Formerly extra files were drawn using the same colors as files withing
the limit and it lead risk of misinterpreting the data.

Colors are combined with markers to create more combinations.
Obviously nobody can really read 40 combinations in detail because the
points will overlap, but it is sufficient to detect outliers and that's
what I'm after.

This is useful when extract-clients is used in a pipeline like this:
mergecap | filter-dnsq | extract-clients | split-clients

This is essentially the opposite of limit-clients.lua.
This new script assigns one client IP address to a single output and
copies all packets for single client into the same output file.

Client assignment is pseudorandom and does not guarantee uniform
assignment. Clients typically do not generate equal load in any metric
(be it QPS or overall resources required to process client's query),
so there would be little point in complicating code for theoretical
uniformity.

Stats generated at the end provide some insight into uniformity of the
split on per-client and per-packet basis.

plot-client-distribution: tweaks for many input files

See merge request !59

Colors are combined with hatch to create more combinations.
Obviously nobody can really read 40 combinations in detail because the
points will overlap, but it is sufficient to detect outliers and that's
what I'm after.

Formerly extra files were silently ignored.

By default, filter out queries for subdomains of dotnxdomain.net.
This is a 'special' measurement domain. Queries directed to it have
timestamps encoded in qname and replaying old queries results in
timeouts, not in a realistic traffic replay.

A new option -s can be used to keep the queries in the output if
desired.

The other domain - dashnxdomain.net - did not appear in any of my PCAPs
so for simplicity I skipped it.

Implementing this check forced me to parse more parts of DNS header, but
even for tens of GBs of data it was so fast that I do not consider it to
be a problem.

Fixes: #25

ci: use debian 11

See merge request !57

extract-clients: reset UDP port numbers in output to 53

See merge request !56

Wireshark considers some source port numbers special and switches packet
parser to non-DNS protocol, despite destination port being 53.
Extractor now overrides both source and destination ports to 53 to make
it easier to analyze its output in Wireshark.

plot-response-rate: avoid white line on white background

See merge request !55

release v20210714

See merge request !54

http2() was part of dnssim since version 20210129 - and that is already
checked for.

plot-latency: ability to plot results as aggregated groups

See merge request !53

Each --group has user-supplied name, and line denoting average value,
and colored area denoting min/max range.

shotgun.output.dnssim

See merge request !52

- `reply/dnssim`: Fix luacheck warnings

- Move `dnssim` module from dnsjit's repository to shotgun's

cut-pcap.lua script to effectively trim already sorted PCAPs

See merge request !50

Intended use is together with merge_chunks.py like this:
merge_chunks.py ... | cut-pcap.lua - /tmp/short.pcap 60

Stock editcap is designed to handle unsorted PCAPs and thus cannot stop
on encountering first packet with timestamp over limit.
This is very ineffective for processing large PCAPs generated by
extract-clients.lua because the mergecap + editcap pipeline keeps
processing all the "trailing" data, which can take really large time for
no benefit.

add tool to plot packet rate in PCAPs

See merge request !46

merge_chunks: relax overly strict check on --seed

See merge request !48

shotgun: log total number of processed packets

See merge request !49

plot-response-rate: ability to plot sum of specified rcodes

See merge request !47