add separate query counters for new protocols

author Aydın Mercan <aydin@isc.org>

Fri, 4 Oct 2024 10:14:52 +0000 (13:14 +0300)

committer Aydın Mercan <aydin@isc.org>

Mon, 25 Nov 2024 10:07:29 +0000 (13:07 +0300)
author Aydın Mercan <aydin@isc.org>
Fri, 4 Oct 2024 10:14:52 +0000 (13:14 +0300)
committer Aydın Mercan <aydin@isc.org>
Mon, 25 Nov 2024 10:07:29 +0000 (13:07 +0300)
diff --git a/bin/named/statschannel.c b/bin/named/statschannel.c

index 52685c0b230edd2e6b7bf12e93a35982c991672a..887f21a1ed11e6ba535226b5c3ae349cf515d6fc 100644 (file)
--- a/bin/named/statschannel.c
+++ b/bin/named/statschannel.c
@@ -339,6 +339,21 @@ init_desc(void) {
                        "RPZRewrites");
         SET_NSSTATDESC(udp, "UDP queries received", "QryUDP");
         SET_NSSTATDESC(tcp, "TCP queries received", "QryTCP");
+       SET_NSSTATDESC(dot, "DoT queries received", "QryDoT");
+       SET_NSSTATDESC(doh, "DoH queries received", "QryDoH");
+       SET_NSSTATDESC(dohplain, "DoH-Plain queries received", "QryDoHPlain");
+       SET_NSSTATDESC(proxyudp, "PROXYv2 UDP queries received", "QryProxyUDP");
+       SET_NSSTATDESC(proxytcp, "PROXYv2 TCP queries received", "QryProxyTCP");
+       SET_NSSTATDESC(proxydot, "PROXYv2 DoT queries received", "QryProxyDoT");
+       SET_NSSTATDESC(proxydoh, "PROXYv2 DoH queries received", "QryProxyDoH");
+       SET_NSSTATDESC(proxydohplain, "PROXYv2/DoH-Plain queries received",
+                      "QryProxyDoHPlain");
+       SET_NSSTATDESC(encryptedproxydot,
+                      "Encrypted PROXYv2 DoT queries received",
+                      "QryEncryptedProxyDoT");
+       SET_NSSTATDESC(encryptedproxydoh,
+                      "Encrypted PROXYv2 DoH queries received",
+                      "QryEncryptedProxyDoH");
         SET_NSSTATDESC(nsidopt, "NSID option received", "NSIDOpt");
         SET_NSSTATDESC(expireopt, "Expire option received", "ExpireOpt");
         SET_NSSTATDESC(keepaliveopt, "EDNS TCP keepalive option received",
diff --git a/lib/isc/include/isc/netmgr.h b/lib/isc/include/isc/netmgr.h

index 50b2b784e87623d95512657c53e6cb6b1392f052..21babdebadd318db3e126c03098d375d0ffa9530 100644 (file)
--- a/lib/isc/include/isc/netmgr.h
+++ b/lib/isc/include/isc/netmgr.h
@@ -657,6 +657,12 @@ isc_nm_is_proxy_handle(isc_nmhandle_t *handle);
   * connection.
   */
  
+isc_nm_proxy_type_t
+isc_nmhandle_proxy_type(isc_nmhandle_t *handle);
+/*%<
+ * Returns the PROXYv2 type associated with 'handle'.
+ */
+
  isc_result_t
  isc_nm_listentls(isc_nm_t *mgr, uint32_t workers, isc_sockaddr_t *iface,
                  isc_nm_accept_cb_t accept_cb, void *accept_cbarg, int backlog,
diff --git a/lib/isc/netmgr/netmgr.c b/lib/isc/netmgr/netmgr.c

index 70519621c7a2f1ecf19f15c2daaba1dfcd290082..c8e67fafda90c7e47583855e52fed54be7468d8f 100644 (file)
--- a/lib/isc/netmgr/netmgr.c
+++ b/lib/isc/netmgr/netmgr.c
@@ -2397,6 +2397,26 @@ isc_nm_socket_type(const isc_nmhandle_t *handle) {
         return handle->sock->type;
  }
  
+isc_nm_proxy_type_t
+isc_nmhandle_proxy_type(isc_nmhandle_t *handle) {
+       isc_nmhandle_t *proxyhandle;
+
+       REQUIRE(VALID_NMHANDLE(handle));
+       REQUIRE(VALID_NMSOCK(handle->sock));
+
+       proxyhandle = get_proxy_handle(handle);
+
+       if (proxyhandle == NULL) {
+               return ISC_NM_PROXY_NONE;
+       }
+
+       if (isc_nm_has_encryption(proxyhandle)) {
+               return ISC_NM_PROXY_ENCRYPTED;
+       }
+
+       return ISC_NM_PROXY_PLAIN;
+}
+
  bool
  isc_nm_has_encryption(const isc_nmhandle_t *handle) {
         REQUIRE(VALID_NMHANDLE(handle));
diff --git a/lib/ns/include/ns/stats.h b/lib/ns/include/ns/stats.h

index 766ba37a56dd49bb28d5f10d22c2bd23199ec17f..5dabdb216f0d04d738b6d206454e31d6806d8e3b 100644 (file)
--- a/lib/ns/include/ns/stats.h
+++ b/lib/ns/include/ns/stats.h
@@ -114,7 +114,19 @@ enum {
  
         ns_statscounter_recurshighwater = 68,
  
-       ns_statscounter_max = 69,
+       ns_statscounter_dot = 69,
+       ns_statscounter_doh = 70,
+       ns_statscounter_dohplain = 71,
+
+       ns_statscounter_proxyudp = 72,
+       ns_statscounter_proxytcp = 73,
+       ns_statscounter_proxydot = 74,
+       ns_statscounter_proxydoh = 75,
+       ns_statscounter_proxydohplain = 76,
+       ns_statscounter_encryptedproxydot = 77,
+       ns_statscounter_encryptedproxydoh = 78,
+
+       ns_statscounter_max = 79,
  };
  
  void
diff --git a/lib/ns/query.c b/lib/ns/query.c

index bf11644c75304ff8c4086f201628e39592992fd9..ee7b83a4f78a562d6d10eaeb6e8465b839959532 100644 (file)
--- a/lib/ns/query.c
+++ b/lib/ns/query.c
@@ -5622,11 +5622,84 @@ ns__query_start(query_ctx_t *qctx) {
                 }
                 qctx->client->query.authdbset = true;
  
-               /* Track TCP vs UDP stats per zone */
-               if (TCP(qctx->client)) {
-                       inc_stats(qctx->client, ns_statscounter_tcp);
-               } else {
+               isc_nmhandle_t *handle = qctx->client->handle;
+
+               /* Track protocol stats per zone */
+               switch (isc_nm_socket_type(handle)) {
+               case isc_nm_httpsocket:
+                       switch (isc_nmhandle_proxy_type(handle)) {
+                       case ISC_NM_PROXY_ENCRYPTED:
+                               /* Encrypted PROXYv2 cannot carry plain DoH */
+                               INSIST(isc_nm_has_encryption(handle));
+                               inc_stats(qctx->client,
+                                         ns_statscounter_encryptedproxydoh);
+                               break;
+                       case ISC_NM_PROXY_PLAIN:
+                               if (isc_nm_has_encryption(handle)) {
+                                       inc_stats(qctx->client,
+                                                 ns_statscounter_proxydoh);
+                               } else {
+                                       inc_stats(
+                                               qctx->client,
+                                               ns_statscounter_proxydohplain);
+                               }
+                               break;
+                       case ISC_NM_PROXY_NONE:
+                               if (isc_nm_has_encryption(handle)) {
+                                       inc_stats(qctx->client,
+                                                 ns_statscounter_doh);
+                               } else {
+                                       inc_stats(qctx->client,
+                                                 ns_statscounter_dohplain);
+                               }
+                               break;
+                       }
+                       break;
+               case isc_nm_streamdnssocket:
+                       switch (isc_nmhandle_proxy_type(handle)) {
+                       case ISC_NM_PROXY_ENCRYPTED:
+                               inc_stats(qctx->client,
+                                         ns_statscounter_encryptedproxydot);
+                               break;
+                       case ISC_NM_PROXY_PLAIN:
+                               if (isc_nm_has_encryption(handle)) {
+                                       inc_stats(qctx->client,
+                                                 ns_statscounter_proxydot);
+
+                               } else {
+                                       /*
+                                        * If the StreamDNS socket doesn't have
+                                        * encryption, it has to be plain TCP
+                                        * DNS.
+                                        */
+                                       inc_stats(qctx->client,
+                                                 ns_statscounter_proxytcp);
+                               }
+                               break;
+                       case ISC_NM_PROXY_NONE:
+                               if (isc_nm_has_encryption(handle)) {
+                                       inc_stats(qctx->client,
+                                                 ns_statscounter_dot);
+                               } else {
+                                       /*
+                                        * If the StreamDNS socket doesn't have
+                                        * encryption, it has to be plain TCP
+                                        * DNS.
+                                        */
+                                       inc_stats(qctx->client,
+                                                 ns_statscounter_tcp);
+                               }
+                               break;
+                       }
+                       break;
+               case isc_nm_proxyudpsocket:
+                       inc_stats(qctx->client, ns_statscounter_proxyudp);
+                       break;
+               case isc_nm_udpsocket:
                         inc_stats(qctx->client, ns_statscounter_udp);
+                       break;
+               default:
+                       UNREACHABLE();
                 }
         }
author	Aydın Mercan <aydin@isc.org>
	Fri, 4 Oct 2024 10:14:52 +0000 (13:14 +0300)
committer	Aydın Mercan <aydin@isc.org>
	Mon, 25 Nov 2024 10:07:29 +0000 (13:07 +0300)
bin/named/statschannel.c		patch \| blob \| blame \| history
lib/isc/include/isc/netmgr.h		patch \| blob \| blame \| history
lib/isc/netmgr/netmgr.c		patch \| blob \| blame \| history
lib/ns/include/ns/stats.h		patch \| blob \| blame \| history
lib/ns/query.c		patch \| blob \| blame \| history