mod-dnstap: Restore the original query QNAME case

Previously, mod-dnstap would log query messages with downcased QNAMEs,
because knotd had already downcased the QNAME in the query packet buffer
passed to the dnstap module. This is not necessarily the same as the
original DNS wire query message if any uppercase letters were used in
the QNAME.

The knotd_qdata_t object already stores the original QNAME before
downcasing in the 'extra' field, which is inaccessible to query modules.
This commit introduces a new 'knotd_qdata_orig_qname()' function that
query modules can call to access the original QNAME.

This commit updates the mod-dnstap message logging code to patch the
buffer used for the wire message behind the 'query_message' field in the
dnstap protobuf message by copying the original QNAME back into the
query packet buffer, and then re-downcasing the QNAME in the query
packet buffer after the dnstap protobuf message has been serialized.
(This avoids the overhead of allocating space for a copy of the query
packet, making a copy of the packet, and performing the QNAME
restoration on the copy.)

fixes #773

src/knot/include/module.h

@@ -465,6 +465,15 @@ const knot_dname_t *knotd_qdata_zone_name(knotd_qdata_t *qdata);
  */
 knot_rrset_t knotd_qdata_zone_apex_rrset(knotd_qdata_t *qdata, uint16_t type);
 
+/*!
+ * Gets the original QNAME of the query, before downcasing.
+ *
+ * \param[in] qdata  Query data.
+ *
+ * \return Original QNAME or NULL if error.
+ */
+const knot_dname_t *knotd_qdata_orig_qname(knotd_qdata_t *qdata);
+
 /*! General query processing states. */
 typedef enum {
 	KNOTD_STATE_NOOP  = 0, /*!< No response. */

src/knot/modules/dnstap/dnstap.c

@@ -61,6 +61,30 @@ typedef struct {
 	bool with_queries;
 } dnstap_ctx_t;
 
+static void msg_query_qname_restore(Dnstap__Message *msg, knotd_qdata_t *qdata)
+{
+	if (msg->query_message.data == NULL) {
+		return;
+	}
+
+	const knot_dname_t *orig_qname = knotd_qdata_orig_qname(qdata);
+	if (orig_qname == NULL) {
+		return;
+	}
+
+	memcpy(msg->query_message.data + KNOT_WIRE_HEADER_SIZE,
+	       orig_qname, qdata->query->qname_size);
+}
+
+static void msg_query_qname_case_lower(Dnstap__Message *msg)
+{
+	if (msg->query_message.data == NULL) {
+		return;
+	}
+
+	knot_dname_to_lower(msg->query_message.data + KNOT_WIRE_HEADER_SIZE);
+}
+
 static knotd_state_t log_message(knotd_state_t state, const knot_pkt_t *pkt,
                                  knotd_qdata_t *qdata, knotd_mod_t *mod)
 {
@@ -132,7 +156,9 @@ static knotd_state_t log_message(knotd_state_t state, const knot_pkt_t *pkt,
 	/* Pack the message. */
 	uint8_t *frame = NULL;
 	size_t size = 0;
+	msg_query_qname_restore(&msg, qdata);
 	dt_pack(&dnstap, &frame, &size);
+	msg_query_qname_case_lower(&msg);
 	if (frame == NULL) {
 		return state;
 	}

src/knot/nameserver/query_module.c

@@ -681,6 +681,16 @@ knot_rrset_t knotd_qdata_zone_apex_rrset(knotd_qdata_t *qdata, uint16_t type)
 	return node_rrset(qdata->extra->contents->apex, type);
 }
 
+_public_
+const knot_dname_t *knotd_qdata_orig_qname(knotd_qdata_t *qdata)
+{
+	if (qdata == NULL) {
+		return NULL;
+	}
+
+	return qdata->extra->orig_qname;
+}
+
 _public_
 int knotd_mod_dnssec_init(knotd_mod_t *mod)
 {