rtr7-router7/cmd/netconfigd/netconfigd.go

// Binary netconfigd reads state from dhcp4, dhcp6, … and applies it.
package main

import (
	"flag"
	"net"
	"net/http"
	"os"
	"os/signal"
	"syscall"

	"github.com/gokrazy/gokrazy"
	"github.com/google/nftables"
	"github.com/google/nftables/expr"
	"github.com/prometheus/client_golang/prometheus"
	"github.com/prometheus/client_golang/prometheus/promauto"
	"github.com/prometheus/client_golang/prometheus/promhttp"

	"router7/internal/multilisten"
	"router7/internal/netconfig"
	"router7/internal/teelogger"
)

var log = teelogger.NewConsole()

var (
	linger = flag.Bool("linger", true, "linger around after applying the configuration (until killed)")
)

func init() {
	var c nftables.Conn
	for _, metric := range []struct {
		name   string
		labels prometheus.Labels
		table  *nftables.Table
		chain  *nftables.Chain
	}{
		{
			name:   "filter_forward",
			labels: prometheus.Labels{"family": "ipv4"},
			table:  &nftables.Table{Family: nftables.TableFamilyIPv4, Name: "filter"},
			chain:  &nftables.Chain{Name: "forward"},
		},
		{
			name:   "filter_forward",
			labels: prometheus.Labels{"family": "ipv6"},
			table:  &nftables.Table{Family: nftables.TableFamilyIPv6, Name: "filter"},
			chain:  &nftables.Chain{Name: "forward"},
		},
	} {
		metric := metric // copy
		promauto.NewCounterFunc(
			prometheus.CounterOpts{
				Subsystem:   "nftables",
				Name:        metric.name + "_packets",
				Help:        "packet count",
				ConstLabels: metric.labels,
			},
			func() float64 {
				rules, err := c.GetRule(metric.table, metric.chain)
				if err != nil ||
					len(rules) != 1 ||
					len(rules[0].Exprs) != 1 {
					return 0
				}
				if ce, ok := rules[0].Exprs[0].(*expr.Counter); ok {
					return float64(ce.Packets)
				}
				return 0
			})
		promauto.NewCounterFunc(
			prometheus.CounterOpts{
				Subsystem:   "nftables",
				Name:        metric.name + "_bytes",
				Help:        "bytes count",
				ConstLabels: metric.labels,
			},
			func() float64 {
				rules, err := c.GetRule(metric.table, metric.chain)
				if err != nil ||
					len(rules) != 1 ||
					len(rules[0].Exprs) != 1 {
					return 0
				}
				if ce, ok := rules[0].Exprs[0].(*expr.Counter); ok {
					return float64(ce.Bytes)
				}
				return 0
			})
	}
}

var httpListeners = multilisten.NewPool()

func updateListeners() error {
	hosts, err := gokrazy.PrivateInterfaceAddrs()
	if err != nil {
		return err
	}
	if net1, err := multilisten.IPv6Net1("/perm"); err == nil {
		hosts = append(hosts, net1)
	}

	httpListeners.ListenAndServe(hosts, func(host string) multilisten.Listener {
		return &http.Server{Addr: net.JoinHostPort(host, "8066")}
	})
	return nil
}

func logic() error {
	if *linger {
		http.Handle("/metrics", promhttp.Handler())
		if err := updateListeners(); err != nil {
			return err
		}
	}
	ch := make(chan os.Signal, 1)
	signal.Notify(ch, syscall.SIGUSR1)
	for {
		err := netconfig.Apply("/perm/", "/")
		// Notify gokrazy about new addresses (netconfig.Apply might have
		// modified state before returning an error) so that listeners can be
		// updated.
		p, _ := os.FindProcess(1)
		if err := p.Signal(syscall.SIGHUP); err != nil {
			log.Printf("kill -HUP 1: %v", err)
		}
		if err != nil {
			return err
		}
		if !*linger {
			break
		}
		<-ch
		if err := updateListeners(); err != nil {
			log.Printf("updateListeners: %v", err)
		}
	}
	return nil
}

func main() {
	flag.Parse()
	if err := logic(); err != nil {
		log.Fatal(err)
	}
}
Initial commit 2018-05-27 17:30:42 +02:00			`// Binary netconfigd reads state from dhcp4, dhcp6, … and applies it.`
			`package main`

			`import (`
			`"flag"`
dns: listen on all private IP addresses 2018-06-26 08:52:04 +02:00			`"net"`
netconfigd: export ipv4/ipv6 packet/bytes counters on :8066 2018-06-23 19:56:34 +02:00			`"net/http"`
Initial commit 2018-05-27 17:30:42 +02:00			`"os"`
			`"os/signal"`
			`"syscall"`

netconfigd: export ipv4/ipv6 packet/bytes counters on :8066 2018-06-23 19:56:34 +02:00			`"github.com/gokrazy/gokrazy"`
			`"github.com/google/nftables"`
			`"github.com/google/nftables/expr"`
			`"github.com/prometheus/client_golang/prometheus"`
			`"github.com/prometheus/client_golang/prometheus/promauto"`
			`"github.com/prometheus/client_golang/prometheus/promhttp"`

			`"router7/internal/multilisten"`
Initial commit 2018-05-27 17:30:42 +02:00			`"router7/internal/netconfig"`
netconfig: apply IPv6 address to lan0, not uplink0 2018-06-03 20:35:41 +02:00			`"router7/internal/teelogger"`
Initial commit 2018-05-27 17:30:42 +02:00			`)`

netconfig: apply IPv6 address to lan0, not uplink0 2018-06-03 20:35:41 +02:00			`var log = teelogger.NewConsole()`

Initial commit 2018-05-27 17:30:42 +02:00			`var (`
			`linger = flag.Bool("linger", true, "linger around after applying the configuration (until killed)")`
			`)`

netconfigd: export ipv4/ipv6 packet/bytes counters on :8066 2018-06-23 19:56:34 +02:00			`func init() {`
			`var c nftables.Conn`
			`for _, metric := range []struct {`
			`name string`
			`labels prometheus.Labels`
			`table *nftables.Table`
			`chain *nftables.Chain`
			`}{`
			`{`
			`name: "filter_forward",`
			`labels: prometheus.Labels{"family": "ipv4"},`
			`table: &nftables.Table{Family: nftables.TableFamilyIPv4, Name: "filter"},`
			`chain: &nftables.Chain{Name: "forward"},`
			`},`
			`{`
			`name: "filter_forward",`
			`labels: prometheus.Labels{"family": "ipv6"},`
			`table: &nftables.Table{Family: nftables.TableFamilyIPv6, Name: "filter"},`
			`chain: &nftables.Chain{Name: "forward"},`
			`},`
			`} {`
			`metric := metric // copy`
			`promauto.NewCounterFunc(`
			`prometheus.CounterOpts{`
			`Subsystem: "nftables",`
			`Name: metric.name + "_packets",`
			`Help: "packet count",`
			`ConstLabels: metric.labels,`
			`},`
			`func() float64 {`
			`rules, err := c.GetRule(metric.table, metric.chain)`
			`if err != nil \|\|`
			`len(rules) != 1 \|\|`
			`len(rules[0].Exprs) != 1 {`
			`return 0`
			`}`
			`if ce, ok := rules[0].Exprs[0].(*expr.Counter); ok {`
			`return float64(ce.Packets)`
			`}`
			`return 0`
			`})`
			`promauto.NewCounterFunc(`
			`prometheus.CounterOpts{`
			`Subsystem: "nftables",`
			`Name: metric.name + "_bytes",`
			`Help: "bytes count",`
			`ConstLabels: metric.labels,`
			`},`
			`func() float64 {`
			`rules, err := c.GetRule(metric.table, metric.chain)`
			`if err != nil \|\|`
			`len(rules) != 1 \|\|`
			`len(rules[0].Exprs) != 1 {`
			`return 0`
			`}`
			`if ce, ok := rules[0].Exprs[0].(*expr.Counter); ok {`
			`return float64(ce.Bytes)`
			`}`
			`return 0`
			`})`
			`}`
			`}`

dns: listen on all private IP addresses 2018-06-26 08:52:04 +02:00			`var httpListeners = multilisten.NewPool()`

netconfigd: export ipv4/ipv6 packet/bytes counters on :8066 2018-06-23 19:56:34 +02:00			`func updateListeners() error {`
			`hosts, err := gokrazy.PrivateInterfaceAddrs()`
			`if err != nil {`
			`return err`
			`}`
			`if net1, err := multilisten.IPv6Net1("/perm"); err == nil {`
			`hosts = append(hosts, net1)`
			`}`

dns: listen on all private IP addresses 2018-06-26 08:52:04 +02:00			`httpListeners.ListenAndServe(hosts, func(host string) multilisten.Listener {`
			`return &http.Server{Addr: net.JoinHostPort(host, "8066")}`
			`})`
			`return nil`
netconfigd: export ipv4/ipv6 packet/bytes counters on :8066 2018-06-23 19:56:34 +02:00			`}`

Initial commit 2018-05-27 17:30:42 +02:00			`func logic() error {`
netconfigd: export ipv4/ipv6 packet/bytes counters on :8066 2018-06-23 19:56:34 +02:00			`if *linger {`
			`http.Handle("/metrics", promhttp.Handler())`
check for updateListeners errors 2018-06-27 19:45:55 +02:00			`if err := updateListeners(); err != nil {`
			`return err`
			`}`
netconfigd: export ipv4/ipv6 packet/bytes counters on :8066 2018-06-23 19:56:34 +02:00			`}`
Initial commit 2018-05-27 17:30:42 +02:00			`ch := make(chan os.Signal, 1)`
			`signal.Notify(ch, syscall.SIGUSR1)`
			`for {`
netconfig: write /etc/resolv.conf 2018-06-03 20:47:11 +02:00			`err := netconfig.Apply("/perm/", "/")`
Working radvd 2018-05-28 09:53:54 +02:00			`// Notify gokrazy about new addresses (netconfig.Apply might have`
			`// modified state before returning an error) so that listeners can be`
			`// updated.`
			`p, _ := os.FindProcess(1)`
			`if err := p.Signal(syscall.SIGHUP); err != nil {`
			`log.Printf("kill -HUP 1: %v", err)`
			`}`
			`if err != nil {`
Initial commit 2018-05-27 17:30:42 +02:00			`return err`
			`}`
Working radvd 2018-05-28 09:53:54 +02:00			`if !*linger {`
			`break`
Initial commit 2018-05-27 17:30:42 +02:00			`}`
Working radvd 2018-05-28 09:53:54 +02:00			`<-ch`
netconfigd: export ipv4/ipv6 packet/bytes counters on :8066 2018-06-23 19:56:34 +02:00			`if err := updateListeners(); err != nil {`
			`log.Printf("updateListeners: %v", err)`
			`}`
Initial commit 2018-05-27 17:30:42 +02:00			`}`
			`return nil`
			`}`

			`func main() {`
			`flag.Parse()`
			`if err := logic(); err != nil {`
			`log.Fatal(err)`
			`}`
			`}`