summaryrefslogtreecommitdiffstats
path: root/plugins
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2022-09-12 11:27:55 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2022-09-12 11:27:55 +0000
commitbded53bef9ad75eb7f53268e4a8f397185788588 (patch)
tree67fb33ef481d5bde92c21d3a088ee609fdb7308e /plugins
parentAdding upstream version 2.0.3. (diff)
downloaddnscap-bded53bef9ad75eb7f53268e4a8f397185788588.tar.xz
dnscap-bded53bef9ad75eb7f53268e4a8f397185788588.zip
Adding upstream version 2.1.0.upstream/2.1.0
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'plugins')
-rw-r--r--plugins/eventlog/Makefile.am5
-rw-r--r--plugins/eventlog/Makefile.in5
-rw-r--r--plugins/royparse/Makefile.am5
-rw-r--r--plugins/royparse/Makefile.in5
-rwxr-xr-xplugins/rssm/dnscap-rssm-rssac0029
-rw-r--r--plugins/rssm/rssm.c37
-rw-r--r--plugins/rssm/test1.gold8
-rwxr-xr-xplugins/rssm/test1.sh2
-rwxr-xr-xplugins/rssm/test2.sh2
9 files changed, 66 insertions, 12 deletions
diff --git a/plugins/eventlog/Makefile.am b/plugins/eventlog/Makefile.am
index e29af63..d18531c 100644
--- a/plugins/eventlog/Makefile.am
+++ b/plugins/eventlog/Makefile.am
@@ -4,11 +4,12 @@ CLEANFILES = *.gcda *.gcno *.gcov
AM_CFLAGS = -I$(srcdir) \
-I$(top_srcdir)/src \
-I$(top_srcdir)/isc \
- $(SECCOMPFLAGS)
+ $(SECCOMPFLAGS) \
+ $(libldns_CFLAGS)
pkglib_LTLIBRARIES = eventlog.la
eventlog_la_SOURCES = eventlog.c
-eventlog_la_LDFLAGS = -module -avoid-version
+eventlog_la_LDFLAGS = -module -avoid-version $(libldns_LIBS)
TESTS = test1.sh
EXTRA_DIST = $(TESTS)
diff --git a/plugins/eventlog/Makefile.in b/plugins/eventlog/Makefile.in
index 6dd2dcc..fe6a9a6 100644
--- a/plugins/eventlog/Makefile.in
+++ b/plugins/eventlog/Makefile.in
@@ -520,11 +520,12 @@ CLEANFILES = *.gcda *.gcno *.gcov test1.out *.pcap-dist
AM_CFLAGS = -I$(srcdir) \
-I$(top_srcdir)/src \
-I$(top_srcdir)/isc \
- $(SECCOMPFLAGS)
+ $(SECCOMPFLAGS) \
+ $(libldns_CFLAGS)
pkglib_LTLIBRARIES = eventlog.la
eventlog_la_SOURCES = eventlog.c
-eventlog_la_LDFLAGS = -module -avoid-version
+eventlog_la_LDFLAGS = -module -avoid-version $(libldns_LIBS)
TESTS = test1.sh
EXTRA_DIST = $(TESTS)
all: all-am
diff --git a/plugins/royparse/Makefile.am b/plugins/royparse/Makefile.am
index 795a277..5b907cb 100644
--- a/plugins/royparse/Makefile.am
+++ b/plugins/royparse/Makefile.am
@@ -4,11 +4,12 @@ CLEANFILES = *.gcda *.gcno *.gcov
AM_CFLAGS = -I$(srcdir) \
-I$(top_srcdir)/src \
-I$(top_srcdir)/isc \
- $(SECCOMPFLAGS)
+ $(SECCOMPFLAGS) \
+ $(libldns_CFLAGS)
pkglib_LTLIBRARIES = royparse.la
royparse_la_SOURCES = royparse.c
-royparse_la_LDFLAGS = -module -avoid-version
+royparse_la_LDFLAGS = -module -avoid-version $(libldns_LIBS)
TESTS = test1.sh
EXTRA_DIST = $(TESTS)
diff --git a/plugins/royparse/Makefile.in b/plugins/royparse/Makefile.in
index bf1e922..d2e0ee5 100644
--- a/plugins/royparse/Makefile.in
+++ b/plugins/royparse/Makefile.in
@@ -520,11 +520,12 @@ CLEANFILES = *.gcda *.gcno *.gcov test1.out* *.pcap-dist
AM_CFLAGS = -I$(srcdir) \
-I$(top_srcdir)/src \
-I$(top_srcdir)/isc \
- $(SECCOMPFLAGS)
+ $(SECCOMPFLAGS) \
+ $(libldns_CFLAGS)
pkglib_LTLIBRARIES = royparse.la
royparse_la_SOURCES = royparse.c
-royparse_la_LDFLAGS = -module -avoid-version
+royparse_la_LDFLAGS = -module -avoid-version $(libldns_LIBS)
TESTS = test1.sh
EXTRA_DIST = $(TESTS)
all: all-am
diff --git a/plugins/rssm/dnscap-rssm-rssac002 b/plugins/rssm/dnscap-rssm-rssac002
index cf0b144..30c0b3b 100755
--- a/plugins/rssm/dnscap-rssm-rssac002
+++ b/plugins/rssm/dnscap-rssm-rssac002
@@ -37,7 +37,7 @@ use warnings;
use YAML;
unless (scalar @ARGV > 1) {
- print "usage: dnscap-rssm-rssac002 [--no-recompile|--keep-dnscap-rssm|--sort] <YAML files to merge...>\n";
+ print "usage: dnscap-rssm-rssac002 [--no-recompile|--keep-dnscap-rssm|--sort|--skip-unsupported] <YAML files to merge...>\n";
exit(1);
}
@@ -46,6 +46,7 @@ my $earliest_start_period;
my $recompile = 1;
my $keep_dnscap_rssm = 0;
my $sort = 0;
+my $skip_unsupported = 0;
foreach my $file (@ARGV) {
if ($file eq '--no-recompile') {
@@ -57,6 +58,9 @@ foreach my $file (@ARGV) {
} elsif ($file eq '--sort') {
$sort = 1;
next;
+ } elsif ($file eq '--skip-unsupported') {
+ $skip_unsupported = 1;
+ next;
}
foreach my $doc (YAML::LoadFile($file)) {
my $version = delete $doc->{version};
@@ -76,6 +80,9 @@ foreach my $file (@ARGV) {
die "$file: not valid RSSAC002 YAML, missing metric";
}
unless ($version eq 'rssac002v3') {
+ if ($skip_unsupported) {
+ next;
+ }
die "$file: unsupported RSSAC002 version $version";
}
diff --git a/plugins/rssm/rssm.c b/plugins/rssm/rssm.c
index f106645..1847cc0 100644
--- a/plugins/rssm/rssm.c
+++ b/plugins/rssm/rssm.c
@@ -75,6 +75,9 @@ static int aggregated_into_counters = 0;
static char* service_name = 0;
static int rssac002v3_yaml = 0;
+// RSSAC002v5 draft metrics
+static int label_count = 0;
+
output_t rssm_output;
#define MAX_SIZE_INDEX 4096
@@ -82,6 +85,7 @@ output_t rssm_output;
#define MAX_TBL_ADDRS 2000000
#define MAX_TBL_ADDRS2 200000
#define MAX_RCODE (1 << 12)
+#define MAX_LABELS 128
typedef struct {
hashtbl* tbl;
@@ -111,6 +115,7 @@ struct {
uint64_t udp_response_size[MAX_SIZE_INDEX];
uint64_t tcp_response_size[MAX_SIZE_INDEX];
uint64_t rcodes[MAX_RCODE];
+ uint64_t labels[MAX_LABELS];
my_hashtbl sources;
my_hashtbl2 aggregated;
uint64_t num_ipv4_sources;
@@ -178,13 +183,14 @@ void rssm_usage()
"\t with the prefix \"aggregated-source\" or ...\n"
"\t-a <name> write aggregated IPv6(/64) sources to\n"
"\t <name>.<timesec>.<timeusec>\n"
+ "\t-L Add \"label-count\" metric (RSSAC002v5 WIP)\n"
"\t-D don't fork on close\n");
}
void rssm_getopt(int* argc, char** argv[])
{
int c;
- while ((c = getopt(*argc, *argv, "?w:Yn:Ss:Aa:D")) != EOF) {
+ while ((c = getopt(*argc, *argv, "?w:Yn:Ss:Aa:DL")) != EOF) {
switch (c) {
case 'w':
if (counts_prefix)
@@ -218,6 +224,9 @@ void rssm_getopt(int* argc, char** argv[])
case 'D':
dont_fork_on_close = 1;
break;
+ case 'L':
+ label_count = 1;
+ break;
case '?':
rssm_usage();
if (!optopt || optopt == '?') {
@@ -424,6 +433,15 @@ void rssm_save_counts(const char* sbuf)
fprintf(fp, "aggregated-sources: {}\n");
}
}
+
+ if (label_count) {
+ fprintf(fp, "\n---\nversion: rssac002v5-draft\nservice: %s\nstart-period: %s\nmetric: label-count\n", service_name, tz);
+ for (i = 0; i < MAX_LABELS; i++) {
+ if (counts.labels[i]) {
+ fprintf(fp, "%d: %" PRIu64 "\n", i, counts.labels[i]);
+ }
+ }
+ }
} else {
fprintf(fp, "first-packet-time %ld\n", (long)open_ts.tv_sec);
fprintf(fp, "last-packet-time %ld\n", (long)close_ts.tv_sec);
@@ -474,6 +492,13 @@ void rssm_save_counts(const char* sbuf)
fprintf(fp, "aggregated-source %s %" PRIu64 "\n", ia_str(counts.aggregated.addrs[i]), counts.aggregated.count[i]);
}
}
+ if (label_count) {
+ for (i = 0; i < MAX_LABELS; i++) {
+ if (counts.labels[i]) {
+ fprintf(fp, "label-count %d %" PRIu64 "\n", i, counts.labels[i]);
+ }
+ }
+ }
}
fclose(fp);
fprintf(stderr, "rssm: done\n");
@@ -666,6 +691,16 @@ void rssm_output(const char* descr, iaddr from, iaddr to, uint8_t proto, unsigne
counts.dns_tcp_queries_received_ipv6++;
}
}
+ if (label_count) {
+ ldns_rr_list* question_list = ldns_pkt_question(pkt);
+ if (question_list) {
+ ldns_rr* rr = ldns_rr_list_rr(question_list, 0);
+ if (rr) {
+ uint8_t lc = ldns_rr_label_count(rr);
+ counts.labels[lc < MAX_LABELS ? lc : MAX_LABELS - 1] += 1;
+ }
+ }
+ }
} else {
uint16_t rcode = ldns_pkt_get_rcode(pkt);
if (IPPROTO_UDP == proto) {
diff --git a/plugins/rssm/test1.gold b/plugins/rssm/test1.gold
index 86957d0..cdfee7d 100644
--- a/plugins/rssm/test1.gold
+++ b/plugins/rssm/test1.gold
@@ -56,3 +56,11 @@ service: test1
start-period: 2016-10-20T15:23:01Z
metric: dnscap-rssm-aggregated-sources
aggregated-sources: {}
+
+---
+version: rssac002v5-draft
+service: test1
+start-period: 2016-10-20T15:23:01Z
+metric: label-count
+2: 24
+6: 17
diff --git a/plugins/rssm/test1.sh b/plugins/rssm/test1.sh
index d43b947..13759f9 100755
--- a/plugins/rssm/test1.sh
+++ b/plugins/rssm/test1.sh
@@ -6,6 +6,6 @@ if [ -z "$plugin" ]; then
exit 1
fi
-../../src/dnscap -N -T -r "$srcdir/../../src/test/dns.pcap" -P "$plugin" -w test1 -Y -n test1 -A -S -D
+../../src/dnscap -N -T -r "$srcdir/../../src/test/dns.pcap" -P "$plugin" -w test1 -Y -n test1 -A -S -D -L
diff test1.20161020.152301.075993 "$srcdir/test1.gold"
diff --git a/plugins/rssm/test2.sh b/plugins/rssm/test2.sh
index 11f44af..ad019bd 100755
--- a/plugins/rssm/test2.sh
+++ b/plugins/rssm/test2.sh
@@ -1,5 +1,5 @@
#!/bin/sh -xe
-"$srcdir"/dnscap-rssm-rssac002 --sort "$srcdir/test1.gold" "$srcdir/test1.gold" "$srcdir/test1.gold" > test2.out
+"$srcdir"/dnscap-rssm-rssac002 --skip-unsupported --sort "$srcdir/test1.gold" "$srcdir/test1.gold" "$srcdir/test1.gold" > test2.out
diff test2.out "$srcdir/test2.gold"