rework address mapping

addr-map.go

@@ -79,68 +79,62 @@ func addrMapGet(srcIp net.IP, dstCidr *net.IPNet, ttl uint32) net.IP {
 		log.Fatalf("addrMapGet(): src/dst size mismatch: %v vs %v", addrlen, len(dstCidr.IP))
 	}
 
+	var hkey any
+	switch addrlen {
+	case net.IPv4len:
+		hkey = binary.NativeEndian.Uint32(srcIp)
+	case net.IPv6len:
+		hkey = srcIp.To16().String()
+	}
+
 	var curr AddrMap
 	curr.SrcAddr = make([]byte, addrlen)
 	curr.DstAddr = make([]byte, addrlen)
 	copy(curr.DstAddr, srcIp)
 	curr.Ttl = ttl
 
-	for {
+	_, err := rand.Read(curr.SrcAddr)
-		_, err := rand.Read(curr.SrcAddr)
+	if err != nil {
-		if err != nil {
+		log.Fatalf("rand.Read(): error %v", err)
-			log.Fatalf("rand.Read(): error %v", err)
+	}
-		}
 
-		// adjust random bytes to dstCidr
+	// adjust random bytes to dstCidr
-		for i := range addrlen / 4 {
+	for i := range addrlen / 4 {
-			a := binary.NativeEndian.Uint32(dstCidr.IP[i*4:])
+		a := binary.NativeEndian.Uint32(dstCidr.IP[i*4:])
-			b := binary.NativeEndian.Uint32(curr.SrcAddr[i*4:])
+		b := binary.NativeEndian.Uint32(curr.SrcAddr[i*4:])
-			m := binary.NativeEndian.Uint32(dstCidr.Mask[i*4:])
+		m := binary.NativeEndian.Uint32(dstCidr.Mask[i*4:])
-			a += (b & ^m)
+		a += (b & ^m)
-			binary.NativeEndian.PutUint32(curr.SrcAddr[i*4:], a)
+		binary.NativeEndian.PutUint32(curr.SrcAddr[i*4:], a)
-		}
+	}
 
-		curr.Created = time.Now()
+	curr.Created = time.Now()
 
-		var hkey, xprev any
+	var xprev any
-		var loaded bool
+	var loaded bool
+	switch addrlen {
+	case net.IPv4len:
+		xprev, loaded = addr4.LoadOrStore(hkey, curr)
+	case net.IPv6len:
+		xprev, loaded = addr6.LoadOrStore(hkey, curr)
+	}
+	if !loaded {
+		// early return
+		return curr.SrcAddr
+	}
+
+	prev, ok := xprev.(AddrMap)
+	if !ok {
+		log.Fatalf("addrMapGet(): wrong value type from sync.Map")
+	}
+
+	copy(curr.SrcAddr, prev.SrcAddr)
+	if prev.GetTtl() < int32(curr.Ttl) {
 		switch addrlen {
 		case net.IPv4len:
-			hkey = binary.NativeEndian.Uint32(curr.SrcAddr)
+			addr4.Store(hkey, curr)
-			xprev, loaded = addr4.LoadOrStore(hkey, curr)
 		case net.IPv6len:
-			hkey = binary.NativeEndian.Uint64(curr.SrcAddr[net.IPv6len/2:])
+			addr6.Store(hkey, curr)
-			xprev, loaded = addr6.LoadOrStore(hkey, curr)
 		}
-		if !loaded {
-			// early return
-			return curr.SrcAddr
-		}
-
-		prev, ok := xprev.(AddrMap)
-		if !ok {
-			log.Fatalf("addrMapGet(): wrong value type from sync.Map")
-		}
-
-		if !net.IP.Equal(curr.SrcAddr, prev.SrcAddr) {
-			// generate next random address
-			continue
-		}
-		if !net.IP.Equal(curr.DstAddr, prev.DstAddr) {
-			// generate next random address
-			continue
-		}
-
-		if prev.GetTtl() < int32(curr.Ttl) {
-			switch addrlen {
-			case net.IPv4len:
-				addr4.Store(hkey, curr)
-			case net.IPv6len:
-				addr6.Store(hkey, curr)
-			}
-		}
-
-		break
 	}
 
 	return curr.SrcAddr

dns-remap.go

@@ -173,36 +173,20 @@ func dnsRemap(qname string, qtype uint16, orig *dns.Msg) ([]PowerDnsAnswer, erro
 
 	// perform nftables assignment
 	if len(nft_ipv4) > 0 {
-		nftDoWithTable(cfgNftTable, cfgNftTableFamily, func(c *nft.Conn, t *nft.Table) error {
+		nftDoWithMap(cfgNftTable, cfgNftTableFamily, cfgNftMapV4, func(c *nft.Conn, t *nft.Table, m *nft.Set) error {
-			m, err := nftGetMapByName(c, t, cfgNftMapV4)
-			if err != nil {
-				return err
-			}
 			_ = c.SetDeleteElements(m, nft_ipv4)
 			return nil
 		})
-		nftDoWithTable(cfgNftTable, cfgNftTableFamily, func(c *nft.Conn, t *nft.Table) error {
+		nftDoWithMap(cfgNftTable, cfgNftTableFamily, cfgNftMapV4, func(c *nft.Conn, t *nft.Table, m *nft.Set) error {
-			m, err := nftGetMapByName(c, t, cfgNftMapV4)
-			if err != nil {
-				return err
-			}
 			return c.SetAddElements(m, nft_ipv4)
 		})
 	}
 	if len(nft_ipv6) > 0 {
-		nftDoWithTable(cfgNftTable, cfgNftTableFamily, func(c *nft.Conn, t *nft.Table) error {
+		nftDoWithMap(cfgNftTable, cfgNftTableFamily, cfgNftMapV6, func(c *nft.Conn, t *nft.Table, m *nft.Set) error {
-			m, err := nftGetMapByName(c, t, cfgNftMapV6)
-			if err != nil {
-				return err
-			}
 			_ = c.SetDeleteElements(m, nft_ipv6)
 			return nil
 		})
-		nftDoWithTable(cfgNftTable, cfgNftTableFamily, func(c *nft.Conn, t *nft.Table) error {
+		nftDoWithMap(cfgNftTable, cfgNftTableFamily, cfgNftMapV6, func(c *nft.Conn, t *nft.Table, m *nft.Set) error {
-			m, err := nftGetMapByName(c, t, cfgNftMapV6)
-			if err != nil {
-				return err
-			}
 			return c.SetAddElements(m, nft_ipv6)
 		})
 	}

go.mod

@@ -41,11 +41,11 @@ require (
 	github.com/twitchyliquid64/golang-asm v0.15.1 // indirect
 	github.com/ugorji/go/codec v1.2.12 // indirect
 	golang.org/x/arch v0.8.0 // indirect
-	golang.org/x/crypto v0.24.0 // indirect
+	golang.org/x/crypto v0.25.0 // indirect
-	golang.org/x/mod v0.18.0 // indirect
+	golang.org/x/mod v0.19.0 // indirect
-	golang.org/x/net v0.26.0 // indirect
+	golang.org/x/net v0.27.0 // indirect
 	golang.org/x/sync v0.7.0 // indirect
-	golang.org/x/sys v0.21.0 // indirect
+	golang.org/x/sys v0.22.0 // indirect
 	golang.org/x/text v0.16.0 // indirect
 	golang.org/x/tools v0.22.0 // indirect
 	google.golang.org/protobuf v1.34.2 // indirect

go.sum

@@ -101,16 +101,24 @@ golang.org/x/arch v0.8.0 h1:3wRIsP3pM4yUptoR96otTUOXI367OS0+c9eeRi9doIc=
 golang.org/x/arch v0.8.0/go.mod h1:FEVrYAQjsQXMVJ1nsMoVVXPZg6p2JE2mx8psSWTDQys=
 golang.org/x/crypto v0.24.0 h1:mnl8DM0o513X8fdIkmyFE/5hTYxbwYOjDS/+rK6qpRI=
 golang.org/x/crypto v0.24.0/go.mod h1:Z1PMYSOR5nyMcyAVAIQSKCDwalqy85Aqn1x3Ws4L5DM=
+golang.org/x/crypto v0.25.0 h1:ypSNr+bnYL2YhwoMt2zPxHFmbAN1KZs/njMG3hxUp30=
+golang.org/x/crypto v0.25.0/go.mod h1:T+wALwcMOSE0kXgUAnPAHqTLW+XHgcELELW8VaDgm/M=
 golang.org/x/mod v0.18.0 h1:5+9lSbEzPSdWkH32vYPBwEpX8KwDbM52Ud9xBUvNlb0=
 golang.org/x/mod v0.18.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
+golang.org/x/mod v0.19.0 h1:fEdghXQSo20giMthA7cd28ZC+jts4amQ3YMXiP5oMQ8=
+golang.org/x/mod v0.19.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
 golang.org/x/net v0.26.0 h1:soB7SVo0PWrY4vPW/+ay0jKDNScG2X9wFeYlXIvJsOQ=
 golang.org/x/net v0.26.0/go.mod h1:5YKkiSynbBIh3p6iOc/vibscux0x38BZDkn8sCUPxHE=
+golang.org/x/net v0.27.0 h1:5K3Njcw06/l2y9vpGCSdcxWOYHOUk3dVNGDXN+FvAys=
+golang.org/x/net v0.27.0/go.mod h1:dDi0PyhWNoiUOrAS8uXv/vnScO4wnHQO4mj9fn/RytE=
 golang.org/x/sync v0.7.0 h1:YsImfSBoP9QPYL0xyKJPq0gcaJdG3rInoqxTWbfQu9M=
 golang.org/x/sync v0.7.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
 golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.21.0 h1:rF+pYz3DAGSQAxAu1CbC7catZg4ebC4UIeIhKxBZvws=
 golang.org/x/sys v0.21.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/sys v0.22.0 h1:RI27ohtqKCnwULzJLqkv897zojh5/DwS/ENaMzUOaWI=
+golang.org/x/sys v0.22.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/text v0.16.0 h1:a94ExnEXNtEwYLGJSIUxnWoxoRz/ZcCsV63ROupILh4=
 golang.org/x/text v0.16.0/go.mod h1:GhwF1Be+LQoKShO3cGOHzqOgRrGaYc9AvblQOmPVHnI=
 golang.org/x/tools v0.22.0 h1:gqSGLZqv+AI9lIQzniJ0nZDRG5GBPsSi+DRNHWNz6yA=

prometheus.go

@@ -16,11 +16,35 @@ var (
 	_promRegistry    *prometheus.Registry
 	_promHttpHandler http.Handler
 
-	opsProcessed = prometheus.NewCounter(prometheus.CounterOpts{
+	promOpsProcessed = prometheus.NewCounter(prometheus.CounterOpts{
 		Name: "processed_ops_total",
 		Help: "The total number of processed requests",
 	})
 
+	promAddr4Count = prometheus.NewGaugeFunc(prometheus.GaugeOpts{
+		Name: "ipv4_mapped_addr_count",
+		Help: "The total number of IPv4-mapped addresses",
+	}, func() float64 {
+		var x uint32
+		addr4.Range(func(key, value any) bool {
+			x++
+			return true
+		})
+		return float64(x)
+	})
+
+	promAddr6Count = prometheus.NewGaugeFunc(prometheus.GaugeOpts{
+		Name: "ipv6_mapped_addr_count",
+		Help: "The total number of IPv6-mapped addresses",
+	}, func() float64 {
+		var x uint32
+		addr6.Range(func(key, value any) bool {
+			x++
+			return true
+		})
+		return float64(x)
+	})
+
 	labelStringReplacer *strings.Replacer = strings.NewReplacer(
 		"\"", "",
 		"'", "",
@@ -29,7 +53,9 @@ var (
 
 func setupPrometheus(r *gin.Engine) {
 	_promRegistry = prometheus.NewRegistry()
-	_promRegistry.MustRegister(opsProcessed)
+	_promRegistry.MustRegister(promOpsProcessed)
+	_promRegistry.MustRegister(promAddr4Count)
+	_promRegistry.MustRegister(promAddr6Count)
 
 	_promHttpHandler = promhttp.HandlerFor(_promRegistry, promhttp.HandlerOpts{
 		Registry:          _promRegistry,
@@ -55,7 +81,7 @@ func promSanitizeLabel(str string, fallback string) string {
 }
 
 func promHttpHandler(c *gin.Context) {
-	opsProcessed.Inc()
+	promOpsProcessed.Inc()
 
 	_promHttpHandler.ServeHTTP(c.Writer, c.Request)
 }