File: CHANGES

package info (click to toggle)
dnstop 20120611-2
  • links: PTS, VCS
  • area: main
  • in suites: bullseye, buster, jessie, jessie-kfreebsd, sid, stretch, wheezy
  • size: 372 kB
  • ctags: 299
  • sloc: ansic: 3,065; sh: 340; makefile: 112
file content (228 lines) | stat: -rw-r--r-- 7,423 bytes parent folder | download
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
2012/06/11 Duane Wessels

    Added "qtype-any" filter for displaying ANY queries which are
    now fashionable in DNS based attacks.

2011/05/02 Duane Wessels

    Anand Buddhev pointed out that LDFLAGS= is missing from Makefile.in.
    Also updated known_tlds.h.

2011/01/27 Duane Wessels

    Fixed some portability bugs (OpenBSD, gmake 3.82) and other
    minor bugs.

    Added a feature (-n option) to restrict counting to a given
    query name.

2011/01/05 Duane Wessels

    Found a fixed a few problems after spending some quality time
    looking at the code.

    1) Hash table performance was terrible and has been improved.
       The hash table size is now configurable via command line
       option.

    2) Some things were double-counted when both -Q and -R were
       given.

    3) Added cumulative percentage totals to the tables

    4) Added -X option to disable the source+queryname tables, which
       could consume a lot of memory.

    5) Imported "inX_addr" mini-library for storing IPv4/IPv6
       addresses.

2010/12/27 Duane Wessels

    Fixed a bug where if stdout was a TTY but stdin was not a TTY,
    then dnstop would enter a loop on keyboard input and consume
    100% CPU.  Now it checks that stdin is a TTY as well.

2009/01/28 Duane Wessels

    Added "refused" filter to show only responses that were refused.

2008/03/21 Duane Wessels

    Added some standard Makefile variables that could be locally
    modified by package maintainers.

    Added -v (version) command line option.

    Updated list of known TLDs.

2008/03/20 Dave Plonka

    Fixed a bug that cause dnstop to Memory fault when processing
    a DNS packet greater than PCAP_SNAPLEN (previously 1460) bytes
    in size.
  
    Raised PCAP_SNAPLEN to 65535 to avoid truncating large DNS
    packets.
  
    Eliminated unnecessary stack buffers and memcpy calls when
    handling packets.

2007/05/10 Duane Wessels

    Replaced unlicensed "SuperFastHash" with public domain
    "lookup3.c" by Bob Jenkins, from
    http://www.burtleburtle.net/bob/c/lookup3.c

2007/03/02 Duane Wessels

    Added Rcode table

2007/02/20 Duane Wessels

    Internal redesign.  Removed the data structures for storing
    1st, 2nd, and 3rd level query name stats and replaced them with
    an array supporting collection of up to 9 domain components.
    Replaced the -2 and -3 command line options with -l N where N
    is a number from 1 to 9.  Higher values of N give more details
    but also use more memory and CPU.

    Rewrote the display code.  Columns are now sized automatically
    depending on the width of the values being displayed, and the
    maximum width of the terminal.

2007/02/20 Duane Wessels

    Bugfix: The combined "sources + queryname" tables were counting
    incorrectly due to the use of in_addr_cmp() in the hash table
    comparison function.  We no longer store IP addresses as struct
    in_addr.  We store them as IPv6 addresses and the comparison function
    always returned 0 for v4 addrs.

2007/02/19 Florian Forster

    Arithmetic on void pointers is not well defined and Solaris
    complains.  Cast to char pointer instead.

2007/02/19 Dirk Jagdmann

    Added USE_IP6 define so that v6-code can be disabled somewhat
    easily.

2007/02/19 Florian Forster

    Portability fixes for IPv6-related code as well as some Solaris
    and Linux quirks.

2007/02/19 Duane Wessels

    Updated rfc1035NameUnpack() and fixed a buffer overflow bug.

2007/02/19 Tom moof Spindler

    There's two more occurences of c99ish "declare local vars in
    the middle of a block".

2007/01/05 Misc Bugfixes

    Some variables were declared in the middle of functions.  GCC
    tolerates this, but other compilers (Solaris) do not.

    Bug in switch statement.  break was before return (Bill Richter).

    Added checks for "__GLIBC__" and "__GNU__" preprocessor symbols
    for Linux compatibility (Petr Salinger).

2006/12/01 Florian Forster and Duane Wessels

    Incorporated Florian's patch to support IPv6.  Both v4 and v6
    addresses are now stored in an in6_addr structure, which means
    increased memory usage.  The old default bpf program ("udp dst
    port 53 and udp[10:2] & 0x8000 = 0") didn't work on IPv6 packets,
    so it is now just "udp port 53".

    Added -Q and -R command line options to select counting of
    queries, replies, or both.  The default is to count only queries.

    Added -4 and -6 command line options to select counting of
    IPv4-addressed messages, IPv6-addressed messages, or both.  The
    default is to count both.

2006/11/21 Duane Wessels

    Changed most of the linked lists to hash tables.  This should
    also result in less CPU usage on busy nameservers.

2006/11/20 John Morrissey

    A patch to use setitimer and SIGALRM for updating the display.
    On busy nameservers this results in less CPU usage because
    the display is updated less often.  The redraw interval can
    be specified with the -r command line option.

2006/05/17 Max Horn

    A few fixes for OS X.

    1) select()ing on a pcap FD doesn't always work.  Advice from
       tcpdump mailing list archive is to put it into non-blocking
       mode and ignore the select() return value.

    2) Added $(LDFLAGS) to link command line in Makefile to have
       dnstop linked with specific libraries.  LDFLAGS will be
       picked up from the environment.

    3) OS X needs to #include <arpa/nameser_compat.h>

2006/04/24 Duane Wessels
	
    Adriaan Peeters reported that the list of known TLDs is
    out-of-date.  In particular, the .EU domain is not in the list.
	
2005/04/05 Duane Wessels

    Mark Foster found a bug with the source+SLD list.  It was being
    updated for 3RD-level domain names as well.  Mark also suggested
    that the '@' key should display the source+SLD screen, just as
    '3' and '#' work for 3RD-level.

2005/01/21 Sam Norris

    Added support for third-level domain statistics.  Use the -t
    command line option to enable collection of 3rd-level stats,
    and use '3' while running to display them.  Note that enabling
    3rd-level stats collection does not automatically also enable
    2nd-level stats.

2005/01/13 Duane Wessels

    Added a non-interactive mode.  If you specify a savefile and
    stdout is not a TTY, dnstop prints each table at the end.

2004/03/09 Duane Wessels

    Added filter support.  Filters can be used to restrict the input
    stream to queries with certain characteristics.  The currently
    defined filters are:

    unknown-tlds        Only includes queries for TLDs that are
			bogus.  Useful for identifying hosts/servers
			that leak queries for things like "localhost"
			or "workgroup."

    A-for-A             Only includes A queries for names that are
			already IP addresses.  Certain Microsoft
			Windows DNS servers have a known bug that
			forward these queries.

    rfc1918-ptr         PTR queries for addresses in RFC1918 space.
			These should never leak from inside an
			organization.

2003/11/13 Mark Foster <mark@foster.cc>

    Added 'c' to display options. This screen will combine the
    source and sld fields to show "who is querying for what" -
    reason: we see alot of duplicate querys for whatever reason.
    This will help separate the legitimate queries from the broken
    resolvers, etc. See http://www.circleid.com/article/102_0_1_0_C/
    for more about that.