]>
git.ipfire.org Git - thirdparty/pdns.git/blob - pdns/dnswasher.cc
3 anonymizing and stripping tcpdumps of irrelevant traffic, so operators can send non-privacy violating dumps
8 read a packet, check if it has the recursion desired bit set.
10 If the question has the response bit set, obfuscate the destination IP address
11 otherwise, obfuscate the response IP address
21 #include "namespaces.hh"
22 #include "namespaces.hh"
30 IPObfuscator() : d_romap(d_ipmap
), d_ro6map(d_ip6map
), d_counter(0)
34 uint32_t obf4(uint32_t orig
)
36 if(d_romap
.count(orig
))
39 return d_ipmap
[orig
]=d_counter
++;
43 uint64_t obf6(uint64_t orig
)
45 cout
<<d_counter
<<endl
;
46 if(d_ro6map
.count(orig
))
47 return d_ip6map
[orig
];
49 return d_ip6map
[orig
]=d_counter
++;
54 map
<uint32_t, uint32_t> d_ipmap
;
55 const map
<uint32_t, uint32_t>& d_romap
;
57 map
<uint64_t, uint32_t> d_ip6map
;
58 const map
<uint64_t, uint32_t>& d_ro6map
;
59 // The counter that we'll convert to an IP address
63 int main(int argc
, char** argv
)
67 cerr
<<"Syntax: dnswasher infile outfile\n";
70 PcapPacketReader
pr(argv
[1]);
71 PcapPacketWriter
pw(argv
[2], pr
);
74 while(pr
.getUDPPacket()) {
75 if(ntohs(pr
.d_udp
->uh_dport
)==53 || (ntohs(pr
.d_udp
->uh_sport
)==53 && pr
.d_len
> sizeof(dnsheader
))) {
76 dnsheader
* dh
=(dnsheader
*)pr
.d_payload
;
78 if (pr
.d_ip
->ip_v
== 4){
79 uint32_t *src
=(uint32_t*)&pr
.d_ip
->ip_src
;
80 uint32_t *dst
=(uint32_t*)&pr
.d_ip
->ip_dst
;
83 *dst
=htonl(ipo
.obf4(*dst
));
85 *src
=htonl(ipo
.obf4(*src
));
86 } else if (pr
.d_ip
->ip_v
== 6) {
87 uint64_t *src
=1+(uint64_t*)&pr
.d_ip6
->ip6_src
;
88 uint64_t *dst
=1+(uint64_t*)&pr
.d_ip6
->ip6_dst
;
99 cerr
<<"Saw "<<pr
.d_correctpackets
<<" correct packets, "<<pr
.d_runts
<<" runts, "<< pr
.d_oversized
<<" oversize, "<<
100 pr
.d_nonetheripudp
<<" unknown encaps"<<endl
;
102 catch(std::exception
& e
)
104 cerr
<<"Fatal: "<<e
.what()<<endl
;