Skip to content

dnstap filter by host mask #205

New issue
New issue
Closed
#217
Closed
dnstap filter by host mask#205
#217
@ghost

Description

@ghost
ghost
opened on Feb 7, 2022

As a dnstap user, I want to be able to extract DNS metrics only for dnstap signals matching a specific list of IP netmasks (IPv4 and IPv6). Because dnstap is not able to use BPF filters like PCAP, the filtering must be done in user space in the dnstap module.

Therefore, dnstap input needs a new filter only_hosts (string array) which may contain hostmasks in CIDR form:

"192.168.0.0/24",
"1.2.3.4/32",
"2001:db8::/64"

dnstap input will convert these to IPv4 and IPv6 IP+netmasks and filter out any dnstap message whose query_address or response_address does not match a hostmask in the list.

This functionality is very similar to Pcap input handler's "host_spec" functionality, and that maybe used as a reference. See https://github.com/ns1labs/pktvisor/blob/7aab97ad909ef876c90b507ab13900ba4a09ebc8/src/inputs/pcap/utils.cpp#L68 and https://github.com/ns1labs/pktvisor/blob/7aab97ad909ef876c90b507ab13900ba4a09ebc8/src/inputs/pcap/PcapInputStream.cpp#L365

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions