From 8104ffda0eaecf6c0fd8aa94fd8b90f3a90028b3 Mon Sep 17 00:00:00 2001
From: Evan Hunt <each@isc.org>
Date: Thu, 3 Oct 2024 19:51:20 -0700
Subject: [PATCH 1/3] report client transport in 'rndc recursing'

when dumping the list of recursing clients, indicate whether
a given query was sent over UDP, TCP, TLS, or HTTP.
---
 bin/rndc/rndc.rst               |  6 ++++--
 lib/dns/include/dns/transport.h |  6 ++++++
 lib/dns/transport.c             | 16 ++++++++++++++++
 lib/ns/client.c                 | 10 +++++-----
 4 files changed, 31 insertions(+), 7 deletions(-)

diff --git a/bin/rndc/rndc.rst b/bin/rndc/rndc.rst
index b59f62e672..0559ed7339 100644
--- a/bin/rndc/rndc.rst
+++ b/bin/rndc/rndc.rst
@@ -429,8 +429,10 @@ Currently supported commands are:
 
    The first list includes all unique clients that are waiting for
    recursion to complete, including the query that is awaiting a
-   response and the timestamp (seconds since the Unix epoch) of
-   when named started processing this client query.
+   response, the timestamp (seconds since the Unix epoch) of
+   when named started processing this client query, the client's
+   address, and the transport over which the the query was received
+   (UDP, TCP, TLS, or HTTP).
 
    The second list comprises of domains for which there are active
    (or recently active) fetches in progress.  It reports the number
diff --git a/lib/dns/include/dns/transport.h b/lib/dns/include/dns/transport.h
index b8845208e3..15892e46d8 100644
--- a/lib/dns/include/dns/transport.h
+++ b/lib/dns/include/dns/transport.h
@@ -204,3 +204,9 @@ dns_transport_list_detach(dns_transport_list_t **listp);
  *\li	'listp' is not NULL.
  *\li	'*listp' is a valid transport list.
  */
+
+const char *
+dns_transport_totext(dns_transport_type_t type);
+/*%<
+ * Convert a transport type value into a string.
+ */
diff --git a/lib/dns/transport.c b/lib/dns/transport.c
index b2328d144c..52bb6bce39 100644
--- a/lib/dns/transport.c
+++ b/lib/dns/transport.c
@@ -772,3 +772,19 @@ dns_transport_list_detach(dns_transport_list_t **listp) {
 		transport_list_destroy(list);
 	}
 }
+
+const char *
+dns_transport_totext(dns_transport_type_t type) {
+	switch (type) {
+	case DNS_TRANSPORT_UDP:
+		return ("udp");
+	case DNS_TRANSPORT_TCP:
+		return ("tcp");
+	case DNS_TRANSPORT_TLS:
+		return ("tls");
+	case DNS_TRANSPORT_HTTP:
+		return ("https");
+	default:
+		UNREACHABLE();
+	}
+}
diff --git a/lib/ns/client.c b/lib/ns/client.c
index cc76632f0b..76293eda45 100644
--- a/lib/ns/client.c
+++ b/lib/ns/client.c
@@ -141,7 +141,6 @@ static void
 compute_cookie(ns_client_t *client, uint32_t when, const unsigned char *secret,
 	       isc_buffer_t *buf);
 
-#ifdef HAVE_DNSTAP
 static dns_transport_type_t
 ns_client_transport_type(const ns_client_t *client) {
 	/*
@@ -186,7 +185,6 @@ ns_client_transport_type(const ns_client_t *client) {
 
 	return DNS_TRANSPORT_UDP;
 }
-#endif /* HAVE_DNSTAP */
 
 void
 ns_client_recursing(ns_client_t *client) {
@@ -2921,10 +2919,12 @@ ns_client_dumprecursing(FILE *f, ns_clientmgr_t *manager) {
 		}
 		UNLOCK(&client->query.fetchlock);
 		fprintf(f,
-			"; client %s%s%s: id %u '%s/%s/%s'%s%s "
+			"; client %s (%s)%s%s: id %u '%s/%s/%s'%s%s "
 			"requesttime %u\n",
-			peerbuf, sep, name, client->message->id, namebuf,
-			typebuf, classbuf, origfor, original,
+			peerbuf,
+			dns_transport_totext(ns_client_transport_type(client)),
+			sep, name, client->message->id, namebuf, typebuf,
+			classbuf, origfor, original,
 			isc_time_seconds(&client->requesttime));
 		client = ISC_LIST_NEXT(client, rlink);
 	}

From 74f53a003232aad923ed7f88759d6809fbd66fcb Mon Sep 17 00:00:00 2001
From: Evan Hunt <each@isc.org>
Date: Fri, 11 Oct 2024 20:19:02 -0700
Subject: [PATCH 2/3] check 'rndc recursing'

there was no system test that exercised 'rndc recursing'; a
simple one has now been added; it confirms that the number of
recursing clients reported by 'rndc stats' is in agreement with
the list returned by 'rndc recursing'.
---
 bin/tests/system/statistics/clean.sh | 2 +-
 bin/tests/system/statistics/tests.sh | 4 ++++
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/bin/tests/system/statistics/clean.sh b/bin/tests/system/statistics/clean.sh
index a1fc8d0288..ac11bce7db 100644
--- a/bin/tests/system/statistics/clean.sh
+++ b/bin/tests/system/statistics/clean.sh
@@ -28,4 +28,4 @@ rm -f curl.out.*
 rm -f stats*out
 rm -f ns*/managed-keys.bind*
 rm -f xsltproc.out.*
-rm -f named.stats.* ns*/named.stats.*
+rm -f named.stats.* ns*/named.stats.* ns*/named.recursing
diff --git a/bin/tests/system/statistics/tests.sh b/bin/tests/system/statistics/tests.sh
index a840d9e27b..5f2a719672 100644
--- a/bin/tests/system/statistics/tests.sh
+++ b/bin/tests/system/statistics/tests.sh
@@ -98,6 +98,10 @@ getstats() {
   grep "2 recursing clients" $last_stats >/dev/null || return 1
 }
 retry_quiet 5 getstats || ret=1
+# confirm agreement with 'rndc recursing'
+$RNDCCMD -s 10.53.0.3 recursing || ret=1
+lines=$(grep -c "; client .*(tcp)" ns3/named.recursing || true)
+[ "$lines" -eq 2 ] || ret=1
 if [ $ret != 0 ]; then echo_i "failed"; fi
 status=$((status + ret))
 n=$((n + 1))

From 3ad82a4721f7b3ea7b268f9b81bf5771d22edf5e Mon Sep 17 00:00:00 2001
From: Evan Hunt <each@isc.org>
Date: Fri, 11 Oct 2024 20:16:24 -0700
Subject: [PATCH 3/3] add a unit test for dns_transport_totext()

confirm that the text returned by the dns_transport_totext()
function matches the transport type when it was created.
---
 tests/dns/Makefile.am      |  1 +
 tests/dns/transport_test.c | 61 ++++++++++++++++++++++++++++++++++++++
 2 files changed, 62 insertions(+)
 create mode 100644 tests/dns/transport_test.c

diff --git a/tests/dns/Makefile.am b/tests/dns/Makefile.am
index 73e343a2c2..70104151cc 100644
--- a/tests/dns/Makefile.am
+++ b/tests/dns/Makefile.am
@@ -46,6 +46,7 @@ check_PROGRAMS =		\
 	sigs_test		\
 	skr_test		\
 	time_test		\
+	transport_test		\
 	tsig_test		\
 	update_test		\
 	zonemgr_test		\
diff --git a/tests/dns/transport_test.c b/tests/dns/transport_test.c
new file mode 100644
index 0000000000..5bf07a149f
--- /dev/null
+++ b/tests/dns/transport_test.c
@@ -0,0 +1,61 @@
+/*
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ *
+ * SPDX-License-Identifier: MPL-2.0
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, you can obtain one at https://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
+ */
+
+#include <inttypes.h>
+#include <sched.h> /* IWYU pragma: keep */
+#include <setjmp.h>
+#include <stdarg.h>
+#include <stddef.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+
+#define UNIT_TESTING
+#include <cmocka.h>
+
+#include <isc/string.h>
+#include <isc/util.h>
+
+#include <dns/transport.h>
+
+#include <tests/dns.h>
+
+ISC_RUN_TEST_IMPL(dns_transport_totext) {
+	dns_transport_t *udp = NULL, *tcp = NULL;
+	dns_transport_t *tls = NULL, *http = NULL;
+	dns_transport_list_t *tlist = NULL;
+
+	tlist = dns_transport_list_new(mctx);
+	udp = dns_transport_new(dns_rootname, DNS_TRANSPORT_UDP, tlist);
+	tcp = dns_transport_new(dns_rootname, DNS_TRANSPORT_TCP, tlist);
+	tls = dns_transport_new(dns_rootname, DNS_TRANSPORT_TLS, tlist);
+	http = dns_transport_new(dns_rootname, DNS_TRANSPORT_HTTP, tlist);
+
+	assert_string_equal(dns_transport_totext(dns_transport_get_type(udp)),
+			    "udp");
+	assert_string_equal(dns_transport_totext(dns_transport_get_type(tcp)),
+			    "tcp");
+	assert_string_equal(dns_transport_totext(dns_transport_get_type(tls)),
+			    "tls");
+	assert_string_equal(dns_transport_totext(dns_transport_get_type(http)),
+			    "https");
+
+	dns_transport_list_detach(&tlist);
+}
+
+ISC_TEST_LIST_START
+ISC_TEST_ENTRY(dns_transport_totext)
+ISC_TEST_LIST_END
+
+ISC_TEST_MAIN