Release 2.2.1

This patch release fixes the BPF to correct capture ICMPv6, a typo in the filter had it matching "ip" and not "ip6".

Other changes are updates to GitHub workflows and man-pages.

Due to submodules in the repository please download this tarball:
https://www.dns-oarc.net/files/dnscap/dnscap-2.2.1.tar.gz
sha256: 44e4f48693c22c3314d24c0706b3ccabdf0337ebbbf1d7510c45605b3ec734ef

Packages are available at: https://dev.dns-oarc.net/packages/

ea82cd1 Copyright
aa14a9f ICMP BPF filter
6ef17e2 Badges
6722677 Workflow
1cb22f0 Man-page opt, Dumper

Release 2.2.0

This release adds anonymization of EDNS Client Subnet to all anonymizer plugins and improves TCP state handling by adding a hash table for lookup rather than walking a list.

Due to submodules in the repository please download this tarball:
https://www.dns-oarc.net/files/dnscap/dnscap-2.2.0.tar.gz
sha256: 2988a62c9df45aab9cd8d8e61e94f8b284d2b71c40170ea9413980687cf54a73

Packages are available at: https://dev.dns-oarc.net/packages/

Plugins that anonymize can now take two new options:

• -e: also anonymize EDNS Client Subnet
• -E: only anonymize EDNS Client Subnet

Other changes:

• Cleanup and improvements to building and testing
• Mention PowerTools repository for building on CentOS etc
• Remove old workarounds in tests before #133

d4e0b2c TCP state hash table
1ea8d3f Doc
12ea061 EDNS Client Subnet anonymization
c9ed7be pcap-dist
b76f745 Cleanup
7682d41 hashtbl

Release 2.1.3

This release fixes a memory leak when using pattern matching options -x or -X, the LDNS packet was not freed correctly.

The processing of the LDNS packet during matching has also been improved.

Due to submodules in the repository please download this tarball:
https://www.dns-oarc.net/files/dnscap/dnscap-2.1.3.tar.gz
sha256: c8af3be57638061cf04d7574e9f35a9164aa0f46c4624f2d6a07b8778f68320d

Packages are available at: https://dev.dns-oarc.net/packages/

3990795 Test
ee5d554 Pattern match

Release 2.1.2

This release fixes reusing of TCP state during an out-of-memory event, the reused structure was not cleared of old information. And fixes compatibility with OpenSSL v3.0+ due to deprecated functions.

Due to submodules in the repository please download this tarball:
https://www.dns-oarc.net/files/dnscap/dnscap-2.1.2.tar.gz
sha256: 3f16eace70d426141294160725adf29fe3b5aee31947d1f5c68297ff74c23fc9

Packages are available at: https://dev.dns-oarc.net/packages/

756f78a OpenSSL 3.0+
d2bd12f tcpstate on out of memory

Release 2.1.1

This release includes fixes to TCP state code, anonymizing plugins and handling of EDNS extended error code.

Due to submodules in the repository please download this tarball:
https://www.dns-oarc.net/files/dnscap/dnscap-2.1.1.tar.gz
sha256: ab1a3b1d174de4cd6011781fbc056f32a6472f8cdc2d2e482cb63c20bdb6e019

Packages are available at: https://dev.dns-oarc.net/packages/

• Ken Renards @kdrenard (PR #275) fixed handling of EDNS extended error code, the previous code looked at arcount but ldns "consumes" OPT records so the count could be zero even with existing extended error code.

• Changed anonymizing plugins to anonymize both sending and receiving IP address if both used the server port, part of issue #276 reported by Duane Wessels @wessels. This fixes situations where clients weren't anonymize because they sent using that port.

• Fixed multiple issues with garbage collection in TCP state handling. It was reusing a pointer that was meant to return the current TCP state so it could return the wrong state when garbage collection was triggered.
  It also just unlinked stale states and didn't free them, new code uses the discard function so released state is also tagged as "gc stale".
  Lastly the discard function was fixed to clear the current TCP state pointer used by plugins if the discarded state was it.

7f2ddcf Copyright
fd5b744 CodeQL alerts
726d241 TCP state GC
dff421e Anonymize clients
2eb8489 Add CodeQL workflow for GitHub code scanning
c5a0919 Better test for presence of EDNS option with extended error code

Release 2.1.0

This release adds a new option (-o pid_file=<file>) to specify a PID file when running as daemon, corrects handling of LDNS include files for some plugins and updates the Root Server Scaling Measurement (RSSM) plugin w.r.t. the upcoming version 5 of RSSAC002 specifications.

The RSSM plugin can now optionally generate label-count metric. This is enabled with -L and is tagged as rssac002v5-draft until v5 is finalized.
The merge tool dnscap-rssm-rssac002 has also been updated because of this, there is now --skip-unsupported to skip all unsupported RSSAC002 version metrics instead of die()'ing.

Due to submodules in the repository please download this tarball:
https://www.dns-oarc.net/files/dnscap/dnscap-2.1.0.tar.gz
sha256: 7880c30965d0ac71a0b5ac30b7d160029146eb9baf6290452158f1266912cad6

Packages are available at: https://dev.dns-oarc.net/packages/

ca7707d RSSAC002v5 label-count metric
3ebee80 Made label count metric optional
41b029a Adding support for label acount metric
799c3fe Missing includes
7089f12 PID file

Release 2.0.3

Thanks to a patch from Duane Wessels (@wessels) this release fixes an issue with filtering where DNS messages without a question section would bypass it.

Due to submodules in the repository please download this tarball:
https://www.dns-oarc.net/files/dnscap/dnscap-2.0.3.tar.gz
sha256: 7d57ca8c0850867b4d38b4868f7da2c53b1d622f25dfd99ac452c54da3f0704c

Packages are available at: https://dev.dns-oarc.net/packages/

ba2112c Fix COPR
0e019ab Filtering
c7e1c8f Refactor and fix qtype and qname matching/filtering.

Release 2.0.2

Thanks to a patch from Duane Wessels (@wessels) this release fixes memory leaks when using -x/-X regexp filtering due to incorrect usage of LDNS library.

Due to submodules in the repository please download this tarball:
https://www.dns-oarc.net/files/dnscap/dnscap-2.0.2.tar.gz
sha256: 9071edf92b07cd9e1e454fe49b3acc14fa9204d31aaa8744edb4bd60926497c1

Packages are available at: https://dev.dns-oarc.net/packages/

Other minor changes:

• Clarify what happens if you don't specify -i and add information about any and all
• Update debhelper compatibility level to 10

a8925a7 ldns_pkt_all() clones RRs which need to be freed with ldns_rr_list_deep_free()
5104814 Doc
30c36aa debhelper
4ae4356 Bye Travis

Release 2.0.1

Fixed incorrect line break in eventlog's (plugin) output.

Due to submodules in the repository please download this tarball:
https://www.dns-oarc.net/files/dnscap/dnscap-2.0.1.tar.gz
sha256: 1000d26ea24df06391acccd6663d98532225bf08dec738db1610616f0b480350

Packages are available at: https://dev.dns-oarc.net/packages/

5df363c remove trailing newline

Release 2.0.0

This major release contains three backward incompatible changes, two new command line options and a completely restructured man-page(!), please read the change notes carefully before upgrading!

Due to submodules in the repository please download this tarball:
https://www.dns-oarc.net/files/dnscap/dnscap-2.0.0.tar.gz
sha256: 564deb3b7abc5197950bf223bdc9ed7d2a2a04fbadf2f04ed7cd7d57e9d175c7

Packages are available at: https://dev.dns-oarc.net/packages/

The first backward incompatible change has to do with the removal of libbind dependency. This library was causing segfaults on OpenBSD due to shared (and overwritten) symbols with OpenBSD's libc.
It was replaced with LDNS and LDNS renders domain names as Fully Qualified Domain Names (FQDN, the trailing dot!) so every output of a domain name has been changed to a FQDN.
This also changes -X/-x, which will now match against FQDNs.

The second backward incompatible change is that -6 has been removed. This was used to alter the BPF in order to "fix" it, dnscap adds specific filters to IP and UDP headers which does not work for IPv6 traffic.
The generated BPF has been changed to allow IPv6 to always pass, making the option obsolete. IPv6 filtering is then done in dnscap.

The last backward incompatible change has to do with the output format of -g related to EDNS0 and is now more consistent with the rest of the parsable output:

• No more spaces in the output
• Fix incorrect \ and extra empty new-line
• All EDNS0 options are added after edns0[...] using comma separation, example: edns0[],edns0opt[],...
• Client Subnet format: edns0opt[ECS,family=nn,source=nn,scope=nn,addr=...]
• Unknown/unsupported code: edns0opt[code=nn,codelen=nn]
• Parsing error messages have changed, they came from libbind, now comes from LDNS

New options:

• Add -q and -Q to filter on matched/not matched QTYPE

Bugfixes:

• Fix memory leak in EDNS0 ECS address parsing
• network: Fix sonarcloud issues, potential memcpy() of null pointer

Other changes:

• Fix CBOR output inclusion, LDNS is always available now
• Add macros for Apple and Windows endian functions
• Restructure and correct the man-page

557e5f5 man-page
025529f v6bug, interval
37b79e9 FQDN
ebcf434 QTYPE match, args, tests
0cb5562 v6bug
75f6115 Endian
aaeb213 Sonarcloud
8685946 CBOR output
3e26802 Sonarcloud
30aa366 libbind
3f94d0b Mattermost