3.0.7 (#8)

weyrick · web-flow · commit 900df5fe3001 · 2020-09-01T17:40:35.000-04:00
* layout

* move to parsing dns resources only in deep sample (needs upstream commitin pcpp). switch to buster-slim in docker

* edns parse

* back out initial csubnet, fix version

* fix tests

* add -l to specify metrics web server bind host

* fix runtime image

Co-authored-by: Shannon Weyrick &lt;sweyrick@ns1.com&gt;
diff --git a/Dockerfile b/Dockerfile
@@ -1,4 +1,4 @@
-FROM ubuntu:disco AS build
+FROM debian:buster-slim AS build
 
 ENV BUILD_DEPS "g++ cmake make git libpcap-dev pkgconf golang ca-certificates libmaxminddb-dev jq"
 
@@ -32,7 +32,7 @@ RUN \
     go get github.com/docopt/docopt-go && \
     go build /src/cmd/pktvisor/pktvisor.go
 
-FROM ubuntu:disco AS runtime
+FROM debian:buster-slim AS runtime
 
 ENV RUNTIME_DEPS "curl libpcap0.8 libmaxminddb0"
 
diff --git a/src/config.h.in b/src/config.h.in
@@ -1,5 +1,5 @@
 #pragma once
 
 #cmakedefine MMDB_ENABLE
-#cmakedefine PKTVISOR_VERSION_NUM "@PROJECT_VERSION@"
-#cmakedefine PKTVISOR_VERSION "@FLAME_VERSION@"
+#cmakedefine PKTVISOR_VERSION_NUM "@PKTVISOR_VERSION_NUM@"
+#cmakedefine PKTVISOR_VERSION "@PKTVISOR_VERSION@"
diff --git a/src/main.cpp b/src/main.cpp
@@ -23,7 +23,7 @@
 static const char USAGE[] =
     R"(pktvisord.
     Usage:
-      pktvisord [-b BPF] [-p PORT] [-H HOSTSPEC] [--periods P] [--summary] [--geo-city FILE] [--geo-asn FILE]
+      pktvisord [-b BPF] [-l HOST] [-p PORT] [-H HOSTSPEC] [--periods P] [--summary] [--geo-city FILE] [--geo-asn FILE]
                 [--max-deep-sample N]
                 TARGET
       pktvisord (-h | --help)
@@ -34,7 +34,8 @@ static const char USAGE[] =
     TARGET is either a network interface, an IP address (4 or 6) or a pcap file (ending in .pcap or .cap)
 
     Options:
-      -p PORT               Run metrics webserver on the given localhost port [default: 10853]
+      -l HOST               Run metrics webserver on the given host or IP [default: localhost]
+      -p PORT               Run metrics webserver on the given port [default: 10853]
       -b BPF                Filter packets using the given BPF string
       --geo-city FILE       GeoLite2 City database to use for IP to Geo mapping (if enabled)
       --geo-asn FILE        GeoLite2 ASN database to use for IP to ASN mapping (if enabled)
@@ -429,11 +430,11 @@ int main(int argc, char *argv[])
             openPcap(args["TARGET"].asString(), tcpDnsReassembly, bpf);
             if (args["--summary"].asBool()) {
                 // in summary mode we output a single summary of stats
-                std::cout << metricsManager->getMetrics() << std::endl;
+                std::cout << std::endl << metricsManager->getMetrics() << std::endl;
             }
             else {
                 // otherwise, merge the max time window available
-                std::cout << metricsManager->getMetricsMerged(periods) << std::endl;
+                std::cout << std::endl << metricsManager->getMetricsMerged(periods) << std::endl;
             }
         } catch (const std::exception &e) {
             std::cerr << e.what() << std::endl;
@@ -465,9 +466,13 @@ int main(int argc, char *argv[])
         }
         httplib::Server svr;
         setupRoutes(svr);
+        auto host = args["-l"].asString();
         auto port = args["-p"].asLong();
-        std::thread httpThread([&svr, port] {
-            svr.listen("localhost", port);
+        std::thread httpThread([&svr, host, port] {
+            std::cerr << "Metrics web server listening on " << host << ":" << port << std::endl;
+            if (!svr.listen(host.c_str(), port)) {
+                throw std::runtime_error("unable to listen");
+            }
         });
         try {
             std::cerr << "Interface " << dev->getName() << std::endl;
diff --git a/src/metrics.cpp b/src/metrics.cpp
@@ -133,6 +133,8 @@ void Metrics::newDNSPacket(pcpp::DnsLayer *dns, Direction dir, pcpp::ProtocolTyp
         return;
     }
 
+    dns->parseResources();
+
     // lock for write
     std::unique_lock lock(_sketchMutex);
 
diff --git a/tests/test_parse_pcap.cpp b/tests/test_parse_pcap.cpp
@@ -25,6 +25,7 @@ TEST_CASE("Parse DNS UDP IPv4 tests", "[pcap][ipv4][udp][dns]")
             numUDP++;
             if (dnsRequest.isPacketOfType(pcpp::DNS)) {
                 pcpp::DnsLayer *dnsLayer = dnsRequest.getLayerOfType<pcpp::DnsLayer>();
+                dnsLayer->parseResources();
                 if (numDNS == 0) {
                     CHECK(dnsLayer->getFirstQuery()->getName() == "utadwnME.POJwOc9R.KtfO.test.com");
                     CHECK(dnsLayer->getFirstQuery()->getDnsType() == pcpp::DNS_TYPE_AAAA);
@@ -107,6 +108,7 @@ TEST_CASE("Parse DNS UDP IPv6 tests", "[pcap][ipv6][udp][dns]")
             numUDP++;
             if (dnsRequest.isPacketOfType(pcpp::DNS)) {
                 pcpp::DnsLayer *dnsLayer = dnsRequest.getLayerOfType<pcpp::DnsLayer>();
+                dnsLayer->parseResources();
                 if (numDNS == 0) {
                     CHECK(dnsLayer->getFirstQuery()->getName() == "LOJ5Pq2._EmpLuAPR.PPLIop.1F8J2R1.eMVq5.test.com");
                     CHECK(dnsLayer->getFirstQuery()->getDnsType() == pcpp::DNS_TYPE_AAAA);

Original file line number	Diff line number	Diff line change
`@@ -133,6 +133,8 @@ void Metrics::newDNSPacket(pcpp::DnsLayer *dns, Direction dir, pcpp::ProtocolTyp`
`133`	`133`	`return;`
`134`	`134`	`}`
`135`	`135`
	`136`	`+ dns->parseResources();`
	`137`	`+`
`136`	`138`	`// lock for write`
`137`	`139`	`std::unique_lock lock(_sketchMutex);`
`138`	`140`