Pull request 1979: AG-25263 filtering config

Squashed commit of the following: commit a5607f811ab4642a0e34d3042240e3a9aafc3d84 Author: Dimitry Kolyshev <dkolyshev@adguard.com> Date: Wed Aug 30 15:44:26 2023 +0300 home: upgrade yaml commit 0593e4da17613b8770c4567fdd5fbfde31631e6f Author: Dimitry Kolyshev <dkolyshev@adguard.com> Date: Wed Aug 30 15:01:14 2023 +0300 home: upgrade yaml commit 59ec4ba0bbe59fb2e95290f4f8101891ce4ff959 Merge: 6555941f5 a325c9b6b Author: Dimitry Kolyshev <dkolyshev@adguard.com> Date: Wed Aug 30 14:57:41 2023 +0300 Merge remote-tracking branch 'origin/master' into AG-25263-filtering-config # Conflicts: # internal/dnsforward/http.go # internal/dnsforward/http_test.go # internal/dnsforward/process.go # internal/dnsforward/process_internal_test.go commit 6555941f57e99aa8bc2473b8be9e4f096ce665e0 Author: Dimitry Kolyshev <dkolyshev@adguard.com> Date: Wed Aug 30 14:38:01 2023 +0300 docs: changelog commit c66d14cecbb1f08869a90c46e58d08ec03e29de5 Merge: a50ff1622 aac36a2d2 Author: Dimitry Kolyshev <dkolyshev@adguard.com> Date: Wed Aug 30 12:58:41 2023 +0300 Merge remote-tracking branch 'origin/master' into AG-25263-filtering-config commit a50ff162291f7953912c1bb195bd7b5d802d0ab3 Author: Dimitry Kolyshev <dkolyshev@adguard.com> Date: Wed Aug 30 11:22:12 2023 +0300 home: imp code commit ef40d073e00d6acb164c0d680ed9971c4e75fbb7 Author: Dimitry Kolyshev <dkolyshev@adguard.com> Date: Tue Aug 29 16:19:14 2023 +0300 home: imp code commit 5fa09a95e901a72dc5d2a90ba47c96842152587b Author: Dimitry Kolyshev <dkolyshev@adguard.com> Date: Tue Aug 29 14:47:48 2023 +0300 home: imp code commit 52bb295120f468faf94c953d0e795d1d58696ef1 Author: Dimitry Kolyshev <dkolyshev@adguard.com> Date: Tue Aug 29 13:33:01 2023 +0300 home: imp code commit 24cfccf071385d660aeba4ced744ebbacc819686 Author: Dimitry Kolyshev <dkolyshev@adguard.com> Date: Tue Aug 29 12:24:20 2023 +0300 filtering: imp code commit 758242b69ee5f351b25407340f989ec6b90d3607 Author: Dimitry Kolyshev <dkolyshev@adguard.com> Date: Tue Aug 29 10:32:51 2023 +0300 home: imp code commit 906deaa3bf86af5038fb05a54c34cc9511500ac9 Author: Dimitry Kolyshev <dkolyshev@adguard.com> Date: Mon Aug 28 14:46:01 2023 +0300 dnsforward: imp code commit 978bb508349cd0b6a1a0bd3df5b879b6a4dd9e29 Author: Dimitry Kolyshev <dkolyshev@adguard.com> Date: Mon Aug 28 14:40:31 2023 +0300 home: imp code commit d5b8dd5c930b0ccbe612f320a9908f2849370fd4 Author: Dimitry Kolyshev <dkolyshev@adguard.com> Date: Mon Aug 28 12:34:32 2023 +0300 filtering: imp code commit d3e5726df6bc93112329ec81bc83932ccf64b8de Author: Dimitry Kolyshev <dkolyshev@adguard.com> Date: Mon Aug 28 11:57:33 2023 +0300 home: upgrade yaml commit 75d701553595786d5695540c001e6d46153351a9 Author: Dimitry Kolyshev <dkolyshev@adguard.com> Date: Mon Aug 28 11:46:55 2023 +0300 home: upgrade yaml commit cd8cb623b0e6eb00fd05fb62b7445ca4315b94e0 Author: Dimitry Kolyshev <dkolyshev@adguard.com> Date: Mon Aug 28 11:29:16 2023 +0300 docs: changelog commit 31c098d6f8d68a4afa30246c8d067a1ef4586de9 Author: Dimitry Kolyshev <dkolyshev@adguard.com> Date: Mon Aug 28 11:08:48 2023 +0300 docs: changelog commit 24c88dd5d42b0168a13ea11b3f760eae1e804558 Author: Dimitry Kolyshev <dkolyshev@adguard.com> Date: Sun Aug 27 19:12:55 2023 +0300 home: imp code commit 94f2d386c9c1b6be5df06525078c90a3d068641f Author: Dimitry Kolyshev <dkolyshev@adguard.com> Date: Sun Aug 27 16:15:05 2023 +0300 home: upgrade yaml ... and 10 more commits
2023-08-30 18:26:02 +03:00
parent a325c9b6bb
commit a2ca8b5b4a
20 changed files with 664 additions and 320 deletions
--- a/internal/filtering/filtering.go
+++ b/internal/filtering/filtering.go
@@ -15,6 +15,7 @@ import (
 	"strings"
 	"sync"
 	"sync/atomic"
+	"time"

 	"github.com/AdguardTeam/AdGuardHome/internal/aghhttp"
 	"github.com/AdguardTeam/AdGuardHome/internal/aghnet"
@@ -76,35 +77,19 @@ type Resolver interface {

 // Config allows you to configure DNS filtering with New() or just change variables directly.
 type Config struct {
+	// BlockingIPv4 is the IP address to be returned for a blocked A request.
+	BlockingIPv4 netip.Addr `yaml:"blocking_ipv4"`
+
+	// BlockingIPv6 is the IP address to be returned for a blocked AAAA request.
+	BlockingIPv6 netip.Addr `yaml:"blocking_ipv6"`
+
 	// SafeBrowsingChecker is the safe browsing hash-prefix checker.
 	SafeBrowsingChecker Checker `yaml:"-"`

 	// ParentControl is the parental control hash-prefix checker.
 	ParentalControlChecker Checker `yaml:"-"`

-	// enabled is used to be returned within Settings.
-	//
-	// It is of type uint32 to be accessed by atomic.
-	//
-	// TODO(e.burkov):  Use atomic.Bool in Go 1.19.
-	enabled uint32
-
-	FilteringEnabled           bool   `yaml:"filtering_enabled"`       // whether or not use filter lists
-	FiltersUpdateIntervalHours uint32 `yaml:"filters_update_interval"` // time period to update filters (in hours)
-
-	ParentalEnabled     bool `yaml:"parental_enabled"`
-	SafeBrowsingEnabled bool `yaml:"safebrowsing_enabled"`
-
-	SafeBrowsingCacheSize uint `yaml:"safebrowsing_cache_size"` // (in bytes)
-	SafeSearchCacheSize   uint `yaml:"safesearch_cache_size"`   // (in bytes)
-	ParentalCacheSize     uint `yaml:"parental_cache_size"`     // (in bytes)
-	// TODO(a.garipov): Use timeutil.Duration
-	CacheTime uint `yaml:"cache_time"` // Element's TTL (in minutes)
-
-	SafeSearchConf SafeSearchConfig `yaml:"safe_search"`
-	SafeSearch     SafeSearch       `yaml:"-"`
-
-	Rewrites []*LegacyRewrite `yaml:"rewrites"`
+	SafeSearch SafeSearch `yaml:"-"`

 	// BlockedServices is the configuration of blocked services.
 	// Per-client settings can override this configuration.
@@ -123,11 +108,30 @@ type Config struct {
 	// HTTPClient is the client to use for updating the remote filters.
 	HTTPClient *http.Client `yaml:"-"`

+	// filtersMu protects filter lists.
+	filtersMu *sync.RWMutex
+
+	// ProtectionDisabledUntil is the timestamp until when the protection is
+	// disabled.
+	ProtectionDisabledUntil *time.Time `yaml:"protection_disabled_until"`
+
+	SafeSearchConf SafeSearchConfig `yaml:"safe_search"`
+
 	// DataDir is used to store filters' contents.
 	DataDir string `yaml:"-"`

-	// filtersMu protects filter lists.
-	filtersMu *sync.RWMutex
+	// BlockingMode defines the way how blocked responses are constructed.
+	BlockingMode BlockingMode `yaml:"blocking_mode"`
+
+	// ParentalBlockHost is the IP (or domain name) which is used to respond to
+	// DNS requests blocked by parental control.
+	ParentalBlockHost string `yaml:"parental_block_host"`
+
+	// SafeBrowsingBlockHost is the IP (or domain name) which is used to respond
+	// to DNS requests blocked by safe-browsing.
+	SafeBrowsingBlockHost string `yaml:"safebrowsing_block_host"`
+
+	Rewrites []*LegacyRewrite `yaml:"rewrites"`

 	// Filters are the blocking filter lists.
 	Filters []FilterYAML `yaml:"-"`
@@ -137,8 +141,62 @@ type Config struct {

 	// UserRules is the global list of custom rules.
 	UserRules []string `yaml:"-"`
+
+	SafeBrowsingCacheSize uint `yaml:"safebrowsing_cache_size"` // (in bytes)
+	SafeSearchCacheSize   uint `yaml:"safesearch_cache_size"`   // (in bytes)
+	ParentalCacheSize     uint `yaml:"parental_cache_size"`     // (in bytes)
+	// TODO(a.garipov): Use timeutil.Duration
+	CacheTime uint `yaml:"cache_time"` // Element's TTL (in minutes)
+
+	// enabled is used to be returned within Settings.
+	//
+	// It is of type uint32 to be accessed by atomic.
+	//
+	// TODO(e.burkov):  Use atomic.Bool in Go 1.19.
+	enabled uint32
+
+	// FiltersUpdateIntervalHours is the time period to update filters
+	// (in hours).
+	FiltersUpdateIntervalHours uint32 `yaml:"filters_update_interval"`
+
+	// BlockedResponseTTL is the time-to-live value for blocked responses.  If
+	// 0, then default value is used (3600).
+	BlockedResponseTTL uint32 `yaml:"blocked_response_ttl"`
+
+	// FilteringEnabled indicates whether or not use filter lists.
+	FilteringEnabled bool `yaml:"filtering_enabled"`
+
+	ParentalEnabled     bool `yaml:"parental_enabled"`
+	SafeBrowsingEnabled bool `yaml:"safebrowsing_enabled"`
+
+	// ProtectionEnabled defines whether or not use any of filtering features.
+	ProtectionEnabled bool `yaml:"protection_enabled"`
 }

+// BlockingMode is an enum of all allowed blocking modes.
+type BlockingMode string
+
+// Allowed blocking modes.
+const (
+	// BlockingModeCustomIP means respond with a custom IP address.
+	BlockingModeCustomIP BlockingMode = "custom_ip"
+
+	// BlockingModeDefault is the same as BlockingModeNullIP for
+	// Adblock-style rules, but responds with the IP address specified in
+	// the rule when blocked by an `/etc/hosts`-style rule.
+	BlockingModeDefault BlockingMode = "default"
+
+	// BlockingModeNullIP means respond with a zero IP address: "0.0.0.0"
+	// for A requests and "::" for AAAA ones.
+	BlockingModeNullIP BlockingMode = "null_ip"
+
+	// BlockingModeNXDOMAIN means respond with the NXDOMAIN code.
+	BlockingModeNXDOMAIN BlockingMode = "nxdomain"
+
+	// BlockingModeREFUSED means respond with the REFUSED code.
+	BlockingModeREFUSED BlockingMode = "refused"
+)
+
 // LookupStats store stats collected during safebrowsing or parental checks
 type LookupStats struct {
 	Requests   uint64 // number of HTTP requests that were sent
@@ -182,6 +240,15 @@ type DNSFilter struct {
 	rulesStorageAllow    *filterlist.RuleStorage
 	filteringEngineAllow *urlfilter.DNSEngine

+	// Config contains filtering parameters.  For direct access by library
+	// users, even a = assignment.
+	//
+	// TODO(d.kolyshev): Remove this embed.
+	Config
+
+	// confLock protects Config.
+	confLock sync.RWMutex
+
 	safeSearch SafeSearch

 	// safeBrowsingChecker is the safe browsing hash-prefix checker.
@@ -192,10 +259,6 @@ type DNSFilter struct {

 	engineLock sync.RWMutex

-	Config // for direct access by library users, even a = assignment
-	// confLock protects Config.
-	confLock sync.RWMutex
-
 	// Channel for passing data to filters-initializer goroutine
 	filtersInitializerChan chan filtersInitializerParams
 	filtersInitializerLock sync.Mutex