From 312f50f5d923130532a01020c60a3822bd71caae Mon Sep 17 00:00:00 2001 From: Jan Wagner Date: Sat, 4 Nov 2006 19:54:02 +0000 Subject: [PATCH 001/136] make daniel happy --- LICENSE | 281 ++++++++++++++ README | 74 ++++ configure.pl | 19 + debian/changelog | 5 + debian/compat | 1 + debian/control | 23 ++ debian/copyright | 30 ++ debian/default | 7 + debian/dns-flood-detector.8 | 70 ++++ debian/docs | 1 + debian/init.d | 63 +++ debian/rules | 66 ++++ debian/watch | 2 + dns_flood_detector.c | 742 ++++++++++++++++++++++++++++++++++++ dns_flood_detector.h | 65 ++++ dnsflood | 36 ++ makefiles/Makefile-BSDI | 11 + makefiles/Makefile-FreeBSD | 11 + makefiles/Makefile-Linux | 11 + makefiles/Makefile-OSX | 11 + makefiles/Makefile-Solaris | 11 + 21 files changed, 1540 insertions(+) create mode 100644 LICENSE create mode 100644 README create mode 100755 configure.pl create mode 100644 debian/changelog create mode 100644 debian/compat create mode 100644 debian/control create mode 100644 debian/copyright create mode 100644 debian/default create mode 100644 debian/dns-flood-detector.8 create mode 100644 debian/docs create mode 100644 debian/init.d create mode 100755 debian/rules create mode 100644 debian/watch create mode 100644 dns_flood_detector.c create mode 100644 dns_flood_detector.h create mode 100755 dnsflood create mode 100644 makefiles/Makefile-BSDI create mode 100644 makefiles/Makefile-FreeBSD create mode 100644 makefiles/Makefile-Linux create mode 100644 makefiles/Makefile-OSX create mode 100644 makefiles/Makefile-Solaris diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000..69e1d93 --- /dev/null +++ b/LICENSE @@ -0,0 +1,281 @@ + GNU GENERAL PUBLIC LICENSE + Version 2, June 1991 + + Copyright (C) 1989, 1991 Free Software Foundation, Inc. + 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + Everyone is permitted to copy and distribute verbatim copies + of this license document, but changing it is not allowed. + + Preamble + + The licenses for most software are designed to take away your +freedom to share and change it. By contrast, the GNU General Public +License is intended to guarantee your freedom to share and change free +software--to make sure the software is free for all its users. This +General Public License applies to most of the Free Software +Foundation's software and to any other program whose authors commit to +using it. (Some other Free Software Foundation software is covered by +the GNU Library General Public License instead.) You can apply it to +your programs, too. + + When we speak of free software, we are referring to freedom, not +price. Our General Public Licenses are designed to make sure that you +have the freedom to distribute copies of free software (and charge for +this service if you wish), that you receive source code or can get it +if you want it, that you can change the software or use pieces of it +in new free programs; and that you know you can do these things. + + To protect your rights, we need to make restrictions that forbid +anyone to deny you these rights or to ask you to surrender the rights. +These restrictions translate to certain responsibilities for you if you +distribute copies of the software, or if you modify it. + + For example, if you distribute copies of such a program, whether +gratis or for a fee, you must give the recipients all the rights that +you have. You must make sure that they, too, receive or can get the +source code. And you must show them these terms so they know their +rights. + + We protect your rights with two steps: (1) copyright the software, and +(2) offer you this license which gives you legal permission to copy, +distribute and/or modify the software. + + Also, for each author's protection and ours, we want to make certain +that everyone understands that there is no warranty for this free +software. If the software is modified by someone else and passed on, we +want its recipients to know that what they have is not the original, so +that any problems introduced by others will not reflect on the original +authors' reputations. + + Finally, any free program is threatened constantly by software +patents. We wish to avoid the danger that redistributors of a free +program will individually obtain patent licenses, in effect making the +program proprietary. To prevent this, we have made it clear that any +patent must be licensed for everyone's free use or not licensed at all. + + The precise terms and conditions for copying, distribution and +modification follow. + + GNU GENERAL PUBLIC LICENSE + TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION + + 0. This License applies to any program or other work which contains +a notice placed by the copyright holder saying it may be distributed +under the terms of this General Public License. The "Program", below, +refers to any such program or work, and a "work based on the Program" +means either the Program or any derivative work under copyright law: +that is to say, a work containing the Program or a portion of it, +either verbatim or with modifications and/or translated into another +language. (Hereinafter, translation is included without limitation in +the term "modification".) Each licensee is addressed as "you". + +Activities other than copying, distribution and modification are not +covered by this License; they are outside its scope. The act of +running the Program is not restricted, and the output from the Program +is covered only if its contents constitute a work based on the +Program (independent of having been made by running the Program). +Whether that is true depends on what the Program does. + + 1. You may copy and distribute verbatim copies of the Program's +source code as you receive it, in any medium, provided that you +conspicuously and appropriately publish on each copy an appropriate +copyright notice and disclaimer of warranty; keep intact all the +notices that refer to this License and to the absence of any warranty; +and give any other recipients of the Program a copy of this License +along with the Program. + +You may charge a fee for the physical act of transferring a copy, and +you may at your option offer warranty protection in exchange for a fee. + + 2. You may modify your copy or copies of the Program or any portion +of it, thus forming a work based on the Program, and copy and +distribute such modifications or work under the terms of Section 1 +above, provided that you also meet all of these conditions: + + a) You must cause the modified files to carry prominent notices + stating that you changed the files and the date of any change. + + b) You must cause any work that you distribute or publish, that in + whole or in part contains or is derived from the Program or any + part thereof, to be licensed as a whole at no charge to all third + parties under the terms of this License. + + c) If the modified program normally reads commands interactively + when run, you must cause it, when started running for such + interactive use in the most ordinary way, to print or display an + announcement including an appropriate copyright notice and a + notice that there is no warranty (or else, saying that you provide + a warranty) and that users may redistribute the program under + these conditions, and telling the user how to view a copy of this + License. (Exception: if the Program itself is interactive but + does not normally print such an announcement, your work based on + the Program is not required to print an announcement.) + +These requirements apply to the modified work as a whole. If +identifiable sections of that work are not derived from the Program, +and can be reasonably considered independent and separate works in +themselves, then this License, and its terms, do not apply to those +sections when you distribute them as separate works. But when you +distribute the same sections as part of a whole which is a work based +on the Program, the distribution of the whole must be on the terms of +this License, whose permissions for other licensees extend to the +entire whole, and thus to each and every part regardless of who wrote it. + +Thus, it is not the intent of this section to claim rights or contest +your rights to work written entirely by you; rather, the intent is to +exercise the right to control the distribution of derivative or +collective works based on the Program. + +In addition, mere aggregation of another work not based on the Program +with the Program (or with a work based on the Program) on a volume of +a storage or distribution medium does not bring the other work under +the scope of this License. + + 3. You may copy and distribute the Program (or a work based on it, +under Section 2) in object code or executable form under the terms of +Sections 1 and 2 above provided that you also do one of the following: + + a) Accompany it with the complete corresponding machine-readable + source code, which must be distributed under the terms of Sections + 1 and 2 above on a medium customarily used for software interchange; or, + + b) Accompany it with a written offer, valid for at least three + years, to give any third party, for a charge no more than your + cost of physically performing source distribution, a complete + machine-readable copy of the corresponding source code, to be + distributed under the terms of Sections 1 and 2 above on a medium + customarily used for software interchange; or, + + c) Accompany it with the information you received as to the offer + to distribute corresponding source code. (This alternative is + allowed only for noncommercial distribution and only if you + received the program in object code or executable form with such + an offer, in accord with Subsection b above.) + +The source code for a work means the preferred form of the work for +making modifications to it. For an executable work, complete source +code means all the source code for all modules it contains, plus any +associated interface definition files, plus the scripts used to +control compilation and installation of the executable. However, as a +special exception, the source code distributed need not include +anything that is normally distributed (in either source or binary +form) with the major components (compiler, kernel, and so on) of the +operating system on which the executable runs, unless that component +itself accompanies the executable. + +If distribution of executable or object code is made by offering +access to copy from a designated place, then offering equivalent +access to copy the source code from the same place counts as +distribution of the source code, even though third parties are not +compelled to copy the source along with the object code. + + 4. You may not copy, modify, sublicense, or distribute the Program +except as expressly provided under this License. Any attempt +otherwise to copy, modify, sublicense or distribute the Program is +void, and will automatically terminate your rights under this License. +However, parties who have received copies, or rights, from you under +this License will not have their licenses terminated so long as such +parties remain in full compliance. + + 5. You are not required to accept this License, since you have not +signed it. However, nothing else grants you permission to modify or +distribute the Program or its derivative works. These actions are +prohibited by law if you do not accept this License. Therefore, by +modifying or distributing the Program (or any work based on the +Program), you indicate your acceptance of this License to do so, and +all its terms and conditions for copying, distributing or modifying +the Program or works based on it. + + 6. Each time you redistribute the Program (or any work based on the +Program), the recipient automatically receives a license from the +original licensor to copy, distribute or modify the Program subject to +these terms and conditions. You may not impose any further +restrictions on the recipients' exercise of the rights granted herein. +You are not responsible for enforcing compliance by third parties to +this License. + + 7. If, as a consequence of a court judgment or allegation of patent +infringement or for any other reason (not limited to patent issues), +conditions are imposed on you (whether by court order, agreement or +otherwise) that contradict the conditions of this License, they do not +excuse you from the conditions of this License. If you cannot +distribute so as to satisfy simultaneously your obligations under this +License and any other pertinent obligations, then as a consequence you +may not distribute the Program at all. For example, if a patent +license would not permit royalty-free redistribution of the Program by +all those who receive copies directly or indirectly through you, then +the only way you could satisfy both it and this License would be to +refrain entirely from distribution of the Program. + +If any portion of this section is held invalid or unenforceable under +any particular circumstance, the balance of the section is intended to +apply and the section as a whole is intended to apply in other +circumstances. + +It is not the purpose of this section to induce you to infringe any +patents or other property right claims or to contest validity of any +such claims; this section has the sole purpose of protecting the +integrity of the free software distribution system, which is +implemented by public license practices. Many people have made +generous contributions to the wide range of software distributed +through that system in reliance on consistent application of that +system; it is up to the author/donor to decide if he or she is willing +to distribute software through any other system and a licensee cannot +impose that choice. + +This section is intended to make thoroughly clear what is believed to +be a consequence of the rest of this License. + + 8. If the distribution and/or use of the Program is restricted in +certain countries either by patents or by copyrighted interfaces, the +original copyright holder who places the Program under this License +may add an explicit geographical distribution limitation excluding +those countries, so that distribution is permitted only in or among +countries not thus excluded. In such case, this License incorporates +the limitation as if written in the body of this License. + + 9. The Free Software Foundation may publish revised and/or new versions +of the General Public License from time to time. Such new versions will +be similar in spirit to the present version, but may differ in detail to +address new problems or concerns. + +Each version is given a distinguishing version number. If the Program +specifies a version number of this License which applies to it and "any +later version", you have the option of following the terms and conditions +either of that version or of any later version published by the Free +Software Foundation. If the Program does not specify a version number of +this License, you may choose any version ever published by the Free Software +Foundation. + + 10. If you wish to incorporate parts of the Program into other free +programs whose distribution conditions are different, write to the author +to ask for permission. For software which is copyrighted by the Free +Software Foundation, write to the Free Software Foundation; we sometimes +make exceptions for this. Our decision will be guided by the two goals +of preserving the free status of all derivatives of our free software and +of promoting the sharing and reuse of software generally. + + NO WARRANTY + + 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY +FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN +OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES +PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED +OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS +TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE +PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, +REPAIR OR CORRECTION. + + 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING +WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR +REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, +INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING +OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED +TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY +YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER +PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE +POSSIBILITY OF SUCH DAMAGES. + + END OF TERMS AND CONDITIONS + diff --git a/README b/README new file mode 100644 index 0000000..17217d1 --- /dev/null +++ b/README @@ -0,0 +1,74 @@ +DNS FLood Detector 1.10 +Dennis Opacki +dopacki@adotout.com + + +What is DNS Flood Detector? + +DNS Flood Detector was developed to detect abusive usage levels on high +traffic nameservers and to enable quick response to the use of one's +nameserver to facilitate spam. DNS Flood Detector is distributed under the +Gnu Public License (see included LICENSE file for details). + +How does it work? + +DNS Flood Detector uses libpcap (in non-promiscuous mode) to monitor +incoming dns queries to a nameserver. The tool may be run in one of two +modes, either daemon mode or "bindsnap" mode. In daemon mode, the tool +will alarm via syslog. In bindsnap mode, the user is able to get +near-real-time stats on usage to aid in more detailed troubleshooting. + +How do I build it? + +Execute ./configure.pl to select the appropriate make target. Then simply +type "make". + +Why was it written? + +I wrote DNS Flood Detector because the fifty or so public recursive +nameservers I am responsible for were being abused by both customers and +non-customers. DNS Flood Detector allows for prompt action when anomalous +conditions are detected. + +What do I need to use it? + +You need libpcap and a little bit of patience. + +What platforms does it work on? + +Linux, BSDI, FreeBSD, Mac OSX, Solaris + +Will it run under Windows {95,98,NT,2000,XP}? + +Maybe. I haven't tried. If it doesn't, feel free to submit a fix. + +What does it look like? + +Usage: ./dns_flood_detector [OPTION] + +-i IFNAME specify interface to listen on +-t N alarm at >N queries per second +-a N reset alarm after N seconds +-w N calculate stats every N seconds +-x N create N buckets +-m N mark total query rate every N seconds +-b run in foreground in bindsnap mode +-d run in background in daemon mode +-v verbose output - use again for more verbosity +-h display this usage information + +Sample Output: + +dopacki:~$ sudo ./dns_flood_detector -v -v -b -t10 +[15:14:56] source [192.168.1.45] - 0 qps tcp : 24 qps udp [8 qps A] [16 +qps PTR] +[15:14:56] source [10.0.24.2] - 0 qps tcp : 15 qps udp [15 qps A] +[15:15:06] source [192.168.1.45] - 0 qps tcp : 24 qps udp [8 qps A] [16 +qps PTR] +[15:15:06] source [10.0.24.2] - 0 qps tcp : 15 qps udp [14 qps A] +[15:15:16] source [192.168.1.45] - 0 qps tcp : 23 qps udp [7 qps A] [15 +qps PTR] + +What if I have questions? + +You can e-mail me at dopacki@adotout.com diff --git a/configure.pl b/configure.pl new file mode 100755 index 0000000..66648ba --- /dev/null +++ b/configure.pl @@ -0,0 +1,19 @@ +#!/usr/bin/perl + +use strict; + +my $os = shift; + +# get target listings +opendir(MAKE_TARGETS,'./makefiles'); +my @targets = grep { /Makefile/ && -f './makefiles/'.$_ && s/^Makefile-// } readdir(MAKE_TARGETS); +closedir(MAKE_TARGETS); + +# display usage +unless ($os && grep{/$os/}@targets) {print< Fri, 3 Nov 2006 12:39:42 +0100 diff --git a/debian/compat b/debian/compat new file mode 100644 index 0000000..7ed6ff8 --- /dev/null +++ b/debian/compat @@ -0,0 +1 @@ +5 diff --git a/debian/control b/debian/control new file mode 100644 index 0000000..5425949 --- /dev/null +++ b/debian/control @@ -0,0 +1,23 @@ +Source: dns-flood-detector +Section: net +Priority: optional +Maintainer: Jan Wagner +Build-Depends: debhelper (>= 5), libpcap0.8-dev +Standards-Version: 3.7.2 + +Package: dns-flood-detector +Architecture: any +Depends: ${misc:Depends} +Description: detect abusive usage levels on high traffic nameservers + This package provides the dns-flood-detector daemon. + . + It was developed to detect abusive usage levels on high traffic nameservers + and to enable quick response in halting the use of one's nameserver to + facilitate spam. + It uses libpcap (in non-promiscuous mode) to monitor incoming dns queries to a + nameserver. The tool may be run in one of two modes, either daemon mode or + "bindsnap" mode. In daemon mode, the tool will alarm via syslog. In bindsnap + mode, the user is able to get near-real-time stats on usage to aid in more + detailed troubleshooting. + . + Homepage: diff --git a/debian/copyright b/debian/copyright new file mode 100644 index 0000000..40063bb --- /dev/null +++ b/debian/copyright @@ -0,0 +1,30 @@ +This package was debianized by Jan Wagner on +Fri, 3 Nov 2006 12:39:42 +0100. + +It was downloaded from + +Upstream Author: Dennis Opacki + +Copyright: (C) 2003 Dennis Opacki + +License: + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA + +On Debian systems, the complete text of the GNU General Public License +can be found in /usr/share/common-licenses/GPL file. + +The Debian packaging is (C) 2006, Jan Wagner and +is licensed under the GPL, see `/usr/share/common-licenses/GPL'. diff --git a/debian/default b/debian/default new file mode 100644 index 0000000..977f5d7 --- /dev/null +++ b/debian/default @@ -0,0 +1,7 @@ +# Defaults for dns-flood-detector initscript +# sourced by /etc/init.d/dns-flood-detector +# installed at /etc/default/dns-flood-detector by the maintainer scripts + +# options that are passed to the Daemon. +# here: daemon mode, be more verbose, alarm at > 5/s, stats every 3 secs +DAEMON_OPTS="-d -v -v -t5 -w3" diff --git a/debian/dns-flood-detector.8 b/debian/dns-flood-detector.8 new file mode 100644 index 0000000..e7a9cad --- /dev/null +++ b/debian/dns-flood-detector.8 @@ -0,0 +1,70 @@ +.TH DNS-FLOOD-DETECTOR 8 "2006-11-03" "1.10" "dns flood detection tool" + +.SH NAME +DNS-FLOOD-DETECTOR \- dns flood detection and alert tool + +.SH SYNOPSIS +.B dns-flood-detector +.RB [\| \-b \||\| \-d \|] +.RB [\| \-v \|] +.RB [\| \-h \|] +.RB [\| \-i +.IR device \|] +.RB [\| -t +.IR n \|] +.RB [\| -a +.IR n \|] +.RB [\| -w +.IR n \|] +.RB [\| -x +.IR n \|] +.RB [\| -m +.IR n \|] + +.SH DESCRIPTION +.B DNS Flood Detector +was developed to detect abusive usage levels on high traffic nameservers and to +enable quick response to the use of one's nameserver to facilitate spam. + +.SH OPTIONS +.B +.TP +.B \-b +run in foreground in bindsnap mode +.TP +.B \-d +run in background in daemon mode +.TP +.B \-v +verbose output \- use again for more verbosity +.TP +.B \-h +display help +.TP +.B \-i device +specify device name to listen on +.TP +.B \-t n +alarm at >n queries per second +.TP +.B \-a n +reset alarm after n seconds +.TP +.B \-w n +calculate stats every n seconds +.TP +.B \-x n +create n buckets +.TP +.B \-m n +report overall stats every n seconds + +.SH SEE ALSO +.B Website + + +.SH AUTHOR +DNS-FLOOD-DETECTOR was written by Dennis Opacki . +.PP +This manual page was written by Jan Wagner , +for the Debian project (but may be used by others). diff --git a/debian/docs b/debian/docs new file mode 100644 index 0000000..e845566 --- /dev/null +++ b/debian/docs @@ -0,0 +1 @@ +README diff --git a/debian/init.d b/debian/init.d new file mode 100644 index 0000000..4bb88b2 --- /dev/null +++ b/debian/init.d @@ -0,0 +1,63 @@ +#!/bin/sh +# Written by Miquel van Smoorenburg . +# Modified for Debian +# by Ian Murdock . +# +# Version: @(#)skeleton 1.9 26-Feb-2001 miquels@cistron.nl +# /etc/init.d/dns-flood-detector: v1 2006/11/03 Jan Wagner + +### BEGIN INIT INFO +# Provides: dns-flood-detector +# Required-Start: $local_fs $network $remote_fs $syslog +# Required-Stop: $local_fs $network $remote_fs $syslog +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: start and stop the dns-flood-detector daemon +# Description: detect abusive usage levels on high traffic nameservers +### END INIT INFO + +PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin +DAEMON=/usr/sbin/dns-flood-detector +NAME=dns-flood-detector +DESC=dns-flood-detector + +test -x $DAEMON || exit 0 + +# Include dns-flood-detector defaults if available +if [ -f /etc/default/dns-flood-detector ] ; then + . /etc/default/dns-flood-detector +fi + +set -e + +case "$1" in + start) + echo -n "Starting $DESC: " + start-stop-daemon --start --quiet --pidfile /var/run/$NAME.pid \ + --exec $DAEMON -- $DAEMON_OPTS + echo "$NAME." + ;; + stop) + echo -n "Stopping $DESC: " + start-stop-daemon --stop --quiet --pidfile /var/run/$NAME.pid \ + --exec $DAEMON + echo "$NAME." + ;; + restart|force-reload) + echo -n "Restarting $DESC: " + start-stop-daemon --stop --quiet --pidfile \ + /var/run/$NAME.pid --exec $DAEMON + sleep 1 + start-stop-daemon --start --quiet --pidfile \ + /var/run/$NAME.pid --exec $DAEMON -- $DAEMON_OPTS + echo "$NAME." + ;; + *) + N=/etc/init.d/$NAME + # echo "Usage: $N {start|stop|restart|reload|force-reload}" >&2 + echo "Usage: $N {start|stop|restart|force-reload}" >&2 + exit 1 + ;; +esac + +exit 0 diff --git a/debian/rules b/debian/rules new file mode 100755 index 0000000..647520c --- /dev/null +++ b/debian/rules @@ -0,0 +1,66 @@ +#!/usr/bin/make -f +# written by Jan Wagner +# +# Uncomment this to turn on verbose mode. +#export DH_VERBOSE=1 + +CFLAGS += -D_BSD_SOURCE -Wall -g +LDLIBS += -lpcap -lpthread -lm + +ifneq (,$(findstring noopt,$(DEB_BUILD_OPTIONS))) + CFLAGS += -O0 +else + CFLAGS += -O2 +endif + +build: build-stamp +build-stamp: + dh_testdir + # Add here commands to compile the package. + $(CC) $(CFLAGS) dns_flood_detector.c $(LDLIBS) -o dns_flood_detector + + touch $@ + +clean: + dh_testdir + dh_testroot + rm -f build-stamp + + # Add here commands to clean up after the build process. + rm -rf dns_flood_detector *.o *~ + + dh_clean + +install: build + dh_testdir + dh_testroot + dh_clean -k + dh_installdirs + + # Add here commands to install the package into debian/dns-flood-detector. + install -D -m 0755 dns_flood_detector debian/dns-flood-detector/usr/bin/dns-flood-detector + +# Build architecture-independent files here. +binary-indep: build install +# We have nothing to do by default. + +# Build architecture-dependent files here. +binary-arch: build install + dh_testdir + dh_testroot + dh_installchangelogs + dh_installdocs + dh_installinit -- defaults 40 + dh_installman debian/dns-flood-detector.8 + dh_link + dh_strip + dh_compress + dh_fixperms + dh_installdeb + dh_shlibdeps + dh_gencontrol + dh_md5sums + dh_builddeb + +binary: binary-indep binary-arch +.PHONY: build clean binary-indep binary-arch binary install diff --git a/debian/watch b/debian/watch new file mode 100644 index 0000000..76ed60b --- /dev/null +++ b/debian/watch @@ -0,0 +1,2 @@ +version=3 +http://www.adotout.com/dnsflood-(.*)\.tgz diff --git a/dns_flood_detector.c b/dns_flood_detector.c new file mode 100644 index 0000000..2ee083e --- /dev/null +++ b/dns_flood_detector.c @@ -0,0 +1,742 @@ +/******************************************************************************** + + Program: dns_flood_detector.c + Author: Dennis Opacki + Date: Tue Mar 18 16:46:53 EST 2003 + Purpose: Monitor DNS servers for abusive usage levels + and alarm to syslog + + compile with: + gcc -o dns_flood_detector -lpcap -lpthread -lm dns_flood_detector.c + + command-line options: + + -i ifname specify interface to listen on (default lets pcap pick) + -t n alarm when more than n queries per second are observed + (default 40) + -a n wait for n seconds before alarming again on same source + (default 90) + -w n calculate statistics every n seconds + (default 10) + -x n use n buckets + (default 50) + -m n mark overall query rate every n seconds + (default disabled) + -b run in foreground in "bindsnap" mode + -d run in background in "daemon" mode + -v detailed information (use twice for more detail) + -h usage info + + Copyright (C) 2003 Dennis Opacki + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + + --- new in v1.05 --- + 8/18/2003 - FreeBSD target - Jim Westfall + 8/18/2003 - Moved to getopt(3) for compatibility + 8/19/2003 - Added OSX/BSDI make targets - + Added ability to specify inteface - + + --- new in v1.06 --- + 8/20/2003 - Added Solaris9 make target - + 8/26/2003 - Fixed tcp qdcount bug - + + --- new in v1.07 --- + 8/27/2003 - Fixed alarm reset bug - + 8/28/2003 - Added malloc_fail function - + 8/28/2003 - Added mutex thread locking - + 8/30/2003 - Fixed wierd qtype segfault - + + + --- new in v1.08 --- + 9/02/2003 - Added -v -v output in daemon mode - + + --- new in v1.09 --- + 10/19/2003 - Added stdout flushing to bindsnap mode - + 10/19/2003 - Changed logging priority to LOG_NOTICE - + 10/19/2003 - Fixed low traffic verbose logging bugs - + + --- new in v1.10 --- + 10/22/2003 - Added 'mark status' option via '-m' - + 10/23/2003 - Code cleanup in verbose syslogging - + +********************************************************************************/ + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#ifdef __bsdi__ +#include +#else +#ifdef __sun__ +#include +#else +#include +#endif +#endif +#include +#include +#include +#include +#include +#include +#include "dns_flood_detector.h" + +// global variables and their defaults +pthread_mutex_t stats_lock; +struct bucket **bb; +int option_t = 60; +int option_a = 90; +int option_w = 10; +int option_x = 50; +int option_m = 0; +int option_b = 0; +int option_d = 0; +int option_v = 0; +int option_h = 0; +int totals = 0; +char VERSION[] = "1.10"; + +// this is our statistics thread +void *run_stats () { + while (1) { + + // check statistical stuff + pthread_mutex_lock(&stats_lock); + calculate_averages(); + pthread_mutex_unlock(&stats_lock); + + sleep (option_w); + } +} + +// calculate the running average within each bucket +int calculate_averages() { + u_int i,j,delta,cursize,newsize,qps; + char st_time[10]; + time_t now = time(0); + u_int types[] = {1,2,5,6,12,15,252,0}; + u_char *type; + u_char *target; + char *names[] = {"A","NS","CNAME","SOA","PTR","MX","AXFR",""}; + struct tm *raw_time = localtime(&now); + snprintf(st_time, 9, "%02d:%02d:%02d",raw_time->tm_hour,raw_time->tm_min,raw_time->tm_sec); + + for (i=0; iip_addr != NULL ) { + delta = now - bb[i]->first_packet; + + // let's try to avoid a divide-by-zero, shall we? + if (delta > 1 ) { + + // round our average and save it in the bucket + bb[i]->qps = (int)ceil( (float)((((float)bb[i]->tcp_count) + bb[i]->udp_count) / delta)); + + // handle threshold crossing + if ( bb[i]->qps > option_t ) { + + + // display detail to either syslog or stdout + if ( option_b ) { + if ( ! option_v ) { + printf("[%s] source [%s] - %d qps\n",st_time,bb[i]->ip_addr,bb[i]->qps); + fflush(stdout); + } + else { + printf("[%s] source [%s] - %d qps tcp : %d qps udp ",st_time,bb[i]->ip_addr, + (int)ceil( (float)(bb[i]->tcp_count/delta)), + (int)ceil( (float)(bb[i]->udp_count/delta)) + ); + if ( option_v >1 ) { + for (j=0;types[j];j++) { + if ((int)ceil((float)(bb[i]->qstats[types[j]]/delta))){ + printf("[%d qps %s] ",(int)ceil((float)(bb[i]->qstats[types[j]]/delta)),names[j]); + } + } + } + printf("\n"); + fflush(stdout); + } + } + else { + // if running in background, use alarm reset timer + if ((now-bb[i]->alarm_set)>option_a) { + + // display appropriate level of detail via syslog + if ( ! option_v ) { + syslog(LOG_NOTICE,"source [%s] - %d qps\n",bb[i]->ip_addr,bb[i]->qps); + } + else if (option_v > 1) { + target = (char *)malloc(sizeof(char)*MAXSYSLOG); + newsize = MAXSYSLOG; + cursize = snprintf(target,newsize,"source [%s] - %d tcp qps : %d udp qps ",bb[i]->ip_addr, + (int)ceil( (float)(bb[i]->tcp_count/delta)), + (int)ceil( (float)(bb[i]->udp_count/delta)) + ); + newsize-=cursize; + + for (j=0;types[j];j++ ) { + qps = (u_int)ceil((float)(bb[i]->qstats[types[j]]/delta)); + if ( ( qps > 0) && ( newsize > 1 ) ) { + cursize = snprintf(target+(MAXSYSLOG-newsize),newsize,"[%d qps %s] ",qps,names[j]); + newsize-=cursize; + } + } + if (newsize <= 0 ) { + target[MAXSYSLOG-1]='\0'; + } + syslog(LOG_NOTICE,"%s",target); + free(target); + } + else { + syslog(LOG_NOTICE,"source [%s] - %d tcp qps - %d udp qps\n",bb[i]->ip_addr, + (int)ceil( (float)(bb[i]->tcp_count/delta)), + (int)ceil( (float)(bb[i]->udp_count/delta)) + ); + } + + // reset alarm + bb[i]->alarm_set = now; + } + } + } + } + } + } + + // 'mark stats' if required and it is time + delta = now - bb[totals]->first_packet; + if ( (option_m > 0)&&(delta > 1)&&(delta >= option_m) ) { + + // handle bindsnap mode + if (option_b) { + printf("[%s] totals - %d qps tcp : %d qps udp ",st_time,(int)ceil( (float)(bb[totals]->tcp_count/delta)),(int)ceil( (float)(bb[totals]->udp_count/delta))); + if (option_v) { + for (j=0;types[j];j++) { + qps = (u_int)ceil((float)(bb[totals]->qstats[types[j]]/delta)); + if (qps){ + printf("[%d qps %s] ",qps,names[j]); + } + } + } + printf("\n"); + fflush(stdout); + } + else { + // agonizing high verbosity code + if (option_v) { + target = (char *)malloc(sizeof(char)*MAXSYSLOG); + newsize = MAXSYSLOG; + cursize = snprintf(target,newsize,"[totals] - %d tcp qps : %d udp qps ", + (int)ceil( (float)(bb[totals]->tcp_count/delta)), + (int)ceil( (float)(bb[totals]->udp_count/delta)) + ); + newsize-=cursize; + + for (j=0;types[j];j++ ) { + qps = (u_int)ceil((float)(bb[totals]->qstats[types[j]]/delta)); + if ( ( qps > 0) && ( newsize > 1 ) ) { + cursize = snprintf(target+(MAXSYSLOG-newsize),newsize,"[%d qps %s] ",qps,names[j]); + newsize-=cursize; + } + } + if (newsize <= 0 ) { + target[MAXSYSLOG-1]='\0'; + } + syslog(LOG_NOTICE,"%s",target); + free(target); + } + else { + syslog(LOG_NOTICE,"[totals] - %d tcp qps : %d udp qps\n", + (int)ceil( (float)(bb[totals]->tcp_count/delta)), + (int)ceil( (float)(bb[totals]->udp_count/delta)) + ); + } + } + scour_bucket(totals); + } + + return 1; +} + +// purge and initialize all buckets +void init_buckets() { + u_int i; + + // create bucket brigade (final bucket is for totals) + pthread_mutex_lock(&stats_lock); + if ( ( bb = malloc( sizeof(struct bucket *) * (option_x+1)) ) == NULL ) malloc_fail("bb", sizeof(struct bucket *) * (option_x+1)); + for (i=0; i <=option_x; i++ ) { + if ( ( bb[i] = (struct bucket *)malloc( sizeof(struct bucket) ) ) == NULL) malloc_fail("bb[i]", sizeof(struct bucket) ); + bb[i]->ip_addr=NULL; + scour_bucket(i); + } + pthread_mutex_unlock(&stats_lock); +} + +// clean out a bucket while avoiding obvious memory leak +int scour_bucket( int i ) { + int j; + + if ( bb[i]->ip_addr != NULL ) { + free ( bb[i]->ip_addr ); + } + bb[i]->ip_addr=NULL; + bb[i]->tcp_count=0; + bb[i]->udp_count=0; + bb[i]->qps=0; + bb[i]->first_packet=time(0); + bb[i]->last_packet=(time_t)0; + bb[i]->alarm_set=(time_t)0; + + for (j=0;j<256;j++) { + bb[i]->qstats[j]=0; + } + return 1; +} + +// add a packet to a bucket +int add_to_bucket ( char * ip_src, int ip_proto, int num_queries, u_int8_t qtype) { + int bucket = 0; + + // get the bucket to put packet in + pthread_mutex_lock(&stats_lock); + bucket = find_bucket(ip_src); + + // set bucket fields + bb[bucket]->last_packet = time(0); + if (ip_proto == 6 ) { + bb[bucket]->tcp_count+=num_queries; + bb[totals]->tcp_count+=num_queries; + } + else { + bb[bucket]->udp_count+=num_queries; + bb[totals]->udp_count+=num_queries; + } + + bb[bucket]->qstats[qtype]+=num_queries; + bb[totals]->qstats[qtype]+=num_queries; + pthread_mutex_unlock(&stats_lock); + + return 1; +} + +// figure out where to put this packet +int find_bucket(char *ip_src) { + int i, bucket=0; + time_t oldest=0; + + // look for an existing bucket for this IP + for (i=0; i< option_x; i++ ){ + // ip field of bucket is not null and seems to match the ip we are checking + if ((bb[i]->ip_addr != NULL)&&(strncmp(bb[i]->ip_addr, ip_src, strlen(bb[i]->ip_addr))==0)) { + return i; + } + } + + // look for unused buckets + for (i=0; i< option_x; i++ ) { + + // found an unused one - clean it, init it, and return it + if ( bb[i]->ip_addr == NULL ) { + scour_bucket(i); + if ( ( bb[i]->ip_addr = (char *)strdup(ip_src) ) == NULL) malloc_fail("bb[i]->ip_addr", strlen(ip_src) ); + return i; + } + + // find the most stagnant bucket in case we need it + // avoids another loop through the buckets + if ( ( bb[i]->last_packet != 0 ) && ((oldest==0)||( bb[i]->last_packet < oldest))) { + oldest = bb[i]->last_packet; + bucket = i; + } + } + + // use the most stagnant bucket since all are in use + // clean it, init it, and return it + scour_bucket(bucket); + if ( ( bb[bucket]->ip_addr = (char *)strdup(ip_src) ) == NULL) malloc_fail("bb[bucket]->ip_addr", strlen(ip_src) ); + + return bucket; +} + +// handle all packets we throw at it +void handle_IP(u_char *args, const struct pcap_pkthdr* pkthdr,const u_char* packet){ + const struct ip* ip; + const struct my_dns *dns; + const struct tcphdr *tcp; + const struct udphdr *udp; + u_int length = pkthdr->len; + u_int caplen = pkthdr->caplen; + u_int hlen,off,version; + unsigned char dname[NS_MAXDNAME]=""; + char *ip_src; + unsigned char *data; + u_int i,len,dpos; + u_int8_t qtype,qclass,tlen; + + // skip the ethernet header + length -= sizeof(struct ether_header); + + // make sure packet is a valid length + if (length < sizeof(struct ip)) { + return; + } + + // snap off the ip portion + ip = (struct ip*)(packet + sizeof(struct ether_header)); + + // get utility params for sanity checking + len = ntohs(ip->ip_len); + hlen = ip->ip_hl; + version = ip->ip_v; + + // let's not do ipv6 just yet + if(version != 4) { + return; + } + + // make sure we have a sane header length + if(hlen < 5 ) { + return; + } + + // do we have the everything we are supposed to? + if(length < len) { + return; + } + + // make sure we are only processing the first fragment + off = ntohs(ip->ip_off); + if((off & 0x1fff) == 0 ) { + + // get the source ip as a string (probably more efficient to use decimal) + ip_src = (char *)inet_ntoa(ip->ip_src); + + // process udp packets + if ( ip->ip_p == 17 ) { + udp = (struct udphdr *) ( (char *) packet + sizeof(struct ether_header)+ sizeof (struct ip) ); + + // try to make sure it is safe to cast packet into dns structure + if ( (sizeof(struct my_dns)+sizeof(struct ether_header)+sizeof(struct ip)+sizeof(struct udphdr)) >= caplen ) { + return; + } + else { + // populate dns header + dns = (struct my_dns *) ( (char *) packet + sizeof(struct ether_header) + sizeof (struct ip) + sizeof (struct udphdr) ); + data = (char *) packet +sizeof(struct ether_header) + sizeof (struct ip) + sizeof (struct udphdr) + sizeof(struct my_dns); + } + } + + // process tcp packets + else if ( ip->ip_p == 6 ) { + tcp = (struct tcphdr *) ( (char *) packet + sizeof(struct ether_header)+ sizeof (struct ip) ); + + // ignore packets without push flag set + if (! tcp->th_flags & TH_PUSH) return; + + // try to make sure it is safe to cast packet into dns structure + if ( (sizeof(struct my_dns)+sizeof(struct ether_header)+sizeof(struct ip)+(tcp->th_off * sizeof(u_int32_t))) >= caplen ) { + return; + } + else { + // populate dns header + dns = (struct my_dns *) ( (char *) packet + sizeof(struct ether_header)+ sizeof (struct ip) + (tcp->th_off * sizeof(u_int32_t))); + data = (char *) packet + sizeof(struct ether_header) + sizeof (struct ip) + (tcp->th_off * sizeof(u_int32_t)) + sizeof(struct my_dns); + } + } + + // hmm.. not tcp, not udp.. move on. + else { + return; + } + + // we only want queries, not responses + if ( dns->dns_flags1 & 0x80 ) { + return; + } + + // ignore seemingly bogus queries with multiple flags set + if ((ntohs(dns->dns_qdcount)>0)+(ntohs(dns->dns_ancount)>0)+(ntohs(dns->dns_nscount)>0)+(ntohs(dns->dns_arcount)>0)>1 ) { + return; + } + + // get the domain name and query type + tlen=dpos=0; + for (;(*data)&&((void *)data<((void *)packet+caplen-1)); data++) { + if (!tlen) tlen=*data; + for (;(tlen&&((void *)data<((void *)packet+caplen-1)));tlen--){ + data++; + if (dposdns_qdcount)&&qtype) { + add_to_bucket( ip_src, ip->ip_p, 1, qtype ); + } + } + return; +} + +// main logic +// some pcap code borrowed from http://www.cet.nau.edu/~mc8/Socket/Tutorials/section1.html +int main(int argc,char **argv){ + char *dev = NULL; + pthread_t thread; + char errbuf[PCAP_ERRBUF_SIZE]; + pcap_t* descr; + struct bpf_program fp; /* hold compiled program */ + bpf_u_int32 maskp=0; /* subnet mask */ + bpf_u_int32 netp=0; /* ip */ + char *filter = NULL; + char *dst_addr = NULL; + char *dst_mask = NULL; + struct sigaction sa; + struct in_addr addr; + u_int f_size; + char *args = NULL; + u_int c = 0; + + // loop through command line options and get options + while(1) { + int option_index = 0; + c = getopt(argc, argv,"i:t:a:w:x:m:bdvh"); + + if (c==-1) break; + switch(c) { + case 0: + break; + case 'i': + if (optarg) { + if ( ( dev = (char *)strdup(optarg) ) == NULL) malloc_fail("dev", strlen(optarg) ); + } + break; + case 't': + if (optarg) { + if ( abs (atoi(optarg)) > 0) { + option_t = abs( atoi(optarg)); + } + } + break; + case 'a': + if (optarg) { + if ( abs (atoi(optarg)) > 10) { + option_a = abs( atoi(optarg)); + } + } + break; + case 'w': + if (optarg) { + if ( abs (atoi(optarg)) > 1) { + option_w = abs( atoi(optarg)); + } + } + break; + case 'x': + if (optarg) { + if ( abs (atoi(optarg)) > 10) { + option_x = abs( atoi(optarg)); + } + } + break; + case 'm': + if (optarg) { + if ( abs (atoi(optarg)) > 0) { + option_m = abs( atoi(optarg)); + } + } + break; + case 'b': + option_b = 1; + break; + case 'd': + option_d = 1; + break; + case 'v': + option_v++; + break; + case 'h': + option_h = 1; + default: + break; + } + } + + // display usage info if needed + if (optindN queries per second\n"); + fprintf(stderr,"-a N reset alarm after N seconds\n"); + fprintf(stderr,"-w N calculate stats every N seconds\n"); + fprintf(stderr,"-x N create N buckets\n"); + fprintf(stderr,"-m N report overall stats every N seconds\n"); + fprintf(stderr,"-b run in foreground in bindsnap mode\n"); + fprintf(stderr,"-d run in background in daemon mode\n"); + fprintf(stderr,"-v verbose output - use again for more verbosity\n"); + fprintf(stderr,"-h display this usage information\n"); + exit(1); + } + + if ( ( ! option_d ) && ( ! option_b ) ) { + fprintf(stderr,"%s couldn't start\n",argv[0]); + fprintf(stderr,"You must specify either either -d (daemon) or -b (bindsnap)\n"); + exit(1); + } + // set up for daemonized operation unless running in bindsnap mode + if ( ! option_b ) { + openlog("dns_flood_detector",LOG_PID|LOG_CONS,LOG_DAEMON); + syslog(LOG_NOTICE,"dns_flood_detector starting"); + + // daemonize unless running in bindsnap mode + daemonize(); + + // set up signal handlers + sa.sa_handler=exit; + sa.sa_flags=0; + if(sigaction(SIGTERM,&sa,NULL)) { + syslog(LOG_ERR,"Unable to set signal handler: %s. Exiting.", + strerror(errno)); + } + } + + // find a valid device to open + if(dev == NULL && ( (dev=pcap_lookupdev(errbuf)) == NULL ) ){ + fprintf(stderr,"unable to bind to valid device\n"); + exit(1); + } + + // get network address and netmask for device + pcap_lookupnet(dev,&netp,&maskp,errbuf); + + // set up filter with local network + addr.s_addr = (unsigned long int)netp; + if ( ( dst_addr = (char *)malloc( strlen((char *)inet_ntoa(addr))+1) ) == NULL ) malloc_fail("dest_addr", strlen((char *)inet_ntoa(addr))+1 ); + strncpy(dst_addr,(char*)inet_ntoa(addr),strlen((char *)inet_ntoa(addr))); + dst_addr[strlen((char *)inet_ntoa(addr))]='\0'; + + addr.s_addr = (unsigned long int)maskp; + if ( ( dst_mask = (char *)malloc( strlen((char *)inet_ntoa(addr))+1) ) == NULL ) malloc_fail("dest_mask", strlen((char *)inet_ntoa(addr))+1 ); + strncpy(dst_mask,(char*)inet_ntoa(addr),strlen((char *)inet_ntoa(addr))); + dst_mask[strlen((char *)inet_ntoa(addr))]='\0'; + + f_size = strlen("port 53 and dst net mask ")+ strlen(dst_mask)+ strlen(dst_addr); + if ( ( filter = (char *) malloc ( f_size+1) ) == NULL ) malloc_fail( "filter", f_size+1 ); + snprintf( filter, f_size, "port 53 and dst net %s mask %s", dst_addr, dst_mask); + + free (dst_mask); + free (dst_addr); + + // open device for reading only local traffic + descr = pcap_open_live(dev,1500,0,1,errbuf); + if(descr == NULL) { + fprintf(stderr,"unable to open device %s\n",dev); + exit(1); + } + + // compile filter + if(pcap_compile(descr,&fp,filter,0,netp) == -1) { + exit(1); + } + + // set filter + if(pcap_setfilter(descr,&fp) == -1){ + exit(1); + } + + // initialize buckets and mark overall stats bucket + init_buckets(); + totals = option_x; + + // create mutex lock + if (pthread_mutex_init(&stats_lock, NULL) < 0) { + exit(1); + } + + // launch watcher thread + if (pthread_create (&thread, NULL, run_stats, (void *)0)) { + exit(1); + } + + // main pcap loop + pcap_loop(descr,-1,handle_IP,args); + + // done + closelog(); + return 0; +} + +// daemonize the process +int daemonize(void) { + pid_t pid; + int fd; + + fd=open("/dev/null",O_RDWR); + if(fd<0) { + syslog(LOG_ERR,"Failed to open /dev/null: %s. Exiting.",strerror(errno)); + exit(1); + } + + dup2(fd,0); + dup2(fd,1); + dup2(fd,2); + + if((pid=fork())<0) { + syslog(LOG_ERR,"Fork failed: %s. Exiting.",strerror(errno)); + exit(1); + } + else if (pid!=0) { + exit(0); + } + + setsid(); + chdir("/"); + umask(0); + return 0; +} + +int malloc_fail( char * var, int size ) { + // print error to stderr if running in bindsnap mode + if (option_b) { + fprintf(stderr, "our OS wouldn't let me malloc %d bytes for a new %s. giving up", size, var); + } + else { + syslog(LOG_ERR, "our OS wouldn't let me malloc %d bytes for a new %s. giving up", size, var); + } + exit(1); +} diff --git a/dns_flood_detector.h b/dns_flood_detector.h new file mode 100644 index 0000000..b968305 --- /dev/null +++ b/dns_flood_detector.h @@ -0,0 +1,65 @@ +/****************************************************************************** + + Program: dns_flood_detector.h + Author: Dennis Opacki + Date: Tue Mar 18 16:46:53 EST 2003 + Purpose: Monitor DNS servers for abusive usage levels + and alarm to syslog + + Copyright (C) 2003 Dennis Opacki + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*******************************************************************************/ + +// definitions +#ifndef ETHER_HDRLEN +#define ETHER_HDRLEN 14 +#endif +#define NS_MAXDNAME 1025 +#define MAXSYSLOG 128 + +// evil Solaris hack +#ifdef __sun__ +typedef uint8_t u_int8_t; +typedef uint16_t u_int16_t; +typedef uint32_t u_int32_t; +#endif + +// prototypes +void handle_IP(u_char *args,const struct pcap_pkthdr* pkthdr,const u_char* packet); + +// data structures +struct my_dns { + u_int16_t dns_id; /* query identification number */ + u_int8_t dns_flags1; /* first byte of flags */ + u_int8_t dns_flags2; /* second byte of flags */ + u_int16_t dns_qdcount; /* number of question entries */ + u_int16_t dns_ancount; /* number of answer entries */ + u_int16_t dns_nscount; /* number of authority entries */ + u_int16_t dns_arcount; /* number of resource entries */ +}; + +struct bucket { + char * ip_addr; + unsigned int tcp_count; + unsigned int udp_count; + unsigned int qps; + int qstats[256]; + time_t first_packet; + time_t last_packet; + time_t alarm_set; +}; + diff --git a/dnsflood b/dnsflood new file mode 100755 index 0000000..ebb7584 --- /dev/null +++ b/dnsflood @@ -0,0 +1,36 @@ +#! /bin/sh + +PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin + +test -f /usr/local/sbin/dns_flood_detector || exit 0 + +case "$1" in + start) + echo -n "Starting DNS flood detector: dns_flood_detector" + start-stop-daemon --start --quiet --exec /usr/local/sbin/dns_flood_detector -- -d + echo "." + ;; + stop) + echo -n "Stopping DNS flood detector: dns_flood_detector" + start-stop-daemon --stop --quiet --exec /usr/local/sbin/dns_flood_detector + killall dns_flood_detector + echo "." + ;; + restart|force-reload) + echo -n "Restarting DNS flood detector: dns_flood_detector... " + start-stop-daemon --stop --quiet --exec /usr/local/sbin/dns_flood_detector + sleep 2 + start-stop-daemon --stop --quiet --exec /usr/local/sbin/dns_flood_detector + sleep 4 + killall dns_flood_detector + sleep 2 + start-stop-daemon --start --quiet --exec /usr/local/sbin/dns_flood_detector -- -d + echo "done." + ;; + *) + echo "Usage: /etc/init.d/dnsflood {start|stop|restart|force-reload}" + exit 1 + ;; +esac + +exit 0 diff --git a/makefiles/Makefile-BSDI b/makefiles/Makefile-BSDI new file mode 100644 index 0000000..c21e536 --- /dev/null +++ b/makefiles/Makefile-BSDI @@ -0,0 +1,11 @@ +CFLAGS+=-O -g +LDLIBS=-lpcap -pthread -lm + +all: dns_flood_detector + strip dns_flood_detector +clean: + rm -rf dns_flood_detector *.o *~ +install: + cp dns_flood_detector /usr/local/sbin/ + +dns_flood_detector: dns_flood_detector.c diff --git a/makefiles/Makefile-FreeBSD b/makefiles/Makefile-FreeBSD new file mode 100644 index 0000000..c21e536 --- /dev/null +++ b/makefiles/Makefile-FreeBSD @@ -0,0 +1,11 @@ +CFLAGS+=-O -g +LDLIBS=-lpcap -pthread -lm + +all: dns_flood_detector + strip dns_flood_detector +clean: + rm -rf dns_flood_detector *.o *~ +install: + cp dns_flood_detector /usr/local/sbin/ + +dns_flood_detector: dns_flood_detector.c diff --git a/makefiles/Makefile-Linux b/makefiles/Makefile-Linux new file mode 100644 index 0000000..d4b3300 --- /dev/null +++ b/makefiles/Makefile-Linux @@ -0,0 +1,11 @@ +CFLAGS=-O -D_BSD_SOURCE -g +LDLIBS=-lpcap -lpthread -lm + +all: dns_flood_detector + strip dns_flood_detector +clean: + rm -rf dns_flood_detector *.o *~ +install: + cp dns_flood_detector /usr/local/sbin/ + +dns_flood_detector: dns_flood_detector.c diff --git a/makefiles/Makefile-OSX b/makefiles/Makefile-OSX new file mode 100644 index 0000000..009e06f --- /dev/null +++ b/makefiles/Makefile-OSX @@ -0,0 +1,11 @@ +CFLAGS+=-O -g -I/usr/local/include -I/usr/include +LDLIBS=-L/usr/local/lib -lpcap -lpthread -lm + +all: dns_flood_detector + strip dns_flood_detector +clean: + rm -rf dns_flood_detector *.o *~ +install: + cp dns_flood_detector /usr/local/sbin/ + +dns_flood_detector: dns_flood_detector.c diff --git a/makefiles/Makefile-Solaris b/makefiles/Makefile-Solaris new file mode 100644 index 0000000..9c8c9ec --- /dev/null +++ b/makefiles/Makefile-Solaris @@ -0,0 +1,11 @@ +CFLAGS+=-O -g -I/usr/local/include -I/usr/include +LDLIBS=-L/usr/local/lib -L/usr/lib -lpcap -lpthread -lm -lsocket -lnsl + +all: dns_flood_detector + strip dns_flood_detector +clean: + rm -rf dns_flood_detector *.o *~ +install: + cp dns_flood_detector /usr/local/sbin/ + +dns_flood_detector: dns_flood_detector.c From c99671a55be8ec30ea6126b058a51037bd4c0c04 Mon Sep 17 00:00:00 2001 From: Jan Wagner Date: Sat, 4 Nov 2006 19:58:18 +0000 Subject: [PATCH 002/136] final fix --- debian/control | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/debian/control b/debian/control index 5425949..e6850f0 100644 --- a/debian/control +++ b/debian/control @@ -7,7 +7,7 @@ Standards-Version: 3.7.2 Package: dns-flood-detector Architecture: any -Depends: ${misc:Depends} +Depends: ${shlibs:Depends} Description: detect abusive usage levels on high traffic nameservers This package provides the dns-flood-detector daemon. . From 1363c1805ec5fc7f785af9e99c727caf8ef48321 Mon Sep 17 00:00:00 2001 From: Jan Wagner Date: Sat, 4 Nov 2006 20:47:36 +0000 Subject: [PATCH 003/136] next release prepared --- debian/changelog | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/debian/changelog b/debian/changelog index d5cb003..d59dbf3 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,9 @@ +dns-flood-detector (1.10-2) unstable; urgency=low + + * NOT RELEASED YET + + -- Sat, 4 Nov 2006 21:46:03 +0100 + dns-flood-detector (1.10-1) unstable; urgency=low * Initial release (Closes: #396618). From a9b4686eb96da79856dfc1794cb7ff7fee95d0bb Mon Sep 17 00:00:00 2001 From: Jan Wagner Date: Thu, 9 Nov 2006 12:30:37 +0000 Subject: [PATCH 004/136] fix typo --- debian/changelog | 4 ++-- debian/init.d | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/debian/changelog b/debian/changelog index d59dbf3..bccb037 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,8 +1,8 @@ dns-flood-detector (1.10-2) unstable; urgency=low - * NOT RELEASED YET + * fixed typo in initscript - -- Sat, 4 Nov 2006 21:46:03 +0100 + -- Jan Wagner Sat, 4 Nov 2006 21:46:03 +0100 dns-flood-detector (1.10-1) unstable; urgency=low diff --git a/debian/init.d b/debian/init.d index 4bb88b2..38a1226 100644 --- a/debian/init.d +++ b/debian/init.d @@ -17,7 +17,7 @@ ### END INIT INFO PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin -DAEMON=/usr/sbin/dns-flood-detector +DAEMON=/usr/bin/dns-flood-detector NAME=dns-flood-detector DESC=dns-flood-detector From ed29e94356828b3a95a780b98b051dcf7af311d2 Mon Sep 17 00:00:00 2001 From: Jan Wagner Date: Thu, 9 Nov 2006 19:49:24 +0000 Subject: [PATCH 005/136] release --- debian/changelog | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/debian/changelog b/debian/changelog index bccb037..b65507d 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,9 @@ +dns-flood-detector (1.10-3) UNRELEASED; urgency=low + + * NOT RELEASED YET + + -- Jan Wagner Thu, 9 Nov 2006 20:49:10 +0100 + dns-flood-detector (1.10-2) unstable; urgency=low * fixed typo in initscript From 15ce237b6c28c3e4a83c2431fe99caad4cfa710d Mon Sep 17 00:00:00 2001 From: Jan Wagner Date: Thu, 9 Nov 2006 20:59:56 +0000 Subject: [PATCH 006/136] fix initscript --- debian/changelog | 4 ++-- debian/init.d | 2 ++ 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/debian/changelog b/debian/changelog index b65507d..4e67d67 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,6 +1,6 @@ -dns-flood-detector (1.10-3) UNRELEASED; urgency=low +dns-flood-detector (1.10-3) unstable; urgency=low - * NOT RELEASED YET + * using killall in init script to get daemon stopped -- Jan Wagner Thu, 9 Nov 2006 20:49:10 +0100 diff --git a/debian/init.d b/debian/init.d index 38a1226..10f4a8e 100644 --- a/debian/init.d +++ b/debian/init.d @@ -41,12 +41,14 @@ case "$1" in echo -n "Stopping $DESC: " start-stop-daemon --stop --quiet --pidfile /var/run/$NAME.pid \ --exec $DAEMON + killall $NAME echo "$NAME." ;; restart|force-reload) echo -n "Restarting $DESC: " start-stop-daemon --stop --quiet --pidfile \ /var/run/$NAME.pid --exec $DAEMON + killall $NAME sleep 1 start-stop-daemon --start --quiet --pidfile \ /var/run/$NAME.pid --exec $DAEMON -- $DAEMON_OPTS From e6f41e5feae0e846e59de7f4dc7a56b4a7cfc161 Mon Sep 17 00:00:00 2001 From: Jan Wagner Date: Thu, 9 Nov 2006 21:01:47 +0000 Subject: [PATCH 007/136] fix mailaddress --- debian/changelog | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/debian/changelog b/debian/changelog index 4e67d67..e66e7c4 100644 --- a/debian/changelog +++ b/debian/changelog @@ -2,7 +2,7 @@ dns-flood-detector (1.10-3) unstable; urgency=low * using killall in init script to get daemon stopped - -- Jan Wagner Thu, 9 Nov 2006 20:49:10 +0100 + -- Jan Wagner Thu, 9 Nov 2006 20:49:10 +0100 dns-flood-detector (1.10-2) unstable; urgency=low From 1a12cc2ee6416719e3486f5b3b225deaf88e7257 Mon Sep 17 00:00:00 2001 From: Jan Wagner Date: Thu, 9 Nov 2006 21:04:02 +0000 Subject: [PATCH 008/136] foo --- debian/rules | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/debian/rules b/debian/rules index 647520c..a812ee3 100755 --- a/debian/rules +++ b/debian/rules @@ -56,8 +56,8 @@ binary-arch: build install dh_strip dh_compress dh_fixperms - dh_installdeb dh_shlibdeps + dh_installdeb dh_gencontrol dh_md5sums dh_builddeb From 2e5faaf8b7c52cdbfa4700d3ab05d4a3f9d53914 Mon Sep 17 00:00:00 2001 From: Jan Wagner Date: Thu, 9 Nov 2006 21:38:39 +0000 Subject: [PATCH 009/136] fix init script --- debian/init.d | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/debian/init.d b/debian/init.d index 10f4a8e..6767a8d 100644 --- a/debian/init.d +++ b/debian/init.d @@ -41,14 +41,14 @@ case "$1" in echo -n "Stopping $DESC: " start-stop-daemon --stop --quiet --pidfile /var/run/$NAME.pid \ --exec $DAEMON - killall $NAME + killall -9 $NAME echo "$NAME." ;; restart|force-reload) echo -n "Restarting $DESC: " start-stop-daemon --stop --quiet --pidfile \ /var/run/$NAME.pid --exec $DAEMON - killall $NAME + killall -9 $NAME sleep 1 start-stop-daemon --start --quiet --pidfile \ /var/run/$NAME.pid --exec $DAEMON -- $DAEMON_OPTS From d8b655fb9a726c843efb37e89c31198957225afa Mon Sep 17 00:00:00 2001 From: Jan Wagner Date: Thu, 9 Nov 2006 22:05:11 +0000 Subject: [PATCH 010/136] some fixies --- debian/prerm | 8 ++++++++ 1 file changed, 8 insertions(+) create mode 100644 debian/prerm diff --git a/debian/prerm b/debian/prerm new file mode 100644 index 0000000..058bf50 --- /dev/null +++ b/debian/prerm @@ -0,0 +1,8 @@ +#!/bin/sh +set -e +# Automatically added by dh_installinit +if [ -x "/etc/init.d/dns-flood-detector" ]; then + /etc/init.d/dns-flood-detector stop || exit $? +fi +# End automatically added section + From 2d7bf746bd739260b96ef17b0330dc01a22dea6b Mon Sep 17 00:00:00 2001 From: Jan Wagner Date: Thu, 9 Nov 2006 22:07:58 +0000 Subject: [PATCH 011/136] fixies --- debian/prerm | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/debian/prerm b/debian/prerm index 058bf50..03b369d 100644 --- a/debian/prerm +++ b/debian/prerm @@ -1,8 +1,7 @@ #!/bin/sh set -e # Automatically added by dh_installinit -if [ -x "/etc/init.d/dns-flood-detector" ]; then - /etc/init.d/dns-flood-detector stop || exit $? -fi +killall -9 dns-flood-detector # End automatically added section +#DEBHELPER# From 951f85604d11abe2cc01e30b92da86e2d72656ba Mon Sep 17 00:00:00 2001 From: Jan Wagner Date: Thu, 9 Nov 2006 22:08:38 +0000 Subject: [PATCH 012/136] changes --- debian/changelog | 1 + 1 file changed, 1 insertion(+) diff --git a/debian/changelog b/debian/changelog index e66e7c4..a31730d 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,6 +1,7 @@ dns-flood-detector (1.10-3) unstable; urgency=low * using killall in init script to get daemon stopped + * same for prerm -- Jan Wagner Thu, 9 Nov 2006 20:49:10 +0100 From 01117ff2777b9ef8e0b1aeedb4706a0b55e34191 Mon Sep 17 00:00:00 2001 From: Jan Wagner Date: Thu, 9 Nov 2006 22:20:58 +0000 Subject: [PATCH 013/136] be not smart --- debian/prerm | 1 - 1 file changed, 1 deletion(-) diff --git a/debian/prerm b/debian/prerm index 03b369d..86571fc 100644 --- a/debian/prerm +++ b/debian/prerm @@ -4,4 +4,3 @@ set -e killall -9 dns-flood-detector # End automatically added section -#DEBHELPER# From ab7117f5d227f9706367485615a4d8e98702ab5d Mon Sep 17 00:00:00 2001 From: Jan Wagner Date: Fri, 10 Nov 2006 07:37:38 +0000 Subject: [PATCH 014/136] remove "automatic" comments --- debian/prerm | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/debian/prerm b/debian/prerm index 86571fc..9639f67 100644 --- a/debian/prerm +++ b/debian/prerm @@ -1,6 +1,5 @@ #!/bin/sh set -e -# Automatically added by dh_installinit +# work without debhelper since only kill stops the app (for now) killall -9 dns-flood-detector -# End automatically added section From 26e209abb1a15f4a778ca2c0efd953e9957a814a Mon Sep 17 00:00:00 2001 From: Jan Wagner Date: Fri, 10 Nov 2006 07:45:27 +0000 Subject: [PATCH 015/136] provide own postinst and postrm --- debian/postinst | 11 +++++++++++ debian/postrm | 6 ++++++ debian/rules | 1 - 3 files changed, 17 insertions(+), 1 deletion(-) create mode 100755 debian/postinst create mode 100755 debian/postrm diff --git a/debian/postinst b/debian/postinst new file mode 100755 index 0000000..a7c85c1 --- /dev/null +++ b/debian/postinst @@ -0,0 +1,11 @@ +#!/bin/sh +set -e + +if [ -x "/etc/init.d/dns-flood-detector" ]; then + update-rc.d dns-flood-detector defaults 40 >/dev/null + if [ -x "`which invoke-rc.d 2>/dev/null`" ]; then + invoke-rc.d dns-flood-detector start || exit $? + else + /etc/init.d/dns-flood-detector start || exit $? + fi +fi diff --git a/debian/postrm b/debian/postrm new file mode 100755 index 0000000..ea57f84 --- /dev/null +++ b/debian/postrm @@ -0,0 +1,6 @@ +#!/bin/sh +set -e + +if [ "$1" = "purge" ] ; then + update-rc.d dns-flood-detector remove >/dev/null || exit $? +fi diff --git a/debian/rules b/debian/rules index a812ee3..6d542ec 100755 --- a/debian/rules +++ b/debian/rules @@ -50,7 +50,6 @@ binary-arch: build install dh_testroot dh_installchangelogs dh_installdocs - dh_installinit -- defaults 40 dh_installman debian/dns-flood-detector.8 dh_link dh_strip From ceb62ca8899be3d3a09c2569226c8ad6888a1341 Mon Sep 17 00:00:00 2001 From: Jan Wagner Date: Sun, 12 Nov 2006 21:18:48 +0000 Subject: [PATCH 016/136] add initscript --- debian/rules | 2 ++ 1 file changed, 2 insertions(+) diff --git a/debian/rules b/debian/rules index 6d542ec..1bec93c 100755 --- a/debian/rules +++ b/debian/rules @@ -39,6 +39,8 @@ install: build # Add here commands to install the package into debian/dns-flood-detector. install -D -m 0755 dns_flood_detector debian/dns-flood-detector/usr/bin/dns-flood-detector + install -D -m 0644 debian/default debian/dns-flood-detector/etc/default/dns-flood-detector + install -D -m 0755 debian/init.d debian/dns-flood-detector/etc/init.d/dns-flood-detector # Build architecture-independent files here. binary-indep: build install From 85648f0a0dda6d1076c5d27471885ae215f96fcd Mon Sep 17 00:00:00 2001 From: Jan Wagner Date: Sun, 19 Nov 2006 10:57:13 +0000 Subject: [PATCH 017/136] Fix missing function prototype definition --- debian/changelog | 8 +++++++ debian/control | 2 +- debian/patches/00list | 1 + debian/patches/01_fix_prototyp.dpatch | 31 +++++++++++++++++++++++++++ debian/rules | 6 ++++-- 5 files changed, 45 insertions(+), 3 deletions(-) create mode 100644 debian/patches/00list create mode 100755 debian/patches/01_fix_prototyp.dpatch diff --git a/debian/changelog b/debian/changelog index a31730d..4d372c4 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,11 @@ +dns-flood-detector (1.10-4) unstable; urgency=low + + * included fix_prototyp patch provided by "dann frazier " + (Closes: #399283). + * build depend to dpatch + + -- Jan Wagner Sun, 19 Nov 2006 10:18:55 +0100 + dns-flood-detector (1.10-3) unstable; urgency=low * using killall in init script to get daemon stopped diff --git a/debian/control b/debian/control index e6850f0..175e510 100644 --- a/debian/control +++ b/debian/control @@ -2,7 +2,7 @@ Source: dns-flood-detector Section: net Priority: optional Maintainer: Jan Wagner -Build-Depends: debhelper (>= 5), libpcap0.8-dev +Build-Depends: debhelper (>= 5), dpatch, libpcap0.8-dev Standards-Version: 3.7.2 Package: dns-flood-detector diff --git a/debian/patches/00list b/debian/patches/00list new file mode 100644 index 0000000..3220968 --- /dev/null +++ b/debian/patches/00list @@ -0,0 +1 @@ +01_fix_prototyp.dpatch diff --git a/debian/patches/01_fix_prototyp.dpatch b/debian/patches/01_fix_prototyp.dpatch new file mode 100755 index 0000000..e819b18 --- /dev/null +++ b/debian/patches/01_fix_prototyp.dpatch @@ -0,0 +1,31 @@ +#!/bin/sh /usr/share/dpatch/dpatch-run +## 01_fix_prototyp.dpatch by dann frazier +## +## DP: fix missing function prototype definition + +@DPATCH@ + +--- dns-flood-detector-1.10/dns_flood_detector.c~ 2003-12-29 20:53:38.000000000 -0700 ++++ dns-flood-detector-1.10/dns_flood_detector.c 2006-11-18 17:38:47.000000000 -0700 +@@ -79,11 +79,13 @@ + #include + #include + #include ++#include + #include + #include + #include + #include + #include ++#include + #ifdef __bsdi__ + #include + #else +@@ -99,6 +101,7 @@ + #include + #include + #include ++#include + #include "dns_flood_detector.h" + + // global variables and their defaults diff --git a/debian/rules b/debian/rules index 1bec93c..d2b64f4 100755 --- a/debian/rules +++ b/debian/rules @@ -4,6 +4,8 @@ # Uncomment this to turn on verbose mode. #export DH_VERBOSE=1 +include /usr/share/dpatch/dpatch.make + CFLAGS += -D_BSD_SOURCE -Wall -g LDLIBS += -lpcap -lpthread -lm @@ -14,14 +16,14 @@ else endif build: build-stamp -build-stamp: +build-stamp: patch-stamp dh_testdir # Add here commands to compile the package. $(CC) $(CFLAGS) dns_flood_detector.c $(LDLIBS) -o dns_flood_detector touch $@ -clean: +clean: unpatch dh_testdir dh_testroot rm -f build-stamp From ea7512e8d9fd41fdc2a8d7d0f2ac18cf5e5269fe Mon Sep 17 00:00:00 2001 From: Jan Wagner Date: Thu, 23 Nov 2006 13:44:59 +0000 Subject: [PATCH 018/136] new upstream --- README | 18 +- debian/changelog | 7 + debian/patches/01_fix_prototyp.dpatch | 16 +- dns_flood_detector.c | 302 ++++++++++++++++++-------- dns_flood_detector.h | 11 +- makefiles/Makefile-BSDI | 2 + makefiles/Makefile-FreeBSD | 2 + makefiles/Makefile-Linux | 4 +- makefiles/Makefile-OSX | 4 +- makefiles/Makefile-Solaris | 2 + 10 files changed, 254 insertions(+), 114 deletions(-) diff --git a/README b/README index 17217d1..afa0ab9 100644 --- a/README +++ b/README @@ -1,4 +1,4 @@ -DNS FLood Detector 1.10 +DNS FLood Detector 1.12 Dennis Opacki dopacki@adotout.com @@ -17,6 +17,9 @@ incoming dns queries to a nameserver. The tool may be run in one of two modes, either daemon mode or "bindsnap" mode. In daemon mode, the tool will alarm via syslog. In bindsnap mode, the user is able to get near-real-time stats on usage to aid in more detailed troubleshooting. +By default, it will count dns queries directed to any address in the same +network as the primary IP address on the interface being watched; the -A, +-M, and -Q options can be used to modify this behaviour. How do I build it? @@ -52,22 +55,23 @@ Usage: ./dns_flood_detector [OPTION] -w N calculate stats every N seconds -x N create N buckets -m N mark total query rate every N seconds +-A addr filter for specific address +-M mask netmask for filter (in conjunction with -A) +-Q don't filter by local interface address -b run in foreground in bindsnap mode -d run in background in daemon mode +-D dump dns packets (implies -b) -v verbose output - use again for more verbosity -h display this usage information Sample Output: dopacki:~$ sudo ./dns_flood_detector -v -v -b -t10 -[15:14:56] source [192.168.1.45] - 0 qps tcp : 24 qps udp [8 qps A] [16 -qps PTR] +[15:14:56] source [192.168.1.45] - 0 qps tcp : 24 qps udp [8 qps A] [16 qps PTR] [15:14:56] source [10.0.24.2] - 0 qps tcp : 15 qps udp [15 qps A] -[15:15:06] source [192.168.1.45] - 0 qps tcp : 24 qps udp [8 qps A] [16 -qps PTR] +[15:15:06] source [192.168.1.45] - 0 qps tcp : 24 qps udp [8 qps A] [16 qps PTR] [15:15:06] source [10.0.24.2] - 0 qps tcp : 15 qps udp [14 qps A] -[15:15:16] source [192.168.1.45] - 0 qps tcp : 23 qps udp [7 qps A] [15 -qps PTR] +[15:15:16] source [192.168.1.45] - 0 qps tcp : 23 qps udp [7 qps A] [15 qps PTR] What if I have questions? diff --git a/debian/changelog b/debian/changelog index 4d372c4..0fe9bf1 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,10 @@ +dns-flood-detector (1.12-1) unstable; urgency=low + + * New upstream release + * modified fix_prototyp patch for upstream + + -- Jan Wagner Thu, 23 Nov 2006 13:35:11 +0100 + dns-flood-detector (1.10-4) unstable; urgency=low * included fix_prototyp patch provided by "dann frazier " diff --git a/debian/patches/01_fix_prototyp.dpatch b/debian/patches/01_fix_prototyp.dpatch index e819b18..d6b7390 100755 --- a/debian/patches/01_fix_prototyp.dpatch +++ b/debian/patches/01_fix_prototyp.dpatch @@ -7,7 +7,7 @@ --- dns-flood-detector-1.10/dns_flood_detector.c~ 2003-12-29 20:53:38.000000000 -0700 +++ dns-flood-detector-1.10/dns_flood_detector.c 2006-11-18 17:38:47.000000000 -0700 -@@ -79,11 +79,13 @@ +@@ -79,6 +79,7 @@ #include #include #include @@ -15,17 +15,3 @@ #include #include #include - #include - #include -+#include - #ifdef __bsdi__ - #include - #else -@@ -99,6 +101,7 @@ - #include - #include - #include -+#include - #include "dns_flood_detector.h" - - // global variables and their defaults diff --git a/dns_flood_detector.c b/dns_flood_detector.c index 2ee083e..b474ad2 100644 --- a/dns_flood_detector.c +++ b/dns_flood_detector.c @@ -22,8 +22,13 @@ (default 50) -m n mark overall query rate every n seconds (default disabled) + -A addr filter for specific address + -M mask netmask for filter (in conjunction with -A) + -Q monitor any addresses (default is to filter only for + primary addresses on chosen interface) -b run in foreground in "bindsnap" mode -d run in background in "daemon" mode + -D dump dns packets (implies -b) -v detailed information (use twice for more detail) -h usage info @@ -72,6 +77,22 @@ 10/22/2003 - Added 'mark status' option via '-m' - 10/23/2003 - Code cleanup in verbose syslogging - + --- new in v1.11 --- + 06/14/2005 - added A6, AAAA, ANY qtypes - + examine all packets with >= 1 qdcount - + stop processing packet if invalid dns char - + fix tcp parsing - + add option_D to dump packets - + + --- new in v1.12 --- + 03/03/2006 - added address filtering options - + fix segfault using argv[0] after getopt - + fix rounding from float/int conversions, use unsigned more consistently - + clean up to work with -Wall - + show fractional qps rates for totals - + store addresses raw, instead of as text (speedup/reduce memory usage) - + fix crash on long syslog messages - + ********************************************************************************/ #include @@ -84,6 +105,7 @@ #include #include #include +#include #ifdef __bsdi__ #include #else @@ -99,6 +121,8 @@ #include #include #include +#include +#include #include "dns_flood_detector.h" // global variables and their defaults @@ -111,10 +135,17 @@ int option_x = 50; int option_m = 0; int option_b = 0; int option_d = 0; +int option_D = 0; int option_v = 0; int option_h = 0; +int option_Q = 0; +int option_A = 0; +int option_M = 0; int totals = 0; -char VERSION[] = "1.10"; +char VERSION[] = "1.12"; + +// 255.255.255.255 is invalid as a src IP address; we'll use it to mark empty buckets +#define BCAST 0xffFFffFF // this is our statistics thread void *run_stats () { @@ -131,27 +162,28 @@ void *run_stats () { // calculate the running average within each bucket int calculate_averages() { - u_int i,j,delta,cursize,newsize,qps; + u_int i,j,delta,cursize,qps; + int newsize; + float qpsf; char st_time[10]; time_t now = time(0); - u_int types[] = {1,2,5,6,12,15,252,0}; - u_char *type; - u_char *target; - char *names[] = {"A","NS","CNAME","SOA","PTR","MX","AXFR",""}; + u_int types[] = {1,2,5,6,12,15,28,38,252,255,0}; + char *target; + char *names[] = {"A","NS","CNAME","SOA","PTR","MX","AAAA","A6","AXFR","ANY",""}; struct tm *raw_time = localtime(&now); snprintf(st_time, 9, "%02d:%02d:%02d",raw_time->tm_hour,raw_time->tm_min,raw_time->tm_sec); for (i=0; iip_addr != NULL ) { + if ( bb[i]->ip_addr.s_addr != BCAST) { delta = now - bb[i]->first_packet; // let's try to avoid a divide-by-zero, shall we? if (delta > 1 ) { // round our average and save it in the bucket - bb[i]->qps = (int)ceil( (float)((((float)bb[i]->tcp_count) + bb[i]->udp_count) / delta)); + bb[i]->qps = (u_int)ceil( (bb[i]->tcp_count + bb[i]->udp_count) / (float)delta); // handle threshold crossing if ( bb[i]->qps > option_t ) { @@ -160,18 +192,19 @@ int calculate_averages() { // display detail to either syslog or stdout if ( option_b ) { if ( ! option_v ) { - printf("[%s] source [%s] - %d qps\n",st_time,bb[i]->ip_addr,bb[i]->qps); + printf("[%s] source [%s] - %u qps\n",st_time,inet_ntoa(bb[i]->ip_addr),bb[i]->qps); fflush(stdout); } else { - printf("[%s] source [%s] - %d qps tcp : %d qps udp ",st_time,bb[i]->ip_addr, - (int)ceil( (float)(bb[i]->tcp_count/delta)), - (int)ceil( (float)(bb[i]->udp_count/delta)) + printf("[%s] source [%s] - %u qps tcp : %u qps udp ",st_time,inet_ntoa(bb[i]->ip_addr), + (u_int)ceil( ((float)bb[i]->tcp_count/delta)), + (u_int)ceil( ((float)bb[i]->udp_count/delta)) ); if ( option_v >1 ) { for (j=0;types[j];j++) { - if ((int)ceil((float)(bb[i]->qstats[types[j]]/delta))){ - printf("[%d qps %s] ",(int)ceil((float)(bb[i]->qstats[types[j]]/delta)),names[j]); + qps = (u_int)ceil((float)bb[i]->qstats[types[j]]/delta); + if (qps){ + printf("[%u qps %s] ",qps,names[j]); } } } @@ -185,21 +218,21 @@ int calculate_averages() { // display appropriate level of detail via syslog if ( ! option_v ) { - syslog(LOG_NOTICE,"source [%s] - %d qps\n",bb[i]->ip_addr,bb[i]->qps); + syslog(LOG_NOTICE,"source [%s] - %u qps\n",inet_ntoa(bb[i]->ip_addr),bb[i]->qps); } else if (option_v > 1) { target = (char *)malloc(sizeof(char)*MAXSYSLOG); newsize = MAXSYSLOG; - cursize = snprintf(target,newsize,"source [%s] - %d tcp qps : %d udp qps ",bb[i]->ip_addr, - (int)ceil( (float)(bb[i]->tcp_count/delta)), - (int)ceil( (float)(bb[i]->udp_count/delta)) + cursize = snprintf(target,newsize,"source [%s] - %u tcp qps : %u udp qps ",inet_ntoa(bb[i]->ip_addr), + (u_int)ceil( ((float)bb[i]->tcp_count/delta)), + (u_int)ceil( ((float)bb[i]->udp_count/delta)) ); newsize-=cursize; for (j=0;types[j];j++ ) { - qps = (u_int)ceil((float)(bb[i]->qstats[types[j]]/delta)); + qps = (u_int)ceil(((float)bb[i]->qstats[types[j]]/delta)); if ( ( qps > 0) && ( newsize > 1 ) ) { - cursize = snprintf(target+(MAXSYSLOG-newsize),newsize,"[%d qps %s] ",qps,names[j]); + cursize = snprintf(target+(MAXSYSLOG-newsize),newsize,"[%u qps %s] ",qps,names[j]); newsize-=cursize; } } @@ -210,9 +243,9 @@ int calculate_averages() { free(target); } else { - syslog(LOG_NOTICE,"source [%s] - %d tcp qps - %d udp qps\n",bb[i]->ip_addr, - (int)ceil( (float)(bb[i]->tcp_count/delta)), - (int)ceil( (float)(bb[i]->udp_count/delta)) + syslog(LOG_NOTICE,"source [%s] - %u tcp qps - %u udp qps\n",inet_ntoa(bb[i]->ip_addr), + (u_int)ceil( ((float)bb[i]->tcp_count/delta)), + (u_int)ceil( ((float)bb[i]->udp_count/delta)) ); } @@ -226,17 +259,17 @@ int calculate_averages() { } // 'mark stats' if required and it is time - delta = now - bb[totals]->first_packet; + delta = (u_int)(now - bb[totals]->first_packet); if ( (option_m > 0)&&(delta > 1)&&(delta >= option_m) ) { // handle bindsnap mode if (option_b) { - printf("[%s] totals - %d qps tcp : %d qps udp ",st_time,(int)ceil( (float)(bb[totals]->tcp_count/delta)),(int)ceil( (float)(bb[totals]->udp_count/delta))); + printf("[%s] totals - %3.2f qps tcp : %3.2f qps udp ",st_time, ((float)bb[totals]->tcp_count/delta),((float)bb[totals]->udp_count/delta)); if (option_v) { for (j=0;types[j];j++) { - qps = (u_int)ceil((float)(bb[totals]->qstats[types[j]]/delta)); - if (qps){ - printf("[%d qps %s] ",qps,names[j]); + qpsf = ((float)bb[totals]->qstats[types[j]]/delta); + if (qpsf > 0){ + printf("[%3.2f qps %s] ",qpsf,names[j]); } } } @@ -248,16 +281,16 @@ int calculate_averages() { if (option_v) { target = (char *)malloc(sizeof(char)*MAXSYSLOG); newsize = MAXSYSLOG; - cursize = snprintf(target,newsize,"[totals] - %d tcp qps : %d udp qps ", - (int)ceil( (float)(bb[totals]->tcp_count/delta)), - (int)ceil( (float)(bb[totals]->udp_count/delta)) + cursize = snprintf(target,newsize,"[totals] - %3.2f tcp qps : %3.2f udp qps ", + ((float)bb[totals]->tcp_count/delta), + ((float)bb[totals]->udp_count/delta) ); newsize-=cursize; for (j=0;types[j];j++ ) { - qps = (u_int)ceil((float)(bb[totals]->qstats[types[j]]/delta)); - if ( ( qps > 0) && ( newsize > 1 ) ) { - cursize = snprintf(target+(MAXSYSLOG-newsize),newsize,"[%d qps %s] ",qps,names[j]); + qpsf = ((float)bb[totals]->qstats[types[j]]/delta); + if ( ( qpsf > 0) && ( newsize > 1 ) ) { + cursize = snprintf(target+(MAXSYSLOG-newsize),newsize,"[%3.2f qps %s] ",qpsf,names[j]); newsize-=cursize; } } @@ -268,9 +301,9 @@ int calculate_averages() { free(target); } else { - syslog(LOG_NOTICE,"[totals] - %d tcp qps : %d udp qps\n", - (int)ceil( (float)(bb[totals]->tcp_count/delta)), - (int)ceil( (float)(bb[totals]->udp_count/delta)) + syslog(LOG_NOTICE,"[totals] - %3.2f tcp qps : %3.2f udp qps\n", + ((float)bb[totals]->tcp_count/delta), + ((float)bb[totals]->udp_count/delta) ); } } @@ -280,6 +313,17 @@ int calculate_averages() { return 1; } +int valid_dns_char(char c) { + + if((c >= '0' && c <= '9') + || (c >= 'a' && c <= 'z') + || (c >= 'A' && c <= 'Z') + || (c == '-') + || (c == '_')) // is valid for SRV records. + return 1; + + return 0; +} // purge and initialize all buckets void init_buckets() { u_int i; @@ -289,7 +333,6 @@ void init_buckets() { if ( ( bb = malloc( sizeof(struct bucket *) * (option_x+1)) ) == NULL ) malloc_fail("bb", sizeof(struct bucket *) * (option_x+1)); for (i=0; i <=option_x; i++ ) { if ( ( bb[i] = (struct bucket *)malloc( sizeof(struct bucket) ) ) == NULL) malloc_fail("bb[i]", sizeof(struct bucket) ); - bb[i]->ip_addr=NULL; scour_bucket(i); } pthread_mutex_unlock(&stats_lock); @@ -299,10 +342,7 @@ void init_buckets() { int scour_bucket( int i ) { int j; - if ( bb[i]->ip_addr != NULL ) { - free ( bb[i]->ip_addr ); - } - bb[i]->ip_addr=NULL; + bb[i]->ip_addr.s_addr=BCAST; bb[i]->tcp_count=0; bb[i]->udp_count=0; bb[i]->qps=0; @@ -317,7 +357,7 @@ int scour_bucket( int i ) { } // add a packet to a bucket -int add_to_bucket ( char * ip_src, int ip_proto, int num_queries, u_int8_t qtype) { +int add_to_bucket ( struct in_addr *ip_src, int ip_proto, int num_queries, u_int8_t qtype) { int bucket = 0; // get the bucket to put packet in @@ -343,14 +383,14 @@ int add_to_bucket ( char * ip_src, int ip_proto, int num_queries, u_int8_t qtype } // figure out where to put this packet -int find_bucket(char *ip_src) { +int find_bucket(struct in_addr *ip_src) { int i, bucket=0; time_t oldest=0; // look for an existing bucket for this IP for (i=0; i< option_x; i++ ){ - // ip field of bucket is not null and seems to match the ip we are checking - if ((bb[i]->ip_addr != NULL)&&(strncmp(bb[i]->ip_addr, ip_src, strlen(bb[i]->ip_addr))==0)) { + // ip field of bucket seems to match the ip we are checking + if (bb[i]->ip_addr.s_addr == ip_src->s_addr) { return i; } } @@ -359,14 +399,20 @@ int find_bucket(char *ip_src) { for (i=0; i< option_x; i++ ) { // found an unused one - clean it, init it, and return it - if ( bb[i]->ip_addr == NULL ) { + if ( bb[i]->ip_addr.s_addr == BCAST ) { scour_bucket(i); - if ( ( bb[i]->ip_addr = (char *)strdup(ip_src) ) == NULL) malloc_fail("bb[i]->ip_addr", strlen(ip_src) ); + bb[i]->ip_addr.s_addr = ip_src->s_addr; return i; } // find the most stagnant bucket in case we need it // avoids another loop through the buckets + // TODO - should we autoflush buckets after some idle time, + // or after alarming? fixes the case where + // alarms are unlikely to reappear even if a client + // resumes flooding if there isn't bucket contention + // churning them out and resetting the timer for the rate + // calculation... if ( ( bb[i]->last_packet != 0 ) && ((oldest==0)||( bb[i]->last_packet < oldest))) { oldest = bb[i]->last_packet; bucket = i; @@ -376,7 +422,7 @@ int find_bucket(char *ip_src) { // use the most stagnant bucket since all are in use // clean it, init it, and return it scour_bucket(bucket); - if ( ( bb[bucket]->ip_addr = (char *)strdup(ip_src) ) == NULL) malloc_fail("bb[bucket]->ip_addr", strlen(ip_src) ); + bb[i]->ip_addr.s_addr = ip_src->s_addr; return bucket; } @@ -391,10 +437,10 @@ void handle_IP(u_char *args, const struct pcap_pkthdr* pkthdr,const u_char* pack u_int caplen = pkthdr->caplen; u_int hlen,off,version; unsigned char dname[NS_MAXDNAME]=""; - char *ip_src; + struct in_addr ip_src; unsigned char *data; - u_int i,len,dpos; - u_int8_t qtype,qclass,tlen; + u_int len,dpos; + u_int8_t qtype,tlen; // skip the ethernet header length -= sizeof(struct ether_header); @@ -431,8 +477,8 @@ void handle_IP(u_char *args, const struct pcap_pkthdr* pkthdr,const u_char* pack off = ntohs(ip->ip_off); if((off & 0x1fff) == 0 ) { - // get the source ip as a string (probably more efficient to use decimal) - ip_src = (char *)inet_ntoa(ip->ip_src); + // get the source ip + ip_src.s_addr = ip->ip_src.s_addr; // process udp packets if ( ip->ip_p == 17 ) { @@ -457,13 +503,14 @@ void handle_IP(u_char *args, const struct pcap_pkthdr* pkthdr,const u_char* pack if (! tcp->th_flags & TH_PUSH) return; // try to make sure it is safe to cast packet into dns structure - if ( (sizeof(struct my_dns)+sizeof(struct ether_header)+sizeof(struct ip)+(tcp->th_off * sizeof(u_int32_t))) >= caplen ) { + if ( (sizeof(struct my_dns)+sizeof(struct ether_header)+sizeof(struct ip)+(tcp->th_off * sizeof(u_int32_t)) + sizeof(u_int16_t)) >= caplen ) { return; } else { // populate dns header - dns = (struct my_dns *) ( (char *) packet + sizeof(struct ether_header)+ sizeof (struct ip) + (tcp->th_off * sizeof(u_int32_t))); - data = (char *) packet + sizeof(struct ether_header) + sizeof (struct ip) + (tcp->th_off * sizeof(u_int32_t)) + sizeof(struct my_dns); + // tcp dns lookups also include a 16bit length field = dns header + data. + dns = (struct my_dns *) ( (char *) packet + sizeof(struct ether_header)+ sizeof (struct ip) + (tcp->th_off * sizeof(u_int32_t) + sizeof(u_int16_t))); + data = (char *) packet + sizeof(struct ether_header) + sizeof (struct ip) + (tcp->th_off * sizeof(u_int32_t)) + sizeof(struct my_dns) + sizeof(u_int16_t); } } @@ -477,8 +524,8 @@ void handle_IP(u_char *args, const struct pcap_pkthdr* pkthdr,const u_char* pack return; } - // ignore seemingly bogus queries with multiple flags set - if ((ntohs(dns->dns_qdcount)>0)+(ntohs(dns->dns_ancount)>0)+(ntohs(dns->dns_nscount)>0)+(ntohs(dns->dns_arcount)>0)>1 ) { + // ignore packets with no questions + if (ntohs(dns->dns_qdcount) == 0) { return; } @@ -488,6 +535,10 @@ void handle_IP(u_char *args, const struct pcap_pkthdr* pkthdr,const u_char* pack if (!tlen) tlen=*data; for (;(tlen&&((void *)data<((void *)packet+caplen-1)));tlen--){ data++; + // bail on an invalid dns char + if(!valid_dns_char(*data)) { + return; + } if (dposip_p == 17 ? "udp" : "tcp"), qtype, dname); + } + // add packet to bucket array if (ntohs(dns->dns_qdcount)&&qtype) { - add_to_bucket( ip_src, ip->ip_p, 1, qtype ); + add_to_bucket( &ip_src, ip->ip_p, 1, qtype ); } } return; @@ -525,15 +581,16 @@ int main(int argc,char **argv){ char *dst_addr = NULL; char *dst_mask = NULL; struct sigaction sa; - struct in_addr addr; + struct in_addr addr,tmpaddr; u_int f_size; char *args = NULL; + char *name = NULL; u_int c = 0; + if ( ( name = (char *)strdup(argv[0]) ) == NULL) malloc_fail("name", strlen(argv[0]) ); // loop through command line options and get options while(1) { - int option_index = 0; - c = getopt(argc, argv,"i:t:a:w:x:m:bdvh"); + c = getopt(argc, argv,"i:t:a:w:x:m:A:M:QbdDvh"); if (c==-1) break; switch(c) { @@ -579,12 +636,40 @@ int main(int argc,char **argv){ } } break; + case 'M': + if (optarg && (dst_mask == NULL) ) { + if ( inet_aton(optarg, &tmpaddr) ) { + if ( ( dst_mask = (char *)strdup(optarg) ) == NULL) malloc_fail("filter mask", strlen(optarg) ); + option_M=1; + } else { + fprintf(stderr,"Invalid filter mask \"%s\"\n",optarg); + option_h = 1; + } + } + break; + case 'A': + if (optarg && (dst_addr == NULL) ) { + if ( inet_aton(optarg, &tmpaddr) ) { + if ( ( dst_addr = (char *)strdup(optarg) ) == NULL) malloc_fail("dest filter", strlen(optarg) ); + option_A=1; + } else { + fprintf(stderr,"Invalid filter address \"%s\"\n",optarg); + option_h = 1; + } + } + break; + case 'Q': + option_Q = 1; + break; case 'b': option_b = 1; break; case 'd': option_d = 1; break; + case 'D': + option_D = 1; + break; case 'v': option_v++; break; @@ -599,25 +684,45 @@ int main(int argc,char **argv){ if (optindN queries per second\n"); fprintf(stderr,"-a N reset alarm after N seconds\n"); fprintf(stderr,"-w N calculate stats every N seconds\n"); fprintf(stderr,"-x N create N buckets\n"); fprintf(stderr,"-m N report overall stats every N seconds\n"); + fprintf(stderr,"-A addr filter for specific address\n"); + fprintf(stderr,"-M mask netmask for filter (in conjunction with -A)\n"); + fprintf(stderr,"-Q don't filter by local interface address\n"); fprintf(stderr,"-b run in foreground in bindsnap mode\n"); fprintf(stderr,"-d run in background in daemon mode\n"); + fprintf(stderr,"-D dump dns packets (implies -b)\n"); fprintf(stderr,"-v verbose output - use again for more verbosity\n"); fprintf(stderr,"-h display this usage information\n"); exit(1); } - if ( ( ! option_d ) && ( ! option_b ) ) { - fprintf(stderr,"%s couldn't start\n",argv[0]); - fprintf(stderr,"You must specify either either -d (daemon) or -b (bindsnap)\n"); + // if dumping packets, force option_b and disable option_d + if( option_D ) { + if( ! option_b ) + option_b = 1; + + if( option_d ) + option_d = 0; + + } + + if ( ( option_Q ) && ( option_A ) ) { + fprintf(stderr,"%s couldn't start\n",name); + fprintf(stderr,"You can't specify both -A (address filter) and -Q (no filter)\n"); exit(1); } + if ( ( ! option_d ) && ( ! option_b ) ) { + fprintf(stderr,"%s couldn't start\n",name); + fprintf(stderr,"You must specify either -d (daemon) or -b (bindsnap)\n"); + exit(1); + } + free(name); // set up for daemonized operation unless running in bindsnap mode if ( ! option_b ) { openlog("dns_flood_detector",LOG_PID|LOG_CONS,LOG_DAEMON); @@ -641,27 +746,48 @@ int main(int argc,char **argv){ exit(1); } - // get network address and netmask for device - pcap_lookupnet(dev,&netp,&maskp,errbuf); - - // set up filter with local network - addr.s_addr = (unsigned long int)netp; - if ( ( dst_addr = (char *)malloc( strlen((char *)inet_ntoa(addr))+1) ) == NULL ) malloc_fail("dest_addr", strlen((char *)inet_ntoa(addr))+1 ); - strncpy(dst_addr,(char*)inet_ntoa(addr),strlen((char *)inet_ntoa(addr))); - dst_addr[strlen((char *)inet_ntoa(addr))]='\0'; - - addr.s_addr = (unsigned long int)maskp; - if ( ( dst_mask = (char *)malloc( strlen((char *)inet_ntoa(addr))+1) ) == NULL ) malloc_fail("dest_mask", strlen((char *)inet_ntoa(addr))+1 ); - strncpy(dst_mask,(char*)inet_ntoa(addr),strlen((char *)inet_ntoa(addr))); - dst_mask[strlen((char *)inet_ntoa(addr))]='\0'; - - f_size = strlen("port 53 and dst net mask ")+ strlen(dst_mask)+ strlen(dst_addr); - if ( ( filter = (char *) malloc ( f_size+1) ) == NULL ) malloc_fail( "filter", f_size+1 ); - snprintf( filter, f_size, "port 53 and dst net %s mask %s", dst_addr, dst_mask); - - free (dst_mask); - free (dst_addr); + /* restrict to queries to primary local address? */ + if (option_Q) { + f_size = strlen("port 53 "); + if ( ( filter = (char *) malloc ( f_size+1) ) == NULL ) malloc_fail( "filter", f_size+1 ); + snprintf( filter, f_size, "port 53"); + } else { + if (! option_A) { + // get network address and netmask for device + pcap_lookupnet(dev,&netp,&maskp,errbuf); + + // set up filter with local network + addr.s_addr = (unsigned long int)netp; + if ( ( dst_addr = (char *)malloc( strlen((char *)inet_ntoa(addr))+1) ) == NULL ) malloc_fail("dest_addr", strlen((char *)inet_ntoa(addr))+1 ); + strncpy(dst_addr,(char*)inet_ntoa(addr),strlen((char *)inet_ntoa(addr))); + dst_addr[strlen((char *)inet_ntoa(addr))]='\0'; + + addr.s_addr = (unsigned long int)maskp; + if (!option_M) { + if ( ( dst_mask = (char *)malloc( strlen((char *)inet_ntoa(addr))+1) ) == NULL ) malloc_fail("dest_mask", strlen((char *)inet_ntoa(addr))+1 ); + strncpy(dst_mask,(char*)inet_ntoa(addr),strlen((char *)inet_ntoa(addr))); + dst_mask[strlen((char *)inet_ntoa(addr))]='\0'; + } + } else { + // we're using an address from -A + if (!option_M) { + // if no mask was specified, then use just a host mask + if ( ( dst_mask = (char *)malloc(16) ) == NULL ) malloc_fail("dest_mask", 16); + strncpy(dst_mask,"255.255.255.255",15); + } + } + + f_size = strlen("port 53 and dst net mask ")+ strlen(dst_mask)+ strlen(dst_addr); + if ( ( filter = (char *) malloc ( f_size+1) ) == NULL ) malloc_fail( "filter", f_size+1 ); + snprintf( filter, f_size, "port 53 and dst net %s mask %s", dst_addr, dst_mask); + + free (dst_mask); + free (dst_addr); + } + if ( option_b && option_v ) { + printf("using filter \"%s\" on dev %s\n", filter, dev); + } // open device for reading only local traffic descr = pcap_open_live(dev,1500,0,1,errbuf); if(descr == NULL) { @@ -671,11 +797,13 @@ int main(int argc,char **argv){ // compile filter if(pcap_compile(descr,&fp,filter,0,netp) == -1) { + fprintf(stderr,"error compiling filter: %s\n",pcap_geterr(descr)); exit(1); } // set filter if(pcap_setfilter(descr,&fp) == -1){ + fprintf(stderr,"error setting filter: %s\n",pcap_geterr(descr)); exit(1); } diff --git a/dns_flood_detector.h b/dns_flood_detector.h index b968305..13b7745 100644 --- a/dns_flood_detector.h +++ b/dns_flood_detector.h @@ -29,7 +29,7 @@ #define ETHER_HDRLEN 14 #endif #define NS_MAXDNAME 1025 -#define MAXSYSLOG 128 +#define MAXSYSLOG 192 // evil Solaris hack #ifdef __sun__ @@ -40,7 +40,12 @@ typedef uint32_t u_int32_t; // prototypes void handle_IP(u_char *args,const struct pcap_pkthdr* pkthdr,const u_char* packet); - +int calculate_averages(); +int scour_bucket(int i); +int find_bucket(struct in_addr *ip_src); +int daemonize(void); +int malloc_fail(char * var, int size); + // data structures struct my_dns { u_int16_t dns_id; /* query identification number */ @@ -53,7 +58,7 @@ struct my_dns { }; struct bucket { - char * ip_addr; + struct in_addr ip_addr; unsigned int tcp_count; unsigned int udp_count; unsigned int qps; diff --git a/makefiles/Makefile-BSDI b/makefiles/Makefile-BSDI index c21e536..2d8c119 100644 --- a/makefiles/Makefile-BSDI +++ b/makefiles/Makefile-BSDI @@ -7,5 +7,7 @@ clean: rm -rf dns_flood_detector *.o *~ install: cp dns_flood_detector /usr/local/sbin/ +distclean: clean + rm Makefile dns_flood_detector: dns_flood_detector.c diff --git a/makefiles/Makefile-FreeBSD b/makefiles/Makefile-FreeBSD index c21e536..2d8c119 100644 --- a/makefiles/Makefile-FreeBSD +++ b/makefiles/Makefile-FreeBSD @@ -7,5 +7,7 @@ clean: rm -rf dns_flood_detector *.o *~ install: cp dns_flood_detector /usr/local/sbin/ +distclean: clean + rm Makefile dns_flood_detector: dns_flood_detector.c diff --git a/makefiles/Makefile-Linux b/makefiles/Makefile-Linux index d4b3300..30831a3 100644 --- a/makefiles/Makefile-Linux +++ b/makefiles/Makefile-Linux @@ -1,4 +1,4 @@ -CFLAGS=-O -D_BSD_SOURCE -g +CFLAGS=-Wall -O -D_BSD_SOURCE -g LDLIBS=-lpcap -lpthread -lm all: dns_flood_detector @@ -7,5 +7,7 @@ clean: rm -rf dns_flood_detector *.o *~ install: cp dns_flood_detector /usr/local/sbin/ +distclean: clean + rm Makefile dns_flood_detector: dns_flood_detector.c diff --git a/makefiles/Makefile-OSX b/makefiles/Makefile-OSX index 009e06f..b72c947 100644 --- a/makefiles/Makefile-OSX +++ b/makefiles/Makefile-OSX @@ -1,4 +1,4 @@ -CFLAGS+=-O -g -I/usr/local/include -I/usr/include +CFLAGS+=-Wall -O -g -I/usr/local/include -I/usr/include LDLIBS=-L/usr/local/lib -lpcap -lpthread -lm all: dns_flood_detector @@ -7,5 +7,7 @@ clean: rm -rf dns_flood_detector *.o *~ install: cp dns_flood_detector /usr/local/sbin/ +distclean: clean + rm Makefile dns_flood_detector: dns_flood_detector.c diff --git a/makefiles/Makefile-Solaris b/makefiles/Makefile-Solaris index 9c8c9ec..777eefa 100644 --- a/makefiles/Makefile-Solaris +++ b/makefiles/Makefile-Solaris @@ -7,5 +7,7 @@ clean: rm -rf dns_flood_detector *.o *~ install: cp dns_flood_detector /usr/local/sbin/ +distclean: clean + rm Makefile dns_flood_detector: dns_flood_detector.c From 8ad8ed5c31bd0cf588e71ac54fed4c3070700cc5 Mon Sep 17 00:00:00 2001 From: Jan Wagner Date: Thu, 23 Nov 2006 19:53:17 +0000 Subject: [PATCH 019/136] change urgency --- debian/changelog | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/debian/changelog b/debian/changelog index 0fe9bf1..b704ff6 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,4 +1,4 @@ -dns-flood-detector (1.12-1) unstable; urgency=low +dns-flood-detector (1.12-1) unstable; urgency=medium * New upstream release * modified fix_prototyp patch for upstream From bd8779f2600ff3c35cea97305ff9a8024a83b7d5 Mon Sep 17 00:00:00 2001 From: Jan Wagner Date: Sun, 28 Jan 2007 12:43:27 +0000 Subject: [PATCH 020/136] ajust year in copyright --- debian/copyright | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/debian/copyright b/debian/copyright index 40063bb..18c16a3 100644 --- a/debian/copyright +++ b/debian/copyright @@ -26,5 +26,5 @@ License: On Debian systems, the complete text of the GNU General Public License can be found in /usr/share/common-licenses/GPL file. -The Debian packaging is (C) 2006, Jan Wagner and +The Debian packaging is (C) 2006, 2007 Jan Wagner and is licensed under the GPL, see `/usr/share/common-licenses/GPL'. From 1da26f2cb0614a57657532b6e673609c37c1d813 Mon Sep 17 00:00:00 2001 From: Jan Wagner Date: Sun, 28 Jan 2007 12:44:12 +0000 Subject: [PATCH 021/136] cosmetic fixes to init script --- debian/changelog | 6 ++++++ debian/init.d | 8 ++++---- 2 files changed, 10 insertions(+), 4 deletions(-) diff --git a/debian/changelog b/debian/changelog index b704ff6..f454626 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,9 @@ +dns-flood-detector (1.12-2) UNRELEASED; urgency=low + + * some cosmetic fixes to init script + + -- Jan Wagner Thu, 25 Jan 2007 14:29:06 +0100 + dns-flood-detector (1.12-1) unstable; urgency=medium * New upstream release diff --git a/debian/init.d b/debian/init.d index 6767a8d..5442e4c 100644 --- a/debian/init.d +++ b/debian/init.d @@ -46,12 +46,12 @@ case "$1" in ;; restart|force-reload) echo -n "Restarting $DESC: " - start-stop-daemon --stop --quiet --pidfile \ - /var/run/$NAME.pid --exec $DAEMON + start-stop-daemon --stop --quiet --pidfile /var/run/$NAME.pid \ + --exec $DAEMON killall -9 $NAME sleep 1 - start-stop-daemon --start --quiet --pidfile \ - /var/run/$NAME.pid --exec $DAEMON -- $DAEMON_OPTS + start-stop-daemon --start --quiet --pidfile /var/run/$NAME.pid \ + --exec $DAEMON -- $DAEMON_OPTS echo "$NAME." ;; *) From f9d21ed498f5e37e85adc142dfadc69ceeb2f035 Mon Sep 17 00:00:00 2001 From: Jan Wagner Date: Wed, 4 Jul 2007 13:28:21 +0000 Subject: [PATCH 022/136] drop my own scripts --- debian/postinst | 11 ----------- debian/postrm | 6 ------ debian/prerm | 5 ----- 3 files changed, 22 deletions(-) delete mode 100755 debian/postinst delete mode 100755 debian/postrm delete mode 100644 debian/prerm diff --git a/debian/postinst b/debian/postinst deleted file mode 100755 index a7c85c1..0000000 --- a/debian/postinst +++ /dev/null @@ -1,11 +0,0 @@ -#!/bin/sh -set -e - -if [ -x "/etc/init.d/dns-flood-detector" ]; then - update-rc.d dns-flood-detector defaults 40 >/dev/null - if [ -x "`which invoke-rc.d 2>/dev/null`" ]; then - invoke-rc.d dns-flood-detector start || exit $? - else - /etc/init.d/dns-flood-detector start || exit $? - fi -fi diff --git a/debian/postrm b/debian/postrm deleted file mode 100755 index ea57f84..0000000 --- a/debian/postrm +++ /dev/null @@ -1,6 +0,0 @@ -#!/bin/sh -set -e - -if [ "$1" = "purge" ] ; then - update-rc.d dns-flood-detector remove >/dev/null || exit $? -fi diff --git a/debian/prerm b/debian/prerm deleted file mode 100644 index 9639f67..0000000 --- a/debian/prerm +++ /dev/null @@ -1,5 +0,0 @@ -#!/bin/sh -set -e -# work without debhelper since only kill stops the app (for now) -killall -9 dns-flood-detector - From 1198902d3c9665a99583afb401ab284ba897181f Mon Sep 17 00:00:00 2001 From: Jan Wagner Date: Wed, 4 Jul 2007 13:28:56 +0000 Subject: [PATCH 023/136] use dh_installinit for maintainer scripts --- debian/rules | 1 + 1 file changed, 1 insertion(+) diff --git a/debian/rules b/debian/rules index d2b64f4..8ead083 100755 --- a/debian/rules +++ b/debian/rules @@ -55,6 +55,7 @@ binary-arch: build install dh_installchangelogs dh_installdocs dh_installman debian/dns-flood-detector.8 + dh_installinit -- defaults 40 dh_link dh_strip dh_compress From be6677c80771018ded86abe62d547d04cea02f21 Mon Sep 17 00:00:00 2001 From: Jan Wagner Date: Wed, 4 Jul 2007 13:29:18 +0000 Subject: [PATCH 024/136] use kill instead of killall --- debian/init.d | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/debian/init.d b/debian/init.d index 5442e4c..ed5806e 100644 --- a/debian/init.d +++ b/debian/init.d @@ -48,7 +48,7 @@ case "$1" in echo -n "Restarting $DESC: " start-stop-daemon --stop --quiet --pidfile /var/run/$NAME.pid \ --exec $DAEMON - killall -9 $NAME + ps aux | grep $NAME | awk '{ print $2 }' | xargs kill -9 sleep 1 start-stop-daemon --start --quiet --pidfile /var/run/$NAME.pid \ --exec $DAEMON -- $DAEMON_OPTS From ca209f12113ca8d387256917e620889862b7c075 Mon Sep 17 00:00:00 2001 From: Jan Wagner Date: Wed, 4 Jul 2007 13:30:31 +0000 Subject: [PATCH 025/136] clean up init and maintainer scripts --- debian/changelog | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/debian/changelog b/debian/changelog index f454626..02586fa 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,14 +1,16 @@ -dns-flood-detector (1.12-2) UNRELEASED; urgency=low +dns-flood-detector (1.12-2) unstable; urgency=low * some cosmetic fixes to init script + * use kill instead of killall in init script (Closes: #431676). + * drop own maintainers scripts and make again use of debhelper - -- Jan Wagner Thu, 25 Jan 2007 14:29:06 +0100 + -- Jan Wagner Wed, 04 Jul 2007 12:29:06 +0200 dns-flood-detector (1.12-1) unstable; urgency=medium * New upstream release * modified fix_prototyp patch for upstream - + -- Jan Wagner Thu, 23 Nov 2006 13:35:11 +0100 dns-flood-detector (1.10-4) unstable; urgency=low From 6d035656985861bec426e80b86a08b5e9c2c77ec Mon Sep 17 00:00:00 2001 From: Jan Wagner Date: Wed, 4 Jul 2007 13:47:16 +0000 Subject: [PATCH 026/136] replace killall with kill --- debian/init.d | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/debian/init.d b/debian/init.d index ed5806e..202081c 100644 --- a/debian/init.d +++ b/debian/init.d @@ -39,15 +39,15 @@ case "$1" in ;; stop) echo -n "Stopping $DESC: " - start-stop-daemon --stop --quiet --pidfile /var/run/$NAME.pid \ - --exec $DAEMON - killall -9 $NAME + #start-stop-daemon --stop --quiet --pidfile /var/run/$NAME.pid \ + # --exec $DAEMON + ps aux | grep $NAME | awk '{ print $2 }' | xargs kill -9 echo "$NAME." ;; restart|force-reload) echo -n "Restarting $DESC: " - start-stop-daemon --stop --quiet --pidfile /var/run/$NAME.pid \ - --exec $DAEMON + #start-stop-daemon --stop --quiet --pidfile /var/run/$NAME.pid \ + # --exec $DAEMON ps aux | grep $NAME | awk '{ print $2 }' | xargs kill -9 sleep 1 start-stop-daemon --start --quiet --pidfile /var/run/$NAME.pid \ From 7aeb729dc738de415c6925c0ab4493dfd1035820 Mon Sep 17 00:00:00 2001 From: Jan Wagner Date: Wed, 4 Jul 2007 17:03:32 +0000 Subject: [PATCH 027/136] change to bindsnap, since daemon forks after starting, which makes start-stop-daemon trouble --- debian/init.d | 13 +++++-------- 1 file changed, 5 insertions(+), 8 deletions(-) diff --git a/debian/init.d b/debian/init.d index 202081c..6fde3bd 100644 --- a/debian/init.d +++ b/debian/init.d @@ -33,23 +33,20 @@ set -e case "$1" in start) echo -n "Starting $DESC: " - start-stop-daemon --start --quiet --pidfile /var/run/$NAME.pid \ + start-stop-daemon --start --quiet --make-pidfile --background --pidfile /var/run/$NAME.pid \ --exec $DAEMON -- $DAEMON_OPTS echo "$NAME." ;; stop) echo -n "Stopping $DESC: " - #start-stop-daemon --stop --quiet --pidfile /var/run/$NAME.pid \ - # --exec $DAEMON - ps aux | grep $NAME | awk '{ print $2 }' | xargs kill -9 + start-stop-daemon --stop --quiet --pidfile /var/run/$NAME.pid \ + --exec $DAEMON echo "$NAME." ;; restart|force-reload) echo -n "Restarting $DESC: " - #start-stop-daemon --stop --quiet --pidfile /var/run/$NAME.pid \ - # --exec $DAEMON - ps aux | grep $NAME | awk '{ print $2 }' | xargs kill -9 - sleep 1 + start-stop-daemon --stop --quiet --make-pidfile --background --pidfile /var/run/$NAME.pid \ + --exec $DAEMON start-stop-daemon --start --quiet --pidfile /var/run/$NAME.pid \ --exec $DAEMON -- $DAEMON_OPTS echo "$NAME." From 181cc94118db82616c5c081251c1675e629f0621 Mon Sep 17 00:00:00 2001 From: Jan Wagner Date: Wed, 4 Jul 2007 17:03:59 +0000 Subject: [PATCH 028/136] change to bindsnap, since daemon forks after starting, which makes start-stop-daemon trouble --- debian/default | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/debian/default b/debian/default index 977f5d7..d6b7327 100644 --- a/debian/default +++ b/debian/default @@ -3,5 +3,6 @@ # installed at /etc/default/dns-flood-detector by the maintainer scripts # options that are passed to the Daemon. -# here: daemon mode, be more verbose, alarm at > 5/s, stats every 3 secs -DAEMON_OPTS="-d -v -v -t5 -w3" +# HINT: leave "-b". If not stopping via init script will not work +# here: bindsnap mode, be more verbose, alarm at > 5/s, stats every 3 secs +DAEMON_OPTS="-b -v -v -t5 -w3" From e624dd0726c0d3f29000d47078e7557c6bb7c356 Mon Sep 17 00:00:00 2001 From: Jan Wagner Date: Wed, 4 Jul 2007 17:04:20 +0000 Subject: [PATCH 029/136] ajust changelog --- debian/changelog | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/debian/changelog b/debian/changelog index 02586fa..13c9e57 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,7 +1,7 @@ dns-flood-detector (1.12-2) unstable; urgency=low * some cosmetic fixes to init script - * use kill instead of killall in init script (Closes: #431676). + * make start-stop-daemon working instead of using kill (Closes: #431676). * drop own maintainers scripts and make again use of debhelper -- Jan Wagner Wed, 04 Jul 2007 12:29:06 +0200 From ee85b8d5c55df150d380991b5e71299f0ecaaf62 Mon Sep 17 00:00:00 2001 From: Jan Wagner Date: Wed, 4 Jul 2007 18:44:52 +0000 Subject: [PATCH 030/136] revert changes --- debian/default | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/debian/default b/debian/default index d6b7327..977f5d7 100644 --- a/debian/default +++ b/debian/default @@ -3,6 +3,5 @@ # installed at /etc/default/dns-flood-detector by the maintainer scripts # options that are passed to the Daemon. -# HINT: leave "-b". If not stopping via init script will not work -# here: bindsnap mode, be more verbose, alarm at > 5/s, stats every 3 secs -DAEMON_OPTS="-b -v -v -t5 -w3" +# here: daemon mode, be more verbose, alarm at > 5/s, stats every 3 secs +DAEMON_OPTS="-d -v -v -t5 -w3" From 13af55fd32b166650ccac754a951532f45936836 Mon Sep 17 00:00:00 2001 From: Jan Wagner Date: Wed, 4 Jul 2007 18:45:15 +0000 Subject: [PATCH 031/136] another try --- debian/init.d | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/debian/init.d b/debian/init.d index 6fde3bd..fd14986 100644 --- a/debian/init.d +++ b/debian/init.d @@ -33,8 +33,9 @@ set -e case "$1" in start) echo -n "Starting $DESC: " - start-stop-daemon --start --quiet --make-pidfile --background --pidfile /var/run/$NAME.pid \ + start-stop-daemon --start --quiet --pidfile /var/run/$NAME.pid \ --exec $DAEMON -- $DAEMON_OPTS + ps aux | grep $NAME | grep -v grep | tail -1 | awk '{ print $2 }' > /var/run/$NAME.pid echo "$NAME." ;; stop) @@ -45,10 +46,11 @@ case "$1" in ;; restart|force-reload) echo -n "Restarting $DESC: " - start-stop-daemon --stop --quiet --make-pidfile --background --pidfile /var/run/$NAME.pid \ + start-stop-daemon --stop --quiet --pidfile /var/run/$NAME.pid \ --exec $DAEMON start-stop-daemon --start --quiet --pidfile /var/run/$NAME.pid \ --exec $DAEMON -- $DAEMON_OPTS + ps aux | grep $NAME | grep -v grep | tail -1 | awk '{ print $2 }' > /var/run/$NAME.pid echo "$NAME." ;; *) From ea675efb878000d58a1f674dd9373d25efa5b1c2 Mon Sep 17 00:00:00 2001 From: Jan Wagner Date: Wed, 4 Jul 2007 18:56:13 +0000 Subject: [PATCH 032/136] another try --- debian/init.d | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/debian/init.d b/debian/init.d index fd14986..4ef608b 100644 --- a/debian/init.d +++ b/debian/init.d @@ -35,7 +35,7 @@ case "$1" in echo -n "Starting $DESC: " start-stop-daemon --start --quiet --pidfile /var/run/$NAME.pid \ --exec $DAEMON -- $DAEMON_OPTS - ps aux | grep $NAME | grep -v grep | tail -1 | awk '{ print $2 }' > /var/run/$NAME.pid + ps aux | grep $DAEMON | grep -v grep | tail -1 | awk '{ print $2 }' > /var/run/$NAME.pid echo "$NAME." ;; stop) @@ -50,7 +50,7 @@ case "$1" in --exec $DAEMON start-stop-daemon --start --quiet --pidfile /var/run/$NAME.pid \ --exec $DAEMON -- $DAEMON_OPTS - ps aux | grep $NAME | grep -v grep | tail -1 | awk '{ print $2 }' > /var/run/$NAME.pid + ps aux | grep $DAEMON | grep -v grep | tail -1 | awk '{ print $2 }' > /var/run/$NAME.pid echo "$NAME." ;; *) From 874ac6f62f9a2e9622d2785e02a9e64dcb682b78 Mon Sep 17 00:00:00 2001 From: Jan Wagner Date: Wed, 4 Jul 2007 19:11:17 +0000 Subject: [PATCH 033/136] another try --- debian/init.d | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/debian/init.d b/debian/init.d index 4ef608b..4feeaee 100644 --- a/debian/init.d +++ b/debian/init.d @@ -35,7 +35,7 @@ case "$1" in echo -n "Starting $DESC: " start-stop-daemon --start --quiet --pidfile /var/run/$NAME.pid \ --exec $DAEMON -- $DAEMON_OPTS - ps aux | grep $DAEMON | grep -v grep | tail -1 | awk '{ print $2 }' > /var/run/$NAME.pid + ps aux | grep $DAEMON | head -1 | awk '{ print $2 }' > /var/run/$NAME.pid echo "$NAME." ;; stop) @@ -50,7 +50,7 @@ case "$1" in --exec $DAEMON start-stop-daemon --start --quiet --pidfile /var/run/$NAME.pid \ --exec $DAEMON -- $DAEMON_OPTS - ps aux | grep $DAEMON | grep -v grep | tail -1 | awk '{ print $2 }' > /var/run/$NAME.pid + ps aux | grep $DAEMON | head -1 | awk '{ print $2 }' > /var/run/$NAME.pid echo "$NAME." ;; *) From 9ba1a9a672bcdd992477ec9a0388afe954775c62 Mon Sep 17 00:00:00 2001 From: Jan Wagner Date: Wed, 4 Jul 2007 19:35:53 +0000 Subject: [PATCH 034/136] drop handling of upstream code --- LICENSE | 281 --------- README | 78 --- configure.pl | 19 - debian/changelog | 41 -- debian/compat | 1 - debian/control | 23 - debian/copyright | 30 - debian/default | 7 - debian/dns-flood-detector.8 | 70 --- debian/docs | 1 - debian/init.d | 64 -- debian/patches/00list | 1 - debian/patches/01_fix_prototyp.dpatch | 17 - debian/rules | 70 --- debian/watch | 2 - dns_flood_detector.c | 870 -------------------------- dns_flood_detector.h | 70 --- dnsflood | 36 -- makefiles/Makefile-BSDI | 13 - makefiles/Makefile-FreeBSD | 13 - makefiles/Makefile-Linux | 13 - makefiles/Makefile-OSX | 13 - makefiles/Makefile-Solaris | 13 - 23 files changed, 1746 deletions(-) delete mode 100644 LICENSE delete mode 100644 README delete mode 100755 configure.pl delete mode 100644 debian/changelog delete mode 100644 debian/compat delete mode 100644 debian/control delete mode 100644 debian/copyright delete mode 100644 debian/default delete mode 100644 debian/dns-flood-detector.8 delete mode 100644 debian/docs delete mode 100644 debian/init.d delete mode 100644 debian/patches/00list delete mode 100755 debian/patches/01_fix_prototyp.dpatch delete mode 100755 debian/rules delete mode 100644 debian/watch delete mode 100644 dns_flood_detector.c delete mode 100644 dns_flood_detector.h delete mode 100755 dnsflood delete mode 100644 makefiles/Makefile-BSDI delete mode 100644 makefiles/Makefile-FreeBSD delete mode 100644 makefiles/Makefile-Linux delete mode 100644 makefiles/Makefile-OSX delete mode 100644 makefiles/Makefile-Solaris diff --git a/LICENSE b/LICENSE deleted file mode 100644 index 69e1d93..0000000 --- a/LICENSE +++ /dev/null @@ -1,281 +0,0 @@ - GNU GENERAL PUBLIC LICENSE - Version 2, June 1991 - - Copyright (C) 1989, 1991 Free Software Foundation, Inc. - 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - Everyone is permitted to copy and distribute verbatim copies - of this license document, but changing it is not allowed. - - Preamble - - The licenses for most software are designed to take away your -freedom to share and change it. By contrast, the GNU General Public -License is intended to guarantee your freedom to share and change free -software--to make sure the software is free for all its users. This -General Public License applies to most of the Free Software -Foundation's software and to any other program whose authors commit to -using it. (Some other Free Software Foundation software is covered by -the GNU Library General Public License instead.) You can apply it to -your programs, too. - - When we speak of free software, we are referring to freedom, not -price. Our General Public Licenses are designed to make sure that you -have the freedom to distribute copies of free software (and charge for -this service if you wish), that you receive source code or can get it -if you want it, that you can change the software or use pieces of it -in new free programs; and that you know you can do these things. - - To protect your rights, we need to make restrictions that forbid -anyone to deny you these rights or to ask you to surrender the rights. -These restrictions translate to certain responsibilities for you if you -distribute copies of the software, or if you modify it. - - For example, if you distribute copies of such a program, whether -gratis or for a fee, you must give the recipients all the rights that -you have. You must make sure that they, too, receive or can get the -source code. And you must show them these terms so they know their -rights. - - We protect your rights with two steps: (1) copyright the software, and -(2) offer you this license which gives you legal permission to copy, -distribute and/or modify the software. - - Also, for each author's protection and ours, we want to make certain -that everyone understands that there is no warranty for this free -software. If the software is modified by someone else and passed on, we -want its recipients to know that what they have is not the original, so -that any problems introduced by others will not reflect on the original -authors' reputations. - - Finally, any free program is threatened constantly by software -patents. We wish to avoid the danger that redistributors of a free -program will individually obtain patent licenses, in effect making the -program proprietary. To prevent this, we have made it clear that any -patent must be licensed for everyone's free use or not licensed at all. - - The precise terms and conditions for copying, distribution and -modification follow. - - GNU GENERAL PUBLIC LICENSE - TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION - - 0. This License applies to any program or other work which contains -a notice placed by the copyright holder saying it may be distributed -under the terms of this General Public License. The "Program", below, -refers to any such program or work, and a "work based on the Program" -means either the Program or any derivative work under copyright law: -that is to say, a work containing the Program or a portion of it, -either verbatim or with modifications and/or translated into another -language. (Hereinafter, translation is included without limitation in -the term "modification".) Each licensee is addressed as "you". - -Activities other than copying, distribution and modification are not -covered by this License; they are outside its scope. The act of -running the Program is not restricted, and the output from the Program -is covered only if its contents constitute a work based on the -Program (independent of having been made by running the Program). -Whether that is true depends on what the Program does. - - 1. You may copy and distribute verbatim copies of the Program's -source code as you receive it, in any medium, provided that you -conspicuously and appropriately publish on each copy an appropriate -copyright notice and disclaimer of warranty; keep intact all the -notices that refer to this License and to the absence of any warranty; -and give any other recipients of the Program a copy of this License -along with the Program. - -You may charge a fee for the physical act of transferring a copy, and -you may at your option offer warranty protection in exchange for a fee. - - 2. You may modify your copy or copies of the Program or any portion -of it, thus forming a work based on the Program, and copy and -distribute such modifications or work under the terms of Section 1 -above, provided that you also meet all of these conditions: - - a) You must cause the modified files to carry prominent notices - stating that you changed the files and the date of any change. - - b) You must cause any work that you distribute or publish, that in - whole or in part contains or is derived from the Program or any - part thereof, to be licensed as a whole at no charge to all third - parties under the terms of this License. - - c) If the modified program normally reads commands interactively - when run, you must cause it, when started running for such - interactive use in the most ordinary way, to print or display an - announcement including an appropriate copyright notice and a - notice that there is no warranty (or else, saying that you provide - a warranty) and that users may redistribute the program under - these conditions, and telling the user how to view a copy of this - License. (Exception: if the Program itself is interactive but - does not normally print such an announcement, your work based on - the Program is not required to print an announcement.) - -These requirements apply to the modified work as a whole. If -identifiable sections of that work are not derived from the Program, -and can be reasonably considered independent and separate works in -themselves, then this License, and its terms, do not apply to those -sections when you distribute them as separate works. But when you -distribute the same sections as part of a whole which is a work based -on the Program, the distribution of the whole must be on the terms of -this License, whose permissions for other licensees extend to the -entire whole, and thus to each and every part regardless of who wrote it. - -Thus, it is not the intent of this section to claim rights or contest -your rights to work written entirely by you; rather, the intent is to -exercise the right to control the distribution of derivative or -collective works based on the Program. - -In addition, mere aggregation of another work not based on the Program -with the Program (or with a work based on the Program) on a volume of -a storage or distribution medium does not bring the other work under -the scope of this License. - - 3. You may copy and distribute the Program (or a work based on it, -under Section 2) in object code or executable form under the terms of -Sections 1 and 2 above provided that you also do one of the following: - - a) Accompany it with the complete corresponding machine-readable - source code, which must be distributed under the terms of Sections - 1 and 2 above on a medium customarily used for software interchange; or, - - b) Accompany it with a written offer, valid for at least three - years, to give any third party, for a charge no more than your - cost of physically performing source distribution, a complete - machine-readable copy of the corresponding source code, to be - distributed under the terms of Sections 1 and 2 above on a medium - customarily used for software interchange; or, - - c) Accompany it with the information you received as to the offer - to distribute corresponding source code. (This alternative is - allowed only for noncommercial distribution and only if you - received the program in object code or executable form with such - an offer, in accord with Subsection b above.) - -The source code for a work means the preferred form of the work for -making modifications to it. For an executable work, complete source -code means all the source code for all modules it contains, plus any -associated interface definition files, plus the scripts used to -control compilation and installation of the executable. However, as a -special exception, the source code distributed need not include -anything that is normally distributed (in either source or binary -form) with the major components (compiler, kernel, and so on) of the -operating system on which the executable runs, unless that component -itself accompanies the executable. - -If distribution of executable or object code is made by offering -access to copy from a designated place, then offering equivalent -access to copy the source code from the same place counts as -distribution of the source code, even though third parties are not -compelled to copy the source along with the object code. - - 4. You may not copy, modify, sublicense, or distribute the Program -except as expressly provided under this License. Any attempt -otherwise to copy, modify, sublicense or distribute the Program is -void, and will automatically terminate your rights under this License. -However, parties who have received copies, or rights, from you under -this License will not have their licenses terminated so long as such -parties remain in full compliance. - - 5. You are not required to accept this License, since you have not -signed it. However, nothing else grants you permission to modify or -distribute the Program or its derivative works. These actions are -prohibited by law if you do not accept this License. Therefore, by -modifying or distributing the Program (or any work based on the -Program), you indicate your acceptance of this License to do so, and -all its terms and conditions for copying, distributing or modifying -the Program or works based on it. - - 6. Each time you redistribute the Program (or any work based on the -Program), the recipient automatically receives a license from the -original licensor to copy, distribute or modify the Program subject to -these terms and conditions. You may not impose any further -restrictions on the recipients' exercise of the rights granted herein. -You are not responsible for enforcing compliance by third parties to -this License. - - 7. If, as a consequence of a court judgment or allegation of patent -infringement or for any other reason (not limited to patent issues), -conditions are imposed on you (whether by court order, agreement or -otherwise) that contradict the conditions of this License, they do not -excuse you from the conditions of this License. If you cannot -distribute so as to satisfy simultaneously your obligations under this -License and any other pertinent obligations, then as a consequence you -may not distribute the Program at all. For example, if a patent -license would not permit royalty-free redistribution of the Program by -all those who receive copies directly or indirectly through you, then -the only way you could satisfy both it and this License would be to -refrain entirely from distribution of the Program. - -If any portion of this section is held invalid or unenforceable under -any particular circumstance, the balance of the section is intended to -apply and the section as a whole is intended to apply in other -circumstances. - -It is not the purpose of this section to induce you to infringe any -patents or other property right claims or to contest validity of any -such claims; this section has the sole purpose of protecting the -integrity of the free software distribution system, which is -implemented by public license practices. Many people have made -generous contributions to the wide range of software distributed -through that system in reliance on consistent application of that -system; it is up to the author/donor to decide if he or she is willing -to distribute software through any other system and a licensee cannot -impose that choice. - -This section is intended to make thoroughly clear what is believed to -be a consequence of the rest of this License. - - 8. If the distribution and/or use of the Program is restricted in -certain countries either by patents or by copyrighted interfaces, the -original copyright holder who places the Program under this License -may add an explicit geographical distribution limitation excluding -those countries, so that distribution is permitted only in or among -countries not thus excluded. In such case, this License incorporates -the limitation as if written in the body of this License. - - 9. The Free Software Foundation may publish revised and/or new versions -of the General Public License from time to time. Such new versions will -be similar in spirit to the present version, but may differ in detail to -address new problems or concerns. - -Each version is given a distinguishing version number. If the Program -specifies a version number of this License which applies to it and "any -later version", you have the option of following the terms and conditions -either of that version or of any later version published by the Free -Software Foundation. If the Program does not specify a version number of -this License, you may choose any version ever published by the Free Software -Foundation. - - 10. If you wish to incorporate parts of the Program into other free -programs whose distribution conditions are different, write to the author -to ask for permission. For software which is copyrighted by the Free -Software Foundation, write to the Free Software Foundation; we sometimes -make exceptions for this. Our decision will be guided by the two goals -of preserving the free status of all derivatives of our free software and -of promoting the sharing and reuse of software generally. - - NO WARRANTY - - 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY -FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN -OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES -PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED -OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF -MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS -TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE -PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, -REPAIR OR CORRECTION. - - 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING -WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR -REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, -INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING -OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED -TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY -YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER -PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE -POSSIBILITY OF SUCH DAMAGES. - - END OF TERMS AND CONDITIONS - diff --git a/README b/README deleted file mode 100644 index afa0ab9..0000000 --- a/README +++ /dev/null @@ -1,78 +0,0 @@ -DNS FLood Detector 1.12 -Dennis Opacki -dopacki@adotout.com - - -What is DNS Flood Detector? - -DNS Flood Detector was developed to detect abusive usage levels on high -traffic nameservers and to enable quick response to the use of one's -nameserver to facilitate spam. DNS Flood Detector is distributed under the -Gnu Public License (see included LICENSE file for details). - -How does it work? - -DNS Flood Detector uses libpcap (in non-promiscuous mode) to monitor -incoming dns queries to a nameserver. The tool may be run in one of two -modes, either daemon mode or "bindsnap" mode. In daemon mode, the tool -will alarm via syslog. In bindsnap mode, the user is able to get -near-real-time stats on usage to aid in more detailed troubleshooting. -By default, it will count dns queries directed to any address in the same -network as the primary IP address on the interface being watched; the -A, --M, and -Q options can be used to modify this behaviour. - -How do I build it? - -Execute ./configure.pl to select the appropriate make target. Then simply -type "make". - -Why was it written? - -I wrote DNS Flood Detector because the fifty or so public recursive -nameservers I am responsible for were being abused by both customers and -non-customers. DNS Flood Detector allows for prompt action when anomalous -conditions are detected. - -What do I need to use it? - -You need libpcap and a little bit of patience. - -What platforms does it work on? - -Linux, BSDI, FreeBSD, Mac OSX, Solaris - -Will it run under Windows {95,98,NT,2000,XP}? - -Maybe. I haven't tried. If it doesn't, feel free to submit a fix. - -What does it look like? - -Usage: ./dns_flood_detector [OPTION] - --i IFNAME specify interface to listen on --t N alarm at >N queries per second --a N reset alarm after N seconds --w N calculate stats every N seconds --x N create N buckets --m N mark total query rate every N seconds --A addr filter for specific address --M mask netmask for filter (in conjunction with -A) --Q don't filter by local interface address --b run in foreground in bindsnap mode --d run in background in daemon mode --D dump dns packets (implies -b) --v verbose output - use again for more verbosity --h display this usage information - -Sample Output: - -dopacki:~$ sudo ./dns_flood_detector -v -v -b -t10 -[15:14:56] source [192.168.1.45] - 0 qps tcp : 24 qps udp [8 qps A] [16 qps PTR] -[15:14:56] source [10.0.24.2] - 0 qps tcp : 15 qps udp [15 qps A] -[15:15:06] source [192.168.1.45] - 0 qps tcp : 24 qps udp [8 qps A] [16 qps PTR] -[15:15:06] source [10.0.24.2] - 0 qps tcp : 15 qps udp [14 qps A] -[15:15:16] source [192.168.1.45] - 0 qps tcp : 23 qps udp [7 qps A] [15 qps PTR] - -What if I have questions? - -You can e-mail me at dopacki@adotout.com diff --git a/configure.pl b/configure.pl deleted file mode 100755 index 66648ba..0000000 --- a/configure.pl +++ /dev/null @@ -1,19 +0,0 @@ -#!/usr/bin/perl - -use strict; - -my $os = shift; - -# get target listings -opendir(MAKE_TARGETS,'./makefiles'); -my @targets = grep { /Makefile/ && -f './makefiles/'.$_ && s/^Makefile-// } readdir(MAKE_TARGETS); -closedir(MAKE_TARGETS); - -# display usage -unless ($os && grep{/$os/}@targets) {print< Wed, 04 Jul 2007 12:29:06 +0200 - -dns-flood-detector (1.12-1) unstable; urgency=medium - - * New upstream release - * modified fix_prototyp patch for upstream - - -- Jan Wagner Thu, 23 Nov 2006 13:35:11 +0100 - -dns-flood-detector (1.10-4) unstable; urgency=low - - * included fix_prototyp patch provided by "dann frazier " - (Closes: #399283). - * build depend to dpatch - - -- Jan Wagner Sun, 19 Nov 2006 10:18:55 +0100 - -dns-flood-detector (1.10-3) unstable; urgency=low - - * using killall in init script to get daemon stopped - * same for prerm - - -- Jan Wagner Thu, 9 Nov 2006 20:49:10 +0100 - -dns-flood-detector (1.10-2) unstable; urgency=low - - * fixed typo in initscript - - -- Jan Wagner Sat, 4 Nov 2006 21:46:03 +0100 - -dns-flood-detector (1.10-1) unstable; urgency=low - - * Initial release (Closes: #396618). - - -- Jan Wagner Fri, 3 Nov 2006 12:39:42 +0100 diff --git a/debian/compat b/debian/compat deleted file mode 100644 index 7ed6ff8..0000000 --- a/debian/compat +++ /dev/null @@ -1 +0,0 @@ -5 diff --git a/debian/control b/debian/control deleted file mode 100644 index 175e510..0000000 --- a/debian/control +++ /dev/null @@ -1,23 +0,0 @@ -Source: dns-flood-detector -Section: net -Priority: optional -Maintainer: Jan Wagner -Build-Depends: debhelper (>= 5), dpatch, libpcap0.8-dev -Standards-Version: 3.7.2 - -Package: dns-flood-detector -Architecture: any -Depends: ${shlibs:Depends} -Description: detect abusive usage levels on high traffic nameservers - This package provides the dns-flood-detector daemon. - . - It was developed to detect abusive usage levels on high traffic nameservers - and to enable quick response in halting the use of one's nameserver to - facilitate spam. - It uses libpcap (in non-promiscuous mode) to monitor incoming dns queries to a - nameserver. The tool may be run in one of two modes, either daemon mode or - "bindsnap" mode. In daemon mode, the tool will alarm via syslog. In bindsnap - mode, the user is able to get near-real-time stats on usage to aid in more - detailed troubleshooting. - . - Homepage: diff --git a/debian/copyright b/debian/copyright deleted file mode 100644 index 18c16a3..0000000 --- a/debian/copyright +++ /dev/null @@ -1,30 +0,0 @@ -This package was debianized by Jan Wagner on -Fri, 3 Nov 2006 12:39:42 +0100. - -It was downloaded from - -Upstream Author: Dennis Opacki - -Copyright: (C) 2003 Dennis Opacki - -License: - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA - -On Debian systems, the complete text of the GNU General Public License -can be found in /usr/share/common-licenses/GPL file. - -The Debian packaging is (C) 2006, 2007 Jan Wagner and -is licensed under the GPL, see `/usr/share/common-licenses/GPL'. diff --git a/debian/default b/debian/default deleted file mode 100644 index 977f5d7..0000000 --- a/debian/default +++ /dev/null @@ -1,7 +0,0 @@ -# Defaults for dns-flood-detector initscript -# sourced by /etc/init.d/dns-flood-detector -# installed at /etc/default/dns-flood-detector by the maintainer scripts - -# options that are passed to the Daemon. -# here: daemon mode, be more verbose, alarm at > 5/s, stats every 3 secs -DAEMON_OPTS="-d -v -v -t5 -w3" diff --git a/debian/dns-flood-detector.8 b/debian/dns-flood-detector.8 deleted file mode 100644 index e7a9cad..0000000 --- a/debian/dns-flood-detector.8 +++ /dev/null @@ -1,70 +0,0 @@ -.TH DNS-FLOOD-DETECTOR 8 "2006-11-03" "1.10" "dns flood detection tool" - -.SH NAME -DNS-FLOOD-DETECTOR \- dns flood detection and alert tool - -.SH SYNOPSIS -.B dns-flood-detector -.RB [\| \-b \||\| \-d \|] -.RB [\| \-v \|] -.RB [\| \-h \|] -.RB [\| \-i -.IR device \|] -.RB [\| -t -.IR n \|] -.RB [\| -a -.IR n \|] -.RB [\| -w -.IR n \|] -.RB [\| -x -.IR n \|] -.RB [\| -m -.IR n \|] - -.SH DESCRIPTION -.B DNS Flood Detector -was developed to detect abusive usage levels on high traffic nameservers and to -enable quick response to the use of one's nameserver to facilitate spam. - -.SH OPTIONS -.B -.TP -.B \-b -run in foreground in bindsnap mode -.TP -.B \-d -run in background in daemon mode -.TP -.B \-v -verbose output \- use again for more verbosity -.TP -.B \-h -display help -.TP -.B \-i device -specify device name to listen on -.TP -.B \-t n -alarm at >n queries per second -.TP -.B \-a n -reset alarm after n seconds -.TP -.B \-w n -calculate stats every n seconds -.TP -.B \-x n -create n buckets -.TP -.B \-m n -report overall stats every n seconds - -.SH SEE ALSO -.B Website - - -.SH AUTHOR -DNS-FLOOD-DETECTOR was written by Dennis Opacki . -.PP -This manual page was written by Jan Wagner , -for the Debian project (but may be used by others). diff --git a/debian/docs b/debian/docs deleted file mode 100644 index e845566..0000000 --- a/debian/docs +++ /dev/null @@ -1 +0,0 @@ -README diff --git a/debian/init.d b/debian/init.d deleted file mode 100644 index 4feeaee..0000000 --- a/debian/init.d +++ /dev/null @@ -1,64 +0,0 @@ -#!/bin/sh -# Written by Miquel van Smoorenburg . -# Modified for Debian -# by Ian Murdock . -# -# Version: @(#)skeleton 1.9 26-Feb-2001 miquels@cistron.nl -# /etc/init.d/dns-flood-detector: v1 2006/11/03 Jan Wagner - -### BEGIN INIT INFO -# Provides: dns-flood-detector -# Required-Start: $local_fs $network $remote_fs $syslog -# Required-Stop: $local_fs $network $remote_fs $syslog -# Default-Start: 2 3 4 5 -# Default-Stop: 0 1 6 -# Short-Description: start and stop the dns-flood-detector daemon -# Description: detect abusive usage levels on high traffic nameservers -### END INIT INFO - -PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin -DAEMON=/usr/bin/dns-flood-detector -NAME=dns-flood-detector -DESC=dns-flood-detector - -test -x $DAEMON || exit 0 - -# Include dns-flood-detector defaults if available -if [ -f /etc/default/dns-flood-detector ] ; then - . /etc/default/dns-flood-detector -fi - -set -e - -case "$1" in - start) - echo -n "Starting $DESC: " - start-stop-daemon --start --quiet --pidfile /var/run/$NAME.pid \ - --exec $DAEMON -- $DAEMON_OPTS - ps aux | grep $DAEMON | head -1 | awk '{ print $2 }' > /var/run/$NAME.pid - echo "$NAME." - ;; - stop) - echo -n "Stopping $DESC: " - start-stop-daemon --stop --quiet --pidfile /var/run/$NAME.pid \ - --exec $DAEMON - echo "$NAME." - ;; - restart|force-reload) - echo -n "Restarting $DESC: " - start-stop-daemon --stop --quiet --pidfile /var/run/$NAME.pid \ - --exec $DAEMON - start-stop-daemon --start --quiet --pidfile /var/run/$NAME.pid \ - --exec $DAEMON -- $DAEMON_OPTS - ps aux | grep $DAEMON | head -1 | awk '{ print $2 }' > /var/run/$NAME.pid - echo "$NAME." - ;; - *) - N=/etc/init.d/$NAME - # echo "Usage: $N {start|stop|restart|reload|force-reload}" >&2 - echo "Usage: $N {start|stop|restart|force-reload}" >&2 - exit 1 - ;; -esac - -exit 0 diff --git a/debian/patches/00list b/debian/patches/00list deleted file mode 100644 index 3220968..0000000 --- a/debian/patches/00list +++ /dev/null @@ -1 +0,0 @@ -01_fix_prototyp.dpatch diff --git a/debian/patches/01_fix_prototyp.dpatch b/debian/patches/01_fix_prototyp.dpatch deleted file mode 100755 index d6b7390..0000000 --- a/debian/patches/01_fix_prototyp.dpatch +++ /dev/null @@ -1,17 +0,0 @@ -#!/bin/sh /usr/share/dpatch/dpatch-run -## 01_fix_prototyp.dpatch by dann frazier -## -## DP: fix missing function prototype definition - -@DPATCH@ - ---- dns-flood-detector-1.10/dns_flood_detector.c~ 2003-12-29 20:53:38.000000000 -0700 -+++ dns-flood-detector-1.10/dns_flood_detector.c 2006-11-18 17:38:47.000000000 -0700 -@@ -79,6 +79,7 @@ - #include - #include - #include -+#include - #include - #include - #include diff --git a/debian/rules b/debian/rules deleted file mode 100755 index 8ead083..0000000 --- a/debian/rules +++ /dev/null @@ -1,70 +0,0 @@ -#!/usr/bin/make -f -# written by Jan Wagner -# -# Uncomment this to turn on verbose mode. -#export DH_VERBOSE=1 - -include /usr/share/dpatch/dpatch.make - -CFLAGS += -D_BSD_SOURCE -Wall -g -LDLIBS += -lpcap -lpthread -lm - -ifneq (,$(findstring noopt,$(DEB_BUILD_OPTIONS))) - CFLAGS += -O0 -else - CFLAGS += -O2 -endif - -build: build-stamp -build-stamp: patch-stamp - dh_testdir - # Add here commands to compile the package. - $(CC) $(CFLAGS) dns_flood_detector.c $(LDLIBS) -o dns_flood_detector - - touch $@ - -clean: unpatch - dh_testdir - dh_testroot - rm -f build-stamp - - # Add here commands to clean up after the build process. - rm -rf dns_flood_detector *.o *~ - - dh_clean - -install: build - dh_testdir - dh_testroot - dh_clean -k - dh_installdirs - - # Add here commands to install the package into debian/dns-flood-detector. - install -D -m 0755 dns_flood_detector debian/dns-flood-detector/usr/bin/dns-flood-detector - install -D -m 0644 debian/default debian/dns-flood-detector/etc/default/dns-flood-detector - install -D -m 0755 debian/init.d debian/dns-flood-detector/etc/init.d/dns-flood-detector - -# Build architecture-independent files here. -binary-indep: build install -# We have nothing to do by default. - -# Build architecture-dependent files here. -binary-arch: build install - dh_testdir - dh_testroot - dh_installchangelogs - dh_installdocs - dh_installman debian/dns-flood-detector.8 - dh_installinit -- defaults 40 - dh_link - dh_strip - dh_compress - dh_fixperms - dh_shlibdeps - dh_installdeb - dh_gencontrol - dh_md5sums - dh_builddeb - -binary: binary-indep binary-arch -.PHONY: build clean binary-indep binary-arch binary install diff --git a/debian/watch b/debian/watch deleted file mode 100644 index 76ed60b..0000000 --- a/debian/watch +++ /dev/null @@ -1,2 +0,0 @@ -version=3 -http://www.adotout.com/dnsflood-(.*)\.tgz diff --git a/dns_flood_detector.c b/dns_flood_detector.c deleted file mode 100644 index b474ad2..0000000 --- a/dns_flood_detector.c +++ /dev/null @@ -1,870 +0,0 @@ -/******************************************************************************** - - Program: dns_flood_detector.c - Author: Dennis Opacki - Date: Tue Mar 18 16:46:53 EST 2003 - Purpose: Monitor DNS servers for abusive usage levels - and alarm to syslog - - compile with: - gcc -o dns_flood_detector -lpcap -lpthread -lm dns_flood_detector.c - - command-line options: - - -i ifname specify interface to listen on (default lets pcap pick) - -t n alarm when more than n queries per second are observed - (default 40) - -a n wait for n seconds before alarming again on same source - (default 90) - -w n calculate statistics every n seconds - (default 10) - -x n use n buckets - (default 50) - -m n mark overall query rate every n seconds - (default disabled) - -A addr filter for specific address - -M mask netmask for filter (in conjunction with -A) - -Q monitor any addresses (default is to filter only for - primary addresses on chosen interface) - -b run in foreground in "bindsnap" mode - -d run in background in "daemon" mode - -D dump dns packets (implies -b) - -v detailed information (use twice for more detail) - -h usage info - - Copyright (C) 2003 Dennis Opacki - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - - --- new in v1.05 --- - 8/18/2003 - FreeBSD target - Jim Westfall - 8/18/2003 - Moved to getopt(3) for compatibility - 8/19/2003 - Added OSX/BSDI make targets - - Added ability to specify inteface - - - --- new in v1.06 --- - 8/20/2003 - Added Solaris9 make target - - 8/26/2003 - Fixed tcp qdcount bug - - - --- new in v1.07 --- - 8/27/2003 - Fixed alarm reset bug - - 8/28/2003 - Added malloc_fail function - - 8/28/2003 - Added mutex thread locking - - 8/30/2003 - Fixed wierd qtype segfault - - - - --- new in v1.08 --- - 9/02/2003 - Added -v -v output in daemon mode - - - --- new in v1.09 --- - 10/19/2003 - Added stdout flushing to bindsnap mode - - 10/19/2003 - Changed logging priority to LOG_NOTICE - - 10/19/2003 - Fixed low traffic verbose logging bugs - - - --- new in v1.10 --- - 10/22/2003 - Added 'mark status' option via '-m' - - 10/23/2003 - Code cleanup in verbose syslogging - - - --- new in v1.11 --- - 06/14/2005 - added A6, AAAA, ANY qtypes - - examine all packets with >= 1 qdcount - - stop processing packet if invalid dns char - - fix tcp parsing - - add option_D to dump packets - - - --- new in v1.12 --- - 03/03/2006 - added address filtering options - - fix segfault using argv[0] after getopt - - fix rounding from float/int conversions, use unsigned more consistently - - clean up to work with -Wall - - show fractional qps rates for totals - - store addresses raw, instead of as text (speedup/reduce memory usage) - - fix crash on long syslog messages - - -********************************************************************************/ - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#ifdef __bsdi__ -#include -#else -#ifdef __sun__ -#include -#else -#include -#endif -#endif -#include -#include -#include -#include -#include -#include -#include -#include -#include "dns_flood_detector.h" - -// global variables and their defaults -pthread_mutex_t stats_lock; -struct bucket **bb; -int option_t = 60; -int option_a = 90; -int option_w = 10; -int option_x = 50; -int option_m = 0; -int option_b = 0; -int option_d = 0; -int option_D = 0; -int option_v = 0; -int option_h = 0; -int option_Q = 0; -int option_A = 0; -int option_M = 0; -int totals = 0; -char VERSION[] = "1.12"; - -// 255.255.255.255 is invalid as a src IP address; we'll use it to mark empty buckets -#define BCAST 0xffFFffFF - -// this is our statistics thread -void *run_stats () { - while (1) { - - // check statistical stuff - pthread_mutex_lock(&stats_lock); - calculate_averages(); - pthread_mutex_unlock(&stats_lock); - - sleep (option_w); - } -} - -// calculate the running average within each bucket -int calculate_averages() { - u_int i,j,delta,cursize,qps; - int newsize; - float qpsf; - char st_time[10]; - time_t now = time(0); - u_int types[] = {1,2,5,6,12,15,28,38,252,255,0}; - char *target; - char *names[] = {"A","NS","CNAME","SOA","PTR","MX","AAAA","A6","AXFR","ANY",""}; - struct tm *raw_time = localtime(&now); - snprintf(st_time, 9, "%02d:%02d:%02d",raw_time->tm_hour,raw_time->tm_min,raw_time->tm_sec); - - for (i=0; iip_addr.s_addr != BCAST) { - delta = now - bb[i]->first_packet; - - // let's try to avoid a divide-by-zero, shall we? - if (delta > 1 ) { - - // round our average and save it in the bucket - bb[i]->qps = (u_int)ceil( (bb[i]->tcp_count + bb[i]->udp_count) / (float)delta); - - // handle threshold crossing - if ( bb[i]->qps > option_t ) { - - - // display detail to either syslog or stdout - if ( option_b ) { - if ( ! option_v ) { - printf("[%s] source [%s] - %u qps\n",st_time,inet_ntoa(bb[i]->ip_addr),bb[i]->qps); - fflush(stdout); - } - else { - printf("[%s] source [%s] - %u qps tcp : %u qps udp ",st_time,inet_ntoa(bb[i]->ip_addr), - (u_int)ceil( ((float)bb[i]->tcp_count/delta)), - (u_int)ceil( ((float)bb[i]->udp_count/delta)) - ); - if ( option_v >1 ) { - for (j=0;types[j];j++) { - qps = (u_int)ceil((float)bb[i]->qstats[types[j]]/delta); - if (qps){ - printf("[%u qps %s] ",qps,names[j]); - } - } - } - printf("\n"); - fflush(stdout); - } - } - else { - // if running in background, use alarm reset timer - if ((now-bb[i]->alarm_set)>option_a) { - - // display appropriate level of detail via syslog - if ( ! option_v ) { - syslog(LOG_NOTICE,"source [%s] - %u qps\n",inet_ntoa(bb[i]->ip_addr),bb[i]->qps); - } - else if (option_v > 1) { - target = (char *)malloc(sizeof(char)*MAXSYSLOG); - newsize = MAXSYSLOG; - cursize = snprintf(target,newsize,"source [%s] - %u tcp qps : %u udp qps ",inet_ntoa(bb[i]->ip_addr), - (u_int)ceil( ((float)bb[i]->tcp_count/delta)), - (u_int)ceil( ((float)bb[i]->udp_count/delta)) - ); - newsize-=cursize; - - for (j=0;types[j];j++ ) { - qps = (u_int)ceil(((float)bb[i]->qstats[types[j]]/delta)); - if ( ( qps > 0) && ( newsize > 1 ) ) { - cursize = snprintf(target+(MAXSYSLOG-newsize),newsize,"[%u qps %s] ",qps,names[j]); - newsize-=cursize; - } - } - if (newsize <= 0 ) { - target[MAXSYSLOG-1]='\0'; - } - syslog(LOG_NOTICE,"%s",target); - free(target); - } - else { - syslog(LOG_NOTICE,"source [%s] - %u tcp qps - %u udp qps\n",inet_ntoa(bb[i]->ip_addr), - (u_int)ceil( ((float)bb[i]->tcp_count/delta)), - (u_int)ceil( ((float)bb[i]->udp_count/delta)) - ); - } - - // reset alarm - bb[i]->alarm_set = now; - } - } - } - } - } - } - - // 'mark stats' if required and it is time - delta = (u_int)(now - bb[totals]->first_packet); - if ( (option_m > 0)&&(delta > 1)&&(delta >= option_m) ) { - - // handle bindsnap mode - if (option_b) { - printf("[%s] totals - %3.2f qps tcp : %3.2f qps udp ",st_time, ((float)bb[totals]->tcp_count/delta),((float)bb[totals]->udp_count/delta)); - if (option_v) { - for (j=0;types[j];j++) { - qpsf = ((float)bb[totals]->qstats[types[j]]/delta); - if (qpsf > 0){ - printf("[%3.2f qps %s] ",qpsf,names[j]); - } - } - } - printf("\n"); - fflush(stdout); - } - else { - // agonizing high verbosity code - if (option_v) { - target = (char *)malloc(sizeof(char)*MAXSYSLOG); - newsize = MAXSYSLOG; - cursize = snprintf(target,newsize,"[totals] - %3.2f tcp qps : %3.2f udp qps ", - ((float)bb[totals]->tcp_count/delta), - ((float)bb[totals]->udp_count/delta) - ); - newsize-=cursize; - - for (j=0;types[j];j++ ) { - qpsf = ((float)bb[totals]->qstats[types[j]]/delta); - if ( ( qpsf > 0) && ( newsize > 1 ) ) { - cursize = snprintf(target+(MAXSYSLOG-newsize),newsize,"[%3.2f qps %s] ",qpsf,names[j]); - newsize-=cursize; - } - } - if (newsize <= 0 ) { - target[MAXSYSLOG-1]='\0'; - } - syslog(LOG_NOTICE,"%s",target); - free(target); - } - else { - syslog(LOG_NOTICE,"[totals] - %3.2f tcp qps : %3.2f udp qps\n", - ((float)bb[totals]->tcp_count/delta), - ((float)bb[totals]->udp_count/delta) - ); - } - } - scour_bucket(totals); - } - - return 1; -} - -int valid_dns_char(char c) { - - if((c >= '0' && c <= '9') - || (c >= 'a' && c <= 'z') - || (c >= 'A' && c <= 'Z') - || (c == '-') - || (c == '_')) // is valid for SRV records. - return 1; - - return 0; -} -// purge and initialize all buckets -void init_buckets() { - u_int i; - - // create bucket brigade (final bucket is for totals) - pthread_mutex_lock(&stats_lock); - if ( ( bb = malloc( sizeof(struct bucket *) * (option_x+1)) ) == NULL ) malloc_fail("bb", sizeof(struct bucket *) * (option_x+1)); - for (i=0; i <=option_x; i++ ) { - if ( ( bb[i] = (struct bucket *)malloc( sizeof(struct bucket) ) ) == NULL) malloc_fail("bb[i]", sizeof(struct bucket) ); - scour_bucket(i); - } - pthread_mutex_unlock(&stats_lock); -} - -// clean out a bucket while avoiding obvious memory leak -int scour_bucket( int i ) { - int j; - - bb[i]->ip_addr.s_addr=BCAST; - bb[i]->tcp_count=0; - bb[i]->udp_count=0; - bb[i]->qps=0; - bb[i]->first_packet=time(0); - bb[i]->last_packet=(time_t)0; - bb[i]->alarm_set=(time_t)0; - - for (j=0;j<256;j++) { - bb[i]->qstats[j]=0; - } - return 1; -} - -// add a packet to a bucket -int add_to_bucket ( struct in_addr *ip_src, int ip_proto, int num_queries, u_int8_t qtype) { - int bucket = 0; - - // get the bucket to put packet in - pthread_mutex_lock(&stats_lock); - bucket = find_bucket(ip_src); - - // set bucket fields - bb[bucket]->last_packet = time(0); - if (ip_proto == 6 ) { - bb[bucket]->tcp_count+=num_queries; - bb[totals]->tcp_count+=num_queries; - } - else { - bb[bucket]->udp_count+=num_queries; - bb[totals]->udp_count+=num_queries; - } - - bb[bucket]->qstats[qtype]+=num_queries; - bb[totals]->qstats[qtype]+=num_queries; - pthread_mutex_unlock(&stats_lock); - - return 1; -} - -// figure out where to put this packet -int find_bucket(struct in_addr *ip_src) { - int i, bucket=0; - time_t oldest=0; - - // look for an existing bucket for this IP - for (i=0; i< option_x; i++ ){ - // ip field of bucket seems to match the ip we are checking - if (bb[i]->ip_addr.s_addr == ip_src->s_addr) { - return i; - } - } - - // look for unused buckets - for (i=0; i< option_x; i++ ) { - - // found an unused one - clean it, init it, and return it - if ( bb[i]->ip_addr.s_addr == BCAST ) { - scour_bucket(i); - bb[i]->ip_addr.s_addr = ip_src->s_addr; - return i; - } - - // find the most stagnant bucket in case we need it - // avoids another loop through the buckets - // TODO - should we autoflush buckets after some idle time, - // or after alarming? fixes the case where - // alarms are unlikely to reappear even if a client - // resumes flooding if there isn't bucket contention - // churning them out and resetting the timer for the rate - // calculation... - if ( ( bb[i]->last_packet != 0 ) && ((oldest==0)||( bb[i]->last_packet < oldest))) { - oldest = bb[i]->last_packet; - bucket = i; - } - } - - // use the most stagnant bucket since all are in use - // clean it, init it, and return it - scour_bucket(bucket); - bb[i]->ip_addr.s_addr = ip_src->s_addr; - - return bucket; -} - -// handle all packets we throw at it -void handle_IP(u_char *args, const struct pcap_pkthdr* pkthdr,const u_char* packet){ - const struct ip* ip; - const struct my_dns *dns; - const struct tcphdr *tcp; - const struct udphdr *udp; - u_int length = pkthdr->len; - u_int caplen = pkthdr->caplen; - u_int hlen,off,version; - unsigned char dname[NS_MAXDNAME]=""; - struct in_addr ip_src; - unsigned char *data; - u_int len,dpos; - u_int8_t qtype,tlen; - - // skip the ethernet header - length -= sizeof(struct ether_header); - - // make sure packet is a valid length - if (length < sizeof(struct ip)) { - return; - } - - // snap off the ip portion - ip = (struct ip*)(packet + sizeof(struct ether_header)); - - // get utility params for sanity checking - len = ntohs(ip->ip_len); - hlen = ip->ip_hl; - version = ip->ip_v; - - // let's not do ipv6 just yet - if(version != 4) { - return; - } - - // make sure we have a sane header length - if(hlen < 5 ) { - return; - } - - // do we have the everything we are supposed to? - if(length < len) { - return; - } - - // make sure we are only processing the first fragment - off = ntohs(ip->ip_off); - if((off & 0x1fff) == 0 ) { - - // get the source ip - ip_src.s_addr = ip->ip_src.s_addr; - - // process udp packets - if ( ip->ip_p == 17 ) { - udp = (struct udphdr *) ( (char *) packet + sizeof(struct ether_header)+ sizeof (struct ip) ); - - // try to make sure it is safe to cast packet into dns structure - if ( (sizeof(struct my_dns)+sizeof(struct ether_header)+sizeof(struct ip)+sizeof(struct udphdr)) >= caplen ) { - return; - } - else { - // populate dns header - dns = (struct my_dns *) ( (char *) packet + sizeof(struct ether_header) + sizeof (struct ip) + sizeof (struct udphdr) ); - data = (char *) packet +sizeof(struct ether_header) + sizeof (struct ip) + sizeof (struct udphdr) + sizeof(struct my_dns); - } - } - - // process tcp packets - else if ( ip->ip_p == 6 ) { - tcp = (struct tcphdr *) ( (char *) packet + sizeof(struct ether_header)+ sizeof (struct ip) ); - - // ignore packets without push flag set - if (! tcp->th_flags & TH_PUSH) return; - - // try to make sure it is safe to cast packet into dns structure - if ( (sizeof(struct my_dns)+sizeof(struct ether_header)+sizeof(struct ip)+(tcp->th_off * sizeof(u_int32_t)) + sizeof(u_int16_t)) >= caplen ) { - return; - } - else { - // populate dns header - // tcp dns lookups also include a 16bit length field = dns header + data. - dns = (struct my_dns *) ( (char *) packet + sizeof(struct ether_header)+ sizeof (struct ip) + (tcp->th_off * sizeof(u_int32_t) + sizeof(u_int16_t))); - data = (char *) packet + sizeof(struct ether_header) + sizeof (struct ip) + (tcp->th_off * sizeof(u_int32_t)) + sizeof(struct my_dns) + sizeof(u_int16_t); - } - } - - // hmm.. not tcp, not udp.. move on. - else { - return; - } - - // we only want queries, not responses - if ( dns->dns_flags1 & 0x80 ) { - return; - } - - // ignore packets with no questions - if (ntohs(dns->dns_qdcount) == 0) { - return; - } - - // get the domain name and query type - tlen=dpos=0; - for (;(*data)&&((void *)data<((void *)packet+caplen-1)); data++) { - if (!tlen) tlen=*data; - for (;(tlen&&((void *)data<((void *)packet+caplen-1)));tlen--){ - data++; - // bail on an invalid dns char - if(!valid_dns_char(*data)) { - return; - } - if (dposip_p == 17 ? "udp" : "tcp"), qtype, dname); - } - - // add packet to bucket array - if (ntohs(dns->dns_qdcount)&&qtype) { - add_to_bucket( &ip_src, ip->ip_p, 1, qtype ); - } - } - return; -} - -// main logic -// some pcap code borrowed from http://www.cet.nau.edu/~mc8/Socket/Tutorials/section1.html -int main(int argc,char **argv){ - char *dev = NULL; - pthread_t thread; - char errbuf[PCAP_ERRBUF_SIZE]; - pcap_t* descr; - struct bpf_program fp; /* hold compiled program */ - bpf_u_int32 maskp=0; /* subnet mask */ - bpf_u_int32 netp=0; /* ip */ - char *filter = NULL; - char *dst_addr = NULL; - char *dst_mask = NULL; - struct sigaction sa; - struct in_addr addr,tmpaddr; - u_int f_size; - char *args = NULL; - char *name = NULL; - u_int c = 0; - - if ( ( name = (char *)strdup(argv[0]) ) == NULL) malloc_fail("name", strlen(argv[0]) ); - // loop through command line options and get options - while(1) { - c = getopt(argc, argv,"i:t:a:w:x:m:A:M:QbdDvh"); - - if (c==-1) break; - switch(c) { - case 0: - break; - case 'i': - if (optarg) { - if ( ( dev = (char *)strdup(optarg) ) == NULL) malloc_fail("dev", strlen(optarg) ); - } - break; - case 't': - if (optarg) { - if ( abs (atoi(optarg)) > 0) { - option_t = abs( atoi(optarg)); - } - } - break; - case 'a': - if (optarg) { - if ( abs (atoi(optarg)) > 10) { - option_a = abs( atoi(optarg)); - } - } - break; - case 'w': - if (optarg) { - if ( abs (atoi(optarg)) > 1) { - option_w = abs( atoi(optarg)); - } - } - break; - case 'x': - if (optarg) { - if ( abs (atoi(optarg)) > 10) { - option_x = abs( atoi(optarg)); - } - } - break; - case 'm': - if (optarg) { - if ( abs (atoi(optarg)) > 0) { - option_m = abs( atoi(optarg)); - } - } - break; - case 'M': - if (optarg && (dst_mask == NULL) ) { - if ( inet_aton(optarg, &tmpaddr) ) { - if ( ( dst_mask = (char *)strdup(optarg) ) == NULL) malloc_fail("filter mask", strlen(optarg) ); - option_M=1; - } else { - fprintf(stderr,"Invalid filter mask \"%s\"\n",optarg); - option_h = 1; - } - } - break; - case 'A': - if (optarg && (dst_addr == NULL) ) { - if ( inet_aton(optarg, &tmpaddr) ) { - if ( ( dst_addr = (char *)strdup(optarg) ) == NULL) malloc_fail("dest filter", strlen(optarg) ); - option_A=1; - } else { - fprintf(stderr,"Invalid filter address \"%s\"\n",optarg); - option_h = 1; - } - } - break; - case 'Q': - option_Q = 1; - break; - case 'b': - option_b = 1; - break; - case 'd': - option_d = 1; - break; - case 'D': - option_D = 1; - break; - case 'v': - option_v++; - break; - case 'h': - option_h = 1; - default: - break; - } - } - - // display usage info if needed - if (optindN queries per second\n"); - fprintf(stderr,"-a N reset alarm after N seconds\n"); - fprintf(stderr,"-w N calculate stats every N seconds\n"); - fprintf(stderr,"-x N create N buckets\n"); - fprintf(stderr,"-m N report overall stats every N seconds\n"); - fprintf(stderr,"-A addr filter for specific address\n"); - fprintf(stderr,"-M mask netmask for filter (in conjunction with -A)\n"); - fprintf(stderr,"-Q don't filter by local interface address\n"); - fprintf(stderr,"-b run in foreground in bindsnap mode\n"); - fprintf(stderr,"-d run in background in daemon mode\n"); - fprintf(stderr,"-D dump dns packets (implies -b)\n"); - fprintf(stderr,"-v verbose output - use again for more verbosity\n"); - fprintf(stderr,"-h display this usage information\n"); - exit(1); - } - - // if dumping packets, force option_b and disable option_d - if( option_D ) { - if( ! option_b ) - option_b = 1; - - if( option_d ) - option_d = 0; - - } - - if ( ( option_Q ) && ( option_A ) ) { - fprintf(stderr,"%s couldn't start\n",name); - fprintf(stderr,"You can't specify both -A (address filter) and -Q (no filter)\n"); - exit(1); - } - if ( ( ! option_d ) && ( ! option_b ) ) { - fprintf(stderr,"%s couldn't start\n",name); - fprintf(stderr,"You must specify either -d (daemon) or -b (bindsnap)\n"); - exit(1); - } - free(name); - // set up for daemonized operation unless running in bindsnap mode - if ( ! option_b ) { - openlog("dns_flood_detector",LOG_PID|LOG_CONS,LOG_DAEMON); - syslog(LOG_NOTICE,"dns_flood_detector starting"); - - // daemonize unless running in bindsnap mode - daemonize(); - - // set up signal handlers - sa.sa_handler=exit; - sa.sa_flags=0; - if(sigaction(SIGTERM,&sa,NULL)) { - syslog(LOG_ERR,"Unable to set signal handler: %s. Exiting.", - strerror(errno)); - } - } - - // find a valid device to open - if(dev == NULL && ( (dev=pcap_lookupdev(errbuf)) == NULL ) ){ - fprintf(stderr,"unable to bind to valid device\n"); - exit(1); - } - - /* restrict to queries to primary local address? */ - if (option_Q) { - f_size = strlen("port 53 "); - if ( ( filter = (char *) malloc ( f_size+1) ) == NULL ) malloc_fail( "filter", f_size+1 ); - snprintf( filter, f_size, "port 53"); - } else { - if (! option_A) { - // get network address and netmask for device - pcap_lookupnet(dev,&netp,&maskp,errbuf); - - // set up filter with local network - addr.s_addr = (unsigned long int)netp; - if ( ( dst_addr = (char *)malloc( strlen((char *)inet_ntoa(addr))+1) ) == NULL ) malloc_fail("dest_addr", strlen((char *)inet_ntoa(addr))+1 ); - strncpy(dst_addr,(char*)inet_ntoa(addr),strlen((char *)inet_ntoa(addr))); - dst_addr[strlen((char *)inet_ntoa(addr))]='\0'; - - addr.s_addr = (unsigned long int)maskp; - if (!option_M) { - if ( ( dst_mask = (char *)malloc( strlen((char *)inet_ntoa(addr))+1) ) == NULL ) malloc_fail("dest_mask", strlen((char *)inet_ntoa(addr))+1 ); - strncpy(dst_mask,(char*)inet_ntoa(addr),strlen((char *)inet_ntoa(addr))); - dst_mask[strlen((char *)inet_ntoa(addr))]='\0'; - } - } else { - // we're using an address from -A - if (!option_M) { - // if no mask was specified, then use just a host mask - if ( ( dst_mask = (char *)malloc(16) ) == NULL ) malloc_fail("dest_mask", 16); - strncpy(dst_mask,"255.255.255.255",15); - } - } - - f_size = strlen("port 53 and dst net mask ")+ strlen(dst_mask)+ strlen(dst_addr); - if ( ( filter = (char *) malloc ( f_size+1) ) == NULL ) malloc_fail( "filter", f_size+1 ); - snprintf( filter, f_size, "port 53 and dst net %s mask %s", dst_addr, dst_mask); - - free (dst_mask); - free (dst_addr); - } - - if ( option_b && option_v ) { - printf("using filter \"%s\" on dev %s\n", filter, dev); - } - // open device for reading only local traffic - descr = pcap_open_live(dev,1500,0,1,errbuf); - if(descr == NULL) { - fprintf(stderr,"unable to open device %s\n",dev); - exit(1); - } - - // compile filter - if(pcap_compile(descr,&fp,filter,0,netp) == -1) { - fprintf(stderr,"error compiling filter: %s\n",pcap_geterr(descr)); - exit(1); - } - - // set filter - if(pcap_setfilter(descr,&fp) == -1){ - fprintf(stderr,"error setting filter: %s\n",pcap_geterr(descr)); - exit(1); - } - - // initialize buckets and mark overall stats bucket - init_buckets(); - totals = option_x; - - // create mutex lock - if (pthread_mutex_init(&stats_lock, NULL) < 0) { - exit(1); - } - - // launch watcher thread - if (pthread_create (&thread, NULL, run_stats, (void *)0)) { - exit(1); - } - - // main pcap loop - pcap_loop(descr,-1,handle_IP,args); - - // done - closelog(); - return 0; -} - -// daemonize the process -int daemonize(void) { - pid_t pid; - int fd; - - fd=open("/dev/null",O_RDWR); - if(fd<0) { - syslog(LOG_ERR,"Failed to open /dev/null: %s. Exiting.",strerror(errno)); - exit(1); - } - - dup2(fd,0); - dup2(fd,1); - dup2(fd,2); - - if((pid=fork())<0) { - syslog(LOG_ERR,"Fork failed: %s. Exiting.",strerror(errno)); - exit(1); - } - else if (pid!=0) { - exit(0); - } - - setsid(); - chdir("/"); - umask(0); - return 0; -} - -int malloc_fail( char * var, int size ) { - // print error to stderr if running in bindsnap mode - if (option_b) { - fprintf(stderr, "our OS wouldn't let me malloc %d bytes for a new %s. giving up", size, var); - } - else { - syslog(LOG_ERR, "our OS wouldn't let me malloc %d bytes for a new %s. giving up", size, var); - } - exit(1); -} diff --git a/dns_flood_detector.h b/dns_flood_detector.h deleted file mode 100644 index 13b7745..0000000 --- a/dns_flood_detector.h +++ /dev/null @@ -1,70 +0,0 @@ -/****************************************************************************** - - Program: dns_flood_detector.h - Author: Dennis Opacki - Date: Tue Mar 18 16:46:53 EST 2003 - Purpose: Monitor DNS servers for abusive usage levels - and alarm to syslog - - Copyright (C) 2003 Dennis Opacki - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - -*******************************************************************************/ - -// definitions -#ifndef ETHER_HDRLEN -#define ETHER_HDRLEN 14 -#endif -#define NS_MAXDNAME 1025 -#define MAXSYSLOG 192 - -// evil Solaris hack -#ifdef __sun__ -typedef uint8_t u_int8_t; -typedef uint16_t u_int16_t; -typedef uint32_t u_int32_t; -#endif - -// prototypes -void handle_IP(u_char *args,const struct pcap_pkthdr* pkthdr,const u_char* packet); -int calculate_averages(); -int scour_bucket(int i); -int find_bucket(struct in_addr *ip_src); -int daemonize(void); -int malloc_fail(char * var, int size); - -// data structures -struct my_dns { - u_int16_t dns_id; /* query identification number */ - u_int8_t dns_flags1; /* first byte of flags */ - u_int8_t dns_flags2; /* second byte of flags */ - u_int16_t dns_qdcount; /* number of question entries */ - u_int16_t dns_ancount; /* number of answer entries */ - u_int16_t dns_nscount; /* number of authority entries */ - u_int16_t dns_arcount; /* number of resource entries */ -}; - -struct bucket { - struct in_addr ip_addr; - unsigned int tcp_count; - unsigned int udp_count; - unsigned int qps; - int qstats[256]; - time_t first_packet; - time_t last_packet; - time_t alarm_set; -}; - diff --git a/dnsflood b/dnsflood deleted file mode 100755 index ebb7584..0000000 --- a/dnsflood +++ /dev/null @@ -1,36 +0,0 @@ -#! /bin/sh - -PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin - -test -f /usr/local/sbin/dns_flood_detector || exit 0 - -case "$1" in - start) - echo -n "Starting DNS flood detector: dns_flood_detector" - start-stop-daemon --start --quiet --exec /usr/local/sbin/dns_flood_detector -- -d - echo "." - ;; - stop) - echo -n "Stopping DNS flood detector: dns_flood_detector" - start-stop-daemon --stop --quiet --exec /usr/local/sbin/dns_flood_detector - killall dns_flood_detector - echo "." - ;; - restart|force-reload) - echo -n "Restarting DNS flood detector: dns_flood_detector... " - start-stop-daemon --stop --quiet --exec /usr/local/sbin/dns_flood_detector - sleep 2 - start-stop-daemon --stop --quiet --exec /usr/local/sbin/dns_flood_detector - sleep 4 - killall dns_flood_detector - sleep 2 - start-stop-daemon --start --quiet --exec /usr/local/sbin/dns_flood_detector -- -d - echo "done." - ;; - *) - echo "Usage: /etc/init.d/dnsflood {start|stop|restart|force-reload}" - exit 1 - ;; -esac - -exit 0 diff --git a/makefiles/Makefile-BSDI b/makefiles/Makefile-BSDI deleted file mode 100644 index 2d8c119..0000000 --- a/makefiles/Makefile-BSDI +++ /dev/null @@ -1,13 +0,0 @@ -CFLAGS+=-O -g -LDLIBS=-lpcap -pthread -lm - -all: dns_flood_detector - strip dns_flood_detector -clean: - rm -rf dns_flood_detector *.o *~ -install: - cp dns_flood_detector /usr/local/sbin/ -distclean: clean - rm Makefile - -dns_flood_detector: dns_flood_detector.c diff --git a/makefiles/Makefile-FreeBSD b/makefiles/Makefile-FreeBSD deleted file mode 100644 index 2d8c119..0000000 --- a/makefiles/Makefile-FreeBSD +++ /dev/null @@ -1,13 +0,0 @@ -CFLAGS+=-O -g -LDLIBS=-lpcap -pthread -lm - -all: dns_flood_detector - strip dns_flood_detector -clean: - rm -rf dns_flood_detector *.o *~ -install: - cp dns_flood_detector /usr/local/sbin/ -distclean: clean - rm Makefile - -dns_flood_detector: dns_flood_detector.c diff --git a/makefiles/Makefile-Linux b/makefiles/Makefile-Linux deleted file mode 100644 index 30831a3..0000000 --- a/makefiles/Makefile-Linux +++ /dev/null @@ -1,13 +0,0 @@ -CFLAGS=-Wall -O -D_BSD_SOURCE -g -LDLIBS=-lpcap -lpthread -lm - -all: dns_flood_detector - strip dns_flood_detector -clean: - rm -rf dns_flood_detector *.o *~ -install: - cp dns_flood_detector /usr/local/sbin/ -distclean: clean - rm Makefile - -dns_flood_detector: dns_flood_detector.c diff --git a/makefiles/Makefile-OSX b/makefiles/Makefile-OSX deleted file mode 100644 index b72c947..0000000 --- a/makefiles/Makefile-OSX +++ /dev/null @@ -1,13 +0,0 @@ -CFLAGS+=-Wall -O -g -I/usr/local/include -I/usr/include -LDLIBS=-L/usr/local/lib -lpcap -lpthread -lm - -all: dns_flood_detector - strip dns_flood_detector -clean: - rm -rf dns_flood_detector *.o *~ -install: - cp dns_flood_detector /usr/local/sbin/ -distclean: clean - rm Makefile - -dns_flood_detector: dns_flood_detector.c diff --git a/makefiles/Makefile-Solaris b/makefiles/Makefile-Solaris deleted file mode 100644 index 777eefa..0000000 --- a/makefiles/Makefile-Solaris +++ /dev/null @@ -1,13 +0,0 @@ -CFLAGS+=-O -g -I/usr/local/include -I/usr/include -LDLIBS=-L/usr/local/lib -L/usr/lib -lpcap -lpthread -lm -lsocket -lnsl - -all: dns_flood_detector - strip dns_flood_detector -clean: - rm -rf dns_flood_detector *.o *~ -install: - cp dns_flood_detector /usr/local/sbin/ -distclean: clean - rm Makefile - -dns_flood_detector: dns_flood_detector.c From a33414d402e4b0fbd08cd48d6e65b2f468998b4e Mon Sep 17 00:00:00 2001 From: Jan Wagner Date: Wed, 4 Jul 2007 19:57:48 +0000 Subject: [PATCH 035/136] readd --- debian/changelog | 41 ++++++++++++++++++++++ debian/compat | 1 + debian/control | 23 ++++++++++++ debian/copyright | 30 ++++++++++++++++ debian/default | 7 ++++ debian/dns-flood-detector.8 | 70 +++++++++++++++++++++++++++++++++++++ debian/docs | 1 + debian/init.d | 64 +++++++++++++++++++++++++++++++++ debian/rules | 70 +++++++++++++++++++++++++++++++++++++ debian/svn-commit.tmp | 4 +++ debian/watch | 2 ++ 11 files changed, 313 insertions(+) create mode 100644 debian/changelog create mode 100644 debian/compat create mode 100644 debian/control create mode 100644 debian/copyright create mode 100644 debian/default create mode 100644 debian/dns-flood-detector.8 create mode 100644 debian/docs create mode 100644 debian/init.d create mode 100755 debian/rules create mode 100644 debian/svn-commit.tmp create mode 100644 debian/watch diff --git a/debian/changelog b/debian/changelog new file mode 100644 index 0000000..13c9e57 --- /dev/null +++ b/debian/changelog @@ -0,0 +1,41 @@ +dns-flood-detector (1.12-2) unstable; urgency=low + + * some cosmetic fixes to init script + * make start-stop-daemon working instead of using kill (Closes: #431676). + * drop own maintainers scripts and make again use of debhelper + + -- Jan Wagner Wed, 04 Jul 2007 12:29:06 +0200 + +dns-flood-detector (1.12-1) unstable; urgency=medium + + * New upstream release + * modified fix_prototyp patch for upstream + + -- Jan Wagner Thu, 23 Nov 2006 13:35:11 +0100 + +dns-flood-detector (1.10-4) unstable; urgency=low + + * included fix_prototyp patch provided by "dann frazier " + (Closes: #399283). + * build depend to dpatch + + -- Jan Wagner Sun, 19 Nov 2006 10:18:55 +0100 + +dns-flood-detector (1.10-3) unstable; urgency=low + + * using killall in init script to get daemon stopped + * same for prerm + + -- Jan Wagner Thu, 9 Nov 2006 20:49:10 +0100 + +dns-flood-detector (1.10-2) unstable; urgency=low + + * fixed typo in initscript + + -- Jan Wagner Sat, 4 Nov 2006 21:46:03 +0100 + +dns-flood-detector (1.10-1) unstable; urgency=low + + * Initial release (Closes: #396618). + + -- Jan Wagner Fri, 3 Nov 2006 12:39:42 +0100 diff --git a/debian/compat b/debian/compat new file mode 100644 index 0000000..7ed6ff8 --- /dev/null +++ b/debian/compat @@ -0,0 +1 @@ +5 diff --git a/debian/control b/debian/control new file mode 100644 index 0000000..175e510 --- /dev/null +++ b/debian/control @@ -0,0 +1,23 @@ +Source: dns-flood-detector +Section: net +Priority: optional +Maintainer: Jan Wagner +Build-Depends: debhelper (>= 5), dpatch, libpcap0.8-dev +Standards-Version: 3.7.2 + +Package: dns-flood-detector +Architecture: any +Depends: ${shlibs:Depends} +Description: detect abusive usage levels on high traffic nameservers + This package provides the dns-flood-detector daemon. + . + It was developed to detect abusive usage levels on high traffic nameservers + and to enable quick response in halting the use of one's nameserver to + facilitate spam. + It uses libpcap (in non-promiscuous mode) to monitor incoming dns queries to a + nameserver. The tool may be run in one of two modes, either daemon mode or + "bindsnap" mode. In daemon mode, the tool will alarm via syslog. In bindsnap + mode, the user is able to get near-real-time stats on usage to aid in more + detailed troubleshooting. + . + Homepage: diff --git a/debian/copyright b/debian/copyright new file mode 100644 index 0000000..18c16a3 --- /dev/null +++ b/debian/copyright @@ -0,0 +1,30 @@ +This package was debianized by Jan Wagner on +Fri, 3 Nov 2006 12:39:42 +0100. + +It was downloaded from + +Upstream Author: Dennis Opacki + +Copyright: (C) 2003 Dennis Opacki + +License: + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA + +On Debian systems, the complete text of the GNU General Public License +can be found in /usr/share/common-licenses/GPL file. + +The Debian packaging is (C) 2006, 2007 Jan Wagner and +is licensed under the GPL, see `/usr/share/common-licenses/GPL'. diff --git a/debian/default b/debian/default new file mode 100644 index 0000000..977f5d7 --- /dev/null +++ b/debian/default @@ -0,0 +1,7 @@ +# Defaults for dns-flood-detector initscript +# sourced by /etc/init.d/dns-flood-detector +# installed at /etc/default/dns-flood-detector by the maintainer scripts + +# options that are passed to the Daemon. +# here: daemon mode, be more verbose, alarm at > 5/s, stats every 3 secs +DAEMON_OPTS="-d -v -v -t5 -w3" diff --git a/debian/dns-flood-detector.8 b/debian/dns-flood-detector.8 new file mode 100644 index 0000000..e7a9cad --- /dev/null +++ b/debian/dns-flood-detector.8 @@ -0,0 +1,70 @@ +.TH DNS-FLOOD-DETECTOR 8 "2006-11-03" "1.10" "dns flood detection tool" + +.SH NAME +DNS-FLOOD-DETECTOR \- dns flood detection and alert tool + +.SH SYNOPSIS +.B dns-flood-detector +.RB [\| \-b \||\| \-d \|] +.RB [\| \-v \|] +.RB [\| \-h \|] +.RB [\| \-i +.IR device \|] +.RB [\| -t +.IR n \|] +.RB [\| -a +.IR n \|] +.RB [\| -w +.IR n \|] +.RB [\| -x +.IR n \|] +.RB [\| -m +.IR n \|] + +.SH DESCRIPTION +.B DNS Flood Detector +was developed to detect abusive usage levels on high traffic nameservers and to +enable quick response to the use of one's nameserver to facilitate spam. + +.SH OPTIONS +.B +.TP +.B \-b +run in foreground in bindsnap mode +.TP +.B \-d +run in background in daemon mode +.TP +.B \-v +verbose output \- use again for more verbosity +.TP +.B \-h +display help +.TP +.B \-i device +specify device name to listen on +.TP +.B \-t n +alarm at >n queries per second +.TP +.B \-a n +reset alarm after n seconds +.TP +.B \-w n +calculate stats every n seconds +.TP +.B \-x n +create n buckets +.TP +.B \-m n +report overall stats every n seconds + +.SH SEE ALSO +.B Website + + +.SH AUTHOR +DNS-FLOOD-DETECTOR was written by Dennis Opacki . +.PP +This manual page was written by Jan Wagner , +for the Debian project (but may be used by others). diff --git a/debian/docs b/debian/docs new file mode 100644 index 0000000..e845566 --- /dev/null +++ b/debian/docs @@ -0,0 +1 @@ +README diff --git a/debian/init.d b/debian/init.d new file mode 100644 index 0000000..4feeaee --- /dev/null +++ b/debian/init.d @@ -0,0 +1,64 @@ +#!/bin/sh +# Written by Miquel van Smoorenburg . +# Modified for Debian +# by Ian Murdock . +# +# Version: @(#)skeleton 1.9 26-Feb-2001 miquels@cistron.nl +# /etc/init.d/dns-flood-detector: v1 2006/11/03 Jan Wagner + +### BEGIN INIT INFO +# Provides: dns-flood-detector +# Required-Start: $local_fs $network $remote_fs $syslog +# Required-Stop: $local_fs $network $remote_fs $syslog +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: start and stop the dns-flood-detector daemon +# Description: detect abusive usage levels on high traffic nameservers +### END INIT INFO + +PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin +DAEMON=/usr/bin/dns-flood-detector +NAME=dns-flood-detector +DESC=dns-flood-detector + +test -x $DAEMON || exit 0 + +# Include dns-flood-detector defaults if available +if [ -f /etc/default/dns-flood-detector ] ; then + . /etc/default/dns-flood-detector +fi + +set -e + +case "$1" in + start) + echo -n "Starting $DESC: " + start-stop-daemon --start --quiet --pidfile /var/run/$NAME.pid \ + --exec $DAEMON -- $DAEMON_OPTS + ps aux | grep $DAEMON | head -1 | awk '{ print $2 }' > /var/run/$NAME.pid + echo "$NAME." + ;; + stop) + echo -n "Stopping $DESC: " + start-stop-daemon --stop --quiet --pidfile /var/run/$NAME.pid \ + --exec $DAEMON + echo "$NAME." + ;; + restart|force-reload) + echo -n "Restarting $DESC: " + start-stop-daemon --stop --quiet --pidfile /var/run/$NAME.pid \ + --exec $DAEMON + start-stop-daemon --start --quiet --pidfile /var/run/$NAME.pid \ + --exec $DAEMON -- $DAEMON_OPTS + ps aux | grep $DAEMON | head -1 | awk '{ print $2 }' > /var/run/$NAME.pid + echo "$NAME." + ;; + *) + N=/etc/init.d/$NAME + # echo "Usage: $N {start|stop|restart|reload|force-reload}" >&2 + echo "Usage: $N {start|stop|restart|force-reload}" >&2 + exit 1 + ;; +esac + +exit 0 diff --git a/debian/rules b/debian/rules new file mode 100755 index 0000000..8ead083 --- /dev/null +++ b/debian/rules @@ -0,0 +1,70 @@ +#!/usr/bin/make -f +# written by Jan Wagner +# +# Uncomment this to turn on verbose mode. +#export DH_VERBOSE=1 + +include /usr/share/dpatch/dpatch.make + +CFLAGS += -D_BSD_SOURCE -Wall -g +LDLIBS += -lpcap -lpthread -lm + +ifneq (,$(findstring noopt,$(DEB_BUILD_OPTIONS))) + CFLAGS += -O0 +else + CFLAGS += -O2 +endif + +build: build-stamp +build-stamp: patch-stamp + dh_testdir + # Add here commands to compile the package. + $(CC) $(CFLAGS) dns_flood_detector.c $(LDLIBS) -o dns_flood_detector + + touch $@ + +clean: unpatch + dh_testdir + dh_testroot + rm -f build-stamp + + # Add here commands to clean up after the build process. + rm -rf dns_flood_detector *.o *~ + + dh_clean + +install: build + dh_testdir + dh_testroot + dh_clean -k + dh_installdirs + + # Add here commands to install the package into debian/dns-flood-detector. + install -D -m 0755 dns_flood_detector debian/dns-flood-detector/usr/bin/dns-flood-detector + install -D -m 0644 debian/default debian/dns-flood-detector/etc/default/dns-flood-detector + install -D -m 0755 debian/init.d debian/dns-flood-detector/etc/init.d/dns-flood-detector + +# Build architecture-independent files here. +binary-indep: build install +# We have nothing to do by default. + +# Build architecture-dependent files here. +binary-arch: build install + dh_testdir + dh_testroot + dh_installchangelogs + dh_installdocs + dh_installman debian/dns-flood-detector.8 + dh_installinit -- defaults 40 + dh_link + dh_strip + dh_compress + dh_fixperms + dh_shlibdeps + dh_installdeb + dh_gencontrol + dh_md5sums + dh_builddeb + +binary: binary-indep binary-arch +.PHONY: build clean binary-indep binary-arch binary install diff --git a/debian/svn-commit.tmp b/debian/svn-commit.tmp new file mode 100644 index 0000000..3654eca --- /dev/null +++ b/debian/svn-commit.tmp @@ -0,0 +1,4 @@ + +--This line, and those below, will be ignored-- + +_M . diff --git a/debian/watch b/debian/watch new file mode 100644 index 0000000..76ed60b --- /dev/null +++ b/debian/watch @@ -0,0 +1,2 @@ +version=3 +http://www.adotout.com/dnsflood-(.*)\.tgz From 36acfbbe4f14dae6ce62f1b67bfe8df5f6b9ee9e Mon Sep 17 00:00:00 2001 From: Jan Wagner Date: Wed, 4 Jul 2007 19:58:17 +0000 Subject: [PATCH 036/136] readd --- debian/patches/00list | 1 + debian/patches/01_fix_prototyp.dpatch | 17 +++++++++++++++++ 2 files changed, 18 insertions(+) create mode 100644 debian/patches/00list create mode 100755 debian/patches/01_fix_prototyp.dpatch diff --git a/debian/patches/00list b/debian/patches/00list new file mode 100644 index 0000000..3220968 --- /dev/null +++ b/debian/patches/00list @@ -0,0 +1 @@ +01_fix_prototyp.dpatch diff --git a/debian/patches/01_fix_prototyp.dpatch b/debian/patches/01_fix_prototyp.dpatch new file mode 100755 index 0000000..d6b7390 --- /dev/null +++ b/debian/patches/01_fix_prototyp.dpatch @@ -0,0 +1,17 @@ +#!/bin/sh /usr/share/dpatch/dpatch-run +## 01_fix_prototyp.dpatch by dann frazier +## +## DP: fix missing function prototype definition + +@DPATCH@ + +--- dns-flood-detector-1.10/dns_flood_detector.c~ 2003-12-29 20:53:38.000000000 -0700 ++++ dns-flood-detector-1.10/dns_flood_detector.c 2006-11-18 17:38:47.000000000 -0700 +@@ -79,6 +79,7 @@ + #include + #include + #include ++#include + #include + #include + #include From 14f89487417fde6c38658ecb9805b27e950093d4 Mon Sep 17 00:00:00 2001 From: Jan Wagner Date: Wed, 4 Jul 2007 20:00:41 +0000 Subject: [PATCH 037/136] fault --- debian/svn-commit.tmp | 4 ---- 1 file changed, 4 deletions(-) delete mode 100644 debian/svn-commit.tmp diff --git a/debian/svn-commit.tmp b/debian/svn-commit.tmp deleted file mode 100644 index 3654eca..0000000 --- a/debian/svn-commit.tmp +++ /dev/null @@ -1,4 +0,0 @@ - ---This line, and those below, will be ignored-- - -_M . From 7e0e23fc02722bd169a87c6e682f2b83364c4376 Mon Sep 17 00:00:00 2001 From: Jan Wagner Date: Thu, 5 Jul 2007 08:08:35 +0000 Subject: [PATCH 038/136] provide upgrade path --- debian/changelog | 1 + debian/prerm | 7 +++++++ 2 files changed, 8 insertions(+) create mode 100755 debian/prerm diff --git a/debian/changelog b/debian/changelog index 13c9e57..c51d99d 100644 --- a/debian/changelog +++ b/debian/changelog @@ -2,6 +2,7 @@ dns-flood-detector (1.12-2) unstable; urgency=low * some cosmetic fixes to init script * make start-stop-daemon working instead of using kill (Closes: #431676). + * providing upgrade path via prerm * drop own maintainers scripts and make again use of debhelper -- Jan Wagner Wed, 04 Jul 2007 12:29:06 +0200 diff --git a/debian/prerm b/debian/prerm new file mode 100755 index 0000000..4249969 --- /dev/null +++ b/debian/prerm @@ -0,0 +1,7 @@ +#!/bin/sh +set -e + +if [ "$1" = "upgrade" ] && [ "$2" ] && dpkg --compare-versions "$2" <= "1.12-1"; then + ps aux | grep /usr/bin/dns-flood-detector | head -1 | awk '{ print $2 }' > /var/run/dns-flood-detector.pid +fi +#DEBHLPER# From d968fc026573ba86c601a5453c9cfe2dd44f3354 Mon Sep 17 00:00:00 2001 From: Jan Wagner Date: Thu, 5 Jul 2007 08:21:05 +0000 Subject: [PATCH 039/136] fix typo --- debian/prerm | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/debian/prerm b/debian/prerm index 4249969..a21be72 100755 --- a/debian/prerm +++ b/debian/prerm @@ -4,4 +4,4 @@ set -e if [ "$1" = "upgrade" ] && [ "$2" ] && dpkg --compare-versions "$2" <= "1.12-1"; then ps aux | grep /usr/bin/dns-flood-detector | head -1 | awk '{ print $2 }' > /var/run/dns-flood-detector.pid fi -#DEBHLPER# +#DEBHELPER# From 3a2ebd01ea6b7661c1687716727e739269c0d733 Mon Sep 17 00:00:00 2001 From: Jan Wagner Date: Thu, 5 Jul 2007 08:55:54 +0000 Subject: [PATCH 040/136] add comment --- debian/prerm | 1 + 1 file changed, 1 insertion(+) diff --git a/debian/prerm b/debian/prerm index a21be72..f803aee 100755 --- a/debian/prerm +++ b/debian/prerm @@ -1,6 +1,7 @@ #!/bin/sh set -e +# generate correct pid file, for versions where was non or incorrect if [ "$1" = "upgrade" ] && [ "$2" ] && dpkg --compare-versions "$2" <= "1.12-1"; then ps aux | grep /usr/bin/dns-flood-detector | head -1 | awk '{ print $2 }' > /var/run/dns-flood-detector.pid fi From a568ceff9150244a0d7be5a0f4f3a9ccd8757089 Mon Sep 17 00:00:00 2001 From: Jan Wagner Date: Fri, 6 Jul 2007 21:21:43 +0000 Subject: [PATCH 041/136] switch from prerm to postinst --- debian/changelog | 2 +- debian/{prerm => preinst} | 0 2 files changed, 1 insertion(+), 1 deletion(-) rename debian/{prerm => preinst} (100%) diff --git a/debian/changelog b/debian/changelog index c51d99d..37301de 100644 --- a/debian/changelog +++ b/debian/changelog @@ -2,7 +2,7 @@ dns-flood-detector (1.12-2) unstable; urgency=low * some cosmetic fixes to init script * make start-stop-daemon working instead of using kill (Closes: #431676). - * providing upgrade path via prerm + * providing upgrade path via preinst * drop own maintainers scripts and make again use of debhelper -- Jan Wagner Wed, 04 Jul 2007 12:29:06 +0200 diff --git a/debian/prerm b/debian/preinst similarity index 100% rename from debian/prerm rename to debian/preinst From 4a21f4a1e33320ac7205a4d5072208bdc0d39671 Mon Sep 17 00:00:00 2001 From: Jan Wagner Date: Fri, 6 Jul 2007 21:32:39 +0000 Subject: [PATCH 042/136] fix typo --- debian/changelog | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/debian/changelog b/debian/changelog index 37301de..524ebe6 100644 --- a/debian/changelog +++ b/debian/changelog @@ -2,7 +2,7 @@ dns-flood-detector (1.12-2) unstable; urgency=low * some cosmetic fixes to init script * make start-stop-daemon working instead of using kill (Closes: #431676). - * providing upgrade path via preinst + * providing upgrade path via preinst * drop own maintainers scripts and make again use of debhelper -- Jan Wagner Wed, 04 Jul 2007 12:29:06 +0200 From d69831c214a50bb45ace8da446c7b47375ddc075 Mon Sep 17 00:00:00 2001 From: Jan Wagner Date: Sun, 9 Dec 2007 21:54:12 +0000 Subject: [PATCH 043/136] update to standards 3.7.3, added Vcs- fields, moved Homepage --- debian/changelog | 7 +++++++ debian/control | 7 ++++--- 2 files changed, 11 insertions(+), 3 deletions(-) diff --git a/debian/changelog b/debian/changelog index 524ebe6..f2369af 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,10 @@ +dns-flood-detector (1.12-3) unstable; urgency=low + + * added Vcs- fields, moved Homepage into source header's field + * bump standards version to 3.7.3 + + -- Jan Wagner Sun, 09 Dec 2007 22:48:23 +0100 + dns-flood-detector (1.12-2) unstable; urgency=low * some cosmetic fixes to init script diff --git a/debian/control b/debian/control index 175e510..e327134 100644 --- a/debian/control +++ b/debian/control @@ -3,7 +3,10 @@ Section: net Priority: optional Maintainer: Jan Wagner Build-Depends: debhelper (>= 5), dpatch, libpcap0.8-dev -Standards-Version: 3.7.2 +Homepage: http://www.adotout.com/ +Vcs-Browser: https://trac.cyconet.org/debian/browser/debian/dns-flood-detector +Vcs-Svn: https://trac.cyconet.org/svn/debian/dns-flood-detector +Standards-Version: 3.7.3 Package: dns-flood-detector Architecture: any @@ -19,5 +22,3 @@ Description: detect abusive usage levels on high traffic nameservers "bindsnap" mode. In daemon mode, the tool will alarm via syslog. In bindsnap mode, the user is able to get near-real-time stats on usage to aid in more detailed troubleshooting. - . - Homepage: From d26a0d55a093283db5640e0161cd5a21ad24c8c9 Mon Sep 17 00:00:00 2001 From: Jan Wagner Date: Mon, 14 Apr 2008 18:31:15 +0000 Subject: [PATCH 044/136] adjust copyright --- debian/changelog | 5 +++-- debian/copyright | 2 +- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/debian/changelog b/debian/changelog index f2369af..79c7675 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,7 +1,8 @@ -dns-flood-detector (1.12-3) unstable; urgency=low +dns-flood-detector (1.12-3) UNREALESED; urgency=low * added Vcs- fields, moved Homepage into source header's field - * bump standards version to 3.7.3 + * bump standards version to 3.7.3 + * change copyright of packaging to 2008 in debian/copyright -- Jan Wagner Sun, 09 Dec 2007 22:48:23 +0100 diff --git a/debian/copyright b/debian/copyright index 18c16a3..fb762d4 100644 --- a/debian/copyright +++ b/debian/copyright @@ -26,5 +26,5 @@ License: On Debian systems, the complete text of the GNU General Public License can be found in /usr/share/common-licenses/GPL file. -The Debian packaging is (C) 2006, 2007 Jan Wagner and +The Debian packaging is (C) 2006, 2008 Jan Wagner and is licensed under the GPL, see `/usr/share/common-licenses/GPL'. From fde3e09a70780327954fa6cbfb9f61e5d12cfb6f Mon Sep 17 00:00:00 2001 From: Jan Wagner Date: Mon, 14 Apr 2008 18:44:22 +0000 Subject: [PATCH 045/136] make use of pidof --- debian/changelog | 1 + debian/init.d | 12 ++++++------ debian/preinst | 2 +- 3 files changed, 8 insertions(+), 7 deletions(-) diff --git a/debian/changelog b/debian/changelog index 79c7675..81d4d7b 100644 --- a/debian/changelog +++ b/debian/changelog @@ -3,6 +3,7 @@ dns-flood-detector (1.12-3) UNREALESED; urgency=low * added Vcs- fields, moved Homepage into source header's field * bump standards version to 3.7.3 * change copyright of packaging to 2008 in debian/copyright + * get rid of 'ps aux' in init script and preinst, using pidof instead -- Jan Wagner Sun, 09 Dec 2007 22:48:23 +0100 diff --git a/debian/init.d b/debian/init.d index 4feeaee..5783cd6 100644 --- a/debian/init.d +++ b/debian/init.d @@ -35,7 +35,7 @@ case "$1" in echo -n "Starting $DESC: " start-stop-daemon --start --quiet --pidfile /var/run/$NAME.pid \ --exec $DAEMON -- $DAEMON_OPTS - ps aux | grep $DAEMON | head -1 | awk '{ print $2 }' > /var/run/$NAME.pid + /bin/pidof $DAEMON > /var/run/$NAME.pid echo "$NAME." ;; stop) @@ -46,11 +46,11 @@ case "$1" in ;; restart|force-reload) echo -n "Restarting $DESC: " - start-stop-daemon --stop --quiet --pidfile /var/run/$NAME.pid \ - --exec $DAEMON - start-stop-daemon --start --quiet --pidfile /var/run/$NAME.pid \ - --exec $DAEMON -- $DAEMON_OPTS - ps aux | grep $DAEMON | head -1 | awk '{ print $2 }' > /var/run/$NAME.pid + start-stop-daemon --stop --quiet --pidfile \ + /var/run/$NAME.pid --exec $DAEMON + start-stop-daemon --start --quiet --pidfile \ + /var/run/$NAME.pid --exec $DAEMON -- $DAEMON_OPTS + /bin/pidof $DAEMON > /var/run/$NAME.pid echo "$NAME." ;; *) diff --git a/debian/preinst b/debian/preinst index f803aee..70d2b78 100755 --- a/debian/preinst +++ b/debian/preinst @@ -3,6 +3,6 @@ set -e # generate correct pid file, for versions where was non or incorrect if [ "$1" = "upgrade" ] && [ "$2" ] && dpkg --compare-versions "$2" <= "1.12-1"; then - ps aux | grep /usr/bin/dns-flood-detector | head -1 | awk '{ print $2 }' > /var/run/dns-flood-detector.pid + /bin/pidof dns-flood-detector > /var/run/dns-flood-detector.pid fi #DEBHELPER# From d206bb6d70823a6ac70cf7e3fbef68f6aa109365 Mon Sep 17 00:00:00 2001 From: Jan Wagner Date: Mon, 14 Apr 2008 20:46:16 +0000 Subject: [PATCH 046/136] release 1.12-3 --- debian/changelog | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/debian/changelog b/debian/changelog index 81d4d7b..98ad060 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,11 +1,11 @@ -dns-flood-detector (1.12-3) UNREALESED; urgency=low +dns-flood-detector (1.12-3) unstable; urgency=low * added Vcs- fields, moved Homepage into source header's field * bump standards version to 3.7.3 * change copyright of packaging to 2008 in debian/copyright * get rid of 'ps aux' in init script and preinst, using pidof instead - -- Jan Wagner Sun, 09 Dec 2007 22:48:23 +0100 + -- Jan Wagner Mon, 14 Apr 2008 22:39:46 +0200 dns-flood-detector (1.12-2) unstable; urgency=low From d4b9874f4313f139e9b2e73548d75b2982e715c8 Mon Sep 17 00:00:00 2001 From: Jan Wagner Date: Mon, 14 Apr 2008 21:51:15 +0000 Subject: [PATCH 047/136] be more verbose --- debian/changelog | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/debian/changelog b/debian/changelog index 98ad060..e416724 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,7 +1,7 @@ dns-flood-detector (1.12-3) unstable; urgency=low * added Vcs- fields, moved Homepage into source header's field - * bump standards version to 3.7.3 + * bump standards version to 3.7.3 (no changes needed) * change copyright of packaging to 2008 in debian/copyright * get rid of 'ps aux' in init script and preinst, using pidof instead From 733887a0afd14fce07a535765603f8d7a5e89aef Mon Sep 17 00:00:00 2001 From: Jan Wagner Date: Sat, 7 Jun 2008 09:38:44 +0000 Subject: [PATCH 048/136] Updating standards version to 3.8.0 --- debian/changelog | 6 ++++++ debian/control | 2 +- 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/debian/changelog b/debian/changelog index e416724..d6ce11f 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,9 @@ +dns-flood-detector (1.12-4) UNRELEASED; urgency=low + + * Updating standards version to 3.8.0, no changes needed + + -- Jan Wagner Sat, 07 Jun 2008 11:38:13 +0200 + dns-flood-detector (1.12-3) unstable; urgency=low * added Vcs- fields, moved Homepage into source header's field diff --git a/debian/control b/debian/control index e327134..ad405ed 100644 --- a/debian/control +++ b/debian/control @@ -6,7 +6,7 @@ Build-Depends: debhelper (>= 5), dpatch, libpcap0.8-dev Homepage: http://www.adotout.com/ Vcs-Browser: https://trac.cyconet.org/debian/browser/debian/dns-flood-detector Vcs-Svn: https://trac.cyconet.org/svn/debian/dns-flood-detector -Standards-Version: 3.7.3 +Standards-Version: 3.8.0 Package: dns-flood-detector Architecture: any From c71d782910ea689d63c4f705908c91c8de92adfe Mon Sep 17 00:00:00 2001 From: Jan Wagner Date: Sun, 20 Jul 2008 10:53:47 +0000 Subject: [PATCH 049/136] machine-interpretable copyright --- debian/changelog | 1 + debian/copyright | 28 +++++++++++++++------------- 2 files changed, 16 insertions(+), 13 deletions(-) diff --git a/debian/changelog b/debian/changelog index d6ce11f..9a6e2d4 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,6 +1,7 @@ dns-flood-detector (1.12-4) UNRELEASED; urgency=low * Updating standards version to 3.8.0, no changes needed + * implement machine-interpretable copyright file -- Jan Wagner Sat, 07 Jun 2008 11:38:13 +0200 diff --git a/debian/copyright b/debian/copyright index fb762d4..8499475 100644 --- a/debian/copyright +++ b/debian/copyright @@ -1,14 +1,19 @@ -This package was debianized by Jan Wagner on -Fri, 3 Nov 2006 12:39:42 +0100. +Format-Specification: http://wiki.debian.org/Proposals/CopyrightFormat?action=recall&rev=196 +Packaged-By: Jan Wagner +Packaged-Date: Fri, 3 Nov 2006 12:39:42 +0100 +Upstream-Name: DNS Flood Detector +Upstream-Maintainer: Dennis Opacki +Upstream-Source: http://www.adotout.com/ -It was downloaded from +Files: * +Copyright: (C) 2003 Dennis Opacki +License: GPL-2+ -Upstream Author: Dennis Opacki - -Copyright: (C) 2003 Dennis Opacki - -License: +Files: debian/* +Copyright: (C) 2006, 2008 Jan Wagner +License: GPL-2+ +License: GPL-2+ This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or @@ -23,8 +28,5 @@ License: along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA -On Debian systems, the complete text of the GNU General Public License -can be found in /usr/share/common-licenses/GPL file. - -The Debian packaging is (C) 2006, 2008 Jan Wagner and -is licensed under the GPL, see `/usr/share/common-licenses/GPL'. + On Debian systems, the complete text of the GNU General Public License can be + found in /usr/share/common-licenses/GPL-2 file. From ed59ee14eb2c4b39fa23de62ac8952c579bb5e31 Mon Sep 17 00:00:00 2001 From: Jan Wagner Date: Sun, 20 Jul 2008 10:54:02 +0000 Subject: [PATCH 050/136] release --- debian/changelog | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/debian/changelog b/debian/changelog index 9a6e2d4..63dedd6 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,9 +1,9 @@ -dns-flood-detector (1.12-4) UNRELEASED; urgency=low +dns-flood-detector (1.12-4) unstable; urgency=low * Updating standards version to 3.8.0, no changes needed * implement machine-interpretable copyright file - -- Jan Wagner Sat, 07 Jun 2008 11:38:13 +0200 + -- Jan Wagner Sun, 20 Jul 2008 12:53:51 +0200 dns-flood-detector (1.12-3) unstable; urgency=low From bdf7aba200f72048336430507cf358ddb5d14756 Mon Sep 17 00:00:00 2001 From: Jan Wagner Date: Sun, 20 Jul 2008 13:49:18 +0000 Subject: [PATCH 051/136] new version --- debian/changelog | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/debian/changelog b/debian/changelog index 63dedd6..23383d6 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,9 @@ +dns-flood-detector (1.12-5) UNRELEASED; urgency=low + + * NOT RELEASED YET + + -- Jan Wagner Sun, 20 Jul 2008 15:49:14 +0200 + dns-flood-detector (1.12-4) unstable; urgency=low * Updating standards version to 3.8.0, no changes needed From ced8cc654a1c1ad7c983cab1226d609c6469477a Mon Sep 17 00:00:00 2001 From: Jan Wagner Date: Sat, 25 Jul 2009 22:32:38 +0000 Subject: [PATCH 052/136] bump standards --- debian/changelog | 4 ++-- debian/control | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/debian/changelog b/debian/changelog index 23383d6..e62c26d 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,8 +1,8 @@ dns-flood-detector (1.12-5) UNRELEASED; urgency=low - * NOT RELEASED YET + * Updating standards version to 3.8.2, no changes needed - -- Jan Wagner Sun, 20 Jul 2008 15:49:14 +0200 + -- Jan Wagner Sun, 26 Jul 2009 00:31:45 +0200 dns-flood-detector (1.12-4) unstable; urgency=low diff --git a/debian/control b/debian/control index ad405ed..b9f8815 100644 --- a/debian/control +++ b/debian/control @@ -6,7 +6,7 @@ Build-Depends: debhelper (>= 5), dpatch, libpcap0.8-dev Homepage: http://www.adotout.com/ Vcs-Browser: https://trac.cyconet.org/debian/browser/debian/dns-flood-detector Vcs-Svn: https://trac.cyconet.org/svn/debian/dns-flood-detector -Standards-Version: 3.8.0 +Standards-Version: 3.8.2 Package: dns-flood-detector Architecture: any From 575d1b0128c1429b19338ab95a459ddee7ad1b11 Mon Sep 17 00:00:00 2001 From: Jan Wagner Date: Sat, 25 Jul 2009 22:34:00 +0000 Subject: [PATCH 053/136] make lintian happy --- debian/changelog | 1 + debian/preinst | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/debian/changelog b/debian/changelog index e62c26d..fa6df3a 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,6 +1,7 @@ dns-flood-detector (1.12-5) UNRELEASED; urgency=low * Updating standards version to 3.8.2, no changes needed + * remove absolut path of pidof from preinst -- Jan Wagner Sun, 26 Jul 2009 00:31:45 +0200 diff --git a/debian/preinst b/debian/preinst index 70d2b78..f028a63 100755 --- a/debian/preinst +++ b/debian/preinst @@ -3,6 +3,6 @@ set -e # generate correct pid file, for versions where was non or incorrect if [ "$1" = "upgrade" ] && [ "$2" ] && dpkg --compare-versions "$2" <= "1.12-1"; then - /bin/pidof dns-flood-detector > /var/run/dns-flood-detector.pid + pidof dns-flood-detector > /var/run/dns-flood-detector.pid fi #DEBHELPER# From f8cffa75ae5cc8206f285f4aad76a6ebc27bdd5d Mon Sep 17 00:00:00 2001 From: Jan Wagner Date: Sat, 25 Jul 2009 22:35:49 +0000 Subject: [PATCH 054/136] make lintian happy again --- debian/changelog | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/debian/changelog b/debian/changelog index fa6df3a..ac33e27 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,7 +1,7 @@ dns-flood-detector (1.12-5) UNRELEASED; urgency=low * Updating standards version to 3.8.2, no changes needed - * remove absolut path of pidof from preinst + * remove absolute path of pidof from preinst -- Jan Wagner Sun, 26 Jul 2009 00:31:45 +0200 From 66588da66d5a10381c9fbe1a3c79effcb7a78537 Mon Sep 17 00:00:00 2001 From: Jan Wagner Date: Sat, 25 Jul 2009 22:42:03 +0000 Subject: [PATCH 055/136] release --- debian/changelog | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/debian/changelog b/debian/changelog index ac33e27..aa62a34 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,4 +1,4 @@ -dns-flood-detector (1.12-5) UNRELEASED; urgency=low +dns-flood-detector (1.12-5) unstable; urgency=low * Updating standards version to 3.8.2, no changes needed * remove absolute path of pidof from preinst From 142a5010ee1f28eb4ce30189453536bf2104d3cf Mon Sep 17 00:00:00 2001 From: Jan Wagner Date: Sat, 25 Jul 2009 23:39:14 +0000 Subject: [PATCH 056/136] fixup copyright --- debian/changelog | 6 ++++++ debian/copyright | 4 ++-- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/debian/changelog b/debian/changelog index aa62a34..b3c5e5f 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,9 @@ +dns-flood-detector (1.12-6) UNRELEASED; urgency=low + + * add "Copyright" to all copyrights in debian/copyright + + -- Jan Wagner Sun, 26 Jul 2009 00:42:50 +0200 + dns-flood-detector (1.12-5) unstable; urgency=low * Updating standards version to 3.8.2, no changes needed diff --git a/debian/copyright b/debian/copyright index 8499475..bd206ae 100644 --- a/debian/copyright +++ b/debian/copyright @@ -6,11 +6,11 @@ Upstream-Maintainer: Dennis Opacki Upstream-Source: http://www.adotout.com/ Files: * -Copyright: (C) 2003 Dennis Opacki +Copyright: Copyright (C) 2003 Dennis Opacki License: GPL-2+ Files: debian/* -Copyright: (C) 2006, 2008 Jan Wagner +Copyright: Copyright (C) 2006, 2008 Jan Wagner License: GPL-2+ License: GPL-2+ From 3fa0c0c8bfd44c35c1ae8db15221ed00e4c84e46 Mon Sep 17 00:00:00 2001 From: Jan Wagner Date: Sat, 29 Aug 2009 09:13:01 +0000 Subject: [PATCH 057/136] bump version, add README.source --- debian/README.source | 3 +++ debian/changelog | 2 ++ 2 files changed, 5 insertions(+) create mode 100644 debian/README.source diff --git a/debian/README.source b/debian/README.source new file mode 100644 index 0000000..f0fe49a --- /dev/null +++ b/debian/README.source @@ -0,0 +1,3 @@ +We use dpatch for patch handling inside our package(s). Please see +/usr/share/doc/dpatch/README.source.gz (if you have installed dpatch) for +documentation about dpatch. diff --git a/debian/changelog b/debian/changelog index b3c5e5f..4858f37 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,6 +1,8 @@ dns-flood-detector (1.12-6) UNRELEASED; urgency=low * add "Copyright" to all copyrights in debian/copyright + * Updating standards version to 3.8.3 + - Add README.source -- Jan Wagner Sun, 26 Jul 2009 00:42:50 +0200 From ca16ab556229362db307dd55e00b0f9411d032e7 Mon Sep 17 00:00:00 2001 From: Jan Wagner Date: Sat, 29 Aug 2009 14:05:05 +0000 Subject: [PATCH 058/136] really bump version --- debian/control | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/debian/control b/debian/control index b9f8815..d9b8256 100644 --- a/debian/control +++ b/debian/control @@ -6,7 +6,7 @@ Build-Depends: debhelper (>= 5), dpatch, libpcap0.8-dev Homepage: http://www.adotout.com/ Vcs-Browser: https://trac.cyconet.org/debian/browser/debian/dns-flood-detector Vcs-Svn: https://trac.cyconet.org/svn/debian/dns-flood-detector -Standards-Version: 3.8.2 +Standards-Version: 3.8.3 Package: dns-flood-detector Architecture: any From f5c316b1bc724239fc3dcd38faad2d04bdba44de Mon Sep 17 00:00:00 2001 From: Jan Wagner Date: Tue, 23 Feb 2010 15:20:50 +0000 Subject: [PATCH 059/136] * Bump Standards-Version to 3.8.4, no changes needed * Migrate Vcs-Fields over to scm.uncompleted.org * Add 1.0 to debian/source/format --- debian/changelog | 7 +++++-- debian/control | 6 +++--- debian/source/format | 1 + 3 files changed, 9 insertions(+), 5 deletions(-) create mode 100644 debian/source/format diff --git a/debian/changelog b/debian/changelog index 4858f37..b91891a 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,8 +1,11 @@ dns-flood-detector (1.12-6) UNRELEASED; urgency=low - * add "Copyright" to all copyrights in debian/copyright - * Updating standards version to 3.8.3 + * Add "Copyright" to all copyrights in debian/copyright + * Updating standards version to 3.8.4 - Add README.source + * Migrate Vcs-Fields over to scm.uncompleted.org + * Add 1.0 to debian/source/format + -- Jan Wagner Sun, 26 Jul 2009 00:42:50 +0200 diff --git a/debian/control b/debian/control index d9b8256..a6d09aa 100644 --- a/debian/control +++ b/debian/control @@ -4,9 +4,9 @@ Priority: optional Maintainer: Jan Wagner Build-Depends: debhelper (>= 5), dpatch, libpcap0.8-dev Homepage: http://www.adotout.com/ -Vcs-Browser: https://trac.cyconet.org/debian/browser/debian/dns-flood-detector -Vcs-Svn: https://trac.cyconet.org/svn/debian/dns-flood-detector -Standards-Version: 3.8.3 +Vcs-Browser: https://scm.uncompleted.org/projects/debian/repository/show/dns-flood-detector +Vcs-Svn: https://scm.uncompleted.org/svn/debian/dns-flood-detector +Standards-Version: 3.8.4 Package: dns-flood-detector Architecture: any diff --git a/debian/source/format b/debian/source/format new file mode 100644 index 0000000..d3827e7 --- /dev/null +++ b/debian/source/format @@ -0,0 +1 @@ +1.0 From f990dd3350bbf2afa17f59e626d151d7482c6794 Mon Sep 17 00:00:00 2001 From: Jan Wagner Date: Tue, 9 Mar 2010 23:02:48 +0000 Subject: [PATCH 060/136] Add to dependencies --- debian/changelog | 2 +- debian/control | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/debian/changelog b/debian/changelog index b91891a..40d1495 100644 --- a/debian/changelog +++ b/debian/changelog @@ -5,7 +5,7 @@ dns-flood-detector (1.12-6) UNRELEASED; urgency=low - Add README.source * Migrate Vcs-Fields over to scm.uncompleted.org * Add 1.0 to debian/source/format - + * Add ${misc:Depends} to dependencies -- Jan Wagner Sun, 26 Jul 2009 00:42:50 +0200 diff --git a/debian/control b/debian/control index a6d09aa..9f9ff6d 100644 --- a/debian/control +++ b/debian/control @@ -10,7 +10,7 @@ Standards-Version: 3.8.4 Package: dns-flood-detector Architecture: any -Depends: ${shlibs:Depends} +Depends: ${shlibs:Depends}, ${misc:Depends} Description: detect abusive usage levels on high traffic nameservers This package provides the dns-flood-detector daemon. . From 64296ef2530c7aea2b7f94c5e832540db5868675 Mon Sep 17 00:00:00 2001 From: Jan Wagner Date: Tue, 9 Mar 2010 23:09:17 +0000 Subject: [PATCH 061/136] release --- debian/changelog | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/debian/changelog b/debian/changelog index 40d1495..0a1b2b0 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,4 +1,4 @@ -dns-flood-detector (1.12-6) UNRELEASED; urgency=low +dns-flood-detector (1.12-6) unstable; urgency=low * Add "Copyright" to all copyrights in debian/copyright * Updating standards version to 3.8.4 @@ -7,7 +7,7 @@ dns-flood-detector (1.12-6) UNRELEASED; urgency=low * Add 1.0 to debian/source/format * Add ${misc:Depends} to dependencies - -- Jan Wagner Sun, 26 Jul 2009 00:42:50 +0200 + -- Jan Wagner Wed, 10 Mar 2010 00:07:06 +0100 dns-flood-detector (1.12-5) unstable; urgency=low From 0ff16df3d7868b41104fbaa086baf6028f6ab221 Mon Sep 17 00:00:00 2001 From: Jan Wagner Date: Tue, 9 Mar 2010 23:10:29 +0000 Subject: [PATCH 062/136] released --- debian/changelog | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/debian/changelog b/debian/changelog index 0a1b2b0..8d685e2 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,9 @@ +dns-flood-detector (1.12-7) UNRELEASED; urgency=low + + * NOT RELEASED YET + + -- Jan Wagner Wed, 10 Mar 2010 00:09:56 +0100 + dns-flood-detector (1.12-6) unstable; urgency=low * Add "Copyright" to all copyrights in debian/copyright From e7f834be3b023d1180205c4b28dfb40f2df34baf Mon Sep 17 00:00:00 2001 From: Jan Wagner Date: Wed, 10 Mar 2010 07:59:28 +0000 Subject: [PATCH 063/136] Add trailing trunk/ at Vcs-Svn-field --- debian/changelog | 2 +- debian/control | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/debian/changelog b/debian/changelog index 8d685e2..9e1e70d 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,6 +1,6 @@ dns-flood-detector (1.12-7) UNRELEASED; urgency=low - * NOT RELEASED YET + * Add trailing trunk/ at Vcs-Svn-field -- Jan Wagner Wed, 10 Mar 2010 00:09:56 +0100 diff --git a/debian/control b/debian/control index 9f9ff6d..4dcdb98 100644 --- a/debian/control +++ b/debian/control @@ -5,7 +5,7 @@ Maintainer: Jan Wagner Build-Depends: debhelper (>= 5), dpatch, libpcap0.8-dev Homepage: http://www.adotout.com/ Vcs-Browser: https://scm.uncompleted.org/projects/debian/repository/show/dns-flood-detector -Vcs-Svn: https://scm.uncompleted.org/svn/debian/dns-flood-detector +Vcs-Svn: https://scm.uncompleted.org/svn/debian/dns-flood-detector/trunk Standards-Version: 3.8.4 Package: dns-flood-detector From 546d52cd47ca3779fffccca2980c81ad288f7e6a Mon Sep 17 00:00:00 2001 From: Jan Wagner Date: Thu, 29 Mar 2012 15:54:02 +0000 Subject: [PATCH 064/136] bumb standards to 3.9.3 --- debian/changelog | 1 + debian/control | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/debian/changelog b/debian/changelog index 9e1e70d..871825c 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,6 +1,7 @@ dns-flood-detector (1.12-7) UNRELEASED; urgency=low * Add trailing trunk/ at Vcs-Svn-field + * Updating standards version to 3.9.3, no changes needed -- Jan Wagner Wed, 10 Mar 2010 00:09:56 +0100 diff --git a/debian/control b/debian/control index 4dcdb98..d71c917 100644 --- a/debian/control +++ b/debian/control @@ -6,7 +6,7 @@ Build-Depends: debhelper (>= 5), dpatch, libpcap0.8-dev Homepage: http://www.adotout.com/ Vcs-Browser: https://scm.uncompleted.org/projects/debian/repository/show/dns-flood-detector Vcs-Svn: https://scm.uncompleted.org/svn/debian/dns-flood-detector/trunk -Standards-Version: 3.8.4 +Standards-Version: 3.9.3 Package: dns-flood-detector Architecture: any From 0e977caddf74ab11eaa0793cdd90892d700d64fe Mon Sep 17 00:00:00 2001 From: Jan Wagner Date: Thu, 29 Mar 2012 16:06:45 +0000 Subject: [PATCH 065/136] switch to packaging format 3.0 (quit) --- debian/README.source | 3 --- debian/changelog | 1 + debian/compat | 2 +- debian/control | 2 +- debian/patches/00list | 1 - debian/patches/{01_fix_prototyp.dpatch => fix_prototyp} | 8 ++------ debian/patches/series | 1 + debian/rules | 6 ++---- debian/source/format | 2 +- 9 files changed, 9 insertions(+), 17 deletions(-) delete mode 100644 debian/README.source delete mode 100644 debian/patches/00list rename debian/patches/{01_fix_prototyp.dpatch => fix_prototyp} (69%) create mode 100644 debian/patches/series diff --git a/debian/README.source b/debian/README.source deleted file mode 100644 index f0fe49a..0000000 --- a/debian/README.source +++ /dev/null @@ -1,3 +0,0 @@ -We use dpatch for patch handling inside our package(s). Please see -/usr/share/doc/dpatch/README.source.gz (if you have installed dpatch) for -documentation about dpatch. diff --git a/debian/changelog b/debian/changelog index 871825c..e9bb67d 100644 --- a/debian/changelog +++ b/debian/changelog @@ -2,6 +2,7 @@ dns-flood-detector (1.12-7) UNRELEASED; urgency=low * Add trailing trunk/ at Vcs-Svn-field * Updating standards version to 3.9.3, no changes needed + * Switch over to packaging format 3.0 (quit) (closes: #664409) -- Jan Wagner Wed, 10 Mar 2010 00:09:56 +0100 diff --git a/debian/compat b/debian/compat index 7ed6ff8..ec63514 100644 --- a/debian/compat +++ b/debian/compat @@ -1 +1 @@ -5 +9 diff --git a/debian/control b/debian/control index d71c917..c004bdc 100644 --- a/debian/control +++ b/debian/control @@ -2,7 +2,7 @@ Source: dns-flood-detector Section: net Priority: optional Maintainer: Jan Wagner -Build-Depends: debhelper (>= 5), dpatch, libpcap0.8-dev +Build-Depends: debhelper (>= 9), dpatch, libpcap0.8-dev Homepage: http://www.adotout.com/ Vcs-Browser: https://scm.uncompleted.org/projects/debian/repository/show/dns-flood-detector Vcs-Svn: https://scm.uncompleted.org/svn/debian/dns-flood-detector/trunk diff --git a/debian/patches/00list b/debian/patches/00list deleted file mode 100644 index 3220968..0000000 --- a/debian/patches/00list +++ /dev/null @@ -1 +0,0 @@ -01_fix_prototyp.dpatch diff --git a/debian/patches/01_fix_prototyp.dpatch b/debian/patches/fix_prototyp similarity index 69% rename from debian/patches/01_fix_prototyp.dpatch rename to debian/patches/fix_prototyp index d6b7390..765c740 100755 --- a/debian/patches/01_fix_prototyp.dpatch +++ b/debian/patches/fix_prototyp @@ -1,9 +1,5 @@ -#!/bin/sh /usr/share/dpatch/dpatch-run -## 01_fix_prototyp.dpatch by dann frazier -## -## DP: fix missing function prototype definition - -@DPATCH@ +From: dann frazier +Subject: fix missing function prototype definition --- dns-flood-detector-1.10/dns_flood_detector.c~ 2003-12-29 20:53:38.000000000 -0700 +++ dns-flood-detector-1.10/dns_flood_detector.c 2006-11-18 17:38:47.000000000 -0700 diff --git a/debian/patches/series b/debian/patches/series new file mode 100644 index 0000000..70892ad --- /dev/null +++ b/debian/patches/series @@ -0,0 +1 @@ +fix_prototyp diff --git a/debian/rules b/debian/rules index 8ead083..3ff2ce5 100755 --- a/debian/rules +++ b/debian/rules @@ -4,8 +4,6 @@ # Uncomment this to turn on verbose mode. #export DH_VERBOSE=1 -include /usr/share/dpatch/dpatch.make - CFLAGS += -D_BSD_SOURCE -Wall -g LDLIBS += -lpcap -lpthread -lm @@ -16,14 +14,14 @@ else endif build: build-stamp -build-stamp: patch-stamp +build-stamp: dh_testdir # Add here commands to compile the package. $(CC) $(CFLAGS) dns_flood_detector.c $(LDLIBS) -o dns_flood_detector touch $@ -clean: unpatch +clean: dh_testdir dh_testroot rm -f build-stamp diff --git a/debian/source/format b/debian/source/format index d3827e7..163aaf8 100644 --- a/debian/source/format +++ b/debian/source/format @@ -1 +1 @@ -1.0 +3.0 (quilt) From 69fc7dbadbddd37dba992f9d12502086786eb230 Mon Sep 17 00:00:00 2001 From: Jan Wagner Date: Thu, 29 Mar 2012 16:12:22 +0000 Subject: [PATCH 066/136] drop dpatch and swicth to dh_prep --- debian/changelog | 2 ++ debian/control | 2 +- debian/rules | 2 +- 3 files changed, 4 insertions(+), 2 deletions(-) diff --git a/debian/changelog b/debian/changelog index e9bb67d..e92fe64 100644 --- a/debian/changelog +++ b/debian/changelog @@ -3,6 +3,8 @@ dns-flood-detector (1.12-7) UNRELEASED; urgency=low * Add trailing trunk/ at Vcs-Svn-field * Updating standards version to 3.9.3, no changes needed * Switch over to packaging format 3.0 (quit) (closes: #664409) + * Remove build-dependency of dpatch + * Use dh_prep instead of dh_clean -k -- Jan Wagner Wed, 10 Mar 2010 00:09:56 +0100 diff --git a/debian/control b/debian/control index c004bdc..93f9e6e 100644 --- a/debian/control +++ b/debian/control @@ -2,7 +2,7 @@ Source: dns-flood-detector Section: net Priority: optional Maintainer: Jan Wagner -Build-Depends: debhelper (>= 9), dpatch, libpcap0.8-dev +Build-Depends: debhelper (>= 9), libpcap0.8-dev Homepage: http://www.adotout.com/ Vcs-Browser: https://scm.uncompleted.org/projects/debian/repository/show/dns-flood-detector Vcs-Svn: https://scm.uncompleted.org/svn/debian/dns-flood-detector/trunk diff --git a/debian/rules b/debian/rules index 3ff2ce5..8e44d80 100755 --- a/debian/rules +++ b/debian/rules @@ -34,7 +34,7 @@ clean: install: build dh_testdir dh_testroot - dh_clean -k + dh_prep dh_installdirs # Add here commands to install the package into debian/dns-flood-detector. From 3645abb1fa808b837b7607f4bfe311714c81dadf Mon Sep 17 00:00:00 2001 From: Jan Wagner Date: Thu, 29 Mar 2012 16:26:44 +0000 Subject: [PATCH 067/136] Add build-arch and build-indep --- debian/changelog | 5 +++-- debian/rules | 4 +++- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/debian/changelog b/debian/changelog index e92fe64..fc43271 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,12 +1,13 @@ -dns-flood-detector (1.12-7) UNRELEASED; urgency=low +dns-flood-detector (1.12-7) unstable; urgency=low * Add trailing trunk/ at Vcs-Svn-field * Updating standards version to 3.9.3, no changes needed * Switch over to packaging format 3.0 (quit) (closes: #664409) * Remove build-dependency of dpatch * Use dh_prep instead of dh_clean -k + * Add build-arch and build-indep targets to debian/rules - -- Jan Wagner Wed, 10 Mar 2010 00:09:56 +0100 + -- Jan Wagner Thu, 29 Mar 2012 18:26:14 +0200 dns-flood-detector (1.12-6) unstable; urgency=low diff --git a/debian/rules b/debian/rules index 8e44d80..44b8cd0 100755 --- a/debian/rules +++ b/debian/rules @@ -13,7 +13,9 @@ else CFLAGS += -O2 endif -build: build-stamp +build: build-arch build-indep +build-arch: build-stamp +build-indep: build-stamp build-stamp: dh_testdir # Add here commands to compile the package. From f4cdadbf1553d55bb3b473fc2dfb6622151a09a1 Mon Sep 17 00:00:00 2001 From: Jan Wagner Date: Thu, 29 Mar 2012 17:25:57 +0000 Subject: [PATCH 068/136] new changelog --- debian/changelog | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/debian/changelog b/debian/changelog index fc43271..b18388b 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,9 @@ +dns-flood-detector (1.12-8) UNRELEASED; urgency=low + + * NOT RELEASED YET + + -- Jan Wagner Thu, 29 Mar 2012 19:25:37 +0200 + dns-flood-detector (1.12-7) unstable; urgency=low * Add trailing trunk/ at Vcs-Svn-field From d7e830d3fcaee446a1cbc1495f78825cde790b10 Mon Sep 17 00:00:00 2001 From: Jan Wagner Date: Wed, 22 May 2013 12:00:43 +0000 Subject: [PATCH 069/136] new upstream --- debian/changelog | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/debian/changelog b/debian/changelog index b18388b..7d80c51 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,8 +1,8 @@ -dns-flood-detector (1.12-8) UNRELEASED; urgency=low +dns-flood-detector (1.20-1) UNRELEASED; urgency=low - * NOT RELEASED YET + * New upstream release - -- Jan Wagner Thu, 29 Mar 2012 19:25:37 +0200 + -- Jan Wagner Wed, 22 May 2013 13:40:57 +0200 dns-flood-detector (1.12-7) unstable; urgency=low From cdc3da1486a96105ae19c33f047ac03b5ed53a1f Mon Sep 17 00:00:00 2001 From: Jan Wagner Date: Wed, 22 May 2013 12:01:47 +0000 Subject: [PATCH 070/136] enable hardening --- debian/changelog | 2 ++ 1 file changed, 2 insertions(+) diff --git a/debian/changelog b/debian/changelog index 7d80c51..c352335 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,6 +1,8 @@ dns-flood-detector (1.20-1) UNRELEASED; urgency=low * New upstream release + * Enable Hardening + - build-dep on hardening-wrapper -- Jan Wagner Wed, 22 May 2013 13:40:57 +0200 From 3582a42ff9f04f776939dc2561523cf49d78846b Mon Sep 17 00:00:00 2001 From: Jan Wagner Date: Wed, 22 May 2013 12:04:36 +0000 Subject: [PATCH 071/136] enable hardening --- debian/control | 2 +- debian/rules | 4 ++++ 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/debian/control b/debian/control index 93f9e6e..866d7c7 100644 --- a/debian/control +++ b/debian/control @@ -2,7 +2,7 @@ Source: dns-flood-detector Section: net Priority: optional Maintainer: Jan Wagner -Build-Depends: debhelper (>= 9), libpcap0.8-dev +Build-Depends: debhelper (>= 9), libpcap0.8-dev, hardening-wrapper Homepage: http://www.adotout.com/ Vcs-Browser: https://scm.uncompleted.org/projects/debian/repository/show/dns-flood-detector Vcs-Svn: https://scm.uncompleted.org/svn/debian/dns-flood-detector/trunk diff --git a/debian/rules b/debian/rules index 44b8cd0..ef9265c 100755 --- a/debian/rules +++ b/debian/rules @@ -4,6 +4,10 @@ # Uncomment this to turn on verbose mode. #export DH_VERBOSE=1 +# hardening +export DEB_BUILD_HARDENING=1 +CFLAGS:=$(shell dpkg-buildflags --get CFLAGS) + CFLAGS += -D_BSD_SOURCE -Wall -g LDLIBS += -lpcap -lpthread -lm From a454efe244cd9f87233fc9494273f558ccc57ba2 Mon Sep 17 00:00:00 2001 From: Jan Wagner Date: Thu, 7 Nov 2013 16:02:14 +0100 Subject: [PATCH 072/136] Source init functions in init script --- debian/init.d | 2 ++ 1 file changed, 2 insertions(+) diff --git a/debian/init.d b/debian/init.d index 5783cd6..e9deb96 100644 --- a/debian/init.d +++ b/debian/init.d @@ -23,6 +23,8 @@ DESC=dns-flood-detector test -x $DAEMON || exit 0 +. /lib/lsb/init-functions + # Include dns-flood-detector defaults if available if [ -f /etc/default/dns-flood-detector ] ; then . /etc/default/dns-flood-detector From 39f042024c82974d05bc0815f03af3b566e9a10c Mon Sep 17 00:00:00 2001 From: Jan Wagner Date: Thu, 7 Nov 2013 16:02:41 +0100 Subject: [PATCH 073/136] Updating standards version to 3.9.4, no changes needed --- debian/control | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/debian/control b/debian/control index 866d7c7..39bba59 100644 --- a/debian/control +++ b/debian/control @@ -6,7 +6,7 @@ Build-Depends: debhelper (>= 9), libpcap0.8-dev, hardening-wrapper Homepage: http://www.adotout.com/ Vcs-Browser: https://scm.uncompleted.org/projects/debian/repository/show/dns-flood-detector Vcs-Svn: https://scm.uncompleted.org/svn/debian/dns-flood-detector/trunk -Standards-Version: 3.9.3 +Standards-Version: 3.9.4 Package: dns-flood-detector Architecture: any From a6c15510e77923af49164d09685b030d5924d85b Mon Sep 17 00:00:00 2001 From: Jan Wagner Date: Thu, 7 Nov 2013 16:59:23 +0100 Subject: [PATCH 074/136] Include dns_flood_collector.pl as example --- debian/examples | 1 + debian/rules | 1 + 2 files changed, 2 insertions(+) create mode 100644 debian/examples diff --git a/debian/examples b/debian/examples new file mode 100644 index 0000000..e4126c2 --- /dev/null +++ b/debian/examples @@ -0,0 +1 @@ +dns_flood_collector.pl diff --git a/debian/rules b/debian/rules index ef9265c..6168dfb 100755 --- a/debian/rules +++ b/debian/rules @@ -59,6 +59,7 @@ binary-arch: build install dh_installchangelogs dh_installdocs dh_installman debian/dns-flood-detector.8 + dh_installexamples dh_installinit -- defaults 40 dh_link dh_strip From b7b35b21b48bc72bff5f991bc1e5a8d64a328c34 Mon Sep 17 00:00:00 2001 From: Jan Wagner Date: Fri, 8 Nov 2013 19:44:00 +0100 Subject: [PATCH 075/136] Update Vcs-headers --- debian/control | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/debian/control b/debian/control index 39bba59..0cdbb3d 100644 --- a/debian/control +++ b/debian/control @@ -4,8 +4,8 @@ Priority: optional Maintainer: Jan Wagner Build-Depends: debhelper (>= 9), libpcap0.8-dev, hardening-wrapper Homepage: http://www.adotout.com/ -Vcs-Browser: https://scm.uncompleted.org/projects/debian/repository/show/dns-flood-detector -Vcs-Svn: https://scm.uncompleted.org/svn/debian/dns-flood-detector/trunk +Vcs-Browser: http://git.debian.org/?p=collab-maint/dns-flood-detector.git +Vcs-Git: git://git.debian.org/git/collab-maint/dns-flood-detector.git Standards-Version: 3.9.4 Package: dns-flood-detector From 8260b991de433faa0d02d33e5b5530f64eba84ec Mon Sep 17 00:00:00 2001 From: Jan Wagner Date: Sat, 9 Nov 2013 17:44:46 +0100 Subject: [PATCH 076/136] Updating standards version to 3.9.5, no changes needed --- debian/control | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/debian/control b/debian/control index 0cdbb3d..ea224d9 100644 --- a/debian/control +++ b/debian/control @@ -6,7 +6,7 @@ Build-Depends: debhelper (>= 9), libpcap0.8-dev, hardening-wrapper Homepage: http://www.adotout.com/ Vcs-Browser: http://git.debian.org/?p=collab-maint/dns-flood-detector.git Vcs-Git: git://git.debian.org/git/collab-maint/dns-flood-detector.git -Standards-Version: 3.9.4 +Standards-Version: 3.9.5 Package: dns-flood-detector Architecture: any From 7bffbb7ea454e4ebb3f4c369a033f872b4028980 Mon Sep 17 00:00:00 2001 From: Jan Wagner Date: Thu, 13 Feb 2014 22:41:37 +0100 Subject: [PATCH 077/136] Add travis-ci config --- .travis.yml | 15 +++++++++++++++ debian/source/options | 1 + 2 files changed, 16 insertions(+) create mode 100644 .travis.yml create mode 100644 debian/source/options diff --git a/.travis.yml b/.travis.yml new file mode 100644 index 0000000..2fe860c --- /dev/null +++ b/.travis.yml @@ -0,0 +1,15 @@ +language: c + +install: + - sudo apt-get update -qq + - sudo apt-get install -qq --no-install-recommends devscripts libwww-perl + - uscan --force-download + - sudo apt-get purge -qq libwww-perl + - sudo apt-get autoremove -qq + - sudo apt-get install -qq --no-install-recommends debhelper libpcap0.8-dev hardening-wrapper + +script: + - debuild -uc -us + +#notifications: +# email: false diff --git a/debian/source/options b/debian/source/options new file mode 100644 index 0000000..a729099 --- /dev/null +++ b/debian/source/options @@ -0,0 +1 @@ +extend-diff-ignore = '^\.travis' From 1b8697fa54b82aba68044559a3752d9de92237b5 Mon Sep 17 00:00:00 2001 From: Jan Wagner Date: Sun, 16 Feb 2014 23:44:16 +0100 Subject: [PATCH 078/136] Reorder and comment .travis.yml --- .travis.yml | 10 +++++++++- debian/source/options | 2 +- 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/.travis.yml b/.travis.yml index 2fe860c..556ff3c 100644 --- a/.travis.yml +++ b/.travis.yml @@ -1,14 +1,22 @@ language: c -install: +before_install: + # update package list - sudo apt-get update -qq + # installneeded packages for uscan - sudo apt-get install -qq --no-install-recommends devscripts libwww-perl + # download original tarball - uscan --force-download + # remove packages needed for uscan - sudo apt-get purge -qq libwww-perl - sudo apt-get autoremove -qq + +install: + # install build dependencies - sudo apt-get install -qq --no-install-recommends debhelper libpcap0.8-dev hardening-wrapper script: + # build the debian package - debuild -uc -us #notifications: diff --git a/debian/source/options b/debian/source/options index a729099..b5bc9e7 100644 --- a/debian/source/options +++ b/debian/source/options @@ -1 +1 @@ -extend-diff-ignore = '^\.travis' +extend-diff-ignore = '(^|/)(\.travis\.yml|\.git|\.gitgnore|config\.sub|config\.guess)' From a63e27cea4bb9ea7832846a6446de3b2c2760547 Mon Sep 17 00:00:00 2001 From: Jan Wagner Date: Tue, 25 Feb 2014 14:04:54 +0100 Subject: [PATCH 079/136] Add lintian checks after build --- .travis.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.travis.yml b/.travis.yml index 556ff3c..fc4aebf 100644 --- a/.travis.yml +++ b/.travis.yml @@ -19,5 +19,9 @@ script: # build the debian package - debuild -uc -us +after_script: + # run lintian after build + - sudo apt-get install -qq --no-install-recommends lintian + - lintian --info --display-info --display-experimental --pedantic --show-overrides ../*.deb && lintian --info --display-info --display-experimental --pedantic --show-overrides ../*.dsc #notifications: # email: false From 738c15d202a149bf3726f8b6f6142772d0c83dac Mon Sep 17 00:00:00 2001 From: Jan Wagner Date: Thu, 27 Feb 2014 23:25:24 +0100 Subject: [PATCH 080/136] Update VCS-* fields to current canonical URIs --- debian/control | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/debian/control b/debian/control index ea224d9..ca3fd25 100644 --- a/debian/control +++ b/debian/control @@ -4,8 +4,8 @@ Priority: optional Maintainer: Jan Wagner Build-Depends: debhelper (>= 9), libpcap0.8-dev, hardening-wrapper Homepage: http://www.adotout.com/ -Vcs-Browser: http://git.debian.org/?p=collab-maint/dns-flood-detector.git -Vcs-Git: git://git.debian.org/git/collab-maint/dns-flood-detector.git +Vcs-Browser: http://anonscm.debian.org/gitweb/?p=collab-maint/dns-flood-detector.git +Vcs-Git: git://anonscm.debian.org/collab-maint/dns-flood-detector.git Standards-Version: 3.9.5 Package: dns-flood-detector From ccc5dba193c865810ae86142ca815572ad266f77 Mon Sep 17 00:00:00 2001 From: Jan Wagner Date: Thu, 27 Feb 2014 23:36:36 +0100 Subject: [PATCH 081/136] Update to recent copyright format --- debian/copyright | 14 ++++++-------- 1 file changed, 6 insertions(+), 8 deletions(-) diff --git a/debian/copyright b/debian/copyright index bd206ae..6bcdfcc 100644 --- a/debian/copyright +++ b/debian/copyright @@ -1,9 +1,7 @@ -Format-Specification: http://wiki.debian.org/Proposals/CopyrightFormat?action=recall&rev=196 -Packaged-By: Jan Wagner -Packaged-Date: Fri, 3 Nov 2006 12:39:42 +0100 +Format: http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ Upstream-Name: DNS Flood Detector -Upstream-Maintainer: Dennis Opacki -Upstream-Source: http://www.adotout.com/ +Upstream-Contact: Dennis Opacki +Source: http://www.adotout.com/ Files: * Copyright: Copyright (C) 2003 Dennis Opacki @@ -18,15 +16,15 @@ License: GPL-2+ it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. - + . This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. - + . You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA - + . On Debian systems, the complete text of the GNU General Public License can be found in /usr/share/common-licenses/GPL-2 file. From f383018f83197148a6fb090fbb261ca6781b3aa5 Mon Sep 17 00:00:00 2001 From: Jan Wagner Date: Sun, 2 Mar 2014 17:34:54 +0100 Subject: [PATCH 082/136] Adjust debian/rules to make hardening efficient --- debian/rules | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/debian/rules b/debian/rules index 6168dfb..57f0776 100755 --- a/debian/rules +++ b/debian/rules @@ -6,7 +6,10 @@ # hardening export DEB_BUILD_HARDENING=1 +CPPFLAGS:=$(shell dpkg-buildflags --get CPPFLAGS) CFLAGS:=$(shell dpkg-buildflags --get CFLAGS) +CXXFLAGS:=$(shell dpkg-buildflags --get CXXFLAGS) +LDFLAGS:=$(shell dpkg-buildflags --get LDFLAGS) CFLAGS += -D_BSD_SOURCE -Wall -g LDLIBS += -lpcap -lpthread -lm @@ -23,7 +26,7 @@ build-indep: build-stamp build-stamp: dh_testdir # Add here commands to compile the package. - $(CC) $(CFLAGS) dns_flood_detector.c $(LDLIBS) -o dns_flood_detector + $(CC) $(CPPFLAGS) $(CFLAGS) $(LDFLAGS) dns_flood_detector.c $(LDLIBS) -o dns_flood_detector touch $@ From 1438e9d404659e02e1f4b3cebd990e901bc3253a Mon Sep 17 00:00:00 2001 From: Jan Wagner Date: Sun, 2 Mar 2014 17:59:00 +0100 Subject: [PATCH 083/136] Provide lintian override for missing upstream changelog --- debian/dns-flood-detector.lintian-overrides | 2 ++ debian/rules | 1 + 2 files changed, 3 insertions(+) create mode 100644 debian/dns-flood-detector.lintian-overrides diff --git a/debian/dns-flood-detector.lintian-overrides b/debian/dns-flood-detector.lintian-overrides new file mode 100644 index 0000000..7a7dae8 --- /dev/null +++ b/debian/dns-flood-detector.lintian-overrides @@ -0,0 +1,2 @@ +# ustream does not provide a changelog +dns-flood-detector: no-upstream-changelog diff --git a/debian/rules b/debian/rules index 57f0776..4ba2241 100755 --- a/debian/rules +++ b/debian/rules @@ -64,6 +64,7 @@ binary-arch: build install dh_installman debian/dns-flood-detector.8 dh_installexamples dh_installinit -- defaults 40 + dh_lintian dh_link dh_strip dh_compress From c5ad138368bced73d975db02e122309e24933906 Mon Sep 17 00:00:00 2001 From: Jan Wagner Date: Sun, 2 Mar 2014 19:52:40 +0100 Subject: [PATCH 084/136] Prepare changelog for release --- debian/changelog | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) diff --git a/debian/changelog b/debian/changelog index c352335..86ef7e7 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,10 +1,22 @@ -dns-flood-detector (1.20-1) UNRELEASED; urgency=low +dns-flood-detector (1.20-1) unstable; urgency=low * New upstream release * Enable Hardening - build-dep on hardening-wrapper + * [a454efe] Source init functions in init script + * [39f0420] Updating standards version to 3.9.4, no changes needed + * [a6c1551] Include dns_flood_collector.pl as example + * [b7b35b2] Update Vcs-headers + * [8260b99] Updating standards version to 3.9.5, no changes needed + * [7bffbb7] Add travis-ci config + * [1b8697f] Reorder and comment .travis.yml + * [a63e27c] Add lintian checks after build to .travis.yml + * [738c15d] Update VCS-* fields to current canonical URIs + * [ccc5dba] Update to recent copyright format + * [f383018] Adjust debian/rules to make hardening efficient + * [1438e9d] Provide lintian override for missing upstream changelog - -- Jan Wagner Wed, 22 May 2013 13:40:57 +0200 + -- Jan Wagner Sun, 02 Mar 2014 19:49:52 +0100 dns-flood-detector (1.12-7) unstable; urgency=low From 278015ab6793be14b1e7ebc36627d06be7a77144 Mon Sep 17 00:00:00 2001 From: Jan Wagner Date: Sun, 9 Mar 2014 15:55:34 +0100 Subject: [PATCH 085/136] Update Vcs-headers to selfhosted VCS --- debian/control | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/debian/control b/debian/control index ca3fd25..155cc51 100644 --- a/debian/control +++ b/debian/control @@ -4,8 +4,8 @@ Priority: optional Maintainer: Jan Wagner Build-Depends: debhelper (>= 9), libpcap0.8-dev, hardening-wrapper Homepage: http://www.adotout.com/ -Vcs-Browser: http://anonscm.debian.org/gitweb/?p=collab-maint/dns-flood-detector.git -Vcs-Git: git://anonscm.debian.org/collab-maint/dns-flood-detector.git +Vcs-Browser: https://gitlab.uncompleted.org/debian/dns-flood-detector +Vcs-Git: https://gitlab.uncompleted.org/debian/dns-flood-detector.git Standards-Version: 3.9.5 Package: dns-flood-detector From 09a0485efe5c2be9819db1b1e16a5d154df50dae Mon Sep 17 00:00:00 2001 From: Jan Wagner Date: Sun, 12 Oct 2014 20:45:42 +0200 Subject: [PATCH 086/136] Bump Standards-Version to 3.9.6, no changes needed --- debian/control | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/debian/control b/debian/control index 155cc51..fbeed1f 100644 --- a/debian/control +++ b/debian/control @@ -6,7 +6,7 @@ Build-Depends: debhelper (>= 9), libpcap0.8-dev, hardening-wrapper Homepage: http://www.adotout.com/ Vcs-Browser: https://gitlab.uncompleted.org/debian/dns-flood-detector Vcs-Git: https://gitlab.uncompleted.org/debian/dns-flood-detector.git -Standards-Version: 3.9.5 +Standards-Version: 3.9.6 Package: dns-flood-detector Architecture: any From f7710e515f9fbae6ba40c452a97461ee73ac19c3 Mon Sep 17 00:00:00 2001 From: Jan Wagner Date: Sun, 12 Oct 2014 20:57:03 +0200 Subject: [PATCH 087/136] Updating debian/changelog --- debian/changelog | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/debian/changelog b/debian/changelog index 86ef7e7..0c9b398 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,10 @@ +dns-flood-detector (1.20-2) unstable; urgency=medium + + * [278015a] Update Vcs-headers to selfhosted VCS + * [09a0485] Bump Standards-Version to 3.9.6, no changes needed + + -- Jan Wagner Sun, 12 Oct 2014 20:56:29 +0200 + dns-flood-detector (1.20-1) unstable; urgency=low * New upstream release From 904a4f6cdbc900a4132afc2de532cc48e8e13e38 Mon Sep 17 00:00:00 2001 From: Jan Wagner Date: Sun, 12 Oct 2014 21:43:41 +0200 Subject: [PATCH 088/136] New changelog --- debian/changelog | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/debian/changelog b/debian/changelog index 0c9b398..1291aba 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,9 @@ +dns-flood-detector (1.20-3) UNRELEASED; urgency=medium + + * + + -- Jan Wagner Sun, 12 Oct 2014 21:43:22 +0200 + dns-flood-detector (1.20-2) unstable; urgency=medium * [278015a] Update Vcs-headers to selfhosted VCS From e388f86934a47c0ec91b6b63f4d484288098f2fa Mon Sep 17 00:00:00 2001 From: Jan Wagner Date: Tue, 10 Mar 2015 16:01:04 +0100 Subject: [PATCH 089/136] travis-ci: don't install build-deps manual --- .travis.yml | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/.travis.yml b/.travis.yml index fc4aebf..ad9d570 100644 --- a/.travis.yml +++ b/.travis.yml @@ -12,8 +12,13 @@ before_install: - sudo apt-get autoremove -qq install: - # install build dependencies - - sudo apt-get install -qq --no-install-recommends debhelper libpcap0.8-dev hardening-wrapper + # install packages needed for mk-build-deps + - sudo apt-get install -qq --no-install-recommends devscripts equivs + # pull build deps from debian/control + - sudo mk-build-deps -ir + # remove packages needed for mk-build-deps + - sudo apt-get purge -qq equivs + - sudo apt-get autoremove -qq script: # build the debian package From 5035fb3493d74463bd6725ea268db9f7049550b3 Mon Sep 17 00:00:00 2001 From: Jan Wagner Date: Tue, 10 Mar 2015 16:01:20 +0100 Subject: [PATCH 090/136] travis-ci: build package with dpkg-buildpackage --- .travis.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.travis.yml b/.travis.yml index ad9d570..88c5dd6 100644 --- a/.travis.yml +++ b/.travis.yml @@ -22,7 +22,7 @@ install: script: # build the debian package - - debuild -uc -us + - dpkg-buildpackage -uc -us after_script: # run lintian after build From 1b42314f939236dbc5d66f90255409edbe69c05c Mon Sep 17 00:00:00 2001 From: Jan Wagner Date: Tue, 17 Mar 2015 00:58:13 +0100 Subject: [PATCH 091/136] Refresh patches/fix_prototyp --- debian/patches/fix_prototyp | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) mode change 100755 => 100644 debian/patches/fix_prototyp diff --git a/debian/patches/fix_prototyp b/debian/patches/fix_prototyp old mode 100755 new mode 100644 index 765c740..671e859 --- a/debian/patches/fix_prototyp +++ b/debian/patches/fix_prototyp @@ -1,9 +1,9 @@ From: dann frazier Subject: fix missing function prototype definition ---- dns-flood-detector-1.10/dns_flood_detector.c~ 2003-12-29 20:53:38.000000000 -0700 -+++ dns-flood-detector-1.10/dns_flood_detector.c 2006-11-18 17:38:47.000000000 -0700 -@@ -79,6 +79,7 @@ +--- a/dns_flood_detector.c ++++ b/dns_flood_detector.c +@@ -107,6 +107,7 @@ #include #include #include From e7cde7cb4ed68dbd4b9724755460092e548e6feb Mon Sep 17 00:00:00 2001 From: Jan Wagner Date: Thu, 20 Aug 2015 13:44:39 +0200 Subject: [PATCH 092/136] debian/control: reformating with warp-and-sort --- debian/control | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/debian/control b/debian/control index fbeed1f..b991cf9 100644 --- a/debian/control +++ b/debian/control @@ -2,7 +2,7 @@ Source: dns-flood-detector Section: net Priority: optional Maintainer: Jan Wagner -Build-Depends: debhelper (>= 9), libpcap0.8-dev, hardening-wrapper +Build-Depends: debhelper (>= 9), hardening-wrapper, libpcap0.8-dev Homepage: http://www.adotout.com/ Vcs-Browser: https://gitlab.uncompleted.org/debian/dns-flood-detector Vcs-Git: https://gitlab.uncompleted.org/debian/dns-flood-detector.git @@ -10,7 +10,7 @@ Standards-Version: 3.9.6 Package: dns-flood-detector Architecture: any -Depends: ${shlibs:Depends}, ${misc:Depends} +Depends: ${misc:Depends}, ${shlibs:Depends} Description: detect abusive usage levels on high traffic nameservers This package provides the dns-flood-detector daemon. . From fec98e0d03341074332f2b66e154f16f77da4705 Mon Sep 17 00:00:00 2001 From: Jan Wagner Date: Fri, 21 Aug 2015 11:12:47 +0200 Subject: [PATCH 093/136] travis-ci: grab actual used upstream version --- .travis.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.travis.yml b/.travis.yml index 88c5dd6..8a6d97c 100644 --- a/.travis.yml +++ b/.travis.yml @@ -6,7 +6,7 @@ before_install: # installneeded packages for uscan - sudo apt-get install -qq --no-install-recommends devscripts libwww-perl # download original tarball - - uscan --force-download + - UVERSION=$(dpkg-parsechangelog | grep ^Version | cut -d' ' -f2 | cut -d'-' -f1); uscan --verbose --download-version ${UVERSION} --force-download # remove packages needed for uscan - sudo apt-get purge -qq libwww-perl - sudo apt-get autoremove -qq From 118ec9c171f4d800bc676d9325537f68c42316ec Mon Sep 17 00:00:00 2001 From: Jan Wagner Date: Mon, 19 Oct 2015 16:18:07 +0200 Subject: [PATCH 094/136] travis-ci: Adding requried arguments for trusty --- .travis.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.travis.yml b/.travis.yml index 8a6d97c..c64e721 100644 --- a/.travis.yml +++ b/.travis.yml @@ -1,3 +1,5 @@ +sudo: required +dist: trusty language: c before_install: From aeab46566614384d4135d65c8f27c6eb85d1d3f5 Mon Sep 17 00:00:00 2001 From: Jan Wagner Date: Mon, 19 Oct 2015 16:50:02 +0200 Subject: [PATCH 095/136] travis-ci: automatically install dependencies --- .travis.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.travis.yml b/.travis.yml index c64e721..fa67a26 100644 --- a/.travis.yml +++ b/.travis.yml @@ -17,7 +17,7 @@ install: # install packages needed for mk-build-deps - sudo apt-get install -qq --no-install-recommends devscripts equivs # pull build deps from debian/control - - sudo mk-build-deps -ir + - sudo mk-build-deps -ir -t "apt-get --yes --no-install-recommends" # remove packages needed for mk-build-deps - sudo apt-get purge -qq equivs - sudo apt-get autoremove -qq From 9144fb8863244ca6a4ed46b67025e9a895562deb Mon Sep 17 00:00:00 2001 From: Jan Wagner Date: Sat, 10 Sep 2016 14:05:17 +0200 Subject: [PATCH 096/136] d/control: Remove hardening-wrapper from Build-Depends (Closes: #836622) --- debian/control | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/debian/control b/debian/control index b991cf9..8228c27 100644 --- a/debian/control +++ b/debian/control @@ -2,7 +2,7 @@ Source: dns-flood-detector Section: net Priority: optional Maintainer: Jan Wagner -Build-Depends: debhelper (>= 9), hardening-wrapper, libpcap0.8-dev +Build-Depends: debhelper (>= 9), libpcap0.8-dev Homepage: http://www.adotout.com/ Vcs-Browser: https://gitlab.uncompleted.org/debian/dns-flood-detector Vcs-Git: https://gitlab.uncompleted.org/debian/dns-flood-detector.git From 5b0f4ee346b3dda62c1aa7cc2e68313b31da0bf0 Mon Sep 17 00:00:00 2001 From: Jan Wagner Date: Sat, 10 Sep 2016 14:08:11 +0200 Subject: [PATCH 097/136] d/control: Bump Standards-Version to 3.9.8, no changes needed --- debian/control | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/debian/control b/debian/control index 8228c27..b388400 100644 --- a/debian/control +++ b/debian/control @@ -6,7 +6,7 @@ Build-Depends: debhelper (>= 9), libpcap0.8-dev Homepage: http://www.adotout.com/ Vcs-Browser: https://gitlab.uncompleted.org/debian/dns-flood-detector Vcs-Git: https://gitlab.uncompleted.org/debian/dns-flood-detector.git -Standards-Version: 3.9.6 +Standards-Version: 3.9.8 Package: dns-flood-detector Architecture: any From 6da676f569beb1cf226fa4f03247db5b894189d4 Mon Sep 17 00:00:00 2001 From: Jan Wagner Date: Sat, 10 Sep 2016 14:09:45 +0200 Subject: [PATCH 098/136] Prepare release --- debian/changelog | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) diff --git a/debian/changelog b/debian/changelog index 1291aba..485dd57 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,8 +1,17 @@ -dns-flood-detector (1.20-3) UNRELEASED; urgency=medium +dns-flood-detector (1.20-3) unstable; urgency=medium - * + * [e388f86] travis-ci: don't install build-deps manual + * [5035fb3] travis-ci: build package with dpkg-buildpackage + * [1b42314] Refresh patches/fix_prototyp + * [e7cde7c] debian/control: reformating with warp-and-sort + * [fec98e0] travis-ci: grab actual used upstream version + * [118ec9c] travis-ci: Adding requried arguments for trusty + * [aeab465] travis-ci: automatically install dependencies + * [9144fb8] d/control: Remove hardening-wrapper from Build-Depends + (Closes: #836622) + * [5b0f4ee] d/control: Bump Standards-Version to 3.9.8, no changes needed - -- Jan Wagner Sun, 12 Oct 2014 21:43:22 +0200 + -- Jan Wagner Sat, 10 Sep 2016 14:08:46 +0200 dns-flood-detector (1.20-2) unstable; urgency=medium From f75cb6e2b446943e2ecc6ce544b3a56e4b93c963 Mon Sep 17 00:00:00 2001 From: Jan Wagner Date: Sat, 10 Sep 2016 14:12:43 +0200 Subject: [PATCH 099/136] New changelog entry --- debian/changelog | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/debian/changelog b/debian/changelog index 485dd57..7fc2ccf 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,9 @@ +dns-flood-detector (1.20-4~1.gbp6da676) UNRELEASED; urgency=medium + + * UNRELEASED + + -- Jan Wagner Sat, 10 Sep 2016 14:12:25 +0200 + dns-flood-detector (1.20-3) unstable; urgency=medium * [e388f86] travis-ci: don't install build-deps manual From 0ff1167af20cb38576a94883162157c562c17b71 Mon Sep 17 00:00:00 2001 From: Jan Wagner Date: Mon, 14 Nov 2016 00:23:37 +0100 Subject: [PATCH 100/136] d/control: Depend on lsb-base --- debian/control | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/debian/control b/debian/control index b388400..c0238f6 100644 --- a/debian/control +++ b/debian/control @@ -10,7 +10,7 @@ Standards-Version: 3.9.8 Package: dns-flood-detector Architecture: any -Depends: ${misc:Depends}, ${shlibs:Depends} +Depends: ${misc:Depends}, ${shlibs:Depends}, lsb-base Description: detect abusive usage levels on high traffic nameservers This package provides the dns-flood-detector daemon. . From 51a32a62bbbab682e6bcd72e3072804d5bd68482 Mon Sep 17 00:00:00 2001 From: Jan Wagner Date: Mon, 14 Nov 2016 00:24:40 +0100 Subject: [PATCH 101/136] d/changelog: Fixing typo --- debian/changelog | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/debian/changelog b/debian/changelog index 7fc2ccf..d426e35 100644 --- a/debian/changelog +++ b/debian/changelog @@ -11,7 +11,7 @@ dns-flood-detector (1.20-3) unstable; urgency=medium * [1b42314] Refresh patches/fix_prototyp * [e7cde7c] debian/control: reformating with warp-and-sort * [fec98e0] travis-ci: grab actual used upstream version - * [118ec9c] travis-ci: Adding requried arguments for trusty + * [118ec9c] travis-ci: Adding required arguments for trusty * [aeab465] travis-ci: automatically install dependencies * [9144fb8] d/control: Remove hardening-wrapper from Build-Depends (Closes: #836622) From 2d36138e4dc8098f838b2e48ab16954fefab2f32 Mon Sep 17 00:00:00 2001 From: Jan Wagner Date: Fri, 18 Nov 2016 17:49:28 +0100 Subject: [PATCH 102/136] travis-ci: Make use of travis.d.n --- .travis.yml | 47 ++++++++++++++++++++++------------------------- 1 file changed, 22 insertions(+), 25 deletions(-) diff --git a/.travis.yml b/.travis.yml index fa67a26..39c4c32 100644 --- a/.travis.yml +++ b/.travis.yml @@ -1,34 +1,31 @@ sudo: required -dist: trusty -language: c -before_install: - # update package list - - sudo apt-get update -qq - # installneeded packages for uscan - - sudo apt-get install -qq --no-install-recommends devscripts libwww-perl - # download original tarball - - UVERSION=$(dpkg-parsechangelog | grep ^Version | cut -d' ' -f2 | cut -d'-' -f1); uscan --verbose --download-version ${UVERSION} --force-download - # remove packages needed for uscan - - sudo apt-get purge -qq libwww-perl - - sudo apt-get autoremove -qq +env: + - TRAVIS_DEBIAN_DISTRIBUTION=unstable TRAVIS_DEBIAN_MIRROR="http://httpredir.debian.org/debian/" TRAVIS_DEBIAN_SECURITY_UPDATES=false + - TRAVIS_DEBIAN_DISTRIBUTION=testing TRAVIS_DEBIAN_MIRROR="http://httpredir.debian.org/debian/" + - TRAVIS_DEBIAN_DISTRIBUTION=stable TRAVIS_DEBIAN_MIRROR="http://httpredir.debian.org/debian/" -install: - # install packages needed for mk-build-deps - - sudo apt-get install -qq --no-install-recommends devscripts equivs - # pull build deps from debian/control - - sudo mk-build-deps -ir -t "apt-get --yes --no-install-recommends" - # remove packages needed for mk-build-deps - - sudo apt-get purge -qq equivs - - sudo apt-get autoremove -qq +services: + - docker + +before_script: + # fetch all tags (not done due travis cloning with depth=50) + - git fetch --tags script: - # build the debian package - - dpkg-buildpackage -uc -us + # build the debian package + - wget -O- http://travis.debian.net/script.sh | sh - after_script: - # run lintian after build - - sudo apt-get install -qq --no-install-recommends lintian - - lintian --info --display-info --display-experimental --pedantic --show-overrides ../*.deb && lintian --info --display-info --display-experimental --pedantic --show-overrides ../*.dsc + # run lintian after build + - sudo add-apt-repository -y ppa:waja/trusty-backports + - sudo apt-get update -qq + - sudo apt-get install -qq --no-install-recommends lintian + - lintian --info --display-info --display-experimental --pedantic --show-overrides ../*.deb && lintian --info --display-info --display-experimental --pedantic --show-overrides ../*.dsc + #notifications: # email: false + +branches: + except: + - /^debian\/\d/ From af78b8b270c6747c992a86c28483a392ade19572 Mon Sep 17 00:00:00 2001 From: Jan Wagner Date: Mon, 5 Dec 2016 14:14:17 +0100 Subject: [PATCH 103/136] d/changelog: Prepare release --- debian/changelog | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/debian/changelog b/debian/changelog index d426e35..8f1a650 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,8 +1,10 @@ -dns-flood-detector (1.20-4~1.gbp6da676) UNRELEASED; urgency=medium +dns-flood-detector (1.20-4) unstable; urgency=medium - * UNRELEASED + * [0ff1167] d/control: Depend on lsb-base + * [51a32a6] d/changelog: Fixing typo + * [2d36138] travis-ci: Make use of travis.d.n - -- Jan Wagner Sat, 10 Sep 2016 14:12:25 +0200 + -- Jan Wagner Mon, 05 Dec 2016 14:13:55 +0100 dns-flood-detector (1.20-3) unstable; urgency=medium From 84bb436add3da8576b19c5e6615d1279d70540f6 Mon Sep 17 00:00:00 2001 From: Jan Wagner Date: Mon, 5 Dec 2016 14:28:45 +0100 Subject: [PATCH 104/136] d/changelog: New changelog --- debian/changelog | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/debian/changelog b/debian/changelog index 8f1a650..b581a9d 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,9 @@ +dns-flood-detector (1.20-5) UNRELEASED; urgency=medium + + * UNRELEASED + + -- Jan Wagner Mon, 05 Dec 2016 14:28:22 +0100 + dns-flood-detector (1.20-4) unstable; urgency=medium * [0ff1167] d/control: Depend on lsb-base From d1ee939e1364d8dcc91282b90a20256d5d57b57b Mon Sep 17 00:00:00 2001 From: Jan Wagner Date: Thu, 8 Nov 2018 16:46:50 +0100 Subject: [PATCH 105/136] travis-ci: Use xenial image --- .travis.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.travis.yml b/.travis.yml index 39c4c32..fcf0af0 100644 --- a/.travis.yml +++ b/.travis.yml @@ -1,3 +1,4 @@ +dist: xenial sudo: required env: From 187c4cbd7dc2a4d989c2bf36701c43c370770449 Mon Sep 17 00:00:00 2001 From: Jan Wagner Date: Thu, 24 Jan 2019 10:03:06 +0100 Subject: [PATCH 106/136] d/control: Bump Standards-Version to 4.3.0, no changes needed --- debian/control | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/debian/control b/debian/control index c0238f6..dae40b1 100644 --- a/debian/control +++ b/debian/control @@ -6,7 +6,7 @@ Build-Depends: debhelper (>= 9), libpcap0.8-dev Homepage: http://www.adotout.com/ Vcs-Browser: https://gitlab.uncompleted.org/debian/dns-flood-detector Vcs-Git: https://gitlab.uncompleted.org/debian/dns-flood-detector.git -Standards-Version: 3.9.8 +Standards-Version: 4.3.0 Package: dns-flood-detector Architecture: any From 0f96e5a8efc49b9c370efa8e08aa5eb01c28b871 Mon Sep 17 00:00:00 2001 From: Jan Wagner Date: Thu, 24 Jan 2019 10:37:10 +0100 Subject: [PATCH 107/136] d/rules: don't touch opmimisations cflags directly --- debian/rules | 6 ------ 1 file changed, 6 deletions(-) diff --git a/debian/rules b/debian/rules index 4ba2241..726de80 100755 --- a/debian/rules +++ b/debian/rules @@ -14,12 +14,6 @@ LDFLAGS:=$(shell dpkg-buildflags --get LDFLAGS) CFLAGS += -D_BSD_SOURCE -Wall -g LDLIBS += -lpcap -lpthread -lm -ifneq (,$(findstring noopt,$(DEB_BUILD_OPTIONS))) - CFLAGS += -O0 -else - CFLAGS += -O2 -endif - build: build-arch build-indep build-arch: build-stamp build-indep: build-stamp From 6f71168c11ae098384a61bd50bfd6b6135c6ba4e Mon Sep 17 00:00:00 2001 From: Jan Wagner Date: Thu, 24 Jan 2019 10:46:34 +0100 Subject: [PATCH 108/136] Prepare release --- debian/changelog | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/debian/changelog b/debian/changelog index b581a9d..233e556 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,8 +1,10 @@ -dns-flood-detector (1.20-5) UNRELEASED; urgency=medium +dns-flood-detector (1.20-5) unstable; urgency=medium - * UNRELEASED + * [d1ee939] travis-ci: Use xenial image + * [187c4cb] d/control: Bump Standards-Version to 4.3.0, no changes needed + * [0f96e5a] d/rules: don't touch opmimisations cflags directly - -- Jan Wagner Mon, 05 Dec 2016 14:28:22 +0100 + -- Jan Wagner Thu, 24 Jan 2019 10:45:28 +0100 dns-flood-detector (1.20-4) unstable; urgency=medium From 9e02c47ea12321b08fee607dadf679c2e61ca765 Mon Sep 17 00:00:00 2001 From: Jan Wagner Date: Thu, 24 Jan 2019 10:54:54 +0100 Subject: [PATCH 109/136] New changelog entry --- debian/changelog | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/debian/changelog b/debian/changelog index 233e556..4756d55 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,9 @@ +dns-flood-detector (1.20-6) UNRELEASED; urgency=medium + + * + + -- Jan Wagner Thu, 24 Jan 2019 10:51:31 +0100 + dns-flood-detector (1.20-5) unstable; urgency=medium * [d1ee939] travis-ci: Use xenial image From 9f76895172ed1ad1dc025732b2c1cd929dd82b06 Mon Sep 17 00:00:00 2001 From: Jan Wagner Date: Thu, 28 May 2020 21:30:11 +0200 Subject: [PATCH 110/136] Adding d/.gitlab-ci.yml --- debian/.gitlab-ci.yml | 14 ++++++++++++++ 1 file changed, 14 insertions(+) create mode 100644 debian/.gitlab-ci.yml diff --git a/debian/.gitlab-ci.yml b/debian/.gitlab-ci.yml new file mode 100644 index 0000000..62767c1 --- /dev/null +++ b/debian/.gitlab-ci.yml @@ -0,0 +1,14 @@ +include: + - https://salsa.debian.org/salsa-ci-team/pipeline/raw/master/salsa-ci.yml + - https://salsa.debian.org/salsa-ci-team/pipeline/raw/master/pipeline-jobs.yml + +variables: + RELEASE: 'unstable' + SALSA_CI_DISABLE_APTLY: 0 + SALSA_CI_DISABLE_AUTOPKGTEST: 0 + SALSA_CI_DISABLE_BLHC: 0 + SALSA_CI_DISABLE_LINTIAN: 0 + SALSA_CI_DISABLE_PIUPARTS: 0 + SALSA_CI_DISABLE_REPROTEST: 0 + SALSA_CI_DISABLE_BUILD_PACKAGE_ALL: 0 + SALSA_CI_DISABLE_BUILD_PACKAGE_ANY: 0 From 2fdc34f0778ccc728657c63cf1f8e7c49b3a9ad3 Mon Sep 17 00:00:00 2001 From: Jan Wagner Date: Tue, 8 Dec 2020 22:55:33 +0100 Subject: [PATCH 111/136] Bump Standards-Version to 4.5.1.0, no changes needed --- debian/control | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/debian/control b/debian/control index dae40b1..fc7aa39 100644 --- a/debian/control +++ b/debian/control @@ -6,7 +6,7 @@ Build-Depends: debhelper (>= 9), libpcap0.8-dev Homepage: http://www.adotout.com/ Vcs-Browser: https://gitlab.uncompleted.org/debian/dns-flood-detector Vcs-Git: https://gitlab.uncompleted.org/debian/dns-flood-detector.git -Standards-Version: 4.3.0 +Standards-Version: 4.5.1.0 Package: dns-flood-detector Architecture: any From 9db1d5f2040d58c7ba741d27f0b1c8bc8784b1be Mon Sep 17 00:00:00 2001 From: Helmut Grohne Date: Tue, 8 Dec 2020 22:57:53 +0100 Subject: [PATCH 112/136] Fix FTCBFS: Let dpkg's buildtools.mk supply $(CC). (Closes: #949599) --- debian/rules | 2 ++ 1 file changed, 2 insertions(+) diff --git a/debian/rules b/debian/rules index 726de80..985dcef 100755 --- a/debian/rules +++ b/debian/rules @@ -4,6 +4,8 @@ # Uncomment this to turn on verbose mode. #export DH_VERBOSE=1 +include /usr/share/dpkg/buildtools.mk + # hardening export DEB_BUILD_HARDENING=1 CPPFLAGS:=$(shell dpkg-buildflags --get CPPFLAGS) From 88f1ad952397da2e779679205cbada2592d9f580 Mon Sep 17 00:00:00 2001 From: Jan Wagner Date: Sun, 27 Dec 2020 23:37:24 +0100 Subject: [PATCH 113/136] Adding Github CI --- .github/workflows/packaging_test.yml | 35 ++++++++++++++ .github/workflows/release.yml | 70 ++++++++++++++++++++++++++++ 2 files changed, 105 insertions(+) create mode 100644 .github/workflows/packaging_test.yml create mode 100644 .github/workflows/release.yml diff --git a/.github/workflows/packaging_test.yml b/.github/workflows/packaging_test.yml new file mode 100644 index 0000000..f844a58 --- /dev/null +++ b/.github/workflows/packaging_test.yml @@ -0,0 +1,35 @@ +name: Packaging Test + +on: + push: + branches: + - $default-branch + - development + - master + # Run tests for any PRs + pull_request: + +env: + SOURCE_DIR: ./ + ARTIFACTS_DIR: debian/build/release/ + +jobs: + test: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v2 + env: + DEBIAN_FRONTEND: "noninteractive" + - name: Remove github artefacts + run: | + rm -rf .git* + - name: Adjust distibution in changelog file + run: | + sed -i '0,/restricted/s//stable/' debian/changelog + - name: Build Debian package + uses: dawidd6/action-debian-package@v1 + with: + artifacts_directory: debian/build/release/ + - name: Debug + run: | + ls -la diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml new file mode 100644 index 0000000..49663cf --- /dev/null +++ b/.github/workflows/release.yml @@ -0,0 +1,70 @@ +on: + push: + # Sequence of patterns matched against refs/tags + tags: + - 'debian/*' # Push events to matching debian/*, i.e. debian/1.0-2, debian/20.15.10, debian/23.20020326 + +name: Release Process + +env: + SOURCE_DIR: ./ + ARTIFACTS_DIR: debian/build/release/ + +jobs: + create-release: + name: Create Release + runs-on: ubuntu-latest + outputs: + release-id: ${{ steps.create_release.outputs.id }} + steps: + - name: Checkout code + uses: actions/checkout@v2 + - name: Install needed packages + run: | + if [ $(dpkg -l | grep -c dpkg-dev) -ne 1 ]; then sudo apt-get update && sudo apt-get install -y dpkg-dev; fi + - name: Gather changelog + run: | + ls -la + dpkg-parsechangelog | tail -n +9 > debian.changelog + - name: Create Release + id: create_release + uses: actions/create-release@v1 + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # This token is provided by Actions, you do not need to create your own token + with: + tag_name: ${{ github.ref }} + release_name: Release ${{ github.ref }} + body_path: debian.changelog + draft: false + prerelease: false + + build: + name: Build and upload packages + needs: create-release + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v2 + env: + DEBIAN_FRONTEND: "noninteractive" + - name: Remove github artefacts + run: | + rm -rf .git* + - name: Adjust distibution in changelog file + run: | + sed -i '0,/restricted/s//stable/' debian/changelog + - name: Build Debian package + uses: dawidd6/action-debian-package@v1 + with: + artifacts_directory: debian/build/release/ +# - name: Build Debian package +# uses: pi-top/action-debian-package@v0.2.0 +# with: +# artifacts_directory: debian/build/release/ +# target_architectures: "amd64,i386" + - name: Upload the artifacts + uses: skx/github-action-publish-binaries@master + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + with: + releaseId: ${{ needs.create-release.outputs.release-id }} + args: debian/build/release/* From 17a80e00d70871e4f4b3ead53460596f1f652fc3 Mon Sep 17 00:00:00 2001 From: Jan Wagner Date: Tue, 29 Dec 2020 18:44:17 +0100 Subject: [PATCH 114/136] d/control: Raise compat level to 12 --- debian/compat | 1 - debian/control | 2 +- 2 files changed, 1 insertion(+), 2 deletions(-) delete mode 100644 debian/compat diff --git a/debian/compat b/debian/compat deleted file mode 100644 index ec63514..0000000 --- a/debian/compat +++ /dev/null @@ -1 +0,0 @@ -9 diff --git a/debian/control b/debian/control index fc7aa39..49c9063 100644 --- a/debian/control +++ b/debian/control @@ -2,7 +2,7 @@ Source: dns-flood-detector Section: net Priority: optional Maintainer: Jan Wagner -Build-Depends: debhelper (>= 9), libpcap0.8-dev +Build-Depends: debhelper-compat (= 12), libpcap0.8-dev Homepage: http://www.adotout.com/ Vcs-Browser: https://gitlab.uncompleted.org/debian/dns-flood-detector Vcs-Git: https://gitlab.uncompleted.org/debian/dns-flood-detector.git From 3097edd309f336924c244ee99f6e6cce9f240edc Mon Sep 17 00:00:00 2001 From: Jan Wagner Date: Wed, 6 Jan 2021 21:33:55 +0100 Subject: [PATCH 115/136] Prepare release --- debian/changelog | 16 +++++++++++++--- 1 file changed, 13 insertions(+), 3 deletions(-) diff --git a/debian/changelog b/debian/changelog index 4756d55..ade7a42 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,8 +1,18 @@ -dns-flood-detector (1.20-6) UNRELEASED; urgency=medium +dns-flood-detector (1.20-6) unstable; urgency=medium - * + [ Jan Wagner ] + * [9f76895] Adding d/.gitlab-ci.yml + * [2fdc34f] Bump Standards-Version to 4.5.1.0, no changes needed - -- Jan Wagner Thu, 24 Jan 2019 10:51:31 +0100 + [ Helmut Grohne ] + * [9db1d5f] Fix FTCBFS: Let dpkg's buildtools.mk supply $(CC). + (Closes: #949599) + + [ Jan Wagner ] + * [88f1ad9] Adding Github CI + * [17a80e0] d/control: Raise compat level to 12 + + -- Jan Wagner Wed, 06 Jan 2021 21:33:15 +0100 dns-flood-detector (1.20-5) unstable; urgency=medium From aa5234616a22b08ac201a6b917cc6c330872d69b Mon Sep 17 00:00:00 2001 From: Jan Wagner Date: Wed, 6 Jan 2021 21:44:33 +0100 Subject: [PATCH 116/136] New changelog --- debian/changelog | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/debian/changelog b/debian/changelog index ade7a42..8413087 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,9 @@ +dns-flood-detector (1.20-7) UNRELEASED; urgency=medium + + * NOT RELEASED YET + + -- Jan Wagner Wed, 06 Jan 2021 21:44:19 +0100 + dns-flood-detector (1.20-6) unstable; urgency=medium [ Jan Wagner ] From 34a57054e4c0929168671217efb5fc40c1edf09d Mon Sep 17 00:00:00 2001 From: Jan Wagner Date: Thu, 4 Feb 2021 21:11:13 +0100 Subject: [PATCH 117/136] Use secure copyright file specification URI. Changes-By: lintian-brush Fixes: lintian: insecure-copyright-format-uri See-also: https://lintian.debian.org/tags/insecure-copyright-format-uri.html --- debian/copyright | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/debian/copyright b/debian/copyright index 6bcdfcc..cb160fb 100644 --- a/debian/copyright +++ b/debian/copyright @@ -1,4 +1,4 @@ -Format: http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ +Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ Upstream-Name: DNS Flood Detector Upstream-Contact: Dennis Opacki Source: http://www.adotout.com/ From 812b668027a628996970139abb6a84bb062e6200 Mon Sep 17 00:00:00 2001 From: Jan Wagner Date: Thu, 4 Feb 2021 21:11:18 +0100 Subject: [PATCH 118/136] Remove overrides for lintian tags that are no longer supported. Changes-By: lintian-brush Fixes: lintian: malformed-override See-also: https://lintian.debian.org/tags/malformed-override.html --- debian/dns-flood-detector.lintian-overrides | 2 -- 1 file changed, 2 deletions(-) delete mode 100644 debian/dns-flood-detector.lintian-overrides diff --git a/debian/dns-flood-detector.lintian-overrides b/debian/dns-flood-detector.lintian-overrides deleted file mode 100644 index 7a7dae8..0000000 --- a/debian/dns-flood-detector.lintian-overrides +++ /dev/null @@ -1,2 +0,0 @@ -# ustream does not provide a changelog -dns-flood-detector: no-upstream-changelog From 1da11e5b48cbd2730ffce534a6fb95a26c6dec53 Mon Sep 17 00:00:00 2001 From: Jan Wagner Date: Thu, 4 Feb 2021 21:11:43 +0100 Subject: [PATCH 119/136] Update watch file format version to 4. Changes-By: lintian-brush Fixes: lintian: older-debian-watch-file-standard See-also: https://lintian.debian.org/tags/older-debian-watch-file-standard.html --- debian/watch | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/debian/watch b/debian/watch index 76ed60b..4c0f90a 100644 --- a/debian/watch +++ b/debian/watch @@ -1,2 +1,2 @@ -version=3 -http://www.adotout.com/dnsflood-(.*)\.tgz +version=4 +http://www.adotout.com dnsflood-(.*)\.tgz From bd99c1cf0f89393bc96eeef9992deb549fad2a28 Mon Sep 17 00:00:00 2001 From: Jan Wagner Date: Fri, 5 Feb 2021 12:00:43 +0100 Subject: [PATCH 120/136] d/source/options: Adding .github to diff ignore --- debian/source/options | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/debian/source/options b/debian/source/options index b5bc9e7..b746363 100644 --- a/debian/source/options +++ b/debian/source/options @@ -1 +1 @@ -extend-diff-ignore = '(^|/)(\.travis\.yml|\.git|\.gitgnore|config\.sub|config\.guess)' +extend-diff-ignore = '(^|/)(\.travis\.yml|\.git|\.github|\.gitgnore|config\.sub|config\.guess)' From 30dfcd9d4045cfd700ea7f6910c3c4d0a9ee8b41 Mon Sep 17 00:00:00 2001 From: Jan Wagner Date: Fri, 16 Jul 2021 23:05:17 +0200 Subject: [PATCH 121/136] Adding Dependabot config --- .github/dependabot.yml | 12 ++++++++++++ 1 file changed, 12 insertions(+) create mode 100644 .github/dependabot.yml diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 0000000..b3fa1e0 --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,12 @@ +version: 2 +updates: + - package-ecosystem: github-actions + directory: "/" + schedule: + interval: daily + time: "04:00" + reviewers: + - "waja" + pull-request-branch-name: + separator: "-" + open-pull-requests-limit: 10 From 855d9c168d3d4bb140a04542a02dff8cd1806317 Mon Sep 17 00:00:00 2001 From: Jan Wagner Date: Fri, 16 Jul 2021 23:18:47 +0200 Subject: [PATCH 122/136] Do not remove .git* anymore --- .github/workflows/packaging_test.yml | 3 --- .github/workflows/release.yml | 3 --- 2 files changed, 6 deletions(-) diff --git a/.github/workflows/packaging_test.yml b/.github/workflows/packaging_test.yml index f844a58..f915b53 100644 --- a/.github/workflows/packaging_test.yml +++ b/.github/workflows/packaging_test.yml @@ -20,9 +20,6 @@ jobs: - uses: actions/checkout@v2 env: DEBIAN_FRONTEND: "noninteractive" - - name: Remove github artefacts - run: | - rm -rf .git* - name: Adjust distibution in changelog file run: | sed -i '0,/restricted/s//stable/' debian/changelog diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 49663cf..4c6c31f 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -46,9 +46,6 @@ jobs: - uses: actions/checkout@v2 env: DEBIAN_FRONTEND: "noninteractive" - - name: Remove github artefacts - run: | - rm -rf .git* - name: Adjust distibution in changelog file run: | sed -i '0,/restricted/s//stable/' debian/changelog From 03a0d32d251e1de344da1e1eaae5e928da1b44ed Mon Sep 17 00:00:00 2001 From: Jan Wagner Date: Wed, 21 Jul 2021 15:44:19 +0200 Subject: [PATCH 123/136] ci: pin action versions --- .github/workflows/packaging_test.yml | 2 +- .github/workflows/release.yml | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/packaging_test.yml b/.github/workflows/packaging_test.yml index f915b53..507c150 100644 --- a/.github/workflows/packaging_test.yml +++ b/.github/workflows/packaging_test.yml @@ -24,7 +24,7 @@ jobs: run: | sed -i '0,/restricted/s//stable/' debian/changelog - name: Build Debian package - uses: dawidd6/action-debian-package@v1 + uses: dawidd6/action-debian-package@v1.4.0 with: artifacts_directory: debian/build/release/ - name: Debug diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 4c6c31f..de5de2f 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -50,7 +50,7 @@ jobs: run: | sed -i '0,/restricted/s//stable/' debian/changelog - name: Build Debian package - uses: dawidd6/action-debian-package@v1 + uses: dawidd6/action-debian-package@v1.4.0 with: artifacts_directory: debian/build/release/ # - name: Build Debian package @@ -59,7 +59,7 @@ jobs: # artifacts_directory: debian/build/release/ # target_architectures: "amd64,i386" - name: Upload the artifacts - uses: skx/github-action-publish-binaries@master + uses: skx/github-action-publish-binaries@release-0.15 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: From 5f1d9e5b3a937973280c6daf28d4153b9272e7fb Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 2 Mar 2022 04:24:44 +0000 Subject: [PATCH 124/136] Bump actions/checkout from 2 to 3 Bumps [actions/checkout](https://github.com/actions/checkout) from 2 to 3. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/v2...v3) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/packaging_test.yml | 2 +- .github/workflows/release.yml | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/packaging_test.yml b/.github/workflows/packaging_test.yml index f915b53..0097515 100644 --- a/.github/workflows/packaging_test.yml +++ b/.github/workflows/packaging_test.yml @@ -17,7 +17,7 @@ jobs: test: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@v3 env: DEBIAN_FRONTEND: "noninteractive" - name: Adjust distibution in changelog file diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 4c6c31f..c24b34f 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -18,7 +18,7 @@ jobs: release-id: ${{ steps.create_release.outputs.id }} steps: - name: Checkout code - uses: actions/checkout@v2 + uses: actions/checkout@v3 - name: Install needed packages run: | if [ $(dpkg -l | grep -c dpkg-dev) -ne 1 ]; then sudo apt-get update && sudo apt-get install -y dpkg-dev; fi @@ -43,7 +43,7 @@ jobs: needs: create-release runs-on: ubuntu-latest steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@v3 env: DEBIAN_FRONTEND: "noninteractive" - name: Adjust distibution in changelog file From 14b52890f82b0cf50c49bb72b68e6459868daed1 Mon Sep 17 00:00:00 2001 From: Jan Wagner Date: Thu, 20 Oct 2022 13:07:47 +0200 Subject: [PATCH 125/136] Updating build pipelines --- .github/workflows/packaging_test.yml | 6 +++++- .github/workflows/release.yml | 10 +++++++--- 2 files changed, 12 insertions(+), 4 deletions(-) diff --git a/.github/workflows/packaging_test.yml b/.github/workflows/packaging_test.yml index 507c150..17ee0cd 100644 --- a/.github/workflows/packaging_test.yml +++ b/.github/workflows/packaging_test.yml @@ -17,9 +17,12 @@ jobs: test: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@v3 env: DEBIAN_FRONTEND: "noninteractive" + - name: Remove github artefacts + run: | + rm -rf .github* - name: Adjust distibution in changelog file run: | sed -i '0,/restricted/s//stable/' debian/changelog @@ -27,6 +30,7 @@ jobs: uses: dawidd6/action-debian-package@v1.4.0 with: artifacts_directory: debian/build/release/ + os_distribution: testing - name: Debug run: | ls -la diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index de5de2f..855b57d 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -18,7 +18,7 @@ jobs: release-id: ${{ steps.create_release.outputs.id }} steps: - name: Checkout code - uses: actions/checkout@v2 + uses: actions/checkout@v3 - name: Install needed packages run: | if [ $(dpkg -l | grep -c dpkg-dev) -ne 1 ]; then sudo apt-get update && sudo apt-get install -y dpkg-dev; fi @@ -43,9 +43,12 @@ jobs: needs: create-release runs-on: ubuntu-latest steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@v3 env: DEBIAN_FRONTEND: "noninteractive" + - name: Remove github artefacts + run: | + rm -rf .github* - name: Adjust distibution in changelog file run: | sed -i '0,/restricted/s//stable/' debian/changelog @@ -53,13 +56,14 @@ jobs: uses: dawidd6/action-debian-package@v1.4.0 with: artifacts_directory: debian/build/release/ + os_distribution: testing # - name: Build Debian package # uses: pi-top/action-debian-package@v0.2.0 # with: # artifacts_directory: debian/build/release/ # target_architectures: "amd64,i386" - name: Upload the artifacts - uses: skx/github-action-publish-binaries@release-0.15 + uses: skx/github-action-publish-binaries@release-2.0 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: From ab52f4a9535f26faa25ee3879ea128f77c56fdce Mon Sep 17 00:00:00 2001 From: Jan Wagner Date: Wed, 11 Jan 2023 14:40:37 +0000 Subject: [PATCH 126/136] Bump debhelper from old 12 to 13. Changes-By: lintian-brush Fixes: lintian: package-uses-old-debhelper-compat-version See-also: https://lintian.debian.org/tags/package-uses-old-debhelper-compat-version.html --- debian/control | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/debian/control b/debian/control index 49c9063..1299079 100644 --- a/debian/control +++ b/debian/control @@ -2,7 +2,7 @@ Source: dns-flood-detector Section: net Priority: optional Maintainer: Jan Wagner -Build-Depends: debhelper-compat (= 12), libpcap0.8-dev +Build-Depends: debhelper-compat (= 13), libpcap0.8-dev Homepage: http://www.adotout.com/ Vcs-Browser: https://gitlab.uncompleted.org/debian/dns-flood-detector Vcs-Git: https://gitlab.uncompleted.org/debian/dns-flood-detector.git From 2d78c7ef25e63fb2256e57b30db023200912eede Mon Sep 17 00:00:00 2001 From: Jan Wagner Date: Wed, 11 Jan 2023 14:52:10 +0000 Subject: [PATCH 127/136] Bump Standards-Version to 4.6.2 --- debian/control | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/debian/control b/debian/control index 1299079..3fc1d74 100644 --- a/debian/control +++ b/debian/control @@ -6,7 +6,7 @@ Build-Depends: debhelper-compat (= 13), libpcap0.8-dev Homepage: http://www.adotout.com/ Vcs-Browser: https://gitlab.uncompleted.org/debian/dns-flood-detector Vcs-Git: https://gitlab.uncompleted.org/debian/dns-flood-detector.git -Standards-Version: 4.5.1.0 +Standards-Version: 4.6.2 Package: dns-flood-detector Architecture: any From 2c4d7f10d058be28f1d9f0b9bc7fcb5c099464fa Mon Sep 17 00:00:00 2001 From: Jan Wagner Date: Fri, 13 Jan 2023 09:49:24 +0000 Subject: [PATCH 128/136] CI: disable not working jobs --- debian/.gitlab-ci.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/debian/.gitlab-ci.yml b/debian/.gitlab-ci.yml index 62767c1..0100fa0 100644 --- a/debian/.gitlab-ci.yml +++ b/debian/.gitlab-ci.yml @@ -5,10 +5,10 @@ include: variables: RELEASE: 'unstable' SALSA_CI_DISABLE_APTLY: 0 - SALSA_CI_DISABLE_AUTOPKGTEST: 0 + SALSA_CI_DISABLE_AUTOPKGTEST: 1 SALSA_CI_DISABLE_BLHC: 0 SALSA_CI_DISABLE_LINTIAN: 0 - SALSA_CI_DISABLE_PIUPARTS: 0 - SALSA_CI_DISABLE_REPROTEST: 0 + SALSA_CI_DISABLE_PIUPARTS: 1 + SALSA_CI_DISABLE_REPROTEST: 1 SALSA_CI_DISABLE_BUILD_PACKAGE_ALL: 0 SALSA_CI_DISABLE_BUILD_PACKAGE_ANY: 0 From 624a5fbbb2a29b0d9420b69faef93a00b7ea2e65 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 16 Jan 2023 04:11:50 +0000 Subject: [PATCH 129/136] Bump dawidd6/action-debian-package from 1.4.0 to 1.4.4 Bumps [dawidd6/action-debian-package](https://github.com/dawidd6/action-debian-package) from 1.4.0 to 1.4.4. - [Release notes](https://github.com/dawidd6/action-debian-package/releases) - [Commits](https://github.com/dawidd6/action-debian-package/compare/v1.4.0...v1.4.4) --- updated-dependencies: - dependency-name: dawidd6/action-debian-package dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- .github/workflows/packaging_test.yml | 2 +- .github/workflows/release.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/packaging_test.yml b/.github/workflows/packaging_test.yml index 17ee0cd..9dc4643 100644 --- a/.github/workflows/packaging_test.yml +++ b/.github/workflows/packaging_test.yml @@ -27,7 +27,7 @@ jobs: run: | sed -i '0,/restricted/s//stable/' debian/changelog - name: Build Debian package - uses: dawidd6/action-debian-package@v1.4.0 + uses: dawidd6/action-debian-package@v1.4.4 with: artifacts_directory: debian/build/release/ os_distribution: testing diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 855b57d..3ef907c 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -53,7 +53,7 @@ jobs: run: | sed -i '0,/restricted/s//stable/' debian/changelog - name: Build Debian package - uses: dawidd6/action-debian-package@v1.4.0 + uses: dawidd6/action-debian-package@v1.4.4 with: artifacts_directory: debian/build/release/ os_distribution: testing From 14e716044229a3d71c1e750925917978038f4402 Mon Sep 17 00:00:00 2001 From: Jan Wagner Date: Wed, 18 Jan 2023 14:24:25 +0000 Subject: [PATCH 130/136] Drop lsb-base, sysvinit-utils is essential --- debian/control | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/debian/control b/debian/control index 3fc1d74..87fce63 100644 --- a/debian/control +++ b/debian/control @@ -10,7 +10,7 @@ Standards-Version: 4.6.2 Package: dns-flood-detector Architecture: any -Depends: ${misc:Depends}, ${shlibs:Depends}, lsb-base +Depends: ${misc:Depends}, ${shlibs:Depends} Description: detect abusive usage levels on high traffic nameservers This package provides the dns-flood-detector daemon. . From dcdc452cb069de584918bf7c6c0846dcd1327799 Mon Sep 17 00:00:00 2001 From: Jan Wagner Date: Mon, 23 Jan 2023 10:06:46 +0000 Subject: [PATCH 131/136] Set Rules-Requires-Root: no. Changes-By: lintian-brush Fixes: lintian: silent-on-rules-requiring-root See-also: https://lintian.debian.org/tags/silent-on-rules-requiring-root.html --- debian/control | 1 + 1 file changed, 1 insertion(+) diff --git a/debian/control b/debian/control index 87fce63..43e55a6 100644 --- a/debian/control +++ b/debian/control @@ -7,6 +7,7 @@ Homepage: http://www.adotout.com/ Vcs-Browser: https://gitlab.uncompleted.org/debian/dns-flood-detector Vcs-Git: https://gitlab.uncompleted.org/debian/dns-flood-detector.git Standards-Version: 4.6.2 +Rules-Requires-Root: no Package: dns-flood-detector Architecture: any From 353f35ecb6e61140dea1fda40e8e1a610077a603 Mon Sep 17 00:00:00 2001 From: Jan Wagner Date: Mon, 23 Jan 2023 11:06:31 +0000 Subject: [PATCH 132/136] Adding unitfile --- debian/rules | 1 + debian/service | 14 ++++++++++++++ 2 files changed, 15 insertions(+) create mode 100644 debian/service diff --git a/debian/rules b/debian/rules index 985dcef..412fd82 100755 --- a/debian/rules +++ b/debian/rules @@ -60,6 +60,7 @@ binary-arch: build install dh_installman debian/dns-flood-detector.8 dh_installexamples dh_installinit -- defaults 40 + dh_installsystemd --no-enable dh_lintian dh_link dh_strip diff --git a/debian/service b/debian/service new file mode 100644 index 0000000..89ebe0c --- /dev/null +++ b/debian/service @@ -0,0 +1,14 @@ +[Unit] +Description=dns-flood-detector daemon + +[Service] +Environment=PIDFILE=/var/run/dns-flood-detector.pid +EnvironmentFile=-/etc/default/dns-flood-detector +ExecStart=/usr/sbin/dns-flood-detector $DAEMON_OPTS +ExecReload=/bin/kill -HUP $MAINPID +KillMode=process +Restart=on-failure +Type=notify + +[Install] +WantedBy=multi-user.target From 71b92a29739133b4b0cf521ca47bb2347bd2f4a9 Mon Sep 17 00:00:00 2001 From: Jan Wagner Date: Mon, 23 Jan 2023 12:07:35 +0000 Subject: [PATCH 133/136] Prepare release --- debian/changelog | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) diff --git a/debian/changelog b/debian/changelog index 8413087..88fa7fd 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,8 +1,17 @@ -dns-flood-detector (1.20-7) UNRELEASED; urgency=medium +dns-flood-detector (1.20-7) unstable; urgency=medium - * NOT RELEASED YET + [ Jan Wagner ] + * [34a5705] Use secure copyright file specification URI. + * [812b668] Remove overrides for lintian tags that are no longer supported. + * [1da11e5] Update watch file format version to 4. + * [bd99c1c] d/source/options: Adding .github to diff ignore + * [ab52f4a] Bump debhelper from old 12 to 13. + * [2d78c7e] Bump Standards-Version to 4.6.2 + * [14e7160] Drop lsb-base, sysvinit-utils is essential + * [dcdc452] Set Rules-Requires-Root: no. + * [353f35e] Adding unitfile - -- Jan Wagner Wed, 06 Jan 2021 21:44:19 +0100 + -- Jan Wagner Mon, 23 Jan 2023 11:34:04 +0000 dns-flood-detector (1.20-6) unstable; urgency=medium From 71cb79107c94570641fda613e69ece7a40b9ac5f Mon Sep 17 00:00:00 2001 From: Jan Wagner Date: Mon, 23 Jan 2023 12:11:50 +0000 Subject: [PATCH 134/136] New changelog --- debian/changelog | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/debian/changelog b/debian/changelog index 88fa7fd..a556669 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,9 @@ +dns-flood-detector (1.20-8) UNRELEASED; urgency=medium + + * + + -- Jan Wagner Mon, 23 Jan 2023 12:11:35 +0000 + dns-flood-detector (1.20-7) unstable; urgency=medium [ Jan Wagner ] From e9f87cb65c55e8522f86b76a0636409abbd56cb8 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 7 Mar 2023 05:00:23 +0000 Subject: [PATCH 135/136] Bump dawidd6/action-debian-package from 1.4.4 to 1.5.0 Bumps [dawidd6/action-debian-package](https://github.com/dawidd6/action-debian-package) from 1.4.4 to 1.5.0. - [Release notes](https://github.com/dawidd6/action-debian-package/releases) - [Commits](https://github.com/dawidd6/action-debian-package/compare/v1.4.4...v1.5.0) --- updated-dependencies: - dependency-name: dawidd6/action-debian-package dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- .github/workflows/packaging_test.yml | 2 +- .github/workflows/release.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/packaging_test.yml b/.github/workflows/packaging_test.yml index 9dc4643..81cc8c9 100644 --- a/.github/workflows/packaging_test.yml +++ b/.github/workflows/packaging_test.yml @@ -27,7 +27,7 @@ jobs: run: | sed -i '0,/restricted/s//stable/' debian/changelog - name: Build Debian package - uses: dawidd6/action-debian-package@v1.4.4 + uses: dawidd6/action-debian-package@v1.5.0 with: artifacts_directory: debian/build/release/ os_distribution: testing diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 3ef907c..3f3f765 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -53,7 +53,7 @@ jobs: run: | sed -i '0,/restricted/s//stable/' debian/changelog - name: Build Debian package - uses: dawidd6/action-debian-package@v1.4.4 + uses: dawidd6/action-debian-package@v1.5.0 with: artifacts_directory: debian/build/release/ os_distribution: testing From 06800998c1df09ccf96143abf780bc54b1592774 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 5 Sep 2023 04:32:37 +0000 Subject: [PATCH 136/136] Bump actions/checkout from 3 to 4 Bumps [actions/checkout](https://github.com/actions/checkout) from 3 to 4. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/v3...v4) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/packaging_test.yml | 2 +- .github/workflows/release.yml | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/packaging_test.yml b/.github/workflows/packaging_test.yml index 81cc8c9..c478ef5 100644 --- a/.github/workflows/packaging_test.yml +++ b/.github/workflows/packaging_test.yml @@ -17,7 +17,7 @@ jobs: test: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 env: DEBIAN_FRONTEND: "noninteractive" - name: Remove github artefacts diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 3f3f765..f384f5e 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -18,7 +18,7 @@ jobs: release-id: ${{ steps.create_release.outputs.id }} steps: - name: Checkout code - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Install needed packages run: | if [ $(dpkg -l | grep -c dpkg-dev) -ne 1 ]; then sudo apt-get update && sudo apt-get install -y dpkg-dev; fi @@ -43,7 +43,7 @@ jobs: needs: create-release runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 env: DEBIAN_FRONTEND: "noninteractive" - name: Remove github artefacts