diff options
Diffstat (limited to '')
-rw-r--r-- | plugins/eventlog/Makefile.am | 5 | ||||
-rw-r--r-- | plugins/eventlog/Makefile.in | 5 | ||||
-rw-r--r-- | plugins/royparse/Makefile.am | 5 | ||||
-rw-r--r-- | plugins/royparse/Makefile.in | 5 | ||||
-rwxr-xr-x | plugins/rssm/dnscap-rssm-rssac002 | 9 | ||||
-rw-r--r-- | plugins/rssm/rssm.c | 37 | ||||
-rw-r--r-- | plugins/rssm/test1.gold | 8 | ||||
-rwxr-xr-x | plugins/rssm/test1.sh | 2 | ||||
-rwxr-xr-x | plugins/rssm/test2.sh | 2 |
9 files changed, 66 insertions, 12 deletions
diff --git a/plugins/eventlog/Makefile.am b/plugins/eventlog/Makefile.am index e29af63..d18531c 100644 --- a/plugins/eventlog/Makefile.am +++ b/plugins/eventlog/Makefile.am @@ -4,11 +4,12 @@ CLEANFILES = *.gcda *.gcno *.gcov AM_CFLAGS = -I$(srcdir) \ -I$(top_srcdir)/src \ -I$(top_srcdir)/isc \ - $(SECCOMPFLAGS) + $(SECCOMPFLAGS) \ + $(libldns_CFLAGS) pkglib_LTLIBRARIES = eventlog.la eventlog_la_SOURCES = eventlog.c -eventlog_la_LDFLAGS = -module -avoid-version +eventlog_la_LDFLAGS = -module -avoid-version $(libldns_LIBS) TESTS = test1.sh EXTRA_DIST = $(TESTS) diff --git a/plugins/eventlog/Makefile.in b/plugins/eventlog/Makefile.in index 6dd2dcc..fe6a9a6 100644 --- a/plugins/eventlog/Makefile.in +++ b/plugins/eventlog/Makefile.in @@ -520,11 +520,12 @@ CLEANFILES = *.gcda *.gcno *.gcov test1.out *.pcap-dist AM_CFLAGS = -I$(srcdir) \ -I$(top_srcdir)/src \ -I$(top_srcdir)/isc \ - $(SECCOMPFLAGS) + $(SECCOMPFLAGS) \ + $(libldns_CFLAGS) pkglib_LTLIBRARIES = eventlog.la eventlog_la_SOURCES = eventlog.c -eventlog_la_LDFLAGS = -module -avoid-version +eventlog_la_LDFLAGS = -module -avoid-version $(libldns_LIBS) TESTS = test1.sh EXTRA_DIST = $(TESTS) all: all-am diff --git a/plugins/royparse/Makefile.am b/plugins/royparse/Makefile.am index 795a277..5b907cb 100644 --- a/plugins/royparse/Makefile.am +++ b/plugins/royparse/Makefile.am @@ -4,11 +4,12 @@ CLEANFILES = *.gcda *.gcno *.gcov AM_CFLAGS = -I$(srcdir) \ -I$(top_srcdir)/src \ -I$(top_srcdir)/isc \ - $(SECCOMPFLAGS) + $(SECCOMPFLAGS) \ + $(libldns_CFLAGS) pkglib_LTLIBRARIES = royparse.la royparse_la_SOURCES = royparse.c -royparse_la_LDFLAGS = -module -avoid-version +royparse_la_LDFLAGS = -module -avoid-version $(libldns_LIBS) TESTS = test1.sh EXTRA_DIST = $(TESTS) diff --git a/plugins/royparse/Makefile.in b/plugins/royparse/Makefile.in index bf1e922..d2e0ee5 100644 --- a/plugins/royparse/Makefile.in +++ b/plugins/royparse/Makefile.in @@ -520,11 +520,12 @@ CLEANFILES = *.gcda *.gcno *.gcov test1.out* *.pcap-dist AM_CFLAGS = -I$(srcdir) \ -I$(top_srcdir)/src \ -I$(top_srcdir)/isc \ - $(SECCOMPFLAGS) + $(SECCOMPFLAGS) \ + $(libldns_CFLAGS) pkglib_LTLIBRARIES = royparse.la royparse_la_SOURCES = royparse.c -royparse_la_LDFLAGS = -module -avoid-version +royparse_la_LDFLAGS = -module -avoid-version $(libldns_LIBS) TESTS = test1.sh EXTRA_DIST = $(TESTS) all: all-am diff --git a/plugins/rssm/dnscap-rssm-rssac002 b/plugins/rssm/dnscap-rssm-rssac002 index cf0b144..30c0b3b 100755 --- a/plugins/rssm/dnscap-rssm-rssac002 +++ b/plugins/rssm/dnscap-rssm-rssac002 @@ -37,7 +37,7 @@ use warnings; use YAML; unless (scalar @ARGV > 1) { - print "usage: dnscap-rssm-rssac002 [--no-recompile|--keep-dnscap-rssm|--sort] <YAML files to merge...>\n"; + print "usage: dnscap-rssm-rssac002 [--no-recompile|--keep-dnscap-rssm|--sort|--skip-unsupported] <YAML files to merge...>\n"; exit(1); } @@ -46,6 +46,7 @@ my $earliest_start_period; my $recompile = 1; my $keep_dnscap_rssm = 0; my $sort = 0; +my $skip_unsupported = 0; foreach my $file (@ARGV) { if ($file eq '--no-recompile') { @@ -57,6 +58,9 @@ foreach my $file (@ARGV) { } elsif ($file eq '--sort') { $sort = 1; next; + } elsif ($file eq '--skip-unsupported') { + $skip_unsupported = 1; + next; } foreach my $doc (YAML::LoadFile($file)) { my $version = delete $doc->{version}; @@ -76,6 +80,9 @@ foreach my $file (@ARGV) { die "$file: not valid RSSAC002 YAML, missing metric"; } unless ($version eq 'rssac002v3') { + if ($skip_unsupported) { + next; + } die "$file: unsupported RSSAC002 version $version"; } diff --git a/plugins/rssm/rssm.c b/plugins/rssm/rssm.c index f106645..1847cc0 100644 --- a/plugins/rssm/rssm.c +++ b/plugins/rssm/rssm.c @@ -75,6 +75,9 @@ static int aggregated_into_counters = 0; static char* service_name = 0; static int rssac002v3_yaml = 0; +// RSSAC002v5 draft metrics +static int label_count = 0; + output_t rssm_output; #define MAX_SIZE_INDEX 4096 @@ -82,6 +85,7 @@ output_t rssm_output; #define MAX_TBL_ADDRS 2000000 #define MAX_TBL_ADDRS2 200000 #define MAX_RCODE (1 << 12) +#define MAX_LABELS 128 typedef struct { hashtbl* tbl; @@ -111,6 +115,7 @@ struct { uint64_t udp_response_size[MAX_SIZE_INDEX]; uint64_t tcp_response_size[MAX_SIZE_INDEX]; uint64_t rcodes[MAX_RCODE]; + uint64_t labels[MAX_LABELS]; my_hashtbl sources; my_hashtbl2 aggregated; uint64_t num_ipv4_sources; @@ -178,13 +183,14 @@ void rssm_usage() "\t with the prefix \"aggregated-source\" or ...\n" "\t-a <name> write aggregated IPv6(/64) sources to\n" "\t <name>.<timesec>.<timeusec>\n" + "\t-L Add \"label-count\" metric (RSSAC002v5 WIP)\n" "\t-D don't fork on close\n"); } void rssm_getopt(int* argc, char** argv[]) { int c; - while ((c = getopt(*argc, *argv, "?w:Yn:Ss:Aa:D")) != EOF) { + while ((c = getopt(*argc, *argv, "?w:Yn:Ss:Aa:DL")) != EOF) { switch (c) { case 'w': if (counts_prefix) @@ -218,6 +224,9 @@ void rssm_getopt(int* argc, char** argv[]) case 'D': dont_fork_on_close = 1; break; + case 'L': + label_count = 1; + break; case '?': rssm_usage(); if (!optopt || optopt == '?') { @@ -424,6 +433,15 @@ void rssm_save_counts(const char* sbuf) fprintf(fp, "aggregated-sources: {}\n"); } } + + if (label_count) { + fprintf(fp, "\n---\nversion: rssac002v5-draft\nservice: %s\nstart-period: %s\nmetric: label-count\n", service_name, tz); + for (i = 0; i < MAX_LABELS; i++) { + if (counts.labels[i]) { + fprintf(fp, "%d: %" PRIu64 "\n", i, counts.labels[i]); + } + } + } } else { fprintf(fp, "first-packet-time %ld\n", (long)open_ts.tv_sec); fprintf(fp, "last-packet-time %ld\n", (long)close_ts.tv_sec); @@ -474,6 +492,13 @@ void rssm_save_counts(const char* sbuf) fprintf(fp, "aggregated-source %s %" PRIu64 "\n", ia_str(counts.aggregated.addrs[i]), counts.aggregated.count[i]); } } + if (label_count) { + for (i = 0; i < MAX_LABELS; i++) { + if (counts.labels[i]) { + fprintf(fp, "label-count %d %" PRIu64 "\n", i, counts.labels[i]); + } + } + } } fclose(fp); fprintf(stderr, "rssm: done\n"); @@ -666,6 +691,16 @@ void rssm_output(const char* descr, iaddr from, iaddr to, uint8_t proto, unsigne counts.dns_tcp_queries_received_ipv6++; } } + if (label_count) { + ldns_rr_list* question_list = ldns_pkt_question(pkt); + if (question_list) { + ldns_rr* rr = ldns_rr_list_rr(question_list, 0); + if (rr) { + uint8_t lc = ldns_rr_label_count(rr); + counts.labels[lc < MAX_LABELS ? lc : MAX_LABELS - 1] += 1; + } + } + } } else { uint16_t rcode = ldns_pkt_get_rcode(pkt); if (IPPROTO_UDP == proto) { diff --git a/plugins/rssm/test1.gold b/plugins/rssm/test1.gold index 86957d0..cdfee7d 100644 --- a/plugins/rssm/test1.gold +++ b/plugins/rssm/test1.gold @@ -56,3 +56,11 @@ service: test1 start-period: 2016-10-20T15:23:01Z metric: dnscap-rssm-aggregated-sources aggregated-sources: {} + +--- +version: rssac002v5-draft +service: test1 +start-period: 2016-10-20T15:23:01Z +metric: label-count +2: 24 +6: 17 diff --git a/plugins/rssm/test1.sh b/plugins/rssm/test1.sh index d43b947..13759f9 100755 --- a/plugins/rssm/test1.sh +++ b/plugins/rssm/test1.sh @@ -6,6 +6,6 @@ if [ -z "$plugin" ]; then exit 1 fi -../../src/dnscap -N -T -r "$srcdir/../../src/test/dns.pcap" -P "$plugin" -w test1 -Y -n test1 -A -S -D +../../src/dnscap -N -T -r "$srcdir/../../src/test/dns.pcap" -P "$plugin" -w test1 -Y -n test1 -A -S -D -L diff test1.20161020.152301.075993 "$srcdir/test1.gold" diff --git a/plugins/rssm/test2.sh b/plugins/rssm/test2.sh index 11f44af..ad019bd 100755 --- a/plugins/rssm/test2.sh +++ b/plugins/rssm/test2.sh @@ -1,5 +1,5 @@ #!/bin/sh -xe -"$srcdir"/dnscap-rssm-rssac002 --sort "$srcdir/test1.gold" "$srcdir/test1.gold" "$srcdir/test1.gold" > test2.out +"$srcdir"/dnscap-rssm-rssac002 --skip-unsupported --sort "$srcdir/test1.gold" "$srcdir/test1.gold" "$srcdir/test1.gold" > test2.out diff test2.out "$srcdir/test2.gold" |