2020-02-20 22:07:30 +00:00
|
|
|
package querylog
|
|
|
|
|
|
|
|
import (
|
|
|
|
"io"
|
2020-11-30 10:32:58 +00:00
|
|
|
"sort"
|
2020-02-20 22:07:30 +00:00
|
|
|
"time"
|
|
|
|
|
|
|
|
"github.com/AdguardTeam/golibs/log"
|
|
|
|
)
|
|
|
|
|
2022-02-10 12:42:59 +00:00
|
|
|
// client finds the client info, if any, by its ClientID and IP address,
|
2021-04-02 15:30:39 +01:00
|
|
|
// optionally checking the provided cache. It will use the IP address
|
|
|
|
// regardless of if the IP anonymization is enabled now, because the
|
|
|
|
// anonymization could have been disabled in the past, and client will try to
|
|
|
|
// find those records as well.
|
|
|
|
func (l *queryLog) client(clientID, ip string, cache clientCache) (c *Client, err error) {
|
|
|
|
cck := clientCacheKey{clientID: clientID, ip: ip}
|
2021-04-12 12:10:20 +01:00
|
|
|
|
|
|
|
var ok bool
|
|
|
|
if c, ok = cache[cck]; ok {
|
2021-04-02 15:30:39 +01:00
|
|
|
return c, nil
|
|
|
|
}
|
2020-05-26 13:37:37 +01:00
|
|
|
|
2021-04-02 15:30:39 +01:00
|
|
|
var ids []string
|
|
|
|
if clientID != "" {
|
|
|
|
ids = append(ids, clientID)
|
|
|
|
}
|
|
|
|
|
|
|
|
if ip != "" {
|
|
|
|
ids = append(ids, ip)
|
|
|
|
}
|
|
|
|
|
|
|
|
c, err = l.findClient(ids)
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
2020-05-26 13:37:37 +01:00
|
|
|
}
|
|
|
|
|
2021-04-12 12:10:20 +01:00
|
|
|
// Cache all results, including negative ones, to prevent excessive and
|
|
|
|
// expensive client searching.
|
|
|
|
cache[cck] = c
|
2021-04-02 15:30:39 +01:00
|
|
|
|
|
|
|
return c, nil
|
|
|
|
}
|
2020-05-26 13:37:37 +01:00
|
|
|
|
2021-04-02 15:30:39 +01:00
|
|
|
// searchMemory looks up log records which are currently in the in-memory
|
|
|
|
// buffer. It optionally uses the client cache, if provided. It also returns
|
|
|
|
// the total amount of records in the buffer at the moment of searching.
|
|
|
|
func (l *queryLog) searchMemory(params *searchParams, cache clientCache) (entries []*logEntry, total int) {
|
2020-05-26 13:37:37 +01:00
|
|
|
l.bufferLock.Lock()
|
2021-04-02 15:30:39 +01:00
|
|
|
defer l.bufferLock.Unlock()
|
2020-05-26 13:37:37 +01:00
|
|
|
|
2021-04-02 15:30:39 +01:00
|
|
|
// Go through the buffer in the reverse order, from newer to older.
|
|
|
|
var err error
|
2020-05-26 13:37:37 +01:00
|
|
|
for i := len(l.buffer) - 1; i >= 0; i-- {
|
2021-04-02 15:30:39 +01:00
|
|
|
e := l.buffer[i]
|
|
|
|
|
|
|
|
e.client, err = l.client(e.ClientID, e.IP.String(), cache)
|
|
|
|
if err != nil {
|
|
|
|
msg := "querylog: enriching memory record at time %s" +
|
2022-02-10 12:42:59 +00:00
|
|
|
" for client %q (clientid %q): %s"
|
2021-04-02 15:30:39 +01:00
|
|
|
log.Error(msg, e.Time, e.IP, e.ClientID, err)
|
|
|
|
|
|
|
|
// Go on and try to match anyway.
|
2020-05-26 13:37:37 +01:00
|
|
|
}
|
2021-04-02 15:30:39 +01:00
|
|
|
|
|
|
|
if params.match(e) {
|
|
|
|
entries = append(entries, e)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
return entries, len(l.buffer)
|
|
|
|
}
|
|
|
|
|
|
|
|
// search - searches log entries in the query log using specified parameters
|
|
|
|
// returns the list of entries found + time of the oldest entry
|
2022-05-25 16:00:50 +01:00
|
|
|
func (l *queryLog) search(params *searchParams) (entries []*logEntry, oldest time.Time) {
|
2021-04-02 15:30:39 +01:00
|
|
|
now := time.Now()
|
|
|
|
|
|
|
|
if params.limit == 0 {
|
|
|
|
return []*logEntry{}, time.Time{}
|
2020-05-26 13:37:37 +01:00
|
|
|
}
|
|
|
|
|
2021-04-02 15:30:39 +01:00
|
|
|
cache := clientCache{}
|
|
|
|
fileEntries, oldest, total := l.searchFiles(params, cache)
|
|
|
|
memoryEntries, bufLen := l.searchMemory(params, cache)
|
|
|
|
total += bufLen
|
|
|
|
|
2020-05-26 13:37:37 +01:00
|
|
|
totalLimit := params.offset + params.limit
|
|
|
|
|
|
|
|
// now let's get a unified collection
|
2022-05-25 16:00:50 +01:00
|
|
|
entries = append(memoryEntries, fileEntries...)
|
2020-05-26 13:37:37 +01:00
|
|
|
if len(entries) > totalLimit {
|
|
|
|
// remove extra records
|
|
|
|
entries = entries[:totalLimit]
|
|
|
|
}
|
2020-11-10 16:00:55 +00:00
|
|
|
|
2020-11-30 10:32:58 +00:00
|
|
|
// Resort entries on start time to partially mitigate query log looking
|
|
|
|
// weird on the frontend.
|
|
|
|
//
|
|
|
|
// See https://github.com/AdguardTeam/AdGuardHome/issues/2293.
|
|
|
|
sort.SliceStable(entries, func(i, j int) (less bool) {
|
|
|
|
return entries[i].Time.After(entries[j].Time)
|
|
|
|
})
|
|
|
|
|
2020-05-26 13:37:37 +01:00
|
|
|
if params.offset > 0 {
|
|
|
|
if len(entries) > params.offset {
|
|
|
|
entries = entries[params.offset:]
|
|
|
|
} else {
|
|
|
|
entries = make([]*logEntry, 0)
|
|
|
|
oldest = time.Time{}
|
|
|
|
}
|
|
|
|
}
|
2020-11-10 16:00:55 +00:00
|
|
|
|
2022-05-25 16:00:50 +01:00
|
|
|
if len(entries) > 0 {
|
2020-11-10 16:00:55 +00:00
|
|
|
// Update oldest after merging in the memory buffer.
|
2020-05-26 13:37:37 +01:00
|
|
|
oldest = entries[len(entries)-1].Time
|
|
|
|
}
|
|
|
|
|
2022-05-25 16:00:50 +01:00
|
|
|
log.Debug(
|
|
|
|
"querylog: prepared data (%d/%d) older than %s in %s",
|
|
|
|
len(entries),
|
|
|
|
total,
|
|
|
|
params.olderThan,
|
|
|
|
time.Since(now),
|
|
|
|
)
|
2020-05-26 13:37:37 +01:00
|
|
|
|
|
|
|
return entries, oldest
|
|
|
|
}
|
|
|
|
|
2021-04-02 15:30:39 +01:00
|
|
|
// searchFiles looks up log records from all log files. It optionally uses the
|
|
|
|
// client cache, if provided. searchFiles does not scan more than
|
|
|
|
// maxFileScanEntries so callers may need to call it several times to get all
|
|
|
|
// results. oldset and total are the time of the oldest processed entry and the
|
|
|
|
// total number of processed entries, including discarded ones, correspondingly.
|
|
|
|
func (l *queryLog) searchFiles(
|
|
|
|
params *searchParams,
|
|
|
|
cache clientCache,
|
|
|
|
) (entries []*logEntry, oldest time.Time, total int) {
|
2021-03-15 11:19:04 +00:00
|
|
|
files := []string{
|
|
|
|
l.logFile + ".1",
|
|
|
|
l.logFile,
|
|
|
|
}
|
|
|
|
|
|
|
|
r, err := NewQLogReader(files)
|
2020-02-20 22:07:30 +00:00
|
|
|
if err != nil {
|
2021-03-15 11:19:04 +00:00
|
|
|
log.Error("querylog: failed to open qlog reader: %s", err)
|
|
|
|
|
2020-02-20 22:07:30 +00:00
|
|
|
return entries, oldest, 0
|
|
|
|
}
|
2021-05-24 15:28:11 +01:00
|
|
|
defer func() {
|
|
|
|
derr := r.Close()
|
|
|
|
if derr != nil {
|
|
|
|
log.Error("querylog: closing file: %s", err)
|
|
|
|
}
|
|
|
|
}()
|
2020-02-20 22:07:30 +00:00
|
|
|
|
2020-05-26 13:37:37 +01:00
|
|
|
if params.olderThan.IsZero() {
|
2020-02-20 22:07:30 +00:00
|
|
|
err = r.SeekStart()
|
|
|
|
} else {
|
2021-12-13 10:55:41 +00:00
|
|
|
err = r.seekTS(params.olderThan.UnixNano())
|
2020-02-27 11:02:05 +00:00
|
|
|
if err == nil {
|
2021-04-02 15:30:39 +01:00
|
|
|
// Read to the next record, because we only need the one
|
|
|
|
// that goes after it.
|
2020-02-27 11:02:05 +00:00
|
|
|
_, err = r.ReadNext()
|
|
|
|
}
|
2020-02-20 22:07:30 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
if err != nil {
|
2021-04-02 15:30:39 +01:00
|
|
|
log.Debug("querylog: cannot seek to %s: %s", params.olderThan, err)
|
|
|
|
|
2020-02-20 22:07:30 +00:00
|
|
|
return entries, oldest, 0
|
|
|
|
}
|
|
|
|
|
2020-05-26 13:37:37 +01:00
|
|
|
totalLimit := params.offset + params.limit
|
2020-02-20 22:07:30 +00:00
|
|
|
oldestNano := int64(0)
|
2021-04-02 15:30:39 +01:00
|
|
|
|
|
|
|
// By default, we do not scan more than maxFileScanEntries at once.
|
|
|
|
// The idea is to make search calls faster so that the UI could handle
|
|
|
|
// it and show something quicker. This behavior can be overridden if
|
|
|
|
// maxFileScanEntries is set to 0.
|
2020-05-26 13:37:37 +01:00
|
|
|
for total < params.maxFileScanEntries || params.maxFileScanEntries <= 0 {
|
2021-04-02 15:30:39 +01:00
|
|
|
var e *logEntry
|
2021-03-11 17:36:54 +00:00
|
|
|
var ts int64
|
2021-04-12 16:22:11 +01:00
|
|
|
|
2021-04-02 15:30:39 +01:00
|
|
|
e, ts, err = l.readNextEntry(r, params, cache)
|
|
|
|
if err != nil {
|
|
|
|
if err == io.EOF {
|
2022-05-25 16:00:50 +01:00
|
|
|
oldestNano = 0
|
|
|
|
|
2021-04-02 15:30:39 +01:00
|
|
|
break
|
|
|
|
}
|
|
|
|
|
|
|
|
log.Error("querylog: reading next entry: %s", err)
|
2020-02-20 22:07:30 +00:00
|
|
|
}
|
|
|
|
|
2020-02-27 11:02:05 +00:00
|
|
|
oldestNano = ts
|
|
|
|
total++
|
|
|
|
|
2021-04-02 15:30:39 +01:00
|
|
|
if e != nil {
|
|
|
|
entries = append(entries, e)
|
2020-05-26 13:37:37 +01:00
|
|
|
if len(entries) == totalLimit {
|
2020-02-27 11:02:05 +00:00
|
|
|
break
|
|
|
|
}
|
2020-02-20 22:07:30 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2020-06-16 10:10:17 +01:00
|
|
|
if oldestNano != 0 {
|
|
|
|
oldest = time.Unix(0, oldestNano)
|
|
|
|
}
|
2021-04-02 15:30:39 +01:00
|
|
|
|
2020-02-20 22:07:30 +00:00
|
|
|
return entries, oldest, total
|
|
|
|
}
|
|
|
|
|
2021-04-12 16:22:11 +01:00
|
|
|
// quickMatchClientFinder is a wrapper around the usual client finding function
|
|
|
|
// to make it easier to use with quick matches.
|
|
|
|
type quickMatchClientFinder struct {
|
|
|
|
client func(clientID, ip string, cache clientCache) (c *Client, err error)
|
|
|
|
cache clientCache
|
|
|
|
}
|
|
|
|
|
|
|
|
// findClient is a method that can be used as a quickMatchClientFinder.
|
|
|
|
func (f quickMatchClientFinder) findClient(clientID, ip string) (c *Client) {
|
|
|
|
var err error
|
|
|
|
c, err = f.client(clientID, ip, f.cache)
|
|
|
|
if err != nil {
|
2022-02-10 12:42:59 +00:00
|
|
|
log.Error(
|
|
|
|
"querylog: enriching file record for quick search: for client %q (clientid %q): %s",
|
2021-04-12 16:22:11 +01:00
|
|
|
ip,
|
|
|
|
clientID,
|
|
|
|
err,
|
|
|
|
)
|
|
|
|
}
|
|
|
|
|
|
|
|
return c
|
|
|
|
}
|
|
|
|
|
2021-04-02 15:30:39 +01:00
|
|
|
// readNextEntry reads the next log entry and checks if it matches the search
|
|
|
|
// criteria. It optionally uses the client cache, if provided. e is nil if the
|
|
|
|
// entry doesn't match the search criteria. ts is the timestamp of the
|
|
|
|
// processed entry.
|
|
|
|
func (l *queryLog) readNextEntry(
|
|
|
|
r *QLogReader,
|
|
|
|
params *searchParams,
|
|
|
|
cache clientCache,
|
|
|
|
) (e *logEntry, ts int64, err error) {
|
|
|
|
var line string
|
|
|
|
line, err = r.ReadNext()
|
2020-02-20 22:07:30 +00:00
|
|
|
if err != nil {
|
|
|
|
return nil, 0, err
|
|
|
|
}
|
|
|
|
|
2021-04-12 16:22:11 +01:00
|
|
|
clientFinder := quickMatchClientFinder{
|
|
|
|
client: l.client,
|
|
|
|
cache: cache,
|
|
|
|
}
|
|
|
|
|
|
|
|
if !params.quickMatch(line, clientFinder.findClient) {
|
|
|
|
ts = readQLogTimestamp(line)
|
|
|
|
|
|
|
|
return nil, ts, nil
|
|
|
|
}
|
|
|
|
|
2021-04-02 15:30:39 +01:00
|
|
|
e = &logEntry{}
|
|
|
|
decodeLogEntry(e, line)
|
2020-02-20 22:07:30 +00:00
|
|
|
|
2023-02-15 13:53:29 +00:00
|
|
|
if l.isIgnored(e.QHost) {
|
|
|
|
return nil, ts, nil
|
|
|
|
}
|
|
|
|
|
2021-04-02 15:30:39 +01:00
|
|
|
e.client, err = l.client(e.ClientID, e.IP.String(), cache)
|
|
|
|
if err != nil {
|
|
|
|
log.Error(
|
2022-02-10 12:42:59 +00:00
|
|
|
"querylog: enriching file record at time %s for client %q (clientid %q): %s",
|
2021-04-02 15:30:39 +01:00
|
|
|
e.Time,
|
|
|
|
e.IP,
|
|
|
|
e.ClientID,
|
|
|
|
err,
|
|
|
|
)
|
|
|
|
|
|
|
|
// Go on and try to match anyway.
|
2020-02-20 22:07:30 +00:00
|
|
|
}
|
|
|
|
|
2021-04-02 15:30:39 +01:00
|
|
|
ts = e.Time.UnixNano()
|
|
|
|
if !params.match(e) {
|
|
|
|
return nil, ts, nil
|
2020-02-20 22:07:30 +00:00
|
|
|
}
|
|
|
|
|
2021-04-02 15:30:39 +01:00
|
|
|
return e, ts, nil
|
2020-02-20 22:07:30 +00:00
|
|
|
}
|