diff --git a/src/Makefile.am b/src/Makefile.am index c10c2173..deaf534c 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -23,7 +23,7 @@ dsc_SOURCES = asn_index.c certain_qnames_index.c client_index.c \ idn_qname_index.c inX_addr.c ip_direction_index.c ip_proto_index.c \ ip_version_index.c md_array.c md_array_json_printer.c \ md_array_xml_printer.c msglen_index.c null_index.c opcode_index.c \ - parse_conf.c pcap.c qclass_index.c qname_index.c qnamelen_index.c \ + parse_conf.c pcap.c qclass_index.c qname_index.c qnamelen_index.c label_count_index.c \ qr_aa_bits_index.c qtype_index.c query_classification_index.c rcode_index.c \ rd_bit_index.c server_ip_addr_index.c tc_bit_index.c tld_index.c \ transport_index.c xmalloc.c response_time_index.c tld_list.c \ @@ -37,7 +37,7 @@ dist_dsc_SOURCES = asn_index.h base64.h certain_qnames_index.h client_index.h \ do_bit_index.h edns_bufsiz_index.h edns_version_index.h geoip.h hashtbl.h \ idn_qname_index.h inX_addr.h ip_direction_index.h ip_proto_index.h \ ip_version_index.h md_array.h msglen_index.h null_index.h opcode_index.h \ - parse_conf.h pcap.h qclass_index.h qname_index.h qnamelen_index.h \ + parse_conf.h pcap.h qclass_index.h qname_index.h qnamelen_index.h label_count_index.h \ qr_aa_bits_index.h qtype_index.h query_classification_index.h rcode_index.h \ rd_bit_index.h server_ip_addr_index.h syslog_debug.h tc_bit_index.h \ tld_index.h transport_index.h xmalloc.h response_time_index.h tld_list.h \ diff --git a/src/dns_message.c b/src/dns_message.c index a5926756..0295aba3 100644 --- a/src/dns_message.c +++ b/src/dns_message.c @@ -52,6 +52,7 @@ #include "client_subnet_index.h" #include "server_ip_addr_index.h" #include "qnamelen_index.h" +#include "label_count_index.h" #include "qname_index.h" #include "msglen_index.h" #include "certain_qnames_index.h" @@ -91,6 +92,7 @@ static indexer indexers[] = { { "null", 0, null_indexer, null_iterator }, { "qclass", 0, qclass_indexer, qclass_iterator, qclass_reset }, { "qnamelen", 0, qnamelen_indexer, qnamelen_iterator, qnamelen_reset }, + { "label_count", 0, label_count_indexer, label_count_iterator, label_count_reset }, { "qname", 0, qname_indexer, qname_iterator, qname_reset }, { "second_ld", 0, second_ld_indexer, second_ld_iterator, second_ld_reset }, { "third_ld", 0, third_ld_indexer, third_ld_iterator, third_ld_reset }, diff --git a/src/dsc.conf.5.in b/src/dsc.conf.5.in index 26f313c8..feb3fb93 100644 --- a/src/dsc.conf.5.in +++ b/src/dsc.conf.5.in @@ -535,6 +535,11 @@ section. Note this is the \*(lqexpanded\*(rq length if the message happens to take advantage of DNS message \*(lqcompression\*(rq. .TP +\fBlabel_count\fR +The number of labels (between "." dots) in the first (and usually only) +QNAME in a DNS message question section. +Note that a value of 0 (zero) means DNS root (.). +.TP \fBqtype\fR The query type (QTYPE) for the first QNAME in the DNS message question section. @@ -946,6 +951,7 @@ dataset direction_vs_ipproto ip Direction:ip_direction IPProto:ip_proto any; #dataset qr_aa_bits dns Direction:ip_direction QRAABits:qr_aa_bits any; #dataset servfail_qname dns ALL:null Qname:qname servfail-only,replies-only; #dataset ad_qname dns ALL:null Qname:qname authentic-data-only,replies-only; +#dataset label_count dns All:null LabelCount:label_count any; #statistics_interval 60; #no_wait_interval; diff --git a/src/dsc.conf.sample.in b/src/dsc.conf.sample.in index 51d736d4..88808535 100644 --- a/src/dsc.conf.sample.in +++ b/src/dsc.conf.sample.in @@ -167,6 +167,7 @@ dataset client_port_range dns All:null PortRange:dns_sport_range queries-only; dataset direction_vs_ipproto ip Direction:ip_direction IPProto:ip_proto any; #dataset dns_ip_version_vs_qtype dns IPVersion:dns_ip_version Qtype:qtype queries-only; #dataset response_time dns All:null ResponseTime:response_time; +#dataset label_count dns All:null LabelCount:label_count any; # datasets for collecting data on priming queries at root nameservers #dataset priming_queries dns Transport:transport EDNSBufSiz:edns_bufsiz priming-query,queries-only; diff --git a/src/label_count_index.c b/src/label_count_index.c new file mode 100644 index 00000000..23e0004c --- /dev/null +++ b/src/label_count_index.c @@ -0,0 +1,87 @@ +/* + * Copyright (c) 2008-2022, OARC, Inc. + * Copyright (c) 2007-2008, Internet Systems Consortium, Inc. + * Copyright (c) 2003-2007, The Measurement Factory, Inc. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. Neither the name of the copyright holder nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER + * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN + * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + */ + +#include "config.h" + +#include "label_count_index.h" + +#include + +static int largest = 0; + +#define MAX_LABELS 64 + +int label_count_indexer(const dns_message* m) +{ + if (m->malformed) + return -1; + + int i, count = 1; + int len = strlen(m->qname); + if (len == 0 || (len == 1 && m->qname[0] == '.')) { + count = 0; + } else { + for (i = 0; i < len; i++) + if (m->qname[i] == '.') + count++; + } + if (count >= MAX_LABELS) + count = MAX_LABELS - 1; + if (count > largest) + largest = count; + return count; +} + +static int next_iter; + +int label_count_iterator(const char** label) +{ + static char label_buf[10]; + if (NULL == label) { + next_iter = 0; + return largest + 1; + } + if (next_iter > largest) + return -1; + snprintf(label_buf, sizeof(label_buf), "%d", next_iter); + *label = label_buf; + return next_iter++; +} + +void label_count_reset() +{ + largest = 0; +} diff --git a/src/label_count_index.h b/src/label_count_index.h new file mode 100644 index 00000000..d621be4d --- /dev/null +++ b/src/label_count_index.h @@ -0,0 +1,46 @@ +/* + * Copyright (c) 2008-2022, OARC, Inc. + * Copyright (c) 2007-2008, Internet Systems Consortium, Inc. + * Copyright (c) 2003-2007, The Measurement Factory, Inc. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. Neither the name of the copyright holder nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER + * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN + * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + */ + +#ifndef __dsc_label_count_index_h +#define __dsc_label_count_index_h + +#include "dns_message.h" + +int label_count_indexer(const dns_message*); +int label_count_iterator(const char** label); +void label_count_reset(void); + +#endif /* __dsc_label_count_index_h */ diff --git a/src/test/1458044657.conf b/src/test/1458044657.conf index 18cc32b0..2e7343c0 100644 --- a/src/test/1458044657.conf +++ b/src/test/1458044657.conf @@ -44,6 +44,7 @@ dataset qr_aa_bits dns Direction:ip_direction QRAABits:qr_aa_bits any; dataset server dns All:null IP:server any; dataset second_ld_vs_rcode dns Rcode:rcode SecondLD:second_ld replies-only max-cells=50; dataset third_ld_vs_rcode dns Rcode:rcode ThirdLD:third_ld replies-only max-cells=50; +dataset label_count dns All:null LabelCount:label_count any; output_format XML; output_format JSON; tld_list ./1458044657.tld_list.dist; diff --git a/src/test/1458044657.json_gold b/src/test/1458044657.json_gold index cdfba86a..3c24ab55 100644 --- a/src/test/1458044657.json_gold +++ b/src/test/1458044657.json_gold @@ -14,6 +14,21 @@ } ] }, +{ + "name": "label_count", + "start_time": 1458044655, + "stop_time": 1458044657, + "dimensions": [ "All", "LabelCount" ], + "data": [ + { + "All": "ALL", + "LabelCount": [ + { "val": "3", "count": 4 }, + { "val": "6", "count": 4 } + ] + } + ] +}, { "name": "third_ld_vs_rcode", "start_time": 1458044655, diff --git a/src/test/1458044657.xml_gold b/src/test/1458044657.xml_gold index a2a20539..e2a2a0fe 100644 --- a/src/test/1458044657.xml_gold +++ b/src/test/1458044657.xml_gold @@ -8,6 +8,16 @@ + + + + + + + + + +