diff options
Diffstat (limited to 'usr.sbin/nsd/dnstap/dnstap.h')
-rw-r--r-- | usr.sbin/nsd/dnstap/dnstap.h | 19 |
1 files changed, 17 insertions, 2 deletions
diff --git a/usr.sbin/nsd/dnstap/dnstap.h b/usr.sbin/nsd/dnstap/dnstap.h index e5eaa2a1345..8c84928cbc5 100644 --- a/usr.sbin/nsd/dnstap/dnstap.h +++ b/usr.sbin/nsd/dnstap/dnstap.h @@ -42,6 +42,7 @@ struct nsd_options; struct fstrm_io; struct fstrm_queue; +struct dt_tls_writer; struct dt_env { /** dnstap I/O thread */ @@ -66,6 +67,9 @@ struct dt_env { unsigned log_auth_query_messages : 1; /** whether to log Message/AUTH_RESPONSE */ unsigned log_auth_response_messages : 1; + + /** tls writer object, or NULL */ + struct dt_tls_writer* tls_writer; }; /** @@ -75,12 +79,23 @@ struct dt_env { * of the structure) to ensure lock-free access to its own per-worker circular * queue. Duplicate the environment object if more than one worker needs to * share access to the dnstap I/O socket. - * @param socket_path: path to dnstap logging socket, must be non-NULL. + * @param socket_path: path to dnstap logging socket, must be non-NULL if used. + * @param ip: if NULL or "" use socket path, otherwise IP or IP@port. * @param num_workers: number of worker threads, must be > 0. + * @param tls: set to true to use TLS, otherwise, TCP. Used when ip is set. + * @param tls_server_name: name for authenticating the upstream server, or + * NULL or "". + * @param tls_cert_bundle: pem bundle to verify server with. Or NULL or "". + * @param tls_client_key_file: key file for client authentication. Or NULL + * or "". + * @param tls_client_cert_file: cert file for client authentication. Or NULL + * or "". * @return dt_env object, NULL on failure. */ struct dt_env * -dt_create(const char *socket_path, unsigned num_workers); +dt_create(const char *socket_path, char* ip, unsigned num_workers, + int tls, char* tls_server_name, char* tls_cert_bundle, + char* tls_client_key_file, char* tls_client_cert_file); /** * Apply config settings. |