1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
|
#include <dnswire/version.h>
#include <dnswire/dnstap.h>
#include <errno.h>
#include <string.h>
#include <arpa/inet.h>
#include <time.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>
static char dns_wire_format_placeholder[] = "dns_wire_format_placeholder";
static inline struct dnstap create_dnstap(const char* identity)
{
/*
* Now we initialize a DNSTAP message.
*/
struct dnstap d = DNSTAP_INITIALIZER;
/*
* DNSTAP has a header with information about who constructed the
* message.
*/
dnstap_set_identity_string(d, identity);
dnstap_set_version_string(d, DNSWIRE_VERSION_STRING);
/*
* Now we specify that this is a DNSTAP message, this is the one that
* holds the DNS.
*/
dnstap_set_type(d, DNSTAP_TYPE_MESSAGE);
/*
* The message can have different types, we specify this is a query
* made by a tool.
*/
dnstap_message_set_type(d, DNSTAP_MESSAGE_TYPE_TOOL_QUERY);
/*
* As most DNS comes over the network we can specify over what protocol,
* where from, to whom it came to and when it happened.
*
* Even if all fields are optional and there is no restriction on how
* many or how few you set, there is a recommended way of filling in
* the messages based on the message type.
*
* Please see the description of this at the bottom of
* `src/dnstap.pb/dnstap.proto` or
* <https://github.com/dnstap/dnstap.pb/blob/master/dnstap.proto>.
*/
dnstap_message_set_socket_family(d, DNSTAP_SOCKET_FAMILY_INET);
dnstap_message_set_socket_protocol(d, DNSTAP_SOCKET_PROTOCOL_UDP);
unsigned char query_address[sizeof(struct in_addr)];
if (inet_pton(AF_INET, "127.0.0.1", query_address) != 1) {
fprintf(stderr, "inet_pton(127.0.0.1) failed: %s\n", strerror(errno));
} else {
dnstap_message_set_query_address(d, query_address, sizeof(query_address));
}
dnstap_message_set_query_port(d, 12345);
struct timespec query_time = { 0, 0 };
clock_gettime(CLOCK_REALTIME, &query_time);
dnstap_message_set_query_time_sec(d, query_time.tv_sec);
dnstap_message_set_query_time_nsec(d, query_time.tv_nsec);
unsigned char response_address[sizeof(struct in_addr)];
if (inet_pton(AF_INET, "127.0.0.1", response_address) != 1) {
fprintf(stderr, "inet_pton(127.0.0.1) failed: %s\n", strerror(errno));
} else {
dnstap_message_set_response_address(d, response_address, sizeof(response_address));
}
dnstap_message_set_response_port(d, 53);
struct timespec response_time = { 0, 0 };
clock_gettime(CLOCK_REALTIME, &response_time);
dnstap_message_set_response_time_sec(d, response_time.tv_sec);
dnstap_message_set_response_time_nsec(d, response_time.tv_nsec);
/*
* If we also had the DNS wire format we could use it, now we fill it
* with a placeholder text.
*
* NOTE: This will be invalid DNS if the output file is used with a
* tool that uses the DNS messages.
*/
dnstap_message_set_query_message(d, dns_wire_format_placeholder, sizeof(dns_wire_format_placeholder) - 1);
dnstap_message_set_response_message(d, dns_wire_format_placeholder, sizeof(dns_wire_format_placeholder) - 1);
return d;
}
|
