Merge remote-tracking branch 'origin/master' into 2499-rewrites-3

2022-12-12 12:27:15 +07:00
parent 55a0dec144 8d453e75a4
commit 2d29455d7f
44 changed files with 389 additions and 107 deletions
--- a/internal/aghnet/hostscontainer_windows.go
+++ b/internal/aghnet/hostscontainer_windows.go
@@ -15,7 +15,7 @@ import (
 func defaultHostsPaths() (paths []string) {
 	sysDir, err := windows.GetSystemDirectory()
 	if err != nil {
-		log.Error("getting system directory: %s", err)
+		log.Error("aghnet: getting system directory: %s", err)

 		return []string{}
 	}
--- a/internal/aghos/os.go
+++ b/internal/aghos/os.go
@@ -168,11 +168,11 @@ func IsOpenWrt() (ok bool) {
 	return isOpenWrt()
 }

-// RootDirFS returns the fs.FS rooted at the operating system's root.
+// RootDirFS returns the [fs.FS] rooted at the operating system's root.  On
+// Windows it returns the fs.FS rooted at the volume of the system directory
+// (usually, C:).
 func RootDirFS() (fsys fs.FS) {
-	// Use empty string since os.DirFS implicitly prepends a slash to it.  This
-	// behavior is undocumented but it currently works.
-	return os.DirFS("")
+	return rootDirFS()
 }

 // NotifyReconfigureSignal notifies c on receiving reconfigure signals.
--- a/internal/aghos/os_unix.go
+++ b/internal/aghos/os_unix.go
@@ -3,12 +3,17 @@
 package aghos

 import (
+	"io/fs"
 	"os"
 	"os/signal"

 	"golang.org/x/sys/unix"
 )

+func rootDirFS() (fsys fs.FS) {
+	return os.DirFS("/")
+}
+
 func notifyReconfigureSignal(c chan<- os.Signal) {
 	signal.Notify(c, unix.SIGHUP)
 }
--- a/internal/aghos/os_windows.go
+++ b/internal/aghos/os_windows.go
@@ -3,13 +3,29 @@
 package aghos

 import (
+	"io/fs"
 	"os"
 	"os/signal"
+	"path/filepath"
 	"syscall"

+	"github.com/AdguardTeam/golibs/log"
 	"golang.org/x/sys/windows"
 )

+func rootDirFS() (fsys fs.FS) {
+	// TODO(a.garipov): Use a better way if golang/go#44279 is ever resolved.
+	sysDir, err := windows.GetSystemDirectory()
+	if err != nil {
+		log.Error("aghos: getting root filesystem: %s; using C:", err)
+
+		// Assume that C: is the safe default.
+		return os.DirFS("C:")
+	}
+
+	return os.DirFS(filepath.VolumeName(sysDir))
+}
+
 func setRlimit(val uint64) (err error) {
 	return Unsupported("setrlimit")
 }
--- a/internal/dnsforward/http.go
+++ b/internal/dnsforward/http.go
@@ -566,6 +566,11 @@ type domainSpecificTestError struct {
 	error
 }

+// Error implements the [error] interface for domainSpecificTestError.
+func (err domainSpecificTestError) Error() (msg string) {
+	return fmt.Sprintf("WARNING: %s", err.error)
+}
+
 // checkDNS checks the upstream server defined by upstreamConfigStr using
 // healthCheck for actually exchange messages.  It uses bootstrap to resolve the
 // upstream's address.
@@ -632,41 +637,45 @@ func (s *Server) handleTestUpstreamDNS(w http.ResponseWriter, r *http.Request) {

 	result := map[string]string{}
 	bootstraps := req.BootstrapDNS
-
 	timeout := s.conf.UpstreamTimeout
-	for _, host := range req.Upstreams {
-		err = checkDNS(host, bootstraps, timeout, checkDNSUpstreamExc)
-		if err != nil {
-			log.Info("%v", err)
-			result[host] = err.Error()
-			if _, ok := err.(domainSpecificTestError); ok {
-				result[host] = fmt.Sprintf("WARNING: %s", result[host])
-			}

-			continue
-		}
-
-		result[host] = "OK"
+	type upsCheckResult = struct {
+		res  string
+		host string
 	}

-	for _, host := range req.PrivateUpstreams {
-		err = checkDNS(host, bootstraps, timeout, checkPrivateUpstreamExc)
-		if err != nil {
-			log.Info("%v", err)
-			// TODO(e.burkov): If passed upstream have already written an error
-			// above, we rewriting the error for it.  These cases should be
-			// handled properly instead.
-			result[host] = err.Error()
-			if _, ok := err.(domainSpecificTestError); ok {
-				result[host] = fmt.Sprintf("WARNING: %s", result[host])
-			}
+	upsNum := len(req.Upstreams) + len(req.PrivateUpstreams)
+	resCh := make(chan upsCheckResult, upsNum)

-			continue
+	checkUps := func(ups string, healthCheck healthCheckFunc) {
+		res := upsCheckResult{
+			host: ups,
 		}
+		defer func() { resCh <- res }()

-		result[host] = "OK"
+		checkErr := checkDNS(ups, bootstraps, timeout, healthCheck)
+		if checkErr != nil {
+			res.res = checkErr.Error()
+		} else {
+			res.res = "OK"
+		}
 	}

+	for _, ups := range req.Upstreams {
+		go checkUps(ups, checkDNSUpstreamExc)
+	}
+	for _, ups := range req.PrivateUpstreams {
+		go checkUps(ups, checkPrivateUpstreamExc)
+	}
+
+	for i := 0; i < upsNum; i++ {
+		pair := <-resCh
+		// TODO(e.burkov):  The upstreams used for both common and private
+		// resolving should be reported separately.
+		result[pair.host] = pair.res
+	}
+	close(resCh)
+
 	_ = aghhttp.WriteJSONResponse(w, r, result)
 }

--- a/internal/dnsforward/http_test.go
+++ b/internal/dnsforward/http_test.go
@@ -7,16 +7,20 @@ import (
 	"net"
 	"net/http"
 	"net/http/httptest"
+	"net/netip"
+	"net/url"
 	"os"
 	"path/filepath"
 	"strings"
 	"testing"
+	"time"

 	"github.com/AdguardTeam/AdGuardHome/internal/aghhttp"
 	"github.com/AdguardTeam/AdGuardHome/internal/aghnet"
 	"github.com/AdguardTeam/AdGuardHome/internal/filtering"
 	"github.com/AdguardTeam/golibs/netutil"
 	"github.com/AdguardTeam/golibs/testutil"
+	"github.com/miekg/dns"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 )
@@ -392,3 +396,141 @@ func TestValidateUpstreamsPrivate(t *testing.T) {
 		})
 	}
 }
+
+func newLocalUpstreamListener(t *testing.T, port int, handler dns.Handler) (real net.Addr) {
+	startCh := make(chan struct{})
+	upsSrv := &dns.Server{
+		Addr:              netip.AddrPortFrom(netutil.IPv4Localhost(), uint16(port)).String(),
+		Net:               "tcp",
+		Handler:           handler,
+		NotifyStartedFunc: func() { close(startCh) },
+	}
+	go func() {
+		t := testutil.PanicT{}
+
+		err := upsSrv.ListenAndServe()
+		require.NoError(t, err)
+	}()
+	<-startCh
+	testutil.CleanupAndRequireSuccess(t, upsSrv.Shutdown)
+
+	return upsSrv.Listener.Addr()
+}
+
+func TestServer_handleTestUpstreaDNS(t *testing.T) {
+	goodHandler := dns.HandlerFunc(func(w dns.ResponseWriter, m *dns.Msg) {
+		err := w.WriteMsg(new(dns.Msg).SetReply(m))
+		require.NoError(testutil.PanicT{}, err)
+	})
+	badHandler := dns.HandlerFunc(func(w dns.ResponseWriter, _ *dns.Msg) {
+		err := w.WriteMsg(new(dns.Msg))
+		require.NoError(testutil.PanicT{}, err)
+	})
+
+	goodUps := (&url.URL{
+		Scheme: "tcp",
+		Host:   newLocalUpstreamListener(t, 0, goodHandler).String(),
+	}).String()
+	badUps := (&url.URL{
+		Scheme: "tcp",
+		Host:   newLocalUpstreamListener(t, 0, badHandler).String(),
+	}).String()
+
+	const upsTimeout = 100 * time.Millisecond
+
+	srv := createTestServer(t, &filtering.Config{}, ServerConfig{
+		UDPListenAddrs:  []*net.UDPAddr{{}},
+		TCPListenAddrs:  []*net.TCPAddr{{}},
+		UpstreamTimeout: upsTimeout,
+	}, nil)
+	startDeferStop(t, srv)
+
+	testCases := []struct {
+		body     map[string]any
+		wantResp map[string]any
+		name     string
+	}{{
+		body: map[string]any{
+			"upstream_dns": []string{goodUps},
+		},
+		wantResp: map[string]any{
+			goodUps: "OK",
+		},
+		name: "success",
+	}, {
+		body: map[string]any{
+			"upstream_dns": []string{badUps},
+		},
+		wantResp: map[string]any{
+			badUps: `upstream "` + badUps + `" fails to exchange: ` +
+				`couldn't communicate with upstream: dns: id mismatch`,
+		},
+		name: "broken",
+	}, {
+		body: map[string]any{
+			"upstream_dns": []string{goodUps, badUps},
+		},
+		wantResp: map[string]any{
+			goodUps: "OK",
+			badUps: `upstream "` + badUps + `" fails to exchange: ` +
+				`couldn't communicate with upstream: dns: id mismatch`,
+		},
+		name: "both",
+	}}
+
+	for _, tc := range testCases {
+		t.Run(tc.name, func(t *testing.T) {
+			reqBody, err := json.Marshal(tc.body)
+			require.NoError(t, err)
+
+			w := httptest.NewRecorder()
+			r, err := http.NewRequest(http.MethodPost, "", bytes.NewReader(reqBody))
+			require.NoError(t, err)
+
+			srv.handleTestUpstreamDNS(w, r)
+			require.Equal(t, http.StatusOK, w.Code)
+
+			resp := map[string]any{}
+			err = json.NewDecoder(w.Body).Decode(&resp)
+			require.NoError(t, err)
+
+			assert.Equal(t, tc.wantResp, resp)
+		})
+	}
+
+	t.Run("timeout", func(t *testing.T) {
+		slowHandler := dns.HandlerFunc(func(w dns.ResponseWriter, m *dns.Msg) {
+			time.Sleep(upsTimeout * 2)
+			writeErr := w.WriteMsg(new(dns.Msg).SetReply(m))
+			require.NoError(testutil.PanicT{}, writeErr)
+		})
+		sleepyUps := (&url.URL{
+			Scheme: "tcp",
+			Host:   newLocalUpstreamListener(t, 0, slowHandler).String(),
+		}).String()
+
+		req := map[string]any{
+			"upstream_dns": []string{sleepyUps},
+		}
+		reqBody, err := json.Marshal(req)
+		require.NoError(t, err)
+
+		w := httptest.NewRecorder()
+		r, err := http.NewRequest(http.MethodPost, "", bytes.NewReader(reqBody))
+		require.NoError(t, err)
+
+		srv.handleTestUpstreamDNS(w, r)
+		require.Equal(t, http.StatusOK, w.Code)
+
+		resp := map[string]any{}
+		err = json.NewDecoder(w.Body).Decode(&resp)
+		require.NoError(t, err)
+
+		require.Contains(t, resp, sleepyUps)
+		require.IsType(t, "", resp[sleepyUps])
+		sleepyRes, _ := resp[sleepyUps].(string)
+
+		// TODO(e.burkov):  Improve the format of an error in dnsproxy.
+		assert.True(t, strings.HasSuffix(sleepyRes, "i/o timeout"))
+	})
+}
--- a/internal/filtering/servicelist.go
+++ b/internal/filtering/servicelist.go
@@ -251,14 +251,12 @@ var blockedServices = []blockedService{{
 	Name:    "Mastodon",
 	IconSVG: []byte("<svg xmlns=\"http://www.w3.org/2000/svg\" fill=\"currentColor\" viewBox=\"0 0 512 512\"><path d=\"M433 179.11c0-97.2-63.71-125.7-63.71-125.7-62.52-28.7-228.56-28.4-290.48 0 0 0-63.72 28.5-63.72 125.7 0 115.7-6.6 259.4 105.63 289.1 40.51 10.7 75.32 13 103.33 11.4 50.81-2.8 79.32-18.1 79.32-18.1l-1.7-36.9s-36.31 11.4-77.12 10.1c-40.41-1.4-83-4.4-89.63-54a102.54 102.54 0 0 1-.9-13.9c85.63 20.9 158.65 9.1 178.75 6.7 56.12-6.7 105-41.3 111.23-72.9 9.8-49.8 9-121.5 9-121.5zm-75.12 125.2h-46.63v-114.2c0-49.7-64-51.6-64 6.9v62.5h-46.33V197c0-58.5-64-56.6-64-6.9v114.2H90.19c0-122.1-5.2-147.9 18.41-175 25.9-28.9 79.82-30.8 103.83 6.1l11.6 19.5 11.6-19.5c24.11-37.1 78.12-34.8 103.83-6.1 23.71 27.3 18.4 53 18.4 175z\"/></svg>"),
 	Rules: []string{
+		"||aus.social^",
 		"||awscommunity.social^",
-		"||colorid.es^",
-		"||dizl.de^",
 		"||dju.social^",
 		"||dresden.network^",
 		"||fedibird.com^",
 		"||fosstodon.org^",
-		"||freiburg.social^",
 		"||glasgow.social^",
 		"||h4.io^",
 		"||hachyderm.io^",
@@ -269,32 +267,30 @@ var blockedServices = []blockedService{{
 		"||ieji.de^",
 		"||indieweb.social^",
 		"||ioc.exchange^",
-		"||kfem.cat^",
 		"||kolektiva.social^",
-		"||kurry.social^",
-		"||libretooth.gr^",
 		"||livellosegreto.it^",
 		"||lor.sh^",
 		"||m.cmx.im^",
-		"||mast.dragon-fly.club^",
+		"||mas.to^",
 		"||masto.ai^",
 		"||masto.es^",
 		"||masto.nobigtech.es^",
 		"||masto.pt^",
-		"||mastodon-belgium.be^",
 		"||mastodon.au^",
 		"||mastodon.bida.im^",
+		"||mastodon.com.tr^",
 		"||mastodon.eus^",
 		"||mastodon.ie^",
 		"||mastodon.iriseden.eu^",
+		"||mastodon.lol^",
 		"||mastodon.nl^",
 		"||mastodon.nu^",
 		"||mastodon.nz^",
 		"||mastodon.online^",
 		"||mastodon.scot^",
 		"||mastodon.sdf.org^",
-		"||mastodon.se^",
 		"||mastodon.social^",
+		"||mastodon.top^",
 		"||mastodon.uno^",
 		"||mastodon.world^",
 		"||mastodon.zaclys.com^",
@@ -304,6 +300,8 @@ var blockedServices = []blockedService{{
 		"||mastodontti.fi^",
 		"||mastouille.fr^",
 		"||mathstodon.xyz^",
+		"||meow.social^",
+		"||metalhead.club^",
 		"||mindly.social^",
 		"||mstdn.ca^",
 		"||mstdn.jp^",
@@ -311,14 +309,13 @@ var blockedServices = []blockedService{{
 		"||mstdn.social^",
 		"||muenchen.social^",
 		"||muenster.im^",
+		"||nerdculture.de^",
 		"||newsie.social^",
 		"||noc.social^",
 		"||norden.social^",
 		"||nrw.social^",
 		"||o3o.ca^",
 		"||ohai.social^",
-		"||oslo.town^",
-		"||pettingzoo.co^",
 		"||pewtix.com^",
 		"||phpc.social^",
 		"||piaille.fr^",
@@ -329,18 +326,20 @@ var blockedServices = []blockedService{{
 		"||ruby.social^",
 		"||ruhr.social^",
 		"||sfba.social^",
-		"||snabelen.no^",
+		"||socel.net^",
 		"||social.anoxinon.de^",
 		"||social.cologne^",
 		"||social.dev-wiki.de^",
+		"||social.linux.pizza^",
 		"||social.politicaconciencia.org^",
 		"||social.vivaldi.net^",
-		"||sociale.network^",
+		"||sself.co^",
 		"||sueden.social^",
 		"||techhub.social^",
 		"||theblower.au^",
 		"||tkz.one^",
 		"||toot.aquilenet.fr^",
+		"||toot.community^",
 		"||toot.funami.tech^",
 		"||toot.wales^",
 		"||troet.cafe^",
@@ -350,6 +349,7 @@ var blockedServices = []blockedService{{
 		"||urbanists.social^",
 		"||vocalodon.net^",
 		"||wxw.moe^",
+		"||xarxa.cloud^",
 	},
 }, {
 	ID:      "minecraft",
--- a/internal/home/config.go
+++ b/internal/home/config.go
@@ -278,15 +278,20 @@ var config = &configuration{
 		PortDNSOverTLS:  defaultPortTLS, // needs to be passed through to dnsproxy
 		PortDNSOverQUIC: defaultPortQUIC,
 	},
+	// NOTE: Keep these parameters in sync with the one put into
+	// client/src/helpers/filters/filters.js by scripts/vetted-filters.
+	//
+	// TODO(a.garipov): Think of a way to make scripts/vetted-filters update
+	// these as well if necessary.
 	Filters: []filtering.FilterYAML{{
 		Filter:  filtering.Filter{ID: 1},
 		Enabled: true,
-		URL:     "https://adguardteam.github.io/AdGuardSDNSFilter/Filters/filter.txt",
+		URL:     "https://adguardteam.github.io/HostlistsRegistry/assets/filter_1.txt",
 		Name:    "AdGuard DNS filter",
 	}, {
 		Filter:  filtering.Filter{ID: 2},
 		Enabled: false,
-		URL:     "https://adaway.org/hosts.txt",
+		URL:     "https://adguardteam.github.io/HostlistsRegistry/assets/filter_2.txt",
 		Name:    "AdAway Default Blocklist",
 	}},
 	DHCP: &dhcpd.ServerConfig{