Pull request: 6122-dnsforward: ipv6 hints filtering

Merge in DNS/adguard-home from 6122-ipv6hints-filtering to master Squashed commit of the following: commit 4c0923de9110ebd5dac28dbfbffeb7f834d7c567 Merge: b1ba1a9a8 4b4036fa6 Author: Dimitry Kolyshev <dkolyshev@adguard.com> Date: Tue Aug 22 17:00:46 2023 +0300 Merge remote-tracking branch 'origin/master' into 6122-ipv6hints-filtering commit b1ba1a9a8641ae846d0360bd50115153ff7c3b19 Author: Dimitry Kolyshev <dkolyshev@adguard.com> Date: Tue Aug 22 15:56:45 2023 +0300 client: disable ipv6 commit 34f2a19aaec0928e83469945d807d9339715d671 Author: Dimitry Kolyshev <dkolyshev@adguard.com> Date: Tue Aug 22 15:16:27 2023 +0300 client: disable ipv6 commit e0387597f81163c9e76bcf20307099c1ca72ca22 Author: Dimitry Kolyshev <dkolyshev@adguard.com> Date: Tue Aug 22 15:11:45 2023 +0300 dnsforward: imp code commit 22cdac4516759edbc6a81dd7636f0170fa669071 Author: Dimitry Kolyshev <dkolyshev@adguard.com> Date: Tue Aug 22 13:59:22 2023 +0300 dnsforward: ipv6 hints filtering
2023-08-22 17:18:35 +03:00
parent 4b4036fa6a
commit cb6d4620c5
4 changed files with 114 additions and 6 deletions
--- a/internal/dnsforward/process_internal_test.go
+++ b/internal/dnsforward/process_internal_test.go
@@ -113,6 +113,99 @@ func TestServer_ProcessInitial(t *testing.T) {
 	}
 }

+func TestServer_ProcessFilteringAfterResponse(t *testing.T) {
+	t.Parallel()
+
+	var (
+		testIPv4 net.IP = netip.MustParseAddr("1.1.1.1").AsSlice()
+		testIPv6 net.IP = netip.MustParseAddr("1234::cdef").AsSlice()
+	)
+
+	testCases := []struct {
+		name         string
+		req          *dns.Msg
+		aaaaDisabled bool
+		respAns      []dns.RR
+		wantRC       resultCode
+		wantRespAns  []dns.RR
+	}{{
+		name:         "pass",
+		req:          createTestMessageWithType(aghtest.ReqFQDN, dns.TypeHTTPS),
+		aaaaDisabled: false,
+		respAns: newSVCBHintsAnswer(
+			aghtest.ReqFQDN,
+			[]dns.SVCBKeyValue{
+				&dns.SVCBIPv4Hint{Hint: []net.IP{testIPv4}},
+				&dns.SVCBIPv6Hint{Hint: []net.IP{testIPv6}},
+			},
+		),
+		wantRespAns: newSVCBHintsAnswer(
+			aghtest.ReqFQDN,
+			[]dns.SVCBKeyValue{
+				&dns.SVCBIPv4Hint{Hint: []net.IP{testIPv4}},
+				&dns.SVCBIPv6Hint{Hint: []net.IP{testIPv6}},
+			},
+		),
+		wantRC: resultCodeSuccess,
+	}, {
+		name:         "filter",
+		req:          createTestMessageWithType(aghtest.ReqFQDN, dns.TypeHTTPS),
+		aaaaDisabled: true,
+		respAns: newSVCBHintsAnswer(
+			aghtest.ReqFQDN,
+			[]dns.SVCBKeyValue{
+				&dns.SVCBIPv4Hint{Hint: []net.IP{testIPv4}},
+				&dns.SVCBIPv6Hint{Hint: []net.IP{testIPv6}},
+			},
+		),
+		wantRespAns: newSVCBHintsAnswer(
+			aghtest.ReqFQDN,
+			[]dns.SVCBKeyValue{
+				&dns.SVCBIPv4Hint{Hint: []net.IP{testIPv4}},
+			},
+		),
+		wantRC: resultCodeSuccess,
+	}}
+
+	for _, tc := range testCases {
+		tc := tc
+
+		t.Run(tc.name, func(t *testing.T) {
+			t.Parallel()
+
+			c := ServerConfig{
+				FilteringConfig: FilteringConfig{
+					AAAADisabled:     tc.aaaaDisabled,
+					EDNSClientSubnet: &EDNSClientSubnet{Enabled: false},
+				},
+			}
+
+			s := createTestServer(t, &filtering.Config{}, c, nil)
+
+			resp := newResp(dns.RcodeSuccess, tc.req, tc.respAns)
+			dctx := &dnsContext{
+				setts: &filtering.Settings{
+					FilteringEnabled:  true,
+					ProtectionEnabled: true,
+				},
+				protectionEnabled:    true,
+				responseFromUpstream: true,
+				result:               &filtering.Result{},
+				proxyCtx: &proxy.DNSContext{
+					Proto: proxy.ProtoUDP,
+					Req:   tc.req,
+					Res:   resp,
+					Addr:  testClientAddr,
+				},
+			}
+
+			gotRC := s.processFilteringAfterResponse(dctx)
+			assert.Equal(t, tc.wantRC, gotRC)
+			assert.Equal(t, newResp(dns.RcodeSuccess, tc.req, tc.wantRespAns), dctx.proxyCtx.Res)
+		})
+	}
+}
+
 func TestServer_ProcessDDRQuery(t *testing.T) {
 	dohSVCB := &dns.SVCB{
 		Priority: 1,