[master] dnstap

4235. [func] Added support in named for "dnstap", a fast method of capturing and logging DNS traffic, and a new command "dnstap-read" to read a dnstap log file. Use "configure --enable-dnstap" to enable this feature (note that this requires libprotobuf-c and libfstrm). See the ARM for configuration details. Thanks to Robert Edmonds of Farsight Security. [RT #40211]
2015-10-02 12:32:42 -07:00
parent a239044323
commit b66b333f59
65 changed files with 5741 additions and 43 deletions
--- a/lib/dns/tests/testdata/dnstap/dnstap.saved
+++ b/lib/dns/tests/testdata/dnstap/dnstap.saved
--- a/lib/dns/tests/testdata/dnstap/dnstap.text
+++ b/lib/dns/tests/testdata/dnstap/dnstap.text
@@ -0,0 +1,96 @@
+18-Sep-2015 12:06:38.000 SQ 10.53.0.1 UDP 40b www.isc.org/IN/A
+18-Sep-2015 13:06:38.112 SQ 10.53.0.1 UDP 40b www.isc.org/IN/A
+18-Sep-2015 12:06:38.000 SQ 10.53.0.1 UDP 40b www.isc.org/IN/A
+18-Sep-2015 13:06:38.112 SQ 10.53.0.1 UDP 40b www.isc.org/IN/A
+18-Sep-2015 12:06:38.000 SQ 10.53.0.1 TCP 40b www.isc.org/IN/A
+18-Sep-2015 13:06:38.112 SQ 10.53.0.1 TCP 40b www.isc.org/IN/A
+18-Sep-2015 12:06:38.000 SQ 10.53.0.1 TCP 40b www.isc.org/IN/A
+18-Sep-2015 13:06:38.112 SQ 10.53.0.1 TCP 40b www.isc.org/IN/A
+18-Sep-2015 14:06:38.000 SR 10.53.0.1 UDP 287b www.isc.org/IN/A
+18-Sep-2015 14:06:38.000 SR 10.53.0.1 UDP 287b www.isc.org/IN/A
+18-Sep-2015 13:06:38.112 SR 10.53.0.1 UDP 287b www.isc.org/IN/A
+18-Sep-2015 13:06:38.112 SR 10.53.0.1 UDP 287b www.isc.org/IN/A
+18-Sep-2015 14:06:38.000 SR 10.53.0.1 TCP 287b www.isc.org/IN/A
+18-Sep-2015 14:06:38.000 SR 10.53.0.1 TCP 287b www.isc.org/IN/A
+18-Sep-2015 13:06:38.112 SR 10.53.0.1 TCP 287b www.isc.org/IN/A
+18-Sep-2015 13:06:38.112 SR 10.53.0.1 TCP 287b www.isc.org/IN/A
+18-Sep-2015 12:06:38.000 CQ 10.53.0.1 UDP 40b www.isc.org/IN/A
+18-Sep-2015 13:06:38.112 CQ 10.53.0.1 UDP 40b www.isc.org/IN/A
+18-Sep-2015 12:06:38.000 CQ 10.53.0.1 UDP 40b www.isc.org/IN/A
+18-Sep-2015 13:06:38.112 CQ 10.53.0.1 UDP 40b www.isc.org/IN/A
+18-Sep-2015 12:06:38.000 CQ 10.53.0.1 TCP 40b www.isc.org/IN/A
+18-Sep-2015 13:06:38.112 CQ 10.53.0.1 TCP 40b www.isc.org/IN/A
+18-Sep-2015 12:06:38.000 CQ 10.53.0.1 TCP 40b www.isc.org/IN/A
+18-Sep-2015 13:06:38.112 CQ 10.53.0.1 TCP 40b www.isc.org/IN/A
+18-Sep-2015 14:06:38.000 CR 10.53.0.1 UDP 287b www.isc.org/IN/A
+18-Sep-2015 14:06:38.000 CR 10.53.0.1 UDP 287b www.isc.org/IN/A
+18-Sep-2015 13:06:38.112 CR 10.53.0.1 UDP 287b www.isc.org/IN/A
+18-Sep-2015 13:06:38.112 CR 10.53.0.1 UDP 287b www.isc.org/IN/A
+18-Sep-2015 14:06:38.000 CR 10.53.0.1 TCP 287b www.isc.org/IN/A
+18-Sep-2015 14:06:38.000 CR 10.53.0.1 TCP 287b www.isc.org/IN/A
+18-Sep-2015 13:06:38.112 CR 10.53.0.1 TCP 287b www.isc.org/IN/A
+18-Sep-2015 13:06:38.112 CR 10.53.0.1 TCP 287b www.isc.org/IN/A
+18-Sep-2015 12:06:38.000 AQ 10.53.0.1 UDP 40b www.isc.org/IN/A
+18-Sep-2015 13:06:38.112 AQ 10.53.0.1 UDP 40b www.isc.org/IN/A
+18-Sep-2015 12:06:38.000 AQ 10.53.0.1 UDP 40b www.isc.org/IN/A
+18-Sep-2015 13:06:38.112 AQ 10.53.0.1 UDP 40b www.isc.org/IN/A
+18-Sep-2015 12:06:38.000 AQ 10.53.0.1 TCP 40b www.isc.org/IN/A
+18-Sep-2015 13:06:38.112 AQ 10.53.0.1 TCP 40b www.isc.org/IN/A
+18-Sep-2015 12:06:38.000 AQ 10.53.0.1 TCP 40b www.isc.org/IN/A
+18-Sep-2015 13:06:38.112 AQ 10.53.0.1 TCP 40b www.isc.org/IN/A
+18-Sep-2015 14:06:38.000 AR 10.53.0.1 UDP 287b www.isc.org/IN/A
+18-Sep-2015 14:06:38.000 AR 10.53.0.1 UDP 287b www.isc.org/IN/A
+18-Sep-2015 13:06:38.112 AR 10.53.0.1 UDP 287b www.isc.org/IN/A
+18-Sep-2015 13:06:38.112 AR 10.53.0.1 UDP 287b www.isc.org/IN/A
+18-Sep-2015 14:06:38.000 AR 10.53.0.1 TCP 287b www.isc.org/IN/A
+18-Sep-2015 14:06:38.000 AR 10.53.0.1 TCP 287b www.isc.org/IN/A
+18-Sep-2015 13:06:38.112 AR 10.53.0.1 TCP 287b www.isc.org/IN/A
+18-Sep-2015 13:06:38.112 AR 10.53.0.1 TCP 287b www.isc.org/IN/A
+18-Sep-2015 12:06:38.000 RQ 10.53.0.1 UDP 40b www.isc.org/IN/A
+18-Sep-2015 13:06:38.112 RQ 10.53.0.1 UDP 40b www.isc.org/IN/A
+18-Sep-2015 12:06:38.000 RQ 10.53.0.1 UDP 40b www.isc.org/IN/A
+18-Sep-2015 13:06:38.112 RQ 10.53.0.1 UDP 40b www.isc.org/IN/A
+18-Sep-2015 12:06:38.000 RQ 10.53.0.1 TCP 40b www.isc.org/IN/A
+18-Sep-2015 13:06:38.112 RQ 10.53.0.1 TCP 40b www.isc.org/IN/A
+18-Sep-2015 12:06:38.000 RQ 10.53.0.1 TCP 40b www.isc.org/IN/A
+18-Sep-2015 13:06:38.112 RQ 10.53.0.1 TCP 40b www.isc.org/IN/A
+18-Sep-2015 14:06:38.000 RR 10.53.0.1 UDP 287b www.isc.org/IN/A
+18-Sep-2015 14:06:38.000 RR 10.53.0.1 UDP 287b www.isc.org/IN/A
+18-Sep-2015 13:06:38.112 RR 10.53.0.1 UDP 287b www.isc.org/IN/A
+18-Sep-2015 13:06:38.112 RR 10.53.0.1 UDP 287b www.isc.org/IN/A
+18-Sep-2015 14:06:38.000 RR 10.53.0.1 TCP 287b www.isc.org/IN/A
+18-Sep-2015 14:06:38.000 RR 10.53.0.1 TCP 287b www.isc.org/IN/A
+18-Sep-2015 13:06:38.112 RR 10.53.0.1 TCP 287b www.isc.org/IN/A
+18-Sep-2015 13:06:38.112 RR 10.53.0.1 TCP 287b www.isc.org/IN/A
+18-Sep-2015 12:06:38.000 FQ 10.53.0.1 UDP 40b www.isc.org/IN/A
+18-Sep-2015 13:06:38.112 FQ 10.53.0.1 UDP 40b www.isc.org/IN/A
+18-Sep-2015 12:06:38.000 FQ 10.53.0.1 UDP 40b www.isc.org/IN/A
+18-Sep-2015 13:06:38.112 FQ 10.53.0.1 UDP 40b www.isc.org/IN/A
+18-Sep-2015 12:06:38.000 FQ 10.53.0.1 TCP 40b www.isc.org/IN/A
+18-Sep-2015 13:06:38.112 FQ 10.53.0.1 TCP 40b www.isc.org/IN/A
+18-Sep-2015 12:06:38.000 FQ 10.53.0.1 TCP 40b www.isc.org/IN/A
+18-Sep-2015 13:06:38.112 FQ 10.53.0.1 TCP 40b www.isc.org/IN/A
+18-Sep-2015 14:06:38.000 FR 10.53.0.1 UDP 287b www.isc.org/IN/A
+18-Sep-2015 14:06:38.000 FR 10.53.0.1 UDP 287b www.isc.org/IN/A
+18-Sep-2015 13:06:38.112 FR 10.53.0.1 UDP 287b www.isc.org/IN/A
+18-Sep-2015 13:06:38.112 FR 10.53.0.1 UDP 287b www.isc.org/IN/A
+18-Sep-2015 14:06:38.000 FR 10.53.0.1 TCP 287b www.isc.org/IN/A
+18-Sep-2015 14:06:38.000 FR 10.53.0.1 TCP 287b www.isc.org/IN/A
+18-Sep-2015 13:06:38.112 FR 10.53.0.1 TCP 287b www.isc.org/IN/A
+18-Sep-2015 13:06:38.112 FR 10.53.0.1 TCP 287b www.isc.org/IN/A
+18-Sep-2015 12:06:38.000 TQ 10.53.0.1 UDP 40b www.isc.org/IN/A
+18-Sep-2015 13:06:38.112 TQ 10.53.0.1 UDP 40b www.isc.org/IN/A
+18-Sep-2015 12:06:38.000 TQ 10.53.0.1 UDP 40b www.isc.org/IN/A
+18-Sep-2015 13:06:38.112 TQ 10.53.0.1 UDP 40b www.isc.org/IN/A
+18-Sep-2015 12:06:38.000 TQ 10.53.0.1 TCP 40b www.isc.org/IN/A
+18-Sep-2015 13:06:38.112 TQ 10.53.0.1 TCP 40b www.isc.org/IN/A
+18-Sep-2015 12:06:38.000 TQ 10.53.0.1 TCP 40b www.isc.org/IN/A
+18-Sep-2015 13:06:38.112 TQ 10.53.0.1 TCP 40b www.isc.org/IN/A
+18-Sep-2015 14:06:38.000 TR 10.53.0.1 UDP 287b www.isc.org/IN/A
+18-Sep-2015 14:06:38.000 TR 10.53.0.1 UDP 287b www.isc.org/IN/A
+18-Sep-2015 13:06:38.112 TR 10.53.0.1 UDP 287b www.isc.org/IN/A
+18-Sep-2015 13:06:38.112 TR 10.53.0.1 UDP 287b www.isc.org/IN/A
+18-Sep-2015 14:06:38.000 TR 10.53.0.1 TCP 287b www.isc.org/IN/A
+18-Sep-2015 14:06:38.000 TR 10.53.0.1 TCP 287b www.isc.org/IN/A
+18-Sep-2015 13:06:38.112 TR 10.53.0.1 TCP 287b www.isc.org/IN/A
+18-Sep-2015 13:06:38.112 TR 10.53.0.1 TCP 287b www.isc.org/IN/A
--- a/lib/dns/tests/testdata/dnstap/query.auth
+++ b/lib/dns/tests/testdata/dnstap/query.auth
@@ -0,0 +1,4 @@
+# authoritative query, www.isc.org/A
+8d 24 00 20 00 01 00 00 00 00 00 01 03 77 77 77
+03 69 73 63 03 6f 72 67 00 00 01 00 01 00 00 29
+10 00 00 00 00 00 00 00
--- a/lib/dns/tests/testdata/dnstap/query.recursive
+++ b/lib/dns/tests/testdata/dnstap/query.recursive
@@ -0,0 +1,4 @@
+# recursive query for www.isc.org/A
+bf 08 01 20 00 01 00 00 00 00 00 01 03 77 77 77
+03 69 73 63 03 6f 72 67 00 00 01 00 01 00 00 29
+10 00 00 00 00 00 00 00
--- a/lib/dns/tests/testdata/dnstap/response.auth
+++ b/lib/dns/tests/testdata/dnstap/response.auth
@@ -0,0 +1,19 @@
+# authoritative response, www.isc.org/A
+8d 24 84 00 00 01 00 01 00 04 00 07 03 77 77 77
+03 69 73 63 03 6f 72 67 00 00 01 00 01 c0 0c 00
+01 00 01 00 00 00 3c 00 04 95 14 40 45 c0 10 00
+02 00 01 00 00 1c 20 00 0d 03 61 6d 73 06 73 6e
+73 2d 70 62 c0 10 c0 10 00 02 00 01 00 00 1c 20
+00 07 04 73 66 62 61 c0 3d c0 10 00 02 00 01 00
+00 1c 20 00 19 02 6e 73 03 69 73 63 0b 61 66 69
+6c 69 61 73 2d 6e 73 74 04 69 6e 66 6f 00 c0 10
+00 02 00 01 00 00 1c 20 00 06 03 6f 72 64 c0 3d
+c0 39 00 01 00 01 00 00 1c 20 00 04 c7 06 01 1e
+c0 39 00 1c 00 01 00 00 1c 20 00 10 20 01 05 00
+00 60 00 00 00 00 00 00 00 00 00 30 c0 8a 00 01
+00 01 00 00 1c 20 00 04 c7 06 00 1e c0 8a 00 1c
+00 01 00 00 1c 20 00 10 20 01 05 00 00 71 00 00
+00 00 00 00 00 00 00 30 c0 52 00 01 00 01 00 00
+1c 20 00 04 95 14 40 03 c0 52 00 1c 00 01 00 00
+1c 20 00 10 20 01 04 f8 00 00 00 02 00 00 00 00
+00 00 00 19 00 00 29 10 00 00 00 00 00 00 00
--- a/lib/dns/tests/testdata/dnstap/response.recursive
+++ b/lib/dns/tests/testdata/dnstap/response.recursive
@@ -0,0 +1,19 @@
+# recursive response, www.isc.org/A
+bf 08 81 a0 00 01 00 01 00 04 00 07 03 77 77 77
+03 69 73 63 03 6f 72 67 00 00 01 00 01 c0 0c 00
+01 00 01 00 00 00 15 00 04 95 14 40 45 c0 10 00
+02 00 01 00 00 1b a6 00 0e 04 73 66 62 61 06 73
+6e 73 2d 70 62 c0 10 c0 10 00 02 00 01 00 00 1b
+a6 00 06 03 6f 72 64 c0 3e c0 10 00 02 00 01 00
+00 1b a6 00 19 02 6e 73 03 69 73 63 0b 61 66 69
+6c 69 61 73 2d 6e 73 74 04 69 6e 66 6f 00 c0 10
+00 02 00 01 00 00 1b a6 00 06 03 61 6d 73 c0 3e
+c0 8a 00 01 00 01 00 00 b1 d5 00 04 c7 06 01 1e
+c0 8a 00 1c 00 01 00 00 b1 d5 00 10 20 01 05 00
+00 60 00 00 00 00 00 00 00 00 00 30 c0 53 00 01
+00 01 00 00 b1 d5 00 04 c7 06 00 1e c0 53 00 1c
+00 01 00 00 b1 d5 00 10 20 01 05 00 00 71 00 00
+00 00 00 00 00 00 00 30 c0 39 00 01 00 01 00 00
+b1 d5 00 04 95 14 40 03 c0 39 00 1c 00 01 00 00
+b1 d5 00 10 20 01 04 f8 00 00 00 02 00 00 00 00
+00 00 00 19 00 00 29 10 00 00 00 00 00 00 00