- Fix #271: DNSTAP over TCP, with dnstap-ip: "127.0.0.1@3333".

NLnetLabs · Mar 9, 2023 · 3038c07 · 3038c07
1 parent b7fa86f
commit 3038c07
Show file tree

Hide file tree

Showing 12 changed files with 49 additions and 10 deletions.
diff --git a/configlexer.lex b/configlexer.lex
@@ -272,6 +272,7 @@ zonefiles-write{COLON}	{ LEXOUT(("v(%s) ", yytext)); return VAR_ZONEFILES_WRITE;
 dnstap{COLON}		{ LEXOUT(("v(%s) ", yytext)); return VAR_DNSTAP;}
 dnstap-enable{COLON}	{ LEXOUT(("v(%s) ", yytext)); return VAR_DNSTAP_ENABLE;}
 dnstap-socket-path{COLON}	{ LEXOUT(("v(%s) ", yytext)); return VAR_DNSTAP_SOCKET_PATH; }
+dnstap-ip{COLON}	{ LEXOUT(("v(%s) ", yytext)); return VAR_DNSTAP_IP; }
 dnstap-send-identity{COLON}	{ LEXOUT(("v(%s) ", yytext)); return VAR_DNSTAP_SEND_IDENTITY; }
 dnstap-send-version{COLON}	{ LEXOUT(("v(%s) ", yytext)); return VAR_DNSTAP_SEND_VERSION; }
 dnstap-identity{COLON}	{ LEXOUT(("v(%s) ", yytext)); return VAR_DNSTAP_IDENTITY; }

diff --git a/configparser.y b/configparser.y
@@ -136,6 +136,7 @@ struct component {
 %token VAR_DNSTAP
 %token VAR_DNSTAP_ENABLE
 %token VAR_DNSTAP_SOCKET_PATH
+%token VAR_DNSTAP_IP
 %token VAR_DNSTAP_SEND_IDENTITY
 %token VAR_DNSTAP_SEND_VERSION
 %token VAR_DNSTAP_IDENTITY
@@ -615,6 +616,8 @@ dnstap_option:
     { cfg_parser->opt->dnstap_enable = $2; }
   | VAR_DNSTAP_SOCKET_PATH STRING
     { cfg_parser->opt->dnstap_socket_path = region_strdup(cfg_parser->opt->region, $2); }
+  | VAR_DNSTAP_IP STRING
+    { cfg_parser->opt->dnstap_ip = region_strdup(cfg_parser->opt->region, $2); }
   | VAR_DNSTAP_SEND_IDENTITY boolean
     { cfg_parser->opt->dnstap_send_identity = $2; }
   | VAR_DNSTAP_SEND_VERSION boolean

diff --git a/dnstap/dnstap.c b/dnstap/dnstap.c
@@ -133,14 +133,15 @@ check_socket_file(const char* socket_path)
 }
 
 struct dt_env *
-dt_create(const char *socket_path, unsigned num_workers)
+dt_create(const char *socket_path, char* ip, unsigned num_workers)
 {
 #ifndef NDEBUG
 	fstrm_res res;
 #endif
 	struct dt_env *env;
 	struct fstrm_iothr_options *fopt;
-	struct fstrm_unix_writer_options *fuwopt;
+	struct fstrm_unix_writer_options *fuwopt = NULL;
+	struct fstrm_tcp_writer_options *ftwopt = NULL;
 	struct fstrm_writer *fw;
 	struct fstrm_writer_options *fwopt;
 
@@ -164,10 +165,25 @@ dt_create(const char *socket_path, unsigned num_workers)
 		DNSTAP_CONTENT_TYPE, sizeof(DNSTAP_CONTENT_TYPE) - 1);
 	assert(res == fstrm_res_success);
 
-	fuwopt = fstrm_unix_writer_options_init();
-	fstrm_unix_writer_options_set_socket_path(fuwopt, socket_path);
-
-	fw = fstrm_unix_writer_init(fuwopt, fwopt);
+	if(ip == NULL || ip[0] == 0) {
+		fuwopt = fstrm_unix_writer_options_init();
+		fstrm_unix_writer_options_set_socket_path(fuwopt, socket_path);
+	} else {
+		char* at = strchr(ip, '@');
+		ftwopt = fstrm_tcp_writer_options_init();
+		if(at == NULL) {
+			fstrm_tcp_writer_options_set_socket_address(ftwopt, ip);
+			fstrm_tcp_writer_options_set_socket_port(ftwopt, "3333");
+		} else {
+			*at = 0;
+			fstrm_tcp_writer_options_set_socket_address(ftwopt, ip);
+			fstrm_tcp_writer_options_set_socket_port(ftwopt, at+1);
+			*at = '@';
+		}
+	}
+	if(ip == NULL || ip[0] == 0)
+		fw = fstrm_unix_writer_init(fuwopt, fwopt);
+	else	fw = fstrm_tcp_writer_init(ftwopt, fwopt);
 	assert(fw != NULL);
 
 	fopt = fstrm_iothr_options_init();
@@ -180,7 +196,10 @@ dt_create(const char *socket_path, unsigned num_workers)
 		env = NULL;
 	}
 	fstrm_iothr_options_destroy(&fopt);
-	fstrm_unix_writer_options_destroy(&fuwopt);
+
+	if(ip == NULL || ip[0] == 0)
+		fstrm_unix_writer_options_destroy(&fuwopt);
+	else	fstrm_tcp_writer_options_destroy(&ftwopt);
 	fstrm_writer_options_destroy(&fwopt);
 
 	return env;

diff --git a/dnstap/dnstap.h b/dnstap/dnstap.h
@@ -75,12 +75,13 @@ struct dt_env {
  * of the structure) to ensure lock-free access to its own per-worker circular
  * queue.  Duplicate the environment object if more than one worker needs to
  * share access to the dnstap I/O socket.
- * @param socket_path: path to dnstap logging socket, must be non-NULL.
+ * @param socket_path: path to dnstap logging socket, must be non-NULL if used.
+ * @param ip: if NULL or "" use socket path, otherwise IP or IP@port.
  * @param num_workers: number of worker threads, must be > 0.
  * @return dt_env object, NULL on failure.
  */
 struct dt_env *
-dt_create(const char *socket_path, unsigned num_workers);
+dt_create(const char *socket_path, char* ip, unsigned num_workers);
 
 /**
  * Apply config settings.

diff --git a/dnstap/dnstap_collector.c b/dnstap/dnstap_collector.c
@@ -279,7 +279,7 @@ static void dt_init_dnstap(struct dt_collector* dt_col, struct nsd* nsd)
 			nsd->options->dnstap_socket_path += l;
 	}
 #endif
-	dt_col->dt_env = dt_create(nsd->options->dnstap_socket_path, num_workers);
+	dt_col->dt_env = dt_create(nsd->options->dnstap_socket_path, nsd->options->dnstap_ip, num_workers);
 	if(!dt_col->dt_env) {
 		log_msg(LOG_ERR, "could not create dnstap env");
 		return;

diff --git a/doc/ChangeLog b/doc/ChangeLog
@@ -1,3 +1,6 @@
+9 March 2023: Wouter
+	- Fix #271: DNSTAP over TCP, with dnstap-ip: "127.0.0.1@3333".
+
 23 February 2022: Wouter
 	- Fix #270: reserved identifier violation.
 

diff --git a/doc/RELNOTES b/doc/RELNOTES
@@ -6,6 +6,7 @@ FEATURES:
 	- Merge #263: Add bash autocompletion script for nsd-control.
 	- Fix #267: Allow unencrypted local operation of nsd-control.
 	- Merge #269 from Fale: Add systemd service unit.
+	- Fix #271: DNSTAP over TCP, with dnstap-ip: "127.0.0.1@3333".
 BUG FIXES:
 	- Fix #239: -Wincompatible-pointer-types warning in remote.c.
 	- Fix configure for -Wstrict-prototypes.

diff --git a/nsd-checkconf.c b/nsd-checkconf.c
@@ -468,6 +468,7 @@ config_print_zone(nsd_options_type* opt, const char* k, int s, const char *o,
 #ifdef USE_DNSTAP
 		SERV_GET_BIN(dnstap_enable, o);
 		SERV_GET_STR(dnstap_socket_path, o);
+		SERV_GET_STR(dnstap_ip, o);
 		SERV_GET_BIN(dnstap_send_identity, o);
 		SERV_GET_BIN(dnstap_send_version, o);
 		SERV_GET_STR(dnstap_identity, o);
@@ -699,6 +700,7 @@ config_test_print_server(nsd_options_type* opt)
 	printf("\ndnstap:\n");
 	printf("\tdnstap-enable: %s\n", opt->dnstap_enable?"yes":"no");
 	print_string_var("dnstap-socket-path:", opt->dnstap_socket_path);
+	print_string_var("dnstap-ip:", opt->dnstap_ip);
 	printf("\tdnstap-send-identity: %s\n", opt->dnstap_send_identity?"yes":"no");
 	printf("\tdnstap-send-version: %s\n", opt->dnstap_send_version?"yes":"no");
 	print_string_var("dnstap-identity:", opt->dnstap_identity);

diff --git a/nsd.conf.5.in b/nsd.conf.5.in
@@ -1071,6 +1071,10 @@ for those messages to the server.
 Sets the unix socket file name for connecting to the server that is
 listening on that socket.  Default is "@dnstap_socket_path@".
 .TP
+.B dnstap-ip:\fR <"" or addr[@port]>
+If disabled with "", the socket path is used. With a value, like address or
+address@port, like "127.0.0.1@3333" TCP is used. Default is "".
+.TP
 .B dnstap-send-identity:\fR <yes or no>
 If enabled, the server identity is included in the log messages.
 Default is no.

diff --git a/nsd.conf.sample.in b/nsd.conf.sample.in
@@ -301,6 +301,8 @@ verify:
 	# set this to yes and set one or more of dnstap-log-..-messages to yes.
 	# dnstap-enable: no
 	# dnstap-socket-path: "@dnstap_socket_path@"
+	# for dnstap-ip, "" is disabled, use TCP with like 127.0.0.1@3333
+	# dnstap-ip: ""
 	# dnstap-send-identity: no
 	# dnstap-send-version: no
 	# dnstap-identity: ""

diff --git a/options.c b/options.c
@@ -117,6 +117,7 @@ nsd_options_create(region_type* region)
 #ifdef USE_DNSTAP
 	opt->dnstap_enable = 0;
 	opt->dnstap_socket_path = DNSTAP_SOCKET_PATH;
+	opt->dnstap_ip = "";
 	opt->dnstap_send_identity = 0;
 	opt->dnstap_send_version = 0;
 	opt->dnstap_identity = NULL;

diff --git a/options.h b/options.h
@@ -164,6 +164,8 @@ struct nsd_options {
 	int dnstap_enable;
 	/** dnstap socket path */
 	char* dnstap_socket_path;
+	/** dnstap IP, if "", it uses socket path. */
+	char* dnstap_ip;
 	/** true to send "identity" via dnstap */
 	int dnstap_send_identity;
 	/** true to send "version" via dnstap */