Load /tmp/tmp.kfssgS9918/dns-flood-detector-1.12 into

debian/dns-flood-detector/branches/upstream/current.

Load /tmp/tmp.kfssgS9918/dns-flood-detector-1.12 into
debian/dns-flood-detector/branches/upstream/current.
bbd2ffd6 · waja · 9ec21234 · bbd2ffd6 · bbd2ffd6 · bbd2ffd6
Commit bbd2ffd6 authored Nov 23, 2006 by waja
--- a/README
+++ b/README
-DNS FLood Detector 1.10
+DNS FLood Detector 1.12
 Dennis Opacki
 dopacki@adotout.com

@@ -17,6 +17,9 @@ incoming  dns queries to a nameserver. The tool may be run in one of two
 modes, either  daemon mode or "bindsnap" mode. In daemon mode, the tool 
 will alarm via syslog. In bindsnap mode, the user is able to get 
 near-real-time stats on usage to aid in more detailed troubleshooting. 
+By default, it will count dns queries directed to any address in the same
+network as the primary IP address on the interface being watched; the -A,
+-M, and -Q options can be used to modify this behaviour.

 How do I build it?

@@ -52,22 +55,23 @@ Usage: ./dns_flood_detector [OPTION]
 -w N                   calculate stats every N seconds
 -x N                   create N buckets
 -m N                   mark total query rate every N seconds
+-A addr                filter for specific address
+-M mask                netmask for filter (in conjunction with -A)
+-Q                     don't filter by local interface address
 -b                     run in foreground in bindsnap mode
 -d                     run in background in daemon mode
+-D	               dump dns packets (implies -b)
 -v                     verbose output - use again for more verbosity
 -h                     display this usage information

 Sample Output:

 dopacki:~$ sudo ./dns_flood_detector -v -v -b -t10
-[15:14:56] source [192.168.1.45] - 0 qps tcp : 24 qps udp [8 qps A] [16 
-qps PTR] 
+[15:14:56] source [192.168.1.45] - 0 qps tcp : 24 qps udp [8 qps A] [16 qps PTR] 
 [15:14:56] source [10.0.24.2] - 0 qps tcp : 15 qps udp [15 qps A] 
-[15:15:06] source [192.168.1.45] - 0 qps tcp : 24 qps udp [8 qps A] [16 
-qps PTR] 
+[15:15:06] source [192.168.1.45] - 0 qps tcp : 24 qps udp [8 qps A] [16 qps PTR] 
 [15:15:06] source [10.0.24.2] - 0 qps tcp : 15 qps udp [14 qps A] 
-[15:15:16] source [192.168.1.45] - 0 qps tcp : 23 qps udp [7 qps A] [15 
-qps PTR] 
+[15:15:16] source [192.168.1.45] - 0 qps tcp : 23 qps udp [7 qps A] [15 qps PTR] 

 What if I have questions?  


--- a/dns_flood_detector.c
+++ b/dns_flood_detector.c
--- a/dns_flood_detector.h
+++ b/dns_flood_detector.h
@@ -29,7 +29,7 @@
 #define ETHER_HDRLEN 14
 #endif
 #define NS_MAXDNAME 1025
-#define MAXSYSLOG 128
+#define MAXSYSLOG 192

 // evil Solaris hack
 #ifdef __sun__
@@ -40,7 +40,12 @@ typedef uint32_t u_int32_t;

 // prototypes
 void handle_IP(u_char *args,const struct pcap_pkthdr* pkthdr,const u_char* packet);
-        
+int calculate_averages();
+int scour_bucket(int i);
+int find_bucket(struct in_addr *ip_src);
+int daemonize(void);
+int malloc_fail(char * var, int size);
+
 // data structures
 struct my_dns {
        u_int16_t dns_id;           /* query identification number */
@@ -53,7 +58,7 @@ struct my_dns {
 };
 
 struct bucket {
-        char * ip_addr;
+        struct in_addr ip_addr;
        unsigned int tcp_count;
        unsigned int udp_count;
        unsigned int qps;

--- a/makefiles/Makefile-BSDI
+++ b/makefiles/Makefile-BSDI
@@ -7,5 +7,7 @@ clean:
 	rm -rf dns_flood_detector *.o *~
 install: 
 	cp dns_flood_detector /usr/local/sbin/
+distclean: clean
+	rm Makefile

 dns_flood_detector: dns_flood_detector.c
--- a/makefiles/Makefile-FreeBSD
+++ b/makefiles/Makefile-FreeBSD
@@ -7,5 +7,7 @@ clean:
 	rm -rf dns_flood_detector *.o *~
 install: 
 	cp dns_flood_detector /usr/local/sbin/
+distclean: clean
+	rm Makefile

 dns_flood_detector: dns_flood_detector.c
--- a/makefiles/Makefile-Linux
+++ b/makefiles/Makefile-Linux
-CFLAGS=-O -D_BSD_SOURCE -g
+CFLAGS=-Wall -O -D_BSD_SOURCE -g
 LDLIBS=-lpcap -lpthread -lm

 all: dns_flood_detector
@@ -7,5 +7,7 @@ clean:
 	rm -rf dns_flood_detector *.o *~
 install: 
 	cp dns_flood_detector /usr/local/sbin/
+distclean: clean
+	rm Makefile

 dns_flood_detector: dns_flood_detector.c
--- a/makefiles/Makefile-OSX
+++ b/makefiles/Makefile-OSX
-CFLAGS+=-O -g -I/usr/local/include -I/usr/include
+CFLAGS+=-Wall -O -g -I/usr/local/include -I/usr/include
 LDLIBS=-L/usr/local/lib -lpcap -lpthread -lm

 all: dns_flood_detector
@@ -7,5 +7,7 @@ clean:
 	rm -rf dns_flood_detector *.o *~
 install: 
 	cp dns_flood_detector /usr/local/sbin/
+distclean: clean
+	rm Makefile

 dns_flood_detector: dns_flood_detector.c
--- a/makefiles/Makefile-Solaris
+++ b/makefiles/Makefile-Solaris
@@ -7,5 +7,7 @@ clean:
 	rm -rf dns_flood_detector *.o *~
 install: 
 	cp dns_flood_detector /usr/local/sbin/
+distclean: clean
+	rm Makefile

 dns_flood_detector: dns_flood_detector.c