Community discussions

 
User avatar
lapsio
Member
Member
Topic Author
Posts: 472
Joined: Wed Feb 24, 2016 5:19 pm

Local Array initialization bug?

Fri Aug 30, 2019 1:28 am

I made following script:
:if ([:len [/system script job find where script=dnsreload]] = 1) do={
    :local dyn [/ip firewall address-list find where dynamic=yes disabled=no]
    :local dynuniq 1
    :local baddns 1
    :local baddnsn 1
    :put ("a".$dynuniq)
    :put $baddns
    :put $baddnsn
    :set dynuniq ({})
    :set baddns ({})
    :set baddnsn ({})
    :put ("b".$dynuniq)
    :put $baddns
    :put $baddnsn

    :foreach counter=d in=$dyn do={
        :local lst [/ip firewall address-list get $d comment]
        :local dup false
        :foreach dd in=$dynuniq do={
            :if ($dd = $lst) do={
                :set dup true
            }
        }
        :if ($dup = false) do={
            :local dynlen [:len $dynuniq]
            set ($dynuniq->$dynlen) $lst
        }
    }
    :local dnssrv [/ip dns get servers]
    :do {
        :put ("DNS condition test... ".$dnssrv." :: ".[:resolve google.com server=$dnssrv])
        :put "Passed"

        :put $baddns
        :put $baddnsn

        :foreach counter=d in=$dynuniq do={
            :do {
                :put $baddns
                :put $baddnsn
                
                :local caddr [:resolve $d server=$dnssrv]
                :local addrlst [/ip firewall address-list find where comment=$d disabled=no]
                :local found false
                :foreach counter=dd in=$addrlst do={
                    :if ([/ip firewall address-list get $dd address] = $caddr) do={
                        :set found true
#                        :put ("Match : ".$d." ".$caddr)
                    }
                }
                :local rrlst [/ip firewall address-list find where address=$d list=rrDNS dynamic=no disabled=no]
                :if ([:len $rrlst] > 0) do={
                    :set found true
                    :put ("Ignoring mismatch on rrDNS domain: ".$d)
                    /log info message=("Ignoring mismatch on rrDNS domain: ".$d)
                }
                :if ($found = false && [:len $addrlst] > 0) do={
                    :put ("DNS mismatch : ".$d." ".$caddr)
                    /ip firewall address-list print where comment=$d
                    /log info message=("DNS mismatch on domain ".$d)
                    :local cbaddns [/ip firewall address-list find where address=$d dynamic=no disabled=no]
                    :foreach counter=cbd in=$cbaddns do={
                        :local badlen [:len $baddns]
                        :set ($baddns->$badlen) $cbd
                    }
                    :local badnlen [:len $baddnsn]
                    :set ($baddnsn->$badnlen) $d
                } else={
                    :if ([:len $addrlst] = 0) do={
                        :put ("Cache miss on domain ".$d)
                        /log info message=("DNS cache not populated yet. Could not verify ".$d)
                    }
                }
            } on-error={
                :if ($d != "") do={
                    :put ("Cannot resolve domain : ".$d)
                    :do {
                        :put ("Ensuring DNS condition... ".$dnssrv." :: ".[:resolve google.com server=$dnssrv])
                        :put "DNS functional. Domain still unreachable"
                        /log warning message=("DNS domain unreachable: '".$d."'")
                    } on-error={
                        :put "DNS unavailable"
                        /log error message="DNS server became unavailable"
                    }
                }
            }
        }
        :if ([:len $baddns] > 0) do={
            :put ("Mismatched: ".$baddnsn)
            /log info message=("Mismatched domains found: ".$baddnsn)
            /tool e-mail send to="lapsio3+log@gmail.com" subject="DNS CACHE STALE - FORCE FLUSH" body=("Mismatch on domain: '".$baddnsn."'.  Forcing cache flush...")
            /ip firewall address-list disable $baddns
            /ip dns cache flush
            :delay delay-time=100ms
            /ip firewall address-list enable $baddns
            :set $baddns ({})
            :set $baddnsn ({})
            :set $dynuniq ({})
            :delay delay-time=10s
        } else={
            :put "Clean exit"
            /log info message="DNS reload clean exit"
        }
    } on-error={
        :put ("DNS check failed - aborting")
        /log error message="DNS server unreachable. Integrity check aborted"
    }
}
To regularly verify integrity of router DNS cache with DNS server (I have set up relatively high MikroTik DNS cache lifetime because I use lots of rules based on DNS so when DNS server is down and it would clear all dynamic address-lists then it would realistically stop entire network. That's why those dynamic address-lists are really big deal to me). So this script makes sure to flush DNS cache if it becomes obsolete but only if DNS server is actually functioning.

The problem is that I noticed really undeterministic behaviior of this script. That's why I added printing arrays. And each N-th subsequent execution of script results in output like this:
susecap877.png
(transcript for not logged-in users:)
[lapsio@ACSWAG] /system script> run dnsreload      
a1
1
1
bapt.armbian.com;bmirror.zetup.net;bbestpony.ml;barchimonde.ts.si;bmirrors.nix.org.ua;bvector.brightcloud.com;bvector2.brightcloud.com;bregistry.npmjs.org;barchlinux.ip-connect.vn.ua;bmirror.onet.pl;bftp.acc.umu.se;bdynupdate.no-ip.com;bftp.sh.cvut.cz;bwww.w3.org;bgluttony.sin.cvut.cz;bmirrors.atviras.lt;bdownload.opensuse.org;bmirror.t-home.mk;bzegar.umk.pl;bs1.nordcdn.com;bjoin.nordvpn.com;bsupport.nordvpn.com;bmirrorservice.org;bmirrors.dotsrc.org;bmirror.dkm.cz;barchlinux.beccacervello.it;bmirror.lnx.sk;bmirrors.uni-plovdiv.net;bapt.osmc.tv;bmirror.bytemark.co.uk;bfoss.aueb.gr;bosmc.mirror.triple-it.nl;bmirrors.mit.edu;bftp.icm.edu.pl;bmirror.system.is;btime.coi.pw.edu.pl;banorien.csc.warwick.ac.uk;bftp.gwdg.de;bpool.sks-keyservers.net;bftp.fau.de;bhttpredir.debian.org;bmirror.karneval.cz;bmirrordirector.raspbian.org;bnginx.org;bsecurity.debian.org;bsuse.inode.at;bupgrade.mikrotik.com;bl3.download.websense.com;bprod.debian.map.fastly.net;bacme-v01.api.letsencrypt.org;bwww.msftncsi.com;bmail.google.com;bsmtp.gmail.com;bsflist.sidewinder.downloads.forcepoint.com;binbox.google.com;bdownload.websense.com;bpkg.sidewinder.downloads.forcepoint.com;bsig.sidewinder.downloads.forcepoint.com


DNS condition test... 192.168.10.9 :: 172.217.16.46
Passed
What's going on here? It doesn't make any sense. $dynuniq array is initialized from verry beginning even though I'm clearly setting it to with empty array.

If I use some different way of empty array initialization like [:toarray ""] then iit works fine but it's super lame to initialiize empty array like this and I don't want to do that.
You do not have the required permissions to view the files attached to this post.
MTCNA, MTCRE, MTCINE
 
User avatar
eworm
Member
Member
Posts: 392
Joined: Wed Oct 22, 2014 9:23 am
Location: Oberhausen, Germany
Contact:

Re: Local Array initialization bug?  [SOLVED]

Fri Aug 30, 2019 10:31 pm

According to wiki the "lame" solution is the correct one.
https://wiki.mikrotik.com/wiki/Manual:S ... mpty_array
Manage RouterOS scripts and extend your devices' functionality: RouterOS Scripts

Who is online

Users browsing this forum: No registered users and 11 guests