forked from loweel/zabov
Compare commits
5 Commits
Author | SHA1 | Date |
---|---|---|
|
e68e89b23c | 2 years ago |
|
7cb896ac59 | 2 years ago |
|
e5b8fbe53c | 2 years ago |
|
4007fd9eea | 2 years ago |
|
fb58749c58 | 2 years ago |
@ -1,11 +1,8 @@
|
||||
module zabov
|
||||
|
||||
go 1.15
|
||||
go 1.13
|
||||
|
||||
require (
|
||||
github.com/golang/snappy v0.0.4
|
||||
github.com/miekg/dns v1.1.43
|
||||
github.com/miekg/dns v1.1.27
|
||||
github.com/syndtr/goleveldb v1.0.0
|
||||
golang.org/x/net v0.0.0-20210916014120-12bc252f5db8
|
||||
golang.org/x/sys v0.0.0-20210915083310-ed5796bab164
|
||||
)
|
||||
|
@ -1,95 +0,0 @@
|
||||
#!/bin/env python3
|
||||
|
||||
import os
|
||||
import glob
|
||||
import argparse
|
||||
|
||||
|
||||
parser = argparse.ArgumentParser(description='Zabov logs analyzer')
|
||||
|
||||
parser.add_argument('--ip', dest="ip", metavar='IP', type=str,
|
||||
help='filter by source IP (substring to match). Default: any')
|
||||
|
||||
parser.add_argument('--action', dest="action", metavar='action', type=str, default="killed",
|
||||
help='filter action (substring to match): killed|forwarded|any. Default: killed')
|
||||
|
||||
parser.add_argument('--config', dest="config", metavar='name', type=str,
|
||||
help='filter by config name (substring to match). Default: any')
|
||||
|
||||
parser.add_argument('--timetable', dest="timetable", metavar='name', type=str,
|
||||
help='filter by timetable name (substring to match). Default: any')
|
||||
|
||||
parser.add_argument('--reqtype', dest="reqtype", metavar='TypeA', type=str, default="TypeA",
|
||||
help='filter by reqtype name (substring to match): TypeA|TypeAAAA|TypeMX|...')
|
||||
|
||||
parser.add_argument('--domain', dest="domain", metavar='name', type=str,
|
||||
help='filter by domain name (substring to match). Default: all')
|
||||
|
||||
parser.add_argument('--min-entries', dest="minentries", metavar='100', type=int, default=0,
|
||||
help='filter output by minimum number of entries. Default: any')
|
||||
|
||||
parser.add_argument('--logs-path', dest="logs", metavar='path', type=str, default="./config/logs",
|
||||
help='Zabov logs path')
|
||||
|
||||
|
||||
|
||||
args = parser.parse_args()
|
||||
|
||||
|
||||
timetables = {}
|
||||
configs = {}
|
||||
|
||||
killed = {}
|
||||
for x in glob.glob(os.path.join(args.logs, "*.log")):
|
||||
#print (x)
|
||||
f = open(x, "r")
|
||||
f.readline()
|
||||
if args.reqtype:
|
||||
args.reqtype = args.reqtype.lower()
|
||||
if args.domain:
|
||||
args.domain = args.domain.lower()
|
||||
|
||||
for line in f.readlines():
|
||||
linel = line.strip().lower()
|
||||
fields = linel.split("\t")
|
||||
|
||||
timetables[fields[5]] = timetables.get(fields[5], 0) +1
|
||||
configs[fields[4]] = configs.get(fields[4], 0) +1
|
||||
|
||||
ok = all((not args.action or fields[6].find(args.action)>=0 or fields[6] == "any", \
|
||||
not args.timetable or fields[5].find(args.timetable)>=0 or fields[5] == "any", \
|
||||
not args.config or fields[4].find(args.config)>=0 or fields[4] == "any", \
|
||||
not args.ip or fields[1].find(args.ip)>=0 or fields[1] == "any",\
|
||||
not args.domain or fields[2].find(args.domain)>=0 or fields[2] == "any", \
|
||||
not args.reqtype or fields[3].find(args.reqtype)>=0 ))
|
||||
if ok:
|
||||
killed[fields[2]] = killed.get(fields[2], 0) +1
|
||||
|
||||
killed_sorted = {key: value for key, value in sorted(killed.items(), key=lambda item: item[1], reverse=True)}
|
||||
|
||||
total_queries_filtered = 0
|
||||
total_domain_filtered = 0
|
||||
total_queries = 0
|
||||
for k in killed_sorted.keys():
|
||||
if args.minentries == 0 or killed[k] >= args.minentries:
|
||||
print (k, killed[k])
|
||||
total_queries_filtered += killed[k]
|
||||
total_domain_filtered+=1
|
||||
total_queries += killed[k]
|
||||
|
||||
print("")
|
||||
print("TOTAL domains (filtered):", total_domain_filtered )
|
||||
print("TOTAL queries (filtred):", total_queries_filtered )
|
||||
print("TOTAL domains:", len(killed_sorted.keys()) )
|
||||
print("TOTAL queries:", total_queries )
|
||||
|
||||
|
||||
timetables = {key: value for key, value in sorted(timetables.items(), key=lambda item: item[0], reverse=False)}
|
||||
configs = {key: value for key, value in sorted(configs.items(), key=lambda item: item[0], reverse=False)}
|
||||
|
||||
print("all available timetables:")
|
||||
for k in timetables.keys():
|
||||
print(" '%s': %d items" % (k, timetables[k], ))
|
||||
print("all available configs:")
|
||||
for k in configs.keys():
|
||||
print(" '%s': %d items" % (k, configs[k], ))
|
@ -1,494 +0,0 @@
|
||||
// Copyright 2020 The Go Authors. All rights reserved.
|
||||
// Use of this source code is governed by a BSD-style
|
||||
// license that can be found in the LICENSE file.
|
||||
|
||||
// +build !appengine
|
||||
// +build gc
|
||||
// +build !noasm
|
||||
|
||||
#include "textflag.h"
|
||||
|
||||
// The asm code generally follows the pure Go code in decode_other.go, except
|
||||
// where marked with a "!!!".
|
||||
|
||||
// func decode(dst, src []byte) int
|
||||
//
|
||||
// All local variables fit into registers. The non-zero stack size is only to
|
||||
// spill registers and push args when issuing a CALL. The register allocation:
|
||||
// - R2 scratch
|
||||
// - R3 scratch
|
||||
// - R4 length or x
|
||||
// - R5 offset
|
||||
// - R6 &src[s]
|
||||
// - R7 &dst[d]
|
||||
// + R8 dst_base
|
||||
// + R9 dst_len
|
||||
// + R10 dst_base + dst_len
|
||||
// + R11 src_base
|
||||
// + R12 src_len
|
||||
// + R13 src_base + src_len
|
||||
// - R14 used by doCopy
|
||||
// - R15 used by doCopy
|
||||
//
|
||||
// The registers R8-R13 (marked with a "+") are set at the start of the
|
||||
// function, and after a CALL returns, and are not otherwise modified.
|
||||
//
|
||||
// The d variable is implicitly R7 - R8, and len(dst)-d is R10 - R7.
|
||||
// The s variable is implicitly R6 - R11, and len(src)-s is R13 - R6.
|
||||
TEXT ยทdecode(SB), NOSPLIT, $56-56
|
||||
// Initialize R6, R7 and R8-R13.
|
||||
MOVD dst_base+0(FP), R8
|
||||
MOVD dst_len+8(FP), R9
|
||||
MOVD R8, R7
|
||||
MOVD R8, R10
|
||||
ADD R9, R10, R10
|
||||
MOVD src_base+24(FP), R11
|
||||
MOVD src_len+32(FP), R12
|
||||
MOVD R11, R6
|
||||
MOVD R11, R13
|
||||
ADD R12, R13, R13
|
||||
|
||||
loop:
|
||||
// for s < len(src)
|
||||
CMP R13, R6
|
||||
BEQ end
|
||||
|
||||
// R4 = uint32(src[s])
|
||||
//
|
||||
// switch src[s] & 0x03
|
||||
MOVBU (R6), R4
|
||||
MOVW R4, R3
|
||||
ANDW $3, R3
|
||||
MOVW $1, R1
|
||||
CMPW R1, R3
|
||||
BGE tagCopy
|
||||
|
||||
// ----------------------------------------
|
||||
// The code below handles literal tags.
|
||||
|
||||
// case tagLiteral:
|
||||
// x := uint32(src[s] >> 2)
|
||||
// switch
|
||||
MOVW $60, R1
|
||||
LSRW $2, R4, R4
|
||||
CMPW R4, R1
|
||||
BLS tagLit60Plus
|
||||
|
||||
// case x < 60:
|
||||
// s++
|
||||
ADD $1, R6, R6
|
||||
|
||||
doLit:
|
||||
// This is the end of the inner "switch", when we have a literal tag.
|
||||
//
|
||||
// We assume that R4 == x and x fits in a uint32, where x is the variable
|
||||
// used in the pure Go decode_other.go code.
|
||||
|
||||
// length = int(x) + 1
|
||||
//
|
||||
// Unlike the pure Go code, we don't need to check if length <= 0 because
|
||||
// R4 can hold 64 bits, so the increment cannot overflow.
|
||||
ADD $1, R4, R4
|
||||
|
||||
// Prepare to check if copying length bytes will run past the end of dst or
|
||||
// src.
|
||||
//
|
||||
// R2 = len(dst) - d
|
||||
// R3 = len(src) - s
|
||||
MOVD R10, R2
|
||||
SUB R7, R2, R2
|
||||
MOVD R13, R3
|
||||
SUB R6, R3, R3
|
||||
|
||||
// !!! Try a faster technique for short (16 or fewer bytes) copies.
|
||||
//
|
||||
// if length > 16 || len(dst)-d < 16 || len(src)-s < 16 {
|
||||
// goto callMemmove // Fall back on calling runtimeยทmemmove.
|
||||
// }
|
||||
//
|
||||
// The C++ snappy code calls this TryFastAppend. It also checks len(src)-s
|
||||
// against 21 instead of 16, because it cannot assume that all of its input
|
||||
// is contiguous in memory and so it needs to leave enough source bytes to
|
||||
// read the next tag without refilling buffers, but Go's Decode assumes
|
||||
// contiguousness (the src argument is a []byte).
|
||||
CMP $16, R4
|
||||
BGT callMemmove
|
||||
CMP $16, R2
|
||||
BLT callMemmove
|
||||
CMP $16, R3
|
||||
BLT callMemmove
|
||||
|
||||
// !!! Implement the copy from src to dst as a 16-byte load and store.
|
||||
// (Decode's documentation says that dst and src must not overlap.)
|
||||
//
|
||||
// This always copies 16 bytes, instead of only length bytes, but that's
|
||||
// OK. If the input is a valid Snappy encoding then subsequent iterations
|
||||
// will fix up the overrun. Otherwise, Decode returns a nil []byte (and a
|
||||
// non-nil error), so the overrun will be ignored.
|
||||
//
|
||||
// Note that on arm64, it is legal and cheap to issue unaligned 8-byte or
|
||||
// 16-byte loads and stores. This technique probably wouldn't be as
|
||||
// effective on architectures that are fussier about alignment.
|
||||
LDP 0(R6), (R14, R15)
|
||||
STP (R14, R15), 0(R7)
|
||||
|
||||
// d += length
|
||||
// s += length
|
||||
ADD R4, R7, R7
|
||||
ADD R4, R6, R6
|
||||
B loop
|
||||
|
||||
callMemmove:
|
||||
// if length > len(dst)-d || length > len(src)-s { etc }
|
||||
CMP R2, R4
|
||||
BGT errCorrupt
|
||||
CMP R3, R4
|
||||
BGT errCorrupt
|
||||
|
||||
// copy(dst[d:], src[s:s+length])
|
||||
//
|
||||
// This means calling runtimeยทmemmove(&dst[d], &src[s], length), so we push
|
||||
// R7, R6 and R4 as arguments. Coincidentally, we also need to spill those
|
||||
// three registers to the stack, to save local variables across the CALL.
|
||||
MOVD R7, 8(RSP)
|
||||
MOVD R6, 16(RSP)
|
||||
MOVD R4, 24(RSP)
|
||||
MOVD R7, 32(RSP)
|
||||
MOVD R6, 40(RSP)
|
||||
MOVD R4, 48(RSP)
|
||||
CALL runtimeยทmemmove(SB)
|
||||
|
||||
// Restore local variables: unspill registers from the stack and
|
||||
// re-calculate R8-R13.
|
||||
MOVD 32(RSP), R7
|
||||
MOVD 40(RSP), R6
|
||||
MOVD 48(RSP), R4
|
||||
MOVD dst_base+0(FP), R8
|
||||
MOVD dst_len+8(FP), R9
|
||||
MOVD R8, R10
|
||||
ADD R9, R10, R10
|
||||
MOVD src_base+24(FP), R11
|
||||
MOVD src_len+32(FP), R12
|
||||
MOVD R11, R13
|
||||
ADD R12, R13, R13
|
||||
|
||||
// d += length
|
||||
// s += length
|
||||
ADD R4, R7, R7
|
||||
ADD R4, R6, R6
|
||||
B loop
|
||||
|
||||
tagLit60Plus:
|
||||
// !!! This fragment does the
|
||||
//
|
||||
// s += x - 58; if uint(s) > uint(len(src)) { etc }
|
||||
//
|
||||
// checks. In the asm version, we code it once instead of once per switch case.
|
||||
ADD R4, R6, R6
|
||||
SUB $58, R6, R6
|
||||
MOVD R6, R3
|
||||
SUB R11, R3, R3
|
||||
CMP R12, R3
|
||||
BGT errCorrupt
|
||||
|
||||
// case x == 60:
|
||||
MOVW $61, R1
|
||||
CMPW R1, R4
|
||||
BEQ tagLit61
|
||||
BGT tagLit62Plus
|
||||
|
||||
// x = uint32(src[s-1])
|
||||
MOVBU -1(R6), R4
|
||||
B doLit
|
||||
|
||||
tagLit61:
|
||||
// case x == 61:
|
||||
// x = uint32(src[s-2]) | uint32(src[s-1])<<8
|
||||
MOVHU -2(R6), R4
|
||||
B doLit
|
||||
|
||||
tagLit62Plus:
|
||||
CMPW $62, R4
|
||||
BHI tagLit63
|
||||
|
||||
// case x == 62:
|
||||
// x = uint32(src[s-3]) | uint32(src[s-2])<<8 | uint32(src[s-1])<<16
|
||||
MOVHU -3(R6), R4
|
||||
MOVBU -1(R6), R3
|
||||
ORR R3<<16, R4
|
||||
B doLit
|
||||
|
||||
tagLit63:
|
||||
// case x == 63:
|
||||
// x = uint32(src[s-4]) | uint32(src[s-3])<<8 | uint32(src[s-2])<<16 | uint32(src[s-1])<<24
|
||||
MOVWU -4(R6), R4
|
||||
B doLit
|
||||
|
||||
// The code above handles literal tags.
|
||||
// ----------------------------------------
|
||||
// The code below handles copy tags.
|
||||
|
||||
tagCopy4:
|
||||
// case tagCopy4: |