]>
Commit | Line | Data |
---|---|---|
a9b1aa91 BH |
1 | #define __FAVOR_BSD |
2 | #include "statbag.hh" | |
3 | #include "dnspcap.hh" | |
4 | #include "dnsparser.hh" | |
5 | #include <boost/tuple/tuple.hpp> | |
6 | #include <boost/tuple/tuple_comparison.hpp> | |
d74f4d55 | 7 | #include <boost/algorithm/string.hpp> |
a9b1aa91 BH |
8 | #include <map> |
9 | #include <set> | |
10 | #include <fstream> | |
11 | #include <algorithm> | |
12 | #include "anadns.hh" | |
13 | ||
14 | using namespace boost; | |
15 | using namespace std; | |
16 | ||
17 | StatBag S; | |
18 | ||
d74f4d55 | 19 | int32_t g_clientQuestions, g_clientResponses, g_serverQuestions, g_serverResponses, g_skipped; |
a9b1aa91 BH |
20 | struct timeval g_lastanswerTime, g_lastquestionTime; |
21 | void makeReport(const struct timeval& tv) | |
22 | { | |
23 | int64_t clientdiff = g_clientQuestions - g_clientResponses; | |
d74f4d55 BH |
24 | int64_t serverdiff = g_serverQuestions - g_serverResponses; |
25 | ||
26 | if(clientdiff > 0.01*g_clientQuestions) { | |
a9b1aa91 BH |
27 | char tmp[80]; |
28 | struct tm tm=*localtime_r(&tv.tv_sec, &tm); | |
29 | strftime(tmp, sizeof(tmp) - 1, "%F %H:%M:%S", &tm); | |
30 | ||
31 | cout << tmp << ": Resolver dropped too many questions (" | |
32 | << g_clientQuestions <<" vs " << g_clientResponses << "), diff: " <<clientdiff<<endl; | |
33 | ||
34 | tm=*localtime_r(&g_lastanswerTime.tv_sec, &tm); | |
35 | strftime(tmp, sizeof(tmp) - 1, "%F %H:%M:%S", &tm); | |
36 | ||
37 | cout<<"Last answer: "<<tmp<<"."<<g_lastanswerTime.tv_usec/1000000.0<<endl; | |
38 | ||
39 | tm=*localtime_r(&g_lastquestionTime.tv_sec, &tm); | |
40 | strftime(tmp, sizeof(tmp) - 1, "%F %H:%M:%S", &tm); | |
41 | ||
42 | cout<<"Last question: "<<tmp<<"."<<g_lastquestionTime.tv_usec/1000000.0<<endl; | |
d74f4d55 | 43 | } |
a9b1aa91 | 44 | |
d74f4d55 BH |
45 | if(serverdiff > 0.01*g_serverQuestions) { |
46 | char tmp[80]; | |
47 | struct tm tm=*localtime_r(&tv.tv_sec, &tm); | |
48 | strftime(tmp, sizeof(tmp) - 1, "%F %H:%M:%S", &tm); | |
49 | ||
50 | cout << tmp << ": Auth server dropped too many questions (" | |
51 | << g_serverQuestions <<" vs " << g_serverResponses << "), diff: " <<serverdiff<<endl; | |
a9b1aa91 | 52 | |
d74f4d55 BH |
53 | cout << tv.tv_sec<<endl; |
54 | ||
55 | tm=*localtime_r(&g_lastanswerTime.tv_sec, &tm); | |
56 | strftime(tmp, sizeof(tmp) - 1, "%F %H:%M:%S", &tm); | |
57 | ||
58 | cout<<"Last answer: "<<tmp<<"."<<g_lastanswerTime.tv_usec/1000000.0<<endl; | |
59 | ||
60 | tm=*localtime_r(&g_lastquestionTime.tv_sec, &tm); | |
61 | strftime(tmp, sizeof(tmp) - 1, "%F %H:%M:%S", &tm); | |
62 | ||
63 | cout<<"Last question: "<<tmp<<"."<<g_lastquestionTime.tv_usec/1000000.0<<endl; | |
a9b1aa91 | 64 | } |
d74f4d55 BH |
65 | // cout <<"Recursive questions: "<<g_clientQuestions<<", recursive responses: " << g_clientResponses<< |
66 | // ", server questions: "<<g_serverQuestions<<", server responses: "<<g_serverResponses<<endl; | |
67 | ||
68 | ||
69 | cerr << tv.tv_sec << " " <<g_clientQuestions<<" " << g_clientResponses<< " "<<g_serverQuestions<<" "<<g_serverResponses<<" "<<g_skipped<<endl; | |
a9b1aa91 | 70 | g_clientQuestions=g_clientResponses=g_serverQuestions=g_serverResponses=0; |
d74f4d55 | 71 | g_skipped=0; |
a9b1aa91 BH |
72 | } |
73 | ||
74 | ||
75 | int main(int argc, char** argv) | |
76 | try | |
77 | { | |
78 | for(int n=1 ; n < argc; ++n) { | |
79 | cout<<argv[n]<<endl; | |
d74f4d55 | 80 | unsigned int parseErrors=0, totalQueries=0, skipped=0; |
a9b1aa91 | 81 | PcapPacketReader pr(argv[n]); |
d74f4d55 | 82 | PcapPacketWriter pw(argv[n]+string(".out"), pr); |
a9b1aa91 BH |
83 | /* four sorts of packets: |
84 | "rd": question from a client pc | |
85 | "rd qr": answer to a client pc | |
86 | "": question from the resolver | |
87 | "qr": answer to the resolver */ | |
88 | ||
89 | /* what are interesting events to note? */ | |
90 | /* we measure every 60 seconds, each interval with 10% less answers than questions is interesting */ | |
91 | /* report chunked */ | |
92 | ||
93 | struct timeval lastreport={0, 0}; | |
94 | ||
d74f4d55 BH |
95 | typedef set<pair<string, uint16_t> > queries_t; |
96 | queries_t questions, answers; | |
97 | ||
98 | unsigned int count = 10000; | |
99 | ||
a9b1aa91 BH |
100 | while(pr.getUDPPacket()) { |
101 | if((ntohs(pr.d_udp->uh_dport)==5300 || ntohs(pr.d_udp->uh_sport)==5300 || | |
102 | ntohs(pr.d_udp->uh_dport)==53 || ntohs(pr.d_udp->uh_sport)==53) && | |
103 | pr.d_len > 12) { | |
104 | try { | |
105 | MOADNSParser mdp((const char*)pr.d_payload, pr.d_len); | |
d74f4d55 BH |
106 | if(mdp.d_header.id==htons(4575)) { |
107 | // cerr << ntohl(*(uint32_t*)&pr.d_ip->ip_src)<<endl; | |
108 | g_skipped++; | |
109 | continue; | |
110 | } | |
111 | if(iequals(mdp.d_qname,"ycjnakisys1m.post.yamaha.co.jp.")) | |
112 | cerr<<"hit: "<<mdp.d_qtype<<", rd="<<mdp.d_header.rd<< ", id="<<mdp.d_header.id<<", qr="<<mdp.d_header.qr<<"\n"; | |
113 | ||
a9b1aa91 BH |
114 | if(lastreport.tv_sec == 0) { |
115 | lastreport = pr.d_pheader.ts; | |
116 | } | |
117 | ||
d74f4d55 BH |
118 | if(pr.d_pheader.ts.tv_sec > 1176897290 && pr.d_pheader.ts.tv_sec < 1176897310 ) |
119 | pw.write(); | |
120 | ||
121 | if(mdp.d_header.rd && !mdp.d_header.qr) { | |
122 | g_lastquestionTime=pr.d_pheader.ts; | |
a9b1aa91 | 123 | g_clientQuestions++; |
d74f4d55 BH |
124 | totalQueries++; |
125 | questions.insert(make_pair(mdp.d_qname, mdp.d_qtype)); | |
126 | } | |
a9b1aa91 BH |
127 | else if(mdp.d_header.rd && mdp.d_header.qr) { |
128 | g_lastanswerTime=pr.d_pheader.ts; | |
129 | g_clientResponses++; | |
d74f4d55 | 130 | answers.insert(make_pair(mdp.d_qname, mdp.d_qtype)); |
a9b1aa91 BH |
131 | } |
132 | else if(!mdp.d_header.rd && !mdp.d_header.qr) { | |
133 | g_lastquestionTime=pr.d_pheader.ts; | |
134 | g_serverQuestions++; | |
d74f4d55 | 135 | totalQueries++; |
a9b1aa91 BH |
136 | } |
137 | else if(!mdp.d_header.rd && mdp.d_header.qr) | |
138 | g_serverResponses++; | |
139 | ||
d74f4d55 | 140 | if(pr.d_pheader.ts.tv_sec - lastreport.tv_sec > 2) { |
a9b1aa91 BH |
141 | makeReport(pr.d_pheader.ts); |
142 | lastreport = pr.d_pheader.ts; | |
143 | } | |
144 | ||
145 | } | |
146 | catch(MOADNSException& mde) { | |
147 | // cerr<<"error parsing packet: "<<mde.what()<<endl; | |
d74f4d55 | 148 | parseErrors++; |
a9b1aa91 BH |
149 | continue; |
150 | } | |
151 | catch(exception& e) { | |
152 | cerr << e.what() << endl; | |
153 | continue; | |
154 | } | |
155 | } | |
d74f4d55 BH |
156 | |
157 | } | |
158 | cerr<<"Parse errors: "<<parseErrors<<", total queries: "<<totalQueries<<endl; | |
159 | typedef vector<queries_t::value_type> diff_t; | |
160 | diff_t diff; | |
161 | set_difference(questions.begin(), questions.end(), answers.begin(), answers.end(), back_inserter(diff)); | |
162 | cerr<<questions.size()<<" different rd questions, "<< answers.size()<<" different rd answers, diff: "<<diff.size()<<endl; | |
163 | cerr<<skipped<<" skipped\n"; | |
164 | ofstream failed("failed"); | |
165 | for(diff_t::const_iterator i = diff.begin(); i != diff.end() ; ++i) { | |
166 | failed << i->first << "\t" << i->second << "\n"; | |
167 | } | |
168 | ||
169 | diff.clear(); | |
170 | ||
171 | set_difference(answers.begin(), answers.end(), questions.begin(), questions.end(), back_inserter(diff)); | |
172 | cerr<<diff.size()<<" answers w/o questions\n"; | |
173 | ||
174 | ofstream succeeded("succeeded"); | |
175 | for(queries_t::const_iterator i = answers.begin(); i != answers.end() ; ++i) { | |
176 | succeeded << i->first << "\t" << i->second << "\n"; | |
a9b1aa91 BH |
177 | } |
178 | } | |
179 | } | |
180 | catch(exception& e) | |
181 | { | |
182 | cerr<<"Fatal: "<<e.what()<<endl; | |
183 | } |