pax_global_header00006660000000000000000000000064127047501320014513gustar00rootroot0000000000000052 comment=95c213a0cbc4cf126b803a63693a6f3186cf7200 dnstap-ldns-0.2.0/000077500000000000000000000000001270475013200137415ustar00rootroot00000000000000dnstap-ldns-0.2.0/.gitignore000066400000000000000000000002531270475013200157310ustar00rootroot00000000000000.*swp *.la *.lo *.o *.tar.gz .deps/ .dirstamp .libs/ /aclocal.m4 /autom4te.cache /build-aux /config.* /configure /libtool /stamp-h1 Makefile Makefile.in TAGS /dnstap-ldns dnstap-ldns-0.2.0/COPYRIGHT000066400000000000000000000010771270475013200152410ustar00rootroot00000000000000Copyright (c) 2014-2015 by Farsight Security, Inc. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. dnstap-ldns-0.2.0/LICENSE000066400000000000000000000261361270475013200147560ustar00rootroot00000000000000 Apache License Version 2.0, January 2004 http://www.apache.org/licenses/ TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 1. Definitions. "License" shall mean the terms and conditions for use, reproduction, and distribution as defined by Sections 1 through 9 of this document. "Licensor" shall mean the copyright owner or entity authorized by the copyright owner that is granting the License. "Legal Entity" shall mean the union of the acting entity and all other entities that control, are controlled by, or are under common control with that entity. For the purposes of this definition, "control" means (i) the power, direct or indirect, to cause the direction or management of such entity, whether by contract or otherwise, or (ii) ownership of fifty percent (50%) or more of the outstanding shares, or (iii) beneficial ownership of such entity. "You" (or "Your") shall mean an individual or Legal Entity exercising permissions granted by this License. "Source" form shall mean the preferred form for making modifications, including but not limited to software source code, documentation source, and configuration files. "Object" form shall mean any form resulting from mechanical transformation or translation of a Source form, including but not limited to compiled object code, generated documentation, and conversions to other media types. "Work" shall mean the work of authorship, whether in Source or Object form, made available under the License, as indicated by a copyright notice that is included in or attached to the work (an example is provided in the Appendix below). "Derivative Works" shall mean any work, whether in Source or Object form, that is based on (or derived from) the Work and for which the editorial revisions, annotations, elaborations, or other modifications represent, as a whole, an original work of authorship. For the purposes of this License, Derivative Works shall not include works that remain separable from, or merely link (or bind by name) to the interfaces of, the Work and Derivative Works thereof. "Contribution" shall mean any work of authorship, including the original version of the Work and any modifications or additions to that Work or Derivative Works thereof, that is intentionally submitted to Licensor for inclusion in the Work by the copyright owner or by an individual or Legal Entity authorized to submit on behalf of the copyright owner. For the purposes of this definition, "submitted" means any form of electronic, verbal, or written communication sent to the Licensor or its representatives, including but not limited to communication on electronic mailing lists, source code control systems, and issue tracking systems that are managed by, or on behalf of, the Licensor for the purpose of discussing and improving the Work, but excluding communication that is conspicuously marked or otherwise designated in writing by the copyright owner as "Not a Contribution." "Contributor" shall mean Licensor and any individual or Legal Entity on behalf of whom a Contribution has been received by Licensor and subsequently incorporated within the Work. 2. Grant of Copyright License. Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare Derivative Works of, publicly display, publicly perform, sublicense, and distribute the Work and such Derivative Works in Source or Object form. 3. Grant of Patent License. Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable (except as stated in this section) patent license to make, have made, use, offer to sell, sell, import, and otherwise transfer the Work, where such license applies only to those patent claims licensable by such Contributor that are necessarily infringed by their Contribution(s) alone or by combination of their Contribution(s) with the Work to which such Contribution(s) was submitted. If You institute patent litigation against any entity (including a cross-claim or counterclaim in a lawsuit) alleging that the Work or a Contribution incorporated within the Work constitutes direct or contributory patent infringement, then any patent licenses granted to You under this License for that Work shall terminate as of the date such litigation is filed. 4. Redistribution. You may reproduce and distribute copies of the Work or Derivative Works thereof in any medium, with or without modifications, and in Source or Object form, provided that You meet the following conditions: (a) You must give any other recipients of the Work or Derivative Works a copy of this License; and (b) You must cause any modified files to carry prominent notices stating that You changed the files; and (c) You must retain, in the Source form of any Derivative Works that You distribute, all copyright, patent, trademark, and attribution notices from the Source form of the Work, excluding those notices that do not pertain to any part of the Derivative Works; and (d) If the Work includes a "NOTICE" text file as part of its distribution, then any Derivative Works that You distribute must include a readable copy of the attribution notices contained within such NOTICE file, excluding those notices that do not pertain to any part of the Derivative Works, in at least one of the following places: within a NOTICE text file distributed as part of the Derivative Works; within the Source form or documentation, if provided along with the Derivative Works; or, within a display generated by the Derivative Works, if and wherever such third-party notices normally appear. The contents of the NOTICE file are for informational purposes only and do not modify the License. You may add Your own attribution notices within Derivative Works that You distribute, alongside or as an addendum to the NOTICE text from the Work, provided that such additional attribution notices cannot be construed as modifying the License. You may add Your own copyright statement to Your modifications and may provide additional or different license terms and conditions for use, reproduction, or distribution of Your modifications, or for any such Derivative Works as a whole, provided Your use, reproduction, and distribution of the Work otherwise complies with the conditions stated in this License. 5. Submission of Contributions. Unless You explicitly state otherwise, any Contribution intentionally submitted for inclusion in the Work by You to the Licensor shall be under the terms and conditions of this License, without any additional terms or conditions. Notwithstanding the above, nothing herein shall supersede or modify the terms of any separate license agreement you may have executed with Licensor regarding such Contributions. 6. Trademarks. This License does not grant permission to use the trade names, trademarks, service marks, or product names of the Licensor, except as required for reasonable and customary use in describing the origin of the Work and reproducing the content of the NOTICE file. 7. Disclaimer of Warranty. Unless required by applicable law or agreed to in writing, Licensor provides the Work (and each Contributor provides its Contributions) on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied, including, without limitation, any warranties or conditions of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A PARTICULAR PURPOSE. You are solely responsible for determining the appropriateness of using or redistributing the Work and assume any risks associated with Your exercise of permissions under this License. 8. Limitation of Liability. In no event and under no legal theory, whether in tort (including negligence), contract, or otherwise, unless required by applicable law (such as deliberate and grossly negligent acts) or agreed to in writing, shall any Contributor be liable to You for damages, including any direct, indirect, special, incidental, or consequential damages of any character arising as a result of this License or out of the use or inability to use the Work (including but not limited to damages for loss of goodwill, work stoppage, computer failure or malfunction, or any and all other commercial damages or losses), even if such Contributor has been advised of the possibility of such damages. 9. Accepting Warranty or Additional Liability. While redistributing the Work or Derivative Works thereof, You may choose to offer, and charge a fee for, acceptance of support, warranty, indemnity, or other liability obligations and/or rights consistent with this License. However, in accepting such obligations, You may act only on Your own behalf and on Your sole responsibility, not on behalf of any other Contributor, and only if You agree to indemnify, defend, and hold each Contributor harmless for any liability incurred by, or claims asserted against, such Contributor by reason of your accepting any such warranty or additional liability. END OF TERMS AND CONDITIONS APPENDIX: How to apply the Apache License to your work. To apply the Apache License to your work, attach the following boilerplate notice, with the fields enclosed by brackets "[]" replaced with your own identifying information. (Don't include the brackets!) The text should be enclosed in the appropriate comment syntax for the file format. We also recommend that a file or class name and description of purpose be included on the same "printed page" as the copyright notice for easier identification within third-party archives. Copyright [yyyy] [name of copyright owner] Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. dnstap-ldns-0.2.0/Makefile.am000066400000000000000000000014231270475013200157750ustar00rootroot00000000000000bin_PROGRAMS = BUILT_SOURCES = EXTRA_DIST = CLEANFILES = ACLOCAL_AMFLAGS = -I m4 ${ACLOCAL_FLAGS} AM_CPPFLAGS = -include $(top_builddir)/config.h AM_CFLAGS = ${my_CFLAGS} AM_LDFLAGS = SUFFIXES = .proto .pb-c.c .pb-c.h .proto.pb-c.c: $(AM_V_GEN)@PROTOC_C@ "--c_out=`pwd`" -I$(top_srcdir) $< .proto.pb-c.h: $(AM_V_GEN)@PROTOC_C@ "--c_out=`pwd`" -I$(top_srcdir) $< PROTOBUF_SOURCES = dnstap.pb/dnstap.pb-c.c dnstap.pb/dnstap.pb-c.h BUILT_SOURCES += ${PROTOBUF_SOURCES} CLEANFILES += ${PROTOBUF_SOURCES} bin_PROGRAMS += dnstap-ldns dnstap_ldns_SOURCES = \ dnstap-ldns.c \ host2str.c \ ${PROTOBUF_SOURCES} dnstap_ldns_CFLAGS = \ ${libldns_CFLAGS} \ ${libfstrm_CFLAGS} \ ${libprotobuf_c_CFLAGS} dnstap_ldns_LDADD = \ ${libldns_LIBS} \ ${libfstrm_LIBS} \ ${libprotobuf_c_LIBS} dnstap-ldns-0.2.0/README.md000066400000000000000000000030221270475013200152150ustar00rootroot00000000000000## Overview This is `dnstap-ldns`, a reference utility that can decode [dnstap] encoded files. It uses the [ldns], [fstrm], and [protobuf-c] libraries to perform most of the heavy lifting. ## Building First, install the dependencies: [ldns], [fstrm], and [protobuf-c]. Then, build and install `dnstap-ldns`: ./configure && make && make install If building from a git checkout, the `autotools` must be installed. Run the `./autogen.sh` script first to bootstrap the build system. ## Synopsis `dnstap` encoded files can be decoded and printed to `stdout` by running `dnstap-ldns -r` on the `dnstap` file. The output format can be selected by passing additional command-line flags. The `-q` flag specifies the "quiet text" output format, which is compact (one line per `dnstap` frame), and excludes full DNS message details. The `-y` flag specifies a more verbose multi-document YAML-encoded output format that includes full DNS message details, as parsed by the [ldns] library. `dnstap-ldns` can also read bare hex-encoded dnstap protobufs without Frame Stream encoding. The `-x` flag will automatically detect whether the input data is a string of hex characters (possibly with embedded whitespace), or is in the generic record data format defined by [RFC 3597]. [dnstap]: http://dnstap.info/ [ldns]: http://www.nlnetlabs.nl/projects/ldns/ [fstrm]: https://github.com/farsightsec/fstrm [protobuf-c]: https://github.com/protobuf-c/protobuf-c [yaml]: http://www.yaml.org/ [RFC 3597]: http://tools.ietf.org/html/rfc3597 dnstap-ldns-0.2.0/autogen.sh000077500000000000000000000000371270475013200157420ustar00rootroot00000000000000#!/bin/sh exec autoreconf -fvi dnstap-ldns-0.2.0/configure.ac000066400000000000000000000026311270475013200162310ustar00rootroot00000000000000AC_PREREQ(2.64) AC_INIT([dnstap-ldns], [0.2.0], [https://github.com/dnstap/dnstap-ldns/issues], [dnstap-ldns], [https://github.com/dnstap/dnstap-ldns]) AC_CONFIG_SRCDIR([dnstap-ldns.c]) AC_CONFIG_AUX_DIR([build-aux]) AM_INIT_AUTOMAKE([foreign 1.11 -Wall -Wno-portability silent-rules subdir-objects]) AC_PROG_CC_STDC AC_USE_SYSTEM_EXTENSIONS AC_SYS_LARGEFILE AC_CONFIG_MACRO_DIR([m4]) AM_SILENT_RULES([yes]) my_CFLAGS="-Wall \ -Wmissing-declarations -Wmissing-prototypes \ -Wnested-externs -Wpointer-arith \ -Wpointer-arith -Wsign-compare -Wchar-subscripts \ -Wstrict-prototypes -Wshadow \ -Wformat-security" AC_SUBST([my_CFLAGS]) AC_CONFIG_HEADERS(config.h) AC_CONFIG_FILES([Makefile]) PKG_CHECK_MODULES([libldns], [libldns]) PKG_CHECK_MODULES([libfstrm], [libfstrm >= 0.2.0]) PKG_CHECK_MODULES([libprotobuf_c], [libprotobuf-c >= 1.0.1]) AC_PATH_PROG([PROTOC_C], [protoc-c]) AS_IF([test -z "$PROTOC_C"], AC_MSG_ERROR([The protoc-c program was not found. Please install the protobuf-c compiler!])) AC_OUTPUT AC_MSG_RESULT([ $PACKAGE $VERSION compiler: ${CC} cflags: ${CFLAGS} ldflags: ${LDFLAGS} libs: ${LIBS} prefix: ${prefix} sysconfdir: ${sysconfdir} libdir: ${libdir} includedir: ${includedir} ]) dnstap-ldns-0.2.0/dnstap-ldns.c000066400000000000000000000475221270475013200163460ustar00rootroot00000000000000/* * Copyright (c) 2014-2015 by Farsight Security, Inc. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ #include #include #include #include #include #include #include #include #include #include #include #include #include "dnstap.pb/dnstap.pb-c.h" /* From our host2str.c. */ ldns_status my_ldns_pktheader2buffer_str(ldns_buffer *, const ldns_pkt *); ldns_status my_ldns_pkt2buffer_str_fmt(ldns_buffer *, const ldns_output_format *, const ldns_pkt *); static const char g_dnstap_content_type[] = "protobuf:dnstap.Dnstap"; typedef enum { dnstap_input_format_frame_stream = 0, dnstap_input_format_hex = 1, } dnstap_input_format; typedef enum { dnstap_output_format_yaml = 0, dnstap_output_format_quiet = 1, } dnstap_output_format; static void print_string(const void *data, size_t len, FILE *out) { uint8_t *str = (uint8_t *) data; fputc('"', out); while (len-- != 0) { unsigned c = *(str++); if (isprint(c)) { if (c == '"') fputs("\\\"", out); else fputc(c, out); } else { fprintf(out, "\\x%02x", c); } } fputc('"', out); } static bool print_dns_question(const ProtobufCBinaryData *message, FILE *fp) { char *str = NULL; ldns_pkt *pkt = NULL; ldns_rr *rr = NULL; ldns_rdf *qname = NULL; ldns_rr_class qclass = 0; ldns_rr_type qtype = 0; ldns_status status; /* Parse the raw wire message. */ status = ldns_wire2pkt(&pkt, message->data, message->len); if (status == LDNS_STATUS_OK) { /* Get the question RR. */ rr = ldns_rr_list_rr(ldns_pkt_question(pkt), 0); /* Get the question name, class, and type. */ if (rr) { qname = ldns_rr_owner(rr); qclass = ldns_rr_get_class(rr); qtype = ldns_rr_get_type(rr); } } if (status == LDNS_STATUS_OK && rr && qname) { /* Print the question name. */ fputc('"', fp); ldns_rdf_print(fp, qname); fputc('"', fp); /* Print the question class. */ str = ldns_rr_class2str(qclass); fputc(' ', fp); fputs(str, fp); free(str); /* Print the question type. */ str = ldns_rr_type2str(qtype); fputc(' ', fp); fputs(str, fp); free(str); } else { fputs("? ? ?", fp); } /* Cleanup. */ if (pkt != NULL) ldns_pkt_free(pkt); /* Success. */ return true; } static bool print_dns_message(const ProtobufCBinaryData *message, const char *field_name, FILE *fp) { char *str = NULL; ldns_buffer *buf = NULL; ldns_pkt *pkt = NULL; ldns_status status; /* Initialize 'buf'. */ buf = ldns_buffer_new(LDNS_MAX_PACKETLEN); if (!buf) return false; /* Parse the raw wire message. */ status = ldns_wire2pkt(&pkt, message->data, message->len); if (status == LDNS_STATUS_OK) { /* Print the message, indented with spaces. */ fprintf(fp, " %s: |\n", field_name); status = my_ldns_pkt2buffer_str_fmt(buf, ldns_output_format_default, pkt); if (status == LDNS_STATUS_OK) { str = ldns_buffer_export2str(buf); fputs(str, fp); } } else { /* Parse failure. */ fprintf(fp, " # %s: parse failed\n", field_name); } /* Cleanup. */ free(str); if (pkt != NULL) ldns_pkt_free(pkt); if (buf != NULL) ldns_buffer_free(buf); /* Success. */ return true; } static bool print_domain_name(const ProtobufCBinaryData *domain, FILE *fp) { /* Wrap the binary data in 'domain' into an 'ldns_rdf'. */ ldns_rdf *dname; dname = ldns_dname_new(domain->len, domain->data); if (!dname) return false; /* Print the presentation form of the domain name. */ fputc('"', fp); ldns_rdf_print(fp, dname); fputc('"', fp); /* Success. */ ldns_rdf_free(dname); return true; } static bool print_ip_address(const ProtobufCBinaryData *ip, FILE *fp) { char buf[INET6_ADDRSTRLEN] = {0}; if (ip->len == 4) { /* Convert IPv4 address. */ if (!inet_ntop(AF_INET, ip->data, buf, sizeof(buf))) return false; } else if (ip->len == 16) { /* Convert IPv6 address. */ if (!inet_ntop(AF_INET6, ip->data, buf, sizeof(buf))) return false; } else { /* Unknown address family. */ return false; } /* Print the presentation form of the IP address. */ fputs(buf, fp); /* Success. */ return true; } static bool print_timestamp(uint64_t timestamp_sec, uint32_t timestamp_nsec, FILE *fp) { static const char *fmt = "%F %H:%M:%S"; char buf[100] = {0}; struct tm tm; time_t t = (time_t) timestamp_sec; /* Convert arguments to broken-down 'struct tm'. */ if (!gmtime_r(&t, &tm)) return false; /* Format 'tm' into 'buf'. */ if (strftime(buf, sizeof(buf), fmt, &tm) <= 0) return false; /* Print the timestamp. */ fputs(buf, fp); fprintf(fp, ".%06u", timestamp_nsec / 1000); /* Success. */ return true; } static bool print_dnstap_message_quiet(const Dnstap__Message *m, FILE *fp) { bool is_query = false; bool print_query_address = false; switch (m->type) { case DNSTAP__MESSAGE__TYPE__AUTH_QUERY: case DNSTAP__MESSAGE__TYPE__RESOLVER_QUERY: case DNSTAP__MESSAGE__TYPE__CLIENT_QUERY: case DNSTAP__MESSAGE__TYPE__FORWARDER_QUERY: case DNSTAP__MESSAGE__TYPE__STUB_QUERY: case DNSTAP__MESSAGE__TYPE__TOOL_QUERY: is_query = true; break; case DNSTAP__MESSAGE__TYPE__AUTH_RESPONSE: case DNSTAP__MESSAGE__TYPE__RESOLVER_RESPONSE: case DNSTAP__MESSAGE__TYPE__CLIENT_RESPONSE: case DNSTAP__MESSAGE__TYPE__FORWARDER_RESPONSE: case DNSTAP__MESSAGE__TYPE__STUB_RESPONSE: case DNSTAP__MESSAGE__TYPE__TOOL_RESPONSE: is_query = false; break; default: fputs("[unhandled Dnstap.Message.Type]\n", fp); return true; } /* Print timestamp. */ if (is_query) { if (m->has_query_time_sec && m->has_query_time_nsec) print_timestamp(m->query_time_sec, m->query_time_nsec, fp); else fputs("??:??:??.??????", fp); } else { if (m->has_response_time_sec && m->has_response_time_nsec) print_timestamp(m->response_time_sec, m->response_time_nsec, fp); else fputs("??:??:??.??????", fp); } fputc(' ', fp); /* Print message type mnemonic. */ switch (m->type) { case DNSTAP__MESSAGE__TYPE__AUTH_QUERY: case DNSTAP__MESSAGE__TYPE__AUTH_RESPONSE: fputc('A', fp); break; case DNSTAP__MESSAGE__TYPE__CLIENT_QUERY: case DNSTAP__MESSAGE__TYPE__CLIENT_RESPONSE: fputc('C', fp); break; case DNSTAP__MESSAGE__TYPE__FORWARDER_QUERY: case DNSTAP__MESSAGE__TYPE__FORWARDER_RESPONSE: fputc('F', fp); break; case DNSTAP__MESSAGE__TYPE__RESOLVER_QUERY: case DNSTAP__MESSAGE__TYPE__RESOLVER_RESPONSE: fputc('R', fp); break; case DNSTAP__MESSAGE__TYPE__STUB_QUERY: case DNSTAP__MESSAGE__TYPE__STUB_RESPONSE: fputc('S', fp); break; case DNSTAP__MESSAGE__TYPE__TOOL_QUERY: case DNSTAP__MESSAGE__TYPE__TOOL_RESPONSE: fputc('T', fp); break; default: fputc('?', fp); break; } if (is_query) fputs("Q ", fp); else fputs("R ", fp); /* Print query address or response address. */ switch (m->type) { case DNSTAP__MESSAGE__TYPE__CLIENT_QUERY: case DNSTAP__MESSAGE__TYPE__CLIENT_RESPONSE: case DNSTAP__MESSAGE__TYPE__AUTH_QUERY: case DNSTAP__MESSAGE__TYPE__AUTH_RESPONSE: print_query_address = true; break; default: print_query_address = false; break; } if (print_query_address) { if (m->has_query_address) print_ip_address(&m->query_address, fp); else fputs("MISSING_ADDRESS", fp); } else { if (m->has_response_address) print_ip_address(&m->response_address, fp); else fputs("MISSING_ADDRESS", fp); } fputc(' ', fp); /* Print socket protocol. */ if (m->has_socket_protocol) { const ProtobufCEnumValue *type = protobuf_c_enum_descriptor_get_value( &dnstap__socket_protocol__descriptor, m->socket_protocol); if (type) fputs(type->name, fp); else fputs("?", fp); } else { fputs("?", fp); } fputc(' ', fp); /* Print message size. */ if (is_query && m->has_query_message) { fprintf(fp, "%zdb ", m->query_message.len); } else if (!is_query && m->has_response_message) { fprintf(fp, "%zdb ", m->response_message.len); } else { fprintf(fp, "0b "); } /* Print question. */ if (is_query && m->has_query_message) { if (!print_dns_question(&m->query_message, fp)) return false; } else if (!is_query && m->has_response_message) { if (!print_dns_question(&m->response_message, fp)) return false; } else { fputs("? ? ?", fp); } fputc('\n', fp); /* Success. */ return true; } static bool print_dnstap_message_yaml(const Dnstap__Message *m, FILE *fp) { /* Print 'type' field. */ const ProtobufCEnumValue *m_type = protobuf_c_enum_descriptor_get_value( &dnstap__message__type__descriptor, m->type); if (!m_type) return false; fputs(" type: ", fp); fputs(m_type->name, fp); fputc('\n', fp); /* Print 'query_time' field. */ if (m->has_query_time_sec && m->has_query_time_nsec) { fputs(" query_time: !!timestamp ", fp); print_timestamp(m->query_time_sec, m->query_time_nsec, fp); fputc('\n', fp); } /* Print 'response_time' field. */ if (m->has_response_time_sec && m->has_response_time_nsec) { fputs(" response_time: !!timestamp ", fp); print_timestamp(m->response_time_sec, m->response_time_nsec, fp); fputc('\n', fp); } /* Print 'socket_family' field. */ if (m->has_socket_family) { const ProtobufCEnumValue *type = protobuf_c_enum_descriptor_get_value( &dnstap__socket_family__descriptor, m->socket_family); if (!type) return false; fputs(" socket_family: ", fp); fputs(type->name, fp); fputc('\n', fp); } /* Print 'socket_protocol' field. */ if (m->has_socket_protocol) { const ProtobufCEnumValue *type = protobuf_c_enum_descriptor_get_value( &dnstap__socket_protocol__descriptor, m->socket_protocol); if (!type) return false; fputs(" socket_protocol: ", fp); fputs(type->name, fp); fputc('\n', fp); } /* Print 'query_address' field. */ if (m->has_query_address) { fputs(" query_address: ", fp); print_ip_address(&m->query_address, fp); fputc('\n', fp); } /* Print 'response_address field. */ if (m->has_response_address) { fputs(" response_address: ", fp); print_ip_address(&m->response_address, fp); fputc('\n', fp); } /* Print 'query_port' field. */ if (m->has_query_port) fprintf(fp, " query_port: %u\n", m->query_port); /* Print 'response_port' field. */ if (m->has_response_port) fprintf(fp, " response_port: %u\n", m->response_port); /* Print 'query_zone' field. */ if (m->has_query_zone) { fputs(" query_zone: ", fp); print_domain_name(&m->query_zone, fp); fputc('\n', fp); } /* Print 'query_message' field. */ if (m->has_query_message) { if (!print_dns_message(&m->query_message, "query_message", fp)) return false; } /* Print 'response_message' field .*/ if (m->has_response_message) { if (!print_dns_message(&m->response_message, "response_message", fp)) return false; } /* Success. */ fputs("---\n", fp); return true; } static bool print_dnstap_frame_quiet(const Dnstap__Dnstap *d, FILE *fp) { if (d->type == DNSTAP__DNSTAP__TYPE__MESSAGE && d->message != NULL) { return print_dnstap_message_quiet(d->message, fp); } else { fputs("[unhandled Dnstap.Type]\n", fp); } /* Success. */ return true; } static bool print_dnstap_frame_yaml(const Dnstap__Dnstap *d, FILE *fp) { /* Print 'type' field. */ const ProtobufCEnumValue *d_type = protobuf_c_enum_descriptor_get_value( &dnstap__dnstap__type__descriptor, d->type); if (!d_type) return false; fputs("type: ", fp); fputs(d_type->name, fp); fputc('\n', fp); /* Print 'identity' field. */ if (d->has_identity) { fputs("identity: ", fp); print_string(d->identity.data, d->identity.len, fp); fputc('\n', fp); } /* Print 'version' field. */ if (d->has_version) { fputs("version: ", fp); print_string(d->version.data, d->version.len, fp); fputc('\n', fp); } /* Print 'message' field. */ if (d->type == DNSTAP__DNSTAP__TYPE__MESSAGE) { fputs("message:\n", fp); if (!print_dnstap_message_yaml(d->message, fp)) return false; } /* Success. */ return true; } static bool print_dnstap_frame(const uint8_t *data, size_t len_data, dnstap_output_format fmt, FILE *fp) { bool rv = false; Dnstap__Dnstap *d = NULL; //fprintf(stderr, "%s: len = %zd\n", __func__, len_data); /* Unpack the data frame. */ d = dnstap__dnstap__unpack(NULL, len_data, data); if (!d) { fprintf(stderr, "%s: dnstap__dnstap__unpack() failed.\n", __func__); goto out; } if (fmt == dnstap_output_format_yaml) { if (!print_dnstap_frame_yaml(d, fp)) goto out; } else if (fmt == dnstap_output_format_quiet) { if (!print_dnstap_frame_quiet(d, fp)) goto out; } else { fprintf(stderr, "%s: unknown output format %d\n", __func__, fmt); goto out; } /* Success. */ rv = true; out: /* Cleanup protobuf-c allocations. */ if (d) dnstap__dnstap__free_unpacked(d, NULL); /* Success. */ return rv; } static bool verify_content_type(struct fstrm_reader *r, const uint8_t *content_type, size_t len_content_type) { fstrm_res res; const struct fstrm_control *control = NULL; size_t n_content_type = 0; const uint8_t *r_content_type = NULL; size_t len_r_content_type = 0; res = fstrm_reader_get_control(r, FSTRM_CONTROL_START, &control); if (res != fstrm_res_success) return false; res = fstrm_control_get_num_field_content_type(control, &n_content_type); if (res != fstrm_res_success) return false; if (n_content_type > 0) { res = fstrm_control_get_field_content_type(control, 0, &r_content_type, &len_r_content_type); if (res != fstrm_res_success) return false; if (len_content_type != len_r_content_type) return false; if (memcmp(content_type, r_content_type, len_content_type) == 0) return true; } return false; } static void usage(void) { fprintf(stderr, "Usage: dnstap-ldns [OPTION]...\n"); fprintf(stderr, " -q Use quiet text output format\n"); fprintf(stderr, " -y Use verbose YAML output format\n"); fprintf(stderr, " -x Input format is hexlified protobuf or NULL RR\n"); fprintf(stderr, " -r Read dnstap payloads from file\n"); fprintf(stderr, "\n"); fprintf(stderr, "Quiet text output format mnemonics:\n"); fprintf(stderr, " AQ: AUTH_QUERY\n"); fprintf(stderr, " AR: AUTH_RESPONSE\n"); fprintf(stderr, " RQ: RESOLVER_QUERY\n"); fprintf(stderr, " RR: RESOLVER_RESPONSE\n"); fprintf(stderr, " CQ: CLIENT_QUERY\n"); fprintf(stderr, " CR: CLIENT_RESPONSE\n"); fprintf(stderr, " FQ: FORWARDER_QUERY\n"); fprintf(stderr, " FR: FORWARDER_RESPONSE\n"); fprintf(stderr, " SQ: STUB_QUERY\n"); fprintf(stderr, " SR: STUB_RESPONSE\n"); fprintf(stderr, " TQ: TOOL_QUERY\n"); fprintf(stderr, " TR: TOOL_RESPONSE\n"); fprintf(stderr, "\n"); exit(EXIT_FAILURE); } static int read_input_frame_stream(const char *input_fname, const dnstap_output_format fmt) { struct fstrm_reader *r = NULL; int rv = EXIT_FAILURE; fstrm_res res; if (input_fname) { /* Setup file reader options. */ struct fstrm_file_options *fopt; fopt = fstrm_file_options_init(); fstrm_file_options_set_file_path(fopt, input_fname); /* Initialize file reader. */ r = fstrm_file_reader_init(fopt, NULL); if (!r) { fputs("Error: fstrm_file_reader_init() failed.\n", stderr); goto out; } res = fstrm_reader_open(r); if (res != fstrm_res_success) { fputs("Error: fstrm_reader_option() failed.\n", stderr); goto out; } /* Cleanup. */ fstrm_file_options_destroy(&fopt); /* Verify "Content Type" field. */ if (!verify_content_type(r, (const uint8_t *) g_dnstap_content_type, strlen(g_dnstap_content_type))) { fprintf(stderr, "Error: %s is not a dnstap file.\n", input_fname); goto out; } } else { fprintf(stderr, "Error: no input specified, try -r .\n\n"); usage(); } /* Loop over data frames. */ for (;;) { const uint8_t *data; size_t len_data; res = fstrm_reader_read(r, &data, &len_data); if (res == fstrm_res_success) { /* Data frame ready. */ if (!print_dnstap_frame(data, len_data, fmt, stdout)) { fputs("Error: print_dnstap_frame() failed.\n", stderr); goto out; } } else if (res == fstrm_res_stop) { /* Normal end of data stream. */ rv = EXIT_SUCCESS; goto out; } else { /* Abnormal end. */ fputs("Error: fstrm_reader_read() failed.\n", stderr); goto out; } } out: /* Cleanup. */ fstrm_reader_destroy(&r); return rv; } static int read_input_hex(const char *input_fname, const dnstap_output_format fmt) { int rv = EXIT_FAILURE; FILE *r = NULL; /* Allocate buffer for input data. */ static const size_t alloc_bytes = 262144; uint8_t *data = calloc(1, alloc_bytes); assert(data != NULL); /* Open the input file stream. */ if (!input_fname || strcmp(input_fname, "-") == 0) { r = stdin; } else { r = fopen(input_fname, "r"); if (!r) { fputs("Error: fopen() failed.\n", stderr); goto out; } } /* Read up to 'alloc_bytes' from input stream. */ const size_t len_data = fread(data, 1, alloc_bytes, r); if (ferror(r)) { fputs("Error: fread() failed.\n", stderr); goto out; } if (!feof(r)) { fputs("Error: Too much data from input.\n", stderr); goto out; } /* If present, trim \# and data length, for RFC 3597 rdata. */ char *p = data; if (len_data >= 4 && p[0] == '\\' && p[1] == '#' && p[2] == ' ') { /* Trim the "\# ". */ p += 3; /* Trim the rdata length. */ p = strchr(p, ' '); if (!p) goto out; } /* Unhexlify the data. */ ldns_rdf *rdf = NULL; ldns_rr *rr = NULL; ldns_status status = ldns_str2rdf_hex(&rdf, p); if (status != LDNS_STATUS_OK) { /** * Failed to parse as hex or 3597 rdata, try to parse as a * master format NULL RR, possibly in multi-line format with * comments (e.g., dig output). */ char *line = NULL; char *saveptr = NULL; line = strtok_r(data, "\n\r", &saveptr); if (!line) goto out; do { status = ldns_rr_new_frm_str(&rr, line, 0, NULL, NULL); if (status == LDNS_STATUS_OK) break; line = strtok_r(NULL, "\n\r", &saveptr); } while (line); if (!rr) { fprintf(stderr, "Error: Unable to decode as hex or RR. Bad input?\n"); goto out; } if (ldns_rr_get_type(rr) != LDNS_RR_TYPE_NULL) { fprintf(stderr, "Error: Unexpected rrtype (%u).\n", ldns_rr_get_type(rr)); goto out; } if (ldns_rr_rd_count(rr) != 1) { fprintf(stderr, "Error: Unexpected rdf count (%u).\n", ldns_rr_rd_count(rr)); goto out; } rdf = ldns_rr_pop_rdf(rr); } /* Get the raw data pointer out of the wrapped ldns type. */ uint8_t *raw = ldns_rdf_data(rdf); size_t len_raw = ldns_rdf_size(rdf); /* Decode and print the protobuf message. */ if (!print_dnstap_frame(raw, len_raw, fmt, stdout)) { fputs("Error: print_dnstap_frame() failed.\n", stderr); goto out; } /* Success. */ rv = EXIT_SUCCESS; out: /* Cleanup. */ if (r) fclose(r); if (rdf) ldns_rdf_deep_free(rdf); if (rr) ldns_rr_free(rr); free(data); return rv; } int main(int argc, char **argv) { int c; int rv = EXIT_FAILURE; const char *input_fname = NULL; dnstap_input_format in_fmt = dnstap_input_format_frame_stream; dnstap_output_format out_fmt = dnstap_output_format_quiet; /* Args. */ while ((c = getopt(argc, argv, "qyxr:")) != -1) { switch (c) { case 'q': out_fmt = dnstap_output_format_quiet; break; case 'y': out_fmt = dnstap_output_format_yaml; break; case 'x': in_fmt = dnstap_input_format_hex; break; case 'r': input_fname = optarg; break; default: usage(); } } argc -= optind; argv += optind; if (argc != 0) usage(); if (in_fmt == dnstap_input_format_frame_stream) { rv = read_input_frame_stream(input_fname, out_fmt); } else if (in_fmt == dnstap_input_format_hex) { rv = read_input_hex(input_fname, out_fmt); } else { rv = EXIT_FAILURE; } return rv; } dnstap-ldns-0.2.0/dnstap.pb/000077500000000000000000000000001270475013200156325ustar00rootroot00000000000000dnstap-ldns-0.2.0/dnstap.pb/.gitignore000066400000000000000000000001241270475013200176170ustar00rootroot00000000000000.deps/ .dirstamp .libs/ *.pb-c.c *.pb-c.h *.pb.cc *.pb.h *.pb.go *_pb2.py *_pb2.pyc dnstap-ldns-0.2.0/dnstap.pb/LICENSE000066400000000000000000000156101270475013200166420ustar00rootroot00000000000000Creative Commons Legal Code CC0 1.0 Universal CREATIVE COMMONS CORPORATION IS NOT A LAW FIRM AND DOES NOT PROVIDE LEGAL SERVICES. DISTRIBUTION OF THIS DOCUMENT DOES NOT CREATE AN ATTORNEY-CLIENT RELATIONSHIP. CREATIVE COMMONS PROVIDES THIS INFORMATION ON AN "AS-IS" BASIS. CREATIVE COMMONS MAKES NO WARRANTIES REGARDING THE USE OF THIS DOCUMENT OR THE INFORMATION OR WORKS PROVIDED HEREUNDER, AND DISCLAIMS LIABILITY FOR DAMAGES RESULTING FROM THE USE OF THIS DOCUMENT OR THE INFORMATION OR WORKS PROVIDED HEREUNDER. Statement of Purpose The laws of most jurisdictions throughout the world automatically confer exclusive Copyright and Related Rights (defined below) upon the creator and subsequent owner(s) (each and all, an "owner") of an original work of authorship and/or a database (each, a "Work"). Certain owners wish to permanently relinquish those rights to a Work for the purpose of contributing to a commons of creative, cultural and scientific works ("Commons") that the public can reliably and without fear of later claims of infringement build upon, modify, incorporate in other works, reuse and redistribute as freely as possible in any form whatsoever and for any purposes, including without limitation commercial purposes. These owners may contribute to the Commons to promote the ideal of a free culture and the further production of creative, cultural and scientific works, or to gain reputation or greater distribution for their Work in part through the use and efforts of others. For these and/or other purposes and motivations, and without any expectation of additional consideration or compensation, the person associating CC0 with a Work (the "Affirmer"), to the extent that he or she is an owner of Copyright and Related Rights in the Work, voluntarily elects to apply CC0 to the Work and publicly distribute the Work under its terms, with knowledge of his or her Copyright and Related Rights in the Work and the meaning and intended legal effect of CC0 on those rights. 1. Copyright and Related Rights. A Work made available under CC0 may be protected by copyright and related or neighboring rights ("Copyright and Related Rights"). Copyright and Related Rights include, but are not limited to, the following: i. the right to reproduce, adapt, distribute, perform, display, communicate, and translate a Work; ii. moral rights retained by the original author(s) and/or performer(s); iii. publicity and privacy rights pertaining to a person's image or likeness depicted in a Work; iv. rights protecting against unfair competition in regards to a Work, subject to the limitations in paragraph 4(a), below; v. rights protecting the extraction, dissemination, use and reuse of data in a Work; vi. database rights (such as those arising under Directive 96/9/EC of the European Parliament and of the Council of 11 March 1996 on the legal protection of databases, and under any national implementation thereof, including any amended or successor version of such directive); and vii. other similar, equivalent or corresponding rights throughout the world based on applicable law or treaty, and any national implementations thereof. 2. Waiver. To the greatest extent permitted by, but not in contravention of, applicable law, Affirmer hereby overtly, fully, permanently, irrevocably and unconditionally waives, abandons, and surrenders all of Affirmer's Copyright and Related Rights and associated claims and causes of action, whether now known or unknown (including existing as well as future claims and causes of action), in the Work (i) in all territories worldwide, (ii) for the maximum duration provided by applicable law or treaty (including future time extensions), (iii) in any current or future medium and for any number of copies, and (iv) for any purpose whatsoever, including without limitation commercial, advertising or promotional purposes (the "Waiver"). Affirmer makes the Waiver for the benefit of each member of the public at large and to the detriment of Affirmer's heirs and successors, fully intending that such Waiver shall not be subject to revocation, rescission, cancellation, termination, or any other legal or equitable action to disrupt the quiet enjoyment of the Work by the public as contemplated by Affirmer's express Statement of Purpose. 3. Public License Fallback. Should any part of the Waiver for any reason be judged legally invalid or ineffective under applicable law, then the Waiver shall be preserved to the maximum extent permitted taking into account Affirmer's express Statement of Purpose. In addition, to the extent the Waiver is so judged Affirmer hereby grants to each affected person a royalty-free, non transferable, non sublicensable, non exclusive, irrevocable and unconditional license to exercise Affirmer's Copyright and Related Rights in the Work (i) in all territories worldwide, (ii) for the maximum duration provided by applicable law or treaty (including future time extensions), (iii) in any current or future medium and for any number of copies, and (iv) for any purpose whatsoever, including without limitation commercial, advertising or promotional purposes (the "License"). The License shall be deemed effective as of the date CC0 was applied by Affirmer to the Work. Should any part of the License for any reason be judged legally invalid or ineffective under applicable law, such partial invalidity or ineffectiveness shall not invalidate the remainder of the License, and in such case Affirmer hereby affirms that he or she will not (i) exercise any of his or her remaining Copyright and Related Rights in the Work or (ii) assert any associated claims and causes of action with respect to the Work, in either case contrary to Affirmer's express Statement of Purpose. 4. Limitations and Disclaimers. a. No trademark or patent rights held by Affirmer are waived, abandoned, surrendered, licensed or otherwise affected by this document. b. Affirmer offers the Work as-is and makes no representations or warranties of any kind concerning the Work, express, implied, statutory or otherwise, including without limitation warranties of title, merchantability, fitness for a particular purpose, non infringement, or the absence of latent or other defects, accuracy, or the present or absence of errors, whether or not discoverable, all to the greatest extent permissible under applicable law. c. Affirmer disclaims responsibility for clearing rights of other persons that may apply to the Work or any use thereof, including without limitation any person's Copyright and Related Rights in the Work. Further, Affirmer disclaims responsibility for obtaining any necessary consents, permissions or other rights required for any use of the Work. d. Affirmer understands and acknowledges that Creative Commons is not a party to this document and has no duty or obligation with respect to this CC0 or use of the Work. dnstap-ldns-0.2.0/dnstap.pb/README000066400000000000000000000004001270475013200165040ustar00rootroot00000000000000dnstap: flexible, structured event replication format for DNS software ---------------------------------------------------------------------- This directory contains only the protobuf schemas for dnstap, and is the root of a repository named "dnstap.pb". dnstap-ldns-0.2.0/dnstap.pb/dnstap.proto000066400000000000000000000251241270475013200202140ustar00rootroot00000000000000// dnstap: flexible, structured event replication format for DNS software // // This file contains the protobuf schemas for the "dnstap" structured event // replication format for DNS software. // Written in 2013-2014 by Farsight Security, Inc. // // To the extent possible under law, the author(s) have dedicated all // copyright and related and neighboring rights to this file to the public // domain worldwide. This file is distributed without any warranty. // // You should have received a copy of the CC0 Public Domain Dedication along // with this file. If not, see: // // . package dnstap; // "Dnstap": this is the top-level dnstap type, which is a "union" type that // contains other kinds of dnstap payloads, although currently only one type // of dnstap payload is defined. // See: https://developers.google.com/protocol-buffers/docs/techniques#union message Dnstap { // DNS server identity. // If enabled, this is the identity string of the DNS server which generated // this message. Typically this would be the same string as returned by an // "NSID" (RFC 5001) query. optional bytes identity = 1; // DNS server version. // If enabled, this is the version string of the DNS server which generated // this message. Typically this would be the same string as returned by a // "version.bind" query. optional bytes version = 2; // Extra data for this payload. // This field can be used for adding an arbitrary byte-string annotation to // the payload. No encoding or interpretation is applied or enforced. optional bytes extra = 3; // Identifies which field below is filled in. enum Type { MESSAGE = 1; } required Type type = 15; // One of the following will be filled in. optional Message message = 14; } // SocketFamily: the network protocol family of a socket. This specifies how // to interpret "network address" fields. enum SocketFamily { INET = 1; // IPv4 (RFC 791) INET6 = 2; // IPv6 (RFC 2460) } // SocketProtocol: the transport protocol of a socket. This specifies how to // interpret "transport port" fields. enum SocketProtocol { UDP = 1; // User Datagram Protocol (RFC 768) TCP = 2; // Transmission Control Protocol (RFC 793) } // Message: a wire-format (RFC 1035 section 4) DNS message and associated // metadata. Applications generating "Message" payloads should follow // certain requirements based on the MessageType, see below. message Message { // There are eight types of "Message" defined that correspond to the // four arrows in the following diagram, slightly modified from RFC 1035 // section 2: // +---------+ +----------+ +--------+ // | | query | | query | | // | Stub |-SQ--------CQ->| Recursive|-RQ----AQ->| Auth. | // | Resolver| | Server | | Name | // | |<-SR--------CR-| |<-RR----AR-| Server | // +---------+ response | | response | | // +----------+ +--------+ // Each arrow has two Type values each, one for each "end" of each arrow, // because these are considered to be distinct events. Each end of each // arrow on the diagram above has been marked with a two-letter Type // mnemonic. Clockwise from upper left, these mnemonic values are: // // SQ: STUB_QUERY // CQ: CLIENT_QUERY // RQ: RESOLVER_QUERY // AQ: AUTH_QUERY // AR: AUTH_RESPONSE // RR: RESOLVER_RESPONSE // CR: CLIENT_RESPONSE // SR: STUB_RESPONSE // Two additional types of "Message" have been defined for the // "forwarding" case where an upstream DNS server is responsible for // further recursion. These are not shown on the diagram above, but have // the following mnemonic values: // FQ: FORWARDER_QUERY // FR: FORWARDER_RESPONSE // The "Message" Type values are defined below. enum Type { // AUTH_QUERY is a DNS query message received from a resolver by an // authoritative name server, from the perspective of the authorative // name server. AUTH_QUERY = 1; // AUTH_RESPONSE is a DNS response message sent from an authoritative // name server to a resolver, from the perspective of the authoritative // name server. AUTH_RESPONSE = 2; // RESOLVER_QUERY is a DNS query message sent from a resolver to an // authoritative name server, from the perspective of the resolver. // Resolvers typically clear the RD (recursion desired) bit when // sending queries. RESOLVER_QUERY = 3; // RESOLVER_RESPONSE is a DNS response message received from an // authoritative name server by a resolver, from the perspective of // the resolver. RESOLVER_RESPONSE = 4; // CLIENT_QUERY is a DNS query message sent from a client to a DNS // server which is expected to perform further recursion, from the // perspective of the DNS server. The client may be a stub resolver or // forwarder or some other type of software which typically sets the RD // (recursion desired) bit when querying the DNS server. The DNS server // may be a simple forwarding proxy or it may be a full recursive // resolver. CLIENT_QUERY = 5; // CLIENT_RESPONSE is a DNS response message sent from a DNS server to // a client, from the perspective of the DNS server. The DNS server // typically sets the RA (recursion available) bit when responding. CLIENT_RESPONSE = 6; // FORWARDER_QUERY is a DNS query message sent from a downstream DNS // server to an upstream DNS server which is expected to perform // further recursion, from the perspective of the downstream DNS // server. FORWARDER_QUERY = 7; // FORWARDER_RESPONSE is a DNS response message sent from an upstream // DNS server performing recursion to a downstream DNS server, from the // perspective of the downstream DNS server. FORWARDER_RESPONSE = 8; // STUB_QUERY is a DNS query message sent from a stub resolver to a DNS // server, from the perspective of the stub resolver. STUB_QUERY = 9; // STUB_RESPONSE is a DNS response message sent from a DNS server to a // stub resolver, from the perspective of the stub resolver. STUB_RESPONSE = 10; // TOOL_QUERY is a DNS query message sent from a DNS software tool to a // DNS server, from the perspective of the tool. TOOL_QUERY = 11; // TOOL_RESPONSE is a DNS response message received by a DNS software // tool from a DNS server, from the perspective of the tool. TOOL_RESPONSE = 12; } // One of the Type values described above. required Type type = 1; // One of the SocketFamily values described above. optional SocketFamily socket_family = 2; // One of the SocketProtocol values described above. optional SocketProtocol socket_protocol = 3; // The network address of the message initiator. // For SocketFamily INET, this field is 4 octets (IPv4 address). // For SocketFamily INET6, this field is 16 octets (IPv6 address). optional bytes query_address = 4; // The network address of the message responder. // For SocketFamily INET, this field is 4 octets (IPv4 address). // For SocketFamily INET6, this field is 16 octets (IPv6 address). optional bytes response_address = 5; // The transport port of the message initiator. // This is a 16-bit UDP or TCP port number, depending on SocketProtocol. optional uint32 query_port = 6; // The transport port of the message responder. // This is a 16-bit UDP or TCP port number, depending on SocketProtocol. optional uint32 response_port = 7; // The time at which the DNS query message was sent or received, depending // on whether this is an AUTH_QUERY, RESOLVER_QUERY, or CLIENT_QUERY. // This is the number of seconds since the UNIX epoch. optional uint64 query_time_sec = 8; // The time at which the DNS query message was sent or received. // This is the seconds fraction, expressed as a count of nanoseconds. optional fixed32 query_time_nsec = 9; // The initiator's original wire-format DNS query message, verbatim. optional bytes query_message = 10; // The "zone" or "bailiwick" pertaining to the DNS query message. // This is a wire-format DNS domain name. optional bytes query_zone = 11; // The time at which the DNS response message was sent or received, // depending on whether this is an AUTH_RESPONSE, RESOLVER_RESPONSE, or // CLIENT_RESPONSE. // This is the number of seconds since the UNIX epoch. optional uint64 response_time_sec = 12; // The time at which the DNS response message was sent or received. // This is the seconds fraction, expressed as a count of nanoseconds. optional fixed32 response_time_nsec = 13; // The responder's original wire-format DNS response message, verbatim. optional bytes response_message = 14; } // All fields except for 'type' in the Message schema are optional. // It is recommended that at least the following fields be filled in for // particular types of Messages. // AUTH_QUERY: // socket_family, socket_protocol // query_address, query_port // query_message // query_time_sec, query_time_nsec // AUTH_RESPONSE: // socket_family, socket_protocol // query_address, query_port // query_time_sec, query_time_nsec // response_message // response_time_sec, response_time_nsec // RESOLVER_QUERY: // socket_family, socket_protocol // query_message // query_time_sec, query_time_nsec // query_zone // response_address, response_port // RESOLVER_RESPONSE: // socket_family, socket_protocol // query_time_sec, query_time_nsec // query_zone // response_address, response_port // response_message // response_time_sec, response_time_nsec // CLIENT_QUERY: // socket_family, socket_protocol // query_message // query_time_sec, query_time_nsec // CLIENT_RESPONSE: // socket_family, socket_protocol // query_time_sec, query_time_nsec // response_message // response_time_sec, response_time_nsec dnstap-ldns-0.2.0/host2str.c000066400000000000000000000145221270475013200157010ustar00rootroot00000000000000/* * Copyright (c) 2005,2006, NLnetLabs * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are met: * * * Redistributions of source code must retain the above copyright notice, * this list of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * Neither the name of NLnetLabs nor the names of its * contributors may be used to endorse or promote products derived from this * software without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. */ #include /* Adapted from ldns_pktheader2buffer_str() from ldns host2str.c. */ ldns_status my_ldns_pktheader2buffer_str(ldns_buffer *output, const ldns_pkt *pkt) { ldns_lookup_table *opcode = ldns_lookup_by_id(ldns_opcodes, (int) ldns_pkt_get_opcode(pkt)); ldns_lookup_table *rcode = ldns_lookup_by_id(ldns_rcodes, (int) ldns_pkt_get_rcode(pkt)); ldns_buffer_printf(output, " "); ldns_buffer_printf(output, ";; ->>HEADER<<- "); if (opcode) { ldns_buffer_printf(output, "opcode: %s, ", opcode->name); } else { ldns_buffer_printf(output, "opcode: ?? (%u), ", ldns_pkt_get_opcode(pkt)); } if (rcode) { ldns_buffer_printf(output, "rcode: %s, ", rcode->name); } else { ldns_buffer_printf(output, "rcode: ?? (%u), ", ldns_pkt_get_rcode(pkt)); } ldns_buffer_printf(output, "id: %d\n", ldns_pkt_id(pkt)); ldns_buffer_printf(output, " "); ldns_buffer_printf(output, ";; flags: "); if (ldns_pkt_qr(pkt)) { ldns_buffer_printf(output, "qr "); } if (ldns_pkt_aa(pkt)) { ldns_buffer_printf(output, "aa "); } if (ldns_pkt_tc(pkt)) { ldns_buffer_printf(output, "tc "); } if (ldns_pkt_rd(pkt)) { ldns_buffer_printf(output, "rd "); } if (ldns_pkt_cd(pkt)) { ldns_buffer_printf(output, "cd "); } if (ldns_pkt_ra(pkt)) { ldns_buffer_printf(output, "ra "); } if (ldns_pkt_ad(pkt)) { ldns_buffer_printf(output, "ad "); } ldns_buffer_printf(output, "; "); ldns_buffer_printf(output, "QUERY: %u, ", ldns_pkt_qdcount(pkt)); ldns_buffer_printf(output, "ANSWER: %u, ", ldns_pkt_ancount(pkt)); ldns_buffer_printf(output, "AUTHORITY: %u, ", ldns_pkt_nscount(pkt)); ldns_buffer_printf(output, "ADDITIONAL: %u ", ldns_pkt_arcount(pkt)); return ldns_buffer_status(output); } /* Adapted from ldns_pkt2buffer_str_fmt() from ldns host2str.c. */ ldns_status my_ldns_pkt2buffer_str_fmt(ldns_buffer *output, const ldns_output_format *fmt, const ldns_pkt *pkt) { uint16_t i; ldns_status status = LDNS_STATUS_OK; if (!pkt) { ldns_buffer_printf(output, "null"); return LDNS_STATUS_OK; } if (ldns_buffer_status_ok(output)) { status = my_ldns_pktheader2buffer_str(output, pkt); if (status != LDNS_STATUS_OK) { return status; } ldns_buffer_printf(output, "\n\n"); ldns_buffer_printf(output, " ;; QUESTION SECTION:\n ;"); for (i = 0; i < ldns_pkt_qdcount(pkt); i++) { status = ldns_rr2buffer_str_fmt(output, fmt, ldns_rr_list_rr( ldns_pkt_question(pkt), i)); if (status != LDNS_STATUS_OK) { return status; } } ldns_buffer_printf(output, "\n"); ldns_buffer_printf(output, " ;; ANSWER SECTION:\n"); for (i = 0; i < ldns_pkt_ancount(pkt); i++) { ldns_buffer_printf(output, " "); status = ldns_rr2buffer_str_fmt(output, fmt, ldns_rr_list_rr( ldns_pkt_answer(pkt), i)); if (status != LDNS_STATUS_OK) { return status; } } ldns_buffer_printf(output, "\n"); ldns_buffer_printf(output, " ;; AUTHORITY SECTION:\n"); for (i = 0; i < ldns_pkt_nscount(pkt); i++) { ldns_buffer_printf(output, " "); status = ldns_rr2buffer_str_fmt(output, fmt, ldns_rr_list_rr( ldns_pkt_authority(pkt), i)); if (status != LDNS_STATUS_OK) { return status; } } ldns_buffer_printf(output, "\n"); ldns_buffer_printf(output, " ;; ADDITIONAL SECTION:\n"); for (i = 0; i < ldns_pkt_arcount(pkt); i++) { ldns_buffer_printf(output, " "); status = ldns_rr2buffer_str_fmt(output, fmt, ldns_rr_list_rr( ldns_pkt_additional(pkt), i)); if (status != LDNS_STATUS_OK) { return status; } } ldns_buffer_printf(output, "\n"); /* add some futher fields */ if (ldns_pkt_edns(pkt)) { ldns_buffer_printf(output, " "); ldns_buffer_printf(output, ";; EDNS: version %u; flags:", ldns_pkt_edns_version(pkt)); if (ldns_pkt_edns_do(pkt)) { ldns_buffer_printf(output, " do"); } /* the extended rcode is the value set, shifted four bits, * and or'd with the original rcode */ if (ldns_pkt_edns_extended_rcode(pkt)) { ldns_buffer_printf(output, " ; ext-rcode: %d", (ldns_pkt_edns_extended_rcode(pkt) << 4 | ldns_pkt_get_rcode(pkt))); } ldns_buffer_printf(output, " ; udp: %u\n", ldns_pkt_edns_udp_size(pkt)); if (ldns_pkt_edns_data(pkt)) { ldns_buffer_printf(output, " "); ldns_buffer_printf(output, ";; Data: "); (void)ldns_rdf2buffer_str(output, ldns_pkt_edns_data(pkt)); ldns_buffer_printf(output, "\n"); } } if (ldns_pkt_tsig(pkt)) { ldns_buffer_printf(output, " "); ldns_buffer_printf(output, ";; TSIG:\n;; "); (void) ldns_rr2buffer_str_fmt( output, fmt, ldns_pkt_tsig(pkt)); ldns_buffer_printf(output, "\n"); } } else { return ldns_buffer_status(output); } return status; } dnstap-ldns-0.2.0/m4/000077500000000000000000000000001270475013200142615ustar00rootroot00000000000000dnstap-ldns-0.2.0/m4/.gitignore000066400000000000000000000000771270475013200162550ustar00rootroot00000000000000libtool.m4 ltoptions.m4 ltsugar.m4 ltversion.m4 lt~obsolete.m4