3 * Copyright (C) 2006,2007 Florian octo Forster
4 * Copyright (C) 2009 Mirko Buffoni
6 * This program is free software; you can redistribute it and/or modify it
7 * under the terms of the GNU General Public License as published by the
8 * Free Software Foundation; only version 2 of the License is applicable.
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 * General Public License for more details.
15 * You should have received a copy of the GNU General Public License along
16 * with this program; if not, write to the Free Software Foundation, Inc.,
17 * 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
20 * Florian octo Forster <octo at verplant.org>
21 * Mirko Buffoni <briareos at eswat.org>
29 #include "configfile.h"
31 #include "utils_dns.h"
43 struct counter_list_s *next;
45 typedef struct counter_list_s counter_list_t;
50 static const char *config_keys[] =
54 "SelectNumericQueryTypes"
56 static int config_keys_num = STATIC_ARRAY_SIZE (config_keys);
57 static int select_numeric_qtype = 1;
59 #define PCAP_SNAPLEN 1460
60 static char *pcap_device = NULL;
62 static counter_t tr_queries;
63 static counter_t tr_responses;
64 static counter_list_t *qtype_list;
65 static counter_list_t *opcode_list;
66 static counter_list_t *rcode_list;
68 static pthread_t listen_thread;
69 static int listen_thread_init = 0;
70 /* The `traffic' mutex if for `tr_queries' and `tr_responses' */
71 static pthread_mutex_t traffic_mutex = PTHREAD_MUTEX_INITIALIZER;
72 static pthread_mutex_t qtype_mutex = PTHREAD_MUTEX_INITIALIZER;
73 static pthread_mutex_t opcode_mutex = PTHREAD_MUTEX_INITIALIZER;
74 static pthread_mutex_t rcode_mutex = PTHREAD_MUTEX_INITIALIZER;
79 static counter_list_t *counter_list_search (counter_list_t **list, unsigned int key)
81 counter_list_t *entry;
83 DEBUG ("counter_list_search (list = %p, key = %u)",
86 for (entry = *list; entry != NULL; entry = entry->next)
87 if (entry->key == key)
90 DEBUG ("return (%p)", (void *) entry);
94 static counter_list_t *counter_list_create (counter_list_t **list,
95 unsigned int key, unsigned int value)
97 counter_list_t *entry;
99 DEBUG ("counter_list_create (list = %p, key = %u, value = %u)",
100 (void *) *list, key, value);
102 entry = (counter_list_t *) malloc (sizeof (counter_list_t));
106 memset (entry, 0, sizeof (counter_list_t));
108 entry->value = value;
116 counter_list_t *last;
119 while (last->next != NULL)
125 DEBUG ("return (%p)", (void *) entry);
129 static void counter_list_add (counter_list_t **list,
130 unsigned int key, unsigned int increment)
132 counter_list_t *entry;
134 DEBUG ("counter_list_add (list = %p, key = %u, increment = %u)",
135 (void *) *list, key, increment);
137 entry = counter_list_search (list, key);
141 entry->value += increment;
145 counter_list_create (list, key, increment);
150 static int dns_config (const char *key, const char *value)
152 if (strcasecmp (key, "Interface") == 0)
154 if (pcap_device != NULL)
156 if ((pcap_device = strdup (value)) == NULL)
159 else if (strcasecmp (key, "IgnoreSource") == 0)
162 ignore_list_add_name (value);
164 else if (strcasecmp (key, "SelectNumericQueryTypes") == 0)
166 if ((value != NULL) && IS_FALSE (value))
167 select_numeric_qtype = 0;
169 select_numeric_qtype = 1;
179 static void dns_child_callback (const rfc1035_header_t *dns)
183 /* This is a query */
185 if (!select_numeric_qtype)
187 const char *str = qtype_str(dns->qtype);
188 if ((str == NULL) || (str[0] == '#'))
192 pthread_mutex_lock (&traffic_mutex);
193 tr_queries += dns->length;
194 pthread_mutex_unlock (&traffic_mutex);
198 pthread_mutex_lock (&qtype_mutex);
199 counter_list_add (&qtype_list, dns->qtype, 1);
200 pthread_mutex_unlock (&qtype_mutex);
205 /* This is a reply */
206 pthread_mutex_lock (&traffic_mutex);
207 tr_responses += dns->length;
208 pthread_mutex_unlock (&traffic_mutex);
210 pthread_mutex_lock (&rcode_mutex);
211 counter_list_add (&rcode_list, dns->rcode, 1);
212 pthread_mutex_unlock (&rcode_mutex);
215 /* FIXME: Are queries, replies or both interesting? */
216 pthread_mutex_lock (&opcode_mutex);
217 counter_list_add (&opcode_list, dns->opcode, 1);
218 pthread_mutex_unlock (&opcode_mutex);
221 static void *dns_child_loop (void __attribute__((unused)) *dummy)
224 char pcap_error[PCAP_ERRBUF_SIZE];
225 struct bpf_program fp;
229 /* Don't block any signals */
232 sigemptyset (&sigmask);
233 pthread_sigmask (SIG_SETMASK, &sigmask, NULL);
236 /* Passing `pcap_device == NULL' is okay and the same as passign "any" */
237 DEBUG ("dns plugin: Creating PCAP object..");
238 pcap_obj = pcap_open_live ((pcap_device != NULL) ? pcap_device : "any",
240 0 /* Not promiscuous */,
243 if (pcap_obj == NULL)
245 ERROR ("dns plugin: Opening interface `%s' "
247 (pcap_device != NULL) ? pcap_device : "any",
252 memset (&fp, 0, sizeof (fp));
253 if (pcap_compile (pcap_obj, &fp, "udp port 53", 1, 0) < 0)
255 ERROR ("dns plugin: pcap_compile failed");
258 if (pcap_setfilter (pcap_obj, &fp) < 0)
260 ERROR ("dns plugin: pcap_setfilter failed");
264 DEBUG ("PCAP object created.");
266 dnstop_set_pcap_obj (pcap_obj);
267 dnstop_set_callback (dns_child_callback);
269 status = pcap_loop (pcap_obj,
270 -1 /* loop forever */,
271 handle_pcap /* callback */,
272 NULL /* Whatever this means.. */);
274 ERROR ("dns plugin: Listener thread is exiting "
275 "abnormally: %s", pcap_geterr (pcap_obj));
277 DEBUG ("child is exiting");
279 pcap_close (pcap_obj);
280 listen_thread_init = 0;
284 } /* static void dns_child_loop (void) */
286 static int dns_init (void)
288 /* clean up an old thread */
291 pthread_mutex_lock (&traffic_mutex);
294 pthread_mutex_unlock (&traffic_mutex);
296 if (listen_thread_init != 0)
299 status = pthread_create (&listen_thread, NULL, dns_child_loop,
304 ERROR ("dns plugin: pthread_create failed: %s",
305 sstrerror (errno, errbuf, sizeof (errbuf)));
309 listen_thread_init = 1;
314 static void submit_counter (const char *type, const char *type_instance,
318 value_list_t vl = VALUE_LIST_INIT;
320 values[0].counter = value;
324 sstrncpy (vl.host, hostname_g, sizeof (vl.host));
325 sstrncpy (vl.plugin, "dns", sizeof (vl.plugin));
326 sstrncpy (vl.type, type, sizeof (vl.type));
327 sstrncpy (vl.type_instance, type_instance, sizeof (vl.type_instance));
329 plugin_dispatch_values (&vl);
330 } /* void submit_counter */
332 static void submit_octets (counter_t queries, counter_t responses)
335 value_list_t vl = VALUE_LIST_INIT;
337 values[0].counter = queries;
338 values[1].counter = responses;
342 sstrncpy (vl.host, hostname_g, sizeof (vl.host));
343 sstrncpy (vl.plugin, "dns", sizeof (vl.plugin));
344 sstrncpy (vl.type, "dns_octets", sizeof (vl.type));
346 plugin_dispatch_values (&vl);
347 } /* void submit_counter */
349 static int dns_read (void)
351 unsigned int keys[T_MAX];
352 unsigned int values[T_MAX];
358 pthread_mutex_lock (&traffic_mutex);
359 values[0] = tr_queries;
360 values[1] = tr_responses;
361 pthread_mutex_unlock (&traffic_mutex);
363 if ((values[0] != 0) || (values[1] != 0))
364 submit_octets (values[0], values[1]);
366 pthread_mutex_lock (&qtype_mutex);
367 for (ptr = qtype_list, len = 0;
368 (ptr != NULL) && (len < T_MAX);
369 ptr = ptr->next, len++)
371 keys[len] = ptr->key;
372 values[len] = ptr->value;
374 pthread_mutex_unlock (&qtype_mutex);
376 for (i = 0; i < len; i++)
378 DEBUG ("qtype = %u; counter = %u;", keys[i], values[i]);
379 submit_counter ("dns_qtype", qtype_str (keys[i]), values[i]);
382 pthread_mutex_lock (&opcode_mutex);
383 for (ptr = opcode_list, len = 0;
384 (ptr != NULL) && (len < T_MAX);
385 ptr = ptr->next, len++)
387 keys[len] = ptr->key;
388 values[len] = ptr->value;
390 pthread_mutex_unlock (&opcode_mutex);
392 for (i = 0; i < len; i++)
394 DEBUG ("opcode = %u; counter = %u;", keys[i], values[i]);
395 submit_counter ("dns_opcode", opcode_str (keys[i]), values[i]);
398 pthread_mutex_lock (&rcode_mutex);
399 for (ptr = rcode_list, len = 0;
400 (ptr != NULL) && (len < T_MAX);
401 ptr = ptr->next, len++)
403 keys[len] = ptr->key;
404 values[len] = ptr->value;
406 pthread_mutex_unlock (&rcode_mutex);
408 for (i = 0; i < len; i++)
410 DEBUG ("rcode = %u; counter = %u;", keys[i], values[i]);
411 submit_counter ("dns_rcode", rcode_str (keys[i]), values[i]);
417 void module_register (void)
419 plugin_register_config ("dns", dns_config, config_keys, config_keys_num);
420 plugin_register_init ("dns", dns_init);
421 plugin_register_read ("dns", dns_read);
422 } /* void module_register */