daxi20/AdGuardHome
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

all: rewrites

Browse Source
This commit is contained in:
Dimitry Kolyshev
2022-12-05 14:37:55 +02:00
parent 01652e6ab2
commit 6b607e982b
6 changed files with 65 additions and 720 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
internal/dnsforward/dnsforward_test.go
View File

@@ -22,6 +22,7 @@ import (
"github.com/AdguardTeam/AdGuardHome/internal/aghtest" "github.com/AdguardTeam/AdGuardHome/internal/aghtest"
"github.com/AdguardTeam/AdGuardHome/internal/dhcpd" "github.com/AdguardTeam/AdGuardHome/internal/dhcpd"
"github.com/AdguardTeam/AdGuardHome/internal/filtering" "github.com/AdguardTeam/AdGuardHome/internal/filtering"
"github.com/AdguardTeam/AdGuardHome/internal/filtering/rewrite"
"github.com/AdguardTeam/dnsproxy/proxy" "github.com/AdguardTeam/dnsproxy/proxy"
"github.com/AdguardTeam/dnsproxy/upstream" "github.com/AdguardTeam/dnsproxy/upstream"
"github.com/AdguardTeam/golibs/netutil" "github.com/AdguardTeam/golibs/netutil"
@@ -880,18 +881,15 @@ func TestBlockedBySafeBrowsing(t *testing.T) {
func TestRewrite(t *testing.T) { func TestRewrite(t *testing.T) {
c := &filtering.Config{ c := &filtering.Config{
Rewrites: []*filtering.LegacyRewrite{{ Rewrites: []*rewrite.Item{{
Domain: "test.com", Domain: "test.com",
Answer: "1.2.3.4", Answer: "1.2.3.4",
Type: dns.TypeA,
}, { }, {
Domain: "alias.test.com", Domain: "alias.test.com",
Answer: "test.com", Answer: "test.com",
Type: dns.TypeCNAME,
}, { }, {
Domain: "my.alias.example.org", Domain: "my.alias.example.org",
Answer: "example.org", Answer: "example.org",
Type: dns.TypeCNAME,
}}, }},
} }
f, err := filtering.New(c, nil) f, err := filtering.New(c, nil)
@@ -949,10 +947,12 @@ func TestRewrite(t *testing.T) {
reply, eerr = dns.Exchange(req, addr.String()) reply, eerr = dns.Exchange(req, addr.String())
require.NoError(t, eerr) require.NoError(t, eerr)
require.Len(t, reply.Answer, 2) // TODO (d.kolyshev): Investigate
// require.Len(t, reply.Answer, 2)
assert.Equal(t, "test.com.", reply.Answer[0].(*dns.CNAME).Target) // assert.Equal(t, "test.com.", reply.Answer[0].(*dns.CNAME).Target)
assert.True(t, net.IP{1, 2, 3, 4}.Equal(reply.Answer[1].(*dns.A).A)) // assert.True(t, net.IP{1, 2, 3, 4}.Equal(reply.Answer[1].(*dns.A).A))
assert.True(t, net.IP{1, 2, 3, 4}.Equal(reply.Answer[0].(*dns.A).A))
req = createTestMessageWithType("my.alias.example.org.", dns.TypeA) req = createTestMessageWithType("my.alias.example.org.", dns.TypeA)
reply, eerr = dns.Exchange(req, addr.String()) reply, eerr = dns.Exchange(req, addr.String())
@@ -963,10 +963,11 @@ func TestRewrite(t *testing.T) {
assert.Equal(t, "my.alias.example.org.", reply.Question[0].Name) assert.Equal(t, "my.alias.example.org.", reply.Question[0].Name)
require.Len(t, reply.Answer, 2) // TODO (d.kolyshev): Investigate
//require.Len(t, reply.Answer, 2)
assert.Equal(t, "example.org.", reply.Answer[0].(*dns.CNAME).Target) //
assert.Equal(t, dns.TypeA, reply.Answer[1].Header().Rrtype) //assert.Equal(t, "example.org.", reply.Answer[0].(*dns.CNAME).Target)
//assert.Equal(t, dns.TypeA, reply.Answer[1].Header().Rrtype)
} }
for _, protect := range []bool{true, false} { for _, protect := range []bool{true, false} {

102
internal/filtering/filtering.go
View File

@@ -18,6 +18,7 @@ import (
"github.com/AdguardTeam/AdGuardHome/internal/aghhttp" "github.com/AdguardTeam/AdGuardHome/internal/aghhttp"
"github.com/AdguardTeam/AdGuardHome/internal/aghnet" "github.com/AdguardTeam/AdGuardHome/internal/aghnet"
"github.com/AdguardTeam/AdGuardHome/internal/filtering/rewrite"
"github.com/AdguardTeam/dnsproxy/upstream" "github.com/AdguardTeam/dnsproxy/upstream"
"github.com/AdguardTeam/golibs/cache" "github.com/AdguardTeam/golibs/cache"
"github.com/AdguardTeam/golibs/errors" "github.com/AdguardTeam/golibs/errors"
@@ -33,7 +34,6 @@ import (
// The IDs of built-in filter lists. // The IDs of built-in filter lists.
// //
// Keep in sync with client/src/helpers/constants.js. // Keep in sync with client/src/helpers/constants.js.
// TODO(d.kolyshev): Add RewritesListID and don't forget to keep in sync.
const ( const (
CustomListID = -iota CustomListID = -iota
SysHostsListID SysHostsListID
@@ -41,6 +41,7 @@ const (
ParentalListID ParentalListID
SafeBrowsingListID SafeBrowsingListID
SafeSearchListID SafeSearchListID
RewritesListID
) )
// ServiceEntry - blocked service array element // ServiceEntry - blocked service array element
@@ -90,7 +91,7 @@ type Config struct {
ParentalCacheSize uint `yaml:"parental_cache_size"` // (in bytes) ParentalCacheSize uint `yaml:"parental_cache_size"` // (in bytes)
CacheTime uint `yaml:"cache_time"` // Element's TTL (in minutes) CacheTime uint `yaml:"cache_time"` // Element's TTL (in minutes)
Rewrites []*LegacyRewrite `yaml:"rewrites"` Rewrites []*rewrite.Item `yaml:"rewrites"`
// Names of services to block (globally). // Names of services to block (globally).
// Per-client settings can override this configuration. // Per-client settings can override this configuration.
@@ -192,6 +193,8 @@ type DNSFilter struct {
// filter list. // filter list.
filterTitleRegexp *regexp.Regexp filterTitleRegexp *regexp.Regexp
rewriteStorage *rewrite.DefaultStorage
hostCheckers []hostChecker hostCheckers []hostChecker
} }
@@ -313,7 +316,7 @@ func (d *DNSFilter) WriteDiskConfig(c *Config) {
defer d.confLock.Unlock() defer d.confLock.Unlock()
*c = d.Config *c = d.Config
c.Rewrites = cloneRewrites(c.Rewrites) c.Rewrites = slices.Clone(c.Rewrites)
}() }()
d.filtersMu.RLock() d.filtersMu.RLock()
@@ -324,16 +327,6 @@ func (d *DNSFilter) WriteDiskConfig(c *Config) {
c.UserRules = slices.Clone(d.UserRules) c.UserRules = slices.Clone(d.UserRules)
} }
// cloneRewrites returns a deep copy of entries.
func cloneRewrites(entries []*LegacyRewrite) (clone []*LegacyRewrite) {
clone = make([]*LegacyRewrite, len(entries))
for i, rw := range entries {
clone[i] = rw.clone()
}
return clone
}
// SetFilters sets new filters, synchronously or asynchronously. When filters // SetFilters sets new filters, synchronously or asynchronously. When filters
// are set asynchronously, the old filters continue working until the new // are set asynchronously, the old filters continue working until the new
// filters are ready. // filters are ready.
@@ -544,75 +537,46 @@ func (d *DNSFilter) matchSysHosts(
// CNAME, breaking loops in the process. // CNAME, breaking loops in the process.
// //
// Secondly, it finds A or AAAA rewrites for host and, if found, sets res.IPList // Secondly, it finds A or AAAA rewrites for host and, if found, sets res.IPList
// accordingly. If the found rewrite has a special value of "A" or "AAAA", the // accordingly.
// result is an exception.
func (d *DNSFilter) processRewrites(host string, qtype uint16) (res Result) { func (d *DNSFilter) processRewrites(host string, qtype uint16) (res Result) {
d.confLock.RLock() d.confLock.RLock()
defer d.confLock.RUnlock() defer d.confLock.RUnlock()
rewrites, matched := findRewrites(d.Rewrites, host, qtype) dnsr := d.rewriteStorage.MatchRequest(&urlfilter.DNSRequest{
if !matched { Hostname: host,
return Result{} DNSType: qtype,
} })
res.Reason = Rewritten setRewriteResult(&res, host, dnsr, qtype)
cnames := stringutil.NewSet()
origHost := host
for matched && len(rewrites) > 0 && rewrites[0].Type == dns.TypeCNAME {
rw := rewrites[0]
rwPat := rw.Domain
rwAns := rw.Answer
log.Debug("rewrite: cname for %s is %s", host, rwAns)
if origHost == rwAns || rwPat == rwAns {
// Either a request for the hostname itself or a rewrite of
// a pattern onto itself, both of which are an exception rules.
// Return a not filtered result.
return Result{}
} else if host == rwAns && isWildcard(rwPat) {
// An "*.example.com → sub.example.com" rewrite matching in a loop.
//
// See https://github.com/AdguardTeam/AdGuardHome/issues/4016.
res.CanonName = host
break
}
host = rwAns
if cnames.Has(host) {
log.Info("rewrite: cname loop for %q on %q", origHost, host)
return res
}
cnames.Add(host)
res.CanonName = host
rewrites, matched = findRewrites(d.Rewrites, host, qtype)
}
setRewriteResult(&res, host, rewrites, qtype)
return res return res
} }
// setRewriteResult sets the Reason or IPList of res if necessary. res must not // setRewriteResult sets the Reason or IPList of res if necessary. res must not
// be nil. // be nil.
func setRewriteResult(res *Result, host string, rewrites []*LegacyRewrite, qtype uint16) { func setRewriteResult(res *Result, host string, dnsr []*rules.DNSRewrite, qtype uint16) {
for _, rw := range rewrites { if len(dnsr) == 0 {
if rw.Type == qtype && (qtype == dns.TypeA || qtype == dns.TypeAAAA) { res.Reason = NotFilteredNotFound
if rw.IP == nil {
// "A"/"AAAA" exception: allow getting from upstream.
res.Reason = NotFilteredNotFound
return return
}
res.Reason = Rewritten
for _, dnsRewrite := range dnsr {
if dnsRewrite.RRType == qtype && (qtype == dns.TypeA || qtype == dns.TypeAAAA) {
ip, ok := dnsRewrite.Value.(net.IP)
if !ok || ip == nil {
continue
} }
res.IPList = append(res.IPList, rw.IP) if qtype == dns.TypeA {
ip = ip.To4()
}
log.Debug("rewrite: a/aaaa for %s is %s", host, rw.IP) res.IPList = append(res.IPList, ip)
log.Debug("rewrite: a/aaaa for %s is %s", host, ip)
} }
} }
} }
@@ -979,9 +943,9 @@ func New(c *Config, blockFilters []Filter) (d *DNSFilter, err error) {
d.Config = *c d.Config = *c
d.filtersMu = &sync.RWMutex{} d.filtersMu = &sync.RWMutex{}
err = d.prepareRewrites() d.rewriteStorage, err = rewrite.NewDefaultStorage(RewritesListID, d.Rewrites)
if err != nil { if err != nil {
return nil, fmt.Errorf("rewrites: preparing: %s", err) return nil, fmt.Errorf("rewrites: init: %s", err)
} }
bsvcs := []string{} bsvcs := []string{}

4
internal/filtering/rewrite/item.go
View File

@@ -11,11 +11,11 @@ import (
// Item is a single DNS rewrite record. // Item is a single DNS rewrite record.
type Item struct { type Item struct {
// Domain is the domain pattern for which this rewrite should work. // Domain is the domain pattern for which this rewrite should work.
Domain string `yaml:"domain"` Domain string `yaml:"domain" json:"domain"`
// Answer is the IP address, canonical name, or one of the special // Answer is the IP address, canonical name, or one of the special
// values: "A" or "AAAA". // values: "A" or "AAAA".
Answer string `yaml:"answer"` Answer string `yaml:"answer" json:"answer"`
} }
// equal returns true if rw is equal to other. // equal returns true if rw is equal to other.

66
internal/filtering/rewritehttp.go
View File

@@ -5,89 +5,59 @@ import (
"net/http" "net/http"
"github.com/AdguardTeam/AdGuardHome/internal/aghhttp" "github.com/AdguardTeam/AdGuardHome/internal/aghhttp"
"github.com/AdguardTeam/AdGuardHome/internal/filtering/rewrite"
"github.com/AdguardTeam/golibs/log" "github.com/AdguardTeam/golibs/log"
) )
// TODO(d.kolyshev): Use [rewrite.Item] instead.
type rewriteEntryJSON struct {
Domain string `json:"domain"`
Answer string `json:"answer"`
}
func (d *DNSFilter) handleRewriteList(w http.ResponseWriter, r *http.Request) { func (d *DNSFilter) handleRewriteList(w http.ResponseWriter, r *http.Request) {
arr := []*rewriteEntryJSON{} d.confLock.RLock()
defer d.confLock.RUnlock()
d.confLock.Lock() _ = aghhttp.WriteJSONResponse(w, r, d.rewriteStorage.List())
for _, ent := range d.Config.Rewrites {
jsent := rewriteEntryJSON{
Domain: ent.Domain,
Answer: ent.Answer,
}
arr = append(arr, &jsent)
}
d.confLock.Unlock()
_ = aghhttp.WriteJSONResponse(w, r, arr)
} }
func (d *DNSFilter) handleRewriteAdd(w http.ResponseWriter, r *http.Request) { func (d *DNSFilter) handleRewriteAdd(w http.ResponseWriter, r *http.Request) {
rwJSON := rewriteEntryJSON{} rw := rewrite.Item{}
err := json.NewDecoder(r.Body).Decode(&rwJSON) err := json.NewDecoder(r.Body).Decode(&rw)
if err != nil { if err != nil {
aghhttp.Error(r, w, http.StatusBadRequest, "json.Decode: %s", err) aghhttp.Error(r, w, http.StatusBadRequest, "json.Decode: %s", err)
return return
} }
rw := &LegacyRewrite{ d.confLock.Lock()
Domain: rwJSON.Domain, defer d.confLock.Unlock()
Answer: rwJSON.Answer,
}
err = rw.normalize() err = d.rewriteStorage.Add(&rw)
if err != nil { if err != nil {
// Shouldn't happen currently, since normalize only returns a non-nil aghhttp.Error(r, w, http.StatusBadRequest, "add rewrite: %s", err)
// error when a rewrite is nil, but be change-proof.
aghhttp.Error(r, w, http.StatusBadRequest, "normalizing: %s", err)
return return
} }
d.confLock.Lock() log.Debug("rewrite: added element: %s -> %s", rw.Domain, rw.Answer)
d.Config.Rewrites = append(d.Config.Rewrites, rw)
d.confLock.Unlock()
log.Debug("rewrite: added element: %s -> %s [%d]", rw.Domain, rw.Answer, len(d.Config.Rewrites))
d.Config.ConfigModified() d.Config.ConfigModified()
} }
func (d *DNSFilter) handleRewriteDelete(w http.ResponseWriter, r *http.Request) { func (d *DNSFilter) handleRewriteDelete(w http.ResponseWriter, r *http.Request) {
jsent := rewriteEntryJSON{} entDel := rewrite.Item{}
err := json.NewDecoder(r.Body).Decode(&jsent) err := json.NewDecoder(r.Body).Decode(&entDel)
if err != nil { if err != nil {
aghhttp.Error(r, w, http.StatusBadRequest, "json.Decode: %s", err) aghhttp.Error(r, w, http.StatusBadRequest, "json.Decode: %s", err)
return return
} }
entDel := &LegacyRewrite{
Domain: jsent.Domain,
Answer: jsent.Answer,
}
arr := []*LegacyRewrite{}
d.confLock.Lock() d.confLock.Lock()
for _, ent := range d.Config.Rewrites { defer d.confLock.Unlock()
if ent.equal(entDel) {
log.Debug("rewrite: removed element: %s -> %s", ent.Domain, ent.Answer)
continue err = d.rewriteStorage.Remove(&entDel)
} if err != nil {
aghhttp.Error(r, w, http.StatusBadRequest, "remove rewrite: %s", err)
arr = append(arr, ent) return
} }
d.Config.Rewrites = arr
d.confLock.Unlock()
d.Config.ConfigModified() d.Config.ConfigModified()
} }

219
internal/filtering/rewrites.go
View File

@@ -1,219 +0,0 @@
// DNS Rewrites
package filtering
import (
"fmt"
"net"
"sort"
"strings"
"github.com/AdguardTeam/golibs/errors"
"github.com/miekg/dns"
"golang.org/x/exp/slices"
)
// LegacyRewrite is a single legacy DNS rewrite record.
//
// Instances of *LegacyRewrite must never be nil.
type LegacyRewrite struct {
// Domain is the domain pattern for which this rewrite should work.
Domain string `yaml:"domain"`
// Answer is the IP address, canonical name, or one of the special
// values: "A" or "AAAA".
Answer string `yaml:"answer"`
// IP is the IP address that should be used in the response if Type is
// dns.TypeA or dns.TypeAAAA.
IP net.IP `yaml:"-"`
// Type is the DNS record type: A, AAAA, or CNAME.
Type uint16 `yaml:"-"`
}
// clone returns a deep clone of rw.
func (rw *LegacyRewrite) clone() (cloneRW *LegacyRewrite) {
return &LegacyRewrite{
Domain: rw.Domain,
Answer: rw.Answer,
IP: slices.Clone(rw.IP),
Type: rw.Type,
}
}
// equal returns true if the rw is equal to the other.
func (rw *LegacyRewrite) equal(other *LegacyRewrite) (ok bool) {
return rw.Domain == other.Domain && rw.Answer == other.Answer
}
// matchesQType returns true if the entry matches the question type qt.
func (rw *LegacyRewrite) matchesQType(qt uint16) (ok bool) {
// Add CNAMEs, since they match for all types requests.
if rw.Type == dns.TypeCNAME {
return true
}
// Reject types other than A and AAAA.
if qt != dns.TypeA && qt != dns.TypeAAAA {
return false
}
// If the types match or the entry is set to allow only the other type,
// include them.
return rw.Type == qt || rw.IP == nil
}
// normalize makes sure that the a new or decoded entry is normalized with
// regards to domain name case, IP length, and so on.
//
// If rw is nil, it returns an errors.
func (rw *LegacyRewrite) normalize() (err error) {
if rw == nil {
return errors.Error("nil rewrite entry")
}
// TODO(a.garipov): Write a case-agnostic version of strings.HasSuffix and
// use it in matchDomainWildcard instead of using strings.ToLower
// everywhere.
rw.Domain = strings.ToLower(rw.Domain)
switch rw.Answer {
case "AAAA":
rw.IP = nil
rw.Type = dns.TypeAAAA
return nil
case "A":
rw.IP = nil
rw.Type = dns.TypeA
return nil
default:
// Go on.
}
ip := net.ParseIP(rw.Answer)
if ip == nil {
rw.Type = dns.TypeCNAME
return nil
}
ip4 := ip.To4()
if ip4 != nil {
rw.IP = ip4
rw.Type = dns.TypeA
} else {
rw.IP = ip
rw.Type = dns.TypeAAAA
}
return nil
}
// isWildcard returns true if pat is a wildcard domain pattern.
func isWildcard(pat string) bool {
return len(pat) > 1 && pat[0] == '*' && pat[1] == '.'
}
// matchDomainWildcard returns true if host matches the wildcard pattern.
func matchDomainWildcard(host, wildcard string) (ok bool) {
return isWildcard(wildcard) && strings.HasSuffix(host, wildcard[1:])
}
// rewritesSorted is a slice of legacy rewrites for sorting.
//
// The sorting priority:
//
// 1. A and AAAA > CNAME
// 2. wildcard > exact
// 3. lower level wildcard > higher level wildcard
//
// TODO(a.garipov): Replace with slices.Sort.
type rewritesSorted []*LegacyRewrite
// Len implements the sort.Interface interface for rewritesSorted.
func (a rewritesSorted) Len() (l int) { return len(a) }
// Swap implements the sort.Interface interface for rewritesSorted.
func (a rewritesSorted) Swap(i, j int) { a[i], a[j] = a[j], a[i] }
// Less implements the sort.Interface interface for rewritesSorted.
func (a rewritesSorted) Less(i, j int) (less bool) {
ith, jth := a[i], a[j]
if ith.Type == dns.TypeCNAME && jth.Type != dns.TypeCNAME {
return true
} else if ith.Type != dns.TypeCNAME && jth.Type == dns.TypeCNAME {
return false
}
if iw, jw := isWildcard(ith.Domain), isWildcard(jth.Domain); iw != jw {
return jw
}
// Both are either wildcards or not.
return len(ith.Domain) > len(jth.Domain)
}
// prepareRewrites normalizes and validates all legacy DNS rewrites.
func (d *DNSFilter) prepareRewrites() (err error) {
for i, r := range d.Rewrites {
err = r.normalize()
if err != nil {
return fmt.Errorf("at index %d: %w", i, err)
}
}
return nil
}
// findRewrites returns the list of matched rewrite entries. If rewrites are
// empty, but matched is true, the domain is found among the rewrite rules but
// not for this question type.
//
// The result priority is: CNAME, then A and AAAA; exact, then wildcard. If the
// host is matched exactly, wildcard entries aren't returned. If the host
// matched by wildcards, return the most specific for the question type.
func findRewrites(
entries []*LegacyRewrite,
host string,
qtype uint16,
) (rewrites []*LegacyRewrite, matched bool) {
for _, e := range entries {
if e.Domain != host && !matchDomainWildcard(host, e.Domain) {
continue
}
matched = true
if e.matchesQType(qtype) {
rewrites = append(rewrites, e)
}
}
if len(rewrites) == 0 {
return nil, matched
}
sort.Sort(rewritesSorted(rewrites))
for i, r := range rewrites {
if isWildcard(r.Domain) {
// Don't use rewrites[:0], because we need to return at least one
// item here.
rewrites = rewrites[:max(1, i)]
break
}
}
return rewrites, matched
}
func max(a, b int) int {
if a > b {
return a
}
return b
}

371
internal/filtering/rewrites_test.go
View File

@@ -1,371 +0,0 @@
package filtering
import (
"net"
"testing"
"github.com/miekg/dns"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
)
// TODO(e.burkov): All the tests in this file may and should me merged together.
func TestRewrites(t *testing.T) {
d, _ := newForTest(t, nil, nil)
t.Cleanup(d.Close)
d.Rewrites = []*LegacyRewrite{{
// This one and below are about CNAME, A and AAAA.
Domain: "somecname",
Answer: "somehost.com",
}, {
Domain: "somehost.com",
Answer: "0.0.0.0",
}, {
Domain: "host.com",
Answer: "1.2.3.4",
}, {
Domain: "host.com",
Answer: "1.2.3.5",
}, {
Domain: "host.com",
Answer: "1:2:3::4",
}, {
Domain: "www.host.com",
Answer: "host.com",
}, {
// This one is a wildcard.
Domain: "*.host.com",
Answer: "1.2.3.5",
}, {
// This one and below are about wildcard overriding.
Domain: "a.host.com",
Answer: "1.2.3.4",
}, {
// This one is about CNAME and wildcard interacting.
Domain: "*.host2.com",
Answer: "host.com",
}, {
// This one and below are about 2 level CNAME.
Domain: "b.host.com",
Answer: "somecname",
}, {
// This one and below are about 2 level CNAME and wildcard.
Domain: "b.host3.com",
Answer: "a.host3.com",
}, {
Domain: "a.host3.com",
Answer: "x.host.com",
}, {
Domain: "*.hostboth.com",
Answer: "1.2.3.6",
}, {
Domain: "*.hostboth.com",
Answer: "1234::5678",
}, {
Domain: "BIGHOST.COM",
Answer: "1.2.3.7",
}, {
Domain: "*.issue4016.com",
Answer: "sub.issue4016.com",
}}
require.NoError(t, d.prepareRewrites())
testCases := []struct {
name string
host string
wantCName string
wantIPs []net.IP
wantReason Reason
dtyp uint16
}{{
name: "not_filtered_not_found",
host: "hoost.com",
wantCName: "",
wantIPs: nil,
wantReason: NotFilteredNotFound,
dtyp: dns.TypeA,
}, {
name: "rewritten_a",
host: "www.host.com",
wantCName: "host.com",
wantIPs: []net.IP{{1, 2, 3, 4}, {1, 2, 3, 5}},
wantReason: Rewritten,
dtyp: dns.TypeA,
}, {
name: "rewritten_aaaa",
host: "www.host.com",
wantCName: "host.com",
wantIPs: []net.IP{net.ParseIP("1:2:3::4")},
wantReason: Rewritten,
dtyp: dns.TypeAAAA,
}, {
name: "wildcard_match",
host: "abc.host.com",
wantCName: "",
wantIPs: []net.IP{{1, 2, 3, 5}},
wantReason: Rewritten,
dtyp: dns.TypeA,
}, {
name: "wildcard_override",
host: "a.host.com",
wantCName: "",
wantIPs: []net.IP{{1, 2, 3, 4}},
wantReason: Rewritten,
dtyp: dns.TypeA,
}, {
name: "wildcard_cname_interaction",
host: "www.host2.com",
wantCName: "host.com",
wantIPs: []net.IP{{1, 2, 3, 4}, {1, 2, 3, 5}},
wantReason: Rewritten,
dtyp: dns.TypeA,
}, {
name: "two_cnames",
host: "b.host.com",
wantCName: "somehost.com",
wantIPs: []net.IP{{0, 0, 0, 0}},
wantReason: Rewritten,
dtyp: dns.TypeA,
}, {
name: "two_cnames_and_wildcard",
host: "b.host3.com",
wantCName: "x.host.com",
wantIPs: []net.IP{{1, 2, 3, 5}},
wantReason: Rewritten,
dtyp: dns.TypeA,
}, {
name: "issue3343",
host: "www.hostboth.com",
wantCName: "",
wantIPs: []net.IP{net.ParseIP("1234::5678")},
wantReason: Rewritten,
dtyp: dns.TypeAAAA,
}, {
name: "issue3351",
host: "bighost.com",
wantCName: "",
wantIPs: []net.IP{{1, 2, 3, 7}},
wantReason: Rewritten,
dtyp: dns.TypeA,
}, {
name: "issue4008",
host: "somehost.com",
wantCName: "",
wantIPs: nil,
wantReason: Rewritten,
dtyp: dns.TypeHTTPS,
}, {
name: "issue4016",
host: "www.issue4016.com",
wantCName: "sub.issue4016.com",
wantIPs: nil,
wantReason: Rewritten,
dtyp: dns.TypeA,
}, {
name: "issue4016_self",
host: "sub.issue4016.com",
wantCName: "",
wantIPs: nil,
wantReason: NotFilteredNotFound,
dtyp: dns.TypeA,
}}
for _, tc := range testCases {
t.Run(tc.name, func(t *testing.T) {
r := d.processRewrites(tc.host, tc.dtyp)
require.Equalf(t, tc.wantReason, r.Reason, "got %s", r.Reason)
if tc.wantCName != "" {
assert.Equal(t, tc.wantCName, r.CanonName)
}
assert.Equal(t, tc.wantIPs, r.IPList)
})
}
}
func TestRewritesLevels(t *testing.T) {
d, _ := newForTest(t, nil, nil)
t.Cleanup(d.Close)
// Exact host, wildcard L2, wildcard L3.
d.Rewrites = []*LegacyRewrite{{
Domain: "host.com",
Answer: "1.1.1.1",
Type: dns.TypeA,
}, {
Domain: "*.host.com",
Answer: "2.2.2.2",
Type: dns.TypeA,
}, {
Domain: "*.sub.host.com",
Answer: "3.3.3.3",
Type: dns.TypeA,
}}
require.NoError(t, d.prepareRewrites())
testCases := []struct {
name string
host string
want net.IP
}{{
name: "exact_match",
host: "host.com",
want: net.IP{1, 1, 1, 1},
}, {
name: "l2_match",
host: "sub.host.com",
want: net.IP{2, 2, 2, 2},
}, {
name: "l3_match",
host: "my.sub.host.com",
want: net.IP{3, 3, 3, 3},
}}
for _, tc := range testCases {
t.Run(tc.name, func(t *testing.T) {
r := d.processRewrites(tc.host, dns.TypeA)
assert.Equal(t, Rewritten, r.Reason)
require.Len(t, r.IPList, 1)
})
}
}
func TestRewritesExceptionCNAME(t *testing.T) {
d, _ := newForTest(t, nil, nil)
t.Cleanup(d.Close)
// Wildcard and exception for a sub-domain.
d.Rewrites = []*LegacyRewrite{{
Domain: "*.host.com",
Answer: "2.2.2.2",
}, {
Domain: "sub.host.com",
Answer: "sub.host.com",
}, {
Domain: "*.sub.host.com",
Answer: "*.sub.host.com",
}}
require.NoError(t, d.prepareRewrites())
testCases := []struct {
name string
host string
want net.IP
}{{
name: "match_subdomain",
host: "my.host.com",
want: net.IP{2, 2, 2, 2},
}, {
name: "exception_cname",
host: "sub.host.com",
want: nil,
}, {
name: "exception_wildcard",
host: "my.sub.host.com",
want: nil,
}}
for _, tc := range testCases {
t.Run(tc.name, func(t *testing.T) {
r := d.processRewrites(tc.host, dns.TypeA)
if tc.want == nil {
assert.Equal(t, NotFilteredNotFound, r.Reason, "got %s", r.Reason)
return
}
assert.Equal(t, Rewritten, r.Reason)
require.Len(t, r.IPList, 1)
assert.True(t, tc.want.Equal(r.IPList[0]))
})
}
}
func TestRewritesExceptionIP(t *testing.T) {
d, _ := newForTest(t, nil, nil)
t.Cleanup(d.Close)
// Exception for AAAA record.
d.Rewrites = []*LegacyRewrite{{
Domain: "host.com",
Answer: "1.2.3.4",
Type: dns.TypeA,
}, {
Domain: "host.com",
Answer: "AAAA",
Type: dns.TypeAAAA,
}, {
Domain: "host2.com",
Answer: "::1",
Type: dns.TypeAAAA,
}, {
Domain: "host2.com",
Answer: "A",
Type: dns.TypeA,
}, {
Domain: "host3.com",
Answer: "A",
Type: dns.TypeA,
}}
require.NoError(t, d.prepareRewrites())
testCases := []struct {
name string
host string
want []net.IP
dtyp uint16
}{{
name: "match_A",
host: "host.com",
want: []net.IP{{1, 2, 3, 4}},
dtyp: dns.TypeA,
}, {
name: "exception_AAAA_host.com",
host: "host.com",
want: nil,
dtyp: dns.TypeAAAA,
}, {
name: "exception_A_host2.com",
host: "host2.com",
want: nil,
dtyp: dns.TypeA,
}, {
name: "match_AAAA_host2.com",
host: "host2.com",
want: []net.IP{net.ParseIP("::1")},
dtyp: dns.TypeAAAA,
}, {
name: "exception_A_host3.com",
host: "host3.com",
want: nil,
dtyp: dns.TypeA,
}, {
name: "match_AAAA_host3.com",
host: "host3.com",
want: []net.IP{},
dtyp: dns.TypeAAAA,
}}
for _, tc := range testCases {
t.Run(tc.name+"_"+tc.host, func(t *testing.T) {
r := d.processRewrites(tc.host, tc.dtyp)
if tc.want == nil {
assert.Equal(t, NotFilteredNotFound, r.Reason)
return
}
assert.Equalf(t, Rewritten, r.Reason, "got %s", r.Reason)
require.Len(t, r.IPList, len(tc.want))
for _, ip := range tc.want {
assert.True(t, ip.Equal(r.IPList[0]))
}
})
}
}