From 8617eda729535bf3644207469d6555db4bc92e63 Mon Sep 17 00:00:00 2001 From: Remi Gacogne Date: Tue, 19 Jan 2021 19:23:46 +0100 Subject: [PATCH] dnsdist: Add a counter for queries truncated because of a rule --- pdns/dnsdist-snmp.cc | 2 ++ pdns/dnsdist-web.cc | 2 ++ pdns/dnsdist.cc | 1 + pdns/dnsdist.hh | 3 +++ pdns/dnsdistdist/DNSDIST-MIB.txt | 20 +++++++++++++++----- pdns/dnsdistdist/docs/statistics.rst | 20 ++++++++++++++++++++ regression-tests.dnsdist/test_API.py | 8 ++++---- 7 files changed, 47 insertions(+), 9 deletions(-) diff --git a/pdns/dnsdist-snmp.cc b/pdns/dnsdist-snmp.cc index 3d79859fe1..ae62891813 100644 --- a/pdns/dnsdist-snmp.cc +++ b/pdns/dnsdist-snmp.cc @@ -53,6 +53,7 @@ static const oid dynBlockedNMGSizeOID[] = { DNSDIST_STATS_OID, 36 }; static const oid ruleServFailOID[] = { DNSDIST_STATS_OID, 37 }; static const oid securityStatusOID[] = { DNSDIST_STATS_OID, 38 }; static const oid specialMemoryUsageOID[] = { DNSDIST_STATS_OID, 39 }; +static const oid ruleTruncatedOID[] = { DNSDIST_STATS_OID, 40 }; static std::unordered_map s_statsMap; @@ -558,6 +559,7 @@ DNSDistSNMPAgent::DNSDistSNMPAgent(const std::string& name, const std::string& m registerCounter64Stat("ruleNXDomain", ruleNXDomainOID, OID_LENGTH(ruleNXDomainOID), &g_stats.ruleNXDomain); registerCounter64Stat("ruleRefused", ruleRefusedOID, OID_LENGTH(ruleRefusedOID), &g_stats.ruleRefused); registerCounter64Stat("ruleServFail", ruleServFailOID, OID_LENGTH(ruleServFailOID), &g_stats.ruleServFail); + registerCounter64Stat("ruleTruncated", ruleTruncatedOID, OID_LENGTH(ruleTruncatedOID), &g_stats.ruleTruncated); registerCounter64Stat("selfAnswered", selfAnsweredOID, OID_LENGTH(selfAnsweredOID), &g_stats.selfAnswered); registerCounter64Stat("downstreamTimeouts", downstreamTimeoutsOID, OID_LENGTH(downstreamTimeoutsOID), &g_stats.downstreamTimeouts); registerCounter64Stat("downstreamSendErrors", downstreamSendErrorsOID, OID_LENGTH(downstreamSendErrorsOID), &g_stats.downstreamSendErrors); diff --git a/pdns/dnsdist-web.cc b/pdns/dnsdist-web.cc index ebba297f71..668aa7ce38 100644 --- a/pdns/dnsdist-web.cc +++ b/pdns/dnsdist-web.cc @@ -73,6 +73,7 @@ const std::map MetricDefinitionStorage::metrics{ { "rule-nxdomain", MetricDefinition(PrometheusMetricType::counter, "Number of NXDomain answers returned because of a rule")}, { "rule-refused", MetricDefinition(PrometheusMetricType::counter, "Number of Refused answers returned because of a rule")}, { "rule-servfail", MetricDefinition(PrometheusMetricType::counter, "Number of SERVFAIL answers received because of a rule")}, + { "rule-truncated", MetricDefinition(PrometheusMetricType::counter, "Number of truncated answers returned because of a rule")}, { "self-answered", MetricDefinition(PrometheusMetricType::counter, "Number of self-answered responses")}, { "downstream-timeouts", MetricDefinition(PrometheusMetricType::counter, "Number of queries not answered in time by a backend")}, { "downstream-send-errors", MetricDefinition(PrometheusMetricType::counter, "Number of errors when sending a query to a backend")}, @@ -110,6 +111,7 @@ const std::map MetricDefinitionStorage::metrics{ { "udp-noport-errors", MetricDefinition(PrometheusMetricType::counter, "From /proc/net/snmp NoPorts") }, { "udp-recvbuf-errors", MetricDefinition(PrometheusMetricType::counter, "From /proc/net/snmp RcvbufErrors") }, { "udp-sndbuf-errors", MetricDefinition(PrometheusMetricType::counter, "From /proc/net/snmp SndbufErrors") }, + { "proxy-protocol-invalid", MetricDefinition(PrometheusMetricType::counter, "Number of queries dropped because of an invalid Proxy Protocol header") }, }; static bool apiWriteConfigFile(const string& filebasename, const string& content) diff --git a/pdns/dnsdist.cc b/pdns/dnsdist.cc index 59c4aecf9c..c0cda7d6e9 100644 --- a/pdns/dnsdist.cc +++ b/pdns/dnsdist.cc @@ -811,6 +811,7 @@ bool processRulesResult(const DNSAction::Action& action, DNSQuestion& dq, std::s dq.getHeader()->ra = dq.getHeader()->rd; dq.getHeader()->aa = false; dq.getHeader()->ad = false; + ++g_stats.ruleTruncated; return true; break; case DNSAction::Action::HeaderModify: diff --git a/pdns/dnsdist.hh b/pdns/dnsdist.hh index 5b4fe32a01..56cbcceefa 100644 --- a/pdns/dnsdist.hh +++ b/pdns/dnsdist.hh @@ -316,6 +316,7 @@ struct DNSDistStats stat_t ruleNXDomain{0}; stat_t ruleRefused{0}; stat_t ruleServFail{0}; + stat_t ruleTruncated{0}; stat_t selfAnswered{0}; stat_t downstreamTimeouts{0}; stat_t downstreamSendErrors{0}; @@ -344,6 +345,7 @@ struct DNSDistStats {"rule-nxdomain", &ruleNXDomain}, {"rule-refused", &ruleRefused}, {"rule-servfail", &ruleServFail}, + {"rule-truncated", &ruleTruncated}, {"self-answered", &selfAnswered}, {"downstream-timeouts", &downstreamTimeouts}, {"downstream-send-errors", &downstreamSendErrors}, @@ -368,6 +370,7 @@ struct DNSDistStats {"udp-sndbuf-errors", boost::bind(udpErrorStats, "udp-sndbuf-errors")}, {"noncompliant-queries", &nonCompliantQueries}, {"noncompliant-responses", &nonCompliantResponses}, + {"proxy-protocol-invalid", &proxyProtocolInvalid}, {"rdqueries", &rdQueries}, {"empty-queries", &emptyQueries}, {"cache-hits", &cacheHits}, diff --git a/pdns/dnsdistdist/DNSDIST-MIB.txt b/pdns/dnsdistdist/DNSDIST-MIB.txt index 4f1f0bc293..297d7304ff 100644 --- a/pdns/dnsdistdist/DNSDIST-MIB.txt +++ b/pdns/dnsdistdist/DNSDIST-MIB.txt @@ -326,21 +326,29 @@ ruleServFail OBJECT-TYPE "Number of ServFail responses returned because of a rule" ::= { stats 37 } -specialMemoryUsage OBJECT-TYPE +securityStatus OBJECT-TYPE SYNTAX CounterBasedGauge64 MAX-ACCESS read-only STATUS current DESCRIPTION - "Memory usage (more precise but expensive to retrieve)" + "Security status of this software. 0=unknown, 1=OK, 2=upgrade recommended, 3=upgrade mandatory" ::= { stats 38 } -securityStatus OBJECT-TYPE +specialMemoryUsage OBJECT-TYPE SYNTAX CounterBasedGauge64 MAX-ACCESS read-only STATUS current DESCRIPTION - "Security status of this software. 0=unknown, 1=OK, 2=upgrade recommended, 3=upgrade mandatory" - ::= { stats 38 } + "Memory usage (more precise but expensive to retrieve)" + ::= { stats 39 } + +ruleTruncated OBJECT-TYPE + SYNTAX Counter64 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Number of Truncated responses returned because of a rule" + ::= { stats 40 } backendStatTable OBJECT-TYPE SYNTAX SEQUENCE OF BackendStatEntry @@ -658,6 +666,8 @@ dnsdistGroup OBJECT-GROUP ruleDrop, ruleNXDomain, ruleRefused, + ruleServFail, + ruleTruncated, selfAnswered, downstreamTimeouts, downstreamSendErrors, diff --git a/pdns/dnsdistdist/docs/statistics.rst b/pdns/dnsdistdist/docs/statistics.rst index c6456ee5c8..5e8d985d7b 100644 --- a/pdns/dnsdistdist/docs/statistics.rst +++ b/pdns/dnsdistdist/docs/statistics.rst @@ -54,6 +54,14 @@ cpu-user-msec ------------- Milliseconds spent by :program:`dnsdist` in the "user" state. +doh-query-pipe-full +------------------- +Number of queries dropped because the internal DoH pipe was full. + +doh-response-pipe-full +---------------------- +Number of responses dropped because the internal DoH pipe was full. + downstream-send-errors ---------------------- Number of errors when sending a query to a backend. @@ -156,6 +164,12 @@ noncompliant-responses ---------------------- Number of answers from a backend dropped as non-compliant. +proxy-protocol-invalid +---------------------- +.. versionadded:: 1.6.0 + +Number of queries dropped because of an invalid Proxy Protocol header. + queries ------- Number of received queries. @@ -190,6 +204,12 @@ rule-servfail ------------- Number of ServFail answers returned because of a rule. +rule-truncated +-------------- +.. versionadded:: 1.6.0 + +Number of truncated answers returned because of a rule. + security-status --------------- .. versionadded:: 1.3.4 diff --git a/regression-tests.dnsdist/test_API.py b/regression-tests.dnsdist/test_API.py index 327c781a5b..b331ddb28a 100644 --- a/regression-tests.dnsdist/test_API.py +++ b/regression-tests.dnsdist/test_API.py @@ -236,9 +236,9 @@ class TestAPIBasics(DNSDistTest): 'latency-avg10000', 'latency-avg1000000', 'uptime', 'real-memory-usage', 'noncompliant-queries', 'noncompliant-responses', 'rdqueries', 'empty-queries', 'cache-hits', 'cache-misses', 'cpu-iowait', 'cpu-steal', 'cpu-sys-msec', 'cpu-user-msec', 'fd-usage', 'dyn-blocked', - 'dyn-block-nmg-size', 'rule-servfail', 'security-status', + 'dyn-block-nmg-size', 'rule-servfail', 'rule-truncated', 'security-status', 'udp-in-errors', 'udp-noport-errors', 'udp-recvbuf-errors', 'udp-sndbuf-errors', - 'doh-query-pipe-full', 'doh-response-pipe-full'] + 'doh-query-pipe-full', 'doh-response-pipe-full', 'proxy-protocol-invalid'] for key in expected: self.assertIn(key, values) @@ -261,7 +261,7 @@ class TestAPIBasics(DNSDistTest): expected = ['responses', 'servfail-responses', 'queries', 'acl-drops', 'frontend-noerror', 'frontend-nxdomain', 'frontend-servfail', - 'rule-drop', 'rule-nxdomain', 'rule-refused', 'self-answered', 'downstream-timeouts', + 'rule-drop', 'rule-nxdomain', 'rule-refused', 'rule-truncated', 'self-answered', 'downstream-timeouts', 'downstream-send-errors', 'trunc-failures', 'no-policy', 'latency0-1', 'latency1-10', 'latency10-50', 'latency50-100', 'latency100-1000', 'latency-slow', 'latency-avg100', 'latency-avg1000', 'latency-avg10000', @@ -269,7 +269,7 @@ class TestAPIBasics(DNSDistTest): 'noncompliant-responses', 'rdqueries', 'empty-queries', 'cache-hits', 'cache-misses', 'cpu-user-msec', 'cpu-sys-msec', 'fd-usage', 'dyn-blocked', 'dyn-block-nmg-size', 'packetcache-hits', 'packetcache-misses', 'over-capacity-drops', - 'too-old-drops'] + 'too-old-drops', 'proxy-protocol-invalid', 'doh-query-pipe-full', 'doh-response-pipe-full'] for key in expected: self.assertIn(key, content) -- 2.47.2