From 3eaad37e7d70518885523873f704da39d3999d39 Mon Sep 17 00:00:00 2001 From: neuronull Date: Fri, 20 Oct 2023 11:33:10 -0600 Subject: [PATCH] fix(dnstap source): support DNSSEC RRSIG record data (#18878) * fix(dnstap source): support DNSSEC RRSIG record data * update codeowners --- .github/CODEOWNERS | 1 + lib/dnsmsg-parser/src/dns_message_parser.rs | 51 ++++++++++++++++++++- 2 files changed, 51 insertions(+), 1 deletion(-) diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS index f4c76a9cb312a..14e8ada57b38f 100644 --- a/.github/CODEOWNERS +++ b/.github/CODEOWNERS @@ -1,4 +1,5 @@ docs/ @vectordotdev/ux-team +lib/dnsmsg-parser/ @vectordotdev/integrations-team lib/file-source/ @spencergilbert @vectordotdev/integrations-team lib/k8s-e2e-tests/ @spencergilbert @vectordotdev/integrations-team lib/k8s-test-framework/ @spencergilbert @vectordotdev/integrations-team diff --git a/lib/dnsmsg-parser/src/dns_message_parser.rs b/lib/dnsmsg-parser/src/dns_message_parser.rs index 25845444fffdc..48f76c697706e 100644 --- a/lib/dnsmsg-parser/src/dns_message_parser.rs +++ b/lib/dnsmsg-parser/src/dns_message_parser.rs @@ -744,6 +744,26 @@ fn format_rdata(rdata: &RData) -> DnsParserResult<(Option, Option { + let sig_rdata = format!( + "{} {} {} {} {} {} {} {} {}", + match format_record_type(sig.type_covered()) { + Some(record_type) => record_type, + None => String::from("Unknown record type"), + }, + u8::from(sig.algorithm()), + sig.num_labels(), + sig.original_ttl(), + sig.sig_expiration(), // currently in epoch convert to human readable ? + sig.sig_inception(), // currently in epoch convert to human readable ? + sig.key_tag(), + sig.signer_name(), + BASE64.encode(sig.sig()) + ); + Ok((Some(sig_rdata), None)) + } DNSSECRData::Unknown { code: _, rdata } => Ok((None, Some(rdata.anything().to_vec()))), _ => Err(DnsMessageParserError::SimpleError { cause: format!("Unsupported rdata {:?}", rdata), @@ -1117,7 +1137,7 @@ mod tests { dnssec::{ rdata::{ dnskey::DNSKEY, ds::DS, nsec::NSEC, nsec3::NSEC3, nsec3param::NSEC3PARAM, sig::SIG, - DNSSECRData, + DNSSECRData, RRSIG, }, Algorithm as DNSSEC_Algorithm, DigestType, Nsec3HashAlgorithm, }, @@ -1555,6 +1575,35 @@ mod tests { } } + // rsig is a derivation of the SIG record data, but the upstream crate does not handle that with an trait + // so there isn't really a great way to reduce code duplication here. + #[test] + fn test_format_rdata_for_rsig_type() { + let rdata = RData::DNSSEC(DNSSECRData::RRSIG(RRSIG::new( + RecordType::NULL, + DNSSEC_Algorithm::RSASHA256, + 0, + 0, + 2, + 1, + 5, + Name::from_str("www.example.com").unwrap(), + vec![ + 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, + 23, 24, 25, 26, 27, 28, 29, 29, 31, + ], + ))); + let rdata_text = format_rdata(&rdata); + assert!(rdata_text.is_ok()); + if let Ok((parsed, raw_rdata)) = rdata_text { + assert!(raw_rdata.is_none()); + assert_eq!( + "NULL 8 0 0 2 1 5 www.example.com AAECAwQFBgcICQoLDA0ODxAREhMUFRYXGBkaGxwdHR8=", + parsed.unwrap() + ); + } + } + #[test] fn test_format_rdata_for_ds_type() { let rdata = RData::DNSSEC(DNSSECRData::DS(DS::new(