[Yeti DNS Discuss] dnscap losing packets?

Paul Vixie paul at redbarn.org
Wed Jun 17 14:07:07 UTC 2015 


Stephane Bortzmeyer wrote:
> On Tue, Jun 16, 2015 at 11:17:08AM +0000,
>  Shane Kerr <shane at biigroup.cn> wrote 
>  a message of 48 lines which said:
>
>> What would be interesting to me is to see if you get the same
>> results if you copy the filter rule to tcpdump:
>
> Cute idea but it failed.

i think it succeeded. you've got a test case for an obvious bug. would
you mind trying this in a pure ipv4 environment and letting us know if
this bug is ipv6-only?

also, the github.com/verisign version is open source, so if you develop
a fix for this bug before i do, i'll help you get it committed.

re:

> % sudo dnscap -1  -g  -m qun  -i eth1 -6 -T -ddd -f
> [sudo] password for stephane: 
> dnscap: version V1.0-OARC-r%d (%s)
> dnscap: msg QUN, side IR, hide .., err NYtfsxir, t 0, c 0
> dnscap: "( ( ip[6:2] & 0x1fff != 0 or ip6[6] = 44 ) or ( ( ( tcp port 53 ) or ( udp port 53) ) ) )"
> ...
> [691] 2015-06-17 12:09:45.060136 [#5 eth1 0] \
>         [2001:4b98:dc2:45:216:3eff:fe4b:8c5b].53 [2001:67c:1348:7::86:133].52653  \
>         dns QUERY,NOERROR,3298,qr|rd \
>         1 va,IN,NS 0 \
>         8 va,IN,NS,172800,va.cctld.authdns.ripe.net \
>         va,IN,NS,172800,dns.nic.it \
>         va,IN,NS,172800,john.vatican.va \
>         va,IN,NS,172800,seth.namex.it \
>         va,IN,NS,172800,osiris.namex.it \
>         va,IN,NS,172800,michael.vatican.va \
>         va,IN,47,86400,[19] \
>         va,IN,46,86400,[147] \
>         13 va.cctld.authdns.ripe.net,IN,A,172800,193.0.9.123 \
>         dns.nic.it,IN,A,172800,192.12.192.5 \
>         john.vatican.va,IN,A,172800,212.77.0.110 \
> ...
>
> [Only the answer]
>
> % sudo tcpdump -i eth1 -n '( ( ip[6:2] & 0x1fff != 0 or ip6[6] = 44 ) or ( ( ( tcp port 53 ) or ( udp port 53) ) ) )'
> ...
> 12:09:45.059867 IP6 2001:67c:1348:7::86:133.52653 > 2001:4b98:dc2:45:216:3eff:fe4b:8c5b.53: 3298+ [1au] NS? va. (31)
> 12:09:45.060136 IP6 2001:4b98:dc2:45:216:3eff:fe4b:8c5b.53 > 2001:67c:1348:7::86:133.52653: 3298- 0/8/13 (643)
>
> [Answer and query]
>
> _______________________________________________
> discuss mailing list
> discuss at lists.yeti-dns.org
> http://lists.yeti-dns.org/mailman/listinfo/discuss

-- 
Paul Vixie

More information about the discuss mailing list