DNS port

- Add conf `dns_port` to control the DNS port

src/config_hooks.c

@@ -430,3 +430,16 @@ void set_drop_ip_fragments(void)
 
     drop_ip_fragments = 1;
 }
+
+int set_dns_port(const char* s)
+{
+    int port;
+    dsyslogf(LOG_INFO, "dns_port %s", s);
+    port = atoi(s);
+    if (port < 0 || port > 65535) {
+        dsyslog(LOG_ERR, "invalid dns_port");
+        return 0;
+    }
+    port53 = port;
+    return 1;
+}

src/config_hooks.h

@@ -62,5 +62,6 @@ int set_pcap_buffer_size(const char* s);
 void set_no_wait_interval(void);
 int set_pt_timeout(const char* s);
 void set_drop_ip_fragments(void);
+int set_dns_port(const char* s);
 
 #endif /* __dsc_config_hooks_h */

src/dsc.conf.5.in

@@ -103,6 +103,11 @@ makes only one pass through
 the configuration file and the BPF filter is set when the
 interface is initialized.
 .TP
+\fBdns_port\fR NUMBER ;
+.I dsc
+will only parse traffic coming to or leaving the DNS port (default 53),
+this option lets you control which port that is in case it's not standard.
+.TP
 \fBpcap_buffer_size\fR NUMBER ;
 Set the buffer size (in bytes) for pcap, increasing this may help
 if you see dropped packets by the kernel but increasing it too much
@@ -802,6 +807,7 @@ pid_file "/run/dsc.pid";
 #
 #bpf_program "udp dst port 53 and udp[10:2] & 0x8000 = 0";
 
+#dns_port 53;
 #pcap_buffer_size 4194304;
 #pcap_thread_timeout 100;
 #drop_ip_fragments;

src/dsc.conf.sample.in

@@ -46,6 +46,12 @@ pid_file "@DSC_PID_FILE@";
 #  use this to see only DNS *queries*
 #bpf_program "udp dst port 53 and udp[10:2] & 0x8000 = 0";
 
+# dns_port
+#
+#  DSC will only parse traffic coming to or leaving the DNS port (default 53),
+#  this option lets you control which port that is in case it's not standard.
+#dns_port 53;
+
 # pcap_buffer_size
 #
 #  Set the buffer size (in bytes) for pcap, increasing this may help

src/parse_conf.c

@@ -680,6 +680,21 @@ int parse_conf_client_v6_mask(const conf_token_t* tokens)
     return ret == 1 ? 0 : 1;
 }
 
+int parse_conf_dns_port(const conf_token_t* tokens)
+{
+    char* dns_port = strndup(tokens[1].token, tokens[1].length);
+    int   ret;
+
+    if (!dns_port) {
+        errno = ENOMEM;
+        return -1;
+    }
+
+    ret = set_dns_port(dns_port);
+    free(dns_port);
+    return ret == 1 ? 0 : 1;
+}
+
 static conf_token_syntax_t _syntax[] = {
     { "interface",
         parse_conf_interface,
@@ -762,6 +777,9 @@ static conf_token_syntax_t _syntax[] = {
     { "maxminddb_country",
         parse_conf_maxminddb_country,
         { TOKEN_STRING, TOKEN_END } },
+    { "dns_port",
+        parse_conf_dns_port,
+        { TOKEN_NUMBER, TOKEN_END } },
 
     { 0, 0, { TOKEN_END } }
 };

src/pcap.c

@@ -104,8 +104,8 @@ struct _interface {
 #define MAX_N_INTERFACES 10
 static int                n_interfaces = 0;
 static struct _interface* interfaces   = NULL;
-static unsigned short     port53;
-pcap_thread_t             pcap_thread = PCAP_THREAD_T_INIT;
+unsigned short            port53       = 53;
+pcap_thread_t             pcap_thread  = PCAP_THREAD_T_INIT;
 
 int   n_pcap_offline                 = 0; /* global so daemon.c can use it */
 char* bpf_program_str                = NULL;
@@ -836,7 +836,6 @@ void Pcap_init(const char* device, int promisc, int monitor, int immediate, int
     i         = &interfaces[n_interfaces];
     i->device = strdup(device);
 
-    port53         = 53;
     last_ts.tv_sec = last_ts.tv_usec = 0;
     finish_ts.tv_sec = finish_ts.tv_usec = 0;
 

src/pcap.h

@@ -42,6 +42,7 @@
 #include <stdio.h>
 
 extern struct timeval last_ts;
+extern unsigned short port53;
 
 void Pcap_init(const char* device, int promisc, int monitor, int immediate, int threads, int buffer_size);
 int  Pcap_run();