daxi20/AdGuardHome
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Pull request 1979: AG-25263 filtering config

Browse Source 
Squashed commit of the following:

commit a5607f811ab4642a0e34d3042240e3a9aafc3d84
Author: Dimitry Kolyshev <dkolyshev@adguard.com>
Date:   Wed Aug 30 15:44:26 2023 +0300

    home: upgrade yaml

commit 0593e4da17613b8770c4567fdd5fbfde31631e6f
Author: Dimitry Kolyshev <dkolyshev@adguard.com>
Date:   Wed Aug 30 15:01:14 2023 +0300

    home: upgrade yaml

commit 59ec4ba0bbe59fb2e95290f4f8101891ce4ff959
Merge: 6555941f5 a325c9b6b
Author: Dimitry Kolyshev <dkolyshev@adguard.com>
Date:   Wed Aug 30 14:57:41 2023 +0300

    Merge remote-tracking branch 'origin/master' into AG-25263-filtering-config

    # Conflicts:
    #	internal/dnsforward/http.go
    #	internal/dnsforward/http_test.go
    #	internal/dnsforward/process.go
    #	internal/dnsforward/process_internal_test.go

commit 6555941f57e99aa8bc2473b8be9e4f096ce665e0
Author: Dimitry Kolyshev <dkolyshev@adguard.com>
Date:   Wed Aug 30 14:38:01 2023 +0300

    docs: changelog

commit c66d14cecbb1f08869a90c46e58d08ec03e29de5
Merge: a50ff1622 aac36a2d2
Author: Dimitry Kolyshev <dkolyshev@adguard.com>
Date:   Wed Aug 30 12:58:41 2023 +0300

    Merge remote-tracking branch 'origin/master' into AG-25263-filtering-config

commit a50ff162291f7953912c1bb195bd7b5d802d0ab3
Author: Dimitry Kolyshev <dkolyshev@adguard.com>
Date:   Wed Aug 30 11:22:12 2023 +0300

    home: imp code

commit ef40d073e00d6acb164c0d680ed9971c4e75fbb7
Author: Dimitry Kolyshev <dkolyshev@adguard.com>
Date:   Tue Aug 29 16:19:14 2023 +0300

    home: imp code

commit 5fa09a95e901a72dc5d2a90ba47c96842152587b
Author: Dimitry Kolyshev <dkolyshev@adguard.com>
Date:   Tue Aug 29 14:47:48 2023 +0300

    home: imp code

commit 52bb295120f468faf94c953d0e795d1d58696ef1
Author: Dimitry Kolyshev <dkolyshev@adguard.com>
Date:   Tue Aug 29 13:33:01 2023 +0300

    home: imp code

commit 24cfccf071385d660aeba4ced744ebbacc819686
Author: Dimitry Kolyshev <dkolyshev@adguard.com>
Date:   Tue Aug 29 12:24:20 2023 +0300

    filtering: imp code

commit 758242b69ee5f351b25407340f989ec6b90d3607
Author: Dimitry Kolyshev <dkolyshev@adguard.com>
Date:   Tue Aug 29 10:32:51 2023 +0300

    home: imp code

commit 906deaa3bf86af5038fb05a54c34cc9511500ac9
Author: Dimitry Kolyshev <dkolyshev@adguard.com>
Date:   Mon Aug 28 14:46:01 2023 +0300

    dnsforward: imp code

commit 978bb508349cd0b6a1a0bd3df5b879b6a4dd9e29
Author: Dimitry Kolyshev <dkolyshev@adguard.com>
Date:   Mon Aug 28 14:40:31 2023 +0300

    home: imp code

commit d5b8dd5c930b0ccbe612f320a9908f2849370fd4
Author: Dimitry Kolyshev <dkolyshev@adguard.com>
Date:   Mon Aug 28 12:34:32 2023 +0300

    filtering: imp code

commit d3e5726df6bc93112329ec81bc83932ccf64b8de
Author: Dimitry Kolyshev <dkolyshev@adguard.com>
Date:   Mon Aug 28 11:57:33 2023 +0300

    home: upgrade yaml

commit 75d701553595786d5695540c001e6d46153351a9
Author: Dimitry Kolyshev <dkolyshev@adguard.com>
Date:   Mon Aug 28 11:46:55 2023 +0300

    home: upgrade yaml

commit cd8cb623b0e6eb00fd05fb62b7445ca4315b94e0
Author: Dimitry Kolyshev <dkolyshev@adguard.com>
Date:   Mon Aug 28 11:29:16 2023 +0300

    docs: changelog

commit 31c098d6f8d68a4afa30246c8d067a1ef4586de9
Author: Dimitry Kolyshev <dkolyshev@adguard.com>
Date:   Mon Aug 28 11:08:48 2023 +0300

    docs: changelog

commit 24c88dd5d42b0168a13ea11b3f760eae1e804558
Author: Dimitry Kolyshev <dkolyshev@adguard.com>
Date:   Sun Aug 27 19:12:55 2023 +0300

    home: imp code

commit 94f2d386c9c1b6be5df06525078c90a3d068641f
Author: Dimitry Kolyshev <dkolyshev@adguard.com>
Date:   Sun Aug 27 16:15:05 2023 +0300

    home: upgrade yaml

... and 10 more commits
This commit is contained in:
Dimitry Kolyshev
2023-08-30 18:26:02 +03:00
committed by Ainar Garipov
parent a325c9b6bb
commit a2ca8b5b4a
20 changed files with 664 additions and 320 deletions
Download Patch File Download Diff File Expand all files Collapse all files

97
internal/dnsforward/config.go
View File

@@ -25,33 +25,9 @@ import (
"golang.org/x/exp/slices"
)
// BlockingMode is an enum of all allowed blocking modes.
type BlockingMode string
// Allowed blocking modes.
const (
// BlockingModeCustomIP means respond with a custom IP address.
BlockingModeCustomIP BlockingMode = "custom_ip"
// BlockingModeDefault is the same as BlockingModeNullIP for
// Adblock-style rules, but responds with the IP address specified in
// the rule when blocked by an `/etc/hosts`-style rule.
BlockingModeDefault BlockingMode = "default"
// BlockingModeNullIP means respond with a zero IP address: "0.0.0.0"
// for A requests and "::" for AAAA ones.
BlockingModeNullIP BlockingMode = "null_ip"
// BlockingModeNXDOMAIN means respond with the NXDOMAIN code.
BlockingModeNXDOMAIN BlockingMode = "nxdomain"
// BlockingModeREFUSED means respond with the REFUSED code.
BlockingModeREFUSED BlockingMode = "refused"
)
// FilteringConfig represents the DNS filtering configuration of AdGuard Home
// The zero FilteringConfig is empty and ready for use.
type FilteringConfig struct {
// Config represents the DNS filtering configuration of AdGuard Home. The zero
// Config is empty and ready for use.
type Config struct {
// Callbacks for other modules
// FilterHandler is an optional additional filtering callback.
@@ -62,37 +38,6 @@ type FilteringConfig struct {
// nil if there are no custom upstreams for the client.
GetCustomUpstreamByClient func(id string) (conf *proxy.UpstreamConfig, err error) `yaml:"-"`
// Protection configuration
// ProtectionEnabled defines whether or not use any of filtering features.
ProtectionEnabled bool `yaml:"protection_enabled"`
// BlockingMode defines the way how blocked responses are constructed.
BlockingMode BlockingMode `yaml:"blocking_mode"`
// BlockingIPv4 is the IP address to be returned for a blocked A request.
BlockingIPv4 netip.Addr `yaml:"blocking_ipv4"`
// BlockingIPv6 is the IP address to be returned for a blocked AAAA
// request.
BlockingIPv6 netip.Addr `yaml:"blocking_ipv6"`
// BlockedResponseTTL is the time-to-live value for blocked responses. If
// 0, then default value is used (3600).
BlockedResponseTTL uint32 `yaml:"blocked_response_ttl"`
// ProtectionDisabledUntil is the timestamp until when the protection is
// disabled.
ProtectionDisabledUntil *time.Time `yaml:"protection_disabled_until"`
// ParentalBlockHost is the IP (or domain name) which is used to respond to
// DNS requests blocked by parental control.
ParentalBlockHost string `yaml:"parental_block_host"`
// SafeBrowsingBlockHost is the IP (or domain name) which is used to
// respond to DNS requests blocked by safe-browsing.
SafeBrowsingBlockHost string `yaml:"safebrowsing_block_host"`
// Anti-DNS amplification
// Ratelimit is the maximum number of requests per second from a given IP
@@ -137,7 +82,7 @@ type FilteringConfig struct {
// AllowedClients is the slice of IP addresses, CIDR networks, and
// ClientIDs of allowed clients. If not empty, only these clients are
// allowed, and [FilteringConfig.DisallowedClients] are ignored.
// allowed, and [Config.DisallowedClients] are ignored.
AllowedClients []string `yaml:"allowed_clients"`
// DisallowedClients is the slice of IP addresses, CIDR networks, and
@@ -283,7 +228,7 @@ type ServerConfig struct {
// Remove that.
AddrProcConf *client.DefaultAddrProcConfig
FilteringConfig
Config
TLSConfig
DNSCryptConfig
TLSAllowUnencryptedDoH bool
@@ -324,13 +269,6 @@ type ServerConfig struct {
UseHTTP3Upstreams bool
}
// if any of ServerConfig values are zero, then default values from below are used
var defaultValues = ServerConfig{
UDPListenAddrs: []*net.UDPAddr{{Port: 53}},
TCPListenAddrs: []*net.TCPAddr{{Port: 53}},
FilteringConfig: FilteringConfig{BlockedResponseTTL: 3600},
}
// createProxyConfig creates and validates configuration for the main proxy.
func (s *Server) createProxyConfig() (conf proxy.Config, err error) {
srvConf := s.conf
@@ -403,10 +341,7 @@ func (s *Server) createProxyConfig() (conf proxy.Config, err error) {
return conf, nil
}
const (
defaultSafeBrowsingBlockHost = "standard-block.dns.adguard.com"
defaultParentalBlockHost = "family-block.dns.adguard.com"
)
const defaultBlockedResponseTTL = 3600
// initDefaultSettings initializes default settings if nothing
// is configured
@@ -419,20 +354,12 @@ func (s *Server) initDefaultSettings() {
s.conf.BootstrapDNS = defaultBootstrap
}
if s.conf.ParentalBlockHost == "" {
s.conf.ParentalBlockHost = defaultParentalBlockHost
}
if s.conf.SafeBrowsingBlockHost == "" {
s.conf.SafeBrowsingBlockHost = defaultSafeBrowsingBlockHost
}
if s.conf.UDPListenAddrs == nil {
s.conf.UDPListenAddrs = defaultValues.UDPListenAddrs
s.conf.UDPListenAddrs = defaultUDPListenAddrs
}
if s.conf.TCPListenAddrs == nil {
s.conf.TCPListenAddrs = defaultValues.TCPListenAddrs
s.conf.TCPListenAddrs = defaultTCPListenAddrs
}
if len(s.conf.BlockedHosts) == 0 {
@@ -565,9 +492,9 @@ func (s *Server) UpdatedProtectionStatus() (enabled bool, disabledUntil *time.Ti
s.serverLock.RLock()
defer s.serverLock.RUnlock()
disabledUntil = s.conf.ProtectionDisabledUntil
disabledUntil = s.dnsFilter.ProtectionDisabledUntil
if disabledUntil == nil {
return s.conf.ProtectionEnabled, nil
return s.dnsFilter.ProtectionEnabled, nil
}
if time.Now().Before(*disabledUntil) {
@@ -599,8 +526,8 @@ func (s *Server) enableProtectionAfterPause() {
s.serverLock.Lock()
defer s.serverLock.Unlock()
s.conf.ProtectionEnabled = true
s.conf.ProtectionDisabledUntil = nil
s.dnsFilter.ProtectionEnabled = true
s.dnsFilter.ProtectionDisabledUntil = nil
log.Info("dns: protection is restarted after pause")
}