Merge remote-tracking branch 'origin/topic/awelzel/more-dns-stats'

* origin/topic/awelzel/more-dns-stats: get_dns_stats: Expose total cache size and cached text entries
2025-10-13 12:08:20 +00:00 · 2023-03-12 13:09:36 -07:00 · 2023-03-12 13:09:36 -07:00 · 22b98e16aa
commit 22b98e16aa
parent b14cc413d8 2251c67e56
8 changed files with 25 additions and 1 deletions
--- a/8
+++ b/8
@ -1,3 +1,11 @@
+6.0.0-dev.177 | 2023-03-12 13:09:36 -0700
+
+  * get_dns_stats: Expose total cache size and cached text entries (Arne Welzel, Corelight)
+
+    It wasn't possible from script land to determine the total size
+    of the cache table held by the DNS_Mgr. Add the total and also
+    also the TEXT entries count.
+
 6.0.0-dev.175 | 2023-03-10 15:50:04 -0700

  * Add weird for unknown HTTP/0.9 request method (Tim Wojtulewicz, Corelight)
--- a/2
+++ b/2
@ -1 +1 @@
-6.0.0-dev.175
+6.0.0-dev.177
--- a/scripts/base/init-bare.zeek
+++ b/scripts/base/init-bare.zeek
@ -757,6 +757,8 @@ type DNSStats: record {
 	pending:          count; ##< Current pending queries.
 	cached_hosts:     count; ##< Number of cached hosts.
 	cached_addresses: count; ##< Number of cached addresses.
+	cached_texts:     count; ##< Number of cached text entries.
+	cached_total:     count; ##< Total number of cached entries.
 };

 ## Statistics about number of gaps in TCP connections.
--- a/src/DNS_Mgr.cc
+++ b/src/DNS_Mgr.cc
@ -1485,6 +1485,7 @@ void DNS_Mgr::GetStats(Stats* stats)
 	stats->cached_hosts = 0;
 	stats->cached_addresses = 0;
 	stats->cached_texts = 0;
+	stats->cached_total = all_mappings.size();

 	for ( const auto& [key, mapping] : all_mappings )
 		{
--- a/src/DNS_Mgr.h
+++ b/src/DNS_Mgr.h
@ -209,6 +209,7 @@ public:
 		unsigned long cached_hosts;
 		unsigned long cached_addresses;
 		unsigned long cached_texts;
+		unsigned long cached_total;
 		};

 	/**
--- a/src/stats.bif
+++ b/src/stats.bif
@ -259,6 +259,8 @@ function get_dns_stats%(%): DNSStats
 	r->Assign(n++, static_cast<uint64_t>(dstats.pending));
 	r->Assign(n++, static_cast<uint64_t>(dstats.cached_hosts));
 	r->Assign(n++, static_cast<uint64_t>(dstats.cached_addresses));
+	r->Assign(n++, static_cast<uint64_t>(dstats.cached_texts));
+	r->Assign(n++, static_cast<uint64_t>(dstats.cached_total));

 	return r;
 	%}
--- a/testing/btest/Baseline/bifs.get_dns_stats/out
+++ b/testing/btest/Baseline/bifs.get_dns_stats/out
@ -0,0 +1,2 @@
+### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
+[requests=0, successful=0, failed=0, pending=0, cached_hosts=0, cached_addresses=0, cached_texts=0, cached_total=0]
--- a/testing/btest/bifs/get_dns_stats.test
+++ b/testing/btest/bifs/get_dns_stats.test
@ -0,0 +1,8 @@
+# @TEST-DOC: With FAKE_DNS mode caching is disabled, so testing is difficult, invoke the bif once at least.
+# @TEST-EXEC: zeek -b %INPUT >out
+# @TEST-EXEC: btest-diff out
+
+event zeek_init()
+	{
+	print get_dns_stats();
+	}