Pull request: 3890 fix anonymization

Merge in DNS/adguard-home from 3890-fix-stats to master Updates #3890. Squashed commit of the following: commit a77a6204bc8a58f62a4fac70efdcae4267a64810 Merge: 834493a2 90e65b66 Author: Eugene Burkov <E.Burkov@AdGuard.COM> Date: Mon Dec 6 17:22:16 2021 +0300 Merge branch 'master' into 3890-fix-stats commit 834493a22ae79199efcc44e0715e2ac6f6272963 Author: Eugene Burkov <E.Burkov@AdGuard.COM> Date: Mon Dec 6 17:09:30 2021 +0300 querylog: load once commit b8000e7ba7a998fcd4553230ec5e5f9c90106e31 Author: Eugene Burkov <E.Burkov@AdGuard.COM> Date: Mon Dec 6 16:54:41 2021 +0300 querylog: fix docs commit 7db99ccfa19b58100950c11d67b23bca7af3e5cb Author: Eugene Burkov <E.Burkov@AdGuard.COM> Date: Mon Dec 6 16:51:31 2021 +0300 querylog: imp docs commit 2a84650bd7ac5195730a7ab47b9562a83f721499 Author: Eugene Burkov <E.Burkov@AdGuard.COM> Date: Mon Dec 6 15:48:09 2021 +0300 querylog: imp anonyization commit 0f63feb1ff5f006fc528c3b681ef3b9d2199581e Author: Eugene Burkov <E.Burkov@AdGuard.COM> Date: Mon Dec 6 14:44:37 2021 +0300 all: imp code & docs commit c4ccdcbb7248897edd178fd5cb77127e39ada73d Author: Eugene Burkov <E.Burkov@AdGuard.COM> Date: Mon Dec 6 14:24:30 2021 +0300 all: log changes commit 60bb777a5aff36bba129a078fa11ae566298178a Author: Eugene Burkov <E.Burkov@AdGuard.COM> Date: Mon Dec 6 14:08:41 2021 +0300 all: use atomic value commit c45886bd20eee2212b42686ff369830d8c08fe36 Author: Eugene Burkov <E.Burkov@AdGuard.COM> Date: Tue Nov 30 18:50:02 2021 +0300 all: anonymize separately
2021-12-06 17:26:43 +03:00
parent 90e65b662c
commit d2cf3233b8
16 changed files with 279 additions and 111 deletions
--- a/internal/dnsforward/dns.go
+++ b/internal/dnsforward/dns.go
@@ -307,8 +307,8 @@ func (s *Server) processInternalHosts(dctx *dnsContext) (rc resultCode) {

 	ip, ok := s.hostToIP(host)
 	if !ok {
-		// TODO(e.burkov): Inspect special cases when user want to apply
-		// some rules handled by other processors to the hosts with TLD.
+		// TODO(e.burkov): Inspect special cases when user want to apply some
+		// rules handled by other processors to the hosts with TLD.
 		d.Res = s.genNXDomain(req)

 		return resultCodeFinish
--- a/internal/dnsforward/dnsforward.go
+++ b/internal/dnsforward/dnsforward.go
@@ -79,6 +79,9 @@ type Server struct {
 	sysResolvers   aghnet.SystemResolvers
 	recDetector    *recursionDetector

+	// anonymizer masks the client's IP addresses if needed.
+	anonymizer *aghnet.IPMut
+
 	tableHostToIP     hostToIPTable
 	tableHostToIPLock sync.Mutex

@@ -113,6 +116,7 @@ type DNSCreateParams struct {
 	QueryLog       querylog.QueryLog
 	DHCPServer     dhcpd.ServerInterface
 	SubnetDetector *aghnet.SubnetDetector
+	Anonymizer     *aghnet.IPMut
 	LocalDomain    string
 }

@@ -150,6 +154,9 @@ func NewServer(p DNSCreateParams) (s *Server, err error) {
 		localDomainSuffix = domainNameToSuffix(p.LocalDomain)
 	}

+	if p.Anonymizer == nil {
+		p.Anonymizer = aghnet.NewIPMut(nil)
+	}
 	s = &Server{
 		dnsFilter:         p.DNSFilter,
 		stats:             p.Stats,
@@ -161,6 +168,7 @@ func NewServer(p DNSCreateParams) (s *Server, err error) {
 			EnableLRU: true,
 			MaxCount:  defaultClientIDCacheCount,
 		}),
+		anonymizer: p.Anonymizer,
 	}

 	// TODO(e.burkov): Enable the refresher after the actual implementation
--- a/internal/dnsforward/stats.go
+++ b/internal/dnsforward/stats.go
@@ -1,6 +1,7 @@
 package dnsforward

 import (
+	"net"
 	"strings"
 	"time"

@@ -8,6 +9,7 @@ import (
 	"github.com/AdguardTeam/AdGuardHome/internal/querylog"
 	"github.com/AdguardTeam/AdGuardHome/internal/stats"
 	"github.com/AdguardTeam/dnsproxy/proxy"
+	"github.com/AdguardTeam/golibs/log"
 	"github.com/AdguardTeam/golibs/netutil"
 	"github.com/miekg/dns"
 )
@@ -28,10 +30,16 @@ func (s *Server) processQueryLogsAndStats(ctx *dnsContext) (rc resultCode) {
 	s.serverLock.RLock()
 	defer s.serverLock.RUnlock()

-	// Synchronize access to s.queryLog and s.stats so they won't be suddenly uninitialized while in use.
-	// This can happen after proxy server has been stopped, but its workers haven't yet exited.
+	ip, _ := netutil.IPAndPortFromAddr(pctx.Addr)
+	ip = netutil.CloneIP(ip)
+	s.anonymizer.Load()(ip)
+
+	log.Debug("client ip: %s", ip)
+
+	// Synchronize access to s.queryLog and s.stats so they won't be suddenly
+	// uninitialized while in use.  This can happen after proxy server has been
+	// stopped, but its workers haven't yet exited.
 	if shouldLog && s.queryLog != nil {
-		ip, _ := netutil.IPAndPortFromAddr(pctx.Addr)
 		p := querylog.AddParams{
 			Question:   msg,
 			Answer:     pctx.Res,
@@ -63,12 +71,17 @@ func (s *Server) processQueryLogsAndStats(ctx *dnsContext) (rc resultCode) {
 		s.queryLog.Add(p)
 	}

-	s.updateStats(ctx, elapsed, *ctx.result)
+	s.updateStats(ctx, elapsed, *ctx.result, ip)

 	return resultCodeSuccess
 }

-func (s *Server) updateStats(ctx *dnsContext, elapsed time.Duration, res filtering.Result) {
+func (s *Server) updateStats(
+	ctx *dnsContext,
+	elapsed time.Duration,
+	res filtering.Result,
+	clientIP net.IP,
+) {
 	if s.stats == nil {
 		return
 	}
@@ -80,8 +93,8 @@ func (s *Server) updateStats(ctx *dnsContext, elapsed time.Duration, res filteri

 	if clientID := ctx.clientID; clientID != "" {
 		e.Client = clientID
-	} else if ip, _ := netutil.IPAndPortFromAddr(pctx.Addr); ip != nil {
-		e.Client = ip.String()
+	} else if clientIP != nil {
+		e.Client = clientIP.String()
 	}

 	e.Time = uint32(elapsed / 1000)
--- a/internal/dnsforward/stats_test.go
+++ b/internal/dnsforward/stats_test.go
@@ -5,6 +5,7 @@ import (
 	"testing"
 	"time"

+	"github.com/AdguardTeam/AdGuardHome/internal/aghnet"
 	"github.com/AdguardTeam/AdGuardHome/internal/filtering"
 	"github.com/AdguardTeam/AdGuardHome/internal/querylog"
 	"github.com/AdguardTeam/AdGuardHome/internal/stats"
@@ -163,8 +164,9 @@ func TestProcessQueryLogsAndStats(t *testing.T) {
 		ql := &testQueryLog{}
 		st := &testStats{}
 		srv := &Server{
-			queryLog: ql,
-			stats:    st,
+			queryLog:   ql,
+			stats:      st,
+			anonymizer: aghnet.NewIPMut(nil),
 		}
 		t.Run(tc.name, func(t *testing.T) {
 			req := &dns.Msg{