1 /* dnstap support for NSD */ 2 3 /* 4 * Copyright (c) 2013-2014, Farsight Security, Inc. 5 * All rights reserved. 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that the following conditions 9 * are met: 10 * 11 * 1. Redistributions of source code must retain the above copyright 12 * notice, this list of conditions and the following disclaimer. 13 * 14 * 2. Redistributions in binary form must reproduce the above copyright 15 * notice, this list of conditions and the following disclaimer in the 16 * documentation and/or other materials provided with the distribution. 17 * 18 * 3. Neither the name of the copyright holder nor the names of its 19 * contributors may be used to endorse or promote products derived from 20 * this software without specific prior written permission. 21 * 22 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 23 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 24 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 25 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR 26 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, 27 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, 28 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; 29 * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, 30 * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR 31 * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF 32 * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 33 */ 34 35 #ifndef NSD_DNSTAP_H 36 #define NSD_DNSTAP_H 37 38 #include "dnstap/dnstap_config.h" 39 40 #ifdef USE_DNSTAP 41 42 struct nsd_options; 43 struct fstrm_io; 44 struct fstrm_queue; 45 struct dt_tls_writer; 46 47 struct dt_env { 48 /** dnstap I/O thread */ 49 struct fstrm_iothr *iothr; 50 51 /** dnstap I/O thread input queue */ 52 struct fstrm_iothr_queue *ioq; 53 54 /** dnstap "identity" field, NULL if disabled */ 55 char *identity; 56 57 /** dnstap "version" field, NULL if disabled */ 58 char *version; 59 60 /** length of "identity" field */ 61 unsigned len_identity; 62 63 /** length of "version" field */ 64 unsigned len_version; 65 66 /** whether to log Message/AUTH_QUERY */ 67 unsigned log_auth_query_messages : 1; 68 /** whether to log Message/AUTH_RESPONSE */ 69 unsigned log_auth_response_messages : 1; 70 71 /** tls writer object, or NULL */ 72 struct dt_tls_writer* tls_writer; 73 }; 74 75 /** 76 * Create dnstap environment object. Afterwards, call dt_apply_cfg() to fill in 77 * the config variables and dt_init() to fill in the per-worker state. Each 78 * worker needs a copy of this object but with its own I/O queue (the fq field 79 * of the structure) to ensure lock-free access to its own per-worker circular 80 * queue. Duplicate the environment object if more than one worker needs to 81 * share access to the dnstap I/O socket. 82 * @param socket_path: path to dnstap logging socket, must be non-NULL if used. 83 * @param ip: if NULL or "" use socket path, otherwise IP or IP@port. 84 * @param num_workers: number of worker threads, must be > 0. 85 * @param tls: set to true to use TLS, otherwise, TCP. Used when ip is set. 86 * @param tls_server_name: name for authenticating the upstream server, or 87 * NULL or "". 88 * @param tls_cert_bundle: pem bundle to verify server with. Or NULL or "". 89 * @param tls_client_key_file: key file for client authentication. Or NULL 90 * or "". 91 * @param tls_client_cert_file: cert file for client authentication. Or NULL 92 * or "". 93 * @return dt_env object, NULL on failure. 94 */ 95 struct dt_env * 96 dt_create(const char *socket_path, char* ip, unsigned num_workers, 97 int tls, char* tls_server_name, char* tls_cert_bundle, 98 char* tls_client_key_file, char* tls_client_cert_file); 99 100 /** 101 * Apply config settings. 102 * @param env: dnstap environment object. 103 * @param cfg: new config settings. 104 */ 105 void 106 dt_apply_cfg(struct dt_env *env, struct nsd_options *cfg); 107 108 /** 109 * Initialize per-worker state in dnstap environment object. 110 * @param env: dnstap environment object to initialize, created with dt_create(). 111 * @return: true on success, false on failure. 112 */ 113 int 114 dt_init(struct dt_env *env); 115 116 /** 117 * Delete dnstap environment object. Closes dnstap I/O socket and deletes all 118 * per-worker I/O queues. 119 */ 120 void 121 dt_delete(struct dt_env *env); 122 123 /** 124 * Create and send a new dnstap "Message" event of type AUTH_QUERY. 125 * @param env: dnstap environment object. 126 * @param local_addr: address/port of server (local address). 127 * @param addr: address/port of client. 128 * @param is_tcp: true for tcp, false for udp. 129 * @param zone: zone name, or NULL. in wireformat. 130 * @param zonelen: length of zone in bytes. 131 * @param pkt: query message. 132 * @param pktlen: length of pkt. 133 */ 134 void 135 dt_msg_send_auth_query(struct dt_env *env, 136 #ifdef INET6 137 struct sockaddr_storage* local_addr, 138 struct sockaddr_storage* addr, 139 #else 140 struct sockaddr_in* local_addr, 141 struct sockaddr_in* addr, 142 #endif 143 int is_tcp, uint8_t* zone, size_t zonelen, uint8_t* pkt, size_t pktlen); 144 145 /** 146 * Create and send a new dnstap "Message" event of type AUTH_RESPONSE. 147 * @param env: dnstap environment object. 148 * @param local_addr: address/port of server (local address). 149 * @param addr: address/port of client. 150 * @param is_tcp: true for tcp, false for udp. 151 * @param zone: zone name, or NULL. in wireformat. 152 * @param zonelen: length of zone in bytes. 153 * @param pkt: response message. 154 * @param pktlen: length of pkt. 155 */ 156 void 157 dt_msg_send_auth_response(struct dt_env *env, 158 #ifdef INET6 159 struct sockaddr_storage* local_addr, 160 struct sockaddr_storage* addr, 161 #else 162 struct sockaddr_in* local_addr, 163 struct sockaddr_in* addr, 164 #endif 165 int is_tcp, uint8_t* zone, size_t zonelen, uint8_t* pkt, size_t pktlen); 166 167 #endif /* USE_DNSTAP */ 168 169 #endif /* NSD_DNSTAP_H */ 170