Log return codes in LTSV qeruylog files

DNS return codes are not enough; we need to change this to something more expressive. In particular, we can't use them to distinguish between a server block, a blacklist block, and a plugin block such as the IPv6 blocker.
2018-06-04 21:35:07 +02:00 · 2018-06-04 21:35:07 +02:00 · 3bbdf93095
parent b6e6a19b50
commit 3bbdf93095
6 changed files with 36 additions and 5 deletions
--- a/dnscrypt-proxy/plugin_block_ip.go
+++ b/dnscrypt-proxy/plugin_block_ip.go
@ -121,6 +121,7 @@ func (plugin *PluginBlockIP) Eval(pluginsState *PluginsState, msg *dns.Msg) erro
 	}
 	if reject {
 		pluginsState.action = PluginsActionReject
+		pluginsState.rcode = dns.RcodeRefused
 		if plugin.logger != nil {
 			questions := msg.Question
 			if len(questions) != 1 {
--- a/dnscrypt-proxy/plugin_block_ipv6.go
+++ b/dnscrypt-proxy/plugin_block_ipv6.go
@ -66,5 +66,6 @@ func (plugin *PluginBlockIPv6) Eval(pluginsState *PluginsState, msg *dns.Msg) er
 	synth.Ns = []dns.RR{soa}
 	pluginsState.synthResponse = synth
 	pluginsState.action = PluginsActionSynth
+	pluginsState.rcode = dns.RcodeNotImplemented
 	return nil
 }
--- a/dnscrypt-proxy/plugin_block_name.go
+++ b/dnscrypt-proxy/plugin_block_name.go
@ -103,6 +103,7 @@ func (plugin *PluginBlockName) Eval(pluginsState *PluginsState, msg *dns.Msg) er
 	}
 	if reject {
 		pluginsState.action = PluginsActionReject
+		pluginsState.rcode = dns.RcodeRefused
 		if plugin.logger != nil {
 			var clientIPStr string
 			if pluginsState.clientProto == "udp" {
--- a/dnscrypt-proxy/plugin_query_log.go
+++ b/dnscrypt-proxy/plugin_query_log.go
@ -75,8 +75,12 @@ func (plugin *PluginQueryLog) Eval(pluginsState *PluginsState, msg *dns.Msg) err
 		tsStr := fmt.Sprintf("[%d-%02d-%02d %02d:%02d:%02d]", year, int(month), day, hour, minute, second)
 		line = fmt.Sprintf("%s\t%s\t%s\t%s\n", tsStr, clientIPStr, StringQuote(qName), qType)
 	} else if plugin.format == "ltsv" {
-		line = fmt.Sprintf("time:%d\thost:%s\tmessage:%s\ttype:%s\n",
-			time.Now().Unix(), clientIPStr, StringQuote(qName), qType)
+		rcode, ok := dns.RcodeToString[int(pluginsState.rcode)]
+		if !ok {
+			rcode = string(rcode)
+		}
+		line = fmt.Sprintf("time:%d\thost:%s\tmessage:%s\ttype:%s\trcode:%s\n",
+			time.Now().Unix(), clientIPStr, StringQuote(qName), qType, rcode)
 	} else {
 		dlog.Fatalf("Unexpected log format: [%s]", plugin.format)
 	}
--- a/dnscrypt-proxy/plugins.go
+++ b/dnscrypt-proxy/plugins.go
@ -41,6 +41,7 @@ type PluginsState struct {
 	cacheMinTTL            uint32
 	cacheMaxTTL            uint32
 	questionMsg            *dns.Msg
+	rcode                  uint8
 }

 func InitPluginsGlobals(pluginsGlobals *PluginsGlobals, proxy *Proxy) error {
@ -128,7 +129,7 @@ func NewPluginsState(proxy *Proxy, clientProto string, clientAddr *net.Addr) Plu
 }

 func (pluginsState *PluginsState) ApplyQueryPlugins(pluginsGlobals *PluginsGlobals, packet []byte) ([]byte, error) {
-	if len(*pluginsGlobals.queryPlugins) == 0 {
+	if len(*pluginsGlobals.queryPlugins) == 0 && len(*pluginsGlobals.loggingPlugins) == 0 {
 		return packet, nil
 	}
 	pluginsState.action = PluginsActionForward
@ -167,7 +168,7 @@ func (pluginsState *PluginsState) ApplyQueryPlugins(pluginsGlobals *PluginsGloba
 }

 func (pluginsState *PluginsState) ApplyResponsePlugins(pluginsGlobals *PluginsGlobals, packet []byte, ttl *uint32) ([]byte, error) {
-	if len(*pluginsGlobals.responsePlugins) == 0 {
+	if len(*pluginsGlobals.responsePlugins) == 0 && len(*pluginsGlobals.loggingPlugins) == 0 {
 		return packet, nil
 	}
 	pluginsState.action = PluginsActionForward
@ -178,6 +179,7 @@ func (pluginsState *PluginsState) ApplyResponsePlugins(pluginsGlobals *PluginsGl
 		}
 		return packet, err
 	}
+	pluginsState.rcode = Rcode(packet)
 	pluginsGlobals.RLock()
 	for _, plugin := range *pluginsGlobals.responsePlugins {
 		if ret := plugin.Eval(pluginsState, &msg); ret != nil {
--- a/dnscrypt-proxy/proxy.go
+++ b/dnscrypt-proxy/proxy.go
@ -8,6 +8,8 @@ import (
 	"sync/atomic"
 	"time"

+	"github.com/miekg/dns"
+
 	"github.com/jedisct1/dlog"
 	clocksmith "github.com/jedisct1/go-clocksmith"
 	stamps "github.com/jedisct1/go-dnsstamps"
@ -260,17 +262,20 @@ func (proxy *Proxy) processIncomingQuery(serverInfo *ServerInfo, clientProto str
 	}
 	pluginsState := NewPluginsState(proxy, clientProto, clientAddr)
 	query, _ = pluginsState.ApplyQueryPlugins(&proxy.pluginsGlobals, query)
-	pluginsState.ApplyLoggingPlugins(&proxy.pluginsGlobals)
 	var response []byte
 	var err error
 	if pluginsState.action != PluginsActionForward {
 		if pluginsState.synthResponse != nil {
 			response, err = pluginsState.synthResponse.PackBuffer(response)
 			if err != nil {
+				pluginsState.rcode = dns.RcodeFormatError
+				pluginsState.ApplyLoggingPlugins(&proxy.pluginsGlobals)
 				return
 			}
 		}
 		if pluginsState.action == PluginsActionDrop {
+			pluginsState.rcode = dns.RcodeRefused
+			pluginsState.ApplyLoggingPlugins(&proxy.pluginsGlobals)
 			return
 		}
 	}
@ -279,6 +284,8 @@ func (proxy *Proxy) processIncomingQuery(serverInfo *ServerInfo, clientProto str
 		if serverInfo.Proto == stamps.StampProtoTypeDNSCrypt {
 			sharedKey, encryptedQuery, clientNonce, err := proxy.Encrypt(serverInfo, query, serverProto)
 			if err != nil {
+				pluginsState.rcode = dns.RcodeFormatError
+				pluginsState.ApplyLoggingPlugins(&proxy.pluginsGlobals)
 				return
 			}
 			serverInfo.noticeBegin(proxy)
@ -288,6 +295,8 @@ func (proxy *Proxy) processIncomingQuery(serverInfo *ServerInfo, clientProto str
 				response, err = proxy.exchangeWithTCPServer(serverInfo, sharedKey, encryptedQuery, clientNonce)
 			}
 			if err != nil {
+				pluginsState.rcode = dns.RcodeServerFailure
+				pluginsState.ApplyLoggingPlugins(&proxy.pluginsGlobals)
 				serverInfo.noticeFailure(proxy)
 				return
 			}
@ -298,11 +307,15 @@ func (proxy *Proxy) processIncomingQuery(serverInfo *ServerInfo, clientProto str
 			resp, _, err := proxy.xTransport.DoHQuery(serverInfo.useGet, serverInfo.URL, query, proxy.timeout)
 			SetTransactionID(query, tid)
 			if err != nil {
+				pluginsState.rcode = dns.RcodeServerFailure
+				pluginsState.ApplyLoggingPlugins(&proxy.pluginsGlobals)
 				serverInfo.noticeFailure(proxy)
 				return
 			}
 			response, err = ioutil.ReadAll(io.LimitReader(resp.Body, int64(MaxDNSPacketSize)))
 			if err != nil {
+				pluginsState.rcode = dns.RcodeServerFailure
+				pluginsState.ApplyLoggingPlugins(&proxy.pluginsGlobals)
 				serverInfo.noticeFailure(proxy)
 				return
 			}
@ -313,11 +326,15 @@ func (proxy *Proxy) processIncomingQuery(serverInfo *ServerInfo, clientProto str
 			dlog.Fatal("Unsupported protocol")
 		}
 		if len(response) < MinDNSPacketSize || len(response) > MaxDNSPacketSize {
+			pluginsState.rcode = dns.RcodeFormatError
+			pluginsState.ApplyLoggingPlugins(&proxy.pluginsGlobals)
 			serverInfo.noticeFailure(proxy)
 			return
 		}
 		response, err = pluginsState.ApplyResponsePlugins(&proxy.pluginsGlobals, response, ttl)
 		if err != nil {
+			pluginsState.rcode = dns.RcodeServerFailure
+			pluginsState.ApplyLoggingPlugins(&proxy.pluginsGlobals)
 			serverInfo.noticeFailure(proxy)
 			return
 		}
@ -332,6 +349,8 @@ func (proxy *Proxy) processIncomingQuery(serverInfo *ServerInfo, clientProto str
 		if len(response) > MaxDNSUDPPacketSize {
 			response, err = TruncatedResponse(response)
 			if err != nil {
+				pluginsState.rcode = dns.RcodeSuccess
+				pluginsState.ApplyLoggingPlugins(&proxy.pluginsGlobals)
 				return
 			}
 		}
@ -344,11 +363,14 @@ func (proxy *Proxy) processIncomingQuery(serverInfo *ServerInfo, clientProto str
 	} else {
 		response, err = PrefixWithSize(response)
 		if err != nil {
+			pluginsState.rcode = dns.RcodeFormatError
+			pluginsState.ApplyLoggingPlugins(&proxy.pluginsGlobals)
 			serverInfo.noticeFailure(proxy)
 			return
 		}
 		clientPc.Write(response)
 	}
+	pluginsState.ApplyLoggingPlugins(&proxy.pluginsGlobals)
 }

 func NewProxy() Proxy {