Reworked update code, split v4/v6 updates

- collect dns updatees individually, so that we clear A and AAAA separately if and only if needed. - made nft AddIP call more resilient against partial updates - updated nft processing code to no longer add nil to a v4/v6 set which would end in an invalid call to AddIP when updating nft. call it individually now. - updated samples with real world traces from an AVM Box
2021-09-25 11:56:50 +02:00
parent a23043ba5f
commit 45d4e45bb1
4 changed files with 38 additions and 14 deletions
--- a/service/dns.go
+++ b/service/dns.go
@@ -26,18 +26,16 @@ func DNSUpdateEntry(domain string, hostname string, ip4 net.IP, ip6 net.IP) erro
 	zone := fmt.Sprintf("%s.", domain)

 	msg.SetUpdate(zone)
-	msg.RemoveName([]dns.RR{
-		&dns.RR_Header{Name: fqdn},
-	})
-
-	var rrs []dns.RR

 	if ip4 != nil {
 		ip4bin := ip4.To4()
 		if ip4bin == nil {
 			return fmt.Errorf("ip4 (%v) is not a valid IPv4 address", ip4)
 		}
-		rrs = append(rrs, &dns.A{
+		msg.RemoveRRset([]dns.RR{
+			&dns.RR_Header{Name: fqdn, Rrtype: dns.TypeA},
+		})
+		msg.Insert([]dns.RR{&dns.A{
 			Hdr: dns.RR_Header{
 				Name:   fqdn,
 				Rrtype: dns.TypeA,
@@ -45,7 +43,7 @@ func DNSUpdateEntry(domain string, hostname string, ip4 net.IP, ip6 net.IP) erro
 				Ttl:    C.DNS.DefaultTTL,
 			},
 			A: ip4bin,
-		})
+		}})
 	}

 	if ip6 != nil {
@@ -53,7 +51,10 @@ func DNSUpdateEntry(domain string, hostname string, ip4 net.IP, ip6 net.IP) erro
 		if ip6bin == nil {
 			return fmt.Errorf("ip6 (%v) is not a valid IPv6 address", ip4)
 		}
-		rrs = append(rrs, &dns.AAAA{
+		msg.RemoveRRset([]dns.RR{
+			&dns.RR_Header{Name: fqdn, Rrtype: dns.TypeAAAA},
+		})
+		msg.Insert([]dns.RR{&dns.AAAA{
 			Hdr: dns.RR_Header{
 				Name:   fqdn,
 				Rrtype: dns.TypeAAAA,
@@ -61,11 +62,9 @@ func DNSUpdateEntry(domain string, hostname string, ip4 net.IP, ip6 net.IP) erro
 				Ttl:    C.DNS.DefaultTTL,
 			},
 			AAAA: ip6bin,
-		})
+		}})
 	}

-	msg.Insert(rrs)
-
 	log.Printf("Sending DNS Update for %s.%s:\n%v", hostname, domain, msg)

 	reply, _, err := dnsClient.Exchange(msg, C.DNS.Server)
--- a/service/nftables.go
+++ b/service/nftables.go
@@ -65,6 +65,9 @@ func (nut *NFTUpdateTable) FindOrAddSet(SetName string, IP6 bool) (*NFTUpdateSet
 }

 func (nu *NFTUpdate) AddIP(TableName string, SetName string, IP net.IP) error {
+	if IP == nil {
+		return nil
+	}
 	ip6 := (IP.To4() == nil)
 	nut := nu.FindOrAddTable(TableName)
 	nus, err := nut.FindOrAddSet(SetName, ip6)
--- a/service/updaterequest.go
+++ b/service/updaterequest.go
@@ -85,19 +85,19 @@ func (ur *UpdateRequest) Process() error {
 			if err := DNSUpdateEntry(ur.Config.Domain, other.Hostname, ur.IPv4, fullV6IP); err != nil {
 				return fmt.Errorf("failed to update DNS for host %s: %v", other.Hostname, err)
 			}
-		} else {
+		} else if ur.IPv6 != nil {
 			if err := DNSUpdateEntry(ur.Config.Domain, other.Hostname, nil, fullV6IP); err != nil {
 				return fmt.Errorf("failed to update DNS for host %s: %v", other.Hostname, err)
 			}
 		}

 		if other.NFT.Table != "" {
-			if other.NFT.Set6 != "" {
+			if other.NFT.Set6 != "" && ur.IPv6 != nil {
 				if err := nfu.AddIP(other.NFT.Table, other.NFT.Set6, fullV6IP); err != nil {
 					return fmt.Errorf("failed to update IPv6 NFT setup for host %s: %v", other.Hostname, err)
 				}
 			}
-			if other.RegisterV4 && other.NFT.Set4 != "" {
+			if other.RegisterV4 && other.NFT.Set4 != "" && ur.IPv4 != nil {
 				if err := nfu.AddIP(other.NFT.Table, other.NFT.Set4, ur.IPv4); err != nil {
 					return fmt.Errorf("failed to update IPv6 NFT setup for host %s: %v", other.Hostname, err)
 				}