datamodel: logging: dnstap config added

diff --git a/manager/knot_resolver_manager/datamodel/logging_config.py b/manager/knot_resolver_manager/datamodel/logging_config.py
index 373726a2445e7fc22210de382d1ca6cc8e1dd0e9..b43ee152e008857d723b92c7839e8acd32df4cc2 100644 (file)
--- a/manager/knot_resolver_manager/datamodel/logging_config.py
+++ b/manager/knot_resolver_manager/datamodel/logging_config.py
@@ -1,8 +1,8 @@
-from typing import List, Optional
+from typing import List, Optional, Union
 
 from typing_extensions import Literal, TypeAlias
 
-from knot_resolver_manager.datamodel.types import TimeUnit
+from knot_resolver_manager.datamodel.types import CheckedPath, TimeUnit
 from knot_resolver_manager.utils import SchemaNode
 
 LogLevelEnum = Literal["crit", "err", "warning", "notice", "info", "debug"]
@@ -57,6 +57,23 @@ LogGroupsEnum: TypeAlias = Literal[
 ]
 
 
+class DnstapSchema(SchemaNode):
+    """
+    Logging DNS queries and responses to a unix socket
+
+    ---
+    unix_socket: The unix socket file where dnstap messages will be sent.
+    log_queries: If true queries from downstream in wire format will be logged.
+    log_responses: If true responses to downstream in wire format will be logged.
+    log_tcp_rtt: If true TCP RTT (Round-trip time) will be logged.
+    """
+
+    unix_socket: CheckedPath
+    log_queries: bool = True
+    log_responses: bool = True
+    log_tcp_rtt: bool = True
+
+
 class DebuggingSchema(SchemaNode):
     assertion_abort: bool = False
     assertion_fork: TimeUnit = TimeUnit("5m")
@@ -71,9 +88,11 @@ class LoggingSchema(SchemaNode):
     target: Logging stream target for all processes.
     groups: List of groups for which 'debug' logging level is set.
     debugging: Advanced debugging parameters for Knot Resolver daemon (kresd).
+    dnstap: Logging DNS requests and responses to a unix socket.
     """
 
     level: LogLevelEnum = "notice"
     target: Optional[LogTargetEnum] = None
     groups: Optional[List[LogGroupsEnum]] = None
+    dnstap: Union[Literal[False], DnstapSchema] = False
     debugging: DebuggingSchema = DebuggingSchema()

diff --git a/manager/knot_resolver_manager/datamodel/templates/logging.lua.j2 b/manager/knot_resolver_manager/datamodel/templates/logging.lua.j2
index 62b56f1973fb9c62a32779073d416637acebcd3a..0fb2fb123c12f56928347e1047d443c75d08c992 100644 (file)
--- a/manager/knot_resolver_manager/datamodel/templates/logging.lua.j2
+++ b/manager/knot_resolver_manager/datamodel/templates/logging.lua.j2
@@ -17,9 +17,21 @@ log_groups({
 })
 {% endif %}
 
+{% if cfg.logging.dnstap -%}
+-- logging.dnstap
+modules.load('dnstap')
+dnstap.config({
+    socket_path = '{{ cfg.logging.dnstap.unix_socket }}',
+    client = {
+        log_queries = {{ 'true' if cfg.logging.dnstap.log_queries else 'false' }},
+        log_responses = {{ 'true' if cfg.logging.dnstap.log_responses else 'false' }},
+        log_tcp_rtt = {{ 'true' if cfg.logging.dnstap.log_tcp_rtt else 'false' }}
+    }
+})
+{%- endif %}
+
 -- logging.debugging.assertion-abort
 debugging.assertion_abort = {{ 'true' if cfg.logging.debugging.assertion_abort else 'false' }}
 
 -- logging.debugging.assertion-fork
 debugging.assertion_fork = {{ cfg.logging.debugging.assertion_fork.millis() }}
-