a bit of refactor and cleanup, bump deps, tests

Author: blind-oracle

.github/workflows

@@ -0,0 +1,21 @@
+name: dnstap-bgp
+
+on: [push]
+
+jobs:
+  build:
+
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+
+      - name: Set up Go
+        uses: actions/setup-go@v4
+        with:
+          go-version: 1.20
+
+      - name: Build
+        run: go build -v ./...
+
+      - name: Test
+        run: go test -v ./...

.travis.yml

@@ -4,7 +4,6 @@ DESCRIPTION := DNSTap to BGP exporter
 LICENSE := MPLv2
 
 GO ?= go
-DEP ?= dep
 VERSION := $(shell cat VERSION)
 OUT := .out
 PACKAGE := github.com/blind-oracle/$(NAME)

Makefile

@@ -1,6 +1,5 @@
 [![Go Report Card](https://goreportcard.com/badge/github.com/blind-oracle/dnstap-bgp)](https://goreportcard.com/report/github.com/blind-oracle/dnstap-bgp)
 [![Coverage Status](https://coveralls.io/repos/github/blind-oracle/dnstap-bgp/badge.svg?branch=master)](https://coveralls.io/github/blind-oracle/dnstap-bgp?branch=master)
-[![Build Status](https://travis-ci.org/blind-oracle/dnstap-bgp.svg?branch=master)](https://travis-ci.org/blind-oracle/dnstap-bgp)
 
 # dnstap-bgp
 
@@ -16,13 +15,13 @@ This daemon was created to solve the problem of manipulating traffic based on do
 ## Features
 * Load a list of domains to intercept: the prefix tree is used to match subdomains
 * Hot-reload of the domain list by a HUP signal
-* Full support for IPv6 (I hope): in DNS (AAAA RRs), in BGP and in syncer
+* Support for IPv6 - in DNS (AAAA RRs), in BGP and in syncer
 * Support for CNAMEs - they are resolved and stored as separate ip -> domain entries
 * Export routes to any number of BGP peers
 * Configurable timeout to purge entries from the cache
 * Persist the cache on disk (in a Bolt database)
 * Sync the obtained IPs with other instances of **dnstap-bgp**
-* Can switch itself to a pre-created network namespace before initializing network. This can be useful if you want to peer with a BGP server running on the same host (e.g. **bird** does not support peering with any of the local interfaces). This requires running as *root*.
+* Can be switched to a dedicated namespace using `ip netns` - see `deploy/*` init scripts for systemd. Useful when running with BGP router on the same host - ususally it can't peer with its own IPs (at least `bird`)
 
 ## Synchronization
 **dnstap-bgp** can optionally push the obtained IPs to other **dnstap-bgp** instances. It also periodically syncs its cache with peers to keep it up-to-date in case of network outages. The interaction is done using simple HTTP queries and JSON.
@@ -39,7 +38,7 @@ This daemon was created to solve the problem of manipulating traffic based on do
 Get *deb* or *rpm* packages from the releases page.
 
 ### From source
-You'll need Go environment set up and *dep* installed, then just run `make`
+You'll need Go environment set up, then just run `make`
 
 ### Building packages
 To build a package you'll need *fpm* tool installed, then just run `make rpm` or `make deb`

README.md

@@ -1 +1 @@
-1.0.8
+1.1.0

VERSION

@@ -3,25 +3,23 @@ package main
 import (
 	"context"
 	"fmt"
-	"log"
 	"net"
 	"strconv"
 	"strings"
 	"time"
 
 	"github.com/golang/protobuf/ptypes"
 	"github.com/golang/protobuf/ptypes/any"
-	api "github.com/osrg/gobgp/api"
-	gobgp "github.com/osrg/gobgp/pkg/server"
+	api "github.com/osrg/gobgp/v3/api"
+	gobgp "github.com/osrg/gobgp/v3/pkg/server"
 )
 
 type bgpCfg struct {
-	AS       uint32
-	RouterID string
-	NextHop  string
+	AS          uint32
+	RouterID    string
+	NextHop     string
 	NextHopIPv6 string
-	SourceIP string
-	SourceIF string
+	SourceIP    string
 
 	Peers []string
 	IPv6  bool
@@ -34,15 +32,11 @@ type bgpServer struct {
 
 func newBgp(c *bgpCfg) (b *bgpServer, err error) {
 	if c.AS == 0 {
-		return nil, fmt.Errorf("You need to provide AS")
-	}
-
-	if c.SourceIP != "" && c.SourceIF != "" {
-		return nil, fmt.Errorf("SourceIP and SourceIF are mutually exclusive")
+		return nil, fmt.Errorf("you need to provide AS")
 	}
 
 	if len(c.Peers) == 0 {
-		return nil, fmt.Errorf("You need to provide at least one peer")
+		return nil, fmt.Errorf("you need to provide at least one peer")
 	}
 
 	b = &bgpServer{
@@ -53,18 +47,14 @@ func newBgp(c *bgpCfg) (b *bgpServer, err error) {
 
 	if err = b.s.StartBgp(context.Background(), &api.StartBgpRequest{
 		Global: &api.Global{
-			As:         c.AS,
+			Asn:        c.AS,
 			RouterId:   c.RouterID,
 			ListenPort: -1,
 		},
 	}); err != nil {
 		return
 	}
 
-	if err = b.s.MonitorPeer(context.Background(), &api.MonitorPeerRequest{}, func(p *api.Peer) { log.Println(p) }); err != nil {
-		return
-	}
-
 	for _, p := range c.Peers {
 		if err = b.addPeer(p); err != nil {
 			return
@@ -81,14 +71,14 @@ func (b *bgpServer) addPeer(addr string) (err error) {
 		addr = t[0]
 
 		if port, err = strconv.Atoi(t[1]); err != nil {
-			return fmt.Errorf("Unable to parse port '%s' as int: %s", t[1], err)
+			return fmt.Errorf("unable to parse port '%s' as int: %s", t[1], err)
 		}
 	}
 
 	p := &api.Peer{
 		Conf: &api.PeerConf{
 			NeighborAddress: addr,
-			PeerAs:          b.c.AS,
+			PeerAsn:         b.c.AS,
 		},
 
 		AfiSafis: []*api.AfiSafi{
@@ -129,10 +119,6 @@ func (b *bgpServer) addPeer(addr string) (err error) {
 		p.Transport.LocalAddress = b.c.SourceIP
 	}
 
-	if b.c.SourceIF != "" {
-		p.Transport.BindInterface = b.c.SourceIF
-	}
-
 	return b.s.AddPeer(context.Background(), &api.AddPeerRequest{
 		Peer: p,
 	})
@@ -159,22 +145,21 @@ func (b *bgpServer) getPath(ip net.IP) *api.Path {
 	})
 
 	if ip.To4() == nil {
-
 		v6Family := &api.Family{
 			Afi:  api.Family_AFI_IP6,
 			Safi: api.Family_SAFI_UNICAST,
 		}
 
 		if b.c.NextHopIPv6 != "" {
-		  nh = b.c.NextHopIPv6
+			nh = b.c.NextHopIPv6
 		} else {
-		  nh = "fd00::1"
+			nh = "fd00::1"
 		}
 
 		v6Attrs, _ := ptypes.MarshalAny(&api.MpReachNLRIAttribute{
-			Family:		v6Family,
-			NextHops:	[]string{nh},
-			Nlris:		[]*any.Any{nlri},
+			Family:   v6Family,
+			NextHops: []string{nh},
+			Nlris:    []*any.Any{nlri},
 		})
 
 		return &api.Path{
@@ -197,9 +182,9 @@ func (b *bgpServer) getPath(ip net.IP) *api.Path {
 		})
 
 		return &api.Path{
-	  	Family: &api.Family{
-	  		Afi:  api.Family_AFI_IP,
-	  		Safi: api.Family_SAFI_UNICAST,
+			Family: &api.Family{
+				Afi:  api.Family_AFI_IP,
+				Safi: api.Family_SAFI_UNICAST,
 			},
 			Nlri:   nlri,
 			Pattrs: []*any.Any{a1, a2},

bgp.go

@@ -57,7 +57,6 @@ func (c *cache) add(e *cacheEntry) {
 	c.Lock()
 	c.m[string(e.IP)] = e
 	c.Unlock()
-	return
 }
 
 func (c *cache) getAll() (es []*cacheEntry) {

cache.go

@@ -5,7 +5,7 @@ import (
 	"encoding/gob"
 	"net"
 
-	bolt "github.com/etcd-io/bbolt"
+	bolt "go.etcd.io/bbolt"
 )
 
 type db struct {

db.go

@@ -8,8 +8,8 @@ import (
 	"strconv"
 
 	dnstap "github.com/dnstap/golang-dnstap"
-	"github.com/golang/protobuf/proto"
 	"github.com/miekg/dns"
+	"google.golang.org/protobuf/proto"
 )
 
 type dnstapCfg struct {
@@ -18,6 +18,11 @@ type dnstapCfg struct {
 	IPv6   bool
 }
 
+type dnsEntry struct {
+	ip   net.IP
+	fqdn string
+}
+
 type fCb func(net.IP, string)
 type fCbErr func(error)
 
@@ -27,72 +32,62 @@ type dnstapServer struct {
 	cbErr       fCbErr
 	fstrmServer *dnstap.FrameStreamSockInput
 	l           net.Listener
-	unixSocket  bool
 	ch          chan []byte
 }
 
-func stripDot(d string) string {
-	return d[:len(d)-1]
-}
-
-func (ds *dnstapServer) handleDNSMsg(m *dns.Msg) {
-	var (
-		domain      string
-		cnameTgt    string
-		origCname   string
-		multiCnames bool
-	)
-	multiCnames = false
+/*
+ch-odc.samsungapps.com.                                             300     IN      CNAME   ch-odc.gw.samsungapps.com.
+ch-odc.gw.samsungapps.com.                                          10      IN      CNAME   fe-pew1-ext-s3store-elb-1085125128.eu-west-1.elb.amazonaws.com.
+fe-pew1-ext-s3store-elb-1085125128.eu-west-1.elb.amazonaws.com.     60      IN      A       34.251.108.185
+*/
 
-loop:
+func parseDNSReply(m *dns.Msg, ipv6 bool) []*dnsEntry {
+	var domain string
+	result := []*dnsEntry{}
 
 	for _, rr := range m.Answer {
 		hdr := rr.Header()
 
-		var ip net.IP
-		switch rr.(type) {
+		switch rv := rr.(type) {
 		case *dns.CNAME:
-			cnameTgt = rr.(*dns.CNAME).Target
-			domain = hdr.Name
-			if origCname == "" {
-				origCname = domain
-			} else {
-				multiCnames = true
+			if domain == "" {
+				domain = hdr.Name
 			}
-			continue loop
 
-		case *dns.A, *dns.AAAA:
-			if cnameTgt == "" {
+		case *dns.A:
+			if domain == "" {
 				domain = hdr.Name
-			} else if cnameTgt != hdr.Name {
-				continue loop
 			}
 
-			switch r := rr.(type) {
-			case *dns.A:
-				ip = r.A
-			case *dns.AAAA:
-				if !ds.cfg.IPv6 {
-					continue loop
-				}
-				ip = r.AAAA
+			result = append(result, &dnsEntry{rv.A, domain})
+
+		case *dns.AAAA:
+			if !ipv6 {
+				break
 			}
 
-		default:
-			continue loop
-		}
-		if multiCnames == true {
-			domain = origCname
+			if domain == "" {
+				domain = hdr.Name
+			}
+
+			result = append(result, &dnsEntry{rv.AAAA, domain})
 		}
-		ds.cb(ip, stripDot(domain))
+	}
+
+	return result
+}
+
+func (ds *dnstapServer) handleDNSMsg(m *dns.Msg) {
+	for _, d := range parseDNSReply(m, ds.cfg.IPv6) {
+		ds.cb(d.ip, d.fqdn[:len(d.fqdn)-1])
 	}
 }
 
 func (ds *dnstapServer) ProcessProtobuf() {
 	for frame := range ds.ch {
 		tap := &dnstap.Dnstap{}
 		if err := proto.Unmarshal(frame, tap); err != nil {
-			ds.cbErr(fmt.Errorf("Unmarshal failed: %s", err))
+			ds.cbErr(fmt.Errorf("unmarshal failed: %w", err))
 			continue
 		}
 
@@ -103,7 +98,7 @@ func (ds *dnstapServer) ProcessProtobuf() {
 
 		dnsMsg := new(dns.Msg)
 		if err := dnsMsg.Unpack(msg.ResponseMessage); err != nil {
-			ds.cbErr(fmt.Errorf("Unpack failed: %s", err))
+			ds.cbErr(fmt.Errorf("unpack failed: %w", err))
 			continue
 		}
 
@@ -120,25 +115,25 @@ func newDnstapServer(c *dnstapCfg, cb fCb, cbErr fCbErr) (ds *dnstapServer, err
 	}
 
 	if c.Listen == "" {
-		return nil, fmt.Errorf("You need to specify DNSTap listening poing")
+		return nil, fmt.Errorf("you need to specify DNSTap listening poing")
 	}
 
 	if addr, err := net.ResolveTCPAddr("tcp", c.Listen); err == nil {
 		if ds.l, err = net.ListenTCP("tcp", addr); err != nil {
-			return nil, fmt.Errorf("Unable to listen on '%s': %s", c.Listen, err)
+			return nil, fmt.Errorf("unable to listen on '%s': %w", c.Listen, err)
 		}
 
 		ds.fstrmServer = dnstap.NewFrameStreamSockInput(ds.l)
 	} else {
 		ds.fstrmServer, err = dnstap.NewFrameStreamSockInputFromPath(c.Listen)
 		if err != nil {
-			return nil, fmt.Errorf("Unable to listen on '%s': %s", c.Listen, err)
+			return nil, fmt.Errorf("unable to listen on '%s': %w", c.Listen, err)
 		}
 
 		if c.Perm != "" {
 			octal, err := strconv.ParseInt(c.Perm, 8, 32)
 			if err != nil {
-				return nil, fmt.Errorf("Unable to parse '%s' as octal: %s", c.Perm, err)
+				return nil, fmt.Errorf("unable to parse '%s' as octal: %w", c.Perm, err)
 			}
 
 			os.Chmod(c.Listen, os.FileMode(octal))