diff --git a/src/config_hooks.c b/src/config_hooks.c index 8384af00..8b1b8b1f 100644 --- a/src/config_hooks.c +++ b/src/config_hooks.c @@ -430,3 +430,16 @@ void set_drop_ip_fragments(void) drop_ip_fragments = 1; } + +int set_dns_port(const char* s) +{ + int port; + dsyslogf(LOG_INFO, "dns_port %s", s); + port = atoi(s); + if (port < 0 || port > 65535) { + dsyslog(LOG_ERR, "invalid dns_port"); + return 0; + } + port53 = port; + return 1; +} diff --git a/src/config_hooks.h b/src/config_hooks.h index b83c0099..cbb440f1 100644 --- a/src/config_hooks.h +++ b/src/config_hooks.h @@ -62,5 +62,6 @@ int set_pcap_buffer_size(const char* s); void set_no_wait_interval(void); int set_pt_timeout(const char* s); void set_drop_ip_fragments(void); +int set_dns_port(const char* s); #endif /* __dsc_config_hooks_h */ diff --git a/src/dsc.conf.5.in b/src/dsc.conf.5.in index e2de2934..9e7941c1 100644 --- a/src/dsc.conf.5.in +++ b/src/dsc.conf.5.in @@ -103,6 +103,11 @@ makes only one pass through the configuration file and the BPF filter is set when the interface is initialized. .TP +\fBdns_port\fR NUMBER ; +.I dsc +will only parse traffic coming to or leaving the DNS port (default 53), +this option lets you control which port that is in case it's not standard. +.TP \fBpcap_buffer_size\fR NUMBER ; Set the buffer size (in bytes) for pcap, increasing this may help if you see dropped packets by the kernel but increasing it too much @@ -802,6 +807,7 @@ pid_file "/run/dsc.pid"; # #bpf_program "udp dst port 53 and udp[10:2] & 0x8000 = 0"; +#dns_port 53; #pcap_buffer_size 4194304; #pcap_thread_timeout 100; #drop_ip_fragments; diff --git a/src/dsc.conf.sample.in b/src/dsc.conf.sample.in index c2113e96..36d1cf03 100644 --- a/src/dsc.conf.sample.in +++ b/src/dsc.conf.sample.in @@ -46,6 +46,12 @@ pid_file "@DSC_PID_FILE@"; # use this to see only DNS *queries* #bpf_program "udp dst port 53 and udp[10:2] & 0x8000 = 0"; +# dns_port +# +# DSC will only parse traffic coming to or leaving the DNS port (default 53), +# this option lets you control which port that is in case it's not standard. +#dns_port 53; + # pcap_buffer_size # # Set the buffer size (in bytes) for pcap, increasing this may help diff --git a/src/parse_conf.c b/src/parse_conf.c index fb7b2d89..6f4593e6 100644 --- a/src/parse_conf.c +++ b/src/parse_conf.c @@ -680,6 +680,21 @@ int parse_conf_client_v6_mask(const conf_token_t* tokens) return ret == 1 ? 0 : 1; } +int parse_conf_dns_port(const conf_token_t* tokens) +{ + char* dns_port = strndup(tokens[1].token, tokens[1].length); + int ret; + + if (!dns_port) { + errno = ENOMEM; + return -1; + } + + ret = set_dns_port(dns_port); + free(dns_port); + return ret == 1 ? 0 : 1; +} + static conf_token_syntax_t _syntax[] = { { "interface", parse_conf_interface, @@ -762,6 +777,9 @@ static conf_token_syntax_t _syntax[] = { { "maxminddb_country", parse_conf_maxminddb_country, { TOKEN_STRING, TOKEN_END } }, + { "dns_port", + parse_conf_dns_port, + { TOKEN_NUMBER, TOKEN_END } }, { 0, 0, { TOKEN_END } } }; diff --git a/src/pcap.c b/src/pcap.c index d71239db..a1109fde 100644 --- a/src/pcap.c +++ b/src/pcap.c @@ -104,8 +104,8 @@ struct _interface { #define MAX_N_INTERFACES 10 static int n_interfaces = 0; static struct _interface* interfaces = NULL; -static unsigned short port53; -pcap_thread_t pcap_thread = PCAP_THREAD_T_INIT; +unsigned short port53 = 53; +pcap_thread_t pcap_thread = PCAP_THREAD_T_INIT; int n_pcap_offline = 0; /* global so daemon.c can use it */ char* bpf_program_str = NULL; @@ -836,7 +836,6 @@ void Pcap_init(const char* device, int promisc, int monitor, int immediate, int i = &interfaces[n_interfaces]; i->device = strdup(device); - port53 = 53; last_ts.tv_sec = last_ts.tv_usec = 0; finish_ts.tv_sec = finish_ts.tv_usec = 0; diff --git a/src/pcap.h b/src/pcap.h index e13c3e57..fe80137d 100644 --- a/src/pcap.h +++ b/src/pcap.h @@ -42,6 +42,7 @@ #include extern struct timeval last_ts; +extern unsigned short port53; void Pcap_init(const char* device, int promisc, int monitor, int immediate, int threads, int buffer_size); int Pcap_run();