Giter Club home page Giter Club logo

flamethrower's Introduction

Flamethrower

A DNS performance and functional testing utility.

2017-2022© NSONE, Inc.

Overview

Flamethrower is a small, fast, configurable tool for functional testing, benchmarking, and stress testing DNS servers and networks. It supports IPv4, IPv6, UDP, TCP, DoT, and DoH and has a modular system for generating queries used in the tests.

Originally built as an alternative to dnsperf, many of the command line options are compatible.

Getting Started

The easiest way to get started with Flamethrower is to use the public docker image:

docker pull ns1labs/flame
docker run ns1labs/flame --help

There are currently no prebuilt operating system packages. If you would like to build your own executable, please see the Build section below.

Usage

Current command line options are described with:

flame --help

Quick Examples

Flame localhost port 53, UDP, maximum speed:

flame localhost

Flame target, port 5300, TCP:

flame -p 5300 -P tcp target.test.com

Flame target, port 443, DoT:

flame -p 443 -P dot target.test.com

Flame target, DNS over HTTPS GET:

flame -P doh target.test.com/dns-query

Flame target, DNS over HTTPS POST:

flame -P doh -M POST target.test.com/dns-query

Flame target with random labels:

flame target.test.com -g randomlabel lblsize=10 lblcount=4 count=1000

Flame multiple target at once, reading the list from a file:

flame file --targets myresolvers.txt

Detailed Features

Query Generators

Flamethrower uses a modular system for generating queries. Most modules generate all queries before sending begins, for performance reasons. Each module may include its own list of configuration options which can be set via key/value pairs on the command line. See full --help for the current list of generators and their options.

Rate Limiting

By default, Flamethrower will send traffic as fast as possible. To limit to a specific overall queries per second, use -Q

Dynamic QPS Flow

Flamethrower can adjust its QPS flow over time. This is useful for generating a "signal" of traffic (e.g. a square wave) for calibrating metrics collection. For example, to send 10 QPS for 120000ms, then 80 QPS for 120000ms, etc use --qps-flow "10,120000;80,120000;10,120000;". Flow change will not loop, you should list as many changes as necessary. Once the flow reaches the final QPS number, it will hold it until program termination.

Output Metrics

Flamethrower can generate detailed metrics for each of its concurrent senders. Metrics include send and receive counts, timeouts, min, max and average latency, errors, and the like. The output format is JSON, and is suitable for ingestion into databases such as Elastic for further processing or visualization. See the -o flag.

Concurrency

Flamethrower is single threaded, async i/o. You specify the amount of concurrent senders with the -c option. Each of these senders will send a configurable number of consecutive queries (see -q), then enter a configurable delay period (see -d) before looping.

Each concurrent sender will pull the next query from the total queries generated by the Query Generator, looping once it reaches the end of the query list (if the program is configured to continue).

There is currently no built-in support for multiprocess sending, so the maximum throughput will be reached once a single CPU is saturated. However, you may manually start several concurrent flame processes, including up to 1 per CPU available. There is future planned support for builtin multiprocess sending.

Build Dependencies

  • CMake >= 3.8
  • Linux or OSX
  • libuv >= 1.30.0
  • libldns >= 1.7.0
  • gnutls >= 3.3
  • C++ compiler supporting C++17

Optional DoH support requires:

  • nghttp2

Optional dependencies:

  • docopt
  • nlohmann-json >= 3.7.3
  • cpp-httplib
  • uvw >= 1.18.0

Building

Building is based on CMake.

Default build:

mkdir build; cd build
cmake ..
make

To build with DoH support:

mkdir build; cd build
cmake -DDOH_ENABLE=ON ..
make

Building the docker image:

docker build . --tag ns1labs/flame --file Dockerfile
docker run --rm --net host ns1labs/flame --help

Contributions

Pull Requests and issues are welcome. See the NS1 Contribution Guidelines for more information.

License

This code is released under Apache License 2.0. You can find terms and conditions in the LICENSE file.

flamethrower's People

Contributors

arbv avatar blake-latchford avatar elindsey avatar fcelda avatar jamesph3 avatar jwijenbergh avatar marka63 avatar nicki-krizek avatar pemensik avatar rgacogne avatar saradickinson avatar supernomad avatar vanstratum avatar weyrick avatar yantarou avatar zach-johnson avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Forkers

shmup pcarboni sinodun emuhedo tjwallas sasqwatch cesarvr jonasbb nicki-krizek jwijenbergh pemensik elindsey weyrick fyodorr yantarou msiva21 fnickels zombie-technology backbonecabal peerix vanstratum arbv saradickinson kramelec marka63 azurecloudmonk van-scott keylase etienne-lelouet rgacogne jamesph3 lgtm-migrator nohupped bryanchance yagikota mno-hime

flamethrower's Issues

numberqname generator error handling is confusing 

# flame -P tcp -g numberqname -r test. 127.0.0.2
binding to 0.0.0.0
flaming target(s) [127.0.0.2] on port 53 with 30 concurrent generators, each sending 100 queries every 1000ms on protocol tcp
query generator [numberqname] contains 0 record(s)
terminate called after throwing an instance of 'std::runtime_error'
  what():  tcp unsupported
Aborted (core dumped)
# rpm -q flamethrower
flamethrower-0.11.0-12.fc37.x86_64

Is something wrong with my build or flamethrower indeed cannot measure TCP, but can measure dot from the same binary?

make error

OS: CentOS Linux release 7.7.1908
cmake: 3.17.0-rc3
ldns: ldns-1.7.1
libuv: libuv-v1.35.0
openssl: openssl-1.1.1e
gcc: upgrade to gcc-8.4.0

cmake is happy:
-- The host system is: Linux-3.10.0-1062.18.1.el7.x86_64.
-- Project base dir is: /home/software/flamethrower-master
-- Configuring done
-- Generating done
-- Build files have been written to: /home/software/flamethrower-master/build

When I execute the make, it does not compile:
In file included from /home/software/flamethrower-master/flame/metrics.cpp:7:0:
/home/software/flamethrower-master/3rd/json/json.hpp:128:10: 错误:#error "unsupported GCC version - see https://github.com/nlohmann/json#supported-compilers"
#error "unsupported GCC version - see https://github.com/nlohmann/json#supported-compilers"
^
In file included from /home/software/flamethrower-master/3rd/uvw/uvw/resource.hpp:6:0,
from /home/software/flamethrower-master/3rd/uvw/uvw/handle.hpp:8,
from /home/software/flamethrower-master/3rd/uvw/uvw/async.hpp:7,
from /home/software/flamethrower-master/3rd/uvw/uvw.hpp:1,
from /home/software/flamethrower-master/flame/metrics.h:12,
from /home/software/flamethrower-master/flame/metrics.cpp:8:
/home/software/flamethrower-master/3rd/uvw/uvw/emitter.hpp:24:37: 错误:需要类型限定
template<typename U, typename = std::enable_if_t<std::is_integral::value>>
^
/home/software/flamethrower-master/3rd/uvw/uvw/emitter.hpp:24:37: 错误:需要 ‘>’
/home/software/flamethrower-master/3rd/uvw/uvw/emitter.hpp: 在成员函数‘bool uvw::Emitter::Handler::empty() const’中:
/home/software/flamethrower-master/3rd/uvw/uvw/emitter.hpp:102:35: 错误:形参声明为‘auto’
auto pred = [](auto &&element){ return element.first; };
^
/home/software/flamethrower-master/3rd/uvw/uvw/emitter.hpp: 在 lambda 函数中:
/home/software/flamethrower-master/3rd/uvw/uvw/emitter.hpp:102:52: 错误:‘element’在此作用域中尚未声明
auto pred = [](auto &&element){ return element.first; };
^
/home/software/flamethrower-master/3rd/uvw/uvw/emitter.hpp: 在成员函数‘void uvw::Emitter::Handler::clear()’中:
/home/software/flamethrower-master/3rd/uvw/uvw/emitter.hpp:110:39: 错误:形参声明为‘auto’
auto func = [](auto &&element){ element.first = true; };
^
/home/software/flamethrower-master/3rd/uvw/uvw/emitter.hpp: 在 lambda 函数中:
/home/software/flamethrower-master/3rd/uvw/uvw/emitter.hpp:110:49: 错误:‘element’在此作用域中尚未声明
auto func = [](auto &&element){ element.first = true; };
^
/home/software/flamethrower-master/3rd/uvw/uvw/emitter.hpp: 在成员函数‘void uvw::Emitter::Handler::erase(uvw::Emitter::Handler::Connection)’中:
/home/software/flamethrower-master/3rd/uvw/uvw/emitter.hpp:131:39: 错误:形参声明为‘auto’
auto pred = [](auto &&element){ return element.first; };
^
/home/software/flamethrower-master/3rd/uvw/uvw/emitter.hpp: 在 lambda 函数中:
/home/software/flamethrower-master/3rd/uvw/uvw/emitter.hpp:131:56: 错误:‘element’在此作用域中尚未声明
auto pred = [](auto &&element){ return element.first; };
^
/home/software/flamethrower-master/3rd/uvw/uvw/emitter.hpp: 在成员函数‘void uvw::Emitter::Handler::publish(E, T&)’中:
/home/software/flamethrower-master/3rd/uvw/uvw/emitter.hpp:141:47: 错误:形参声明为‘auto’
auto func = [&event, &ref](auto &&element) {
^
/home/software/flamethrower-master/3rd/uvw/uvw/emitter.hpp: 在 lambda 函数中:
/home/software/flamethrower-master/3rd/uvw/uvw/emitter.hpp:142:24: 错误:‘element’在此作用域中尚未声明
return element.first ? void() : element.second(event, ref);
^
/home/software/flamethrower-master/3rd/uvw/uvw/emitter.hpp: 在成员函数‘void uvw::Emitter::Handler::publish(E, T&)’中:
/home/software/flamethrower-master/3rd/uvw/uvw/emitter.hpp:152:37: 错误:形参声明为‘auto’
onL.remove_if([](auto &&element){ return element.first; });
^
/home/software/flamethrower-master/3rd/uvw/uvw/emitter.hpp: 在 lambda 函数中:
/home/software/flamethrower-master/3rd/uvw/uvw/emitter.hpp:152:54: 错误:‘element’在此作用域中尚未声明
onL.remove_if([](auto &&element){ return element.first; });
^
/home/software/flamethrower-master/3rd/uvw/uvw/emitter.hpp: 在成员函数‘uvw::Emitter::Handler& uvw::Emitter::handler()’中:
/home/software/flamethrower-master/3rd/uvw/uvw/emitter.hpp:181:29: 错误:‘make_unique’不是‘std’的成员
handlers[type] = std::make_unique<Handler>();
^
/home/software/flamethrower-master/3rd/uvw/uvw/emitter.hpp:181:55: 错误:expected primary-expression before ‘>’ token
handlers[type] = std::make_unique<Handler>();
^
/home/software/flamethrower-master/3rd/uvw/uvw/emitter.hpp:181:58: 错误:expected primary-expression before ‘)’ token
handlers[type] = std::make_unique<Handler>();
^
/home/software/flamethrower-master/3rd/uvw/uvw/emitter.hpp: 在成员函数‘void uvw::Emitter::clear()’中:
/home/software/flamethrower-master/3rd/uvw/uvw/emitter.hpp:286:33: 错误:形参声明为‘auto’

Package name in CMakeLists.txt is not correct (for me)

While packaging this for Arch Linux, I've realized that the provided CMakeLists.txt file is not working for me out of-the-box. The offending line is this:

pkg_check_modules(LIBLDNS REQUIRED libldns)

I'm not a CMake expert, changing the libldns to ldns with some sed magic fixed the issue for me:

sed -i 's/libldns/ldns/' CMakeLists.txt

ldns is also the name of the package on Arch Linux, which provides the necessary include files, etc. so you probably want to add in some conditionals here to be more universal and not assume libdns in all cases.

DoH issues when running inside Docker, works fine from a native build (Ubuntu 20.04 LTS)

Get the following when I run Flamethrower from inside Docker on Ubuntu 20.04 LTS:

$ docker run -it --network=host ns1labs/flame -c 1 -d 250 -q 1 -l 3 -r www.example.com -T AAAA -P doh -M POST 1.1.1.1/dns-query
binding to 0.0.0.0
flaming target(s) [1.1.1.1] on port 443 with 1 concurrent generators, each sending 1 queries every 250ms on protocol doh
query generator [static] contains 1 record(s)
0.998839s: send: 1, avg send: 1, recv: 1, avg recv: 1, min/avg/max resp: 0/0/0ms, in flight: 1, timeouts: 0
1.9991s: send: 0, avg send: 1, recv: 0, avg recv: 1, min/avg/max resp: 0/-nan/0ms, in flight: 1, timeouts: 0
2.99925s: send: 0, avg send: 1, recv: 0, avg recv: 1, min/avg/max resp: 0/-nan/0ms, in flight: 1, timeouts: 0
stopping, waiting up to 3s for in flight to finish...

------
run id      : 7fff46e52030
run start   : 2022-05-25T19:28:55Z
runtime     : 5.99976 s
total sent  : 1
total rcvd  : 1
min resp    : 0 ms
avg resp    : -nan ms
max resp    : 0 ms
avg r qps   : 1
avg s qps   : 1
avg pkt     : 44 bytes
tcp conn.   : 1
timeouts    : 1 (100%)
bad recv    : 0
net errors  : 0

$

When I build a brand new Ubuntu 20.04 LTS VM and install with:

$ sudo apt-get -y install g++ cmake libuv1-dev libldns-dev libgnutls28-dev libnghttp2-dev
$ git clone https://github.com/DNS-OARC/flamethrower.git
$ cd flamethrower
$ git checkout v0.11.0
$ mkdir build
$ cd build
$ cmake -DDOH_ENABLE=ON -DCMAKE_BUILD_TYPE=RelWithDebInfo ..
$ make

Suddenly, the same command works:

$ ./flame -c 1 -d 250 -q 1 -l 3 -r www.example.com -T AAAA -P doh -M POST 1.1.1.1/dns-query
binding to 0.0.0.0
flaming target(s) [1.1.1.1] on port 443 with 1 concurrent generators, each sending 1 queries every 250ms on protocol doh
query generator [static] contains 1 record(s)
0.989642s: send: 4, avg send: 4, recv: 4, avg recv: 4, min/avg/max resp: 3.42364/5.12165/9.67314ms, in flight: 1, timeouts: 0
1.99028s: send: 4, avg send: 4, recv: 4, avg recv: 4, min/avg/max resp: 2.46321/3.11916/3.69559ms, in flight: 1, timeouts: 0
2.99026s: send: 4, avg send: 4, recv: 4, avg recv: 4, min/avg/max resp: 6.76499/14.2015/29.0805ms, in flight: 1, timeouts: 0

------
run id      : 7ffd0b5ec660
run start   : 2022-05-25T19:04:52Z
runtime     : 2.99232 s
total sent  : 12
total rcvd  : 12
min resp    : 2.46321 ms
avg resp    : 7.48076 ms
max resp    : 29.0805 ms
avg r qps   : 4
avg s qps   : 4
avg pkt     : 44 bytes
tcp conn.   : 12
timeouts    : 0 (0%)
bad recv    : 0
net errors  : 0
responses   :
  NOERROR: 12

$

DoH test ended with SIGSEGV

Hi, I just tested 0.11.0 build with backported http_parser usage to ensure it is no broken.

However, it received few crashes. Now always and reliable. I did just cherry pick current latest commit, it might be fixed by few missing commits already.

Core was generated by `./flame -P doh https://cloudflare-dns.com/dns-query'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0  0x00007f13b3e9fd36 in free_streams (entry=0x55a6acf31990, ptr=ptr@entry=0x55a6acfe28f0)
    at /usr/src/debug/nghttp2-1.43.0-2.fc34.x86_64/lib/nghttp2_session.c:680
680	  if (item && !item->queued && item != session->aob.item) {
Missing separate debuginfos, use: dnf debuginfo-install cyrus-sasl-lib-2.1.27-8.fc34.x86_64 docopt-cpp-0.6.3-1.fc35.x86_64 glibc-2.33-20.fc34.x86_64 gmp-6.2.0-6.fc34.x86_64 gnutls-3.7.2-1.fc34.x86_64 http-parser-2.9.4-4.fc34.x86_64 keyutils-libs-1.6.1-2.fc34.x86_64 krb5-libs-1.19.1-14.fc34.x86_64 ldns-1.7.1-4.fc34.x86_64 libcom_err-1.45.6-5.fc34.x86_64 libffi-3.1-28.fc34.x86_64 libgcc-11.2.1-1.fc34.x86_64 libstdc++-11.2.1-1.fc34.x86_64 libtasn1-4.16.0-4.fc34.x86_64 libunistring-0.9.10-10.fc34.x86_64 libuv-1.41.0-1.fc34.x86_64 nettle-3.7.3-1.fc34.x86_64 opencryptoki-libs-3.16.0-1.fc34.x86_64 openldap-2.4.57-5.fc34.x86_64 opensc-0.21.0-4.fc34.x86_64 openssl-libs-1.1.1k-1.fc34.x86_64 p11-kit-trust-0.23.22-3.fc34.x86_64 pcre2-10.36-4.fc34.x86_64 systemd-libs-248.6-1.fc34.x86_64 zlib-1.2.11-26.fc34.x86_64
(gdb) bt
#0  0x00007f13b3e9fd36 in free_streams (entry=0x55a6acf31990, ptr=ptr@entry=0x55a6acfe28f0)
    at /usr/src/debug/nghttp2-1.43.0-2.fc34.x86_64/lib/nghttp2_session.c:680
#1  0x00007f13b3ea26c8 in nghttp2_map_each_free (func=<optimized out>, ptr=0x55a6acfe28f0, map=0x55a6acfe28f0)
    at /usr/src/debug/nghttp2-1.43.0-2.fc34.x86_64/lib/nghttp2_map.c:79
#2  nghttp2_session_del (session=0x55a6acfe28f0)
    at /usr/src/debug/nghttp2-1.43.0-2.fc34.x86_64/lib/nghttp2_session.c:755
#3  0x00007f13b4651d8a in HTTPSSession::~HTTPSSession (this=<optimized out>, this=<optimized out>)
    at /home/pemensik/fedora/flamethrower/flamethrower-0.11.0/flame/httpssession.cpp:42
#4  0x00007f13b461bc4a in std::_Sp_counted_base<(__gnu_cxx::_Lock_policy)2>::_M_release (this=0x55a6acf5d7f0)
    at /usr/include/c++/11/bits/shared_ptr_base.h:168
#5  0x00007f13b46469dd in std::__shared_count<(__gnu_cxx::_Lock_policy)2>::~__shared_count (this=<optimized out>, 
    this=<optimized out>) at /usr/include/c++/11/bits/shared_ptr_base.h:705
#6  std::__shared_ptr<TCPSession, (__gnu_cxx::_Lock_policy)2>::~__shared_ptr (this=<optimized out>, 
    this=<optimized out>) at /usr/include/c++/11/bits/shared_ptr_base.h:1154
#7  std::__shared_ptr<TCPSession, (__gnu_cxx::_Lock_policy)2>::reset (this=<optimized out>)
    at /usr/include/c++/11/bits/shared_ptr_base.h:1272
#8  operator() (event=..., h=..., __closure=0x55a6ad20a508)
    at /home/pemensik/fedora/flamethrower/flamethrower-0.11.0/flame/trafgen.cpp:194
#9  std::__invoke_impl<void, TrafGen::start_tcp_session()::<lambda(uvw::CloseEvent&, uvw::TcpHandle&)>&, uvw::CloseEvent&, uvw::TcpHandle&> (__f=...) at /usr/include/c++/11/bits/invoke.h:61
#10 std::__invoke_r<void, TrafGen::start_tcp_session()::<lambda(uvw::CloseEvent&, uvw::TcpHandle&)>&, uvw::CloseEvent&, uvw::TcpHandle&> (__fn=...) at /usr/include/c++/11/bits/invoke.h:111
#11 std::_Function_handler<void(uvw::CloseEvent&, uvw::TcpHandle&), TrafGen::start_tcp_session()::<lambda(uvw::CloseEvent&, uvw::TcpHandle&)> >::_M_invoke(const std::_Any_data &, uvw::CloseEvent &, uvw::TcpHandle &) (__functor=..., 
    __args#0=..., __args#1=...) at /usr/include/c++/11/bits/std_function.h:291
#12 0x00007f13b464024b in std::function<void (uvw::TimerEvent&, uvw::TimerHandle&)>::operator()(uvw::TimerEvent&, uvw::TimerHandle&) const (__args#1=..., __args#0=..., this=<optimized out>) at /usr/include/c++/11/bits/std_function.h:560
#13 uvw::Emitter<uvw::TcpHandle>::Handler<uvw::CloseEvent>::publish(uvw::CloseEvent, uvw::TcpHandle&)::{lambda(auto:1&&)#1}::operator()<std::pair<bool, std::function<void (uvw::CloseEvent&, uvw::TcpHandle&)> >&>(std::pair<bool, std::function<void (uvw::CloseEvent&, uvw::TcpHandle&)> >&) const (__closure=<optimized out>, __closure=<optimized out>, element=...)
    at /home/pemensik/fedora/flamethrower/flamethrower-0.11.0/3rd/uvw/uvw/emitter.hpp:142
#14 uvw::Emitter<uvw::TcpHandle>::Handler<uvw::CloseEvent>::publish(uvw::CloseEvent, uvw::TcpHandle&)::{lambda(auto:1&&)#1}::operator()<std::pair<bool, std::function<void (uvw::CloseEvent&, uvw::TcpHandle&)> >&>(std::pair<bool, std::function<void (uvw::CloseEvent&, uvw::TcpHandle&)> >&) const (element=..., __closure=<synthetic pointer>)
    at /home/pemensik/fedora/flamethrower/flamethrower-0.11.0/3rd/uvw/uvw/emitter.hpp:141
#15 std::for_each<std::reverse_iterator<std::_List_iterator<std::pair<bool, std::function<void (uvw::CloseEvent&, uvw::TcpHandle&)> > > >, uvw::Emitter<uvw::TcpHandle>::Handler<uvw::CloseEvent>::publish(uvw::CloseEvent, uvw::TcpHandle&)::{lambda(auto:1&&)#1}>(std::reverse_iterator<std::_List_iterator<std::pair<bool, std::function<void (uvw::CloseEvent&, uvw::TcpHandle&)> > > >, std::reverse_iterator<std::_List_iterator<std::pair<bool, std::function<void (uvw::CloseEvent&, uvw::Tc--Type <RET> for more, q to quit, c to continue without paging--
pHandle&)> > > >, uvw::Emitter<uvw::TcpHandle>::Handler<uvw::CloseEvent>::publish(uvw::CloseEvent, uvw::TcpHandle&)::{lambda(auto:1&&)#1}) (__f=..., __last=..., __first=...) at /usr/include/c++/11/bits/stl_algo.h:3820
#16 uvw::Emitter<uvw::TcpHandle>::Handler<uvw::CloseEvent>::publish (ref=..., event=..., this=0x55a6ad0c3840)
    at /home/pemensik/fedora/flamethrower/flamethrower-0.11.0/3rd/uvw/uvw/emitter.hpp:147
#17 uvw::Emitter<uvw::TcpHandle>::publish<uvw::CloseEvent> (event=..., this=0x55a6acf59c58)
    at /home/pemensik/fedora/flamethrower/flamethrower-0.11.0/3rd/uvw/uvw/emitter.hpp:190
#18 uvw::Handle<uvw::TcpHandle, uv_tcp_s>::closeCallback (handle=<optimized out>)
    at /home/pemensik/fedora/flamethrower/flamethrower-0.11.0/3rd/uvw/uvw/handle.hpp:36
#19 0x00007f13b45af9b5 in uv_run () from /lib64/libuv.so.1
#20 0x000055a6abff6452 in uvw::Loop::run<(uvw::details::UVRunMode)0> (this=<optimized out>)
    at /home/pemensik/fedora/flamethrower/flamethrower-0.11.0/3rd/uvw/uvw/loop.hpp:307
#21 main (argc=<optimized out>, argv=<optimized out>)
    at /home/pemensik/fedora/flamethrower/flamethrower-0.11.0/flame/main.cpp:509

Is this one of issues already fixed?

Is it possible to run DoH test with Insecure mode"

Hi,

I want to run performance testing on a private DoH server with self sign cert, but I found http2 sent "Encrypted Alert" after encrypted handshake and it fail to sent a DoH request with an error below,

root@mypz:~# ./flame -P 10.1.2.101/dns-query -c 1 -q 1
binding traffic generators to 0.0.0.0
flaming target(s) [10.1.2.101] on port 443 with 1 concurrent generators, each sending 1 queries every 1000ms on protocol doh
query generator [static] contains 1 record(s)
Cannot get alpn
HTTP2 failed in sending data
HTTP2 failed in sending data

image

Is it possible to run with insecure mode to disable TLS certificate verification ?

Regards,

Number of concurrent traffic generators per process in documentation

The documentation says that the number of concurrent traffic generators per process defaults to 10:

      -c TCOUNT        Number of concurrent traffic generators per process [default: 10]

But when I run flame -v 99 --dnssec -P tcp -F inet -g file -f ~/Downloads/fbsddoh/query_datafile -Q 10000 -p 5300 10.53.0.2 against BIND I see rndc status reporting tcp clients: 30/50 (50 is the max TCP connections I set via the tcp-clients option).

flame/main.cpp suggests the default is 30:

        if (!arg_exists("-c", argc, argv))
            c_count = 30;

Flamethrower also reports "30 concurrent generators" on runtime:

flaming target(s) [10.53.0.2] on port 5300 with 30 concurrent generators, each sending 100 queries every 1000ms on protocol tcp

Flamethrower fails to change port on illumos

On OpenIndiana 2020.04 (an illumos distribution) Flamethrower 0.10.2 can't change port (-p 5300) and fails with:

--class: "IN"
--dnssec: true
--help: false
--qps-flow: null
--targets: null
--version: false
-F: "inet"
-P: "udp"
-Q: "10000"
-R: false
-T: "A"
-c: "10"
-d: "1"
-f: "/export/home/newman/bind-qa/bind9/stress/output/query_datafile"
-g: "file"
-l: "0"
-n: "0"
-o: null
-p: "5300"
-q: "10"
-r: "test.com"
-t: "3"
-v: "99"
GENOPTS: []
TARGET: "10.53.0.3"
unable to resolve target address: 10.53.0.3

TCP or UDP, INET or INET6 does not make a difference.

When I setup the BIND server to run on the Flamethrower's default 53 port, Flamethrower then works as expected.

CHANGELOG file

Dear NS1 people,

May be it worths adding a CHANGELOG (or HISTORY/NEWS) file ?

Thanks.

Warm regards!
Pablo.

Will multiple concurrent runners have potentially overlapping ids?

Perhaps this is the wrong place to ask this, but I noted from the docs:

"You specify the amount of concurrent senders with the -c option [..]
Each concurrent sender will pull the next query from the total queries generated by the Query Generator, looping once it reaches the end of the query list (if the program is configured to continue)."

I noted that each traffic generator creates a list of ids from 0 to 2^16 and randomly shuffles them: https://github.com/DNS-OARC/flamethrower/blob/master/flame/trafgen.cpp#L27

However, if there are multiple traffic generators, and each creates a new vector with these random ids, is it not possible that there will be multiple in-flight queries with the same id? The docs also mention starting multiple flamethrower processes and I would think this would cause a similar issue.

Is there any way around this or is it just an inescapable fact that this can happen due to the DNS protocol only having 16-bit ids?

Set the dns message id to 0 for doh requests

The doh rfc says in section 4.1 that the dns messages ids should be set to 0 to be more cache friendly. This could be useful when testing caching doh servers, or servers behind a http cache.

This would however necessitate changing the message tracking method.

PTR qtype mapping incorrect

I was testing with PTR records and noticed they were coming through as AAAA. I can see in the qtype.cpp the PTR qtype is mapped to AAAA:

} else if (qt == "PTR") {
    qtype = LDNS_RR_TYPE_AAAA;
} else if (qt == "TXT") {

Should this be updated and mapped to LDNS_RR_TYPE_PTR?

How to configure the number of queries per connection?

Hi,

I am trying to use flamethrower for a simple DNS test. I need to use TCP but it seems that the tool is sending several DNS requests per connection.

How many requests per connection are sent by default?
Is that configurable? I didn't find an option to change it.

Thanks

Darwin is not just x86

Darwin ant-1707.local 20.6.0 Darwin Kernel Version 20.6.0: Mon Aug 30 06:12:20 PDT 2021; root:xnu-7195.141.6~3/RELEASE_ARM64_T8101 arm64

/Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/c++  -I/Users/marka/git/flamethrower/tests -I/Users/marka/git/flamethrower/flame -I/opt/local/include -I/opt/local/include/p11-kit-1 -I/Users/marka/git/flamethrower/3rd/url-parser -I/Users/marka/git/flamethrower/3rd/json -I/Users/marka/git/flamethrower/3rd/uvw -isystem /Users/marka/git/flamethrower/3rd/catch -g -arch arm64 -isysroot /Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX11.3.sdk -Wall -std=c++17 -MD -MT CMakeFiles/tests.dir/tests/main.cpp.o -MF CMakeFiles/tests.dir/tests/main.cpp.o.d -o CMakeFiles/tests.dir/tests/main.cpp.o -c /Users/marka/git/flamethrower/tests/main.cpp
In file included from /Users/marka/git/flamethrower/tests/main.cpp:2:
/Users/marka/git/flamethrower/3rd/catch/catch2/catch.hpp:5123:13: error: unrecognized instruction mnemonic, did you mean: bit, cnt, hint, ins, not?
            CATCH_BREAK_INTO_DEBUGGER();
            ^
/Users/marka/git/flamethrower/3rd/catch/catch2/catch.hpp:4843:75: note: expanded from macro 'CATCH_BREAK_INTO_DEBUGGER'
    #define CATCH_BREAK_INTO_DEBUGGER() if( Catch::isDebuggerActive() ) { CATCH_TRAP(); }
                                                                          ^
/Users/marka/git/flamethrower/3rd/catch/catch2/catch.hpp:4822:34: note: expanded from macro 'CATCH_TRAP'
    #define CATCH_TRAP() __asm__("int $3\n" : : ) /* NOLINT */
                                 ^
<inline asm>:1:2: note: instantiated into assembly here
        int $3
        ^
1 error generated.
make[2]: *** [CMakeFiles/tests.dir/tests/main.cpp.o] Error 1
make[1]: *** [CMakeFiles/tests.dir/all] Error 2
make: *** [all] Error 2

uvw version 3.0 has incompatible changes to API

I have attempted to update my uvw package to new version 3.0, but it contains quite a lot of incompatible changes. There is quite a lot of renamed structures and some changes in function prototypes as well.

I have create issue requesting some backward compatibility: skypjack/uvw#285

The bad thing is current latest version does not offer anything to be able to compile with both 2.x or 3.x version. It seems to me some improvement should be done on side of uvw first.

Running with too many clients gives segfault 

# flame -P doh dnsdist.example.org/dns-query -r hello.doh-test.com -T txt -l 1 -c 2000 

Segmentation fault (core dumped)

This was compiled from source, cloned today, built with doh support as per the build instructions.
Ubuntu 22.04, 128GB ram, 32 CPU, x86_64

On this box, client values below 1015 work, anything else segfaults.

Make/tag a release

To make it easier to package this utility, git tags (and/or some official release(s)) would be helpful, so we can properly version the resulting package, just as any other piece of software.

Noisy `untracked <id>` messages during operation

It looks like when a response to a query that has been timed out is received that the program prints "untracked" + the id of the query.

Done here:

flamethrower/flame/trafgen.cpp

Lines 50 to 53 in 79a7c2e

if (_in_flight.find(id) == _in_flight.end()) {
std::cerr << "untracked " << id << std::endl;
_metrics->bad_receive(_in_flight.size());
return;

Example output in terminal:

12.9877s: send: 100, avg send: 97, recv: 55, avg recv: 38, min/avg/max resp: 470.676/1217.9/1664.83ms, in flight: 251, timeouts: 70
untracked 31873
13.9885s: send: 100, avg send: 97, recv: 47, avg recv: 38, min/avg/max resp: 350.888/1367.39/2258.5ms, in flight: 226, timeouts: 79

This can be somewhat distracting if you happen to get a many of these at once and the screen scrolls quickly.

Bind option for flame (source IP address)

Hi!
I would like to ask for the option to bind to source IP address at flame.
This feature could be useful to simulate the traffic of several clients in the same host.

Regards,

How about an option flag added to force the closing and reopening of connections for testing servers behind a load balancer?

The current mode of keeping connections open works fine for hitting a static set of DNS servers, but when targeting a load balancer in front of a set of DNS servers that scales up or down the test connections do not redistribute across the new set of targets after scale out or scale in events. I have manually restarted the test sessions to fake this kind of functionality.

I am not sure how most client resolvers behave with regard to keeping connections open with DNS servers, but if they close connections by default, or after a certain amount of inactivity, I think this should be the default behavior of flamethrower as it would represent real-world behavior, and if they don't then obviously the current behavior is fine.

I think simply forcing connections to open and close with each burst of queries would resolve this issue, and imagine it could be a simple binary option flag.

response times discrepancies using -q and -d Vs -Q

I'm observing large discrepancies in response times when using flamethrower with -q -d vs -Q, in what seems to be equivalent parameters:

-q 15 -d 1000 -c 100 vs -Q 1500 -c 100
~1500 QPS for both cases
30ms vs 4ms average response times respectively.

Test setup:

  • digital ocean droplet host: 8cpu/16gb RAM (CPU-Optimized)
  • running dns in authoritative mode
  • Single zone with single A record testrecord.example.com
  • Flamethrower commands
    a) docker run --rm ns1labs/flame 10.118.0.3 -q 15 -d 1000 -c 100 -r testrecord.example.com -T A -o test-a.json -v 4 -l 60
    b) docker run --rm ns1labs/flame 10.118.0.3 -Q 1500 -c 100 -r testrecord.example.com -T A -o test-b.json -v 4 -l 60

Results:

-q 15 -d 1000 -c 100                   -Q 1500 -c 100
--------------------                   --------------
run id      : 7fff24010170             : 7ffe0393aad0
run start   : 2021-09-01T18:02:49Z     : 2021-09-01T18:05:57Z
runtime     : 62.8054 s                : 59.7964 s
total sent  : 90000                    : 89600
total rcvd  : 86597                    : 89600
min resp    : 9.42086 ms               : 1.05053 ms
avg resp    : 30.8278 ms               : 3.9897 ms
max resp    : 58.0175 ms               : 31.3559 ms
avg r qps   : 1431                     : 1477
avg s qps   : 1500                     : 1477
avg pkt     : 51 bytes                 : 51 bytes
tcp conn.   : 0                        : 0
timeouts    : 3403 (3.78111%)          : 0 (0%) 
bad recv    : 0                        : 0
net errors  : 0                        : 0
responses   : NOERROR: 86597           : NOERROR: 89600

Is this possibly a bug?

Possible interop problems with other DoH servers.

I've made a couple of attempts to get Flamethrower working against DoH servers in a test harness environment running Ubuntu 20.04.1 LTS, and so far I'm not having any luck.

My first attempt was to deploy Apache 2.4.41 as the HTTP/2 service handler/muxer and DoH Server desribed here: https://github.com/m13253/dns-over-https

The only major differences in my deplpyment are the DoH server and Apache are not on the same box (mostly for tcpdump and troubleshooting reasons), and the fact I'm not using OSCP stapling or a real CA signed cert, which as far as I know should be perfectly fine for an isolated test harness.

My Apache 2.4.41 config is very simple, and just terminates the H2 connection and proxies the query to the DoH server:

<IfModule mod_ssl.c>
        SSLProtocol TLSv1.2
        SSLHonorCipherOrder On
        SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+3DES:!aNULL:!MD5:!DSS:!eNULL:!EXP:!LOW:!MD5
        # SSLUseStapling on
        # SSLStaplingCache shmcb:/var/lib/apache2/stapling_cache(512000)

<VirtualHost _default_:443>
        ServerName kurochan
        Protocols h2 http/1.
        ProxyPass /dns-query http://10.10.20.20:8053/dns-query
        ProxyPassReverse /dns-query http://10.10.20.20:8053/dns-query

        #   SSL Engine Switch:
        #   Enable/Disable SSL for this virtual host.
        SSLEngine on

        #   A self-signed (snakeoil) certificate can be created by installing
        #   the ssl-cert package. See
        #   /usr/share/doc/apache2.2-common/README.Debian.gz for more info.
        #   If both key and certificate are stored in the same file, only the
        #   SSLCertificateFile directive is needed.
        SSLCertificateFile    /etc/ssl/certs/ssl-cert-snakeoil.pem
        SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key

        ErrorLog /var/log/apache2/error.log

        # Possible values include: debug, info, notice, warn, error, crit,
        # alert, emerg.
        LogLevel debug

        CustomLog /var/log/apache2/ssl_access.log combined

</VirtualHost>
</IfModule>

When I use a DoH test client such as the doh-client that comes with facebookexperimental's doh-proxy (https://github.com/facebookexperimental/doh-proxy), it works just fine, as shown here:

root@planck2:~# doh-client-fb --qname www.doh1.com --qtype A --domain 10.10.20.21 --remote-address 10.10.20.21 --insecure
2020-12-23 11:35:53,462:    DEBUG: Opening connection to 10.10.20.21
2020-12-23 11:35:53,472:    DEBUG: Query parameters: {'dns': 'AAABAAABAAAAAAAAA3d3dwRkb2gxA2NvbQAAAQAB'}
2020-12-23 11:35:53,473:    DEBUG: Stream ID: 1 / Total streams: 0
2020-12-23 11:35:53,478:    DEBUG: Response headers: [(':status', '200'), ('date', 'Wed, 23 Dec 2020 19:35:53 GMT'), ('server', 'DNS-over-HTTPS/2.2.5 (+https://github.com/m13253/dns-over-https)'), ('access-control-allow-headers', 'Content-Type'), ('access-control-allow-methods', 'GET, HEAD, OPTIONS, POST'), ('access-control-allow-origin', '*'), ('access-control-max-age', '3600'), ('cache-control', 'private, max-age=500'), ('content-type', 'application/dns-message'), ('expires', 'Wed, 23 Dec 2020 19:44:13 GMT'), ('last-modified', 'Wed, 23 Dec 2020 19:35:53 GMT'), ('vary', 'Accept'), ('x-powered-by', 'DNS-over-HTTPS/2.2.5 (+https://github.com/m13253/dns-over-https)'), ('content-length', '234')]
id 0
opcode QUERY
rcode NOERROR
flags QR AA RD RA
edns 0
payload 4096
option ECS 10.10.20.0/24 scope/0
;QUESTION
www.doh1.com. IN A
;ANSWER
www.doh1.com. 1800 IN A 10.10.10.12
www.doh1.com. 1800 IN A 10.10.10.10
www.doh1.com. 1800 IN A 10.10.10.13
www.doh1.com. 1800 IN A 10.10.10.14
www.doh1.com. 1800 IN A 10.10.10.11
;AUTHORITY
doh1.com. 1800 IN NS ns.
;ADDITIONAL
ns. 500 IN A 1.1.1.1
2020-12-23 11:35:53,485:    DEBUG: Response trailers: {}

Apache ssl_access.log:

10.10.20.20 - - [23/Dec/2020:11:35:53 -0800] "GET /dns-query?dns=AAABAAABAAAAAAAAA3d3dwRkb2gxA2NvbQAAAQAB HTTP/2.0" 200 587 "-" "-"

However when I try to run Flamethrower with extremely light serial queries pointed at the Apache server, Apache rejects the HTTP/2. It appears it does not like something about the HEADERS frame, but I'm not entirely sure what:

root@planck2:~# docker run ns1labs/flame -P doh https://10.10.20.21/dns-query -r www.doh1.com -q 1 -c 1 -d 100
binding to 0.0.0.0
flaming target(s) [10.10.20.21] on port 443 with 1 concurrent generators, each sending 1 queries every 100ms on protocol doh
query generator [static] contains 1 record(s)
0.995918s: send: 1, avg send: 1, recv: 0, avg recv: 0, min/avg/max resp: 0/-nan/0ms, in flight: 1, timeouts: 0
^C1.18096s: send: 0, avg send: 1, recv: 0, avg recv: 0, min/avg/max resp: 0/-nan/0ms, in flight: 1, timeouts: 0
stopping, waiting up to 3s for in flight to finish...

------
run id      : 7ffd9bda0320
run start   : 2020-12-23T19:50:19Z
runtime     : 4.18091 s
total sent  : 1
total rcvd  : 0
min resp    : 0 ms
avg resp    : -nan ms
max resp    : 0 ms
avg r qps   : 0
avg s qps   : 1
avg pkt     : 55 bytes
tcp conn.   : 1
timeouts    : 1 (100%)
bad recv    : 0
net errors  : 0

Apache error log:

[Wed Dec 23 11:50:19.539183 2020] [ssl:info] [pid 13986:tid 140707071219456] [client 10.10.20.20:37529] AH01964: Connection to child 13 established (server kurochan:443)
[Wed Dec 23 11:50:19.539398 2020] [ssl:debug] [pid 13986:tid 140707071219456] ssl_engine_kernel.c(2372): [client 10.10.20.20:37529] AH02645: Server name not provided via TLS extension (using default/first virtual host)
[Wed Dec 23 11:50:19.539464 2020] [ssl:debug] [pid 13986:tid 140707071219456] ssl_engine_kernel.c(2372): [client 10.10.20.20:37529] AH02645: Server name not provided via TLS extension (using default/first virtual host)
[Wed Dec 23 11:50:19.539591 2020] [core:debug] [pid 13986:tid 140707071219456] protocol.c(2257): [client 10.10.20.20:37529] AH03155: select protocol from h2,http/1., choices=h2 for server kurochan
[Wed Dec 23 11:50:19.539709 2020] [core:debug] [pid 13986:tid 140707071219456] protocol.c(2302): [client 10.10.20.20:37529] AH03156: select protocol, proposals=h2 preferences=h2,http/1. configured=h2,http/1.
[Wed Dec 23 11:50:19.539743 2020] [core:debug] [pid 13986:tid 140707071219456] protocol.c(2320): [client 10.10.20.20:37529] AH03157: selected protocol=h2
[Wed Dec 23 11:50:19.585575 2020] [ssl:debug] [pid 13986:tid 140707071219456] ssl_engine_kernel.c(2233): [client 10.10.20.20:37529] AH02041: Protocol: TLSv1.2, Cipher: ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
[Wed Dec 23 11:50:19.585748 2020] [http2:debug] [pid 13986:tid 140707071219456] h2_session.c(958): [client 10.10.20.20:37529] AH03200: h2_session(13,INIT,0): created, max_streams=100, stream_mem=32768, workers_limit=6, workers_max=37, push_diary(type=1,N=256)
[Wed Dec 23 11:50:19.585811 2020] [http2:debug] [pid 13986:tid 140707071219456] h2_session.c(1040): [client 10.10.20.20:37529] AH03201: h2_session(13,INIT,0): start, INITIAL_WINDOW_SIZE=65535, MAX_CONCURRENT_STREAMS=100
[Wed Dec 23 11:50:19.585846 2020] [http2:debug] [pid 13986:tid 140707071219456] h2_session.c(2134): [client 10.10.20.20:37529] AH03079: h2_session(13,INIT,0): started on kurochan:443
[Wed Dec 23 11:50:19.585869 2020] [http2:debug] [pid 13986:tid 140707071219456] h2_session.c(1698): [client 10.10.20.20:37529] AH03078: h2_session(13,BUSY,0): transit [INIT] -- init --> [BUSY]
[Wed Dec 23 11:50:19.585913 2020] [http2:debug] [pid 13986:tid 140707071219456] h2_session.c(593): [client 10.10.20.20:37529] AH03068: h2_session(13,BUSY,0): sent FRAME[SETTINGS[length=6, stream=0]], frames=0/1 (r/s)
[Wed Dec 23 11:50:19.585966 2020] [http2:debug] [pid 13986:tid 140707071219456] h2_session.c(593): [client 10.10.20.20:37529] AH03068: h2_session(13,BUSY,0): sent FRAME[WINDOW_UPDATE[stream=0, incr=2147418112]], frames=0/2 (r/s)
[Wed Dec 23 11:50:19.586062 2020] [http2:debug] [pid 13986:tid 140707071219456] h2_session.c(1698): [client 10.10.20.20:37529] AH03078: h2_session(13,IDLE,0): transit [BUSY] -- no io (keepalive) --> [IDLE]
[Wed Dec 23 11:50:19.629428 2020] [http2:debug] [pid 13986:tid 140707071219456] h2_session.c(341): [client 10.10.20.20:37529] AH03066: h2_session(13,IDLE,0): recv FRAME[SETTINGS[length=6, stream=0]], frames=0/2 (r/s)
[Wed Dec 23 11:50:19.629545 2020] [http2:debug] [pid 13986:tid 140707071219456] h2_session.c(341): [client 10.10.20.20:37529] AH03066: h2_session(13,IDLE,0): recv FRAME[SETTINGS[ack=1, stream=0]], frames=1/2 (r/s)
[Wed Dec 23 11:50:19.629616 2020] [http2:debug] [pid 13986:tid 140707071219456] h2_stream.c(543): [client 10.10.20.20:37529] AH03082: h2_stream(13-1,IDLE): created
[Wed Dec 23 11:50:19.629650 2020] [http2:debug] [pid 13986:tid 140707071219456] h2_session.c(1698): [client 10.10.20.20:37529] AH03078: h2_session(13,BUSY,1): transit [IDLE] -- stream change --> [BUSY]
[Wed Dec 23 11:50:19.629697 2020] [http2:debug] [pid 13986:tid 140707071219456] h2_session.c(221): [client 10.10.20.20:37529] AH03063: h2_session(13,BUSY,1): recv invalid FRAME[HEADERS[length=71, hend=1, stream=1, eos=1]], frames=2/2 (r/s)
[Wed Dec 23 11:50:19.629738 2020] [http2:debug] [pid 13986:tid 140707071219456] h2_session.c(593): [client 10.10.20.20:37529] AH03068: h2_session(13,BUSY,1): sent FRAME[SETTINGS[ack=1, stream=0]], frames=2/3 (r/s)
[Wed Dec 23 11:50:19.629762 2020] [http2:debug] [pid 13986:tid 140707071219456] h2_session.c(593): [client 10.10.20.20:37529] AH03068: h2_session(13,BUSY,1): sent FRAME[RST_STREAM[length=4, flags=0, stream=1]], frames=2/4 (r/s)
[Wed Dec 23 11:50:19.629798 2020] [http2:debug] [pid 13986:tid 140707071219456] h2_session.c(267): [client 10.10.20.20:37529] AH03065: h2_stream(13-1,CLOSED): closing with err=1 protocol error
[Wed Dec 23 11:50:19.629895 2020] [http2:debug] [pid 13986:tid 140707071219456] h2_session.c(1698): [client 10.10.20.20:37529] AH03078: h2_session(13,IDLE,0): transit [BUSY] -- no io (keepalive) --> [IDLE]
[Wed Dec 23 11:50:22.548659 2020] [ssl:info] [pid 13986:tid 140707062826752] (70014)End of file found: [client 10.10.20.20:37529] AH01991: SSL input filter read failed.
[Wed Dec 23 11:50:22.548889 2020] [http2:debug] [pid 13986:tid 140707062826752] h2_session.c(2192): (70014)End of file found: [client 10.10.20.20:37529] AH03403: h2_session(13,IDLE,0): no data, error
[Wed Dec 23 11:50:22.548927 2020] [http2:debug] [pid 13986:tid 140707062826752] h2_session.c(1788): [client 10.10.20.20:37529] AH03401: h2_session(13,IDLE,0): conn error -> shutdown
[Wed Dec 23 11:50:22.548966 2020] [http2:debug] [pid 13986:tid 140707062826752] h2_session.c(593): [client 10.10.20.20:37529] AH03068: h2_session(13,IDLE,0): sent FRAME[GOAWAY[error=0, reason='timeout', last_stream=1]], frames=2/5 (r/s)
[Wed Dec 23 11:50:22.549066 2020] [http2:debug] [pid 13986:tid 140707062826752] h2_session.c(753): [client 10.10.20.20:37529] AH03069: h2_session(13,IDLE,0): sent GOAWAY, err=0, msg=timeout
[Wed Dec 23 11:50:22.549109 2020] [http2:debug] [pid 13986:tid 140707062826752] h2_session.c(1698): [client 10.10.20.20:37529] AH03078: h2_session(13,DONE,0): transit [IDLE] -- local goaway --> [DONE]
[Wed Dec 23 11:50:22.549166 2020] [http2:debug] [pid 13986:tid 140707062826752] h2_conn.c(213): (70014)End of file found: [client 10.10.20.20:37529] AH03045: h2_session(13,DONE,0): process, closing conn
[Wed Dec 23 11:50:22.549205 2020] [http2:debug] [pid 13986:tid 140707062826752] h2_session.c(1698): [client 10.10.20.20:37529] AH03078: h2_session(13,CLEANUP,0): transit [DONE] -- pre_close --> [CLEANUP]
[Wed Dec 23 11:50:22.549305 2020] [ssl:debug] [pid 13986:tid 140707062826752] ssl_engine_io.c(1106): [client 10.10.20.20:37529] AH02001: Connection closed to child 14 with standard shutdown (server kurochan:443)

Apache really doesn't like something about the HTTP/2, claiming it received an invalid frame.

My final attempt was to give up on Apache and just spin up the facebookexperimental doh-proxy, but pointing Flamethrower to that also fails.

Launching doh-proxy:

NOTE: doh-proxy was slightly modified to print out the headers so I could see what doh-proxy was getting from the Flamethrower client.

root@planck2:~# doh-proxy --certfile /etc/ssl/certs/ssl-cert-snakeoil.pem --keyfile /etc/ssl/private/ssl-cert-snakeoil.key --listen-address 10.10.20.20  --upstream-resolver localhost
2020-12-23 13:45:03,403:     INFO: Serving on <Server sockets=[<socket.socket fd=8, family=AddressFamily.AF_INET, type=2049, proto=6, laddr=('10.10.20.20', 443)>]>

Running Flamethrower:

root@planck2:~# docker run ns1labs/flame -P doh https://10.10.20.20/dns-query -r www.doh1.com -q 1 -c 1 -d 100
binding to 0.0.0.0
flaming target(s) [10.10.20.20] on port 443 with 1 concurrent generators, each sending 1 queries every 100ms on protocol doh
query generator [static] contains 1 record(s)
malformed data
malformed data
malformed data
malformed data
malformed data
malformed data
malformed data
malformed data
malformed data
malformed data
malformed data
malformed data

Output from doh-proxy (printing the headers list):

[(':method', 'GET'), (':scheme', ''), (':authority', ''), (':path', '?dns=M5sBAAABAAAAAAABA3d3dwRkb2gxA2NvbQAAAQABAAApBNAAAAAAAAA'), ('accept', 'application/dns-message')]
[(':method', 'GET'), (':scheme', ''), (':authority', ''), (':path', '?dns=M5sBAAABAAAAAAABA3d3dwRkb2gxA2NvbQAAAQABAAApBNAAAAAAAAA'), ('accept', 'application/dns-message')]
[(':method', 'GET'), (':scheme', ''), (':authority', ''), (':path', '?dns=M5sBAAABAAAAAAABA3d3dwRkb2gxA2NvbQAAAQABAAApBNAAAAAAAAA'), ('accept', 'application/dns-message')]
[(':method', 'GET'), (':scheme', ''), (':authority', ''), (':path', '?dns=M5sBAAABAAAAAAABA3d3dwRkb2gxA2NvbQAAAQABAAApBNAAAAAAAAA'), ('accept', 'application/dns-message')]
[(':method', 'GET'), (':scheme', ''), (':authority', ''), (':path', '?dns=M5sBAAABAAAAAAABA3d3dwRkb2gxA2NvbQAAAQABAAApBNAAAAAAAAA'), ('accept', 'application/dns-message')]

As you can see above, Flamethrower is claiming it's getting back malformed data which could be true, but it also looks like the headers being sent by Flamethrower might be an issue. The path header is supposed to contain the complete URI, including the /dns-query part, but it's missing for some reason. Scheme and authority should probably also be set. Any ideas why this might be the case?

Am I doing something wrong here in how I'm executing Flamethrower from Docker? Any help/guidance would be super cool.

Thanks in advance, and happy holidays! :)

Flamethrower 0.11.0 sometimes fails to send TCP queries on FreeBSD to BIND 9.11

Flamethrower 0.11.0 sometimes fails to send TCP queries on FreeBSD 12.2 to BIND 9.11. This started for us with Flamethrower 0.11.0, version 0.10 from FreeBSD ports was fine, BIND 9.16 and 9.17 are fine as query targets, also it does not happen on Linux. Here is the original issue in ISC GitLab. The culprit seems to be a7b83e4 (identified with git bisect) and with this change made to flame/tokenbucket.h the problem went away.:

@@ -25,6 +25,7 @@ public:
     {
         if (_token_wallet < tokens) {
             if (_last_fill_ms.count() == 0) {
+                _token_wallet = _rate_qps;
                 _last_fill_ms = now_ms;
             } else if (now_ms > _last_fill_ms) {
                 auto elapsed_ms = (now_ms - _last_fill_ms).count();

Reproducer

Start named from any recent BIND 9.11 version: named -f -c named.conf.

Start Flamethrower instances:

/usr/local/bin/flame --dnssec -P udp -F inet -Q 10000 -p 5300 -v 99 10.53.0.3 > flame.udp.4 &
/usr/local/bin/flame --dnssec -P udp -F inet6 -Q 10000 -p 5300 -v 99 [fd92:7065:b8e:ffff::3] > flame.udp.6 &
/usr/local/bin/flame --dnssec -P tcp -F inet -Q 10000 -p 5300 -v 99 10.53.0.3 > flame.tcp.4 &
/usr/local/bin/flame --dnssec -P tcp -F inet6 -Q 10000 -p 5300 -v 99 [fd92:7065:b8e:ffff::3]  > flame.tcp.6 &

After some time kill all Flamethrower instances with killall flame.

Grep for total queries sent and received in output files (it's not always zero queries sent but one in five TCP instances fails like this and won't recover):

$ grep ^total flame.*.*
flame.tcp.4:total sent  : 0
flame.tcp.4:total rcvd  : 0
flame.tcp.6:total sent  : 0
flame.tcp.6:total rcvd  : 0
flame.udp.4:total sent  : 80820
flame.udp.4:total rcvd  : 80803
flame.udp.6:total sent  : 80820
flame.udp.6:total rcvd  : 80777

flame.tcp.4:

--class: "IN"
--dnssec: true
--help: false
--qps-flow: null
--targets: null
--version: false
-F: "inet"
-M: "GET"
-P: "tcp"
-Q: "10000"
-R: false
-T: "A"
-b: null
-c: "10"
-d: "1"
-f: null
-g: "static"
-l: "0"
-n: "0"
-o: null
-p: "5300"
-q: "10"
-r: "test.com"
-t: "3"
-v: "99"
GENOPTS: []
TARGET: "10.53.0.3"
binding to 0.0.0.0
flaming target(s) [10.53.0.3] on port 5300 with 30 concurrent generators, each sending 100 queries every 1000ms on protocol tcp
query generator [static] contains 1 record(s)
rate limit @ 10000 QPS (333.333 QPS per concurrent sender)
0.919358s: send: 0, avg send: 0, recv: 0, avg recv: 0, min/avg/max resp: 0/nan/0ms, in flight: 0, timeouts: 0
1.92136s: send: 0, avg send: 0, recv: 0, avg recv: 0, min/avg/max resp: 0/nan/0ms, in flight: 0, timeouts: 0
2.92128s: send: 0, avg send: 0, recv: 0, avg recv: 0, min/avg/max resp: 0/nan/0ms, in flight: 0, timeouts: 0
3.93132s: send: 0, avg send: 0, recv: 0, avg recv: 0, min/avg/max resp: 0/nan/0ms, in flight: 0, timeouts: 0
4.94233s: send: 0, avg send: 0, recv: 0, avg recv: 0, min/avg/max resp: 0/nan/0ms, in flight: 0, timeouts: 0
5.95264s: send: 0, avg send: 0, recv: 0, avg recv: 0, min/avg/max resp: 0/nan/0ms, in flight: 0, timeouts: 0
6.96256s: send: 0, avg send: 0, recv: 0, avg recv: 0, min/avg/max resp: 0/nan/0ms, in flight: 0, timeouts: 0
7.97184s: send: 0, avg send: 0, recv: 0, avg recv: 0, min/avg/max resp: 0/nan/0ms, in flight: 0, timeouts: 0
8.01863s: send: 0, avg send: 0, recv: 0, avg recv: 0, min/avg/max resp: 0/nan/0ms, in flight: 0, timeouts: 0

------
run id      : 28ebb537ed6abf2b
run start   : 2021-07-20T11:24:44Z
runtime     : 8.02064 s
total sent  : 0
total rcvd  : 0
min resp    : 0 ms
avg resp    : nan ms
max resp    : 0 ms
avg r qps   : 0
avg s qps   : 0
avg pkt     : 0 bytes
tcp conn.   : 45
timeouts    : 0 (nan%) 
bad recv    : 0
net errors  : 0

named configuration files

named.conf:

options {
    listen-on { 10.53.0.3; };
    listen-on-v6 port 5300 { fd92:7065:b8e:ffff::3; };
    port 5300;
    directory "/home/newman/output/ns3";
    allow-recursion { any; };
    query-source address 10.53.0.3;
    pid-file "named.pid";
    recursion yes;
    tcp-clients 50;
    statistics-file "named.stats";
};

view "default" {
    zone "." {
        type hint;
        file "root.hint";
    };
};

root.hint:

$TTL 999999
.                        IN NS  a.root-servers.nil.
a.root-servers.nil.      IN A   10.53.0.1

All queries are timing out

Hi,

We tried using the docker image with docker run and with kubernetes
but all our flames dns queries are timing out
Below the output observed
Am I missing something ?

D11-Vivekanand-Gaikwad:~ vivekanand$ nslookup google.com
Server: 10.20.0.2
Address: 10.20.0.2#53

Non-authoritative answer:
Name: google.com
Address: 172.217.8.14

D11-Vivekanand-Gaikwad:~ vivekanand$ docker run ns1labs/flame -l 10 google.com -Q 10 -t 10
binding to 0.0.0.0
flaming target(s) [172.217.8.14] on port 53 with 10 concurrent generators, each sending 10 queries every 1ms on protocol udp
query generator [static] contains 1 record(s)
rate limit @ 10 QPS (1 QPS per concurrent sender)
0.981109s: send: 0, avg send: 0, recv: 0, avg recv: 0, min/avg/max resp: 0/-nan/0ms, in flight: 0, timeouts: 0
1.98136s: send: 10, avg send: 10, recv: 0, avg recv: 0, min/avg/max resp: 0/-nan/0ms, in flight: 0, timeouts: 0
2.98177s: send: 10, avg send: 10, recv: 0, avg recv: 0, min/avg/max resp: 0/-nan/0ms, in flight: 10, timeouts: 0
3.98268s: send: 10, avg send: 10, recv: 0, avg recv: 0, min/avg/max resp: 0/-nan/0ms, in flight: 20, timeouts: 0
4.98277s: send: 10, avg send: 10, recv: 0, avg recv: 0, min/avg/max resp: 0/-nan/0ms, in flight: 30, timeouts: 0
5.9833s: send: 10, avg send: 10, recv: 0, avg recv: 0, min/avg/max resp: 0/-nan/0ms, in flight: 40, timeouts: 0
6.98372s: send: 10, avg send: 10, recv: 0, avg recv: 0, min/avg/max resp: 0/-nan/0ms, in flight: 50, timeouts: 0
7.98373s: send: 10, avg send: 10, recv: 0, avg recv: 0, min/avg/max resp: 0/-nan/0ms, in flight: 60, timeouts: 0
8.98396s: send: 10, avg send: 10, recv: 0, avg recv: 0, min/avg/max resp: 0/-nan/0ms, in flight: 70, timeouts: 0
9.98093s: send: 10, avg send: 10, recv: 0, avg recv: 0, min/avg/max resp: 0/-nan/0ms, in flight: 80, timeouts: 0
stopping, waiting up to 10s for in flight to finish...

run id : 7ffd66d800d0
run start : 2020-12-02T10:51:20Z
runtime : 19.9831 s
total sent : 90
total rcvd : 0
min resp : 0 ms
avg resp : -nan ms
max resp : 0 ms
avg r qps : 0
avg s qps : 10
avg pkt : 33.3 bytes
tcp conn. : 0
timeouts : 90 (100%)
bad recv : 0
net errors : 0

Spoof the sender ip address

Hello flame team,

Are you planning to add feature to spoof sender IP address?

That is very useful for performance testing, as the dns servers not behave in the same way for 1 IP address as for 10.000 if there are some policy rules applied.

my bests!

how to run flame on centos7?

i download flame bin file from docker image. and copy it to centos7 sever.
after that i install some rpm packages:

yum install libuv libuv-devel ldns-devel ldns -y

but i found some errors:

./flame: error while loading shared libraries: libldns.so.2: cannot open shared object file: No such file or directory

hi @weyrick , how to solve the problem?

IPv6 is not supported

Hi all,

I could not find any community for this :) so I am asking here :)

I am trying to run a test on our DNS server using IPv6 but I am having troubles with the syntax.

On IPv4 I used flamethrower like this: ./flame -f ~/query-sample-200k x.x.x.x

And I was trying to use it for IPv6 like this: ./flame -f ~/query-sample-200k xx:xx:xx:xx::xx
but this gives me an error: Could not parse url: https://xx:xx:xx:xx::xx

If anyone could give me a correct syntax on testing our DNS server (DNS server is on a remote machine)
Many thanks

flame crashes on empty input file

On latest master:

$ git show HEAD
commit a5179dbc0d6df8468a29302734b344af5fc9f8e4 (HEAD -> master, origin/master, origin/HEAD)
Merge: b4c2ac5 64b40bc
Author: Shannon Weyrick <[email protected]>
Date:   Mon Feb 17 09:27:33 2020 -0500

    Merge pull request #30 from DNS-OARC/tcptls-to-dot

    Change "tcptls" to "dot", update documentation, bump version.

the flamethrower core dumps:

$ flame -f /dev/null localhost
binding to 0.0.0.0
flaming target(s) [127.0.0.1] on port 53 with 10 concurrent generators, each sending 10 queries every 1ms on protocol udp
query generator [file] contains 0 record(s)
Floating point exception (core dumped)

compilation fails with DOH_ENABLE=ON

When I try to compile flamethrower with DoH support:

mkdir build; cd build
cmake -DDOH_ENABLE=ON ..
make

I get an error:

/usr/bin/c++ -D_FORTIFY_SOURCE=2 -march=x86-64 -mtune=generic -O2 -pipe -fno-plt -g -fvar-tracking-assignments -fdebug-prefix-map=/home/tkrizek/aur/flamethrower/src=/usr/src/debug -g -Wl,-O1,--sort-common,--as-needed,-z,relro,-z,now CMakeFiles/flame.dir/3rd/docopt.cpp/docopt.cpp.o CMakeFiles/flame.dir/3rd/url-parser/url_parser.c.o CMakeFiles/flame.dir/flame/main.cpp.o CMakeFiles/flame.dir/3rd/base64url/base64.cpp.o -o flame  libflamecore.a -luv -ldl -luv -ldl -lldns -lldns -lgnutls -lgnutls -lnghttp2 -lnghttp2 
/usr/bin/ld: CMakeFiles/flame.dir/flame/main.cpp.o: undefined reference to symbol 'pthread_create@@GLIBC_2.2.5'
/usr/bin/ld: /usr/lib/libpthread.so.0: error adding symbols: DSO missing from command line

My workaround is to use export LDFLAGS='-pthread' but it seems like a cmake configuration issue.

JSON output format modification & compatibility with other tools

TL;DR

This is a vague proposal to work on modified JSON output format, with an ultimate goal - sharing the same output format with dnsperf and also DNS Shotgun.

Motivation

All three tools do essentially the same thing, send queries and statistically evaluate answers, but each tool does that in slightly different manner and fits slightly different use-case. At the same time, much of my data post-processing is in the end the same - I want to plot response rates, RCODEs, and latencies over time. Because each tool has a different format I have to switch parts of post-procesing pipeline to, in the end, get the same plots.

I think it would be common benefit if all three tools used the same JSON format and could reuse the same post-processing and plotting scripts.

What's going on in other projects

  • I'm planning to modify DNS Shotgun to use the new JSON format - and it already uses format with separate output per-generator, so the fundamental split is the same as in Flamethrower
  • I have a WIP version of dnsperf with "a" JSON output format - and plan to submit it to DNS-OARC/Jerry for review and merge after Christmas

So, I think that with buy-in on your end we can make the common format happen!

Discussion about format modification

This is not a firm proposal, take it as kickoff for discussion.

  1. It would seem cleaner/easier for third-party parsers if each output line/JSON object had a separate field like "msgtype" which would clearly indicate that it is a "header" (currently "cmdline"), "period stats" or "total".

  2. Somewhat related is number format and resolution. I would add header field with "timer units per second" information. That would define resolution used for time fields produced by particular implementation:

  • Flamethrower varies between 1 sec vs. ms in some fields - I would standardize on one of them, preferably ms to avoid dealing with floating point
  • DNS Shotgun uses ms = field value 1 000
  • dnsperf uses usec - field value = 1 000 000
  1. Deduplication
    I'm not sure why some field names and field values are duplicated... E.g.
  • Could we keep runid just once in header instead of repeating it everywhere?
  • Similarly, combining period_* fields with total_* fields in the very last message is confusing. Can it be split?
  • In a similar vein, if we have "message type" in header maybe we can remove the period_ and total_ prefixes?
  1. Header nits
  • Maybe cmdline could be an array of strings
  • I would add a separate version number for software used to generate the JSON and another for the JSON format itself

Wow, that is a long post. Sorry! If you made it here, what do you think about it?

Discover QPS limit of a target

Start at a given QPS rate, then ramp up QPS over time until a given % of timeouts (and/or response time) are achieved.

Flamethrower fails to build on OpenBSD 6.7

Flamethrower 0.10.2 (as well as master) fails to build for me on OpenBSD 6.7 with Clang 8:

-bash-5.0$ make V=1 VERBOSE=1
/usr/local/bin/cmake -S/home/newman/flamethrower-0.10.2 -B/home/newman/flamethrower-0.10.2/build --check-build-system CMakeFiles/Makefile.cmake 0
/usr/local/bin/cmake -E cmake_progress_start /home/newman/flamethrower-0.10.2/build/CMakeFiles /home/newman/flamethrower-0.10.2/build/CMakeFiles/progress.marks
make -f CMakeFiles/Makefile2 all
make -f CMakeFiles/flamecore.dir/build.make CMakeFiles/flamecore.dir/depend
cd /home/newman/flamethrower-0.10.2/build && /usr/local/bin/cmake -E cmake_depends "Unix Makefiles" /home/newman/flamethrower-0.10.2 /home/newman/flamethrower-0.10.2 /home/newman/flamethrower-0.10.2/build /home/newman/flamethrower-0.10.2/build /home/newman/flamethrower-0.10.2/build/CMakeFiles/flamecore.dir/DependInfo.cmake --color=
make -f CMakeFiles/flamecore.dir/build.make CMakeFiles/flamecore.dir/build
[  8%] Building CXX object CMakeFiles/flamecore.dir/flame/metrics.cpp.o
/usr/bin/c++   -I/usr/local/include -I/usr/local/include/p11-kit-1 -I/home/newman/flamethrower-0.10.2/3rd/docopt.cpp -I/home/newman/flamethrower-0.10.2/3rd/json -I/home/newman/flamethrower-0.10.2/3rd/uvw  -g   -Wall -std=c++17 -o CMakeFiles/flamecore.dir/flame/metrics.cpp.o -c /home/newman/flamethrower-0.10.2/flame/metrics.cpp
In file included from /home/newman/flamethrower-0.10.2/flame/metrics.cpp:8:
In file included from /home/newman/flamethrower-0.10.2/flame/metrics.h:12:
In file included from /home/newman/flamethrower-0.10.2/3rd/uvw/uvw.hpp:1:
In file included from /home/newman/flamethrower-0.10.2/3rd/uvw/uvw/async.hpp:7:
/home/newman/flamethrower-0.10.2/3rd/uvw/uvw/handle.hpp:268:22: error: expected member name or ';' after declaration specifiers
    OSFileDescriptor fileno() const {
    ~~~~~~~~~~~~~~~~ ^
/usr/include/stdio.h:406:20: note: expanded from macro 'fileno'
#define fileno(p)       (!__isthreaded ? __sfileno(p) : (fileno)(p))
                         ^
In file included from /home/newman/flamethrower-0.10.2/flame/metrics.cpp:8:
In file included from /home/newman/flamethrower-0.10.2/flame/metrics.h:12:
In file included from /home/newman/flamethrower-0.10.2/3rd/uvw/uvw.hpp:1:
In file included from /home/newman/flamethrower-0.10.2/3rd/uvw/uvw/async.hpp:7:
/home/newman/flamethrower-0.10.2/3rd/uvw/uvw/handle.hpp:268:22: error: expected ')'
/usr/include/stdio.h:406:20: note: expanded from macro 'fileno'
#define fileno(p)       (!__isthreaded ? __sfileno(p) : (fileno)(p))
                         ^
/home/newman/flamethrower-0.10.2/3rd/uvw/uvw/handle.hpp:268:22: note: to match this '('
/usr/include/stdio.h:406:19: note: expanded from macro 'fileno'
#define fileno(p)       (!__isthreaded ? __sfileno(p) : (fileno)(p))
                        ^
2 errors generated.
*** Error 1 in . (CMakeFiles/flamecore.dir/build.make:63 'CMakeFiles/flamecore.dir/flame/metrics.cpp.o')
*** Error 2 in . (CMakeFiles/Makefile2:134 'CMakeFiles/flamecore.dir/all')
*** Error 2 in /home/newman/flamethrower-0.10.2/build (Makefile:130 'all')

I checked on FreeBSD 11.3 and Flamethrower builds fine there.

cmake step is fine:

-bash-5.0$ cmake ..
-- No build type defined; defaulting to 'Debug'
-- The C compiler identification is Clang 8.0.1
-- The CXX compiler identification is Clang 8.0.1
-- Check for working C compiler: /usr/bin/cc
-- Check for working C compiler: /usr/bin/cc -- works
-- Detecting C compiler ABI info
-- Detecting C compiler ABI info - done
-- Detecting C compile features
-- Detecting C compile features - done
-- Check for working CXX compiler: /usr/bin/c++
-- Check for working CXX compiler: /usr/bin/c++ -- works
-- Detecting CXX compiler ABI info
-- Detecting CXX compiler ABI info - done
-- Detecting CXX compile features
-- Detecting CXX compile features - done
-- The host system is: OpenBSD-6.7.
-- Project base dir is: /home/newman/flamethrower-0.10.2
-- Found PkgConfig: /usr/bin/pkg-config (found version "0.29.1") 
-- Checking for one of the modules 'libldns;ldns'
-- Checking for module 'libuv'
--   Found libuv, version 1.30.1
-- Checking for module 'gnutls>=3.3'
--   Found gnutls, version 3.6.13
-- Configuring done
-- Generating done
-- Build files have been written to: /home/newman/flamethrower-0.10.2/build

Cmake should require a higher version of libuv

On some systems, cmake is happy:

-- Checking for module 'libuv'
--   Found libuv, version 1.18.0

But it does not compile:

flamethrower/3rd/uvw/uvw/util.hpp: In static member function ‘static int 
uvw::Utilities::osPriority(uvw::PidType)’:
flamethrower/3rd/uvw/uvw/util.hpp:564:12: error: ‘uv_os_getpriority’ was 
not declared in this scope
         if(uv_os_getpriority(pid, &prio)) {
            ^~~~~~~~~~~~~~~~~
flamethrower/3rd/uvw/uvw/util.hpp:564:12: note: suggested alternative: ‘u
v_os_getppid’
         if(uv_os_getpriority(pid, &prio)) {
            ^~~~~~~~~~~~~~~~~
            uv_os_getppid
flamethrower/3rd/uvw/uvw/util.hpp:565:20: error: ‘UV_PRIORITY_LOW’ was no
t declared in this scope
             prio = UV_PRIORITY_LOW + 1;
                    ^~~~~~~~~~~~~~~
flamethrower/3rd/uvw/uvw/util.hpp:565:20: note: suggested alternative: ‘U
V_PRIORITIZED’
             prio = UV_PRIORITY_LOW + 1;
                    ^~~~~~~~~~~~~~~
                    UV_PRIORITIZED
...

With libuv 1.34.2, it works.

This may be related to #15

Flamethrower fails to build on Ubuntu 20.4

Flamethrower 0.10.2 (as well as master) fails to build for me on Ubuntu 20.4 with GCC:

Cmake step works fine

guilherme@guilherme-System-Product-Name:~/Área de Trabalho/flamethrower/build$ cmake .. -- No build type defined; defaulting to 'Debug' -- The C compiler identification is GNU 9.3.0 -- The CXX compiler identification is GNU 9.3.0 -- Check for working C compiler: /usr/bin/cc -- Check for working C compiler: /usr/bin/cc -- works -- Detecting C compiler ABI info -- Detecting C compiler ABI info - done -- Detecting C compile features -- Detecting C compile features - done -- Check for working CXX compiler: /usr/bin/c++ -- Check for working CXX compiler: /usr/bin/c++ -- works -- Detecting CXX compiler ABI info -- Detecting CXX compiler ABI info - done -- Detecting CXX compile features -- Detecting CXX compile features - done -- The host system is: Linux-5.8.0-53-generic. -- Project base dir is: /home/guilherme/Área de Trabalho/flamethrower -- Found PkgConfig: /usr/bin/pkg-config (found version "0.29.1") -- Checking for one of the modules 'libldns;ldns' -- Checking for module 'libuv>=1.23' -- Found libuv, version 1.34.2 -- Checking for module 'gnutls>=3.3' -- Found gnutls, version 3.6.13 -- DNS over HTTPS (DoH) support is disabled -- Configuring done -- Generating done -- Build files have been written to: /home/guilherme/Área de Trabalho/flamethrower/build

Make doesn't work

guilherme@guilherme-System-Product-Name:~/Área de Trabalho/flamethrower/build$ make Scanning dependencies of target flamecore [ 7%] Building CXX object CMakeFiles/flamecore.dir/flame/metrics.cpp.o In file included from /usr/include/c++/9/string_view:40, from /usr/include/c++/9/bits/basic_string.h:48, from /usr/include/c++/9/string:55, from /usr/include/c++/9/bits/locale_classes.h:40, from /usr/include/c++/9/bits/ios_base.h:41, from /usr/include/c++/9/ios:42, from /usr/include/c++/9/ostream:38, from /usr/include/c++/9/iostream:39, from /home/guilherme/Área de Trabalho/flamethrower/flame/metrics.cpp:4: /usr/include/c++/9/limits:1665:7: internal compiler error: Instrução ilegal 1665 | min() _GLIBCXX_USE_NOEXCEPT { return __FLT_MIN__; } | ^~~ Please submit a full bug report, with preprocessed source if appropriate. See <file:///usr/share/doc/gcc-9/README.Bugs> for instructions. make[2]: *** [CMakeFiles/flamecore.dir/build.make:63: CMakeFiles/flamecore.dir/flame/metrics.cpp.o] Erro 1 make[1]: *** [CMakeFiles/Makefile2:134: CMakeFiles/flamecore.dir/all] Erro 2 make: *** [Makefile:130: all] Erro 2

Build fail on arch linux (gcc 11.2.0)

Host: Arch linux with gcc 11.2.0 trying to compile commit 5056602

MINSIGSTKSZ doesnt seem to be defined and the build fails with:

In file included from /usr/include/signal.h:328,
                 from /tmp/flamethrower/3rd/catch/catch2/catch.hpp:4913,
                 from /tmp/flamethrower/tests/main.cpp:2:
/tmp/flamethrower/3rd/catch/catch2/catch.hpp:7491:58: error: call to non-‘constexpr’ function ‘long int sysconf(int)’
 7491 |     constexpr static std::size_t sigStackSize = 32768 >= MINSIGSTKSZ ? 32768 : MINSIGSTKSZ;
      |                                                          ^~~~~~~~~~~
In file included from /usr/include/bits/sigstksz.h:24,
                 from /usr/include/signal.h:328,
                 from /tmp/flamethrower/3rd/catch/catch2/catch.hpp:4913,
                 from /tmp/flamethrower/tests/main.cpp:2:
/usr/include/unistd.h:640:17: note: ‘long int sysconf(int)’ declared here
  640 | extern long int sysconf (int __name) __THROW;
      |                 ^~~~~~~
In file included from /tmp/flamethrower/tests/main.cpp:2:
/tmp/flamethrower/3rd/catch/catch2/catch.hpp:7550:45: error: size of array ‘altStackMem’ is not an integral constant-expression
 7550 |     char FatalConditionHandler::altStackMem[sigStackSize] = {};
      |                                             ^~~~~~~~~~~~
make[2]: *** [CMakeFiles/tests.dir/build.make:76: CMakeFiles/tests.dir/tests/main.cpp.o] Error 1
make[1]: *** [CMakeFiles/Makefile2:197: CMakeFiles/tests.dir/all] Error 2
make: *** [Makefile:136: all] Error 2

Just defining MINSIGSTKSZ makes the build succeed.

(Missing include somewhere?)

Any plans for pre-built packages?

Some other DNS tools at DNS-OARC are provided as pre-built packages (to be installed via the usual package managers):

https://dev.dns-oarc.net/packages/

Are there any plans to also provide pre-built Flamethrower packages?

This would be very helpful for environments where compiling from source or using Docker images is not an option.

flamethrower message not accurate if -Q option is passed 

❯ flame 0.0.0.0 -p 9953 -Q 10   
flaming target "0.0.0.0" (0.0.0.0) on port 9953 with 10 concurrent generators, each sending 10 queries every 1ms on protocol udp

"10 concurrent generators, each sending 10 queries every 1ms on protocol udp" is not accurate if flamethrower is only sending 10 queries per second, 10 generators * 10 queries/ms is 100,000 QPS. Unless I'm missing something here, this message should change based the -Q parameter?

Support For EDNS Client Subnet

Hi. Im currently doing some testing with kdig which is heavily reliant on the ability to set the EDNS client subnet per query. I would love for flamethrower to have a similar ability to set EDNS client subnet. Im not sure what path forward would be best but I can imagine a new generator or I can image it could be useful as an option for some/all of the existing generators.

For the FileQueryGenerator it would be great to allow specification of ECS per line. If we had something like this it would allow a PowerDNS operator to create a flame manifest from a rec_control dump-cache very easily. When ECS is enabled the format for this dump is approximately:

example.com. 17 IN CNAME target.example.com. ; (Indeterminate) auth=1 4.1.0.0/21

with the last entry being the ECS. Link here. This would allow for more realistic testing of the entire caching setup.

IPv6 target address won't parse

Target IPv6 address fd92:7065:b8e:ffff::3 makes Flamethrower fail with could not parse url: https://fd92:7065:b8e:ffff::3 on Fedora 32 with Flamethrower 0.11 with DoH compiled-in (but it fails even with DoH disabled in cmake). Flamethrower 0.10.2 is fine.

--class: "IN"
--dnssec: true
--help: false
--qps-flow: null
--targets: null
--version: false
-F: "inet6"
-M: "GET"
-P: "udp"
-Q: "10000"
-R: false
-T: "A"
-b: null
-c: "10"
-d: "1"
-f: "/home/newman/isc/tmp/output/query_datafile"
-g: "file"
-l: "0"
-n: "0"
-o: null
-p: "5300"
-q: "10"
-r: "test.com"
-t: "3"
-v: "99"
GENOPTS: []
TARGET: "fd92:7065:b8e:ffff::3"
could not parse url: https://fd92:7065:b8e:ffff::3

Looking at my ip a output, it looks like a valid IPv6 address:

$ ip a | grep fd92:7065:b8e:ffff::3
    inet6 fd92:7065:b8e:ffff::3/64 scope global

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.