am | 2 +- plugins/anonaes128/Makefile.am | 3 +- plugins/anonaes128/anonaes128.c | 75 ++++++++- plugins/anonaes128/test1.gold | 246 ++++++++++++++++++++++++++++++ plugins/anonaes128/test1.sh | 5 + plugins/anonmask/Makefile.am | 3 +- plugins/anonmask/anonmask.c | 53 ++++++- plugins/anonmask/test1.gold | 246 ++++++++++++++++++++++++++++++ plugins/anonmask/test1.sh | 5 + plugins/cryptopan/Makefile.am | 3 +- plugins/cryptopan/cryptopan.c | 100 +++++++++--- plugins/cryptopan/test1.gold | 246 ++++++++++++++++++++++++++++++ plugins/cryptopan/test1.sh | 5 + plugins/cryptopant/Makefile.am | 3 +- plugins/cryptopant/cryptopant.c | 57 ++++++- plugins/cryptopant/test1.gold | 246 ++++++++++++++++++++++++++++++ plugins/cryptopant/test1.sh | 5 + plugins/eventlog/Makefile.am | 4 +- plugins/ipcrypt/Makefile.am | 3 +- plugins/ipcrypt/ipcrypt.c | 66 +++++++- plugins/ipcrypt/test1.gold | 246 ++++++++++++++++++++++++++++++ plugins/ipcrypt/test1.sh | 5 + plugins/pcapdump/Makefile.am | 4 +- plugins/royparse/Makefile.am | 4 +- plugins/rssm/Makefile.am | 2 +- plugins/rzkeychange/Makefile.am | 3 +- plugins/rzkeychange/rzkeychange.c | 2 +- plugins/shared/edns0_ecs.c | 222 +++++++++++++++++++++++++++ plugins/template/Makefile.am | 3 +- plugins/txtout/Makefile.am | 4 +- src/bpft.c | 16 +- src/dnscap_common.h | 8 +- src/dumper.c | 4 +- src/dumper.h | 4 +- src/network.c | 38 ++--- src/tcpreasm.c | 2 +- src/test/Makefile.am | 8 +- src/test/edns.gold | 123 +++++++++++++++ src/test/edns.pcap | Bin 0 -> 2791 bytes src/test/test_edns.sh | 11 ++ 40 files changed, 1985 insertions(+), 100 deletions(-) create mode 100644 plugins/shared/edns0_ecs.c create mode 100644 src/test/edns.gold create mode 100644 src/test/edns.pcap create mode 100755 src/test/test_edns.sh diff --git a/plugins/Makefile.am b/plugins/Makefile.am index 7a6880c9..7824f624 100644 --- a/plugins/Makefile.am +++ b/plugins/Makefile.am @@ -3,4 +3,4 @@ MAINTAINERCLEANFILES = $(srcdir)/Makefile.in SUBDIRS = pcapdump rssm txtout rzkeychange royparse anonmask ipcrypt \ anonaes128 cryptopan cryptopant eventlog -EXTRA_DIST = template +EXTRA_DIST = template shared diff --git a/plugins/anonaes128/Makefile.am b/plugins/anonaes128/Makefile.am index 2e9df571..ec4206ab 100644 --- a/plugins/anonaes128/Makefile.am +++ b/plugins/anonaes128/Makefile.am @@ -1,9 +1,10 @@ MAINTAINERCLEANFILES = $(srcdir)/Makefile.in -CLEANFILES = *.gcda *.gcno *.gcov +CLEANFILES = *.gcda *.gcno *.gcov *.pcap-dist AM_CFLAGS = -I$(srcdir) \ -I$(top_srcdir)/src \ -I$(top_srcdir)/isc \ + -I$(top_srcdir)/plugins/shared \ $(SECCOMPFLAGS) $(libcrypto_CFLAGS) pkglib_LTLIBRARIES = anonaes128.la diff --git a/plugins/anonaes128/anonaes128.c b/plugins/anonaes128/anonaes128.c index b2d8dbd9..0c86911f 100644 --- a/plugins/anonaes128/anonaes128.c +++ b/plugins/anonaes128/anonaes128.c @@ -42,6 +42,7 @@ #include #include #include +#include #include "dnscap_common.h" @@ -50,12 +51,13 @@ #include #include #define USE_OPENSSL 1 +#include "edns0_ecs.c" #endif static set_iaddr_t anonaes128_set_iaddr = 0; static logerr_t* logerr; -static int only_clients = 0, only_servers = 0, dns_port = 53, encrypt_v4 = 0, decrypt = 0; +static int only_clients = 0, only_servers = 0, dns_port = 53, encrypt_v4 = 0, decrypt = 0, edns = 0; static unsigned char key[16]; static unsigned char iv[16]; #ifdef USE_OPENSSL @@ -86,7 +88,9 @@ void anonaes128_usage() "\t-c Only en/de-crypt clients (port != 53)\n" "\t-s Only en/de-crypt servers (port == 53)\n" "\t-p Set port for -c/-s, default 53\n" - "\t-4 Encrypt IPv4 addresses, not default or recommended\n"); + "\t-4 Encrypt IPv4 addresses, not default or recommended\n" + "\t-e Also en/de-crypt EDNS(0) Client Subnet\n" + "\t-E ONLY en/de-crypt EDNS(0) Client Subnet, not IP addresses\n"); } void anonaes128_extension(int ext, void* arg) @@ -104,7 +108,7 @@ void anonaes128_getopt(int* argc, char** argv[]) unsigned long ul; char* p; - while ((c = getopt(*argc, *argv, "?k:K:i:I:Dcsp:4")) != EOF) { + while ((c = getopt(*argc, *argv, "?k:K:i:I:Dcsp:4eE")) != EOF) { switch (c) { case 'k': if (strlen(optarg) != 16) { @@ -174,6 +178,13 @@ void anonaes128_getopt(int* argc, char** argv[]) case '4': encrypt_v4 = 1; break; + case 'e': + if (!edns) + edns = 1; + break; + case 'E': + edns = -1; + break; case '?': anonaes128_usage(); if (!optopt || optopt == '?') { @@ -242,12 +253,66 @@ int anonaes128_close(my_bpftimeval ts) return 0; } +#ifdef USE_OPENSSL +void ecs_callback(int family, u_char* buf, size_t len) +{ + unsigned char outbuf[16 + EVP_MAX_BLOCK_LENGTH] = { 0 }; + int outlen = 0; + + struct in6_addr in6 = IN6ADDR_ANY_INIT; + + switch (family) { + case 1: // IPv4 + if (len > sizeof(struct in_addr)) + break; + if (encrypt_v4) { + memcpy(&in6, buf, len); + memcpy(((uint8_t*)&in6) + 4, &in6, 4); + memcpy(((uint8_t*)&in6) + 8, &in6, 4); + memcpy(((uint8_t*)&in6) + 12, &in6, 4); + if (!EVP_CipherUpdate(ctx, outbuf, &outlen, (void*)&in6, 16)) { + logerr("anonaes128.so: error en/de-crypting IP address: %s", ERR_reason_error_string(ERR_get_error())); + exit(1); + } + if (outlen != 16) { + logerr("anonaes128.so: error en/de-crypted output is not 16 bytes"); + exit(1); + } + memcpy(buf, outbuf, len); + } + break; + case 2: // IPv6 + if (len > sizeof(struct in6_addr)) + break; + memcpy(&in6, buf, len); + if (!EVP_CipherUpdate(ctx, outbuf, &outlen, (void*)&in6, 16)) { + logerr("anonaes128.so: error en/de-crypting IP address: %s", ERR_reason_error_string(ERR_get_error())); + exit(1); + } + if (outlen != 16) { + logerr("anonaes128.so: error en/de-crypted output is not 16 bytes"); + exit(1); + } + memcpy(buf, outbuf, len); + break; + default: + break; + } +} +#endif + int anonaes128_filter(const char* descr, iaddr* from, iaddr* to, uint8_t proto, unsigned flags, unsigned sport, unsigned dport, my_bpftimeval ts, - const u_char* pkt_copy, const unsigned olen, - const u_char* payload, const unsigned payloadlen) + u_char* pkt_copy, const unsigned olen, + u_char* payload, const unsigned payloadlen) { #ifdef USE_OPENSSL + if (edns && flags & DNSCAP_OUTPUT_ISDNS && payload && payloadlen > DNS_MSG_HDR_SZ) { + parse_for_edns0_ecs(payload, payloadlen, ecs_callback); + if (edns < 0) + return 0; + } + unsigned char outbuf[16 + EVP_MAX_BLOCK_LENGTH]; int outlen = 0; diff --git a/plugins/anonaes128/test1.gold b/plugins/anonaes128/test1.gold index 8bd48447..a76a0b36 100644 --- a/plugins/anonaes128/test1.gold +++ b/plugins/anonaes128/test1.gold @@ -2144,3 +2144,249 @@ anonaes128.so usage error: must have key (-k/-K) and IV (-i/-I) ns3.google.com.,IN,A,157794,216.239.36.10 \ ns4.google.com.,IN,A,157794,216.239.38.10 anonaes128.so usage error: -c and -s options are mutually exclusive +[64] 2023-07-05 07:21:38.669836 [#0 edns.pcap-dist 4095] \ + [123.118.213.76].58541 [29.178.88.193].53 \ + dns QUERY,NOERROR,31428,rd \ + 1 h.root-servers.net.,IN,A 0 0 0 +[64] 2023-07-05 07:21:38.669891 [#1 edns.pcap-dist 4095] \ + [123.118.213.76].58541 [29.178.88.193].53 \ + dns QUERY,NOERROR,5824,rd \ + 1 h.root-servers.net.,IN,AAAA 0 0 0 +[80] 2023-07-05 07:21:38.669977 [#2 edns.pcap-dist 4095] \ + [29.178.88.193].53 [123.118.213.76].58541 \ + dns QUERY,NOERROR,31428,qr|rd|ra \ + 1 h.root-servers.net.,IN,A \ + 1 h.root-servers.net.,IN,A,85098,198.97.190.53 0 0 +[92] 2023-07-05 07:21:38.670010 [#3 edns.pcap-dist 4095] \ + [29.178.88.193].53 [123.118.213.76].58541 \ + dns QUERY,NOERROR,5824,qr|rd|ra \ + 1 h.root-servers.net.,IN,AAAA \ + 1 h.root-servers.net.,IN,AAAA,85098,2001:500:1::53 0 0 +[88] 2023-07-05 07:21:38.670793 [#4 edns.pcap-dist 4095] \ + [123.118.213.76].33737 [248.188.142.6].53 \ + dns QUERY,NOERROR,56979,rd|ad \ + 1 ns1.dns.nic.aaa.,IN,NS 0 0 \ + 1 .,4096,4096,0,edns0[len=16,UDP=4096,ver=0,rcode=0,DO=0,z=0],edns0opt[code=3,codelen=0],edns0opt[code=10,codelen=8] +[464] 2023-07-05 07:21:38.698303 [#5 edns.pcap-dist 4095] \ + [248.188.142.6].53 [123.118.213.76].33737 \ + dns QUERY,NOERROR,56979,qr|rd \ + 1 ns1.dns.nic.aaa.,IN,NS 0 \ + 6 aaa.,IN,NS,172800,a.nic.aaa. \ + aaa.,IN,NS,172800,b.nic.aaa. \ + aaa.,IN,NS,172800,c.nic.aaa. \ + aaa.,IN,NS,172800,ns1.dns.nic.aaa. \ + aaa.,IN,NS,172800,ns2.dns.nic.aaa. \ + aaa.,IN,NS,172800,ns3.dns.nic.aaa. \ + 13 a.nic.aaa.,IN,A,172800,37.209.192.9 \ + b.nic.aaa.,IN,A,172800,37.209.194.9 \ + c.nic.aaa.,IN,A,172800,37.209.196.9 \ + ns1.dns.nic.aaa.,IN,A,172800,156.154.144.2 \ + ns2.dns.nic.aaa.,IN,A,172800,156.154.145.2 \ + ns3.dns.nic.aaa.,IN,A,172800,156.154.159.2 \ + a.nic.aaa.,IN,AAAA,172800,2001:dcd:1::9 \ + b.nic.aaa.,IN,AAAA,172800,2001:dcd:2::9 \ + c.nic.aaa.,IN,AAAA,172800,2001:dcd:3::9 \ + ns1.dns.nic.aaa.,IN,AAAA,172800,2610:a1:1071::2 \ + ns2.dns.nic.aaa.,IN,AAAA,172800,2610:a1:1072::2 \ + ns3.dns.nic.aaa.,IN,AAAA,172800,2610:a1:1073::2 \ + .,1232,1232,0,edns0[len=30,UDP=1232,ver=0,rcode=0,DO=0,z=0],edns0opt[code=3,codelen=26] +[64] 2023-07-05 07:21:42.739334 [#6 edns.pcap-dist 4095] \ + [123.118.213.76].53174 [29.178.88.193].53 \ + dns QUERY,NOERROR,48648,rd \ + 1 g.root-servers.net.,IN,A 0 0 0 +[64] 2023-07-05 07:21:42.739396 [#7 edns.pcap-dist 4095] \ + [123.118.213.76].53174 [29.178.88.193].53 \ + dns QUERY,NOERROR,48141,rd \ + 1 g.root-servers.net.,IN,AAAA 0 0 0 +[80] 2023-07-05 07:21:42.739525 [#8 edns.pcap-dist 4095] \ + [29.178.88.193].53 [123.118.213.76].53174 \ + dns QUERY,NOERROR,48648,qr|rd|ra \ + 1 g.root-servers.net.,IN,A \ + 1 g.root-servers.net.,IN,A,85094,192.112.36.4 0 0 +[92] 2023-07-05 07:21:42.739558 [#9 edns.pcap-dist 4095] \ + [29.178.88.193].53 [123.118.213.76].53174 \ + dns QUERY,NOERROR,48141,qr|rd|ra \ + 1 g.root-servers.net.,IN,AAAA \ + 1 g.root-servers.net.,IN,AAAA,85094,2001:500:12::d0d 0 0 +[83] 2023-07-05 07:21:42.740590 [#10 edns.pcap-dist 4095] \ + [123.118.213.76].50901 [67.192.17.119].53 \ + dns QUERY,NOERROR,35713,rd|ad \ + 1 net.,IN,A 0 0 \ + 1 .,4096,4096,0,edns0[len=23,UDP=4096,ver=0,rcode=0,DO=0,z=0],edns0opt[ECS,family=1,source=24,scope=0,addr=34.29.83.0],edns0opt[code=10,codelen=8] +[895] 2023-07-05 07:21:42.836816 [#11 edns.pcap-dist 4095] \ + [67.192.17.119].53 [123.118.213.76].50901 \ + dns QUERY,NOERROR,35713,qr|rd \ + 1 net.,IN,A 0 \ + 13 net.,IN,NS,172800,j.gtld-servers.net. \ + net.,IN,NS,172800,b.gtld-servers.net. \ + net.,IN,NS,172800,a.gtld-servers.net. \ + net.,IN,NS,172800,h.gtld-servers.net. \ + net.,IN,NS,172800,d.gtld-servers.net. \ + net.,IN,NS,172800,c.gtld-servers.net. \ + net.,IN,NS,172800,i.gtld-servers.net. \ + net.,IN,NS,172800,e.gtld-servers.net. \ + net.,IN,NS,172800,m.gtld-servers.net. \ + net.,IN,NS,172800,f.gtld-servers.net. \ + net.,IN,NS,172800,k.gtld-servers.net. \ + net.,IN,NS,172800,l.gtld-servers.net. \ + net.,IN,NS,172800,g.gtld-servers.net. \ + 27 m.gtld-servers.net.,IN,A,172800,192.55.83.30 \ + l.gtld-servers.net.,IN,A,172800,192.41.162.30 \ + k.gtld-servers.net.,IN,A,172800,192.52.178.30 \ + j.gtld-servers.net.,IN,A,172800,192.48.79.30 \ + i.gtld-servers.net.,IN,A,172800,192.43.172.30 \ + h.gtld-servers.net.,IN,A,172800,192.54.112.30 \ + g.gtld-servers.net.,IN,A,172800,192.42.93.30 \ + f.gtld-servers.net.,IN,A,172800,192.35.51.30 \ + e.gtld-servers.net.,IN,A,172800,192.12.94.30 \ + d.gtld-servers.net.,IN,A,172800,192.31.80.30 \ + c.gtld-servers.net.,IN,A,172800,192.26.92.30 \ + b.gtld-servers.net.,IN,A,172800,192.33.14.30 \ + a.gtld-servers.net.,IN,A,172800,192.5.6.30 \ + m.gtld-servers.net.,IN,AAAA,172800,2001:501:b1f9::30 \ + l.gtld-servers.net.,IN,AAAA,172800,2001:500:d937::30 \ + k.gtld-servers.net.,IN,AAAA,172800,2001:503:d2d::30 \ + j.gtld-servers.net.,IN,AAAA,172800,2001:502:7094::30 \ + i.gtld-servers.net.,IN,AAAA,172800,2001:503:39c1::30 \ + h.gtld-servers.net.,IN,AAAA,172800,2001:502:8cc::30 \ + g.gtld-servers.net.,IN,AAAA,172800,2001:503:eea3::30 \ + f.gtld-servers.net.,IN,AAAA,172800,2001:503:d414::30 \ + e.gtld-servers.net.,IN,AAAA,172800,2001:502:1ca1::30 \ + d.gtld-servers.net.,IN,AAAA,172800,2001:500:856e::30 \ + c.gtld-servers.net.,IN,AAAA,172800,2001:503:83eb::30 \ + b.gtld-servers.net.,IN,AAAA,172800,2001:503:231d::2:30 \ + a.gtld-servers.net.,IN,AAAA,172800,2001:503:a83e::2:30 \ + .,1232,1232,0,edns0[len=39,UDP=1232,ver=0,rcode=0,DO=0,z=0],edns0opt[code=10,codelen=24],edns0opt[ECS,family=1,source=24,scope=0,addr=34.29.83.0] +[86] 2023-07-05 07:21:46.511502 [#12 edns.pcap-dist 4095] \ + [123.118.213.76].35191 [99.195.235.60].53 \ + dns QUERY,NOERROR,960,rd|ad \ + 1 dnssec-failed.org.,IN,A 0 0 \ + 1 .,4096,4096,0,edns0[len=12,UDP=4096,ver=0,rcode=0,DO=0,z=0],edns0opt[code=10,codelen=8] +[131] 2023-07-05 07:21:46.518500 [#13 edns.pcap-dist 4095] \ + [99.195.235.60].53 [123.118.213.76].35191 \ + dns QUERY,SERVFAIL,960,qr|rd|ra \ + 1 dnssec-failed.org.,IN,A 0 0 \ + 1 .,1232,1232,0,edns0[len=57,UDP=1232,ver=0,rcode=0,DO=0,z=0],edns0opt[code=15,codelen=53] +[64] 2023-07-05 07:21:38.669836 [#0 edns.pcap-dist 4095] \ + [172.17.0.6].58541 [172.17.0.1].53 \ + dns QUERY,NOERROR,31428,rd \ + 1 h.root-servers.net.,IN,A 0 0 0 +[64] 2023-07-05 07:21:38.669891 [#1 edns.pcap-dist 4095] \ + [172.17.0.6].58541 [172.17.0.1].53 \ + dns QUERY,NOERROR,5824,rd \ + 1 h.root-servers.net.,IN,AAAA 0 0 0 +[80] 2023-07-05 07:21:38.669977 [#2 edns.pcap-dist 4095] \ + [172.17.0.1].53 [172.17.0.6].58541 \ + dns QUERY,NOERROR,31428,qr|rd|ra \ + 1 h.root-servers.net.,IN,A \ + 1 h.root-servers.net.,IN,A,85098,198.97.190.53 0 0 +[92] 2023-07-05 07:21:38.670010 [#3 edns.pcap-dist 4095] \ + [172.17.0.1].53 [172.17.0.6].58541 \ + dns QUERY,NOERROR,5824,qr|rd|ra \ + 1 h.root-servers.net.,IN,AAAA \ + 1 h.root-servers.net.,IN,AAAA,85098,2001:500:1::53 0 0 +[88] 2023-07-05 07:21:38.670793 [#4 edns.pcap-dist 4095] \ + [172.17.0.6].33737 [198.97.190.53].53 \ + dns QUERY,NOERROR,56979,rd|ad \ + 1 ns1.dns.nic.aaa.,IN,NS 0 0 \ + 1 .,4096,4096,0,edns0[len=16,UDP=4096,ver=0,rcode=0,DO=0,z=0],edns0opt[code=3,codelen=0],edns0opt[code=10,codelen=8] +[464] 2023-07-05 07:21:38.698303 [#5 edns.pcap-dist 4095] \ + [198.97.190.53].53 [172.17.0.6].33737 \ + dns QUERY,NOERROR,56979,qr|rd \ + 1 ns1.dns.nic.aaa.,IN,NS 0 \ + 6 aaa.,IN,NS,172800,a.nic.aaa. \ + aaa.,IN,NS,172800,b.nic.aaa. \ + aaa.,IN,NS,172800,c.nic.aaa. \ + aaa.,IN,NS,172800,ns1.dns.nic.aaa. \ + aaa.,IN,NS,172800,ns2.dns.nic.aaa. \ + aaa.,IN,NS,172800,ns3.dns.nic.aaa. \ + 13 a.nic.aaa.,IN,A,172800,37.209.192.9 \ + b.nic.aaa.,IN,A,172800,37.209.194.9 \ + c.nic.aaa.,IN,A,172800,37.209.196.9 \ + ns1.dns.nic.aaa.,IN,A,172800,156.154.144.2 \ + ns2.dns.nic.aaa.,IN,A,172800,156.154.145.2 \ + ns3.dns.nic.aaa.,IN,A,172800,156.154.159.2 \ + a.nic.aaa.,IN,AAAA,172800,2001:dcd:1::9 \ + b.nic.aaa.,IN,AAAA,172800,2001:dcd:2::9 \ + c.nic.aaa.,IN,AAAA,172800,2001:dcd:3::9 \ + ns1.dns.nic.aaa.,IN,AAAA,172800,2610:a1:1071::2 \ + ns2.dns.nic.aaa.,IN,AAAA,172800,2610:a1:1072::2 \ + ns3.dns.nic.aaa.,IN,AAAA,172800,2610:a1:1073::2 \ + .,1232,1232,0,edns0[len=30,UDP=1232,ver=0,rcode=0,DO=0,z=0],edns0opt[code=3,codelen=26] +[64] 2023-07-05 07:21:42.739334 [#6 edns.pcap-dist 4095] \ + [172.17.0.6].53174 [172.17.0.1].53 \ + dns QUERY,NOERROR,48648,rd \ + 1 g.root-servers.net.,IN,A 0 0 0 +[64] 2023-07-05 07:21:42.739396 [#7 edns.pcap-dist 4095] \ + [172.17.0.6].53174 [172.17.0.1].53 \ + dns QUERY,NOERROR,48141,rd \ + 1 g.root-servers.net.,IN,AAAA 0 0 0 +[80] 2023-07-05 07:21:42.739525 [#8 edns.pcap-dist 4095] \ + [172.17.0.1].53 [172.17.0.6].53174 \ + dns QUERY,NOERROR,48648,qr|rd|ra \ + 1 g.root-servers.net.,IN,A \ + 1 g.root-servers.net.,IN,A,85094,192.112.36.4 0 0 +[92] 2023-07-05 07:21:42.739558 [#9 edns.pcap-dist 4095] \ + [172.17.0.1].53 [172.17.0.6].53174 \ + dns QUERY,NOERROR,48141,qr|rd|ra \ + 1 g.root-servers.net.,IN,AAAA \ + 1 g.root-servers.net.,IN,AAAA,85094,2001:500:12::d0d 0 0 +[83] 2023-07-05 07:21:42.740590 [#10 edns.pcap-dist 4095] \ + [172.17.0.6].50901 [192.112.36.4].53 \ + dns QUERY,NOERROR,35713,rd|ad \ + 1 net.,IN,A 0 0 \ + 1 .,4096,4096,0,edns0[len=23,UDP=4096,ver=0,rcode=0,DO=0,z=0],edns0opt[ECS,family=1,source=24,scope=0,addr=34.29.83.0],edns0opt[code=10,codelen=8] +[895] 2023-07-05 07:21:42.836816 [#11 edns.pcap-dist 4095] \ + [192.112.36.4].53 [172.17.0.6].50901 \ + dns QUERY,NOERROR,35713,qr|rd \ + 1 net.,IN,A 0 \ + 13 net.,IN,NS,172800,j.gtld-servers.net. \ + net.,IN,NS,172800,b.gtld-servers.net. \ + net.,IN,NS,172800,a.gtld-servers.net. \ + net.,IN,NS,172800,h.gtld-servers.net. \ + net.,IN,NS,172800,d.gtld-servers.net. \ + net.,IN,NS,172800,c.gtld-servers.net. \ + net.,IN,NS,172800,i.gtld-servers.net. \ + net.,IN,NS,172800,e.gtld-servers.net. \ + net.,IN,NS,172800,m.gtld-servers.net. \ + net.,IN,NS,172800,f.gtld-servers.net. \ + net.,IN,NS,172800,k.gtld-servers.net. \ + net.,IN,NS,172800,l.gtld-servers.net. \ + net.,IN,NS,172800,g.gtld-servers.net. \ + 27 m.gtld-servers.net.,IN,A,172800,192.55.83.30 \ + l.gtld-servers.net.,IN,A,172800,192.41.162.30 \ + k.gtld-servers.net.,IN,A,172800,192.52.178.30 \ + j.gtld-servers.net.,IN,A,172800,192.48.79.30 \ + i.gtld-servers.net.,IN,A,172800,192.43.172.30 \ + h.gtld-servers.net.,IN,A,172800,192.54.112.30 \ + g.gtld-servers.net.,IN,A,172800,192.42.93.30 \ + f.gtld-servers.net.,IN,A,172800,192.35.51.30 \ + e.gtld-servers.net.,IN,A,172800,192.12.94.30 \ + d.gtld-servers.net.,IN,A,172800,192.31.80.30 \ + c.gtld-servers.net.,IN,A,172800,192.26.92.30 \ + b.gtld-servers.net.,IN,A,172800,192.33.14.30 \ + a.gtld-servers.net.,IN,A,172800,192.5.6.30 \ + m.gtld-servers.net.,IN,AAAA,172800,2001:501:b1f9::30 \ + l.gtld-servers.net.,IN,AAAA,172800,2001:500:d937::30 \ + k.gtld-servers.net.,IN,AAAA,172800,2001:503:d2d::30 \ + j.gtld-servers.net.,IN,AAAA,172800,2001:502:7094::30 \ + i.gtld-servers.net.,IN,AAAA,172800,2001:503:39c1::30 \ + h.gtld-servers.net.,IN,AAAA,172800,2001:502:8cc::30 \ + g.gtld-servers.net.,IN,AAAA,172800,2001:503:eea3::30 \ + f.gtld-servers.net.,IN,AAAA,172800,2001:503:d414::30 \ + e.gtld-servers.net.,IN,AAAA,172800,2001:502:1ca1::30 \ + d.gtld-servers.net.,IN,AAAA,172800,2001:500:856e::30 \ + c.gtld-servers.net.,IN,AAAA,172800,2001:503:83eb::30 \ + b.gtld-servers.net.,IN,AAAA,172800,2001:503:231d::2:30 \ + a.gtld-servers.net.,IN,AAAA,172800,2001:503:a83e::2:30 \ + .,1232,1232,0,edns0[len=39,UDP=1232,ver=0,rcode=0,DO=0,z=0],edns0opt[code=10,codelen=24],edns0opt[ECS,family=1,source=24,scope=0,addr=34.29.83.0] +[86] 2023-07-05 07:21:46.511502 [#12 edns.pcap-dist 4095] \ + [172.17.0.6].35191 [1.1.1.1].53 \ + dns QUERY,NOERROR,960,rd|ad \ + 1 dnssec-failed.org.,IN,A 0 0 \ + 1 .,4096,4096,0,edns0[len=12,UDP=4096,ver=0,rcode=0,DO=0,z=0],edns0opt[code=10,codelen=8] +[131] 2023-07-05 07:21:46.518500 [#13 edns.pcap-dist 4095] \ + [1.1.1.1].53 [172.17.0.6].35191 \ + dns QUERY,SERVFAIL,960,qr|rd|ra \ + 1 dnssec-failed.org.,IN,A 0 0 \ + 1 .,1232,1232,0,edns0[len=57,UDP=1232,ver=0,rcode=0,DO=0,z=0],edns0opt[code=15,codelen=53] diff --git a/plugins/anonaes128/test1.sh b/plugins/anonaes128/test1.sh index 296bcd59..3338e420 100755 --- a/plugins/anonaes128/test1.sh +++ b/plugins/anonaes128/test1.sh @@ -16,6 +16,11 @@ ln -fs "$srcdir/../../src/test/dns.pcap" dns.pcap-dist ../../src/dnscap -r dns.pcap-dist -g -P "$plugin" -4 -k "some 16-byte key" -i "some 16-byte key" -s 2>>test1.out ! ../../src/dnscap -r dns.pcap-dist -g -P "$plugin" -4 -k "some 16-byte key" -i "some 16-byte key" -c -s 2>>test1.out +ln -fs "$srcdir/../../src/test/edns.pcap" edns.pcap-dist + +../../src/dnscap -r edns.pcap-dist -g -P "$plugin" -4 -k "some 16-byte key" -i "some 16-byte key" -e 2>>test1.out +../../src/dnscap -r edns.pcap-dist -g -P "$plugin" -4 -k "some 16-byte key" -i "some 16-byte key" -E 2>>test1.out + osrel=`uname -s` if [ "$osrel" = "OpenBSD" ]; then mv test1.out test1.out.old diff --git a/plugins/anonmask/Makefile.am b/plugins/anonmask/Makefile.am index 48f5a108..1ddf13d5 100644 --- a/plugins/anonmask/Makefile.am +++ b/plugins/anonmask/Makefile.am @@ -1,9 +1,10 @@ MAINTAINERCLEANFILES = $(srcdir)/Makefile.in -CLEANFILES = *.gcda *.gcno *.gcov +CLEANFILES = *.gcda *.gcno *.gcov *.pcap-dist AM_CFLAGS = -I$(srcdir) \ -I$(top_srcdir)/src \ -I$(top_srcdir)/isc \ + -I$(top_srcdir)/plugins/shared \ $(SECCOMPFLAGS) pkglib_LTLIBRARIES = anonmask.la diff --git a/plugins/anonmask/anonmask.c b/plugins/anonmask/anonmask.c index 444f5df5..8e17a797 100644 --- a/plugins/anonmask/anonmask.c +++ b/plugins/anonmask/anonmask.c @@ -43,10 +43,12 @@ #include "dnscap_common.h" +#include "edns0_ecs.c" + static set_iaddr_t anonmask_set_iaddr = 0; static logerr_t* logerr; -static int only_clients = 0, only_servers = 0, mask_port = 53, mask_v4 = 24, mask_v6 = 48; +static int only_clients = 0, only_servers = 0, mask_port = 53, mask_v4 = 24, mask_v6 = 48, edns = 0; static struct in_addr in4 = { INADDR_ANY }; static struct in6_addr in6 = IN6ADDR_ANY_INIT; static uint32_t* in6p = (uint32_t*)&in6; @@ -71,7 +73,9 @@ void anonmask_usage() "\t-s Only mask servers (port == 53)\n" "\t-p Set port for -c/-s masking, default 53\n" "\t-4 The /mask for IPv4 addresses, default /24\n" - "\t-6 The /mask for IPv6 addresses, default /48\n"); + "\t-6 The /mask for IPv6 addresses, default /48\n" + "\t-e Also mask EDNS(0) Client Subnet\n" + "\t-E ONLY mask EDNS(0) Client Subnet, not IP addresses\n"); } void anonmask_extension(int ext, void* arg) @@ -89,7 +93,7 @@ void anonmask_getopt(int* argc, char** argv[]) unsigned long ul; char* p; - while ((c = getopt(*argc, *argv, "?csp:4:6:")) != EOF) { + while ((c = getopt(*argc, *argv, "?csp:4:6:eE")) != EOF) { switch (c) { case 'c': only_clients = 1; @@ -115,6 +119,13 @@ void anonmask_getopt(int* argc, char** argv[]) usage("IPv6 mask must be an integer 0..127"); mask_v6 = (unsigned)ul; break; + case 'e': + if (!edns) + edns = 1; + break; + case 'E': + edns = -1; + break; case '?': anonmask_usage(); if (!optopt || optopt == '?') { @@ -173,11 +184,43 @@ int anonmask_close(my_bpftimeval ts) return 0; } +void ecs_callback(int family, u_char* buf, size_t len) +{ + u_char* mask; + + switch (family) { + case 1: // IPv4 + if (len > sizeof(struct in_addr)) + break; + mask = (u_char*)&in4; + while (len--) { + *buf++ &= *mask++; + } + break; + case 2: // IPv6 + if (len > sizeof(struct in6_addr)) + break; + mask = (u_char*)&in6; + while (len--) { + *buf++ &= *mask++; + } + break; + default: + break; + } +} + int anonmask_filter(const char* descr, iaddr* from, iaddr* to, uint8_t proto, unsigned flags, unsigned sport, unsigned dport, my_bpftimeval ts, - const u_char* pkt_copy, const unsigned olen, - const u_char* payload, const unsigned payloadlen) + u_char* pkt_copy, unsigned olen, + u_char* payload, unsigned payloadlen) { + if (edns && flags & DNSCAP_OUTPUT_ISDNS && payload && payloadlen > DNS_MSG_HDR_SZ) { + parse_for_edns0_ecs(payload, payloadlen, ecs_callback); + if (edns < 0) + return 0; + } + uint32_t* p6; for (;;) { diff --git a/plugins/anonmask/test1.gold b/plugins/anonmask/test1.gold index d6dde5ab..bdf740a3 100644 --- a/plugins/anonmask/test1.gold +++ b/plugins/anonmask/test1.gold @@ -2855,3 +2855,249 @@ ns3.google.com.,IN,A,157794,216.239.36.10 \ ns4.google.com.,IN,A,157794,216.239.38.10 anonmask.so usage error: -c and -s options are mutually exclusive +[64] 2023-07-05 07:21:38.669836 [#0 edns.pcap-dist 4095] \ + [172.0.0.0].58541 [172.0.0.0].53 \ + dns QUERY,NOERROR,31428,rd \ + 1 h.root-servers.net.,IN,A 0 0 0 +[64] 2023-07-05 07:21:38.669891 [#1 edns.pcap-dist 4095] \ + [172.0.0.0].58541 [172.0.0.0].53 \ + dns QUERY,NOERROR,5824,rd \ + 1 h.root-servers.net.,IN,AAAA 0 0 0 +[80] 2023-07-05 07:21:38.669977 [#2 edns.pcap-dist 4095] \ + [172.0.0.0].53 [172.0.0.0].58541 \ + dns QUERY,NOERROR,31428,qr|rd|ra \ + 1 h.root-servers.net.,IN,A \ + 1 h.root-servers.net.,IN,A,85098,198.97.190.53 0 0 +[92] 2023-07-05 07:21:38.670010 [#3 edns.pcap-dist 4095] \ + [172.0.0.0].53 [172.0.0.0].58541 \ + dns QUERY,NOERROR,5824,qr|rd|ra \ + 1 h.root-servers.net.,IN,AAAA \ + 1 h.root-servers.net.,IN,AAAA,85098,2001:500:1::53 0 0 +[88] 2023-07-05 07:21:38.670793 [#4 edns.pcap-dist 4095] \ + [172.0.0.0].33737 [198.0.0.0].53 \ + dns QUERY,NOERROR,56979,rd|ad \ + 1 ns1.dns.nic.aaa.,IN,NS 0 0 \ + 1 .,4096,4096,0,edns0[len=16,UDP=4096,ver=0,rcode=0,DO=0,z=0],edns0opt[code=3,codelen=0],edns0opt[code=10,codelen=8] +[464] 2023-07-05 07:21:38.698303 [#5 edns.pcap-dist 4095] \ + [198.0.0.0].53 [172.0.0.0].33737 \ + dns QUERY,NOERROR,56979,qr|rd \ + 1 ns1.dns.nic.aaa.,IN,NS 0 \ + 6 aaa.,IN,NS,172800,a.nic.aaa. \ + aaa.,IN,NS,172800,b.nic.aaa. \ + aaa.,IN,NS,172800,c.nic.aaa. \ + aaa.,IN,NS,172800,ns1.dns.nic.aaa. \ + aaa.,IN,NS,172800,ns2.dns.nic.aaa. \ + aaa.,IN,NS,172800,ns3.dns.nic.aaa. \ + 13 a.nic.aaa.,IN,A,172800,37.209.192.9 \ + b.nic.aaa.,IN,A,172800,37.209.194.9 \ + c.nic.aaa.,IN,A,172800,37.209.196.9 \ + ns1.dns.nic.aaa.,IN,A,172800,156.154.144.2 \ + ns2.dns.nic.aaa.,IN,A,172800,156.154.145.2 \ + ns3.dns.nic.aaa.,IN,A,172800,156.154.159.2 \ + a.nic.aaa.,IN,AAAA,172800,2001:dcd:1::9 \ + b.nic.aaa.,IN,AAAA,172800,2001:dcd:2::9 \ + c.nic.aaa.,IN,AAAA,172800,2001:dcd:3::9 \ + ns1.dns.nic.aaa.,IN,AAAA,172800,2610:a1:1071::2 \ + ns2.dns.nic.aaa.,IN,AAAA,172800,2610:a1:1072::2 \ + ns3.dns.nic.aaa.,IN,AAAA,172800,2610:a1:1073::2 \ + .,1232,1232,0,edns0[len=30,UDP=1232,ver=0,rcode=0,DO=0,z=0],edns0opt[code=3,codelen=26] +[64] 2023-07-05 07:21:42.739334 [#6 edns.pcap-dist 4095] \ + [172.0.0.0].53174 [172.0.0.0].53 \ + dns QUERY,NOERROR,48648,rd \ + 1 g.root-servers.net.,IN,A 0 0 0 +[64] 2023-07-05 07:21:42.739396 [#7 edns.pcap-dist 4095] \ + [172.0.0.0].53174 [172.0.0.0].53 \ + dns QUERY,NOERROR,48141,rd \ + 1 g.root-servers.net.,IN,AAAA 0 0 0 +[80] 2023-07-05 07:21:42.739525 [#8 edns.pcap-dist 4095] \ + [172.0.0.0].53 [172.0.0.0].53174 \ + dns QUERY,NOERROR,48648,qr|rd|ra \ + 1 g.root-servers.net.,IN,A \ + 1 g.root-servers.net.,IN,A,85094,192.112.36.4 0 0 +[92] 2023-07-05 07:21:42.739558 [#9 edns.pcap-dist 4095] \ + [172.0.0.0].53 [172.0.0.0].53174 \ + dns QUERY,NOERROR,48141,qr|rd|ra \ + 1 g.root-servers.net.,IN,AAAA \ + 1 g.root-servers.net.,IN,AAAA,85094,2001:500:12::d0d 0 0 +[83] 2023-07-05 07:21:42.740590 [#10 edns.pcap-dist 4095] \ + [172.0.0.0].50901 [192.0.0.0].53 \ + dns QUERY,NOERROR,35713,rd|ad \ + 1 net.,IN,A 0 0 \ + 1 .,4096,4096,0,edns0[len=23,UDP=4096,ver=0,rcode=0,DO=0,z=0],edns0opt[ECS,family=1,source=24,scope=0,addr=172.0.0.0],edns0opt[code=10,codelen=8] +[895] 2023-07-05 07:21:42.836816 [#11 edns.pcap-dist 4095] \ + [192.0.0.0].53 [172.0.0.0].50901 \ + dns QUERY,NOERROR,35713,qr|rd \ + 1 net.,IN,A 0 \ + 13 net.,IN,NS,172800,j.gtld-servers.net. \ + net.,IN,NS,172800,b.gtld-servers.net. \ + net.,IN,NS,172800,a.gtld-servers.net. \ + net.,IN,NS,172800,h.gtld-servers.net. \ + net.,IN,NS,172800,d.gtld-servers.net. \ + net.,IN,NS,172800,c.gtld-servers.net. \ + net.,IN,NS,172800,i.gtld-servers.net. \ + net.,IN,NS,172800,e.gtld-servers.net. \ + net.,IN,NS,172800,m.gtld-servers.net. \ + net.,IN,NS,172800,f.gtld-servers.net. \ + net.,IN,NS,172800,k.gtld-servers.net. \ + net.,IN,NS,172800,l.gtld-servers.net. \ + net.,IN,NS,172800,g.gtld-servers.net. \ + 27 m.gtld-servers.net.,IN,A,172800,192.55.83.30 \ + l.gtld-servers.net.,IN,A,172800,192.41.162.30 \ + k.gtld-servers.net.,IN,A,172800,192.52.178.30 \ + j.gtld-servers.net.,IN,A,172800,192.48.79.30 \ + i.gtld-servers.net.,IN,A,172800,192.43.172.30 \ + h.gtld-servers.net.,IN,A,172800,192.54.112.30 \ + g.gtld-servers.net.,IN,A,172800,192.42.93.30 \ + f.gtld-servers.net.,IN,A,172800,192.35.51.30 \ + e.gtld-servers.net.,IN,A,172800,192.12.94.30 \ + d.gtld-servers.net.,IN,A,172800,192.31.80.30 \ + c.gtld-servers.net.,IN,A,172800,192.26.92.30 \ + b.gtld-servers.net.,IN,A,172800,192.33.14.30 \ + a.gtld-servers.net.,IN,A,172800,192.5.6.30 \ + m.gtld-servers.net.,IN,AAAA,172800,2001:501:b1f9::30 \ + l.gtld-servers.net.,IN,AAAA,172800,2001:500:d937::30 \ + k.gtld-servers.net.,IN,AAAA,172800,2001:503:d2d::30 \ + j.gtld-servers.net.,IN,AAAA,172800,2001:502:7094::30 \ + i.gtld-servers.net.,IN,AAAA,172800,2001:503:39c1::30 \ + h.gtld-servers.net.,IN,AAAA,172800,2001:502:8cc::30 \ + g.gtld-servers.net.,IN,AAAA,172800,2001:503:eea3::30 \ + f.gtld-servers.net.,IN,AAAA,172800,2001:503:d414::30 \ + e.gtld-servers.net.,IN,AAAA,172800,2001:502:1ca1::30 \ + d.gtld-servers.net.,IN,AAAA,172800,2001:500:856e::30 \ + c.gtld-servers.net.,IN,AAAA,172800,2001:503:83eb::30 \ + b.gtld-servers.net.,IN,AAAA,172800,2001:503:231d::2:30 \ + a.gtld-servers.net.,IN,AAAA,172800,2001:503:a83e::2:30 \ + .,1232,1232,0,edns0[len=39,UDP=1232,ver=0,rcode=0,DO=0,z=0],edns0opt[code=10,codelen=24],edns0opt[ECS,family=1,source=24,scope=0,addr=172.0.0.0] +[86] 2023-07-05 07:21:46.511502 [#12 edns.pcap-dist 4095] \ + [172.0.0.0].35191 [1.0.0.0].53 \ + dns QUERY,NOERROR,960,rd|ad \ + 1 dnssec-failed.org.,IN,A 0 0 \ + 1 .,4096,4096,0,edns0[len=12,UDP=4096,ver=0,rcode=0,DO=0,z=0],edns0opt[code=10,codelen=8] +[131] 2023-07-05 07:21:46.518500 [#13 edns.pcap-dist 4095] \ + [1.0.0.0].53 [172.0.0.0].35191 \ + dns QUERY,SERVFAIL,960,qr|rd|ra \ + 1 dnssec-failed.org.,IN,A 0 0 \ + 1 .,1232,1232,0,edns0[len=57,UDP=1232,ver=0,rcode=0,DO=0,z=0],edns0opt[code=15,codelen=53] +[64] 2023-07-05 07:21:38.669836 [#0 edns.pcap-dist 4095] \ + [172.17.0.6].58541 [172.17.0.1].53 \ + dns QUERY,NOERROR,31428,rd \ + 1 h.root-servers.net.,IN,A 0 0 0 +[64] 2023-07-05 07:21:38.669891 [#1 edns.pcap-dist 4095] \ + [172.17.0.6].58541 [172.17.0.1].53 \ + dns QUERY,NOERROR,5824,rd \ + 1 h.root-servers.net.,IN,AAAA 0 0 0 +[80] 2023-07-05 07:21:38.669977 [#2 edns.pcap-dist 4095] \ + [172.17.0.1].53 [172.17.0.6].58541 \ + dns QUERY,NOERROR,31428,qr|rd|ra \ + 1 h.root-servers.net.,IN,A \ + 1 h.root-servers.net.,IN,A,85098,198.97.190.53 0 0 +[92] 2023-07-05 07:21:38.670010 [#3 edns.pcap-dist 4095] \ + [172.17.0.1].53 [172.17.0.6].58541 \ + dns QUERY,NOERROR,5824,qr|rd|ra \ + 1 h.root-servers.net.,IN,AAAA \ + 1 h.root-servers.net.,IN,AAAA,85098,2001:500:1::53 0 0 +[88] 2023-07-05 07:21:38.670793 [#4 edns.pcap-dist 4095] \ + [172.17.0.6].33737 [198.97.190.53].53 \ + dns QUERY,NOERROR,56979,rd|ad \ + 1 ns1.dns.nic.aaa.,IN,NS 0 0 \ + 1 .,4096,4096,0,edns0[len=16,UDP=4096,ver=0,rcode=0,DO=0,z=0],edns0opt[code=3,codelen=0],edns0opt[code=10,codelen=8] +[464] 2023-07-05 07:21:38.698303 [#5 edns.pcap-dist 4095] \ + [198.97.190.53].53 [172.17.0.6].33737 \ + dns QUERY,NOERROR,56979,qr|rd \ + 1 ns1.dns.nic.aaa.,IN,NS 0 \ + 6 aaa.,IN,NS,172800,a.nic.aaa. \ + aaa.,IN,NS,172800,b.nic.aaa. \ + aaa.,IN,NS,172800,c.nic.aaa. \ + aaa.,IN,NS,172800,ns1.dns.nic.aaa. \ + aaa.,IN,NS,172800,ns2.dns.nic.aaa. \ + aaa.,IN,NS,172800,ns3.dns.nic.aaa. \ + 13 a.nic.aaa.,IN,A,172800,37.209.192.9 \ + b.nic.aaa.,IN,A,172800,37.209.194.9 \ + c.nic.aaa.,IN,A,172800,37.209.196.9 \ + ns1.dns.nic.aaa.,IN,A,172800,156.154.144.2 \ + ns2.dns.nic.aaa.,IN,A,172800,156.154.145.2 \ + ns3.dns.nic.aaa.,IN,A,172800,156.154.159.2 \ + a.nic.aaa.,IN,AAAA,172800,2001:dcd:1::9 \ + b.nic.aaa.,IN,AAAA,172800,2001:dcd:2::9 \ + c.nic.aaa.,IN,AAAA,172800,2001:dcd:3::9 \ + ns1.dns.nic.aaa.,IN,AAAA,172800,2610:a1:1071::2 \ + ns2.dns.nic.aaa.,IN,AAAA,172800,2610:a1:1072::2 \ + ns3.dns.nic.aaa.,IN,AAAA,172800,2610:a1:1073::2 \ + .,1232,1232,0,edns0[len=30,UDP=1232,ver=0,rcode=0,DO=0,z=0],edns0opt[code=3,codelen=26] +[64] 2023-07-05 07:21:42.739334 [#6 edns.pcap-dist 4095] \ + [172.17.0.6].53174 [172.17.0.1].53 \ + dns QUERY,NOERROR,48648,rd \ + 1 g.root-servers.net.,IN,A 0 0 0 +[64] 2023-07-05 07:21:42.739396 [#7 edns.pcap-dist 4095] \ + [172.17.0.6].53174 [172.17.0.1].53 \ + dns QUERY,NOERROR,48141,rd \ + 1 g.root-servers.net.,IN,AAAA 0 0 0 +[80] 2023-07-05 07:21:42.739525 [#8 edns.pcap-dist 4095] \ + [172.17.0.1].53 [172.17.0.6].53174 \ + dns QUERY,NOERROR,48648,qr|rd|ra \ + 1 g.root-servers.net.,IN,A \ + 1 g.root-servers.net.,IN,A,85094,192.112.36.4 0 0 +[92] 2023-07-05 07:21:42.739558 [#9 edns.pcap-dist 4095] \ + [172.17.0.1].53 [172.17.0.6].53174 \ + dns QUERY,NOERROR,48141,qr|rd|ra \ + 1 g.root-servers.net.,IN,AAAA \ + 1 g.root-servers.net.,IN,AAAA,85094,2001:500:12::d0d 0 0 +[83] 2023-07-05 07:21:42.740590 [#10 edns.pcap-dist 4095] \ + [172.17.0.6].50901 [192.112.36.4].53 \ + dns QUERY,NOERROR,35713,rd|ad \ + 1 net.,IN,A 0 0 \ + 1 .,4096,4096,0,edns0[len=23,UDP=4096,ver=0,rcode=0,DO=0,z=0],edns0opt[ECS,family=1,source=24,scope=0,addr=172.0.0.0],edns0opt[code=10,codelen=8] +[895] 2023-07-05 07:21:42.836816 [#11 edns.pcap-dist 4095] \ + [192.112.36.4].53 [172.17.0.6].50901 \ + dns QUERY,NOERROR,35713,qr|rd \ + 1 net.,IN,A 0 \ + 13 net.,IN,NS,172800,j.gtld-servers.net. \ + net.,IN,NS,172800,b.gtld-servers.net. \ + net.,IN,NS,172800,a.gtld-servers.net. \ + net.,IN,NS,172800,h.gtld-servers.net. \ + net.,IN,NS,172800,d.gtld-servers.net. \ + net.,IN,NS,172800,c.gtld-servers.net. \ + net.,IN,NS,172800,i.gtld-servers.net. \ + net.,IN,NS,172800,e.gtld-servers.net. \ + net.,IN,NS,172800,m.gtld-servers.net. \ + net.,IN,NS,172800,f.gtld-servers.net. \ + net.,IN,NS,172800,k.gtld-servers.net. \ + net.,IN,NS,172800,l.gtld-servers.net. \ + net.,IN,NS,172800,g.gtld-servers.net. \ + 27 m.gtld-servers.net.,IN,A,172800,192.55.83.30 \ + l.gtld-servers.net.,IN,A,172800,192.41.162.30 \ + k.gtld-servers.net.,IN,A,172800,192.52.178.30 \ + j.gtld-servers.net.,IN,A,172800,192.48.79.30 \ + i.gtld-servers.net.,IN,A,172800,192.43.172.30 \ + h.gtld-servers.net.,IN,A,172800,192.54.112.30 \ + g.gtld-servers.net.,IN,A,172800,192.42.93.30 \ + f.gtld-servers.net.,IN,A,172800,192.35.51.30 \ + e.gtld-servers.net.,IN,A,172800,192.12.94.30 \ + d.gtld-servers.net.,IN,A,172800,192.31.80.30 \ + c.gtld-servers.net.,IN,A,172800,192.26.92.30 \ + b.gtld-servers.net.,IN,A,172800,192.33.14.30 \ + a.gtld-servers.net.,IN,A,172800,192.5.6.30 \ + m.gtld-servers.net.,IN,AAAA,172800,2001:501:b1f9::30 \ + l.gtld-servers.net.,IN,AAAA,172800,2001:500:d937::30 \ + k.gtld-servers.net.,IN,AAAA,172800,2001:503:d2d::30 \ + j.gtld-servers.net.,IN,AAAA,172800,2001:502:7094::30 \ + i.gtld-servers.net.,IN,AAAA,172800,2001:503:39c1::30 \ + h.gtld-servers.net.,IN,AAAA,172800,2001:502:8cc::30 \ + g.gtld-servers.net.,IN,AAAA,172800,2001:503:eea3::30 \ + f.gtld-servers.net.,IN,AAAA,172800,2001:503:d414::30 \ + e.gtld-servers.net.,IN,AAAA,172800,2001:502:1ca1::30 \ + d.gtld-servers.net.,IN,AAAA,172800,2001:500:856e::30 \ + c.gtld-servers.net.,IN,AAAA,172800,2001:503:83eb::30 \ + b.gtld-servers.net.,IN,AAAA,172800,2001:503:231d::2:30 \ + a.gtld-servers.net.,IN,AAAA,172800,2001:503:a83e::2:30 \ + .,1232,1232,0,edns0[len=39,UDP=1232,ver=0,rcode=0,DO=0,z=0],edns0opt[code=10,codelen=24],edns0opt[ECS,family=1,source=24,scope=0,addr=172.0.0.0] +[86] 2023-07-05 07:21:46.511502 [#12 edns.pcap-dist 4095] \ + [172.17.0.6].35191 [1.1.1.1].53 \ + dns QUERY,NOERROR,960,rd|ad \ + 1 dnssec-failed.org.,IN,A 0 0 \ + 1 .,4096,4096,0,edns0[len=12,UDP=4096,ver=0,rcode=0,DO=0,z=0],edns0opt[code=10,codelen=8] +[131] 2023-07-05 07:21:46.518500 [#13 edns.pcap-dist 4095] \ + [1.1.1.1].53 [172.17.0.6].35191 \ + dns QUERY,SERVFAIL,960,qr|rd|ra \ + 1 dnssec-failed.org.,IN,A 0 0 \ + 1 .,1232,1232,0,edns0[len=57,UDP=1232,ver=0,rcode=0,DO=0,z=0],edns0opt[code=15,codelen=53] diff --git a/plugins/anonmask/test1.sh b/plugins/anonmask/test1.sh index a15a9bb5..341a9cc3 100755 --- a/plugins/anonmask/test1.sh +++ b/plugins/anonmask/test1.sh @@ -14,6 +14,11 @@ ln -fs "$srcdir/../../src/test/dns.pcap" dns.pcap-dist ../../src/dnscap -r dns.pcap-dist -g -P "$plugin" -s 2>>test1.out ! ../../src/dnscap -r dns.pcap-dist -g -P "$plugin" -c -s 2>>test1.out +ln -fs "$srcdir/../../src/test/edns.pcap" edns.pcap-dist + +../../src/dnscap -r edns.pcap-dist -g -P "$plugin" -4 8 -e 2>>test1.out +../../src/dnscap -r edns.pcap-dist -g -P "$plugin" -4 8 -E 2>>test1.out + osrel=`uname -s` if [ "$osrel" = "OpenBSD" ]; then mv test1.out test1.out.old diff --git a/plugins/cryptopan/Makefile.am b/plugins/cryptopan/Makefile.am index 0215742b..6504a61a 100644 --- a/plugins/cryptopan/Makefile.am +++ b/plugins/cryptopan/Makefile.am @@ -1,9 +1,10 @@ MAINTAINERCLEANFILES = $(srcdir)/Makefile.in -CLEANFILES = *.gcda *.gcno *.gcov +CLEANFILES = *.gcda *.gcno *.gcov *.pcap-dist AM_CFLAGS = -I$(srcdir) \ -I$(top_srcdir)/src \ -I$(top_srcdir)/isc \ + -I$(top_srcdir)/plugins/shared \ $(SECCOMPFLAGS) $(libcrypto_CFLAGS) pkglib_LTLIBRARIES = cryptopan.la diff --git a/plugins/cryptopan/cryptopan.c b/plugins/cryptopan/cryptopan.c index 5eb54c72..6274c3d3 100644 --- a/plugins/cryptopan/cryptopan.c +++ b/plugins/cryptopan/cryptopan.c @@ -47,6 +47,10 @@ #include #include #include +#include +#ifndef s6_addr32 +#define s6_addr32 __u6_addr.__u6_addr32 +#endif #include "dnscap_common.h" @@ -55,12 +59,13 @@ #include #include #define USE_OPENSSL 1 +#include "edns0_ecs.c" #endif static set_iaddr_t cryptopan_set_iaddr = 0; static logerr_t* logerr; -static int only_clients = 0, only_servers = 0, dns_port = 53, encrypt_v6 = 0, decrypt = 0; +static int only_clients = 0, only_servers = 0, dns_port = 53, encrypt_v6 = 0, decrypt = 0, edns = 0; static unsigned char key[16]; static unsigned char iv[16]; static unsigned char pad[16]; @@ -94,7 +99,9 @@ void cryptopan_usage() "\t-c Only en/de-crypt clients (port != 53)\n" "\t-s Only en/de-crypt servers (port == 53)\n" "\t-p Set port for -c/-s, default 53\n" - "\t-6 En/de-crypt IPv6 addresses, not default or recommended\n"); + "\t-6 En/de-crypt IPv6 addresses, not default or recommended\n" + "\t-e Also en/de-crypt EDNS(0) Client Subnet\n" + "\t-E ONLY en/de-crypt EDNS(0) Client Subnet, not IP addresses\n"); } void cryptopan_extension(int ext, void* arg) @@ -112,7 +119,7 @@ void cryptopan_getopt(int* argc, char** argv[]) unsigned long ul; char* p; - while ((c = getopt(*argc, *argv, "?k:K:i:I:a:A:Dcsp:6")) != EOF) { + while ((c = getopt(*argc, *argv, "?k:K:i:I:a:A:Dcsp:6eE")) != EOF) { switch (c) { case 'k': if (strlen(optarg) != 16) { @@ -207,6 +214,13 @@ void cryptopan_getopt(int* argc, char** argv[]) case '6': encrypt_v6 = 1; break; + case 'e': + if (!edns) + edns = 1; + break; + case 'E': + edns = -1; + break; case '?': cryptopan_usage(); if (!optopt || optopt == '?') { @@ -396,12 +410,56 @@ static inline void _decrypt(uint32_t* in) } #endif +#ifdef USE_OPENSSL +void ecs_callback(int family, u_char* buf, size_t len) +{ + struct in6_addr in6 = IN6ADDR_ANY_INIT; + + switch (family) { + case 1: // IPv4 + if (len > sizeof(struct in_addr)) + break; + memcpy(&in6, buf, len); + decrypt ? _decrypt((uint32_t*)&in6) : _encrypt((uint32_t*)&in6); + memcpy(buf, &in6, len); + break; + case 2: // IPv6 + if (len > sizeof(struct in6_addr)) + break; + if (encrypt_v6) { + memcpy(&in6, buf, len); + if (decrypt) { + _decrypt(&in6.s6_addr32[0]); + _decrypt(&in6.s6_addr32[1]); + _decrypt(&in6.s6_addr32[2]); + _decrypt(&in6.s6_addr32[3]); + } else { + _encrypt(&in6.s6_addr32[0]); + _encrypt(&in6.s6_addr32[1]); + _encrypt(&in6.s6_addr32[2]); + _encrypt(&in6.s6_addr32[3]); + } + memcpy(buf, &in6, len); + } + break; + default: + break; + } +} +#endif + int cryptopan_filter(const char* descr, iaddr* from, iaddr* to, uint8_t proto, unsigned flags, unsigned sport, unsigned dport, my_bpftimeval ts, - const u_char* pkt_copy, const unsigned olen, - const u_char* payload, const unsigned payloadlen) + u_char* pkt_copy, const unsigned olen, + u_char* payload, const unsigned payloadlen) { #ifdef USE_OPENSSL + if (edns && flags & DNSCAP_OUTPUT_ISDNS && payload && payloadlen > DNS_MSG_HDR_SZ) { + parse_for_edns0_ecs(payload, payloadlen, ecs_callback); + if (edns < 0) + return 0; + } + for (;;) { if (only_clients && sport == dns_port) { if (sport != dport) { @@ -421,15 +479,15 @@ int cryptopan_filter(const char* descr, iaddr* from, iaddr* to, uint8_t proto, u case AF_INET6: if (encrypt_v6) { if (decrypt) { - _decrypt((uint32_t*)&from->u.a6); - _decrypt(((uint32_t*)&from->u.a6) + 1); // lgtm [cpp/suspicious-pointer-scaling] - _decrypt(((uint32_t*)&from->u.a6) + 2); // lgtm [cpp/suspicious-pointer-scaling] - _decrypt(((uint32_t*)&from->u.a6) + 3); // lgtm [cpp/suspicious-pointer-scaling] + _decrypt(&from->u.a6.s6_addr32[0]); + _decrypt(&from->u.a6.s6_addr32[1]); + _decrypt(&from->u.a6.s6_addr32[2]); + _decrypt(&from->u.a6.s6_addr32[3]); } else { - _encrypt((uint32_t*)&from->u.a6); - _encrypt(((uint32_t*)&from->u.a6) + 1); // lgtm [cpp/suspicious-pointer-scaling] - _encrypt(((uint32_t*)&from->u.a6) + 2); // lgtm [cpp/suspicious-pointer-scaling] - _encrypt(((uint32_t*)&from->u.a6) + 3); // lgtm [cpp/suspicious-pointer-scaling] + _encrypt(&from->u.a6.s6_addr32[0]); + _encrypt(&from->u.a6.s6_addr32[1]); + _encrypt(&from->u.a6.s6_addr32[2]); + _encrypt(&from->u.a6.s6_addr32[3]); } break; } @@ -459,15 +517,15 @@ int cryptopan_filter(const char* descr, iaddr* from, iaddr* to, uint8_t proto, u case AF_INET6: if (encrypt_v6) { if (decrypt) { - _decrypt((uint32_t*)&to->u.a6); - _decrypt(((uint32_t*)&to->u.a6) + 1); // lgtm [cpp/suspicious-pointer-scaling] - _decrypt(((uint32_t*)&to->u.a6) + 2); // lgtm [cpp/suspicious-pointer-scaling] - _decrypt(((uint32_t*)&to->u.a6) + 3); // lgtm [cpp/suspicious-pointer-scaling] + _decrypt(&to->u.a6.s6_addr32[0]); + _decrypt(&to->u.a6.s6_addr32[1]); + _decrypt(&to->u.a6.s6_addr32[2]); + _decrypt(&to->u.a6.s6_addr32[3]); } else { - _encrypt((uint32_t*)&to->u.a6); - _encrypt(((uint32_t*)&to->u.a6) + 1); // lgtm [cpp/suspicious-pointer-scaling] - _encrypt(((uint32_t*)&to->u.a6) + 2); // lgtm [cpp/suspicious-pointer-scaling] - _encrypt(((uint32_t*)&to->u.a6) + 3); // lgtm [cpp/suspicious-pointer-scaling] + _encrypt(&to->u.a6.s6_addr32[0]); + _encrypt(&to->u.a6.s6_addr32[1]); + _encrypt(&to->u.a6.s6_addr32[2]); + _encrypt(&to->u.a6.s6_addr32[3]); } break; } diff --git a/plugins/cryptopan/test1.gold b/plugins/cryptopan/test1.gold index 71bbba18..4f1b903e 100644 --- a/plugins/cryptopan/test1.gold +++ b/plugins/cryptopan/test1.gold @@ -2145,3 +2145,249 @@ cryptopan.so usage error: must have key (-k/-K), IV (-i/-I) and padding (-a/-A) ns3.google.com.,IN,A,157794,216.239.36.10 \ ns4.google.com.,IN,A,157794,216.239.38.10 cryptopan.so usage error: -c and -s options are mutually exclusive +[64] 2023-07-05 07:21:38.669836 [#0 edns.pcap-dist 4095] \ + [137.205.188.240].58541 [137.205.188.246].53 \ + dns QUERY,NOERROR,31428,rd \ + 1 h.root-servers.net.,IN,A 0 0 0 +[64] 2023-07-05 07:21:38.669891 [#1 edns.pcap-dist 4095] \ + [137.205.188.240].58541 [137.205.188.246].53 \ + dns QUERY,NOERROR,5824,rd \ + 1 h.root-servers.net.,IN,AAAA 0 0 0 +[80] 2023-07-05 07:21:38.669977 [#2 edns.pcap-dist 4095] \ + [137.205.188.246].53 [137.205.188.240].58541 \ + dns QUERY,NOERROR,31428,qr|rd|ra \ + 1 h.root-servers.net.,IN,A \ + 1 h.root-servers.net.,IN,A,85098,198.97.190.53 0 0 +[92] 2023-07-05 07:21:38.670010 [#3 edns.pcap-dist 4095] \ + [137.205.188.246].53 [137.205.188.240].58541 \ + dns QUERY,NOERROR,5824,qr|rd|ra \ + 1 h.root-servers.net.,IN,AAAA \ + 1 h.root-servers.net.,IN,AAAA,85098,2001:500:1::53 0 0 +[88] 2023-07-05 07:21:38.670793 [#4 edns.pcap-dist 4095] \ + [137.205.188.240].33737 [242.191.199.152].53 \ + dns QUERY,NOERROR,56979,rd|ad \ + 1 ns1.dns.nic.aaa.,IN,NS 0 0 \ + 1 .,4096,4096,0,edns0[len=16,UDP=4096,ver=0,rcode=0,DO=0,z=0],edns0opt[code=3,codelen=0],edns0opt[code=10,codelen=8] +[464] 2023-07-05 07:21:38.698303 [#5 edns.pcap-dist 4095] \ + [242.191.199.152].53 [137.205.188.240].33737 \ + dns QUERY,NOERROR,56979,qr|rd \ + 1 ns1.dns.nic.aaa.,IN,NS 0 \ + 6 aaa.,IN,NS,172800,a.nic.aaa. \ + aaa.,IN,NS,172800,b.nic.aaa. \ + aaa.,IN,NS,172800,c.nic.aaa. \ + aaa.,IN,NS,172800,ns1.dns.nic.aaa. \ + aaa.,IN,NS,172800,ns2.dns.nic.aaa. \ + aaa.,IN,NS,172800,ns3.dns.nic.aaa. \ + 13 a.nic.aaa.,IN,A,172800,37.209.192.9 \ + b.nic.aaa.,IN,A,172800,37.209.194.9 \ + c.nic.aaa.,IN,A,172800,37.209.196.9 \ + ns1.dns.nic.aaa.,IN,A,172800,156.154.144.2 \ + ns2.dns.nic.aaa.,IN,A,172800,156.154.145.2 \ + ns3.dns.nic.aaa.,IN,A,172800,156.154.159.2 \ + a.nic.aaa.,IN,AAAA,172800,2001:dcd:1::9 \ + b.nic.aaa.,IN,AAAA,172800,2001:dcd:2::9 \ + c.nic.aaa.,IN,AAAA,172800,2001:dcd:3::9 \ + ns1.dns.nic.aaa.,IN,AAAA,172800,2610:a1:1071::2 \ + ns2.dns.nic.aaa.,IN,AAAA,172800,2610:a1:1072::2 \ + ns3.dns.nic.aaa.,IN,AAAA,172800,2610:a1:1073::2 \ + .,1232,1232,0,edns0[len=30,UDP=1232,ver=0,rcode=0,DO=0,z=0],edns0opt[code=3,codelen=26] +[64] 2023-07-05 07:21:42.739334 [#6 edns.pcap-dist 4095] \ + [137.205.188.240].53174 [137.205.188.246].53 \ + dns QUERY,NOERROR,48648,rd \ + 1 g.root-servers.net.,IN,A 0 0 0 +[64] 2023-07-05 07:21:42.739396 [#7 edns.pcap-dist 4095] \ + [137.205.188.240].53174 [137.205.188.246].53 \ + dns QUERY,NOERROR,48141,rd \ + 1 g.root-servers.net.,IN,AAAA 0 0 0 +[80] 2023-07-05 07:21:42.739525 [#8 edns.pcap-dist 4095] \ + [137.205.188.246].53 [137.205.188.240].53174 \ + dns QUERY,NOERROR,48648,qr|rd|ra \ + 1 g.root-servers.net.,IN,A \ + 1 g.root-servers.net.,IN,A,85094,192.112.36.4 0 0 +[92] 2023-07-05 07:21:42.739558 [#9 edns.pcap-dist 4095] \ + [137.205.188.246].53 [137.205.188.240].53174 \ + dns QUERY,NOERROR,48141,qr|rd|ra \ + 1 g.root-servers.net.,IN,AAAA \ + 1 g.root-servers.net.,IN,AAAA,85094,2001:500:12::d0d 0 0 +[83] 2023-07-05 07:21:42.740590 [#10 edns.pcap-dist 4095] \ + [137.205.188.240].50901 [245.202.0.100].53 \ + dns QUERY,NOERROR,35713,rd|ad \ + 1 net.,IN,A 0 0 \ + 1 .,4096,4096,0,edns0[len=23,UDP=4096,ver=0,rcode=0,DO=0,z=0],edns0opt[ECS,family=1,source=24,scope=0,addr=137.205.188.0],edns0opt[code=10,codelen=8] +[895] 2023-07-05 07:21:42.836816 [#11 edns.pcap-dist 4095] \ + [245.202.0.100].53 [137.205.188.240].50901 \ + dns QUERY,NOERROR,35713,qr|rd \ + 1 net.,IN,A 0 \ + 13 net.,IN,NS,172800,j.gtld-servers.net. \ + net.,IN,NS,172800,b.gtld-servers.net. \ + net.,IN,NS,172800,a.gtld-servers.net. \ + net.,IN,NS,172800,h.gtld-servers.net. \ + net.,IN,NS,172800,d.gtld-servers.net. \ + net.,IN,NS,172800,c.gtld-servers.net. \ + net.,IN,NS,172800,i.gtld-servers.net. \ + net.,IN,NS,172800,e.gtld-servers.net. \ + net.,IN,NS,172800,m.gtld-servers.net. \ + net.,IN,NS,172800,f.gtld-servers.net. \ + net.,IN,NS,172800,k.gtld-servers.net. \ + net.,IN,NS,172800,l.gtld-servers.net. \ + net.,IN,NS,172800,g.gtld-servers.net. \ + 27 m.gtld-servers.net.,IN,A,172800,192.55.83.30 \ + l.gtld-servers.net.,IN,A,172800,192.41.162.30 \ + k.gtld-servers.net.,IN,A,172800,192.52.178.30 \ + j.gtld-servers.net.,IN,A,172800,192.48.79.30 \ + i.gtld-servers.net.,IN,A,172800,192.43.172.30 \ + h.gtld-servers.net.,IN,A,172800,192.54.112.30 \ + g.gtld-servers.net.,IN,A,172800,192.42.93.30 \ + f.gtld-servers.net.,IN,A,172800,192.35.51.30 \ + e.gtld-servers.net.,IN,A,172800,192.12.94.30 \ + d.gtld-servers.net.,IN,A,172800,192.31.80.30 \ + c.gtld-servers.net.,IN,A,172800,192.26.92.30 \ + b.gtld-servers.net.,IN,A,172800,192.33.14.30 \ + a.gtld-servers.net.,IN,A,172800,192.5.6.30 \ + m.gtld-servers.net.,IN,AAAA,172800,2001:501:b1f9::30 \ + l.gtld-servers.net.,IN,AAAA,172800,2001:500:d937::30 \ + k.gtld-servers.net.,IN,AAAA,172800,2001:503:d2d::30 \ + j.gtld-servers.net.,IN,AAAA,172800,2001:502:7094::30 \ + i.gtld-servers.net.,IN,AAAA,172800,2001:503:39c1::30 \ + h.gtld-servers.net.,IN,AAAA,172800,2001:502:8cc::30 \ + g.gtld-servers.net.,IN,AAAA,172800,2001:503:eea3::30 \ + f.gtld-servers.net.,IN,AAAA,172800,2001:503:d414::30 \ + e.gtld-servers.net.,IN,AAAA,172800,2001:502:1ca1::30 \ + d.gtld-servers.net.,IN,AAAA,172800,2001:500:856e::30 \ + c.gtld-servers.net.,IN,AAAA,172800,2001:503:83eb::30 \ + b.gtld-servers.net.,IN,AAAA,172800,2001:503:231d::2:30 \ + a.gtld-servers.net.,IN,AAAA,172800,2001:503:a83e::2:30 \ + .,1232,1232,0,edns0[len=39,UDP=1232,ver=0,rcode=0,DO=0,z=0],edns0opt[code=10,codelen=24],edns0opt[ECS,family=1,source=24,scope=0,addr=137.205.188.0] +[86] 2023-07-05 07:21:46.511502 [#12 edns.pcap-dist 4095] \ + [137.205.188.240].35191 [39.174.37.237].53 \ + dns QUERY,NOERROR,960,rd|ad \ + 1 dnssec-failed.org.,IN,A 0 0 \ + 1 .,4096,4096,0,edns0[len=12,UDP=4096,ver=0,rcode=0,DO=0,z=0],edns0opt[code=10,codelen=8] +[131] 2023-07-05 07:21:46.518500 [#13 edns.pcap-dist 4095] \ + [39.174.37.237].53 [137.205.188.240].35191 \ + dns QUERY,SERVFAIL,960,qr|rd|ra \ + 1 dnssec-failed.org.,IN,A 0 0 \ + 1 .,1232,1232,0,edns0[len=57,UDP=1232,ver=0,rcode=0,DO=0,z=0],edns0opt[code=15,codelen=53] +[64] 2023-07-05 07:21:38.669836 [#0 edns.pcap-dist 4095] \ + [172.17.0.6].58541 [172.17.0.1].53 \ + dns QUERY,NOERROR,31428,rd \ + 1 h.root-servers.net.,IN,A 0 0 0 +[64] 2023-07-05 07:21:38.669891 [#1 edns.pcap-dist 4095] \ + [172.17.0.6].58541 [172.17.0.1].53 \ + dns QUERY,NOERROR,5824,rd \ + 1 h.root-servers.net.,IN,AAAA 0 0 0 +[80] 2023-07-05 07:21:38.669977 [#2 edns.pcap-dist 4095] \ + [172.17.0.1].53 [172.17.0.6].58541 \ + dns QUERY,NOERROR,31428,qr|rd|ra \ + 1 h.root-servers.net.,IN,A \ + 1 h.root-servers.net.,IN,A,85098,198.97.190.53 0 0 +[92] 2023-07-05 07:21:38.670010 [#3 edns.pcap-dist 4095] \ + [172.17.0.1].53 [172.17.0.6].58541 \ + dns QUERY,NOERROR,5824,qr|rd|ra \ + 1 h.root-servers.net.,IN,AAAA \ + 1 h.root-servers.net.,IN,AAAA,85098,2001:500:1::53 0 0 +[88] 2023-07-05 07:21:38.670793 [#4 edns.pcap-dist 4095] \ + [172.17.0.6].33737 [198.97.190.53].53 \ + dns QUERY,NOERROR,56979,rd|ad \ + 1 ns1.dns.nic.aaa.,IN,NS 0 0 \ + 1 .,4096,4096,0,edns0[len=16,UDP=4096,ver=0,rcode=0,DO=0,z=0],edns0opt[code=3,codelen=0],edns0opt[code=10,codelen=8] +[464] 2023-07-05 07:21:38.698303 [#5 edns.pcap-dist 4095] \ + [198.97.190.53].53 [172.17.0.6].33737 \ + dns QUERY,NOERROR,56979,qr|rd \ + 1 ns1.dns.nic.aaa.,IN,NS 0 \ + 6 aaa.,IN,NS,172800,a.nic.aaa. \ + aaa.,IN,NS,172800,b.nic.aaa. \ + aaa.,IN,NS,172800,c.nic.aaa. \ + aaa.,IN,NS,172800,ns1.dns.nic.aaa. \ + aaa.,IN,NS,172800,ns2.dns.nic.aaa. \ + aaa.,IN,NS,172800,ns3.dns.nic.aaa. \ + 13 a.nic.aaa.,IN,A,172800,37.209.192.9 \ + b.nic.aaa.,IN,A,172800,37.209.194.9 \ + c.nic.aaa.,IN,A,172800,37.209.196.9 \ + ns1.dns.nic.aaa.,IN,A,172800,156.154.144.2 \ + ns2.dns.nic.aaa.,IN,A,172800,156.154.145.2 \ + ns3.dns.nic.aaa.,IN,A,172800,156.154.159.2 \ + a.nic.aaa.,IN,AAAA,172800,2001:dcd:1::9 \ + b.nic.aaa.,IN,AAAA,172800,2001:dcd:2::9 \ + c.nic.aaa.,IN,AAAA,172800,2001:dcd:3::9 \ + ns1.dns.nic.aaa.,IN,AAAA,172800,2610:a1:1071::2 \ + ns2.dns.nic.aaa.,IN,AAAA,172800,2610:a1:1072::2 \ + ns3.dns.nic.aaa.,IN,AAAA,172800,2610:a1:1073::2 \ + .,1232,1232,0,edns0[len=30,UDP=1232,ver=0,rcode=0,DO=0,z=0],edns0opt[code=3,codelen=26] +[64] 2023-07-05 07:21:42.739334 [#6 edns.pcap-dist 4095] \ + [172.17.0.6].53174 [172.17.0.1].53 \ + dns QUERY,NOERROR,48648,rd \ + 1 g.root-servers.net.,IN,A 0 0 0 +[64] 2023-07-05 07:21:42.739396 [#7 edns.pcap-dist 4095] \ + [172.17.0.6].53174 [172.17.0.1].53 \ + dns QUERY,NOERROR,48141,rd \ + 1 g.root-servers.net.,IN,AAAA 0 0 0 +[80] 2023-07-05 07:21:42.739525 [#8 edns.pcap-dist 4095] \ + [172.17.0.1].53 [172.17.0.6].53174 \ + dns QUERY,NOERROR,48648,qr|rd|ra \ + 1 g.root-servers.net.,IN,A \ + 1 g.root-servers.net.,IN,A,85094,192.112.36.4 0 0 +[92] 2023-07-05 07:21:42.739558 [#9 edns.pcap-dist 4095] \ + [172.17.0.1].53 [172.17.0.6].53174 \ + dns QUERY,NOERROR,48141,qr|rd|ra \ + 1 g.root-servers.net.,IN,AAAA \ + 1 g.root-servers.net.,IN,AAAA,85094,2001:500:12::d0d 0 0 +[83] 2023-07-05 07:21:42.740590 [#10 edns.pcap-dist 4095] \ + [172.17.0.6].50901 [192.112.36.4].53 \ + dns QUERY,NOERROR,35713,rd|ad \ + 1 net.,IN,A 0 0 \ + 1 .,4096,4096,0,edns0[len=23,UDP=4096,ver=0,rcode=0,DO=0,z=0],edns0opt[ECS,family=1,source=24,scope=0,addr=137.205.188.0],edns0opt[code=10,codelen=8] +[895] 2023-07-05 07:21:42.836816 [#11 edns.pcap-dist 4095] \ + [192.112.36.4].53 [172.17.0.6].50901 \ + dns QUERY,NOERROR,35713,qr|rd \ + 1 net.,IN,A 0 \ + 13 net.,IN,NS,172800,j.gtld-servers.net. \ + net.,IN,NS,172800,b.gtld-servers.net. \ + net.,IN,NS,172800,a.gtld-servers.net. \ + net.,IN,NS,172800,h.gtld-servers.net. \ + net.,IN,NS,172800,d.gtld-servers.net. \ + net.,IN,NS,172800,c.gtld-servers.net. \ + net.,IN,NS,172800,i.gtld-servers.net. \ + net.,IN,NS,172800,e.gtld-servers.net. \ + net.,IN,NS,172800,m.gtld-servers.net. \ + net.,IN,NS,172800,f.gtld-servers.net. \ + net.,IN,NS,172800,k.gtld-servers.net. \ + net.,IN,NS,172800,l.gtld-servers.net. \ + net.,IN,NS,172800,g.gtld-servers.net. \ + 27 m.gtld-servers.net.,IN,A,172800,192.55.83.30 \ + l.gtld-servers.net.,IN,A,172800,192.41.162.30 \ + k.gtld-servers.net.,IN,A,172800,192.52.178.30 \ + j.gtld-servers.net.,IN,A,172800,192.48.79.30 \ + i.gtld-servers.net.,IN,A,172800,192.43.172.30 \ + h.gtld-servers.net.,IN,A,172800,192.54.112.30 \ + g.gtld-servers.net.,IN,A,172800,192.42.93.30 \ + f.gtld-servers.net.,IN,A,172800,192.35.51.30 \ + e.gtld-servers.net.,IN,A,172800,192.12.94.30 \ + d.gtld-servers.net.,IN,A,172800,192.31.80.30 \ + c.gtld-servers.net.,IN,A,172800,192.26.92.30 \ + b.gtld-servers.net.,IN,A,172800,192.33.14.30 \ + a.gtld-servers.net.,IN,A,172800,192.5.6.30 \ + m.gtld-servers.net.,IN,AAAA,172800,2001:501:b1f9::30 \ + l.gtld-servers.net.,IN,AAAA,172800,2001:500:d937::30 \ + k.gtld-servers.net.,IN,AAAA,172800,2001:503:d2d::30 \ + j.gtld-servers.net.,IN,AAAA,172800,2001:502:7094::30 \ + i.gtld-servers.net.,IN,AAAA,172800,2001:503:39c1::30 \ + h.gtld-servers.net.,IN,AAAA,172800,2001:502:8cc::30 \ + g.gtld-servers.net.,IN,AAAA,172800,2001:503:eea3::30 \ + f.gtld-servers.net.,IN,AAAA,172800,2001:503:d414::30 \ + e.gtld-servers.net.,IN,AAAA,172800,2001:502:1ca1::30 \ + d.gtld-servers.net.,IN,AAAA,172800,2001:500:856e::30 \ + c.gtld-servers.net.,IN,AAAA,172800,2001:503:83eb::30 \ + b.gtld-servers.net.,IN,AAAA,172800,2001:503:231d::2:30 \ + a.gtld-servers.net.,IN,AAAA,172800,2001:503:a83e::2:30 \ + .,1232,1232,0,edns0[len=39,UDP=1232,ver=0,rcode=0,DO=0,z=0],edns0opt[code=10,codelen=24],edns0opt[ECS,family=1,source=24,scope=0,addr=137.205.188.0] +[86] 2023-07-05 07:21:46.511502 [#12 edns.pcap-dist 4095] \ + [172.17.0.6].35191 [1.1.1.1].53 \ + dns QUERY,NOERROR,960,rd|ad \ + 1 dnssec-failed.org.,IN,A 0 0 \ + 1 .,4096,4096,0,edns0[len=12,UDP=4096,ver=0,rcode=0,DO=0,z=0],edns0opt[code=10,codelen=8] +[131] 2023-07-05 07:21:46.518500 [#13 edns.pcap-dist 4095] \ + [1.1.1.1].53 [172.17.0.6].35191 \ + dns QUERY,SERVFAIL,960,qr|rd|ra \ + 1 dnssec-failed.org.,IN,A 0 0 \ + 1 .,1232,1232,0,edns0[len=57,UDP=1232,ver=0,rcode=0,DO=0,z=0],edns0opt[code=15,codelen=53] diff --git a/plugins/cryptopan/test1.sh b/plugins/cryptopan/test1.sh index b499f12f..943ab2f6 100755 --- a/plugins/cryptopan/test1.sh +++ b/plugins/cryptopan/test1.sh @@ -17,6 +17,11 @@ ln -fs "$srcdir/../../src/test/dns.pcap" dns.pcap-dist ../../src/dnscap -r dns.pcap-dist -g -P "$plugin" -k "some 16-byte key" -i "some 16-byte key" -a "some 16-byte key" -s 2>>test1.out ! ../../src/dnscap -r dns.pcap-dist -g -P "$plugin" -k "some 16-byte key" -i "some 16-byte key" -a "some 16-byte key" -c -s 2>>test1.out +ln -fs "$srcdir/../../src/test/edns.pcap" edns.pcap-dist + +../../src/dnscap -r edns.pcap-dist -g -P "$plugin" -k "some 16-byte key" -i "some 16-byte key" -a "some 16-byte key" -e 2>>test1.out +../../src/dnscap -r edns.pcap-dist -g -P "$plugin" -k "some 16-byte key" -i "some 16-byte key" -a "some 16-byte key" -E 2>>test1.out + osrel=`uname -s` if [ "$osrel" = "OpenBSD" ]; then mv test1.out test1.out.old diff --git a/plugins/cryptopant/Makefile.am b/plugins/cryptopant/Makefile.am index 3aaa44a4..765a522e 100644 --- a/plugins/cryptopant/Makefile.am +++ b/plugins/cryptopant/Makefile.am @@ -1,9 +1,10 @@ MAINTAINERCLEANFILES = $(srcdir)/Makefile.in -CLEANFILES = *.gcda *.gcno *.gcov +CLEANFILES = *.gcda *.gcno *.gcov *.pcap-dist AM_CFLAGS = -I$(srcdir) \ -I$(top_srcdir)/src \ -I$(top_srcdir)/isc \ + -I$(top_srcdir)/plugins/shared \ $(SECCOMPFLAGS) $(libcrypto_CFLAGS) pkglib_LTLIBRARIES = cryptopant.la diff --git a/plugins/cryptopant/cryptopant.c b/plugins/cryptopant/cryptopant.c index 7fca7151..e6d8f04f 100644 --- a/plugins/cryptopant/cryptopant.c +++ b/plugins/cryptopant/cryptopant.c @@ -39,18 +39,20 @@ #include #include #include +#include #include "dnscap_common.h" #if defined(HAVE_LIBCRYPTOPANT) && defined(HAVE_CRYPTOPANT_H) #include #define USE_CRYPTOPANT 1 +#include "edns0_ecs.c" #endif static set_iaddr_t cryptopant_set_iaddr = 0; static logerr_t* logerr; -static int only_clients = 0, only_servers = 0, dns_port = 53, pass4 = 0, pass6 = 0, decrypt = 0; +static int only_clients = 0, only_servers = 0, dns_port = 53, pass4 = 0, pass6 = 0, decrypt = 0, edns = 0; enum plugin_type cryptopant_type() { @@ -74,7 +76,9 @@ void cryptopant_usage() "\t-D Decrypt IP addresses\n" "\t-c Only encrypt clients (port != 53)\n" "\t-s Only encrypt servers (port == 53)\n" - "\t-p Set port for -c/-s, default 53\n"); + "\t-p Set port for -c/-s, default 53\n" + "\t-e Also en/de-crypt EDNS(0) Client Subnet\n" + "\t-E ONLY en/de-crypt EDNS(0) Client Subnet, not IP addresses\n"); } void cryptopant_extension(int ext, void* arg) @@ -92,7 +96,7 @@ void cryptopant_getopt(int* argc, char** argv[]) unsigned long ul; char * p, *keyfile = 0; - while ((c = getopt(*argc, *argv, "?k:4:6:Dcsp:")) != EOF) { + while ((c = getopt(*argc, *argv, "?k:4:6:Dcsp:eE")) != EOF) { switch (c) { case 'k': if (keyfile) { @@ -127,6 +131,13 @@ void cryptopant_getopt(int* argc, char** argv[]) usage("port must be an integer 1..65535"); dns_port = (unsigned)ul; break; + case 'e': + if (!edns) + edns = 1; + break; + case 'E': + edns = -1; + break; case '?': cryptopant_usage(); if (!optopt || optopt == '?') { @@ -179,12 +190,48 @@ int cryptopant_close(my_bpftimeval ts) return 0; } +#ifdef USE_CRYPTOPANT +void ecs_callback(int family, u_char* buf, size_t len) +{ + switch (family) { + case 1: // IPv4 + { + if (len > sizeof(struct in_addr)) + break; + struct in_addr in = { INADDR_ANY }; + memcpy(&in, buf, len); + in.s_addr = decrypt ? unscramble_ip4(in.s_addr, pass4) : scramble_ip4(in.s_addr, pass4); + memcpy(buf, &in, len); + break; + } + case 2: // IPv6 + { + if (len > sizeof(struct in6_addr)) + break; + struct in6_addr in = IN6ADDR_ANY_INIT; + memcpy(&in, buf, len); + decrypt ? unscramble_ip6(&in, pass6) : scramble_ip6(&in, pass6); + memcpy(buf, &in, len); + break; + } + default: + break; + } +} +#endif + int cryptopant_filter(const char* descr, iaddr* from, iaddr* to, uint8_t proto, unsigned flags, unsigned sport, unsigned dport, my_bpftimeval ts, - const u_char* pkt_copy, const unsigned olen, - const u_char* payload, const unsigned payloadlen) + u_char* pkt_copy, const unsigned olen, + u_char* payload, const unsigned payloadlen) { #ifdef USE_CRYPTOPANT + if (edns && flags & DNSCAP_OUTPUT_ISDNS && payload && payloadlen > DNS_MSG_HDR_SZ) { + parse_for_edns0_ecs(payload, payloadlen, ecs_callback); + if (edns < 0) + return 0; + } + for (;;) { if (only_clients && sport == dns_port) { if (sport != dport) { diff --git a/plugins/cryptopant/test1.gold b/plugins/cryptopant/test1.gold index 2201d4fa..5b93845f 100644 --- a/plugins/cryptopant/test1.gold +++ b/plugins/cryptopant/test1.gold @@ -2856,3 +2856,249 @@ cryptopant.so usage error: must have a -k keyfile ns3.google.com.,IN,A,157794,216.239.36.10 \ ns4.google.com.,IN,A,157794,216.239.38.10 cryptopant.so usage error: -c and -s options are mutually exclusive +[64] 2023-07-05 07:21:38.669836 [#0 edns.pcap-dist 4095] \ + [172.24.244.221].58541 [172.24.244.218].53 \ + dns QUERY,NOERROR,31428,rd \ + 1 h.root-servers.net.,IN,A 0 0 0 +[64] 2023-07-05 07:21:38.669891 [#1 edns.pcap-dist 4095] \ + [172.24.244.221].58541 [172.24.244.218].53 \ + dns QUERY,NOERROR,5824,rd \ + 1 h.root-servers.net.,IN,AAAA 0 0 0 +[80] 2023-07-05 07:21:38.669977 [#2 edns.pcap-dist 4095] \ + [172.24.244.218].53 [172.24.244.221].58541 \ + dns QUERY,NOERROR,31428,qr|rd|ra \ + 1 h.root-servers.net.,IN,A \ + 1 h.root-servers.net.,IN,A,85098,198.97.190.53 0 0 +[92] 2023-07-05 07:21:38.670010 [#3 edns.pcap-dist 4095] \ + [172.24.244.218].53 [172.24.244.221].58541 \ + dns QUERY,NOERROR,5824,qr|rd|ra \ + 1 h.root-servers.net.,IN,AAAA \ + 1 h.root-servers.net.,IN,AAAA,85098,2001:500:1::53 0 0 +[88] 2023-07-05 07:21:38.670793 [#4 edns.pcap-dist 4095] \ + [172.24.244.221].33737 [198.221.87.229].53 \ + dns QUERY,NOERROR,56979,rd|ad \ + 1 ns1.dns.nic.aaa.,IN,NS 0 0 \ + 1 .,4096,4096,0,edns0[len=16,UDP=4096,ver=0,rcode=0,DO=0,z=0],edns0opt[code=3,codelen=0],edns0opt[code=10,codelen=8] +[464] 2023-07-05 07:21:38.698303 [#5 edns.pcap-dist 4095] \ + [198.221.87.229].53 [172.24.244.221].33737 \ + dns QUERY,NOERROR,56979,qr|rd \ + 1 ns1.dns.nic.aaa.,IN,NS 0 \ + 6 aaa.,IN,NS,172800,a.nic.aaa. \ + aaa.,IN,NS,172800,b.nic.aaa. \ + aaa.,IN,NS,172800,c.nic.aaa. \ + aaa.,IN,NS,172800,ns1.dns.nic.aaa. \ + aaa.,IN,NS,172800,ns2.dns.nic.aaa. \ + aaa.,IN,NS,172800,ns3.dns.nic.aaa. \ + 13 a.nic.aaa.,IN,A,172800,37.209.192.9 \ + b.nic.aaa.,IN,A,172800,37.209.194.9 \ + c.nic.aaa.,IN,A,172800,37.209.196.9 \ + ns1.dns.nic.aaa.,IN,A,172800,156.154.144.2 \ + ns2.dns.nic.aaa.,IN,A,172800,156.154.145.2 \ + ns3.dns.nic.aaa.,IN,A,172800,156.154.159.2 \ + a.nic.aaa.,IN,AAAA,172800,2001:dcd:1::9 \ + b.nic.aaa.,IN,AAAA,172800,2001:dcd:2::9 \ + c.nic.aaa.,IN,AAAA,172800,2001:dcd:3::9 \ + ns1.dns.nic.aaa.,IN,AAAA,172800,2610:a1:1071::2 \ + ns2.dns.nic.aaa.,IN,AAAA,172800,2610:a1:1072::2 \ + ns3.dns.nic.aaa.,IN,AAAA,172800,2610:a1:1073::2 \ + .,1232,1232,0,edns0[len=30,UDP=1232,ver=0,rcode=0,DO=0,z=0],edns0opt[code=3,codelen=26] +[64] 2023-07-05 07:21:42.739334 [#6 edns.pcap-dist 4095] \ + [172.24.244.221].53174 [172.24.244.218].53 \ + dns QUERY,NOERROR,48648,rd \ + 1 g.root-servers.net.,IN,A 0 0 0 +[64] 2023-07-05 07:21:42.739396 [#7 edns.pcap-dist 4095] \ + [172.24.244.221].53174 [172.24.244.218].53 \ + dns QUERY,NOERROR,48141,rd \ + 1 g.root-servers.net.,IN,AAAA 0 0 0 +[80] 2023-07-05 07:21:42.739525 [#8 edns.pcap-dist 4095] \ + [172.24.244.218].53 [172.24.244.221].53174 \ + dns QUERY,NOERROR,48648,qr|rd|ra \ + 1 g.root-servers.net.,IN,A \ + 1 g.root-servers.net.,IN,A,85094,192.112.36.4 0 0 +[92] 2023-07-05 07:21:42.739558 [#9 edns.pcap-dist 4095] \ + [172.24.244.218].53 [172.24.244.221].53174 \ + dns QUERY,NOERROR,48141,qr|rd|ra \ + 1 g.root-servers.net.,IN,AAAA \ + 1 g.root-servers.net.,IN,AAAA,85094,2001:500:12::d0d 0 0 +[83] 2023-07-05 07:21:42.740590 [#10 edns.pcap-dist 4095] \ + [172.24.244.221].50901 [192.37.47.233].53 \ + dns QUERY,NOERROR,35713,rd|ad \ + 1 net.,IN,A 0 0 \ + 1 .,4096,4096,0,edns0[len=23,UDP=4096,ver=0,rcode=0,DO=0,z=0],edns0opt[ECS,family=1,source=24,scope=0,addr=172.24.244.0],edns0opt[code=10,codelen=8] +[895] 2023-07-05 07:21:42.836816 [#11 edns.pcap-dist 4095] \ + [192.37.47.233].53 [172.24.244.221].50901 \ + dns QUERY,NOERROR,35713,qr|rd \ + 1 net.,IN,A 0 \ + 13 net.,IN,NS,172800,j.gtld-servers.net. \ + net.,IN,NS,172800,b.gtld-servers.net. \ + net.,IN,NS,172800,a.gtld-servers.net. \ + net.,IN,NS,172800,h.gtld-servers.net. \ + net.,IN,NS,172800,d.gtld-servers.net. \ + net.,IN,NS,172800,c.gtld-servers.net. \ + net.,IN,NS,172800,i.gtld-servers.net. \ + net.,IN,NS,172800,e.gtld-servers.net. \ + net.,IN,NS,172800,m.gtld-servers.net. \ + net.,IN,NS,172800,f.gtld-servers.net. \ + net.,IN,NS,172800,k.gtld-servers.net. \ + net.,IN,NS,172800,l.gtld-servers.net. \ + net.,IN,NS,172800,g.gtld-servers.net. \ + 27 m.gtld-servers.net.,IN,A,172800,192.55.83.30 \ + l.gtld-servers.net.,IN,A,172800,192.41.162.30 \ + k.gtld-servers.net.,IN,A,172800,192.52.178.30 \ + j.gtld-servers.net.,IN,A,172800,192.48.79.30 \ + i.gtld-servers.net.,IN,A,172800,192.43.172.30 \ + h.gtld-servers.net.,IN,A,172800,192.54.112.30 \ + g.gtld-servers.net.,IN,A,172800,192.42.93.30 \ + f.gtld-servers.net.,IN,A,172800,192.35.51.30 \ + e.gtld-servers.net.,IN,A,172800,192.12.94.30 \ + d.gtld-servers.net.,IN,A,172800,192.31.80.30 \ + c.gtld-servers.net.,IN,A,172800,192.26.92.30 \ + b.gtld-servers.net.,IN,A,172800,192.33.14.30 \ + a.gtld-servers.net.,IN,A,172800,192.5.6.30 \ + m.gtld-servers.net.,IN,AAAA,172800,2001:501:b1f9::30 \ + l.gtld-servers.net.,IN,AAAA,172800,2001:500:d937::30 \ + k.gtld-servers.net.,IN,AAAA,172800,2001:503:d2d::30 \ + j.gtld-servers.net.,IN,AAAA,172800,2001:502:7094::30 \ + i.gtld-servers.net.,IN,AAAA,172800,2001:503:39c1::30 \ + h.gtld-servers.net.,IN,AAAA,172800,2001:502:8cc::30 \ + g.gtld-servers.net.,IN,AAAA,172800,2001:503:eea3::30 \ + f.gtld-servers.net.,IN,AAAA,172800,2001:503:d414::30 \ + e.gtld-servers.net.,IN,AAAA,172800,2001:502:1ca1::30 \ + d.gtld-servers.net.,IN,AAAA,172800,2001:500:856e::30 \ + c.gtld-servers.net.,IN,AAAA,172800,2001:503:83eb::30 \ + b.gtld-servers.net.,IN,AAAA,172800,2001:503:231d::2:30 \ + a.gtld-servers.net.,IN,AAAA,172800,2001:503:a83e::2:30 \ + .,1232,1232,0,edns0[len=39,UDP=1232,ver=0,rcode=0,DO=0,z=0],edns0opt[code=10,codelen=24],edns0opt[ECS,family=1,source=24,scope=0,addr=172.24.244.0] +[86] 2023-07-05 07:21:46.511502 [#12 edns.pcap-dist 4095] \ + [172.24.244.221].35191 [1.183.102.77].53 \ + dns QUERY,NOERROR,960,rd|ad \ + 1 dnssec-failed.org.,IN,A 0 0 \ + 1 .,4096,4096,0,edns0[len=12,UDP=4096,ver=0,rcode=0,DO=0,z=0],edns0opt[code=10,codelen=8] +[131] 2023-07-05 07:21:46.518500 [#13 edns.pcap-dist 4095] \ + [1.183.102.77].53 [172.24.244.221].35191 \ + dns QUERY,SERVFAIL,960,qr|rd|ra \ + 1 dnssec-failed.org.,IN,A 0 0 \ + 1 .,1232,1232,0,edns0[len=57,UDP=1232,ver=0,rcode=0,DO=0,z=0],edns0opt[code=15,codelen=53] +[64] 2023-07-05 07:21:38.669836 [#0 edns.pcap-dist 4095] \ + [172.17.0.6].58541 [172.17.0.1].53 \ + dns QUERY,NOERROR,31428,rd \ + 1 h.root-servers.net.,IN,A 0 0 0 +[64] 2023-07-05 07:21:38.669891 [#1 edns.pcap-dist 4095] \ + [172.17.0.6].58541 [172.17.0.1].53 \ + dns QUERY,NOERROR,5824,rd \ + 1 h.root-servers.net.,IN,AAAA 0 0 0 +[80] 2023-07-05 07:21:38.669977 [#2 edns.pcap-dist 4095] \ + [172.17.0.1].53 [172.17.0.6].58541 \ + dns QUERY,NOERROR,31428,qr|rd|ra \ + 1 h.root-servers.net.,IN,A \ + 1 h.root-servers.net.,IN,A,85098,198.97.190.53 0 0 +[92] 2023-07-05 07:21:38.670010 [#3 edns.pcap-dist 4095] \ + [172.17.0.1].53 [172.17.0.6].58541 \ + dns QUERY,NOERROR,5824,qr|rd|ra \ + 1 h.root-servers.net.,IN,AAAA \ + 1 h.root-servers.net.,IN,AAAA,85098,2001:500:1::53 0 0 +[88] 2023-07-05 07:21:38.670793 [#4 edns.pcap-dist 4095] \ + [172.17.0.6].33737 [198.97.190.53].53 \ + dns QUERY,NOERROR,56979,rd|ad \ + 1 ns1.dns.nic.aaa.,IN,NS 0 0 \ + 1 .,4096,4096,0,edns0[len=16,UDP=4096,ver=0,rcode=0,DO=0,z=0],edns0opt[code=3,codelen=0],edns0opt[code=10,codelen=8] +[464] 2023-07-05 07:21:38.698303 [#5 edns.pcap-dist 4095] \ + [198.97.190.53].53 [172.17.0.6].33737 \ + dns QUERY,NOERROR,56979,qr|rd \ + 1 ns1.dns.nic.aaa.,IN,NS 0 \ + 6 aaa.,IN,NS,172800,a.nic.aaa. \ + aaa.,IN,NS,172800,b.nic.aaa. \ + aaa.,IN,NS,172800,c.nic.aaa. \ + aaa.,IN,NS,172800,ns1.dns.nic.aaa. \ + aaa.,IN,NS,172800,ns2.dns.nic.aaa. \ + aaa.,IN,NS,172800,ns3.dns.nic.aaa. \ + 13 a.nic.aaa.,IN,A,172800,37.209.192.9 \ + b.nic.aaa.,IN,A,172800,37.209.194.9 \ + c.nic.aaa.,IN,A,172800,37.209.196.9 \ + ns1.dns.nic.aaa.,IN,A,172800,156.154.144.2 \ + ns2.dns.nic.aaa.,IN,A,172800,156.154.145.2 \ + ns3.dns.nic.aaa.,IN,A,172800,156.154.159.2 \ + a.nic.aaa.,IN,AAAA,172800,2001:dcd:1::9 \ + b.nic.aaa.,IN,AAAA,172800,2001:dcd:2::9 \ + c.nic.aaa.,IN,AAAA,172800,2001:dcd:3::9 \ + ns1.dns.nic.aaa.,IN,AAAA,172800,2610:a1:1071::2 \ + ns2.dns.nic.aaa.,IN,AAAA,172800,2610:a1:1072::2 \ + ns3.dns.nic.aaa.,IN,AAAA,172800,2610:a1:1073::2 \ + .,1232,1232,0,edns0[len=30,UDP=1232,ver=0,rcode=0,DO=0,z=0],edns0opt[code=3,codelen=26] +[64] 2023-07-05 07:21:42.739334 [#6 edns.pcap-dist 4095] \ + [172.17.0.6].53174 [172.17.0.1].53 \ + dns QUERY,NOERROR,48648,rd \ + 1 g.root-servers.net.,IN,A 0 0 0 +[64] 2023-07-05 07:21:42.739396 [#7 edns.pcap-dist 4095] \ + [172.17.0.6].53174 [172.17.0.1].53 \ + dns QUERY,NOERROR,48141,rd \ + 1 g.root-servers.net.,IN,AAAA 0 0 0 +[80] 2023-07-05 07:21:42.739525 [#8 edns.pcap-dist 4095] \ + [172.17.0.1].53 [172.17.0.6].53174 \ + dns QUERY,NOERROR,48648,qr|rd|ra \ + 1 g.root-servers.net.,IN,A \ + 1 g.root-servers.net.,IN,A,85094,192.112.36.4 0 0 +[92] 2023-07-05 07:21:42.739558 [#9 edns.pcap-dist 4095] \ + [172.17.0.1].53 [172.17.0.6].53174 \ + dns QUERY,NOERROR,48141,qr|rd|ra \ + 1 g.root-servers.net.,IN,AAAA \ + 1 g.root-servers.net.,IN,AAAA,85094,2001:500:12::d0d 0 0 +[83] 2023-07-05 07:21:42.740590 [#10 edns.pcap-dist 4095] \ + [172.17.0.6].50901 [192.112.36.4].53 \ + dns QUERY,NOERROR,35713,rd|ad \ + 1 net.,IN,A 0 0 \ + 1 .,4096,4096,0,edns0[len=23,UDP=4096,ver=0,rcode=0,DO=0,z=0],edns0opt[ECS,family=1,source=24,scope=0,addr=172.24.244.0],edns0opt[code=10,codelen=8] +[895] 2023-07-05 07:21:42.836816 [#11 edns.pcap-dist 4095] \ + [192.112.36.4].53 [172.17.0.6].50901 \ + dns QUERY,NOERROR,35713,qr|rd \ + 1 net.,IN,A 0 \ + 13 net.,IN,NS,172800,j.gtld-servers.net. \ + net.,IN,NS,172800,b.gtld-servers.net. \ + net.,IN,NS,172800,a.gtld-servers.net. \ + net.,IN,NS,172800,h.gtld-servers.net. \ + net.,IN,NS,172800,d.gtld-servers.net. \ + net.,IN,NS,172800,c.gtld-servers.net. \ + net.,IN,NS,172800,i.gtld-servers.net. \ + net.,IN,NS,172800,e.gtld-servers.net. \ + net.,IN,NS,172800,m.gtld-servers.net. \ + net.,IN,NS,172800,f.gtld-servers.net. \ + net.,IN,NS,172800,k.gtld-servers.net. \ + net.,IN,NS,172800,l.gtld-servers.net. \ + net.,IN,NS,172800,g.gtld-servers.net. \ + 27 m.gtld-servers.net.,IN,A,172800,192.55.83.30 \ + l.gtld-servers.net.,IN,A,172800,192.41.162.30 \ + k.gtld-servers.net.,IN,A,172800,192.52.178.30 \ + j.gtld-servers.net.,IN,A,172800,192.48.79.30 \ + i.gtld-servers.net.,IN,A,172800,192.43.172.30 \ + h.gtld-servers.net.,IN,A,172800,192.54.112.30 \ + g.gtld-servers.net.,IN,A,172800,192.42.93.30 \ + f.gtld-servers.net.,IN,A,172800,192.35.51.30 \ + e.gtld-servers.net.,IN,A,172800,192.12.94.30 \ + d.gtld-servers.net.,IN,A,172800,192.31.80.30 \ + c.gtld-servers.net.,IN,A,172800,192.26.92.30 \ + b.gtld-servers.net.,IN,A,172800,192.33.14.30 \ + a.gtld-servers.net.,IN,A,172800,192.5.6.30 \ + m.gtld-servers.net.,IN,AAAA,172800,2001:501:b1f9::30 \ + l.gtld-servers.net.,IN,AAAA,172800,2001:500:d937::30 \ + k.gtld-servers.net.,IN,AAAA,172800,2001:503:d2d::30 \ + j.gtld-servers.net.,IN,AAAA,172800,2001:502:7094::30 \ + i.gtld-servers.net.,IN,AAAA,172800,2001:503:39c1::30 \ + h.gtld-servers.net.,IN,AAAA,172800,2001:502:8cc::30 \ + g.gtld-servers.net.,IN,AAAA,172800,2001:503:eea3::30 \ + f.gtld-servers.net.,IN,AAAA,172800,2001:503:d414::30 \ + e.gtld-servers.net.,IN,AAAA,172800,2001:502:1ca1::30 \ + d.gtld-servers.net.,IN,AAAA,172800,2001:500:856e::30 \ + c.gtld-servers.net.,IN,AAAA,172800,2001:503:83eb::30 \ + b.gtld-servers.net.,IN,AAAA,172800,2001:503:231d::2:30 \ + a.gtld-servers.net.,IN,AAAA,172800,2001:503:a83e::2:30 \ + .,1232,1232,0,edns0[len=39,UDP=1232,ver=0,rcode=0,DO=0,z=0],edns0opt[code=10,codelen=24],edns0opt[ECS,family=1,source=24,scope=0,addr=172.24.244.0] +[86] 2023-07-05 07:21:46.511502 [#12 edns.pcap-dist 4095] \ + [172.17.0.6].35191 [1.1.1.1].53 \ + dns QUERY,NOERROR,960,rd|ad \ + 1 dnssec-failed.org.,IN,A 0 0 \ + 1 .,4096,4096,0,edns0[len=12,UDP=4096,ver=0,rcode=0,DO=0,z=0],edns0opt[code=10,codelen=8] +[131] 2023-07-05 07:21:46.518500 [#13 edns.pcap-dist 4095] \ + [1.1.1.1].53 [172.17.0.6].35191 \ + dns QUERY,SERVFAIL,960,qr|rd|ra \ + 1 dnssec-failed.org.,IN,A 0 0 \ + 1 .,1232,1232,0,edns0[len=57,UDP=1232,ver=0,rcode=0,DO=0,z=0],edns0opt[code=15,codelen=53] diff --git a/plugins/cryptopant/test1.sh b/plugins/cryptopant/test1.sh index cb632cfa..9e4182a5 100755 --- a/plugins/cryptopant/test1.sh +++ b/plugins/cryptopant/test1.sh @@ -21,6 +21,11 @@ fi ../../src/dnscap -r dns.pcap-dist -g -P "$plugin" -k "$srcdir/keyfile" -s 2>>test1.out ! ../../src/dnscap -r dns.pcap-dist -g -P "$plugin" -k "$srcdir/keyfile" -c -s 2>>test1.out +ln -fs "$srcdir/../../src/test/edns.pcap" edns.pcap-dist + +../../src/dnscap -r edns.pcap-dist -g -P "$plugin" -k "$srcdir/keyfile" -4 8 -e 2>>test1.out +../../src/dnscap -r edns.pcap-dist -g -P "$plugin" -k "$srcdir/keyfile" -4 8 -E 2>>test1.out + osrel=`uname -s` if [ "$osrel" = "OpenBSD" ]; then mv test1.out test1.out.old diff --git a/plugins/eventlog/Makefile.am b/plugins/eventlog/Makefile.am index d18531c6..fc78576d 100644 --- a/plugins/eventlog/Makefile.am +++ b/plugins/eventlog/Makefile.am @@ -1,5 +1,5 @@ MAINTAINERCLEANFILES = $(srcdir)/Makefile.in -CLEANFILES = *.gcda *.gcno *.gcov +CLEANFILES = *.gcda *.gcno *.gcov *.pcap-dist AM_CFLAGS = -I$(srcdir) \ -I$(top_srcdir)/src \ @@ -13,7 +13,7 @@ eventlog_la_LDFLAGS = -module -avoid-version $(libldns_LIBS) TESTS = test1.sh EXTRA_DIST = $(TESTS) -CLEANFILES += test1.out *.pcap-dist +CLEANFILES += test1.out if ENABLE_GCOV gcov-local: diff --git a/plugins/ipcrypt/Makefile.am b/plugins/ipcrypt/Makefile.am index 64effb74..13327eb2 100644 --- a/plugins/ipcrypt/Makefile.am +++ b/plugins/ipcrypt/Makefile.am @@ -1,9 +1,10 @@ MAINTAINERCLEANFILES = $(srcdir)/Makefile.in -CLEANFILES = *.gcda *.gcno *.gcov +CLEANFILES = *.gcda *.gcno *.gcov *.pcap-dist AM_CFLAGS = -I$(srcdir) \ -I$(top_srcdir)/src \ -I$(top_srcdir)/isc \ + -I$(top_srcdir)/plugins/shared \ $(SECCOMPFLAGS) pkglib_LTLIBRARIES = ipcrypt.la diff --git a/plugins/ipcrypt/ipcrypt.c b/plugins/ipcrypt/ipcrypt.c index f8908a67..e9a1f58d 100644 --- a/plugins/ipcrypt/ipcrypt.c +++ b/plugins/ipcrypt/ipcrypt.c @@ -42,13 +42,16 @@ #include #include #include +#include #include "dnscap_common.h" +#include "edns0_ecs.c" + static set_iaddr_t ipcrypt_set_iaddr = 0; static logerr_t* logerr; -static int only_clients = 0, only_servers = 0, dns_port = 53, iterations = 1, encrypt_v6 = 0, decrypt = 0; +static int only_clients = 0, only_servers = 0, dns_port = 53, iterations = 1, encrypt_v6 = 0, decrypt = 0, edns = 0; static uint8_t key[16]; /* @@ -157,7 +160,9 @@ void ipcrypt_usage() "\t-s Only en/de-crypt servers (port == 53)\n" "\t-p Set port for -c/-s, default 53\n" "\t-i Number of en/de-cryption iterations, default 1\n" - "\t-6 En/de-crypt IPv6 addresses, not default or recommended\n"); + "\t-6 En/de-crypt IPv6 addresses, not default or recommended\n" + "\t-e Also en/de-crypt EDNS(0) Client Subnet\n" + "\t-E ONLY en/de-crypt EDNS(0) Client Subnet, not IP addresses\n"); } void ipcrypt_extension(int ext, void* arg) @@ -175,7 +180,7 @@ void ipcrypt_getopt(int* argc, char** argv[]) unsigned long ul; char* p; - while ((c = getopt(*argc, *argv, "?k:f:Dcsp:i:6")) != EOF) { + while ((c = getopt(*argc, *argv, "?k:f:Dcsp:i:6eE")) != EOF) { switch (c) { case 'k': if (strlen(optarg) != 16) { @@ -226,6 +231,13 @@ void ipcrypt_getopt(int* argc, char** argv[]) case '6': encrypt_v6 = 1; break; + case 'e': + if (!edns) + edns = 1; + break; + case 'E': + edns = -1; + break; case '?': ipcrypt_usage(); if (!optopt || optopt == '?') { @@ -266,11 +278,55 @@ int ipcrypt_close(my_bpftimeval ts) return 0; } +void ecs_callback(int family, u_char* buf, size_t len) +{ + switch (family) { + case 1: // IPv4 + { + if (len > sizeof(struct in_addr)) + break; + struct in_addr in = { INADDR_ANY }; + memcpy(&in, buf, len); + decrypt ? _decrypt((uint8_t*)&in) : _encrypt((uint8_t*)&in); + memcpy(buf, &in, len); + break; + } + case 2: // IPv6 + if (len > sizeof(struct in6_addr)) + break; + if (encrypt_v6) { + struct in6_addr in = IN6ADDR_ANY_INIT; + memcpy(&in, buf, len); + if (decrypt) { + _decrypt((uint8_t*)&in); + _decrypt(((uint8_t*)&in) + 4); + _decrypt(((uint8_t*)&in) + 8); + _decrypt(((uint8_t*)&in) + 12); + } else { + _encrypt((uint8_t*)&in); + _encrypt(((uint8_t*)&in) + 4); + _encrypt(((uint8_t*)&in) + 8); + _encrypt(((uint8_t*)&in) + 12); + } + memcpy(buf, &in, len); + } + break; + default: + break; + } +} + int ipcrypt_filter(const char* descr, iaddr* from, iaddr* to, uint8_t proto, unsigned flags, unsigned sport, unsigned dport, my_bpftimeval ts, - const u_char* pkt_copy, const unsigned olen, - const u_char* payload, const unsigned payloadlen) + u_char* pkt_copy, const unsigned olen, + u_char* payload, const unsigned payloadlen) { + if (edns && flags & DNSCAP_OUTPUT_ISDNS && payload && payloadlen > DNS_MSG_HDR_SZ) { + parse_for_edns0_ecs(payload, payloadlen, ecs_callback); + if (edns < 0) + return 0; + } + for (;;) { if (only_clients && sport == dns_port) { if (sport != dport) { diff --git a/plugins/ipcrypt/test1.gold b/plugins/ipcrypt/test1.gold index 040d8753..99dc62ed 100644 --- a/plugins/ipcrypt/test1.gold +++ b/plugins/ipcrypt/test1.gold @@ -2142,3 +2142,249 @@ ipcrypt.so usage error: must have -k or -f ns3.google.com.,IN,A,157794,216.239.36.10 \ ns4.google.com.,IN,A,157794,216.239.38.10 ipcrypt.so usage error: -c and -s options are mutually exclusive +[64] 2023-07-05 07:21:38.669836 [#0 edns.pcap-dist 4095] \ + [122.143.39.9].58541 [132.72.37.15].53 \ + dns QUERY,NOERROR,31428,rd \ + 1 h.root-servers.net.,IN,A 0 0 0 +[64] 2023-07-05 07:21:38.669891 [#1 edns.pcap-dist 4095] \ + [122.143.39.9].58541 [132.72.37.15].53 \ + dns QUERY,NOERROR,5824,rd \ + 1 h.root-servers.net.,IN,AAAA 0 0 0 +[80] 2023-07-05 07:21:38.669977 [#2 edns.pcap-dist 4095] \ + [132.72.37.15].53 [122.143.39.9].58541 \ + dns QUERY,NOERROR,31428,qr|rd|ra \ + 1 h.root-servers.net.,IN,A \ + 1 h.root-servers.net.,IN,A,85098,198.97.190.53 0 0 +[92] 2023-07-05 07:21:38.670010 [#3 edns.pcap-dist 4095] \ + [132.72.37.15].53 [122.143.39.9].58541 \ + dns QUERY,NOERROR,5824,qr|rd|ra \ + 1 h.root-servers.net.,IN,AAAA \ + 1 h.root-servers.net.,IN,AAAA,85098,2001:500:1::53 0 0 +[88] 2023-07-05 07:21:38.670793 [#4 edns.pcap-dist 4095] \ + [122.143.39.9].33737 [225.150.52.100].53 \ + dns QUERY,NOERROR,56979,rd|ad \ + 1 ns1.dns.nic.aaa.,IN,NS 0 0 \ + 1 .,4096,4096,0,edns0[len=16,UDP=4096,ver=0,rcode=0,DO=0,z=0],edns0opt[code=3,codelen=0],edns0opt[code=10,codelen=8] +[464] 2023-07-05 07:21:38.698303 [#5 edns.pcap-dist 4095] \ + [225.150.52.100].53 [122.143.39.9].33737 \ + dns QUERY,NOERROR,56979,qr|rd \ + 1 ns1.dns.nic.aaa.,IN,NS 0 \ + 6 aaa.,IN,NS,172800,a.nic.aaa. \ + aaa.,IN,NS,172800,b.nic.aaa. \ + aaa.,IN,NS,172800,c.nic.aaa. \ + aaa.,IN,NS,172800,ns1.dns.nic.aaa. \ + aaa.,IN,NS,172800,ns2.dns.nic.aaa. \ + aaa.,IN,NS,172800,ns3.dns.nic.aaa. \ + 13 a.nic.aaa.,IN,A,172800,37.209.192.9 \ + b.nic.aaa.,IN,A,172800,37.209.194.9 \ + c.nic.aaa.,IN,A,172800,37.209.196.9 \ + ns1.dns.nic.aaa.,IN,A,172800,156.154.144.2 \ + ns2.dns.nic.aaa.,IN,A,172800,156.154.145.2 \ + ns3.dns.nic.aaa.,IN,A,172800,156.154.159.2 \ + a.nic.aaa.,IN,AAAA,172800,2001:dcd:1::9 \ + b.nic.aaa.,IN,AAAA,172800,2001:dcd:2::9 \ + c.nic.aaa.,IN,AAAA,172800,2001:dcd:3::9 \ + ns1.dns.nic.aaa.,IN,AAAA,172800,2610:a1:1071::2 \ + ns2.dns.nic.aaa.,IN,AAAA,172800,2610:a1:1072::2 \ + ns3.dns.nic.aaa.,IN,AAAA,172800,2610:a1:1073::2 \ + .,1232,1232,0,edns0[len=30,UDP=1232,ver=0,rcode=0,DO=0,z=0],edns0opt[code=3,codelen=26] +[64] 2023-07-05 07:21:42.739334 [#6 edns.pcap-dist 4095] \ + [122.143.39.9].53174 [132.72.37.15].53 \ + dns QUERY,NOERROR,48648,rd \ + 1 g.root-servers.net.,IN,A 0 0 0 +[64] 2023-07-05 07:21:42.739396 [#7 edns.pcap-dist 4095] \ + [122.143.39.9].53174 [132.72.37.15].53 \ + dns QUERY,NOERROR,48141,rd \ + 1 g.root-servers.net.,IN,AAAA 0 0 0 +[80] 2023-07-05 07:21:42.739525 [#8 edns.pcap-dist 4095] \ + [132.72.37.15].53 [122.143.39.9].53174 \ + dns QUERY,NOERROR,48648,qr|rd|ra \ + 1 g.root-servers.net.,IN,A \ + 1 g.root-servers.net.,IN,A,85094,192.112.36.4 0 0 +[92] 2023-07-05 07:21:42.739558 [#9 edns.pcap-dist 4095] \ + [132.72.37.15].53 [122.143.39.9].53174 \ + dns QUERY,NOERROR,48141,qr|rd|ra \ + 1 g.root-servers.net.,IN,AAAA \ + 1 g.root-servers.net.,IN,AAAA,85094,2001:500:12::d0d 0 0 +[83] 2023-07-05 07:21:42.740590 [#10 edns.pcap-dist 4095] \ + [122.143.39.9].50901 [255.236.91.80].53 \ + dns QUERY,NOERROR,35713,rd|ad \ + 1 net.,IN,A 0 0 \ + 1 .,4096,4096,0,edns0[len=23,UDP=4096,ver=0,rcode=0,DO=0,z=0],edns0opt[ECS,family=1,source=24,scope=0,addr=250.154.229.0],edns0opt[code=10,codelen=8] +[895] 2023-07-05 07:21:42.836816 [#11 edns.pcap-dist 4095] \ + [255.236.91.80].53 [122.143.39.9].50901 \ + dns QUERY,NOERROR,35713,qr|rd \ + 1 net.,IN,A 0 \ + 13 net.,IN,NS,172800,j.gtld-servers.net. \ + net.,IN,NS,172800,b.gtld-servers.net. \ + net.,IN,NS,172800,a.gtld-servers.net. \ + net.,IN,NS,172800,h.gtld-servers.net. \ + net.,IN,NS,172800,d.gtld-servers.net. \ + net.,IN,NS,172800,c.gtld-servers.net. \ + net.,IN,NS,172800,i.gtld-servers.net. \ + net.,IN,NS,172800,e.gtld-servers.net. \ + net.,IN,NS,172800,m.gtld-servers.net. \ + net.,IN,NS,172800,f.gtld-servers.net. \ + net.,IN,NS,172800,k.gtld-servers.net. \ + net.,IN,NS,172800,l.gtld-servers.net. \ + net.,IN,NS,172800,g.gtld-servers.net. \ + 27 m.gtld-servers.net.,IN,A,172800,192.55.83.30 \ + l.gtld-servers.net.,IN,A,172800,192.41.162.30 \ + k.gtld-servers.net.,IN,A,172800,192.52.178.30 \ + j.gtld-servers.net.,IN,A,172800,192.48.79.30 \ + i.gtld-servers.net.,IN,A,172800,192.43.172.30 \ + h.gtld-servers.net.,IN,A,172800,192.54.112.30 \ + g.gtld-servers.net.,IN,A,172800,192.42.93.30 \ + f.gtld-servers.net.,IN,A,172800,192.35.51.30 \ + e.gtld-servers.net.,IN,A,172800,192.12.94.30 \ + d.gtld-servers.net.,IN,A,172800,192.31.80.30 \ + c.gtld-servers.net.,IN,A,172800,192.26.92.30 \ + b.gtld-servers.net.,IN,A,172800,192.33.14.30 \ + a.gtld-servers.net.,IN,A,172800,192.5.6.30 \ + m.gtld-servers.net.,IN,AAAA,172800,2001:501:b1f9::30 \ + l.gtld-servers.net.,IN,AAAA,172800,2001:500:d937::30 \ + k.gtld-servers.net.,IN,AAAA,172800,2001:503:d2d::30 \ + j.gtld-servers.net.,IN,AAAA,172800,2001:502:7094::30 \ + i.gtld-servers.net.,IN,AAAA,172800,2001:503:39c1::30 \ + h.gtld-servers.net.,IN,AAAA,172800,2001:502:8cc::30 \ + g.gtld-servers.net.,IN,AAAA,172800,2001:503:eea3::30 \ + f.gtld-servers.net.,IN,AAAA,172800,2001:503:d414::30 \ + e.gtld-servers.net.,IN,AAAA,172800,2001:502:1ca1::30 \ + d.gtld-servers.net.,IN,AAAA,172800,2001:500:856e::30 \ + c.gtld-servers.net.,IN,AAAA,172800,2001:503:83eb::30 \ + b.gtld-servers.net.,IN,AAAA,172800,2001:503:231d::2:30 \ + a.gtld-servers.net.,IN,AAAA,172800,2001:503:a83e::2:30 \ + .,1232,1232,0,edns0[len=39,UDP=1232,ver=0,rcode=0,DO=0,z=0],edns0opt[code=10,codelen=24],edns0opt[ECS,family=1,source=24,scope=0,addr=250.154.229.0] +[86] 2023-07-05 07:21:46.511502 [#12 edns.pcap-dist 4095] \ + [122.143.39.9].35191 [214.180.194.165].53 \ + dns QUERY,NOERROR,960,rd|ad \ + 1 dnssec-failed.org.,IN,A 0 0 \ + 1 .,4096,4096,0,edns0[len=12,UDP=4096,ver=0,rcode=0,DO=0,z=0],edns0opt[code=10,codelen=8] +[131] 2023-07-05 07:21:46.518500 [#13 edns.pcap-dist 4095] \ + [214.180.194.165].53 [122.143.39.9].35191 \ + dns QUERY,SERVFAIL,960,qr|rd|ra \ + 1 dnssec-failed.org.,IN,A 0 0 \ + 1 .,1232,1232,0,edns0[len=57,UDP=1232,ver=0,rcode=0,DO=0,z=0],edns0opt[code=15,codelen=53] +[64] 2023-07-05 07:21:38.669836 [#0 edns.pcap-dist 4095] \ + [172.17.0.6].58541 [172.17.0.1].53 \ + dns QUERY,NOERROR,31428,rd \ + 1 h.root-servers.net.,IN,A 0 0 0 +[64] 2023-07-05 07:21:38.669891 [#1 edns.pcap-dist 4095] \ + [172.17.0.6].58541 [172.17.0.1].53 \ + dns QUERY,NOERROR,5824,rd \ + 1 h.root-servers.net.,IN,AAAA 0 0 0 +[80] 2023-07-05 07:21:38.669977 [#2 edns.pcap-dist 4095] \ + [172.17.0.1].53 [172.17.0.6].58541 \ + dns QUERY,NOERROR,31428,qr|rd|ra \ + 1 h.root-servers.net.,IN,A \ + 1 h.root-servers.net.,IN,A,85098,198.97.190.53 0 0 +[92] 2023-07-05 07:21:38.670010 [#3 edns.pcap-dist 4095] \ + [172.17.0.1].53 [172.17.0.6].58541 \ + dns QUERY,NOERROR,5824,qr|rd|ra \ + 1 h.root-servers.net.,IN,AAAA \ + 1 h.root-servers.net.,IN,AAAA,85098,2001:500:1::53 0 0 +[88] 2023-07-05 07:21:38.670793 [#4 edns.pcap-dist 4095] \ + [172.17.0.6].33737 [198.97.190.53].53 \ + dns QUERY,NOERROR,56979,rd|ad \ + 1 ns1.dns.nic.aaa.,IN,NS 0 0 \ + 1 .,4096,4096,0,edns0[len=16,UDP=4096,ver=0,rcode=0,DO=0,z=0],edns0opt[code=3,codelen=0],edns0opt[code=10,codelen=8] +[464] 2023-07-05 07:21:38.698303 [#5 edns.pcap-dist 4095] \ + [198.97.190.53].53 [172.17.0.6].33737 \ + dns QUERY,NOERROR,56979,qr|rd \ + 1 ns1.dns.nic.aaa.,IN,NS 0 \ + 6 aaa.,IN,NS,172800,a.nic.aaa. \ + aaa.,IN,NS,172800,b.nic.aaa. \ + aaa.,IN,NS,172800,c.nic.aaa. \ + aaa.,IN,NS,172800,ns1.dns.nic.aaa. \ + aaa.,IN,NS,172800,ns2.dns.nic.aaa. \ + aaa.,IN,NS,172800,ns3.dns.nic.aaa. \ + 13 a.nic.aaa.,IN,A,172800,37.209.192.9 \ + b.nic.aaa.,IN,A,172800,37.209.194.9 \ + c.nic.aaa.,IN,A,172800,37.209.196.9 \ + ns1.dns.nic.aaa.,IN,A,172800,156.154.144.2 \ + ns2.dns.nic.aaa.,IN,A,172800,156.154.145.2 \ + ns3.dns.nic.aaa.,IN,A,172800,156.154.159.2 \ + a.nic.aaa.,IN,AAAA,172800,2001:dcd:1::9 \ + b.nic.aaa.,IN,AAAA,172800,2001:dcd:2::9 \ + c.nic.aaa.,IN,AAAA,172800,2001:dcd:3::9 \ + ns1.dns.nic.aaa.,IN,AAAA,172800,2610:a1:1071::2 \ + ns2.dns.nic.aaa.,IN,AAAA,172800,2610:a1:1072::2 \ + ns3.dns.nic.aaa.,IN,AAAA,172800,2610:a1:1073::2 \ + .,1232,1232,0,edns0[len=30,UDP=1232,ver=0,rcode=0,DO=0,z=0],edns0opt[code=3,codelen=26] +[64] 2023-07-05 07:21:42.739334 [#6 edns.pcap-dist 4095] \ + [172.17.0.6].53174 [172.17.0.1].53 \ + dns QUERY,NOERROR,48648,rd \ + 1 g.root-servers.net.,IN,A 0 0 0 +[64] 2023-07-05 07:21:42.739396 [#7 edns.pcap-dist 4095] \ + [172.17.0.6].53174 [172.17.0.1].53 \ + dns QUERY,NOERROR,48141,rd \ + 1 g.root-servers.net.,IN,AAAA 0 0 0 +[80] 2023-07-05 07:21:42.739525 [#8 edns.pcap-dist 4095] \ + [172.17.0.1].53 [172.17.0.6].53174 \ + dns QUERY,NOERROR,48648,qr|rd|ra \ + 1 g.root-servers.net.,IN,A \ + 1 g.root-servers.net.,IN,A,85094,192.112.36.4 0 0 +[92] 2023-07-05 07:21:42.739558 [#9 edns.pcap-dist 4095] \ + [172.17.0.1].53 [172.17.0.6].53174 \ + dns QUERY,NOERROR,48141,qr|rd|ra \ + 1 g.root-servers.net.,IN,AAAA \ + 1 g.root-servers.net.,IN,AAAA,85094,2001:500:12::d0d 0 0 +[83] 2023-07-05 07:21:42.740590 [#10 edns.pcap-dist 4095] \ + [172.17.0.6].50901 [192.112.36.4].53 \ + dns QUERY,NOERROR,35713,rd|ad \ + 1 net.,IN,A 0 0 \ + 1 .,4096,4096,0,edns0[len=23,UDP=4096,ver=0,rcode=0,DO=0,z=0],edns0opt[ECS,family=1,source=24,scope=0,addr=250.154.229.0],edns0opt[code=10,codelen=8] +[895] 2023-07-05 07:21:42.836816 [#11 edns.pcap-dist 4095] \ + [192.112.36.4].53 [172.17.0.6].50901 \ + dns QUERY,NOERROR,35713,qr|rd \ + 1 net.,IN,A 0 \ + 13 net.,IN,NS,172800,j.gtld-servers.net. \ + net.,IN,NS,172800,b.gtld-servers.net. \ + net.,IN,NS,172800,a.gtld-servers.net. \ + net.,IN,NS,172800,h.gtld-servers.net. \ + net.,IN,NS,172800,d.gtld-servers.net. \ + net.,IN,NS,172800,c.gtld-servers.net. \ + net.,IN,NS,172800,i.gtld-servers.net. \ + net.,IN,NS,172800,e.gtld-servers.net. \ + net.,IN,NS,172800,m.gtld-servers.net. \ + net.,IN,NS,172800,f.gtld-servers.net. \ + net.,IN,NS,172800,k.gtld-servers.net. \ + net.,IN,NS,172800,l.gtld-servers.net. \ + net.,IN,NS,172800,g.gtld-servers.net. \ + 27 m.gtld-servers.net.,IN,A,172800,192.55.83.30 \ + l.gtld-servers.net.,IN,A,172800,192.41.162.30 \ + k.gtld-servers.net.,IN,A,172800,192.52.178.30 \ + j.gtld-servers.net.,IN,A,172800,192.48.79.30 \ + i.gtld-servers.net.,IN,A,172800,192.43.172.30 \ + h.gtld-servers.net.,IN,A,172800,192.54.112.30 \ + g.gtld-servers.net.,IN,A,172800,192.42.93.30 \ + f.gtld-servers.net.,IN,A,172800,192.35.51.30 \ + e.gtld-servers.net.,IN,A,172800,192.12.94.30 \ + d.gtld-servers.net.,IN,A,172800,192.31.80.30 \ + c.gtld-servers.net.,IN,A,172800,192.26.92.30 \ + b.gtld-servers.net.,IN,A,172800,192.33.14.30 \ + a.gtld-servers.net.,IN,A,172800,192.5.6.30 \ + m.gtld-servers.net.,IN,AAAA,172800,2001:501:b1f9::30 \ + l.gtld-servers.net.,IN,AAAA,172800,2001:500:d937::30 \ + k.gtld-servers.net.,IN,AAAA,172800,2001:503:d2d::30 \ + j.gtld-servers.net.,IN,AAAA,172800,2001:502:7094::30 \ + i.gtld-servers.net.,IN,AAAA,172800,2001:503:39c1::30 \ + h.gtld-servers.net.,IN,AAAA,172800,2001:502:8cc::30 \ + g.gtld-servers.net.,IN,AAAA,172800,2001:503:eea3::30 \ + f.gtld-servers.net.,IN,AAAA,172800,2001:503:d414::30 \ + e.gtld-servers.net.,IN,AAAA,172800,2001:502:1ca1::30 \ + d.gtld-servers.net.,IN,AAAA,172800,2001:500:856e::30 \ + c.gtld-servers.net.,IN,AAAA,172800,2001:503:83eb::30 \ + b.gtld-servers.net.,IN,AAAA,172800,2001:503:231d::2:30 \ + a.gtld-servers.net.,IN,AAAA,172800,2001:503:a83e::2:30 \ + .,1232,1232,0,edns0[len=39,UDP=1232,ver=0,rcode=0,DO=0,z=0],edns0opt[code=10,codelen=24],edns0opt[ECS,family=1,source=24,scope=0,addr=250.154.229.0] +[86] 2023-07-05 07:21:46.511502 [#12 edns.pcap-dist 4095] \ + [172.17.0.6].35191 [1.1.1.1].53 \ + dns QUERY,NOERROR,960,rd|ad \ + 1 dnssec-failed.org.,IN,A 0 0 \ + 1 .,4096,4096,0,edns0[len=12,UDP=4096,ver=0,rcode=0,DO=0,z=0],edns0opt[code=10,codelen=8] +[131] 2023-07-05 07:21:46.518500 [#13 edns.pcap-dist 4095] \ + [1.1.1.1].53 [172.17.0.6].35191 \ + dns QUERY,SERVFAIL,960,qr|rd|ra \ + 1 dnssec-failed.org.,IN,A 0 0 \ + 1 .,1232,1232,0,edns0[len=57,UDP=1232,ver=0,rcode=0,DO=0,z=0],edns0opt[code=15,codelen=53] diff --git a/plugins/ipcrypt/test1.sh b/plugins/ipcrypt/test1.sh index 3be71071..4156d954 100755 --- a/plugins/ipcrypt/test1.sh +++ b/plugins/ipcrypt/test1.sh @@ -14,6 +14,11 @@ ln -fs "$srcdir/../../src/test/dns.pcap" dns.pcap-dist ../../src/dnscap -r dns.pcap-dist -g -P "$plugin" -k "some 16-byte key" -s 2>>test1.out ! ../../src/dnscap -r dns.pcap-dist -g -P "$plugin" -k "some 16-byte key" -c -s 2>>test1.out +ln -fs "$srcdir/../../src/test/edns.pcap" edns.pcap-dist + +../../src/dnscap -r edns.pcap-dist -g -P "$plugin" -k "some 16-byte key" -e 2>>test1.out +../../src/dnscap -r edns.pcap-dist -g -P "$plugin" -k "some 16-byte key" -E 2>>test1.out + osrel=`uname -s` if [ "$osrel" = "OpenBSD" ]; then mv test1.out test1.out.old diff --git a/plugins/pcapdump/Makefile.am b/plugins/pcapdump/Makefile.am index bfbf8a47..33b74e3c 100644 --- a/plugins/pcapdump/Makefile.am +++ b/plugins/pcapdump/Makefile.am @@ -1,5 +1,5 @@ MAINTAINERCLEANFILES = $(srcdir)/Makefile.in -CLEANFILES = *.gcda *.gcno *.gcov +CLEANFILES = *.gcda *.gcno *.gcov *.pcap-dist AM_CFLAGS = -I$(srcdir) \ -I$(top_srcdir)/src \ @@ -12,7 +12,7 @@ pcapdump_la_LDFLAGS = -module -avoid-version TESTS = test1.sh EXTRA_DIST = $(TESTS) -CLEANFILES += test1.out* *.pcap-dist +CLEANFILES += test1.out if ENABLE_GCOV gcov-local: diff --git a/plugins/royparse/Makefile.am b/plugins/royparse/Makefile.am index 5b907cb1..23aeed7d 100644 --- a/plugins/royparse/Makefile.am +++ b/plugins/royparse/Makefile.am @@ -1,5 +1,5 @@ MAINTAINERCLEANFILES = $(srcdir)/Makefile.in -CLEANFILES = *.gcda *.gcno *.gcov +CLEANFILES = *.gcda *.gcno *.gcov *.pcap-dist AM_CFLAGS = -I$(srcdir) \ -I$(top_srcdir)/src \ @@ -13,7 +13,7 @@ royparse_la_LDFLAGS = -module -avoid-version $(libldns_LIBS) TESTS = test1.sh EXTRA_DIST = $(TESTS) -CLEANFILES += test1.out* *.pcap-dist +CLEANFILES += test1.out if ENABLE_GCOV gcov-local: diff --git a/plugins/rssm/Makefile.am b/plugins/rssm/Makefile.am index cce61819..b4ddf6bd 100644 --- a/plugins/rssm/Makefile.am +++ b/plugins/rssm/Makefile.am @@ -1,5 +1,5 @@ MAINTAINERCLEANFILES = $(srcdir)/Makefile.in -CLEANFILES = *.gcda *.gcno *.gcov +CLEANFILES = *.gcda *.gcno *.gcov *.pcap-dist AM_CFLAGS = -I$(srcdir) \ -I$(top_srcdir)/src \ diff --git a/plugins/rzkeychange/Makefile.am b/plugins/rzkeychange/Makefile.am index 869eba66..ff806797 100644 --- a/plugins/rzkeychange/Makefile.am +++ b/plugins/rzkeychange/Makefile.am @@ -1,5 +1,5 @@ MAINTAINERCLEANFILES = $(srcdir)/Makefile.in -CLEANFILES = *.gcda *.gcno *.gcov +CLEANFILES = *.gcda *.gcno *.gcov *.pcap-dist AM_CFLAGS = -I$(srcdir) \ -I$(top_srcdir)/src \ @@ -13,7 +13,6 @@ rzkeychange_la_LDFLAGS = -module -avoid-version $(libldns_LIBS) TESTS = test1.sh EXTRA_DIST = $(TESTS) -CLEANFILES += *.pcap-dist if ENABLE_GCOV gcov-local: diff --git a/plugins/rzkeychange/rzkeychange.c b/plugins/rzkeychange/rzkeychange.c index 4f14c40e..dd99316f 100644 --- a/plugins/rzkeychange/rzkeychange.c +++ b/plugins/rzkeychange/rzkeychange.c @@ -287,7 +287,7 @@ void rzkeychange_submit_counts(void) { char qname[256]; ldns_pkt* pkt; - double elapsed = (double)clos_ts.tv_sec - (double)open_ts.tv_sec + 0.000001 * clos_ts.tv_usec - 0.000001 * open_ts.tv_usec; //NOSONAR + double elapsed = (double)clos_ts.tv_sec - (double)open_ts.tv_sec + 0.000001 * clos_ts.tv_usec - 0.000001 * open_ts.tv_usec; // NOSONAR int k; k = snprintf(qname, sizeof(qname), "%lu-%u-%" PRIu64 "-%" PRIu64 "-%" PRIu64 "-%" PRIu64 "-%" PRIu64 "-%" PRIu64 "-%" PRIu64 ".%s.%s.%s", diff --git a/plugins/shared/edns0_ecs.c b/plugins/shared/edns0_ecs.c new file mode 100644 index 00000000..2b2e1fa5 --- /dev/null +++ b/plugins/shared/edns0_ecs.c @@ -0,0 +1,222 @@ +/* + * Copyright (c) 2018-2023, OARC, Inc. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. Neither the name of the copyright holder nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER + * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN + * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + */ + +#define DNS_MSG_HDR_SZ 12 +#define RFC1035_MAXLABELSZ 63 +#define nptohs(p) ((((uint8_t*)(p))[0] << 8) | ((uint8_t*)(p))[1]) + +static int rfc1035NameSkip(const u_char* buf, size_t sz, off_t* off) +{ + unsigned char c; + size_t len; + /* + * loop_detect[] tracks which position in the DNS message it has + * jumped to so it can't jump to the same twice, aka loop + */ + static unsigned char loop_detect[0x3FFF] = { 0 }; + do { + if ((*off) >= sz) + break; + c = *(buf + (*off)); + if (c > 191) { + /* blasted compression */ + int rc; + unsigned short s; + off_t ptr, loop_ptr; + s = nptohs(buf + (*off)); + (*off) += sizeof(s); + /* Sanity check */ + if ((*off) >= sz) + return 1; /* message too short */ + ptr = s & 0x3FFF; + /* Make sure the pointer is inside this message */ + if (ptr >= sz) + return 2; /* bad compression ptr */ + if (ptr < DNS_MSG_HDR_SZ) + return 2; /* bad compression ptr */ + if (loop_detect[ptr]) + return 4; /* compression loop */ + loop_detect[(loop_ptr = ptr)] = 1; + + rc = rfc1035NameSkip(buf, sz, &ptr); + + loop_detect[loop_ptr] = 0; + return rc; + } else if (c > RFC1035_MAXLABELSZ) { + /* + * "(The 10 and 01 combinations are reserved for future use.)" + */ + return 3; /* reserved label/compression flags */ + } else { + (*off)++; + len = (size_t)c; + if (len == 0) + break; + if ((*off) + len > sz) + return 4; /* message is too short */ + (*off) += len; + } + } while (c > 0); + return 0; +} + +static off_t skip_question(const u_char* buf, int len, off_t offset) +{ + if (rfc1035NameSkip(buf, len, &offset)) + return 0; + if (offset + 4 > len) + return 0; + offset += 4; + return offset; +} + +static off_t skip_rr(const u_char* buf, int len, off_t offset) +{ + if (rfc1035NameSkip(buf, len, &offset)) + return 0; + if (offset + 10 > len) + return 0; + unsigned short us = nptohs(buf + offset + 8); + offset += 10; + if (offset + us > len) + return 0; + offset += us; + return offset; +} + +#define EDNS0_TYPE_ECS 8 + +typedef void (*edns0_ecs_cb)(int family, u_char* buf, size_t len); + +static void process_edns0_options(u_char* buf, int len, edns0_ecs_cb cb) +{ + unsigned short edns0_type; + unsigned short edns0_len; + off_t offset = 0; + + while (len >= 4) { + edns0_type = nptohs(buf + offset); + edns0_len = nptohs(buf + offset + 2); + if (len < 4 + edns0_len) + break; + if (edns0_type == EDNS0_TYPE_ECS) { + if (edns0_len < 5) + break; + if (cb) + cb(nptohs(buf + offset + 4), buf + offset + 8, edns0_len - 4); + } + offset += 4 + edns0_len; + len -= 4 + edns0_len; + } +} + +#define T_OPT 41 + +static off_t grok_additional_for_opt_rr(u_char* buf, int len, off_t offset, edns0_ecs_cb cb) +{ + unsigned short us; + /* + * OPT RR for EDNS0 MUST be 0 (root domain), so if the first byte of + * the name is anything it can't be a valid EDNS0 record. + */ + if (*(buf + offset)) { + if (rfc1035NameSkip(buf, len, &offset)) + return 0; + if (offset + 10 > len) + return 0; + } else { + offset++; + if (offset + 10 > len) + return 0; + if (nptohs(buf + offset) == T_OPT) { + u_char version = *(buf + offset + 5); + us = nptohs(buf + offset + 8); // rd len + offset += 10; + if (offset + us > len) + return 0; + if (!version && us > 0) + process_edns0_options(buf + offset, us, cb); + offset += us; + return offset; + } + } + /* get rdlength */ + us = nptohs(buf + offset + 8); + offset += 10; + if (offset + us > len) + return 0; + offset += us; + return offset; +} + +static void parse_for_edns0_ecs(u_char* payload, size_t payloadlen, edns0_ecs_cb cb) +{ + off_t offset; + int qdcount, ancount, nscount, arcount; + + qdcount = nptohs(payload + 4); + ancount = nptohs(payload + 6); + nscount = nptohs(payload + 8); + arcount = nptohs(payload + 10); + + offset = DNS_MSG_HDR_SZ; + + while (qdcount > 0 && offset < payloadlen) { + if (!(offset = skip_question(payload, payloadlen, offset))) { + return; + } + qdcount--; + } + + while (ancount > 0 && offset < payloadlen) { + if (!(offset = skip_rr(payload, payloadlen, offset))) { + return; + } + ancount--; + } + + while (nscount > 0 && offset < payloadlen) { + if (!(offset = skip_rr(payload, payloadlen, offset))) { + return; + } + nscount--; + } + + while (arcount > 0 && offset < payloadlen) { + if (!(offset = grok_additional_for_opt_rr(payload, payloadlen, offset, cb))) { + return; + } + arcount--; + } +} \ No newline at end of file diff --git a/plugins/template/Makefile.am b/plugins/template/Makefile.am index 2cc0d7e0..2079fa71 100644 --- a/plugins/template/Makefile.am +++ b/plugins/template/Makefile.am @@ -1,5 +1,5 @@ MAINTAINERCLEANFILES = $(srcdir)/Makefile.in -CLEANFILES = *.gcda *.gcno *.gcov +CLEANFILES = *.gcda *.gcno *.gcov *.pcap-dist AM_CFLAGS = -I$(srcdir) \ -I$(top_srcdir)/src \ @@ -12,7 +12,6 @@ template_la_LDFLAGS = -module -avoid-version TESTS = test1.sh EXTRA_DIST = $(TESTS) -CLEANFILES += *.pcap-dist if ENABLE_GCOV gcov-local: diff --git a/plugins/txtout/Makefile.am b/plugins/txtout/Makefile.am index c802b927..2f1c7fc1 100644 --- a/plugins/txtout/Makefile.am +++ b/plugins/txtout/Makefile.am @@ -1,5 +1,5 @@ MAINTAINERCLEANFILES = $(srcdir)/Makefile.in -CLEANFILES = *.gcda *.gcno *.gcov +CLEANFILES = *.gcda *.gcno *.gcov *.pcap-dist AM_CFLAGS = -I$(srcdir) \ -I$(top_srcdir)/src \ @@ -12,7 +12,7 @@ txtout_la_LDFLAGS = -module -avoid-version $(libldns_LIBS) TESTS = test1.sh EXTRA_DIST = $(TESTS) -CLEANFILES += test1.out *.pcap-dist +CLEANFILES += test1.out if ENABLE_GCOV gcov-local: diff --git a/src/bpft.c b/src/bpft.c index 6ee58629..8ce1b564 100644 --- a/src/bpft.c +++ b/src/bpft.c @@ -41,7 +41,7 @@ void prepare_bpft(void) { - unsigned udp10_mbs, udp10_mbc, udp11_mbc; //udp11_mbs + unsigned udp10_mbs, udp10_mbc, udp11_mbc; // udp11_mbs text_list bpfl; text_ptr text; size_t len; @@ -70,13 +70,13 @@ void prepare_bpft(void) } /* - * Model - * (vlan) and (transport) - * (vlan) and ((icmp) or (frags) or (dns)) - * (vlan) and ((icmp) or (frags) or ((ports) and (hosts))) - * (vlan) and ((icmp) or (frags) or (((tcp) or (udp)) and (hosts))) - * [(vlan) and] ( [(icmp) or] [(frags) or] ( ( [(tcp) or] (udp) ) [and (hosts)] ) ) - */ + * Model + * (vlan) and (transport) + * (vlan) and ((icmp) or (frags) or (dns)) + * (vlan) and ((icmp) or (frags) or ((ports) and (hosts))) + * (vlan) and ((icmp) or (frags) or (((tcp) or (udp)) and (hosts))) + * [(vlan) and] ( [(icmp) or] [(frags) or] ( ( [(tcp) or] (udp) ) [and (hosts)] ) ) + */ /* Make a BPF program to do early course kernel-level filtering. */ INIT_LIST(bpfl); diff --git a/src/dnscap_common.h b/src/dnscap_common.h index fa869cd0..a1f05d91 100644 --- a/src/dnscap_common.h +++ b/src/dnscap_common.h @@ -116,10 +116,10 @@ typedef int filter_t(const char* descr, unsigned sport, unsigned dport, my_bpftimeval ts, - const u_char* pkt_copy, - const unsigned olen, - const u_char* payload, - const unsigned payloadlen); + u_char* pkt_copy, + unsigned olen, + u_char* payload, + unsigned payloadlen); /* * Extensions diff --git a/src/dumper.c b/src/dumper.c index 95d92a54..88d83fd9 100644 --- a/src/dumper.c +++ b/src/dumper.c @@ -44,8 +44,8 @@ */ void output(const char* descr, iaddr from, iaddr to, uint8_t proto, unsigned flags, unsigned sport, unsigned dport, my_bpftimeval ts, - const u_char* pkt_copy, const unsigned olen, - const u_char* payload, const unsigned payloadlen) + u_char* pkt_copy, const unsigned olen, + u_char* payload, const unsigned payloadlen) { struct plugin* p; diff --git a/src/dumper.h b/src/dumper.h index cec2dddd..ffef7cd9 100644 --- a/src/dumper.h +++ b/src/dumper.h @@ -39,8 +39,8 @@ void output(const char* descr, iaddr from, iaddr to, uint8_t proto, unsigned flags, unsigned sport, unsigned dport, my_bpftimeval ts, - const u_char* pkt_copy, const unsigned olen, - const u_char* payload, const unsigned payloadlen); + u_char* pkt_copy, const unsigned olen, + u_char* payload, const unsigned payloadlen); int dumper_open(my_bpftimeval ts); int dumper_close(my_bpftimeval ts); diff --git a/src/network.c b/src/network.c index 6dc3dfc4..0fa78c8a 100644 --- a/src/network.c +++ b/src/network.c @@ -517,7 +517,7 @@ _match_rr(const ldns_rr_list* rrs, char** reason, int* negmatch, int* match, ldn /* Look at each RR in the section (or each QNAME in the question section). */ myregex_ptr myregex; - size_t i, n; + size_t i, n; for (i = 0, n = ldns_rr_list_rr_count(rrs); i < n; i++) { ldns_rr* rr = ldns_rr_list_rr(rrs, i); if (!rr) { @@ -536,7 +536,7 @@ _match_rr(const ldns_rr_list* rrs, char** reason, int* negmatch, int* match, ldn myregex = NEXT(myregex, link)) { if (regexec(&myregex->reg, (char*)ldns_buffer_begin(buf), 0, NULL, 0) == 0) { - if (myregex->not) + if (myregex->not ) (*negmatch)++; else (*match)++; @@ -571,7 +571,7 @@ _filter_by_qname(const ldns_pkt* lpkt, char** reason) */ myregex_ptr myregex; for (myregex = HEAD(myregexes); myregex != NULL; myregex = NEXT(myregex, link)) { - if (myregex->not) { + if (myregex->not ) { negmatch = 0; } else { match = 0; @@ -609,15 +609,15 @@ _filter_by_qname(const ldns_pkt* lpkt, char** reason) void network_pkt2(const char* descr, my_bpftimeval ts, const pcap_thread_packet_t* packet, const u_char* payload, size_t length) { - u_char pkt_copy[SNAPLEN], *pkt = pkt_copy; - const u_char* dnspkt = 0; - unsigned proto, sport, dport; - iaddr from, to, initiator, responder; - int response, m; - unsigned flags = DNSCAP_OUTPUT_ISLAYER; - tcpstate_ptr tcpstate = NULL; - size_t len, dnslen = 0; - HEADER dns; + u_char pkt_copy[SNAPLEN], *pkt = pkt_copy; + u_char* dnspkt = 0; + unsigned proto, sport, dport; + iaddr from, to, initiator, responder; + int response, m; + unsigned flags = DNSCAP_OUTPUT_ISLAYER; + tcpstate_ptr tcpstate = NULL; + size_t len, dnslen = 0; + HEADER dns; /* Make a writable copy of the packet and use that copy from now on. */ if (length > SNAPLEN) @@ -664,8 +664,8 @@ void network_pkt2(const char* descr, my_bpftimeval ts, const pcap_thread_packet_ proto = IPPROTO_UDP; sport = packet->udphdr.uh_sport; dport = packet->udphdr.uh_dport; - dnspkt = payload; - dnslen = length; + dnspkt = pkt; + dnslen = len; flags |= DNSCAP_OUTPUT_ISDNS; } else if (packet->have_tcphdr) { uint32_t seq = packet->tcphdr.th_seq; @@ -1084,7 +1084,7 @@ void network_pkt(const char* descr, my_bpftimeval ts, unsigned pf, const u_char* opkt, size_t olen) { u_char pkt_copy[SNAPLEN], *pkt = pkt_copy; - const u_char* dnspkt = 0; + u_char* dnspkt = 0; unsigned proto, sport, dport; iaddr from, to, initiator, responder; struct ip6_hdr* ipv6; @@ -1448,8 +1448,8 @@ void network_pkt(const char* descr, my_bpftimeval ts, unsigned pf, tcpstate->lastdns = seq + tcpstate->dnslen; } else if (seqdiff == 0 && len > 2) { /* This is the first segment of the stream, and - * contains the dnslen and dns header, so we can - * filter on it. */ + * contains the dnslen and dns header, so we can + * filter on it. */ if (dumptrace >= 3) fprintf(stderr, "len+hdr\n"); dnslen = tcpstate->dnslen = (pkt[0] << 8) | (pkt[1] << 0); @@ -1461,7 +1461,7 @@ void network_pkt(const char* descr, my_bpftimeval ts, unsigned pf, tcpstate->lastdns = seq + 2 + tcpstate->dnslen; } else if (seqdiff == 0 && len == 2) { /* This is the first segment of the stream, but only - * contains the dnslen. */ + * contains the dnslen. */ if (dumptrace >= 3) fprintf(stderr, "len\n"); tcpstate->dnslen = (pkt[0] << 8) | (pkt[1] << 0); @@ -1478,7 +1478,7 @@ void network_pkt(const char* descr, my_bpftimeval ts, unsigned pf, goto network_pkt_end; } else if (seqdiff == 2) { /* This is not the first segment, but it does contain - * the first dns header, so we can filter on it. */ + * the first dns header, so we can filter on it. */ if (dumptrace >= 3) fprintf(stderr, "hdr\n"); tcpstate->maxdiff = seqdiff + (uint32_t)len; diff --git a/src/tcpreasm.c b/src/tcpreasm.c index e3df5395..7dc82fa3 100644 --- a/src/tcpreasm.c +++ b/src/tcpreasm.c @@ -104,7 +104,7 @@ static int dns_protocol_handler(tcpreasm_t* t, u_char* segment, uint16_t dnslen, } t->bfb_buf[t->bfb_at++] = dnslen >> 8; - t->bfb_buf[t->bfb_at++] = dnslen & 0xff; //NOSONAR + t->bfb_buf[t->bfb_at++] = dnslen & 0xff; // NOSONAR memcpy(&t->bfb_buf[t->bfb_at], segment, dnslen); t->bfb_at += dnslen; t->seq_bfb += 2 + dnslen; diff --git a/src/test/Makefile.am b/src/test/Makefile.am index c2221b6b..19184001 100644 --- a/src/test/Makefile.am +++ b/src/test/Makefile.am @@ -15,11 +15,12 @@ CLEANFILES = test*.log test*.trs \ test12.out test12.20161020.152301.075993.gz \ test13.out \ test14.out \ - test_regex_match.out + test_regex_match.out \ + edns.out TESTS = test1.sh test2.sh test3.sh test4.sh test5.sh test6.sh test7.sh \ test8.sh test9.sh test10.sh test11.sh test12.sh test13.sh test14.sh \ - test_regex_match.sh + test_regex_match.sh test_edns.sh EXTRA_DIST = $(TESTS) \ dns.gold dns.pcap \ @@ -34,4 +35,5 @@ EXTRA_DIST = $(TESTS) \ test9.gold \ dns6.pcap test10.gold \ test14.gold \ - test_regex_match.gold + test_regex_match.gold \ + edns.pcap edns.gold diff --git a/src/test/edns.gold b/src/test/edns.gold new file mode 100644 index 00000000..3e39ade6 --- /dev/null +++ b/src/test/edns.gold @@ -0,0 +1,123 @@ +[64] 2023-07-05 07:21:38.669836 [#0 edns.pcap 4095] \ + [172.17.0.6].58541 [172.17.0.1].53 \ + dns QUERY,NOERROR,31428,rd \ + 1 h.root-servers.net.,IN,A 0 0 0 +[64] 2023-07-05 07:21:38.669891 [#1 edns.pcap 4095] \ + [172.17.0.6].58541 [172.17.0.1].53 \ + dns QUERY,NOERROR,5824,rd \ + 1 h.root-servers.net.,IN,AAAA 0 0 0 +[80] 2023-07-05 07:21:38.669977 [#2 edns.pcap 4095] \ + [172.17.0.1].53 [172.17.0.6].58541 \ + dns QUERY,NOERROR,31428,qr|rd|ra \ + 1 h.root-servers.net.,IN,A \ + 1 h.root-servers.net.,IN,A,85098,198.97.190.53 0 0 +[92] 2023-07-05 07:21:38.670010 [#3 edns.pcap 4095] \ + [172.17.0.1].53 [172.17.0.6].58541 \ + dns QUERY,NOERROR,5824,qr|rd|ra \ + 1 h.root-servers.net.,IN,AAAA \ + 1 h.root-servers.net.,IN,AAAA,85098,2001:500:1::53 0 0 +[88] 2023-07-05 07:21:38.670793 [#4 edns.pcap 4095] \ + [172.17.0.6].33737 [198.97.190.53].53 \ + dns QUERY,NOERROR,56979,rd|ad \ + 1 ns1.dns.nic.aaa.,IN,NS 0 0 \ + 1 .,4096,4096,0,edns0[len=16,UDP=4096,ver=0,rcode=0,DO=0,z=0],edns0opt[code=3,codelen=0],edns0opt[code=10,codelen=8] +[464] 2023-07-05 07:21:38.698303 [#5 edns.pcap 4095] \ + [198.97.190.53].53 [172.17.0.6].33737 \ + dns QUERY,NOERROR,56979,qr|rd \ + 1 ns1.dns.nic.aaa.,IN,NS 0 \ + 6 aaa.,IN,NS,172800,a.nic.aaa. \ + aaa.,IN,NS,172800,b.nic.aaa. \ + aaa.,IN,NS,172800,c.nic.aaa. \ + aaa.,IN,NS,172800,ns1.dns.nic.aaa. \ + aaa.,IN,NS,172800,ns2.dns.nic.aaa. \ + aaa.,IN,NS,172800,ns3.dns.nic.aaa. \ + 13 a.nic.aaa.,IN,A,172800,37.209.192.9 \ + b.nic.aaa.,IN,A,172800,37.209.194.9 \ + c.nic.aaa.,IN,A,172800,37.209.196.9 \ + ns1.dns.nic.aaa.,IN,A,172800,156.154.144.2 \ + ns2.dns.nic.aaa.,IN,A,172800,156.154.145.2 \ + ns3.dns.nic.aaa.,IN,A,172800,156.154.159.2 \ + a.nic.aaa.,IN,AAAA,172800,2001:dcd:1::9 \ + b.nic.aaa.,IN,AAAA,172800,2001:dcd:2::9 \ + c.nic.aaa.,IN,AAAA,172800,2001:dcd:3::9 \ + ns1.dns.nic.aaa.,IN,AAAA,172800,2610:a1:1071::2 \ + ns2.dns.nic.aaa.,IN,AAAA,172800,2610:a1:1072::2 \ + ns3.dns.nic.aaa.,IN,AAAA,172800,2610:a1:1073::2 \ + .,1232,1232,0,edns0[len=30,UDP=1232,ver=0,rcode=0,DO=0,z=0],edns0opt[code=3,codelen=26] +[64] 2023-07-05 07:21:42.739334 [#6 edns.pcap 4095] \ + [172.17.0.6].53174 [172.17.0.1].53 \ + dns QUERY,NOERROR,48648,rd \ + 1 g.root-servers.net.,IN,A 0 0 0 +[64] 2023-07-05 07:21:42.739396 [#7 edns.pcap 4095] \ + [172.17.0.6].53174 [172.17.0.1].53 \ + dns QUERY,NOERROR,48141,rd \ + 1 g.root-servers.net.,IN,AAAA 0 0 0 +[80] 2023-07-05 07:21:42.739525 [#8 edns.pcap 4095] \ + [172.17.0.1].53 [172.17.0.6].53174 \ + dns QUERY,NOERROR,48648,qr|rd|ra \ + 1 g.root-servers.net.,IN,A \ + 1 g.root-servers.net.,IN,A,85094,192.112.36.4 0 0 +[92] 2023-07-05 07:21:42.739558 [#9 edns.pcap 4095] \ + [172.17.0.1].53 [172.17.0.6].53174 \ + dns QUERY,NOERROR,48141,qr|rd|ra \ + 1 g.root-servers.net.,IN,AAAA \ + 1 g.root-servers.net.,IN,AAAA,85094,2001:500:12::d0d 0 0 +[83] 2023-07-05 07:21:42.740590 [#10 edns.pcap 4095] \ + [172.17.0.6].50901 [192.112.36.4].53 \ + dns QUERY,NOERROR,35713,rd|ad \ + 1 net.,IN,A 0 0 \ + 1 .,4096,4096,0,edns0[len=23,UDP=4096,ver=0,rcode=0,DO=0,z=0],edns0opt[ECS,family=1,source=24,scope=0,addr=172.17.0.0],edns0opt[code=10,codelen=8] +[895] 2023-07-05 07:21:42.836816 [#11 edns.pcap 4095] \ + [192.112.36.4].53 [172.17.0.6].50901 \ + dns QUERY,NOERROR,35713,qr|rd \ + 1 net.,IN,A 0 \ + 13 net.,IN,NS,172800,j.gtld-servers.net. \ + net.,IN,NS,172800,b.gtld-servers.net. \ + net.,IN,NS,172800,a.gtld-servers.net. \ + net.,IN,NS,172800,h.gtld-servers.net. \ + net.,IN,NS,172800,d.gtld-servers.net. \ + net.,IN,NS,172800,c.gtld-servers.net. \ + net.,IN,NS,172800,i.gtld-servers.net. \ + net.,IN,NS,172800,e.gtld-servers.net. \ + net.,IN,NS,172800,m.gtld-servers.net. \ + net.,IN,NS,172800,f.gtld-servers.net. \ + net.,IN,NS,172800,k.gtld-servers.net. \ + net.,IN,NS,172800,l.gtld-servers.net. \ + net.,IN,NS,172800,g.gtld-servers.net. \ + 27 m.gtld-servers.net.,IN,A,172800,192.55.83.30 \ + l.gtld-servers.net.,IN,A,172800,192.41.162.30 \ + k.gtld-servers.net.,IN,A,172800,192.52.178.30 \ + j.gtld-servers.net.,IN,A,172800,192.48.79.30 \ + i.gtld-servers.net.,IN,A,172800,192.43.172.30 \ + h.gtld-servers.net.,IN,A,172800,192.54.112.30 \ + g.gtld-servers.net.,IN,A,172800,192.42.93.30 \ + f.gtld-servers.net.,IN,A,172800,192.35.51.30 \ + e.gtld-servers.net.,IN,A,172800,192.12.94.30 \ + d.gtld-servers.net.,IN,A,172800,192.31.80.30 \ + c.gtld-servers.net.,IN,A,172800,192.26.92.30 \ + b.gtld-servers.net.,IN,A,172800,192.33.14.30 \ + a.gtld-servers.net.,IN,A,172800,192.5.6.30 \ + m.gtld-servers.net.,IN,AAAA,172800,2001:501:b1f9::30 \ + l.gtld-servers.net.,IN,AAAA,172800,2001:500:d937::30 \ + k.gtld-servers.net.,IN,AAAA,172800,2001:503:d2d::30 \ + j.gtld-servers.net.,IN,AAAA,172800,2001:502:7094::30 \ + i.gtld-servers.net.,IN,AAAA,172800,2001:503:39c1::30 \ + h.gtld-servers.net.,IN,AAAA,172800,2001:502:8cc::30 \ + g.gtld-servers.net.,IN,AAAA,172800,2001:503:eea3::30 \ + f.gtld-servers.net.,IN,AAAA,172800,2001:503:d414::30 \ + e.gtld-servers.net.,IN,AAAA,172800,2001:502:1ca1::30 \ + d.gtld-servers.net.,IN,AAAA,172800,2001:500:856e::30 \ + c.gtld-servers.net.,IN,AAAA,172800,2001:503:83eb::30 \ + b.gtld-servers.net.,IN,AAAA,172800,2001:503:231d::2:30 \ + a.gtld-servers.net.,IN,AAAA,172800,2001:503:a83e::2:30 \ + .,1232,1232,0,edns0[len=39,UDP=1232,ver=0,rcode=0,DO=0,z=0],edns0opt[code=10,codelen=24],edns0opt[ECS,family=1,source=24,scope=0,addr=172.17.0.0] +[86] 2023-07-05 07:21:46.511502 [#12 edns.pcap 4095] \ + [172.17.0.6].35191 [1.1.1.1].53 \ + dns QUERY,NOERROR,960,rd|ad \ + 1 dnssec-failed.org.,IN,A 0 0 \ + 1 .,4096,4096,0,edns0[len=12,UDP=4096,ver=0,rcode=0,DO=0,z=0],edns0opt[code=10,codelen=8] +[131] 2023-07-05 07:21:46.518500 [#13 edns.pcap 4095] \ + [1.1.1.1].53 [172.17.0.6].35191 \ + dns QUERY,SERVFAIL,960,qr|rd|ra \ + 1 dnssec-failed.org.,IN,A 0 0 \ + 1 .,1232,1232,0,edns0[len=57,UDP=1232,ver=0,rcode=0,DO=0,z=0],edns0opt[code=15,codelen=53] diff --git a/src/test/edns.pcap b/src/test/edns.pcap new file mode 100644 index 0000000000000000000000000000000000000000..1d4dd1f82eaa624a85ed738f95a2369302648ec7 GIT binary patch literal 2791 zcmai0YiJx*6h3!my4l_A)?Ep0jCI@)Ya2DorZugRs@srCEp3{xAc4lpB>T#vyV-{p z1EsEuKQsyrEkSCuq*5x_3aR3Y5N~W6sL`523kq$pk_sXeEB+Dxc+Si|?o68G!X5UT z@6P$onRD+qd+p+daS0SC4+R(kspd@hou{18hQDb_EiZr4c~)vU=LMS`b^!#Bei($H zxBE8T!O0fSLlZpF85^3x=P3jZ7I&qS$!tR=l72Ok&d7;KmN-VyFRmQ@lpcN28hssK zCHe*<`UA~QIEWe0G_p1-&~tB39l!#-6V;SADL@luzoYZ;&`j=i%5SCIxl3Qc_V$4? zt4%dgEl;CbA3j8LiCR~xOINEjsqOB}uj8wzVJ)bJS0FWykF6=aSriJ9@(Vkh5Jf<9 zNsl^vv9Uq#ufI`^lxzMn_NcW{SvbyoMwP(iM5a*=C$KraJ+h{07>B5O4@Sh{0U57O zut)#?%<Va`jsz?Fl zW9HHVcf`VF${hArnb)C;{jCWE8vW6<=8yZuaxzZFl7gKJebAAnvg}UDRpX z;Xi$0_`sAMYcG_~V)ym|ir%_%^v!zo1J>x1?p31WYoX|uF#7U7kbNI8_wzqf-lPCc zm_7QylwCNP%j912fhZ_^@DYX7en++CeIPrgtIe6z&<7^ntEgcuB_D_ueBl0KGu>`d zzO%OyG`vM~i4TNAGo(Dahiar;XRl+Ao;!A9IL8DZD428k?5_tqQ~;|6e2y&OwEfmU zL;v0QoCN1*T<|XLQkqr^kdL1DItYJxyEl`V@nUDM%l-Ra8_wm7P2q+IOJ4)5jVy-_ zO%>~N#j*oo(-%YF71qt`OjxtvxCMtTxW|HfEjVJqhb%a1!TlCIV8JoO6Ih*5pTf6? zRDMgq^`}*SRlrYPPHEX71x>%Us#0H{l7aE}lS!E5c`LZ0U;8xs5l6Zwm+2iHCFT zl?n*c5}Zri;6=Wk+`tv1gUN8bbr{{C<edns.out + +mv edns.out edns.out.old +grep -v "^libgcov profiling error:" edns.out.old > edns.out +rm edns.out.old + +diff edns.out "$srcdir/edns.gold" From 1ea8d3fb74e39da185c0e073128a4d17cd110dc9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jerry=20Lundstr=C3=B6m?= Date: Wed, 16 Aug 2023 11:22:12 +0200 Subject: [PATCH 5/7] Doc - `README`: Mention PowerTools for libpcap-devel --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 2dd19831..a3585c9a 100644 --- a/README.md +++ b/README.md @@ -39,7 +39,7 @@ To install the dependencies under Debian/Ubuntu: apt-get install -y libpcap-dev libldns-dev zlib1g-dev libyaml-perl libssl-dev ``` -To install the dependencies under CentOS (with EPEL enabled): +To install the dependencies under CentOS (with EPEL/PowerTools enabled): ``` yum install -y libpcap-devel ldns-devel openssl-devel zlib-devel perl-YAML ``` From d4e0b2c14041de8c4ef72ec063b12d80ec71a81f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jerry=20Lundstr=C3=B6m?= Date: Thu, 10 Aug 2023 15:24:30 +0200 Subject: [PATCH 6/7] TCP state hash table - Add hash table to TCP states for faster lookup when there is a lot of states (see #289) --- debian/copyright | 7 + src/Makefile.am | 3 +- src/dnscap.h | 10 + src/ext/lookup3.c | 1235 +++++++++++++++++++++++++++++++++++++++++++++ src/hashtbl.h | 9 + src/iaddr.c | 13 + src/iaddr.h | 1 + src/network.c | 18 +- src/tcpstate.c | 84 ++- src/tcpstate.h | 1 + 10 files changed, 1358 insertions(+), 23 deletions(-) create mode 100644 src/ext/lookup3.c diff --git a/debian/copyright b/debian/copyright index c7649b63..0a0de7c2 100644 --- a/debian/copyright +++ b/debian/copyright @@ -23,6 +23,10 @@ Files: m4/* Copyright: 2011 Free Software Foundation, Inc. License: FSF +Files: src/ext/lookup3.c +Copyright: 2006 Bob Jenkins +License: Public Domain + License: ISC Permission to use, copy, modify, and/or distribute this software for any purpose with or without fee is hereby granted, provided that the above @@ -89,3 +93,6 @@ License: FSF This file is free software; the Free Software Foundation gives unlimited permission to copy and/or distribute it, with or without modifications, as long as this notice is preserved. + +License: Public Domain + Public Domain. diff --git a/src/Makefile.am b/src/Makefile.am index e194d954..d46dd856 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -17,7 +17,8 @@ bin_PROGRAMS = dnscap dnscap_SOURCES = args.c assert.c bpft.c daemon.c dnscap.c dump_cbor.c \ dump_cds.c dump_dns.c dumper.c endpoint.c hashtbl.c iaddr.c log.c \ network.c options.c pcaps.c sig.c tcpstate.c tcpreasm.c memzero.c \ - pcap-thread/pcap_thread.c pcap-thread/pcap_thread_ext_frag.c + pcap-thread/pcap_thread.c pcap-thread/pcap_thread_ext_frag.c \ + ext/lookup3.c dist_dnscap_SOURCES = args.h bpft.h daemon.h dnscap_common.h dnscap.h \ dump_cbor.h dump_cds.h dump_dns.h dumper.h endpoint.h hashtbl.h iaddr.h \ log.h network.h options.h pcaps.h sig.h tcpstate.h tcpreasm.h memzero.h \ diff --git a/src/dnscap.h b/src/dnscap.h index ebdde873..e079ec9a 100644 --- a/src/dnscap.h +++ b/src/dnscap.h @@ -297,9 +297,19 @@ struct tcpreasm { size_t bfb_at; }; +struct tcpstate_key { + iaddr* saddr; + iaddr* daddr; + unsigned sport; + unsigned dport; +}; +typedef struct tcpstate_key tcpstate_key; + struct tcpstate { LINK(struct tcpstate) link; + tcpstate_key key; + iaddr saddr; iaddr daddr; uint16_t sport; diff --git a/src/ext/lookup3.c b/src/ext/lookup3.c new file mode 100644 index 00000000..99694a52 --- /dev/null +++ b/src/ext/lookup3.c @@ -0,0 +1,1235 @@ +/* +------------------------------------------------------------------------------- +lookup3.c, by Bob Jenkins, May 2006, Public Domain. + +These are functions for producing 32-bit hashes for hash table lookup. +hashword(), hashlittle(), hashlittle2(), hashbig(), mix(), and final() +are externally useful functions. Routines to test the hash are included +if SELF_TEST is defined. You can use this free for any purpose. It's in +the public domain. It has no warranty. + +You probably want to use hashlittle(). hashlittle() and hashbig() +hash byte arrays. hashlittle() is is faster than hashbig() on +little-endian machines. Intel and AMD are little-endian machines. +On second thought, you probably want hashlittle2(), which is identical to +hashlittle() except it returns two 32-bit hashes for the price of one. +You could implement hashbig2() if you wanted but I haven't bothered here. + +If you want to find a hash of, say, exactly 7 integers, do + a = i1; b = i2; c = i3; + mix(a,b,c); + a += i4; b += i5; c += i6; + mix(a,b,c); + a += i7; + final(a,b,c); +then use c as the hash value. If you have a variable length array of +4-byte integers to hash, use hashword(). If you have a byte array (like +a character string), use hashlittle(). If you have several byte arrays, or +a mix of things, see the comments above hashlittle(). + +Why is this so big? I read 12 bytes at a time into 3 4-byte integers, +then mix those integers. This is fast (you can do a lot more thorough +mixing with 12*3 instructions on 3 integers than you can with 3 instructions +on 1 byte), but shoehorning those bytes into integers efficiently is messy. +------------------------------------------------------------------------------- +*/ +#define SELF_TEST 0 + +#include /* defines printf for tests */ +#include /* defines time_t for timings in the test */ +#if defined (__SVR4) && defined (__sun) +#include +#else +#include /* defines uint32_t etc */ +#endif +#include /* attempt to define endianness */ +#ifdef linux +#include /* attempt to define endianness */ +#endif + +/* + * My best guess at if you are big-endian or little-endian. This may + * need adjustment. + */ +#if (defined(__BYTE_ORDER) && defined(__LITTLE_ENDIAN) && \ + __BYTE_ORDER == __LITTLE_ENDIAN) || \ + (defined(i386) || defined(__i386__) || defined(__i486__) || \ + defined(__i586__) || defined(__i686__) || defined(vax) || defined(MIPSEL)) +#define HASH_LITTLE_ENDIAN 1 +#define HASH_BIG_ENDIAN 0 +#elif (defined(__BYTE_ORDER) && defined(__BIG_ENDIAN) && \ + __BYTE_ORDER == __BIG_ENDIAN) || \ + (defined(sparc) || defined(POWERPC) || defined(mc68000) || defined(sel)) +#define HASH_LITTLE_ENDIAN 0 +#define HASH_BIG_ENDIAN 1 +#else +#define HASH_LITTLE_ENDIAN 0 +#define HASH_BIG_ENDIAN 0 +#endif + +#define hashsize(n) ((uint32_t)1<<(n)) +#define hashmask(n) (hashsize(n)-1) +#define rot(x,k) (((x)<<(k)) | ((x)>>(32-(k)))) + +/* +------------------------------------------------------------------------------- +mix -- mix 3 32-bit values reversibly. + +This is reversible, so any information in (a,b,c) before mix() is +still in (a,b,c) after mix(). + +If four pairs of (a,b,c) inputs are run through mix(), or through +mix() in reverse, there are at least 32 bits of the output that +are sometimes the same for one pair and different for another pair. +This was tested for: +* pairs that differed by one bit, by two bits, in any combination + of top bits of (a,b,c), or in any combination of bottom bits of + (a,b,c). +* "differ" is defined as +, -, ^, or ~^. For + and -, I transformed + the output delta to a Gray code (a^(a>>1)) so a string of 1's (as + is commonly produced by subtraction) look like a single 1-bit + difference. +* the base values were pseudorandom, all zero but one bit set, or + all zero plus a counter that starts at zero. + +Some k values for my "a-=c; a^=rot(c,k); c+=b;" arrangement that +satisfy this are + 4 6 8 16 19 4 + 9 15 3 18 27 15 + 14 9 3 7 17 3 +Well, "9 15 3 18 27 15" didn't quite get 32 bits diffing +for "differ" defined as + with a one-bit base and a two-bit delta. I +used http://burtleburtle.net/bob/hash/avalanche.html to choose +the operations, constants, and arrangements of the variables. + +This does not achieve avalanche. There are input bits of (a,b,c) +that fail to affect some output bits of (a,b,c), especially of a. The +most thoroughly mixed value is c, but it doesn't really even achieve +avalanche in c. + +This allows some parallelism. Read-after-writes are good at doubling +the number of bits affected, so the goal of mixing pulls in the opposite +direction as the goal of parallelism. I did what I could. Rotates +seem to cost as much as shifts on every machine I could lay my hands +on, and rotates are much kinder to the top and bottom bits, so I used +rotates. +------------------------------------------------------------------------------- +*/ +#define mix(a,b,c) \ +{ \ + a -= c; a ^= rot(c, 4); c += b; \ + b -= a; b ^= rot(a, 6); a += c; \ + c -= b; c ^= rot(b, 8); b += a; \ + a -= c; a ^= rot(c,16); c += b; \ + b -= a; b ^= rot(a,19); a += c; \ + c -= b; c ^= rot(b, 4); b += a; \ +} + +/* +------------------------------------------------------------------------------- +final -- final mixing of 3 32-bit values (a,b,c) into c + +Pairs of (a,b,c) values differing in only a few bits will usually +produce values of c that look totally different. This was tested for +* pairs that differed by one bit, by two bits, in any combination + of top bits of (a,b,c), or in any combination of bottom bits of + (a,b,c). +* "differ" is defined as +, -, ^, or ~^. For + and -, I transformed + the output delta to a Gray code (a^(a>>1)) so a string of 1's (as + is commonly produced by subtraction) look like a single 1-bit + difference. +* the base values were pseudorandom, all zero but one bit set, or + all zero plus a counter that starts at zero. + +These constants passed: + 14 11 25 16 4 14 24 + 12 14 25 16 4 14 24 +and these came close: + 4 8 15 26 3 22 24 + 10 8 15 26 3 22 24 + 11 8 15 26 3 22 24 +------------------------------------------------------------------------------- +*/ +#define final(a,b,c) \ +{ \ + c ^= b; c -= rot(b,14); \ + a ^= c; a -= rot(c,11); \ + b ^= a; b -= rot(a,25); \ + c ^= b; c -= rot(b,16); \ + a ^= c; a -= rot(c,4); \ + b ^= a; b -= rot(a,14); \ + c ^= b; c -= rot(b,24); \ +} + +/* +-------------------------------------------------------------------- + This works on all machines. To be useful, it requires + -- that the key be an array of uint32_t's, and + -- that the length be the number of uint32_t's in the key + + The function hashword() is identical to hashlittle() on little-endian + machines, and identical to hashbig() on big-endian machines, + except that the length has to be measured in uint32_ts rather than in + bytes. hashlittle() is more complicated than hashword() only because + hashlittle() has to dance around fitting the key bytes into registers. +-------------------------------------------------------------------- +*/ +uint32_t +hashword(const uint32_t * k, /* the key, an array of uint32_t values */ + size_t length, /* the length of the key, in uint32_ts */ + uint32_t initval) +{ /* the previous hash, or an arbitrary value */ + uint32_t a, b, c; + + /* Set up the internal state */ + a = b = c = 0xdeadbeef + (((uint32_t) length) << 2) + initval; + + /*------------------------------------------------- handle most of the key */ + while (length > 3) { + a += k[0]; + b += k[1]; + c += k[2]; + mix(a, b, c); + length -= 3; + k += 3; + } + + /*------------------------------------------- handle the last 3 uint32_t's */ + switch (length) { /* all the case statements fall through */ + case 3: + c += k[2]; + case 2: + b += k[1]; + case 1: + a += k[0]; + final(a, b, c); + case 0: /* case 0: nothing left to add */ + break; + } + /*------------------------------------------------------ report the result */ + return c; +} + + +/* +-------------------------------------------------------------------- +hashword2() -- same as hashword(), but take two seeds and return two +32-bit values. pc and pb must both be nonnull, and *pc and *pb must +both be initialized with seeds. If you pass in (*pb)==0, the output +(*pc) will be the same as the return value from hashword(). +-------------------------------------------------------------------- +*/ +void +hashword2(const uint32_t * k, /* the key, an array of uint32_t values */ + size_t length, /* the length of the key, in uint32_ts */ + uint32_t * pc, /* IN: seed OUT: primary hash value */ + uint32_t * pb) +{ /* IN: more seed OUT: secondary hash value */ + uint32_t a, b, c; + + /* Set up the internal state */ + a = b = c = 0xdeadbeef + ((uint32_t) (length << 2)) + *pc; + c += *pb; + + /*------------------------------------------------- handle most of the key */ + while (length > 3) { + a += k[0]; + b += k[1]; + c += k[2]; + mix(a, b, c); + length -= 3; + k += 3; + } + + /*------------------------------------------- handle the last 3 uint32_t's */ + switch (length) { /* all the case statements fall through */ + case 3: + c += k[2]; + case 2: + b += k[1]; + case 1: + a += k[0]; + final(a, b, c); + case 0: /* case 0: nothing left to add */ + break; + } + /*------------------------------------------------------ report the result */ + *pc = c; + *pb = b; +} + + +/* +------------------------------------------------------------------------------- +hashlittle() -- hash a variable-length key into a 32-bit value + k : the key (the unaligned variable-length array of bytes) + length : the length of the key, counting by bytes + initval : can be any 4-byte value +Returns a 32-bit value. Every bit of the key affects every bit of +the return value. Two keys differing by one or two bits will have +totally different hash values. + +The best hash table sizes are powers of 2. There is no need to do +mod a prime (mod is sooo slow!). If you need less than 32 bits, +use a bitmask. For example, if you need only 10 bits, do + h = (h & hashmask(10)); +In which case, the hash table should have hashsize(10) elements. + +If you are hashing n strings (uint8_t **)k, do it like this: + for (i=0, h=0; i 12) { + a += k[0]; + b += k[1]; + c += k[2]; + mix(a, b, c); + length -= 12; + k += 3; + } + + /*----------------------------- handle the last (probably partial) block */ + /* + * "k[2]&0xffffff" actually reads beyond the end of the string, but + * then masks off the part it's not allowed to read. Because the + * string is aligned, the masked-off tail is in the same word as the + * rest of the string. Every machine with memory protection I've seen + * does it on word boundaries, so is OK with this. But VALGRIND will + * still catch it and complain. The masking trick does make the hash + * noticably faster for short strings (like English words). + */ +#ifndef VALGRIND + + switch (length) { + case 12: + c += k[2]; + b += k[1]; + a += k[0]; + break; + case 11: + c += k[2] & 0xffffff; + b += k[1]; + a += k[0]; + break; + case 10: + c += k[2] & 0xffff; + b += k[1]; + a += k[0]; + break; + case 9: + c += k[2] & 0xff; + b += k[1]; + a += k[0]; + break; + case 8: + b += k[1]; + a += k[0]; + break; + case 7: + b += k[1] & 0xffffff; + a += k[0]; + break; + case 6: + b += k[1] & 0xffff; + a += k[0]; + break; + case 5: + b += k[1] & 0xff; + a += k[0]; + break; + case 4: + a += k[0]; + break; + case 3: + a += k[0] & 0xffffff; + break; + case 2: + a += k[0] & 0xffff; + break; + case 1: + a += k[0] & 0xff; + break; + case 0: + return c; /* zero length strings require no mixing */ + } + +#else /* make valgrind happy */ + + k8 = (const uint8_t *) k; + switch (length) { + case 12: + c += k[2]; + b += k[1]; + a += k[0]; + break; + case 11: + c += ((uint32_t) k8[10]) << 16; /* fall through */ + case 10: + c += ((uint32_t) k8[9]) << 8; /* fall through */ + case 9: + c += k8[8]; /* fall through */ + case 8: + b += k[1]; + a += k[0]; + break; + case 7: + b += ((uint32_t) k8[6]) << 16; /* fall through */ + case 6: + b += ((uint32_t) k8[5]) << 8; /* fall through */ + case 5: + b += k8[4]; /* fall through */ + case 4: + a += k[0]; + break; + case 3: + a += ((uint32_t) k8[2]) << 16; /* fall through */ + case 2: + a += ((uint32_t) k8[1]) << 8; /* fall through */ + case 1: + a += k8[0]; + break; + case 0: + return c; + } + +#endif /* !valgrind */ + + } else if (HASH_LITTLE_ENDIAN && ((u.i & 0x1) == 0)) { + const uint16_t *k = (const uint16_t *) key; /* read 16-bit chunks */ + const uint8_t *k8; + + /*--------------- all but last block: aligned reads and different mixing */ + while (length > 12) { + a += k[0] + (((uint32_t) k[1]) << 16); + b += k[2] + (((uint32_t) k[3]) << 16); + c += k[4] + (((uint32_t) k[5]) << 16); + mix(a, b, c); + length -= 12; + k += 6; + } + + /*----------------------------- handle the last (probably partial) block */ + k8 = (const uint8_t *) k; + switch (length) { + case 12: + c += k[4] + (((uint32_t) k[5]) << 16); + b += k[2] + (((uint32_t) k[3]) << 16); + a += k[0] + (((uint32_t) k[1]) << 16); + break; + case 11: + c += ((uint32_t) k8[10]) << 16; /* fall through */ + case 10: + c += k[4]; + b += k[2] + (((uint32_t) k[3]) << 16); + a += k[0] + (((uint32_t) k[1]) << 16); + break; + case 9: + c += k8[8]; /* fall through */ + case 8: + b += k[2] + (((uint32_t) k[3]) << 16); + a += k[0] + (((uint32_t) k[1]) << 16); + break; + case 7: + b += ((uint32_t) k8[6]) << 16; /* fall through */ + case 6: + b += k[2]; + a += k[0] + (((uint32_t) k[1]) << 16); + break; + case 5: + b += k8[4]; /* fall through */ + case 4: + a += k[0] + (((uint32_t) k[1]) << 16); + break; + case 3: + a += ((uint32_t) k8[2]) << 16; /* fall through */ + case 2: + a += k[0]; + break; + case 1: + a += k8[0]; + break; + case 0: + return c; /* zero length requires no mixing */ + } + + } else { /* need to read the key one byte at a time */ + const uint8_t *k = (const uint8_t *) key; + + /*--------------- all but the last block: affect some 32 bits of (a,b,c) */ + while (length > 12) { + a += k[0]; + a += ((uint32_t) k[1]) << 8; + a += ((uint32_t) k[2]) << 16; + a += ((uint32_t) k[3]) << 24; + b += k[4]; + b += ((uint32_t) k[5]) << 8; + b += ((uint32_t) k[6]) << 16; + b += ((uint32_t) k[7]) << 24; + c += k[8]; + c += ((uint32_t) k[9]) << 8; + c += ((uint32_t) k[10]) << 16; + c += ((uint32_t) k[11]) << 24; + mix(a, b, c); + length -= 12; + k += 12; + } + + /*-------------------------------- last block: affect all 32 bits of (c) */ + switch (length) { /* all the case statements fall through */ + case 12: + c += ((uint32_t) k[11]) << 24; + case 11: + c += ((uint32_t) k[10]) << 16; + case 10: + c += ((uint32_t) k[9]) << 8; + case 9: + c += k[8]; + case 8: + b += ((uint32_t) k[7]) << 24; + case 7: + b += ((uint32_t) k[6]) << 16; + case 6: + b += ((uint32_t) k[5]) << 8; + case 5: + b += k[4]; + case 4: + a += ((uint32_t) k[3]) << 24; + case 3: + a += ((uint32_t) k[2]) << 16; + case 2: + a += ((uint32_t) k[1]) << 8; + case 1: + a += k[0]; + break; + case 0: + return c; + } + } + + final(a, b, c); + return c; +} + + +/* + * hashlittle2: return 2 32-bit hash values + * + * This is identical to hashlittle(), except it returns two 32-bit hash + * values instead of just one. This is good enough for hash table + * lookup with 2^^64 buckets, or if you want a second hash if you're not + * happy with the first, or if you want a probably-unique 64-bit ID for + * the key. *pc is better mixed than *pb, so use *pc first. If you want + * a 64-bit value do something like "*pc + (((uint64_t)*pb)<<32)". + */ +void +hashlittle2(const void *key, /* the key to hash */ + size_t length, /* length of the key */ + uint32_t * pc, /* IN: primary initval, OUT: primary hash */ + uint32_t * pb) +{ /* IN: secondary initval, OUT: secondary hash */ + uint32_t a, b, c; /* internal state */ + union + { + const void *ptr; + size_t i; + } u; /* needed for Mac Powerbook G4 */ + + /* Set up the internal state */ + a = b = c = 0xdeadbeef + ((uint32_t) length) + *pc; + c += *pb; + + u.ptr = key; + if (HASH_LITTLE_ENDIAN && ((u.i & 0x3) == 0)) { + const uint32_t *k = (const uint32_t *) key; /* read 32-bit chunks */ +#ifdef VALGRIND + const uint8_t *k8; +#endif + + /*------ all but last block: aligned reads and affect 32 bits of (a,b,c) */ + while (length > 12) { + a += k[0]; + b += k[1]; + c += k[2]; + mix(a, b, c); + length -= 12; + k += 3; + } + + /*----------------------------- handle the last (probably partial) block */ + /* + * "k[2]&0xffffff" actually reads beyond the end of the string, but + * then masks off the part it's not allowed to read. Because the + * string is aligned, the masked-off tail is in the same word as the + * rest of the string. Every machine with memory protection I've seen + * does it on word boundaries, so is OK with this. But VALGRIND will + * still catch it and complain. The masking trick does make the hash + * noticably faster for short strings (like English words). + */ +#ifndef VALGRIND + + switch (length) { + case 12: + c += k[2]; + b += k[1]; + a += k[0]; + break; + case 11: + c += k[2] & 0xffffff; + b += k[1]; + a += k[0]; + break; + case 10: + c += k[2] & 0xffff; + b += k[1]; + a += k[0]; + break; + case 9: + c += k[2] & 0xff; + b += k[1]; + a += k[0]; + break; + case 8: + b += k[1]; + a += k[0]; + break; + case 7: + b += k[1] & 0xffffff; + a += k[0]; + break; + case 6: + b += k[1] & 0xffff; + a += k[0]; + break; + case 5: + b += k[1] & 0xff; + a += k[0]; + break; + case 4: + a += k[0]; + break; + case 3: + a += k[0] & 0xffffff; + break; + case 2: + a += k[0] & 0xffff; + break; + case 1: + a += k[0] & 0xff; + break; + case 0: + *pc = c; + *pb = b; + return; /* zero length strings require no mixing */ + } + +#else /* make valgrind happy */ + + k8 = (const uint8_t *) k; + switch (length) { + case 12: + c += k[2]; + b += k[1]; + a += k[0]; + break; + case 11: + c += ((uint32_t) k8[10]) << 16; /* fall through */ + case 10: + c += ((uint32_t) k8[9]) << 8; /* fall through */ + case 9: + c += k8[8]; /* fall through */ + case 8: + b += k[1]; + a += k[0]; + break; + case 7: + b += ((uint32_t) k8[6]) << 16; /* fall through */ + case 6: + b += ((uint32_t) k8[5]) << 8; /* fall through */ + case 5: + b += k8[4]; /* fall through */ + case 4: + a += k[0]; + break; + case 3: + a += ((uint32_t) k8[2]) << 16; /* fall through */ + case 2: + a += ((uint32_t) k8[1]) << 8; /* fall through */ + case 1: + a += k8[0]; + break; + case 0: + *pc = c; + *pb = b; + return; /* zero length strings require no mixing */ + } + +#endif /* !valgrind */ + + } else if (HASH_LITTLE_ENDIAN && ((u.i & 0x1) == 0)) { + const uint16_t *k = (const uint16_t *) key; /* read 16-bit chunks */ + const uint8_t *k8; + + /*--------------- all but last block: aligned reads and different mixing */ + while (length > 12) { + a += k[0] + (((uint32_t) k[1]) << 16); + b += k[2] + (((uint32_t) k[3]) << 16); + c += k[4] + (((uint32_t) k[5]) << 16); + mix(a, b, c); + length -= 12; + k += 6; + } + + /*----------------------------- handle the last (probably partial) block */ + k8 = (const uint8_t *) k; + switch (length) { + case 12: + c += k[4] + (((uint32_t) k[5]) << 16); + b += k[2] + (((uint32_t) k[3]) << 16); + a += k[0] + (((uint32_t) k[1]) << 16); + break; + case 11: + c += ((uint32_t) k8[10]) << 16; /* fall through */ + case 10: + c += k[4]; + b += k[2] + (((uint32_t) k[3]) << 16); + a += k[0] + (((uint32_t) k[1]) << 16); + break; + case 9: + c += k8[8]; /* fall through */ + case 8: + b += k[2] + (((uint32_t) k[3]) << 16); + a += k[0] + (((uint32_t) k[1]) << 16); + break; + case 7: + b += ((uint32_t) k8[6]) << 16; /* fall through */ + case 6: + b += k[2]; + a += k[0] + (((uint32_t) k[1]) << 16); + break; + case 5: + b += k8[4]; /* fall through */ + case 4: + a += k[0] + (((uint32_t) k[1]) << 16); + break; + case 3: + a += ((uint32_t) k8[2]) << 16; /* fall through */ + case 2: + a += k[0]; + break; + case 1: + a += k8[0]; + break; + case 0: + *pc = c; + *pb = b; + return; /* zero length strings require no mixing */ + } + + } else { /* need to read the key one byte at a time */ + const uint8_t *k = (const uint8_t *) key; + + /*--------------- all but the last block: affect some 32 bits of (a,b,c) */ + while (length > 12) { + a += k[0]; + a += ((uint32_t) k[1]) << 8; + a += ((uint32_t) k[2]) << 16; + a += ((uint32_t) k[3]) << 24; + b += k[4]; + b += ((uint32_t) k[5]) << 8; + b += ((uint32_t) k[6]) << 16; + b += ((uint32_t) k[7]) << 24; + c += k[8]; + c += ((uint32_t) k[9]) << 8; + c += ((uint32_t) k[10]) << 16; + c += ((uint32_t) k[11]) << 24; + mix(a, b, c); + length -= 12; + k += 12; + } + + /*-------------------------------- last block: affect all 32 bits of (c) */ + switch (length) { /* all the case statements fall through */ + case 12: + c += ((uint32_t) k[11]) << 24; + case 11: + c += ((uint32_t) k[10]) << 16; + case 10: + c += ((uint32_t) k[9]) << 8; + case 9: + c += k[8]; + case 8: + b += ((uint32_t) k[7]) << 24; + case 7: + b += ((uint32_t) k[6]) << 16; + case 6: + b += ((uint32_t) k[5]) << 8; + case 5: + b += k[4]; + case 4: + a += ((uint32_t) k[3]) << 24; + case 3: + a += ((uint32_t) k[2]) << 16; + case 2: + a += ((uint32_t) k[1]) << 8; + case 1: + a += k[0]; + break; + case 0: + *pc = c; + *pb = b; + return; /* zero length strings require no mixing */ + } + } + + final(a, b, c); + *pc = c; + *pb = b; +} + + + +/* + * hashbig(): + * This is the same as hashword() on big-endian machines. It is different + * from hashlittle() on all machines. hashbig() takes advantage of + * big-endian byte ordering. + */ +uint32_t +hashbig(const void *key, size_t length, uint32_t initval) +{ + uint32_t a, b, c; + union + { + const void *ptr; + size_t i; + } u; /* to cast key to (size_t) happily */ + + /* Set up the internal state */ + a = b = c = 0xdeadbeef + ((uint32_t) length) + initval; + + u.ptr = key; + if (HASH_BIG_ENDIAN && ((u.i & 0x3) == 0)) { + const uint32_t *k = (const uint32_t *) key; /* read 32-bit chunks */ +#ifdef VALGRIND + const uint8_t *k8; +#endif + + /*------ all but last block: aligned reads and affect 32 bits of (a,b,c) */ + while (length > 12) { + a += k[0]; + b += k[1]; + c += k[2]; + mix(a, b, c); + length -= 12; + k += 3; + } + + /*----------------------------- handle the last (probably partial) block */ + /* + * "k[2]<<8" actually reads beyond the end of the string, but + * then shifts out the part it's not allowed to read. Because the + * string is aligned, the illegal read is in the same word as the + * rest of the string. Every machine with memory protection I've seen + * does it on word boundaries, so is OK with this. But VALGRIND will + * still catch it and complain. The masking trick does make the hash + * noticably faster for short strings (like English words). + */ +#ifndef VALGRIND + + switch (length) { + case 12: + c += k[2]; + b += k[1]; + a += k[0]; + break; + case 11: + c += k[2] & 0xffffff00; + b += k[1]; + a += k[0]; + break; + case 10: + c += k[2] & 0xffff0000; + b += k[1]; + a += k[0]; + break; + case 9: + c += k[2] & 0xff000000; + b += k[1]; + a += k[0]; + break; + case 8: + b += k[1]; + a += k[0]; + break; + case 7: + b += k[1] & 0xffffff00; + a += k[0]; + break; + case 6: + b += k[1] & 0xffff0000; + a += k[0]; + break; + case 5: + b += k[1] & 0xff000000; + a += k[0]; + break; + case 4: + a += k[0]; + break; + case 3: + a += k[0] & 0xffffff00; + break; + case 2: + a += k[0] & 0xffff0000; + break; + case 1: + a += k[0] & 0xff000000; + break; + case 0: + return c; /* zero length strings require no mixing */ + } + +#else /* make valgrind happy */ + + k8 = (const uint8_t *) k; + switch (length) { /* all the case statements fall through */ + case 12: + c += k[2]; + b += k[1]; + a += k[0]; + break; + case 11: + c += ((uint32_t) k8[10]) << 8; /* fall through */ + case 10: + c += ((uint32_t) k8[9]) << 16; /* fall through */ + case 9: + c += ((uint32_t) k8[8]) << 24; /* fall through */ + case 8: + b += k[1]; + a += k[0]; + break; + case 7: + b += ((uint32_t) k8[6]) << 8; /* fall through */ + case 6: + b += ((uint32_t) k8[5]) << 16; /* fall through */ + case 5: + b += ((uint32_t) k8[4]) << 24; /* fall through */ + case 4: + a += k[0]; + break; + case 3: + a += ((uint32_t) k8[2]) << 8; /* fall through */ + case 2: + a += ((uint32_t) k8[1]) << 16; /* fall through */ + case 1: + a += ((uint32_t) k8[0]) << 24; + break; + case 0: + return c; + } + +#endif /* !VALGRIND */ + + } else { /* need to read the key one byte at a time */ + const uint8_t *k = (const uint8_t *) key; + + /*--------------- all but the last block: affect some 32 bits of (a,b,c) */ + while (length > 12) { + a += ((uint32_t) k[0]) << 24; + a += ((uint32_t) k[1]) << 16; + a += ((uint32_t) k[2]) << 8; + a += ((uint32_t) k[3]); + b += ((uint32_t) k[4]) << 24; + b += ((uint32_t) k[5]) << 16; + b += ((uint32_t) k[6]) << 8; + b += ((uint32_t) k[7]); + c += ((uint32_t) k[8]) << 24; + c += ((uint32_t) k[9]) << 16; + c += ((uint32_t) k[10]) << 8; + c += ((uint32_t) k[11]); + mix(a, b, c); + length -= 12; + k += 12; + } + + /*-------------------------------- last block: affect all 32 bits of (c) */ + switch (length) { /* all the case statements fall through */ + case 12: + c += k[11]; + case 11: + c += ((uint32_t) k[10]) << 8; + case 10: + c += ((uint32_t) k[9]) << 16; + case 9: + c += ((uint32_t) k[8]) << 24; + case 8: + b += k[7]; + case 7: + b += ((uint32_t) k[6]) << 8; + case 6: + b += ((uint32_t) k[5]) << 16; + case 5: + b += ((uint32_t) k[4]) << 24; + case 4: + a += k[3]; + case 3: + a += ((uint32_t) k[2]) << 8; + case 2: + a += ((uint32_t) k[1]) << 16; + case 1: + a += ((uint32_t) k[0]) << 24; + break; + case 0: + return c; + } + } + + final(a, b, c); + return c; +} + + +#if SELF_TEST + +/* used for timings */ +void +driver1() +{ + uint8_t buf[256]; + uint32_t i; + uint32_t h = 0; + time_t a, z; + + time(&a); + for (i = 0; i < 256; ++i) + buf[i] = 'x'; + for (i = 0; i < 1; ++i) { + h = hashlittle(&buf[0], 1, h); + } + time(&z); + if (z - a > 0) + printf("time %d %.8x\n", z - a, h); +} + +/* check that every input bit changes every output bit half the time */ +#define HASHSTATE 1 +#define HASHLEN 1 +#define MAXPAIR 60 +#define MAXLEN 70 +void +driver2() +{ + uint8_t qa[MAXLEN + 1], qb[MAXLEN + 2], *a = &qa[0], *b = &qb[1]; + uint32_t c[HASHSTATE], d[HASHSTATE], i = 0, j = 0, k, l, m = 0, z; + uint32_t e[HASHSTATE], f[HASHSTATE], g[HASHSTATE], h[HASHSTATE]; + uint32_t x[HASHSTATE], y[HASHSTATE]; + uint32_t hlen; + + printf("No more than %d trials should ever be needed \n", MAXPAIR / 2); + for (hlen = 0; hlen < MAXLEN; ++hlen) { + z = 0; + for (i = 0; i < hlen; ++i) { +/*----------------------- for each input byte, */ + for (j = 0; j < 8; ++j) { +/*------------------------ for each input bit, */ + for (m = 1; m < 8; ++m) { +/*------------ for serveral possible initvals, */ + for (l = 0; l < HASHSTATE; ++l) + e[l] = f[l] = g[l] = h[l] = x[l] = y[l] = ~((uint32_t) 0); + + /*---- check that every output bit is affected by that input bit */ + for (k = 0; k < MAXPAIR; k += 2) { + uint32_t finished = 1; + /* keys have one bit different */ + for (l = 0; l < hlen + 1; ++l) { + a[l] = b[l] = (uint8_t) 0; + } + /* have a and b be two keys differing in only one bit */ + a[i] ^= (k << j); + a[i] ^= (k >> (8 - j)); + c[0] = hashlittle(a, hlen, m); + b[i] ^= ((k + 1) << j); + b[i] ^= ((k + 1) >> (8 - j)); + d[0] = hashlittle(b, hlen, m); + /* check every bit is 1, 0, set, and not set at least once */ + for (l = 0; l < HASHSTATE; ++l) { + e[l] &= (c[l] ^ d[l]); + f[l] &= ~(c[l] ^ d[l]); + g[l] &= c[l]; + h[l] &= ~c[l]; + x[l] &= d[l]; + y[l] &= ~d[l]; + if (e[l] | f[l] | g[l] | h[l] | x[l] | y[l]) + finished = 0; + } + if (finished) + break; + } + if (k > z) + z = k; + if (k == MAXPAIR) { + printf("Some bit didn't change: "); + printf("%.8x %.8x %.8x %.8x %.8x %.8x ", e[0], f[0], g[0], h[0], x[0], y[0]); + printf("i %d j %d m %d len %d\n", i, j, m, hlen); + } + if (z == MAXPAIR) + goto done; + } + } + } + done: + if (z < MAXPAIR) { + printf("Mix success %2d bytes %2d initvals ", i, m); + printf("required %d trials\n", z / 2); + } + } + printf("\n"); +} + +/* Check for reading beyond the end of the buffer and alignment problems */ +void +driver3() +{ + uint8_t buf[MAXLEN + 20], *b; + uint32_t len; + uint8_t q[] = "This is the time for all good men to come to the aid of their country..."; + uint32_t h; + uint8_t qq[] = "xThis is the time for all good men to come to the aid of their country..."; + uint32_t i; + uint8_t qqq[] = "xxThis is the time for all good men to come to the aid of their country..."; + uint32_t j; + uint8_t qqqq[] = "xxxThis is the time for all good men to come to the aid of their country..."; + uint32_t ref, x, y; + uint8_t *p; + + printf("Endianness. These lines should all be the same (for values filled in):\n"); + printf("%.8x %.8x %.8x\n", + hashword((const uint32_t *) q, (sizeof(q) - 1) / 4, 13), + hashword((const uint32_t *) q, (sizeof(q) - 5) / 4, 13), + hashword((const uint32_t *) q, (sizeof(q) - 9) / 4, 13)); + p = q; + printf("%.8x %.8x %.8x %.8x %.8x %.8x %.8x %.8x %.8x %.8x %.8x %.8x\n", + hashlittle(p, sizeof(q) - 1, 13), hashlittle(p, sizeof(q) - 2, 13), + hashlittle(p, sizeof(q) - 3, 13), hashlittle(p, sizeof(q) - 4, 13), + hashlittle(p, sizeof(q) - 5, 13), hashlittle(p, sizeof(q) - 6, 13), + hashlittle(p, sizeof(q) - 7, 13), hashlittle(p, sizeof(q) - 8, 13), + hashlittle(p, sizeof(q) - 9, 13), hashlittle(p, sizeof(q) - 10, 13), + hashlittle(p, sizeof(q) - 11, 13), hashlittle(p, sizeof(q) - 12, 13)); + p = &qq[1]; + printf("%.8x %.8x %.8x %.8x %.8x %.8x %.8x %.8x %.8x %.8x %.8x %.8x\n", + hashlittle(p, sizeof(q) - 1, 13), hashlittle(p, sizeof(q) - 2, 13), + hashlittle(p, sizeof(q) - 3, 13), hashlittle(p, sizeof(q) - 4, 13), + hashlittle(p, sizeof(q) - 5, 13), hashlittle(p, sizeof(q) - 6, 13), + hashlittle(p, sizeof(q) - 7, 13), hashlittle(p, sizeof(q) - 8, 13), + hashlittle(p, sizeof(q) - 9, 13), hashlittle(p, sizeof(q) - 10, 13), + hashlittle(p, sizeof(q) - 11, 13), hashlittle(p, sizeof(q) - 12, 13)); + p = &qqq[2]; + printf("%.8x %.8x %.8x %.8x %.8x %.8x %.8x %.8x %.8x %.8x %.8x %.8x\n", + hashlittle(p, sizeof(q) - 1, 13), hashlittle(p, sizeof(q) - 2, 13), + hashlittle(p, sizeof(q) - 3, 13), hashlittle(p, sizeof(q) - 4, 13), + hashlittle(p, sizeof(q) - 5, 13), hashlittle(p, sizeof(q) - 6, 13), + hashlittle(p, sizeof(q) - 7, 13), hashlittle(p, sizeof(q) - 8, 13), + hashlittle(p, sizeof(q) - 9, 13), hashlittle(p, sizeof(q) - 10, 13), + hashlittle(p, sizeof(q) - 11, 13), hashlittle(p, sizeof(q) - 12, 13)); + p = &qqqq[3]; + printf("%.8x %.8x %.8x %.8x %.8x %.8x %.8x %.8x %.8x %.8x %.8x %.8x\n", + hashlittle(p, sizeof(q) - 1, 13), hashlittle(p, sizeof(q) - 2, 13), + hashlittle(p, sizeof(q) - 3, 13), hashlittle(p, sizeof(q) - 4, 13), + hashlittle(p, sizeof(q) - 5, 13), hashlittle(p, sizeof(q) - 6, 13), + hashlittle(p, sizeof(q) - 7, 13), hashlittle(p, sizeof(q) - 8, 13), + hashlittle(p, sizeof(q) - 9, 13), hashlittle(p, sizeof(q) - 10, 13), + hashlittle(p, sizeof(q) - 11, 13), hashlittle(p, sizeof(q) - 12, 13)); + printf("\n"); + + /* check that hashlittle2 and hashlittle produce the same results */ + i = 47; + j = 0; + hashlittle2(q, sizeof(q), &i, &j); + if (hashlittle(q, sizeof(q), 47) != i) + printf("hashlittle2 and hashlittle mismatch\n"); + + /* check that hashword2 and hashword produce the same results */ + len = 0xdeadbeef; + i = 47, j = 0; + hashword2(&len, 1, &i, &j); + if (hashword(&len, 1, 47) != i) + printf("hashword2 and hashword mismatch %x %x\n", i, hashword(&len, 1, 47)); + + /* check hashlittle doesn't read before or after the ends of the string */ + for (h = 0, b = buf + 1; h < 8; ++h, ++b) { + for (i = 0; i < MAXLEN; ++i) { + len = i; + for (j = 0; j < i; ++j) + *(b + j) = 0; + + /* these should all be equal */ + ref = hashlittle(b, len, (uint32_t) 1); + *(b + i) = (uint8_t) ~ 0; + *(b - 1) = (uint8_t) ~ 0; + x = hashlittle(b, len, (uint32_t) 1); + y = hashlittle(b, len, (uint32_t) 1); + if ((ref != x) || (ref != y)) { + printf("alignment error: %.8x %.8x %.8x %d %d\n", ref, x, y, h, i); + } + } + } +} + +/* check for problems with nulls */ +void +driver4() +{ + uint8_t buf[1]; + uint32_t h, i, state[HASHSTATE]; + + + buf[0] = ~0; + for (i = 0; i < HASHSTATE; ++i) + state[i] = 1; + printf("These should all be different\n"); + for (i = 0, h = 0; i < 8; ++i) { + h = hashlittle(buf, 0, h); + printf("%2d 0-byte strings, hash is %.8x\n", i, h); + } +} + + +int +main() +{ + driver1(); /* test that the key is hashed: used for timings */ + driver2(); /* test that whole key is hashed thoroughly */ + driver3(); /* test that nothing but the key is hashed */ + driver4(); /* test hashing multiple buffers (all buffers are null) */ + return 1; +} + +#endif /* SELF_TEST */ diff --git a/src/hashtbl.h b/src/hashtbl.h index 6243b09c..d049ca56 100644 --- a/src/hashtbl.h +++ b/src/hashtbl.h @@ -67,4 +67,13 @@ void hash_remove(const void* key, hashtbl* tbl); void hash_free(hashtbl* tbl); void hash_destroy(hashtbl* tbl); +/* + * found in lookup3.c + */ +#include +#include +extern uint32_t hashlittle(const void* key, size_t length, uint32_t initval); +extern uint32_t hashbig(const void* key, size_t length, uint32_t initval); +extern uint32_t hashword(const uint32_t* k, size_t length, uint32_t initval); + #endif // __dnscap_hashtbl_h diff --git a/src/iaddr.c b/src/iaddr.c index 43f0b8fe..bbe47be5 100644 --- a/src/iaddr.c +++ b/src/iaddr.c @@ -66,3 +66,16 @@ int ia_equal(iaddr x, iaddr y) } return FALSE; } + +int ia_equalp(iaddr* x, iaddr* y) +{ + if (x->af != y->af) + return FALSE; + switch (x->af) { + case AF_INET: + return (x->u.a4.s_addr == y->u.a4.s_addr); + case AF_INET6: + return (memcmp(&x->u.a6.s6_addr, &y->u.a6.s6_addr, sizeof(x->u.a6.s6_addr)) == 0); + } + return FALSE; +} diff --git a/src/iaddr.h b/src/iaddr.h index ea270499..452ca146 100644 --- a/src/iaddr.h +++ b/src/iaddr.h @@ -39,5 +39,6 @@ const char* ia_str(iaddr ia); int ia_equal(iaddr x, iaddr y); +int ia_equalp(iaddr* x, iaddr* y); #endif /* __dnscap_iaddr_h */ diff --git a/src/network.c b/src/network.c index 0fa78c8a..9fc1f003 100644 --- a/src/network.c +++ b/src/network.c @@ -730,14 +730,7 @@ void network_pkt2(const char* descr, my_bpftimeval ts, const pcap_thread_packet_ _curr_tcpstate = 0; /* End of stream; deallocate the tcpstate. */ - if (tcpstate) { - UNLINK(tcpstates, tcpstate, link); - if (tcpstate->reasm) { - tcpreasm_free(tcpstate->reasm); - } - free(tcpstate); - tcpstate_count--; - } + tcpstate_free(tcpstate); return; } if (packet->tcphdr.th_flags & TH_SYN) { @@ -1314,14 +1307,7 @@ void network_pkt(const char* descr, my_bpftimeval ts, unsigned pf, pkt_copy, olen, NULL, 0); _curr_tcpstate = 0; /* End of stream; deallocate the tcpstate. */ - if (tcpstate) { - UNLINK(tcpstates, tcpstate, link); - if (tcpstate->reasm) { - tcpreasm_free(tcpstate->reasm); - } - free(tcpstate); - tcpstate_count--; - } + tcpstate_free(tcpstate); goto network_pkt_end; } if (tcp->th_flags & TH_SYN) { diff --git a/src/tcpstate.c b/src/tcpstate.c index 5bc38405..b11c7012 100644 --- a/src/tcpstate.c +++ b/src/tcpstate.c @@ -38,11 +38,18 @@ #include "iaddr.h" #include "log.h" #include "tcpreasm.h" +#include "hashtbl.h" + +#ifndef s6_addr32 +#define s6_addr32 __u6_addr.__u6_addr32 +#endif #define MAX_TCP_IDLE_TIME 600 #define MAX_TCP_IDLE_COUNT 4096 #define TCP_GC_TIME 60 +static hashtbl* _hash = 0; + tcpstate_ptr tcpstate_find(iaddr from, iaddr to, unsigned sport, unsigned dport, time_t t) { static time_t next_gc = 0; @@ -59,12 +66,15 @@ tcpstate_ptr tcpstate_find(iaddr from, iaddr to, unsigned sport, unsigned dport, } #endif - for (tcpstate = HEAD(tcpstates); - tcpstate != NULL; - tcpstate = NEXT(tcpstate, link)) { - if (ia_equal(tcpstate->saddr, from) && ia_equal(tcpstate->daddr, to) && tcpstate->sport == sport && tcpstate->dport == dport) - break; - } + tcpstate_key key = { + .saddr = &from, + .daddr = &to, + .sport = sport, + .dport = dport + }; + + tcpstate = hash_find(&key, _hash); + if (tcpstate != NULL) { tcpstate->last_use = t; if (tcpstate != HEAD(tcpstates)) { @@ -77,10 +87,47 @@ tcpstate_ptr tcpstate_find(iaddr from, iaddr to, unsigned sport, unsigned dport, return tcpstate; } +unsigned int tcpstate_hash(const tcpstate_key* key) +{ + uint32_t h = 0; + + switch (key->saddr->af) { + case AF_INET: + h = hashword(&key->saddr->u.a4.s_addr, 1, h); + break; + case AF_INET6: + h = hashword(key->saddr->u.a6.s6_addr32, 4, h); + break; + } + + switch (key->daddr->af) { + case AF_INET: + h = hashword(&key->daddr->u.a4.s_addr, 1, h); + break; + case AF_INET6: + h = hashword(key->daddr->u.a6.s6_addr32, 4, h); + break; + } + + uint32_t p = (key->sport << 16) | (key->dport & 0xffff); + return hashword(&p, 1, h); +} + +int tcpstate_cmp(const tcpstate_key* a, const tcpstate_key* b) +{ + if (ia_equalp(a->saddr, b->saddr) && ia_equalp(a->daddr, b->daddr) && a->sport == b->sport && a->dport == b->dport) + return 0; + return 1; +} + tcpstate_ptr _curr_tcpstate = 0; tcpstate_ptr tcpstate_new(iaddr from, iaddr to, unsigned sport, unsigned dport) { + if (!_hash) { + _hash = hash_create(65535, (hashkey_func)tcpstate_hash, (hashkeycmp_func)tcpstate_cmp, 0); + assert(_hash); + } tcpstate_ptr tcpstate = calloc(1, sizeof *tcpstate); if (tcpstate == NULL) { /* Out of memory; recycle the least recently used */ @@ -95,6 +142,7 @@ tcpstate_ptr tcpstate_new(iaddr from, iaddr to, unsigned sport, unsigned dport) if (_curr_tcpstate == tcpstate) { _curr_tcpstate = 0; } + hash_remove(&tcpstate->key, _hash); memset(tcpstate, 0, sizeof(*tcpstate)); } else { tcpstate_count++; @@ -105,6 +153,13 @@ tcpstate_ptr tcpstate_new(iaddr from, iaddr to, unsigned sport, unsigned dport) tcpstate->dport = dport; INIT_LINK(tcpstate, link); PREPEND(tcpstates, tcpstate, link); + + tcpstate->key.saddr = &tcpstate->saddr; + tcpstate->key.daddr = &tcpstate->daddr; + tcpstate->key.sport = sport; + tcpstate->key.dport = dport; + hash_add(&tcpstate->key, tcpstate, _hash); + return tcpstate; } @@ -124,6 +179,7 @@ void tcpstate_discard(tcpstate_ptr tcpstate, const char* msg) if (tcpstate->reasm) { tcpreasm_free(tcpstate->reasm); } + hash_remove(&tcpstate->key, _hash); free(tcpstate); if (_curr_tcpstate == tcpstate) { _curr_tcpstate = 0; @@ -149,3 +205,19 @@ void tcpstate_reset(tcpstate_ptr tcpstate, const char* msg) } } } + +void tcpstate_free(tcpstate_ptr tcpstate) +{ + if (tcpstate) { + UNLINK(tcpstates, tcpstate, link); + if (tcpstate->reasm) { + tcpreasm_free(tcpstate->reasm); + } + hash_remove(&tcpstate->key, _hash); + free(tcpstate); + if (_curr_tcpstate == tcpstate) { + _curr_tcpstate = 0; + } + tcpstate_count--; + } +} \ No newline at end of file diff --git a/src/tcpstate.h b/src/tcpstate.h index 1191f9d0..2f77ddbe 100644 --- a/src/tcpstate.h +++ b/src/tcpstate.h @@ -42,5 +42,6 @@ tcpstate_ptr tcpstate_new(iaddr from, iaddr to, unsigned sport, unsigned dport); void tcpstate_discard(tcpstate_ptr tcpstate, const char* msg); tcpstate_ptr tcpstate_getcurr(void); void tcpstate_reset(tcpstate_ptr tcpstate, const char* msg); +void tcpstate_free(tcpstate_ptr tcpstate); #endif /* __dnscap_tcpstate_h */ From e8feed0a6a236ab53c974c563d67685ecf93084d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jerry=20Lundstr=C3=B6m?= Date: Wed, 23 Aug 2023 14:02:04 +0200 Subject: [PATCH 7/7] Release 2.2.0 --- CHANGES | 24 ++++++++++++++++++++++++ configure.ac | 2 +- debian/changelog | 26 ++++++++++++++++++++++++++ rpm/dnscap.spec | 21 ++++++++++++++++++++- 4 files changed, 71 insertions(+), 2 deletions(-) diff --git a/CHANGES b/CHANGES index cf773e40..72e63a9a 100644 --- a/CHANGES +++ b/CHANGES @@ -1,3 +1,27 @@ +2023-08-23 Jerry Lundström + + Release 2.2.0 + + This release adds anonymization of EDNS Client Subnet to all + anonymizer plugins and improves TCP state handling by adding a hash + table for lookup rather than walking a list. + + Plugins that anonymize can now take two new options: + - `-e`: also anonymize EDNS Client Subnet + - `-E`: only anonymize EDNS Client Subnet + + Other changes: + - Cleanup and improvements to building and testing + - Mention PowerTools repository for building on CentOS etc + - Remove old workarounds in tests before #133 + + d4e0b2c TCP state hash table + 1ea8d3f Doc + 12ea061 EDNS Client Subnet anonymization + c9ed7be pcap-dist + b76f745 Cleanup + 7682d41 hashtbl + 2023-06-27 Jerry Lundström Release 2.1.3 diff --git a/configure.ac b/configure.ac index 4abdce81..dbfcaa36 100644 --- a/configure.ac +++ b/configure.ac @@ -33,7 +33,7 @@ # POSSIBILITY OF SUCH DAMAGE. AC_PREREQ(2.61) -AC_INIT([dnscap], [2.1.3], [dnscap-users@dns-oarc.net], [dnscap], [https://github.com/DNS-OARC/dnscap/issues]) +AC_INIT([dnscap], [2.2.0], [dnscap-users@dns-oarc.net], [dnscap], [https://github.com/DNS-OARC/dnscap/issues]) AM_INIT_AUTOMAKE([-Wall -Werror foreign subdir-objects]) AC_CONFIG_SRCDIR([src/dnscap.c]) AC_CONFIG_HEADER([src/config.h]) diff --git a/debian/changelog b/debian/changelog index c0f86d8b..0e8a4e1b 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,29 @@ +dnscap (2.2.0-1~unstable+1) unstable; urgency=low + + * Release 2.2.0 + + This release adds anonymization of EDNS Client Subnet to all + anonymizer plugins and improves TCP state handling by adding a hash + table for lookup rather than walking a list. + + Plugins that anonymize can now take two new options: + - `-e`: also anonymize EDNS Client Subnet + - `-E`: only anonymize EDNS Client Subnet + + Other changes: + - Cleanup and improvements to building and testing + - Mention PowerTools repository for building on CentOS etc + - Remove old workarounds in tests before #133 + + d4e0b2c TCP state hash table + 1ea8d3f Doc + 12ea061 EDNS Client Subnet anonymization + c9ed7be pcap-dist + b76f745 Cleanup + 7682d41 hashtbl + + -- Jerry Lundström Wed, 23 Aug 2023 13:59:21 +0200 + dnscap (2.1.3-1~unstable+1) unstable; urgency=low * Release 2.1.3 diff --git a/rpm/dnscap.spec b/rpm/dnscap.spec index 51d86aad..6ae430b6 100644 --- a/rpm/dnscap.spec +++ b/rpm/dnscap.spec @@ -1,5 +1,5 @@ Name: dnscap -Version: 2.1.3 +Version: 2.2.0 Release: 1%{?dist} Summary: Network capture utility designed specifically for DNS traffic Group: Productivity/Networking/DNS/Utilities @@ -60,6 +60,25 @@ rm -rf $RPM_BUILD_ROOT %changelog +* Wed Aug 23 2023 Jerry Lundström 2.2.0-1 +- Release 2.2.0 + * This release adds anonymization of EDNS Client Subnet to all + anonymizer plugins and improves TCP state handling by adding a hash + table for lookup rather than walking a list. + * Plugins that anonymize can now take two new options: + - `-e`: also anonymize EDNS Client Subnet + - `-E`: only anonymize EDNS Client Subnet + * Other changes: + - Cleanup and improvements to building and testing + - Mention PowerTools repository for building on CentOS etc + - Remove old workarounds in tests before #133 + * Commits: + d4e0b2c TCP state hash table + 1ea8d3f Doc + 12ea061 EDNS Client Subnet anonymization + c9ed7be pcap-dist + b76f745 Cleanup + 7682d41 hashtbl * Tue Jun 27 2023 Jerry Lundström 2.1.3-1 - Release 2.1.3 * This release fixes a memory leak when using pattern matching options