search

gamelinux / passivedns

A network sniffer that logs all DNS server replies for use in a passive DNS setup
http://gamelinux.org/
1.67k stars 374 forks source link

BPF problem in Debian using /etc/default/passivedns #84

Closed DavidMelons closed 7 years ago

DavidMelons commented 7 years ago

Hello. On debian jessie, trying to use a BPF like this

[...] BPF="-b 'port 53 and not (host 1.2.3.4 or host 1.2.3.5)'" [...] passed into /etc/default/passivedns

I got this error: [*] Error pcap_compile user_filter: illegal token: ' /usr/bin/passivedns -i eth4 -b 'port 53 and not (host 1.2.3.4 or host 1.2.3.5)' -l /var/log/passivedns.log -L /var/log/passivedns-nx.log -S 256 -P 86400 -X 46CDNOPRSTMnx done.

Solved by change: --ARGS="$INTERFACE $BPF $LOGFILE $NXLOGFILE $LOGSYSLOG $NXSYSLOG $MAXMEM $PRINT $RRTYPES $DEAMON" ++eval ARGS="$INTERFACE $BPF $LOGFILE $NXLOGFILE $LOGSYSLOG $NXSYSLOG $MAXMEM $PRINT $RRTYPES $DEAMON"

Thank you Davide

DavidMelons commented 7 years ago

eval not resolving. ...still getting: Error pcap_compile user_filter: illegal token: ' Thanks

DavidMelons commented 7 years ago

finally solved. in /etc/init.d/passivedns

in the start case, changed $DAEMON $ARGS > /dev/null 2>&1 with ( ( eval "$DAEMON $ARGS" > /dev/null 2>&1 ) & ) &

Thanks