[Monitor] Implemented SRV monitoring.

davidv1992 · davidv1992 · commit 70695c4041a0 · 2026-01-15T09:49:11.000+01:00
diff --git a/nts-pool-management/src/routes/monitoring.rs b/nts-pool-management/src/routes/monitoring.rs
@@ -30,13 +30,15 @@ pub async fn get_work(
                         ProbeTimesourceInfo {
                             uuid: ts.id.to_string(),
                             domain: None,
+                            port: None,
                         },
                     ),
                     (
                         IpVersion::Ipv6,
                         ProbeTimesourceInfo {
                             uuid: ts.id.to_string(),
                             domain: None,
+                            port: None,
                         },
                     ),
                 ]
diff --git a/nts-pool-monitor/src/control.rs b/nts-pool-monitor/src/control.rs
@@ -80,7 +80,13 @@ impl ProbeExecutor for Probe {
         self: Arc<Self>,
         timesource: (IpVersion, ProbeTimesourceInfo),
     ) -> Result<Self::Output, eyre::Error> {
-        self.probe(timesource.1.uuid, timesource.0).await
+        self.probe(
+            timesource.1.uuid,
+            timesource.1.domain.as_deref().unwrap_or(""),
+            timesource.1.port.unwrap_or(4460),
+            timesource.0,
+        )
+        .await
     }
 }
 
@@ -525,13 +531,15 @@ mod tests {
                             ProbeTimesourceInfo {
                                 uuid: "A".to_string(),
                                 domain: None,
+                                port: None,
                             },
                         ),
                         (
                             IpVersion::Ipv4,
                             ProbeTimesourceInfo {
                                 uuid: "B".to_string(),
                                 domain: None,
+                                port: None,
                             },
                         ),
                     ]
@@ -615,13 +623,15 @@ mod tests {
                                     ProbeTimesourceInfo {
                                         uuid: "A".to_string(),
                                         domain: None,
+                                        port: None,
                                     },
                                 ),
                                 (
                                     IpVersion::Ipv4,
                                     ProbeTimesourceInfo {
                                         uuid: "B".to_string(),
                                         domain: None,
+                                        port: None,
                                     },
                                 ),
                             ]
@@ -644,6 +654,7 @@ mod tests {
                                 ProbeTimesourceInfo {
                                     uuid: "B".to_string(),
                                     domain: None,
+                                    port: None,
                                 },
                             )]
                             .into(),
@@ -664,13 +675,15 @@ mod tests {
                                 ProbeTimesourceInfo {
                                     uuid: "B".to_string(),
                                     domain: None,
+                                    port: None,
                                 },
                             ),
                             (
                                 IpVersion::Ipv4,
                                 ProbeTimesourceInfo {
                                     uuid: "C".to_string(),
                                     domain: None,
+                                    port: None,
                                 },
                             ),
                         ]
diff --git a/nts-pool-monitor/src/lib.rs b/nts-pool-monitor/src/lib.rs
@@ -29,7 +29,8 @@ async fn resolve_as_version<T: tokio::net::ToSocketAddrs>(
 
     for candidate in resolved {
         match (ipprot, candidate) {
-            (IpVersion::Ipv4, SocketAddr::V4(_)) | (IpVersion::Ipv6, SocketAddr::V6(_)) => {
+            (IpVersion::Ipv4 | IpVersion::Srvv4, SocketAddr::V4(_))
+            | (IpVersion::Ipv6 | IpVersion::Srvv6, SocketAddr::V6(_)) => {
                 return Ok(candidate);
             }
             _ => {}
diff --git a/nts-pool-monitor/src/nts.rs b/nts-pool-monitor/src/nts.rs
@@ -265,25 +265,45 @@ impl KeyExchangeClient {
         &self,
         io: impl AsyncRead + AsyncWrite + Unpin,
         server_name: String,
-        uuid: impl AsRef<str>,
+        uuid: Option<impl AsRef<str>>,
     ) -> Result<KeyExchangeResult, NtsError> {
-        let request = ClientRequest::Uuid {
-            algorithms: self
-                .algorithms
-                .iter()
-                .copied()
-                .map(|v| v.into())
-                .collect::<Vec<AlgorithmId>>()
-                .into(),
-            protocols: self
-                .protocols
-                .iter()
-                .copied()
-                .map(|v| v.into())
-                .collect::<Vec<ProtocolId>>()
-                .into(),
-            key: self.authorization_key.as_str().into(),
-            uuid: uuid.as_ref().into(),
+        let request = if let Some(ref uuid) = uuid {
+            ClientRequest::Uuid {
+                algorithms: self
+                    .algorithms
+                    .iter()
+                    .copied()
+                    .map(|v| v.into())
+                    .collect::<Vec<AlgorithmId>>()
+                    .into(),
+                protocols: self
+                    .protocols
+                    .iter()
+                    .copied()
+                    .map(|v| v.into())
+                    .collect::<Vec<ProtocolId>>()
+                    .into(),
+                key: self.authorization_key.as_str().into(),
+                uuid: uuid.as_ref().into(),
+            }
+        } else {
+            ClientRequest::Ordinary {
+                algorithms: self
+                    .algorithms
+                    .iter()
+                    .copied()
+                    .map(|v| v.into())
+                    .collect::<Vec<AlgorithmId>>()
+                    .into(),
+                protocols: self
+                    .protocols
+                    .iter()
+                    .copied()
+                    .map(|v| v.into())
+                    .collect::<Vec<ProtocolId>>()
+                    .into(),
+                denied_servers: vec![],
+            }
         };
 
         let mut io = self
diff --git a/nts-pool-monitor/src/probe.rs b/nts-pool-monitor/src/probe.rs
@@ -59,11 +59,13 @@ impl Probe {
     pub async fn probe(
         &self,
         uuid: impl AsRef<str>,
+        domain: impl AsRef<str>,
+        port: u16,
         ipprot: IpVersion,
     ) -> Result<ProbeResult, eyre::Error> {
         let uuid = uuid.as_ref();
         tracing::debug!("Probing {}", uuid);
-        let (keyexchange, next) = self.probe_keyexchange(uuid, ipprot).await?;
+        let (keyexchange, next) = self.probe_keyexchange(uuid, domain, port, ipprot).await?;
         tracing::debug!("Keyexchange result: {:?}", keyexchange);
 
         let (ntp_with_ke_cookie, next) = match next {
@@ -90,9 +92,62 @@ impl Probe {
     async fn probe_keyexchange(
         &self,
         uuid: impl AsRef<str>,
+        domain: impl AsRef<str>,
+        port: u16,
         ipprot: IpVersion,
     ) -> Result<(KeyExchangeProbeResult, Option<NtpInputs>), eyre::Error> {
-        let addr = resolve_as_version((self.poolke.as_str(), 4460), ipprot).await?;
+        let (domain, addr) = if ipprot.is_srv() {
+            match resolve_as_version((domain.as_ref(), port), ipprot).await {
+                Ok(addr) => (domain.as_ref().to_owned(), addr),
+                Err(e)
+                    if e.kind() == std::io::ErrorKind::NotFound || e.raw_os_error().is_none() =>
+                {
+                    if resolve_as_version((domain.as_ref(), port), ipprot.other_ip_protocol())
+                        .await
+                        .is_ok()
+                    {
+                        return Ok((
+                            KeyExchangeProbeResult {
+                                status: match ipprot {
+                                    IpVersion::Ipv4 => KeyExchangeStatus::Failed,
+                                    IpVersion::Ipv6 => KeyExchangeStatus::Failed,
+                                    IpVersion::Srvv4 => KeyExchangeStatus::SrvIpv6Only,
+                                    IpVersion::Srvv6 => KeyExchangeStatus::SrvIpv4Only,
+                                },
+                                description: "Only resolvable over other IP version".into(),
+                                exchange_start: SystemTime::now()
+                                    .duration_since(SystemTime::UNIX_EPOCH)
+                                    .unwrap_or_default()
+                                    .as_secs(),
+                                exchange_duration: 0.0,
+                                num_cookies: 0,
+                            },
+                            None,
+                        ));
+                    } else {
+                        return Ok((
+                            KeyExchangeProbeResult {
+                                status: KeyExchangeStatus::Failed,
+                                description: "Domain name not resolvable".into(),
+                                exchange_start: SystemTime::now()
+                                    .duration_since(SystemTime::UNIX_EPOCH)
+                                    .unwrap_or_default()
+                                    .as_secs(),
+                                exchange_duration: 0.0,
+                                num_cookies: 0,
+                            },
+                            None,
+                        ));
+                    }
+                }
+                Err(e) => return Err(e.into()),
+            }
+        } else {
+            (
+                self.poolke.clone(),
+                resolve_as_version((self.poolke.as_str(), 4460), ipprot).await?,
+            )
+        };
         let io = TcpStream::connect(addr).await?;
 
         let exchange_start = SystemTime::now()
@@ -102,12 +157,12 @@ impl Probe {
         let start_time = Instant::now();
         let ke_result = match timeout(
             self.nts_timeout,
-            self.ntske.exchange_keys(io, self.poolke.clone(), uuid),
+            self.ntske.exchange_keys(io, domain, Some(uuid)),
         )
         .await
         {
             Ok(Ok(result)) => result,
-            Ok(Err(NtsError::Error(pool_nts::ErrorCode::NoSuchServer))) => {
+            Ok(Err(NtsError::Error(pool_nts::ErrorCode::NoSuchServer))) if !ipprot.is_srv() => {
                 return Err(eyre::eyre!("Server not known (yet)"));
             }
             Ok(Err(e)) => {
@@ -405,6 +460,34 @@ mod tests {
 
     use super::*;
 
+    #[tokio::test]
+    async fn test_nts_keyexchange_dns() {
+        test_init();
+        let probe = Probe::new(ProbeConfig {
+            poolke: "".into(),
+            nts_config: NtsClientConfig {
+                certificates: [].into(),
+                protocol_version: crate::NtpVersion::V4,
+                authorization_key: "".into(),
+            },
+            nts_timeout: Duration::from_secs(1),
+            ntp_timeout: Duration::from_secs(1),
+        })
+        .unwrap();
+
+        let findings = probe
+            .probe_keyexchange("UUID", "doesnotexist", 4460, IpVersion::Srvv4)
+            .await
+            .unwrap();
+        assert_eq!(findings.0.status, KeyExchangeStatus::Failed);
+
+        let findings = probe
+            .probe_keyexchange("UUID", "127.0.0.1", 4460, IpVersion::Srvv6)
+            .await
+            .unwrap();
+        assert_eq!(std::dbg!(findings.0).status, KeyExchangeStatus::SrvIpv4Only);
+    }
+
     #[tokio::test]
     async fn test_ntp_dns_failed() {
         test_init();
diff --git a/nts-pool-shared/src/monitoring.rs b/nts-pool-shared/src/monitoring.rs
@@ -13,6 +13,21 @@ pub enum IpVersion {
     Srvv6,
 }
 
+impl IpVersion {
+    pub fn is_srv(self) -> bool {
+        matches!(self, IpVersion::Srvv4 | IpVersion::Srvv6)
+    }
+
+    pub fn other_ip_protocol(self) -> Self {
+        match self {
+            IpVersion::Ipv4 => IpVersion::Ipv6,
+            IpVersion::Ipv6 => IpVersion::Ipv4,
+            IpVersion::Srvv4 => IpVersion::Srvv6,
+            IpVersion::Srvv6 => IpVersion::Srvv4,
+        }
+    }
+}
+
 impl std::fmt::Display for IpVersion {
     fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
         match self {

Original file line number	Diff line number	Diff line change
`@@ -29,7 +29,8 @@ async fn resolve_as_version<T: tokio::net::ToSocketAddrs>(`
`29`	`29`
`30`	`30`	`for candidate in resolved {`
`31`	`31`	`match (ipprot, candidate) {`
`32`		`- (IpVersion::Ipv4, SocketAddr::V4(_)) \| (IpVersion::Ipv6, SocketAddr::V6(_)) => {`
	`32`	`+ (IpVersion::Ipv4 \| IpVersion::Srvv4, SocketAddr::V4(_))`
	`33`	`+ \| (IpVersion::Ipv6 \| IpVersion::Srvv6, SocketAddr::V6(_)) => {`
`33`	`34`	`return Ok(candidate);`
`34`	`35`	`}`
`35`	`36`	`_ => {}`