* `packetcache-hits`: packet cache hits (since 3.2)
* `packetcache-misses`: packet cache misses (since 3.2)
* `policy-drops`: packets dropped because of (Lua) policy decision
+* `policy-result-noaction`: packets that were not actioned upon by the RPZ/filter engine
+* `policy-result-drop`: packets that were dropped by the RPZ/filter engine
+* `policy-result-nxdomain`: packets that were replied to with NXDOMAIN by the RPZ/filter engine
+* `policy-result-nodata`: packets that were replied to with no data by the RPZ/filter engine
+* `policy-result-truncate`: packets that were forced to TCP by the RPZ/filter engine
+* `policy-result-custom`: packets that were sent a custom answer by the RPZ/filter engine
* `qa-latency`: shows the current latency average, in microseconds, exponentially weighted over past 'latency-statistic-size' packets
* `questions`: counts all end-user initiated queries with the RD bit set
* `resource-limits`: counts number of queries that could not be performed because of resource limits
break;
case DNSFilterEngine::PolicyKind::Drop:
g_stats.policyDrops++;
+ g_stats.policyResults[appliedPolicy.d_kind]++;
delete dc;
dc=0;
return;
case DNSFilterEngine::PolicyKind::NXDOMAIN:
+ g_stats.policyResults[appliedPolicy.d_kind]++;
res=RCode::NXDomain;
goto haveAnswer;
case DNSFilterEngine::PolicyKind::NODATA:
+ g_stats.policyResults[appliedPolicy.d_kind]++;
res=RCode::NoError;
goto haveAnswer;
case DNSFilterEngine::PolicyKind::Custom:
+ g_stats.policyResults[appliedPolicy.d_kind]++;
res=RCode::NoError;
spoofed.d_name=dc->d_mdp.d_qname;
spoofed.d_type=appliedPolicy.d_custom->getType();
goto haveAnswer;
case DNSFilterEngine::PolicyKind::Truncate:
if(!dc->d_tcp) {
+ g_stats.policyResults[appliedPolicy.d_kind]++;
res=RCode::NoError;
pw.getHeader()->tc=1;
goto haveAnswer;
(*t_pdl)->postresolve(dc->d_remote, dc->d_local, dc->d_mdp.d_qname, QType(dc->d_mdp.d_qtype), dc->d_tcp, ret, &appliedPolicy, &dc->d_policyTags, res, &variableAnswer);
}
+ g_stats.policyResults[appliedPolicy.d_kind]++;
switch(appliedPolicy.d_kind) {
case DNSFilterEngine::PolicyKind::NoAction:
break;
#include "rec-lua-conf.hh"
#include "validate-recursor.hh"
+#include "filterpo.hh"
#include "secpoll-recursor.hh"
#include "pubsuffix.hh"
addGetStat("dnssec-result-bogus", &g_stats.dnssecResults[Bogus]);
addGetStat("dnssec-result-indeterminate", &g_stats.dnssecResults[Indeterminate]);
addGetStat("dnssec-result-nta", &g_stats.dnssecResults[NTA]);
+
+ addGetStat("policy-result-noaction", &g_stats.policyResults[DNSFilterEngine::PolicyKind::NoAction]);
+ addGetStat("policy-result-drop", &g_stats.policyResults[DNSFilterEngine::PolicyKind::Drop]);
+ addGetStat("policy-result-nxdomain", &g_stats.policyResults[DNSFilterEngine::PolicyKind::NXDOMAIN]);
+ addGetStat("policy-result-nodata", &g_stats.policyResults[DNSFilterEngine::PolicyKind::NODATA]);
+ addGetStat("policy-result-truncate", &g_stats.policyResults[DNSFilterEngine::PolicyKind::Truncate]);
+ addGetStat("policy-result-custom", &g_stats.policyResults[DNSFilterEngine::PolicyKind::Custom]);
}
static void doExitGeneric(bool nicely)
}
//
// XXX NEED TO HANDLE OTHER POLICY KINDS HERE!
- if(g_luaconfs.getLocal()->dfe.getProcessingPolicy(*tns).d_kind != DNSFilterEngine::PolicyKind::NoAction)
+ if(g_luaconfs.getLocal()->dfe.getProcessingPolicy(*tns).d_kind != DNSFilterEngine::PolicyKind::NoAction) {
+ g_stats.policyResults[g_luaconfs.getLocal()->dfe.getProcessingPolicy(*tns).d_kind]++;
throw ImmediateServFailException("Dropped because of policy");
+ }
if(tns->empty()) {
LOG(prefix<<qname<<": Domain has hardcoded nameserver");
unsigned int maxMThreadStackUsage;
std::atomic<uint64_t> dnssecValidations; // should be the sum of all dnssecResult* stats
std::map<vState, std::atomic<uint64_t> > dnssecResults;
+ std::map<DNSFilterEngine::PolicyKind, std::atomic<uint64_t> > policyResults;
};
//! represents a running TCP/IP client session
projects / thirdparty / pdns.git / commitdiff
