/* dnstap support for NSD */

/*
 * Copyright (c) 2013-2014, Farsight Security, Inc.
 * All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
 * 1. Redistributions of source code must retain the above copyright
 * notice, this list of conditions and the following disclaimer.
 *
 * 2. Redistributions in binary form must reproduce the above copyright
 * notice, this list of conditions and the following disclaimer in the
 * documentation and/or other materials provided with the distribution.
 *
 * 3. Neither the name of the copyright holder nor the names of its
 * contributors may be used to endorse or promote products derived from
 * this software without specific prior written permission.
 *
 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR
 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
 * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
 * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
 * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
 * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 */

#ifndef NSD_DNSTAP_H
#define NSD_DNSTAP_H

#include "dnstap/dnstap_config.h"

#ifdef USE_DNSTAP

struct nsd_options;
struct fstrm_io;
struct fstrm_queue;
struct dt_tls_writer;

struct dt_env {
        /** dnstap I/O thread */
        struct fstrm_iothr *iothr;

        /** dnstap I/O thread input queue */
        struct fstrm_iothr_queue *ioq;

        /** dnstap "identity" field, NULL if disabled */
        char *identity;

        /** dnstap "version" field, NULL if disabled */
        char *version;

        /** length of "identity" field */
        unsigned len_identity;

        /** length of "version" field */
        unsigned len_version;

        /** whether to log Message/AUTH_QUERY */
        unsigned log_auth_query_messages : 1;
        /** whether to log Message/AUTH_RESPONSE */
        unsigned log_auth_response_messages : 1;

        /** tls writer object, or NULL */
        struct dt_tls_writer* tls_writer;
};

/**
 * Create dnstap environment object. Afterwards, call dt_apply_cfg() to fill in
 * the config variables and dt_init() to fill in the per-worker state. Each
 * worker needs a copy of this object but with its own I/O queue (the fq field
 * of the structure) to ensure lock-free access to its own per-worker circular
 * queue.  Duplicate the environment object if more than one worker needs to
 * share access to the dnstap I/O socket.
 * @param socket_path: path to dnstap logging socket, must be non-NULL if used.
 * @param ip: if NULL or "" use socket path, otherwise IP or IP@port.
 * @param num_workers: number of worker threads, must be > 0.
 * @param tls: set to true to use TLS, otherwise, TCP. Used when ip is set.
 * @param tls_server_name: name for authenticating the upstream server, or
 *      NULL or "".
 * @param tls_cert_bundle: pem bundle to verify server with. Or NULL or "".
 * @param tls_client_key_file: key file for client authentication. Or NULL
 *      or "".
 * @param tls_client_cert_file: cert file for client authentication. Or NULL
 *      or "".
 * @return dt_env object, NULL on failure.
 */
struct dt_env *
dt_create(const char *socket_path, char* ip, unsigned num_workers,
        int tls, char* tls_server_name, char* tls_cert_bundle,
        char* tls_client_key_file, char* tls_client_cert_file);

/**
 * Apply config settings.
 * @param env: dnstap environment object.
 * @param cfg: new config settings.
 */
void
dt_apply_cfg(struct dt_env *env, struct nsd_options *cfg);

/**
 * Initialize per-worker state in dnstap environment object.
 * @param env: dnstap environment object to initialize, created with dt_create().
 * @return: true on success, false on failure.
 */
int
dt_init(struct dt_env *env);

/**
 * Delete dnstap environment object. Closes dnstap I/O socket and deletes all
 * per-worker I/O queues.
 */
void
dt_delete(struct dt_env *env);

/**
 * Create and send a new dnstap "Message" event of type AUTH_QUERY.
 * @param env: dnstap environment object.
 * @param local_addr: address/port of server (local address).
 * @param addr: address/port of client.
 * @param is_tcp: true for tcp, false for udp.
 * @param zone: zone name, or NULL. in wireformat.
 * @param zonelen: length of zone in bytes.
 * @param pkt: query message.
 * @param pktlen: length of pkt.
 */
void
dt_msg_send_auth_query(struct dt_env *env,
#ifdef INET6
        struct sockaddr_storage* local_addr,
        struct sockaddr_storage* addr,
#else
        struct sockaddr_in* local_addr,
        struct sockaddr_in* addr,
#endif
        int is_tcp, uint8_t* zone, size_t zonelen, uint8_t* pkt, size_t pktlen);

/**
 * Create and send a new dnstap "Message" event of type AUTH_RESPONSE.
 * @param env: dnstap environment object.
 * @param local_addr: address/port of server (local address).
 * @param addr: address/port of client.
 * @param is_tcp: true for tcp, false for udp.
 * @param zone: zone name, or NULL. in wireformat.
 * @param zonelen: length of zone in bytes.
 * @param pkt: response message.
 * @param pktlen: length of pkt.
 */
void
dt_msg_send_auth_response(struct dt_env *env,
#ifdef INET6
        struct sockaddr_storage* local_addr,
        struct sockaddr_storage* addr,
#else
        struct sockaddr_in* local_addr,
        struct sockaddr_in* addr,
#endif
        int is_tcp, uint8_t* zone, size_t zonelen, uint8_t* pkt, size_t pktlen);

#endif /* USE_DNSTAP */

#endif /* NSD_DNSTAP_H */