Pull request: AG-28961-upd-golibs

Squashed commit of the following: commit b153bbc7100dd9184ca689f1755f068b63e3046b Merge: d16da0cf6 4508ae860 Author: Dimitry Kolyshev <dkolyshev@adguard.com> Date: Wed Jan 17 13:56:34 2024 +0200 Merge remote-tracking branch 'origin/master' into AG-28961-upd-golibs commit d16da0cf61d050afd04f00ffc36bca550548edd9 Author: Dimitry Kolyshev <dkolyshev@adguard.com> Date: Wed Jan 17 09:52:03 2024 +0200 all: imp code commit 46aeca7221586ce0cdc91838764bbacdbdfa8620 Author: Dimitry Kolyshev <dkolyshev@adguard.com> Date: Wed Jan 17 09:50:10 2024 +0200 all: imp code commit 32bc83c0a909467655a258e2e879731a90dc96e6 Merge: ee51c6046 6dbeb5b97 Author: Dimitry Kolyshev <dkolyshev@adguard.com> Date: Tue Jan 16 15:42:32 2024 +0200 Merge remote-tracking branch 'origin/master' into AG-28961-upd-golibs # Conflicts: # go.mod # go.sum commit ee51c6046632f89fbe5aa8f6d857c239f060aba5 Author: Dimitry Kolyshev <dkolyshev@adguard.com> Date: Tue Jan 16 10:56:38 2024 +0200 all: upd libs commit 02c1dbd9b568cb9f6ec52a0e9835d0d39e3cd377 Merge: 1daba8342 58b47adaf Author: Dimitry Kolyshev <dkolyshev@adguard.com> Date: Tue Jan 16 10:53:54 2024 +0200 Merge remote-tracking branch 'origin/master' into AG-28961-upd-golibs commit 1daba8342b72163c8a26380e083c4e497d6bb772 Author: Dimitry Kolyshev <dkolyshev@adguard.com> Date: Mon Jan 15 11:15:05 2024 +0200 all: upd dnsproxy commit b1670e8a81c04f400245e1316857578b549e58f1 Author: Dimitry Kolyshev <dkolyshev@adguard.com> Date: Mon Jan 15 10:46:27 2024 +0200 dnsforward: imp code commit 7b65a50fca37ad71b68a8bda504839a78b6f7319 Author: Dimitry Kolyshev <dkolyshev@adguard.com> Date: Fri Jan 12 14:14:34 2024 +0200 all: upd golibs
2024-01-17 15:06:16 +03:00
parent 4508ae860e
commit df40da7c64
12 changed files with 46 additions and 78 deletions
--- a/internal/dnsforward/config.go
+++ b/internal/dnsforward/config.go
@@ -110,11 +110,10 @@ type Config struct {
 	// BlockedHosts is the list of hosts that should be blocked.
 	BlockedHosts []string `yaml:"blocked_hosts"`

-	// TrustedProxies is the list of IP addresses and CIDR networks to detect
-	// proxy servers addresses the DoH requests from which should be handled.
-	// The value of nil or an empty slice for this field makes Proxy not trust
-	// any address.
-	TrustedProxies []string `yaml:"trusted_proxies"`
+	// TrustedProxies is the list of CIDR networks with proxy servers addresses
+	// from which the DoH requests should be handled.  The value of nil or an
+	// empty slice for this field makes Proxy not trust any address.
+	TrustedProxies []netutil.Prefix `yaml:"trusted_proxies"`

 	// DNS cache settings

@@ -303,6 +302,8 @@ const (
 // newProxyConfig creates and validates configuration for the main proxy.
 func (s *Server) newProxyConfig() (conf *proxy.Config, err error) {
 	srvConf := s.conf
+	trustedPrefixes := netutil.UnembedPrefixes(srvConf.TrustedProxies)
+
 	conf = &proxy.Config{
 		HTTP3:                  srvConf.ServeHTTP3,
 		Ratelimit:              int(srvConf.Ratelimit),
@@ -310,7 +311,7 @@ func (s *Server) newProxyConfig() (conf *proxy.Config, err error) {
 		RatelimitSubnetLenIPv6: srvConf.RatelimitSubnetLenIPv6,
 		RatelimitWhitelist:     srvConf.RatelimitWhitelist,
 		RefuseAny:              srvConf.RefuseAny,
-		TrustedProxies:         srvConf.TrustedProxies,
+		TrustedProxies:         netutil.SliceSubnetSet(trustedPrefixes),
 		CacheMinTTL:            srvConf.CacheMinTTL,
 		CacheMaxTTL:            srvConf.CacheMaxTTL,
 		CacheOptimistic:        srvConf.CacheOptimistic,