pdns/dnswasher.cc

   1 /** two modes:
   2
   3 anonymizing and stripping tcpdumps of irrelevant traffic, so operators can send non-privacy violating dumps
   4 for analysis.
   5
   6 algorithm:
   7
   8 read a packet, check if it has the recursion desired bit set.
   9
  10 If the question has the response bit set, obfuscate the destination IP address
  11 otherwise, obfuscate the response IP address
  12 */
  13
  14
  15 #ifdef HAVE_CONFIG_H
  16 #include "config.h"
  17 #endif
  18 #include "statbag.hh"
  19 #include "dnspcap.hh"
  20
  21 #include "namespaces.hh"
  22 #include "namespaces.hh"
  23
  24 StatBag S;
  25
  26
  27 class IPObfuscator
  28 {
  29 public:
  30   IPObfuscator() : d_romap(d_ipmap), d_ro6map(d_ip6map), d_counter(0)
  31   {
  32   }
  33
  34   uint32_t obf4(uint32_t orig)
  35   {
  36     if(d_romap.count(orig))
  37       return d_ipmap[orig];
  38     else {
  39       return d_ipmap[orig]=d_counter++;
  40     }
  41   }
  42
  43   uint64_t obf6(uint64_t orig)
  44   {
  45     cout<<d_counter<<endl;
  46     if(d_ro6map.count(orig))
  47       return d_ip6map[orig];
  48     else {
  49       return d_ip6map[orig]=d_counter++;
  50     }
  51   }
  52
  53 private:
  54   map<uint32_t, uint32_t> d_ipmap;
  55   const map<uint32_t, uint32_t>& d_romap;
  56   // For IPv6 addresses
  57   map<uint64_t, uint32_t> d_ip6map;
  58   const map<uint64_t, uint32_t>& d_ro6map;
  59   // The counter that we'll convert to an IP address
  60   uint32_t d_counter;
  61 };
  62
  63 int main(int argc, char** argv)
  64 try
  65 {
  66   if(argc!=3) {
  67     cerr<<"Syntax: dnswasher infile outfile\n";
  68     exit(1);
  69   }
  70   PcapPacketReader pr(argv[1]);
  71   PcapPacketWriter pw(argv[2], pr);
  72   IPObfuscator ipo;
  73
  74   while(pr.getUDPPacket()) {
  75     if(ntohs(pr.d_udp->uh_dport)==53 || (ntohs(pr.d_udp->uh_sport)==53 && pr.d_len > sizeof(dnsheader))) {
  76       dnsheader* dh=(dnsheader*)pr.d_payload;
  77
  78       if (pr.d_ip->ip_v == 4){
  79         uint32_t *src=(uint32_t*)&pr.d_ip->ip_src;
  80         uint32_t *dst=(uint32_t*)&pr.d_ip->ip_dst;
  81
  82         if(dh->qr)
  83           *dst=htonl(ipo.obf4(*dst));
  84         else
  85           *src=htonl(ipo.obf4(*src));
  86       } else if (pr.d_ip->ip_v == 6) {
  87         uint64_t *src=1+(uint64_t*)&pr.d_ip6->ip6_src;
  88         uint64_t *dst=1+(uint64_t*)&pr.d_ip6->ip6_dst;
  89
  90         if(dh->qr)
  91           *dst=ipo.obf6(*dst);
  92         else
  93           *src=ipo.obf6(*src);
  94       }
  95       pr.d_ip->ip_sum=0;
  96       pw.write();
  97     }
  98   }
  99   cerr<<"Saw "<<pr.d_correctpackets<<" correct packets, "<<pr.d_runts<<" runts, "<< pr.d_oversized<<" oversize, "<<
 100     pr.d_nonetheripudp<<" unknown encaps"<<endl;
 101 }
 102 catch(std::exception& e)
 103 {
 104   cerr<<"Fatal: "<<e.what()<<endl;
 105 }