From: W.C.A. Wijngaards Date: Mon, 20 Jan 2020 10:04:06 +0000 (+0100) Subject: git branch to track feature for framestreams. The aim is to make X-Git-Tag: 1.11.0rc1~120^2~115 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=b7e08045b18d065e6fbb5055359f1c8b88f22d01;p=thirdparty%2Funbound.git git branch to track feature for framestreams. The aim is to make reconnecting work, TLS support and not depend on the libfstrm library, but keep compatibility with the Frame Streams protocol spec for existing DNSTAP tools. --- diff --git a/Makefile.in b/Makefile.in index 1a2e2c548..b7961b2b9 100644 --- a/Makefile.in +++ b/Makefile.in @@ -1059,6 +1059,7 @@ respip.lo respip.o: $(srcdir)/respip/respip.c config.h $(srcdir)/services/localz $(srcdir)/services/modstack.h $(srcdir)/util/net_help.h $(srcdir)/util/regional.h $(srcdir)/respip/respip.h checklocks.lo checklocks.o: $(srcdir)/testcode/checklocks.c config.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \ $(srcdir)/testcode/checklocks.h +dtstream.lo dtstream.o: $(srcdir)/dnstap/dtstream.c config.h $(srcdir)/dnstap/dtstream.h dnstap.lo dnstap.o: $(srcdir)/dnstap/dnstap.c config.h $(srcdir)/sldns/sbuffer.h \ $(srcdir)/util/config_file.h $(srcdir)/util/net_help.h $(srcdir)/util/log.h $(srcdir)/util/netevent.h \ $(srcdir)/dnscrypt/dnscrypt.h $(srcdir)/dnscrypt/cert.h \ diff --git a/configure b/configure index eb855554d..12d042492 100755 --- a/configure +++ b/configure @@ -20936,9 +20936,9 @@ cat >>confdefs.h <<_ACEOF _ACEOF - DNSTAP_SRC="dnstap/dnstap.c dnstap/dnstap.pb-c.c" + DNSTAP_SRC="dnstap/dnstap.c dnstap/dnstap.pb-c.c dnstap/dtstream.c" - DNSTAP_OBJ="dnstap.lo dnstap.pb-c.lo" + DNSTAP_OBJ="dnstap.lo dnstap.pb-c.lo dtstream.lo" else diff --git a/configure.ac b/configure.ac index 4ed9bb872..e1cddc35d 100644 --- a/configure.ac +++ b/configure.ac @@ -1637,8 +1637,8 @@ dt_DNSTAP([$UNBOUND_RUN_DIR/dnstap.sock], AC_DEFINE_UNQUOTED(DNSTAP_SOCKET_PATH, ["$hdr_dnstap_socket_path"], [default dnstap socket path]) - AC_SUBST([DNSTAP_SRC], ["dnstap/dnstap.c dnstap/dnstap.pb-c.c"]) - AC_SUBST([DNSTAP_OBJ], ["dnstap.lo dnstap.pb-c.lo"]) + AC_SUBST([DNSTAP_SRC], ["dnstap/dnstap.c dnstap/dnstap.pb-c.c dnstap/dtstream.c"]) + AC_SUBST([DNSTAP_OBJ], ["dnstap.lo dnstap.pb-c.lo dtstream.lo"]) ], [ AC_SUBST([ENABLE_DNSTAP], [0]) diff --git a/dnstap/dtstream.c b/dnstap/dtstream.c new file mode 100644 index 000000000..cad4d1f48 --- /dev/null +++ b/dnstap/dtstream.c @@ -0,0 +1,46 @@ +/* + * dnstap/dtstream.c - Frame Streams implementation for unbound DNSTAP + * + * Copyright (c) 2020, NLnet Labs. All rights reserved. + * + * This software is open source. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, + * this list of conditions and the following disclaimer in the documentation + * and/or other materials provided with the distribution. + * + * Neither the name of the NLNET LABS nor the names of its contributors may + * be used to endorse or promote products derived from this software without + * specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED + * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR + * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF + * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING + * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + +/** + * \file + * + * An implementation of the Frame Streams data transport protocol for + * the Unbound DNSTAP message logging facility. + */ + +#include "config.h" +#include "dnstap/dtstream.h" + diff --git a/dnstap/dtstream.h b/dnstap/dtstream.h new file mode 100644 index 000000000..1b7af2371 --- /dev/null +++ b/dnstap/dtstream.h @@ -0,0 +1,139 @@ +/* + * dnstap/dtstream.h - Frame Streams implementation for unbound DNSTAP + * + * Copyright (c) 2020, NLnet Labs. All rights reserved. + * + * This software is open source. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, + * this list of conditions and the following disclaimer in the documentation + * and/or other materials provided with the distribution. + * + * Neither the name of the NLNET LABS nor the names of its contributors may + * be used to endorse or promote products derived from this software without + * specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED + * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR + * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF + * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING + * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + +/** + * \file + * + * An implementation of the Frame Streams data transport protocol for + * the Unbound DNSTAP message logging facility. + */ + +#ifndef DTSTREAM_H +#define DTSTREAM_H + +#include "util/locks.h" +struct dt_msg_entry; +struct dt_io_list_item; + +/** + * A message buffer with dnstap messages queued up. It is per-worker. + * It has locks to synchronize. If the buffer is full, a new message + * cannot be added and is discarded. A thread reads the messages and sends + * them. + */ +struct dt_msg_queue { + /** lock of the buffer structure. Hold this lock to add or remove + * entries to the buffer. Release it so that other threads can also + * put messages to log, or a message can be taken out to send away + * by the writer thread. + */ + lock_basic_type lock; + /** the maximum size of the buffer, in bytes */ + size_t maxsize; + /** current size of the buffer, in bytes. data bytes of messages. + * If a new message make it more than maxsize, the buffer is full */ + size_t cursize; + /** list of messages. The messages are added to the back and taken + * out from the front. */ + struct dt_msg_entry* first, *last; +}; + +/** + * An entry in the dt_msg_queue. contains one DNSTAP message. + * It is malloced. + */ +struct dt_msg_entry { + /** next in the list. */ + struct dt_msg_entry* next; + /** the buffer with the data to send, an encoded DNSTAP message */ + void* buf; + /** the length to send. */ + size_t len; +}; + +/** + * IO thread that reads from the queues and writes them. + */ +struct dt_io_thread { + /** event base, for event handling */ + void* event_base; + /** list of queues that is registered to get written */ + struct dt_io_list_item* io_list; + /** file descriptor that the thread writes to */ + int fd; + /** event structure that the thread uses */ + void* event; + + /** command pipe that stops the pipe if closed. Used to quit + * the program. [0] is read, [1] is written to. */ + int commandpipe[2]; + /** the event to listen to the commandpipe */ + void* command_event; + + /** If the log server is connected to over unix domain sockets, + * eg. a file is named that is created to log onto. */ + int upstream_is_unix; + /** if the log server is connected to over TCP. The ip address and + * port are used */ + int upstream_is_tcp; + /** if the log server is connected to over TLS. ip address, port, + * and client certificates can be used for authentication. */ + int upstream_is_tls; + + /** the file path for unix socket (or NULL) */ + char* socket_path; + /** the ip address and port number (or NULL) */ + char* ip_str; + /** is the TLS upstream authenticated by name, if nonNULL, + * we use the same cert bundle as used by other TLS streams. */ + char* tls_server_name; + /** are client certificates in use */ + int use_client_certs; + /** client cert files: the .key file */ + char* client_key_file; + /** client cert files: the .pem file */ + char* client_cert_file; +}; + +/* Frame Streams data transfer protocol encode for DNSTAP messages. + * The protocol looks to be specified in the libfstrm library. + */ +/* routine to send START message. */ +/* routine to send a frame. */ +/* routine to send STOP message. */ + + +#endif /* DTSTREAM_H */