3 * Copyright (C) 2006 Florian octo Forster
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version.
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 * General Public License for more details.
15 * You should have received a copy of the GNU General Public License along
16 * with this program; if not, write to the Free Software Foundation, Inc.,
17 * 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
20 * Florian octo Forster <octo at verplant.org>
26 #include "configfile.h"
27 #include "utils_debug.h"
28 #include "utils_dns.h"
30 #define MODULE_NAME "dns"
32 #if HAVE_LIBPCAP && HAVE_LIBPTHREAD
35 # include <sys/poll.h>
36 # define DNS_HAVE_READ 1
38 # define DNS_HAVE_READ 0
49 struct counter_list_s *next;
51 typedef struct counter_list_s counter_list_t;
57 static char *traffic_file = "dns/dns_traffic.rrd";
58 static char *qtype_file = "dns/qtype-%s.rrd";
59 static char *opcode_file = "dns/opcode-%s.rrd";
60 static char *rcode_file = "dns/rcode-%s.rrd";
62 static char *traffic_ds_def[] =
64 /* Limit to 1GBit/s */
65 "DS:queries:COUNTER:"COLLECTD_HEARTBEAT":0:125000000",
66 "DS:responses:COUNTER:"COLLECTD_HEARTBEAT":0:125000000",
69 static int traffic_ds_num = 2;
71 static char *qtype_ds_def[] =
73 "DS:value:COUNTER:"COLLECTD_HEARTBEAT":0:65535",
76 static int qtype_ds_num = 1;
78 static char *opcode_ds_def[] =
80 "DS:value:COUNTER:"COLLECTD_HEARTBEAT":0:65535",
83 static int opcode_ds_num = 1;
85 static char *rcode_ds_def[] =
87 "DS:value:COUNTER:"COLLECTD_HEARTBEAT":0:65535",
90 static int rcode_ds_num = 1;
93 static char *config_keys[] =
99 static int config_keys_num = 2;
101 #define PCAP_SNAPLEN 1460
102 static char *pcap_device = NULL;
104 static unsigned int tr_queries;
105 static unsigned int tr_responses;
106 static counter_list_t *qtype_list;
107 static counter_list_t *opcode_list;
108 static counter_list_t *rcode_list;
110 static pthread_t listen_thread;
111 static int listen_thread_init = 0;
112 /* The `traffic' mutex if for `tr_queries' and `tr_responses' */
113 static pthread_mutex_t traffic_mutex = PTHREAD_MUTEX_INITIALIZER;
114 static pthread_mutex_t qtype_mutex = PTHREAD_MUTEX_INITIALIZER;
115 static pthread_mutex_t opcode_mutex = PTHREAD_MUTEX_INITIALIZER;
116 static pthread_mutex_t rcode_mutex = PTHREAD_MUTEX_INITIALIZER;
117 #endif /* DNS_HAVE_READ */
123 static counter_list_t *counter_list_search (counter_list_t **list, unsigned int key)
125 counter_list_t *entry;
127 DBG ("counter_list_search (list = %p, key = %u)",
128 (void *) *list, key);
130 for (entry = *list; entry != NULL; entry = entry->next)
131 if (entry->key == key)
134 DBG ("return (%p)", (void *) entry);
138 static counter_list_t *counter_list_create (counter_list_t **list,
139 unsigned int key, unsigned int value)
141 counter_list_t *entry;
143 DBG ("counter_list_create (list = %p, key = %u, value = %u)",
144 (void *) *list, key, value);
146 entry = (counter_list_t *) malloc (sizeof (counter_list_t));
150 memset (entry, 0, sizeof (counter_list_t));
152 entry->value = value;
160 counter_list_t *last;
163 while (last->next != NULL)
169 DBG ("return (%p)", (void *) entry);
173 static void counter_list_add (counter_list_t **list,
174 unsigned int key, unsigned int increment)
176 counter_list_t *entry;
178 DBG ("counter_list_add (list = %p, key = %u, increment = %u)",
179 (void *) *list, key, increment);
181 entry = counter_list_search (list, key);
185 entry->value += increment;
189 counter_list_create (list, key, increment);
194 static int dns_config (char *key, char *value)
196 if (strcasecmp (key, "Interface") == 0)
198 if (pcap_device != NULL)
200 if ((pcap_device = strdup (value)) == NULL)
203 else if (strcasecmp (key, "IgnoreSource") == 0)
206 ignore_list_add_name (value);
216 static void dns_child_callback (const rfc1035_header_t *dns)
220 /* This is a query */
221 pthread_mutex_lock (&traffic_mutex);
222 tr_queries += dns->length;
223 pthread_mutex_unlock (&traffic_mutex);
225 pthread_mutex_lock (&qtype_mutex);
226 counter_list_add (&qtype_list, dns->qtype, 1);
227 pthread_mutex_unlock (&qtype_mutex);
231 /* This is a reply */
232 pthread_mutex_lock (&traffic_mutex);
233 tr_responses += dns->length;
234 pthread_mutex_unlock (&traffic_mutex);
236 pthread_mutex_lock (&rcode_mutex);
237 counter_list_add (&rcode_list, dns->rcode, 1);
238 pthread_mutex_unlock (&rcode_mutex);
241 /* FIXME: Are queries, replies or both interesting? */
242 pthread_mutex_lock (&opcode_mutex);
243 counter_list_add (&opcode_list, dns->opcode, 1);
244 pthread_mutex_unlock (&opcode_mutex);
247 static void *dns_child_loop (void *dummy)
250 char pcap_error[PCAP_ERRBUF_SIZE];
251 struct bpf_program fp;
253 struct pollfd poll_fds[1];
256 /* Don't block any signals */
259 sigemptyset (&sigmask);
260 pthread_sigmask (SIG_SETMASK, &sigmask, NULL);
263 /* Passing `pcap_device == NULL' is okay and the same as passign "any" */
264 DBG ("Creating PCAP object..");
265 pcap_obj = pcap_open_live (pcap_device,
267 0 /* Not promiscuous */,
268 0 /* no read timeout */,
270 if (pcap_obj == NULL)
272 syslog (LOG_ERR, "dns plugin: Opening interface `%s' "
274 (pcap_device != NULL) ? pcap_device : "any",
279 memset (&fp, 0, sizeof (fp));
280 if (pcap_compile (pcap_obj, &fp, "udp port 53", 1, 0) < 0)
282 DBG ("pcap_compile failed");
283 syslog (LOG_ERR, "dns plugin: pcap_compile failed");
286 if (pcap_setfilter (pcap_obj, &fp) < 0)
288 DBG ("pcap_setfilter failed");
289 syslog (LOG_ERR, "dns plugin: pcap_setfilter failed");
293 DBG ("PCAP object created.");
295 dnstop_set_pcap_obj (pcap_obj);
296 dnstop_set_callback (dns_child_callback);
298 /* Set up poll object */
299 poll_fds[0].fd = pcap_fileno (pcap_obj);
300 poll_fds[0].events = POLLIN | POLLPRI;
305 status = poll (poll_fds, 1, -1 /* wait forever for a change */);
307 /* Signals are not caught, but this is very handy when
308 * attaching to the process with a debugger. -octo */
309 if ((status < 0) && (errno == EINTR))
317 syslog (LOG_ERR, "dns plugin: poll(2) failed: %s",
322 if (poll_fds[0].revents & (POLLERR | POLLHUP | POLLNVAL))
324 DBG ("pcap-device closed. Exiting.");
325 syslog (LOG_ERR, "dns plugin: pcap-device closed. Exiting.");
328 else if (poll_fds[0].revents & (POLLIN | POLLPRI))
330 status = pcap_dispatch (pcap_obj,
331 10 /* Only handle 10 packets at a time */,
332 handle_pcap /* callback */,
333 NULL /* Whatever this means.. */);
336 DBG ("pcap_dispatch failed: %s", pcap_geterr (pcap_obj));
337 syslog (LOG_ERR, "dns plugin: pcap_dispatch failed: %s",
338 pcap_geterr (pcap_obj));
344 DBG ("child is exiting");
346 pcap_close (pcap_obj);
350 } /* static void dns_child_loop (void) */
351 #endif /* DNS_HAVE_READ */
353 static void dns_init (void)
356 /* clean up an old thread */
359 pthread_mutex_lock (&traffic_mutex);
362 pthread_mutex_unlock (&traffic_mutex);
364 if (listen_thread_init != 0)
367 status = pthread_create (&listen_thread, NULL, dns_child_loop,
371 syslog (LOG_ERR, "dns plugin: pthread_create failed: %s",
376 listen_thread_init = 1;
377 #endif /* DNS_HAVE_READ */
380 static void traffic_write (char *host, char *inst, char *val)
382 rrd_update_file (host, traffic_file, val,
383 traffic_ds_def, traffic_ds_num);
386 static void qtype_write (char *host, char *inst, char *val)
391 status = snprintf (file, 512, qtype_file, inst);
394 else if (status >= 512)
397 rrd_update_file (host, file, val, qtype_ds_def, qtype_ds_num);
400 static void rcode_write (char *host, char *inst, char *val)
405 status = snprintf (file, 512, rcode_file, inst);
408 else if (status >= 512)
411 rrd_update_file (host, file, val, rcode_ds_def, rcode_ds_num);
414 static void opcode_write (char *host, char *inst, char *val)
419 status = snprintf (file, 512, opcode_file, inst);
422 else if (status >= 512)
425 rrd_update_file (host, file, val, opcode_ds_def, opcode_ds_num);
429 static void traffic_submit (unsigned int queries, unsigned int replies)
434 status = snprintf (buffer, 64, "N:%u:%u", queries, replies);
435 if ((status < 1) || (status >= 64))
438 plugin_submit ("dns_traffic", "-", buffer);
441 static void qtype_submit (int qtype, unsigned int counter)
447 strncpy (inst, qtype_str (qtype), 32);
450 status = snprintf (buffer, 32, "N:%u", counter);
451 if ((status < 1) || (status >= 32))
454 plugin_submit ("dns_qtype", inst, buffer);
457 static void rcode_submit (int rcode, unsigned int counter)
463 strncpy (inst, rcode_str (rcode), 32);
466 status = snprintf (buffer, 32, "N:%u", counter);
467 if ((status < 1) || (status >= 32))
470 plugin_submit ("dns_rcode", inst, buffer);
473 static void opcode_submit (int opcode, unsigned int counter)
479 strncpy (inst, opcode_str (opcode), 32);
482 status = snprintf (buffer, 32, "N:%u", counter);
483 if ((status < 1) || (status >= 32))
486 plugin_submit ("dns_opcode", inst, buffer);
489 static void dns_read (void)
491 unsigned int keys[T_MAX];
492 unsigned int values[T_MAX];
498 pthread_mutex_lock (&traffic_mutex);
499 values[0] = tr_queries;
500 values[1] = tr_responses;
501 pthread_mutex_unlock (&traffic_mutex);
502 traffic_submit (values[0], values[1]);
504 pthread_mutex_lock (&qtype_mutex);
505 for (ptr = qtype_list, len = 0;
506 (ptr != NULL) && (len < T_MAX);
507 ptr = ptr->next, len++)
509 keys[len] = ptr->key;
510 values[len] = ptr->value;
512 pthread_mutex_unlock (&qtype_mutex);
514 for (i = 0; i < len; i++)
516 DBG ("qtype = %u; counter = %u;", keys[i], values[i]);
517 qtype_submit (keys[i], values[i]);
520 pthread_mutex_lock (&opcode_mutex);
521 for (ptr = opcode_list, len = 0;
522 (ptr != NULL) && (len < T_MAX);
523 ptr = ptr->next, len++)
525 keys[len] = ptr->key;
526 values[len] = ptr->value;
528 pthread_mutex_unlock (&opcode_mutex);
530 for (i = 0; i < len; i++)
532 DBG ("opcode = %u; counter = %u;", keys[i], values[i]);
533 opcode_submit (keys[i], values[i]);
536 pthread_mutex_lock (&rcode_mutex);
537 for (ptr = rcode_list, len = 0;
538 (ptr != NULL) && (len < T_MAX);
539 ptr = ptr->next, len++)
541 keys[len] = ptr->key;
542 values[len] = ptr->value;
544 pthread_mutex_unlock (&rcode_mutex);
546 for (i = 0; i < len; i++)
548 DBG ("rcode = %u; counter = %u;", keys[i], values[i]);
549 rcode_submit (keys[i], values[i]);
552 #else /* if !DNS_HAVE_READ */
553 # define dns_read NULL
556 void module_register (void)
558 plugin_register (MODULE_NAME, dns_init, dns_read, NULL);
559 plugin_register ("dns_traffic", NULL, NULL, traffic_write);
560 plugin_register ("dns_qtype", NULL, NULL, qtype_write);
561 plugin_register ("dns_rcode", NULL, NULL, rcode_write);
562 plugin_register ("dns_opcode", NULL, NULL, opcode_write);
564 cf_register (MODULE_NAME, dns_config, config_keys, config_keys_num);