1 1.1 christos /* dnstap support for Unbound */ 2 1.1 christos 3 1.1 christos /* 4 1.1 christos * Copyright (c) 2013-2014, Farsight Security, Inc. 5 1.1 christos * All rights reserved. 6 1.1 christos * 7 1.1 christos * Redistribution and use in source and binary forms, with or without 8 1.1 christos * modification, are permitted provided that the following conditions 9 1.1 christos * are met: 10 1.1 christos * 11 1.1 christos * 1. Redistributions of source code must retain the above copyright 12 1.1 christos * notice, this list of conditions and the following disclaimer. 13 1.1 christos * 14 1.1 christos * 2. Redistributions in binary form must reproduce the above copyright 15 1.1 christos * notice, this list of conditions and the following disclaimer in the 16 1.1 christos * documentation and/or other materials provided with the distribution. 17 1.1 christos * 18 1.1 christos * 3. Neither the name of the copyright holder nor the names of its 19 1.1 christos * contributors may be used to endorse or promote products derived from 20 1.1 christos * this software without specific prior written permission. 21 1.1 christos * 22 1.1 christos * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 23 1.1 christos * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 24 1.1 christos * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 25 1.1 christos * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR 26 1.1 christos * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, 27 1.1 christos * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, 28 1.1 christos * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; 29 1.1 christos * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, 30 1.1 christos * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR 31 1.1 christos * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF 32 1.1 christos * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 33 1.1 christos */ 34 1.1 christos 35 1.1 christos #include "dnstap/dnstap_config.h" 36 1.1 christos 37 1.1 christos #ifdef USE_DNSTAP 38 1.1 christos 39 1.1 christos #include "config.h" 40 1.1 christos #include <string.h> 41 1.1 christos #include <sys/time.h> 42 1.1.1.3 christos #ifdef HAVE_SYS_STAT_H 43 1.1.1.3 christos #include <sys/stat.h> 44 1.1.1.3 christos #endif 45 1.1.1.3 christos #include <errno.h> 46 1.1 christos #include "sldns/sbuffer.h" 47 1.1 christos #include "util/config_file.h" 48 1.1 christos #include "util/net_help.h" 49 1.1 christos #include "util/netevent.h" 50 1.1 christos #include "util/log.h" 51 1.1 christos 52 1.1 christos #include <protobuf-c/protobuf-c.h> 53 1.1 christos 54 1.1 christos #include "dnstap/dnstap.h" 55 1.1.1.4 christos #include "dnstap/dtstream.h" 56 1.1 christos #include "dnstap/dnstap.pb-c.h" 57 1.1 christos 58 1.1 christos #define DNSTAP_INITIAL_BUF_SIZE 256 59 1.1 christos 60 1.1 christos struct dt_msg { 61 1.1 christos void *buf; 62 1.1 christos size_t len_buf; 63 1.1 christos Dnstap__Dnstap d; 64 1.1 christos Dnstap__Message m; 65 1.1 christos }; 66 1.1 christos 67 1.1 christos static int 68 1.1 christos dt_pack(const Dnstap__Dnstap *d, void **buf, size_t *sz) 69 1.1 christos { 70 1.1 christos ProtobufCBufferSimple sbuf; 71 1.1 christos 72 1.1 christos memset(&sbuf, 0, sizeof(sbuf)); 73 1.1 christos sbuf.base.append = protobuf_c_buffer_simple_append; 74 1.1 christos sbuf.len = 0; 75 1.1 christos sbuf.alloced = DNSTAP_INITIAL_BUF_SIZE; 76 1.1 christos sbuf.data = malloc(sbuf.alloced); 77 1.1 christos if (sbuf.data == NULL) 78 1.1 christos return 0; 79 1.1 christos sbuf.must_free_data = 1; 80 1.1 christos 81 1.1 christos *sz = dnstap__dnstap__pack_to_buffer(d, (ProtobufCBuffer *) &sbuf); 82 1.1 christos if (sbuf.data == NULL) 83 1.1 christos return 0; 84 1.1 christos *buf = sbuf.data; 85 1.1 christos 86 1.1 christos return 1; 87 1.1 christos } 88 1.1 christos 89 1.1.1.7 christos /** See if the message is sent due to dnstap sample rate */ 90 1.1.1.7 christos static int 91 1.1.1.7 christos dt_sample_rate_limited(struct dt_env* env) 92 1.1.1.7 christos { 93 1.1.1.7 christos lock_basic_lock(&env->sample_lock); 94 1.1.1.7 christos /* Sampling is every [n] packets. Where n==1, every packet is sent */ 95 1.1.1.7 christos if(env->sample_rate > 1) { 96 1.1.1.7 christos int submit = 0; 97 1.1.1.7 christos /* if sampling is engaged... */ 98 1.1.1.7 christos if (env->sample_rate_count > env->sample_rate) { 99 1.1.1.7 christos /* once the count passes the limit */ 100 1.1.1.7 christos /* submit the message */ 101 1.1.1.7 christos submit = 1; 102 1.1.1.7 christos /* and reset the count */ 103 1.1.1.7 christos env->sample_rate_count = 0; 104 1.1.1.7 christos } 105 1.1.1.7 christos /* increment count regardless */ 106 1.1.1.7 christos env->sample_rate_count++; 107 1.1.1.7 christos lock_basic_unlock(&env->sample_lock); 108 1.1.1.7 christos return !submit; 109 1.1.1.7 christos } 110 1.1.1.7 christos lock_basic_unlock(&env->sample_lock); 111 1.1.1.7 christos return 0; 112 1.1.1.7 christos } 113 1.1.1.7 christos 114 1.1 christos static void 115 1.1 christos dt_send(const struct dt_env *env, void *buf, size_t len_buf) 116 1.1 christos { 117 1.1.1.4 christos dt_msg_queue_submit(env->msgqueue, buf, len_buf); 118 1.1 christos } 119 1.1 christos 120 1.1 christos static void 121 1.1 christos dt_msg_init(const struct dt_env *env, 122 1.1 christos struct dt_msg *dm, 123 1.1 christos Dnstap__Message__Type mtype) 124 1.1 christos { 125 1.1 christos memset(dm, 0, sizeof(*dm)); 126 1.1 christos dm->d.base.descriptor = &dnstap__dnstap__descriptor; 127 1.1 christos dm->m.base.descriptor = &dnstap__message__descriptor; 128 1.1 christos dm->d.type = DNSTAP__DNSTAP__TYPE__MESSAGE; 129 1.1 christos dm->d.message = &dm->m; 130 1.1 christos dm->m.type = mtype; 131 1.1 christos if (env->identity != NULL) { 132 1.1 christos dm->d.identity.data = (uint8_t *) env->identity; 133 1.1 christos dm->d.identity.len = (size_t) env->len_identity; 134 1.1 christos dm->d.has_identity = 1; 135 1.1 christos } 136 1.1 christos if (env->version != NULL) { 137 1.1 christos dm->d.version.data = (uint8_t *) env->version; 138 1.1 christos dm->d.version.len = (size_t) env->len_version; 139 1.1 christos dm->d.has_version = 1; 140 1.1 christos } 141 1.1 christos } 142 1.1 christos 143 1.1.1.3 christos /* check that the socket file can be opened and exists, print error if not */ 144 1.1.1.3 christos static void 145 1.1.1.3 christos check_socket_file(const char* socket_path) 146 1.1.1.3 christos { 147 1.1.1.3 christos struct stat statbuf; 148 1.1.1.3 christos memset(&statbuf, 0, sizeof(statbuf)); 149 1.1.1.3 christos if(stat(socket_path, &statbuf) < 0) { 150 1.1.1.3 christos log_warn("could not open dnstap-socket-path: %s, %s", 151 1.1.1.3 christos socket_path, strerror(errno)); 152 1.1.1.3 christos } 153 1.1.1.3 christos } 154 1.1.1.3 christos 155 1.1 christos struct dt_env * 156 1.1.1.4 christos dt_create(struct config_file* cfg) 157 1.1 christos { 158 1.1 christos struct dt_env *env; 159 1.1.1.4 christos 160 1.1.1.4 christos if(cfg->dnstap && cfg->dnstap_socket_path && cfg->dnstap_socket_path[0] && 161 1.1.1.4 christos (cfg->dnstap_ip==NULL || cfg->dnstap_ip[0]==0)) { 162 1.1.1.4 christos char* p = cfg->dnstap_socket_path; 163 1.1.1.4 christos if(cfg->chrootdir && cfg->chrootdir[0] && strncmp(p, 164 1.1.1.4 christos cfg->chrootdir, strlen(cfg->chrootdir)) == 0) 165 1.1.1.4 christos p += strlen(cfg->chrootdir); 166 1.1.1.4 christos verbose(VERB_OPS, "attempting to connect to dnstap socket %s", 167 1.1.1.4 christos p); 168 1.1.1.4 christos check_socket_file(p); 169 1.1.1.4 christos } 170 1.1 christos 171 1.1 christos env = (struct dt_env *) calloc(1, sizeof(struct dt_env)); 172 1.1 christos if (!env) 173 1.1 christos return NULL; 174 1.1.1.7 christos lock_basic_init(&env->sample_lock); 175 1.1 christos 176 1.1.1.4 christos env->dtio = dt_io_thread_create(); 177 1.1.1.4 christos if(!env->dtio) { 178 1.1.1.4 christos log_err("malloc failure"); 179 1.1 christos free(env); 180 1.1.1.4 christos return NULL; 181 1.1 christos } 182 1.1.1.4 christos if(!dt_io_thread_apply_cfg(env->dtio, cfg)) { 183 1.1.1.4 christos dt_io_thread_delete(env->dtio); 184 1.1.1.4 christos free(env); 185 1.1.1.4 christos return NULL; 186 1.1.1.4 christos } 187 1.1.1.4 christos dt_apply_cfg(env, cfg); 188 1.1 christos return env; 189 1.1 christos } 190 1.1 christos 191 1.1 christos static void 192 1.1 christos dt_apply_identity(struct dt_env *env, struct config_file *cfg) 193 1.1 christos { 194 1.1 christos char buf[MAXHOSTNAMELEN+1]; 195 1.1.1.7 christos if (!cfg->dnstap_send_identity) { 196 1.1.1.7 christos free(env->identity); 197 1.1.1.7 christos env->identity = NULL; 198 1.1 christos return; 199 1.1.1.7 christos } 200 1.1 christos free(env->identity); 201 1.1 christos if (cfg->dnstap_identity == NULL || cfg->dnstap_identity[0] == 0) { 202 1.1 christos if (gethostname(buf, MAXHOSTNAMELEN) == 0) { 203 1.1 christos buf[MAXHOSTNAMELEN] = 0; 204 1.1 christos env->identity = strdup(buf); 205 1.1 christos } else { 206 1.1 christos fatal_exit("dt_apply_identity: gethostname() failed"); 207 1.1 christos } 208 1.1 christos } else { 209 1.1 christos env->identity = strdup(cfg->dnstap_identity); 210 1.1 christos } 211 1.1 christos if (env->identity == NULL) 212 1.1 christos fatal_exit("dt_apply_identity: strdup() failed"); 213 1.1 christos env->len_identity = (unsigned int)strlen(env->identity); 214 1.1 christos verbose(VERB_OPS, "dnstap identity field set to \"%s\"", 215 1.1 christos env->identity); 216 1.1 christos } 217 1.1 christos 218 1.1 christos static void 219 1.1 christos dt_apply_version(struct dt_env *env, struct config_file *cfg) 220 1.1 christos { 221 1.1.1.7 christos if (!cfg->dnstap_send_version) { 222 1.1.1.7 christos free(env->version); 223 1.1.1.7 christos env->version = NULL; 224 1.1 christos return; 225 1.1.1.7 christos } 226 1.1 christos free(env->version); 227 1.1 christos if (cfg->dnstap_version == NULL || cfg->dnstap_version[0] == 0) 228 1.1 christos env->version = strdup(PACKAGE_STRING); 229 1.1 christos else 230 1.1 christos env->version = strdup(cfg->dnstap_version); 231 1.1 christos if (env->version == NULL) 232 1.1 christos fatal_exit("dt_apply_version: strdup() failed"); 233 1.1 christos env->len_version = (unsigned int)strlen(env->version); 234 1.1 christos verbose(VERB_OPS, "dnstap version field set to \"%s\"", 235 1.1 christos env->version); 236 1.1 christos } 237 1.1 christos 238 1.1 christos void 239 1.1.1.7 christos dt_apply_logcfg(struct dt_env *env, struct config_file *cfg) 240 1.1 christos { 241 1.1 christos if ((env->log_resolver_query_messages = (unsigned int) 242 1.1 christos cfg->dnstap_log_resolver_query_messages)) 243 1.1 christos { 244 1.1 christos verbose(VERB_OPS, "dnstap Message/RESOLVER_QUERY enabled"); 245 1.1 christos } 246 1.1 christos if ((env->log_resolver_response_messages = (unsigned int) 247 1.1 christos cfg->dnstap_log_resolver_response_messages)) 248 1.1 christos { 249 1.1 christos verbose(VERB_OPS, "dnstap Message/RESOLVER_RESPONSE enabled"); 250 1.1 christos } 251 1.1 christos if ((env->log_client_query_messages = (unsigned int) 252 1.1 christos cfg->dnstap_log_client_query_messages)) 253 1.1 christos { 254 1.1 christos verbose(VERB_OPS, "dnstap Message/CLIENT_QUERY enabled"); 255 1.1 christos } 256 1.1 christos if ((env->log_client_response_messages = (unsigned int) 257 1.1 christos cfg->dnstap_log_client_response_messages)) 258 1.1 christos { 259 1.1 christos verbose(VERB_OPS, "dnstap Message/CLIENT_RESPONSE enabled"); 260 1.1 christos } 261 1.1 christos if ((env->log_forwarder_query_messages = (unsigned int) 262 1.1 christos cfg->dnstap_log_forwarder_query_messages)) 263 1.1 christos { 264 1.1 christos verbose(VERB_OPS, "dnstap Message/FORWARDER_QUERY enabled"); 265 1.1 christos } 266 1.1 christos if ((env->log_forwarder_response_messages = (unsigned int) 267 1.1 christos cfg->dnstap_log_forwarder_response_messages)) 268 1.1 christos { 269 1.1 christos verbose(VERB_OPS, "dnstap Message/FORWARDER_RESPONSE enabled"); 270 1.1 christos } 271 1.1.1.7 christos lock_basic_lock(&env->sample_lock); 272 1.1.1.7 christos if((env->sample_rate = (unsigned int)cfg->dnstap_sample_rate)) 273 1.1.1.7 christos { 274 1.1.1.7 christos verbose(VERB_OPS, "dnstap SAMPLE_RATE enabled and set to \"%d\"", (int)env->sample_rate); 275 1.1.1.7 christos } 276 1.1.1.7 christos lock_basic_unlock(&env->sample_lock); 277 1.1.1.7 christos } 278 1.1.1.7 christos 279 1.1.1.7 christos void 280 1.1.1.7 christos dt_apply_cfg(struct dt_env *env, struct config_file *cfg) 281 1.1.1.7 christos { 282 1.1.1.7 christos if (!cfg->dnstap) 283 1.1.1.7 christos return; 284 1.1.1.7 christos 285 1.1.1.7 christos dt_apply_identity(env, cfg); 286 1.1.1.7 christos dt_apply_version(env, cfg); 287 1.1.1.7 christos dt_apply_logcfg(env, cfg); 288 1.1 christos } 289 1.1 christos 290 1.1 christos int 291 1.1.1.4 christos dt_init(struct dt_env *env, struct comm_base* base) 292 1.1 christos { 293 1.1.1.4 christos env->msgqueue = dt_msg_queue_create(base); 294 1.1.1.4 christos if(!env->msgqueue) { 295 1.1.1.4 christos log_err("malloc failure"); 296 1.1.1.4 christos return 0; 297 1.1.1.4 christos } 298 1.1.1.4 christos if(!dt_io_thread_register_queue(env->dtio, env->msgqueue)) { 299 1.1.1.4 christos log_err("malloc failure"); 300 1.1.1.4 christos dt_msg_queue_delete(env->msgqueue); 301 1.1.1.4 christos env->msgqueue = NULL; 302 1.1 christos return 0; 303 1.1.1.4 christos } 304 1.1 christos return 1; 305 1.1 christos } 306 1.1 christos 307 1.1 christos void 308 1.1.1.4 christos dt_deinit(struct dt_env* env) 309 1.1.1.4 christos { 310 1.1.1.4 christos dt_io_thread_unregister_queue(env->dtio, env->msgqueue); 311 1.1.1.4 christos dt_msg_queue_delete(env->msgqueue); 312 1.1.1.4 christos } 313 1.1.1.4 christos 314 1.1.1.4 christos void 315 1.1 christos dt_delete(struct dt_env *env) 316 1.1 christos { 317 1.1 christos if (!env) 318 1.1 christos return; 319 1.1.1.4 christos dt_io_thread_delete(env->dtio); 320 1.1.1.7 christos lock_basic_destroy(&env->sample_lock); 321 1.1 christos free(env->identity); 322 1.1 christos free(env->version); 323 1.1 christos free(env); 324 1.1 christos } 325 1.1 christos 326 1.1 christos static void 327 1.1 christos dt_fill_timeval(const struct timeval *tv, 328 1.1 christos uint64_t *time_sec, protobuf_c_boolean *has_time_sec, 329 1.1 christos uint32_t *time_nsec, protobuf_c_boolean *has_time_nsec) 330 1.1 christos { 331 1.1 christos #ifndef S_SPLINT_S 332 1.1 christos *time_sec = tv->tv_sec; 333 1.1 christos *time_nsec = tv->tv_usec * 1000; 334 1.1 christos #endif 335 1.1 christos *has_time_sec = 1; 336 1.1 christos *has_time_nsec = 1; 337 1.1 christos } 338 1.1 christos 339 1.1 christos static void 340 1.1 christos dt_fill_buffer(sldns_buffer *b, ProtobufCBinaryData *p, protobuf_c_boolean *has) 341 1.1 christos { 342 1.1 christos log_assert(b != NULL); 343 1.1 christos p->len = sldns_buffer_limit(b); 344 1.1 christos p->data = sldns_buffer_begin(b); 345 1.1 christos *has = 1; 346 1.1 christos } 347 1.1 christos 348 1.1 christos static void 349 1.1 christos dt_msg_fill_net(struct dt_msg *dm, 350 1.1.1.5 christos struct sockaddr_storage *qs, 351 1.1.1.5 christos struct sockaddr_storage *rs, 352 1.1 christos enum comm_point_type cptype, 353 1.1.1.7 christos void *cpssl, 354 1.1.1.5 christos ProtobufCBinaryData *qaddr, protobuf_c_boolean *has_qaddr, 355 1.1.1.5 christos uint32_t *qport, protobuf_c_boolean *has_qport, 356 1.1.1.5 christos ProtobufCBinaryData *raddr, protobuf_c_boolean *has_raddr, 357 1.1.1.5 christos uint32_t *rport, protobuf_c_boolean *has_rport) 358 1.1 christos { 359 1.1.1.5 christos log_assert(qs->ss_family == AF_INET6 || qs->ss_family == AF_INET); 360 1.1.1.5 christos if (qs->ss_family == AF_INET6) { 361 1.1.1.5 christos struct sockaddr_in6 *q = (struct sockaddr_in6 *) qs; 362 1.1 christos 363 1.1 christos /* socket_family */ 364 1.1 christos dm->m.socket_family = DNSTAP__SOCKET_FAMILY__INET6; 365 1.1 christos dm->m.has_socket_family = 1; 366 1.1 christos 367 1.1 christos /* addr: query_address or response_address */ 368 1.1.1.5 christos qaddr->data = q->sin6_addr.s6_addr; 369 1.1.1.5 christos qaddr->len = 16; /* IPv6 */ 370 1.1.1.5 christos *has_qaddr = 1; 371 1.1 christos 372 1.1 christos /* port: query_port or response_port */ 373 1.1.1.5 christos *qport = ntohs(q->sin6_port); 374 1.1.1.5 christos *has_qport = 1; 375 1.1.1.5 christos } else if (qs->ss_family == AF_INET) { 376 1.1.1.5 christos struct sockaddr_in *q = (struct sockaddr_in *) qs; 377 1.1 christos 378 1.1 christos /* socket_family */ 379 1.1 christos dm->m.socket_family = DNSTAP__SOCKET_FAMILY__INET; 380 1.1 christos dm->m.has_socket_family = 1; 381 1.1 christos 382 1.1 christos /* addr: query_address or response_address */ 383 1.1.1.5 christos qaddr->data = (uint8_t *) &q->sin_addr.s_addr; 384 1.1.1.5 christos qaddr->len = 4; /* IPv4 */ 385 1.1.1.5 christos *has_qaddr = 1; 386 1.1 christos 387 1.1 christos /* port: query_port or response_port */ 388 1.1.1.5 christos *qport = ntohs(q->sin_port); 389 1.1.1.5 christos *has_qport = 1; 390 1.1 christos } 391 1.1 christos 392 1.1.1.5 christos /* 393 1.1.1.5 christos * This block is to fill second set of fields in DNSTAP-message defined as request_/response_ names. 394 1.1.1.5 christos * Additional responsive structure is: struct sockaddr_storage *rs 395 1.1.1.5 christos */ 396 1.1.1.5 christos if (rs && rs->ss_family == AF_INET6) { 397 1.1.1.5 christos struct sockaddr_in6 *r = (struct sockaddr_in6 *) rs; 398 1.1.1.5 christos 399 1.1.1.5 christos /* addr: query_address or response_address */ 400 1.1.1.5 christos raddr->data = r->sin6_addr.s6_addr; 401 1.1.1.5 christos raddr->len = 16; /* IPv6 */ 402 1.1.1.5 christos *has_raddr = 1; 403 1.1.1.5 christos 404 1.1.1.5 christos /* port: query_port or response_port */ 405 1.1.1.5 christos *rport = ntohs(r->sin6_port); 406 1.1.1.5 christos *has_rport = 1; 407 1.1.1.5 christos } else if (rs && rs->ss_family == AF_INET) { 408 1.1.1.5 christos struct sockaddr_in *r = (struct sockaddr_in *) rs; 409 1.1.1.5 christos 410 1.1.1.5 christos /* addr: query_address or response_address */ 411 1.1.1.5 christos raddr->data = (uint8_t *) &r->sin_addr.s_addr; 412 1.1.1.5 christos raddr->len = 4; /* IPv4 */ 413 1.1.1.5 christos *has_raddr = 1; 414 1.1.1.5 christos 415 1.1.1.5 christos /* port: query_port or response_port */ 416 1.1.1.5 christos *rport = ntohs(r->sin_port); 417 1.1.1.5 christos *has_rport = 1; 418 1.1.1.5 christos } 419 1.1.1.5 christos 420 1.1 christos if (cptype == comm_udp) { 421 1.1 christos /* socket_protocol */ 422 1.1 christos dm->m.socket_protocol = DNSTAP__SOCKET_PROTOCOL__UDP; 423 1.1 christos dm->m.has_socket_protocol = 1; 424 1.1 christos } else if (cptype == comm_tcp) { 425 1.1.1.7 christos if (cpssl == NULL) { 426 1.1.1.7 christos /* socket_protocol */ 427 1.1.1.7 christos dm->m.socket_protocol = DNSTAP__SOCKET_PROTOCOL__TCP; 428 1.1.1.7 christos dm->m.has_socket_protocol = 1; 429 1.1.1.7 christos } else { 430 1.1.1.7 christos /* socket_protocol */ 431 1.1.1.7 christos dm->m.socket_protocol = DNSTAP__SOCKET_PROTOCOL__DOT; 432 1.1.1.7 christos dm->m.has_socket_protocol = 1; 433 1.1.1.7 christos } 434 1.1.1.7 christos } else if (cptype == comm_http) { 435 1.1 christos /* socket_protocol */ 436 1.1.1.7 christos dm->m.socket_protocol = DNSTAP__SOCKET_PROTOCOL__DOH; 437 1.1.1.7 christos dm->m.has_socket_protocol = 1; 438 1.1.1.7 christos } else { 439 1.1.1.7 christos /* other socket protocol */ 440 1.1 christos dm->m.socket_protocol = DNSTAP__SOCKET_PROTOCOL__TCP; 441 1.1 christos dm->m.has_socket_protocol = 1; 442 1.1 christos } 443 1.1 christos } 444 1.1 christos 445 1.1 christos void 446 1.1 christos dt_msg_send_client_query(struct dt_env *env, 447 1.1 christos struct sockaddr_storage *qsock, 448 1.1.1.5 christos struct sockaddr_storage *rsock, 449 1.1 christos enum comm_point_type cptype, 450 1.1.1.7 christos void *cpssl, 451 1.1.1.6 christos sldns_buffer *qmsg, 452 1.1.1.6 christos struct timeval* tstamp) 453 1.1 christos { 454 1.1 christos struct dt_msg dm; 455 1.1 christos struct timeval qtime; 456 1.1 christos 457 1.1.1.7 christos if(dt_sample_rate_limited(env)) 458 1.1.1.7 christos return; 459 1.1.1.7 christos 460 1.1.1.6 christos if(tstamp) 461 1.1.1.6 christos memcpy(&qtime, tstamp, sizeof(qtime)); 462 1.1.1.6 christos else gettimeofday(&qtime, NULL); 463 1.1 christos 464 1.1 christos /* type */ 465 1.1 christos dt_msg_init(env, &dm, DNSTAP__MESSAGE__TYPE__CLIENT_QUERY); 466 1.1 christos 467 1.1 christos /* query_time */ 468 1.1 christos dt_fill_timeval(&qtime, 469 1.1 christos &dm.m.query_time_sec, &dm.m.has_query_time_sec, 470 1.1 christos &dm.m.query_time_nsec, &dm.m.has_query_time_nsec); 471 1.1 christos 472 1.1 christos /* query_message */ 473 1.1 christos dt_fill_buffer(qmsg, &dm.m.query_message, &dm.m.has_query_message); 474 1.1 christos 475 1.1.1.5 christos /* socket_family, socket_protocol, query_address, query_port, response_address, response_port */ 476 1.1.1.7 christos dt_msg_fill_net(&dm, qsock, rsock, cptype, cpssl, 477 1.1 christos &dm.m.query_address, &dm.m.has_query_address, 478 1.1.1.5 christos &dm.m.query_port, &dm.m.has_query_port, 479 1.1.1.5 christos &dm.m.response_address, &dm.m.has_response_address, 480 1.1.1.5 christos &dm.m.response_port, &dm.m.has_response_port); 481 1.1.1.5 christos 482 1.1 christos 483 1.1 christos if (dt_pack(&dm.d, &dm.buf, &dm.len_buf)) 484 1.1 christos dt_send(env, dm.buf, dm.len_buf); 485 1.1 christos } 486 1.1 christos 487 1.1 christos void 488 1.1 christos dt_msg_send_client_response(struct dt_env *env, 489 1.1 christos struct sockaddr_storage *qsock, 490 1.1.1.5 christos struct sockaddr_storage *rsock, 491 1.1 christos enum comm_point_type cptype, 492 1.1.1.7 christos void *cpssl, 493 1.1 christos sldns_buffer *rmsg) 494 1.1 christos { 495 1.1 christos struct dt_msg dm; 496 1.1 christos struct timeval rtime; 497 1.1 christos 498 1.1.1.7 christos if(dt_sample_rate_limited(env)) 499 1.1.1.7 christos return; 500 1.1.1.7 christos 501 1.1 christos gettimeofday(&rtime, NULL); 502 1.1 christos 503 1.1 christos /* type */ 504 1.1 christos dt_msg_init(env, &dm, DNSTAP__MESSAGE__TYPE__CLIENT_RESPONSE); 505 1.1 christos 506 1.1 christos /* response_time */ 507 1.1 christos dt_fill_timeval(&rtime, 508 1.1 christos &dm.m.response_time_sec, &dm.m.has_response_time_sec, 509 1.1 christos &dm.m.response_time_nsec, &dm.m.has_response_time_nsec); 510 1.1 christos 511 1.1 christos /* response_message */ 512 1.1 christos dt_fill_buffer(rmsg, &dm.m.response_message, &dm.m.has_response_message); 513 1.1 christos 514 1.1.1.5 christos /* socket_family, socket_protocol, query_address, query_port, response_address, response_port */ 515 1.1.1.7 christos dt_msg_fill_net(&dm, qsock, rsock, cptype, cpssl, 516 1.1 christos &dm.m.query_address, &dm.m.has_query_address, 517 1.1.1.5 christos &dm.m.query_port, &dm.m.has_query_port, 518 1.1.1.5 christos &dm.m.response_address, &dm.m.has_response_address, 519 1.1.1.5 christos &dm.m.response_port, &dm.m.has_response_port); 520 1.1 christos 521 1.1 christos if (dt_pack(&dm.d, &dm.buf, &dm.len_buf)) 522 1.1 christos dt_send(env, dm.buf, dm.len_buf); 523 1.1 christos } 524 1.1 christos 525 1.1 christos void 526 1.1 christos dt_msg_send_outside_query(struct dt_env *env, 527 1.1 christos struct sockaddr_storage *rsock, 528 1.1.1.5 christos struct sockaddr_storage *qsock, 529 1.1 christos enum comm_point_type cptype, 530 1.1.1.7 christos void *cpssl, 531 1.1 christos uint8_t *zone, size_t zone_len, 532 1.1 christos sldns_buffer *qmsg) 533 1.1 christos { 534 1.1 christos struct dt_msg dm; 535 1.1 christos struct timeval qtime; 536 1.1 christos uint16_t qflags; 537 1.1 christos 538 1.1.1.7 christos if(dt_sample_rate_limited(env)) 539 1.1.1.7 christos return; 540 1.1.1.7 christos 541 1.1 christos gettimeofday(&qtime, NULL); 542 1.1 christos qflags = sldns_buffer_read_u16_at(qmsg, 2); 543 1.1 christos 544 1.1 christos /* type */ 545 1.1.1.8 christos if ((qflags & BIT_RD)) { 546 1.1 christos if (!env->log_forwarder_query_messages) 547 1.1 christos return; 548 1.1 christos dt_msg_init(env, &dm, DNSTAP__MESSAGE__TYPE__FORWARDER_QUERY); 549 1.1 christos } else { 550 1.1 christos if (!env->log_resolver_query_messages) 551 1.1 christos return; 552 1.1 christos dt_msg_init(env, &dm, DNSTAP__MESSAGE__TYPE__RESOLVER_QUERY); 553 1.1 christos } 554 1.1 christos 555 1.1 christos /* query_zone */ 556 1.1 christos dm.m.query_zone.data = zone; 557 1.1 christos dm.m.query_zone.len = zone_len; 558 1.1 christos dm.m.has_query_zone = 1; 559 1.1 christos 560 1.1 christos /* query_time_sec, query_time_nsec */ 561 1.1 christos dt_fill_timeval(&qtime, 562 1.1 christos &dm.m.query_time_sec, &dm.m.has_query_time_sec, 563 1.1 christos &dm.m.query_time_nsec, &dm.m.has_query_time_nsec); 564 1.1 christos 565 1.1 christos /* query_message */ 566 1.1 christos dt_fill_buffer(qmsg, &dm.m.query_message, &dm.m.has_query_message); 567 1.1 christos 568 1.1.1.5 christos /* socket_family, socket_protocol, response_address, response_port, query_address, query_port */ 569 1.1.1.7 christos dt_msg_fill_net(&dm, rsock, qsock, cptype, cpssl, 570 1.1 christos &dm.m.response_address, &dm.m.has_response_address, 571 1.1.1.5 christos &dm.m.response_port, &dm.m.has_response_port, 572 1.1.1.5 christos &dm.m.query_address, &dm.m.has_query_address, 573 1.1.1.5 christos &dm.m.query_port, &dm.m.has_query_port); 574 1.1 christos 575 1.1 christos if (dt_pack(&dm.d, &dm.buf, &dm.len_buf)) 576 1.1 christos dt_send(env, dm.buf, dm.len_buf); 577 1.1 christos } 578 1.1 christos 579 1.1 christos void 580 1.1 christos dt_msg_send_outside_response(struct dt_env *env, 581 1.1.1.5 christos struct sockaddr_storage *rsock, 582 1.1.1.5 christos struct sockaddr_storage *qsock, 583 1.1.1.5 christos enum comm_point_type cptype, 584 1.1.1.7 christos void *cpssl, 585 1.1.1.5 christos uint8_t *zone, size_t zone_len, 586 1.1.1.5 christos uint8_t *qbuf, size_t qbuf_len, 587 1.1.1.5 christos const struct timeval *qtime, 588 1.1.1.5 christos const struct timeval *rtime, 589 1.1.1.5 christos sldns_buffer *rmsg) 590 1.1 christos { 591 1.1 christos struct dt_msg dm; 592 1.1 christos uint16_t qflags; 593 1.1 christos 594 1.1.1.7 christos if(dt_sample_rate_limited(env)) 595 1.1.1.7 christos return; 596 1.1.1.7 christos 597 1.1.1.5 christos (void)qbuf_len; log_assert(qbuf_len >= sizeof(qflags)); 598 1.1 christos memcpy(&qflags, qbuf, sizeof(qflags)); 599 1.1 christos qflags = ntohs(qflags); 600 1.1 christos 601 1.1 christos /* type */ 602 1.1.1.8 christos if ((qflags & BIT_RD)) { 603 1.1 christos if (!env->log_forwarder_response_messages) 604 1.1 christos return; 605 1.1 christos dt_msg_init(env, &dm, DNSTAP__MESSAGE__TYPE__FORWARDER_RESPONSE); 606 1.1 christos } else { 607 1.1 christos if (!env->log_resolver_response_messages) 608 1.1 christos return; 609 1.1 christos dt_msg_init(env, &dm, DNSTAP__MESSAGE__TYPE__RESOLVER_RESPONSE); 610 1.1 christos } 611 1.1 christos 612 1.1 christos /* query_zone */ 613 1.1 christos dm.m.query_zone.data = zone; 614 1.1 christos dm.m.query_zone.len = zone_len; 615 1.1 christos dm.m.has_query_zone = 1; 616 1.1 christos 617 1.1 christos /* query_time_sec, query_time_nsec */ 618 1.1 christos dt_fill_timeval(qtime, 619 1.1 christos &dm.m.query_time_sec, &dm.m.has_query_time_sec, 620 1.1 christos &dm.m.query_time_nsec, &dm.m.has_query_time_nsec); 621 1.1 christos 622 1.1 christos /* response_time_sec, response_time_nsec */ 623 1.1 christos dt_fill_timeval(rtime, 624 1.1 christos &dm.m.response_time_sec, &dm.m.has_response_time_sec, 625 1.1 christos &dm.m.response_time_nsec, &dm.m.has_response_time_nsec); 626 1.1 christos 627 1.1 christos /* response_message */ 628 1.1 christos dt_fill_buffer(rmsg, &dm.m.response_message, &dm.m.has_response_message); 629 1.1 christos 630 1.1.1.5 christos /* socket_family, socket_protocol, response_address, response_port, query_address, query_port */ 631 1.1.1.7 christos dt_msg_fill_net(&dm, rsock, qsock, cptype, cpssl, 632 1.1 christos &dm.m.response_address, &dm.m.has_response_address, 633 1.1.1.5 christos &dm.m.response_port, &dm.m.has_response_port, 634 1.1.1.5 christos &dm.m.query_address, &dm.m.has_query_address, 635 1.1.1.5 christos &dm.m.query_port, &dm.m.has_query_port); 636 1.1 christos 637 1.1 christos if (dt_pack(&dm.d, &dm.buf, &dm.len_buf)) 638 1.1 christos dt_send(env, dm.buf, dm.len_buf); 639 1.1 christos } 640 1.1 christos 641 1.1 christos #endif /* USE_DNSTAP */ 642
Indexes created Thu Mar 26 00:23:24 UTC 2026