local_thread cached data (#243)

* local_thread cached data

* replace pair with struct

* dnsLayer should exist

* perform cached data logic only in Handler class

* thread_local member class

* Add lower case qname method on DnsResource

* Add support to robin hood map to dns transactions

Author: leoparente

conanfile.txt

@@ -16,6 +16,7 @@ spdlog/1.9.2
 uvw/2.10.0
 yaml-cpp/0.7.0
 libpcap/1.10.1
+robin-hood-hashing/3.11.5
 
 [build_requires]
 corrade/2020.06

src/handlers/dns/CMakeLists.txt

@@ -23,6 +23,7 @@ target_include_directories(VisorHandlerDns
 
 target_link_libraries(VisorHandlerDns
         PUBLIC
+        ${CONAN_LIBS_ROBIN-HOOD-HASHING}
         Visor::Input::Pcap
         Visor::Input::Dnstap
         Visor::Input::Mock

src/handlers/dns/DnsResource.cpp

@@ -19,15 +19,20 @@ IDnsResource::IDnsResource(DnsLayer *dnsLayer, size_t offsetInLayer)
 {
     char decodedName[256];
     m_NameLength = decodeName((const char *)getRawData(), decodedName);
-    if (m_NameLength > 0)
+    if (m_NameLength > 0) {
         m_DecodedName = decodedName;
+        m_DecodedNameLower = m_DecodedName;
+        std::transform(m_DecodedNameLower.begin(), m_DecodedNameLower.end(), m_DecodedNameLower.begin(),
+            [](unsigned char c) { return std::tolower(c); });
+    }
 }
 
 IDnsResource::IDnsResource(uint8_t *emptyRawData)
     : m_DnsLayer(NULL)
     , m_OffsetInLayer(0)
     , m_NextResource(NULL)
     , m_DecodedName("")
+    , m_DecodedNameLower("")
     , m_NameLength(0)
     , m_ExternalRawData(emptyRawData)
 {
@@ -228,6 +233,9 @@ bool IDnsResource::setName(const std::string &newName)
     memcpy(getRawData(), encodedName, encodedNameLen);
     m_NameLength = encodedNameLen;
     m_DecodedName = newName;
+    m_DecodedNameLower = m_DecodedName;
+    std::transform(m_DecodedNameLower.begin(), m_DecodedNameLower.end(), m_DecodedNameLower.begin(),
+        [](unsigned char c) { return std::tolower(c); });
 
     return true;
 }

src/handlers/dns/DnsResource.h

@@ -35,6 +35,7 @@ class IDnsResource
 		size_t m_OffsetInLayer;
 		IDnsResource* m_NextResource;
 		std::string m_DecodedName;
+		std::string m_DecodedNameLower;
 		size_t m_NameLength;
 		uint8_t* m_ExternalRawData;
 
@@ -83,6 +84,11 @@ class IDnsResource
 		 */
 		const std::string& getName() const { return m_DecodedName; }
 
+		/**
+		 * @return The name of this record in lower case
+		 */
+		const std::string& getNameLower() const { return m_DecodedNameLower; }
+
 		/**
 		 * @return The record name's offset in the packet
 		 */

src/handlers/dns/DnsStreamHandler.cpp

@@ -20,6 +20,8 @@
 
 namespace visor::handler::dns {
 
+thread_local DnsStreamHandler::DnsCacheData DnsStreamHandler::_cached_dns_layer;
+
 DnsStreamHandler::DnsStreamHandler(const std::string &name, InputStream *stream, const Configurable *window_config, StreamHandler *handler)
     : visor::StreamMetricsHandler<DnsMetricsManager>(name, window_config)
 {
@@ -161,9 +163,14 @@ void DnsStreamHandler::process_udp_packet_cb(pcpp::Packet &payload, PacketDirect
         metric_port = dst_port;
     }
     if (metric_port) {
-        DnsLayer dnsLayer(udpLayer, &payload);
-        if (!_filtering(dnsLayer, dir, l3, pcpp::UDP, metric_port, stamp)) {
-            _metrics->process_dns_layer(dnsLayer, dir, l3, pcpp::UDP, flowkey, metric_port, _static_suffix_size, stamp);
+        if (flowkey != _cached_dns_layer.flowKey || stamp.tv_sec != _cached_dns_layer.timestamp.tv_sec || stamp.tv_nsec != _cached_dns_layer.timestamp.tv_nsec) {
+            _cached_dns_layer.flowKey = flowkey;
+            _cached_dns_layer.timestamp = stamp;
+            _cached_dns_layer.dnsLayer = std::make_unique<DnsLayer>(udpLayer, &payload);
+        }
+        auto dnsLayer = _cached_dns_layer.dnsLayer.get();
+        if (!_filtering(*dnsLayer, dir, l3, pcpp::UDP, metric_port, stamp)) {
+            _metrics->process_dns_layer(*dnsLayer, dir, l3, pcpp::UDP, flowkey, metric_port, _static_suffix_size, stamp);
             _static_suffix_size = 0;
             // signal for chained stream handlers, if we have any
             udp_signal(payload, dir, l3, flowkey, stamp);
@@ -317,10 +324,7 @@ bool DnsStreamHandler::_filtering(DnsLayer &payload, [[maybe_unused]] PacketDire
         if (!payload.parseResources(true) || payload.getFirstQuery() == nullptr) {
             goto will_filter;
         }
-        // we need an all lower case version of this, we can't get away without making a copy
-        std::string qname_ci{payload.getFirstQuery()->getName()};
-        std::transform(qname_ci.begin(), qname_ci.end(), qname_ci.begin(),
-            [](unsigned char c) { return std::tolower(c); });
+        std::string_view qname_ci = payload.getFirstQuery()->getNameLower();
         for (const auto &fqn : _f_qnames) {
             // if it matched, we know we are not filtering
             if (endsWith(qname_ci, fqn)) {
@@ -604,9 +608,7 @@ void DnsMetricsBucket::process_dns_layer(bool deep, DnsLayer &payload, pcpp::Pro
     auto query = payload.getFirstQuery();
     if (query) {
 
-        auto name = query->getName();
-        std::transform(name.begin(), name.end(), name.begin(),
-            [](unsigned char c) { return std::tolower(c); });
+        auto name = query->getNameLower();
 
         if (group_enabled(group::DnsMetrics::Cardinality)) {
             _dns_qnameCard.update(name);

src/handlers/dns/DnsStreamHandler.h

@@ -241,6 +241,13 @@ class DnsStreamHandler final : public visor::StreamMetricsHandler<DnsMetricsMana
 {
     static constexpr size_t DNSTAP_TYPE_SIZE = 15;
 
+    struct DnsCacheData {
+        uint32_t flowKey = 0;
+        timespec timestamp = timespec();
+        std::unique_ptr<DnsLayer> dnsLayer;
+    };
+    static thread_local DnsCacheData _cached_dns_layer;
+
     // the input stream sources we support (only one will be in use at a time)
     PcapInputStream *_pcap_stream{nullptr};
     MockInputStream *_mock_stream{nullptr};

src/handlers/dns/querypairmgr.h

@@ -6,7 +6,7 @@
 
 #include <chrono>
 #include <memory>
-#include <unordered_map>
+#include <robin_hood.h>
 
 namespace visor::handler::dns {
 
@@ -32,7 +32,7 @@ class QueryResponsePairMgr
 {
 
     using DnsXactID = std::pair<uint32_t, uint16_t>;
-    typedef std::unordered_map<DnsXactID, DnsTransaction, hash_pair> DnsXactMap;
+    typedef robin_hood::unordered_map<DnsXactID, DnsTransaction, hash_pair> DnsXactMap;
 
     unsigned int _ttl_secs;
     DnsXactMap _dns_transactions;