If you like BoxMatrix then please contribute Supportdata, Supportdata2, Firmware and/or Hardware (get in touch).
My metamonk@yahoo.com is not reachable by me since years. Please use hippie2000@webnmail.de instead.
Property:dnsqcheckd (avmcmd)
| BoxMatrix >> Shell-Commands >> dnsqcheckd (avmcmd) | @ BoxMatrix - IRC-Chat - Translate: de es fr it nl pl |
| News | Selectors | Models | Accessories | Components | Environment | Config | Commands | System | Webif | Software | Develop | Lexicon | Community | Project | Media |
| Startup-Scr | Hotplug-Scr | BusyBox-Cmds | Bash-Cmds | AVM-Cmds | Chipset-Cmds | Linux-Cmds | Shared-Libs | Kernel-Mods | Research |
 |
Name-Collision - multiple objects in this wiki use the name dnsqcheckd!
|
AVM-Command
| Command: | dnsqcheckd (avmcmd) - type Exec | Wiki | Freetz | IPPF | whmf | AVM | Web |
| Location: | Shell-Commands >> AVM-Commands - Origin: AVM | ||||||
| Path: | Release: Lab+Rel: /sbin | ||||||
| Properties: | Size: 29.8k - 37.0k - Firmware: 7.08 - 7.19 | ||||||
| Function: | Botnet controller DNS filtering daemon. | ||||||
Goto: Endpoints - Events - Dependencies - Model-Matrix - Symbols - SMW-Browser
Details
dnsqcheckd is a Botnet controller DNS filtering daemon. It never was used in release firmware, only tested in Labor.
It accesses:
/var/candc.data /var/candc.data.update /var/InternerSpeicher/FRITZ/candc.data /var/InternerSpeicher/FRITZ/candc.data.update /var/run/dnsqcheckd.pid /var/tmp/candc_report.json /var/tmp/candc.statistic
In libbotnetfilterlib.so additionally:
/etc/candc_public_key
candc means Command & Control, which is the name of the master server in a Botnet.
The job of this daemon is to apply a DNS filter for known candc servers, so they are not reachable by infected machines.
candc.data.update was downloaded by libcmapi.so from a cinflst.de URL, a domain registered by AVM[1].
Once updated this daemon is notyfied to reolad the list from candc.data.update:
msgsend dnsqcheckd botnet-update
Fw 7.08 dnsqcheckd tested on fw 7.29 help:
fritz3:/var/mod/root $ ln -s /lib/libuClibc-1.0.31.so librt.so.1 fritz3:/var/mod/root $ ln -s /lib/libuClibc-1.0.31.so libdl.so.1 fritz3:/var/mod/root $ ln -s /lib/libuClibc-1.0.31.so libpthread.so.1 fritz3:/var/mod/root $ dnsqcheckd -? usage: dnsqcheckd [options] options: -? - print this help -f - run in forground. (NOTSET) -s - stop daemon. (NOTSET) -v - verbose. (NOTSET) -p STRING - Pidfile. ("/var/run/dnsqcheckd.pid") -D STRING - switch debug logs on. (FUNC) start server: dnsqcheckd stop server : dnsqcheckd -s
Endpoints
aicmd endpoint(s) provided by dnsqcheckd, with these functions: (fw 7.08)
root@fritz:/var/mod/root# aicmd dnsqcheckd # provided by dnsqcheckd: - fw 7.08+ HELP - show help SLABDUMP - show slab allocation SLABSHOW - show slab information QUIT - disconnect candcreport - create Command & Control malware detection report # provided by libewnwlinux.so: - fw 7.01+ ewnwlinux show csockshell - show shells running ewnwlinux show genetlink - show gerneric netlink families # provided by libewnwlinux.so: - fw 7.90+ ewnwlinux netlink show - show internal information ewnwlinux netlink getroute [address] - get route for inet address ewnwlinux netlink interfaces - show interfaces ewnwlinux netlink routes [ 4 | 6 ] - show routes # provided by libavmcsock.so: - fw 7.01+ avmcsock show csock - show all csock avmcsock show dnsconfig - show all dns context avmcsock show timercb - show all timer avmcsock show debughandles - show all debughandles avmcsock show cprocess - show all processes avmcsock set debug - set debug flags # provided by libavmcsock.so: - fw 7.29+ avmcsock show cbcontext - show all cbdata avmcsock show daemon - show daemon status avmcsock show cbuf - show cbuf status # provided by libavmcsock.so: - fw 7.39+ avmcsock getsymbol <address> - get symbol for address avmcsock show dnsglobal - show all dns global values avmcsock show dnscache - show cache avmcsock show dnsqueries - show all pending queries avmcsock show avmipc [endpoint shmatch] - show avmipc events and states avmcsock ctimer show - show all timer avmcsock ctimer overview - show ctimer overview avmcsock iotrace format unctrl|hexdump - set format for csock iotrace avmcsock iotrace file - enable iotrace to file avmcsock iotrace enable - enable iotrace via debugmsg avmcsock iotrace disable - disable iotrace avmcsock iotrace match help|<match> - show allowed matches or set match avmcsock iotrace reset - remove all matches avmcsock iotrace show - show configuration # provided by libavmcsock.so: - fw 7.90+ avmcsock show signals - show signal handler avmcsock show connector [cache|stats] - show connector information avmcsock show clogger - show clogger information avmcsock set clogmod [ <module> [ '.' <submodule ] ... ] [ '=' <level> ] - set clogmod log level avmcsock slab check - red zone/free check avmcsock slab reap [heavy] - call slab_reap/slab_reap_heavy avmcsock slab dump [long] - show slab allocation avmcsock slab show - show slab information avmcsock slab ewma [show|activate|deactivate|reset] - show average allocates/freed per second avmcsock avmipc notifier [endpoint shmatch] - show registered notifier avmcsock avmipc set [endpoint shmatch] - show states/events sent avmcsock avmipc csv [endpoint shmatch] - show states/events sent and listing as csv
msgsend endpoint(s) provided by dnsqcheckd, with these functions: (endpoints + commands, collected manually)
dnsqcheckd botnet-update # from libcmapi.so
Events
Daily updated index of AVM-Events and AVMIPC-Datastore nodes affecting this command. Last update: 2023-12-10 05:13 GMT.
The owners of Event-Sinks and Event-Sources are manual research, which may be incomplete or even wrong.
A * in the Mod column marks info from Supportdata-Probes, which will always stay incomplete.
A ** in the Mod column marks info from Supportdata2 probes, which by their nature will stay way more incomplete.
A - in the Mod column marks manual research, the Firmware then shows where the item occurs, not the Relation.
| Relation | Typ | Object | Mod | Firmware | Info | Origin |
|---|---|---|---|---|---|---|
| Endpoint | sock | me_anony-dnsqcheckd-($num)-($num).ctl | 2* | 7.08 - 7.11 | Anonymous avmipc endpoint of dnsqcheckd | AVM |
| Endpoint | sock | me_dnsqcheckd.ctl | 5* | 7.08 - 7.11 | avmipc_command endpoint of dnsqcheckd | AVM |
| 2 event relations for this command | ||||||
Dependencies
Daily updated index of all dependencies of this command. Last update: 2024-05-18 07:24 GMT.
A * in the Mod column marks info from Supportdata-Probes, which will always stay incomplete.
| Relation | Typ | Object | Mod | Firmware | Info | Origin |
|---|---|---|---|---|---|---|
| Runs as | proc | dnsqcheckd (process) | 5* | 7.08 - 7.11 | Botnet controller DNS filtering daemon. | AVM |
| Registers | wdog | dnsqcheckd (watchdog) | 5* | 7.08 - 7.11 | Botnet controller DNS filtering daemon. | AVM |
| Serving | sock | me_anony-dnsqcheckd-($num)-($num).ctl | 2* | 7.08 - 7.11 | Anonymous avmipc endpoint of dnsqcheckd | AVM |
| Serving | sock | me_dnsqcheckd.ctl | 5* | 7.08 - 7.11 | avmipc_command endpoint of dnsqcheckd | AVM |
| Depends on | lib | ld.so | 16 | 7.08 - 7.19 | Dynamic linker / loader | Linux |
| Depends on | lib | libar7cfg.so | 24 | 7.08 - 7.19 | TFFS-Configuration API to ar7.cfg and many more. | AVM |
| Depends on | lib | libavmauth.so | 24 | 7.08 - 7.19 | Fritzbox authentification helpers | AVM |
| Depends on | lib | libavmcipher.so | 24 | 7.08 - 7.19 | AES / DES / Rijndael encryption / decryption. | AVM |
| Depends on | lib | libavmcsock.so | 24 | 7.08 - 7.19 | Networking, I/O and helper functions | AVM |
| Depends on | lib | libavmhmac.so | 24 | 7.08 - 7.19 | HMAC / SHA / MD5 hashing. | AVM |
| Depends on | lib | libboxlib.so | 24 | 7.08 - 7.19 | Box status, logging and statistics functions | AVM |
| Depends on | lib | libc.so | 24 | 7.08 - 7.19 | Standard C library | Linux |
| Depends on | lib | libdl.so | 24 | 7.08 - 7.14 | Dynamic linking library | Linux |
| Depends on | lib | libdputil.so | 24 | 7.08 - 7.19 | DataPipe / packet utilities | AVM |
| Depends on | lib | libewnwlinux.so | 24 | 7.08 - 7.19 | Linux networking functions | AVM |
| Depends on | lib | libewnwnet.so | 24 | 7.08 - 7.19 | Internet helper functions | AVM |
| Depends on | lib | liblandev.so | 24 | 7.08 - 7.19 | TODO | Linux |
| Depends on | lib | libpthread.so | 24 | 7.08 - 7.14 | POSIX threading library | Linux |
| Depends on | lib | librt.so | 24 | 7.08 - 7.14 | POSIX realtime extensions library | Linux |
| Depends on | lib | libwdt.so | 24 | 7.08 - 7.19 | AVM-Watchdogs management API | AVM |
| Depends on | lib | libwebsrv.so | 24 | 7.08 - 7.19 | HTTP / HTTPS webserver and tools. | AVM |
| Depends on | lib | libz.so | 24 | 7.08 - 7.19 | Zlib compressor / decompressor | Linux |
| 22 dependencies for this command | ||||||
Model-Matrix
Daily updated index of the presence, path and size of this command for each model. Last update: 2024-05-18 05:08 GMT.
Showing all models using this command. Click any column header (click-wait-click) to sort the list by the respective data.
The (main/scrpn/boot/arm/prx/atom) label in the Model column shows which CPU is meant for models with multiple Linux instances.
Note that this list is merged from Firmware-Probes of all known AVM firmware for a model, including Recovery.exe and Labor-Files.
| Model | Firmware | Path | Size |
|---|---|---|---|
| FRITZ!Box 4040 | 7.08 | /sbin | 29.8k |
| FRITZ!Box 6490 Cable (arm) | 7.08 | /sbin | 33.7k |
| FRITZ!Box 6490 Cable (atom) | 7.08 | /sbin | 33.7k |
| FRITZ!Box 6590 Cable (arm) | 7.08 | /sbin | 33.7k |
| FRITZ!Box 6590 Cable (atom) | 7.08 | /sbin | 33.7k |
| FRITZ!Box 6591 Cable (arm) | 7.08 | /sbin | 33.9k |
| FRITZ!Box 6591 Cable (atom) | 7.08 | /sbin | 33.9k |
| FRITZ!Box 6660 Cable (arm) | 7.14 | /sbin | 30.5k |
| FRITZ!Box 6660 Cable (atom) | 7.14 | /sbin | 30.5k |
| FRITZ!Box 6820 LTE v1 | 7.08 | /sbin | 36.9k |
| FRITZ!Box 6820 LTE v2 | 7.08 | /sbin | 36.9k |
| FRITZ!Box 6890 LTE | 7.08 | /sbin | 36.9k |
| FRITZ!Box 6890 LTE v1 | 7.08 | /sbin | 36.9k |
| FRITZ!Box 6890 LTE v2 | 7.08 | /sbin | 36.9k |
| FRITZ!Box 7362 SL | 7.08 | /sbin | 36.9k |
| FRITZ!Box 7430 | 7.08 | /sbin | 36.9k |
| FRITZ!Box 7490 (main) | 7.08 - 7.19 | /sbin | 36.9k - 37.0k |
| FRITZ!Box 7520 | 7.08 | /sbin | 29.8k |
| FRITZ!Box 7530 | 7.08 | /sbin | 29.8k |
| FRITZ!Box 7560 | 7.08 | /sbin | 36.9k |
| FRITZ!Box 7580 | 7.08 - 7.11 | /sbin | 36.9k |
| FRITZ!Box 7581 | 7.08 | /sbin | 29.9k |
| FRITZ!Box 7582 | 7.08 | /sbin | 29.9k |
| FRITZ!Box 7590 | 7.08 - 7.19 | /sbin | 36.9k |
| 24 models use this command | |||
Symbols
Daily updated index of all symbols of this command. Last update: 2024-05-18 07:24 GMT.
| Firmware | Symbol |
|---|---|
| 7.08 - 7.19 | BOTNETQUERY_botnetquery_free |
| 7.08 - 7.19 | botnet_dns_filter_async_create |
| 7.08 - 7.19 | botnet_dns_filter_async_destroy |
| 7.08 - 7.19 | botnet_dns_filter_async_gen_report |
| 7.08 - 7.19 | botnet_dns_filter_async_handle_file_update |
| 7.08 - 7.19 | botnet_dns_filter_async_query |
| 7.08 - 7.19 | botnet_filter_get_ids |
| 7.08 - 7.19 | botnet_filter_get_mem |
| 7.08 - 7.19 | botnet_filter_get_signature |
| 7.08 - 7.19 | botnet_filter_load |
| 7.08 - 7.19 | botnet_filter_signature_match |
| 7.08 - 7.19 | botnet_filter_statistic_count |
| 7.08 - 7.19 | botnet_filter_statistic_create |
| 7.08 - 7.19 | botnet_filter_statistic_create_from_file |
| 7.08 - 7.19 | botnet_filter_statistic_destroy |
| 7.08 - 7.19 | botnet_filter_statistic_get_json |
| 7.08 - 7.19 | botnet_filter_statistic_serialize_to_file |
| 7.08 - 7.19 | botnet_filter_unload |
| 7.08 - 7.19 | botnet_query_thread |
| 7.08 - 7.19 | botnetquery_event_register |
| 7.08 - 7.19 | botnetquery_event_unregister |
| 7.08 - 7.19 | botnetquery_getcfg |
| 7.08 - 7.19 | domain_match_avm_flags |
| 7.08 - 7.19 | domain_match_malware_names |
| 7.08 - 7.19 | main |
| 7.08 - 7.19 | mem_botnetfilter::domain_match |
| 7.08 - 7.19 | mem_botnetfilter::mem_botnetfilter |
| 27 symbols for this command | |
