dns-oarc/dnswire
1
0
Fork 0
Code Issues Activity

Merging upstream version 0.3.3.

Browse source 
Signed-off-by: Daniel Baumann <daniel@debian.org>
This commit is contained in:
Daniel Baumann 2025-02-09 06:32:09 +01:00
parent 606be16474
commit 2666d1bb34
Signed by: daniel
GPG key ID: FBB4F0E80A80222F
15 changed files with 293 additions and 42 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

27
.travis.yml
View file

@ -1,27 +0,0 @@
dist: xenial
addons:
apt:
sources:
- sourceline: 'ppa:dns-oarc/dsc-pr'
update: true
packages:
- protobuf-c-compiler
- libprotobuf-c-dev
- libuv1-dev
- libtinyframe-dev
language: c
compiler:
- clang
- gcc
install: ./autogen.sh
script:
- ./configure --enable-warn-all
- make dist
- tar zxvf *.tar.gz
- cd dnswire-[0-9]*
- mkdir build
- cd build
- ../configure --enable-warn-all
- make
- make test
- cat src/test/test*.sh.log

44
CHANGES
View file

@ -1,3 +1,47 @@
2022-02-02 Jerry Lundström
Release 0.3.3
This is a package only update release to correct mistakes in Debian/
Ubuntu packages.
- Replace/break all previous Debian/Ubuntu versions
2022-02-02 Jerry Lundström
Release 0.3.2
This is a package only update release to correct mistakes in Debian/
Ubuntu packages.
- Fix Debian/Ubuntu package replaces/breaks to solve filename conflicts
dea8e35 Deb packages
8398f65 Deb packages
2022-02-01 Jerry Lundström
Release 0.3.1
This is a package only update release to correct mistakes in Debian/
Ubuntu packages.
- Bump SO version for Debian/Ubuntu
2022-01-26 Jerry Lundström
Release 0.3.0
This release updates the Protobuf definition for DNSTAP to include
new message types, new protocols and the new Policy object.
- Update debhelper compatibility level to 10
- Update to latest `dnstap.pb`, new message types, protocols and message policy
87e7909 New dnstap.pb
f215476 debhelper
20bf38f Bye Travis
2020-10-23 Jerry Lundström
Release 0.2.0

2
README.md
View file

@ -1,6 +1,6 @@
# library for DNS encapsulations and transporting of them
[![Build Status](https://travis-ci.com/DNS-OARC/dnswire.svg?branch=develop)](https://travis-ci.com/DNS-OARC/dnswire) [![Total alerts](https://img.shields.io/lgtm/alerts/g/DNS-OARC/dnswire.svg?logo=lgtm&logoWidth=18)](https://lgtm.com/projects/g/DNS-OARC/dnswire/alerts/) [![Bugs](https://sonarcloud.io/api/project_badges/measure?project=dns-oarc%3Adnswire&metric=bugs)](https://sonarcloud.io/dashboard?id=dns-oarc%3Adnswire) [![Security Rating](https://sonarcloud.io/api/project_badges/measure?project=dns-oarc%3Adnswire&metric=security_rating)](https://sonarcloud.io/dashboard?id=dns-oarc%3Adnswire)
[![Total alerts](https://img.shields.io/lgtm/alerts/g/DNS-OARC/dnswire.svg?logo=lgtm&logoWidth=18)](https://lgtm.com/projects/g/DNS-OARC/dnswire/alerts/) [![Bugs](https://sonarcloud.io/api/project_badges/measure?project=dns-oarc%3Adnswire&metric=bugs)](https://sonarcloud.io/dashboard?id=dns-oarc%3Adnswire) [![Security Rating](https://sonarcloud.io/api/project_badges/measure?project=dns-oarc%3Adnswire&metric=security_rating)](https://sonarcloud.io/dashboard?id=dns-oarc%3Adnswire)
**Currently Work in Progress!**

8
configure.ac
View file

@ -1,9 +1,9 @@
AC_PREREQ(2.61)
AC_INIT([dnswire], [0.2.0], [admin@dns-oarc.net], [dnswire], [https://github.com/DNS-OARC/dnswire/issues])
AC_INIT([dnswire], [0.3.3], [admin@dns-oarc.net], [dnswire], [https://github.com/DNS-OARC/dnswire/issues])
AC_SUBST([DNSWIRE_VERSION_MAJOR], [0000])
AC_SUBST([DNSWIRE_VERSION_MINOR], [0001])
AC_SUBST([DNSWIRE_VERSION_PATCH], [0000])
AC_SUBST([DNSWIRE_LIBRARY_VERSION], [0:1:0])
AC_SUBST([DNSWIRE_VERSION_MINOR], [0003])
AC_SUBST([DNSWIRE_VERSION_PATCH], [0003])
AC_SUBST([DNSWIRE_LIBRARY_VERSION], [1:0:0])
AM_INIT_AUTOMAKE([-Wall -Werror foreign subdir-objects])
AC_CONFIG_SRCDIR([src/dnstap.c])
AC_CONFIG_HEADER([src/config.h])

33
rpm/dnswire.spec
View file

@ -1,7 +1,7 @@
%define sover 0
%define sover 1
%define libname libdnswire%{sover}
Name: dnswire
Version: 0.2.0
Version: 0.3.3
Release: 1%{?dist}
Summary: library for DNS encapsulations and transporting of them
Group: Development/Libraries/C and C++
@ -97,6 +97,35 @@ rm -rf $RPM_BUILD_ROOT
%changelog
* Wed Feb 02 2022 Jerry Lundström <lundstrom.jerry@gmail.com> 0.3.3-1
- Release 0.3.3
* This is a package only update release to correct mistakes in Debian/
Ubuntu packages.
* Replace/break all previous Debian/Ubuntu versions
* Wed Feb 02 2022 Jerry Lundström <lundstrom.jerry@gmail.com> 0.3.2-1
- Release 0.3.2
* This is a package only update release to correct mistakes in Debian/
Ubuntu packages.
* Fix Debian/Ubuntu package replaces/breaks to solve filename conflicts
* Commits:
dea8e35 Deb packages
8398f65 Deb packages
* Tue Feb 01 2022 Jerry Lundström <lundstrom.jerry@gmail.com> 0.3.1-1
- Release 0.3.1
* This is a package only update release to correct mistakes in Debian/
Ubuntu packages.
* Bump SO version for Debian/Ubuntu
* Wed Jan 26 2022 Jerry Lundström <lundstrom.jerry@gmail.com> 0.3.0-1
- Release 0.3.0
* This release updates the Protobuf definition for DNSTAP to include
new message types, new protocols and the new Policy object.
* Changes:
- Update debhelper compatibility level to 10
- Update to latest `dnstap.pb`, new message types, protocols and message policy
* Commits:
87e7909 New dnstap.pb
f215476 debhelper
20bf38f Bye Travis
* Fri Oct 23 2020 Jerry Lundström <lundstrom.jerry@gmail.com> 0.2.0-1
- Release 0.2.0
* This release fixes various issues and bugs in the API, fix typos and

67
src/dnstap.c
View file

@ -41,6 +41,8 @@ const char* const DNSTAP_MESSAGE_TYPE_STRING[] = {
"STUB_RESPONSE",
"TOOL_QUERY",
"TOOL_RESPONSE",
"UPDATE_QUERY",
"UPDATE_RESPONSE",
};
const char* const DNSTAP_SOCKET_FAMILY_STRING[] = {
"UNKNOWN",
@ -51,7 +53,37 @@ const char* const DNSTAP_SOCKET_PROTOCOL_STRING[] = {
"UNKNOWN",
"UDP",
"TCP",
"DOT",
"DOH",
"DNSCryptUDP",
"DNSCryptTCP",
};
const char* const DNSTAP_POLICY_ACTION_STRING[] = {
"UNKNOWN",
"NXDOMAIN",
"NODATA",
"PASS",
"DROP",
"TRUNCATE",
"LOCAL_DATA",
};
const char* const DNSTAP_POLICY_MATCH_STRING[] = {
"UNKNOWN",
"QNAME",
"CLIENT_IP",
"RESPONSE_IP",
"NS_NAME",
"NS_IP",
};
void dnstap_message_clear_policy(struct dnstap* dnstap)
{
static const Dnstap__Policy policy = DNSTAP__POLICY__INIT;
assert(dnstap);
dnstap->message.policy = 0;
dnstap->policy = policy;
}
int dnstap_decode_protobuf(struct dnstap* dnstap, const uint8_t* data, size_t len)
{
@ -88,6 +120,8 @@ int dnstap_decode_protobuf(struct dnstap* dnstap, const uint8_t* data, size_t le
case DNSTAP_MESSAGE_TYPE_STUB_RESPONSE:
case DNSTAP_MESSAGE_TYPE_TOOL_QUERY:
case DNSTAP_MESSAGE_TYPE_TOOL_RESPONSE:
case DNSTAP_MESSAGE_TYPE_UPDATE_QUERY:
case DNSTAP_MESSAGE_TYPE_UPDATE_RESPONSE:
break;
default:
dnstap->message.type = (enum _Dnstap__Message__Type)DNSTAP_MESSAGE_TYPE_UNKNOWN;
@ -105,11 +139,44 @@ int dnstap_decode_protobuf(struct dnstap* dnstap, const uint8_t* data, size_t le
switch (dnstap->message.socket_protocol) {
case DNSTAP_SOCKET_PROTOCOL_UDP:
case DNSTAP_SOCKET_PROTOCOL_TCP:
case DNSTAP_SOCKET_PROTOCOL_DOT:
case DNSTAP_SOCKET_PROTOCOL_DOH:
case DNSTAP_SOCKET_PROTOCOL_DNSCryptUDP:
case DNSTAP_SOCKET_PROTOCOL_DNSCryptTCP:
break;
default:
dnstap->message.has_socket_protocol = false;
dnstap->message.socket_protocol = (enum _Dnstap__SocketProtocol)DNSTAP_SOCKET_PROTOCOL_UNKNOWN;
}
if (dnstap->message.policy) {
dnstap->policy = *dnstap->message.policy;
switch (dnstap->policy.action) {
case DNSTAP_POLICY_ACTION_NXDOMAIN:
case DNSTAP_POLICY_ACTION_NODATA:
case DNSTAP_POLICY_ACTION_PASS:
case DNSTAP_POLICY_ACTION_DROP:
case DNSTAP_POLICY_ACTION_TRUNCATE:
case DNSTAP_POLICY_ACTION_LOCAL_DATA:
break;
default:
dnstap->policy.has_action = false;
dnstap->policy.action = (enum _Dnstap__Policy__Action)DNSTAP_POLICY_ACTION_UNKNOWN;
}
switch (dnstap->policy.match) {
case DNSTAP_POLICY_MATCH_QNAME:
case DNSTAP_POLICY_MATCH_CLIENT_IP:
case DNSTAP_POLICY_MATCH_RESPONSE_IP:
case DNSTAP_POLICY_MATCH_NS_NAME:
case DNSTAP_POLICY_MATCH_NS_IP:
break;
default:
dnstap->policy.has_match = false;
dnstap->policy.match = (enum _Dnstap__Policy__Match)DNSTAP_POLICY_MATCH_UNKNOWN;
}
}
}
return 0;

9
src/dnstap.fields
View file

@ -1,5 +1,5 @@
dnstap dnstap identity string
dnstap dnstap version string
dnstap dnstap identity bytestring
dnstap dnstap version bytestring
dnstap dnstap extra bytes
dnstap_message message socket_family enum dnstap_socket_family
dnstap_message message socket_protocol enum dnstap_socket_protocol
@ -14,3 +14,8 @@ dnstap_message message query_zone bytes
dnstap_message message response_time_sec value uint64_t
dnstap_message message response_time_nsec value uint32_t
dnstap_message message response_message bytes
dnstap_message_policy policy type string
dnstap_message_policy policy rule bytes
dnstap_message_policy policy action enum dnstap_policy_action
dnstap_message_policy policy match enum dnstap_policy_match
dnstap_message_policy policy value bytes

63
src/dnswire/dnstap.h
View file

@ -52,6 +52,8 @@ enum dnstap_message_type {
DNSTAP_MESSAGE_TYPE_STUB_RESPONSE = 10,
DNSTAP_MESSAGE_TYPE_TOOL_QUERY = 11,
DNSTAP_MESSAGE_TYPE_TOOL_RESPONSE = 12,
DNSTAP_MESSAGE_TYPE_UPDATE_QUERY = 13,
DNSTAP_MESSAGE_TYPE_UPDATE_RESPONSE = 14,
};
extern const char* const DNSTAP_MESSAGE_TYPE_STRING[];
@ -66,12 +68,39 @@ enum dnstap_socket_protocol {
DNSTAP_SOCKET_PROTOCOL_UNKNOWN = 0,
DNSTAP_SOCKET_PROTOCOL_UDP = 1,
DNSTAP_SOCKET_PROTOCOL_TCP = 2,
DNSTAP_SOCKET_PROTOCOL_DOT = 3,
DNSTAP_SOCKET_PROTOCOL_DOH = 4,
DNSTAP_SOCKET_PROTOCOL_DNSCryptUDP = 5,
DNSTAP_SOCKET_PROTOCOL_DNSCryptTCP = 6,
};
extern const char* const DNSTAP_SOCKET_PROTOCOL_STRING[];
enum dnstap_policy_action {
DNSTAP_POLICY_ACTION_UNKNOWN = 0,
DNSTAP_POLICY_ACTION_NXDOMAIN = 1,
DNSTAP_POLICY_ACTION_NODATA = 2,
DNSTAP_POLICY_ACTION_PASS = 3,
DNSTAP_POLICY_ACTION_DROP = 4,
DNSTAP_POLICY_ACTION_TRUNCATE = 5,
DNSTAP_POLICY_ACTION_LOCAL_DATA = 6,
};
extern const char* const DNSTAP_POLICY_ACTION_STRING[];
enum dnstap_policy_match {
DNSTAP_POLICY_MATCH_UNKNOWN = 0,
DNSTAP_POLICY_MATCH_QNAME = 1,
DNSTAP_POLICY_MATCH_CLIENT_IP = 2,
DNSTAP_POLICY_MATCH_RESPONSE_IP = 3,
DNSTAP_POLICY_MATCH_NS_NAME = 4,
DNSTAP_POLICY_MATCH_NS_IP = 5,
};
extern const char* const DNSTAP_POLICY_MATCH_STRING[];
struct dnstap {
Dnstap__Dnstap dnstap;
Dnstap__Message message;
Dnstap__Policy policy;
bool _policy_type_alloced;
Dnstap__Dnstap* unpacked_dnstap;
};
@ -80,6 +109,7 @@ struct dnstap {
{ \
.dnstap = DNSTAP__DNSTAP__INIT, \
.message = DNSTAP__MESSAGE__INIT, \
.policy = DNSTAP__POLICY__INIT, \
.unpacked_dnstap = 0, \
}
@ -140,6 +170,39 @@ struct dnstap {
(d).message.socket_protocol = (enum _Dnstap__SocketProtocol)DNSTAP_MESSAGE_TYPE_UNKNOWN; \
}
#define dnstap_message_has_policy(d) ((d).dnstap.message->policy != 0)
#define dnstap_message_use_policy(d) (d).dnstap.message->policy = &(d).policy
void dnstap_message_clear_policy(struct dnstap*);
#define dnstap_message_policy_set_action(d, v) \
switch (v) { \
case DNSTAP_POLICY_ACTION_NXDOMAIN: \
case DNSTAP_POLICY_ACTION_NODATA: \
case DNSTAP_POLICY_ACTION_PASS: \
case DNSTAP_POLICY_ACTION_DROP: \
case DNSTAP_POLICY_ACTION_TRUNCATE: \
case DNSTAP_POLICY_ACTION_LOCAL_DATA: \
(d).policy.has_action = true; \
(d).policy.action = (enum _Dnstap__Policy__Action)v; \
break; \
default: \
(d).policy.has_action = false; \
(d).policy.action = (enum _Dnstap__Policy__Action)DNSTAP_POLICY_ACTION_UNKNOWN; \
}
#define dnstap_message_policy_set_match(d, v) \
switch (v) { \
case DNSTAP_POLICY_MATCH_QNAME: \
case DNSTAP_POLICY_MATCH_CLIENT_IP: \
case DNSTAP_POLICY_MATCH_RESPONSE_IP: \
case DNSTAP_POLICY_MATCH_NS_NAME: \
case DNSTAP_POLICY_MATCH_NS_IP: \
(d).policy.has_match = true; \
(d).policy.match = (enum _Dnstap__Policy__Match)v; \
break; \
default: \
(d).policy.has_match = false; \
(d).policy.match = (enum _Dnstap__Policy__Match)DNSTAP_POLICY_MATCH_UNKNOWN; \
}
int dnstap_decode_protobuf(struct dnstap*, const uint8_t*, size_t);
// int dnstap_decode_cbor(struct dnstap*, const uint8_t*, size_t);

13
src/gen-macros.sh
View file

@ -1,11 +1,24 @@
#!/bin/sh -e
echo "/* autogenerated, don't edit */"
echo "#include <string.h>"
echo "#include <stdlib.h>"
while read prefix base name type typedef; do
echo "// $base.$name ($type)"
case "$type" in
string )
echo "#define ${prefix}_has_${name}(d) ((d).${base}.${name} != 0)
#define ${prefix}_${name}(d) (const char*)((d).${base}.${name})
#define ${prefix}_${name}_length(d) strlen((d).${base}.${name})
#define ${prefix}_set_${name}(d, v) \
if ((d)._${base}_${name}_alloced) { \
free((d).${base}.${name}); \
} \
(d).${base}.${name} = strdup(v); \
(d)._${base}_${name}_alloced = true;"
;;
bytestring )
echo "#define ${prefix}_has_${name}(d) (bool)((d).${base}.has_${name})
#define ${prefix}_${name}(d) (const uint8_t*)((d).${base}.${name}.data)
#define ${prefix}_${name}_length(d) (size_t)((d).${base}.${name}.len)

7
src/test/create_dnstap.c
View file

@ -12,6 +12,7 @@
static char dns_wire_format_placeholder[] = "dns_wire_format_placeholder";
static unsigned char query_address[sizeof(struct in_addr)];
static unsigned char response_address[sizeof(struct in_addr)];
static char policy_value[] = "bad.ns.name";
static inline void create_dnstap(struct dnstap* d, const char* identity)
{
@ -48,4 +49,10 @@ static inline void create_dnstap(struct dnstap* d, const char* identity)
dnstap_message_set_query_message(*d, dns_wire_format_placeholder, sizeof(dns_wire_format_placeholder) - 1);
dnstap_message_set_response_message(*d, dns_wire_format_placeholder, sizeof(dns_wire_format_placeholder) - 1);
dnstap_message_use_policy(*d);
dnstap_message_policy_set_type(*d, "RPZ");
dnstap_message_policy_set_action(*d, DNSTAP_POLICY_ACTION_DROP);
dnstap_message_policy_set_match(*d, DNSTAP_POLICY_MATCH_NS_NAME);
dnstap_message_policy_set_value(*d, policy_value, sizeof(policy_value) - 1);
}

20
src/test/print_dnstap.c
View file

@ -111,6 +111,26 @@ static void print_dnstap(const struct dnstap* d)
printf(" response_message_length: %zu\n", dnstap_message_response_message_length(*d));
printf(" response_message: %s\n", printable_string(dnstap_message_response_message(*d), dnstap_message_response_message_length(*d)));
}
if (dnstap_message_has_policy(*d)) {
printf(" policy:\n");
if (dnstap_message_policy_has_type(*d)) {
printf(" type: %s\n", dnstap_message_policy_type(*d));
}
if (dnstap_message_policy_has_rule(*d)) {
printf(" rule: %s\n", printable_string(dnstap_message_policy_rule(*d), dnstap_message_policy_rule_length(*d)));
}
if (dnstap_message_policy_has_action(*d)) {
printf(" action: %s\n", DNSTAP_POLICY_ACTION_STRING[dnstap_message_policy_action(*d)]);
}
if (dnstap_message_policy_has_match(*d)) {
printf(" match: %s\n", DNSTAP_POLICY_MATCH_STRING[dnstap_message_policy_match(*d)]);
}
if (dnstap_message_policy_has_value(*d)) {
printf(" value: %s\n", printable_string(dnstap_message_policy_value(*d), dnstap_message_policy_value_length(*d)));
}
}
}
printf("----\n");

12
src/test/test3.gold
View file

@ -1,4 +1,4 @@
read 322
read 370
---- dnstap
identity: writer_write-1
message:
@ -13,6 +13,11 @@ message:
query_message: dns_wire_format_placeholder
response_message_length: 27
response_message: dns_wire_format_placeholder
policy:
type: RPZ
action: DROP
match: NS_NAME
value: bad.ns.name
----
---- dnstap
identity: writer_write-2
@ -28,4 +33,9 @@ message:
query_message: dns_wire_format_placeholder
response_message_length: 27
response_message: dns_wire_format_placeholder
policy:
type: RPZ
action: DROP
match: NS_NAME
value: bad.ns.name
----

10
src/test/test4.gold
View file

@ -12,6 +12,11 @@ message:
query_message: dns_wire_format_placeholder
response_message_length: 27
response_message: dns_wire_format_placeholder
policy:
type: RPZ
action: DROP
match: NS_NAME
value: bad.ns.name
----
---- dnstap
identity: writer_pop-2
@ -27,4 +32,9 @@ message:
query_message: dns_wire_format_placeholder
response_message_length: 27
response_message: dns_wire_format_placeholder
policy:
type: RPZ
action: DROP
match: NS_NAME
value: bad.ns.name
----

10
src/test/test5.gold
View file

@ -12,6 +12,11 @@ message:
query_message: dns_wire_format_placeholder
response_message_length: 27
response_message: dns_wire_format_placeholder
policy:
type: RPZ
action: DROP
match: NS_NAME
value: bad.ns.name
----
---- dnstap
identity: writer_reader_unixsock-2
@ -27,4 +32,9 @@ message:
query_message: dns_wire_format_placeholder
response_message_length: 27
response_message: dns_wire_format_placeholder
policy:
type: RPZ
action: DROP
match: NS_NAME
value: bad.ns.name
----

4
src/test/test_dnstap.c
View file

@ -27,7 +27,7 @@ int main(void)
d.dnstap.type = (enum _Dnstap__Dnstap__Type)DNSTAP_TYPE_MESSAGE;
// invalid message.type
d.message.type = (enum _Dnstap__Message__Type)(DNSTAP_MESSAGE_TYPE_TOOL_RESPONSE + 1);
d.message.type = (enum _Dnstap__Message__Type)(DNSTAP_MESSAGE_TYPE_UPDATE_RESPONSE + 1);
s = dnstap_encode_protobuf_size(&d);
assert(s < sizeof(buf));
assert(dnstap_encode_protobuf(&d, buf) == s);
@ -47,7 +47,7 @@ int main(void)
d.message.socket_family = (enum _Dnstap__SocketFamily)DNSTAP_SOCKET_FAMILY_INET;
// invalid message.socket_protocol
d.message.socket_protocol = (enum _Dnstap__SocketProtocol)(DNSTAP_SOCKET_PROTOCOL_TCP + 1);
d.message.socket_protocol = (enum _Dnstap__SocketProtocol)(DNSTAP_SOCKET_PROTOCOL_DNSCryptTCP + 1);
s = dnstap_encode_protobuf_size(&d);
assert(s < sizeof(buf));
assert(dnstap_encode_protobuf(&d, buf) == s);