FSM: DNS Parser Plugin Enhancements

1 Current Walleye API Limitations
- 1.1 Uniquely Identified DNS Exchange
- 1.2 Access to Multiple Attributes
2 Northbound API
- 2.1 FSM Plugin
- 2.2 DPI DNS Tag
3 Requirements

Current Walleye API Limitations

Uniquely Identified DNS Exchange

Walleye client plugin uses the Walleye API to register a callback on the attributes of interest.

rts_subsribe()

The callback is tailored to return an <attribute, value type, value> tuple and an opaque handle (user parameter of the callback). The FSM glue implementation currently passes the 5/7 network tuple alongside the <attribute, pair> value. In the current use cases, the network tuple is used as a unique identifier.

If a user device was to use a different tuple for each DNS request, the network tuple would uniquely identify the DNS exchange. Each DNS attribute of interest could be presented separately, with the caller stitching the attributes keyed by the network tuple.

Unfortunately, some user devices open one socket to the DNS server and re-use this socket. In such case, the tuple is no longer a unique identifier.

A potential solution is to pass a UID as a callback argument. The UID could either uniquely define a long standing flow (HTTPS, etc.) or a specific exchange ID (DNS).

Access to Multiple Attributes

In the case of DNS, the client plugin needs several related fields. The current API allows for a single attribute notification at a time.

Potential approaches:

The API is modified to pass an array of <attribute, value type, value> tuples.
The notified plugin iteratively calls the plugin for each remaining attribute.
The notified plugin waits to be notified.

Northbound API

FSM Plugin

$ ovsh -j s Flow_Service_Manager_Config -w handler==dpi_dns
[
    {
        "if_name": "",
        "_version": [
            "uuid",
            "XXXXX813-0062-4284-8a79-541e76550ab4"
        ],
        "other_config": [
            "map",
            [
                [
                    "dpi_plugin",
                    "walleye_dpi"
                ],
                [
                    "flow_attributes",
                    "${dpi_dns}"
                ],
                [
                    "mqtt_v",
                    "DNS/Queries/opensync/XXXXX002B3/XXXXXf5acbb22513f0ae5e17"
                ],
                [
                    "policy_table",
                    "dpi_dns"
                ],
                [
                    "provider_plugin",
                    "gatekeeper"
                ]
            ]
        ],
        "type": "dpi_client",
        "plugin": "",
        "_uuid": [
            "uuid",
            "XXXXX44d-e437-47b0-a3b6-94c7bc937d88"
        ],
        "pkt_capt_filter": "",
        "handler": "dpi_dns"
    }
]

DPI DNS Tag

$ ovsh -j s Openflow_Tag -w name==dpi_dns
[
    {
        "_version": [
            "uuid",
            "XXXXX084-13f1-4ffa-bc7e-ffddca44617c"
        ],
        "name": "dpi_dns",
        "device_value": [
            "set",
            []
        ],
        "_uuid": [
            "uuid",
            "XXXXXcf5-794a-4348-ba40-cf32d39b6772"
        ],
        "cloud_value": [
            "set",
            [
                "begin",
                "dns.a",
                "dns.a_offset",
                "dns.aaaa",
                "dns.aaaa_offset",
                "dns.qname",
                "dns.ttl",
                "dns.type",
                "end"
            ]
        ]
    }
]

Requirements

A DNS plugin needs the following attributes:

On the request front:
- Request ID
- Request type
- FQDN to process
On the reply front:
- Request ID
- Request type
- Reply TTL
- Resolved IP addresses
- Offset of each resolved IP address field