[thirdparty/pdns.git] / pdns / dnsgram.cc

#define __FAVOR_BSD
#include "statbag.hh"
#include "dnspcap.hh"
#include "dnsparser.hh"
#include <boost/tuple/tuple.hpp>
#include <boost/tuple/tuple_comparison.hpp>
#include <boost/algorithm/string.hpp>
#include <map>
#include <set>
#include <fstream>
#include <algorithm>
#include "anadns.hh"

using namespace boost;
using namespace std;

StatBag S;

int32_t g_clientQuestions, g_clientResponses, g_serverQuestions, g_serverResponses, g_skipped;
struct timeval g_lastanswerTime, g_lastquestionTime;
void makeReport(const struct timeval& tv)
{
  int64_t clientdiff = g_clientQuestions - g_clientResponses;
  int64_t serverdiff = g_serverQuestions - g_serverResponses;

  if(clientdiff > 0.01*g_clientQuestions) {
    char tmp[80];
    struct tm tm=*localtime_r(&tv.tv_sec, &tm);
    strftime(tmp, sizeof(tmp) - 1, "%F %H:%M:%S", &tm);

    cout << tmp << ": Resolver dropped too many questions (" 
	 << g_clientQuestions <<" vs " << g_clientResponses << "), diff: " <<clientdiff<<endl;

    tm=*localtime_r(&g_lastanswerTime.tv_sec, &tm);
    strftime(tmp, sizeof(tmp) - 1, "%F %H:%M:%S", &tm);
    
    cout<<"Last answer: "<<tmp<<"."<<g_lastanswerTime.tv_usec/1000000.0<<endl;

    tm=*localtime_r(&g_lastquestionTime.tv_sec, &tm);
    strftime(tmp, sizeof(tmp) - 1, "%F %H:%M:%S", &tm);
    
    cout<<"Last question: "<<tmp<<"."<<g_lastquestionTime.tv_usec/1000000.0<<endl;
  }

  if(serverdiff > 0.01*g_serverQuestions) {
    char tmp[80];
    struct tm tm=*localtime_r(&tv.tv_sec, &tm);
    strftime(tmp, sizeof(tmp) - 1, "%F %H:%M:%S", &tm);

    cout << tmp << ": Auth server dropped too many questions (" 
	 << g_serverQuestions <<" vs " << g_serverResponses << "), diff: " <<serverdiff<<endl;

    cout << tv.tv_sec<<endl;

    tm=*localtime_r(&g_lastanswerTime.tv_sec, &tm);
    strftime(tmp, sizeof(tmp) - 1, "%F %H:%M:%S", &tm);
    
    cout<<"Last answer: "<<tmp<<"."<<g_lastanswerTime.tv_usec/1000000.0<<endl;

    tm=*localtime_r(&g_lastquestionTime.tv_sec, &tm);
    strftime(tmp, sizeof(tmp) - 1, "%F %H:%M:%S", &tm);
    
    cout<<"Last question: "<<tmp<<"."<<g_lastquestionTime.tv_usec/1000000.0<<endl;
  }
//  cout <<"Recursive questions: "<<g_clientQuestions<<", recursive responses: " << g_clientResponses<< 
//    ", server questions: "<<g_serverQuestions<<", server responses: "<<g_serverResponses<<endl;


  cerr << tv.tv_sec << " " <<g_clientQuestions<<" " << g_clientResponses<< " "<<g_serverQuestions<<" "<<g_serverResponses<<" "<<g_skipped<<endl;
  g_clientQuestions=g_clientResponses=g_serverQuestions=g_serverResponses=0;
  g_skipped=0;
}


int main(int argc, char** argv)
try
{
  for(int n=1 ; n < argc; ++n) {
    cout<<argv[n]<<endl;
    unsigned int parseErrors=0, totalQueries=0, skipped=0;
    PcapPacketReader pr(argv[n]);
    PcapPacketWriter pw(argv[n]+string(".out"), pr);
    /* four sorts of packets: 
       "rd": question from a client pc
       "rd qr": answer to a client pc
       "": question from the resolver
       "qr": answer to the resolver */
    
    /* what are interesting events to note? */
    /* we measure every 60 seconds, each interval with 10% less answers than questions is interesting */
    /* report chunked */
    
    struct timeval lastreport={0, 0};
    
    typedef set<pair<string, uint16_t> > queries_t;
    queries_t questions, answers;

    unsigned int count = 10000;

    while(pr.getUDPPacket()) {
      if((ntohs(pr.d_udp->uh_dport)==5300 || ntohs(pr.d_udp->uh_sport)==5300 ||
	  ntohs(pr.d_udp->uh_dport)==53   || ntohs(pr.d_udp->uh_sport)==53) &&
	 pr.d_len > 12) {
	try {
	  MOADNSParser mdp((const char*)pr.d_payload, pr.d_len);
	  if(mdp.d_header.id==htons(4575)) {
//	    cerr << ntohl(*(uint32_t*)&pr.d_ip->ip_src)<<endl;
	    g_skipped++;
	    continue;
	  }
	  if(iequals(mdp.d_qname,"ycjnakisys1m.post.yamaha.co.jp."))
	    cerr<<"hit: "<<mdp.d_qtype<<", rd="<<mdp.d_header.rd<< ", id="<<mdp.d_header.id<<", qr="<<mdp.d_header.qr<<"\n";

	  if(lastreport.tv_sec == 0) {
	    lastreport = pr.d_pheader.ts;
	  }
	  
	  if(pr.d_pheader.ts.tv_sec > 1176897290 && pr.d_pheader.ts.tv_sec < 1176897310 ) 
	    pw.write();

	  if(mdp.d_header.rd && !mdp.d_header.qr) {
	    g_lastquestionTime=pr.d_pheader.ts;
	    g_clientQuestions++;
	    totalQueries++;
	    questions.insert(make_pair(mdp.d_qname, mdp.d_qtype));
	  }
	  else if(mdp.d_header.rd && mdp.d_header.qr) {
	    g_lastanswerTime=pr.d_pheader.ts;
	    g_clientResponses++;
	    answers.insert(make_pair(mdp.d_qname, mdp.d_qtype));
	  }
	  else if(!mdp.d_header.rd && !mdp.d_header.qr) {
	    g_lastquestionTime=pr.d_pheader.ts;
	    g_serverQuestions++;
	    totalQueries++;
	  }
	  else if(!mdp.d_header.rd && mdp.d_header.qr)
	    g_serverResponses++;
	  
	  if(pr.d_pheader.ts.tv_sec - lastreport.tv_sec > 2) {
	    makeReport(pr.d_pheader.ts);
	    lastreport = pr.d_pheader.ts;
	  }
	  
	}
	catch(MOADNSException& mde) {
	  //	cerr<<"error parsing packet: "<<mde.what()<<endl;
	  parseErrors++;
	  continue;
	}
	catch(exception& e) {
	  cerr << e.what() << endl;
	  continue;
	}
      }

    }
    cerr<<"Parse errors: "<<parseErrors<<", total queries: "<<totalQueries<<endl;
    typedef vector<queries_t::value_type> diff_t;
    diff_t diff;
    set_difference(questions.begin(), questions.end(), answers.begin(), answers.end(), back_inserter(diff));
    cerr<<questions.size()<<" different rd questions, "<< answers.size()<<" different rd answers, diff: "<<diff.size()<<endl;
    cerr<<skipped<<" skipped\n";
    ofstream failed("failed");
    for(diff_t::const_iterator i = diff.begin(); i != diff.end() ; ++i) {
      failed << i->first << "\t" << i->second << "\n";
    }

    diff.clear();
    
    set_difference(answers.begin(), answers.end(), questions.begin(), questions.end(), back_inserter(diff));
    cerr<<diff.size()<<" answers w/o questions\n";

    ofstream succeeded("succeeded");
    for(queries_t::const_iterator i = answers.begin(); i != answers.end() ; ++i) {
      succeeded << i->first << "\t" << i->second << "\n";
    }
  }
}
catch(exception& e)
{
  cerr<<"Fatal: "<<e.what()<<endl;
}
Commit	Line	Data
a9b1aa91 BH	1	#define __FAVOR_BSD
	2	#include "statbag.hh"
	3	#include "dnspcap.hh"
	4	#include "dnsparser.hh"
	5	#include <boost/tuple/tuple.hpp>
	6	#include <boost/tuple/tuple_comparison.hpp>
d74f4d55	7	#include <boost/algorithm/string.hpp>
a9b1aa91 BH	8	#include <map>
	9	#include <set>
	10	#include <fstream>
	11	#include <algorithm>
	12	#include "anadns.hh"
	13
	14	using namespace boost;
	15	using namespace std;
	16
	17	StatBag S;
	18
d74f4d55	19	int32_t g_clientQuestions, g_clientResponses, g_serverQuestions, g_serverResponses, g_skipped;
a9b1aa91 BH	20	struct timeval g_lastanswerTime, g_lastquestionTime;
	21	void makeReport(const struct timeval& tv)
	22	{
	23	int64_t clientdiff = g_clientQuestions - g_clientResponses;
d74f4d55 BH	24	int64_t serverdiff = g_serverQuestions - g_serverResponses;
	25
	26	if(clientdiff > 0.01*g_clientQuestions) {
a9b1aa91 BH	27	char tmp[80];
	28	struct tm tm=*localtime_r(&tv.tv_sec, &tm);
	29	strftime(tmp, sizeof(tmp) - 1, "%F %H:%M:%S", &tm);
	30
	31	cout << tmp << ": Resolver dropped too many questions ("
	32	<< g_clientQuestions <<" vs " << g_clientResponses << "), diff: " <<clientdiff<<endl;
	33
	34	tm=*localtime_r(&g_lastanswerTime.tv_sec, &tm);
	35	strftime(tmp, sizeof(tmp) - 1, "%F %H:%M:%S", &tm);
	36
	37	cout<<"Last answer: "<<tmp<<"."<<g_lastanswerTime.tv_usec/1000000.0<<endl;
	38
	39	tm=*localtime_r(&g_lastquestionTime.tv_sec, &tm);
	40	strftime(tmp, sizeof(tmp) - 1, "%F %H:%M:%S", &tm);
	41
	42	cout<<"Last question: "<<tmp<<"."<<g_lastquestionTime.tv_usec/1000000.0<<endl;
d74f4d55	43	}
a9b1aa91	44
d74f4d55 BH	45	if(serverdiff > 0.01*g_serverQuestions) {
	46	char tmp[80];
	47	struct tm tm=*localtime_r(&tv.tv_sec, &tm);
	48	strftime(tmp, sizeof(tmp) - 1, "%F %H:%M:%S", &tm);
	49
	50	cout << tmp << ": Auth server dropped too many questions ("
	51	<< g_serverQuestions <<" vs " << g_serverResponses << "), diff: " <<serverdiff<<endl;
a9b1aa91	52
d74f4d55 BH	53	cout << tv.tv_sec<<endl;
	54
	55	tm=*localtime_r(&g_lastanswerTime.tv_sec, &tm);
	56	strftime(tmp, sizeof(tmp) - 1, "%F %H:%M:%S", &tm);
	57
	58	cout<<"Last answer: "<<tmp<<"."<<g_lastanswerTime.tv_usec/1000000.0<<endl;
	59
	60	tm=*localtime_r(&g_lastquestionTime.tv_sec, &tm);
	61	strftime(tmp, sizeof(tmp) - 1, "%F %H:%M:%S", &tm);
	62
	63	cout<<"Last question: "<<tmp<<"."<<g_lastquestionTime.tv_usec/1000000.0<<endl;
a9b1aa91	64	}
d74f4d55 BH	65	// cout <<"Recursive questions: "<<g_clientQuestions<<", recursive responses: " << g_clientResponses<<
	66	// ", server questions: "<<g_serverQuestions<<", server responses: "<<g_serverResponses<<endl;
	67
	68
	69	cerr << tv.tv_sec << " " <<g_clientQuestions<<" " << g_clientResponses<< " "<<g_serverQuestions<<" "<<g_serverResponses<<" "<<g_skipped<<endl;
a9b1aa91	70	g_clientQuestions=g_clientResponses=g_serverQuestions=g_serverResponses=0;
d74f4d55	71	g_skipped=0;
a9b1aa91 BH	72	}
	73
	74
	75	int main(int argc, char** argv)
	76	try
	77	{
	78	for(int n=1 ; n < argc; ++n) {
	79	cout<<argv[n]<<endl;
d74f4d55	80	unsigned int parseErrors=0, totalQueries=0, skipped=0;
a9b1aa91	81	PcapPacketReader pr(argv[n]);
d74f4d55	82	PcapPacketWriter pw(argv[n]+string(".out"), pr);
a9b1aa91 BH	83	/* four sorts of packets:
	84	"rd": question from a client pc
	85	"rd qr": answer to a client pc
	86	"": question from the resolver
	87	"qr": answer to the resolver */
	88
	89	/* what are interesting events to note? */
	90	/* we measure every 60 seconds, each interval with 10% less answers than questions is interesting */
	91	/* report chunked */
	92
	93	struct timeval lastreport={0, 0};
	94
d74f4d55 BH	95	typedef set<pair<string, uint16_t> > queries_t;
	96	queries_t questions, answers;
	97
	98	unsigned int count = 10000;
	99
a9b1aa91 BH	100	while(pr.getUDPPacket()) {
	101	if((ntohs(pr.d_udp->uh_dport)==5300 \|\| ntohs(pr.d_udp->uh_sport)==5300 \|\|
	102	ntohs(pr.d_udp->uh_dport)==53 \|\| ntohs(pr.d_udp->uh_sport)==53) &&
	103	pr.d_len > 12) {
	104	try {
	105	MOADNSParser mdp((const char*)pr.d_payload, pr.d_len);
d74f4d55 BH	106	if(mdp.d_header.id==htons(4575)) {
	107	// cerr << ntohl((uint32_t)&pr.d_ip->ip_src)<<endl;
	108	g_skipped++;
	109	continue;
	110	}
	111	if(iequals(mdp.d_qname,"ycjnakisys1m.post.yamaha.co.jp."))
	112	cerr<<"hit: "<<mdp.d_qtype<<", rd="<<mdp.d_header.rd<< ", id="<<mdp.d_header.id<<", qr="<<mdp.d_header.qr<<"\n";
	113
a9b1aa91 BH	114	if(lastreport.tv_sec == 0) {
	115	lastreport = pr.d_pheader.ts;
	116	}
	117
d74f4d55 BH	118	if(pr.d_pheader.ts.tv_sec > 1176897290 && pr.d_pheader.ts.tv_sec < 1176897310 )
	119	pw.write();
	120
	121	if(mdp.d_header.rd && !mdp.d_header.qr) {
	122	g_lastquestionTime=pr.d_pheader.ts;
a9b1aa91	123	g_clientQuestions++;
d74f4d55 BH	124	totalQueries++;
	125	questions.insert(make_pair(mdp.d_qname, mdp.d_qtype));
	126	}
a9b1aa91 BH	127	else if(mdp.d_header.rd && mdp.d_header.qr) {
	128	g_lastanswerTime=pr.d_pheader.ts;
	129	g_clientResponses++;
d74f4d55	130	answers.insert(make_pair(mdp.d_qname, mdp.d_qtype));
a9b1aa91 BH	131	}
	132	else if(!mdp.d_header.rd && !mdp.d_header.qr) {
	133	g_lastquestionTime=pr.d_pheader.ts;
	134	g_serverQuestions++;
d74f4d55	135	totalQueries++;
a9b1aa91 BH	136	}
	137	else if(!mdp.d_header.rd && mdp.d_header.qr)
	138	g_serverResponses++;
	139
d74f4d55	140	if(pr.d_pheader.ts.tv_sec - lastreport.tv_sec > 2) {
a9b1aa91 BH	141	makeReport(pr.d_pheader.ts);
	142	lastreport = pr.d_pheader.ts;
	143	}
	144
	145	}
	146	catch(MOADNSException& mde) {
	147	// cerr<<"error parsing packet: "<<mde.what()<<endl;
d74f4d55	148	parseErrors++;
a9b1aa91 BH	149	continue;
	150	}
	151	catch(exception& e) {
	152	cerr << e.what() << endl;
	153	continue;
	154	}
	155	}
d74f4d55 BH	156
	157	}
	158	cerr<<"Parse errors: "<<parseErrors<<", total queries: "<<totalQueries<<endl;
	159	typedef vector<queries_t::value_type> diff_t;
	160	diff_t diff;
	161	set_difference(questions.begin(), questions.end(), answers.begin(), answers.end(), back_inserter(diff));
	162	cerr<<questions.size()<<" different rd questions, "<< answers.size()<<" different rd answers, diff: "<<diff.size()<<endl;
	163	cerr<<skipped<<" skipped\n";
	164	ofstream failed("failed");
	165	for(diff_t::const_iterator i = diff.begin(); i != diff.end() ; ++i) {
	166	failed << i->first << "\t" << i->second << "\n";
	167	}
	168
	169	diff.clear();
	170
	171	set_difference(answers.begin(), answers.end(), questions.begin(), questions.end(), back_inserter(diff));
	172	cerr<<diff.size()<<" answers w/o questions\n";
	173
	174	ofstream succeeded("succeeded");
	175	for(queries_t::const_iterator i = answers.begin(); i != answers.end() ; ++i) {
	176	succeeded << i->first << "\t" << i->second << "\n";
a9b1aa91 BH	177	}
	178	}
	179	}
	180	catch(exception& e)
	181	{
	182	cerr<<"Fatal: "<<e.what()<<endl;
	183	}