summaryrefslogtreecommitdiffstats
path: root/dnsdist-lua-inspection.cc
diff options
context:
space:
mode:
Diffstat (limited to 'dnsdist-lua-inspection.cc')
-rw-r--r--dnsdist-lua-inspection.cc911
1 files changed, 911 insertions, 0 deletions
diff --git a/dnsdist-lua-inspection.cc b/dnsdist-lua-inspection.cc
new file mode 100644
index 0000000..4fac0e3
--- /dev/null
+++ b/dnsdist-lua-inspection.cc
@@ -0,0 +1,911 @@
+/*
+ * This file is part of PowerDNS or dnsdist.
+ * Copyright -- PowerDNS.COM B.V. and its contributors
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of version 2 of the GNU General Public License as
+ * published by the Free Software Foundation.
+ *
+ * In addition, for the avoidance of any doubt, permission is granted to
+ * link this program with OpenSSL and to (re)distribute the binaries
+ * produced as the result of such linking.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ */
+#include "dnsdist.hh"
+#include "dnsdist-lua.hh"
+#include "dnsdist-dynblocks.hh"
+#include "dnsdist-nghttp2.hh"
+#include "dnsdist-rings.hh"
+#include "dnsdist-tcp.hh"
+
+#include "statnode.hh"
+
+#ifndef DISABLE_TOP_N_BINDINGS
+static LuaArray<std::vector<boost::variant<string,double>>> getGenResponses(uint64_t top, boost::optional<int> labels, std::function<bool(const Rings::Response&)> pred)
+{
+ setLuaNoSideEffect();
+ map<DNSName, unsigned int> counts;
+ unsigned int total=0;
+ {
+ for (const auto& shard : g_rings.d_shards) {
+ auto rl = shard->respRing.lock();
+ if (!labels) {
+ for(const auto& a : *rl) {
+ if(!pred(a))
+ continue;
+ counts[a.name]++;
+ total++;
+ }
+ }
+ else {
+ unsigned int lab = *labels;
+ for(const auto& a : *rl) {
+ if(!pred(a))
+ continue;
+
+ DNSName temp(a.name);
+ temp.trimToLabels(lab);
+ counts[temp]++;
+ total++;
+ }
+ }
+ }
+ }
+ // cout<<"Looked at "<<total<<" responses, "<<counts.size()<<" different ones"<<endl;
+ vector<pair<unsigned int, DNSName>> rcounts;
+ rcounts.reserve(counts.size());
+ for (const auto& c : counts)
+ rcounts.emplace_back(c.second, c.first.makeLowerCase());
+
+ sort(rcounts.begin(), rcounts.end(), [](const decltype(rcounts)::value_type& a,
+ const decltype(rcounts)::value_type& b) {
+ return b.first < a.first;
+ });
+
+ LuaArray<vector<boost::variant<string,double>>> ret;
+ ret.reserve(std::min(rcounts.size(), static_cast<size_t>(top + 1U)));
+ int count = 1;
+ unsigned int rest = 0;
+ for (const auto& rc : rcounts) {
+ if (count == static_cast<int>(top + 1)) {
+ rest+=rc.first;
+ }
+ else {
+ ret.push_back({count++, {rc.second.toString(), rc.first, 100.0*rc.first/total}});
+ }
+ }
+
+ if (total > 0) {
+ ret.push_back({count, {"Rest", rest, 100.0*rest/total}});
+ }
+ else {
+ ret.push_back({count, {"Rest", rest, 100.0 }});
+ }
+
+ return ret;
+}
+#endif /* DISABLE_TOP_N_BINDINGS */
+
+#ifndef DISABLE_DYNBLOCKS
+#ifndef DISABLE_DEPRECATED_DYNBLOCK
+
+typedef std::unordered_map<ComboAddress, unsigned int, ComboAddress::addressOnlyHash, ComboAddress::addressOnlyEqual> counts_t;
+
+static counts_t filterScore(const counts_t& counts,
+ double delta, unsigned int rate)
+{
+ counts_t ret;
+
+ double lim = delta*rate;
+ for(const auto& c : counts) {
+ if (c.second > lim) {
+ ret[c.first] = c.second;
+ }
+ }
+
+ return ret;
+}
+
+using statvisitor_t = std::function<void(const StatNode&, const StatNode::Stat&, const StatNode::Stat&)>;
+
+static void statNodeRespRing(statvisitor_t visitor, uint64_t seconds)
+{
+ struct timespec cutoff, now;
+ gettime(&now);
+ cutoff = now;
+ cutoff.tv_sec -= seconds;
+
+ StatNode root;
+ for (const auto& shard : g_rings.d_shards) {
+ auto rl = shard->respRing.lock();
+
+ for(const auto& c : *rl) {
+ if (now < c.when){
+ continue;
+ }
+
+ if (seconds && c.when < cutoff) {
+ continue;
+ }
+
+ bool hit = c.ds.sin4.sin_family == 0;
+ if (!hit && c.ds.isIPv4() && c.ds.sin4.sin_addr.s_addr == 0 && c.ds.sin4.sin_port == 0) {
+ hit = true;
+ }
+
+ root.submit(c.name, ((c.dh.rcode == 0 && c.usec == std::numeric_limits<unsigned int>::max()) ? -1 : c.dh.rcode), c.size, hit, boost::none);
+ }
+ }
+
+ StatNode::Stat node;
+ root.visit([visitor](const StatNode* node_, const StatNode::Stat& self, const StatNode::Stat& children) {
+ visitor(*node_, self, children);}, node);
+}
+
+static LuaArray<LuaAssociativeTable<std::string>> getRespRing(boost::optional<int> rcode)
+{
+ typedef LuaAssociativeTable<std::string> entry_t;
+ LuaArray<entry_t> ret;
+
+ for (const auto& shard : g_rings.d_shards) {
+ auto rl = shard->respRing.lock();
+
+ int count = 1;
+ for (const auto& c : *rl) {
+ if (rcode && (rcode.get() != c.dh.rcode)) {
+ continue;
+ }
+ entry_t e;
+ e["qname"] = c.name.toString();
+ e["rcode"] = std::to_string(c.dh.rcode);
+ ret.emplace_back(count, std::move(e));
+ count++;
+ }
+ }
+
+ return ret;
+}
+
+static counts_t exceedRespGen(unsigned int rate, int seconds, std::function<void(counts_t&, const Rings::Response&)> T)
+{
+ counts_t counts;
+ struct timespec cutoff, mintime, now;
+ gettime(&now);
+ cutoff = mintime = now;
+ cutoff.tv_sec -= seconds;
+
+ counts.reserve(g_rings.getNumberOfResponseEntries());
+
+ for (const auto& shard : g_rings.d_shards) {
+ auto rl = shard->respRing.lock();
+ for(const auto& c : *rl) {
+
+ if(seconds && c.when < cutoff)
+ continue;
+ if(now < c.when)
+ continue;
+
+ T(counts, c);
+ if(c.when < mintime)
+ mintime = c.when;
+ }
+ }
+
+ double delta = seconds ? seconds : DiffTime(now, mintime);
+ return filterScore(counts, delta, rate);
+}
+
+static counts_t exceedQueryGen(unsigned int rate, int seconds, std::function<void(counts_t&, const Rings::Query&)> T)
+{
+ counts_t counts;
+ struct timespec cutoff, mintime, now;
+ gettime(&now);
+ cutoff = mintime = now;
+ cutoff.tv_sec -= seconds;
+
+ counts.reserve(g_rings.getNumberOfQueryEntries());
+
+ for (const auto& shard : g_rings.d_shards) {
+ auto rl = shard->queryRing.lock();
+ for(const auto& c : *rl) {
+ if(seconds && c.when < cutoff)
+ continue;
+ if(now < c.when)
+ continue;
+ T(counts, c);
+ if(c.when < mintime)
+ mintime = c.when;
+ }
+ }
+
+ double delta = seconds ? seconds : DiffTime(now, mintime);
+ return filterScore(counts, delta, rate);
+}
+
+
+static counts_t exceedRCode(unsigned int rate, int seconds, int rcode)
+{
+ return exceedRespGen(rate, seconds, [rcode](counts_t& counts, const Rings::Response& r)
+ {
+ if(r.dh.rcode == rcode)
+ counts[r.requestor]++;
+ });
+}
+
+static counts_t exceedRespByterate(unsigned int rate, int seconds)
+{
+ return exceedRespGen(rate, seconds, [](counts_t& counts, const Rings::Response& r)
+ {
+ counts[r.requestor]+=r.size;
+ });
+}
+
+#endif /* DISABLE_DEPRECATED_DYNBLOCK */
+#endif /* DISABLE_DYNBLOCKS */
+// NOLINTNEXTLINE(readability-function-cognitive-complexity): this function declares Lua bindings, even with a good refactoring it will likely blow up the threshold
+void setupLuaInspection(LuaContext& luaCtx)
+{
+#ifndef DISABLE_TOP_N_BINDINGS
+ luaCtx.writeFunction("topClients", [](boost::optional<uint64_t> top_) {
+ setLuaNoSideEffect();
+ uint64_t top = top_ ? *top_ : 10U;
+ map<ComboAddress, unsigned int,ComboAddress::addressOnlyLessThan > counts;
+ unsigned int total=0;
+ {
+ for (const auto& shard : g_rings.d_shards) {
+ auto rl = shard->queryRing.lock();
+ for(const auto& c : *rl) {
+ counts[c.requestor]++;
+ total++;
+ }
+ }
+ }
+ vector<pair<unsigned int, ComboAddress>> rcounts;
+ rcounts.reserve(counts.size());
+ for(const auto& c : counts)
+ rcounts.emplace_back(c.second, c.first);
+
+ sort(rcounts.begin(), rcounts.end(), [](const decltype(rcounts)::value_type& a,
+ const decltype(rcounts)::value_type& b) {
+ return b.first < a.first;
+ });
+ unsigned int count=1, rest=0;
+ boost::format fmt("%4d %-40s %4d %4.1f%%\n");
+ for(const auto& rc : rcounts) {
+ if(count==top+1)
+ rest+=rc.first;
+ else
+ g_outputBuffer += (fmt % (count++) % rc.second.toString() % rc.first % (100.0*rc.first/total)).str();
+ }
+ g_outputBuffer += (fmt % (count) % "Rest" % rest % (total > 0 ? 100.0*rest/total : 100.0)).str();
+ });
+
+ luaCtx.writeFunction("getTopQueries", [](uint64_t top, boost::optional<int> labels) {
+ setLuaNoSideEffect();
+ map<DNSName, unsigned int> counts;
+ unsigned int total=0;
+ if(!labels) {
+ for (const auto& shard : g_rings.d_shards) {
+ auto rl = shard->queryRing.lock();
+ for(const auto& a : *rl) {
+ counts[a.name]++;
+ total++;
+ }
+ }
+ }
+ else {
+ unsigned int lab = *labels;
+ for (const auto& shard : g_rings.d_shards) {
+ auto rl = shard->queryRing.lock();
+ // coverity[auto_causes_copy]
+ for (auto a : *rl) {
+ a.name.trimToLabels(lab);
+ counts[a.name]++;
+ total++;
+ }
+ }
+ }
+ // cout<<"Looked at "<<total<<" queries, "<<counts.size()<<" different ones"<<endl;
+ vector<pair<unsigned int, DNSName>> rcounts;
+ rcounts.reserve(counts.size());
+ for(const auto& c : counts)
+ rcounts.emplace_back(c.second, c.first.makeLowerCase());
+
+ sort(rcounts.begin(), rcounts.end(), [](const decltype(rcounts)::value_type& a,
+ const decltype(rcounts)::value_type& b) {
+ return b.first < a.first;
+ });
+
+ std::unordered_map<unsigned int, vector<boost::variant<string,double>>> ret;
+ unsigned int count=1, rest=0;
+ for(const auto& rc : rcounts) {
+ if(count==top+1)
+ rest+=rc.first;
+ else
+ ret.insert({count++, {rc.second.toString(), rc.first, 100.0*rc.first/total}});
+ }
+
+ if (total > 0) {
+ ret.insert({count, {"Rest", rest, 100.0*rest/total}});
+ }
+ else {
+ ret.insert({count, {"Rest", rest, 100.0}});
+ }
+
+ return ret;
+
+ });
+
+ luaCtx.executeCode(R"(function topQueries(top, labels) top = top or 10; for k,v in ipairs(getTopQueries(top,labels)) do show(string.format("%4d %-40s %4d %4.1f%%",k,v[1],v[2], v[3])) end end)");
+
+ luaCtx.writeFunction("getResponseRing", []() {
+ setLuaNoSideEffect();
+ size_t totalEntries = 0;
+ std::vector<boost::circular_buffer<Rings::Response>> rings;
+ rings.reserve(g_rings.getNumberOfShards());
+ for (const auto& shard : g_rings.d_shards) {
+ {
+ auto rl = shard->respRing.lock();
+ rings.push_back(*rl);
+ }
+ totalEntries += rings.back().size();
+ }
+ vector<std::unordered_map<string, boost::variant<string, unsigned int> > > ret;
+ ret.reserve(totalEntries);
+ decltype(ret)::value_type item;
+ for (size_t idx = 0; idx < rings.size(); idx++) {
+ for(const auto& r : rings[idx]) {
+ item["name"]=r.name.toString();
+ item["qtype"]=r.qtype;
+ item["rcode"]=r.dh.rcode;
+ item["usec"]=r.usec;
+ ret.push_back(item);
+ }
+ }
+ return ret;
+ });
+
+ luaCtx.writeFunction("getTopResponses", [](uint64_t top, uint64_t kind, boost::optional<int> labels) {
+ return getGenResponses(top, labels, [kind](const Rings::Response& r) { return r.dh.rcode == kind; });
+ });
+
+ luaCtx.executeCode(R"(function topResponses(top, kind, labels) top = top or 10; kind = kind or 0; for k,v in ipairs(getTopResponses(top, kind, labels)) do show(string.format("%4d %-40s %4d %4.1f%%",k,v[1],v[2],v[3])) end end)");
+
+
+ luaCtx.writeFunction("getSlowResponses", [](uint64_t top, uint64_t msec, boost::optional<int> labels) {
+ return getGenResponses(top, labels, [msec](const Rings::Response& r) { return r.usec > msec*1000; });
+ });
+
+
+ luaCtx.executeCode(R"(function topSlow(top, msec, labels) top = top or 10; msec = msec or 500; for k,v in ipairs(getSlowResponses(top, msec, labels)) do show(string.format("%4d %-40s %4d %4.1f%%",k,v[1],v[2],v[3])) end end)");
+
+ luaCtx.writeFunction("getTopBandwidth", [](uint64_t top) {
+ setLuaNoSideEffect();
+ return g_rings.getTopBandwidth(top);
+ });
+
+ luaCtx.executeCode(R"(function topBandwidth(top) top = top or 10; for k,v in ipairs(getTopBandwidth(top)) do show(string.format("%4d %-40s %4d %4.1f%%",k,v[1],v[2],v[3])) end end)");
+#endif /* DISABLE_TOP_N_BINDINGS */
+
+ luaCtx.writeFunction("delta", []() {
+ setLuaNoSideEffect();
+ // we hold the lua lock already!
+ for(const auto& d : g_confDelta) {
+ struct tm tm;
+ localtime_r(&d.first.tv_sec, &tm);
+ char date[80];
+ strftime(date, sizeof(date)-1, "-- %a %b %d %Y %H:%M:%S %Z\n", &tm);
+ g_outputBuffer += date;
+ g_outputBuffer += d.second + "\n";
+ }
+ });
+
+ luaCtx.writeFunction("grepq", [](LuaTypeOrArrayOf<std::string> inp, boost::optional<unsigned int> limit) {
+ setLuaNoSideEffect();
+ boost::optional<Netmask> nm;
+ boost::optional<DNSName> dn;
+ int msec=-1;
+
+ vector<string> vec;
+ auto str=boost::get<string>(&inp);
+ if(str)
+ vec.push_back(*str);
+ else {
+ auto v = boost::get<LuaArray<std::string>>(inp);
+ for(const auto& a: v)
+ vec.push_back(a.second);
+ }
+
+ for(const auto& s : vec) {
+ try
+ {
+ nm = Netmask(s);
+ }
+ catch(...) {
+ if(boost::ends_with(s,"ms") && sscanf(s.c_str(), "%ums", &msec)) {
+ ;
+ }
+ else {
+ try { dn=DNSName(s); }
+ catch(...)
+ {
+ g_outputBuffer = "Could not parse '"+s+"' as domain name or netmask";
+ return;
+ }
+ }
+ }
+ }
+
+ std::vector<Rings::Query> qr;
+ std::vector<Rings::Response> rr;
+ qr.reserve(g_rings.getNumberOfQueryEntries());
+ rr.reserve(g_rings.getNumberOfResponseEntries());
+ for (const auto& shard : g_rings.d_shards) {
+ {
+ auto rl = shard->queryRing.lock();
+ for (const auto& entry : *rl) {
+ qr.push_back(entry);
+ }
+ }
+ {
+ auto rl = shard->respRing.lock();
+ for (const auto& entry : *rl) {
+ rr.push_back(entry);
+ }
+ }
+ }
+
+ sort(qr.begin(), qr.end(), [](const decltype(qr)::value_type& a, const decltype(qr)::value_type& b) {
+ return b.when < a.when;
+ });
+
+ sort(rr.begin(), rr.end(), [](const decltype(rr)::value_type& a, const decltype(rr)::value_type& b) {
+ return b.when < a.when;
+ });
+
+ unsigned int num=0;
+ struct timespec now;
+ gettime(&now);
+
+ std::multimap<struct timespec, string> out;
+
+ boost::format fmt("%-7.1f %-47s %-12s %-12s %-5d %-25s %-5s %-6.1f %-2s %-2s %-2s %-s\n");
+ g_outputBuffer+= (fmt % "Time" % "Client" % "Protocol" % "Server" % "ID" % "Name" % "Type" % "Lat." % "TC" % "RD" % "AA" % "Rcode").str();
+
+ if(msec==-1) {
+ for(const auto& c : qr) {
+ bool nmmatch=true, dnmatch=true;
+ if (nm) {
+ nmmatch = nm->match(c.requestor);
+ }
+ if (dn) {
+ if (c.name.empty()) {
+ dnmatch = false;
+ }
+ else {
+ dnmatch = c.name.isPartOf(*dn);
+ }
+ }
+ if (nmmatch && dnmatch) {
+ QType qt(c.qtype);
+ std::string extra;
+ if (c.dh.opcode != 0) {
+ extra = " (" + Opcode::to_s(c.dh.opcode) + ")";
+ }
+ out.emplace(c.when, (fmt % DiffTime(now, c.when) % c.requestor.toStringWithPort() % dnsdist::Protocol(c.protocol).toString() % "" % htons(c.dh.id) % c.name.toString() % qt.toString() % "" % (c.dh.tc ? "TC" : "") % (c.dh.rd ? "RD" : "") % (c.dh.aa ? "AA" : "") % ("Question" + extra)).str());
+
+ if(limit && *limit==++num)
+ break;
+ }
+ }
+ }
+ num=0;
+
+
+ string extra;
+ for(const auto& c : rr) {
+ bool nmmatch=true, dnmatch=true, msecmatch=true;
+ if (nm) {
+ nmmatch = nm->match(c.requestor);
+ }
+ if (dn) {
+ if (c.name.empty()) {
+ dnmatch = false;
+ }
+ else {
+ dnmatch = c.name.isPartOf(*dn);
+ }
+ }
+ if (msec != -1) {
+ msecmatch=(c.usec/1000 > (unsigned int)msec);
+ }
+
+ if (nmmatch && dnmatch && msecmatch) {
+ QType qt(c.qtype);
+ if (!c.dh.rcode) {
+ extra=". " +std::to_string(htons(c.dh.ancount))+ " answers";
+ }
+ else {
+ extra.clear();
+ }
+
+ std::string server = c.ds.toStringWithPort();
+ std::string protocol = dnsdist::Protocol(c.protocol).toString();
+ if (server == "0.0.0.0:0") {
+ server = "Cache";
+ protocol = "-";
+ }
+ if (c.usec != std::numeric_limits<decltype(c.usec)>::max()) {
+ out.emplace(c.when, (fmt % DiffTime(now, c.when) % c.requestor.toStringWithPort() % protocol % server % htons(c.dh.id) % c.name.toString() % qt.toString() % (c.usec / 1000.0) % (c.dh.tc ? "TC" : "") % (c.dh.rd ? "RD" : "") % (c.dh.aa ? "AA" : "") % (RCode::to_s(c.dh.rcode) + extra)).str());
+ }
+ else {
+ out.emplace(c.when, (fmt % DiffTime(now, c.when) % c.requestor.toStringWithPort() % protocol % server % htons(c.dh.id) % c.name.toString() % qt.toString() % "T.O" % (c.dh.tc ? "TC" : "") % (c.dh.rd ? "RD" : "") % (c.dh.aa ? "AA" : "") % (RCode::to_s(c.dh.rcode) + extra)).str());
+ }
+
+ if (limit && *limit == ++num) {
+ break;
+ }
+ }
+ }
+
+ for(const auto& p : out) {
+ g_outputBuffer+=p.second;
+ }
+ });
+
+ luaCtx.writeFunction("showResponseLatency", []() {
+ setLuaNoSideEffect();
+ map<double, unsigned int> histo;
+ double bin=100;
+ for(int i=0; i < 15; ++i) {
+ histo[bin];
+ bin*=2;
+ }
+
+ double totlat=0;
+ unsigned int size=0;
+ {
+ for (const auto& shard : g_rings.d_shards) {
+ auto rl = shard->respRing.lock();
+ for(const auto& r : *rl) {
+ /* skip actively discovered timeouts */
+ if (r.usec == std::numeric_limits<unsigned int>::max())
+ continue;
+
+ ++size;
+ auto iter = histo.lower_bound(r.usec);
+ if(iter != histo.end())
+ iter->second++;
+ else
+ histo.rbegin()++;
+ totlat+=r.usec;
+ }
+ }
+ }
+
+ if (size == 0) {
+ g_outputBuffer = "No traffic yet.\n";
+ return;
+ }
+
+ g_outputBuffer = (boost::format("Average response latency: %.02f msec\n") % (0.001*totlat/size)).str();
+ double highest=0;
+
+ for(auto iter = histo.cbegin(); iter != histo.cend(); ++iter) {
+ highest=std::max(highest, iter->second*1.0);
+ }
+ boost::format fmt("%7.2f\t%s\n");
+ g_outputBuffer += (fmt % "msec" % "").str();
+
+ for(auto iter = histo.cbegin(); iter != histo.cend(); ++iter) {
+ int stars = (70.0 * iter->second/highest);
+ char c='*';
+ if(!stars && iter->second) {
+ stars=1; // you get 1 . to show something is there..
+ if(70.0*iter->second/highest > 0.5)
+ c=':';
+ else
+ c='.';
+ }
+ g_outputBuffer += (fmt % (iter->first/1000.0) % string(stars, c)).str();
+ }
+ });
+
+ luaCtx.writeFunction("showTCPStats", [] {
+ setLuaNoSideEffect();
+ ostringstream ret;
+ boost::format fmt("%-12d %-12d %-12d %-12d");
+ ret << (fmt % "Workers" % "Max Workers" % "Queued" % "Max Queued") << endl;
+ ret << (fmt % g_tcpclientthreads->getThreadsCount() % (g_maxTCPClientThreads ? *g_maxTCPClientThreads : 0) % g_tcpclientthreads->getQueuedCount() % g_maxTCPQueuedConnections) << endl;
+ ret << endl;
+
+ ret << "Frontends:" << endl;
+ fmt = boost::format("%-3d %-20.20s %-20d %-20d %-20d %-25d %-20d %-20d %-20d %-20f %-20f %-20d %-20d %-25d %-25d %-15d %-15d %-15d %-15d %-15d");
+ ret << (fmt % "#" % "Address" % "Connections" % "Max concurrent conn" % "Died reading query" % "Died sending response" % "Gave up" % "Client timeouts" % "Downstream timeouts" % "Avg queries/conn" % "Avg duration" % "TLS new sessions" % "TLS Resumptions" % "TLS unknown ticket keys" % "TLS inactive ticket keys" % "TLS 1.0" % "TLS 1.1" % "TLS 1.2" % "TLS 1.3" % "TLS other") << endl;
+
+ size_t counter = 0;
+ for(const auto& f : g_frontends) {
+ ret << (fmt % counter % f->local.toStringWithPort() % f->tcpCurrentConnections % f->tcpMaxConcurrentConnections % f->tcpDiedReadingQuery % f->tcpDiedSendingResponse % f->tcpGaveUp % f->tcpClientTimeouts % f->tcpDownstreamTimeouts % f->tcpAvgQueriesPerConnection % f->tcpAvgConnectionDuration % f->tlsNewSessions % f->tlsResumptions % f->tlsUnknownTicketKey % f->tlsInactiveTicketKey % f->tls10queries % f->tls11queries % f->tls12queries % f->tls13queries % f->tlsUnknownqueries) << endl;
+ ++counter;
+ }
+ ret << endl;
+
+ ret << "Backends:" << endl;
+ fmt = boost::format("%-3d %-20.20s %-20.20s %-20d %-20d %-25d %-25d %-20d %-20d %-20d %-20d %-20d %-20d %-20d %-20d %-20f %-20f");
+ ret << (fmt % "#" % "Name" % "Address" % "Connections" % "Max concurrent conn" % "Died sending query" % "Died reading response" % "Gave up" % "Read timeouts" % "Write timeouts" % "Connect timeouts" % "Too many conn" % "Total connections" % "Reused connections" % "TLS resumptions" % "Avg queries/conn" % "Avg duration") << endl;
+
+ auto states = g_dstates.getLocal();
+ counter = 0;
+ for(const auto& s : *states) {
+ ret << (fmt % counter % s->getName() % s->d_config.remote.toStringWithPort() % s->tcpCurrentConnections % s->tcpMaxConcurrentConnections % s->tcpDiedSendingQuery % s->tcpDiedReadingResponse % s->tcpGaveUp % s->tcpReadTimeouts % s->tcpWriteTimeouts % s->tcpConnectTimeouts % s->tcpTooManyConcurrentConnections % s->tcpNewConnections % s->tcpReusedConnections % s->tlsResumptions % s->tcpAvgQueriesPerConnection % s->tcpAvgConnectionDuration) << endl;
+ ++counter;
+ }
+
+ g_outputBuffer=ret.str();
+ });
+
+ luaCtx.writeFunction("showTLSErrorCounters", [] {
+ setLuaNoSideEffect();
+ ostringstream ret;
+ boost::format fmt("%-3d %-20.20s %-23d %-23d %-23d %-23d %-23d %-23d %-23d %-23d");
+
+ ret << (fmt % "#" % "Address" % "DH key too small" % "Inappropriate fallback" % "No shared cipher" % "Unknown cipher type" % "Unknown exchange type" % "Unknown protocol" % "Unsupported EC" % "Unsupported protocol") << endl;
+
+ size_t counter = 0;
+ for(const auto& f : g_frontends) {
+ if (!f->hasTLS()) {
+ continue;
+ }
+ const TLSErrorCounters* errorCounters = nullptr;
+ if (f->tlsFrontend != nullptr) {
+ errorCounters = &f->tlsFrontend->d_tlsCounters;
+ }
+ else if (f->dohFrontend != nullptr) {
+ errorCounters = &f->dohFrontend->d_tlsCounters;
+ }
+ if (errorCounters == nullptr) {
+ continue;
+ }
+
+ ret << (fmt % counter % f->local.toStringWithPort() % errorCounters->d_dhKeyTooSmall % errorCounters->d_inappropriateFallBack % errorCounters->d_noSharedCipher % errorCounters->d_unknownCipherType % errorCounters->d_unknownKeyExchangeType % errorCounters->d_unknownProtocol % errorCounters->d_unsupportedEC % errorCounters->d_unsupportedProtocol) << endl;
+ ++counter;
+ }
+ ret << endl;
+
+ g_outputBuffer=ret.str();
+ });
+
+ luaCtx.writeFunction("requestTCPStatesDump", [] {
+ setLuaNoSideEffect();
+ extern std::atomic<uint64_t> g_tcpStatesDumpRequested;
+ g_tcpStatesDumpRequested += g_tcpclientthreads->getThreadsCount();
+ });
+
+ luaCtx.writeFunction("requestDoHStatesDump", [] {
+ setLuaNoSideEffect();
+ g_dohStatesDumpRequested += g_dohClientThreads->getThreadsCount();
+ });
+
+ luaCtx.writeFunction("dumpStats", [] {
+ setLuaNoSideEffect();
+ vector<string> leftcolumn, rightcolumn;
+
+ boost::format fmt("%-35s\t%+11s");
+ g_outputBuffer.clear();
+ auto entries = *g_stats.entries.read_lock();
+ sort(entries.begin(), entries.end(),
+ [](const decltype(entries)::value_type& a, const decltype(entries)::value_type& b) {
+ return a.d_name < b.d_name;
+ });
+ boost::format flt(" %9.1f");
+ for (const auto& entry : entries) {
+ string second;
+ if (const auto& val = boost::get<pdns::stat_t*>(&entry.d_value)) {
+ second = std::to_string((*val)->load());
+ }
+ else if (const auto& adval = boost::get<pdns::stat_t_trait<double>*>(&entry.d_value)) {
+ second = (flt % (*adval)->load()).str();
+ }
+ else if (const auto& dval = boost::get<double*>(&entry.d_value)) {
+ second = (flt % (**dval)).str();
+ }
+ else if (const auto& func = boost::get<DNSDistStats::statfunction_t>(&entry.d_value)) {
+ second = std::to_string((*func)(entry.d_name));
+ }
+
+ if (leftcolumn.size() < entries.size() / 2) {
+ leftcolumn.push_back((fmt % entry.d_name % second).str());
+ }
+ else {
+ rightcolumn.push_back((fmt % entry.d_name % second).str());
+ }
+ }
+
+ auto leftiter=leftcolumn.begin(), rightiter=rightcolumn.begin();
+ boost::format clmn("%|0t|%1% %|51t|%2%\n");
+
+ for(;leftiter != leftcolumn.end() || rightiter != rightcolumn.end();) {
+ string lentry, rentry;
+ if(leftiter!= leftcolumn.end()) {
+ lentry = *leftiter;
+ leftiter++;
+ }
+ if(rightiter!= rightcolumn.end()) {
+ rentry = *rightiter;
+ rightiter++;
+ }
+ g_outputBuffer += (clmn % lentry % rentry).str();
+ }
+ });
+
+#ifndef DISABLE_DYNBLOCKS
+#ifndef DISABLE_DEPRECATED_DYNBLOCK
+ luaCtx.writeFunction("exceedServFails", [](unsigned int rate, int seconds) {
+ setLuaNoSideEffect();
+ return exceedRCode(rate, seconds, RCode::ServFail);
+ });
+ luaCtx.writeFunction("exceedNXDOMAINs", [](unsigned int rate, int seconds) {
+ setLuaNoSideEffect();
+ return exceedRCode(rate, seconds, RCode::NXDomain);
+ });
+
+ luaCtx.writeFunction("exceedRespByterate", [](unsigned int rate, int seconds) {
+ setLuaNoSideEffect();
+ return exceedRespByterate(rate, seconds);
+ });
+
+ luaCtx.writeFunction("exceedQTypeRate", [](uint16_t type, unsigned int rate, int seconds) {
+ setLuaNoSideEffect();
+ return exceedQueryGen(rate, seconds, [type](counts_t& counts, const Rings::Query& q) {
+ if(q.qtype==type)
+ counts[q.requestor]++;
+ });
+ });
+
+ luaCtx.writeFunction("exceedQRate", [](unsigned int rate, int seconds) {
+ setLuaNoSideEffect();
+ return exceedQueryGen(rate, seconds, [](counts_t& counts, const Rings::Query& q) {
+ counts[q.requestor]++;
+ });
+ });
+
+ luaCtx.writeFunction("getRespRing", getRespRing);
+
+ /* StatNode */
+ luaCtx.registerFunction<StatNode, unsigned int()>("numChildren",
+ [](StatNode& sn) -> unsigned int {
+ return sn.children.size();
+ } );
+ luaCtx.registerMember("fullname", &StatNode::fullname);
+ luaCtx.registerMember("labelsCount", &StatNode::labelsCount);
+ luaCtx.registerMember("servfails", &StatNode::Stat::servfails);
+ luaCtx.registerMember("nxdomains", &StatNode::Stat::nxdomains);
+ luaCtx.registerMember("queries", &StatNode::Stat::queries);
+ luaCtx.registerMember("noerrors", &StatNode::Stat::noerrors);
+ luaCtx.registerMember("drops", &StatNode::Stat::drops);
+ luaCtx.registerMember("bytes", &StatNode::Stat::bytes);
+ luaCtx.registerMember("hits", &StatNode::Stat::hits);
+
+ luaCtx.writeFunction("statNodeRespRing", [](statvisitor_t visitor, boost::optional<uint64_t> seconds) {
+ statNodeRespRing(visitor, seconds ? *seconds : 0U);
+ });
+#endif /* DISABLE_DEPRECATED_DYNBLOCK */
+
+ /* DynBlockRulesGroup */
+ luaCtx.writeFunction("dynBlockRulesGroup", []() { return std::make_shared<DynBlockRulesGroup>(); });
+ luaCtx.registerFunction<void(std::shared_ptr<DynBlockRulesGroup>::*)(unsigned int, unsigned int, const std::string&, unsigned int, boost::optional<DNSAction::Action>, boost::optional<unsigned int>)>("setQueryRate", [](std::shared_ptr<DynBlockRulesGroup>& group, unsigned int rate, unsigned int seconds, const std::string& reason, unsigned int blockDuration, boost::optional<DNSAction::Action> action, boost::optional<unsigned int> warningRate) {
+ if (group) {
+ group->setQueryRate(rate, warningRate ? *warningRate : 0, seconds, reason, blockDuration, action ? *action : DNSAction::Action::None);
+ }
+ });
+ luaCtx.registerFunction<void(std::shared_ptr<DynBlockRulesGroup>::*)(unsigned int, unsigned int, const std::string&, unsigned int, boost::optional<DNSAction::Action>, boost::optional<unsigned int>)>("setResponseByteRate", [](std::shared_ptr<DynBlockRulesGroup>& group, unsigned int rate, unsigned int seconds, const std::string& reason, unsigned int blockDuration, boost::optional<DNSAction::Action> action, boost::optional<unsigned int> warningRate) {
+ if (group) {
+ group->setResponseByteRate(rate, warningRate ? *warningRate : 0, seconds, reason, blockDuration, action ? *action : DNSAction::Action::None);
+ }
+ });
+ luaCtx.registerFunction<void(std::shared_ptr<DynBlockRulesGroup>::*)(unsigned int, const std::string&, unsigned int, boost::optional<DNSAction::Action>, DynBlockRulesGroup::smtVisitor_t)>("setSuffixMatchRule", [](std::shared_ptr<DynBlockRulesGroup>& group, unsigned int seconds, const std::string& reason, unsigned int blockDuration, boost::optional<DNSAction::Action> action, DynBlockRulesGroup::smtVisitor_t visitor) {
+ if (group) {
+ group->setSuffixMatchRule(seconds, reason, blockDuration, action ? *action : DNSAction::Action::None, visitor);
+ }
+ });
+ luaCtx.registerFunction<void(std::shared_ptr<DynBlockRulesGroup>::*)(unsigned int, const std::string&, unsigned int, boost::optional<DNSAction::Action>, dnsdist_ffi_stat_node_visitor_t)>("setSuffixMatchRuleFFI", [](std::shared_ptr<DynBlockRulesGroup>& group, unsigned int seconds, const std::string& reason, unsigned int blockDuration, boost::optional<DNSAction::Action> action, dnsdist_ffi_stat_node_visitor_t visitor) {
+ if (group) {
+ group->setSuffixMatchRuleFFI(seconds, reason, blockDuration, action ? *action : DNSAction::Action::None, visitor);
+ }
+ });
+ luaCtx.registerFunction<void(std::shared_ptr<DynBlockRulesGroup>::*)(uint8_t, unsigned int, unsigned int, const std::string&, unsigned int, boost::optional<DNSAction::Action>, boost::optional<unsigned int>)>("setRCodeRate", [](std::shared_ptr<DynBlockRulesGroup>& group, uint8_t rcode, unsigned int rate, unsigned int seconds, const std::string& reason, unsigned int blockDuration, boost::optional<DNSAction::Action> action, boost::optional<unsigned int> warningRate) {
+ if (group) {
+ group->setRCodeRate(rcode, rate, warningRate ? *warningRate : 0, seconds, reason, blockDuration, action ? *action : DNSAction::Action::None);
+ }
+ });
+ luaCtx.registerFunction<void(std::shared_ptr<DynBlockRulesGroup>::*)(uint8_t, double, unsigned int, const std::string&, unsigned int, size_t, boost::optional<DNSAction::Action>, boost::optional<double>)>("setRCodeRatio", [](std::shared_ptr<DynBlockRulesGroup>& group, uint8_t rcode, double ratio, unsigned int seconds, const std::string& reason, unsigned int blockDuration, size_t minimumNumberOfResponses, boost::optional<DNSAction::Action> action, boost::optional<double> warningRatio) {
+ if (group) {
+ group->setRCodeRatio(rcode, ratio, warningRatio ? *warningRatio : 0.0, seconds, reason, blockDuration, action ? *action : DNSAction::Action::None, minimumNumberOfResponses);
+ }
+ });
+ luaCtx.registerFunction<void(std::shared_ptr<DynBlockRulesGroup>::*)(uint16_t, unsigned int, unsigned int, const std::string&, unsigned int, boost::optional<DNSAction::Action>, boost::optional<unsigned int>)>("setQTypeRate", [](std::shared_ptr<DynBlockRulesGroup>& group, uint16_t qtype, unsigned int rate, unsigned int seconds, const std::string& reason, unsigned int blockDuration, boost::optional<DNSAction::Action> action, boost::optional<unsigned int> warningRate) {
+ if (group) {
+ group->setQTypeRate(qtype, rate, warningRate ? *warningRate : 0, seconds, reason, blockDuration, action ? *action : DNSAction::Action::None);
+ }
+ });
+ luaCtx.registerFunction<void(std::shared_ptr<DynBlockRulesGroup>::*)(uint8_t, uint8_t, uint8_t)>("setMasks", [](std::shared_ptr<DynBlockRulesGroup>& group, uint8_t v4, uint8_t v6, uint8_t port) {
+ if (group) {
+ if (v4 > 32) {
+ throw std::runtime_error("Trying to set an invalid IPv4 mask (" + std::to_string(v4) + ") to a Dynamic Block object");
+ }
+ if (v6 > 128) {
+ throw std::runtime_error("Trying to set an invalid IPv6 mask (" + std::to_string(v6) + ") to a Dynamic Block object");
+ }
+ if (port > 16) {
+ throw std::runtime_error("Trying to set an invalid port mask (" + std::to_string(port) + ") to a Dynamic Block object");
+ }
+ if (port > 0 && v4 != 32) {
+ throw std::runtime_error("Setting a non-zero port mask for Dynamic Blocks while only considering parts of IPv4 addresses does not make sense");
+ }
+ group->setMasks(v4, v6, port);
+ }
+ });
+ luaCtx.registerFunction<void(std::shared_ptr<DynBlockRulesGroup>::*)(boost::variant<std::string, LuaArray<std::string>, NetmaskGroup>)>("excludeRange", [](std::shared_ptr<DynBlockRulesGroup>& group, boost::variant<std::string, LuaArray<std::string>, NetmaskGroup> ranges) {
+ if (ranges.type() == typeid(LuaArray<std::string>)) {
+ for (const auto& range : *boost::get<LuaArray<std::string>>(&ranges)) {
+ group->excludeRange(Netmask(range.second));
+ }
+ }
+ else if (ranges.type() == typeid(NetmaskGroup)) {
+ group->excludeRange(*boost::get<NetmaskGroup>(&ranges));
+ }
+ else {
+ group->excludeRange(Netmask(*boost::get<std::string>(&ranges)));
+ }
+ });
+ luaCtx.registerFunction<void(std::shared_ptr<DynBlockRulesGroup>::*)(boost::variant<std::string, LuaArray<std::string>, NetmaskGroup>)>("includeRange", [](std::shared_ptr<DynBlockRulesGroup>& group, boost::variant<std::string, LuaArray<std::string>, NetmaskGroup> ranges) {
+ if (ranges.type() == typeid(LuaArray<std::string>)) {
+ for (const auto& range : *boost::get<LuaArray<std::string>>(&ranges)) {
+ group->includeRange(Netmask(range.second));
+ }
+ }
+ else if (ranges.type() == typeid(NetmaskGroup)) {
+ group->includeRange(*boost::get<NetmaskGroup>(&ranges));
+ }
+ else {
+ group->includeRange(Netmask(*boost::get<std::string>(&ranges)));
+ }
+ });
+ luaCtx.registerFunction<void(std::shared_ptr<DynBlockRulesGroup>::*)(boost::variant<std::string, LuaArray<std::string>, NetmaskGroup>)>("removeRange", [](std::shared_ptr<DynBlockRulesGroup>& group, boost::variant<std::string, LuaArray<std::string>, NetmaskGroup> ranges) {
+ if (ranges.type() == typeid(LuaArray<std::string>)) {
+ for (const auto& range : *boost::get<LuaArray<std::string>>(&ranges)) {
+ group->removeRange(Netmask(range.second));
+ }
+ }
+ else if (ranges.type() == typeid(NetmaskGroup)) {
+ group->removeRange(*boost::get<NetmaskGroup>(&ranges));
+ }
+ else {
+ group->removeRange(Netmask(*boost::get<std::string>(&ranges)));
+ }
+ });
+ luaCtx.registerFunction<void(std::shared_ptr<DynBlockRulesGroup>::*)(LuaTypeOrArrayOf<std::string>)>("excludeDomains", [](std::shared_ptr<DynBlockRulesGroup>& group, LuaTypeOrArrayOf<std::string> domains) {
+ if (domains.type() == typeid(LuaArray<std::string>)) {
+ for (const auto& range : *boost::get<LuaArray<std::string>>(&domains)) {
+ group->excludeDomain(DNSName(range.second));
+ }
+ }
+ else {
+ group->excludeDomain(DNSName(*boost::get<std::string>(&domains)));
+ }
+ });
+ luaCtx.registerFunction<void(std::shared_ptr<DynBlockRulesGroup>::*)()>("apply", [](std::shared_ptr<DynBlockRulesGroup>& group) {
+ group->apply();
+ });
+ luaCtx.registerFunction("setQuiet", &DynBlockRulesGroup::setQuiet);
+ luaCtx.registerFunction("toString", &DynBlockRulesGroup::toString);
+#endif /* DISABLE_DYNBLOCKS */
+}