[Iftop-users] v6 dns display error
Paul Warren
pdw at ex-parrot.com
Mon Feb 6 21:47:14 GMT 2017
On 06/02/17 18:48, Stuart Gathman wrote:
>> It works if all IPv6 rDNS lookups succeed. Even if most IPv6 rDNS
>> lookups succeed, you might not notice the problem (and that is when it
>> is the most dangerous). The best way to reproduce is
>> to run on a local IPv6 subnet where *none* of the IPv6 lookups succeed,
>> or else point /etc/resolv.conf to a local dnsmasq with ip6.arpa set
>> to always return NXDOMAIN. Then all IPv6 will display as the same
>> raw IP, and you will surely notice.
>>
>
Please could you try the latest in git?
https://code.blinkace.com/pdw/iftop/commit/35af3cf65f17961d173b31fd3b00166ec095c226
It looks like the key used for caching DNS lookups was assumed to be
in6_addr, but in fact was a larger struct that wrapped the IP address.
This means that the comparison looking for NS lookups was effectively
ignoring 64 of the 128 bits in the v6 address, leading to very
unpredictable results.
Paul
More information about the iftop-users
mailing list