auth sdig: some improvements for stdin mode

[Habbie]

Short description

as mentioned in comments to #14649

Checklist

I have:

• read the CONTRIBUTING.md document
• compiled this code
• tested this code
• included documentation (including possible behaviour changes)
• documented the code
• added or modified regression test(s)
• added or modified unit test(s)
• checked that this code was merged to master

[coveralls]

Pull Request Test Coverage Report for Build 10959235523

Details

• 0 of 0 changed or added relevant lines in 0 files are covered.
• 99 unchanged lines in 14 files lost coverage.
• Overall coverage decreased (-0.02%) to 64.686%

---

Files with Coverage Reduction	New Missed Lines	%
pdns/backends/gsql/gsqlbackend.hh	1	97.71%
pdns/recursordist/aggressive_nsec.cc	2	66.17%
modules/lmdbbackend/lmdbbackend.cc	2	72.5%
pdns/iputils.cc	3	55.45%
pdns/recursordist/test-syncres_cc2.cc	3	88.85%
pdns/dnsdistdist/dnsdist-carbon.cc	3	64.59%
modules/gpgsqlbackend/spgsql.cc	3	67.7%
pdns/misc.cc	4	63.26%
pdns/recursordist/test-syncres_cc1.cc	5	89.67%
pdns/recursordist/syncres.cc	6	79.56%

Totals
Change from base Build 10958069929:	-0.02%
Covered Lines:	124798
Relevant Lines:	162221

---

💛 - Coveralls

[Habbie]

@phonedph1 suggested not requiring 3 more arguments after stdin but this is hard to fit into the argument structure (let alone in the current argument parsing code). alias sdig=sdig stdin 0 . A feels like a viable workaround to me (which then still allows the passing of optional arguments)

[PenelopeFudd]

One problem I had was that I wanted to decode an arbitrary DNS query, but the sdig stdin 0 . A command only shows A records. By switching to sdig stdin 0 . ANY it was happy to print whatever it received.

Here's how I used it with strace to extract DNS requests/responses from a running program:

$ sudo strace -f -s1024 kinit -kt /etc/krb5.keytab |& \
   gawk -vIGNORECASE=1 'match($0,"\x22([^\x22]*example..org[^\x22]*)\x22",a){system("echo \x27"a[1]"\x27 | sdig stdin 0 . ANY")}'

ID 35767 was not expected, this response was not meant for us!
Reply to question for qname='_kerberos-master._tcp.EXAMPLE.ORG.', qtype=SRV
Rcode: 0 (No Error), RD: 1, QR: 0, TC: 0, AA: 0, opcode: 0
2	.	0	IN	OPT	

....etc...

[Habbie]

One problem I had was that I wanted to decode an arbitrary DNS query, but the sdig stdin 0 . A command only shows A records.

That somewhat surprises me. Do you have a base64 packet for me that sdig handles differently for A vs. ANY?

[PenelopeFudd]

One problem I had was that I wanted to decode an arbitrary DNS query, but the sdig stdin 0 . A command only shows A records.

That somewhat surprises me. Do you have a base64 packet for me that sdig handles differently for A vs. ANY?

I must have been pulling a ChatGPT (hallucinating), because it seems to be working now. 🙄

[phonedph1]

This looks great for passing responses in:

$ echo O8mBgAABAAYAAAABBmdvb2dsZQNjb20AAAEAAcAMAAEAAQAAASwABKzZ12XADAABAAEAAAEsAASs2ddxwAwAAQABAAABLAAErNnXZsAMAAEAAQAAASwABKzZ14rADAABAAEAAAEsAASs2deLwAwAAQABAAABLAAErNnXZAAAKQIAAAAAAAALAAgABwABGBgBAgM= | base64 -d | ./sdig stdin 0 . A
Reply to question for qname='google.com.', qtype=A, ID=15305
Rcode: 0 (No Error), RD: 1, QR: 1, TC: 0, AA: 0, opcode: 0
0	google.com.	300	IN	A	172.217.215.101
0	google.com.	300	IN	A	172.217.215.113
0	google.com.	300	IN	A	172.217.215.102
0	google.com.	300	IN	A	172.217.215.138
0	google.com.	300	IN	A	172.217.215.139
0	google.com.	300	IN	A	172.217.215.100
2	.	0	IN	OPT	AAgABwABGBgBAgM=
EDNS Subnet response: 1.2.3.0/24, scope: 1.2.3.0/24, family = 2

Thanks @Habbie