mirror of
https://github.com/zeek/zeek.git
synced 2025-10-02 14:48:21 +00:00
Merge remote-tracking branch 'origin/topic/jazoff/dns-perf'
* origin/topic/jazoff/dns-perf: update baselines Use more efficient method to grab the protocol. improve performance of dns policy
This commit is contained in:
Jon Siwek
commit
011b6e10bf
5 changed files with 67 additions and 18 deletions
|
|
@ -128,13 +128,20 @@ export {
|
|||
## A record type which tracks the status of DNS queries for a given
|
||||
## :bro:type:`connection`.
|
||||
type State: record {
|
||||
## A single query that hasn't been matched with a response yet.
|
||||
## Note this is maintained separate from the *pending_queries*
|
||||
## field solely for performance reasons -- it's possible that
|
||||
## *pending_queries* contains further queries for which a response
|
||||
## has not yet been seen, even for the same transaction ID.
|
||||
pending_query: Info &optional;
|
||||
|
||||
## Indexed by query id, returns Info record corresponding to
|
||||
## queries that haven't been matched with a response yet.
|
||||
pending_queries: PendingMessages;
|
||||
pending_queries: PendingMessages &optional;
|
||||
|
||||
## Indexed by query id, returns Info record corresponding to
|
||||
## replies that haven't been matched with a query yet.
|
||||
pending_replies: PendingMessages;
|
||||
pending_replies: PendingMessages &optional;
|
||||
};
|
||||
}
|
||||
|
||||
|
|
@ -159,7 +166,7 @@ function new_session(c: connection, trans_id: count): Info
|
|||
info$ts = network_time();
|
||||
info$id = c$id;
|
||||
info$uid = c$uid;
|
||||
info$proto = get_conn_transport_proto(c$id);
|
||||
info$proto = get_port_transport_proto(c$id$resp_p);
|
||||
info$trans_id = trans_id;
|
||||
return info;
|
||||
}
|
||||
|
|
@ -230,7 +237,7 @@ hook set_session(c: connection, msg: dns_msg, is_query: bool) &priority=5
|
|||
|
||||
if ( is_query )
|
||||
{
|
||||
if ( msg$id in c$dns_state$pending_replies &&
|
||||
if ( c$dns_state?$pending_replies && msg$id in c$dns_state$pending_replies &&
|
||||
Queue::len(c$dns_state$pending_replies[msg$id]) > 0 )
|
||||
{
|
||||
# Match this DNS query w/ what's at head of pending reply queue.
|
||||
|
|
@ -241,12 +248,40 @@ hook set_session(c: connection, msg: dns_msg, is_query: bool) &priority=5
|
|||
# Create a new DNS session and put it in the query queue so
|
||||
# we can wait for a matching reply.
|
||||
c$dns = new_session(c, msg$id);
|
||||
enqueue_new_msg(c$dns_state$pending_queries, msg$id, c$dns);
|
||||
|
||||
if( ! c$dns_state?$pending_query )
|
||||
c$dns_state$pending_query = c$dns;
|
||||
else
|
||||
{
|
||||
if( !c$dns_state?$pending_queries )
|
||||
c$dns_state$pending_queries = table();
|
||||
|
||||
enqueue_new_msg(c$dns_state$pending_queries, msg$id, c$dns);
|
||||
}
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
if ( msg$id in c$dns_state$pending_queries &&
|
||||
if ( c$dns_state?$pending_query && c$dns_state$pending_query$trans_id == msg$id )
|
||||
{
|
||||
c$dns = c$dns_state$pending_query;
|
||||
|
||||
if ( c$dns_state?$pending_queries && msg$id in c$dns_state$pending_queries &&
|
||||
Queue::len(c$dns_state$pending_queries[msg$id]) > 0 )
|
||||
{
|
||||
# Popping off the next available pending query to set as the
|
||||
# the shortcut is necessary in order to preserve the overall
|
||||
# queuing order of queries that happen to share the same
|
||||
# transaction ID. If we didn't fill c$dns_state$pending_query
|
||||
# back in with the next element in the current queue, then
|
||||
# it's possible a new query would jump ahead of the queue as
|
||||
# c$dns_state$pending_query is filled first if available.
|
||||
c$dns_state$pending_query = pop_msg(c$dns_state$pending_queries, msg$id);
|
||||
}
|
||||
else
|
||||
delete c$dns_state$pending_query;
|
||||
}
|
||||
else if ( c$dns_state?$pending_queries && msg$id in c$dns_state$pending_queries &&
|
||||
Queue::len(c$dns_state$pending_queries[msg$id]) > 0 )
|
||||
{
|
||||
# Match this DNS reply w/ what's at head of pending query queue.
|
||||
|
|
@ -257,6 +292,10 @@ hook set_session(c: connection, msg: dns_msg, is_query: bool) &priority=5
|
|||
# Create a new DNS session and put it in the reply queue so
|
||||
# we can wait for a matching query.
|
||||
c$dns = new_session(c, msg$id);
|
||||
|
||||
if( ! c$dns_state?$pending_replies )
|
||||
c$dns_state$pending_replies = table();
|
||||
|
||||
enqueue_new_msg(c$dns_state$pending_replies, msg$id, c$dns);
|
||||
}
|
||||
}
|
||||
|
|
@ -511,6 +550,12 @@ event connection_state_remove(c: connection) &priority=-5
|
|||
|
||||
# If Bro is expiring state, we should go ahead and log all unmatched
|
||||
# queries and replies now.
|
||||
log_unmatched_msgs(c$dns_state$pending_queries);
|
||||
log_unmatched_msgs(c$dns_state$pending_replies);
|
||||
if( c$dns_state?$pending_query )
|
||||
Log::write(DNS::LOG, c$dns_state$pending_query);
|
||||
|
||||
if( c$dns_state?$pending_queries )
|
||||
log_unmatched_msgs(c$dns_state$pending_queries);
|
||||
|
||||
if( c$dns_state?$pending_replies )
|
||||
log_unmatched_msgs(c$dns_state$pending_replies);
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue