« back to all changes in this revision
Viewing changes to dnstap.pb/dnstap.proto
- browse files at revision 1
- compare with another revision
- download diff
- download tarball
- view history from revision 1
- Committer: Package Import Robot
- Author(s): Eric Dorland
- Date: 2016-04-02 00:14:15 UTC
- Revision ID: package-import@ubuntu.com-20160402001415-9rhce33ua8eh4t53
Tags: upstream-0.1.0
ImportĀ upstreamĀ versionĀ 0.1.0
added
removed
dnstap.pb/dnstap.proto
1
// dnstap: flexible, structured event replication format for DNS software
2
//
3
// This file contains the protobuf schemas for the "dnstap" structured event
4
// replication format for DNS software.
5
6
// Written in 2013-2014 by Farsight Security, Inc.
7
//
8
// To the extent possible under law, the author(s) have dedicated all
9
// copyright and related and neighboring rights to this file to the public
10
// domain worldwide. This file is distributed without any warranty.
11
//
12
// You should have received a copy of the CC0 Public Domain Dedication along
13
// with this file. If not, see:
14
//
15
// <http://creativecommons.org/publicdomain/zero/1.0/>.
16
17
package dnstap;
18
19
// "Dnstap": this is the top-level dnstap type, which is a "union" type that
20
// contains other kinds of dnstap payloads, although currently only one type
21
// of dnstap payload is defined.
22
// See: https://developers.google.com/protocol-buffers/docs/techniques#union
23
message Dnstap {
24
// DNS server identity.
25
// If enabled, this is the identity string of the DNS server which generated
26
// this message. Typically this would be the same string as returned by an
27
// "NSID" (RFC 5001) query.
28
optional bytes identity = 1;
29
30
// DNS server version.
31
// If enabled, this is the version string of the DNS server which generated
32
// this message. Typically this would be the same string as returned by a
33
// "version.bind" query.
34
optional bytes version = 2;
35
36
// Extra data for this payload.
37
// This field can be used for adding an arbitrary byte-string annotation to
38
// the payload. No encoding or interpretation is applied or enforced.
39
optional bytes extra = 3;
40
41
// Identifies which field below is filled in.
42
enum Type {
43
MESSAGE = 1;
44
}
45
required Type type = 15;
46
47
// One of the following will be filled in.
48
optional Message message = 14;
49
}
50
51
// SocketFamily: the network protocol family of a socket. This specifies how
52
// to interpret "network address" fields.
53
enum SocketFamily {
54
INET = 1; // IPv4 (RFC 791)
55
INET6 = 2; // IPv6 (RFC 2460)
56
}
57
58
// SocketProtocol: the transport protocol of a socket. This specifies how to
59
// interpret "transport port" fields.
60
enum SocketProtocol {
61
UDP = 1; // User Datagram Protocol (RFC 768)
62
TCP = 2; // Transmission Control Protocol (RFC 793)
63
}
64
65
// Message: a wire-format (RFC 1035 section 4) DNS message and associated
66
// metadata. Applications generating "Message" payloads should follow
67
// certain requirements based on the MessageType, see below.
68
message Message {
69
70
// There are eight types of "Message" defined that correspond to the
71
// four arrows in the following diagram, slightly modified from RFC 1035
72
// section 2:
73
74
// +---------+ +----------+ +--------+
75
// | | query | | query | |
76
// | Stub |-SQ--------CQ->| Recursive|-RQ----AQ->| Auth. |
77
// | Resolver| | Server | | Name |
78
// | |<-SR--------CR-| |<-RR----AR-| Server |
79
// +---------+ response | | response | |
80
// +----------+ +--------+
81
82
// Each arrow has two Type values each, one for each "end" of each arrow,
83
// because these are considered to be distinct events. Each end of each
84
// arrow on the diagram above has been marked with a two-letter Type
85
// mnemonic. Clockwise from upper left, these mnemonic values are:
86
//
87
// SQ: STUB_QUERY
88
// CQ: CLIENT_QUERY
89
// RQ: RESOLVER_QUERY
90
// AQ: AUTH_QUERY
91
// AR: AUTH_RESPONSE
92
// RR: RESOLVER_RESPONSE
93
// CR: CLIENT_RESPONSE
94
// SR: STUB_RESPONSE
95
96
// Two additional types of "Message" have been defined for the
97
// "forwarding" case where an upstream DNS server is responsible for
98
// further recursion. These are not shown on the diagram above, but have
99
// the following mnemonic values:
100
101
// FQ: FORWARDER_QUERY
102
// FR: FORWARDER_RESPONSE
103
104
// The "Message" Type values are defined below.
105
106
enum Type {
107
// AUTH_QUERY is a DNS query message received from a resolver by an
108
// authoritative name server, from the perspective of the authorative
109
// name server.
110
AUTH_QUERY = 1;
111
112
// AUTH_RESPONSE is a DNS response message sent from an authoritative
113
// name server to a resolver, from the perspective of the authoritative
114
// name server.
115
AUTH_RESPONSE = 2;
116
117
// RESOLVER_QUERY is a DNS query message sent from a resolver to an
118
// authoritative name server, from the perspective of the resolver.
119
// Resolvers typically clear the RD (recursion desired) bit when
120
// sending queries.
121
RESOLVER_QUERY = 3;
122
123
// RESOLVER_RESPONSE is a DNS response message received from an
124
// authoritative name server by a resolver, from the perspective of
125
// the resolver.
126
RESOLVER_RESPONSE = 4;
127
128
// CLIENT_QUERY is a DNS query message sent from a client to a DNS
129
// server which is expected to perform further recursion, from the
130
// perspective of the DNS server. The client may be a stub resolver or
131
// forwarder or some other type of software which typically sets the RD
132
// (recursion desired) bit when querying the DNS server. The DNS server
133
// may be a simple forwarding proxy or it may be a full recursive
134
// resolver.
135
CLIENT_QUERY = 5;
136
137
// CLIENT_RESPONSE is a DNS response message sent from a DNS server to
138
// a client, from the perspective of the DNS server. The DNS server
139
// typically sets the RA (recursion available) bit when responding.
140
CLIENT_RESPONSE = 6;
141
142
// FORWARDER_QUERY is a DNS query message sent from a downstream DNS
143
// server to an upstream DNS server which is expected to perform
144
// further recursion, from the perspective of the downstream DNS
145
// server.
146
FORWARDER_QUERY = 7;
147
148
// FORWARDER_RESPONSE is a DNS response message sent from an upstream
149
// DNS server performing recursion to a downstream DNS server, from the
150
// perspective of the downstream DNS server.
151
FORWARDER_RESPONSE = 8;
152
153
// STUB_QUERY is a DNS query message sent from a stub resolver to a DNS
154
// server, from the perspective of the stub resolver.
155
STUB_QUERY = 9;
156
157
// STUB_RESPONSE is a DNS response message sent from a DNS server to a
158
// stub resolver, from the perspective of the stub resolver.
159
STUB_RESPONSE = 10;
160
161
// TOOL_QUERY is a DNS query message sent from a DNS software tool to a
162
// DNS server, from the perspective of the tool.
163
TOOL_QUERY = 11;
164
165
// TOOL_RESPONSE is a DNS response message received by a DNS software
166
// tool from a DNS server, from the perspective of the tool.
167
TOOL_RESPONSE = 12;
168
}
169
170
// One of the Type values described above.
171
required Type type = 1;
172
173
// One of the SocketFamily values described above.
174
optional SocketFamily socket_family = 2;
175
176
// One of the SocketProtocol values described above.
177
optional SocketProtocol socket_protocol = 3;
178
179
// The network address of the message initiator.
180
// For SocketFamily INET, this field is 4 octets (IPv4 address).
181
// For SocketFamily INET6, this field is 16 octets (IPv6 address).
182
optional bytes query_address = 4;
183
184
// The network address of the message responder.
185
// For SocketFamily INET, this field is 4 octets (IPv4 address).
186
// For SocketFamily INET6, this field is 16 octets (IPv6 address).
187
optional bytes response_address = 5;
188
189
// The transport port of the message initiator.
190
// This is a 16-bit UDP or TCP port number, depending on SocketProtocol.
191
optional uint32 query_port = 6;
192
193
// The transport port of the message responder.
194
// This is a 16-bit UDP or TCP port number, depending on SocketProtocol.
195
optional uint32 response_port = 7;
196
197
// The time at which the DNS query message was sent or received, depending
198
// on whether this is an AUTH_QUERY, RESOLVER_QUERY, or CLIENT_QUERY.
199
// This is the number of seconds since the UNIX epoch.
200
optional uint64 query_time_sec = 8;
201
202
// The time at which the DNS query message was sent or received.
203
// This is the seconds fraction, expressed as a count of nanoseconds.
204
optional fixed32 query_time_nsec = 9;
205
206
// The initiator's original wire-format DNS query message, verbatim.
207
optional bytes query_message = 10;
208
209
// The "zone" or "bailiwick" pertaining to the DNS query message.
210
// This is a wire-format DNS domain name.
211
optional bytes query_zone = 11;
212
213
// The time at which the DNS response message was sent or received,
214
// depending on whether this is an AUTH_RESPONSE, RESOLVER_RESPONSE, or
215
// CLIENT_RESPONSE.
216
// This is the number of seconds since the UNIX epoch.
217
optional uint64 response_time_sec = 12;
218
219
// The time at which the DNS response message was sent or received.
220
// This is the seconds fraction, expressed as a count of nanoseconds.
221
optional fixed32 response_time_nsec = 13;
222
223
// The responder's original wire-format DNS response message, verbatim.
224
optional bytes response_message = 14;
225
}
226
227
// All fields except for 'type' in the Message schema are optional.
228
// It is recommended that at least the following fields be filled in for
229
// particular types of Messages.
230
231
// AUTH_QUERY:
232
// socket_family, socket_protocol
233
// query_address, query_port
234
// query_message
235
// query_time_sec, query_time_nsec
236
237
// AUTH_RESPONSE:
238
// socket_family, socket_protocol
239
// query_address, query_port
240
// query_time_sec, query_time_nsec
241
// response_message
242
// response_time_sec, response_time_nsec
243
244
// RESOLVER_QUERY:
245
// socket_family, socket_protocol
246
// query_message
247
// query_time_sec, query_time_nsec
248
// query_zone
249
// response_address, response_port
250
251
// RESOLVER_RESPONSE:
252
// socket_family, socket_protocol
253
// query_time_sec, query_time_nsec
254
// query_zone
255
// response_address, response_port
256
// response_message
257
// response_time_sec, response_time_nsec
258
259
// CLIENT_QUERY:
260
// socket_family, socket_protocol
261
// query_message
262
// query_time_sec, query_time_nsec
263
264
// CLIENT_RESPONSE:
265
// socket_family, socket_protocol
266
// query_time_sec, query_time_nsec
267
// response_message
268
// response_time_sec, response_time_nsec
Loggerhead is a web-based interface for Breezy
Version: 2.0.1