Pull request 2027: 6233-ipset-cached-entries

Updates #6233.

Squashed commit of the following:

commit ef7692fb78a287a51a6b50c4ac0f1c33857a9ff0
Merge: b3ef5de41 8b6c260de
Author: Stanislav Chzhen <s.chzhen@adguard.com>
Date:   Mon Oct 9 13:07:10 2023 +0300

    Merge branch 'master' into 6233-ipset-cached-entries

commit b3ef5de411d2ebb2f344430daf81e05a33ae4e78
Author: Stanislav Chzhen <s.chzhen@adguard.com>
Date:   Mon Oct 9 13:06:23 2023 +0300

    all: fix typo

commit d42a970336d1d7e8a2f7c8459bf862762cdac8f6
Author: Stanislav Chzhen <s.chzhen@adguard.com>
Date:   Fri Oct 6 19:26:51 2023 +0300

    all: imp chlog

commit 818931a136c7b851820f8ff8e05ada5360da2090
Author: Stanislav Chzhen <s.chzhen@adguard.com>
Date:   Fri Oct 6 18:30:52 2023 +0300

    all: upd chlog

commit af3dc60c038f04690882eca30a6f9c7d23f7c371
Author: Stanislav Chzhen <s.chzhen@adguard.com>
Date:   Fri Oct 6 18:03:01 2023 +0300

    ipset: imp docs

commit 2c9d6c0c88ba2c2185b4d29212272ad5d48ae474
Author: Stanislav Chzhen <s.chzhen@adguard.com>
Date:   Fri Oct 6 16:53:42 2023 +0300

    all: add tests

commit 0d41eaabf7a275c6a9eb4a1d64aa551d4d8de367
Author: Stanislav Chzhen <s.chzhen@adguard.com>
Date:   Fri Oct 6 15:12:54 2023 +0300

    ipset: rm cache
This commit is contained in:
Stanislav Chzhen 2023-10-09 13:15:51 +03:00
parent 8b6c260de8
commit 8842b2df90
4 changed files with 74 additions and 38 deletions

View File

@ -31,6 +31,7 @@ NOTE: Add new changes BELOW THIS COMMENT.
### Changed ### Changed
- ipset entries are updated more often ([6233]).
- Node.JS 16 is now required to build the frontend. - Node.JS 16 is now required to build the frontend.
### Fixed ### Fixed
@ -44,6 +45,7 @@ NOTE: Add new changes BELOW THIS COMMENT.
[#4569]: https://github.com/AdguardTeam/AdGuardHome/issues/4569 [#4569]: https://github.com/AdguardTeam/AdGuardHome/issues/4569
[#6226]: https://github.com/AdguardTeam/AdGuardHome/issues/6226 [#6226]: https://github.com/AdguardTeam/AdGuardHome/issues/6226
[#6231]: https://github.com/AdguardTeam/AdGuardHome/issues/6231 [#6231]: https://github.com/AdguardTeam/AdGuardHome/issues/6231
[#6233]: https://github.com/AdguardTeam/AdGuardHome/issues/6233
[#6280]: https://github.com/AdguardTeam/AdGuardHome/issues/6280 [#6280]: https://github.com/AdguardTeam/AdGuardHome/issues/6280
<!-- <!--

View File

@ -114,3 +114,74 @@ func TestIpsetCtx_process(t *testing.T) {
assert.NoError(t, err) assert.NoError(t, err)
}) })
} }
func TestIpsetCtx_SkipIpsetProcessing(t *testing.T) {
req4 := createTestMessage("example.com")
resp4 := &dns.Msg{
Answer: []dns.RR{&dns.A{
A: net.IP{1, 2, 3, 4},
}},
}
m := &fakeIpsetMgr{}
ictx := &ipsetCtx{
ipsetMgr: m,
}
testCases := []struct {
dctx *dnsContext
name string
want bool
}{{
name: "basic",
want: false,
dctx: &dnsContext{
proxyCtx: &proxy.DNSContext{
Req: req4,
Res: resp4,
},
responseFromUpstream: true,
},
}, {
name: "rewrite",
want: true,
dctx: &dnsContext{
proxyCtx: &proxy.DNSContext{
Req: req4,
Res: resp4,
},
responseFromUpstream: false,
},
}, {
name: "empty_req",
want: true,
dctx: &dnsContext{
proxyCtx: &proxy.DNSContext{
Req: nil,
Res: resp4,
},
responseFromUpstream: true,
},
}, {
name: "empty_res",
want: true,
dctx: &dnsContext{
proxyCtx: &proxy.DNSContext{
Req: req4,
Res: nil,
},
responseFromUpstream: true,
},
}}
for _, tc := range testCases {
t.Run(tc.name, func(t *testing.T) {
got := ictx.skipIpsetProcessing(tc.dctx)
assert.Equal(t, tc.want, got)
})
}
}

View File

@ -62,18 +62,6 @@ type props struct {
family netfilter.ProtoFamily family netfilter.ProtoFamily
} }
// unit is a convenient alias for struct{}.
type unit = struct{}
// ipsInIpset is the type of a set of IP-address-to-ipset mappings.
type ipsInIpset map[ipInIpsetEntry]unit
// ipInIpsetEntry is the type for entries in an ipsInIpset set.
type ipInIpsetEntry struct {
ipsetName string
ipArr [net.IPv6len]byte
}
// manager is the Linux Netfilter ipset manager. // manager is the Linux Netfilter ipset manager.
type manager struct { type manager struct {
nameToIpset map[string]props nameToIpset map[string]props
@ -84,13 +72,6 @@ type manager struct {
// mu protects all properties below. // mu protects all properties below.
mu *sync.Mutex mu *sync.Mutex
// TODO(a.garipov): Currently, the ipset list is static, and we don't
// read the IPs already in sets, so we can assume that all incoming IPs
// are either added to all corresponding ipsets or not. When that stops
// being the case, for example if we add dynamic reconfiguration of
// ipsets, this map will need to become a per-ipset-name one.
addedIPs ipsInIpset
ipv4Conn ipsetConn ipv4Conn ipsetConn
ipv6Conn ipsetConn ipv6Conn ipsetConn
} }
@ -205,8 +186,6 @@ func newManagerWithDialer(ipsetConf []string, dial dialer) (mgr Manager, err err
domainToIpsets: make(map[string][]props), domainToIpsets: make(map[string][]props),
dial: dial, dial: dial,
addedIPs: make(ipsInIpset),
} }
err = m.dialNetfilter(&netlink.Config{}) err = m.dialNetfilter(&netlink.Config{})
@ -280,19 +259,8 @@ func (m *manager) addIPs(host string, set props, ips []net.IP) (n int, err error
} }
var entries []*ipset.Entry var entries []*ipset.Entry
var newAddedEntries []ipInIpsetEntry
for _, ip := range ips { for _, ip := range ips {
e := ipInIpsetEntry{
ipsetName: set.name,
}
copy(e.ipArr[:], ip.To16())
if _, added := m.addedIPs[e]; added {
continue
}
entries = append(entries, ipset.NewEntry(ipset.EntryIP(ip))) entries = append(entries, ipset.NewEntry(ipset.EntryIP(ip)))
newAddedEntries = append(newAddedEntries, e)
} }
n = len(entries) n = len(entries)
@ -315,12 +283,6 @@ func (m *manager) addIPs(host string, set props, ips []net.IP) (n int, err error
return 0, fmt.Errorf("adding %q%s to ipset %q: %w", host, ips, set.name, err) return 0, fmt.Errorf("adding %q%s to ipset %q: %w", host, ips, set.name, err)
} }
// Only add these to the cache once we're sure that all of them were
// actually sent to the ipset.
for _, e := range newAddedEntries {
m.addedIPs[e] = unit{}
}
return n, nil return n, nil
} }

View File

@ -114,6 +114,7 @@ func TestManager_Add(t *testing.T) {
assert.NoError(t, err) assert.NoError(t, err)
} }
// ipsetPropsSink is the typed sink for benchmark results.
var ipsetPropsSink []props var ipsetPropsSink []props
func BenchmarkManager_LookupHost(b *testing.B) { func BenchmarkManager_LookupHost(b *testing.B) {