367 lines
8.0 KiB
Go
367 lines
8.0 KiB
Go
|
package querylog
|
||
|
|
||
|
import (
|
||
|
"encoding/base64"
|
||
|
"io"
|
||
|
"strconv"
|
||
|
"strings"
|
||
|
"time"
|
||
|
|
||
|
"github.com/AdguardTeam/AdGuardHome/dnsfilter"
|
||
|
"github.com/AdguardTeam/AdGuardHome/util"
|
||
|
"github.com/AdguardTeam/golibs/log"
|
||
|
"github.com/miekg/dns"
|
||
|
)
|
||
|
|
||
|
// searchFiles reads log entries from all log files and applies the specified search criteria.
|
||
|
// IMPORTANT: this method does not scan more than "maxSearchEntries" so you
|
||
|
// may need to call it many times.
|
||
|
//
|
||
|
// it returns:
|
||
|
// * an array of log entries that we have read
|
||
|
// * time of the oldest processed entry (even if it was discarded)
|
||
|
// * total number of processed entries (including discarded).
|
||
|
func (l *queryLog) searchFiles(params getDataParams) ([]*logEntry, time.Time, int) {
|
||
|
entries := make([]*logEntry, 0)
|
||
|
oldest := time.Time{}
|
||
|
|
||
|
r, err := l.openReader()
|
||
|
if err != nil {
|
||
|
log.Error("Failed to open qlog reader: %v", err)
|
||
|
return entries, oldest, 0
|
||
|
}
|
||
|
defer r.Close()
|
||
|
|
||
|
if params.OlderThan.IsZero() {
|
||
|
err = r.SeekStart()
|
||
|
} else {
|
||
|
err = r.Seek(params.OlderThan.UnixNano())
|
||
|
}
|
||
|
|
||
|
if err != nil {
|
||
|
log.Error("Failed to Seek(): %v", err)
|
||
|
return entries, oldest, 0
|
||
|
}
|
||
|
|
||
|
total := 0
|
||
|
oldestNano := int64(0)
|
||
|
// Do not scan more than 50k at once
|
||
|
for total <= maxSearchEntries {
|
||
|
entry, ts, err := l.readNextEntry(r, params)
|
||
|
|
||
|
if err == io.EOF {
|
||
|
// there's nothing to read anymore
|
||
|
break
|
||
|
}
|
||
|
|
||
|
if entry != nil {
|
||
|
entries = append(entries, entry)
|
||
|
}
|
||
|
|
||
|
oldestNano = ts
|
||
|
total++
|
||
|
}
|
||
|
|
||
|
oldest = time.Unix(0, oldestNano)
|
||
|
return entries, oldest, total
|
||
|
}
|
||
|
|
||
|
// readNextEntry - reads the next log entry and checks if it matches the search criteria (getDataParams)
|
||
|
//
|
||
|
// returns:
|
||
|
// * log entry that matches search criteria or null if it was discarded (or if there's nothing to read)
|
||
|
// * timestamp of the processed log entry
|
||
|
// * error if we can't read anymore
|
||
|
func (l *queryLog) readNextEntry(r *QLogReader, params getDataParams) (*logEntry, int64, error) {
|
||
|
line, err := r.ReadNext()
|
||
|
if err != nil {
|
||
|
return nil, 0, err
|
||
|
}
|
||
|
|
||
|
// Read the log record timestamp right away
|
||
|
timestamp := readQLogTimestamp(line)
|
||
|
|
||
|
// Quick check without deserializing log entry
|
||
|
if !quickMatchesGetDataParams(line, params) {
|
||
|
return nil, timestamp, nil
|
||
|
}
|
||
|
|
||
|
entry := logEntry{}
|
||
|
decodeLogEntry(&entry, line)
|
||
|
|
||
|
// Full check of the deserialized log entry
|
||
|
if !matchesGetDataParams(&entry, params) {
|
||
|
return nil, timestamp, nil
|
||
|
}
|
||
|
|
||
|
return &entry, timestamp, nil
|
||
|
}
|
||
|
|
||
|
// openReader - opens QLogReader instance
|
||
|
func (l *queryLog) openReader() (*QLogReader, error) {
|
||
|
files := make([]string, 0)
|
||
|
|
||
|
if util.FileExists(l.logFile + ".1") {
|
||
|
files = append(files, l.logFile+".1")
|
||
|
}
|
||
|
if util.FileExists(l.logFile) {
|
||
|
files = append(files, l.logFile)
|
||
|
}
|
||
|
|
||
|
return NewQLogReader(files)
|
||
|
}
|
||
|
|
||
|
// quickMatchesGetDataParams - quickly checks if the line matches getDataParams
|
||
|
// this method does not guarantee anything and the reason is to do a quick check
|
||
|
// without deserializing anything
|
||
|
func quickMatchesGetDataParams(line string, params getDataParams) bool {
|
||
|
if params.ResponseStatus == responseStatusFiltered {
|
||
|
boolVal, ok := readJSONBool(line, "IsFiltered")
|
||
|
if !ok || !boolVal {
|
||
|
return false
|
||
|
}
|
||
|
}
|
||
|
|
||
|
if len(params.Domain) != 0 {
|
||
|
val := readJSONValue(line, "QH")
|
||
|
if len(val) == 0 {
|
||
|
return false
|
||
|
}
|
||
|
|
||
|
if (params.StrictMatchDomain && val != params.Domain) ||
|
||
|
(!params.StrictMatchDomain && strings.Index(val, params.Domain) == -1) {
|
||
|
return false
|
||
|
}
|
||
|
}
|
||
|
|
||
|
if len(params.QuestionType) != 0 {
|
||
|
val := readJSONValue(line, "QT")
|
||
|
if val != params.QuestionType {
|
||
|
return false
|
||
|
}
|
||
|
}
|
||
|
|
||
|
if len(params.Client) != 0 {
|
||
|
val := readJSONValue(line, "IP")
|
||
|
if len(val) == 0 {
|
||
|
log.Debug("QueryLog: failed to decodeLogEntry")
|
||
|
return false
|
||
|
}
|
||
|
|
||
|
if (params.StrictMatchClient && val != params.Client) ||
|
||
|
(!params.StrictMatchClient && strings.Index(val, params.Client) == -1) {
|
||
|
return false
|
||
|
}
|
||
|
}
|
||
|
|
||
|
return true
|
||
|
}
|
||
|
|
||
|
// matchesGetDataParams - returns true if the entry matches the search parameters
|
||
|
func matchesGetDataParams(entry *logEntry, params getDataParams) bool {
|
||
|
if params.ResponseStatus == responseStatusFiltered && !entry.Result.IsFiltered {
|
||
|
return false
|
||
|
}
|
||
|
|
||
|
if len(params.QuestionType) != 0 {
|
||
|
if entry.QType != params.QuestionType {
|
||
|
return false
|
||
|
}
|
||
|
}
|
||
|
|
||
|
if len(params.Domain) != 0 {
|
||
|
if (params.StrictMatchDomain && entry.QHost != params.Domain) ||
|
||
|
(!params.StrictMatchDomain && strings.Index(entry.QHost, params.Domain) == -1) {
|
||
|
return false
|
||
|
}
|
||
|
}
|
||
|
|
||
|
if len(params.Client) != 0 {
|
||
|
if (params.StrictMatchClient && entry.IP != params.Client) ||
|
||
|
(!params.StrictMatchClient && strings.Index(entry.IP, params.Client) == -1) {
|
||
|
return false
|
||
|
}
|
||
|
}
|
||
|
|
||
|
return true
|
||
|
}
|
||
|
|
||
|
// decodeLogEntry - decodes query log entry from a line
|
||
|
// nolint (gocyclo)
|
||
|
func decodeLogEntry(ent *logEntry, str string) {
|
||
|
var b bool
|
||
|
var i int
|
||
|
var err error
|
||
|
for {
|
||
|
k, v, t := readJSON(&str)
|
||
|
if t == jsonTErr {
|
||
|
break
|
||
|
}
|
||
|
switch k {
|
||
|
case "IP":
|
||
|
if len(ent.IP) == 0 {
|
||
|
ent.IP = v
|
||
|
}
|
||
|
case "T":
|
||
|
ent.Time, err = time.Parse(time.RFC3339, v)
|
||
|
|
||
|
case "QH":
|
||
|
ent.QHost = v
|
||
|
case "QT":
|
||
|
ent.QType = v
|
||
|
case "QC":
|
||
|
ent.QClass = v
|
||
|
|
||
|
case "Answer":
|
||
|
ent.Answer, err = base64.StdEncoding.DecodeString(v)
|
||
|
case "OrigAnswer":
|
||
|
ent.OrigAnswer, err = base64.StdEncoding.DecodeString(v)
|
||
|
|
||
|
case "IsFiltered":
|
||
|
b, err = strconv.ParseBool(v)
|
||
|
ent.Result.IsFiltered = b
|
||
|
case "Rule":
|
||
|
ent.Result.Rule = v
|
||
|
case "FilterID":
|
||
|
i, err = strconv.Atoi(v)
|
||
|
ent.Result.FilterID = int64(i)
|
||
|
case "Reason":
|
||
|
i, err = strconv.Atoi(v)
|
||
|
ent.Result.Reason = dnsfilter.Reason(i)
|
||
|
|
||
|
case "Upstream":
|
||
|
ent.Upstream = v
|
||
|
case "Elapsed":
|
||
|
i, err = strconv.Atoi(v)
|
||
|
ent.Elapsed = time.Duration(i)
|
||
|
|
||
|
// pre-v0.99.3 compatibility:
|
||
|
case "Question":
|
||
|
var qstr []byte
|
||
|
qstr, err = base64.StdEncoding.DecodeString(v)
|
||
|
if err != nil {
|
||
|
break
|
||
|
}
|
||
|
q := new(dns.Msg)
|
||
|
err = q.Unpack(qstr)
|
||
|
if err != nil {
|
||
|
break
|
||
|
}
|
||
|
ent.QHost = q.Question[0].Name
|
||
|
if len(ent.QHost) == 0 {
|
||
|
break
|
||
|
}
|
||
|
ent.QHost = ent.QHost[:len(ent.QHost)-1]
|
||
|
ent.QType = dns.TypeToString[q.Question[0].Qtype]
|
||
|
ent.QClass = dns.ClassToString[q.Question[0].Qclass]
|
||
|
case "Time":
|
||
|
ent.Time, err = time.Parse(time.RFC3339, v)
|
||
|
}
|
||
|
|
||
|
if err != nil {
|
||
|
log.Debug("decodeLogEntry err: %s", err)
|
||
|
break
|
||
|
}
|
||
|
}
|
||
|
}
|
||
|
|
||
|
// Get bool value from "key":bool
|
||
|
func readJSONBool(s, name string) (bool, bool) {
|
||
|
i := strings.Index(s, "\""+name+"\":")
|
||
|
if i == -1 {
|
||
|
return false, false
|
||
|
}
|
||
|
start := i + 1 + len(name) + 2
|
||
|
b := false
|
||
|
if strings.HasPrefix(s[start:], "true") {
|
||
|
b = true
|
||
|
} else if !strings.HasPrefix(s[start:], "false") {
|
||
|
return false, false
|
||
|
}
|
||
|
return b, true
|
||
|
}
|
||
|
|
||
|
// Get value from "key":"value"
|
||
|
func readJSONValue(s, name string) string {
|
||
|
i := strings.Index(s, "\""+name+"\":\"")
|
||
|
if i == -1 {
|
||
|
return ""
|
||
|
}
|
||
|
start := i + 1 + len(name) + 3
|
||
|
i = strings.IndexByte(s[start:], '"')
|
||
|
if i == -1 {
|
||
|
return ""
|
||
|
}
|
||
|
end := start + i
|
||
|
return s[start:end]
|
||
|
}
|
||
|
|
||
|
const (
|
||
|
jsonTErr = iota
|
||
|
jsonTObj
|
||
|
jsonTStr
|
||
|
jsonTNum
|
||
|
jsonTBool
|
||
|
)
|
||
|
|
||
|
// Parse JSON key-value pair
|
||
|
// e.g.: "key":VALUE where VALUE is "string", true|false (boolean), or 123.456 (number)
|
||
|
// Note the limitations:
|
||
|
// . doesn't support whitespace
|
||
|
// . doesn't support "null"
|
||
|
// . doesn't validate boolean or number
|
||
|
// . no proper handling of {} braces
|
||
|
// . no handling of [] brackets
|
||
|
// Return (key, value, type)
|
||
|
func readJSON(ps *string) (string, string, int32) {
|
||
|
s := *ps
|
||
|
k := ""
|
||
|
v := ""
|
||
|
t := int32(jsonTErr)
|
||
|
|
||
|
q1 := strings.IndexByte(s, '"')
|
||
|
if q1 == -1 {
|
||
|
return k, v, t
|
||
|
}
|
||
|
q2 := strings.IndexByte(s[q1+1:], '"')
|
||
|
if q2 == -1 {
|
||
|
return k, v, t
|
||
|
}
|
||
|
k = s[q1+1 : q1+1+q2]
|
||
|
s = s[q1+1+q2+1:]
|
||
|
|
||
|
if len(s) < 2 || s[0] != ':' {
|
||
|
return k, v, t
|
||
|
}
|
||
|
|
||
|
if s[1] == '"' {
|
||
|
q2 = strings.IndexByte(s[2:], '"')
|
||
|
if q2 == -1 {
|
||
|
return k, v, t
|
||
|
}
|
||
|
v = s[2 : 2+q2]
|
||
|
t = jsonTStr
|
||
|
s = s[2+q2+1:]
|
||
|
|
||
|
} else if s[1] == '{' {
|
||
|
t = jsonTObj
|
||
|
s = s[1+1:]
|
||
|
|
||
|
} else {
|
||
|
sep := strings.IndexAny(s[1:], ",}")
|
||
|
if sep == -1 {
|
||
|
return k, v, t
|
||
|
}
|
||
|
v = s[1 : 1+sep]
|
||
|
if s[1] == 't' || s[1] == 'f' {
|
||
|
t = jsonTBool
|
||
|
} else if s[1] == '.' || (s[1] >= '0' && s[1] <= '9') {
|
||
|
t = jsonTNum
|
||
|
}
|
||
|
s = s[1+sep+1:]
|
||
|
}
|
||
|
|
||
|
*ps = s
|
||
|
return k, v, t
|
||
|
}
|