fix regex support

collectors/dnsmessage.go

@@ -160,24 +160,38 @@ RUN_LOOP:
 			}
 
 			// matching enabled, filtering DNS messages ?
+			matched := true
 			matchedInclude := false
 			matchedGreaterThan := false
+
 			if len(c.config.Collectors.DNSMessage.Matching.Include) > 0 {
-				err, matchedInclude = dm.Matching(c.config.Collectors.DNSMessage.Matching.Include, dnsutils.MatchingModeInclude)
+				err, matchedInclude = dm.Matching(c.config.Collectors.DNSMessage.Matching.Include,
+					dnsutils.MatchingModeInclude)
 				if err != nil {
 					c.LogError(err.Error())
 				}
+				if matched && matchedInclude {
+					matched = true
+				} else {
+					matched = false
+				}
 			}
 			if len(c.config.Collectors.DNSMessage.Matching.GreaterThan) > 0 {
-				err, matchedGreaterThan = dm.Matching(c.config.Collectors.DNSMessage.Matching.GreaterThan, dnsutils.MatchingModeGreaterThan)
+				err, matchedGreaterThan = dm.Matching(c.config.Collectors.DNSMessage.Matching.GreaterThan,
+					dnsutils.MatchingModeGreaterThan)
 				if err != nil {
 					c.LogError(err.Error())
 				}
+
+				if matched && matchedGreaterThan {
+					matched = true
+				} else {
+					matched = false
+				}
 			}
 
 			// apply tranforms on matched packets only
 			// init dns message with additionnals parts if necessary
-			matched := matchedInclude && matchedGreaterThan
 			if matched {
 				subprocessors.InitDNSMessageFormat(&dm)
 				if subprocessors.ProcessMessage(&dm) == transformers.ReturnDrop {

config.yml

@@ -84,29 +84,62 @@ global:
 #     - from: [ tap ]
 #       to: [ console ]
 
+
+  # - name: match-queries
+  #   dnsmessage:
+  #     matching:
+  #       include:
+  #         dnstap.operation: "CLIENT_QUERY"
+  #         dns.qname: ".*\\.google\\.com"
+  #       greater-than:
+  #         dns.length: 50
+  #     policy: "drop-unmatched" #passthrough
+  #   transforms:
+  #     atags:
+  #       tags: [ "TAG-QUERIES" ]
+  #   routes: [ log-queries ]
+
+  # - name: log-queries
+  #   stdout:
+  #     mode: flat-json
+
 pipelines:
   - name: dnsdist-main
     dnstap:
       listen-ip: 0.0.0.0
       listen-port: 6000
-    routes: [ match-queries ]
+    routes: [ tag-queries ]
 
-  - name: match-queries
+  - name: tag-queries
     dnsmessage:
       matching:
         include:
           dnstap.operation: "CLIENT_QUERY"
-          dns.qname: ".*\\.google\\.com"
+          dns.qname: "^.*\\.google\\.com$"
         greater-than:
           dns.length: 50
-      policy: "drop-unmatched" #passthrough
+      policy: "drop-unmatched"
     transforms:
       atags:
-        tags: [ "TAG-QUERIES" ]
-    routes: [ log-queries ]
+        tags: [ "TAG-QUERIES:tag-queries" ]
+    routes: [ match-queries ]
 
-  - name: log-queries
-    stdout:
+  - name: match-queries
+    dnsmessage:
+      matching:
+        include:
+          dns.qname: "^www\\.google\\.com$"
+      policy: "passthrough"
+    transforms:
+      atags:
+        tags: [ "Le-Goog:website" ]
+    routes: [ outputfile ]
+
+  - name: outputfile
+    logfile:
+      file-path:  "/tmp/dnstap.log"
+      max-size: 1000
+      max-files: 10
       mode: flat-json
 
 ################################################

dnsutils/message.go

@@ -844,7 +844,6 @@ func (dm *DNSMessage) Flatten() (ret map[string]interface{}, err error) {
 }
 
 func (dm *DNSMessage) Matching(matching map[string]interface{}, operator string) (error, bool) {
-
 	if len(matching) == 0 {
 		return nil, false
 	}
@@ -858,15 +857,13 @@ func (dm *DNSMessage) Matching(matching map[string]interface{}, operator string)
 	var isMatch = true
 
 	for nestedKeys, value := range matching {
-
 		fieldValue, found := getFieldByJSONTag(dmValue, nestedKeys)
 		if !found {
-			fmt.Printf("pattern '%s' does not exist in the DNSMessage structure\n", nestedKeys)
+			fmt.Printf("pattern '%s' does not exist in the DNSMessage struct\n", nestedKeys)
 			return nil, false
 		}
 
 		reflectedValue := reflect.ValueOf(value)
-
 		switch operator {
 		case MatchingModeInclude:
 			// regex support for string

transformers/tags.go → transformers/atags.go

@@ -48,3 +48,10 @@ func (p *ATagsProcessor) InitDNSMessage(dm *dnsutils.DNSMessage) {
 func (p *ATagsProcessor) IsEnabled() bool {
 	return p.config.ATags.Enable
 }
+
+func (p *ATagsProcessor) AddTags(dm *dnsutils.DNSMessage) int {
+	if p.config.ATags.Enable {
+		dm.ATags.Tags = append(dm.ATags.Tags, p.config.ATags.Tags...)
+	}
+	return ReturnSuccess
+}

transformers/subprocessors.go

@@ -173,6 +173,7 @@ func (p *Transforms) Prepare() error {
 	}
 
 	if p.config.ATags.Enable {
+		p.activeTransforms = append(p.activeTransforms, p.ATagsTransform.AddTags)
 		prefixlog := fmt.Sprintf("transformer=atags#%d - ", p.instance)
 		p.LogInfo(prefixlog + "subprocessor atags is enabled")
 	}
@@ -306,11 +307,6 @@ func (p *Transforms) ProcessMessage(dm *dnsutils.DNSMessage) int {
 		return ReturnDrop
 	}
 
-	// add tags
-	if p.config.ATags.Enable {
-		dm.ATags.Tags = append(dm.ATags.Tags, p.config.ATags.Tags...)
-	}
-
 	//  and finaly apply other transformation
 	var rCode int
 	for _, fn := range p.activeTransforms {