Matt Sisk | 19 Mar 22:40 2014

Net::WDNS 0.03 released

I've released the first public version of Net::WDNS, a perl binding for 
libwdns.

You can download from the CPAN:

   http://search.cpan.org/~msisk/Net-WDNS-0.03/

The official documentation lives here:

   https://tools.netsa.cert.org/confluence/display/tt/Net-WDNS

Enjoy,
___________________________________
Matt Sisk
Member of the Technical Staff
CERT Software Engineering Institute
Carnegie Mellon University
sisk <at> cert.org
Matt Sisk | 19 Mar 22:40 2014

Net::Nmsg 0.10 released

I've released version 0.10 of Net::Nmsg, a perl binding for libnmsg. It 
addresses the recent shift from 'ISC' to 'base', fixes a couple of 
option and rendering bugs, and has updated examples.

You can download from the CPAN:

   http://search.cpan.org/~msisk/Net-Nmsg-0.10/

The official documentation lives here:

   https://tools.netsa.cert.org/confluence/display/tt/Net-Nmsg

Enjoy,
___________________________________
Matt Sisk
Member of the Technical Staff
CERT Software Engineering Institute
Carnegie Mellon University
sisk <at> cert.org
Robert Edmonds | 18 Mar 19:34 2014

pynmsg 0.3.0 released

Hello,

pynmsg 0.3.0 is now available.  This release includes a fix that aliases
"nmsg.msgtype.isc" to "nmsg.msgtype.base" in order to maintain backwards
compatibility with software that uses the old "ISC" vendor name for
vendor ID 1.

Source tarball:

    https://dl.farsightsecurity.com/dist/pynmsg/pynmsg-0.3.0.tar.gz

git tag:

    https://github.com/farsightsec/pynmsg/tree/tags/v0.3.0

Additionally, the wheezy-farsightsec repository has an updated
python-nmsg (0.3.0-1) package.

--

-- 
Robert Edmonds
Farsight Security, Inc.
Robert Edmonds | 13 Mar 23:01 2014

nmsg 0.8.0 released

Hello,

nmsg 0.8.0 is now available.

Source tarball:

    https://dl.farsightsecurity.com/dist/nmsg/nmsg-0.8.0.tar.gz

git tag:

    https://github.com/farsightsec/nmsg/tree/tags/v0.8.0

nmsg (0.8.0)

  * Update copyright and license statements as a result of the transition from
    Internet Systems Consortium to Farsight Security.

  * The "ISC" NMSG vendor has been renamed to "base". API/ABI backwards
    compatibility with existing source code and binaries which use the old
    vendor name will be maintained. New code should begin referring to the new
    vendor name and existing code should be updated to refer to the new vendor
    name.

  * Replace the "librsf" submodule with the "libmy" subtree.

  * Fix a double free() which occurred when compression was enabled on a
    libnmsg output and an NMSG payload large enough to cause fragmentation
    before being compressed ended up being small enough to fit in an
    unfragmented NMSG container after compression.

(Continue reading)

Kyu Seob Kim | 19 Dec 19:31 2013

pynmsg build problem

I keep getting _nmsg.c:316:18: fatal error: nmsg.h: No such file or directory

Is that because I haven't installed nmsg yet?
_______________________________________________
nmsg-dev mailing list
nmsg-dev <at> lists.farsightsecurity.com
https://lists.farsightsecurity.com/mailman/listinfo/nmsg-dev
Robert Edmonds | 13 Dec 23:56 2013

wdns 0.5 released

wdns 0.5 is now available from:

    https://dl.farsightsecurity.com/dist/wdns/wdns-0.5.tar.gz

and is tagged in git:

    https://github.com/farsightsec/wdns/tree/tags/v0.5

wdns (0.5)

 * Update copyright and license statements as a result of the transition from
   Internet Systems Consortium to Farsight Security.

 * Escape literal backslashes when converting domain names or record data to
   presentation format.

 * Add a spec file for building on RPM systems, based on a spec file
   contributed by John Heidemann.

 * Replace the "librsf" submodule with the "libmy" subtree.

 * Correct the "Name:" field in the libwdns.pc file.

 * Make it possible to build with "make" rather than "gmake" on FreeBSD by
   generating libwdns.pc from the configure script rather than the Makefile.

 * Install the libwdns.pc file into the right directory on FreeBSD systems
   where pkg-config has been modified to read from a "libdata" directory.

 -- Robert Edmonds <edmonds <at> fsi.io>  Fri, 13 Dec 2013 16:06:06 -0500

--

-- 
Robert Edmonds
Farsight Security, Inc.
Ray Ruvinskiy | 13 Dec 22:28 2013

TCP DNS Flows

Hi,

Looking at the dnsqr.c source code, I have come to the conclusion that there is no support for capturing and reassembling TCP DNS flows. Is my impression correct? If it is, is there a technical reason for the lack of support, or is it simply that no one has gotten around to it?

Thanks,

Ray
_______________________________________________
nmsg-dev mailing list
nmsg-dev <at> lists.farsightsecurity.com
https://lists.farsightsecurity.com/mailman/listinfo/nmsg-dev
Robert Edmonds | 4 Dec 01:37 2013

Re: [PATCH 2/2] Fix inverted filter logic in nmsg_input_read_null

Robert Edmonds wrote:
> Ray Ruvinskiy wrote:
> > _input_nmsg_filter returns true if the payload is allowed by the filter and
> > false if it is not allowed. However, the call to _input_nmsg_filter in
> > nmsg_input_read_null was assuming the opposite semantics.
> > ---
> >  nmsg/input_nullnmsg.c | 2 +-
> >  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> Pushed to master.  Thanks!

Whoops, sent this to the old list address...

--

-- 
Robert Edmonds
Farsight Security, Inc.
Robert Edmonds | 1 Dec 01:40 2013

libnmsg CRC32C implementation

The NMSG protocol incorporates a per-payload CRC32C checksum for error
detection.  The CRC32C calculation function is currently one of the top
functions when profiling libnmsg (roughly comparable to the protobuf
decoder), so I've added a faster CRC32C implementation that will be
released in the nmsg 0.8.x series.

On x86-64 CPUs with SSE4.2, there is hardware support for calculating
the CRC32C checksum which is about an order of magnitude faster than the
best software implementation.  On x86-64, libnmsg will now do runtime
CPU feature detection at library startup [0] and use these hardware
instructions if they are available [1].  CPUs with the required SSE4.2
instructions include modern CPUs from Intel (including the Haswell,
Sandy Bridge, and Nehalem microarchitectures, but not the Core or Atom
microarchitectures) and AMD (the Bulldozer microarchitecture).

On all other architectures, and on x86-64 CPUs without SSE4.2, libnmsg
falls back to the efficient "slicing-by-8" software implementation of
CRC32C [2].  This implementation is about 20-30% or so faster than the
previous implementation used in libnmsg.

I found Evan Jones' CRC32C blog post and source code [3] on this topic
to be highly informative.

In microbenchmarks (decoding and re-encoding files containing NMSG
payloads with an average size of 100-200 bytes or so) on my desktop,
which has a CPU which supports the SSE4.2 instructions, the new
implementation cut about 10-20% off the total nmsgtool runtimes.

[0] https://github.com/farsightsec/libmy/blob/master/crc32c.c

[1] https://github.com/farsightsec/libmy/blob/master/crc32c-sse42.c

[2] https://github.com/farsightsec/libmy/blob/master/crc32c-slicing.c

[3] http://www.evanjones.ca/crc32c.html

--

-- 
Robert Edmonds
Farsight Security, Inc.
Robert Edmonds | 1 Dec 00:55 2013

nmsg and wdns git repositories

Hello,

The nmsg and wdns git repositories that were previously available from
the old rsfcode site are now available via GitHub:

    https://github.com/farsightsec/nmsg

    https://github.com/farsightsec/wdns

I'm still working on getting other former rsfcode repositories converted
and published (pynmsg, pywdns, etc.).  I'll also be working on fixing
the various outstanding issues that I know about in nmsg and wdns.

--

-- 
Robert Edmonds
Farsight Security, Inc.
Vernon Schryver | 26 Nov 03:46 2013

nmsg_msgmod_lookup() crash

Another thing that can cause nmsg_msgmod_lookup() to try to dereference
null is when _nmsg_global_msgmodset is null because no shared/dynamic
nmsg modules were loaded because none are available.

Vernon Schryver    vjs <at> rhyolite.com

Gmane