RSSAC002v5 label-count metric

- `rssm`: - Rewrote `label-count` metric, no allocation needed - Enabled with `-L` and tagged as `rssac002v5-draft` as v5 not complete yet - `dnscap-rssm-rssac002`: Add `--skip-unsupported` to skip unsupported RSSAC002 versions - Add to tests
DNS-OARC · Sep 7, 2022 · ca7707d · ca7707d
1 parent 3ebee80
commit ca7707d
Show file tree

Hide file tree

Showing 6 changed files with 50 additions and 54 deletions.
diff --git a/plugins/rssm/README.md b/plugins/rssm/README.md
@@ -39,3 +39,4 @@ Options:
   `start-period:` and `metric:`, rest of the values are not ordered by label.
   This option enabled sorting of them, which is not required by the
   specification but may help in debugging and testing cases.
+- `--skip-unsupported`: Skip unsupported RSSAC002 version metrics
diff --git a/plugins/rssm/dnscap-rssm-rssac002 b/plugins/rssm/dnscap-rssm-rssac002
@@ -37,7 +37,7 @@ use warnings;
 use YAML;
 
 unless (scalar @ARGV > 1) {
-    print "usage: dnscap-rssm-rssac002 [--no-recompile|--keep-dnscap-rssm|--sort] <YAML files to merge...>\n";
+    print "usage: dnscap-rssm-rssac002 [--no-recompile|--keep-dnscap-rssm|--sort|--skip-unsupported] <YAML files to merge...>\n";
     exit(1);
 }
 
@@ -46,6 +46,7 @@ my $earliest_start_period;
 my $recompile = 1;
 my $keep_dnscap_rssm = 0;
 my $sort = 0;
+my $skip_unsupported = 0;
 
 foreach my $file (@ARGV) {
     if ($file eq '--no-recompile') {
@@ -57,6 +58,9 @@ foreach my $file (@ARGV) {
     } elsif ($file eq '--sort') {
         $sort = 1;
         next;
+    } elsif ($file eq '--skip-unsupported') {
+        $skip_unsupported = 1;
+        next;
     }
     foreach my $doc (YAML::LoadFile($file)) {
         my $version = delete $doc->{version};
@@ -76,6 +80,9 @@ foreach my $file (@ARGV) {
             die "$file: not valid RSSAC002 YAML, missing metric";
         }
         unless ($version eq 'rssac002v3') {
+            if ($skip_unsupported) {
+                next;
+            }
             die "$file: unsupported RSSAC002 version $version";
         }
 

diff --git a/plugins/rssm/rssm.c b/plugins/rssm/rssm.c
@@ -74,15 +74,18 @@ static int   sources_into_counters    = 0;
 static int   aggregated_into_counters = 0;
 static char* service_name             = 0;
 static int   rssac002v3_yaml          = 0;
-static int   label_count_max          = -1;
+
+// RSSAC002v5 draft metrics
+static int label_count = 0;
+
 output_t rssm_output;
 
 #define MAX_SIZE_INDEX 4096
 #define MSG_SIZE_SHIFT 4
 #define MAX_TBL_ADDRS 2000000
 #define MAX_TBL_ADDRS2 200000
 #define MAX_RCODE (1 << 12)
-#define MAX_LABEL_COUNT 34
+#define MAX_LABELS 128
 
 typedef struct {
     hashtbl*     tbl;
@@ -112,7 +115,7 @@ struct {
     uint64_t    udp_response_size[MAX_SIZE_INDEX];
     uint64_t    tcp_response_size[MAX_SIZE_INDEX];
     uint64_t    rcodes[MAX_RCODE];
-    uint64_t    *label_counts;
+    uint64_t    labels[MAX_LABELS];
     my_hashtbl  sources;
     my_hashtbl2 aggregated;
     uint64_t    num_ipv4_sources;
@@ -180,15 +183,14 @@ void rssm_usage()
         "\t           with the prefix \"aggregated-source\" or ...\n"
         "\t-a <name>  write aggregated IPv6(/64) sources to\n"
         "\t           <name>.<timesec>.<timeusec>\n"
-        "\t-l         enable label-count metric with default max label count (34)\n"
-        "\t-L <cnt>   enable label-count metric with max label count = <cnt>\n"
+        "\t-L         Add \"label-count\" metric (RSSAC002v5 WIP)\n"
         "\t-D         don't fork on close\n");
 }
 
 void rssm_getopt(int* argc, char** argv[])
 {
     int c;
-    while ((c = getopt(*argc, *argv, "?w:Yn:Ss:Aa:DlL:")) != EOF) {
+    while ((c = getopt(*argc, *argv, "?w:Yn:Ss:Aa:DL")) != EOF) {
         switch (c) {
         case 'w':
             if (counts_prefix)
@@ -222,12 +224,8 @@ void rssm_getopt(int* argc, char** argv[])
         case 'D':
             dont_fork_on_close = 1;
             break;
-        case 'l':
-            if (label_count_max == -1)
-                label_count_max = MAX_LABEL_COUNT;
-            break;
         case 'L':
-            label_count_max = atoi (optarg);
+            label_count = 1;
             break;
         case '?':
             rssm_usage();
@@ -280,17 +278,6 @@ int rssm_open(my_bpftimeval ts)
     if (!(counts.aggregated.tbl = hash_create(4096, iaddr_hash, iaddr_cmp, 0))) {
         return -1;
     }
-    if (counts.label_counts != NULL) {
-        free(counts.label_counts);
-        counts.label_counts = NULL;
-    }
-    if (label_count_max >= 0) {
-        /* If label_count_max is N, we will have counters for 0 to N+1 */
-        if (!(counts.label_counts = (uint64_t *) malloc((label_count_max + 2) * sizeof(uint64_t)))) {
-            return -1;
-        }
-        memset (counts.label_counts, 0, (label_count_max + 2) * sizeof(uint64_t));
-    }
     return 0;
 }
 
@@ -418,17 +405,6 @@ void rssm_save_counts(const char* sbuf)
             }
         }
 
-        if (counts.label_counts != NULL) {
-            fprintf(fp, "\n---\nversion: rssac002v5\nservice: %s\nstart-period: %s\nmetric: label-count\n", service_name, tz);
-            for (i = 0; i <= label_count_max; i++) {
-                if (counts.label_counts[i]) {
-                    fprintf(fp, "%d: %" PRIu64 "\n", i, counts.label_counts[i]);
-                }
-            }
-            if (counts.label_counts[label_count_max+1] != 0)
-                fprintf(fp, "%d+: %" PRIu64 "\n", label_count_max+1, counts.label_counts[label_count_max+1]);
-        }
-
         fprintf(fp, "\n---\nversion: rssac002v3\nservice: %s\nstart-period: %s\nmetric: unique-sources\n", service_name, tz);
         fprintf(fp, "num-sources-ipv4: %" PRIu64 "\n", counts.num_ipv4_sources);
         fprintf(fp, "num-sources-ipv6: %" PRIu64 "\n", counts.num_ipv6_sources);
@@ -457,6 +433,15 @@ void rssm_save_counts(const char* sbuf)
                 fprintf(fp, "aggregated-sources: {}\n");
             }
         }
+
+        if (label_count) {
+            fprintf(fp, "\n---\nversion: rssac002v5-draft\nservice: %s\nstart-period: %s\nmetric: label-count\n", service_name, tz);
+            for (i = 0; i < MAX_LABELS; i++) {
+                if (counts.labels[i]) {
+                    fprintf(fp, "%d: %" PRIu64 "\n", i, counts.labels[i]);
+                }
+            }
+        }
     } else {
         fprintf(fp, "first-packet-time %ld\n", (long)open_ts.tv_sec);
         fprintf(fp, "last-packet-time %ld\n", (long)close_ts.tv_sec);
@@ -496,15 +481,6 @@ void rssm_save_counts(const char* sbuf)
             if (counts.rcodes[i])
                 fprintf(fp, "dns-rcode %d %" PRIu64 "\n",
                     i, counts.rcodes[i]);
-        if (counts.label_counts != NULL) {
-            for (i = 0; i <= label_count_max; i++)
-                if (counts.label_counts[i])
-                    fprintf(fp, "dns-label-count %d %" PRIu64 "\n",
-                        i, counts.label_counts[i]);
-            if (counts.label_counts[label_count_max+1] != 0)
-                    fprintf(fp, "dns-label-count %d+ %" PRIu64 "\n",
-                        label_count_max+1, counts.label_counts[label_count_max+1]);
-        }
         fprintf(fp, "num-sources %u\n", counts.sources.num_addrs);
         if (sources_into_counters) {
             for (i = 0; i < counts.sources.num_addrs; i++) {
@@ -516,6 +492,13 @@ void rssm_save_counts(const char* sbuf)
                 fprintf(fp, "aggregated-source %s %" PRIu64 "\n", ia_str(counts.aggregated.addrs[i]), counts.aggregated.count[i]);
             }
         }
+        if (label_count) {
+            for (i = 0; i < MAX_LABELS; i++) {
+                if (counts.labels[i]) {
+                    fprintf(fp, "label-count %d %" PRIu64 "\n", i, counts.labels[i]);
+                }
+            }
+        }
     }
     fclose(fp);
     fprintf(stderr, "rssm: done\n");
@@ -676,7 +659,6 @@ void rssm_output(const char* descr, iaddr from, iaddr to, uint8_t proto, unsigne
 {
     unsigned  dnslen;
     ldns_pkt* pkt = 0;
-    ldns_rr_list *question_list = NULL;
 
     if (!(flags & DNSCAP_OUTPUT_ISDNS))
         return;
@@ -709,15 +691,13 @@ void rssm_output(const char* descr, iaddr from, iaddr to, uint8_t proto, unsigne
                 counts.dns_tcp_queries_received_ipv6++;
             }
         }
-        if (counts.label_counts != NULL) {
-            question_list = ldns_pkt_question(pkt);
-            if (question_list != NULL) {
+        if (label_count) {
+            ldns_rr_list* question_list = ldns_pkt_question(pkt);
+            if (question_list) {
                 ldns_rr* rr = ldns_rr_list_rr(question_list, 0);
-                if (rr != NULL) {
-                    uint8_t lc = ldns_rr_label_count (rr);
-                    if (lc > label_count_max)
-                        lc = label_count_max + 1;
-                    counts.label_counts[lc] += 1;
+                if (rr) {
+                    uint8_t lc = ldns_rr_label_count(rr);
+                    counts.labels[lc < MAX_LABELS ? lc : MAX_LABELS - 1] += 1;
                 }
             }
         }

diff --git a/plugins/rssm/test1.gold b/plugins/rssm/test1.gold
@@ -56,3 +56,11 @@ service: test1
 start-period: 2016-10-20T15:23:01Z
 metric: dnscap-rssm-aggregated-sources
 aggregated-sources: {}
+
+---
+version: rssac002v5-draft
+service: test1
+start-period: 2016-10-20T15:23:01Z
+metric: label-count
+2: 24
+6: 17
diff --git a/plugins/rssm/test1.sh b/plugins/rssm/test1.sh
@@ -6,6 +6,6 @@ if [ -z "$plugin" ]; then
     exit 1
 fi
 
-../../src/dnscap -N -T -r "$srcdir/../../src/test/dns.pcap" -P "$plugin" -w test1 -Y -n test1 -A -S -D
+../../src/dnscap -N -T -r "$srcdir/../../src/test/dns.pcap" -P "$plugin" -w test1 -Y -n test1 -A -S -D -L
 
 diff test1.20161020.152301.075993 "$srcdir/test1.gold"
diff --git a/plugins/rssm/test2.sh b/plugins/rssm/test2.sh
@@ -1,5 +1,5 @@
 #!/bin/sh -xe
 
-"$srcdir"/dnscap-rssm-rssac002 --sort "$srcdir/test1.gold" "$srcdir/test1.gold" "$srcdir/test1.gold" > test2.out
+"$srcdir"/dnscap-rssm-rssac002 --skip-unsupported --sort "$srcdir/test1.gold" "$srcdir/test1.gold" "$srcdir/test1.gold" > test2.out
 
 diff test2.out "$srcdir/test2.gold"