[dnscap-users] Release 1.10.0

Jerry Lundström jerry at dns-oarc.net
Tue Dec 4 08:11:47 UTC 2018

Hi all,

This release adds a new plugin type "filter" and 5 new plugins that can
do anonymization, deanonymization and masking of the IP addresses.


Packages are available at:


New features:
- Check plugins for `pluginname_type()` which returns
  `enum plugin_type`, if missing the plugin is counted as an
  "output" plugin
- New plugin type "filter" which calls `pluginname_filter()` prior of
  outputting any data or calling of "output" plugins, if the new
  function returns non-zero then the packet is filtered out (dropped)
- New extension `DNSCAP_EXT_SET_IADDR` that gives access to a function
  for setting the from and to IP addresses both in the extracted data
  and the wire

New plugins:
- `anonaes128`: Anonymize IP addresses using AES128
- `anonmask`: Pseudo-anonymize IP addresses by masking them
- `cryptopan`: Anonymize IP addresses using an extension to Crypto-PAn
  (College of Computing, Georgia Tech) made by David Stott (Lucent)
- `cryptopant`: Anonymize IP addresses using cryptopANT, a different
  implementation of Crypto-PAn made by the ANT project at USC/ISI
- `ipcrypt`: Anonymize IP addresses using ipcrypt create by
  Jean-Philippe Aumasson

- Fix changing `royparse` and `txtout` with other plugins (thanks to
  Duane Wessels and Paul Hoffman)
- Free pointers to allocated strings in `text_free()` (thanks to Michał
- Fix IP checksum calculation

Other changes:
- `-B` and `-E` can be used without `-w` (thanks to Duane Wessels)
- Use `pcap_findalldevs()` instead of `pcap_lookupdev()` (thanks to
  Michał Kępień)
- Document and add `-?` option to all plugins
- Fix clang `scan-build` bugs and LGTM alerts
- Use `gmtime_r()` instead of `gmtime()`
- Update `pcap-thread` to v4.0.0

67d8e2c Fix
fb0ed02 Plugin documentation
a2c9a6c cryptopant
39db1ca Deanonymize, IPv6 test
afc7107 Crypto-PAn, cryptopANT
f1912cc OpenSSL, anonaes128
f2bab62 ipcrypt, anonmask
158b1e7 anonmask help
60ece58 anonmask
8f1b138 Plugin types, filter plugin, set iaddr extension, anonymization
        by masking
b7d7991 IP checksum
641a23a Free pointers to allocated strings in text_free()
4d313bf pcap_findalldevs()
091e0ca Use pcap_findalldevs() instead of pcap_lookupdev()
6a7b25e Clean up use of feature test macros on Linux
cbba14c Configure, uninitialized
f228c9c Code formatting
3fd738c man-page
770168a Test
714e4f5 Fix -B <begin> so that it works when reading offline pcap files.
8675bea Test
911fec9 Implementing test9 as a test of -B and -E command line args.
a7cc72d -B <begin> and -E <end> can work fine without -w <base>.
04c4928 Made the same changes to txtout as were in 165a786
165a786 Workaround for stdio mystery causing duplicate royparse output.


More information about the dnscap-users mailing list