search

dmachard / go-dnscollector

Ingesting, pipelining, and enhancing your DNS logs with usage indicators, security analysis, and additional metadata.
MIT License
184 stars 43 forks source link

Can't collect logs on GRE tunnel #771

Open top-secrett opened 2 weeks ago

top-secrett commented 2 weeks ago

Describe the bug I use anti-ddos service for ipv4 via gre tunnel and collector can't collect logs

image

multiplexer:
  collectors:
    - name: col-ipv4
      afpacket-sniffer:
        port: 53
        device: storm1099
        chan-buffer-size: 65535
      transforms:
        normalize:
          qname-lowercase: false
          quiet-text: true

    - name: col-ipv6
      afpacket-sniffer:
        port: 53
        device: ens224
        chan-buffer-size: 65535
      transforms:
        normalize:
          qname-lowercase: false
          quiet-text: true

  loggers:
    - name: log
      logfile:
        file-path: /var/log/dns/queries.log
        mode: text
        flush-interval: 1
        max-size: 100000000
        max-files: 0

  routes:
    - from: [ col-ipv4 ]
      to: [ log ]
    - from: [ col-ipv6 ]
      to: [ log ]

Additional context

dmachard commented 2 weeks ago

GRE tunnel is not supported for sure. I think the BPF filter need to be updated to support that. Could you share a small tcpdump network trace ?

top-secrett commented 2 weeks ago

@dmachard tcpdump_gre.txt

dmachard commented 2 weeks ago

I confirm you, the BPF filter need to be updated to support GRE protocol Currently only IP4 and IP6 are expected.

image

dmachard commented 2 weeks ago

@dmachard tcpdump_gre.txt

PCAP file will be more efficient thanks

top-secrett commented 2 weeks ago

@dmachard dump.zip