add separate query counters for new protocols

Add query counters for DoT, DoH, unencrypted DoH and their proxied counterparts. The protocols don't increment TCP/UDP counters anymore since they aren't the same as plain DNS-over-53.
2025-09-05 09:05:40 +00:00 · 2024-10-04 13:14:52 +03:00
parent 44de1d5bef
commit d987e2d745
5 changed files with 131 additions and 5 deletions
--- a/lib/ns/query.c
+++ b/lib/ns/query.c
@@ -5622,11 +5622,84 @@ ns__query_start(query_ctx_t *qctx) {
 		}
 		qctx->client->query.authdbset = true;

-		/* Track TCP vs UDP stats per zone */
-		if (TCP(qctx->client)) {
-			inc_stats(qctx->client, ns_statscounter_tcp);
-		} else {
+		isc_nmhandle_t *handle = qctx->client->handle;
+
+		/* Track protocol stats per zone */
+		switch (isc_nm_socket_type(handle)) {
+		case isc_nm_httpsocket:
+			switch (isc_nmhandle_proxy_type(handle)) {
+			case ISC_NM_PROXY_ENCRYPTED:
+				/* Encrypted PROXYv2 cannot carry plain DoH */
+				INSIST(isc_nm_has_encryption(handle));
+				inc_stats(qctx->client,
+					  ns_statscounter_encryptedproxydoh);
+				break;
+			case ISC_NM_PROXY_PLAIN:
+				if (isc_nm_has_encryption(handle)) {
+					inc_stats(qctx->client,
+						  ns_statscounter_proxydoh);
+				} else {
+					inc_stats(
+						qctx->client,
+						ns_statscounter_proxydohplain);
+				}
+				break;
+			case ISC_NM_PROXY_NONE:
+				if (isc_nm_has_encryption(handle)) {
+					inc_stats(qctx->client,
+						  ns_statscounter_doh);
+				} else {
+					inc_stats(qctx->client,
+						  ns_statscounter_dohplain);
+				}
+				break;
+			}
+			break;
+		case isc_nm_streamdnssocket:
+			switch (isc_nmhandle_proxy_type(handle)) {
+			case ISC_NM_PROXY_ENCRYPTED:
+				inc_stats(qctx->client,
+					  ns_statscounter_encryptedproxydot);
+				break;
+			case ISC_NM_PROXY_PLAIN:
+				if (isc_nm_has_encryption(handle)) {
+					inc_stats(qctx->client,
+						  ns_statscounter_proxydot);
+
+				} else {
+					/*
+					 * If the StreamDNS socket doesn't have
+					 * encryption, it has to be plain TCP
+					 * DNS.
+					 */
+					inc_stats(qctx->client,
+						  ns_statscounter_proxytcp);
+				}
+				break;
+			case ISC_NM_PROXY_NONE:
+				if (isc_nm_has_encryption(handle)) {
+					inc_stats(qctx->client,
+						  ns_statscounter_dot);
+				} else {
+					/*
+					 * If the StreamDNS socket doesn't have
+					 * encryption, it has to be plain TCP
+					 * DNS.
+					 */
+					inc_stats(qctx->client,
+						  ns_statscounter_tcp);
+				}
+				break;
+			}
+			break;
+		case isc_nm_proxyudpsocket:
+			inc_stats(qctx->client, ns_statscounter_proxyudp);
+			break;
+		case isc_nm_udpsocket:
 			inc_stats(qctx->client, ns_statscounter_udp);
+			break;
+		default:
+			UNREACHABLE();
 		}
 	}