[Yeti DNS Discuss] dnscap losing packets?
paul at redbarn.org
Wed Jun 17 14:07:07 UTC 2015
Stephane Bortzmeyer wrote:
> On Tue, Jun 16, 2015 at 11:17:08AM +0000,
> Shane Kerr <shane at biigroup.cn> wrote
> a message of 48 lines which said:
>> What would be interesting to me is to see if you get the same
>> results if you copy the filter rule to tcpdump:
> Cute idea but it failed.
i think it succeeded. you've got a test case for an obvious bug. would
you mind trying this in a pure ipv4 environment and letting us know if
this bug is ipv6-only?
also, the github.com/verisign version is open source, so if you develop
a fix for this bug before i do, i'll help you get it committed.
> % sudo dnscap -1 -g -m qun -i eth1 -6 -T -ddd -f
> [sudo] password for stephane:
> dnscap: version V1.0-OARC-r%d (%s)
> dnscap: msg QUN, side IR, hide .., err NYtfsxir, t 0, c 0
> dnscap: "( ( ip[6:2] & 0x1fff != 0 or ip6 = 44 ) or ( ( ( tcp port 53 ) or ( udp port 53) ) ) )"
>  2015-06-17 12:09:45.060136 [#5 eth1 0] \
> [2001:4b98:dc2:45:216:3eff:fe4b:8c5b].53 [2001:67c:1348:7::86:133].52653 \
> dns QUERY,NOERROR,3298,qr|rd \
> 1 va,IN,NS 0 \
> 8 va,IN,NS,172800,va.cctld.authdns.ripe.net \
> va,IN,NS,172800,dns.nic.it \
> va,IN,NS,172800,john.vatican.va \
> va,IN,NS,172800,seth.namex.it \
> va,IN,NS,172800,osiris.namex.it \
> va,IN,NS,172800,michael.vatican.va \
> va,IN,47,86400, \
> va,IN,46,86400, \
> 13 va.cctld.authdns.ripe.net,IN,A,172800,188.8.131.52 \
> dns.nic.it,IN,A,172800,184.108.40.206 \
> john.vatican.va,IN,A,172800,220.127.116.11 \
> [Only the answer]
> % sudo tcpdump -i eth1 -n '( ( ip[6:2] & 0x1fff != 0 or ip6 = 44 ) or ( ( ( tcp port 53 ) or ( udp port 53) ) ) )'
> 12:09:45.059867 IP6 2001:67c:1348:7::86:133.52653 > 2001:4b98:dc2:45:216:3eff:fe4b:8c5b.53: 3298+ [1au] NS? va. (31)
> 12:09:45.060136 IP6 2001:4b98:dc2:45:216:3eff:fe4b:8c5b.53 > 2001:67c:1348:7::86:133.52653: 3298- 0/8/13 (643)
> [Answer and query]
> discuss mailing list
> discuss at lists.yeti-dns.org
More information about the discuss