From: Otto Moerbeek <otto.moerbeek@open-xchange.com>
Date: Wed, 5 Jun 2019 08:51:35 +0000 (+0200)
Subject: Set the query-zone field in the dnstap messages. This requires passing the auth zone
X-Git-Tag: dnsdist-1.4.0-rc1~127^2
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=refs%2Fpull%2F7877%2Fhead;p=thirdparty%2Fpdns.git

Set the query-zone field in the dnstap messages. This requires passing the auth zone
to asyncresolve(). I chose to do this via the context so that we do not have to add
an extra parameter to a function already having too many of them.
---

diff --git a/pdns/lwres.cc b/pdns/lwres.cc
index 3d3aee1e05..73b8015a37 100644
--- a/pdns/lwres.cc
+++ b/pdns/lwres.cc
@@ -70,14 +70,15 @@ static bool isEnabledForQueries(const std::shared_ptr<std::vector<std::unique_pt
   return false;
 }
 
-static void logFstreamQuery(const std::shared_ptr<std::vector<std::unique_ptr<FrameStreamLogger>>>& fstreamLoggers, const struct timeval &queryTime, const ComboAddress& ip, bool doTCP, const vector<uint8_t>& packet)
+static void logFstreamQuery(const std::shared_ptr<std::vector<std::unique_ptr<FrameStreamLogger>>>& fstreamLoggers, const struct timeval &queryTime, const ComboAddress& ip, bool doTCP,
+  boost::optional<const DNSName&> auth, const vector<uint8_t>& packet)
 {
   if (fstreamLoggers == nullptr)
     return;
 
   struct timespec ts;
   TIMEVAL_TO_TIMESPEC(&queryTime, &ts);
-  RecDnstapMessage message(SyncRes::s_serverID, nullptr, &ip, doTCP, reinterpret_cast<const char*>(&*packet.begin()), packet.size(), &ts, nullptr);
+  RecDnstapMessage message(SyncRes::s_serverID, nullptr, &ip, doTCP, auth, reinterpret_cast<const char*>(&*packet.begin()), packet.size(), &ts, nullptr);
   std::string str;
   message.serialize(str);
 
@@ -99,7 +100,8 @@ static bool isEnabledForResponses(const std::shared_ptr<std::vector<std::unique_
   return false;
 }
 
-static void logFstreamResponse(const std::shared_ptr<std::vector<std::unique_ptr<FrameStreamLogger>>>& fstreamLoggers, const ComboAddress& ip, bool doTCP, const std::string& packet, const struct timeval& queryTime, const struct timeval& replyTime)
+static void logFstreamResponse(const std::shared_ptr<std::vector<std::unique_ptr<FrameStreamLogger>>>& fstreamLoggers, const ComboAddress& ip, bool doTCP,
+  boost::optional<const DNSName&> auth, const std::string& packet, const struct timeval& queryTime, const struct timeval& replyTime)
 {
   if (fstreamLoggers == nullptr)
     return;
@@ -107,7 +109,7 @@ static void logFstreamResponse(const std::shared_ptr<std::vector<std::unique_ptr
   struct timespec ts1, ts2;
   TIMEVAL_TO_TIMESPEC(&queryTime, &ts1);
   TIMEVAL_TO_TIMESPEC(&replyTime, &ts2);
-  RecDnstapMessage message(SyncRes::s_serverID, nullptr, &ip, doTCP, static_cast<const char*>(&*packet.begin()), packet.size(), &ts1, &ts2);
+  RecDnstapMessage message(SyncRes::s_serverID, nullptr, &ip, doTCP, auth, static_cast<const char*>(&*packet.begin()), packet.size(), &ts1, &ts2);
   std::string str;
   message.serialize(str);
 
@@ -234,7 +236,7 @@ int asyncresolve(const ComboAddress& ip, const DNSName& domain, int type, bool d
 #endif /* HAVE_PROTOBUF */
 #ifdef HAVE_FSTRM
   if (isEnabledForQueries(fstrmLoggers)) {
-    logFstreamQuery(fstrmLoggers, queryTime, ip, doTCP, vpacket);
+    logFstreamQuery(fstrmLoggers, queryTime, ip, doTCP, context ? context->d_auth : boost::none, vpacket);
   }
 #endif /* HAVE_FSTRM */
 
@@ -312,7 +314,7 @@ int asyncresolve(const ComboAddress& ip, const DNSName& domain, int type, bool d
 
 #ifdef HAVE_FSTRM
   if (isEnabledForResponses(fstrmLoggers)) {
-    logFstreamResponse(fstrmLoggers, ip, doTCP, buf, queryTime, *now);
+    logFstreamResponse(fstrmLoggers, ip, doTCP, context ? context->d_auth : boost::none, buf, queryTime, *now);
   }
 #endif /* HAVE_FSTRM */
 
diff --git a/pdns/rec-dnstap.hh b/pdns/rec-dnstap.hh
index 217bcc9cf8..1be6e0a840 100644
--- a/pdns/rec-dnstap.hh
+++ b/pdns/rec-dnstap.hh
@@ -28,10 +28,13 @@
 class RecDnstapMessage : public DnstapMessage
 {
 public:
-  RecDnstapMessage(const std::string& identity, const ComboAddress* requestor, const ComboAddress* responder, bool isTCP, const char* packet, const size_t len, const struct timespec* queryTime, const struct timespec* responseTime)
+  RecDnstapMessage(const std::string& identity, const ComboAddress* requestor, const ComboAddress* responder, bool isTCP, boost::optional<const DNSName&> auth, const char* packet, const size_t len, const struct timespec* queryTime, const struct timespec* responseTime)
       : DnstapMessage(identity, requestor, responder, isTCP, packet, len, queryTime, responseTime) {
     const struct dnsheader* dh = reinterpret_cast<const struct dnsheader*>(packet);
     dnstap::Message* message = proto_message.mutable_message();
     message->set_type(!dh->qr ? dnstap::Message_Type_RESOLVER_QUERY : dnstap::Message_Type_RESOLVER_RESPONSE);
+    if (auth) {
+      message->set_query_zone(auth->toDNSString());
+    }
   }
 };
diff --git a/pdns/resolve-context.hh b/pdns/resolve-context.hh
index c22abcdde8..a496596540 100644
--- a/pdns/resolve-context.hh
+++ b/pdns/resolve-context.hh
@@ -14,9 +14,15 @@ struct ResolveContext {
   {
 #ifdef HAVE_PROTOBUF
     this->d_initialRequestId = ctx.d_initialRequestId;
+#endif
+#ifdef HAVE_FSTRM
+    this->d_auth = ctx.d_auth;
 #endif
   }
 #ifdef HAVE_PROTOBUF
   boost::optional<const boost::uuids::uuid&> d_initialRequestId;
 #endif
+#ifdef HAVE_FSTRM
+  boost::optional<const DNSName&> d_auth;
+#endif
 };
diff --git a/pdns/syncres.cc b/pdns/syncres.cc
index dcdcc1ce0b..029281ea7c 100644
--- a/pdns/syncres.cc
+++ b/pdns/syncres.cc
@@ -444,7 +444,7 @@ uint64_t SyncRes::doDumpThrottleMap(int fd)
    For now this means we can't be clever, but will turn off DNSSEC if you reply with FormError or gibberish.
 */
 
-int SyncRes::asyncresolveWrapper(const ComboAddress& ip, bool ednsMANDATORY, const DNSName& domain, int type, bool doTCP, bool sendRDQuery, struct timeval* now, boost::optional<Netmask>& srcmask, LWResult* res, bool* chained) const
+int SyncRes::asyncresolveWrapper(const ComboAddress& ip, bool ednsMANDATORY, const DNSName& domain, const DNSName& auth, int type, bool doTCP, bool sendRDQuery, struct timeval* now, boost::optional<Netmask>& srcmask, LWResult* res, bool* chained) const
 {
   /* what is your QUEST?
      the goal is to get as many remotes as possible on the highest level of EDNS support
@@ -482,6 +482,9 @@ int SyncRes::asyncresolveWrapper(const ComboAddress& ip, bool ednsMANDATORY, con
 #ifdef HAVE_PROTOBUF
   ctx.d_initialRequestId = d_initialRequestId;
 #endif
+#ifdef HAVE_FSTRM
+  ctx.d_auth = auth;
+#endif
 
   int ret;
   for(int tries = 0; tries < 3; ++tries) {
@@ -583,7 +586,7 @@ int SyncRes::doResolve(const DNSName &qname, const QType &qtype, vector<DNSRecor
 
           boost::optional<Netmask> nm;
           bool chained = false;
-          res=asyncresolveWrapper(remoteIP, d_doDNSSEC, qname, qtype.getCode(), false, false, &d_now, nm, &lwr, &chained);
+          res=asyncresolveWrapper(remoteIP, d_doDNSSEC, qname, authname, qtype.getCode(), false, false, &d_now, nm, &lwr, &chained);
 
           d_totUsec += lwr.d_usec;
           accountAuthLatency(lwr.d_usec, remoteIP.sin4.sin_family);
@@ -2864,7 +2867,7 @@ bool SyncRes::doResolveAtThisIP(const std::string& prefix, const DNSName& qname,
       LOG(prefix<<qname<<": Adding EDNS Client Subnet Mask "<<ednsmask->toString()<<" to query"<<endl);
       s_ecsqueries++;
     }
-    resolveret = asyncresolveWrapper(remoteIP, d_doDNSSEC, qname,  qtype.getCode(),
+    resolveret = asyncresolveWrapper(remoteIP, d_doDNSSEC, qname, auth, qtype.getCode(),
                                      doTCP, sendRDQuery, &d_now, ednsmask, &lwr, &chained);    // <- we go out on the wire!
     if(ednsmask) {
       s_ecsresponses++;
diff --git a/pdns/syncres.hh b/pdns/syncres.hh
index 58390eca6b..248e1bc083 100644
--- a/pdns/syncres.hh
+++ b/pdns/syncres.hh
@@ -809,7 +809,7 @@ private:
 
   bool doSpecialNamesResolve(const DNSName &qname, const QType &qtype, const uint16_t qclass, vector<DNSRecord> &ret);
 
-  int asyncresolveWrapper(const ComboAddress& ip, bool ednsMANDATORY, const DNSName& domain, int type, bool doTCP, bool sendRDQuery, struct timeval* now, boost::optional<Netmask>& srcmask, LWResult* res, bool* chained) const;
+  int asyncresolveWrapper(const ComboAddress& ip, bool ednsMANDATORY, const DNSName& domain, const DNSName& auth, int type, bool doTCP, bool sendRDQuery, struct timeval* now, boost::optional<Netmask>& srcmask, LWResult* res, bool* chained) const;
 
   boost::optional<Netmask> getEDNSSubnetMask(const DNSName&dn, const ComboAddress& rem);