Pull request 2193: AGDNS-1982 Upd proxy

Closes #6854.Updates #6875. Squashed commit of the following: commit b98adbc0cc6eeaffb262d57775c487e03b1d5ba5 Author: Eugene Burkov <E.Burkov@AdGuard.COM> Date: Wed Apr 10 19:21:44 2024 +0300 dnsforward: upd proxy, imp code, docs commit 4de1eb2bca1047426e02ba680c212f46782e5616 Author: Eugene Burkov <E.Burkov@AdGuard.COM> Date: Wed Apr 10 16:09:58 2024 +0300 WIP commit afa9d61e8dc129f907dc681cd2f831cb5c3b054a Author: Eugene Burkov <E.Burkov@AdGuard.COM> Date: Tue Apr 9 19:24:09 2024 +0300 all: log changes commit c8340676a448687a39acd26bc8ce5f94473e441f Author: Eugene Burkov <E.Burkov@AdGuard.COM> Date: Tue Apr 9 19:06:10 2024 +0300 dnsforward: move code commit 08bb7d43d2a3f689ef2ef2409935dc3946752e94 Author: Eugene Burkov <E.Burkov@AdGuard.COM> Date: Tue Apr 9 18:09:46 2024 +0300 dnsforward: imp code commit b27547ec806dd9bce502d3c6a7c28f33693ed575 Merge: b7efca788 6f36ebc06 Author: Eugene Burkov <E.Burkov@AdGuard.COM> Date: Tue Apr 9 17:33:19 2024 +0300 Merge branch 'master' into AGDNS-1982-upd-proxy commit b7efca788b66aa672598b088040d4534ce2e55b0 Author: Eugene Burkov <E.Burkov@AdGuard.COM> Date: Tue Apr 9 17:27:14 2024 +0300 all: upd proxy finally commit 3e16fa87befe4c0ef3a3e7a638d7add28627f9b6 Author: Eugene Burkov <E.Burkov@AdGuard.COM> Date: Fri Apr 5 18:20:13 2024 +0300 dnsforward: upd proxy commit f3cdfc86334a182effcd0de22fac5e678fa53ea7 Author: Eugene Burkov <E.Burkov@AdGuard.COM> Date: Thu Apr 4 20:37:32 2024 +0300 all: upd proxy, golibs commit a79298d6d0504521893ee11fdc3a23c098aea911 Merge: 9feeba5c7 fd25dcacb Author: Eugene Burkov <E.Burkov@AdGuard.COM> Date: Thu Apr 4 20:34:01 2024 +0300 Merge branch 'master' into AGDNS-1982-upd-proxy commit 9feeba5c7f24ff1d308a216608d985cb2a7b7588 Author: Eugene Burkov <E.Burkov@AdGuard.COM> Date: Thu Apr 4 20:25:57 2024 +0300 all: imp code, docs commit 6c68d463db64293eb9c5e29ff91879fd68920a77 Merge: d8108e651 ee619b2db Author: Eugene Burkov <E.Burkov@AdGuard.COM> Date: Thu Apr 4 18:46:11 2024 +0300 Merge branch 'master' into AGDNS-1982-upd-proxy commit d8108e65164df8d67aa4e95154a8768a06255b78 Author: Eugene Burkov <E.Burkov@AdGuard.COM> Date: Wed Apr 3 19:25:27 2024 +0300 all: imp code commit 20461565801c9fcd06a652c6066b524b06c80433 Author: Eugene Burkov <E.Burkov@AdGuard.COM> Date: Wed Apr 3 17:10:33 2024 +0300 all: remove private rdns logic
2024-04-11 14:03:37 +03:00
parent 6f36ebc06c
commit ff7c715c5f
19 changed files with 765 additions and 1365 deletions
--- a/internal/dnsforward/http.go
+++ b/internal/dnsforward/http.go
@@ -261,55 +261,17 @@ func (req *jsonDNSConfig) checkUpstreamMode() (err error) {
 	}
 }

-// checkBootstrap returns an error if any bootstrap address is invalid.
-func (req *jsonDNSConfig) checkBootstrap() (err error) {
-	if req.Bootstraps == nil {
-		return nil
-	}
-
-	var b string
-	defer func() { err = errors.Annotate(err, "checking bootstrap %s: %w", b) }()
-
-	for _, b = range *req.Bootstraps {
-		if b == "" {
-			return errors.Error("empty")
-		}
-
-		var resolver *upstream.UpstreamResolver
-		if resolver, err = upstream.NewUpstreamResolver(b, nil); err != nil {
-			// Don't wrap the error because it's informative enough as is.
-			return err
-		}
-
-		if err = resolver.Close(); err != nil {
-			return fmt.Errorf("closing %s: %w", b, err)
-		}
-	}
-
-	return nil
-}
-
-// checkFallbacks returns an error if any fallback address is invalid.
-func (req *jsonDNSConfig) checkFallbacks() (err error) {
-	if req.Fallbacks == nil {
-		return nil
-	}
-
-	_, err = proxy.ParseUpstreamsConfig(*req.Fallbacks, &upstream.Options{})
-	if err != nil {
-		return fmt.Errorf("fallback servers: %w", err)
-	}
-
-	return nil
-}
-
 // validate returns an error if any field of req is invalid.
 //
 // TODO(s.chzhen):  Parse, don't validate.
-func (req *jsonDNSConfig) validate(privateNets netutil.SubnetSet) (err error) {
+func (req *jsonDNSConfig) validate(
+	ownAddrs addrPortSet,
+	sysResolvers SystemResolvers,
+	privateNets netutil.SubnetSet,
+) (err error) {
 	defer func() { err = errors.Annotate(err, "validating dns config: %w") }()

-	err = req.validateUpstreamDNSServers(privateNets)
+	err = req.validateUpstreamDNSServers(ownAddrs, sysResolvers, privateNets)
 	if err != nil {
 		// Don't wrap the error since it's informative enough as is.
 		return err
@@ -342,17 +304,54 @@ func (req *jsonDNSConfig) validate(privateNets netutil.SubnetSet) (err error) {
 	return nil
 }

+// checkBootstrap returns an error if any bootstrap address is invalid.
+func (req *jsonDNSConfig) checkBootstrap() (err error) {
+	if req.Bootstraps == nil {
+		return nil
+	}
+
+	var b string
+	defer func() { err = errors.Annotate(err, "checking bootstrap %s: %w", b) }()
+
+	for _, b = range *req.Bootstraps {
+		if b == "" {
+			return errors.Error("empty")
+		}
+
+		var resolver *upstream.UpstreamResolver
+		if resolver, err = upstream.NewUpstreamResolver(b, nil); err != nil {
+			// Don't wrap the error because it's informative enough as is.
+			return err
+		}
+
+		if err = resolver.Close(); err != nil {
+			return fmt.Errorf("closing %s: %w", b, err)
+		}
+	}
+
+	return nil
+}
+
 // validateUpstreamDNSServers returns an error if any field of req is invalid.
-func (req *jsonDNSConfig) validateUpstreamDNSServers(privateNets netutil.SubnetSet) (err error) {
+func (req *jsonDNSConfig) validateUpstreamDNSServers(
+	ownAddrs addrPortSet,
+	sysResolvers SystemResolvers,
+	privateNets netutil.SubnetSet,
+) (err error) {
+	var uc *proxy.UpstreamConfig
+	opts := &upstream.Options{}
+
 	if req.Upstreams != nil {
-		_, err = proxy.ParseUpstreamsConfig(*req.Upstreams, &upstream.Options{})
+		uc, err = proxy.ParseUpstreamsConfig(*req.Upstreams, opts)
+		err = errors.WithDeferred(err, uc.Close())
 		if err != nil {
 			return fmt.Errorf("upstream servers: %w", err)
 		}
 	}

-	if req.LocalPTRUpstreams != nil {
-		err = ValidateUpstreamsPrivate(*req.LocalPTRUpstreams, privateNets)
+	if addrs := req.LocalPTRUpstreams; addrs != nil {
+		uc, err = newPrivateConfig(*addrs, ownAddrs, sysResolvers, privateNets, opts)
+		err = errors.WithDeferred(err, uc.Close())
 		if err != nil {
 			return fmt.Errorf("private upstream servers: %w", err)
 		}
@@ -364,10 +363,12 @@ func (req *jsonDNSConfig) validateUpstreamDNSServers(privateNets netutil.SubnetS
 		return err
 	}

-	err = req.checkFallbacks()
-	if err != nil {
-		// Don't wrap the error since it's informative enough as is.
-		return err
+	if req.Fallbacks != nil {
+		uc, err = proxy.ParseUpstreamsConfig(*req.Fallbacks, opts)
+		err = errors.WithDeferred(err, uc.Close())
+		if err != nil {
+			return fmt.Errorf("fallback servers: %w", err)
+		}
 	}

 	return nil
@@ -436,7 +437,16 @@ func (s *Server) handleSetConfig(w http.ResponseWriter, r *http.Request) {
 		return
 	}

-	err = req.validate(s.privateNets)
+	// TODO(e.burkov):  Consider prebuilding this set on startup.
+	ourAddrs, err := s.conf.ourAddrsSet()
+	if err != nil {
+		// TODO(e.burkov):  !! Put into openapi
+		aghhttp.Error(r, w, http.StatusInternalServerError, "getting our addresses: %s", err)
+
+		return
+	}
+
+	err = req.validate(ourAddrs, s.sysResolvers, s.privateNets)
 	if err != nil {
 		aghhttp.Error(r, w, http.StatusBadRequest, "%s", err)

@@ -587,7 +597,7 @@ func (s *Server) handleTestUpstreamDNS(w http.ResponseWriter, r *http.Request) {
 	}

 	var boots []*upstream.UpstreamResolver
-	opts.Bootstrap, boots, err = s.createBootstrap(req.BootstrapDNS, opts)
+	opts.Bootstrap, boots, err = newBootstrap(req.BootstrapDNS, s.etcHosts, opts)
 	if err != nil {
 		aghhttp.Error(r, w, http.StatusBadRequest, "Failed to parse bootstrap servers: %s", err)