3 * Copyright (C) 2006,2007 Florian octo Forster
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; only version 2 of the License is applicable.
9 * This program is distributed in the hope that it will be useful, but
10 * WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12 * General Public License for more details.
14 * You should have received a copy of the GNU General Public License along
15 * with this program; if not, write to the Free Software Foundation, Inc.,
16 * 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
19 * Florian octo Forster <octo at verplant.org>
25 #include "configfile.h"
27 #if HAVE_LIBPCAP && HAVE_LIBPTHREAD
28 # include "utils_dns.h"
32 # define DNS_HAVE_READ 1
34 # define DNS_HAVE_READ 0
45 struct counter_list_s *next;
47 typedef struct counter_list_s counter_list_t;
54 static const char *config_keys[] =
60 static int config_keys_num = 2;
62 #define PCAP_SNAPLEN 1460
63 static char *pcap_device = NULL;
65 static counter_t tr_queries;
66 static counter_t tr_responses;
67 static counter_list_t *qtype_list;
68 static counter_list_t *opcode_list;
69 static counter_list_t *rcode_list;
71 static pthread_t listen_thread;
72 static int listen_thread_init = 0;
73 /* The `traffic' mutex if for `tr_queries' and `tr_responses' */
74 static pthread_mutex_t traffic_mutex = PTHREAD_MUTEX_INITIALIZER;
75 static pthread_mutex_t qtype_mutex = PTHREAD_MUTEX_INITIALIZER;
76 static pthread_mutex_t opcode_mutex = PTHREAD_MUTEX_INITIALIZER;
77 static pthread_mutex_t rcode_mutex = PTHREAD_MUTEX_INITIALIZER;
78 #endif /* DNS_HAVE_READ */
84 static counter_list_t *counter_list_search (counter_list_t **list, unsigned int key)
86 counter_list_t *entry;
88 DEBUG ("counter_list_search (list = %p, key = %u)",
91 for (entry = *list; entry != NULL; entry = entry->next)
92 if (entry->key == key)
95 DEBUG ("return (%p)", (void *) entry);
99 static counter_list_t *counter_list_create (counter_list_t **list,
100 unsigned int key, unsigned int value)
102 counter_list_t *entry;
104 DEBUG ("counter_list_create (list = %p, key = %u, value = %u)",
105 (void *) *list, key, value);
107 entry = (counter_list_t *) malloc (sizeof (counter_list_t));
111 memset (entry, 0, sizeof (counter_list_t));
113 entry->value = value;
121 counter_list_t *last;
124 while (last->next != NULL)
130 DEBUG ("return (%p)", (void *) entry);
134 static void counter_list_add (counter_list_t **list,
135 unsigned int key, unsigned int increment)
137 counter_list_t *entry;
139 DEBUG ("counter_list_add (list = %p, key = %u, increment = %u)",
140 (void *) *list, key, increment);
142 entry = counter_list_search (list, key);
146 entry->value += increment;
150 counter_list_create (list, key, increment);
155 static int dns_config (const char *key, const char *value)
157 if (strcasecmp (key, "Interface") == 0)
159 if (pcap_device != NULL)
161 if ((pcap_device = strdup (value)) == NULL)
164 else if (strcasecmp (key, "IgnoreSource") == 0)
167 ignore_list_add_name (value);
177 static void dns_child_callback (const rfc1035_header_t *dns)
181 /* This is a query */
182 pthread_mutex_lock (&traffic_mutex);
183 tr_queries += dns->length;
184 pthread_mutex_unlock (&traffic_mutex);
186 pthread_mutex_lock (&qtype_mutex);
187 counter_list_add (&qtype_list, dns->qtype, 1);
188 pthread_mutex_unlock (&qtype_mutex);
192 /* This is a reply */
193 pthread_mutex_lock (&traffic_mutex);
194 tr_responses += dns->length;
195 pthread_mutex_unlock (&traffic_mutex);
197 pthread_mutex_lock (&rcode_mutex);
198 counter_list_add (&rcode_list, dns->rcode, 1);
199 pthread_mutex_unlock (&rcode_mutex);
202 /* FIXME: Are queries, replies or both interesting? */
203 pthread_mutex_lock (&opcode_mutex);
204 counter_list_add (&opcode_list, dns->opcode, 1);
205 pthread_mutex_unlock (&opcode_mutex);
208 static void *dns_child_loop (void *dummy)
211 char pcap_error[PCAP_ERRBUF_SIZE];
212 struct bpf_program fp;
216 /* Don't block any signals */
219 sigemptyset (&sigmask);
220 pthread_sigmask (SIG_SETMASK, &sigmask, NULL);
223 /* Passing `pcap_device == NULL' is okay and the same as passign "any" */
224 DEBUG ("Creating PCAP object..");
225 pcap_obj = pcap_open_live (pcap_device,
227 0 /* Not promiscuous */,
230 if (pcap_obj == NULL)
232 ERROR ("dns plugin: Opening interface `%s' "
234 (pcap_device != NULL) ? pcap_device : "any",
239 memset (&fp, 0, sizeof (fp));
240 if (pcap_compile (pcap_obj, &fp, "udp port 53", 1, 0) < 0)
242 DEBUG ("pcap_compile failed");
243 ERROR ("dns plugin: pcap_compile failed");
246 if (pcap_setfilter (pcap_obj, &fp) < 0)
248 DEBUG ("pcap_setfilter failed");
249 ERROR ("dns plugin: pcap_setfilter failed");
253 DEBUG ("PCAP object created.");
255 dnstop_set_pcap_obj (pcap_obj);
256 dnstop_set_callback (dns_child_callback);
258 status = pcap_loop (pcap_obj,
259 -1 /* loop forever */,
260 handle_pcap /* callback */,
261 NULL /* Whatever this means.. */);
263 ERROR ("dns plugin: Listener thread is exiting "
264 "abnormally: %s", pcap_geterr (pcap_obj));
266 DEBUG ("child is exiting");
268 pcap_close (pcap_obj);
269 listen_thread_init = 0;
273 } /* static void dns_child_loop (void) */
275 static int dns_init (void)
277 /* clean up an old thread */
280 pthread_mutex_lock (&traffic_mutex);
283 pthread_mutex_unlock (&traffic_mutex);
285 if (listen_thread_init != 0)
288 status = pthread_create (&listen_thread, NULL, dns_child_loop,
293 ERROR ("dns plugin: pthread_create failed: %s",
294 sstrerror (errno, errbuf, sizeof (errbuf)));
298 listen_thread_init = 1;
303 static void submit_counter (const char *type, const char *type_instance,
307 value_list_t vl = VALUE_LIST_INIT;
309 values[0].counter = value;
313 vl.time = time (NULL);
314 strcpy (vl.host, hostname_g);
315 strcpy (vl.plugin, "dns");
316 strncpy (vl.type_instance, type_instance, sizeof (vl.type_instance));
318 plugin_dispatch_values (type, &vl);
319 } /* void submit_counter */
321 static void submit_octets (counter_t queries, counter_t responses)
324 value_list_t vl = VALUE_LIST_INIT;
326 values[0].counter = queries;
327 values[1].counter = responses;
331 vl.time = time (NULL);
332 strcpy (vl.host, hostname_g);
333 strcpy (vl.plugin, "dns");
335 plugin_dispatch_values ("dns_octets", &vl);
336 } /* void submit_counter */
338 static int dns_read (void)
340 unsigned int keys[T_MAX];
341 unsigned int values[T_MAX];
347 pthread_mutex_lock (&traffic_mutex);
348 values[0] = tr_queries;
349 values[1] = tr_responses;
350 pthread_mutex_unlock (&traffic_mutex);
352 if ((values[0] != 0) || (values[1] != 0))
353 submit_octets (values[0], values[1]);
355 pthread_mutex_lock (&qtype_mutex);
356 for (ptr = qtype_list, len = 0;
357 (ptr != NULL) && (len < T_MAX);
358 ptr = ptr->next, len++)
360 keys[len] = ptr->key;
361 values[len] = ptr->value;
363 pthread_mutex_unlock (&qtype_mutex);
365 for (i = 0; i < len; i++)
367 DEBUG ("qtype = %u; counter = %u;", keys[i], values[i]);
368 submit_counter ("dns_qtype", qtype_str (keys[i]), values[i]);
371 pthread_mutex_lock (&opcode_mutex);
372 for (ptr = opcode_list, len = 0;
373 (ptr != NULL) && (len < T_MAX);
374 ptr = ptr->next, len++)
376 keys[len] = ptr->key;
377 values[len] = ptr->value;
379 pthread_mutex_unlock (&opcode_mutex);
381 for (i = 0; i < len; i++)
383 DEBUG ("opcode = %u; counter = %u;", keys[i], values[i]);
384 submit_counter ("dns_opcode", opcode_str (keys[i]), values[i]);
387 pthread_mutex_lock (&rcode_mutex);
388 for (ptr = rcode_list, len = 0;
389 (ptr != NULL) && (len < T_MAX);
390 ptr = ptr->next, len++)
392 keys[len] = ptr->key;
393 values[len] = ptr->value;
395 pthread_mutex_unlock (&rcode_mutex);
397 for (i = 0; i < len; i++)
399 DEBUG ("rcode = %u; counter = %u;", keys[i], values[i]);
400 submit_counter ("dns_rcode", rcode_str (keys[i]), values[i]);
407 void module_register (void)
410 plugin_register_config ("dns", dns_config, config_keys, config_keys_num);
411 plugin_register_init ("dns", dns_init);
412 plugin_register_read ("dns", dns_read);
414 } /* void module_register */