Git Product home page Git Product logo

ymmv's Introduction

Yeti Many Mirror Verifier

This is the ymmv utility. It is designed to make it easy and safe for a DNS administrator to copy their resolver IANA root DNS traffic to the Yeti root.

The program is designed to be able to take several styles of input. Something like dnstap will be the best source of input, but since pcap files (produced by tcpdump and other programs) are very common, that is the first input that has been implemented. The ymmv format can be found in ymmv-format.md.

For each query and answer that the resolver has made to the IANA root servers, a version will be sent to the some Yeti root servers. Initially the particular Yeti server will be round-robin from a list of servers (or the whole set if none is specified), but later we will add RTT-based server selection.

The Yeti answer that is returned will be compared to the IANA answer, and if there is a difference this will be logged. Administrators will have to ability to opt-in to having their logs periodically e-mailed to the Yeti project.

Installation

You need the libpcap library, which can be downloaded from the tcpdump project page. On a Debian or Debian-derived systems installation will look something like this:

$ sudo apt install libpcap-dev

You need the Go language pcap and dns libraries from the awesome Miek Gieben:

$ go get github.com/miekg/pcap
$ go get github.com/miekg/dns

To build the pcap to ymmv filter/converter:

$ cd pcap2ymmv
$ go build

To build the ymmv program itself:

$ cd ymmv
$ go build

Running

A shell script which writes tcpdump output to a file is in the pcap2ymmv directory, and can be used like this:

$ sudo sh capture.sh eth0

For now this will create ymmv.dat, although the expectation is that this will be able to be used as input for the ymmv program later, like this:

$ sudo sh capture.sh eth0 | ymmv --mail-logs

Limitations

There are lots of limitations right now, being worked on:

  • The ymmv program itself is still being developed. It does not work.
  • IP fragments are not handled by the pcap parser.
  • TCP streams are not reassembled by the pcap parser.

We are currently working on finishing the ymmv program and reassembling IP fragments. We will log TCP to see if it is actually used much, and if so we will try to build a solution for that.

ymmv's People

Contributors

shane-kerr avatar

Watchers

avatar avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.