mod-dnstap: Add 'responses-with-queries' option

This commit adds a 'responses-with-queries' option to the dnstap module. When enabled, it also adds the original query message to AUTH_RESPONSE type dnstap message payloads in addition to the response message. The dnstap protobuf definition has separate 'query_message' and 'response_message' fields for dnstap message objects, and for AUTH_RESPONSE messages the 'query_message' field can optionally be filled in. closes #764

mod-dnstap: Add 'responses-with-queries' option
71e9c899 · Robert Edmonds · Daniel Salzman · 167e65cf · 71e9c899 · 71e9c899
Commit 71e9c899 authored 3 years ago by Robert Edmonds Committed by Daniel Salzman 3 years ago
--- a/src/knot/modules/dnstap/dnstap.c
+++ b/src/knot/modules/dnstap/dnstap.c
@@ -29,6 +29,7 @@
 #define MOD_VERSION	"\x07""version"
 #define MOD_QUERIES	"\x0B""log-queries"
 #define MOD_RESPONSES	"\x0D""log-responses"
+#define MOD_RESPONSES_WITH_QUERIES	"\x16""responses-with-queries"

 const yp_item_t dnstap_conf[] = {
 	{ MOD_SINK,      YP_TSTR,  YP_VNONE },
@@ -36,6 +37,7 @@ const yp_item_t dnstap_conf[] = {
 	{ MOD_VERSION,   YP_TSTR,  YP_VNONE },
 	{ MOD_QUERIES,   YP_TBOOL, YP_VBOOL = { true } },
 	{ MOD_RESPONSES, YP_TBOOL, YP_VBOOL = { true } },
+	{ MOD_RESPONSES_WITH_QUERIES, YP_TBOOL, YP_VBOOL = { false } },
 	{ NULL }
 };

@@ -56,6 +58,7 @@ typedef struct {
 	size_t identity_len;
 	char *version;
 	size_t version_len;
+	bool responses_with_queries;
 } dnstap_ctx_t;

 static knotd_state_t log_message(knotd_state_t state, const knot_pkt_t *pkt,
@@ -116,6 +119,16 @@ static knotd_state_t log_message(knotd_state_t state, const knot_pkt_t *pkt,
 		dnstap.has_version = 1;
 	}

+	/* Also add query message if 'responses-with-queries' is enabled and this is a response. */
+	if (ctx->responses_with_queries &&
+	    msgtype == DNSTAP__MESSAGE__TYPE__AUTH_RESPONSE &&
+	    qdata->query != NULL)
+	{
+		msg.query_message.len = qdata->query->size;
+		msg.query_message.data = qdata->query->wire;
+		msg.has_query_message = 1;
+	}
+
 	/* Pack the message. */
 	uint8_t *frame = NULL;
 	size_t size = 0;
@@ -249,6 +262,10 @@ int dnstap_load(knotd_mod_t *mod)
 	}
 	ctx->version_len = (ctx->version != NULL) ? strlen(ctx->version) : 0;

+	/* Set responses-with-queries. */
+	conf = knotd_conf_mod(mod, MOD_RESPONSES_WITH_QUERIES);
+	ctx->responses_with_queries = conf.single.boolean;
+
 	/* Set sink. */
 	conf = knotd_conf_mod(mod, MOD_SINK);
 	const char *sink = conf.single.string;

--- a/src/knot/modules/dnstap/dnstap.rst
+++ b/src/knot/modules/dnstap/dnstap.rst
@@ -29,7 +29,7 @@ which can be either a file or a UNIX socket::
 .. NOTE::
   Dnstap log files can also be created or read using :doc:`kdig<man_kdig>`.

-.. _dnstap: http://dnstap.info/
+.. _dnstap: https://dnstap.info/

 Module reference
 ----------------
@@ -46,6 +46,7 @@ zone-specific logging, use this module in the proper zone configuration.
     version: STR
     log-queries: BOOL
     log-responses: BOOL
+     responses-with-queries: BOOL

 .. _mod-dnstap_id:

@@ -102,3 +103,11 @@ log-responses
 If enabled, response messages will be logged.

 *Default:* on
+
+responses-with-queries
+......................
+
+If enabled, dnstap ``AUTH_RESPONSE`` messages will also include the original
+query message as well as the response message sent by the server.
+
+*Default:* off