From ae36af4c9fd8189ea9925222f6e9902239f61af3 Mon Sep 17 00:00:00 2001 From: Petr Menšík Date: Nov 05 2018 17:28:47 +0000 Subject: Add support for DNSTAP Not enabled by default yet. Enables dumping of dns traffic. Fix DNSTAP issues in build and unit tests. Fool rpmlint to accept dnstap relative path. Rpmlint emited error hardcoded-library-path on dnstap path. It is not system-wide library, workaround by using variable. Add dnstap-read utility to utils. When dnstap is enabled, dnstap-read will be part of utils. Disadvantage is all utilities would have dependency on protobuf library, including host and dig. Resolves: #1564776 --- diff --git a/bind-9.11-unit-dnstap-pkcs11.patch b/bind-9.11-unit-dnstap-pkcs11.patch new file mode 100644 index 0000000..8620e9f --- /dev/null +++ b/bind-9.11-unit-dnstap-pkcs11.patch @@ -0,0 +1,24 @@ +diff --git a/lib/dns/tests/dnstap_test.c b/lib/dns/tests/dnstap_test.c +index 56e3da4..1f31542 100644 +--- a/lib/dns/tests/dnstap_test.c ++++ b/lib/dns/tests/dnstap_test.c +@@ -297,6 +297,9 @@ ATF_TC_BODY(totext, tc) { + + UNUSED(tc); + ++ /* make sure text conversion gets the right local time */ ++ setenv("TZ", "PST8", 1); ++ + result = dns_test_begin(NULL, true); + ATF_REQUIRE(result == ISC_R_SUCCESS); + +@@ -306,9 +309,6 @@ ATF_TC_BODY(totext, tc) { + result = isc_stdio_open(TAPTEXT, "r", &fp); + ATF_REQUIRE_EQ(result, ISC_R_SUCCESS); + +- /* make sure text conversion gets the right local time */ +- setenv("TZ", "PST8", 1); +- + while (dns_dt_getframe(handle, &data, &dsize) == ISC_R_SUCCESS) { + dns_dtdata_t *dtdata = NULL; + isc_buffer_t *b = NULL; diff --git a/bind.spec b/bind.spec index 14b76ff..110b520 100644 --- a/bind.spec +++ b/bind.spec @@ -18,6 +18,7 @@ %bcond_without DEVEL %bcond_with LMDB %bcond_with JSON +%bcond_with DNSTAP %bcond_with DLZ %bcond_without EXPORT_LIBS %if 0%{?fedora} >= 17 @@ -124,7 +125,10 @@ Patch159:bind-9.11-rt46047.patch # commit b105ccee68ccc3c18e6ea530063b3c8e5a42571c # commit 083461d3329ff6f2410745848a926090586a9846 Patch160:bind-9.11-rh1624100.patch +# https://gitlab.isc.org/isc-projects/bind9/issues/555 Patch161:bind-9.11-host-idn-disable.patch +# https://gitlab.isc.org/isc-projects/bind9/issues/624 +Patch162:bind-9.11-unit-dnstap-pkcs11.patch # SDB patches Patch11: bind-9.3.2b2-sdbsrc.patch @@ -187,6 +191,9 @@ BuildRequires: lmdb-devel %if %{with JSON} BuildRequires: json-c-devel %endif +%if %{with DNSTAP} +BuildRequires: fstrm-devel protobuf-c-devel +%endif # Needed to regenerate dig.1 manpage BuildRequires: docbook-style-xsl, libxslt @@ -328,6 +335,9 @@ Requires: lmdb-devel %if %{with JSON} Requires: json-c-devel%{?_isa} %endif +%if %{with DNSTAP} +Requires: fstrm-devel%{?_isa} protobuf-c-devel%{?_isa} +%endif %description lite-devel The bind-lite-devel package contains lite version of the header @@ -475,6 +485,7 @@ are used for building ISC DHCP. %patch159 -p1 -b .rt46047 %patch160 -p1 -b .rh1624100 %patch161 -p1 -b .host-idn-disable +%patch162 -p1 -b .dnstap-pkcs11 mkdir lib/dns/tests/testdata/dstrandom cp -a %{SOURCE50} lib/dns/tests/testdata/dstrandom/random.data @@ -605,6 +616,9 @@ export LIBDIR_SUFFIX %if %{with JSON} --with-libjson \ %endif +%if %{with DNSTAP} + --enable-dnstap \ +%endif %if %{with UNITTEST} --with-atf=${ATF_PATH} \ %endif @@ -612,6 +626,15 @@ export LIBDIR_SUFFIX --with-docbook-xsl=%{_datadir}/sgml/docbook/xsl-stylesheets \ --enable-full-report \ ; +%if %{with DNSTAP} + pushd lib + SRCLIB="../../../lib" + (cd dns && ln -s ${SRCLIB}/dns/dnstap.proto) +%if %{with PKCS11} + (cd dns-pkcs11 && ln -s ${SRCLIB}/dns-pkcs11/dnstap.proto) +%endif + popd +%endif make %{?_smp_mflags} ### FIXME hack!!! @@ -1238,6 +1261,10 @@ rm -rf ${RPM_BUILD_ROOT} %if %{with LMDB} %{_sbindir}/named-nzd2nzf %endif +%if %{with DNSTAP} +%{_bindir}/dnstap-read +%{_mandir}/man1/dnstap-read.1* +%endif %{_mandir}/man1/host.1* %{_mandir}/man1/nsupdate.1* %{_mandir}/man1/dig.1* @@ -1458,6 +1485,7 @@ rm -rf ${RPM_BUILD_ROOT} %changelog * Thu Oct 25 2018 Petr Menšík - 32:9.11.5-2 - Add optional support for JSON statistics +- Add optional DNSTAP support (#1564776), new dnstap-read tool * Wed Oct 24 2018 Petr Menšík - 32:9.11.5-1 - Update to 9.11.5