Log return codes in LTSV qeruylog files
DNS return codes are not enough; we need to change this to something more expressive. In particular, we can't use them to distinguish between a server block, a blacklist block, and a plugin block such as the IPv6 blocker.
This commit is contained in:
parent
b6e6a19b50
commit
3bbdf93095
|
@ -121,6 +121,7 @@ func (plugin *PluginBlockIP) Eval(pluginsState *PluginsState, msg *dns.Msg) erro
|
|||
}
|
||||
if reject {
|
||||
pluginsState.action = PluginsActionReject
|
||||
pluginsState.rcode = dns.RcodeRefused
|
||||
if plugin.logger != nil {
|
||||
questions := msg.Question
|
||||
if len(questions) != 1 {
|
||||
|
|
|
@ -66,5 +66,6 @@ func (plugin *PluginBlockIPv6) Eval(pluginsState *PluginsState, msg *dns.Msg) er
|
|||
synth.Ns = []dns.RR{soa}
|
||||
pluginsState.synthResponse = synth
|
||||
pluginsState.action = PluginsActionSynth
|
||||
pluginsState.rcode = dns.RcodeNotImplemented
|
||||
return nil
|
||||
}
|
||||
|
|
|
@ -103,6 +103,7 @@ func (plugin *PluginBlockName) Eval(pluginsState *PluginsState, msg *dns.Msg) er
|
|||
}
|
||||
if reject {
|
||||
pluginsState.action = PluginsActionReject
|
||||
pluginsState.rcode = dns.RcodeRefused
|
||||
if plugin.logger != nil {
|
||||
var clientIPStr string
|
||||
if pluginsState.clientProto == "udp" {
|
||||
|
|
|
@ -75,8 +75,12 @@ func (plugin *PluginQueryLog) Eval(pluginsState *PluginsState, msg *dns.Msg) err
|
|||
tsStr := fmt.Sprintf("[%d-%02d-%02d %02d:%02d:%02d]", year, int(month), day, hour, minute, second)
|
||||
line = fmt.Sprintf("%s\t%s\t%s\t%s\n", tsStr, clientIPStr, StringQuote(qName), qType)
|
||||
} else if plugin.format == "ltsv" {
|
||||
line = fmt.Sprintf("time:%d\thost:%s\tmessage:%s\ttype:%s\n",
|
||||
time.Now().Unix(), clientIPStr, StringQuote(qName), qType)
|
||||
rcode, ok := dns.RcodeToString[int(pluginsState.rcode)]
|
||||
if !ok {
|
||||
rcode = string(rcode)
|
||||
}
|
||||
line = fmt.Sprintf("time:%d\thost:%s\tmessage:%s\ttype:%s\trcode:%s\n",
|
||||
time.Now().Unix(), clientIPStr, StringQuote(qName), qType, rcode)
|
||||
} else {
|
||||
dlog.Fatalf("Unexpected log format: [%s]", plugin.format)
|
||||
}
|
||||
|
|
|
@ -41,6 +41,7 @@ type PluginsState struct {
|
|||
cacheMinTTL uint32
|
||||
cacheMaxTTL uint32
|
||||
questionMsg *dns.Msg
|
||||
rcode uint8
|
||||
}
|
||||
|
||||
func InitPluginsGlobals(pluginsGlobals *PluginsGlobals, proxy *Proxy) error {
|
||||
|
@ -128,7 +129,7 @@ func NewPluginsState(proxy *Proxy, clientProto string, clientAddr *net.Addr) Plu
|
|||
}
|
||||
|
||||
func (pluginsState *PluginsState) ApplyQueryPlugins(pluginsGlobals *PluginsGlobals, packet []byte) ([]byte, error) {
|
||||
if len(*pluginsGlobals.queryPlugins) == 0 {
|
||||
if len(*pluginsGlobals.queryPlugins) == 0 && len(*pluginsGlobals.loggingPlugins) == 0 {
|
||||
return packet, nil
|
||||
}
|
||||
pluginsState.action = PluginsActionForward
|
||||
|
@ -167,7 +168,7 @@ func (pluginsState *PluginsState) ApplyQueryPlugins(pluginsGlobals *PluginsGloba
|
|||
}
|
||||
|
||||
func (pluginsState *PluginsState) ApplyResponsePlugins(pluginsGlobals *PluginsGlobals, packet []byte, ttl *uint32) ([]byte, error) {
|
||||
if len(*pluginsGlobals.responsePlugins) == 0 {
|
||||
if len(*pluginsGlobals.responsePlugins) == 0 && len(*pluginsGlobals.loggingPlugins) == 0 {
|
||||
return packet, nil
|
||||
}
|
||||
pluginsState.action = PluginsActionForward
|
||||
|
@ -178,6 +179,7 @@ func (pluginsState *PluginsState) ApplyResponsePlugins(pluginsGlobals *PluginsGl
|
|||
}
|
||||
return packet, err
|
||||
}
|
||||
pluginsState.rcode = Rcode(packet)
|
||||
pluginsGlobals.RLock()
|
||||
for _, plugin := range *pluginsGlobals.responsePlugins {
|
||||
if ret := plugin.Eval(pluginsState, &msg); ret != nil {
|
||||
|
|
|
@ -8,6 +8,8 @@ import (
|
|||
"sync/atomic"
|
||||
"time"
|
||||
|
||||
"github.com/miekg/dns"
|
||||
|
||||
"github.com/jedisct1/dlog"
|
||||
clocksmith "github.com/jedisct1/go-clocksmith"
|
||||
stamps "github.com/jedisct1/go-dnsstamps"
|
||||
|
@ -260,17 +262,20 @@ func (proxy *Proxy) processIncomingQuery(serverInfo *ServerInfo, clientProto str
|
|||
}
|
||||
pluginsState := NewPluginsState(proxy, clientProto, clientAddr)
|
||||
query, _ = pluginsState.ApplyQueryPlugins(&proxy.pluginsGlobals, query)
|
||||
pluginsState.ApplyLoggingPlugins(&proxy.pluginsGlobals)
|
||||
var response []byte
|
||||
var err error
|
||||
if pluginsState.action != PluginsActionForward {
|
||||
if pluginsState.synthResponse != nil {
|
||||
response, err = pluginsState.synthResponse.PackBuffer(response)
|
||||
if err != nil {
|
||||
pluginsState.rcode = dns.RcodeFormatError
|
||||
pluginsState.ApplyLoggingPlugins(&proxy.pluginsGlobals)
|
||||
return
|
||||
}
|
||||
}
|
||||
if pluginsState.action == PluginsActionDrop {
|
||||
pluginsState.rcode = dns.RcodeRefused
|
||||
pluginsState.ApplyLoggingPlugins(&proxy.pluginsGlobals)
|
||||
return
|
||||
}
|
||||
}
|
||||
|
@ -279,6 +284,8 @@ func (proxy *Proxy) processIncomingQuery(serverInfo *ServerInfo, clientProto str
|
|||
if serverInfo.Proto == stamps.StampProtoTypeDNSCrypt {
|
||||
sharedKey, encryptedQuery, clientNonce, err := proxy.Encrypt(serverInfo, query, serverProto)
|
||||
if err != nil {
|
||||
pluginsState.rcode = dns.RcodeFormatError
|
||||
pluginsState.ApplyLoggingPlugins(&proxy.pluginsGlobals)
|
||||
return
|
||||
}
|
||||
serverInfo.noticeBegin(proxy)
|
||||
|
@ -288,6 +295,8 @@ func (proxy *Proxy) processIncomingQuery(serverInfo *ServerInfo, clientProto str
|
|||
response, err = proxy.exchangeWithTCPServer(serverInfo, sharedKey, encryptedQuery, clientNonce)
|
||||
}
|
||||
if err != nil {
|
||||
pluginsState.rcode = dns.RcodeServerFailure
|
||||
pluginsState.ApplyLoggingPlugins(&proxy.pluginsGlobals)
|
||||
serverInfo.noticeFailure(proxy)
|
||||
return
|
||||
}
|
||||
|
@ -298,11 +307,15 @@ func (proxy *Proxy) processIncomingQuery(serverInfo *ServerInfo, clientProto str
|
|||
resp, _, err := proxy.xTransport.DoHQuery(serverInfo.useGet, serverInfo.URL, query, proxy.timeout)
|
||||
SetTransactionID(query, tid)
|
||||
if err != nil {
|
||||
pluginsState.rcode = dns.RcodeServerFailure
|
||||
pluginsState.ApplyLoggingPlugins(&proxy.pluginsGlobals)
|
||||
serverInfo.noticeFailure(proxy)
|
||||
return
|
||||
}
|
||||
response, err = ioutil.ReadAll(io.LimitReader(resp.Body, int64(MaxDNSPacketSize)))
|
||||
if err != nil {
|
||||
pluginsState.rcode = dns.RcodeServerFailure
|
||||
pluginsState.ApplyLoggingPlugins(&proxy.pluginsGlobals)
|
||||
serverInfo.noticeFailure(proxy)
|
||||
return
|
||||
}
|
||||
|
@ -313,11 +326,15 @@ func (proxy *Proxy) processIncomingQuery(serverInfo *ServerInfo, clientProto str
|
|||
dlog.Fatal("Unsupported protocol")
|
||||
}
|
||||
if len(response) < MinDNSPacketSize || len(response) > MaxDNSPacketSize {
|
||||
pluginsState.rcode = dns.RcodeFormatError
|
||||
pluginsState.ApplyLoggingPlugins(&proxy.pluginsGlobals)
|
||||
serverInfo.noticeFailure(proxy)
|
||||
return
|
||||
}
|
||||
response, err = pluginsState.ApplyResponsePlugins(&proxy.pluginsGlobals, response, ttl)
|
||||
if err != nil {
|
||||
pluginsState.rcode = dns.RcodeServerFailure
|
||||
pluginsState.ApplyLoggingPlugins(&proxy.pluginsGlobals)
|
||||
serverInfo.noticeFailure(proxy)
|
||||
return
|
||||
}
|
||||
|
@ -332,6 +349,8 @@ func (proxy *Proxy) processIncomingQuery(serverInfo *ServerInfo, clientProto str
|
|||
if len(response) > MaxDNSUDPPacketSize {
|
||||
response, err = TruncatedResponse(response)
|
||||
if err != nil {
|
||||
pluginsState.rcode = dns.RcodeSuccess
|
||||
pluginsState.ApplyLoggingPlugins(&proxy.pluginsGlobals)
|
||||
return
|
||||
}
|
||||
}
|
||||
|
@ -344,11 +363,14 @@ func (proxy *Proxy) processIncomingQuery(serverInfo *ServerInfo, clientProto str
|
|||
} else {
|
||||
response, err = PrefixWithSize(response)
|
||||
if err != nil {
|
||||
pluginsState.rcode = dns.RcodeFormatError
|
||||
pluginsState.ApplyLoggingPlugins(&proxy.pluginsGlobals)
|
||||
serverInfo.noticeFailure(proxy)
|
||||
return
|
||||
}
|
||||
clientPc.Write(response)
|
||||
}
|
||||
pluginsState.ApplyLoggingPlugins(&proxy.pluginsGlobals)
|
||||
}
|
||||
|
||||
func NewProxy() Proxy {
|
||||
|
|
Loading…
Reference in New Issue