diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-10 19:05:44 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-10 19:05:44 +0000 |
commit | b045529c40c83601909dca7b76a53498e9a70f33 (patch) | |
tree | 88371572105933fd950676c07b3a12163a0c9de0 /src/contrib/dnstap | |
parent | Initial commit. (diff) | |
download | knot-b045529c40c83601909dca7b76a53498e9a70f33.tar.xz knot-b045529c40c83601909dca7b76a53498e9a70f33.zip |
Adding upstream version 3.3.4.upstream/3.3.4
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'src/contrib/dnstap')
-rw-r--r-- | src/contrib/dnstap/convert.c | 146 | ||||
-rw-r--r-- | src/contrib/dnstap/convert.h | 60 | ||||
-rw-r--r-- | src/contrib/dnstap/dnstap.c | 41 | ||||
-rw-r--r-- | src/contrib/dnstap/dnstap.h | 47 | ||||
-rw-r--r-- | src/contrib/dnstap/dnstap.proto | 331 | ||||
-rw-r--r-- | src/contrib/dnstap/message.c | 130 | ||||
-rw-r--r-- | src/contrib/dnstap/message.h | 63 | ||||
-rw-r--r-- | src/contrib/dnstap/reader.c | 103 | ||||
-rw-r--r-- | src/contrib/dnstap/reader.h | 73 | ||||
-rw-r--r-- | src/contrib/dnstap/writer.c | 120 | ||||
-rw-r--r-- | src/contrib/dnstap/writer.h | 71 |
11 files changed, 1185 insertions, 0 deletions
diff --git a/src/contrib/dnstap/convert.c b/src/contrib/dnstap/convert.c new file mode 100644 index 0000000..c9dca1d --- /dev/null +++ b/src/contrib/dnstap/convert.c @@ -0,0 +1,146 @@ +/* Copyright (C) 2023 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz> + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see <https://www.gnu.org/licenses/>. + */ + +#include <sys/socket.h> +#include <sys/types.h> +#include <netinet/in.h> +#include <netinet/ip.h> + +#include "contrib/dnstap/convert.h" +#include "contrib/dnstap/dnstap.pb-c.h" +#include "libknot/probe/data.h" + +/*! + * \brief Translation between real and Dnstap value. + */ +typedef struct mapping { + int real; + int dnstap; +} mapping_t; + +/*! + * \brief Mapping for network family. + */ +static const mapping_t SOCKET_FAMILY_MAPPING[] = { + { AF_INET, DNSTAP__SOCKET_FAMILY__INET }, + { AF_INET6, DNSTAP__SOCKET_FAMILY__INET6 }, + { 0 } +}; + +/*! + * \brief Mapping from network protocol. + */ +static const mapping_t SOCKET_PROTOCOL_MAPPING[] = { + { KNOT_PROBE_PROTO_UDP, DNSTAP__SOCKET_PROTOCOL__UDP }, + { KNOT_PROBE_PROTO_TCP, DNSTAP__SOCKET_PROTOCOL__TCP }, + { KNOT_PROBE_PROTO_TLS, DNSTAP__SOCKET_PROTOCOL__DOT }, + { KNOT_PROBE_PROTO_HTTPS, DNSTAP__SOCKET_PROTOCOL__DOH }, + { KNOT_PROBE_PROTO_QUIC, DNSTAP__SOCKET_PROTOCOL__DOQ }, + { 0 } +}; + +/*! + * \brief Get Dnstap value for a given real value. + */ +static int encode(const mapping_t *mapping, int real) +{ + for (const mapping_t *m = mapping; m->dnstap != 0; m += 1) { + if (m->real == real) { + return m->dnstap; + } + } + + return 0; +} + +/*! + * \brief Get real value for a given Dnstap value. + */ +static int decode(const mapping_t *mapping, int dnstap) +{ + for (const mapping_t *m = mapping; m->dnstap != 0; m += 1) { + if (m->dnstap == dnstap) { + return m->real; + } + } + + return 0; +} + +/* -- public API ----------------------------------------------------------- */ + +Dnstap__SocketFamily dt_family_encode(int family) +{ + return encode(SOCKET_FAMILY_MAPPING, family); +} + +int dt_family_decode(Dnstap__SocketFamily dnstap_family) +{ + return decode(SOCKET_FAMILY_MAPPING, dnstap_family); +} + +Dnstap__SocketProtocol dt_protocol_encode(int protocol) +{ + return encode(SOCKET_PROTOCOL_MAPPING, protocol); +} + +int dt_protocol_decode(Dnstap__SocketProtocol dnstap_protocol) +{ + return decode(SOCKET_PROTOCOL_MAPPING, dnstap_protocol); +} + +bool dt_message_type_is_query(Dnstap__Message__Type type) +{ + switch (type) { + case DNSTAP__MESSAGE__TYPE__AUTH_QUERY: + case DNSTAP__MESSAGE__TYPE__CLIENT_QUERY: + case DNSTAP__MESSAGE__TYPE__FORWARDER_QUERY: + case DNSTAP__MESSAGE__TYPE__RESOLVER_QUERY: + case DNSTAP__MESSAGE__TYPE__STUB_QUERY: + case DNSTAP__MESSAGE__TYPE__TOOL_QUERY: + return true; + default: + return false; + } +} + +bool dt_message_type_is_response(Dnstap__Message__Type type) +{ + switch (type) { + case DNSTAP__MESSAGE__TYPE__AUTH_RESPONSE: + case DNSTAP__MESSAGE__TYPE__CLIENT_RESPONSE: + case DNSTAP__MESSAGE__TYPE__FORWARDER_RESPONSE: + case DNSTAP__MESSAGE__TYPE__RESOLVER_RESPONSE: + case DNSTAP__MESSAGE__TYPE__STUB_RESPONSE: + case DNSTAP__MESSAGE__TYPE__TOOL_RESPONSE: + return true; + default: + return false; + } +} + +bool dt_message_role_is_initiator(Dnstap__Message__Type type) +{ + switch (type) { + case DNSTAP__MESSAGE__TYPE__AUTH_QUERY: + case DNSTAP__MESSAGE__TYPE__AUTH_RESPONSE: + case DNSTAP__MESSAGE__TYPE__CLIENT_QUERY: + case DNSTAP__MESSAGE__TYPE__CLIENT_RESPONSE: + return false; + default: + return true; + } +} diff --git a/src/contrib/dnstap/convert.h b/src/contrib/dnstap/convert.h new file mode 100644 index 0000000..0e2a86a --- /dev/null +++ b/src/contrib/dnstap/convert.h @@ -0,0 +1,60 @@ +/* Copyright (C) 2018 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz> + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see <https://www.gnu.org/licenses/>. + */ + +/*! + * \brief Dnstap identifiers conversions. + */ + +#pragma once + +#include <stdbool.h> + +#include "contrib/dnstap/dnstap.pb-c.h" + +/*! + * \brief Get Dnstap socket family from the real one. + */ +Dnstap__SocketFamily dt_family_encode(int family); + +/*! + * \brief Get real socket family from the Dnstap one. + */ +int dt_family_decode(Dnstap__SocketFamily dnstap_family); + +/*! + * \brief Get Dnstap protocol from a real one. + */ +Dnstap__SocketProtocol dt_protocol_encode(int protocol); + +/*! + * \brief Get real protocol from the Dnstap one. + */ +int dt_protocol_decode(Dnstap__SocketProtocol dnstap_protocol); + +/*! + * Check if a message type is any type of a query. + */ +bool dt_message_type_is_query(Dnstap__Message__Type type); + +/*! + * Check if a message type is any type of a response. + */ +bool dt_message_type_is_response(Dnstap__Message__Type type); + +/*! + * Check if a message role is any type of an initiator. + */ +bool dt_message_role_is_initiator(Dnstap__Message__Type type); diff --git a/src/contrib/dnstap/dnstap.c b/src/contrib/dnstap/dnstap.c new file mode 100644 index 0000000..1516b4d --- /dev/null +++ b/src/contrib/dnstap/dnstap.c @@ -0,0 +1,41 @@ +/* Copyright (C) 2014 Farsight Security, Inc. <software@farsightsecurity.com> + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see <https://www.gnu.org/licenses/>. + */ + +#include <stdint.h> +#include <stdlib.h> + +#include "contrib/dnstap/dnstap.h" +#include "contrib/dnstap/dnstap.pb-c.h" + +#define DNSTAP_INITIAL_BUF_SIZE 256 + +uint8_t* dt_pack(const Dnstap__Dnstap *d, uint8_t **buf, size_t *sz) +{ + ProtobufCBufferSimple sbuf = { { NULL } }; + + sbuf.base.append = protobuf_c_buffer_simple_append; + sbuf.len = 0; + sbuf.alloced = DNSTAP_INITIAL_BUF_SIZE; + sbuf.data = malloc(sbuf.alloced); + if (sbuf.data == NULL) { + return NULL; + } + sbuf.must_free_data = 1; + + *sz = dnstap__dnstap__pack_to_buffer(d, (ProtobufCBuffer *) &sbuf); + *buf = sbuf.data; + return *buf; +} diff --git a/src/contrib/dnstap/dnstap.h b/src/contrib/dnstap/dnstap.h new file mode 100644 index 0000000..f7aecbc --- /dev/null +++ b/src/contrib/dnstap/dnstap.h @@ -0,0 +1,47 @@ +/* Copyright (C) 2014 Farsight Security, Inc. <software@farsightsecurity.com> + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see <https://www.gnu.org/licenses/>. + */ + +/*! + * \author Robert Edmonds <edmonds@fsi.io> + * + * \brief Public interface for dnstap. + */ + +#pragma once + +#include <stddef.h> +#include <stdint.h> + +#include "contrib/dnstap/dnstap.pb-c.h" + +/*! \brief Frame Streams "Content Type" value for dnstap. */ +#define DNSTAP_CONTENT_TYPE "protobuf:dnstap.Dnstap" + +/*! + * \brief Serializes a filled out dnstap protobuf struct. Dynamically allocates + * storage for the serialized frame. + * + * \note This function returns a copy of its parameter return value 'buf' to + * make error checking slightly easier. + * + * \param d dnstap protobuf struct. + * \param[out] buf Serialized frame. + * \param[out] sz Size in bytes of the serialized frame. + * + * \return Serialized frame. + * \retval NULL if error. + */ +uint8_t* dt_pack(const Dnstap__Dnstap *d, uint8_t **buf, size_t *sz); diff --git a/src/contrib/dnstap/dnstap.proto b/src/contrib/dnstap/dnstap.proto new file mode 100644 index 0000000..dfc8ad4 --- /dev/null +++ b/src/contrib/dnstap/dnstap.proto @@ -0,0 +1,331 @@ +// dnstap: flexible, structured event replication format for DNS software +// +// This file contains the protobuf schemas for the "dnstap" structured event +// replication format for DNS software. + +// Written in 2013-2014 by Farsight Security, Inc. +// +// To the extent possible under law, the author(s) have dedicated all +// copyright and related and neighboring rights to this file to the public +// domain worldwide. This file is distributed without any warranty. +// +// You should have received a copy of the CC0 Public Domain Dedication along +// with this file. If not, see: +// +// <http://creativecommons.org/publicdomain/zero/1.0/>. + +syntax = "proto2"; +package dnstap; + +// "Dnstap": this is the top-level dnstap type, which is a "union" type that +// contains other kinds of dnstap payloads, although currently only one type +// of dnstap payload is defined. +// See: https://developers.google.com/protocol-buffers/docs/techniques#union +message Dnstap { + // DNS server identity. + // If enabled, this is the identity string of the DNS server which generated + // this message. Typically this would be the same string as returned by an + // "NSID" (RFC 5001) query. + optional bytes identity = 1; + + // DNS server version. + // If enabled, this is the version string of the DNS server which generated + // this message. Typically this would be the same string as returned by a + // "version.bind" query. + optional bytes version = 2; + + // Extra data for this payload. + // This field can be used for adding an arbitrary byte-string annotation to + // the payload. No encoding or interpretation is applied or enforced. + optional bytes extra = 3; + + // Identifies which field below is filled in. + enum Type { + MESSAGE = 1; + } + required Type type = 15; + + // One of the following will be filled in. + optional Message message = 14; +} + +// SocketFamily: the network protocol family of a socket. This specifies how +// to interpret "network address" fields. +enum SocketFamily { + INET = 1; // IPv4 (RFC 791) + INET6 = 2; // IPv6 (RFC 2460) +} + +// SocketProtocol: the protocol used to transport a DNS message. +enum SocketProtocol { + UDP = 1; // DNS over UDP transport (RFC 1035 section 4.2.1) + TCP = 2; // DNS over TCP transport (RFC 1035 section 4.2.2) + DOT = 3; // DNS over TLS (RFC 7858) + DOH = 4; // DNS over HTTPS (RFC 8484) + DNSCryptUDP = 5; // DNSCrypt over UDP (https://dnscrypt.info/protocol) + DNSCryptTCP = 6; // DNSCrypt over TCP (https://dnscrypt.info/protocol) + DOQ = 7; // DNS over QUIC (RFC 9250) +} + +// Policy: information about any name server operator policy +// applied to the processing of a DNS message. +message Policy { + + // Match: what aspect of the message or message exchange + // triggered the application of the Policy. + enum Match { + QNAME = 1; // Name in question section of query + CLIENT_IP = 2; // Client IP address + RESPONSE_IP = 3; // Address in A/AAAA RRSet + NS_NAME = 4; // Authoritative name server, by name + NS_IP = 5; // Authoritative name server, by IP address + } + + // The Action taken to implement the Policy. + enum Action { + NXDOMAIN = 1; // Respond with NXDOMAIN + NODATA = 2; // Respond with empty answer section + PASS = 3; // Do not alter the response (passthrough) + DROP = 4; // Do not respond. + TRUNCATE = 5; // Truncate UDP response, forcing TCP retry + LOCAL_DATA = 6; // Respond with local data from policy + } + + // type: the type of policy applied, e.g. "RPZ" for a + // policy from a Response Policy Zone. + optional string type = 1; + + // rule: the rule matched by the message. + // + // In a RPZ context, this is the owner name of the rule in + // the Reponse Policy Zone in wire format. + optional bytes rule = 2; + + // action: the policy action taken in response to the + // rule match. + optional Action action = 3; + + // match: the feature of the message exchange which matched the rule. + optional Match match = 4; + + // The matched value. Format depends on the matched feature . + optional bytes value = 5; +} + +// Message: a wire-format (RFC 1035 section 4) DNS message and associated +// metadata. Applications generating "Message" payloads should follow +// certain requirements based on the MessageType, see below. +message Message { + + // There are eight types of "Message" defined that correspond to the + // four arrows in the following diagram, slightly modified from RFC 1035 + // section 2: + + // +---------+ +----------+ +--------+ + // | | query | | query | | + // | Stub |-SQ--------CQ->| Recursive|-RQ----AQ->| Auth. | + // | Resolver| | Server | | Name | + // | |<-SR--------CR-| |<-RR----AR-| Server | + // +---------+ response | | response | | + // +----------+ +--------+ + + // Each arrow has two Type values each, one for each "end" of each arrow, + // because these are considered to be distinct events. Each end of each + // arrow on the diagram above has been marked with a two-letter Type + // mnemonic. Clockwise from upper left, these mnemonic values are: + // + // SQ: STUB_QUERY + // CQ: CLIENT_QUERY + // RQ: RESOLVER_QUERY + // AQ: AUTH_QUERY + // AR: AUTH_RESPONSE + // RR: RESOLVER_RESPONSE + // CR: CLIENT_RESPONSE + // SR: STUB_RESPONSE + + // Two additional types of "Message" have been defined for the + // "forwarding" case where an upstream DNS server is responsible for + // further recursion. These are not shown on the diagram above, but have + // the following mnemonic values: + + // FQ: FORWARDER_QUERY + // FR: FORWARDER_RESPONSE + + // The "Message" Type values are defined below. + + enum Type { + // AUTH_QUERY is a DNS query message received from a resolver by an + // authoritative name server, from the perspective of the authoritative + // name server. + AUTH_QUERY = 1; + + // AUTH_RESPONSE is a DNS response message sent from an authoritative + // name server to a resolver, from the perspective of the authoritative + // name server. + AUTH_RESPONSE = 2; + + // RESOLVER_QUERY is a DNS query message sent from a resolver to an + // authoritative name server, from the perspective of the resolver. + // Resolvers typically clear the RD (recursion desired) bit when + // sending queries. + RESOLVER_QUERY = 3; + + // RESOLVER_RESPONSE is a DNS response message received from an + // authoritative name server by a resolver, from the perspective of + // the resolver. + RESOLVER_RESPONSE = 4; + + // CLIENT_QUERY is a DNS query message sent from a client to a DNS + // server which is expected to perform further recursion, from the + // perspective of the DNS server. The client may be a stub resolver or + // forwarder or some other type of software which typically sets the RD + // (recursion desired) bit when querying the DNS server. The DNS server + // may be a simple forwarding proxy or it may be a full recursive + // resolver. + CLIENT_QUERY = 5; + + // CLIENT_RESPONSE is a DNS response message sent from a DNS server to + // a client, from the perspective of the DNS server. The DNS server + // typically sets the RA (recursion available) bit when responding. + CLIENT_RESPONSE = 6; + + // FORWARDER_QUERY is a DNS query message sent from a downstream DNS + // server to an upstream DNS server which is expected to perform + // further recursion, from the perspective of the downstream DNS + // server. + FORWARDER_QUERY = 7; + + // FORWARDER_RESPONSE is a DNS response message sent from an upstream + // DNS server performing recursion to a downstream DNS server, from the + // perspective of the downstream DNS server. + FORWARDER_RESPONSE = 8; + + // STUB_QUERY is a DNS query message sent from a stub resolver to a DNS + // server, from the perspective of the stub resolver. + STUB_QUERY = 9; + + // STUB_RESPONSE is a DNS response message sent from a DNS server to a + // stub resolver, from the perspective of the stub resolver. + STUB_RESPONSE = 10; + + // TOOL_QUERY is a DNS query message sent from a DNS software tool to a + // DNS server, from the perspective of the tool. + TOOL_QUERY = 11; + + // TOOL_RESPONSE is a DNS response message received by a DNS software + // tool from a DNS server, from the perspective of the tool. + TOOL_RESPONSE = 12; + + // UPDATE_QUERY is a Dynamic DNS Update request (RFC 2136) received + // by an authoritative name server, from the perspective of the + // authoritative name server. + UPDATE_QUERY = 13; + + // UPDATE_RESPONSE is a Dynamic DNS Update response (RFC 2136) sent + // from an authoritative name server, from the perspective of the + // authoritative name server. + UPDATE_RESPONSE = 14; + } + + // One of the Type values described above. + required Type type = 1; + + // One of the SocketFamily values described above. + optional SocketFamily socket_family = 2; + + // One of the SocketProtocol values described above. + optional SocketProtocol socket_protocol = 3; + + // The network address of the message initiator. + // For SocketFamily INET, this field is 4 octets (IPv4 address). + // For SocketFamily INET6, this field is 16 octets (IPv6 address). + optional bytes query_address = 4; + + // The network address of the message responder. + // For SocketFamily INET, this field is 4 octets (IPv4 address). + // For SocketFamily INET6, this field is 16 octets (IPv6 address). + optional bytes response_address = 5; + + // The transport port of the message initiator. + // This is a 16-bit UDP or TCP port number, depending on SocketProtocol. + optional uint32 query_port = 6; + + // The transport port of the message responder. + // This is a 16-bit UDP or TCP port number, depending on SocketProtocol. + optional uint32 response_port = 7; + + // The time at which the DNS query message was sent or received, depending + // on whether this is an AUTH_QUERY, RESOLVER_QUERY, or CLIENT_QUERY. + // This is the number of seconds since the UNIX epoch. + optional uint64 query_time_sec = 8; + + // The time at which the DNS query message was sent or received. + // This is the seconds fraction, expressed as a count of nanoseconds. + optional fixed32 query_time_nsec = 9; + + // The initiator's original wire-format DNS query message, verbatim. + optional bytes query_message = 10; + + // The "zone" or "bailiwick" pertaining to the DNS query message. + // This is a wire-format DNS domain name. + optional bytes query_zone = 11; + + // The time at which the DNS response message was sent or received, + // depending on whether this is an AUTH_RESPONSE, RESOLVER_RESPONSE, or + // CLIENT_RESPONSE. + // This is the number of seconds since the UNIX epoch. + optional uint64 response_time_sec = 12; + + // The time at which the DNS response message was sent or received. + // This is the seconds fraction, expressed as a count of nanoseconds. + optional fixed32 response_time_nsec = 13; + + // The responder's original wire-format DNS response message, verbatim. + optional bytes response_message = 14; + + // Operator policy applied to the processing of this message, if any. + optional Policy policy = 15; +} + +// All fields except for 'type' in the Message schema are optional. +// It is recommended that at least the following fields be filled in for +// particular types of Messages. + +// AUTH_QUERY: +// socket_family, socket_protocol +// query_address, query_port +// query_message +// query_time_sec, query_time_nsec + +// AUTH_RESPONSE: +// socket_family, socket_protocol +// query_address, query_port +// query_time_sec, query_time_nsec +// response_message +// response_time_sec, response_time_nsec + +// RESOLVER_QUERY: +// socket_family, socket_protocol +// query_message +// query_time_sec, query_time_nsec +// query_zone +// response_address, response_port + +// RESOLVER_RESPONSE: +// socket_family, socket_protocol +// query_time_sec, query_time_nsec +// query_zone +// response_address, response_port +// response_message +// response_time_sec, response_time_nsec + +// CLIENT_QUERY: +// socket_family, socket_protocol +// query_message +// query_time_sec, query_time_nsec + +// CLIENT_RESPONSE: +// socket_family, socket_protocol +// query_time_sec, query_time_nsec +// response_message +// response_time_sec, response_time_nsec diff --git a/src/contrib/dnstap/message.c b/src/contrib/dnstap/message.c new file mode 100644 index 0000000..a5f798e --- /dev/null +++ b/src/contrib/dnstap/message.c @@ -0,0 +1,130 @@ +/* Copyright (C) 2017 Farsight Security, Inc. <software@farsightsecurity.com> + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see <https://www.gnu.org/licenses/>. + */ + +#include <netinet/in.h> +#include <stdbool.h> +#include <stdint.h> +#include <stdlib.h> +#include <string.h> + +#include "libknot/errcode.h" + +#include "contrib/dnstap/convert.h" +#include "contrib/dnstap/message.h" + +static void set_address(const struct sockaddr *sockaddr, + ProtobufCBinaryData *addr, + protobuf_c_boolean *has_addr, + uint32_t *port, + protobuf_c_boolean *has_port) +{ + if (sockaddr == NULL) { + *has_addr = 0; + *has_port = 0; + return; + } + + *has_addr = 1; + *has_port = 1; + + if (sockaddr->sa_family == AF_INET) { + const struct sockaddr_in *sai; + sai = (const struct sockaddr_in *)sockaddr; + addr->len = sizeof(sai->sin_addr); + addr->data = (uint8_t *)&sai->sin_addr.s_addr; + *port = ntohs(sai->sin_port); + } else if (sockaddr->sa_family == AF_INET6) { + const struct sockaddr_in6 *sai6; + sai6 = (const struct sockaddr_in6 *)sockaddr; + addr->len = sizeof(sai6->sin6_addr); + addr->data = (uint8_t *)&sai6->sin6_addr.s6_addr; + *port = ntohs(sai6->sin6_port); + } +} + +static int get_family(const struct sockaddr *query_sa, + const struct sockaddr *response_sa) +{ + const struct sockaddr *source = query_sa ? query_sa : response_sa; + if (source == NULL) { + return 0; + } + + return dt_family_encode(source->sa_family); +} + +int dt_message_fill(Dnstap__Message *m, + const Dnstap__Message__Type type, + const struct sockaddr *query_sa, + const struct sockaddr *response_sa, + const int protocol, + const void *wire, + const size_t len_wire, + const struct timespec *mtime) +{ + if (m == NULL) { + return KNOT_EINVAL; + } + + memset(m, 0, sizeof(*m)); + + m->base.descriptor = &dnstap__message__descriptor; + + // Message.type + m->type = type; + + // Message.socket_family + m->socket_family = get_family(query_sa, response_sa); + m->has_socket_family = m->socket_family != 0; + + // Message.socket_protocol + m->socket_protocol = dt_protocol_encode(protocol); + m->has_socket_protocol = m->socket_protocol != 0; + + // Message addresses + set_address(query_sa, &m->query_address, &m->has_query_address, + &m->query_port, &m->has_query_port); + set_address(response_sa, &m->response_address, &m->has_response_address, + &m->response_port, &m->has_response_port); + + if (dt_message_type_is_query(type)) { + // Message.query_message + m->query_message.len = len_wire; + m->query_message.data = (uint8_t *)wire; + m->has_query_message = 1; + // Message.query_time_sec, Message.query_time_nsec + if (mtime != NULL) { + m->query_time_sec = mtime->tv_sec; + m->query_time_nsec = mtime->tv_nsec; + m->has_query_time_sec = 1; + m->has_query_time_nsec = 1; + } + } else if (dt_message_type_is_response(type)) { + // Message.response_message + m->response_message.len = len_wire; + m->response_message.data = (uint8_t *)wire; + m->has_response_message = 1; + // Message.response_time_sec, Message.response_time_nsec + if (mtime != NULL) { + m->response_time_sec = mtime->tv_sec; + m->response_time_nsec = mtime->tv_nsec; + m->has_response_time_sec = 1; + m->has_response_time_nsec = 1; + } + } + + return KNOT_EOK; +} diff --git a/src/contrib/dnstap/message.h b/src/contrib/dnstap/message.h new file mode 100644 index 0000000..b9e3aff --- /dev/null +++ b/src/contrib/dnstap/message.h @@ -0,0 +1,63 @@ +/* Copyright (C) 2017 Farsight Security, Inc. <software@farsightsecurity.com> + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see <https://www.gnu.org/licenses/>. + */ + +/*! + * \author Robert Edmonds <edmonds@fsi.io> + * + * \brief Dnstap message interface. + */ + +#pragma once + +#include <sys/socket.h> +#include <sys/time.h> +#include <stddef.h> + +#include "contrib/dnstap/dnstap.pb-c.h" + +/*! + * \brief Fill a Dnstap__Message structure with the given parameters. + * + * \param[out] m + * Dnstap__Message structure to fill. Will be zeroed first. + * \param type + * One of the DNSTAP__MESSAGE__TYPE__* values. + * \param query_sa + * sockaddr_in or sockaddr_in6 to use when filling the 'socket_family', + * 'query_address', 'query_port' fields. + * \param response_sa + * sockaddr_in or sockaddr_in6 to use when filling the 'socket_family', + * 'response_address', 'response_port' fields. + * \param protocol + * \c IPPROTO_UDP or \c IPPROTO_TCP. + * \param wire + * Wire-format query message or response message (depending on 'type'). + * \param len_wire + * Length in bytes of 'wire'. + * \param mtime + * Message time. May be NULL. + * + * \retval KNOT_EOK + * \retval KNOT_EINVAL + */ +int dt_message_fill(Dnstap__Message *m, + const Dnstap__Message__Type type, + const struct sockaddr *query_sa, + const struct sockaddr *response_sa, + const int protocol, + const void *wire, + const size_t len_wire, + const struct timespec *mtime); diff --git a/src/contrib/dnstap/reader.c b/src/contrib/dnstap/reader.c new file mode 100644 index 0000000..dc1c053 --- /dev/null +++ b/src/contrib/dnstap/reader.c @@ -0,0 +1,103 @@ +/* Copyright (C) 2014 Farsight Security, Inc. <software@farsightsecurity.com> + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see <https://www.gnu.org/licenses/>. + */ + +#include <stdint.h> +#include <stdio.h> +#include <stdlib.h> +#include <string.h> + +#include "libknot/attribute.h" +#include "libknot/errcode.h" + +#include "contrib/dnstap/dnstap.h" +#include "contrib/dnstap/reader.h" + +dt_reader_t* dt_reader_create(const char *file_path) +{ + struct fstrm_file_options *fopt = NULL; + struct fstrm_reader_options *ropt = NULL; + dt_reader_t *reader = NULL; + fstrm_res res; + + reader = calloc(1, sizeof(dt_reader_t)); + if (reader == NULL) { + goto fail; + } + + // Open reader. + fopt = fstrm_file_options_init(); + fstrm_file_options_set_file_path(fopt, file_path); + ropt = fstrm_reader_options_init(); + fstrm_reader_options_add_content_type(ropt, + (const uint8_t *) DNSTAP_CONTENT_TYPE, + strlen(DNSTAP_CONTENT_TYPE)); + reader->fr = fstrm_file_reader_init(fopt, ropt); + fstrm_file_options_destroy(&fopt); + fstrm_reader_options_destroy(&ropt); + if (reader->fr == NULL) { + goto fail; + } + res = fstrm_reader_open(reader->fr); + if (res != fstrm_res_success) { + goto fail; + } + + return reader; +fail: + dt_reader_free(reader); + return NULL; +} + +void dt_reader_free(dt_reader_t *reader) +{ + if (reader == NULL) { + return; + } + + fstrm_reader_destroy(&reader->fr); + free(reader); +} + +int dt_reader_read(dt_reader_t *reader, Dnstap__Dnstap **d) +{ + fstrm_res res; + const uint8_t *data = NULL; + size_t len = 0; + + res = fstrm_reader_read(reader->fr, &data, &len); + if (res == fstrm_res_success) { + *d = dnstap__dnstap__unpack(NULL, len, data); + if (*d == NULL) { + return KNOT_ENOMEM; + } + } else if (res == fstrm_res_failure) { + return KNOT_ERROR; + } else if (res == fstrm_res_stop) { + return KNOT_EOF; + } + + return KNOT_EOK; +} + +void dt_reader_free_frame(_unused_ dt_reader_t *reader, Dnstap__Dnstap **frame_ptr) +{ + if (!*frame_ptr) { + return; + } + + dnstap__dnstap__free_unpacked(*frame_ptr, NULL); + *frame_ptr = NULL; +} diff --git a/src/contrib/dnstap/reader.h b/src/contrib/dnstap/reader.h new file mode 100644 index 0000000..cc6385f --- /dev/null +++ b/src/contrib/dnstap/reader.h @@ -0,0 +1,73 @@ +/* Copyright (C) 2017 Farsight Security, Inc. <software@farsightsecurity.com> + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see <https://www.gnu.org/licenses/>. + */ + +/*! + * \brief Dnstap file reader. + */ + +#pragma once + +#include <fstrm.h> +#include <protobuf-c/protobuf-c.h> + +#include "contrib/dnstap/dnstap.pb-c.h" + +/*! \brief Structure for dnstap file reader. */ +typedef struct { + /*!< Input reader. */ + struct fstrm_reader *fr; +} dt_reader_t; + +/*! + * \brief Creates dnstap file reader structure. + * + * \param file_path Name of file to read input from. + * + * \retval reader if success. + * \retval NULL if error. + */ +dt_reader_t* dt_reader_create(const char *file_path); + +/*! + * \brief Close dnstap file reader. + * + * \param reader dnstap file reader structure. + */ +void dt_reader_free(dt_reader_t *reader); + +/*! + * \brief Read a dnstap protobuf from a dnstap file reader. + * + * Caller must deallocate the returned protobuf with the + * dnstap__dnstap__free_unpacked() function. + * + * \param[in] reader dnstap file reader structure. + * \param[out] d Unpacked dnstap protobuf. + * + * \retval KNOT_EOK + * \retval KNOT_ERROR + * \retval KNOT_EOF + * \retval KNOT_ENOMEM + */ +int dt_reader_read(dt_reader_t *reader, Dnstap__Dnstap **d); + +/*! + * \brief free the frame allocated by dt_read_data. + * + * \param reader Dnstap reader context. + * \param d The frame to be freed. + */ +void dt_reader_free_frame(dt_reader_t *reader, Dnstap__Dnstap **d); diff --git a/src/contrib/dnstap/writer.c b/src/contrib/dnstap/writer.c new file mode 100644 index 0000000..03961c1 --- /dev/null +++ b/src/contrib/dnstap/writer.c @@ -0,0 +1,120 @@ +/* Copyright (C) 2014 Farsight Security, Inc. <software@farsightsecurity.com> + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see <https://www.gnu.org/licenses/>. + */ + +#include <stdint.h> +#include <stdio.h> +#include <stdlib.h> +#include <string.h> + +#include "libknot/errcode.h" + +#include "contrib/dnstap/dnstap.h" +#include "contrib/dnstap/writer.h" + +dt_writer_t* dt_writer_create(const char *file_path, const char *version) +{ + struct fstrm_file_options *fopt = NULL; + struct fstrm_writer_options *wopt = NULL; + dt_writer_t *writer = NULL; + fstrm_res res; + + writer = calloc(1, sizeof(dt_writer_t)); + if (writer == NULL) { + goto fail; + } + + // Set "version". + if (version != NULL) { + writer->len_version = strlen(version); + writer->version = strdup(version); + if (!writer->version) { + goto fail; + } + } + + // Open writer. + fopt = fstrm_file_options_init(); + fstrm_file_options_set_file_path(fopt, file_path); + wopt = fstrm_writer_options_init(); + fstrm_writer_options_add_content_type(wopt, + (const uint8_t *) DNSTAP_CONTENT_TYPE, + strlen(DNSTAP_CONTENT_TYPE)); + writer->fw = fstrm_file_writer_init(fopt, wopt); + fstrm_file_options_destroy(&fopt); + fstrm_writer_options_destroy(&wopt); + if (writer->fw == NULL) { + goto fail; + } + + res = fstrm_writer_open(writer->fw); + if (res != fstrm_res_success) { + goto fail; + } + + return writer; +fail: + dt_writer_free(writer); + return NULL; +} + +void dt_writer_free(dt_writer_t *writer) +{ + if (writer == NULL) { + return; + } + + fstrm_writer_destroy(&writer->fw); + free(writer->version); + free(writer); +} + +int dt_writer_write(dt_writer_t *writer, const ProtobufCMessage *msg) +{ + Dnstap__Dnstap dnstap = DNSTAP__DNSTAP__INIT; + size_t len; + uint8_t *data; + + if (writer->fw == NULL) { + return KNOT_EOK; + } + + // Only handle dnstap/Message. + assert(msg->descriptor == &dnstap__message__descriptor); + + // Fill out 'dnstap'. + if (writer->version) { + dnstap.version.data = writer->version; + dnstap.version.len = writer->len_version; + dnstap.has_version = 1; + } + dnstap.type = DNSTAP__DNSTAP__TYPE__MESSAGE; + dnstap.message = (Dnstap__Message *)msg; + + // Serialize the dnstap frame. + if (!dt_pack(&dnstap, &data, &len)) { + return KNOT_ENOMEM; + } + + // Write the dnstap frame to the output stream. + if (fstrm_writer_write(writer->fw, data, len) != fstrm_res_success) { + return KNOT_ERROR; + } + + // Cleanup. + free(data); + + return KNOT_EOK; +} diff --git a/src/contrib/dnstap/writer.h b/src/contrib/dnstap/writer.h new file mode 100644 index 0000000..e6928c5 --- /dev/null +++ b/src/contrib/dnstap/writer.h @@ -0,0 +1,71 @@ +/* Copyright (C) 2014 Farsight Security, Inc. <software@farsightsecurity.com> + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see <https://www.gnu.org/licenses/>. + */ + +/*! + * \author Robert Edmonds <edmonds@fsi.io> + * + * \brief Dnstap file writer. + */ + +#pragma once + +#include <fstrm.h> +#include <protobuf-c/protobuf-c.h> + +/*! \brief Structure for dnstap file writer. */ +typedef struct { + /*!< Output writer. */ + struct fstrm_writer *fw; + + /*!< dnstap "version" field. */ + void *version; + + /*!< length of dnstap "version" field. */ + size_t len_version; +} dt_writer_t; + +/*! + * \brief Creates dnstap file writer structure. + * + * \param file_path Name of file to write output to. + * \param version Version string of software. May be NULL. + * + * \retval writer if success. + * \retval NULL if error. + */ +dt_writer_t* dt_writer_create(const char *file_path, const char *version); + +/*! + * \brief Finish writing dnstap file writer and free resources. + * + * \param writer dnstap file writer structure. + */ +void dt_writer_free(dt_writer_t *writer); + +/*! + * \brief Write a protobuf to the dnstap file writer. + * + * Supported protobuf types for the 'msg' parameter: + * \c Dnstap__Message + * + * \param writer dnstap file writer structure. + * \param msg dnstap protobuf. Must be a supported type. + * + * \retval KNOT_EOK + * \retval KNOT_EINVAL + * \retval KNOT_ENOMEM + */ +int dt_writer_write(dt_writer_t *writer, const ProtobufCMessage *msg); |