From 5b0ca7a2505da0c23e43a3f6b1fb1bc77c955a88 Mon Sep 17 00:00:00 2001 From: dmachard <5562930+dmachard@users.noreply.github.com> Date: Fri, 20 Dec 2024 21:01:20 +0100 Subject: [PATCH] feat(powerdns): add support for deviceID, deviceName and RequestorId --- dnsutils/dnsmessage.go | 3 +++ dnsutils/dnsmessage_json.go | 5 +++++ dnsutils/dnsmessage_json_test.go | 8 +++++++- dnsutils/dnsmessage_text.go | 18 ++++++++++++++++++ dnsutils/dnsmessage_text_test.go | 12 ++++++++++++ docs/collectors/collector_powerdns.md | 8 +++++++- workers/powerdns.go | 5 ++++- 7 files changed, 56 insertions(+), 3 deletions(-) diff --git a/dnsutils/dnsmessage.go b/dnsutils/dnsmessage.go index fa372d94..d75a7c3a 100644 --- a/dnsutils/dnsmessage.go +++ b/dnsutils/dnsmessage.go @@ -124,6 +124,9 @@ type PowerDNS struct { HTTPVersion string `json:"http-version"` MessageID string `json:"message-id"` InitialRequestorID string `json:"initial-requestor-id"` + RequestorID string `json:"requestor-id"` + DeviceName string `json:"device-name"` + DeviceId string `json:"device-id"` } type TransformDNSGeo struct { diff --git a/dnsutils/dnsmessage_json.go b/dnsutils/dnsmessage_json.go index 467b41ae..0d848ff9 100644 --- a/dnsutils/dnsmessage_json.go +++ b/dnsutils/dnsmessage_json.go @@ -215,6 +215,11 @@ func (dm *DNSMessage) Flatten() (map[string]interface{}, error) { dnsFields["powerdns.metadata."+mk] = mv } dnsFields["powerdns.http-version"] = dm.PowerDNS.HTTPVersion + dnsFields["powerdns.message-id"] = dm.PowerDNS.MessageID + dnsFields["powerdns.requestor-id"] = dm.PowerDNS.RequestorID + dnsFields["powerdns.device-id"] = dm.PowerDNS.DeviceId + dnsFields["powerdns.device-name"] = dm.PowerDNS.DeviceName + dnsFields["powerdns.initial-requestor-id"] = dm.PowerDNS.InitialRequestorID } // relabeling ? diff --git a/dnsutils/dnsmessage_json_test.go b/dnsutils/dnsmessage_json_test.go index 41dc702e..e37576c6 100644 --- a/dnsutils/dnsmessage_json_test.go +++ b/dnsutils/dnsmessage_json_test.go @@ -113,6 +113,9 @@ func TestDnsMessage_Json_Collectors_Reference(t *testing.T) { HTTPVersion: "http3", MessageID: "27c3e94ad6284eec9a50cfc5bd7384d6", InitialRequestorID: "5e006236c8a74f7eafc6af126e6d0689", + RequestorID: "f7c3e94ad6284eec9a50cfc5bd7384d6", + DeviceId: "ffffffffffffffffeaaeaeae", + DeviceName: "foobar", }}, jsonRef: `{ @@ -129,7 +132,10 @@ func TestDnsMessage_Json_Collectors_Reference(t *testing.T) { }, "http-version": "http3", "message-id": "27c3e94ad6284eec9a50cfc5bd7384d6", - "initial-requestor-id": "5e006236c8a74f7eafc6af126e6d0689" + "initial-requestor-id": "5e006236c8a74f7eafc6af126e6d0689", + "requestor-id": "f7c3e94ad6284eec9a50cfc5bd7384d6", + "device-id": "ffffffffffffffffeaaeaeae", + "device-name": "foobar" } }`, }, diff --git a/dnsutils/dnsmessage_text.go b/dnsutils/dnsmessage_text.go index afa68dd0..347ce1d7 100644 --- a/dnsutils/dnsmessage_text.go +++ b/dnsutils/dnsmessage_text.go @@ -102,6 +102,24 @@ func (dm *DNSMessage) handlePdnsDirectives(directive string, s *strings.Builder) } else { s.WriteString("-") } + case directive == "powerdns-requestor-id": + if len(dm.PowerDNS.RequestorID) > 0 { + s.WriteString(dm.PowerDNS.RequestorID) + } else { + s.WriteString("-") + } + case directive == "powerdns-device-id": + if len(dm.PowerDNS.DeviceId) > 0 { + s.WriteString(dm.PowerDNS.DeviceId) + } else { + s.WriteString("-") + } + case directive == "powerdns-device-name": + if len(dm.PowerDNS.DeviceName) > 0 { + s.WriteString(dm.PowerDNS.DeviceName) + } else { + s.WriteString("-") + } case directive == "powerdns-message-id": if len(dm.PowerDNS.MessageID) > 0 { s.WriteString(dm.PowerDNS.MessageID) diff --git a/dnsutils/dnsmessage_text_test.go b/dnsutils/dnsmessage_text_test.go index 63bdab51..8f77d43d 100644 --- a/dnsutils/dnsmessage_text_test.go +++ b/dnsutils/dnsmessage_text_test.go @@ -482,6 +482,18 @@ func TestDnsMessage_TextFormat_Directives_Pdns(t *testing.T) { dm: DNSMessage{PowerDNS: &PowerDNS{InitialRequestorID: "5e006236c8a74f7eafc6af126e6d0689"}}, expected: "5e006236c8a74f7eafc6af126e6d0689", }, + { + name: "requestor_id", + format: "powerdns-requestor-id", + dm: DNSMessage{PowerDNS: &PowerDNS{RequestorID: "5e006236c8a74f7eafc6af126e6d0689"}}, + expected: "5e006236c8a74f7eafc6af126e6d0689", + }, + { + name: "device_id_name", + format: "powerdns-device-id powerdns-device-name", + dm: DNSMessage{PowerDNS: &PowerDNS{DeviceId: "5e006236c8a74f7eafc6af126e6d0689", DeviceName: "test"}}, + expected: "5e006236c8a74f7eafc6af126e6d0689 test", + }, } for _, tc := range testcases { diff --git a/docs/collectors/collector_powerdns.md b/docs/collectors/collector_powerdns.md index 70138955..942bd63e 100644 --- a/docs/collectors/collector_powerdns.md +++ b/docs/collectors/collector_powerdns.md @@ -71,6 +71,9 @@ If you logs your DNS traffic in basic text format, you can use the specific dire * `powerdns-http-version`: http version used with DoH queries * `powerdns-message-id`: message id * `powerdns-initial-requestor-id`: initial requestor id +* `powerdns-requestor-id`: requestor id +* `powerdns-device-id`: device id +* `powerdns-device-name`: device name Configuration example: @@ -100,7 +103,10 @@ If you logs your DNS traffic in JSON output, the following part will be added in }, "http-version": "HTTP3", "message-id": "27c3e94ad6284eec9a50cfc5bd7384d6", - "initial-requestor-id": "5e006236c8a74f7eafc6af126e6d0689" + "initial-requestor-id": "5e006236c8a74f7eafc6af126e6d0689", + "requestor-id": "f7c3e94ad6284eec9a50cfc5bd7384d6", + "device-id": "ffffffffffffffffeaaeaeae", + "device-name": "foobar" } ``` diff --git a/workers/powerdns.go b/workers/powerdns.go index 70e67132..bcd32bb8 100644 --- a/workers/powerdns.go +++ b/workers/powerdns.go @@ -358,9 +358,12 @@ func (w *PdnsProcessor) StartCollect() { pdns.HTTPVersion = pbdm.GetHttpVersion().String() } - // get id + // get some string pdns.MessageID = hex.EncodeToString(pbdm.MessageId) pdns.InitialRequestorID = hex.EncodeToString(pbdm.InitialRequestId) + pdns.RequestorID = pbdm.GetRequestorId() + pdns.DeviceName = pbdm.GetDeviceName() + pdns.DeviceId = hex.EncodeToString(pbdm.DeviceId) // finally set pdns to dns message dm.PowerDNS = &pdns