Compare commits
3 Commits
79a3cc9f92
...
4094f97a2d
Author | SHA1 | Date | |
---|---|---|---|
4094f97a2d | |||
ddaf00f0e7 | |||
2539af3bd4 |
92
addr-map.go
92
addr-map.go
@ -79,68 +79,62 @@ func addrMapGet(srcIp net.IP, dstCidr *net.IPNet, ttl uint32) net.IP {
|
||||
log.Fatalf("addrMapGet(): src/dst size mismatch: %v vs %v", addrlen, len(dstCidr.IP))
|
||||
}
|
||||
|
||||
var hkey any
|
||||
switch addrlen {
|
||||
case net.IPv4len:
|
||||
hkey = binary.NativeEndian.Uint32(srcIp)
|
||||
case net.IPv6len:
|
||||
hkey = srcIp.To16().String()
|
||||
}
|
||||
|
||||
var curr AddrMap
|
||||
curr.SrcAddr = make([]byte, addrlen)
|
||||
curr.DstAddr = make([]byte, addrlen)
|
||||
copy(curr.DstAddr, srcIp)
|
||||
curr.Ttl = ttl
|
||||
|
||||
for {
|
||||
_, err := rand.Read(curr.SrcAddr)
|
||||
if err != nil {
|
||||
log.Fatalf("rand.Read(): error %v", err)
|
||||
}
|
||||
_, err := rand.Read(curr.SrcAddr)
|
||||
if err != nil {
|
||||
log.Fatalf("rand.Read(): error %v", err)
|
||||
}
|
||||
|
||||
// adjust random bytes to dstCidr
|
||||
for i := range addrlen / 4 {
|
||||
a := binary.NativeEndian.Uint32(dstCidr.IP[i*4:])
|
||||
b := binary.NativeEndian.Uint32(curr.SrcAddr[i*4:])
|
||||
m := binary.NativeEndian.Uint32(dstCidr.Mask[i*4:])
|
||||
a += (b & ^m)
|
||||
binary.NativeEndian.PutUint32(curr.SrcAddr[i*4:], a)
|
||||
}
|
||||
// adjust random bytes to dstCidr
|
||||
for i := range addrlen / 4 {
|
||||
a := binary.NativeEndian.Uint32(dstCidr.IP[i*4:])
|
||||
b := binary.NativeEndian.Uint32(curr.SrcAddr[i*4:])
|
||||
m := binary.NativeEndian.Uint32(dstCidr.Mask[i*4:])
|
||||
a += (b & ^m)
|
||||
binary.NativeEndian.PutUint32(curr.SrcAddr[i*4:], a)
|
||||
}
|
||||
|
||||
curr.Created = time.Now()
|
||||
curr.Created = time.Now()
|
||||
|
||||
var hkey, xprev any
|
||||
var loaded bool
|
||||
var xprev any
|
||||
var loaded bool
|
||||
switch addrlen {
|
||||
case net.IPv4len:
|
||||
xprev, loaded = addr4.LoadOrStore(hkey, curr)
|
||||
case net.IPv6len:
|
||||
xprev, loaded = addr6.LoadOrStore(hkey, curr)
|
||||
}
|
||||
if !loaded {
|
||||
// early return
|
||||
return curr.SrcAddr
|
||||
}
|
||||
|
||||
prev, ok := xprev.(AddrMap)
|
||||
if !ok {
|
||||
log.Fatalf("addrMapGet(): wrong value type from sync.Map")
|
||||
}
|
||||
|
||||
copy(curr.SrcAddr, prev.SrcAddr)
|
||||
if prev.GetTtl() < int32(curr.Ttl) {
|
||||
switch addrlen {
|
||||
case net.IPv4len:
|
||||
hkey = binary.NativeEndian.Uint32(curr.SrcAddr)
|
||||
xprev, loaded = addr4.LoadOrStore(hkey, curr)
|
||||
addr4.Store(hkey, curr)
|
||||
case net.IPv6len:
|
||||
hkey = binary.NativeEndian.Uint64(curr.SrcAddr[net.IPv6len/2:])
|
||||
xprev, loaded = addr6.LoadOrStore(hkey, curr)
|
||||
addr6.Store(hkey, curr)
|
||||
}
|
||||
if !loaded {
|
||||
// early return
|
||||
return curr.SrcAddr
|
||||
}
|
||||
|
||||
prev, ok := xprev.(AddrMap)
|
||||
if !ok {
|
||||
log.Fatalf("addrMapGet(): wrong value type from sync.Map")
|
||||
}
|
||||
|
||||
if !net.IP.Equal(curr.SrcAddr, prev.SrcAddr) {
|
||||
// generate next random address
|
||||
continue
|
||||
}
|
||||
if !net.IP.Equal(curr.DstAddr, prev.DstAddr) {
|
||||
// generate next random address
|
||||
continue
|
||||
}
|
||||
|
||||
if prev.GetTtl() < int32(curr.Ttl) {
|
||||
switch addrlen {
|
||||
case net.IPv4len:
|
||||
addr4.Store(hkey, curr)
|
||||
case net.IPv6len:
|
||||
addr6.Store(hkey, curr)
|
||||
}
|
||||
}
|
||||
|
||||
break
|
||||
}
|
||||
|
||||
return curr.SrcAddr
|
||||
|
24
dns-remap.go
24
dns-remap.go
@ -173,36 +173,20 @@ func dnsRemap(qname string, qtype uint16, orig *dns.Msg) ([]PowerDnsAnswer, erro
|
||||
|
||||
// perform nftables assignment
|
||||
if len(nft_ipv4) > 0 {
|
||||
nftDoWithTable(cfgNftTable, cfgNftTableFamily, func(c *nft.Conn, t *nft.Table) error {
|
||||
m, err := nftGetMapByName(c, t, cfgNftMapV4)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
nftDoWithMap(cfgNftTable, cfgNftTableFamily, cfgNftMapV4, func(c *nft.Conn, t *nft.Table, m *nft.Set) error {
|
||||
_ = c.SetDeleteElements(m, nft_ipv4)
|
||||
return nil
|
||||
})
|
||||
nftDoWithTable(cfgNftTable, cfgNftTableFamily, func(c *nft.Conn, t *nft.Table) error {
|
||||
m, err := nftGetMapByName(c, t, cfgNftMapV4)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
nftDoWithMap(cfgNftTable, cfgNftTableFamily, cfgNftMapV4, func(c *nft.Conn, t *nft.Table, m *nft.Set) error {
|
||||
return c.SetAddElements(m, nft_ipv4)
|
||||
})
|
||||
}
|
||||
if len(nft_ipv6) > 0 {
|
||||
nftDoWithTable(cfgNftTable, cfgNftTableFamily, func(c *nft.Conn, t *nft.Table) error {
|
||||
m, err := nftGetMapByName(c, t, cfgNftMapV6)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
nftDoWithMap(cfgNftTable, cfgNftTableFamily, cfgNftMapV6, func(c *nft.Conn, t *nft.Table, m *nft.Set) error {
|
||||
_ = c.SetDeleteElements(m, nft_ipv6)
|
||||
return nil
|
||||
})
|
||||
nftDoWithTable(cfgNftTable, cfgNftTableFamily, func(c *nft.Conn, t *nft.Table) error {
|
||||
m, err := nftGetMapByName(c, t, cfgNftMapV6)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
nftDoWithMap(cfgNftTable, cfgNftTableFamily, cfgNftMapV6, func(c *nft.Conn, t *nft.Table, m *nft.Set) error {
|
||||
return c.SetAddElements(m, nft_ipv6)
|
||||
})
|
||||
}
|
||||
|
8
go.mod
8
go.mod
@ -41,11 +41,11 @@ require (
|
||||
github.com/twitchyliquid64/golang-asm v0.15.1 // indirect
|
||||
github.com/ugorji/go/codec v1.2.12 // indirect
|
||||
golang.org/x/arch v0.8.0 // indirect
|
||||
golang.org/x/crypto v0.24.0 // indirect
|
||||
golang.org/x/mod v0.18.0 // indirect
|
||||
golang.org/x/net v0.26.0 // indirect
|
||||
golang.org/x/crypto v0.25.0 // indirect
|
||||
golang.org/x/mod v0.19.0 // indirect
|
||||
golang.org/x/net v0.27.0 // indirect
|
||||
golang.org/x/sync v0.7.0 // indirect
|
||||
golang.org/x/sys v0.21.0 // indirect
|
||||
golang.org/x/sys v0.22.0 // indirect
|
||||
golang.org/x/text v0.16.0 // indirect
|
||||
golang.org/x/tools v0.22.0 // indirect
|
||||
google.golang.org/protobuf v1.34.2 // indirect
|
||||
|
8
go.sum
8
go.sum
@ -101,16 +101,24 @@ golang.org/x/arch v0.8.0 h1:3wRIsP3pM4yUptoR96otTUOXI367OS0+c9eeRi9doIc=
|
||||
golang.org/x/arch v0.8.0/go.mod h1:FEVrYAQjsQXMVJ1nsMoVVXPZg6p2JE2mx8psSWTDQys=
|
||||
golang.org/x/crypto v0.24.0 h1:mnl8DM0o513X8fdIkmyFE/5hTYxbwYOjDS/+rK6qpRI=
|
||||
golang.org/x/crypto v0.24.0/go.mod h1:Z1PMYSOR5nyMcyAVAIQSKCDwalqy85Aqn1x3Ws4L5DM=
|
||||
golang.org/x/crypto v0.25.0 h1:ypSNr+bnYL2YhwoMt2zPxHFmbAN1KZs/njMG3hxUp30=
|
||||
golang.org/x/crypto v0.25.0/go.mod h1:T+wALwcMOSE0kXgUAnPAHqTLW+XHgcELELW8VaDgm/M=
|
||||
golang.org/x/mod v0.18.0 h1:5+9lSbEzPSdWkH32vYPBwEpX8KwDbM52Ud9xBUvNlb0=
|
||||
golang.org/x/mod v0.18.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
|
||||
golang.org/x/mod v0.19.0 h1:fEdghXQSo20giMthA7cd28ZC+jts4amQ3YMXiP5oMQ8=
|
||||
golang.org/x/mod v0.19.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
|
||||
golang.org/x/net v0.26.0 h1:soB7SVo0PWrY4vPW/+ay0jKDNScG2X9wFeYlXIvJsOQ=
|
||||
golang.org/x/net v0.26.0/go.mod h1:5YKkiSynbBIh3p6iOc/vibscux0x38BZDkn8sCUPxHE=
|
||||
golang.org/x/net v0.27.0 h1:5K3Njcw06/l2y9vpGCSdcxWOYHOUk3dVNGDXN+FvAys=
|
||||
golang.org/x/net v0.27.0/go.mod h1:dDi0PyhWNoiUOrAS8uXv/vnScO4wnHQO4mj9fn/RytE=
|
||||
golang.org/x/sync v0.7.0 h1:YsImfSBoP9QPYL0xyKJPq0gcaJdG3rInoqxTWbfQu9M=
|
||||
golang.org/x/sync v0.7.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
|
||||
golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
|
||||
golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
|
||||
golang.org/x/sys v0.21.0 h1:rF+pYz3DAGSQAxAu1CbC7catZg4ebC4UIeIhKxBZvws=
|
||||
golang.org/x/sys v0.21.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
|
||||
golang.org/x/sys v0.22.0 h1:RI27ohtqKCnwULzJLqkv897zojh5/DwS/ENaMzUOaWI=
|
||||
golang.org/x/sys v0.22.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
|
||||
golang.org/x/text v0.16.0 h1:a94ExnEXNtEwYLGJSIUxnWoxoRz/ZcCsV63ROupILh4=
|
||||
golang.org/x/text v0.16.0/go.mod h1:GhwF1Be+LQoKShO3cGOHzqOgRrGaYc9AvblQOmPVHnI=
|
||||
golang.org/x/tools v0.22.0 h1:gqSGLZqv+AI9lIQzniJ0nZDRG5GBPsSi+DRNHWNz6yA=
|
||||
|
@ -16,11 +16,35 @@ var (
|
||||
_promRegistry *prometheus.Registry
|
||||
_promHttpHandler http.Handler
|
||||
|
||||
opsProcessed = prometheus.NewCounter(prometheus.CounterOpts{
|
||||
promOpsProcessed = prometheus.NewCounter(prometheus.CounterOpts{
|
||||
Name: "processed_ops_total",
|
||||
Help: "The total number of processed requests",
|
||||
})
|
||||
|
||||
promAddr4Count = prometheus.NewGaugeFunc(prometheus.GaugeOpts{
|
||||
Name: "ipv4_mapped_addr_count",
|
||||
Help: "The total number of IPv4-mapped addresses",
|
||||
}, func() float64 {
|
||||
var x uint32
|
||||
addr4.Range(func(key, value any) bool {
|
||||
x++
|
||||
return true
|
||||
})
|
||||
return float64(x)
|
||||
})
|
||||
|
||||
promAddr6Count = prometheus.NewGaugeFunc(prometheus.GaugeOpts{
|
||||
Name: "ipv6_mapped_addr_count",
|
||||
Help: "The total number of IPv6-mapped addresses",
|
||||
}, func() float64 {
|
||||
var x uint32
|
||||
addr6.Range(func(key, value any) bool {
|
||||
x++
|
||||
return true
|
||||
})
|
||||
return float64(x)
|
||||
})
|
||||
|
||||
labelStringReplacer *strings.Replacer = strings.NewReplacer(
|
||||
"\"", "",
|
||||
"'", "",
|
||||
@ -29,7 +53,9 @@ var (
|
||||
|
||||
func setupPrometheus(r *gin.Engine) {
|
||||
_promRegistry = prometheus.NewRegistry()
|
||||
_promRegistry.MustRegister(opsProcessed)
|
||||
_promRegistry.MustRegister(promOpsProcessed)
|
||||
_promRegistry.MustRegister(promAddr4Count)
|
||||
_promRegistry.MustRegister(promAddr6Count)
|
||||
|
||||
_promHttpHandler = promhttp.HandlerFor(_promRegistry, promhttp.HandlerOpts{
|
||||
Registry: _promRegistry,
|
||||
@ -55,7 +81,7 @@ func promSanitizeLabel(str string, fallback string) string {
|
||||
}
|
||||
|
||||
func promHttpHandler(c *gin.Context) {
|
||||
opsProcessed.Inc()
|
||||
promOpsProcessed.Inc()
|
||||
|
||||
_promHttpHandler.ServeHTTP(c.Writer, c.Request)
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user