Compare commits

...

3 Commits

Author SHA1 Message Date
4094f97a2d
rework address mapping 2024-07-07 16:11:02 +03:00
ddaf00f0e7
minor code improvement 2024-07-07 15:22:17 +03:00
2539af3bd4
update deps 2024-07-07 15:11:51 +03:00
5 changed files with 88 additions and 76 deletions

View File

@ -79,68 +79,62 @@ func addrMapGet(srcIp net.IP, dstCidr *net.IPNet, ttl uint32) net.IP {
log.Fatalf("addrMapGet(): src/dst size mismatch: %v vs %v", addrlen, len(dstCidr.IP))
}
var hkey any
switch addrlen {
case net.IPv4len:
hkey = binary.NativeEndian.Uint32(srcIp)
case net.IPv6len:
hkey = srcIp.To16().String()
}
var curr AddrMap
curr.SrcAddr = make([]byte, addrlen)
curr.DstAddr = make([]byte, addrlen)
copy(curr.DstAddr, srcIp)
curr.Ttl = ttl
for {
_, err := rand.Read(curr.SrcAddr)
if err != nil {
log.Fatalf("rand.Read(): error %v", err)
}
_, err := rand.Read(curr.SrcAddr)
if err != nil {
log.Fatalf("rand.Read(): error %v", err)
}
// adjust random bytes to dstCidr
for i := range addrlen / 4 {
a := binary.NativeEndian.Uint32(dstCidr.IP[i*4:])
b := binary.NativeEndian.Uint32(curr.SrcAddr[i*4:])
m := binary.NativeEndian.Uint32(dstCidr.Mask[i*4:])
a += (b & ^m)
binary.NativeEndian.PutUint32(curr.SrcAddr[i*4:], a)
}
// adjust random bytes to dstCidr
for i := range addrlen / 4 {
a := binary.NativeEndian.Uint32(dstCidr.IP[i*4:])
b := binary.NativeEndian.Uint32(curr.SrcAddr[i*4:])
m := binary.NativeEndian.Uint32(dstCidr.Mask[i*4:])
a += (b & ^m)
binary.NativeEndian.PutUint32(curr.SrcAddr[i*4:], a)
}
curr.Created = time.Now()
curr.Created = time.Now()
var hkey, xprev any
var loaded bool
var xprev any
var loaded bool
switch addrlen {
case net.IPv4len:
xprev, loaded = addr4.LoadOrStore(hkey, curr)
case net.IPv6len:
xprev, loaded = addr6.LoadOrStore(hkey, curr)
}
if !loaded {
// early return
return curr.SrcAddr
}
prev, ok := xprev.(AddrMap)
if !ok {
log.Fatalf("addrMapGet(): wrong value type from sync.Map")
}
copy(curr.SrcAddr, prev.SrcAddr)
if prev.GetTtl() < int32(curr.Ttl) {
switch addrlen {
case net.IPv4len:
hkey = binary.NativeEndian.Uint32(curr.SrcAddr)
xprev, loaded = addr4.LoadOrStore(hkey, curr)
addr4.Store(hkey, curr)
case net.IPv6len:
hkey = binary.NativeEndian.Uint64(curr.SrcAddr[net.IPv6len/2:])
xprev, loaded = addr6.LoadOrStore(hkey, curr)
addr6.Store(hkey, curr)
}
if !loaded {
// early return
return curr.SrcAddr
}
prev, ok := xprev.(AddrMap)
if !ok {
log.Fatalf("addrMapGet(): wrong value type from sync.Map")
}
if !net.IP.Equal(curr.SrcAddr, prev.SrcAddr) {
// generate next random address
continue
}
if !net.IP.Equal(curr.DstAddr, prev.DstAddr) {
// generate next random address
continue
}
if prev.GetTtl() < int32(curr.Ttl) {
switch addrlen {
case net.IPv4len:
addr4.Store(hkey, curr)
case net.IPv6len:
addr6.Store(hkey, curr)
}
}
break
}
return curr.SrcAddr

View File

@ -173,36 +173,20 @@ func dnsRemap(qname string, qtype uint16, orig *dns.Msg) ([]PowerDnsAnswer, erro
// perform nftables assignment
if len(nft_ipv4) > 0 {
nftDoWithTable(cfgNftTable, cfgNftTableFamily, func(c *nft.Conn, t *nft.Table) error {
m, err := nftGetMapByName(c, t, cfgNftMapV4)
if err != nil {
return err
}
nftDoWithMap(cfgNftTable, cfgNftTableFamily, cfgNftMapV4, func(c *nft.Conn, t *nft.Table, m *nft.Set) error {
_ = c.SetDeleteElements(m, nft_ipv4)
return nil
})
nftDoWithTable(cfgNftTable, cfgNftTableFamily, func(c *nft.Conn, t *nft.Table) error {
m, err := nftGetMapByName(c, t, cfgNftMapV4)
if err != nil {
return err
}
nftDoWithMap(cfgNftTable, cfgNftTableFamily, cfgNftMapV4, func(c *nft.Conn, t *nft.Table, m *nft.Set) error {
return c.SetAddElements(m, nft_ipv4)
})
}
if len(nft_ipv6) > 0 {
nftDoWithTable(cfgNftTable, cfgNftTableFamily, func(c *nft.Conn, t *nft.Table) error {
m, err := nftGetMapByName(c, t, cfgNftMapV6)
if err != nil {
return err
}
nftDoWithMap(cfgNftTable, cfgNftTableFamily, cfgNftMapV6, func(c *nft.Conn, t *nft.Table, m *nft.Set) error {
_ = c.SetDeleteElements(m, nft_ipv6)
return nil
})
nftDoWithTable(cfgNftTable, cfgNftTableFamily, func(c *nft.Conn, t *nft.Table) error {
m, err := nftGetMapByName(c, t, cfgNftMapV6)
if err != nil {
return err
}
nftDoWithMap(cfgNftTable, cfgNftTableFamily, cfgNftMapV6, func(c *nft.Conn, t *nft.Table, m *nft.Set) error {
return c.SetAddElements(m, nft_ipv6)
})
}

8
go.mod
View File

@ -41,11 +41,11 @@ require (
github.com/twitchyliquid64/golang-asm v0.15.1 // indirect
github.com/ugorji/go/codec v1.2.12 // indirect
golang.org/x/arch v0.8.0 // indirect
golang.org/x/crypto v0.24.0 // indirect
golang.org/x/mod v0.18.0 // indirect
golang.org/x/net v0.26.0 // indirect
golang.org/x/crypto v0.25.0 // indirect
golang.org/x/mod v0.19.0 // indirect
golang.org/x/net v0.27.0 // indirect
golang.org/x/sync v0.7.0 // indirect
golang.org/x/sys v0.21.0 // indirect
golang.org/x/sys v0.22.0 // indirect
golang.org/x/text v0.16.0 // indirect
golang.org/x/tools v0.22.0 // indirect
google.golang.org/protobuf v1.34.2 // indirect

8
go.sum
View File

@ -101,16 +101,24 @@ golang.org/x/arch v0.8.0 h1:3wRIsP3pM4yUptoR96otTUOXI367OS0+c9eeRi9doIc=
golang.org/x/arch v0.8.0/go.mod h1:FEVrYAQjsQXMVJ1nsMoVVXPZg6p2JE2mx8psSWTDQys=
golang.org/x/crypto v0.24.0 h1:mnl8DM0o513X8fdIkmyFE/5hTYxbwYOjDS/+rK6qpRI=
golang.org/x/crypto v0.24.0/go.mod h1:Z1PMYSOR5nyMcyAVAIQSKCDwalqy85Aqn1x3Ws4L5DM=
golang.org/x/crypto v0.25.0 h1:ypSNr+bnYL2YhwoMt2zPxHFmbAN1KZs/njMG3hxUp30=
golang.org/x/crypto v0.25.0/go.mod h1:T+wALwcMOSE0kXgUAnPAHqTLW+XHgcELELW8VaDgm/M=
golang.org/x/mod v0.18.0 h1:5+9lSbEzPSdWkH32vYPBwEpX8KwDbM52Ud9xBUvNlb0=
golang.org/x/mod v0.18.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
golang.org/x/mod v0.19.0 h1:fEdghXQSo20giMthA7cd28ZC+jts4amQ3YMXiP5oMQ8=
golang.org/x/mod v0.19.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
golang.org/x/net v0.26.0 h1:soB7SVo0PWrY4vPW/+ay0jKDNScG2X9wFeYlXIvJsOQ=
golang.org/x/net v0.26.0/go.mod h1:5YKkiSynbBIh3p6iOc/vibscux0x38BZDkn8sCUPxHE=
golang.org/x/net v0.27.0 h1:5K3Njcw06/l2y9vpGCSdcxWOYHOUk3dVNGDXN+FvAys=
golang.org/x/net v0.27.0/go.mod h1:dDi0PyhWNoiUOrAS8uXv/vnScO4wnHQO4mj9fn/RytE=
golang.org/x/sync v0.7.0 h1:YsImfSBoP9QPYL0xyKJPq0gcaJdG3rInoqxTWbfQu9M=
golang.org/x/sync v0.7.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.21.0 h1:rF+pYz3DAGSQAxAu1CbC7catZg4ebC4UIeIhKxBZvws=
golang.org/x/sys v0.21.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
golang.org/x/sys v0.22.0 h1:RI27ohtqKCnwULzJLqkv897zojh5/DwS/ENaMzUOaWI=
golang.org/x/sys v0.22.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
golang.org/x/text v0.16.0 h1:a94ExnEXNtEwYLGJSIUxnWoxoRz/ZcCsV63ROupILh4=
golang.org/x/text v0.16.0/go.mod h1:GhwF1Be+LQoKShO3cGOHzqOgRrGaYc9AvblQOmPVHnI=
golang.org/x/tools v0.22.0 h1:gqSGLZqv+AI9lIQzniJ0nZDRG5GBPsSi+DRNHWNz6yA=

View File

@ -16,11 +16,35 @@ var (
_promRegistry *prometheus.Registry
_promHttpHandler http.Handler
opsProcessed = prometheus.NewCounter(prometheus.CounterOpts{
promOpsProcessed = prometheus.NewCounter(prometheus.CounterOpts{
Name: "processed_ops_total",
Help: "The total number of processed requests",
})
promAddr4Count = prometheus.NewGaugeFunc(prometheus.GaugeOpts{
Name: "ipv4_mapped_addr_count",
Help: "The total number of IPv4-mapped addresses",
}, func() float64 {
var x uint32
addr4.Range(func(key, value any) bool {
x++
return true
})
return float64(x)
})
promAddr6Count = prometheus.NewGaugeFunc(prometheus.GaugeOpts{
Name: "ipv6_mapped_addr_count",
Help: "The total number of IPv6-mapped addresses",
}, func() float64 {
var x uint32
addr6.Range(func(key, value any) bool {
x++
return true
})
return float64(x)
})
labelStringReplacer *strings.Replacer = strings.NewReplacer(
"\"", "",
"'", "",
@ -29,7 +53,9 @@ var (
func setupPrometheus(r *gin.Engine) {
_promRegistry = prometheus.NewRegistry()
_promRegistry.MustRegister(opsProcessed)
_promRegistry.MustRegister(promOpsProcessed)
_promRegistry.MustRegister(promAddr4Count)
_promRegistry.MustRegister(promAddr6Count)
_promHttpHandler = promhttp.HandlerFor(_promRegistry, promhttp.HandlerOpts{
Registry: _promRegistry,
@ -55,7 +81,7 @@ func promSanitizeLabel(str string, fallback string) string {
}
func promHttpHandler(c *gin.Context) {
opsProcessed.Inc()
promOpsProcessed.Inc()
_promHttpHandler.ServeHTTP(c.Writer, c.Request)
}