all: sync with master, upd chlog
This commit is contained in:
Eugene Burkov
@@ -39,16 +39,22 @@ const (
|
||||
|
||||
// Called by other modules when configuration is changed
|
||||
func onConfigModified() {
|
||||
err := config.write()
|
||||
err := config.write(globalContext.tls)
|
||||
if err != nil {
|
||||
log.Error("writing config: %s", err)
|
||||
}
|
||||
}
|
||||
|
||||
// initDNS updates all the fields of the [Context] needed to initialize the DNS
|
||||
// server and initializes it at last. It also must not be called unless
|
||||
// [config] and [Context] are initialized. baseLogger must not be nil.
|
||||
func initDNS(baseLogger *slog.Logger, statsDir, querylogDir string) (err error) {
|
||||
// initDNS updates all the fields of the [globalContext] needed to initialize
|
||||
// the DNS server and initializes it at last. It also must not be called unless
|
||||
// [config] and [globalContext] are initialized. baseLogger and tlsMgr must not
|
||||
// be nil.
|
||||
func initDNS(
|
||||
baseLogger *slog.Logger,
|
||||
tlsMgr *tlsManager,
|
||||
statsDir string,
|
||||
querylogDir string,
|
||||
) (err error) {
|
||||
anonymizer := config.anonymizer()
|
||||
|
||||
statsConf := stats.Config{
|
||||
@@ -58,7 +64,7 @@ func initDNS(baseLogger *slog.Logger, statsDir, querylogDir string) (err error)
|
||||
ConfigModified: onConfigModified,
|
||||
HTTPRegister: httpRegister,
|
||||
Enabled: config.Stats.Enabled,
|
||||
ShouldCountClient: Context.clients.shouldCountClient,
|
||||
ShouldCountClient: globalContext.clients.shouldCountClient,
|
||||
}
|
||||
|
||||
engine, err := aghnet.NewIgnoreEngine(config.Stats.Ignored)
|
||||
@@ -67,7 +73,7 @@ func initDNS(baseLogger *slog.Logger, statsDir, querylogDir string) (err error)
|
||||
}
|
||||
|
||||
statsConf.Ignored = engine
|
||||
Context.stats, err = stats.New(statsConf)
|
||||
globalContext.stats, err = stats.New(statsConf)
|
||||
if err != nil {
|
||||
return fmt.Errorf("init stats: %w", err)
|
||||
}
|
||||
@@ -77,7 +83,7 @@ func initDNS(baseLogger *slog.Logger, statsDir, querylogDir string) (err error)
|
||||
Anonymizer: anonymizer,
|
||||
ConfigModified: onConfigModified,
|
||||
HTTPRegister: httpRegister,
|
||||
FindClient: Context.clients.findMultiple,
|
||||
FindClient: globalContext.clients.findMultiple,
|
||||
BaseDir: querylogDir,
|
||||
AnonymizeClientIP: config.DNS.AnonymizeClientIP,
|
||||
RotationIvl: time.Duration(config.QueryLog.Interval),
|
||||
@@ -92,25 +98,25 @@ func initDNS(baseLogger *slog.Logger, statsDir, querylogDir string) (err error)
|
||||
}
|
||||
|
||||
conf.Ignored = engine
|
||||
Context.queryLog, err = querylog.New(conf)
|
||||
globalContext.queryLog, err = querylog.New(conf)
|
||||
if err != nil {
|
||||
return fmt.Errorf("init querylog: %w", err)
|
||||
}
|
||||
|
||||
Context.filters, err = filtering.New(config.Filtering, nil)
|
||||
globalContext.filters, err = filtering.New(config.Filtering, nil)
|
||||
if err != nil {
|
||||
// Don't wrap the error, since it's informative enough as is.
|
||||
return err
|
||||
}
|
||||
|
||||
tlsConf := &tlsConfigSettings{}
|
||||
Context.tls.WriteDiskConfig(tlsConf)
|
||||
tlsMgr.WriteDiskConfig(tlsConf)
|
||||
|
||||
return initDNSServer(
|
||||
Context.filters,
|
||||
Context.stats,
|
||||
Context.queryLog,
|
||||
Context.dhcpServer,
|
||||
globalContext.filters,
|
||||
globalContext.stats,
|
||||
globalContext.queryLog,
|
||||
globalContext.dhcpServer,
|
||||
anonymizer,
|
||||
httpRegister,
|
||||
tlsConf,
|
||||
@@ -121,7 +127,7 @@ func initDNS(baseLogger *slog.Logger, statsDir, querylogDir string) (err error)
|
||||
// initDNSServer initializes the [context.dnsServer]. To only use the internal
|
||||
// proxy, none of the arguments are required, but tlsConf and l still must not
|
||||
// be nil, in other cases all the arguments also must not be nil. It also must
|
||||
// not be called unless [config] and [Context] are initialized.
|
||||
// not be called unless [config] and [globalContext] are initialized.
|
||||
//
|
||||
// TODO(e.burkov): Use [dnsforward.DNSCreateParams] as a parameter.
|
||||
func initDNSServer(
|
||||
@@ -134,7 +140,7 @@ func initDNSServer(
|
||||
tlsConf *tlsConfigSettings,
|
||||
l *slog.Logger,
|
||||
) (err error) {
|
||||
Context.dnsServer, err = dnsforward.NewServer(dnsforward.DNSCreateParams{
|
||||
globalContext.dnsServer, err = dnsforward.NewServer(dnsforward.DNSCreateParams{
|
||||
Logger: l,
|
||||
DNSFilter: filters,
|
||||
Stats: sts,
|
||||
@@ -142,7 +148,7 @@ func initDNSServer(
|
||||
PrivateNets: parseSubnetSet(config.DNS.PrivateNets),
|
||||
Anonymizer: anonymizer,
|
||||
DHCPServer: dhcpSrv,
|
||||
EtcHosts: Context.etcHosts,
|
||||
EtcHosts: globalContext.etcHosts,
|
||||
LocalDomain: config.DHCP.LocalDomainName,
|
||||
})
|
||||
defer func() {
|
||||
@@ -154,21 +160,27 @@ func initDNSServer(
|
||||
return fmt.Errorf("dnsforward.NewServer: %w", err)
|
||||
}
|
||||
|
||||
Context.clients.clientChecker = Context.dnsServer
|
||||
globalContext.clients.clientChecker = globalContext.dnsServer
|
||||
|
||||
dnsConf, err := newServerConfig(&config.DNS, config.Clients.Sources, tlsConf, httpReg)
|
||||
dnsConf, err := newServerConfig(
|
||||
&config.DNS,
|
||||
config.Clients.Sources,
|
||||
tlsConf,
|
||||
httpReg,
|
||||
globalContext.clients.storage,
|
||||
)
|
||||
if err != nil {
|
||||
return fmt.Errorf("newServerConfig: %w", err)
|
||||
}
|
||||
|
||||
// Try to prepare the server with disabled private RDNS resolution if it
|
||||
// failed to prepare as is. See TODO on [dnsforward.PrivateRDNSError].
|
||||
err = Context.dnsServer.Prepare(dnsConf)
|
||||
err = globalContext.dnsServer.Prepare(dnsConf)
|
||||
if privRDNSErr := (&dnsforward.PrivateRDNSError{}); errors.As(err, &privRDNSErr) {
|
||||
log.Info("WARNING: %s; trying to disable private RDNS resolution", err)
|
||||
|
||||
dnsConf.UsePrivateRDNS = false
|
||||
err = Context.dnsServer.Prepare(dnsConf)
|
||||
err = globalContext.dnsServer.Prepare(dnsConf)
|
||||
}
|
||||
|
||||
if err != nil {
|
||||
@@ -194,7 +206,7 @@ func parseSubnetSet(nets []netutil.Prefix) (s netutil.SubnetSet) {
|
||||
}
|
||||
|
||||
func isRunning() bool {
|
||||
return Context.dnsServer != nil && Context.dnsServer.IsRunning()
|
||||
return globalContext.dnsServer != nil && globalContext.dnsServer.IsRunning()
|
||||
}
|
||||
|
||||
func ipsToTCPAddrs(ips []netip.Addr, port uint16) (tcpAddrs []*net.TCPAddr) {
|
||||
@@ -230,12 +242,13 @@ func newServerConfig(
|
||||
clientSrcConf *clientSourcesConfig,
|
||||
tlsConf *tlsConfigSettings,
|
||||
httpReg aghhttp.RegisterFunc,
|
||||
clientsContainer dnsforward.ClientsContainer,
|
||||
) (newConf *dnsforward.ServerConfig, err error) {
|
||||
hosts := aghalg.CoalesceSlice(dnsConf.BindHosts, []netip.Addr{netutil.IPv4Localhost()})
|
||||
|
||||
fwdConf := dnsConf.Config
|
||||
fwdConf.FilterHandler = applyAdditionalFiltering
|
||||
fwdConf.ClientsContainer = &Context.clients
|
||||
fwdConf.ClientsContainer = clientsContainer
|
||||
|
||||
newConf = &dnsforward.ServerConfig{
|
||||
UDPListenAddrs: ipsToUDPAddrs(hosts, dnsConf.Port),
|
||||
@@ -244,7 +257,7 @@ func newServerConfig(
|
||||
TLSConfig: newDNSTLSConfig(tlsConf, hosts),
|
||||
TLSAllowUnencryptedDoH: tlsConf.AllowUnencryptedDoH,
|
||||
UpstreamTimeout: time.Duration(dnsConf.UpstreamTimeout),
|
||||
TLSv12Roots: Context.tlsRoots,
|
||||
TLSv12Roots: globalContext.tlsRoots,
|
||||
ConfigModified: onConfigModified,
|
||||
HTTPRegister: httpReg,
|
||||
LocalPTRResolvers: dnsConf.PrivateRDNSResolvers,
|
||||
@@ -259,16 +272,16 @@ func newServerConfig(
|
||||
var initialAddresses []netip.Addr
|
||||
// Context.stats may be nil here if initDNSServer is called from
|
||||
// [cmdlineUpdate].
|
||||
if sts := Context.stats; sts != nil {
|
||||
if sts := globalContext.stats; sts != nil {
|
||||
const initialClientsNum = 100
|
||||
initialAddresses = Context.stats.TopClientsIP(initialClientsNum)
|
||||
initialAddresses = globalContext.stats.TopClientsIP(initialClientsNum)
|
||||
}
|
||||
|
||||
// Do not set DialContext, PrivateSubnets, and UsePrivateRDNS, because they
|
||||
// are set by [dnsforward.Server.Prepare].
|
||||
newConf.AddrProcConf = &client.DefaultAddrProcConfig{
|
||||
Exchanger: Context.dnsServer,
|
||||
AddressUpdater: &Context.clients,
|
||||
Exchanger: globalContext.dnsServer,
|
||||
AddressUpdater: &globalContext.clients,
|
||||
InitialAddresses: initialAddresses,
|
||||
CatchPanics: true,
|
||||
UseRDNS: clientSrcConf.RDNS,
|
||||
@@ -350,16 +363,18 @@ func newDNSCryptConfig(
|
||||
}, nil
|
||||
}
|
||||
|
||||
// dnsEncryption contains different types of TLS encryption addresses.
|
||||
type dnsEncryption struct {
|
||||
https string
|
||||
tls string
|
||||
quic string
|
||||
}
|
||||
|
||||
func getDNSEncryption() (de dnsEncryption) {
|
||||
// getDNSEncryption returns the TLS encryption addresses that AdGuard Home
|
||||
// listens on. tlsMgr must not be nil.
|
||||
func getDNSEncryption(tlsMgr *tlsManager) (de dnsEncryption) {
|
||||
tlsConf := tlsConfigSettings{}
|
||||
|
||||
Context.tls.WriteDiskConfig(&tlsConf)
|
||||
tlsMgr.WriteDiskConfig(&tlsConf)
|
||||
|
||||
if !tlsConf.Enabled || len(tlsConf.ServerName) == 0 {
|
||||
return dnsEncryption{}
|
||||
@@ -402,7 +417,7 @@ func applyAdditionalFiltering(clientIP netip.Addr, clientID string, setts *filte
|
||||
// pref is a prefix for logging messages around the scope.
|
||||
const pref = "applying filters"
|
||||
|
||||
Context.filters.ApplyBlockedServices(setts)
|
||||
globalContext.filters.ApplyBlockedServices(setts)
|
||||
|
||||
log.Debug("%s: looking for client with ip %s and clientid %q", pref, clientIP, clientID)
|
||||
|
||||
@@ -412,9 +427,9 @@ func applyAdditionalFiltering(clientIP netip.Addr, clientID string, setts *filte
|
||||
|
||||
setts.ClientIP = clientIP
|
||||
|
||||
c, ok := Context.clients.storage.Find(clientID)
|
||||
c, ok := globalContext.clients.storage.Find(clientID)
|
||||
if !ok {
|
||||
c, ok = Context.clients.storage.Find(clientIP.String())
|
||||
c, ok = globalContext.clients.storage.Find(clientIP.String())
|
||||
if !ok {
|
||||
log.Debug("%s: no clients with ip %s and clientid %q", pref, clientIP, clientID)
|
||||
|
||||
@@ -429,7 +444,7 @@ func applyAdditionalFiltering(clientIP netip.Addr, clientID string, setts *filte
|
||||
setts.ServicesRules = nil
|
||||
svcs := c.BlockedServices.IDs
|
||||
if !c.BlockedServices.Schedule.Contains(time.Now()) {
|
||||
Context.filters.ApplyBlockedServicesList(setts, svcs)
|
||||
globalContext.filters.ApplyBlockedServicesList(setts, svcs)
|
||||
log.Debug("%s: services for client %q set: %s", pref, c.Name, svcs)
|
||||
}
|
||||
}
|
||||
@@ -455,24 +470,24 @@ func startDNSServer() error {
|
||||
return fmt.Errorf("unable to start forwarding DNS server: Already running")
|
||||
}
|
||||
|
||||
Context.filters.EnableFilters(false)
|
||||
globalContext.filters.EnableFilters(false)
|
||||
|
||||
// TODO(s.chzhen): Pass context.
|
||||
ctx := context.TODO()
|
||||
err := Context.clients.Start(ctx)
|
||||
err := globalContext.clients.Start(ctx)
|
||||
if err != nil {
|
||||
return fmt.Errorf("starting clients container: %w", err)
|
||||
}
|
||||
|
||||
err = Context.dnsServer.Start()
|
||||
err = globalContext.dnsServer.Start()
|
||||
if err != nil {
|
||||
return fmt.Errorf("starting dns server: %w", err)
|
||||
}
|
||||
|
||||
Context.filters.Start()
|
||||
Context.stats.Start()
|
||||
globalContext.filters.Start()
|
||||
globalContext.stats.Start()
|
||||
|
||||
err = Context.queryLog.Start(ctx)
|
||||
err = globalContext.queryLog.Start(ctx)
|
||||
if err != nil {
|
||||
return fmt.Errorf("starting query log: %w", err)
|
||||
}
|
||||
@@ -480,16 +495,24 @@ func startDNSServer() error {
|
||||
return nil
|
||||
}
|
||||
|
||||
func reconfigureDNSServer() (err error) {
|
||||
// reconfigureDNSServer updates the DNS server configuration using the provided
|
||||
// TLS settings. tlsMgr must not be nil.
|
||||
func reconfigureDNSServer(tlsMgr *tlsManager) (err error) {
|
||||
tlsConf := &tlsConfigSettings{}
|
||||
Context.tls.WriteDiskConfig(tlsConf)
|
||||
tlsMgr.WriteDiskConfig(tlsConf)
|
||||
|
||||
newConf, err := newServerConfig(&config.DNS, config.Clients.Sources, tlsConf, httpRegister)
|
||||
newConf, err := newServerConfig(
|
||||
&config.DNS,
|
||||
config.Clients.Sources,
|
||||
tlsConf,
|
||||
httpRegister,
|
||||
globalContext.clients.storage,
|
||||
)
|
||||
if err != nil {
|
||||
return fmt.Errorf("generating forwarding dns server config: %w", err)
|
||||
}
|
||||
|
||||
err = Context.dnsServer.Reconfigure(newConf)
|
||||
err = globalContext.dnsServer.Reconfigure(newConf)
|
||||
if err != nil {
|
||||
return fmt.Errorf("starting forwarding dns server: %w", err)
|
||||
}
|
||||
@@ -502,12 +525,12 @@ func stopDNSServer() (err error) {
|
||||
return nil
|
||||
}
|
||||
|
||||
err = Context.dnsServer.Stop()
|
||||
err = globalContext.dnsServer.Stop()
|
||||
if err != nil {
|
||||
return fmt.Errorf("stopping forwarding dns server: %w", err)
|
||||
}
|
||||
|
||||
err = Context.clients.close(context.TODO())
|
||||
err = globalContext.clients.close(context.TODO())
|
||||
if err != nil {
|
||||
return fmt.Errorf("closing clients container: %w", err)
|
||||
}
|
||||
@@ -519,25 +542,25 @@ func stopDNSServer() (err error) {
|
||||
|
||||
func closeDNSServer() {
|
||||
// DNS forward module must be closed BEFORE stats or queryLog because it depends on them
|
||||
if Context.dnsServer != nil {
|
||||
Context.dnsServer.Close()
|
||||
Context.dnsServer = nil
|
||||
if globalContext.dnsServer != nil {
|
||||
globalContext.dnsServer.Close()
|
||||
globalContext.dnsServer = nil
|
||||
}
|
||||
|
||||
if Context.filters != nil {
|
||||
Context.filters.Close()
|
||||
if globalContext.filters != nil {
|
||||
globalContext.filters.Close()
|
||||
}
|
||||
|
||||
if Context.stats != nil {
|
||||
err := Context.stats.Close()
|
||||
if globalContext.stats != nil {
|
||||
err := globalContext.stats.Close()
|
||||
if err != nil {
|
||||
log.Error("closing stats: %s", err)
|
||||
}
|
||||
}
|
||||
|
||||
if Context.queryLog != nil {
|
||||
if globalContext.queryLog != nil {
|
||||
// TODO(s.chzhen): Pass context.
|
||||
err := Context.queryLog.Shutdown(context.TODO())
|
||||
err := globalContext.queryLog.Shutdown(context.TODO())
|
||||
if err != nil {
|
||||
log.Error("closing query log: %s", err)
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user