CNAME handling

* Improve CNAME reporting to use original (alias) names. This seems
   the most normal and intuitive.
 * CLI interface improvements (cli.*):
   - help message
   - gripe about invalid switches.
   - return exit code 1 in iptraffic for invalid configuration.
 * Expand Makefile
 * Update DPAK

Makefile

@@ -1,16 +1,29 @@
-O=-s
+# cm-20220225 testing controlpanel messages with symbols left in
+#O=-s
 
 
 ### Program Targets ###
 
+.PHONY: all controlpanel/trafficctrl
+all: iptraffic trafficmon/badtrafficrpt trafficmon/dnsblacklist trafficmon/domblacklist trafficmon/trafficmon controlpanel/trafficctrl
+
+controlpanel/trafficctrl:
+	cd controlpanel && make trafficctrl
+
 iptraffic: iptraffic.cpp strutil.o data.o config.o cli.o miniini.o
 	g++ $O -o $@ $@.cpp strutil.o data.o config.o cli.o miniini.o
 
-trafficmon/trafficmon: trafficmon/trafficmon.cpp strutil.o data.o config.o cli.o miniini.o
-	g++ $O -o $@ $@.cpp strutil.o data.o config.o cli.o miniini.o -lcppdb
+trafficmon/badtrafficrpt: trafficmon/badtrafficrpt.cpp cli.o miniini.o strutil.o trafficmon/appbase.o
+	g++ $O -o $@ $@.cpp strutil.o cli.o miniini.o trafficmon/appbase.o -lcppdb
+
+trafficmon/dnsblacklist: trafficmon/dnsblacklist.cpp cli.o miniini.o strutil.o trafficmon/appbase.o
+	g++ $O -o $@ $@.cpp strutil.o cli.o miniini.o trafficmon/appbase.o -lcppdb
 
-trafficmon/badtrafficrpt: trafficmon/badtrafficrpt.cpp cli.o miniini.o strutil.o
-	g++ $O -o $@ $@.cpp strutil.o cli.o miniini.o -lcppdb
+trafficmon/domblacklist: trafficmon/domblacklist.cpp cli.o miniini.o strutil.o trafficmon/appbase.o
+	g++ $O -o $@ $@.cpp strutil.o cli.o miniini.o trafficmon/appbase.o -lcppdb
+
+trafficmon/trafficmon: trafficmon/trafficmon.cpp strutil.o data.o config.o cli.o miniini.o trafficmon/appbase.o
+	g++ $O -o $@ $@.cpp strutil.o data.o config.o cli.o miniini.o trafficmon/appbase.o -lcppdb
 
 
 
@@ -31,14 +44,17 @@ miniini.o: miniini.cpp miniini.h strutil.o
 strutil.o: strutil.cpp strutil.h
 	g++ $O -c -o $@ strutil.cpp
 
+trafficmon/appbase.o: trafficmon/appbase.cpp trafficmon/appbase.h cli.o miniini.o
+	g++ $O -c -o $@ trafficmon/appbase.cpp
+
 
 
 ### Source Maintenance ###
 
 .PHONY: clean distclean
 clean:
-	rm *.o || true
+	rm *.o */*.o || true
 distclean: clean
-	rm iptraffic trafficmon/trafficmon trafficmon/badtrafficrpt || true
+	rm iptraffic trafficmon/trafficmon trafficmon/badtrafficrpt trafficmon/dnsblacklist trafficmon/domblacklist || true
 	rm *.deb || true
 	cd controlpanel && make distclean

cli.cpp

@@ -26,6 +26,12 @@ cBaseApp &cBaseApp::init(int argc, char **argv) {
 
 
 
+unsigned cBaseApp::do_switch(const char *arg) {
+  throw CLIerror("Invalid switch '"+std::string(arg)+"'");
+}
+
+
+
 int cBaseApp::main() {
   int i, ct;
   char *p;
@@ -68,6 +74,15 @@ int cBaseApp::main() {
 
 
 
+int cBaseApp::help() {
+  std::cerr <<
+    "Invalid command line arguments and the developer didn't provide any help."
+    << std::endl;
+  return ExitCode = 1;
+}
+
+
+
 int cBaseApp::crash(const std::exception &e) {
   std::cerr << "Application crashed: " << e.what() << std::endl;
   return 216; // just a weird number hopefully not conflicting with anything else.

cli.h

@@ -93,7 +93,7 @@ struct cBaseApp {
   //
 
   // how many args needed for val
-  virtual unsigned do_switch(const char *arg) { return 0; }
+  virtual unsigned do_switch(const char *arg);
   // proccess a val for switch
   virtual void     do_switch_arg(const char *sw, const std::string &val) { }
   // process a non-switch arg.
@@ -127,6 +127,16 @@ struct cBaseApp {
 
   virtual int main();
 
+  /// Provide help text for CLI arg parse errors
+  //
+  // This is intended to show a command line help message on the terminal
+  // about what the proper CLI syntax is. The return is the desired exit
+  // code. The default is 1. This implementation will provide the app meta
+  // data, if present. This simplified method is used so an exception is
+  // not required to call it.
+
+  virtual int help();
+
   /// Catch exceptions ///
   //
   // This is called by the boiler plate main() (see bottom) when an excpetion

data.cpp

@@ -211,12 +211,40 @@ bool LogAnalyzer::line(const std::string &in) {
   ///  DNS query result ///
 
   // TODO: need to get more specific on tying us + them + time to DNS
-  // TODO: doesn't seem that CNAMEs are getting attached to requests properly.
-  //       the logs are cryptic on this front.
   if(ln.count>8 && strncmp(ln.fields[4], "dnsmasq[", 8)==0) {
     if(ln[5]=="reply" || ln[5]=="cached") {
       name = ln[6];
       address = ln[8];
+
+      /* NOTE: CNAME resolution seems to follow this order in logs:
+           1. A result line (reply/cached) with an address of <CNAME>
+           2. One or more consecutive result lines for the canonical name
+         Looking over the logs it doesn't appear that dnsmasq will log
+         anything between the original and CNAME resolutions. The exception
+         is if a CNAME record is cached and it has to resolve what it
+         points to. In this case there would be a "cached" and then a
+         "forwarded" record eventually followed by "reply ... <CNAME>".
+         In that case we want to operate on the reply.
+      */
+      /* record we're handling a CNAME cycle */
+      if(address=="<CNAME>") {
+        alias = name;
+        cname = "";
+        return 0;
+      }
+      /* If in cname _mode_: */
+      if(alias!="") {
+        if(cname=="") {
+          cname = name; /* This is our target name */
+          name = alias; /* substitute the alias */
+        } else if(cname==name) {
+          name = alias; /* substitute the alias */
+        } else {
+          cname = "";   /* These are different records reset */
+          name = "";
+        }
+      }
+
       // Hmm... is this reply an address?
       if(pre_match(dns_ignore, address)) return 0; // nope
       if(pre_match(dns_del,    address)) return 0; // does not exist reply
@@ -227,6 +255,9 @@ bool LogAnalyzer::line(const std::string &in) {
       rdns[address] = name;
       //dlog("Added "+address+" = "+name);
       return 0;
+    } else if(alias!="") {
+      alias = ""; /* we've fallen out of CNAME resolution. */
+      cname = "";
     }
   }
 

data.h

@@ -101,6 +101,8 @@ struct LogAnalyzer {
   NameVal     rdns;                      // Reverse DNS lookup cache
   Conn        conn;                      // Last connection worked on
   Splits      ln;                        // Work buffer for line processing
+  std::string alias;                     // The name requiring CNAME resolution
+  std::string cname;                     // The cname alias was pointing to.
 
   LogAnalyzer();
   // Process a log line. Returns "true" if it were a netfilter entry.

iptraffic.cpp

@@ -78,11 +78,11 @@ struct IPtraffic: public cBaseApp {
 
 
   // TODO: elaborate
-  void help() {
+  int help() {
     cerr <<
       "\n"
       "iptraffic -c {config file} [-o {output file}] [{input file} [...]]\n";
-    ExitCode = 1;
+    return ExitCode = 1;
   }
 
 
@@ -149,7 +149,7 @@ struct IPtraffic: public cBaseApp {
       }
     }
     *out << flush; // make sure all data gets written.
-    cerr << "\nLines:      " << line_no
+    cerr <<   "Lines:      " << line_no
          << "\nIgnored:    " << ict
          << "\nTotal rDNS: " << analyze.rdns.size() << endl;
     return 0;

poorman-ids.dpak

@@ -13,6 +13,36 @@ Copyright: .
 Origin: JFP
 Packaged-For: JF Possibilities, Inc.
 changelog:
+ (0.6-1j) unstable; urgency=low
+ .
+   ** This is an alpha release **
+ .
+   * Change handling of CNAMEs to report the originally requested name.
+ .
+  -- Jon Foster <jon@jfpossibilities.com>  Mon, 21 Mar 2022 14:56:19 -0700
+ .
+ (0.5-2j) unstable; urgency=low
+ .
+   ** This is an alpha release **
+ .
+   This is primarily a bug fix and testing release.
+ .
+   * Leave symbols in bins to see how C++CMS reports errors.
+   * Don't allow "*." or "*" in the wild card entry field. It breaks
+     stuff!
+ .
+  -- Jon Foster <jon@jfpossibilities.com>  Mon, 03 Jan 2022 14:22:30 -0800
+ .
+ (0.5-1j) unstable; urgency=low
+ .
+   ** This is an alpha release **
+ .
+   * Minor internal restructuring of CLI apps.
+   * *NEW* domblacklist tool to make DNSmasq whole domain blocks.
+   * Also added the iptraffic log CLI log analyzer
+ .
+  -- Jon Foster <jon@jfpossibilities.com>  Mon, 03 Jan 2022 14:22:30 -0800
+ .
  (0.4-3j) unstable; urgency=low
  .
    ** This is an alpha release **
@@ -52,8 +82,6 @@ changelog:
   -- Jon Foster <jon@jfpossibilities.com>  Thu, 02 Sep 2021 10:58:43 -0700
  .
 Build: sh
- make trafficmon/trafficmon trafficmon/badtrafficrpt
- cd controlpanel
  make
 Clean: sh
  make distclean
@@ -61,12 +89,13 @@ Clean: sh
 Package: poorman-ids
 Architecture: any
 # I think libssl is required by cppcms. libmysqlclient18 is probably cppdb
-Depends: libc6, libstdc++6, cppdb (>= 0.3.1-4), cppcms, libssl1.0.0,
- libmysqlclient18
+Depends: libc6, libstdc++6, cppdb (>= 0.3.1-4), cppcms, libssl1.0.0
+#Depends: []
 Recommends: libmysqlclient18
 Description: .
 Install: sh
- dpak install -sbin trafficmon/trafficmon trafficmon/badtrafficrpt
+ dpak install -sbin iptraffic trafficmon/trafficmon trafficmon/badtrafficrpt
+ dpak install -sbin trafficmon/dnsblacklist trafficmon/domblacklist
  dpak install -sbin controlpanel/trafficctrl
  dpak strip
  dpak install -conf -subdir poorman-ids sample.conf controlpanel/sample.js
@@ -83,13 +112,15 @@ Finalize: sh
  chmod -R g-s "$DPAK_ROOT"
  chmod 700 "$DPAK_ROOT/etc/poorman-ids"
  chmod 600 "$DPAK_ROOT/etc/poorman-ids/"*
- chmod 644 "$DPAK_ROOT/etc/default/"* 
+ chmod 644 "$DPAK_ROOT/etc/default/"*
  chmod 755 "$DPAK_ROOT/etc/init.d/"*
 PostInst: sh
  update-rc.d trafficmon  defaults
  update-rc.d trafficctrl defaults
+  service trafficmon  start || true
+  service trafficctrl start || true
 PreRm: sh
-  # Shut off services so they are RAM resident after install
+  # Shut off services so they aren't RAM resident after install
   service trafficmon  stop || true
   service trafficctrl stop || true
 PostRm: sh