cherry-pick: 1730 bogus cidr

Merge in DNS/adguard-home from 1730-bogus-cidr to master Closes #1730. Squashed commit of the following: commit 0be54259ca4edb8752e9f7e5ea5104a2b51ed440 Author: Eugene Burkov <E.Burkov@AdGuard.COM> Date: Tue Jan 25 18:50:01 2022 +0300 all: imp log of changes commit 59fb7a8c469216823ff54621ec40a4d084836132 Author: Eugene Burkov <E.Burkov@AdGuard.COM> Date: Tue Jan 25 18:46:34 2022 +0300 all: log changes commit 9206b13dd715fdf1180d1d572d1b80024b9e6592 Author: Eugene Burkov <E.Burkov@AdGuard.COM> Date: Tue Jan 25 18:41:26 2022 +0300 all: upd dnsproxy
2022-01-25 18:54:37 +03:00
parent d98d96db1a
commit 9d75f72ceb
9 changed files with 160 additions and 180 deletions
--- a/internal/aghnet/hostscontainer.go
+++ b/internal/aghnet/hostscontainer.go
@@ -51,7 +51,7 @@ type requestMatcher struct {
 //
 // It's safe for concurrent use.
 func (rm *requestMatcher) MatchRequest(
-	req urlfilter.DNSRequest,
+	req *urlfilter.DNSRequest,
 ) (res *urlfilter.DNSResult, ok bool) {
 	switch req.DNSType {
 	case dns.TypeA, dns.TypeAAAA, dns.TypePTR:
--- a/internal/aghnet/hostscontainer_test.go
+++ b/internal/aghnet/hostscontainer_test.go
@@ -3,7 +3,6 @@ package aghnet
 import (
 	"io/fs"
 	"net"
-	"os"
 	"path"
 	"strings"
 	"sync/atomic"
@@ -194,7 +193,7 @@ func TestHostsContainer_refresh(t *testing.T) {

 		// Require the changes are written.
 		require.Eventually(t, func() bool {
-			res, ok := hc.MatchRequest(urlfilter.DNSRequest{
+			res, ok := hc.MatchRequest(&urlfilter.DNSRequest{
 				Hostname: "hostname",
 				DNSType:  dns.TypeA,
 			})
@@ -208,7 +207,7 @@ func TestHostsContainer_refresh(t *testing.T) {

 		// Require the changes are written.
 		require.Eventually(t, func() bool {
-			res, ok := hc.MatchRequest(urlfilter.DNSRequest{
+			res, ok := hc.MatchRequest(&urlfilter.DNSRequest{
 				Hostname: "hostname",
 				DNSType:  dns.TypeA,
 			})
@@ -281,13 +280,14 @@ func TestHostsContainer_PathsToPatterns(t *testing.T) {
 }

 func TestHostsContainer_Translate(t *testing.T) {
-	testdata := os.DirFS("./testdata")
 	stubWatcher := aghtest.FSWatcher{
 		OnEvents: func() (e <-chan struct{}) { return nil },
 		OnAdd:    func(name string) (err error) { return nil },
 		OnClose:  func() (err error) { panic("not implemented") },
 	}

+	require.NoError(t, fstest.TestFS(testdata, "etc_hosts"))
+
 	hc, err := NewHostsContainer(0, testdata, &stubWatcher, "etc_hosts")
 	require.NoError(t, err)
 	testutil.CleanupAndRequireSuccess(t, hc.Close)
@@ -360,12 +360,12 @@ func TestHostsContainer_Translate(t *testing.T) {
 func TestHostsContainer(t *testing.T) {
 	const listID = 1234

-	testdata := os.DirFS("./testdata")
+	require.NoError(t, fstest.TestFS(testdata, "etc_hosts"))

 	testCases := []struct {
 		want []*rules.DNSRewrite
 		name string
-		req  urlfilter.DNSRequest
+		req  *urlfilter.DNSRequest
 	}{{
 		want: []*rules.DNSRewrite{{
 			RCode:  dns.RcodeSuccess,
@@ -377,7 +377,7 @@ func TestHostsContainer(t *testing.T) {
 			RRType: dns.TypeAAAA,
 		}},
 		name: "simple",
-		req: urlfilter.DNSRequest{
+		req: &urlfilter.DNSRequest{
 			Hostname: "simplehost",
 			DNSType:  dns.TypeA,
 		},
@@ -392,7 +392,7 @@ func TestHostsContainer(t *testing.T) {
 			RRType: dns.TypeAAAA,
 		}},
 		name: "hello_alias",
-		req: urlfilter.DNSRequest{
+		req: &urlfilter.DNSRequest{
 			Hostname: "hello.world",
 			DNSType:  dns.TypeA,
 		},
@@ -407,21 +407,21 @@ func TestHostsContainer(t *testing.T) {
 			RRType: dns.TypeAAAA,
 		}},
 		name: "other_line_alias",
-		req: urlfilter.DNSRequest{
+		req: &urlfilter.DNSRequest{
 			Hostname: "hello.world.again",
 			DNSType:  dns.TypeA,
 		},
 	}, {
 		want: []*rules.DNSRewrite{},
 		name: "hello_subdomain",
-		req: urlfilter.DNSRequest{
+		req: &urlfilter.DNSRequest{
 			Hostname: "say.hello",
 			DNSType:  dns.TypeA,
 		},
 	}, {
 		want: []*rules.DNSRewrite{},
 		name: "hello_alias_subdomain",
-		req: urlfilter.DNSRequest{
+		req: &urlfilter.DNSRequest{
 			Hostname: "say.hello.world",
 			DNSType:  dns.TypeA,
 		},
@@ -436,7 +436,7 @@ func TestHostsContainer(t *testing.T) {
 			Value:  net.ParseIP("::2"),
 		}},
 		name: "lots_of_aliases",
-		req: urlfilter.DNSRequest{
+		req: &urlfilter.DNSRequest{
 			Hostname: "for.testing",
 			DNSType:  dns.TypeA,
 		},
@@ -447,21 +447,21 @@ func TestHostsContainer(t *testing.T) {
 			Value:  "simplehost.",
 		}},
 		name: "reverse",
-		req: urlfilter.DNSRequest{
+		req: &urlfilter.DNSRequest{
 			Hostname: "1.0.0.1.in-addr.arpa",
 			DNSType:  dns.TypePTR,
 		},
 	}, {
 		want: []*rules.DNSRewrite{},
 		name: "non-existing",
-		req: urlfilter.DNSRequest{
+		req: &urlfilter.DNSRequest{
 			Hostname: "nonexisting",
 			DNSType:  dns.TypeA,
 		},
 	}, {
 		want: nil,
 		name: "bad_type",
-		req: urlfilter.DNSRequest{
+		req: &urlfilter.DNSRequest{
 			Hostname: "1.0.0.1.in-addr.arpa",
 			DNSType:  dns.TypeSRV,
 		},
@@ -476,7 +476,7 @@ func TestHostsContainer(t *testing.T) {
 			Value:  net.ParseIP("::42"),
 		}},
 		name: "issue_4216_4_6",
-		req: urlfilter.DNSRequest{
+		req: &urlfilter.DNSRequest{
 			Hostname: "domain",
 			DNSType:  dns.TypeA,
 		},
@@ -491,7 +491,7 @@ func TestHostsContainer(t *testing.T) {
 			Value:  net.IPv4(1, 3, 5, 7),
 		}},
 		name: "issue_4216_4",
-		req: urlfilter.DNSRequest{
+		req: &urlfilter.DNSRequest{
 			Hostname: "domain4",
 			DNSType:  dns.TypeA,
 		},
@@ -506,7 +506,7 @@ func TestHostsContainer(t *testing.T) {
 			Value:  net.ParseIP("::31"),
 		}},
 		name: "issue_4216_6",
-		req: urlfilter.DNSRequest{
+		req: &urlfilter.DNSRequest{
 			Hostname: "domain6",
 			DNSType:  dns.TypeAAAA,
 		},
--- a/internal/aghnet/net_test.go
+++ b/internal/aghnet/net_test.go
@@ -1,7 +1,9 @@
 package aghnet

 import (
+	"io/fs"
 	"net"
+	"os"
 	"testing"

 	"github.com/AdguardTeam/AdGuardHome/internal/aghtest"
@@ -15,6 +17,9 @@ func TestMain(m *testing.M) {
 	aghtest.DiscardLogOutput(m)
 }

+// testdata is the filesystem containing data for testing the package.
+var testdata fs.FS = os.DirFS("./testdata")
+
 func TestGetInterfaceByIP(t *testing.T) {
 	ifaces, err := GetValidNetInterfacesForWeb()
 	require.NoError(t, err)
--- a/internal/dnsforward/clientid.go
+++ b/internal/dnsforward/clientid.go
@@ -65,7 +65,7 @@ func clientIDFromClientServerName(
 		return "", err
 	}

-	return clientID, nil
+	return strings.ToLower(clientID), nil
 }

 // clientIDFromDNSContextHTTPS extracts the client's ID from the path of the
@@ -104,7 +104,7 @@ func clientIDFromDNSContextHTTPS(pctx *proxy.DNSContext) (clientID string, err e
 		return "", fmt.Errorf("clientid check: %w", err)
 	}

-	return clientID, nil
+	return strings.ToLower(clientID), nil
 }

 // tlsConn is a narrow interface for *tls.Conn to simplify testing.
@@ -112,8 +112,8 @@ type tlsConn interface {
 	ConnectionState() (cs tls.ConnectionState)
 }

-// quicSession is a narrow interface for quic.Session to simplify testing.
-type quicSession interface {
+// quicConnection is a narrow interface for quic.Connection to simplify testing.
+type quicConnection interface {
 	ConnectionState() (cs quic.ConnectionState)
 }

@@ -148,16 +148,16 @@ func (s *Server) clientIDFromDNSContext(pctx *proxy.DNSContext) (clientID string

 		cliSrvName = tc.ConnectionState().ServerName
 	case proxy.ProtoQUIC:
-		qs, ok := pctx.QUICSession.(quicSession)
+		conn, ok := pctx.QUICConnection.(quicConnection)
 		if !ok {
 			return "", fmt.Errorf(
-				"proxy ctx quic session of proto %s is %T, want quic.Session",
+				"proxy ctx quic conn of proto %s is %T, want quic.Connection",
 				proto,
-				pctx.QUICSession,
+				pctx.QUICConnection,
 			)
 		}

-		cliSrvName = qs.ConnectionState().TLS.ServerName
+		cliSrvName = conn.ConnectionState().TLS.ServerName
 	}

 	clientID, err = clientIDFromClientServerName(
--- a/internal/dnsforward/clientid_test.go
+++ b/internal/dnsforward/clientid_test.go
@@ -29,17 +29,18 @@ func (c testTLSConn) ConnectionState() (cs tls.ConnectionState) {
 	return cs
 }

-// testQUICSession is a quicSession for tests.
-type testQUICSession struct {
-	// Session is embedded here simply to make testQUICSession a quic.Session
-	// without actually implementing all methods.
-	quic.Session
+// testQUICConnection is a quicConnection for tests.
+type testQUICConnection struct {
+	// Connection is embedded here simply to make testQUICConnection a
+	// quic.Connection without actually implementing all methods.
+	quic.Connection

 	serverName string
 }

-// ConnectionState implements the quicSession interface for testQUICSession.
-func (c testQUICSession) ConnectionState() (cs quic.ConnectionState) {
+// ConnectionState implements the quicConnection interface for
+// testQUICConnection.
+func (c testQUICConnection) ConnectionState() (cs quic.ConnectionState) {
 	cs.TLS.ServerName = c.serverName

 	return cs
@@ -143,6 +144,22 @@ func TestServer_clientIDFromDNSContext(t *testing.T) {
 		wantErrMsg: `clientid check: client server name "cli.myexample.com" ` +
 			`doesn't match host server name "example.com"`,
 		strictSNI: true,
+	}, {
+		name:         "tls_case",
+		proto:        proxy.ProtoTLS,
+		hostSrvName:  "example.com",
+		cliSrvName:   "InSeNsItIvE.example.com",
+		wantClientID: "insensitive",
+		wantErrMsg:   ``,
+		strictSNI:    true,
+	}, {
+		name:         "quic_case",
+		proto:        proxy.ProtoQUIC,
+		hostSrvName:  "example.com",
+		cliSrvName:   "InSeNsItIvE.example.com",
+		wantClientID: "insensitive",
+		wantErrMsg:   ``,
+		strictSNI:    true,
 	}}

 	for _, tc := range testCases {
@@ -163,17 +180,17 @@ func TestServer_clientIDFromDNSContext(t *testing.T) {
 				}
 			}

-			var qs quic.Session
+			var qconn quic.Connection
 			if tc.proto == proxy.ProtoQUIC {
-				qs = testQUICSession{
+				qconn = testQUICConnection{
 					serverName: tc.cliSrvName,
 				}
 			}

 			pctx := &proxy.DNSContext{
-				Proto:       tc.proto,
-				Conn:        conn,
-				QUICSession: qs,
+				Proto:          tc.proto,
+				Conn:           conn,
+				QUICConnection: qconn,
 			}

 			clientID, err := srv.clientIDFromDNSContext(pctx)
@@ -210,6 +227,11 @@ func TestClientIDFromDNSContextHTTPS(t *testing.T) {
 		path:         "/dns-query/cli/",
 		wantClientID: "cli",
 		wantErrMsg:   "",
+	}, {
+		name:         "clientid_case",
+		path:         "/dns-query/InSeNsItIvE",
+		wantClientID: "insensitive",
+		wantErrMsg:   ``,
 	}, {
 		name:         "bad_url",
 		path:         "/foo",
--- a/internal/dnsforward/config.go
+++ b/internal/dnsforward/config.go
@@ -243,18 +243,15 @@ func (s *Server) createProxyConfig() (proxy.Config, error) {
 		proxyConfig.FastestPingTimeout = s.conf.FastestTimeout.Duration
 	}

-	if len(s.conf.BogusNXDomain) > 0 {
-		for _, s := range s.conf.BogusNXDomain {
-			ip := net.ParseIP(s)
-			if ip == nil {
-				log.Error("Invalid bogus IP: %s", s)
-			} else {
-				proxyConfig.BogusNXDomain = append(
-					proxyConfig.BogusNXDomain,
-					netutil.SingleIPSubnet(ip),
-				)
-			}
+	for i, s := range s.conf.BogusNXDomain {
+		subnet, err := netutil.ParseSubnet(s)
+		if err != nil {
+			log.Error("subnet at index %d: %s", i, err)
+
+			continue
 		}
+
+		proxyConfig.BogusNXDomain = append(proxyConfig.BogusNXDomain, subnet)
 	}

 	// TLS settings
--- a/internal/filtering/filtering.go
+++ b/internal/filtering/filtering.go
@@ -477,7 +477,7 @@ func (d *DNSFilter) matchSysHosts(
 		return res, nil
 	}

-	dnsres, _ := d.EtcHosts.MatchRequest(urlfilter.DNSRequest{
+	dnsres, _ := d.EtcHosts.MatchRequest(&urlfilter.DNSRequest{
 		Hostname:         host,
 		SortedClientTags: setts.ClientTags,
 		// TODO(e.burkov):  Wait for urlfilter update to pass net.IP.
@@ -809,7 +809,7 @@ func (d *DNSFilter) matchHost(
 		return Result{}, nil
 	}

-	ureq := urlfilter.DNSRequest{
+	ureq := &urlfilter.DNSRequest{
 		Hostname:         host,
 		SortedClientTags: setts.ClientTags,
 		// TODO(e.burkov): Wait for urlfilter update to pass net.IP.