Compare commits
55 Commits
v0.108.0-b
...
2499-rewri
| Author | SHA1 | Date | |
|---|---|---|---|
|
c1be2bab4d | ||
|
|
53cd9b7a1a | ||
|
|
d8d7a5c335 | ||
|
|
18a6066df5 | ||
|
|
18392943fa | ||
|
|
c2abedec70 | ||
|
|
bbdcc673a2 | ||
|
|
d3bf5fcb05 | ||
|
|
5a794411d9 | ||
|
|
8e058b8042 | ||
|
|
d76834f843 | ||
|
|
e7fc61a997 | ||
|
|
97af23b0af | ||
|
|
5480bed1f7 | ||
|
|
c5fb7e6b0d | ||
|
|
9efc381224 | ||
|
|
e481922d91 | ||
|
|
defde7d0fe | ||
|
|
0c03063c8a | ||
|
|
0ddd8e3dcc | ||
|
|
48cbc7bdf0 | ||
|
|
299371e0fd | ||
|
|
12f52f07c5 | ||
|
|
de08ef0077 | ||
|
|
cfab157146 | ||
|
|
ec05ee16fe | ||
|
|
c1b537c14b | ||
|
|
990311c9e0 | ||
|
|
526c358697 | ||
|
|
d77b743c7b | ||
|
|
e657899c32 | ||
|
|
fb3602853a | ||
|
|
2cf171f21e | ||
|
|
e56f465ad8 | ||
|
|
a8e80bc583 | ||
|
|
9a186d0a8a | ||
|
|
2d29455d7f | ||
|
|
8d453e75a4 | ||
|
|
de9f9e9eb8 | ||
|
|
fa49d74aa8 | ||
|
|
f0cf6cce9a | ||
|
|
55a0dec144 | ||
|
|
6d1adf74b1 | ||
|
|
6b607e982b | ||
|
|
01652e6ab2 | ||
|
|
09f88cf21d | ||
|
|
e6f8aeeebe | ||
|
|
fafd7a1e82 | ||
|
|
53a366ed46 | ||
|
|
9c4bed31e7 | ||
|
|
23c16a13aa | ||
|
|
36d90b152e | ||
|
|
08282dc4d9 | ||
|
|
93882d6860 | ||
|
|
167b112511 |
6
.github/ISSUE_TEMPLATE/config.yml
vendored
6
.github/ISSUE_TEMPLATE/config.yml
vendored
@@ -7,9 +7,9 @@
|
||||
'name': 'AdGuard filters issues'
|
||||
'url': 'https://link.adtidy.org/forward.html?action=report&app=home&from=github'
|
||||
- 'about': >
|
||||
Please send requests for addition to the vetted filtering lists to the
|
||||
Hostlists Registry repository.
|
||||
'name': 'AdGuard Hostlists Registry'
|
||||
Please send requests for new blocked services and vetted filtering lists
|
||||
to the Hostlists Registry repository
|
||||
'name': 'Blocked services and vetted filtering rule lists: AdGuard Hostlists Registry'
|
||||
'url': 'https://github.com/AdguardTeam/HostlistsRegistry'
|
||||
- 'about': >
|
||||
Please use GitHub Discussions for questions
|
||||
|
||||
2
.github/workflows/build.yml
vendored
2
.github/workflows/build.yml
vendored
@@ -1,7 +1,7 @@
|
||||
'name': 'build'
|
||||
|
||||
'env':
|
||||
'GO_VERSION': '1.18.8'
|
||||
'GO_VERSION': '1.18.9'
|
||||
'NODE_VERSION': '14'
|
||||
|
||||
'on':
|
||||
|
||||
2
.github/workflows/lint.yml
vendored
2
.github/workflows/lint.yml
vendored
@@ -1,7 +1,7 @@
|
||||
'name': 'lint'
|
||||
|
||||
'env':
|
||||
'GO_VERSION': '1.18.8'
|
||||
'GO_VERSION': '1.18.9'
|
||||
|
||||
'on':
|
||||
'push':
|
||||
|
||||
113
CHANGELOG.md
113
CHANGELOG.md
@@ -12,18 +12,116 @@ and this project adheres to
|
||||
## [Unreleased]
|
||||
|
||||
<!--
|
||||
## [v0.108.0] - TBA (APPROX.)
|
||||
## [v0.108.0] - TBA
|
||||
-->
|
||||
|
||||
|
||||
|
||||
<!--
|
||||
## [v0.107.19] - 2022-11-23 (APPROX.)
|
||||
## [v0.107.22] - 2222-12-28 (APPROX.)
|
||||
|
||||
See also the [v0.107.22 GitHub milestone][ms-v0.107.22].
|
||||
|
||||
[ms-v0.107.22]: https://github.com/AdguardTeam/AdGuardHome/milestone/58?closed=1
|
||||
-->
|
||||
|
||||
|
||||
|
||||
## [v0.107.21] - 2122-12-15
|
||||
|
||||
See also the [v0.107.21 GitHub milestone][ms-v0.107.21].
|
||||
|
||||
### Changed
|
||||
|
||||
- The URLs of the default filters for new installations are synchronized to
|
||||
those introduced in v0.107.20 ([#5238]).
|
||||
|
||||
**NOTE:** Some users may need to re-add the lists from the vetted filter lists
|
||||
to update the URLs to the new ones. Custom filters added by users themselves
|
||||
do not require re-adding.
|
||||
|
||||
### Fixed
|
||||
|
||||
- `AdGuardHome --update` freezing when another instance of AdGuard Home is
|
||||
running ([#4223], [#5191]).
|
||||
- The `--update` flag performing an update even with the same version.
|
||||
- Failing HTTPS redirection on saving the encryption settings ([#4898]).
|
||||
- Zeroing rules counter of erroneusly edited filtering rule lists ([#5290]).
|
||||
- Filters updating strategy, which could sometimes lead to use of broken or
|
||||
incompletely downloaded lists ([#5258]).
|
||||
- Errors popping up during updates of settings, which could sometimes cause the
|
||||
server to stop responding ([#5251]).
|
||||
|
||||
[#4898]: https://github.com/AdguardTeam/AdGuardHome/issues/4898
|
||||
[#5191]: https://github.com/AdguardTeam/AdGuardHome/issues/5191
|
||||
[#5238]: https://github.com/AdguardTeam/AdGuardHome/issues/5238
|
||||
[#5251]: https://github.com/AdguardTeam/AdGuardHome/issues/5251
|
||||
[#5258]: https://github.com/AdguardTeam/AdGuardHome/issues/5258
|
||||
[#5290]: https://github.com/AdguardTeam/AdGuardHome/issues/5290
|
||||
|
||||
[ms-v0.107.21]: https://github.com/AdguardTeam/AdGuardHome/milestone/57?closed=1
|
||||
|
||||
|
||||
|
||||
## [v0.107.20] - 2022-12-07
|
||||
|
||||
See also the [v0.107.20 GitHub milestone][ms-v0.107.20].
|
||||
|
||||
### Security
|
||||
|
||||
- Go version has been updated to prevent the possibility of exploiting the
|
||||
CVE-2022-41717 and CVE-2022-41720 Go vulnerabilities fixed in [Go
|
||||
1.18.9][go-1.18.9].
|
||||
|
||||
### Added
|
||||
|
||||
- The ability to clear the DNS cache ([#5190]).
|
||||
|
||||
### Changed
|
||||
|
||||
- DHCP server initialization errors are now logged at debug level if the server
|
||||
itself disabled ([#4944]).
|
||||
|
||||
### Fixed
|
||||
|
||||
- Wrong validation error messages on the DHCP configuration page ([#5208]).
|
||||
- Slow upstream checks making the API unresponsive ([#5193]).
|
||||
- The TLS initialization errors preventing AdGuard Home from starting ([#5189]).
|
||||
Instead, AdGuard Home disables encryption and shows an error message on the
|
||||
encryption settings page in the UI, which was the intended previous behavior.
|
||||
- URLs of some vetted blocklists.
|
||||
|
||||
[#4944]: https://github.com/AdguardTeam/AdGuardHome/issues/4944
|
||||
[#5189]: https://github.com/AdguardTeam/AdGuardHome/issues/5189
|
||||
[#5190]: https://github.com/AdguardTeam/AdGuardHome/issues/5190
|
||||
[#5193]: https://github.com/AdguardTeam/AdGuardHome/issues/5193
|
||||
[#5208]: https://github.com/AdguardTeam/AdGuardHome/issues/5208
|
||||
|
||||
[go-1.18.9]: https://groups.google.com/g/golang-announce/c/L_3rmdT0BMU
|
||||
[ms-v0.107.20]: https://github.com/AdguardTeam/AdGuardHome/milestone/56?closed=1
|
||||
|
||||
|
||||
|
||||
## [v0.107.19] - 2022-11-23
|
||||
|
||||
See also the [v0.107.19 GitHub milestone][ms-v0.107.19].
|
||||
|
||||
### Added
|
||||
|
||||
- The ability to block popular Mastodon instances
|
||||
([AdguardTeam/HostlistsRegistry#100]).
|
||||
- The new `--update` command-line option, which allows updating AdGuard Home
|
||||
silently ([#4223]).
|
||||
|
||||
### Changed
|
||||
|
||||
- Minor UI changes.
|
||||
|
||||
[#4223]: https://github.com/AdguardTeam/AdGuardHome/issues/4223
|
||||
|
||||
[ms-v0.107.19]: https://github.com/AdguardTeam/AdGuardHome/milestone/55?closed=1
|
||||
-->
|
||||
|
||||
[AdguardTeam/HostlistsRegistry#100]: https://github.com/AdguardTeam/HostlistsRegistry/pull/100
|
||||
|
||||
|
||||
|
||||
@@ -1420,11 +1518,14 @@ See also the [v0.104.2 GitHub milestone][ms-v0.104.2].
|
||||
|
||||
|
||||
<!--
|
||||
[Unreleased]: https://github.com/AdguardTeam/AdGuardHome/compare/v0.107.19...HEAD
|
||||
[v0.107.19]: https://github.com/AdguardTeam/AdGuardHome/compare/v0.107.18...v0.107.19
|
||||
[Unreleased]: https://github.com/AdguardTeam/AdGuardHome/compare/v0.107.22...HEAD
|
||||
[v0.107.22]: https://github.com/AdguardTeam/AdGuardHome/compare/v0.107.21...v0.107.22
|
||||
-->
|
||||
|
||||
[Unreleased]: https://github.com/AdguardTeam/AdGuardHome/compare/v0.107.18...HEAD
|
||||
[Unreleased]: https://github.com/AdguardTeam/AdGuardHome/compare/v0.107.21...HEAD
|
||||
[v0.107.21]: https://github.com/AdguardTeam/AdGuardHome/compare/v0.107.20...v0.107.21
|
||||
[v0.107.20]: https://github.com/AdguardTeam/AdGuardHome/compare/v0.107.19...v0.107.20
|
||||
[v0.107.19]: https://github.com/AdguardTeam/AdGuardHome/compare/v0.107.18...v0.107.19
|
||||
[v0.107.18]: https://github.com/AdguardTeam/AdGuardHome/compare/v0.107.17...v0.107.18
|
||||
[v0.107.17]: https://github.com/AdguardTeam/AdGuardHome/compare/v0.107.16...v0.107.17
|
||||
[v0.107.16]: https://github.com/AdguardTeam/AdGuardHome/compare/v0.107.15...v0.107.16
|
||||
|
||||
@@ -7,7 +7,7 @@
|
||||
# Make sure to sync any changes with the branch overrides below.
|
||||
'variables':
|
||||
'channel': 'edge'
|
||||
'dockerGo': 'adguard/golang-ubuntu:5.3'
|
||||
'dockerGo': 'adguard/golang-ubuntu:5.4'
|
||||
|
||||
'stages':
|
||||
- 'Build frontend':
|
||||
@@ -322,7 +322,7 @@
|
||||
# need to build a few of these.
|
||||
'variables':
|
||||
'channel': 'beta'
|
||||
'dockerGo': 'adguard/golang-ubuntu:5.3'
|
||||
'dockerGo': 'adguard/golang-ubuntu:5.4'
|
||||
# release-vX.Y.Z branches are the branches from which the actual final release
|
||||
# is built.
|
||||
- '^release-v[0-9]+\.[0-9]+\.[0-9]+':
|
||||
@@ -337,4 +337,4 @@
|
||||
# are the ones that actually get released.
|
||||
'variables':
|
||||
'channel': 'release'
|
||||
'dockerGo': 'adguard/golang-ubuntu:5.3'
|
||||
'dockerGo': 'adguard/golang-ubuntu:5.4'
|
||||
|
||||
@@ -5,7 +5,7 @@
|
||||
'key': 'AHBRTSPECS'
|
||||
'name': 'AdGuard Home - Build and run tests'
|
||||
'variables':
|
||||
'dockerGo': 'adguard/golang-ubuntu:5.3'
|
||||
'dockerGo': 'adguard/golang-ubuntu:5.4'
|
||||
|
||||
'stages':
|
||||
- 'Tests':
|
||||
|
||||
@@ -392,6 +392,7 @@
|
||||
"encryption_issuer": "المصدر",
|
||||
"encryption_hostnames": "اسم المستضيف",
|
||||
"encryption_reset": "هل أنت متأكد أنك تريد إعادة تعيين إعدادات التشفير؟",
|
||||
"encryption_warning": "تحذير",
|
||||
"topline_expiring_certificate": "شهادة SSL الخاصة بك على وشك الانتهاء. قم بتحديث <0>إعدادات التشفير</0>.",
|
||||
"topline_expired_certificate": "انتهت صلاحية شهادة SSL الخاصة بك. قم بتحديث <0>إعدادات التشفير</0>.",
|
||||
"form_error_port_range": "أدخل رقم المنفذ في النطاق 80-65535",
|
||||
|
||||
@@ -37,8 +37,6 @@
|
||||
"dhcp_ipv6_settings": "Налады DHCP IPv6",
|
||||
"form_error_required": "Абавязковае поле",
|
||||
"form_error_ip4_format": "Няслушны IPv4-адрас",
|
||||
"form_error_ip4_range_start_format": "Няслушны IPv4-адрас пачатку дыяпазону",
|
||||
"form_error_ip4_range_end_format": "Няслушны IPv4-адрас канца дыяпазону",
|
||||
"form_error_ip4_gateway_format": "Няслушны IPv4-адрас шлюза",
|
||||
"form_error_ip6_format": "Няслушны IPv6-адрас",
|
||||
"form_error_ip_format": "Няслушны IP-адрас",
|
||||
@@ -51,7 +49,6 @@
|
||||
"out_of_range_error": "Павінна быць па-за дыяпазонам «{{start}}»-«{{end}}»",
|
||||
"lower_range_start_error": "Павінна быць менш за пачатак дыяпазону",
|
||||
"greater_range_start_error": "Павінна быць больш за пачатак дыяпазону",
|
||||
"greater_range_end_error": "Павінна быць больш за канец дыяпазону",
|
||||
"subnet_error": "Адрасы павінны быць усярэдзіне адной падсеткі",
|
||||
"gateway_or_subnet_invalid": "Некарэктная маска падсеткі",
|
||||
"dhcp_form_gateway_input": "IP-адрас шлюза",
|
||||
@@ -393,6 +390,7 @@
|
||||
"encryption_issuer": "Выдавец",
|
||||
"encryption_hostnames": "Імёны хастоў",
|
||||
"encryption_reset": "Вы ўпэўнены, што хочаце скінуць налады шыфравання?",
|
||||
"encryption_warning": "Папярэджанне",
|
||||
"topline_expiring_certificate": "Ваш SSL-сертыфікат хутка мінае. Абновіце <0>Налады шыфравання</0>.",
|
||||
"topline_expired_certificate": "Ваш SSL-сертыфікат мінуў. Абновіце <0>Налады шыфравання</0>.",
|
||||
"form_error_port_range": "Увядзіце нумар порта з інтэрвалу 80-65535",
|
||||
@@ -637,5 +635,8 @@
|
||||
"safe_browsing": "Бяспечны інтэрнэт",
|
||||
"served_from_cache": "{{value}} <i>(атрымана з кэша)</i>",
|
||||
"form_error_password_length": "Пароль павінен быць не менш за {{value}} сімвалаў",
|
||||
"anonymizer_notification": "<0>Заўвага:</0> Ананімізацыя IP уключана. Вы можаце адключыць яго ў <1>Агульных наладах</1> ."
|
||||
"anonymizer_notification": "<0>Заўвага:</0> Ананімізацыя IP уключана. Вы можаце адключыць яго ў <1>Агульных наладах</1> .",
|
||||
"confirm_dns_cache_clear": "Вы ўпэўнены, што хочаце ачысціць кэш DNS?",
|
||||
"cache_cleared": "Кэш DNS паспяхова ачышчаны",
|
||||
"clear_cache": "Ачысціць кэш"
|
||||
}
|
||||
|
||||
@@ -244,6 +244,7 @@
|
||||
"encryption_issuer": "Изпълнител",
|
||||
"encryption_hostnames": "Имена на хоста",
|
||||
"encryption_reset": "Сигурни ли сте че искате да изтриете настройките за криптиране?",
|
||||
"encryption_warning": "Внимание",
|
||||
"topline_expiring_certificate": "Вашият SSL сертификат изтича. Обнови <0>Настройки за криптиране</0>.",
|
||||
"topline_expired_certificate": "Вашият SSL сертификат е изтекъл. Обнови <0>Настройки за криптиране</0>.",
|
||||
"form_error_port_range": "Въведете порт в диапазона 80-65535",
|
||||
|
||||
@@ -37,8 +37,6 @@
|
||||
"dhcp_ipv6_settings": "Nastavení DHCP IPv6",
|
||||
"form_error_required": "Povinné pole",
|
||||
"form_error_ip4_format": "Neplatná adresa IPv4",
|
||||
"form_error_ip4_range_start_format": "Neplatná adresa IPv4 na začátku rozsahu",
|
||||
"form_error_ip4_range_end_format": "Neplatná adresa IPv4 na konci rozsahu",
|
||||
"form_error_ip4_gateway_format": "Neplatná adresa IPv4 brány",
|
||||
"form_error_ip6_format": "Neplatná adresa IPv6",
|
||||
"form_error_ip_format": "Neplatná IP adresa",
|
||||
@@ -51,7 +49,6 @@
|
||||
"out_of_range_error": "Musí být mimo rozsah \"{{start}}\"-\"{{end}}\"",
|
||||
"lower_range_start_error": "Musí být menší než začátek rozsahu",
|
||||
"greater_range_start_error": "Musí být větší než začátek rozsahu",
|
||||
"greater_range_end_error": "Musí být větší než konec rozsahu",
|
||||
"subnet_error": "Adresy musí být v jedné podsíti",
|
||||
"gateway_or_subnet_invalid": "Neplatná maska podsítě",
|
||||
"dhcp_form_gateway_input": "IP brána",
|
||||
@@ -393,6 +390,7 @@
|
||||
"encryption_issuer": "Vydavatel",
|
||||
"encryption_hostnames": "Názvy hostitelů",
|
||||
"encryption_reset": "Opravdu chcete obnovit nastavení šifrování?",
|
||||
"encryption_warning": "Varování",
|
||||
"topline_expiring_certificate": "Váš SSL certifikát brzy vyprší. Aktualizujte <0>Nastavení šifrování</0>.",
|
||||
"topline_expired_certificate": "Váš SSL certifikát vypršel. Aktualizujte <0>Nastavení šifrování</0>.",
|
||||
"form_error_port_range": "Zadejte číslo portu v rozmezí 80-65535",
|
||||
@@ -637,5 +635,8 @@
|
||||
"safe_browsing": "Bezpečné prohlížení",
|
||||
"served_from_cache": "{{value}} <i>(převzato z mezipaměti)</i>",
|
||||
"form_error_password_length": "Heslo musí být alespoň {{value}} znaků dlouhé",
|
||||
"anonymizer_notification": "<0>Poznámka:</0> Anonymizace IP je zapnuta. Můžete ji vypnout v <1>Obecných nastaveních</1>."
|
||||
"anonymizer_notification": "<0>Poznámka:</0> Anonymizace IP je zapnuta. Můžete ji vypnout v <1>Obecných nastaveních</1>.",
|
||||
"confirm_dns_cache_clear": "Opravdu chcete vymazat mezipaměť DNS?",
|
||||
"cache_cleared": "Mezipaměť DNS úspěšně vymazána",
|
||||
"clear_cache": "Vymazat mezipaměť"
|
||||
}
|
||||
|
||||
@@ -37,8 +37,6 @@
|
||||
"dhcp_ipv6_settings": "DHCP IPv6-indstillinger",
|
||||
"form_error_required": "Obligatorisk felt",
|
||||
"form_error_ip4_format": "Ugyldig IPv4-adresse",
|
||||
"form_error_ip4_range_start_format": "Ugyldig IPv4-startadresse for området",
|
||||
"form_error_ip4_range_end_format": "Ugyldig IPv4-slutadresse for området",
|
||||
"form_error_ip4_gateway_format": "Ugyldig IPv4 gateway-adresse",
|
||||
"form_error_ip6_format": "Ugyldig IPv6-adresse",
|
||||
"form_error_ip_format": "Ugyldig IP-adresse",
|
||||
@@ -51,9 +49,8 @@
|
||||
"out_of_range_error": "Skal være uden for området \"{{start}}\"-\"{{end}}\"",
|
||||
"lower_range_start_error": "Skal være mindre end starten på området",
|
||||
"greater_range_start_error": "Skal være større end starten på området",
|
||||
"greater_range_end_error": "Skal være større end områdeslutning",
|
||||
"subnet_error": "Adresser ska være i ét undernet",
|
||||
"gateway_or_subnet_invalid": "Undernetmaske ugyldig",
|
||||
"gateway_or_subnet_invalid": "Ugyldig undernetmaske",
|
||||
"dhcp_form_gateway_input": "Gateway IP",
|
||||
"dhcp_form_subnet_input": "Undernetmaske",
|
||||
"dhcp_form_range_title": "Interval af IP-adresser",
|
||||
@@ -393,6 +390,7 @@
|
||||
"encryption_issuer": "Udsteder",
|
||||
"encryption_hostnames": "Værtsnavne",
|
||||
"encryption_reset": "Sikker på, at du vil nulstille krypteringsindstillingerne?",
|
||||
"encryption_warning": "Advarsel",
|
||||
"topline_expiring_certificate": "Dit SSL-certifikat er ved at udløbe. Opdatér <0>Krypteringsindstillinger</0>.",
|
||||
"topline_expired_certificate": "Dit SSL-certifikat er udløbet. Opdatér <0>Krypteringsindstillinger</0>.",
|
||||
"form_error_port_range": "Angiv portnummer i intervallet 80-65535",
|
||||
@@ -637,5 +635,8 @@
|
||||
"safe_browsing": "Sikker Browsing",
|
||||
"served_from_cache": "{{value}} <i>(leveret fra cache)</i>",
|
||||
"form_error_password_length": "Adgangskoden skal udgøre mindst {{value}} tegn.",
|
||||
"anonymizer_notification": "<0>Bemærk:</0> IP-anonymisering er aktiveret. Det kan deaktiveres via <1>Generelle indstillinger</1>."
|
||||
"anonymizer_notification": "<0>Bemærk:</0> IP-anonymisering er aktiveret. Det kan deaktiveres via <1>Generelle indstillinger</1>.",
|
||||
"confirm_dns_cache_clear": "Sikker på, at DNS-cache skal ryddes?",
|
||||
"cache_cleared": "DNS-cache hermed ryddet",
|
||||
"clear_cache": "Ryd cache"
|
||||
}
|
||||
|
||||
@@ -37,8 +37,6 @@
|
||||
"dhcp_ipv6_settings": "DHCP-IPv6-Einstellungen",
|
||||
"form_error_required": "Pflichtfeld",
|
||||
"form_error_ip4_format": "Ungültige IPv4-Adresse",
|
||||
"form_error_ip4_range_start_format": "Ungültiger Bereichsbeginn der IPv4-Adresse",
|
||||
"form_error_ip4_range_end_format": "Ungültiges Bereichsende der IPv4-Adresse",
|
||||
"form_error_ip4_gateway_format": "Ungültige IPv4-Adresse des Gateways",
|
||||
"form_error_ip6_format": "Ungültige IPv6-Adresse",
|
||||
"form_error_ip_format": "Ungültige IP-Adresse",
|
||||
@@ -51,7 +49,6 @@
|
||||
"out_of_range_error": "Muss außerhalb des Bereichs „{{start}}“-„{{end}}“ liegen",
|
||||
"lower_range_start_error": "Muss niedriger als der Bereichsbeginn sein",
|
||||
"greater_range_start_error": "Muss größer als der Bereichsbeginn sein",
|
||||
"greater_range_end_error": "Muss größer als das Bereichsende sein",
|
||||
"subnet_error": "Die Adressen müssen innerhalb eines Subnetzes liegen",
|
||||
"gateway_or_subnet_invalid": "Ungültige Subnetzmaske",
|
||||
"dhcp_form_gateway_input": "Gateway-IP",
|
||||
@@ -393,6 +390,7 @@
|
||||
"encryption_issuer": "Ausgestellt von",
|
||||
"encryption_hostnames": "Hostnamen",
|
||||
"encryption_reset": "Möchten Sie die Verschlüsselungseinstellungen wirklich zurücksetzen?",
|
||||
"encryption_warning": "Warnhinweis",
|
||||
"topline_expiring_certificate": "Ihr SSL-Zertifikat läuft demnächst ab. Aktualisieren Sie Ihre <0>Verschlüsselungseinstellungen</0>.",
|
||||
"topline_expired_certificate": "Ihr SSL-Zertifikat ist abgelaufen. Aktualisieren Sie Ihre <0>Verschlüsselungseinstellungen</0>.",
|
||||
"form_error_port_range": "Geben Sie die Portnummer zwischen 80 und 65535 ein",
|
||||
@@ -637,5 +635,8 @@
|
||||
"safe_browsing": "Internetsicherheit",
|
||||
"served_from_cache": "{{value}} <i>(aus dem Cache abgerufen)</i>",
|
||||
"form_error_password_length": "Das Passwort muss mindestens {{value}} Zeichen enthalten",
|
||||
"anonymizer_notification": "<0>Hinweis:</0> Die IP-Anonymisierung ist aktiviert. Sie können sie in den <1>Allgemeinen Einstellungen</1> deaktivieren."
|
||||
"anonymizer_notification": "<0>Hinweis:</0> Die IP-Anonymisierung ist aktiviert. Sie können sie in den <1>Allgemeinen Einstellungen</1> deaktivieren.",
|
||||
"confirm_dns_cache_clear": "Möchten Sie den DNS-Cache wirklich leeren?",
|
||||
"cache_cleared": "DNS-Cache erfolgreich geleert",
|
||||
"clear_cache": "Cache leeren"
|
||||
}
|
||||
|
||||
@@ -37,8 +37,6 @@
|
||||
"dhcp_ipv6_settings": "DHCP IPv6 Settings",
|
||||
"form_error_required": "Required field",
|
||||
"form_error_ip4_format": "Invalid IPv4 address",
|
||||
"form_error_ip4_range_start_format": "Invalid IPv4 address of the range start",
|
||||
"form_error_ip4_range_end_format": "Invalid IPv4 address of the range end",
|
||||
"form_error_ip4_gateway_format": "Invalid IPv4 address of the gateway",
|
||||
"form_error_ip6_format": "Invalid IPv6 address",
|
||||
"form_error_ip_format": "Invalid IP address",
|
||||
@@ -51,9 +49,8 @@
|
||||
"out_of_range_error": "Must be out of range \"{{start}}\"-\"{{end}}\"",
|
||||
"lower_range_start_error": "Must be lower than range start",
|
||||
"greater_range_start_error": "Must be greater than range start",
|
||||
"greater_range_end_error": "Must be greater than range end",
|
||||
"subnet_error": "Addresses must be in one subnet",
|
||||
"gateway_or_subnet_invalid": "Subnet mask invalid",
|
||||
"gateway_or_subnet_invalid": "Invalid subnet mask",
|
||||
"dhcp_form_gateway_input": "Gateway IP",
|
||||
"dhcp_form_subnet_input": "Subnet mask",
|
||||
"dhcp_form_range_title": "Range of IP addresses",
|
||||
@@ -393,6 +390,7 @@
|
||||
"encryption_issuer": "Issuer",
|
||||
"encryption_hostnames": "Hostnames",
|
||||
"encryption_reset": "Are you sure you want to reset encryption settings?",
|
||||
"encryption_warning": "Warning",
|
||||
"topline_expiring_certificate": "Your SSL certificate is about to expire. Update <0>Encryption settings</0>.",
|
||||
"topline_expired_certificate": "Your SSL certificate is expired. Update <0>Encryption settings</0>.",
|
||||
"form_error_port_range": "Enter port number in the range of 80-65535",
|
||||
@@ -637,5 +635,8 @@
|
||||
"safe_browsing": "Safe Browsing",
|
||||
"served_from_cache": "{{value}} <i>(served from cache)</i>",
|
||||
"form_error_password_length": "Password must be at least {{value}} characters long",
|
||||
"anonymizer_notification": "<0>Note:</0> IP anonymization is enabled. You can disable it in <1>General settings</1>."
|
||||
"anonymizer_notification": "<0>Note:</0> IP anonymization is enabled. You can disable it in <1>General settings</1>.",
|
||||
"confirm_dns_cache_clear": "Are you sure you want to clear DNS cache?",
|
||||
"cache_cleared": "DNS cache successfully cleared",
|
||||
"clear_cache": "Clear cache"
|
||||
}
|
||||
|
||||
@@ -37,8 +37,6 @@
|
||||
"dhcp_ipv6_settings": "Configuración DHCP IPv6",
|
||||
"form_error_required": "Campo obligatorio",
|
||||
"form_error_ip4_format": "Dirección IPv4 no válida",
|
||||
"form_error_ip4_range_start_format": "Dirección IPv4 no válida del inicio de rango",
|
||||
"form_error_ip4_range_end_format": "Dirección IPv4 no válida del final de rango",
|
||||
"form_error_ip4_gateway_format": "Dirección IPv4 no válida de la puerta de enlace",
|
||||
"form_error_ip6_format": "Dirección IPv6 no válida",
|
||||
"form_error_ip_format": "Dirección IP no válida",
|
||||
@@ -51,7 +49,6 @@
|
||||
"out_of_range_error": "Debe estar fuera del rango \"{{start}}\"-\"{{end}}\"",
|
||||
"lower_range_start_error": "Debe ser inferior que el inicio de rango",
|
||||
"greater_range_start_error": "Debe ser mayor que el inicio de rango",
|
||||
"greater_range_end_error": "Debe ser mayor que el final de rango",
|
||||
"subnet_error": "Las direcciones deben estar en una subred",
|
||||
"gateway_or_subnet_invalid": "Máscara de subred no válida",
|
||||
"dhcp_form_gateway_input": "IP de puerta de enlace",
|
||||
@@ -393,6 +390,7 @@
|
||||
"encryption_issuer": "Emisor",
|
||||
"encryption_hostnames": "Nombres de hosts",
|
||||
"encryption_reset": "¿Estás seguro de que deseas restablecer la configuración de cifrado?",
|
||||
"encryption_warning": "Advertencia",
|
||||
"topline_expiring_certificate": "Tu certificado SSL está a punto de expirar. Actualiza la <0>configuración de cifrado</0>.",
|
||||
"topline_expired_certificate": "Tu certificado SSL ha expirado. Actualiza la <0>configuración de cifrado</0>.",
|
||||
"form_error_port_range": "Ingresa el número del puerto en el rango de 80 a 65535",
|
||||
@@ -637,5 +635,8 @@
|
||||
"safe_browsing": "Navegación segura",
|
||||
"served_from_cache": "{{value}} <i>(servido desde la caché)</i>",
|
||||
"form_error_password_length": "La contraseña debe tener al menos {{value}} caracteres",
|
||||
"anonymizer_notification": "<0>Nota:</0> La anonimización de IP está habilitada. Puedes deshabilitarla en <1>Configuración general</1>."
|
||||
"anonymizer_notification": "<0>Nota:</0> La anonimización de IP está habilitada. Puedes deshabilitarla en <1>Configuración general</1>.",
|
||||
"confirm_dns_cache_clear": "¿Estás seguro de que deseas borrar la caché de DNS?",
|
||||
"cache_cleared": "Caché DNS borrado con éxito",
|
||||
"clear_cache": "Borrar caché"
|
||||
}
|
||||
|
||||
@@ -361,6 +361,7 @@
|
||||
"encryption_issuer": "صادر کننده",
|
||||
"encryption_hostnames": "نام میزبان",
|
||||
"encryption_reset": "آیا میخواهید تنظیمات رمزگُذاری به پیش فرض بازگردد؟",
|
||||
"encryption_warning": "هشدار",
|
||||
"topline_expiring_certificate": "گواهینامه اِس اِس اِل شما در صدد انقضاء است. <0>تنظیمات رمزگُذاری</0> را بروز رسانی کنید.",
|
||||
"topline_expired_certificate": "گواهینامه اِس اِس اِل شما منقضی شده است. <0>تنظیمات رمزگُذاری</0> را بروز رسانی کنید.",
|
||||
"form_error_port_range": "مقدار پورت را در محدوده 80-65535 وارد کنید",
|
||||
|
||||
@@ -37,8 +37,6 @@
|
||||
"dhcp_ipv6_settings": "DHCP:n IPv6-asetukset",
|
||||
"form_error_required": "Pakollinen kenttä",
|
||||
"form_error_ip4_format": "Virheellinen IPv4-osoite",
|
||||
"form_error_ip4_range_start_format": "Virheellinen IPv4-osoitealueen aloitusosoite",
|
||||
"form_error_ip4_range_end_format": "Virheellinen IPv4-osoitealueen päätösosoite",
|
||||
"form_error_ip4_gateway_format": "Virheellinen yhdyskäytävän IPv4-osoite",
|
||||
"form_error_ip6_format": "Virheellinen IPv6-osoite",
|
||||
"form_error_ip_format": "Virheellinen IP-osoite",
|
||||
@@ -51,7 +49,6 @@
|
||||
"out_of_range_error": "Oltava alueen \"{{start}}\" - \"{{end}}\" ulkopuolella",
|
||||
"lower_range_start_error": "Oltava alueen aloitusarvoa pienempi",
|
||||
"greater_range_start_error": "Oltava alueen aloitusarvoa suurempi",
|
||||
"greater_range_end_error": "Oltava alueen päätösarvoa pienempi",
|
||||
"subnet_error": "Osoitteiden tulee olla yhdessä aliverkossa",
|
||||
"gateway_or_subnet_invalid": "Virheellinen aliverkon peite",
|
||||
"dhcp_form_gateway_input": "Yhdyskäytävän IP-osoite",
|
||||
@@ -393,6 +390,7 @@
|
||||
"encryption_issuer": "Toimittaja",
|
||||
"encryption_hostnames": "Isäntänimet",
|
||||
"encryption_reset": "Haluatko varmasti palauttaa salausasetukset?",
|
||||
"encryption_warning": "Varoitus",
|
||||
"topline_expiring_certificate": "SSL-varmenteesi on erääntymässä. Päivitä <0>Salausasetukset</0>.",
|
||||
"topline_expired_certificate": "SSL-varmenteesi on erääntynyt. Päivitä <0>Salausasetukset</0>.",
|
||||
"form_error_port_range": "Syötä portti väliltä 80-65535",
|
||||
@@ -542,8 +540,8 @@
|
||||
"descr": "Kuvaus",
|
||||
"whois": "WHOIS",
|
||||
"filtering_rules_learn_more": "<0>Lue lisää</0> omien hosts-listojesi luonnista.",
|
||||
"blocked_by_response": "Vastauksen sisältämän CNAME:n tai IP:n estämä",
|
||||
"blocked_by_cname_or_ip": "CNAME:n tai IP:n estämä",
|
||||
"blocked_by_response": "Estetty vastauksen CNAME:n tai IP:n perusteella",
|
||||
"blocked_by_cname_or_ip": "Estetty CNAME:n tai IP:n perusteella",
|
||||
"try_again": "Yritä uudelleen",
|
||||
"domain_desc": "Syötä korvattava verkkotunnus tai jokerimerkki.",
|
||||
"example_rewrite_domain": "korvaa vain tämän verkkotunnuksen vastaukset",
|
||||
@@ -637,5 +635,8 @@
|
||||
"safe_browsing": "Turvallinen selaus",
|
||||
"served_from_cache": "{{value}} <i>(jaettu välimuistista)</i>",
|
||||
"form_error_password_length": "Salasanan on oltava ainakin {{value}} merkkiä",
|
||||
"anonymizer_notification": "<0>Huomioi:</0> IP-osoitteen anonymisointi on käytössä. Voit poistaa sen käytöstä <1>Yleisistä asetuksista</1>."
|
||||
"anonymizer_notification": "<0>Huomioi:</0> IP-osoitteen anonymisointi on käytössä. Voit poistaa sen käytöstä <1>Yleisistä asetuksista</1>.",
|
||||
"confirm_dns_cache_clear": "Haluatko varmasti tyhjentää DNS-välimuistin?",
|
||||
"cache_cleared": "DNS-välimuistin tyhjennys onnistui",
|
||||
"clear_cache": "Tyhjennä välimuisti"
|
||||
}
|
||||
|
||||
@@ -37,8 +37,6 @@
|
||||
"dhcp_ipv6_settings": "Paramètres IPv6 du DHCP",
|
||||
"form_error_required": "Champ requis",
|
||||
"form_error_ip4_format": "Adresse IPv4 invalide",
|
||||
"form_error_ip4_range_start_format": "Adresse de début de plage IPv4 incorrecte",
|
||||
"form_error_ip4_range_end_format": "Adresse de fin de plage IPv4 incorrecte",
|
||||
"form_error_ip4_gateway_format": "Adresse de passerelle IPv4 invalide",
|
||||
"form_error_ip6_format": "Adresse IPv6 invalide",
|
||||
"form_error_ip_format": "Adresse IP invalide",
|
||||
@@ -51,9 +49,8 @@
|
||||
"out_of_range_error": "Doit être hors plage « {{start}} » - « {{end}} »",
|
||||
"lower_range_start_error": "Doit être inférieur au début de plage",
|
||||
"greater_range_start_error": "Doit être supérieur au début de plage",
|
||||
"greater_range_end_error": "Doit être supérieur à la fin de plage",
|
||||
"subnet_error": "Les adresses doivent être dans le même sous-réseau",
|
||||
"gateway_or_subnet_invalid": "Masque de sous-réseau invalide",
|
||||
"gateway_or_subnet_invalid": "Masque de sous-réseau invalide.",
|
||||
"dhcp_form_gateway_input": "IP de la passerelle",
|
||||
"dhcp_form_subnet_input": "Masque de sous-réseau",
|
||||
"dhcp_form_range_title": "Rangée des adresses IP",
|
||||
@@ -393,6 +390,7 @@
|
||||
"encryption_issuer": "Émetteur",
|
||||
"encryption_hostnames": "Noms d'hôte",
|
||||
"encryption_reset": "Voulez-vous vraiment réinitialiser les paramètres de chiffrement ?",
|
||||
"encryption_warning": "Attention",
|
||||
"topline_expiring_certificate": "Votre certificat SSL est sur le point d'expirer. Mettez à jour vos <0>Paramètres de chiffrement</0>.",
|
||||
"topline_expired_certificate": "Votre certificat SSL a expiré. Mettez à jour vos <0>Paramètres de chiffrement</0>.",
|
||||
"form_error_port_range": "Saisissez une valeur de port entre 80 et 65535",
|
||||
@@ -637,5 +635,8 @@
|
||||
"safe_browsing": "Navigation sécurisée",
|
||||
"served_from_cache": "{{value}} <i>(depuis le cache)</i>",
|
||||
"form_error_password_length": "Le mot de passe doit comporter au moins {{value}} caractères",
|
||||
"anonymizer_notification": "<0>Note :</0> L'anonymisation IP est activée. Vous pouvez la désactiver dans les <1>paramètres généraux</1>."
|
||||
"anonymizer_notification": "<0>Note :</0> L'anonymisation IP est activée. Vous pouvez la désactiver dans les <1>paramètres généraux</1>.",
|
||||
"confirm_dns_cache_clear": "Voulez-vous vraiment vider le cache DNS ?",
|
||||
"cache_cleared": "Le cache DNS a été vidé",
|
||||
"clear_cache": "Vider le cache"
|
||||
}
|
||||
|
||||
@@ -37,8 +37,6 @@
|
||||
"dhcp_ipv6_settings": "DHCP IPv6 postavke",
|
||||
"form_error_required": "Obavezno polje",
|
||||
"form_error_ip4_format": "Nevažeća IPv4 adresa",
|
||||
"form_error_ip4_range_start_format": "Nepravilan početak ranga IPv4 adresa",
|
||||
"form_error_ip4_range_end_format": "Nepravilan kraj ranga IPv4 adresa",
|
||||
"form_error_ip4_gateway_format": "Nepravilna IPV4 adresa čvora",
|
||||
"form_error_ip6_format": "Nevažeći IPv6 adresa",
|
||||
"form_error_ip_format": "Nepravilna IP adresa",
|
||||
@@ -51,9 +49,8 @@
|
||||
"out_of_range_error": "Mora biti izvan ranga \"{{start}}\"-\"{{end}}\"",
|
||||
"lower_range_start_error": "Mora biti niže od početnog ranga",
|
||||
"greater_range_start_error": "Mora biti veće od krajnjeg ranga",
|
||||
"greater_range_end_error": "Mora biti veće od krajnjeg ranga",
|
||||
"subnet_error": "Adrese moraju biti iz iste podmreže",
|
||||
"gateway_or_subnet_invalid": "Maska podmreže je neprvilna",
|
||||
"gateway_or_subnet_invalid": "Nevažeća podmrežna maska",
|
||||
"dhcp_form_gateway_input": "Gateway IP",
|
||||
"dhcp_form_subnet_input": "Subnet maskiranje",
|
||||
"dhcp_form_range_title": "Raspon IP adresa",
|
||||
@@ -393,6 +390,7 @@
|
||||
"encryption_issuer": "Izdavač",
|
||||
"encryption_hostnames": "Nazivi računala",
|
||||
"encryption_reset": "Jeste li sigurni da želite poništiti postavke šifriranja?",
|
||||
"encryption_warning": "Upozorenje",
|
||||
"topline_expiring_certificate": "Vaš SSL certifikat uskoro ističe. Ažurirajte <0>Postavke šifriranja</0>.",
|
||||
"topline_expired_certificate": "Vaš SSL certifikat je istekao. Ažurirajte <0>Postavke šifriranja</0>.",
|
||||
"form_error_port_range": "Unesite broj porta od 80 do 65536",
|
||||
@@ -637,5 +635,8 @@
|
||||
"safe_browsing": "Sigurno surfanje",
|
||||
"served_from_cache": "{{value}} <i>(dohvaćeno iz predmemorije)</i>",
|
||||
"form_error_password_length": "Lozinka mora imati najmanje {{value}} znakova",
|
||||
"anonymizer_notification": "<0>Napomena:</0>IP anonimizacija je omogućena. Možete ju onemogućiti u <1>općim postavkama</1>."
|
||||
"anonymizer_notification": "<0>Napomena:</0>IP anonimizacija je omogućena. Možete ju onemogućiti u <1>općim postavkama</1>.",
|
||||
"confirm_dns_cache_clear": "Jeste li sigurni da želite očistiti DNS predmemoriju?",
|
||||
"cache_cleared": "DNS predmemorija je uspješno izbrisana",
|
||||
"clear_cache": "Očisti predmemoriju"
|
||||
}
|
||||
|
||||
@@ -37,8 +37,6 @@
|
||||
"dhcp_ipv6_settings": "DHCP IPv6 Beállítások",
|
||||
"form_error_required": "Kötelező mező",
|
||||
"form_error_ip4_format": "Érvénytelen IPv4 cím",
|
||||
"form_error_ip4_range_start_format": "Érvénytelen IPv4-cím a tartomány kezdetéhez",
|
||||
"form_error_ip4_range_end_format": "Érvénytelen IPv4-cím a tartomány végén",
|
||||
"form_error_ip4_gateway_format": "Az átjáróhoz (gateway) érvénytelen IPv4 cím lett megadva",
|
||||
"form_error_ip6_format": "Érvénytelen IPv6 cím",
|
||||
"form_error_ip_format": "Érvénytelen IP-cím",
|
||||
@@ -51,7 +49,6 @@
|
||||
"out_of_range_error": "A következő tartományon kívül legyen: \"{{start}}\"-\"{{end}}\"",
|
||||
"lower_range_start_error": "Kisebb legyen, mint a tartomány kezdete",
|
||||
"greater_range_start_error": "Nagyobbnak kell lennie, mint a tartomány kezdete",
|
||||
"greater_range_end_error": "Nagyobb legyen, mint a tartomány vége",
|
||||
"subnet_error": "A címeknek egy alhálózatban kell lenniük",
|
||||
"gateway_or_subnet_invalid": "Az alhálózati maszk érvénytelen",
|
||||
"dhcp_form_gateway_input": "Átjáró IP",
|
||||
@@ -393,6 +390,7 @@
|
||||
"encryption_issuer": "Kibocsátó",
|
||||
"encryption_hostnames": "Hosztnevek",
|
||||
"encryption_reset": "Biztosan visszaállítja a titkosítási beállításokat?",
|
||||
"encryption_warning": "Figyelmeztetés",
|
||||
"topline_expiring_certificate": "Az SSL-tanúsítványa hamarosan lejár. Frissítse a <0>Titkosítási beállításokat</0>.",
|
||||
"topline_expired_certificate": "Az SSL-tanúsítványa lejárt. Frissítse a <0>Titkosítási beállításokat</0>.",
|
||||
"form_error_port_range": "Adjon meg egy portszámot a 80-65535 tartományon belül",
|
||||
@@ -637,5 +635,8 @@
|
||||
"safe_browsing": "Biztonságos böngészés",
|
||||
"served_from_cache": "{{value}} <i>(gyorsítótárból kiszolgálva)</i>",
|
||||
"form_error_password_length": "A jelszó legalább {{value}} karakter hosszú kell, hogy legyen",
|
||||
"anonymizer_notification": "<0>Megjegyzés:</0> Az IP anonimizálás engedélyezve van. Az <1>Általános beállításoknál letilthatja</1> ."
|
||||
"anonymizer_notification": "<0>Megjegyzés:</0> Az IP anonimizálás engedélyezve van. Az <1>Általános beállításoknál letilthatja</1> .",
|
||||
"confirm_dns_cache_clear": "Biztos benne, hogy törölni szeretné a DNS-gyorsítótárat?",
|
||||
"cache_cleared": "A DNS gyorsítótár sikeresen törlődött",
|
||||
"clear_cache": "Gyorsítótár törlése"
|
||||
}
|
||||
|
||||
@@ -37,8 +37,6 @@
|
||||
"dhcp_ipv6_settings": "Pengaturan DHCP IPv6",
|
||||
"form_error_required": "Kolom yang harus diisi",
|
||||
"form_error_ip4_format": "Alamat IPv4 tidak valid",
|
||||
"form_error_ip4_range_start_format": "Alamat IPv4 tidak valid dari rentang awal",
|
||||
"form_error_ip4_range_end_format": "Alamat IPv4 tidak valid dari rentang akhir",
|
||||
"form_error_ip4_gateway_format": "Alamat IPv4 gateway tidak valid",
|
||||
"form_error_ip6_format": "Alamat IPv6 tidak valid",
|
||||
"form_error_ip_format": "Alamat IP tidak valid",
|
||||
@@ -51,7 +49,6 @@
|
||||
"out_of_range_error": "Harus di luar rentang \"{{start}}\"-\"{{end}}\"",
|
||||
"lower_range_start_error": "Harus lebih rendah dari rentang awal",
|
||||
"greater_range_start_error": "Harus lebih besar dari rentang awal",
|
||||
"greater_range_end_error": "Harus lebih besar dari rentang akhir",
|
||||
"subnet_error": "Alamat harus dalam satu subnet",
|
||||
"gateway_or_subnet_invalid": "Subnet mask tidak valid",
|
||||
"dhcp_form_gateway_input": "IP gateway",
|
||||
@@ -393,6 +390,7 @@
|
||||
"encryption_issuer": "Penerbit",
|
||||
"encryption_hostnames": "Nama host",
|
||||
"encryption_reset": "Anda yakin ingin mengatur ulang pengaturan enkripsi?",
|
||||
"encryption_warning": "Perhatian",
|
||||
"topline_expiring_certificate": "Sertifikat SSL Anda hampir kedaluwarsa. Perbarui <0>Pengaturan enkripsi</0>.",
|
||||
"topline_expired_certificate": "Sertifikat SSL Anda kedaluwarsa. Perbarui <0>Pengaturan enkripsi</0>.",
|
||||
"form_error_port_range": "Masukkan nomor port di kisaran 80-65535",
|
||||
@@ -637,5 +635,8 @@
|
||||
"safe_browsing": "Penjelajahan Aman",
|
||||
"served_from_cache": "{{value}} <i>(disajikan dari cache)</i>",
|
||||
"form_error_password_length": "Kata sandi harus minimal {{value}} karakter",
|
||||
"anonymizer_notification": "<0>Catatan:</0> Anonimisasi IP diaktifkan. Anda dapat menonaktifkannya di <1>Pengaturan umum</1> ."
|
||||
"anonymizer_notification": "<0>Catatan:</0> Anonimisasi IP diaktifkan. Anda dapat menonaktifkannya di <1>Pengaturan umum</1> .",
|
||||
"confirm_dns_cache_clear": "Apakah Anda yakin ingin menghapus cache DNS?",
|
||||
"cache_cleared": "Cache DNS berhasil dibersihkan",
|
||||
"clear_cache": "Hapus cache"
|
||||
}
|
||||
|
||||
@@ -37,8 +37,6 @@
|
||||
"dhcp_ipv6_settings": "Impostazioni DHCP IPv6",
|
||||
"form_error_required": "Campo richiesto",
|
||||
"form_error_ip4_format": "Indirizzo IPv4 non valido",
|
||||
"form_error_ip4_range_start_format": "Indirizzo IPV4 non valido dell'intervallo iniziale",
|
||||
"form_error_ip4_range_end_format": "Indirizzo IPV4 non valido dell'intervallo finale",
|
||||
"form_error_ip4_gateway_format": "Indirizzo gateway IPv4 non valido",
|
||||
"form_error_ip6_format": "Indirizzo IPv6 non valido",
|
||||
"form_error_ip_format": "Indirizzo IP non valido",
|
||||
@@ -51,7 +49,6 @@
|
||||
"out_of_range_error": "Deve essere fuori intervallo \"{{start}}\"-\"{{end}}\"",
|
||||
"lower_range_start_error": "Deve essere inferiore dell'intervallo di inizio",
|
||||
"greater_range_start_error": "Deve essere maggiore dell'intervallo di inizio",
|
||||
"greater_range_end_error": "Deve essere maggiore dell'intervallo di fine",
|
||||
"subnet_error": "Gli indirizzi devono trovarsi in una sottorete",
|
||||
"gateway_or_subnet_invalid": "Maschera di sottorete non valida",
|
||||
"dhcp_form_gateway_input": "IP Gateway",
|
||||
@@ -393,6 +390,7 @@
|
||||
"encryption_issuer": "Emittente",
|
||||
"encryption_hostnames": "Nomi host",
|
||||
"encryption_reset": "Sei sicuro di voler ripristinare le impostazioni di crittografia?",
|
||||
"encryption_warning": "Attenzione",
|
||||
"topline_expiring_certificate": "Il tuo certificato SSL sta per scadere. Aggiorna le<0> Impostazioni di crittografia </ 0>.",
|
||||
"topline_expired_certificate": "Il tuo certificato SSL è scaduto. Aggiorna le <0> Impostazioni di crittografia </ 0>.",
|
||||
"form_error_port_range": "Immettere il valore della porta nell'intervallo 80-65535",
|
||||
@@ -637,5 +635,8 @@
|
||||
"safe_browsing": "Navigazione Sicura",
|
||||
"served_from_cache": "{{value}} <i>(fornito dalla cache)</i>",
|
||||
"form_error_password_length": "La password deve contenere almeno {{value}} caratteri",
|
||||
"anonymizer_notification": "<0>Attenzione:</0> L'anonimizzazione dell'IP è abilitata. Puoi disabilitarla in <1>Impostazioni generali</1>."
|
||||
"anonymizer_notification": "<0>Attenzione:</0> L'anonimizzazione dell'IP è abilitata. Puoi disabilitarla in <1>Impostazioni generali</1>.",
|
||||
"confirm_dns_cache_clear": "Sei sicuro di voler cancellare la cache DNS?",
|
||||
"cache_cleared": "Cache DNS è stata cancellata correttamente",
|
||||
"clear_cache": "Cancella cache"
|
||||
}
|
||||
|
||||
@@ -37,8 +37,6 @@
|
||||
"dhcp_ipv6_settings": "DHCP IPv6 設定",
|
||||
"form_error_required": "必須項目です",
|
||||
"form_error_ip4_format": "IPv4アドレスが無効です",
|
||||
"form_error_ip4_range_start_format": "範囲開始のIPv4アドレスが無効です",
|
||||
"form_error_ip4_range_end_format": "範囲終了のIPv4アドレスが無効です",
|
||||
"form_error_ip4_gateway_format": "ゲートウェイのIPv4アドレスが無効です",
|
||||
"form_error_ip6_format": "IPv6アドレスが無効です",
|
||||
"form_error_ip_format": "IPアドレスが無効です",
|
||||
@@ -51,7 +49,6 @@
|
||||
"out_of_range_error": "\"{{start}}\"〜\"{{end}}\" の範囲外である必要があります",
|
||||
"lower_range_start_error": "範囲開始よりも低い値である必要があります",
|
||||
"greater_range_start_error": "範囲開始値より大きい値でなければなりません",
|
||||
"greater_range_end_error": "範囲終了値より大きい値でなければなりません",
|
||||
"subnet_error": "両アドレスが同じサブネット内にある必要があります",
|
||||
"gateway_or_subnet_invalid": "サブネットマスクが無効です",
|
||||
"dhcp_form_gateway_input": "ゲートウェイIP",
|
||||
@@ -393,6 +390,7 @@
|
||||
"encryption_issuer": "発行者",
|
||||
"encryption_hostnames": "ホスト名",
|
||||
"encryption_reset": "暗号化設定をリセットして良いですか?",
|
||||
"encryption_warning": "警告",
|
||||
"topline_expiring_certificate": "SSL証明書は期限切れになります。<0>暗号化設定</0>を更新します。",
|
||||
"topline_expired_certificate": "SSL証明書は期限切れです。<0>暗号化設定</0>を更新します。",
|
||||
"form_error_port_range": "80〜65535 の範囲内でポート番号を入力してください",
|
||||
@@ -637,5 +635,8 @@
|
||||
"safe_browsing": "セーフブラウジング",
|
||||
"served_from_cache": "{{value}} <i>(キャッシュから応答)</i>",
|
||||
"form_error_password_length": "パスワードは{{value}}文字以上にしてください",
|
||||
"anonymizer_notification": "【<0>注意</0>】IPの匿名化が有効になっています。 <1>一般設定</1>で無効にできます。"
|
||||
"anonymizer_notification": "【<0>注意</0>】IPの匿名化が有効になっています。 <1>一般設定</1>で無効にできます。",
|
||||
"confirm_dns_cache_clear": "DNS キャッシュをクリアしてもよろしいですか?",
|
||||
"cache_cleared": "DNSキャッシュのクリア完了です。",
|
||||
"clear_cache": "キャッシュをクリアする"
|
||||
}
|
||||
|
||||
@@ -37,8 +37,6 @@
|
||||
"dhcp_ipv6_settings": "DHCP IPv6 설정",
|
||||
"form_error_required": "필수 영역",
|
||||
"form_error_ip4_format": "잘못된 IPv4 형식",
|
||||
"form_error_ip4_range_start_format": "잘못된 범위 시작 IPv4 형식",
|
||||
"form_error_ip4_range_end_format": "잘못된 범위 종료 IPv4 형식",
|
||||
"form_error_ip4_gateway_format": "잘못된 게이트웨이 IPv4 형식",
|
||||
"form_error_ip6_format": "잘못된 IPv6 주소",
|
||||
"form_error_ip_format": "잘못된 IP 주소",
|
||||
@@ -51,7 +49,6 @@
|
||||
"out_of_range_error": "'{{start}}'-'{{end}}' 범위 밖이어야 합니다",
|
||||
"lower_range_start_error": "범위 시작보다 작은 값이어야 합니다",
|
||||
"greater_range_start_error": "범위 시작보다 큰 값이어야 합니다",
|
||||
"greater_range_end_error": "범위 종료보다 큰 값이어야 합니다",
|
||||
"subnet_error": "주소는 하나의 서브넷에 있어야 합니다",
|
||||
"gateway_or_subnet_invalid": "잘못된 서브넷 마스크",
|
||||
"dhcp_form_gateway_input": "게이트웨이 IP",
|
||||
@@ -223,7 +220,7 @@
|
||||
"example_upstream_tcp_hostname": "일반 DNS (TCP를 통한, 호스트명);",
|
||||
"all_lists_up_to_date_toast": "모든 리스트가 이미 최신입니다",
|
||||
"updated_upstream_dns_toast": "업스트림 서버가 성공적으로 저장되었습니다",
|
||||
"dns_test_ok_toast": "특정 DNS 서버들은 정상적으로 동작 중입니다",
|
||||
"dns_test_ok_toast": "지정된 DNS 서버가 올바르게 작동하고 있습니다.",
|
||||
"dns_test_not_ok_toast": "서버 '{{key}}': 사용할 수 없습니다, 제대로 작성했는지 확인하세요",
|
||||
"dns_test_warning_toast": "업스트림 '{{key}}'이(가) 테스트 요청에 응답하지 않으며 제대로 작동하지 않을 수 있습니다",
|
||||
"unblock": "차단 해제",
|
||||
@@ -393,6 +390,7 @@
|
||||
"encryption_issuer": "발행자",
|
||||
"encryption_hostnames": "호스트 이름",
|
||||
"encryption_reset": "암호화 설정을 재설정하시겠습니까?",
|
||||
"encryption_warning": "경고",
|
||||
"topline_expiring_certificate": "SSL 인증서가 곧 만료됩니다. 업데이트<0> 암호화 설정</0>.",
|
||||
"topline_expired_certificate": "SSL 인증서가 만료되었습니다. 업데이트<0> 암호화 설정</0>.",
|
||||
"form_error_port_range": "80-65535 범위의 포트 번호를 입력하세요",
|
||||
@@ -637,5 +635,8 @@
|
||||
"safe_browsing": "세이프 브라우징",
|
||||
"served_from_cache": "{{value}} <i>(캐시에서 제공)</i>",
|
||||
"form_error_password_length": "비밀번호는 {{value}}자 이상이어야 합니다",
|
||||
"anonymizer_notification": "<0>참고:</0> IP 익명화가 활성화되었습니다. <1>일반 설정</1>에서 비활성화할 수 있습니다."
|
||||
"anonymizer_notification": "<0>참고:</0> IP 익명화가 활성화되었습니다. <1>일반 설정</1>에서 비활성화할 수 있습니다.",
|
||||
"confirm_dns_cache_clear": "정말로 DNS 캐시를 지우시겠습니까?",
|
||||
"cache_cleared": "DNS 캐시를 성공적으로 지웠습니다",
|
||||
"clear_cache": "캐시 지우기"
|
||||
}
|
||||
|
||||
@@ -37,8 +37,6 @@
|
||||
"dhcp_ipv6_settings": "DHCP IPv6 instellingen",
|
||||
"form_error_required": "Vereist veld",
|
||||
"form_error_ip4_format": "Ongeldig IPv4-adres",
|
||||
"form_error_ip4_range_start_format": "Ongeldig IPv4-adres start bereik",
|
||||
"form_error_ip4_range_end_format": "Ongeldig IPv4-adres einde bereik",
|
||||
"form_error_ip4_gateway_format": "Ongeldig IPv4-adres van de gateway",
|
||||
"form_error_ip6_format": "Ongeldig IPv6-adres",
|
||||
"form_error_ip_format": "Ongeldig IP-adres",
|
||||
@@ -51,9 +49,8 @@
|
||||
"out_of_range_error": "Moet buiten bereik zijn \"{{start}}\"-\"{{end}}\"",
|
||||
"lower_range_start_error": "Moet lager zijn dan begin reeks",
|
||||
"greater_range_start_error": "Moet groter zijn dan begin reeks",
|
||||
"greater_range_end_error": "Moet groter zijn dan einde reeks",
|
||||
"subnet_error": "Adressen moeten in één subnet vallen",
|
||||
"gateway_or_subnet_invalid": "Subnetmasker ongeldig",
|
||||
"gateway_or_subnet_invalid": "Ongeldig subnetmasker",
|
||||
"dhcp_form_gateway_input": "Gateway IP",
|
||||
"dhcp_form_subnet_input": "Subnet mask",
|
||||
"dhcp_form_range_title": "Bereik van IP adressen",
|
||||
@@ -393,6 +390,7 @@
|
||||
"encryption_issuer": "Uitgever",
|
||||
"encryption_hostnames": "Hostnamen",
|
||||
"encryption_reset": "Ben je zeker dat je de encryptie instellingen wil resetten?",
|
||||
"encryption_warning": "Waarschuwing",
|
||||
"topline_expiring_certificate": "Jouw SSL-certificaat vervalt binnenkort. Werk de <0>encryptie-instellingen</0> bij.",
|
||||
"topline_expired_certificate": "Jouw SSL-certificaat is vervallen. Werk de <0>encryptie-instellingen</0> bij.",
|
||||
"form_error_port_range": "Poortnummer invoeren tussen 80 en 65535",
|
||||
@@ -637,5 +635,8 @@
|
||||
"safe_browsing": "Veilig browsen",
|
||||
"served_from_cache": "{{value}} <i>(geleverd vanuit cache)</i>",
|
||||
"form_error_password_length": "Wachtwoord moet minimaal {{value}} tekens lang zijn",
|
||||
"anonymizer_notification": "<0>Opmerking:</0> IP-anonimisering is ingeschakeld. Je kunt het uitschakelen in <1>Algemene instellingen</1>."
|
||||
"anonymizer_notification": "<0>Opmerking:</0> IP-anonimisering is ingeschakeld. Je kunt het uitschakelen in <1>Algemene instellingen</1>.",
|
||||
"confirm_dns_cache_clear": "Weet je zeker dat je de DNS-cache wilt wissen?",
|
||||
"cache_cleared": "DNS-cache succesvol gewist",
|
||||
"clear_cache": "Cache wissen"
|
||||
}
|
||||
|
||||
@@ -373,6 +373,7 @@
|
||||
"encryption_issuer": "Utsteder",
|
||||
"encryption_hostnames": "Vertsnavn",
|
||||
"encryption_reset": "Er du sikker på at du vil tilbakestille krypteringsinnstillingene?",
|
||||
"encryption_warning": "Advarsel",
|
||||
"topline_expiring_certificate": "Ditt SSL-sertifikat er i ferd med å utløpe. Oppdater <0>Krypteringsinnstillinger</0>.",
|
||||
"topline_expired_certificate": "SSL-sertifikatet har utløpt. Oppdater <0>Krypteringsinnstillinger</0>.",
|
||||
"form_error_port_range": "Skriv inn et portnummer i området 80-65535",
|
||||
|
||||
@@ -37,8 +37,6 @@
|
||||
"dhcp_ipv6_settings": "Ustawienia serwera DHCP IPv6",
|
||||
"form_error_required": "Pole wymagane",
|
||||
"form_error_ip4_format": "Nieprawidłowy adres IPv4",
|
||||
"form_error_ip4_range_start_format": "Nieprawidłowy adres IPv4 początku zakresu",
|
||||
"form_error_ip4_range_end_format": "Nieprawidłowy adres IPv4 końca zakresu",
|
||||
"form_error_ip4_gateway_format": "Nieprawidłowy adres IPv4 bramy",
|
||||
"form_error_ip6_format": "Nieprawidłowy adres IPv6",
|
||||
"form_error_ip_format": "Nieprawidłowy adres IP",
|
||||
@@ -51,7 +49,6 @@
|
||||
"out_of_range_error": "Musi być spoza zakresu \"{{start}}\"-\"{{end}}\"",
|
||||
"lower_range_start_error": "Musi być niższy niż początek zakresu",
|
||||
"greater_range_start_error": "Musi być większy niż początek zakresu",
|
||||
"greater_range_end_error": "Musi być większy niż koniec zakresu",
|
||||
"subnet_error": "Adresy muszą należeć do jednej podsieci",
|
||||
"gateway_or_subnet_invalid": "Nieprawidłowa maska podsieci",
|
||||
"dhcp_form_gateway_input": "Adres IP bramy",
|
||||
@@ -393,6 +390,7 @@
|
||||
"encryption_issuer": "Zgłaszający",
|
||||
"encryption_hostnames": "Nazwy hostów",
|
||||
"encryption_reset": "Czy na pewno chcesz zresetować ustawienia szyfrowania?",
|
||||
"encryption_warning": "Uwaga!",
|
||||
"topline_expiring_certificate": "Twój certyfikat SSL wkrótce wygaśnie. Zaktualizuj <0>Ustawienia szyfrowania</0>.",
|
||||
"topline_expired_certificate": "Twój certyfikat SSL wygasł. Zaktualizuj <0>Ustawienia szyfrowania</0>.",
|
||||
"form_error_port_range": "Wpisz numer portu z zakresu 80-65535",
|
||||
@@ -637,5 +635,8 @@
|
||||
"safe_browsing": "Bezpieczne przeglądanie",
|
||||
"served_from_cache": "{{value}} <i>(podawane z pamięci podręcznej)</i>",
|
||||
"form_error_password_length": "Hasło musi mieć co najmniej {{value}} znaków",
|
||||
"anonymizer_notification": "<0>Uwaga:</0> Anonimizacja IP jest włączona. Możesz ją wyłączyć w <1>Ustawieniach ogólnych</1>."
|
||||
"anonymizer_notification": "<0>Uwaga:</0> Anonimizacja IP jest włączona. Możesz ją wyłączyć w <1>Ustawieniach ogólnych</1>.",
|
||||
"confirm_dns_cache_clear": "Czy na pewno chcesz wyczyścić pamięć podręczną DNS?",
|
||||
"cache_cleared": "Pamięć podręczna DNS została pomyślnie wyczyszczona",
|
||||
"clear_cache": "Wyczyść pamięć podręczną"
|
||||
}
|
||||
|
||||
@@ -37,8 +37,6 @@
|
||||
"dhcp_ipv6_settings": "Configurações DHCP IPv6",
|
||||
"form_error_required": "Campo obrigatório",
|
||||
"form_error_ip4_format": "Endereço de IPv4 inválido",
|
||||
"form_error_ip4_range_start_format": "Endereço IPv4 de início de intervalo inválido",
|
||||
"form_error_ip4_range_end_format": "Endereço IPv4 de fim de intervalo inválido.",
|
||||
"form_error_ip4_gateway_format": "Endereço IPv4 de gateway inválido",
|
||||
"form_error_ip6_format": "Endereço de IPv6 inválido",
|
||||
"form_error_ip_format": "Endereço de IP inválido",
|
||||
@@ -51,7 +49,6 @@
|
||||
"out_of_range_error": "Deve estar fora do intervalo \"{{start}}\"-\"{{end}}\"",
|
||||
"lower_range_start_error": "Deve ser inferior ao início do intervalo",
|
||||
"greater_range_start_error": "Deve ser maior que o início do intervalo",
|
||||
"greater_range_end_error": "Deve ser maior que o fim do intervalo",
|
||||
"subnet_error": "Endereços devem estar em uma sub-rede",
|
||||
"gateway_or_subnet_invalid": "Máscara de sub-rede inválida",
|
||||
"dhcp_form_gateway_input": "IP do gateway",
|
||||
@@ -393,6 +390,7 @@
|
||||
"encryption_issuer": "Emissor",
|
||||
"encryption_hostnames": "Nomes dos servidores",
|
||||
"encryption_reset": "Você tem certeza de que deseja redefinir a configuração de criptografia?",
|
||||
"encryption_warning": "Aviso",
|
||||
"topline_expiring_certificate": "Seu certificado SSL está prestes a expirar. Atualize suas <0>configurações de criptografia</]0>",
|
||||
"topline_expired_certificate": "Seu certificado SSL está expirado. Atualize suas <0>configurações de criptografia</0>",
|
||||
"form_error_port_range": "Digite um número de porta entre 80 e 65535",
|
||||
@@ -637,5 +635,8 @@
|
||||
"safe_browsing": "Navegação segura",
|
||||
"served_from_cache": "{{value}} <i>(servido do cache)</i>",
|
||||
"form_error_password_length": "A senha deve ter pelo menos {{value}} caracteres",
|
||||
"anonymizer_notification": "<0>Observação:</0> A anonimização de IP está ativada. Você pode desativá-lo em <1>Configurações gerais</1>."
|
||||
"anonymizer_notification": "<0>Observação:</0> A anonimização de IP está ativada. Você pode desativá-lo em <1>Configurações gerais</1>.",
|
||||
"confirm_dns_cache_clear": "Tem certeza de que deseja limpar o cache DNS?",
|
||||
"cache_cleared": "Cache DNS limpo com sucesso",
|
||||
"clear_cache": "Limpar cache"
|
||||
}
|
||||
|
||||
@@ -37,8 +37,6 @@
|
||||
"dhcp_ipv6_settings": "Definições DHCP IPv6",
|
||||
"form_error_required": "Campo obrigatório",
|
||||
"form_error_ip4_format": "Endereço de IPv4 inválido",
|
||||
"form_error_ip4_range_start_format": "Endereço IPv4 de início de intervalo inválido",
|
||||
"form_error_ip4_range_end_format": "Endereço IPv4 de fim de intervalo inválido",
|
||||
"form_error_ip4_gateway_format": "Endereço IPv4 de gateway inválido",
|
||||
"form_error_ip6_format": "Endereço de IPv6 inválido",
|
||||
"form_error_ip_format": "Endereço de email inválido",
|
||||
@@ -51,7 +49,6 @@
|
||||
"out_of_range_error": "Deve estar fora do intervalo \"{{start}}\"-\"{{end}}\"",
|
||||
"lower_range_start_error": "Deve ser inferior ao início do intervalo",
|
||||
"greater_range_start_error": "Deve ser maior que o início do intervalo",
|
||||
"greater_range_end_error": "Deve ser maior que o fim do intervalo",
|
||||
"subnet_error": "Os endereços devem estar em uma sub-rede",
|
||||
"gateway_or_subnet_invalid": "Máscara de sub-rede inválida",
|
||||
"dhcp_form_gateway_input": "IP do gateway",
|
||||
@@ -393,6 +390,7 @@
|
||||
"encryption_issuer": "Emissor",
|
||||
"encryption_hostnames": "Nomes dos servidores",
|
||||
"encryption_reset": "Tem a certeza de que deseja repor a definição de criptografia?",
|
||||
"encryption_warning": "Aviso",
|
||||
"topline_expiring_certificate": "O seu certificado SSL está prestes a expirar. Atualize as suas <0>definições de criptografia</0>.",
|
||||
"topline_expired_certificate": "O seu certificado SSL está expirado. Atualize as suas <0>definições de criptografia</0>.",
|
||||
"form_error_port_range": "Digite um numero de porta entre 80 e 65535",
|
||||
@@ -637,5 +635,8 @@
|
||||
"safe_browsing": "Navegação segura",
|
||||
"served_from_cache": "{{value}} <i>(servido do cache)</i>",
|
||||
"form_error_password_length": "A palavra-passe deve ter pelo menos {{value}} caracteres",
|
||||
"anonymizer_notification": "<0>Observação:</0> A anonimização de IP está ativada. Você pode desativá-la em <1>Definições gerais</1>."
|
||||
"anonymizer_notification": "<0>Observação:</0> A anonimização de IP está ativada. Você pode desativá-la em <1>Definições gerais</1>.",
|
||||
"confirm_dns_cache_clear": "Tem certeza de que quer limpar a cache DNS?",
|
||||
"cache_cleared": "O cache DNS foi apagado com sucesso",
|
||||
"clear_cache": "Limpar cache"
|
||||
}
|
||||
|
||||
@@ -37,8 +37,6 @@
|
||||
"dhcp_ipv6_settings": "Setări DHCP IPv6",
|
||||
"form_error_required": "Câmp obligatoriu",
|
||||
"form_error_ip4_format": "Adresă IPv4 nevalidă",
|
||||
"form_error_ip4_range_start_format": "Adresă IPv4 nevalidă pentru începutul intervalului",
|
||||
"form_error_ip4_range_end_format": "Adresă IPv4 nevalidă a sfârșitului intervalului",
|
||||
"form_error_ip4_gateway_format": "Adresă IPv4 nevalidă a gateway-ului",
|
||||
"form_error_ip6_format": "Adresa IPv6 nevalidă",
|
||||
"form_error_ip_format": "Adresă IP nevalidă",
|
||||
@@ -51,7 +49,6 @@
|
||||
"out_of_range_error": "Trebuie să fie în afara intervalului „{{start}}”-„{{end}}”",
|
||||
"lower_range_start_error": "Trebuie să fie mai mică decât începutul intervalului",
|
||||
"greater_range_start_error": "Trebuie să fie mai mare decât începutul intervalului",
|
||||
"greater_range_end_error": "Trebuie să fie mai mare decât sfârșitul intervalului",
|
||||
"subnet_error": "Adresele trebuie să fie în aceeași subrețea",
|
||||
"gateway_or_subnet_invalid": "Mască de subrețea nevalidă",
|
||||
"dhcp_form_gateway_input": "IP Gateway",
|
||||
@@ -393,6 +390,7 @@
|
||||
"encryption_issuer": "Emitent",
|
||||
"encryption_hostnames": "Nume de host",
|
||||
"encryption_reset": "Sunteți sigur că doriți să resetați setările de criptare?",
|
||||
"encryption_warning": "Avertisment",
|
||||
"topline_expiring_certificate": "Certificatul dvs. SSL este pe cale să expire. Actualizați <0>Setările de criptare</0>.",
|
||||
"topline_expired_certificate": "Certificatul dvs. SSL a expirat. Actualizați <0>Setările de criptare</0>.",
|
||||
"form_error_port_range": "Introduceți valoarea portului între 80-65535",
|
||||
@@ -637,5 +635,8 @@
|
||||
"safe_browsing": "Navigare în siguranță",
|
||||
"served_from_cache": "{{value}} <i>(furnizat din cache)</i>",
|
||||
"form_error_password_length": "Parola trebuie să aibă cel puțin {{value}} caractere",
|
||||
"anonymizer_notification": "<0>Nota:</0> Anonimizarea IP este activată. Puteți să o dezactivați în <1>Setări generale</1>."
|
||||
"anonymizer_notification": "<0>Nota:</0> Anonimizarea IP este activată. Puteți să o dezactivați în <1>Setări generale</1>.",
|
||||
"confirm_dns_cache_clear": "Sunteți sigur că doriți să ștergeți memoria cache DNS?",
|
||||
"cache_cleared": "Cache-ul DNS a fost golit cu succes",
|
||||
"clear_cache": "Goliți memoria cache"
|
||||
}
|
||||
|
||||
@@ -37,8 +37,6 @@
|
||||
"dhcp_ipv6_settings": "Настройки DHCP IPv6",
|
||||
"form_error_required": "Обязательное поле",
|
||||
"form_error_ip4_format": "Некорректный IPv4-адрес",
|
||||
"form_error_ip4_range_start_format": "Некорректный IPv4-адрес начала диапазона",
|
||||
"form_error_ip4_range_end_format": "Некорректный IPv4-адрес конца диапазона",
|
||||
"form_error_ip4_gateway_format": "Некорректный IPv4-адрес шлюза",
|
||||
"form_error_ip6_format": "Некорректный IPv6-адрес",
|
||||
"form_error_ip_format": "Некорректный IP-адрес",
|
||||
@@ -51,7 +49,6 @@
|
||||
"out_of_range_error": "Должно быть вне диапазона «{{start}}»-«{{end}}»",
|
||||
"lower_range_start_error": "Должно быть меньше начала диапазона",
|
||||
"greater_range_start_error": "Должно быть больше начала диапазона",
|
||||
"greater_range_end_error": "Должно быть больше конца диапазона",
|
||||
"subnet_error": "Адреса должны быть внутри одной подсети",
|
||||
"gateway_or_subnet_invalid": "Некорректная маска подсети",
|
||||
"dhcp_form_gateway_input": "IP-адрес шлюза",
|
||||
@@ -393,6 +390,7 @@
|
||||
"encryption_issuer": "Издатель",
|
||||
"encryption_hostnames": "Имена хостов",
|
||||
"encryption_reset": "Вы уверены, что хотите сбросить настройки шифрования?",
|
||||
"encryption_warning": "Предупреждение",
|
||||
"topline_expiring_certificate": "Ваш SSL-сертификат скоро истекает. Обновите <0>Настройки шифрования</0>.",
|
||||
"topline_expired_certificate": "Ваш SSL-сертификат истёк. Обновите <0>Настройки шифрования</0>.",
|
||||
"form_error_port_range": "Введите номер порта из интервала 80-65535",
|
||||
@@ -637,5 +635,8 @@
|
||||
"safe_browsing": "Безопасный интернет",
|
||||
"served_from_cache": "{{value}} <i>(получено из кеша)</i>",
|
||||
"form_error_password_length": "Пароль должен быть длиной не меньше {{value}} символов",
|
||||
"anonymizer_notification": "<0>Внимание:</0> включена анонимизация IP-адресов. Вы можете отключить её в разделе <1>Основные настройки</1>."
|
||||
"anonymizer_notification": "<0>Внимание:</0> включена анонимизация IP-адресов. Вы можете отключить её в разделе <1>Основные настройки</1>.",
|
||||
"confirm_dns_cache_clear": "Вы уверены, что хотите очистить кеш DNS?",
|
||||
"cache_cleared": "Кеш DNS успешно очищен",
|
||||
"clear_cache": "Очистить кеш"
|
||||
}
|
||||
|
||||
@@ -37,8 +37,6 @@
|
||||
"dhcp_ipv6_settings": "Nastavenia DHCP IPv6",
|
||||
"form_error_required": "Povinná položka.",
|
||||
"form_error_ip4_format": "Neplatná IPv4 adresa",
|
||||
"form_error_ip4_range_start_format": "Neplatný začiatok rozsahu IPv4 formátu",
|
||||
"form_error_ip4_range_end_format": "Neplatný koniec rozsahu IPv4 formátu",
|
||||
"form_error_ip4_gateway_format": "Neplatná IPv4 adresa brány",
|
||||
"form_error_ip6_format": "Neplatná IPv6 adresa",
|
||||
"form_error_ip_format": "Neplatná IP adresa",
|
||||
@@ -51,7 +49,6 @@
|
||||
"out_of_range_error": "Musí byť mimo rozsahu \"{{start}}\"-\"{{end}}\"",
|
||||
"lower_range_start_error": "Musí byť nižšie ako začiatok rozsahu",
|
||||
"greater_range_start_error": "Musí byť väčšie ako začiatok rozsahu",
|
||||
"greater_range_end_error": "Musí byť väčšie ako koniec rozsahu",
|
||||
"subnet_error": "Adresy musia byť v spoločnej podsieti",
|
||||
"gateway_or_subnet_invalid": "Maska podsiete je neplatná",
|
||||
"dhcp_form_gateway_input": "IP brána",
|
||||
@@ -393,6 +390,7 @@
|
||||
"encryption_issuer": "Vydavateľ",
|
||||
"encryption_hostnames": "Názvy hostiteľov",
|
||||
"encryption_reset": "Naozaj chcete obnoviť nastavenia šifrovania?",
|
||||
"encryption_warning": "Varovanie",
|
||||
"topline_expiring_certificate": "Váš SSL certifikát čoskoro vyprší. Aktualizujte <0>Nastavenia šifrovania</0>.",
|
||||
"topline_expired_certificate": "Váš SSL certifikát vypršal. Aktualizujte <0>Nastavenia šifrovania</0>.",
|
||||
"form_error_port_range": "Zadajte číslo portu v rozsahu 80-65535",
|
||||
@@ -637,5 +635,8 @@
|
||||
"safe_browsing": "Bezpečné prehliadanie",
|
||||
"served_from_cache": "{{value}} <i>(prevzatá z cache pamäte)</i>",
|
||||
"form_error_password_length": "Heslo musí mať dĺžku aspoň {{value}} znakov",
|
||||
"anonymizer_notification": "<0>Poznámka:</0> Anonymizácia IP je zapnutá. Môžete ju vypnúť vo <1>Všeobecných nastaveniach</1>."
|
||||
"anonymizer_notification": "<0>Poznámka:</0> Anonymizácia IP je zapnutá. Môžete ju vypnúť vo <1>Všeobecných nastaveniach</1>.",
|
||||
"confirm_dns_cache_clear": "Naozaj chcete vymazať vyrovnávaciu pamäť DNS?",
|
||||
"cache_cleared": "Vyrovnávacia pamäť DNS bola úspešne vymazaná",
|
||||
"clear_cache": "Vymazať vyrovnávaciu pamäť"
|
||||
}
|
||||
|
||||
@@ -37,8 +37,6 @@
|
||||
"dhcp_ipv6_settings": "Nastavitve DHCP IPv6",
|
||||
"form_error_required": "Zahtevano polje.",
|
||||
"form_error_ip4_format": "Neveljaven naslov IPv4.",
|
||||
"form_error_ip4_range_start_format": "Neveljaven začetek razpona naslova IPv4",
|
||||
"form_error_ip4_range_end_format": "Neveljaven konec razpona naslova IPv4",
|
||||
"form_error_ip4_gateway_format": "Neveljaven naslov IPv4 prehoda",
|
||||
"form_error_ip6_format": "Neveljaven naslov IPv6",
|
||||
"form_error_ip_format": "Neveljaven naslov IP",
|
||||
@@ -51,7 +49,6 @@
|
||||
"out_of_range_error": "Mora biti izven razpona \"{{start}}\"-\"{{end}}\"",
|
||||
"lower_range_start_error": "Mora biti manjši od začetka razpona",
|
||||
"greater_range_start_error": "Mora biti večji od začetka razpona",
|
||||
"greater_range_end_error": "Mora biti večji od konca razpona",
|
||||
"subnet_error": "Naslovi morajo biti v enem podomrežju",
|
||||
"gateway_or_subnet_invalid": "Maska podomrežja ni veljavna",
|
||||
"dhcp_form_gateway_input": "IP prehoda",
|
||||
@@ -393,6 +390,7 @@
|
||||
"encryption_issuer": "Izdajatelj",
|
||||
"encryption_hostnames": "Imena gostiteljev",
|
||||
"encryption_reset": "Ali ste prepričani, da želite ponastaviti nastavitve šifriranja?",
|
||||
"encryption_warning": "Opozorilo",
|
||||
"topline_expiring_certificate": "Vaš e digitalno potrdilo SSL bo kmalu poteklol. Posodobite <0>Nastavitve šifriranja</0>.",
|
||||
"topline_expired_certificate": "Vaše digitalno potrdilo SSL je poteklo. Posodobi <0>Nastavitve šifriranja</0>.",
|
||||
"form_error_port_range": "Vnesite številko vrat v razponu med 80-65535",
|
||||
@@ -637,5 +635,8 @@
|
||||
"safe_browsing": "Varno brskanje",
|
||||
"served_from_cache": "{{value}} <i>(postreženo iz predpomnilnika)</i>",
|
||||
"form_error_password_length": "Geslo mora vsebovati najmanj {{value}} znakov",
|
||||
"anonymizer_notification": "<0>Opomba:</0> Anonimizacija IP je omogočena. Onemogočite ga lahko v <1>Splošnih nastavitvah</1>."
|
||||
"anonymizer_notification": "<0>Opomba:</0> Anonimizacija IP je omogočena. Onemogočite ga lahko v <1>Splošnih nastavitvah</1>.",
|
||||
"confirm_dns_cache_clear": "Ali ste prepričani, da želite počistiti predpomnilnik DNS?",
|
||||
"cache_cleared": "Predpomnilnik DNS je bil uspešno počiščen",
|
||||
"clear_cache": "Počisti predpomnilnik"
|
||||
}
|
||||
|
||||
@@ -37,8 +37,6 @@
|
||||
"dhcp_ipv6_settings": "DHCP IPv6 postavke",
|
||||
"form_error_required": "Obavezno polje",
|
||||
"form_error_ip4_format": "Nevažeća IPv4 adresa",
|
||||
"form_error_ip4_range_start_format": "Nevažeća IPv4 addresa početnog opsega",
|
||||
"form_error_ip4_range_end_format": "Nevažeća IPv4 addresa završnog opsega",
|
||||
"form_error_ip4_gateway_format": "Nevažeća IPv4 addresa prozala",
|
||||
"form_error_ip6_format": "Nevažeća IPv6 adresa",
|
||||
"form_error_ip_format": "Nevažeća IP adresa",
|
||||
@@ -51,7 +49,6 @@
|
||||
"out_of_range_error": "Mora biti izvan opsega \"{{start}}\"-\"{{end}}\"",
|
||||
"lower_range_start_error": "Mora biti manje od početnog opsega",
|
||||
"greater_range_start_error": "Mora biti veće od početnog opsega",
|
||||
"greater_range_end_error": "Mora biti veće od završnog opsega",
|
||||
"subnet_error": "Asrese moraju biti u jednoj subnet",
|
||||
"gateway_or_subnet_invalid": "Subnet mask nevažeća",
|
||||
"dhcp_form_gateway_input": "IP mrežnog prolaza",
|
||||
@@ -393,6 +390,7 @@
|
||||
"encryption_issuer": "Izdavač",
|
||||
"encryption_hostnames": "Imena hostova",
|
||||
"encryption_reset": "Jeste li sigurni da želite dda resetujete postavke šifrovanja?",
|
||||
"encryption_warning": "Upozorenje",
|
||||
"topline_expiring_certificate": "Vaš SSL sertifikat uskoro ističe. Ažurirajte <0>postavke šifrovanja</0>.",
|
||||
"topline_expired_certificate": "Vaš SSL sertifikat je istekao. Ažurirajte <0>postavke šifrovanja</0>.",
|
||||
"form_error_port_range": "Unesite vrednost porta u opsegu od 80-65535",
|
||||
@@ -637,5 +635,8 @@
|
||||
"safe_browsing": "Sigurno pregledanje",
|
||||
"served_from_cache": "{{value}} <i>(posluženo iz predmemorije)</i>",
|
||||
"form_error_password_length": "Lozinka mora imati najmanje {{value}} znakova",
|
||||
"anonymizer_notification": "<0>Nota:</0> IP prepoznavanje je omogućeno. Možete ga onemogućiti u opštim <1>postavkama</1>."
|
||||
"anonymizer_notification": "<0>Nota:</0> IP prepoznavanje je omogućeno. Možete ga onemogućiti u opštim <1>postavkama</1>.",
|
||||
"confirm_dns_cache_clear": "Želite li zaista da obrišite DNS keš?",
|
||||
"cache_cleared": "DNS keš je uspešno očišćen",
|
||||
"clear_cache": "Obriši keš memoriju"
|
||||
}
|
||||
|
||||
@@ -37,8 +37,6 @@
|
||||
"dhcp_ipv6_settings": "DHCP IPv6 inställningar",
|
||||
"form_error_required": "Obligatoriskt fält",
|
||||
"form_error_ip4_format": "Ogiltig IPv4-adress",
|
||||
"form_error_ip4_range_start_format": "Ogiltig IPv4-adress för starten av intervallet",
|
||||
"form_error_ip4_range_end_format": "Ogiltig IPv4-adress för slutet av intervallet",
|
||||
"form_error_ip4_gateway_format": "Ogiltig IPv4 adress för gatewayen",
|
||||
"form_error_ip6_format": "Ogiltig IPv6-adress",
|
||||
"form_error_ip_format": "Ogiltig IP-adress",
|
||||
@@ -51,7 +49,6 @@
|
||||
"out_of_range_error": "Måste vara utanför intervallet \"{{start}}\"-\"{{end}}\"",
|
||||
"lower_range_start_error": "Måste vara lägre än starten på intervallet",
|
||||
"greater_range_start_error": "Måste vara högre än starten på intervallet",
|
||||
"greater_range_end_error": "Måste vara större än intervallets slut",
|
||||
"subnet_error": "Adresser måste finnas i ett subnät",
|
||||
"gateway_or_subnet_invalid": "Subnätmask ogiltig",
|
||||
"dhcp_form_gateway_input": "Gateway-IP",
|
||||
@@ -393,6 +390,7 @@
|
||||
"encryption_issuer": "Utgivare",
|
||||
"encryption_hostnames": "Värdnamn",
|
||||
"encryption_reset": "Är du säker på att du vill återställa krypteringsinställningarna?",
|
||||
"encryption_warning": "Varning",
|
||||
"topline_expiring_certificate": "Ditt SSL-certifikat håller på att gå ut. <0>Krypteringsinställningar</0>.",
|
||||
"topline_expired_certificate": "Ditt SSL-certifikat har gått ut. Uppdatera <0>Krypteringsinställningar</0>-",
|
||||
"form_error_port_range": "Ange ett portnummer inom värdena 80-65535",
|
||||
@@ -637,5 +635,8 @@
|
||||
"safe_browsing": "Säker surfning",
|
||||
"served_from_cache": "{{value}} <i>(levereras från cache)</i>",
|
||||
"form_error_password_length": "Lösenordet måste vara minst {{value}} tecken långt",
|
||||
"anonymizer_notification": "<0>Observera:</0> IP-anonymisering är aktiverad. Du kan inaktivera den i <1>Allmänna inställningar</1>."
|
||||
"anonymizer_notification": "<0>Observera:</0> IP-anonymisering är aktiverad. Du kan inaktivera den i <1>Allmänna inställningar</1>.",
|
||||
"confirm_dns_cache_clear": "Är du säker på att du vill rensa DNS-cache?",
|
||||
"cache_cleared": "DNS-cacheminnet har rensats",
|
||||
"clear_cache": "Rensa cache"
|
||||
}
|
||||
|
||||
@@ -262,6 +262,7 @@
|
||||
"encryption_issuer": "ผู้ออกใบรับรอง:",
|
||||
"encryption_hostnames": "ชื่อโฮส",
|
||||
"encryption_reset": "คุณแน่ใจนะว่าจะล้างค่าการเข้ารหัส?",
|
||||
"encryption_warning": "คำเตือน",
|
||||
"topline_expiring_certificate": "ใบรับรอง SSL ของคุณกำลังจะหมดอายุ กรุณาอัปเดท <0>การตั้งค่าเข้ารหัส</0>.",
|
||||
"topline_expired_certificate": "ใบรับรอง SSL ของคุณหมดอายุแล้ว กรุณาอัปเดท <0>การตั้งค่าเข้ารหัส</0>.",
|
||||
"form_error_port_unsafe": "เป็นพอร์ทที่ไม่ปลอดภัย",
|
||||
|
||||
@@ -37,8 +37,6 @@
|
||||
"dhcp_ipv6_settings": "DHCP IPv6 Ayarları",
|
||||
"form_error_required": "Gerekli alan",
|
||||
"form_error_ip4_format": "Geçersiz IPv4 adresi",
|
||||
"form_error_ip4_range_start_format": "Geçersiz başlangıç aralığı IPv4 biçimi",
|
||||
"form_error_ip4_range_end_format": "Geçersiz bitiş aralığı IPv4 adresi",
|
||||
"form_error_ip4_gateway_format": "Geçersiz ağ geçidi IPv4 adresi",
|
||||
"form_error_ip6_format": "Geçersiz IPv6 adresi",
|
||||
"form_error_ip_format": "Geçersiz IP adresi",
|
||||
@@ -51,9 +49,8 @@
|
||||
"out_of_range_error": "\"{{start}}\"-\"{{end}}\" aralığının dışında olmalıdır",
|
||||
"lower_range_start_error": "Başlangıç aralığından daha düşük olmalıdır",
|
||||
"greater_range_start_error": "Başlangıç aralığından daha büyük olmalıdır",
|
||||
"greater_range_end_error": "Bitiş aralığından daha büyük olmalıdır",
|
||||
"subnet_error": "Adresler bir alt ağda olmalıdır",
|
||||
"gateway_or_subnet_invalid": "Alt ağ maskesi geçersiz",
|
||||
"gateway_or_subnet_invalid": "Geçersiz alt ağ maskesi",
|
||||
"dhcp_form_gateway_input": "Ağ geçidi IP",
|
||||
"dhcp_form_subnet_input": "Alt ağ maskesi",
|
||||
"dhcp_form_range_title": "IP adresi aralığı",
|
||||
@@ -393,6 +390,7 @@
|
||||
"encryption_issuer": "Sağlayan",
|
||||
"encryption_hostnames": "Ana makine adları",
|
||||
"encryption_reset": "Şifreleme ayarlarını sıfırlamak istediğinizden emin misiniz?",
|
||||
"encryption_warning": "Uyarı",
|
||||
"topline_expiring_certificate": "SSL sertifikanızın süresi sona üzere. <0>Şifreleme ayarlarını</0> güncelleyin.",
|
||||
"topline_expired_certificate": "SSL sertifikanızın süresi sona erdi. <0>Şifreleme ayarlarını</0> güncelleyin.",
|
||||
"form_error_port_range": "80-65535 aralığında geçerli bir bağlantı noktası değeri girin",
|
||||
@@ -637,5 +635,8 @@
|
||||
"safe_browsing": "Güvenli Gezinti",
|
||||
"served_from_cache": "{{value}} <i>(önbellekten kullanıldı)</i>",
|
||||
"form_error_password_length": "Parola en az {{value}} karakter uzunluğunda olmalıdır",
|
||||
"anonymizer_notification": "<0>Not:</0> IP anonimleştirme etkinleştirildi. Bunu <1>Genel ayarlardan</1> devre dışı bırakabilirsiniz."
|
||||
"anonymizer_notification": "<0>Not:</0> IP anonimleştirme etkinleştirildi. Bunu <1>Genel ayarlardan</1> devre dışı bırakabilirsiniz.",
|
||||
"confirm_dns_cache_clear": "DNS önbelleğini temizlemek istediğinizden emin misiniz?",
|
||||
"cache_cleared": "DNS önbelleği başarıyla temizlendi",
|
||||
"clear_cache": "Önbelleği temizle"
|
||||
}
|
||||
|
||||
@@ -37,8 +37,6 @@
|
||||
"dhcp_ipv6_settings": "Налаштування DHCP IPv6",
|
||||
"form_error_required": "Обов'язкове поле",
|
||||
"form_error_ip4_format": "Неправильна IPv4-адреса",
|
||||
"form_error_ip4_range_start_format": "Неправильна IPv4-адреса початку діапазону",
|
||||
"form_error_ip4_range_end_format": "Неправильна IPv4-адреса кінця діапазону",
|
||||
"form_error_ip4_gateway_format": "Неправильна IPv4-адреса шлюзу",
|
||||
"form_error_ip6_format": "Неправильна IPv6-адреса",
|
||||
"form_error_ip_format": "Неправильна IP-адреса",
|
||||
@@ -51,7 +49,6 @@
|
||||
"out_of_range_error": "Не повинна бути в діапазоні «{{start}}»−«{{end}}»",
|
||||
"lower_range_start_error": "Має бути меншим за початкову адресу",
|
||||
"greater_range_start_error": "Має бути більшим за початкову адресу",
|
||||
"greater_range_end_error": "Має бути більшим за кінцеву адресу",
|
||||
"subnet_error": "Адреси повинні бути в одній підмережі",
|
||||
"gateway_or_subnet_invalid": "Неправильна маска підмережі",
|
||||
"dhcp_form_gateway_input": "IP-адреса шлюзу",
|
||||
@@ -371,7 +368,7 @@
|
||||
"encryption_redirect": "Автоматично перенаправляти на HTTPS",
|
||||
"encryption_redirect_desc": "Якщо встановлено, AdGuard Home автоматично перенаправить вас з HTTP на адреси HTTPS.",
|
||||
"encryption_https": "Порт HTTPS",
|
||||
"encryption_https_desc": "Якщо HTTPS-порт налаштовано, інтерфейс адміністратора AdGuard Home буде доступний через HTTPS, а також DNS-over-HTTPS-сервер буде доступний за адресою /dns-query.",
|
||||
"encryption_https_desc": "Якщо HTTPS-порт налаштовано, інтерфейс адміністратора AdGuard Home буде доступний через HTTPS, а також сервер DNS-over-HTTPS буде доступний за адресою '/dns-query'.",
|
||||
"encryption_dot": "Порт DNS-over-TLS",
|
||||
"encryption_dot_desc": "Якщо цей порт налаштовано, AdGuard Home запустить на цьому порту сервер DNS-over-TLS.",
|
||||
"encryption_doq": "Порт DNS-over-QUIC",
|
||||
@@ -393,6 +390,7 @@
|
||||
"encryption_issuer": "Видавець",
|
||||
"encryption_hostnames": "Назви вузлів",
|
||||
"encryption_reset": "Ви впевнені, що хочете скинути налаштування шифрування?",
|
||||
"encryption_warning": "Попередження",
|
||||
"topline_expiring_certificate": "Ваш сертифікат SSL скоро закінчиться. Оновіть <0>Налаштування шифрування</0>.",
|
||||
"topline_expired_certificate": "Термін дії вашого сертифіката SSL закінчився. Оновіть <0>Налаштування шифрування</0>.",
|
||||
"form_error_port_range": "Введіть значення порту в діапазоні 80−65535",
|
||||
@@ -637,5 +635,8 @@
|
||||
"safe_browsing": "Безпечний перегляд",
|
||||
"served_from_cache": "{{value}} <i>(отримано з кешу)</i>",
|
||||
"form_error_password_length": "Пароль мусить мати принаймні {{value}} символів",
|
||||
"anonymizer_notification": "<0>Примітка:</0> IP-анонімізацію ввімкнено. Ви можете вимкнути його в <1>Загальні налаштування</1> ."
|
||||
"anonymizer_notification": "<0>Примітка:</0> IP-анонімізацію ввімкнено. Ви можете вимкнути його в <1>Загальні налаштування</1> .",
|
||||
"confirm_dns_cache_clear": "Ви впевнені, що бажаєте очистити кеш DNS?",
|
||||
"cache_cleared": "Кеш DNS успішно очищено",
|
||||
"clear_cache": "Очистити кеш"
|
||||
}
|
||||
|
||||
@@ -37,8 +37,6 @@
|
||||
"dhcp_ipv6_settings": "Cài đặt DHCP IPv6",
|
||||
"form_error_required": "Trường bắt buộc",
|
||||
"form_error_ip4_format": "Địa chỉ IPv4 không hợp lệ",
|
||||
"form_error_ip4_range_start_format": "Địa chỉ IPv4 không hợp lệ của phạm vi bắt đầu",
|
||||
"form_error_ip4_range_end_format": "Địa chỉ IPv4 không hợp lệ của cuối phạm vi",
|
||||
"form_error_ip4_gateway_format": "Địa chỉ IPv4 không hợp lệ của cổng kết nối",
|
||||
"form_error_ip6_format": "Địa chỉ IPv6 không hợp lệ",
|
||||
"form_error_ip_format": "Địa chỉ IP không hợp lệ",
|
||||
@@ -51,7 +49,6 @@
|
||||
"out_of_range_error": "Phải nằm ngoài phạm vi \"{{start}}\"-\"{{end}}\"",
|
||||
"lower_range_start_error": "Phải thấp hơn khởi động phạm vi",
|
||||
"greater_range_start_error": "Phải lớn hơn khoảng bắt đầu",
|
||||
"greater_range_end_error": "Phải lớn hơn phạm vi kết thúc",
|
||||
"subnet_error": "Địa chỉ phải nằm trong một mạng con",
|
||||
"gateway_or_subnet_invalid": "Mặt nạ mạng con không hợp lệ",
|
||||
"dhcp_form_gateway_input": "Cổng IP",
|
||||
@@ -393,6 +390,7 @@
|
||||
"encryption_issuer": "Phát hành",
|
||||
"encryption_hostnames": "Tên máy chủ",
|
||||
"encryption_reset": "Bạn có chắc chắn muốn đặt lại cài đặt mã hóa?",
|
||||
"encryption_warning": "Cảnh báo",
|
||||
"topline_expiring_certificate": "Chứng chỉ SSL của bạn sắp hết hạn. Cập nhật <0>Cài đặt mã hóa</0>.",
|
||||
"topline_expired_certificate": "Chứng chỉ SSL của bạn đã hết hạn. Cập nhật <0>Cài đặt mã hóa</0>.",
|
||||
"form_error_port_range": "Nhập giá trị cổng trong phạm vi 80-65535",
|
||||
@@ -637,5 +635,8 @@
|
||||
"safe_browsing": "Duyệt web an toàn",
|
||||
"served_from_cache": "{{value}} <i>(được phục vụ từ bộ nhớ cache)</i>",
|
||||
"form_error_password_length": "Mật khẩu phải có ít nhất {{value}} ký tự",
|
||||
"anonymizer_notification": "<0> Lưu ý:</0> Tính năng ẩn danh IP được bật. Bạn có thể tắt nó trong <1> Cài đặt chung</1>."
|
||||
"anonymizer_notification": "<0> Lưu ý:</0> Tính năng ẩn danh IP được bật. Bạn có thể tắt nó trong <1> Cài đặt chung</1>.",
|
||||
"confirm_dns_cache_clear": "Bạn có chắc chắn muốn xóa bộ đệm ẩn DNS không?",
|
||||
"cache_cleared": "Đã xóa thành công bộ đệm DNS",
|
||||
"clear_cache": "Xóa bộ nhớ cache"
|
||||
}
|
||||
|
||||
@@ -37,8 +37,6 @@
|
||||
"dhcp_ipv6_settings": "DHCP IPv6设置",
|
||||
"form_error_required": "必填字段",
|
||||
"form_error_ip4_format": "无效的 IPv4 地址",
|
||||
"form_error_ip4_range_start_format": "范围起始值的 IPv4 地址无效",
|
||||
"form_error_ip4_range_end_format": "范围终值的 IPv4 地址无效",
|
||||
"form_error_ip4_gateway_format": "网关 IPv4 地址无效",
|
||||
"form_error_ip6_format": "无效的 IPv6 地址",
|
||||
"form_error_ip_format": "无效的 IP 地址",
|
||||
@@ -51,7 +49,6 @@
|
||||
"out_of_range_error": "必定超出了范围 \"{{start}}\"-\"{{end}}\"",
|
||||
"lower_range_start_error": "必须小于范围起始值",
|
||||
"greater_range_start_error": "必须大于范围起始值",
|
||||
"greater_range_end_error": "必须大于范围终值",
|
||||
"subnet_error": "地址必须在一个子网内",
|
||||
"gateway_or_subnet_invalid": "子网掩码无效",
|
||||
"dhcp_form_gateway_input": "网关 IP",
|
||||
@@ -393,6 +390,7 @@
|
||||
"encryption_issuer": "颁发者",
|
||||
"encryption_hostnames": "主机名",
|
||||
"encryption_reset": "您确定想要重置加密设置?",
|
||||
"encryption_warning": "警告",
|
||||
"topline_expiring_certificate": "您的 SSL 证书即将过期。请更新 <0>加密设置</0> 。",
|
||||
"topline_expired_certificate": "您的 SSL 证书已过期。请更新 <0>加密设置</0> 。",
|
||||
"form_error_port_range": "输入 80 - 65535 范围内的端口值",
|
||||
@@ -637,5 +635,8 @@
|
||||
"safe_browsing": "安全浏览",
|
||||
"served_from_cache": "{{value}}<i>(由缓存提供)</i>",
|
||||
"form_error_password_length": "密码必须至少有 {{value}} 个字符",
|
||||
"anonymizer_notification": "<0>注意:</0> IP 匿名化已启用。您可以在<1>常规设置</1>中禁用它。"
|
||||
"anonymizer_notification": "<0>注意:</0> IP 匿名化已启用。您可以在<1>常规设置</1>中禁用它。",
|
||||
"confirm_dns_cache_clear": "您确定要清除 DNS 缓存吗?",
|
||||
"cache_cleared": "已成功清除 DNS 缓存",
|
||||
"clear_cache": "清除缓存"
|
||||
}
|
||||
|
||||
@@ -381,6 +381,7 @@
|
||||
"encryption_issuer": "簽發者",
|
||||
"encryption_hostnames": "主機名稱",
|
||||
"encryption_reset": "您確定要重設加密設定嗎?",
|
||||
"encryption_warning": "警告",
|
||||
"topline_expiring_certificate": "您的 SSL 憑證即將到期。請前往<0>加密設定</0>更新。",
|
||||
"topline_expired_certificate": "您的 SSL 憑證已到期。請前往<0>加密設定</0>更新。",
|
||||
"form_error_port_range": "輸入範圍 80-65535 中的值",
|
||||
|
||||
@@ -37,8 +37,6 @@
|
||||
"dhcp_ipv6_settings": "DHCP IPv6 設定",
|
||||
"form_error_required": "必填的欄位",
|
||||
"form_error_ip4_format": "無效的 IPv4 位址",
|
||||
"form_error_ip4_range_start_format": "無效起始範圍的 IPv4 位址",
|
||||
"form_error_ip4_range_end_format": "無效結束範圍的 IPv4 位址",
|
||||
"form_error_ip4_gateway_format": "無效閘道的 IPv4 位址",
|
||||
"form_error_ip6_format": "無效的 IPv6 位址",
|
||||
"form_error_ip_format": "無效的 IP 位址",
|
||||
@@ -51,7 +49,6 @@
|
||||
"out_of_range_error": "必須在\"{{start}}\"-\"{{end}}\"範圍之外",
|
||||
"lower_range_start_error": "必須低於起始範圍",
|
||||
"greater_range_start_error": "必須大於起始範圍",
|
||||
"greater_range_end_error": "必須大於結束範圍",
|
||||
"subnet_error": "位址必須在子網路中",
|
||||
"gateway_or_subnet_invalid": "無效的子網路遮罩",
|
||||
"dhcp_form_gateway_input": "閘道 IP",
|
||||
@@ -393,6 +390,7 @@
|
||||
"encryption_issuer": "簽發者",
|
||||
"encryption_hostnames": "主機名稱",
|
||||
"encryption_reset": "您確定您想要重置加密設定嗎?",
|
||||
"encryption_warning": "警告",
|
||||
"topline_expiring_certificate": "您的安全通訊端層(SSL)憑證即將到期。更新<0>加密設定</0>。",
|
||||
"topline_expired_certificate": "您的安全通訊端層(SSL)憑證為已到期的。更新<0>加密設定</0>。",
|
||||
"form_error_port_range": "輸入在 80-65535 之範圍內的連接埠號碼",
|
||||
@@ -637,5 +635,8 @@
|
||||
"safe_browsing": "安全瀏覽",
|
||||
"served_from_cache": "{{value}} <i>(由快取提供)</i>",
|
||||
"form_error_password_length": "密碼必須為至少長 {{value}} 個字元",
|
||||
"anonymizer_notification": "<0>注意:</0>IP 匿名化被啟用。您可在<1>一般設定</1>中禁用它。"
|
||||
"anonymizer_notification": "<0>注意:</0>IP 匿名化被啟用。您可在<1>一般設定</1>中禁用它。",
|
||||
"confirm_dns_cache_clear": "您確定您想要清除 DNS 快取嗎?",
|
||||
"cache_cleared": "DNS 快取被成功地清除",
|
||||
"clear_cache": "清除快取"
|
||||
}
|
||||
|
||||
@@ -1,4 +1,5 @@
|
||||
import { createAction } from 'redux-actions';
|
||||
import i18next from 'i18next';
|
||||
|
||||
import apiClient from '../api/Api';
|
||||
import { splitByNewLine } from '../helpers/helpers';
|
||||
@@ -19,6 +20,22 @@ export const getDnsConfig = () => async (dispatch) => {
|
||||
}
|
||||
};
|
||||
|
||||
export const clearDnsCacheRequest = createAction('CLEAR_DNS_CACHE_REQUEST');
|
||||
export const clearDnsCacheFailure = createAction('CLEAR_DNS_CACHE_FAILURE');
|
||||
export const clearDnsCacheSuccess = createAction('CLEAR_DNS_CACHE_SUCCESS');
|
||||
|
||||
export const clearDnsCache = () => async (dispatch) => {
|
||||
dispatch(clearDnsCacheRequest());
|
||||
try {
|
||||
const data = await apiClient.clearCache();
|
||||
dispatch(clearDnsCacheSuccess(data));
|
||||
dispatch(addSuccessToast(i18next.t('cache_cleared')));
|
||||
} catch (error) {
|
||||
dispatch(addErrorToast({ error }));
|
||||
dispatch(clearDnsCacheFailure());
|
||||
}
|
||||
};
|
||||
|
||||
export const setDnsConfigRequest = createAction('SET_DNS_CONFIG_REQUEST');
|
||||
export const setDnsConfigFailure = createAction('SET_DNS_CONFIG_FAILURE');
|
||||
export const setDnsConfigSuccess = createAction('SET_DNS_CONFIG_SUCCESS');
|
||||
|
||||
@@ -41,6 +41,12 @@ export const setTlsConfig = (config) => async (dispatch, getState) => {
|
||||
response.certificate_chain = atob(response.certificate_chain);
|
||||
response.private_key = atob(response.private_key);
|
||||
|
||||
if (values.enabled && values.force_https && window.location.protocol === 'http:') {
|
||||
window.location.reload();
|
||||
return;
|
||||
}
|
||||
redirectToCurrentProtocol(response, httpPort);
|
||||
|
||||
const dnsStatus = await apiClient.getGlobalStatus();
|
||||
if (dnsStatus) {
|
||||
dispatch(dnsStatusSuccess(dnsStatus));
|
||||
@@ -48,7 +54,6 @@ export const setTlsConfig = (config) => async (dispatch, getState) => {
|
||||
|
||||
dispatch(setTlsConfigSuccess(response));
|
||||
dispatch(addSuccessToast('encryption_config_saved'));
|
||||
redirectToCurrentProtocol(response, httpPort);
|
||||
} catch (error) {
|
||||
dispatch(addErrorToast({ error }));
|
||||
dispatch(setTlsConfigFailure());
|
||||
|
||||
@@ -593,6 +593,14 @@ class Api {
|
||||
};
|
||||
return this.makeRequest(path, method, config);
|
||||
}
|
||||
|
||||
// Cache
|
||||
CLEAR_CACHE = { path: 'cache_clear', method: 'POST' };
|
||||
|
||||
clearCache() {
|
||||
const { path, method } = this.CLEAR_CACHE;
|
||||
return this.makeRequest(path, method);
|
||||
}
|
||||
}
|
||||
|
||||
const apiClient = new Api();
|
||||
|
||||
@@ -155,7 +155,7 @@ const Form = (props) => {
|
||||
name={FORM_NAMES.search}
|
||||
component={renderFilterField}
|
||||
type="text"
|
||||
className={classNames('form-control--search form-control--transparent', className)}
|
||||
className={classNames('form-control form-control--search form-control--transparent', className)}
|
||||
placeholder={t('domain_or_client')}
|
||||
tooltip={t('query_log_strict_search')}
|
||||
onClearInputClick={onInputClear}
|
||||
|
||||
@@ -103,14 +103,12 @@
|
||||
}
|
||||
|
||||
.form-control--search {
|
||||
box-shadow: 0 1px 0 #ddd;
|
||||
padding: 0 2.5rem;
|
||||
height: 2.25rem;
|
||||
flex-grow: 1;
|
||||
}
|
||||
|
||||
.form-control--transparent {
|
||||
border: 0 solid transparent !important;
|
||||
background-color: transparent !important;
|
||||
}
|
||||
|
||||
@@ -174,10 +172,8 @@
|
||||
display: inline-flex;
|
||||
align-items: center;
|
||||
justify-content: center;
|
||||
|
||||
--size: 2.5rem;
|
||||
width: var(--size);
|
||||
height: var(--size);
|
||||
width: 2.5rem;
|
||||
height: 2.5rem;
|
||||
padding: 0;
|
||||
margin-left: 0.9375rem;
|
||||
background-color: transparent;
|
||||
@@ -474,7 +470,7 @@
|
||||
|
||||
.filteringRules__filter {
|
||||
font-style: italic;
|
||||
font-weight: normal;
|
||||
font-weight: 400;
|
||||
margin-bottom: 1rem;
|
||||
}
|
||||
|
||||
|
||||
@@ -11,12 +11,13 @@ import Select from 'react-select';
|
||||
import i18n from '../../../i18n';
|
||||
import Tabs from '../../ui/Tabs';
|
||||
import Examples from '../Dns/Upstream/Examples';
|
||||
import { toggleAllServices } from '../../../helpers/helpers';
|
||||
import { toggleAllServices, trimLinesAndRemoveEmpty } from '../../../helpers/helpers';
|
||||
import {
|
||||
renderInputField,
|
||||
renderGroupField,
|
||||
CheckboxField,
|
||||
renderServiceField,
|
||||
renderTextareaField,
|
||||
} from '../../../helpers/form';
|
||||
import { validateClientId, validateRequiredValue } from '../../../helpers/validators';
|
||||
import { CLIENT_ID_LINK, FORM_NAME } from '../../../helpers/constants';
|
||||
@@ -230,10 +231,11 @@ let Form = (props) => {
|
||||
<Field
|
||||
id="upstreams"
|
||||
name="upstreams"
|
||||
component="textarea"
|
||||
component={renderTextareaField}
|
||||
type="text"
|
||||
className="form-control form-control--textarea mb-5"
|
||||
placeholder={t('upstream_dns')}
|
||||
normalizeOnBlur={trimLinesAndRemoveEmpty}
|
||||
/>
|
||||
<Examples />
|
||||
</div>,
|
||||
|
||||
@@ -74,7 +74,6 @@ const FormDHCPv4 = ({
|
||||
className="form-control"
|
||||
placeholder={t(ipv4placeholders.subnet_mask)}
|
||||
validate={[
|
||||
validateIpv4,
|
||||
validateRequired,
|
||||
validateGatewaySubnetMask,
|
||||
]}
|
||||
@@ -97,7 +96,6 @@ const FormDHCPv4 = ({
|
||||
placeholder={t(ipv4placeholders.range_start)}
|
||||
validate={[
|
||||
validateIpv4,
|
||||
validateGatewaySubnetMask,
|
||||
validateIpForGatewaySubnetMask,
|
||||
]}
|
||||
disabled={!isInterfaceIncludesIpv4}
|
||||
@@ -113,7 +111,6 @@ const FormDHCPv4 = ({
|
||||
validate={[
|
||||
validateIpv4,
|
||||
validateIpv4RangeEnd,
|
||||
validateGatewaySubnetMask,
|
||||
validateIpForGatewaySubnetMask,
|
||||
]}
|
||||
disabled={!isInterfaceIncludesIpv4}
|
||||
|
||||
@@ -2,10 +2,12 @@ import React from 'react';
|
||||
import PropTypes from 'prop-types';
|
||||
import { Field, reduxForm } from 'redux-form';
|
||||
import { Trans, useTranslation } from 'react-i18next';
|
||||
import { shallowEqual, useSelector } from 'react-redux';
|
||||
import { shallowEqual, useDispatch, useSelector } from 'react-redux';
|
||||
|
||||
import { renderInputField, toNumber, CheckboxField } from '../../../../helpers/form';
|
||||
import { CACHE_CONFIG_FIELDS, FORM_NAME, UINT32_RANGE } from '../../../../helpers/constants';
|
||||
import { replaceZeroWithEmptyString } from '../../../../helpers/helpers';
|
||||
import { clearDnsCache } from '../../../../actions/dnsConfig';
|
||||
|
||||
const INPUTS_FIELDS = [
|
||||
{
|
||||
@@ -32,6 +34,7 @@ const Form = ({
|
||||
handleSubmit, submitting, invalid,
|
||||
}) => {
|
||||
const { t } = useTranslation();
|
||||
const dispatch = useDispatch();
|
||||
|
||||
const { processingSetConfig } = useSelector((state) => state.dnsConfig, shallowEqual);
|
||||
const {
|
||||
@@ -40,6 +43,12 @@ const Form = ({
|
||||
|
||||
const minExceedsMax = cache_ttl_min > cache_ttl_max;
|
||||
|
||||
const handleClearCache = () => {
|
||||
if (window.confirm(t('confirm_dns_cache_clear'))) {
|
||||
dispatch(clearDnsCache());
|
||||
}
|
||||
};
|
||||
|
||||
return <form onSubmit={handleSubmit}>
|
||||
<div className="row">
|
||||
{INPUTS_FIELDS.map(({
|
||||
@@ -97,6 +106,13 @@ const Form = ({
|
||||
>
|
||||
<Trans>save_btn</Trans>
|
||||
</button>
|
||||
<button
|
||||
type="button"
|
||||
className="btn btn-outline-secondary btn-standard form__button"
|
||||
onClick={handleClearCache}
|
||||
>
|
||||
<Trans>clear_cache</Trans>
|
||||
</button>
|
||||
</form>;
|
||||
};
|
||||
|
||||
|
||||
@@ -56,6 +56,26 @@ const clearFields = (change, setTlsConfig, t) => {
|
||||
}
|
||||
};
|
||||
|
||||
const validationMessage = (warningValidation, isWarning) => {
|
||||
if (!warningValidation) {
|
||||
return null;
|
||||
}
|
||||
|
||||
if (isWarning) {
|
||||
return (
|
||||
<div className="col-12">
|
||||
<p><Trans>encryption_warning</Trans>: {warningValidation}</p>
|
||||
</div>
|
||||
);
|
||||
}
|
||||
|
||||
return (
|
||||
<div className="col-12">
|
||||
<p className="text-danger">{warningValidation}</p>
|
||||
</div>
|
||||
);
|
||||
};
|
||||
|
||||
let Form = (props) => {
|
||||
const {
|
||||
t,
|
||||
@@ -95,6 +115,8 @@ let Form = (props) => {
|
||||
|| !valid_cert
|
||||
|| !valid_pair;
|
||||
|
||||
const isWarning = valid_key && valid_cert && valid_pair;
|
||||
|
||||
return (
|
||||
<form onSubmit={handleSubmit}>
|
||||
<div className="row">
|
||||
@@ -382,11 +404,7 @@ let Form = (props) => {
|
||||
)}
|
||||
</div>
|
||||
</div>
|
||||
{warning_validation && (
|
||||
<div className="col-12">
|
||||
<p className="text-danger">{warning_validation}</p>
|
||||
</div>
|
||||
)}
|
||||
{validationMessage(warning_validation, isWarning)}
|
||||
</div>
|
||||
|
||||
<div className="btn-list mt-2">
|
||||
|
||||
@@ -390,6 +390,7 @@ export const SPECIAL_FILTER_ID = {
|
||||
PARENTAL: -3,
|
||||
SAFE_BROWSING: -4,
|
||||
SAFE_SEARCH: -5,
|
||||
REWRITES: -6,
|
||||
};
|
||||
|
||||
export const BLOCK_ACTIONS = {
|
||||
|
||||
@@ -26,199 +26,229 @@ export default {
|
||||
"name": "1Hosts (Lite)",
|
||||
"categoryId": "general",
|
||||
"homepage": "https://badmojr.github.io/1Hosts/",
|
||||
"source": "https://badmojr.gitlab.io/1hosts/Lite/adblock.txt"
|
||||
"source": "https://adguardteam.github.io/HostlistsRegistry/assets/filter_24.txt"
|
||||
},
|
||||
"1hosts_mini": {
|
||||
"name": "1Hosts (mini)",
|
||||
"categoryId": "general",
|
||||
"homepage": "https://badmojr.github.io/1Hosts/",
|
||||
"source": "https://adguardteam.github.io/HostlistsRegistry/assets/filter_38.txt"
|
||||
},
|
||||
"CHN_adrules": {
|
||||
"name": "CHN: AdRules DNS List",
|
||||
"categoryId": "regional",
|
||||
"homepage": "https://github.com/Cats-Team/AdRules",
|
||||
"source": "https://raw.githubusercontent.com/Cats-Team/AdRules/main/dns.txt"
|
||||
"source": "https://adguardteam.github.io/HostlistsRegistry/assets/filter_29.txt"
|
||||
},
|
||||
"CHN_anti_ad": {
|
||||
"name": "CHN: anti-AD",
|
||||
"categoryId": "regional",
|
||||
"homepage": "https://anti-ad.net/",
|
||||
"source": "https://anti-ad.net/easylist.txt"
|
||||
"source": "https://adguardteam.github.io/HostlistsRegistry/assets/filter_21.txt"
|
||||
},
|
||||
"HUN_hufilter": {
|
||||
"name": "HUN: Hufilter",
|
||||
"categoryId": "regional",
|
||||
"homepage": "https://github.com/hufilter/hufilter",
|
||||
"source": "https://adguardteam.github.io/HostlistsRegistry/assets/filter_35.txt"
|
||||
},
|
||||
"IDN_abpindo": {
|
||||
"name": "IDN: ABPindo",
|
||||
"categoryId": "regional",
|
||||
"homepage": "https://github.com/ABPindo/indonesianadblockrules",
|
||||
"source": "https://raw.githubusercontent.com/ABPindo/indonesianadblockrules/master/subscriptions/aghome.txt"
|
||||
"source": "https://adguardteam.github.io/HostlistsRegistry/assets/filter_22.txt"
|
||||
},
|
||||
"IRN_unwanted_iranian_domains": {
|
||||
"name": "IRN: PersianBlocker list",
|
||||
"categoryId": "regional",
|
||||
"homepage": "https://github.com/MasterKia/PersianBlocker",
|
||||
"source": "https://raw.githubusercontent.com/MasterKia/PersianBlocker/main/PersianBlockerHosts.txt"
|
||||
"source": "https://adguardteam.github.io/HostlistsRegistry/assets/filter_19.txt"
|
||||
},
|
||||
"ITA_filtri_dns": {
|
||||
"name": "ITA: Filtri-DNS",
|
||||
"categoryId": "regional",
|
||||
"homepage": "https://filtri-dns.ga/",
|
||||
"source": "https://filtri-dns.ga/filtri.txt"
|
||||
"source": "https://adguardteam.github.io/HostlistsRegistry/assets/filter_18.txt"
|
||||
},
|
||||
"KOR_list_kr": {
|
||||
"name": "KOR: List-KR DNS",
|
||||
"categoryId": "regional",
|
||||
"homepage": "https://github.com/List-KR/List-KR",
|
||||
"source": "https://github.com/List-KR/List-KR"
|
||||
"source": "https://adguardteam.github.io/HostlistsRegistry/assets/filter_25.txt"
|
||||
},
|
||||
"KOR_youslist": {
|
||||
"name": "KOR: YousList",
|
||||
"categoryId": "regional",
|
||||
"homepage": "https://github.com/yous/YousList",
|
||||
"source": "https://raw.githubusercontent.com/yous/YousList/master/hosts.txt"
|
||||
"source": "https://adguardteam.github.io/HostlistsRegistry/assets/filter_15.txt"
|
||||
},
|
||||
"LIT_easylist_lithuania": {
|
||||
"name": "LIT: EasyList Lithuania",
|
||||
"categoryId": "regional",
|
||||
"homepage": "https://github.com/EasyList-Lithuania/easylist_lithuania",
|
||||
"source": "https://adguardteam.github.io/HostlistsRegistry/assets/filter_36.txt"
|
||||
},
|
||||
"MKD_macedonian_pi_hole_blocklist": {
|
||||
"name": "MKD: Macedonian Pi-hole Blocklist",
|
||||
"categoryId": "regional",
|
||||
"homepage": "https://github.com/cchevy/macedonian-pi-hole-blocklist",
|
||||
"source": "https://raw.githubusercontent.com/cchevy/macedonian-pi-hole-blocklist/master/hosts.txt"
|
||||
"source": "https://adguardteam.github.io/HostlistsRegistry/assets/filter_20.txt"
|
||||
},
|
||||
"NOR_dandelion_sprouts_anti_malware_list": {
|
||||
"name": "NOR: Dandelion Sprouts nordiske filtre",
|
||||
"categoryId": "regional",
|
||||
"homepage": "https://github.com/DandelionSprout/adfilt",
|
||||
"source": "https://raw.githubusercontent.com/DandelionSprout/adfilt/master/NorwegianExperimentalList%20alternate%20versions/NordicFiltersAdGuardHome.txt"
|
||||
"source": "https://adguardteam.github.io/HostlistsRegistry/assets/filter_13.txt"
|
||||
},
|
||||
"POL_polish_filters_for_pi_hole": {
|
||||
"name": "POL: Polish filters for Pi hole",
|
||||
"categoryId": "regional",
|
||||
"homepage": "https://www.certyficate.it/",
|
||||
"source": "https://raw.githubusercontent.com/MajkiIT/polish-ads-filter/master/polish-pihole-filters/hostfile.txt"
|
||||
"source": "https://adguardteam.github.io/HostlistsRegistry/assets/filter_14.txt"
|
||||
},
|
||||
"SWE_frellwit_swedish_hosts_file": {
|
||||
"name": "SWE: Frellwit's Swedish Hosts File",
|
||||
"categoryId": "regional",
|
||||
"homepage": "https://github.com/lassekongo83/Frellwits-filter-lists/",
|
||||
"source": "https://raw.githubusercontent.com/lassekongo83/Frellwits-filter-lists/master/Frellwits-Swedish-Hosts-File.txt"
|
||||
"source": "https://adguardteam.github.io/HostlistsRegistry/assets/filter_17.txt"
|
||||
},
|
||||
"TUR_turk_adlist": {
|
||||
"name": "TUR: turk-adlist",
|
||||
"categoryId": "regional",
|
||||
"homepage": "https://github.com/bkrucarci/turk-adlist",
|
||||
"source": "https://raw.githubusercontent.com/bkrucarci/turk-adlist/master/hosts"
|
||||
"source": "https://adguardteam.github.io/HostlistsRegistry/assets/filter_26.txt"
|
||||
},
|
||||
"VNM_abpvn": {
|
||||
"name": "VNM: ABPVN List",
|
||||
"categoryId": "regional",
|
||||
"homepage": "http://abpvn.com/",
|
||||
"source": "https://abpvn.com/android/abpvn.txt"
|
||||
"source": "https://adguardteam.github.io/HostlistsRegistry/assets/filter_16.txt"
|
||||
},
|
||||
"adguard_dns_filter": {
|
||||
"name": "AdGuard DNS filter",
|
||||
"categoryId": "general",
|
||||
"homepage": "https://github.com/AdguardTeam/AdGuardSDNSFilter",
|
||||
"source": "https://adguardteam.github.io/AdGuardSDNSFilter/Filters/filter.txt"
|
||||
"source": "https://adguardteam.github.io/HostlistsRegistry/assets/filter_1.txt"
|
||||
},
|
||||
"adway_default_blocklist": {
|
||||
"name": "AdAway Default Blocklist",
|
||||
"categoryId": "general",
|
||||
"homepage": "https://github.com/AdAway/adaway.github.io/",
|
||||
"source": "https://adaway.org/hosts.txt"
|
||||
"source": "https://adguardteam.github.io/HostlistsRegistry/assets/filter_2.txt"
|
||||
},
|
||||
"curben_phishing_filter": {
|
||||
"name": "Phishing URL Blocklist (PhishTank and OpenPhish)",
|
||||
"categoryId": "security",
|
||||
"homepage": "https://gitlab.com/malware-filter/phishing-filter",
|
||||
"source": "https://malware-filter.gitlab.io/malware-filter/phishing-filter-agh.txt"
|
||||
"source": "https://adguardteam.github.io/HostlistsRegistry/assets/filter_30.txt"
|
||||
},
|
||||
"dan_pollocks_list": {
|
||||
"name": "Dan Pollock's List",
|
||||
"categoryId": "general",
|
||||
"homepage": "https://someonewhocares.org/",
|
||||
"source": "https://someonewhocares.org/hosts/zero/hosts"
|
||||
"source": "https://adguardteam.github.io/HostlistsRegistry/assets/filter_4.txt"
|
||||
},
|
||||
"dandelion_sprouts_anti_malware_list": {
|
||||
"name": "Dandelion Sprout's Anti-Malware List",
|
||||
"categoryId": "security",
|
||||
"homepage": "https://github.com/DandelionSprout/adfilt",
|
||||
"source": "https://raw.githubusercontent.com/DandelionSprout/adfilt/master/Alternate%20versions%20Anti-Malware%20List/AntiMalwareAdGuardHome.txt"
|
||||
"source": "https://adguardteam.github.io/HostlistsRegistry/assets/filter_12.txt"
|
||||
},
|
||||
"dandelion_sprouts_game_console_adblock_list": {
|
||||
"name": "Dandelion Sprout's Game Console Adblock List",
|
||||
"categoryId": "other",
|
||||
"homepage": "https://github.com/DandelionSprout/adfilt",
|
||||
"source": "https://raw.githubusercontent.com/DandelionSprout/adfilt/master/GameConsoleAdblockList.txt"
|
||||
"source": "https://adguardteam.github.io/HostlistsRegistry/assets/filter_6.txt"
|
||||
},
|
||||
"energized_spark": {
|
||||
"name": "Energized Spark",
|
||||
"categoryId": "general",
|
||||
"homepage": "https://energized.pro/",
|
||||
"source": "https://block.energized.pro/spark/formats/filter"
|
||||
"source": "https://adguardteam.github.io/HostlistsRegistry/assets/filter_28.txt"
|
||||
},
|
||||
"hagezi_personal": {
|
||||
"name": "HaGeZi Personal Black \u0026 White",
|
||||
"categoryId": "general",
|
||||
"homepage": "https://github.com/hagezi/dns-blocklists",
|
||||
"source": "https://adguardteam.github.io/HostlistsRegistry/assets/filter_34.txt"
|
||||
},
|
||||
"no_google": {
|
||||
"name": "No Google",
|
||||
"categoryId": "other",
|
||||
"homepage": "https://github.com/nickspaargaren/no-google",
|
||||
"source": "https://adguardteam.github.io/HostlistsRegistry/assets/filter_37.txt"
|
||||
},
|
||||
"nocoin_filter_list": {
|
||||
"name": "NoCoin Filter List",
|
||||
"categoryId": "security",
|
||||
"homepage": "https://github.com/hoshsadiq/adblock-nocoin-list/",
|
||||
"source": "https://raw.githubusercontent.com/hoshsadiq/adblock-nocoin-list/master/hosts.txt"
|
||||
"source": "https://adguardteam.github.io/HostlistsRegistry/assets/filter_8.txt"
|
||||
},
|
||||
"notracking_hosts_blocklists": {
|
||||
"name": "The NoTracking blocklist",
|
||||
"categoryId": "general",
|
||||
"homepage": "https://github.com/notracking/hosts-blocklists",
|
||||
"source": "https://raw.githubusercontent.com/notracking/hosts-blocklists/master/adblock/adblock.txt"
|
||||
"source": "https://adguardteam.github.io/HostlistsRegistry/assets/filter_32.txt"
|
||||
},
|
||||
"oisd_basic": {
|
||||
"name": "OISD Blocklist Basic",
|
||||
"categoryId": "general",
|
||||
"homepage": "https://oisd.nl/",
|
||||
"source": "https://abp.oisd.nl/basic/"
|
||||
"source": "https://adguardteam.github.io/HostlistsRegistry/assets/filter_5.txt"
|
||||
},
|
||||
"oisd_full": {
|
||||
"name": "OISD Blocklist Full",
|
||||
"categoryId": "general",
|
||||
"homepage": "https://oisd.nl/",
|
||||
"source": "https://abp.oisd.nl/"
|
||||
"source": "https://adguardteam.github.io/HostlistsRegistry/assets/filter_27.txt"
|
||||
},
|
||||
"perflyst_dandelion_sprout_smart_tv_blocklist_for_adguard_home": {
|
||||
"name": "Perflyst and Dandelion Sprout's Smart-TV Blocklist",
|
||||
"categoryId": "other",
|
||||
"homepage": "https://github.com/Perflyst/PiHoleBlocklist",
|
||||
"source": "https://raw.githubusercontent.com/Perflyst/PiHoleBlocklist/master/SmartTV-AGH.txt"
|
||||
"source": "https://adguardteam.github.io/HostlistsRegistry/assets/filter_7.txt"
|
||||
},
|
||||
"peter_lowe_list": {
|
||||
"name": "Peter Lowe's Blocklist",
|
||||
"categoryId": "general",
|
||||
"homepage": "https://pgl.yoyo.org/adservers/",
|
||||
"source": "https://pgl.yoyo.org/adservers/serverlist.php?hostformat=adblockplus\u0026showintro=1\u0026mimetype=plaintext"
|
||||
"source": "https://adguardteam.github.io/HostlistsRegistry/assets/filter_3.txt"
|
||||
},
|
||||
"scam_blocklist_by_durablenapkin": {
|
||||
"name": "Scam Blocklist by DurableNapkin",
|
||||
"categoryId": "security",
|
||||
"homepage": "https://github.com/durablenapkin/scamblocklist",
|
||||
"source": "https://raw.githubusercontent.com/durablenapkin/scamblocklist/master/adguard.txt"
|
||||
"source": "https://adguardteam.github.io/HostlistsRegistry/assets/filter_10.txt"
|
||||
},
|
||||
"staklerware_indicators_list": {
|
||||
"name": "Stalkerware Indicators List",
|
||||
"categoryId": "security",
|
||||
"homepage": "https://github.com/AssoEchap/stalkerware-indicators",
|
||||
"source": "https://raw.githubusercontent.com/AssoEchap/stalkerware-indicators/master/generated/hosts"
|
||||
"source": "https://adguardteam.github.io/HostlistsRegistry/assets/filter_31.txt"
|
||||
},
|
||||
"steven_blacks_list": {
|
||||
"name": "Steven Black's List",
|
||||
"categoryId": "general",
|
||||
"homepage": "https://github.com/StevenBlack/hosts",
|
||||
"source": "https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts"
|
||||
"source": "https://adguardteam.github.io/HostlistsRegistry/assets/filter_33.txt"
|
||||
},
|
||||
"the_big_list_of_hacked_malware_web_sites": {
|
||||
"name": "The Big List of Hacked Malware Web Sites",
|
||||
"categoryId": "security",
|
||||
"homepage": "https://github.com/mitchellkrogza/The-Big-List-of-Hacked-Malware-Web-Sites",
|
||||
"source": "https://raw.githubusercontent.com/mitchellkrogza/The-Big-List-of-Hacked-Malware-Web-Sites/master/hosts"
|
||||
"source": "https://adguardteam.github.io/HostlistsRegistry/assets/filter_9.txt"
|
||||
},
|
||||
"urlhaus_filter_online": {
|
||||
"name": "Malicious URL Blocklist (URLHaus)",
|
||||
"categoryId": "security",
|
||||
"homepage": "https://gitlab.com/malware-filter/urlhaus-filter",
|
||||
"source": "https://malware-filter.gitlab.io/malware-filter/urlhaus-filter-agh.txt"
|
||||
"source": "https://adguardteam.github.io/HostlistsRegistry/assets/filter_11.txt"
|
||||
},
|
||||
"windowsspyblocker_hosts_spy_rules": {
|
||||
"name": "WindowsSpyBlocker - Hosts spy rules",
|
||||
"categoryId": "other",
|
||||
"homepage": "https://github.com/crazy-max/WindowsSpyBlocker",
|
||||
"source": "https://raw.githubusercontent.com/crazy-max/WindowsSpyBlocker/master/data/hosts/spy.txt"
|
||||
"source": "https://adguardteam.github.io/HostlistsRegistry/assets/filter_23.txt"
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -77,11 +77,11 @@ export const validateNotInRange = (value, allValues) => {
|
||||
const { range_start, range_end } = allValues.v4;
|
||||
|
||||
if (range_start && validateIpv4(range_start)) {
|
||||
return 'form_error_ip4_range_start_format';
|
||||
return undefined;
|
||||
}
|
||||
|
||||
if (range_end && validateIpv4(range_end)) {
|
||||
return 'form_error_ip4_range_end_format';
|
||||
return undefined;
|
||||
}
|
||||
|
||||
const isAboveMin = range_start && ip4ToInt(value) >= ip4ToInt(range_start);
|
||||
@@ -94,14 +94,6 @@ export const validateNotInRange = (value, allValues) => {
|
||||
});
|
||||
}
|
||||
|
||||
if (!range_end && isAboveMin) {
|
||||
return 'lower_range_start_error';
|
||||
}
|
||||
|
||||
if (!range_start && isBelowMax) {
|
||||
return 'greater_range_end_error';
|
||||
}
|
||||
|
||||
return undefined;
|
||||
};
|
||||
|
||||
@@ -118,7 +110,7 @@ export const validateGatewaySubnetMask = (_, allValues) => {
|
||||
const { subnet_mask, gateway_ip } = allValues.v4;
|
||||
|
||||
if (validateIpv4(gateway_ip)) {
|
||||
return 'form_error_ip4_gateway_format';
|
||||
return 'gateway_or_subnet_invalid';
|
||||
}
|
||||
|
||||
return parseSubnetMask(subnet_mask) ? undefined : 'gateway_or_subnet_invalid';
|
||||
@@ -138,6 +130,10 @@ export const validateIpForGatewaySubnetMask = (value, allValues) => {
|
||||
gateway_ip, subnet_mask,
|
||||
} = allValues.v4;
|
||||
|
||||
if ((gateway_ip && validateIpv4(gateway_ip)) || (subnet_mask && validateIpv4(subnet_mask))) {
|
||||
return undefined;
|
||||
}
|
||||
|
||||
const subnetPrefix = parseSubnetMask(subnet_mask);
|
||||
|
||||
if (!isIpInCidr(value, `${gateway_ip}/${subnetPrefix}`)) {
|
||||
|
||||
15
go.mod
15
go.mod
@@ -3,7 +3,7 @@ module github.com/AdguardTeam/AdGuardHome
|
||||
go 1.18
|
||||
|
||||
require (
|
||||
github.com/AdguardTeam/dnsproxy v0.46.2
|
||||
github.com/AdguardTeam/dnsproxy v0.46.5
|
||||
github.com/AdguardTeam/golibs v0.11.3
|
||||
github.com/AdguardTeam/urlfilter v0.16.0
|
||||
github.com/NYTimes/gziphandler v1.1.1
|
||||
@@ -18,7 +18,7 @@ require (
|
||||
github.com/google/uuid v1.3.0
|
||||
github.com/insomniacslk/dhcp v0.0.0-20221001123530-5308ebe5334c
|
||||
github.com/kardianos/service v1.2.2
|
||||
github.com/lucas-clemente/quic-go v0.29.2
|
||||
github.com/lucas-clemente/quic-go v0.31.0
|
||||
github.com/mdlayher/ethernet v0.0.0-20220221185849-529eae5b6118
|
||||
github.com/mdlayher/netlink v1.6.2
|
||||
// TODO(a.garipov): This package is deprecated; find a new one or use
|
||||
@@ -30,8 +30,8 @@ require (
|
||||
go.etcd.io/bbolt v1.3.6
|
||||
golang.org/x/crypto v0.1.0
|
||||
golang.org/x/exp v0.0.0-20221106115401-f9659909a136
|
||||
golang.org/x/net v0.1.0
|
||||
golang.org/x/sys v0.2.0
|
||||
golang.org/x/net v0.4.0
|
||||
golang.org/x/sys v0.3.0
|
||||
gopkg.in/natefinch/lumberjack.v2 v2.0.0
|
||||
gopkg.in/yaml.v3 v3.0.1
|
||||
howett.net/plist v1.0.0
|
||||
@@ -47,23 +47,20 @@ require (
|
||||
github.com/davecgh/go-spew v1.1.1 // indirect
|
||||
github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0 // indirect
|
||||
github.com/golang/mock v1.6.0 // indirect
|
||||
github.com/google/pprof v0.0.0-20210407192527-94a9f03dee38 // indirect
|
||||
github.com/josharian/native v1.0.0 // indirect
|
||||
github.com/marten-seemann/qpack v0.3.0 // indirect
|
||||
github.com/marten-seemann/qtls-go1-18 v0.1.3 // indirect
|
||||
github.com/marten-seemann/qtls-go1-19 v0.1.1 // indirect
|
||||
github.com/mdlayher/packet v1.0.0 // indirect
|
||||
github.com/mdlayher/socket v0.2.3 // indirect
|
||||
github.com/nxadm/tail v1.4.8 // indirect
|
||||
github.com/onsi/ginkgo v1.16.5 // indirect
|
||||
github.com/onsi/ginkgo/v2 v2.5.0 // indirect
|
||||
github.com/onsi/gomega v1.24.0 // indirect
|
||||
github.com/patrickmn/go-cache v2.1.0+incompatible // indirect
|
||||
github.com/pkg/errors v0.9.1 // indirect
|
||||
github.com/pmezard/go-difflib v1.0.0 // indirect
|
||||
github.com/u-root/uio v0.0.0-20220204230159-dac05f7d2cb4 // indirect
|
||||
golang.org/x/mod v0.6.0 // indirect
|
||||
golang.org/x/sync v0.1.0 // indirect
|
||||
golang.org/x/text v0.4.0 // indirect
|
||||
golang.org/x/text v0.5.0 // indirect
|
||||
golang.org/x/tools v0.2.0 // indirect
|
||||
gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 // indirect
|
||||
)
|
||||
|
||||
72
go.sum
72
go.sum
@@ -1,5 +1,5 @@
|
||||
github.com/AdguardTeam/dnsproxy v0.46.2 h1:ZUKM713Ts5meYQqk6cJkUBMCFSWqFPXTgjXkN4RI1Vo=
|
||||
github.com/AdguardTeam/dnsproxy v0.46.2/go.mod h1:PAmRzFqls0E92XTglyY2ESAqMAzZJhHKErG1ZpRnpjA=
|
||||
github.com/AdguardTeam/dnsproxy v0.46.5 h1:TiJZhwaIDDaKkqEfJ9AD9aroFjcHN8oEbKB8WfTjSIs=
|
||||
github.com/AdguardTeam/dnsproxy v0.46.5/go.mod h1:yKBVgFlE6CqTQtye++3e7SATaMPc4Ixij+KkHsM6HhM=
|
||||
github.com/AdguardTeam/golibs v0.4.0/go.mod h1:skKsDKIBB7kkFflLJBpfGX+G8QFTx0WKUzB6TIgtUj4=
|
||||
github.com/AdguardTeam/golibs v0.10.4/go.mod h1:rSfQRGHIdgfxriDDNgNJ7HmE5zRoURq8R+VdR81Zuzw=
|
||||
github.com/AdguardTeam/golibs v0.11.3 h1:Oif+REq2WLycQ2Xm3ZPmJdfftptss0HbGWbxdFaC310=
|
||||
@@ -25,6 +25,9 @@ github.com/beefsack/go-rate v0.0.0-20220214233405-116f4ca011a0 h1:0b2vaepXIfMsG+
|
||||
github.com/beefsack/go-rate v0.0.0-20220214233405-116f4ca011a0/go.mod h1:6YNgTHLutezwnBvyneBbwvB8C82y3dcoOj5EQJIdGXA=
|
||||
github.com/bluele/gcache v0.0.2 h1:WcbfdXICg7G/DGBh1PFfcirkWOQV+v077yF1pSy3DGw=
|
||||
github.com/bluele/gcache v0.0.2/go.mod h1:m15KV+ECjptwSPxKhOhQoAFQVtUFjTVkc3H8o0t/fp0=
|
||||
github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI=
|
||||
github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI=
|
||||
github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU=
|
||||
github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
|
||||
github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
|
||||
github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
|
||||
@@ -34,8 +37,6 @@ github.com/digineo/go-ipset/v2 v2.2.1/go.mod h1:wBsNzJlZlABHUITkesrggFnZQtgW5wkq
|
||||
github.com/dimfeld/httptreemux/v5 v5.5.0 h1:p8jkiMrCuZ0CmhwYLcbNbl7DDo21fozhKHQ2PccwOFQ=
|
||||
github.com/dimfeld/httptreemux/v5 v5.5.0/go.mod h1:QeEylH57C0v3VO0tkKraVz9oD3Uu93CKPnTLbsidvSw=
|
||||
github.com/fanliao/go-promise v0.0.0-20141029170127-1890db352a72/go.mod h1:PjfxuH4FZdUyfMdtBio2lsRr1AKEaVPwelzuHuh8Lqc=
|
||||
github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo=
|
||||
github.com/fsnotify/fsnotify v1.4.9/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4IgpuI1SZQ=
|
||||
github.com/fsnotify/fsnotify v1.6.0 h1:n+5WquG0fcWoWp6xPWfHdbskMCQaFnG6PfBrh1Ky4HY=
|
||||
github.com/fsnotify/fsnotify v1.6.0/go.mod h1:sl3t1tCWJFWoRz9R8WJCbQihKKwmorjAbSClcnxKAGw=
|
||||
github.com/go-logr/logr v1.2.3 h1:2DntVwHkVopvECVRSlL5PSo9eG+cAkDCuckLubN+rq0=
|
||||
@@ -47,13 +48,6 @@ github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0 h1:p104kn46Q8Wd
|
||||
github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0/go.mod h1:fyg7847qk6SyHyPtNmDHnmrv/HOrqktSC+C9fM+CJOE=
|
||||
github.com/golang/mock v1.6.0 h1:ErTB+efbowRARo13NNdxyJji2egdxLGQhRaY+DUumQc=
|
||||
github.com/golang/mock v1.6.0/go.mod h1:p6yTPP+5HYm5mzsMV8JkE6ZKdX+/wYM6Hr+LicevLPs=
|
||||
github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
|
||||
github.com/golang/protobuf v1.4.0-rc.1/go.mod h1:ceaxUfeHdC40wWswd/P6IGgMaK3YpKi5j83Wpe3EHw8=
|
||||
github.com/golang/protobuf v1.4.0-rc.1.0.20200221234624-67d41d38c208/go.mod h1:xKAWHe0F5eneWXFV3EuXVDTCmh+JuBKY0li0aMyXATA=
|
||||
github.com/golang/protobuf v1.4.0-rc.2/go.mod h1:LlEzMj4AhA7rCAGe4KMBDvJI+AwstrUpVNzEA03Pprs=
|
||||
github.com/golang/protobuf v1.4.0-rc.4.0.20200313231945-b860323f09d0/go.mod h1:WU3c8KckQ9AFe+yFwt9sWVRKCVIyN9cPHBJSNnbL67w=
|
||||
github.com/golang/protobuf v1.4.0/go.mod h1:jodUvKwWbYaEsadDk5Fwe5c77LiNKVO9IDvqG2KuDX0=
|
||||
github.com/golang/protobuf v1.4.2/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI=
|
||||
github.com/golang/protobuf v1.5.2 h1:ROPKBNFfQgOUMifHyP+KYbvpjbdoFNs+aK7DXlji0Tw=
|
||||
github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M=
|
||||
github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
|
||||
@@ -66,15 +60,17 @@ github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38=
|
||||
github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
|
||||
github.com/google/gopacket v1.1.19 h1:ves8RnFZPGiFnTS0uPQStjwru6uO6h+nlr9j6fL7kF8=
|
||||
github.com/google/gopacket v1.1.19/go.mod h1:iJ8V8n6KS+z2U1A8pUwu8bW5SyEMkXJB8Yo/Vo+TKTo=
|
||||
github.com/google/pprof v0.0.0-20210407192527-94a9f03dee38 h1:yAJXTCF9TqKcTiHJAE8dj7HMvPfh66eeA2JYW7eFpSE=
|
||||
github.com/google/pprof v0.0.0-20210407192527-94a9f03dee38/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
|
||||
github.com/google/renameio v1.0.1 h1:Lh/jXZmvZxb0BBeSY5VKEfidcbcbenKjZFzM/q0fSeU=
|
||||
github.com/google/renameio v1.0.1/go.mod h1:t/HQoYBZSsWSNK35C6CO/TpPLDVWvxOHboWUAweKUpk=
|
||||
github.com/google/uuid v1.2.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
|
||||
github.com/google/uuid v1.3.0 h1:t6JiXgmwXMjEs8VusXIJk2BXHsn+wx8BZdTaoZ5fu7I=
|
||||
github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
|
||||
github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY=
|
||||
github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU=
|
||||
github.com/hugelgupf/socketpair v0.0.0-20190730060125-05d35a94e714 h1:/jC7qQFrv8CrSJVmaolDVOxTfS9kc36uB6H40kdbQq8=
|
||||
github.com/hugelgupf/socketpair v0.0.0-20190730060125-05d35a94e714/go.mod h1:2Goc3h8EklBH5mspfHFxBnEoURQCGzQQH1ga9Myjvis=
|
||||
github.com/ianlancetaylor/demangle v0.0.0-20200824232613-28f6c0f3b639/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc=
|
||||
github.com/insomniacslk/dhcp v0.0.0-20221001123530-5308ebe5334c h1:OCFM4+DXTWfNlyeoddrTwdup/ztkGSyAMR2UGcPckNQ=
|
||||
github.com/insomniacslk/dhcp v0.0.0-20221001123530-5308ebe5334c/go.mod h1:h+MxyHxRg9NH3terB1nfRIUaQEcI0XOVkdR9LNBlp8E=
|
||||
github.com/jessevdk/go-flags v1.4.0/go.mod h1:4FA24M0QyGHXBuZZK/XkWh8h0e1EYbRYJSGM75WSRxI=
|
||||
@@ -91,8 +87,8 @@ github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
|
||||
github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
|
||||
github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
|
||||
github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
|
||||
github.com/lucas-clemente/quic-go v0.29.2 h1:O8Mt0O6LpvEW+wfC40vZdcw0DngwYzoxq5xULZNzSI8=
|
||||
github.com/lucas-clemente/quic-go v0.29.2/go.mod h1:g6/h9YMmLuU54tL1gW25uIi3VlBp3uv+sBihplIuskE=
|
||||
github.com/lucas-clemente/quic-go v0.31.0 h1:MfNp3fk0wjWRajw6quMFA3ap1AVtlU+2mtwmbVogB2M=
|
||||
github.com/lucas-clemente/quic-go v0.31.0/go.mod h1:0wFbizLgYzqHqtlyxyCaJKlE7bYgE6JQ+54TLd/Dq2g=
|
||||
github.com/marten-seemann/qpack v0.3.0 h1:UiWstOgT8+znlkDPOg2+3rIuYXJ2CnGDkGUXN6ki6hE=
|
||||
github.com/marten-seemann/qpack v0.3.0/go.mod h1:cGfKPBiP4a9EQdxCwEwI/GEeWAsjSekBvx/X8mh58+g=
|
||||
github.com/marten-seemann/qtls-go1-18 v0.1.3 h1:R4H2Ks8P6pAtUagjFty2p7BVHn3XiwDAl7TTQf5h7TI=
|
||||
@@ -124,19 +120,9 @@ github.com/miekg/dns v1.1.50 h1:DQUfb9uc6smULcREF09Uc+/Gd46YWqJd5DbpPE9xkcA=
|
||||
github.com/miekg/dns v1.1.50/go.mod h1:e3IlAVfNqAllflbibAZEWOXOQ+Ynzk/dDozDxY7XnME=
|
||||
github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e h1:fD57ERR4JtEqsWbfPhv4DMiApHyliiK5xCTNVSPiaAs=
|
||||
github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e/go.mod h1:zD1mROLANZcx1PVRCS0qkT7pwLkGfwJo4zjcN/Tysno=
|
||||
github.com/nxadm/tail v1.4.4/go.mod h1:kenIhsEOeOJmVchQTgglprH7qJGnHDVpk1VPCcaMI8A=
|
||||
github.com/nxadm/tail v1.4.8 h1:nPr65rt6Y5JFSKQO7qToXr7pePgD6Gwiw05lkbyAQTE=
|
||||
github.com/nxadm/tail v1.4.8/go.mod h1:+ncqLTQzXmGhMZNUePPaPqPvBxHAIsmXswZKocGu+AU=
|
||||
github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
|
||||
github.com/onsi/ginkgo v1.12.1/go.mod h1:zj2OWP4+oCPe1qIXoGWkgMRwljMUYCdkwsT2108oapk=
|
||||
github.com/onsi/ginkgo v1.16.5 h1:8xi0RTUf59SOSfEtZMvwTvXYMzG4gV23XVHOZiXNtnE=
|
||||
github.com/onsi/ginkgo v1.16.5/go.mod h1:+E8gABHa3K6zRBolWtd+ROzc/U5bkGt0FwiG042wbpU=
|
||||
github.com/onsi/ginkgo/v2 v2.5.0 h1:TRtrvv2vdQqzkwrQ1ke6vtXf7IK34RBUJafIy1wMwls=
|
||||
github.com/onsi/ginkgo/v2 v2.5.0/go.mod h1:Luc4sArBICYCS8THh8v3i3i5CuSZO+RaQRaJoeNwomw=
|
||||
github.com/onsi/gomega v1.7.1/go.mod h1:XdKZgCCFLUoM/7CFJVPcG8C1xQ1AJ0vpAezJrB7JYyY=
|
||||
github.com/onsi/gomega v1.10.1/go.mod h1:iN09h71vgCQne3DLsj+A5owkum+a2tYe+TOCB1ybHNo=
|
||||
github.com/onsi/gomega v1.24.0 h1:+0glovB9Jd6z3VR+ScSwQqXVTIfJcGA9UBM8yzQxhqg=
|
||||
github.com/onsi/gomega v1.24.0/go.mod h1:Z/NWtiqwBrwUt4/2loMmHL63EDLnYHmVbuBpDr2vQAg=
|
||||
github.com/patrickmn/go-cache v2.1.0+incompatible h1:HRMgzkcYKYpi3C8ajMPV8OFXaaRUnok+kx1WdO15EQc=
|
||||
github.com/patrickmn/go-cache v2.1.0+incompatible/go.mod h1:3Qf8kWWT7OJRJbdiICTKqZju1ZixQ/KpMGzzAfe6+WQ=
|
||||
github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
|
||||
@@ -168,7 +154,6 @@ github.com/tklauser/numcpus v0.3.0/go.mod h1:yFGUr7TUHQRAhyqBcEg0Ge34zDBAsIvJJcy
|
||||
github.com/u-root/uio v0.0.0-20210528114334-82958018845c/go.mod h1:LpEX5FO/cB+WF4TYGY1V5qktpaZLkKkSegbr0V4eYXA=
|
||||
github.com/u-root/uio v0.0.0-20220204230159-dac05f7d2cb4 h1:hl6sK6aFgTLISijk6xIzeqnPzQcsLqqvL6vEfTPinME=
|
||||
github.com/u-root/uio v0.0.0-20220204230159-dac05f7d2cb4/go.mod h1:LpEX5FO/cB+WF4TYGY1V5qktpaZLkKkSegbr0V4eYXA=
|
||||
github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
|
||||
github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k=
|
||||
go.etcd.io/bbolt v1.3.6 h1:/ecaJf0sk1l4l6V4awd65v2C3ILy7MSj+s/x1ADCIMU=
|
||||
go.etcd.io/bbolt v1.3.6/go.mod h1:qXsaaIqmgQH0T+OPdb99Bf+PKfBBQVAdyD6TY9G8XM4=
|
||||
@@ -181,11 +166,9 @@ golang.org/x/exp v0.0.0-20221106115401-f9659909a136 h1:Fq7F/w7MAa1KJ5bt2aJ62ihqp
|
||||
golang.org/x/exp v0.0.0-20221106115401-f9659909a136/go.mod h1:CxIveKay+FTh1D0yPZemJVgC/95VzuuOLq5Qi4xnoYc=
|
||||
golang.org/x/lint v0.0.0-20200302205851-738671d3881b/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY=
|
||||
golang.org/x/mod v0.1.1-0.20191105210325-c90efee705ee/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg=
|
||||
golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
|
||||
golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
|
||||
golang.org/x/mod v0.6.0 h1:b9gGHsz9/HhJ3HF5DHQytPpuwocVTChQJK3AvoLRD5I=
|
||||
golang.org/x/mod v0.6.0/go.mod h1:4mET923SAdbXp2ki8ey+zGs1SLqsuM2Y0uvdZR/fUNI=
|
||||
golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
|
||||
golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
|
||||
golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
|
||||
golang.org/x/net v0.0.0-20190419010253-1f3472d942ba/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
|
||||
@@ -195,10 +178,8 @@ golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLL
|
||||
golang.org/x/net v0.0.0-20190827160401-ba9fcec4b297/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
|
||||
golang.org/x/net v0.0.0-20191007182048-72f939374954/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
|
||||
golang.org/x/net v0.0.0-20200202094626-16171245cfb2/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
|
||||
golang.org/x/net v0.0.0-20200520004742-59133d7f0dd7/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
|
||||
golang.org/x/net v0.0.0-20201010224723-4f7140c49acb/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
|
||||
golang.org/x/net v0.0.0-20201016165138-7b1cca2348c0/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
|
||||
golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
|
||||
golang.org/x/net v0.0.0-20201110031124-69a78807bb2b/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
|
||||
golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
|
||||
golang.org/x/net v0.0.0-20210316092652-d523dce5a7f4/go.mod h1:RBQZq4jEuRlivfhVLdyRGr576XBO4/greRjx4P4O3yc=
|
||||
@@ -206,16 +187,13 @@ golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96b
|
||||
golang.org/x/net v0.0.0-20210726213435-c6fcb2dbf985/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
|
||||
golang.org/x/net v0.0.0-20210929193557-e81a3d93ecf6/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
|
||||
golang.org/x/net v0.0.0-20220923203811-8be639271d50/go.mod h1:YDH+HFinaLZZlnHAfSS6ZXJJ9M9t4Dl22yv3iI2vPwk=
|
||||
golang.org/x/net v0.1.0 h1:hZ/3BUoy5aId7sCpA/Tc5lt8DkFgdVS2onTpJsZ/fl0=
|
||||
golang.org/x/net v0.1.0/go.mod h1:Cx3nUiGt4eDBEyega/BKRp+/AlGL8hYe7U9odMt2Cco=
|
||||
golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
|
||||
golang.org/x/net v0.4.0 h1:Q5QPcMlvfxFTAPV0+07Xz/MpK9NTXu2VDUuy0FeMfaU=
|
||||
golang.org/x/net v0.4.0/go.mod h1:MBQ8lrhLObU/6UmLb4fmbmk5OcyYmqtbGd/9yIeKjEE=
|
||||
golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
|
||||
golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
|
||||
golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
|
||||
golang.org/x/sync v0.0.0-20220923202941-7f9b1623fab7/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
|
||||
golang.org/x/sync v0.1.0 h1:wsuoTGHzEhffawBOhz5CYhcrV4IdKZbEyZjBMuTp12o=
|
||||
golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
|
||||
golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
|
||||
golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
|
||||
golang.org/x/sys v0.0.0-20190312061237-fead79001313/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
|
||||
golang.org/x/sys v0.0.0-20190322080309-f49334f85ddc/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
|
||||
@@ -224,13 +202,10 @@ golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7w
|
||||
golang.org/x/sys v0.0.0-20190418153312-f0ce4c0180be/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
|
||||
golang.org/x/sys v0.0.0-20190606122018-79a91cf218c4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
|
||||
golang.org/x/sys v0.0.0-20190826190057-c7b8b68b1456/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
|
||||
golang.org/x/sys v0.0.0-20190904154756-749cb33beabd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
|
||||
golang.org/x/sys v0.0.0-20190916202348-b4ddaad3f8a3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
|
||||
golang.org/x/sys v0.0.0-20191005200804-aed5e4c7ecf9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
|
||||
golang.org/x/sys v0.0.0-20191008105621-543471e840be/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
|
||||
golang.org/x/sys v0.0.0-20191120155948-bd437916bb0e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
|
||||
golang.org/x/sys v0.0.0-20191204072324-ce4227a45e2e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
|
||||
golang.org/x/sys v0.0.0-20200202164722-d101bd2416d5/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
|
||||
golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
|
||||
golang.org/x/sys v0.0.0-20200923182605-d9f96fdee20d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
|
||||
golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
|
||||
golang.org/x/sys v0.0.0-20201009025420-dfb3f7c4e634/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
|
||||
@@ -238,7 +213,6 @@ golang.org/x/sys v0.0.0-20201015000850-e3ed0017c211/go.mod h1:h1NjWce9XRLGQEsW7w
|
||||
golang.org/x/sys v0.0.0-20201017003518-b09fb700fbb7/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
|
||||
golang.org/x/sys v0.0.0-20201101102859-da207088b7d1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
|
||||
golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
|
||||
golang.org/x/sys v0.0.0-20210112080510-489259a85091/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
|
||||
golang.org/x/sys v0.0.0-20210303074136-134d130e1a04/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
|
||||
golang.org/x/sys v0.0.0-20210315160823-c6e025ad8005/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
|
||||
golang.org/x/sys v0.0.0-20210330210617-4fbd30eecc44/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
|
||||
@@ -254,8 +228,8 @@ golang.org/x/sys v0.0.0-20220209214540-3681064d5158/go.mod h1:oPkhp1MJrh7nUepCBc
|
||||
golang.org/x/sys v0.0.0-20220319134239-a9b59b0215f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
|
||||
golang.org/x/sys v0.0.0-20220728004956-3c1f35247d10/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
|
||||
golang.org/x/sys v0.0.0-20220908164124-27713097b956/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
|
||||
golang.org/x/sys v0.2.0 h1:ljd4t30dBnAvMZaQCevtY0xLLD0A+bRZXbgLMLU1F/A=
|
||||
golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
|
||||
golang.org/x/sys v0.3.0 h1:w8ZOecv6NaNa/zC8944JTU3vz4u6Lagfk4RPQxv92NQ=
|
||||
golang.org/x/sys v0.3.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
|
||||
golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
|
||||
golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
|
||||
golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
|
||||
@@ -263,13 +237,12 @@ golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
|
||||
golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
|
||||
golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
|
||||
golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
|
||||
golang.org/x/text v0.4.0 h1:BrVqGRd7+k1DiOgtnFvAkoQEWQvBc25ouMJM6429SFg=
|
||||
golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
|
||||
golang.org/x/text v0.5.0 h1:OLmvp0KP+FVG99Ct/qFiL/Fhk4zp4QQnZ7b2U+5piUM=
|
||||
golang.org/x/text v0.5.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
|
||||
golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
|
||||
golang.org/x/tools v0.0.0-20190328211700-ab21143f2384/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
|
||||
golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
|
||||
golang.org/x/tools v0.0.0-20200130002326-2f3ba24bd6e7/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
|
||||
golang.org/x/tools v0.0.0-20201224043029-2b0845dc783e/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
|
||||
golang.org/x/tools v0.1.1/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
|
||||
golang.org/x/tools v0.1.6-0.20210726203631-07bc1bf47fb2/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
|
||||
golang.org/x/tools v0.2.0 h1:G6AHpWxTMGY1KyEYoAQ5WTtIekUUvDNjan3ugu60JvE=
|
||||
@@ -278,26 +251,15 @@ golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8T
|
||||
golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
|
||||
golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
|
||||
golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
|
||||
google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8=
|
||||
google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0=
|
||||
google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM=
|
||||
google.golang.org/protobuf v1.20.1-0.20200309200217-e05f789c0967/go.mod h1:A+miEFZTKqfCUM6K7xSMQL9OKL/b6hQv+e19PK+JZNE=
|
||||
google.golang.org/protobuf v1.21.0/go.mod h1:47Nbq4nVaFHyn7ilMalzfO3qCViNmqZ2kzikPIcrTAo=
|
||||
google.golang.org/protobuf v1.23.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
|
||||
google.golang.org/protobuf v1.28.0 h1:w43yiav+6bVFTBQFZX0r7ipe9JQ1QsbMgHwbBziscLw=
|
||||
gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
|
||||
gopkg.in/check.v1 v1.0.0-20200227125254-8fa46927fb4f h1:BLraFXnmrev5lT+xlilqcH8XK9/i0At2xKjWk4p6zsU=
|
||||
gopkg.in/check.v1 v1.0.0-20200227125254-8fa46927fb4f/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
|
||||
gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMys=
|
||||
gopkg.in/natefinch/lumberjack.v2 v2.0.0 h1:1Lc07Kr7qY4U2YPouBjpCLxpiyxIVoxqXgkXLknAOE8=
|
||||
gopkg.in/natefinch/lumberjack.v2 v2.0.0/go.mod h1:l0ndWWf7gzL7RNwBG7wST/UCcT4T24xpD6X8LsfU/+k=
|
||||
gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 h1:uRGJdciOHaEIrze2W8Q3AKkepLTh2hOroT7a+7czfdQ=
|
||||
gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWDmTeBkI65Dw0HsyUHuEVlX15mw=
|
||||
gopkg.in/yaml.v1 v1.0.0-20140924161607-9f9df34309c0/go.mod h1:WDnlLJ4WF5VGsH/HVa3CI79GS0ol3YnhVnKP89i0kNg=
|
||||
gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
|
||||
gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
|
||||
gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
|
||||
gopkg.in/yaml.v2 v2.3.0/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
|
||||
gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY=
|
||||
gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
|
||||
gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
|
||||
|
||||
@@ -15,7 +15,7 @@ import (
|
||||
func defaultHostsPaths() (paths []string) {
|
||||
sysDir, err := windows.GetSystemDirectory()
|
||||
if err != nil {
|
||||
log.Error("getting system directory: %s", err)
|
||||
log.Error("aghnet: getting system directory: %s", err)
|
||||
|
||||
return []string{}
|
||||
}
|
||||
|
||||
@@ -31,12 +31,6 @@ var (
|
||||
// the IP being static is available.
|
||||
const ErrNoStaticIPInfo errors.Error = "no information about static ip"
|
||||
|
||||
// IPv4Localhost returns 127.0.0.1, which returns true for [netip.Addr.Is4].
|
||||
func IPv4Localhost() (ip netip.Addr) { return netip.AddrFrom4([4]byte{127, 0, 0, 1}) }
|
||||
|
||||
// IPv6Localhost returns ::1, which returns true for [netip.Addr.Is6].
|
||||
func IPv6Localhost() (ip netip.Addr) { return netip.AddrFrom16([16]byte{15: 1}) }
|
||||
|
||||
// IfaceHasStaticIP checks if interface is configured to have static IP address.
|
||||
// If it can't give a definitive answer, it returns false and an error for which
|
||||
// errors.Is(err, ErrNoStaticIPInfo) is true.
|
||||
|
||||
@@ -188,7 +188,7 @@ func TestBroadcastFromIPNet(t *testing.T) {
|
||||
}
|
||||
|
||||
func TestCheckPort(t *testing.T) {
|
||||
laddr := netip.AddrPortFrom(IPv4Localhost(), 0)
|
||||
laddr := netip.AddrPortFrom(netutil.IPv4Localhost(), 0)
|
||||
|
||||
t.Run("tcp_bound", func(t *testing.T) {
|
||||
l, err := net.Listen("tcp", laddr.String())
|
||||
|
||||
@@ -168,11 +168,11 @@ func IsOpenWrt() (ok bool) {
|
||||
return isOpenWrt()
|
||||
}
|
||||
|
||||
// RootDirFS returns the fs.FS rooted at the operating system's root.
|
||||
// RootDirFS returns the [fs.FS] rooted at the operating system's root. On
|
||||
// Windows it returns the fs.FS rooted at the volume of the system directory
|
||||
// (usually, C:).
|
||||
func RootDirFS() (fsys fs.FS) {
|
||||
// Use empty string since os.DirFS implicitly prepends a slash to it. This
|
||||
// behavior is undocumented but it currently works.
|
||||
return os.DirFS("")
|
||||
return rootDirFS()
|
||||
}
|
||||
|
||||
// NotifyReconfigureSignal notifies c on receiving reconfigure signals.
|
||||
|
||||
@@ -3,12 +3,17 @@
|
||||
package aghos
|
||||
|
||||
import (
|
||||
"io/fs"
|
||||
"os"
|
||||
"os/signal"
|
||||
|
||||
"golang.org/x/sys/unix"
|
||||
)
|
||||
|
||||
func rootDirFS() (fsys fs.FS) {
|
||||
return os.DirFS("/")
|
||||
}
|
||||
|
||||
func notifyReconfigureSignal(c chan<- os.Signal) {
|
||||
signal.Notify(c, unix.SIGHUP)
|
||||
}
|
||||
|
||||
@@ -3,13 +3,29 @@
|
||||
package aghos
|
||||
|
||||
import (
|
||||
"io/fs"
|
||||
"os"
|
||||
"os/signal"
|
||||
"path/filepath"
|
||||
"syscall"
|
||||
|
||||
"github.com/AdguardTeam/golibs/log"
|
||||
"golang.org/x/sys/windows"
|
||||
)
|
||||
|
||||
func rootDirFS() (fsys fs.FS) {
|
||||
// TODO(a.garipov): Use a better way if golang/go#44279 is ever resolved.
|
||||
sysDir, err := windows.GetSystemDirectory()
|
||||
if err != nil {
|
||||
log.Error("aghos: getting root filesystem: %s; using C:", err)
|
||||
|
||||
// Assume that C: is the safe default.
|
||||
return os.DirFS("C:")
|
||||
}
|
||||
|
||||
return os.DirFS(filepath.VolumeName(sysDir))
|
||||
}
|
||||
|
||||
func setRlimit(val uint64) (err error) {
|
||||
return Unsupported("setrlimit")
|
||||
}
|
||||
|
||||
@@ -137,14 +137,14 @@ func (c *V4ServerConf) Validate() (err error) {
|
||||
|
||||
gatewayIP, err := ensureV4(c.GatewayIP, "address")
|
||||
if err != nil {
|
||||
// Don't wrap an errors since it's informative enough as is and there is
|
||||
// Don't wrap the error since it's informative enough as is and there is
|
||||
// an annotation deferred already.
|
||||
return err
|
||||
}
|
||||
|
||||
subnetMask, err := ensureV4(c.SubnetMask, "subnet mask")
|
||||
if err != nil {
|
||||
// Don't wrap an errors since it's informative enough as is and there is
|
||||
// Don't wrap the error since it's informative enough as is and there is
|
||||
// an annotation deferred already.
|
||||
return err
|
||||
}
|
||||
@@ -155,20 +155,21 @@ func (c *V4ServerConf) Validate() (err error) {
|
||||
|
||||
rangeStart, err := ensureV4(c.RangeStart, "address")
|
||||
if err != nil {
|
||||
// Don't wrap an errors since it's informative enough as is and there is
|
||||
// Don't wrap the error since it's informative enough as is and there is
|
||||
// an annotation deferred already.
|
||||
return err
|
||||
}
|
||||
|
||||
rangeEnd, err := ensureV4(c.RangeEnd, "address")
|
||||
if err != nil {
|
||||
// Don't wrap an errors since it's informative enough as is and there is
|
||||
// Don't wrap the error since it's informative enough as is and there is
|
||||
// an annotation deferred already.
|
||||
return err
|
||||
}
|
||||
|
||||
c.ipRange, err = newIPRange(rangeStart.AsSlice(), rangeEnd.AsSlice())
|
||||
if err != nil {
|
||||
// Don't wrap an errors since it's informative enough as is and there is
|
||||
// Don't wrap the error since it's informative enough as is and there is
|
||||
// an annotation deferred already.
|
||||
return err
|
||||
}
|
||||
|
||||
@@ -219,8 +219,6 @@ var _ Interface = (*server)(nil)
|
||||
|
||||
// Create initializes and returns the DHCP server handling both address
|
||||
// families. It also registers the corresponding HTTP API endpoints.
|
||||
//
|
||||
// TODO(e.burkov): Don't register handlers, see TODO on [aghhttp.RegisterFunc].
|
||||
func Create(conf *ServerConfig) (s *server, err error) {
|
||||
s = &server{
|
||||
conf: &ServerConfig{
|
||||
@@ -237,6 +235,8 @@ func Create(conf *ServerConfig) (s *server, err error) {
|
||||
},
|
||||
}
|
||||
|
||||
// TODO(e.burkov): Don't register handlers, see TODO on
|
||||
// [aghhttp.RegisterFunc].
|
||||
s.registerHandlers()
|
||||
|
||||
v4conf := conf.Conf4
|
||||
@@ -250,7 +250,7 @@ func Create(conf *ServerConfig) (s *server, err error) {
|
||||
return nil, fmt.Errorf("creating dhcpv4 srv: %w", err)
|
||||
}
|
||||
|
||||
log.Error("creating dhcpv4 srv: %s", err)
|
||||
log.Debug("dhcpd: warning: creating dhcpv4 srv: %s", err)
|
||||
}
|
||||
|
||||
v6conf := conf.Conf6
|
||||
|
||||
@@ -23,16 +23,6 @@ func ValidateClientID(id string) (err error) {
|
||||
return nil
|
||||
}
|
||||
|
||||
// hasLabelSuffix returns true if s ends with suffix preceded by a dot. It's
|
||||
// a helper function to prevent unnecessary allocations in code like:
|
||||
//
|
||||
// if strings.HasSuffix(s, "." + suffix) { /* … */ }
|
||||
//
|
||||
// s must be longer than suffix.
|
||||
func hasLabelSuffix(s, suffix string) (ok bool) {
|
||||
return strings.HasSuffix(s, suffix) && s[len(s)-len(suffix)-1] == '.'
|
||||
}
|
||||
|
||||
// clientIDFromClientServerName extracts and validates a ClientID. hostSrvName
|
||||
// is the server name of the host. cliSrvName is the server name as sent by the
|
||||
// client. When strict is true, and client and host server name don't match,
|
||||
@@ -46,7 +36,7 @@ func clientIDFromClientServerName(
|
||||
return "", nil
|
||||
}
|
||||
|
||||
if !hasLabelSuffix(cliSrvName, hostSrvName) {
|
||||
if !netutil.IsImmediateSubdomain(cliSrvName, hostSrvName) {
|
||||
if !strict {
|
||||
return "", nil
|
||||
}
|
||||
|
||||
@@ -246,6 +246,7 @@ type RDNSExchanger interface {
|
||||
// Exchange tries to resolve the ip in a suitable way, e.g. either as
|
||||
// local or as external.
|
||||
Exchange(ip net.IP) (host string, err error)
|
||||
|
||||
// ResolvesPrivatePTR returns true if the RDNSExchanger is able to
|
||||
// resolve PTR requests for locally-served addresses.
|
||||
ResolvesPrivatePTR() (ok bool)
|
||||
@@ -261,6 +262,9 @@ const (
|
||||
rDNSNotPTRErr errors.Error = "the response is not a ptr"
|
||||
)
|
||||
|
||||
// type check
|
||||
var _ RDNSExchanger = (*Server)(nil)
|
||||
|
||||
// Exchange implements the RDNSExchanger interface for *Server.
|
||||
func (s *Server) Exchange(ip net.IP) (host string, err error) {
|
||||
s.serverLock.RLock()
|
||||
@@ -526,14 +530,14 @@ func validateBlockingMode(mode BlockingMode, blockingIPv4, blockingIPv6 net.IP)
|
||||
// prepareInternalProxy initializes the DNS proxy that is used for internal DNS
|
||||
// queries, such as public clients PTR resolving and updater hostname resolving.
|
||||
func (s *Server) prepareInternalProxy() (err error) {
|
||||
srvConf := s.conf
|
||||
conf := &proxy.Config{
|
||||
CacheEnabled: true,
|
||||
CacheSizeBytes: 4096,
|
||||
UpstreamConfig: s.conf.UpstreamConfig,
|
||||
UpstreamConfig: srvConf.UpstreamConfig,
|
||||
MaxGoroutines: int(s.conf.MaxGoroutines),
|
||||
}
|
||||
|
||||
srvConf := s.conf
|
||||
setProxyUpstreamMode(
|
||||
conf,
|
||||
srvConf.AllServers,
|
||||
@@ -566,46 +570,32 @@ func (s *Server) Stop() error {
|
||||
|
||||
// stopLocked stops the DNS server without locking. For internal use only.
|
||||
func (s *Server) stopLocked() (err error) {
|
||||
// TODO(e.burkov, a.garipov): Return critical errors, not just log them.
|
||||
// This will require filtering all the non-critical errors in
|
||||
// [upstream.Upstream] implementations.
|
||||
|
||||
if s.dnsProxy != nil {
|
||||
err = s.dnsProxy.Stop()
|
||||
if err != nil {
|
||||
return fmt.Errorf("closing primary resolvers: %w", err)
|
||||
log.Error("dnsforward: closing primary resolvers: %s", err)
|
||||
}
|
||||
}
|
||||
|
||||
var errs []error
|
||||
|
||||
if upsConf := s.internalProxy.UpstreamConfig; upsConf != nil {
|
||||
const action = "closing internal resolvers"
|
||||
|
||||
err = upsConf.Close()
|
||||
if err != nil {
|
||||
if errors.Is(err, net.ErrClosed) {
|
||||
log.Debug("dnsforward: %s: %s", action, err)
|
||||
} else {
|
||||
errs = append(errs, fmt.Errorf("%s: %w", action, err))
|
||||
}
|
||||
log.Error("dnsforward: closing internal resolvers: %s", err)
|
||||
}
|
||||
}
|
||||
|
||||
if upsConf := s.localResolvers.UpstreamConfig; upsConf != nil {
|
||||
const action = "closing local resolvers"
|
||||
|
||||
err = upsConf.Close()
|
||||
if err != nil {
|
||||
if errors.Is(err, net.ErrClosed) {
|
||||
log.Debug("dnsforward: %s: %s", action, err)
|
||||
} else {
|
||||
errs = append(errs, fmt.Errorf("%s: %w", action, err))
|
||||
}
|
||||
log.Error("dnsforward: closing local resolvers: %s", err)
|
||||
}
|
||||
}
|
||||
|
||||
if len(errs) > 0 {
|
||||
return errors.List("stopping dns server", errs...)
|
||||
} else {
|
||||
s.isRunning = false
|
||||
}
|
||||
s.isRunning = false
|
||||
|
||||
return nil
|
||||
}
|
||||
@@ -675,21 +665,13 @@ func (s *Server) ServeHTTP(w http.ResponseWriter, r *http.Request) {
|
||||
|
||||
// IsBlockedClient returns true if the client is blocked by the current access
|
||||
// settings.
|
||||
func (s *Server) IsBlockedClient(ip net.IP, clientID string) (blocked bool, rule string) {
|
||||
func (s *Server) IsBlockedClient(ip netip.Addr, clientID string) (blocked bool, rule string) {
|
||||
s.serverLock.RLock()
|
||||
defer s.serverLock.RUnlock()
|
||||
|
||||
blockedByIP := false
|
||||
if ip != nil {
|
||||
// TODO(a.garipov): Remove once we switch to netip.Addr more fully.
|
||||
ipAddr, err := netutil.IPToAddrNoMapped(ip)
|
||||
if err != nil {
|
||||
log.Error("dnsforward: bad client ip %v: %s", ip, err)
|
||||
|
||||
return false, ""
|
||||
}
|
||||
|
||||
blockedByIP, rule = s.access.isBlockedIP(ipAddr)
|
||||
if ip != (netip.Addr{}) {
|
||||
blockedByIP, rule = s.access.isBlockedIP(ip)
|
||||
}
|
||||
|
||||
allowlistMode := s.access.allowlistMode()
|
||||
|
||||
@@ -22,6 +22,7 @@ import (
|
||||
"github.com/AdguardTeam/AdGuardHome/internal/aghtest"
|
||||
"github.com/AdguardTeam/AdGuardHome/internal/dhcpd"
|
||||
"github.com/AdguardTeam/AdGuardHome/internal/filtering"
|
||||
"github.com/AdguardTeam/AdGuardHome/internal/filtering/rewrite"
|
||||
"github.com/AdguardTeam/dnsproxy/proxy"
|
||||
"github.com/AdguardTeam/dnsproxy/upstream"
|
||||
"github.com/AdguardTeam/golibs/netutil"
|
||||
@@ -67,7 +68,7 @@ func createTestServer(
|
||||
ID: 0, Data: []byte(rules),
|
||||
}}
|
||||
|
||||
f, err := filtering.New(filterConf, filters)
|
||||
f, err := filtering.New(filterConf, filters, nil)
|
||||
require.NoError(t, err)
|
||||
|
||||
f.SetEnabled(true)
|
||||
@@ -760,7 +761,7 @@ func TestBlockedCustomIP(t *testing.T) {
|
||||
Data: []byte(rules),
|
||||
}}
|
||||
|
||||
f, err := filtering.New(&filtering.Config{}, filters)
|
||||
f, err := filtering.New(&filtering.Config{}, filters, nil)
|
||||
require.NoError(t, err)
|
||||
|
||||
s, err := NewServer(DNSCreateParams{
|
||||
@@ -880,21 +881,22 @@ func TestBlockedBySafeBrowsing(t *testing.T) {
|
||||
|
||||
func TestRewrite(t *testing.T) {
|
||||
c := &filtering.Config{
|
||||
Rewrites: []*filtering.LegacyRewrite{{
|
||||
Rewrites: []*filtering.RewriteItem{{
|
||||
Domain: "test.com",
|
||||
Answer: "1.2.3.4",
|
||||
Type: dns.TypeA,
|
||||
}, {
|
||||
Domain: "alias.test.com",
|
||||
Answer: "test.com",
|
||||
Type: dns.TypeCNAME,
|
||||
}, {
|
||||
Domain: "my.alias.example.org",
|
||||
Answer: "example.org",
|
||||
Type: dns.TypeCNAME,
|
||||
}},
|
||||
}
|
||||
f, err := filtering.New(c, nil)
|
||||
|
||||
rewriteStorage, err := rewrite.NewDefaultStorage(c.Rewrites)
|
||||
require.NoError(t, err)
|
||||
|
||||
f, err := filtering.New(c, nil, rewriteStorage)
|
||||
require.NoError(t, err)
|
||||
|
||||
f.SetEnabled(true)
|
||||
@@ -945,6 +947,12 @@ func TestRewrite(t *testing.T) {
|
||||
|
||||
assert.Empty(t, reply.Answer)
|
||||
|
||||
req = createTestMessageWithType("test.com.", dns.TypeTXT)
|
||||
reply, eerr = dns.Exchange(req, addr.String())
|
||||
require.NoError(t, eerr)
|
||||
|
||||
assert.Empty(t, reply.Answer)
|
||||
|
||||
req = createTestMessageWithType("alias.test.com.", dns.TypeA)
|
||||
reply, eerr = dns.Exchange(req, addr.String())
|
||||
require.NoError(t, eerr)
|
||||
@@ -952,8 +960,15 @@ func TestRewrite(t *testing.T) {
|
||||
require.Len(t, reply.Answer, 2)
|
||||
|
||||
assert.Equal(t, "test.com.", reply.Answer[0].(*dns.CNAME).Target)
|
||||
assert.Equal(t, dns.TypeA, reply.Answer[1].Header().Rrtype)
|
||||
assert.True(t, net.IP{1, 2, 3, 4}.Equal(reply.Answer[1].(*dns.A).A))
|
||||
|
||||
req = createTestMessageWithType("alias.test.com.", dns.TypeTXT)
|
||||
reply, eerr = dns.Exchange(req, addr.String())
|
||||
require.NoError(t, eerr)
|
||||
|
||||
assert.Empty(t, reply.Answer)
|
||||
|
||||
req = createTestMessageWithType("my.alias.example.org.", dns.TypeA)
|
||||
reply, eerr = dns.Exchange(req, addr.String())
|
||||
require.NoError(t, eerr)
|
||||
@@ -967,6 +982,12 @@ func TestRewrite(t *testing.T) {
|
||||
|
||||
assert.Equal(t, "example.org.", reply.Answer[0].(*dns.CNAME).Target)
|
||||
assert.Equal(t, dns.TypeA, reply.Answer[1].Header().Rrtype)
|
||||
|
||||
req = createTestMessageWithType("my.alias.test.com.", dns.TypeTXT)
|
||||
reply, eerr = dns.Exchange(req, addr.String())
|
||||
require.NoError(t, eerr)
|
||||
|
||||
assert.Empty(t, reply.Answer)
|
||||
}
|
||||
|
||||
for _, protect := range []bool{true, false} {
|
||||
@@ -1011,7 +1032,7 @@ var testDHCP = &dhcpd.MockInterface{
|
||||
func TestPTRResponseFromDHCPLeases(t *testing.T) {
|
||||
const localDomain = "lan"
|
||||
|
||||
flt, err := filtering.New(&filtering.Config{}, nil)
|
||||
flt, err := filtering.New(&filtering.Config{}, nil, nil)
|
||||
require.NoError(t, err)
|
||||
|
||||
s, err := NewServer(DNSCreateParams{
|
||||
@@ -1085,7 +1106,7 @@ func TestPTRResponseFromHosts(t *testing.T) {
|
||||
|
||||
flt, err := filtering.New(&filtering.Config{
|
||||
EtcHosts: hc,
|
||||
}, nil)
|
||||
}, nil, nil)
|
||||
require.NoError(t, err)
|
||||
|
||||
flt.SetEnabled(true)
|
||||
|
||||
@@ -19,13 +19,13 @@ func (s *Server) beforeRequestHandler(
|
||||
_ *proxy.Proxy,
|
||||
pctx *proxy.DNSContext,
|
||||
) (reply bool, err error) {
|
||||
ip, _ := netutil.IPAndPortFromAddr(pctx.Addr)
|
||||
clientID, err := s.clientIDFromDNSContext(pctx)
|
||||
if err != nil {
|
||||
return false, fmt.Errorf("getting clientid: %w", err)
|
||||
}
|
||||
|
||||
blocked, _ := s.IsBlockedClient(ip, clientID)
|
||||
addrPort := netutil.NetAddrToAddrPort(pctx.Addr)
|
||||
blocked, _ := s.IsBlockedClient(addrPort.Addr(), clientID)
|
||||
if blocked {
|
||||
return s.preBlockedResponse(pctx)
|
||||
}
|
||||
|
||||
@@ -35,7 +35,7 @@ func TestHandleDNSRequest_filterDNSResponse(t *testing.T) {
|
||||
ID: 0, Data: []byte(rules),
|
||||
}}
|
||||
|
||||
f, err := filtering.New(&filtering.Config{}, filters)
|
||||
f, err := filtering.New(&filtering.Config{}, filters, nil)
|
||||
require.NoError(t, err)
|
||||
f.SetEnabled(true)
|
||||
|
||||
|
||||
@@ -3,6 +3,7 @@ package dnsforward
|
||||
import (
|
||||
"encoding/json"
|
||||
"fmt"
|
||||
"io"
|
||||
"net"
|
||||
"net/http"
|
||||
"net/netip"
|
||||
@@ -565,6 +566,11 @@ type domainSpecificTestError struct {
|
||||
error
|
||||
}
|
||||
|
||||
// Error implements the [error] interface for domainSpecificTestError.
|
||||
func (err domainSpecificTestError) Error() (msg string) {
|
||||
return fmt.Sprintf("WARNING: %s", err.error)
|
||||
}
|
||||
|
||||
// checkDNS checks the upstream server defined by upstreamConfigStr using
|
||||
// healthCheck for actually exchange messages. It uses bootstrap to resolve the
|
||||
// upstream's address.
|
||||
@@ -631,44 +637,54 @@ func (s *Server) handleTestUpstreamDNS(w http.ResponseWriter, r *http.Request) {
|
||||
|
||||
result := map[string]string{}
|
||||
bootstraps := req.BootstrapDNS
|
||||
|
||||
timeout := s.conf.UpstreamTimeout
|
||||
for _, host := range req.Upstreams {
|
||||
err = checkDNS(host, bootstraps, timeout, checkDNSUpstreamExc)
|
||||
if err != nil {
|
||||
log.Info("%v", err)
|
||||
result[host] = err.Error()
|
||||
if _, ok := err.(domainSpecificTestError); ok {
|
||||
result[host] = fmt.Sprintf("WARNING: %s", result[host])
|
||||
}
|
||||
|
||||
continue
|
||||
}
|
||||
|
||||
result[host] = "OK"
|
||||
type upsCheckResult = struct {
|
||||
res string
|
||||
host string
|
||||
}
|
||||
|
||||
for _, host := range req.PrivateUpstreams {
|
||||
err = checkDNS(host, bootstraps, timeout, checkPrivateUpstreamExc)
|
||||
if err != nil {
|
||||
log.Info("%v", err)
|
||||
// TODO(e.burkov): If passed upstream have already written an error
|
||||
// above, we rewriting the error for it. These cases should be
|
||||
// handled properly instead.
|
||||
result[host] = err.Error()
|
||||
if _, ok := err.(domainSpecificTestError); ok {
|
||||
result[host] = fmt.Sprintf("WARNING: %s", result[host])
|
||||
}
|
||||
upsNum := len(req.Upstreams) + len(req.PrivateUpstreams)
|
||||
resCh := make(chan upsCheckResult, upsNum)
|
||||
|
||||
continue
|
||||
checkUps := func(ups string, healthCheck healthCheckFunc) {
|
||||
res := upsCheckResult{
|
||||
host: ups,
|
||||
}
|
||||
defer func() { resCh <- res }()
|
||||
|
||||
result[host] = "OK"
|
||||
checkErr := checkDNS(ups, bootstraps, timeout, healthCheck)
|
||||
if checkErr != nil {
|
||||
res.res = checkErr.Error()
|
||||
} else {
|
||||
res.res = "OK"
|
||||
}
|
||||
}
|
||||
|
||||
for _, ups := range req.Upstreams {
|
||||
go checkUps(ups, checkDNSUpstreamExc)
|
||||
}
|
||||
for _, ups := range req.PrivateUpstreams {
|
||||
go checkUps(ups, checkPrivateUpstreamExc)
|
||||
}
|
||||
|
||||
for i := 0; i < upsNum; i++ {
|
||||
pair := <-resCh
|
||||
// TODO(e.burkov): The upstreams used for both common and private
|
||||
// resolving should be reported separately.
|
||||
result[pair.host] = pair.res
|
||||
}
|
||||
close(resCh)
|
||||
|
||||
_ = aghhttp.WriteJSONResponse(w, r, result)
|
||||
}
|
||||
|
||||
// handleCacheClear is the handler for the POST /control/cache_clear HTTP API.
|
||||
func (s *Server) handleCacheClear(w http.ResponseWriter, _ *http.Request) {
|
||||
s.dnsProxy.ClearCache()
|
||||
_, _ = io.WriteString(w, "OK")
|
||||
}
|
||||
|
||||
// handleDoH is the DNS-over-HTTPs handler.
|
||||
//
|
||||
// Control flow:
|
||||
@@ -703,6 +719,8 @@ func (s *Server) registerHandlers() {
|
||||
s.conf.HTTPRegister(http.MethodGet, "/control/access/list", s.handleAccessList)
|
||||
s.conf.HTTPRegister(http.MethodPost, "/control/access/set", s.handleAccessSet)
|
||||
|
||||
s.conf.HTTPRegister(http.MethodPost, "/control/cache_clear", s.handleCacheClear)
|
||||
|
||||
// Register both versions, with and without the trailing slash, to
|
||||
// prevent a 301 Moved Permanently redirect when clients request the
|
||||
// path without the trailing slash. Those redirects break some clients.
|
||||
|
||||
@@ -7,16 +7,20 @@ import (
|
||||
"net"
|
||||
"net/http"
|
||||
"net/http/httptest"
|
||||
"net/netip"
|
||||
"net/url"
|
||||
"os"
|
||||
"path/filepath"
|
||||
"strings"
|
||||
"testing"
|
||||
"time"
|
||||
|
||||
"github.com/AdguardTeam/AdGuardHome/internal/aghhttp"
|
||||
"github.com/AdguardTeam/AdGuardHome/internal/aghnet"
|
||||
"github.com/AdguardTeam/AdGuardHome/internal/filtering"
|
||||
"github.com/AdguardTeam/golibs/netutil"
|
||||
"github.com/AdguardTeam/golibs/testutil"
|
||||
"github.com/miekg/dns"
|
||||
"github.com/stretchr/testify/assert"
|
||||
"github.com/stretchr/testify/require"
|
||||
)
|
||||
@@ -392,3 +396,141 @@ func TestValidateUpstreamsPrivate(t *testing.T) {
|
||||
})
|
||||
}
|
||||
}
|
||||
|
||||
func newLocalUpstreamListener(t *testing.T, port int, handler dns.Handler) (real net.Addr) {
|
||||
startCh := make(chan struct{})
|
||||
upsSrv := &dns.Server{
|
||||
Addr: netip.AddrPortFrom(netutil.IPv4Localhost(), uint16(port)).String(),
|
||||
Net: "tcp",
|
||||
Handler: handler,
|
||||
NotifyStartedFunc: func() { close(startCh) },
|
||||
}
|
||||
go func() {
|
||||
t := testutil.PanicT{}
|
||||
|
||||
err := upsSrv.ListenAndServe()
|
||||
require.NoError(t, err)
|
||||
}()
|
||||
<-startCh
|
||||
testutil.CleanupAndRequireSuccess(t, upsSrv.Shutdown)
|
||||
|
||||
return upsSrv.Listener.Addr()
|
||||
}
|
||||
|
||||
func TestServer_handleTestUpstreaDNS(t *testing.T) {
|
||||
goodHandler := dns.HandlerFunc(func(w dns.ResponseWriter, m *dns.Msg) {
|
||||
err := w.WriteMsg(new(dns.Msg).SetReply(m))
|
||||
require.NoError(testutil.PanicT{}, err)
|
||||
})
|
||||
badHandler := dns.HandlerFunc(func(w dns.ResponseWriter, _ *dns.Msg) {
|
||||
err := w.WriteMsg(new(dns.Msg))
|
||||
require.NoError(testutil.PanicT{}, err)
|
||||
})
|
||||
|
||||
goodUps := (&url.URL{
|
||||
Scheme: "tcp",
|
||||
Host: newLocalUpstreamListener(t, 0, goodHandler).String(),
|
||||
}).String()
|
||||
badUps := (&url.URL{
|
||||
Scheme: "tcp",
|
||||
Host: newLocalUpstreamListener(t, 0, badHandler).String(),
|
||||
}).String()
|
||||
|
||||
const upsTimeout = 100 * time.Millisecond
|
||||
|
||||
srv := createTestServer(t, &filtering.Config{}, ServerConfig{
|
||||
UDPListenAddrs: []*net.UDPAddr{{}},
|
||||
TCPListenAddrs: []*net.TCPAddr{{}},
|
||||
UpstreamTimeout: upsTimeout,
|
||||
}, nil)
|
||||
startDeferStop(t, srv)
|
||||
|
||||
testCases := []struct {
|
||||
body map[string]any
|
||||
wantResp map[string]any
|
||||
name string
|
||||
}{{
|
||||
body: map[string]any{
|
||||
"upstream_dns": []string{goodUps},
|
||||
},
|
||||
wantResp: map[string]any{
|
||||
goodUps: "OK",
|
||||
},
|
||||
name: "success",
|
||||
}, {
|
||||
body: map[string]any{
|
||||
"upstream_dns": []string{badUps},
|
||||
},
|
||||
wantResp: map[string]any{
|
||||
badUps: `upstream "` + badUps + `" fails to exchange: ` +
|
||||
`couldn't communicate with upstream: dns: id mismatch`,
|
||||
},
|
||||
name: "broken",
|
||||
}, {
|
||||
body: map[string]any{
|
||||
"upstream_dns": []string{goodUps, badUps},
|
||||
},
|
||||
wantResp: map[string]any{
|
||||
goodUps: "OK",
|
||||
badUps: `upstream "` + badUps + `" fails to exchange: ` +
|
||||
`couldn't communicate with upstream: dns: id mismatch`,
|
||||
},
|
||||
name: "both",
|
||||
}}
|
||||
|
||||
for _, tc := range testCases {
|
||||
t.Run(tc.name, func(t *testing.T) {
|
||||
reqBody, err := json.Marshal(tc.body)
|
||||
require.NoError(t, err)
|
||||
|
||||
w := httptest.NewRecorder()
|
||||
r, err := http.NewRequest(http.MethodPost, "", bytes.NewReader(reqBody))
|
||||
require.NoError(t, err)
|
||||
|
||||
srv.handleTestUpstreamDNS(w, r)
|
||||
require.Equal(t, http.StatusOK, w.Code)
|
||||
|
||||
resp := map[string]any{}
|
||||
err = json.NewDecoder(w.Body).Decode(&resp)
|
||||
require.NoError(t, err)
|
||||
|
||||
assert.Equal(t, tc.wantResp, resp)
|
||||
})
|
||||
}
|
||||
|
||||
t.Run("timeout", func(t *testing.T) {
|
||||
slowHandler := dns.HandlerFunc(func(w dns.ResponseWriter, m *dns.Msg) {
|
||||
time.Sleep(upsTimeout * 2)
|
||||
writeErr := w.WriteMsg(new(dns.Msg).SetReply(m))
|
||||
require.NoError(testutil.PanicT{}, writeErr)
|
||||
})
|
||||
sleepyUps := (&url.URL{
|
||||
Scheme: "tcp",
|
||||
Host: newLocalUpstreamListener(t, 0, slowHandler).String(),
|
||||
}).String()
|
||||
|
||||
req := map[string]any{
|
||||
"upstream_dns": []string{sleepyUps},
|
||||
}
|
||||
reqBody, err := json.Marshal(req)
|
||||
require.NoError(t, err)
|
||||
|
||||
w := httptest.NewRecorder()
|
||||
r, err := http.NewRequest(http.MethodPost, "", bytes.NewReader(reqBody))
|
||||
require.NoError(t, err)
|
||||
|
||||
srv.handleTestUpstreamDNS(w, r)
|
||||
require.Equal(t, http.StatusOK, w.Code)
|
||||
|
||||
resp := map[string]any{}
|
||||
err = json.NewDecoder(w.Body).Decode(&resp)
|
||||
require.NoError(t, err)
|
||||
|
||||
require.Contains(t, resp, sleepyUps)
|
||||
require.IsType(t, "", resp[sleepyUps])
|
||||
sleepyRes, _ := resp[sleepyUps].(string)
|
||||
|
||||
// TODO(e.burkov): Improve the format of an error in dnsproxy.
|
||||
assert.True(t, strings.HasSuffix(sleepyRes, "i/o timeout"))
|
||||
})
|
||||
}
|
||||
|
||||
@@ -2,6 +2,7 @@ package filtering
|
||||
|
||||
import (
|
||||
"bufio"
|
||||
"bytes"
|
||||
"fmt"
|
||||
"hash/crc32"
|
||||
"io"
|
||||
@@ -12,6 +13,7 @@ import (
|
||||
"strings"
|
||||
"time"
|
||||
|
||||
"github.com/AdguardTeam/AdGuardHome/internal/aghalg"
|
||||
"github.com/AdguardTeam/golibs/errors"
|
||||
"github.com/AdguardTeam/golibs/log"
|
||||
"github.com/AdguardTeam/golibs/stringutil"
|
||||
@@ -97,14 +99,15 @@ func (d *DNSFilter) filterSetProperties(
|
||||
filt.URL,
|
||||
)
|
||||
|
||||
defer func(oldURL, oldName string, oldEnabled bool, oldUpdated time.Time) {
|
||||
defer func(oldURL, oldName string, oldEnabled bool, oldUpdated time.Time, oldRulesCount int) {
|
||||
if err != nil {
|
||||
filt.URL = oldURL
|
||||
filt.Name = oldName
|
||||
filt.Enabled = oldEnabled
|
||||
filt.LastUpdated = oldUpdated
|
||||
filt.RulesCount = oldRulesCount
|
||||
}
|
||||
}(filt.URL, filt.Name, filt.Enabled, filt.LastUpdated)
|
||||
}(filt.URL, filt.Name, filt.Enabled, filt.LastUpdated, filt.RulesCount)
|
||||
|
||||
filt.Name = newList.Name
|
||||
|
||||
@@ -134,8 +137,8 @@ func (d *DNSFilter) filterSetProperties(
|
||||
// TODO(e.burkov): The validation of the contents of the new URL is
|
||||
// currently skipped if the rule list is disabled. This makes it
|
||||
// possible to set a bad rules source, but the validation should still
|
||||
// kick in when the filter is enabled. Consider making changing this
|
||||
// behavior to be stricter.
|
||||
// kick in when the filter is enabled. Consider changing this behavior
|
||||
// to be stricter.
|
||||
filt.unload()
|
||||
}
|
||||
|
||||
@@ -269,10 +272,10 @@ func (d *DNSFilter) periodicallyRefreshFilters() {
|
||||
// already going on.
|
||||
//
|
||||
// TODO(e.burkov): Get rid of the concurrency pattern which requires the
|
||||
// sync.Mutex.TryLock.
|
||||
// [sync.Mutex.TryLock].
|
||||
func (d *DNSFilter) tryRefreshFilters(block, allow, force bool) (updated int, isNetworkErr, ok bool) {
|
||||
if ok = d.refreshLock.TryLock(); !ok {
|
||||
return 0, false, ok
|
||||
return 0, false, false
|
||||
}
|
||||
defer d.refreshLock.Unlock()
|
||||
|
||||
@@ -427,52 +430,124 @@ func (d *DNSFilter) refreshFiltersIntl(block, allow, force bool) (int, bool) {
|
||||
return updNum, false
|
||||
}
|
||||
|
||||
// Allows printable UTF-8 text with CR, LF, TAB characters
|
||||
func isPrintableText(data []byte, len int) bool {
|
||||
for i := 0; i < len; i++ {
|
||||
c := data[i]
|
||||
// isPrintableText returns true if data is printable UTF-8 text with CR, LF, TAB
|
||||
// characters.
|
||||
//
|
||||
// TODO(e.burkov): Investigate the purpose of this and improve the
|
||||
// implementation. Perhaps, use something from the unicode package.
|
||||
func isPrintableText(data string) (ok bool) {
|
||||
for _, c := range []byte(data) {
|
||||
if (c >= ' ' && c != 0x7f) || c == '\n' || c == '\r' || c == '\t' {
|
||||
continue
|
||||
}
|
||||
|
||||
return false
|
||||
}
|
||||
|
||||
return true
|
||||
}
|
||||
|
||||
// A helper function that parses filter contents and returns a number of rules and a filter name (if there's any)
|
||||
func (d *DNSFilter) parseFilterContents(file io.Reader) (int, uint32, string) {
|
||||
rulesCount := 0
|
||||
name := ""
|
||||
seenTitle := false
|
||||
r := bufio.NewReader(file)
|
||||
checksum := uint32(0)
|
||||
// scanLinesWithBreak is essentially a [bufio.ScanLines] which keeps trailing
|
||||
// line breaks.
|
||||
func scanLinesWithBreak(data []byte, atEOF bool) (advance int, token []byte, err error) {
|
||||
if atEOF && len(data) == 0 {
|
||||
return 0, nil, nil
|
||||
}
|
||||
|
||||
for {
|
||||
line, err := r.ReadString('\n')
|
||||
checksum = crc32.Update(checksum, crc32.IEEETable, []byte(line))
|
||||
if i := bytes.IndexByte(data, '\n'); i >= 0 {
|
||||
return i + 1, data[0 : i+1], nil
|
||||
}
|
||||
|
||||
line = strings.TrimSpace(line)
|
||||
if len(line) == 0 {
|
||||
//
|
||||
} else if line[0] == '!' {
|
||||
m := d.filterTitleRegexp.FindAllStringSubmatch(line, -1)
|
||||
if len(m) > 0 && len(m[0]) >= 2 && !seenTitle {
|
||||
name = m[0][1]
|
||||
seenTitle = true
|
||||
}
|
||||
if atEOF {
|
||||
return len(data), data, nil
|
||||
}
|
||||
|
||||
} else if line[0] == '#' {
|
||||
//
|
||||
} else {
|
||||
rulesCount++
|
||||
// Request more data.
|
||||
return 0, nil, nil
|
||||
}
|
||||
|
||||
// parseFilter copies filter's content from src to dst and returns the number of
|
||||
// rules, name, number of bytes written, checksum, and title of the parsed list.
|
||||
// dst must not be nil.
|
||||
func (d *DNSFilter) parseFilter(
|
||||
src io.Reader,
|
||||
dst io.Writer,
|
||||
) (rulesNum, written int, checksum uint32, title string, err error) {
|
||||
scanner := bufio.NewScanner(src)
|
||||
scanner.Split(scanLinesWithBreak)
|
||||
|
||||
titleFound := false
|
||||
for n := 0; scanner.Scan(); written += n {
|
||||
line := scanner.Text()
|
||||
var isRule bool
|
||||
var likelyTitle string
|
||||
isRule, likelyTitle, err = d.parseFilterLine(line, !titleFound, written == 0)
|
||||
if err != nil {
|
||||
return 0, written, 0, "", err
|
||||
}
|
||||
|
||||
if isRule {
|
||||
rulesNum++
|
||||
} else if likelyTitle != "" {
|
||||
title, titleFound = likelyTitle, true
|
||||
}
|
||||
|
||||
checksum = crc32.Update(checksum, crc32.IEEETable, []byte(line))
|
||||
|
||||
n, err = dst.Write([]byte(line))
|
||||
if err != nil {
|
||||
break
|
||||
return 0, written, 0, "", fmt.Errorf("writing filter line: %w", err)
|
||||
}
|
||||
}
|
||||
|
||||
return rulesCount, checksum, name
|
||||
if err = scanner.Err(); err != nil {
|
||||
return 0, written, 0, "", fmt.Errorf("scanning filter contents: %w", err)
|
||||
}
|
||||
|
||||
return rulesNum, written, checksum, title, nil
|
||||
}
|
||||
|
||||
// parseFilterLine returns true if the passed line is a rule. line is
|
||||
// considered a rule if it's not a comment and contains no title.
|
||||
func (d *DNSFilter) parseFilterLine(
|
||||
line string,
|
||||
lookForTitle bool,
|
||||
testHTML bool,
|
||||
) (isRule bool, title string, err error) {
|
||||
if !isPrintableText(line) {
|
||||
return false, "", errors.Error("filter contains non-printable characters")
|
||||
}
|
||||
|
||||
line = strings.TrimSpace(line)
|
||||
if line == "" || line[0] == '#' {
|
||||
return false, "", nil
|
||||
}
|
||||
|
||||
if testHTML && isHTML(line) {
|
||||
return false, "", errors.Error("data is HTML, not plain text")
|
||||
}
|
||||
|
||||
if line[0] == '!' && lookForTitle {
|
||||
match := d.filterTitleRegexp.FindStringSubmatch(line)
|
||||
if len(match) > 1 {
|
||||
title = match[1]
|
||||
}
|
||||
|
||||
return false, title, nil
|
||||
}
|
||||
|
||||
return true, "", nil
|
||||
}
|
||||
|
||||
// isHTML returns true if the line contains HTML tags instead of plain text.
|
||||
// line shouldn have no leading space symbols.
|
||||
//
|
||||
// TODO(ameshkov): It actually gives too much false-positives. Perhaps, just
|
||||
// check if trimmed string begins with angle bracket.
|
||||
func isHTML(line string) (ok bool) {
|
||||
line = strings.ToLower(line)
|
||||
|
||||
return strings.HasPrefix(line, "<html") || strings.HasPrefix(line, "<!doctype")
|
||||
}
|
||||
|
||||
// Perform upgrade on a filter and update LastUpdated value
|
||||
@@ -485,57 +560,10 @@ func (d *DNSFilter) update(filter *FilterYAML) (bool, error) {
|
||||
log.Error("os.Chtimes(): %v", e)
|
||||
}
|
||||
}
|
||||
|
||||
return b, err
|
||||
}
|
||||
|
||||
func (d *DNSFilter) read(reader io.Reader, tmpFile *os.File, filter *FilterYAML) (int, error) {
|
||||
htmlTest := true
|
||||
firstChunk := make([]byte, 4*1024)
|
||||
firstChunkLen := 0
|
||||
buf := make([]byte, 64*1024)
|
||||
total := 0
|
||||
for {
|
||||
n, err := reader.Read(buf)
|
||||
total += n
|
||||
|
||||
if htmlTest {
|
||||
num := len(firstChunk) - firstChunkLen
|
||||
if n < num {
|
||||
num = n
|
||||
}
|
||||
copied := copy(firstChunk[firstChunkLen:], buf[:num])
|
||||
firstChunkLen += copied
|
||||
|
||||
if firstChunkLen == len(firstChunk) || err == io.EOF {
|
||||
if !isPrintableText(firstChunk, firstChunkLen) {
|
||||
return total, fmt.Errorf("data contains non-printable characters")
|
||||
}
|
||||
|
||||
s := strings.ToLower(string(firstChunk))
|
||||
if strings.Contains(s, "<html") || strings.Contains(s, "<!doctype") {
|
||||
return total, fmt.Errorf("data is HTML, not plain text")
|
||||
}
|
||||
|
||||
htmlTest = false
|
||||
firstChunk = nil
|
||||
}
|
||||
}
|
||||
|
||||
_, err2 := tmpFile.Write(buf[:n])
|
||||
if err2 != nil {
|
||||
return total, err2
|
||||
}
|
||||
|
||||
if err == io.EOF {
|
||||
return total, nil
|
||||
}
|
||||
if err != nil {
|
||||
log.Printf("Couldn't fetch filter contents from URL %s, skipping: %s", filter.URL, err)
|
||||
return total, err
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
// finalizeUpdate closes and gets rid of temporary file f with filter's content
|
||||
// according to updated. It also saves new values of flt's name, rules number
|
||||
// and checksum if sucсeeded.
|
||||
@@ -552,7 +580,8 @@ func (d *DNSFilter) finalizeUpdate(
|
||||
// Close the file before renaming it because it's required on Windows.
|
||||
//
|
||||
// See https://github.com/adguardTeam/adGuardHome/issues/1553.
|
||||
if err = file.Close(); err != nil {
|
||||
err = file.Close()
|
||||
if err != nil {
|
||||
return fmt.Errorf("closing temporary file: %w", err)
|
||||
}
|
||||
|
||||
@@ -564,38 +593,18 @@ func (d *DNSFilter) finalizeUpdate(
|
||||
|
||||
log.Printf("saving filter %d contents to: %s", flt.ID, flt.Path(d.DataDir))
|
||||
|
||||
if err = os.Rename(tmpFileName, flt.Path(d.DataDir)); err != nil {
|
||||
// Don't use renamio or maybe packages, since those will require loading the
|
||||
// whole filter content to the memory on Windows.
|
||||
err = os.Rename(tmpFileName, flt.Path(d.DataDir))
|
||||
if err != nil {
|
||||
return errors.WithDeferred(err, os.Remove(tmpFileName))
|
||||
}
|
||||
|
||||
flt.Name = stringutil.Coalesce(flt.Name, name)
|
||||
flt.checksum = cs
|
||||
flt.RulesCount = rnum
|
||||
flt.Name, flt.checksum, flt.RulesCount = aghalg.Coalesce(flt.Name, name), cs, rnum
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
// processUpdate copies filter's content from src to dst and returns the name,
|
||||
// rules number, and checksum for it. It also returns the number of bytes read
|
||||
// from src.
|
||||
func (d *DNSFilter) processUpdate(
|
||||
src io.Reader,
|
||||
dst *os.File,
|
||||
flt *FilterYAML,
|
||||
) (name string, rnum int, cs uint32, n int, err error) {
|
||||
if n, err = d.read(src, dst, flt); err != nil {
|
||||
return "", 0, 0, 0, err
|
||||
}
|
||||
|
||||
if _, err = dst.Seek(0, io.SeekStart); err != nil {
|
||||
return "", 0, 0, 0, err
|
||||
}
|
||||
|
||||
rnum, cs, name = d.parseFilterContents(dst)
|
||||
|
||||
return name, rnum, cs, n, nil
|
||||
}
|
||||
|
||||
// updateIntl updates the flt rewriting it's actual file. It returns true if
|
||||
// the actual update has been performed.
|
||||
func (d *DNSFilter) updateIntl(flt *FilterYAML) (ok bool, err error) {
|
||||
@@ -612,31 +621,21 @@ func (d *DNSFilter) updateIntl(flt *FilterYAML) (ok bool, err error) {
|
||||
}
|
||||
defer func() {
|
||||
err = errors.WithDeferred(err, d.finalizeUpdate(tmpFile, flt, ok, name, rnum, cs))
|
||||
ok = ok && err == nil
|
||||
if ok {
|
||||
if ok && err == nil {
|
||||
log.Printf("updated filter %d: %d bytes, %d rules", flt.ID, n, rnum)
|
||||
}
|
||||
}()
|
||||
|
||||
// Change the default 0o600 permission to something more acceptable by
|
||||
// end users.
|
||||
// Change the default 0o600 permission to something more acceptable by end
|
||||
// users.
|
||||
//
|
||||
// See https://github.com/AdguardTeam/AdGuardHome/issues/3198.
|
||||
if err = tmpFile.Chmod(0o644); err != nil {
|
||||
return false, fmt.Errorf("changing file mode: %w", err)
|
||||
}
|
||||
|
||||
var r io.Reader
|
||||
if filepath.IsAbs(flt.URL) {
|
||||
var file io.ReadCloser
|
||||
file, err = os.Open(flt.URL)
|
||||
if err != nil {
|
||||
return false, fmt.Errorf("open file: %w", err)
|
||||
}
|
||||
defer func() { err = errors.WithDeferred(err, file.Close()) }()
|
||||
|
||||
r = file
|
||||
} else {
|
||||
var rc io.ReadCloser
|
||||
if !filepath.IsAbs(flt.URL) {
|
||||
var resp *http.Response
|
||||
resp, err = d.HTTPClient.Get(flt.URL)
|
||||
if err != nil {
|
||||
@@ -649,24 +648,30 @@ func (d *DNSFilter) updateIntl(flt *FilterYAML) (ok bool, err error) {
|
||||
if resp.StatusCode != http.StatusOK {
|
||||
log.Printf("got status code %d from %s, skip", resp.StatusCode, flt.URL)
|
||||
|
||||
return false, fmt.Errorf("got status code != 200: %d", resp.StatusCode)
|
||||
return false, fmt.Errorf("got status code %d, want %d", resp.StatusCode, http.StatusOK)
|
||||
}
|
||||
|
||||
r = resp.Body
|
||||
rc = resp.Body
|
||||
} else {
|
||||
rc, err = os.Open(flt.URL)
|
||||
if err != nil {
|
||||
return false, fmt.Errorf("open file: %w", err)
|
||||
}
|
||||
defer func() { err = errors.WithDeferred(err, rc.Close()) }()
|
||||
}
|
||||
|
||||
name, rnum, cs, n, err = d.processUpdate(r, tmpFile, flt)
|
||||
rnum, n, cs, name, err = d.parseFilter(rc, tmpFile)
|
||||
|
||||
return cs != flt.checksum, err
|
||||
return cs != flt.checksum && err == nil, err
|
||||
}
|
||||
|
||||
// loads filter contents from the file in dataDir
|
||||
func (d *DNSFilter) load(filter *FilterYAML) (err error) {
|
||||
filterFilePath := filter.Path(d.DataDir)
|
||||
func (d *DNSFilter) load(flt *FilterYAML) (err error) {
|
||||
fileName := flt.Path(d.DataDir)
|
||||
|
||||
log.Tracef("filtering: loading filter %d from %s", filter.ID, filterFilePath)
|
||||
log.Debug("filtering: loading filter %d from %s", flt.ID, fileName)
|
||||
|
||||
file, err := os.Open(filterFilePath)
|
||||
file, err := os.Open(fileName)
|
||||
if errors.Is(err, os.ErrNotExist) {
|
||||
// Do nothing, file doesn't exist.
|
||||
return nil
|
||||
@@ -680,13 +685,14 @@ func (d *DNSFilter) load(filter *FilterYAML) (err error) {
|
||||
return fmt.Errorf("getting filter file stat: %w", err)
|
||||
}
|
||||
|
||||
log.Tracef("filtering: File %s, id %d, length %d", filterFilePath, filter.ID, st.Size())
|
||||
log.Debug("filtering: file %s, id %d, length %d", fileName, flt.ID, st.Size())
|
||||
|
||||
rulesCount, checksum, _ := d.parseFilterContents(file)
|
||||
rulesCount, _, checksum, _, err := d.parseFilter(file, io.Discard)
|
||||
if err != nil {
|
||||
return fmt.Errorf("parsing filter file: %w", err)
|
||||
}
|
||||
|
||||
filter.RulesCount = rulesCount
|
||||
filter.checksum = checksum
|
||||
filter.LastUpdated = st.ModTime()
|
||||
flt.RulesCount, flt.checksum, flt.LastUpdated = rulesCount, checksum, st.ModTime()
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
@@ -4,33 +4,23 @@ import (
|
||||
"io/fs"
|
||||
"net"
|
||||
"net/http"
|
||||
"net/netip"
|
||||
"net/url"
|
||||
"os"
|
||||
"path/filepath"
|
||||
"testing"
|
||||
"time"
|
||||
|
||||
"github.com/AdguardTeam/AdGuardHome/internal/aghnet"
|
||||
"github.com/AdguardTeam/AdGuardHome/internal/aghhttp"
|
||||
"github.com/AdguardTeam/golibs/testutil"
|
||||
"github.com/stretchr/testify/assert"
|
||||
"github.com/stretchr/testify/require"
|
||||
)
|
||||
|
||||
// serveFiltersLocally is a helper that concurrently listens on a free port to
|
||||
// respond with fltContent. It also gracefully closes the listener when the
|
||||
// test under t finishes.
|
||||
func serveFiltersLocally(t *testing.T, fltContent []byte) (ipp netip.AddrPort) {
|
||||
// serveHTTPLocally starts a new HTTP server, that handles its index with h. It
|
||||
// also gracefully closes the listener when the test under t finishes.
|
||||
func serveHTTPLocally(t *testing.T, h http.Handler) (urlStr string) {
|
||||
t.Helper()
|
||||
|
||||
h := http.HandlerFunc(func(w http.ResponseWriter, _ *http.Request) {
|
||||
pt := testutil.PanicT{}
|
||||
|
||||
n, werr := w.Write(fltContent)
|
||||
require.NoError(pt, werr)
|
||||
require.Equal(pt, len(fltContent), n)
|
||||
})
|
||||
|
||||
l, err := net.Listen("tcp", ":0")
|
||||
require.NoError(t, err)
|
||||
|
||||
@@ -38,9 +28,26 @@ func serveFiltersLocally(t *testing.T, fltContent []byte) (ipp netip.AddrPort) {
|
||||
testutil.CleanupAndRequireSuccess(t, l.Close)
|
||||
|
||||
addr := l.Addr()
|
||||
require.IsType(t, new(net.TCPAddr), addr)
|
||||
require.IsType(t, (*net.TCPAddr)(nil), addr)
|
||||
|
||||
return netip.AddrPortFrom(aghnet.IPv4Localhost(), uint16(addr.(*net.TCPAddr).Port))
|
||||
return (&url.URL{
|
||||
Scheme: aghhttp.SchemeHTTP,
|
||||
Host: addr.String(),
|
||||
}).String()
|
||||
}
|
||||
|
||||
// serveFiltersLocally is a helper that concurrently listens on a free port to
|
||||
// respond with fltContent.
|
||||
func serveFiltersLocally(t *testing.T, fltContent []byte) (urlStr string) {
|
||||
t.Helper()
|
||||
|
||||
return serveHTTPLocally(t, http.HandlerFunc(func(w http.ResponseWriter, _ *http.Request) {
|
||||
pt := testutil.PanicT{}
|
||||
|
||||
n, werr := w.Write(fltContent)
|
||||
require.NoError(pt, werr)
|
||||
require.Equal(pt, len(fltContent), n)
|
||||
}))
|
||||
}
|
||||
|
||||
func TestFilters(t *testing.T) {
|
||||
@@ -61,14 +68,11 @@ func TestFilters(t *testing.T) {
|
||||
HTTPClient: &http.Client{
|
||||
Timeout: 5 * time.Second,
|
||||
},
|
||||
}, nil)
|
||||
}, nil, nil)
|
||||
require.NoError(t, err)
|
||||
|
||||
f := &FilterYAML{
|
||||
URL: (&url.URL{
|
||||
Scheme: "http",
|
||||
Host: addr.String(),
|
||||
}).String(),
|
||||
URL: addr,
|
||||
}
|
||||
|
||||
updateAndAssert := func(t *testing.T, want require.BoolAssertionFunc, wantRulesCount int) {
|
||||
@@ -103,11 +107,7 @@ func TestFilters(t *testing.T) {
|
||||
anotherContent := []byte(`||example.com^`)
|
||||
oldURL := f.URL
|
||||
|
||||
ipp := serveFiltersLocally(t, anotherContent)
|
||||
f.URL = (&url.URL{
|
||||
Scheme: "http",
|
||||
Host: ipp.String(),
|
||||
}).String()
|
||||
f.URL = serveFiltersLocally(t, anotherContent)
|
||||
t.Cleanup(func() { f.URL = oldURL })
|
||||
|
||||
updateAndAssert(t, require.True, 1)
|
||||
|
||||
@@ -40,6 +40,7 @@ const (
|
||||
ParentalListID
|
||||
SafeBrowsingListID
|
||||
SafeSearchListID
|
||||
RewritesListID
|
||||
)
|
||||
|
||||
// ServiceEntry - blocked service array element
|
||||
@@ -89,7 +90,7 @@ type Config struct {
|
||||
ParentalCacheSize uint `yaml:"parental_cache_size"` // (in bytes)
|
||||
CacheTime uint `yaml:"cache_time"` // Element's TTL (in minutes)
|
||||
|
||||
Rewrites []*LegacyRewrite `yaml:"rewrites"`
|
||||
Rewrites []*RewriteItem `yaml:"rewrites"`
|
||||
|
||||
// Names of services to block (globally).
|
||||
// Per-client settings can override this configuration.
|
||||
@@ -189,8 +190,12 @@ type DNSFilter struct {
|
||||
|
||||
// filterTitleRegexp is the regular expression to retrieve a name of a
|
||||
// filter list.
|
||||
//
|
||||
// TODO(e.burkov): Don't use regexp for such a simple text processing task.
|
||||
filterTitleRegexp *regexp.Regexp
|
||||
|
||||
rewriteStorage RewriteStorage
|
||||
|
||||
hostCheckers []hostChecker
|
||||
}
|
||||
|
||||
@@ -312,7 +317,7 @@ func (d *DNSFilter) WriteDiskConfig(c *Config) {
|
||||
defer d.confLock.Unlock()
|
||||
|
||||
*c = d.Config
|
||||
c.Rewrites = cloneRewrites(c.Rewrites)
|
||||
c.Rewrites = slices.Clone(c.Rewrites)
|
||||
}()
|
||||
|
||||
d.filtersMu.RLock()
|
||||
@@ -323,16 +328,6 @@ func (d *DNSFilter) WriteDiskConfig(c *Config) {
|
||||
c.UserRules = slices.Clone(d.UserRules)
|
||||
}
|
||||
|
||||
// cloneRewrites returns a deep copy of entries.
|
||||
func cloneRewrites(entries []*LegacyRewrite) (clone []*LegacyRewrite) {
|
||||
clone = make([]*LegacyRewrite, len(entries))
|
||||
for i, rw := range entries {
|
||||
clone[i] = rw.clone()
|
||||
}
|
||||
|
||||
return clone
|
||||
}
|
||||
|
||||
// SetFilters sets new filters, synchronously or asynchronously. When filters
|
||||
// are set asynchronously, the old filters continue working until the new
|
||||
// filters are ready.
|
||||
@@ -543,75 +538,52 @@ func (d *DNSFilter) matchSysHosts(
|
||||
// CNAME, breaking loops in the process.
|
||||
//
|
||||
// Secondly, it finds A or AAAA rewrites for host and, if found, sets res.IPList
|
||||
// accordingly. If the found rewrite has a special value of "A" or "AAAA", the
|
||||
// result is an exception.
|
||||
// accordingly.
|
||||
func (d *DNSFilter) processRewrites(host string, qtype uint16) (res Result) {
|
||||
d.confLock.RLock()
|
||||
defer d.confLock.RUnlock()
|
||||
|
||||
rewrites, matched := findRewrites(d.Rewrites, host, qtype)
|
||||
if !matched {
|
||||
return Result{}
|
||||
if d.rewriteStorage == nil {
|
||||
return res
|
||||
}
|
||||
|
||||
res.Reason = Rewritten
|
||||
dnsr := d.rewriteStorage.MatchRequest(&urlfilter.DNSRequest{
|
||||
Hostname: host,
|
||||
DNSType: qtype,
|
||||
})
|
||||
|
||||
cnames := stringutil.NewSet()
|
||||
origHost := host
|
||||
for matched && len(rewrites) > 0 && rewrites[0].Type == dns.TypeCNAME {
|
||||
rw := rewrites[0]
|
||||
rwPat := rw.Domain
|
||||
rwAns := rw.Answer
|
||||
|
||||
log.Debug("rewrite: cname for %s is %s", host, rwAns)
|
||||
|
||||
if origHost == rwAns || rwPat == rwAns {
|
||||
// Either a request for the hostname itself or a rewrite of
|
||||
// a pattern onto itself, both of which are an exception rules.
|
||||
// Return a not filtered result.
|
||||
return Result{}
|
||||
} else if host == rwAns && isWildcard(rwPat) {
|
||||
// An "*.example.com → sub.example.com" rewrite matching in a loop.
|
||||
//
|
||||
// See https://github.com/AdguardTeam/AdGuardHome/issues/4016.
|
||||
|
||||
res.CanonName = host
|
||||
|
||||
break
|
||||
}
|
||||
|
||||
host = rwAns
|
||||
if cnames.Has(host) {
|
||||
log.Info("rewrite: cname loop for %q on %q", origHost, host)
|
||||
|
||||
return res
|
||||
}
|
||||
|
||||
cnames.Add(host)
|
||||
res.CanonName = host
|
||||
rewrites, matched = findRewrites(d.Rewrites, host, qtype)
|
||||
}
|
||||
|
||||
setRewriteResult(&res, host, rewrites, qtype)
|
||||
setRewriteResult(&res, host, dnsr, qtype)
|
||||
|
||||
return res
|
||||
}
|
||||
|
||||
// setRewriteResult sets the Reason or IPList of res if necessary. res must not
|
||||
// be nil.
|
||||
func setRewriteResult(res *Result, host string, rewrites []*LegacyRewrite, qtype uint16) {
|
||||
for _, rw := range rewrites {
|
||||
if rw.Type == qtype && (qtype == dns.TypeA || qtype == dns.TypeAAAA) {
|
||||
if rw.IP == nil {
|
||||
// "A"/"AAAA" exception: allow getting from upstream.
|
||||
res.Reason = NotFilteredNotFound
|
||||
func setRewriteResult(res *Result, host string, dnsr []*rules.DNSRewrite, qtype uint16) {
|
||||
if len(dnsr) == 0 {
|
||||
res.Reason = NotFilteredNotFound
|
||||
|
||||
return
|
||||
return
|
||||
}
|
||||
|
||||
res.Reason = Rewritten
|
||||
|
||||
for _, dnsRewrite := range dnsr {
|
||||
if dnsRewrite.RRType == qtype && (qtype == dns.TypeA || qtype == dns.TypeAAAA) {
|
||||
ip, ok := dnsRewrite.Value.(net.IP)
|
||||
if !ok || ip == nil {
|
||||
continue
|
||||
}
|
||||
|
||||
res.IPList = append(res.IPList, rw.IP)
|
||||
if qtype == dns.TypeA {
|
||||
ip = ip.To4()
|
||||
}
|
||||
|
||||
log.Debug("rewrite: a/aaaa for %s is %s", host, rw.IP)
|
||||
res.IPList = append(res.IPList, ip)
|
||||
|
||||
log.Debug("rewrite: a/aaaa for %s is %s", host, ip)
|
||||
} else if dnsRewrite.NewCNAME != "" {
|
||||
res.CanonName = dnsRewrite.NewCNAME
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -924,7 +896,7 @@ func InitModule() {
|
||||
|
||||
// New creates properly initialized DNS Filter that is ready to be used. c must
|
||||
// be non-nil.
|
||||
func New(c *Config, blockFilters []Filter) (d *DNSFilter, err error) {
|
||||
func New(c *Config, blockFilters []Filter, rewriteStorage RewriteStorage) (d *DNSFilter, err error) {
|
||||
d = &DNSFilter{
|
||||
resolver: net.DefaultResolver,
|
||||
refreshLock: &sync.Mutex{},
|
||||
@@ -977,11 +949,7 @@ func New(c *Config, blockFilters []Filter) (d *DNSFilter, err error) {
|
||||
|
||||
d.Config = *c
|
||||
d.filtersMu = &sync.RWMutex{}
|
||||
|
||||
err = d.prepareRewrites()
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("rewrites: preparing: %s", err)
|
||||
}
|
||||
d.rewriteStorage = rewriteStorage
|
||||
|
||||
bsvcs := []string{}
|
||||
for _, s := range d.BlockedServices {
|
||||
|
||||
@@ -46,6 +46,7 @@ func newForTest(t testing.TB, c *Config, filters []Filter) (f *DNSFilter, setts
|
||||
ProtectionEnabled: true,
|
||||
FilteringEnabled: true,
|
||||
}
|
||||
|
||||
if c != nil {
|
||||
c.SafeBrowsingCacheSize = 10000
|
||||
c.ParentalCacheSize = 10000
|
||||
@@ -58,7 +59,8 @@ func newForTest(t testing.TB, c *Config, filters []Filter) (f *DNSFilter, setts
|
||||
// It must not be nil.
|
||||
c = &Config{}
|
||||
}
|
||||
f, err := New(c, filters)
|
||||
|
||||
f, err := New(c, filters, nil)
|
||||
require.NoError(t, err)
|
||||
|
||||
purgeCaches(f)
|
||||
@@ -417,274 +419,275 @@ func TestMatching(t *testing.T) {
|
||||
host string
|
||||
wantReason Reason
|
||||
wantIsFiltered bool
|
||||
wantDNSType uint16
|
||||
qtype uint16
|
||||
}{{
|
||||
name: "sanity",
|
||||
rules: "||doubleclick.net^",
|
||||
host: "www.doubleclick.net",
|
||||
wantIsFiltered: true,
|
||||
wantReason: FilteredBlockList,
|
||||
wantDNSType: dns.TypeA,
|
||||
qtype: dns.TypeA,
|
||||
}, {
|
||||
name: "sanity",
|
||||
rules: "||doubleclick.net^",
|
||||
host: "nodoubleclick.net",
|
||||
wantIsFiltered: false,
|
||||
wantReason: NotFilteredNotFound,
|
||||
wantDNSType: dns.TypeA,
|
||||
qtype: dns.TypeA,
|
||||
}, {
|
||||
name: "sanity",
|
||||
rules: "||doubleclick.net^",
|
||||
host: "doubleclick.net.ru",
|
||||
wantIsFiltered: false,
|
||||
wantReason: NotFilteredNotFound,
|
||||
wantDNSType: dns.TypeA,
|
||||
qtype: dns.TypeA,
|
||||
}, {
|
||||
name: "sanity",
|
||||
rules: "||doubleclick.net^",
|
||||
host: sbBlocked,
|
||||
wantIsFiltered: false,
|
||||
wantReason: NotFilteredNotFound,
|
||||
wantDNSType: dns.TypeA,
|
||||
qtype: dns.TypeA,
|
||||
}, {
|
||||
name: "blocking",
|
||||
rules: blockingRules,
|
||||
host: "example.org",
|
||||
wantIsFiltered: true,
|
||||
wantReason: FilteredBlockList,
|
||||
wantDNSType: dns.TypeA,
|
||||
qtype: dns.TypeA,
|
||||
}, {
|
||||
name: "blocking",
|
||||
rules: blockingRules,
|
||||
host: "test.example.org",
|
||||
wantIsFiltered: true,
|
||||
wantReason: FilteredBlockList,
|
||||
wantDNSType: dns.TypeA,
|
||||
qtype: dns.TypeA,
|
||||
}, {
|
||||
name: "blocking",
|
||||
rules: blockingRules,
|
||||
host: "test.test.example.org",
|
||||
wantIsFiltered: true,
|
||||
wantReason: FilteredBlockList,
|
||||
wantDNSType: dns.TypeA,
|
||||
qtype: dns.TypeA,
|
||||
}, {
|
||||
name: "blocking",
|
||||
rules: blockingRules,
|
||||
host: "testexample.org",
|
||||
wantIsFiltered: false,
|
||||
wantReason: NotFilteredNotFound,
|
||||
wantDNSType: dns.TypeA,
|
||||
qtype: dns.TypeA,
|
||||
}, {
|
||||
name: "blocking",
|
||||
rules: blockingRules,
|
||||
host: "onemoreexample.org",
|
||||
wantIsFiltered: false,
|
||||
wantReason: NotFilteredNotFound,
|
||||
wantDNSType: dns.TypeA,
|
||||
qtype: dns.TypeA,
|
||||
}, {
|
||||
name: "allowlist",
|
||||
rules: allowlistRules,
|
||||
host: "example.org",
|
||||
wantIsFiltered: true,
|
||||
wantReason: FilteredBlockList,
|
||||
wantDNSType: dns.TypeA,
|
||||
qtype: dns.TypeA,
|
||||
}, {
|
||||
name: "allowlist",
|
||||
rules: allowlistRules,
|
||||
host: "test.example.org",
|
||||
wantIsFiltered: false,
|
||||
wantReason: NotFilteredAllowList,
|
||||
wantDNSType: dns.TypeA,
|
||||
qtype: dns.TypeA,
|
||||
}, {
|
||||
name: "allowlist",
|
||||
rules: allowlistRules,
|
||||
host: "test.test.example.org",
|
||||
wantIsFiltered: false,
|
||||
wantReason: NotFilteredAllowList,
|
||||
wantDNSType: dns.TypeA,
|
||||
qtype: dns.TypeA,
|
||||
}, {
|
||||
name: "allowlist",
|
||||
rules: allowlistRules,
|
||||
host: "testexample.org",
|
||||
wantIsFiltered: false,
|
||||
wantReason: NotFilteredNotFound,
|
||||
wantDNSType: dns.TypeA,
|
||||
qtype: dns.TypeA,
|
||||
}, {
|
||||
name: "allowlist",
|
||||
rules: allowlistRules,
|
||||
host: "onemoreexample.org",
|
||||
wantIsFiltered: false,
|
||||
wantReason: NotFilteredNotFound,
|
||||
wantDNSType: dns.TypeA,
|
||||
qtype: dns.TypeA,
|
||||
}, {
|
||||
name: "important",
|
||||
rules: importantRules,
|
||||
host: "example.org",
|
||||
wantIsFiltered: false,
|
||||
wantReason: NotFilteredAllowList,
|
||||
wantDNSType: dns.TypeA,
|
||||
qtype: dns.TypeA,
|
||||
}, {
|
||||
name: "important",
|
||||
rules: importantRules,
|
||||
host: "test.example.org",
|
||||
wantIsFiltered: true,
|
||||
wantReason: FilteredBlockList,
|
||||
wantDNSType: dns.TypeA,
|
||||
qtype: dns.TypeA,
|
||||
}, {
|
||||
name: "important",
|
||||
rules: importantRules,
|
||||
host: "test.test.example.org",
|
||||
wantIsFiltered: true,
|
||||
wantReason: FilteredBlockList,
|
||||
wantDNSType: dns.TypeA,
|
||||
qtype: dns.TypeA,
|
||||
}, {
|
||||
name: "important",
|
||||
rules: importantRules,
|
||||
host: "testexample.org",
|
||||
wantIsFiltered: false,
|
||||
wantReason: NotFilteredNotFound,
|
||||
wantDNSType: dns.TypeA,
|
||||
qtype: dns.TypeA,
|
||||
}, {
|
||||
name: "important",
|
||||
rules: importantRules,
|
||||
host: "onemoreexample.org",
|
||||
wantIsFiltered: false,
|
||||
wantReason: NotFilteredNotFound,
|
||||
wantDNSType: dns.TypeA,
|
||||
qtype: dns.TypeA,
|
||||
}, {
|
||||
name: "regex",
|
||||
rules: regexRules,
|
||||
host: "example.org",
|
||||
wantIsFiltered: true,
|
||||
wantReason: FilteredBlockList,
|
||||
wantDNSType: dns.TypeA,
|
||||
qtype: dns.TypeA,
|
||||
}, {
|
||||
name: "regex",
|
||||
rules: regexRules,
|
||||
host: "test.example.org",
|
||||
wantIsFiltered: false,
|
||||
wantReason: NotFilteredAllowList,
|
||||
wantDNSType: dns.TypeA,
|
||||
qtype: dns.TypeA,
|
||||
}, {
|
||||
name: "regex",
|
||||
rules: regexRules,
|
||||
host: "test.test.example.org",
|
||||
wantIsFiltered: false,
|
||||
wantReason: NotFilteredAllowList,
|
||||
wantDNSType: dns.TypeA,
|
||||
qtype: dns.TypeA,
|
||||
}, {
|
||||
name: "regex",
|
||||
rules: regexRules,
|
||||
host: "testexample.org",
|
||||
wantIsFiltered: true,
|
||||
wantReason: FilteredBlockList,
|
||||
wantDNSType: dns.TypeA,
|
||||
qtype: dns.TypeA,
|
||||
}, {
|
||||
name: "regex",
|
||||
rules: regexRules,
|
||||
host: "onemoreexample.org",
|
||||
wantIsFiltered: true,
|
||||
wantReason: FilteredBlockList,
|
||||
wantDNSType: dns.TypeA,
|
||||
qtype: dns.TypeA,
|
||||
}, {
|
||||
name: "mask",
|
||||
rules: maskRules,
|
||||
host: "test.example.org",
|
||||
wantIsFiltered: true,
|
||||
wantReason: FilteredBlockList,
|
||||
wantDNSType: dns.TypeA,
|
||||
qtype: dns.TypeA,
|
||||
}, {
|
||||
name: "mask",
|
||||
rules: maskRules,
|
||||
host: "test2.example.org",
|
||||
wantIsFiltered: true,
|
||||
wantReason: FilteredBlockList,
|
||||
wantDNSType: dns.TypeA,
|
||||
qtype: dns.TypeA,
|
||||
}, {
|
||||
name: "mask",
|
||||
rules: maskRules,
|
||||
host: "example.com",
|
||||
wantIsFiltered: true,
|
||||
wantReason: FilteredBlockList,
|
||||
wantDNSType: dns.TypeA,
|
||||
qtype: dns.TypeA,
|
||||
}, {
|
||||
name: "mask",
|
||||
rules: maskRules,
|
||||
host: "exampleeee.com",
|
||||
wantIsFiltered: true,
|
||||
wantReason: FilteredBlockList,
|
||||
wantDNSType: dns.TypeA,
|
||||
qtype: dns.TypeA,
|
||||
}, {
|
||||
name: "mask",
|
||||
rules: maskRules,
|
||||
host: "onemoreexamsite.com",
|
||||
wantIsFiltered: true,
|
||||
wantReason: FilteredBlockList,
|
||||
wantDNSType: dns.TypeA,
|
||||
qtype: dns.TypeA,
|
||||
}, {
|
||||
name: "mask",
|
||||
rules: maskRules,
|
||||
host: "example.org",
|
||||
wantIsFiltered: false,
|
||||
wantReason: NotFilteredNotFound,
|
||||
wantDNSType: dns.TypeA,
|
||||
qtype: dns.TypeA,
|
||||
}, {
|
||||
name: "mask",
|
||||
rules: maskRules,
|
||||
host: "testexample.org",
|
||||
wantIsFiltered: false,
|
||||
wantReason: NotFilteredNotFound,
|
||||
wantDNSType: dns.TypeA,
|
||||
qtype: dns.TypeA,
|
||||
}, {
|
||||
name: "mask",
|
||||
rules: maskRules,
|
||||
host: "example.co.uk",
|
||||
wantIsFiltered: false,
|
||||
wantReason: NotFilteredNotFound,
|
||||
wantDNSType: dns.TypeA,
|
||||
qtype: dns.TypeA,
|
||||
}, {
|
||||
name: "dnstype",
|
||||
rules: dnstypeRules,
|
||||
host: "onemoreexample.org",
|
||||
wantIsFiltered: false,
|
||||
wantReason: NotFilteredNotFound,
|
||||
wantDNSType: dns.TypeA,
|
||||
qtype: dns.TypeA,
|
||||
}, {
|
||||
name: "dnstype",
|
||||
rules: dnstypeRules,
|
||||
host: "example.org",
|
||||
wantIsFiltered: false,
|
||||
wantReason: NotFilteredNotFound,
|
||||
wantDNSType: dns.TypeA,
|
||||
qtype: dns.TypeA,
|
||||
}, {
|
||||
name: "dnstype",
|
||||
rules: dnstypeRules,
|
||||
host: "example.org",
|
||||
wantIsFiltered: true,
|
||||
wantReason: FilteredBlockList,
|
||||
wantDNSType: dns.TypeAAAA,
|
||||
qtype: dns.TypeAAAA,
|
||||
}, {
|
||||
name: "dnstype",
|
||||
rules: dnstypeRules,
|
||||
host: "test.example.org",
|
||||
wantIsFiltered: false,
|
||||
wantReason: NotFilteredAllowList,
|
||||
wantDNSType: dns.TypeA,
|
||||
qtype: dns.TypeA,
|
||||
}, {
|
||||
name: "dnstype",
|
||||
rules: dnstypeRules,
|
||||
host: "test.example.org",
|
||||
wantIsFiltered: false,
|
||||
wantReason: NotFilteredAllowList,
|
||||
wantDNSType: dns.TypeAAAA,
|
||||
qtype: dns.TypeAAAA,
|
||||
}}
|
||||
|
||||
for _, tc := range testCases {
|
||||
t.Run(fmt.Sprintf("%s-%s", tc.name, tc.host), func(t *testing.T) {
|
||||
filters := []Filter{{ID: 0, Data: []byte(tc.rules)}}
|
||||
d, setts := newForTest(t, nil, filters)
|
||||
t.Cleanup(d.Close)
|
||||
|
||||
res, err := d.CheckHost(tc.host, tc.wantDNSType, setts)
|
||||
res, err := d.CheckHost(tc.host, tc.qtype, setts)
|
||||
require.NoError(t, err)
|
||||
|
||||
assert.Equalf(t, tc.wantIsFiltered, res.IsFiltered, "Hostname %s has wrong result (%v must be %v)", tc.host, res.IsFiltered, tc.wantIsFiltered)
|
||||
|
||||
@@ -5,7 +5,6 @@ import (
|
||||
"encoding/json"
|
||||
"net/http"
|
||||
"net/http/httptest"
|
||||
"net/url"
|
||||
"testing"
|
||||
"time"
|
||||
|
||||
@@ -30,11 +29,7 @@ func TestDNSFilter_handleFilteringSetURL(t *testing.T) {
|
||||
endpoint: &badRulesEndpoint,
|
||||
content: []byte(`<html></html>`),
|
||||
}} {
|
||||
ipp := serveFiltersLocally(t, rulesSource.content)
|
||||
*rulesSource.endpoint = (&url.URL{
|
||||
Scheme: "http",
|
||||
Host: ipp.String(),
|
||||
}).String()
|
||||
*rulesSource.endpoint = serveFiltersLocally(t, rulesSource.content)
|
||||
}
|
||||
|
||||
testCases := []struct {
|
||||
@@ -110,7 +105,7 @@ func TestDNSFilter_handleFilteringSetURL(t *testing.T) {
|
||||
},
|
||||
ConfigModified: func() { confModifiedCalled = true },
|
||||
DataDir: filtersDir,
|
||||
}, nil)
|
||||
}, nil, nil)
|
||||
require.NoError(t, err)
|
||||
t.Cleanup(d.Close)
|
||||
|
||||
|
||||
42
internal/filtering/rewrite.go
Normal file
42
internal/filtering/rewrite.go
Normal file
@@ -0,0 +1,42 @@
|
||||
package filtering
|
||||
|
||||
import (
|
||||
"github.com/AdguardTeam/urlfilter"
|
||||
"github.com/AdguardTeam/urlfilter/rules"
|
||||
)
|
||||
|
||||
// RewriteStorage is a storage for rewrite rules.
|
||||
type RewriteStorage interface {
|
||||
// MatchRequest returns matching dnsrewrites for the specified request.
|
||||
MatchRequest(dReq *urlfilter.DNSRequest) (rws []*rules.DNSRewrite)
|
||||
|
||||
// Add adds item to the storage.
|
||||
Add(item *RewriteItem) (err error)
|
||||
|
||||
// Remove deletes item from the storage.
|
||||
Remove(item *RewriteItem) (err error)
|
||||
|
||||
// List returns all items from the storage.
|
||||
List() (items []*RewriteItem)
|
||||
}
|
||||
|
||||
// RewriteItem is a single DNS rewrite record.
|
||||
type RewriteItem struct {
|
||||
// Domain is the domain pattern for which this rewrite should work.
|
||||
Domain string `yaml:"domain" json:"domain"`
|
||||
|
||||
// Answer is the IP address, canonical name, or one of the special
|
||||
// values: "A" or "AAAA".
|
||||
Answer string `yaml:"answer" json:"answer"`
|
||||
}
|
||||
|
||||
// Equal returns true if rw is Equal to other.
|
||||
func (rw *RewriteItem) Equal(other *RewriteItem) (ok bool) {
|
||||
if rw == nil {
|
||||
return other == nil
|
||||
} else if other == nil {
|
||||
return false
|
||||
}
|
||||
|
||||
return *rw == *other
|
||||
}
|
||||
276
internal/filtering/rewrite/storage.go
Normal file
276
internal/filtering/rewrite/storage.go
Normal file
@@ -0,0 +1,276 @@
|
||||
// Package rewrite implements DNS Rewrites storage and request matching.
|
||||
package rewrite
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
"net/netip"
|
||||
"strings"
|
||||
"sync"
|
||||
|
||||
"github.com/AdguardTeam/AdGuardHome/internal/filtering"
|
||||
"github.com/AdguardTeam/golibs/log"
|
||||
"github.com/AdguardTeam/golibs/stringutil"
|
||||
"github.com/AdguardTeam/urlfilter"
|
||||
"github.com/AdguardTeam/urlfilter/filterlist"
|
||||
"github.com/AdguardTeam/urlfilter/rules"
|
||||
"github.com/miekg/dns"
|
||||
"golang.org/x/exp/slices"
|
||||
)
|
||||
|
||||
// DefaultStorage is the default storage for rewrite rules.
|
||||
type DefaultStorage struct {
|
||||
// mu protects items.
|
||||
mu *sync.RWMutex
|
||||
|
||||
// engine is the DNS filtering engine.
|
||||
engine *urlfilter.DNSEngine
|
||||
|
||||
// ruleList is the filtering rule ruleList used by the engine.
|
||||
ruleList filterlist.RuleList
|
||||
|
||||
// rewrites stores the rewrite entries from configuration.
|
||||
rewrites []*filtering.RewriteItem
|
||||
|
||||
// urlFilterID is the synthetic integer identifier for the urlfilter engine.
|
||||
//
|
||||
// TODO(a.garipov): Change the type to a string in module urlfilter and
|
||||
// remove this crutch.
|
||||
urlFilterID int
|
||||
}
|
||||
|
||||
// NewDefaultStorage returns new rewrites storage. listID is used as an
|
||||
// identifier of the underlying rules list. rewrites must not be nil.
|
||||
func NewDefaultStorage(rewrites []*filtering.RewriteItem) (s *DefaultStorage, err error) {
|
||||
s = &DefaultStorage{
|
||||
mu: &sync.RWMutex{},
|
||||
urlFilterID: filtering.RewritesListID,
|
||||
rewrites: rewrites,
|
||||
}
|
||||
|
||||
err = s.resetRules()
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
return s, nil
|
||||
}
|
||||
|
||||
// type check
|
||||
var _ filtering.RewriteStorage = (*DefaultStorage)(nil)
|
||||
|
||||
// MatchRequest implements the [RewriteStorage] interface for *DefaultStorage.
|
||||
func (s *DefaultStorage) MatchRequest(dReq *urlfilter.DNSRequest) (rws []*rules.DNSRewrite) {
|
||||
s.mu.RLock()
|
||||
defer s.mu.RUnlock()
|
||||
|
||||
rrules := s.rewriteRulesForReq(dReq)
|
||||
if len(rrules) == 0 {
|
||||
return nil
|
||||
}
|
||||
|
||||
// TODO(a.garipov): Check cnames for cycles on initialization.
|
||||
cnames := stringutil.NewSet()
|
||||
host := dReq.Hostname
|
||||
var lastCNAMERule *rules.NetworkRule
|
||||
for len(rrules) > 0 && rrules[0].DNSRewrite != nil && rrules[0].DNSRewrite.NewCNAME != "" {
|
||||
lastCNAMERule = rrules[0]
|
||||
lastDNSRewrite := lastCNAMERule.DNSRewrite
|
||||
rwAns := lastDNSRewrite.NewCNAME
|
||||
|
||||
log.Debug("rewrite: cname for %s is %s", host, rwAns)
|
||||
|
||||
if dReq.Hostname == rwAns {
|
||||
// A request for the hostname itself.
|
||||
// TODO(d.kolyshev): Check rewrite of a pattern onto itself.
|
||||
log.Debug("rewrite: request for hostname itself for %q", dReq.Hostname)
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
if host == rwAns && isWildcard(lastCNAMERule.RuleText) {
|
||||
// An "*.example.com → sub.example.com" rewrite matching in a loop.
|
||||
//
|
||||
// See https://github.com/AdguardTeam/AdGuardHome/issues/4016.
|
||||
log.Debug("rewrite: cname wildcard loop for %q on %q", dReq.Hostname, rwAns)
|
||||
|
||||
return []*rules.DNSRewrite{lastDNSRewrite}
|
||||
}
|
||||
|
||||
if cnames.Has(rwAns) {
|
||||
log.Info("rewrite: cname loop for %q on %q", dReq.Hostname, rwAns)
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
cnames.Add(rwAns)
|
||||
|
||||
drules := s.rewriteRulesForReq(&urlfilter.DNSRequest{
|
||||
Hostname: rwAns,
|
||||
DNSType: dReq.DNSType,
|
||||
})
|
||||
|
||||
if drules == nil {
|
||||
break
|
||||
}
|
||||
|
||||
rrules = drules
|
||||
host = rwAns
|
||||
}
|
||||
|
||||
return s.collectDNSRewrites(rrules, lastCNAMERule, dReq.DNSType)
|
||||
}
|
||||
|
||||
// collectDNSRewrites filters DNSRewrite by question type.
|
||||
func (s *DefaultStorage) collectDNSRewrites(
|
||||
rewrites []*rules.NetworkRule,
|
||||
cnameRule *rules.NetworkRule,
|
||||
qtyp uint16,
|
||||
) (rws []*rules.DNSRewrite) {
|
||||
if cnameRule != nil {
|
||||
rewrites = append([]*rules.NetworkRule{cnameRule}, rewrites...)
|
||||
}
|
||||
|
||||
for _, rewrite := range rewrites {
|
||||
dnsRewrite := rewrite.DNSRewrite
|
||||
if matchesQType(dnsRewrite, qtyp) {
|
||||
rws = append(rws, dnsRewrite)
|
||||
}
|
||||
}
|
||||
|
||||
return rws
|
||||
}
|
||||
|
||||
// rewriteRulesForReq returns matching dnsrewrite rules.
|
||||
func (s *DefaultStorage) rewriteRulesForReq(dReq *urlfilter.DNSRequest) (rules []*rules.NetworkRule) {
|
||||
res, _ := s.engine.MatchRequest(dReq)
|
||||
|
||||
return res.DNSRewrites()
|
||||
}
|
||||
|
||||
// Add implements the [RewriteStorage] interface for *DefaultStorage.
|
||||
func (s *DefaultStorage) Add(item *filtering.RewriteItem) (err error) {
|
||||
s.mu.Lock()
|
||||
defer s.mu.Unlock()
|
||||
|
||||
// TODO(d.kolyshev): Handle duplicate items.
|
||||
s.rewrites = append(s.rewrites, item)
|
||||
|
||||
return s.resetRules()
|
||||
}
|
||||
|
||||
// Remove implements the [RewriteStorage] interface for *DefaultStorage.
|
||||
func (s *DefaultStorage) Remove(item *filtering.RewriteItem) (err error) {
|
||||
s.mu.Lock()
|
||||
defer s.mu.Unlock()
|
||||
|
||||
arr := []*filtering.RewriteItem{}
|
||||
|
||||
// TODO(d.kolyshev): Use slices.IndexFunc + slices.Delete?
|
||||
for _, ent := range s.rewrites {
|
||||
if ent.Equal(item) {
|
||||
log.Debug("rewrite: removed element: %s -> %s", ent.Domain, ent.Answer)
|
||||
|
||||
continue
|
||||
}
|
||||
|
||||
arr = append(arr, ent)
|
||||
}
|
||||
s.rewrites = arr
|
||||
|
||||
return s.resetRules()
|
||||
}
|
||||
|
||||
// List implements the [RewriteStorage] interface for *DefaultStorage.
|
||||
func (s *DefaultStorage) List() (items []*filtering.RewriteItem) {
|
||||
s.mu.RLock()
|
||||
defer s.mu.RUnlock()
|
||||
|
||||
return slices.Clone(s.rewrites)
|
||||
}
|
||||
|
||||
// resetRules resets the filtering rules.
|
||||
func (s *DefaultStorage) resetRules() (err error) {
|
||||
// TODO(a.garipov): Use strings.Builder.
|
||||
var rulesText []string
|
||||
for _, rewrite := range s.rewrites {
|
||||
rulesText = append(rulesText, toRule(rewrite))
|
||||
}
|
||||
|
||||
strList := &filterlist.StringRuleList{
|
||||
ID: s.urlFilterID,
|
||||
RulesText: strings.Join(rulesText, "\n"),
|
||||
IgnoreCosmetic: true,
|
||||
}
|
||||
|
||||
rs, err := filterlist.NewRuleStorage([]filterlist.RuleList{strList})
|
||||
if err != nil {
|
||||
return fmt.Errorf("creating list storage: %w", err)
|
||||
}
|
||||
|
||||
s.ruleList = strList
|
||||
s.engine = urlfilter.NewDNSEngine(rs)
|
||||
|
||||
log.Info("rewrite: filter %d: reset %d rules", s.urlFilterID, s.engine.RulesCount)
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
// matchesQType returns true if dnsrewrite matches the question type qt.
|
||||
func matchesQType(dnsrr *rules.DNSRewrite, qt uint16) (ok bool) {
|
||||
switch qt {
|
||||
case dns.TypeA:
|
||||
return dnsrr.RRType != dns.TypeAAAA
|
||||
case dns.TypeAAAA:
|
||||
return dnsrr.RRType != dns.TypeA
|
||||
default:
|
||||
return true
|
||||
}
|
||||
}
|
||||
|
||||
// isWildcard returns true if pat is a wildcard domain pattern.
|
||||
func isWildcard(pat string) (res bool) {
|
||||
return strings.HasPrefix(pat, "|*.")
|
||||
}
|
||||
|
||||
// toRule converts rw to a filter rule.
|
||||
func toRule(rw *filtering.RewriteItem) (res string) {
|
||||
if rw == nil {
|
||||
return ""
|
||||
}
|
||||
|
||||
domain := strings.ToLower(rw.Domain)
|
||||
|
||||
dType, exception := rewriteParams(rw)
|
||||
dTypeKey := dns.TypeToString[dType]
|
||||
if exception {
|
||||
return fmt.Sprintf("@@||%s^$dnstype=%s,dnsrewrite", domain, dTypeKey)
|
||||
}
|
||||
|
||||
return fmt.Sprintf("|%s^$dnsrewrite=NOERROR;%s;%s", domain, dTypeKey, rw.Answer)
|
||||
}
|
||||
|
||||
// RewriteParams returns dns request type and exception flag for rw.
|
||||
func rewriteParams(rw *filtering.RewriteItem) (dType uint16, exception bool) {
|
||||
switch rw.Answer {
|
||||
case "AAAA":
|
||||
return dns.TypeAAAA, true
|
||||
case "A":
|
||||
return dns.TypeA, true
|
||||
default:
|
||||
// Go on.
|
||||
}
|
||||
|
||||
addr, err := netip.ParseAddr(rw.Answer)
|
||||
if err != nil {
|
||||
// TODO(d.kolyshev): Validate rw.Answer as a domain name.
|
||||
return dns.TypeCNAME, false
|
||||
}
|
||||
|
||||
if addr.Is4() {
|
||||
dType = dns.TypeA
|
||||
} else {
|
||||
dType = dns.TypeAAAA
|
||||
}
|
||||
|
||||
return dType, false
|
||||
}
|
||||
647
internal/filtering/rewrite/storage_test.go
Normal file
647
internal/filtering/rewrite/storage_test.go
Normal file
@@ -0,0 +1,647 @@
|
||||
package rewrite
|
||||
|
||||
import (
|
||||
"net"
|
||||
"testing"
|
||||
|
||||
"github.com/AdguardTeam/AdGuardHome/internal/filtering"
|
||||
"github.com/AdguardTeam/urlfilter"
|
||||
"github.com/AdguardTeam/urlfilter/rules"
|
||||
"github.com/miekg/dns"
|
||||
"github.com/stretchr/testify/assert"
|
||||
"github.com/stretchr/testify/require"
|
||||
)
|
||||
|
||||
func TestNewDefaultStorage(t *testing.T) {
|
||||
items := []*filtering.RewriteItem{{
|
||||
Domain: "example.com",
|
||||
Answer: "answer.com",
|
||||
}}
|
||||
|
||||
s, err := NewDefaultStorage(items)
|
||||
require.NoError(t, err)
|
||||
|
||||
require.Len(t, s.List(), 1)
|
||||
}
|
||||
|
||||
func TestDefaultStorage_CRUD(t *testing.T) {
|
||||
var items []*filtering.RewriteItem
|
||||
|
||||
s, err := NewDefaultStorage(items)
|
||||
require.NoError(t, err)
|
||||
require.Len(t, s.List(), 0)
|
||||
|
||||
item := &filtering.RewriteItem{Domain: "example.com", Answer: "answer.com"}
|
||||
|
||||
err = s.Add(item)
|
||||
require.NoError(t, err)
|
||||
|
||||
list := s.List()
|
||||
require.Len(t, list, 1)
|
||||
require.True(t, item.Equal(list[0]))
|
||||
|
||||
err = s.Remove(item)
|
||||
require.NoError(t, err)
|
||||
require.Len(t, s.List(), 0)
|
||||
}
|
||||
|
||||
func TestDefaultStorage_MatchRequest(t *testing.T) {
|
||||
items := []*filtering.RewriteItem{{
|
||||
// This one and below are about CNAME, A and AAAA.
|
||||
Domain: "somecname",
|
||||
Answer: "somehost.com",
|
||||
}, {
|
||||
Domain: "somehost.com",
|
||||
Answer: "0.0.0.0",
|
||||
}, {
|
||||
Domain: "host.com",
|
||||
Answer: "1.2.3.4",
|
||||
}, {
|
||||
Domain: "host.com",
|
||||
Answer: "1.2.3.5",
|
||||
}, {
|
||||
Domain: "host.com",
|
||||
Answer: "1:2:3::4",
|
||||
}, {
|
||||
Domain: "www.host.com",
|
||||
Answer: "host.com",
|
||||
}, {
|
||||
// This one is a wildcard.
|
||||
Domain: "*.host.com",
|
||||
Answer: "1.2.3.5",
|
||||
}, {
|
||||
// This one and below are about wildcard overriding.
|
||||
Domain: "a.host.com",
|
||||
Answer: "1.2.3.4",
|
||||
}, {
|
||||
// This one is about CNAME and wildcard interacting.
|
||||
Domain: "*.host2.com",
|
||||
Answer: "host.com",
|
||||
}, {
|
||||
// This one and below are about 2 level CNAME.
|
||||
Domain: "b.host.com",
|
||||
Answer: "somecname",
|
||||
}, {
|
||||
// This one and below are about 2 level CNAME and wildcard.
|
||||
Domain: "b.host3.com",
|
||||
Answer: "a.host3.com",
|
||||
}, {
|
||||
Domain: "a.host3.com",
|
||||
Answer: "x.host.com",
|
||||
}, {
|
||||
Domain: "*.hostboth.com",
|
||||
Answer: "1.2.3.6",
|
||||
}, {
|
||||
Domain: "*.hostboth.com",
|
||||
Answer: "1234::5678",
|
||||
}, {
|
||||
Domain: "BIGHOST.COM",
|
||||
Answer: "1.2.3.7",
|
||||
}, {
|
||||
Domain: "*.issue4016.com",
|
||||
Answer: "sub.issue4016.com",
|
||||
}}
|
||||
|
||||
s, err := NewDefaultStorage(items)
|
||||
require.NoError(t, err)
|
||||
|
||||
testCases := []struct {
|
||||
name string
|
||||
host string
|
||||
wantDNSRewrites []*rules.DNSRewrite
|
||||
dtyp uint16
|
||||
}{{
|
||||
name: "not_filtered_not_found",
|
||||
host: "hoost.com",
|
||||
wantDNSRewrites: nil,
|
||||
dtyp: dns.TypeA,
|
||||
}, {
|
||||
name: "other_qtype",
|
||||
host: "www.host.com",
|
||||
wantDNSRewrites: []*rules.DNSRewrite{{
|
||||
Value: nil,
|
||||
NewCNAME: "host.com",
|
||||
RCode: dns.RcodeSuccess,
|
||||
RRType: dns.TypeNone,
|
||||
}, {
|
||||
Value: net.IP{1, 2, 3, 4}.To16(),
|
||||
NewCNAME: "",
|
||||
RCode: dns.RcodeSuccess,
|
||||
RRType: dns.TypeA,
|
||||
}, {
|
||||
Value: net.IP{1, 2, 3, 5}.To16(),
|
||||
NewCNAME: "",
|
||||
RCode: dns.RcodeSuccess,
|
||||
RRType: dns.TypeA,
|
||||
}, {
|
||||
Value: net.ParseIP("1:2:3::4"),
|
||||
NewCNAME: "",
|
||||
RCode: dns.RcodeSuccess,
|
||||
RRType: dns.TypeAAAA,
|
||||
}},
|
||||
dtyp: dns.TypeMX,
|
||||
}, {
|
||||
name: "rewritten_a",
|
||||
host: "www.host.com",
|
||||
wantDNSRewrites: []*rules.DNSRewrite{{
|
||||
Value: nil,
|
||||
NewCNAME: "host.com",
|
||||
RCode: dns.RcodeSuccess,
|
||||
RRType: dns.TypeNone,
|
||||
}, {
|
||||
Value: net.IP{1, 2, 3, 4}.To16(),
|
||||
NewCNAME: "",
|
||||
RCode: dns.RcodeSuccess,
|
||||
RRType: dns.TypeA,
|
||||
}, {
|
||||
Value: net.IP{1, 2, 3, 5}.To16(),
|
||||
NewCNAME: "",
|
||||
RCode: dns.RcodeSuccess,
|
||||
RRType: dns.TypeA,
|
||||
}},
|
||||
dtyp: dns.TypeA,
|
||||
}, {
|
||||
name: "rewritten_aaaa",
|
||||
host: "www.host.com",
|
||||
wantDNSRewrites: []*rules.DNSRewrite{{
|
||||
Value: nil,
|
||||
NewCNAME: "host.com",
|
||||
RCode: dns.RcodeSuccess,
|
||||
RRType: dns.TypeNone,
|
||||
}, {
|
||||
Value: net.ParseIP("1:2:3::4"),
|
||||
NewCNAME: "",
|
||||
RCode: dns.RcodeSuccess,
|
||||
RRType: dns.TypeAAAA,
|
||||
}},
|
||||
dtyp: dns.TypeAAAA,
|
||||
}, {
|
||||
name: "wildcard_match",
|
||||
host: "abc.host.com",
|
||||
wantDNSRewrites: []*rules.DNSRewrite{{
|
||||
Value: net.IP{1, 2, 3, 5}.To16(),
|
||||
NewCNAME: "",
|
||||
RCode: dns.RcodeSuccess,
|
||||
RRType: dns.TypeA,
|
||||
}},
|
||||
dtyp: dns.TypeA,
|
||||
}, {
|
||||
name: "wildcard_override",
|
||||
host: "a.host.com",
|
||||
wantDNSRewrites: []*rules.DNSRewrite{{
|
||||
Value: net.IP{1, 2, 3, 4}.To16(),
|
||||
NewCNAME: "",
|
||||
RCode: dns.RcodeSuccess,
|
||||
RRType: dns.TypeA,
|
||||
}, {
|
||||
Value: net.IP{1, 2, 3, 5}.To16(),
|
||||
NewCNAME: "",
|
||||
RCode: dns.RcodeSuccess,
|
||||
RRType: dns.TypeA,
|
||||
}},
|
||||
dtyp: dns.TypeA,
|
||||
}, {
|
||||
name: "wildcard_cname_interaction",
|
||||
host: "www.host2.com",
|
||||
wantDNSRewrites: []*rules.DNSRewrite{{
|
||||
Value: nil,
|
||||
NewCNAME: "host.com",
|
||||
RCode: dns.RcodeSuccess,
|
||||
RRType: dns.TypeNone,
|
||||
}, {
|
||||
Value: net.IP{1, 2, 3, 4}.To16(),
|
||||
NewCNAME: "",
|
||||
RCode: dns.RcodeSuccess,
|
||||
RRType: dns.TypeA,
|
||||
}, {
|
||||
Value: net.IP{1, 2, 3, 5}.To16(),
|
||||
NewCNAME: "",
|
||||
RCode: dns.RcodeSuccess,
|
||||
RRType: dns.TypeA,
|
||||
}},
|
||||
dtyp: dns.TypeA,
|
||||
}, {
|
||||
name: "two_cnames",
|
||||
host: "b.host.com",
|
||||
wantDNSRewrites: []*rules.DNSRewrite{{
|
||||
Value: nil,
|
||||
NewCNAME: "somehost.com",
|
||||
RCode: dns.RcodeSuccess,
|
||||
RRType: dns.TypeNone,
|
||||
}, {
|
||||
Value: net.IP{0, 0, 0, 0}.To16(),
|
||||
NewCNAME: "",
|
||||
RCode: dns.RcodeSuccess,
|
||||
RRType: dns.TypeA,
|
||||
}},
|
||||
dtyp: dns.TypeA,
|
||||
}, {
|
||||
name: "two_cnames_and_wildcard",
|
||||
host: "b.host3.com",
|
||||
wantDNSRewrites: []*rules.DNSRewrite{{
|
||||
Value: nil,
|
||||
NewCNAME: "x.host.com",
|
||||
RCode: dns.RcodeSuccess,
|
||||
RRType: dns.TypeNone,
|
||||
}, {
|
||||
Value: net.IP{1, 2, 3, 5}.To16(),
|
||||
NewCNAME: "",
|
||||
RCode: dns.RcodeSuccess,
|
||||
RRType: dns.TypeA,
|
||||
}},
|
||||
dtyp: dns.TypeA,
|
||||
}, {
|
||||
name: "issue3343",
|
||||
host: "www.hostboth.com",
|
||||
wantDNSRewrites: []*rules.DNSRewrite{{
|
||||
Value: net.ParseIP("1234::5678"),
|
||||
NewCNAME: "",
|
||||
RCode: dns.RcodeSuccess,
|
||||
RRType: dns.TypeAAAA,
|
||||
}},
|
||||
dtyp: dns.TypeAAAA,
|
||||
}, {
|
||||
name: "issue3351",
|
||||
host: "bighost.com",
|
||||
wantDNSRewrites: []*rules.DNSRewrite{{
|
||||
Value: net.IP{1, 2, 3, 7}.To16(),
|
||||
NewCNAME: "",
|
||||
RCode: dns.RcodeSuccess,
|
||||
RRType: dns.TypeA,
|
||||
}},
|
||||
dtyp: dns.TypeA,
|
||||
}, {
|
||||
name: "issue4008",
|
||||
host: "somehost.com",
|
||||
wantDNSRewrites: []*rules.DNSRewrite{{
|
||||
Value: net.IP{0, 0, 0, 0}.To16(),
|
||||
NewCNAME: "",
|
||||
RCode: dns.RcodeSuccess,
|
||||
RRType: dns.TypeA,
|
||||
}},
|
||||
dtyp: dns.TypeHTTPS,
|
||||
}, {
|
||||
name: "issue4016",
|
||||
host: "www.issue4016.com",
|
||||
wantDNSRewrites: []*rules.DNSRewrite{{
|
||||
Value: nil,
|
||||
NewCNAME: "sub.issue4016.com",
|
||||
RCode: dns.RcodeSuccess,
|
||||
RRType: dns.TypeNone,
|
||||
}},
|
||||
dtyp: dns.TypeA,
|
||||
}, {
|
||||
name: "issue4016_self",
|
||||
host: "sub.issue4016.com",
|
||||
wantDNSRewrites: nil,
|
||||
dtyp: dns.TypeA,
|
||||
}}
|
||||
|
||||
for _, tc := range testCases {
|
||||
t.Run(tc.name, func(t *testing.T) {
|
||||
dnsRewrites := s.MatchRequest(&urlfilter.DNSRequest{
|
||||
Hostname: tc.host,
|
||||
DNSType: tc.dtyp,
|
||||
})
|
||||
|
||||
assert.Equal(t, tc.wantDNSRewrites, dnsRewrites)
|
||||
})
|
||||
}
|
||||
}
|
||||
|
||||
func TestDefaultStorage_MatchRequest_Levels(t *testing.T) {
|
||||
// Exact host, wildcard L2, wildcard L3.
|
||||
items := []*filtering.RewriteItem{{
|
||||
Domain: "host.com",
|
||||
Answer: "1.1.1.1",
|
||||
}, {
|
||||
Domain: "*.host.com",
|
||||
Answer: "2.2.2.2",
|
||||
}, {
|
||||
Domain: "*.sub.host.com",
|
||||
Answer: "3.3.3.3",
|
||||
}}
|
||||
|
||||
s, err := NewDefaultStorage(items)
|
||||
require.NoError(t, err)
|
||||
|
||||
testCases := []struct {
|
||||
name string
|
||||
host string
|
||||
wantDNSRewrites []*rules.DNSRewrite
|
||||
dtyp uint16
|
||||
}{{
|
||||
name: "exact_match",
|
||||
host: "host.com",
|
||||
wantDNSRewrites: []*rules.DNSRewrite{{
|
||||
Value: net.IP{1, 1, 1, 1}.To16(),
|
||||
NewCNAME: "",
|
||||
RCode: dns.RcodeSuccess,
|
||||
RRType: dns.TypeA,
|
||||
}},
|
||||
dtyp: dns.TypeA,
|
||||
}, {
|
||||
name: "l2_match",
|
||||
host: "sub.host.com",
|
||||
wantDNSRewrites: []*rules.DNSRewrite{{
|
||||
Value: net.IP{2, 2, 2, 2}.To16(),
|
||||
NewCNAME: "",
|
||||
RCode: dns.RcodeSuccess,
|
||||
RRType: dns.TypeA,
|
||||
}},
|
||||
dtyp: dns.TypeA,
|
||||
}, {
|
||||
name: "l3_match",
|
||||
host: "my.sub.host.com",
|
||||
wantDNSRewrites: []*rules.DNSRewrite{{
|
||||
Value: net.IP{3, 3, 3, 3}.To16(),
|
||||
NewCNAME: "",
|
||||
RCode: dns.RcodeSuccess,
|
||||
RRType: dns.TypeA,
|
||||
}, {
|
||||
Value: net.IP{2, 2, 2, 2}.To16(),
|
||||
NewCNAME: "",
|
||||
RCode: dns.RcodeSuccess,
|
||||
RRType: dns.TypeA,
|
||||
}},
|
||||
dtyp: dns.TypeA,
|
||||
}}
|
||||
|
||||
for _, tc := range testCases {
|
||||
t.Run(tc.name, func(t *testing.T) {
|
||||
dnsRewrites := s.MatchRequest(&urlfilter.DNSRequest{
|
||||
Hostname: tc.host,
|
||||
DNSType: tc.dtyp,
|
||||
})
|
||||
|
||||
assert.Equal(t, tc.wantDNSRewrites, dnsRewrites)
|
||||
})
|
||||
}
|
||||
}
|
||||
|
||||
func TestDefaultStorage_MatchRequest_ExceptionCNAME(t *testing.T) {
|
||||
// Wildcard and exception for a sub-domain.
|
||||
items := []*filtering.RewriteItem{{
|
||||
Domain: "*.host.com",
|
||||
Answer: "2.2.2.2",
|
||||
}, {
|
||||
Domain: "sub.host.com",
|
||||
Answer: "sub.host.com",
|
||||
}, {
|
||||
Domain: "*.sub.host.com",
|
||||
Answer: "sub.host.com",
|
||||
}}
|
||||
|
||||
s, err := NewDefaultStorage(items)
|
||||
require.NoError(t, err)
|
||||
|
||||
testCases := []struct {
|
||||
name string
|
||||
host string
|
||||
wantDNSRewrites []*rules.DNSRewrite
|
||||
dtyp uint16
|
||||
}{{
|
||||
name: "match_subdomain",
|
||||
host: "my.host.com",
|
||||
wantDNSRewrites: []*rules.DNSRewrite{{
|
||||
Value: net.IP{2, 2, 2, 2}.To16(),
|
||||
NewCNAME: "",
|
||||
RCode: dns.RcodeSuccess,
|
||||
RRType: dns.TypeA,
|
||||
}},
|
||||
dtyp: dns.TypeA,
|
||||
}, {
|
||||
name: "exception_cname",
|
||||
host: "sub.host.com",
|
||||
wantDNSRewrites: nil,
|
||||
dtyp: dns.TypeA,
|
||||
}, {
|
||||
name: "exception_wildcard",
|
||||
host: "my.sub.host.com",
|
||||
wantDNSRewrites: nil,
|
||||
dtyp: dns.TypeA,
|
||||
}}
|
||||
|
||||
for _, tc := range testCases {
|
||||
t.Run(tc.name, func(t *testing.T) {
|
||||
dnsRewrites := s.MatchRequest(&urlfilter.DNSRequest{
|
||||
Hostname: tc.host,
|
||||
DNSType: tc.dtyp,
|
||||
})
|
||||
|
||||
assert.Equal(t, tc.wantDNSRewrites, dnsRewrites)
|
||||
})
|
||||
}
|
||||
}
|
||||
|
||||
func TestDefaultStorage_MatchRequest_CNAMEs(t *testing.T) {
|
||||
// Two cname rules for one subdomain
|
||||
items := []*filtering.RewriteItem{{
|
||||
Domain: "cname.org",
|
||||
Answer: "1.1.1.1",
|
||||
}, {
|
||||
Domain: "sub_cname.org",
|
||||
Answer: "2.2.2.2",
|
||||
}, {
|
||||
Domain: "*.host.com",
|
||||
Answer: "cname.org",
|
||||
}, {
|
||||
Domain: "*.sub.host.com",
|
||||
Answer: "sub_cname.org",
|
||||
}}
|
||||
|
||||
s, err := NewDefaultStorage(items)
|
||||
require.NoError(t, err)
|
||||
|
||||
testCases := []struct {
|
||||
name string
|
||||
host string
|
||||
wantDNSRewrites []*rules.DNSRewrite
|
||||
dtyp uint16
|
||||
}{{
|
||||
name: "match_my_domain",
|
||||
host: "my.host.com",
|
||||
wantDNSRewrites: []*rules.DNSRewrite{{
|
||||
Value: nil,
|
||||
NewCNAME: "cname.org",
|
||||
RCode: dns.RcodeSuccess,
|
||||
RRType: dns.TypeNone,
|
||||
}, {
|
||||
Value: net.IP{1, 1, 1, 1}.To16(),
|
||||
NewCNAME: "",
|
||||
RCode: dns.RcodeSuccess,
|
||||
RRType: dns.TypeA,
|
||||
}},
|
||||
dtyp: dns.TypeA,
|
||||
}, {
|
||||
name: "match_sub_my_domain",
|
||||
host: "my.sub.host.com",
|
||||
wantDNSRewrites: []*rules.DNSRewrite{{
|
||||
Value: nil,
|
||||
NewCNAME: "cname.org",
|
||||
RCode: dns.RcodeSuccess,
|
||||
RRType: dns.TypeNone,
|
||||
}, {
|
||||
Value: net.IP{1, 1, 1, 1}.To16(),
|
||||
NewCNAME: "",
|
||||
RCode: dns.RcodeSuccess,
|
||||
RRType: dns.TypeA,
|
||||
}},
|
||||
dtyp: dns.TypeA,
|
||||
}}
|
||||
|
||||
for _, tc := range testCases {
|
||||
t.Run(tc.name, func(t *testing.T) {
|
||||
dnsRewrites := s.MatchRequest(&urlfilter.DNSRequest{
|
||||
Hostname: tc.host,
|
||||
DNSType: tc.dtyp,
|
||||
})
|
||||
|
||||
assert.Equal(t, tc.wantDNSRewrites, dnsRewrites)
|
||||
})
|
||||
}
|
||||
}
|
||||
|
||||
func TestDefaultStorage_MatchRequest_ExceptionIP(t *testing.T) {
|
||||
// Exception for AAAA record.
|
||||
items := []*filtering.RewriteItem{{
|
||||
Domain: "host.com",
|
||||
Answer: "1.2.3.4",
|
||||
}, {
|
||||
Domain: "host.com",
|
||||
Answer: "AAAA",
|
||||
}, {
|
||||
Domain: "host2.com",
|
||||
Answer: "::1",
|
||||
}, {
|
||||
Domain: "host2.com",
|
||||
Answer: "A",
|
||||
}, {
|
||||
Domain: "host3.com",
|
||||
Answer: "A",
|
||||
}}
|
||||
|
||||
s, err := NewDefaultStorage(items)
|
||||
require.NoError(t, err)
|
||||
|
||||
testCases := []struct {
|
||||
name string
|
||||
host string
|
||||
wantDNSRewrites []*rules.DNSRewrite
|
||||
dtyp uint16
|
||||
}{{
|
||||
name: "match_A",
|
||||
host: "host.com",
|
||||
wantDNSRewrites: []*rules.DNSRewrite{{
|
||||
Value: net.IP{1, 2, 3, 4}.To16(),
|
||||
NewCNAME: "",
|
||||
RCode: dns.RcodeSuccess,
|
||||
RRType: dns.TypeA,
|
||||
}},
|
||||
dtyp: dns.TypeA,
|
||||
}, {
|
||||
name: "exception_AAAA_host.com",
|
||||
host: "host.com",
|
||||
wantDNSRewrites: nil,
|
||||
dtyp: dns.TypeAAAA,
|
||||
}, {
|
||||
name: "exception_A_host2.com",
|
||||
host: "host2.com",
|
||||
wantDNSRewrites: nil,
|
||||
dtyp: dns.TypeA,
|
||||
}, {
|
||||
name: "match_AAAA_host2.com",
|
||||
host: "host2.com",
|
||||
wantDNSRewrites: []*rules.DNSRewrite{{
|
||||
Value: net.ParseIP("::1"),
|
||||
NewCNAME: "",
|
||||
RCode: dns.RcodeSuccess,
|
||||
RRType: dns.TypeAAAA,
|
||||
}},
|
||||
dtyp: dns.TypeAAAA,
|
||||
}, {
|
||||
name: "exception_A_host3.com",
|
||||
host: "host3.com",
|
||||
wantDNSRewrites: nil,
|
||||
dtyp: dns.TypeA,
|
||||
}, {
|
||||
name: "match_AAAA_host3.com",
|
||||
host: "host3.com",
|
||||
wantDNSRewrites: nil,
|
||||
dtyp: dns.TypeAAAA,
|
||||
}}
|
||||
|
||||
for _, tc := range testCases {
|
||||
t.Run(tc.name, func(t *testing.T) {
|
||||
dnsRewrites := s.MatchRequest(&urlfilter.DNSRequest{
|
||||
Hostname: tc.host,
|
||||
DNSType: tc.dtyp,
|
||||
})
|
||||
|
||||
assert.Equal(t, tc.wantDNSRewrites, dnsRewrites)
|
||||
})
|
||||
}
|
||||
}
|
||||
|
||||
func TestToRule(t *testing.T) {
|
||||
const testDomain = "example.org"
|
||||
|
||||
testCases := []struct {
|
||||
name string
|
||||
item *filtering.RewriteItem
|
||||
want string
|
||||
}{{
|
||||
name: "nil",
|
||||
item: nil,
|
||||
want: "",
|
||||
}, {
|
||||
name: "a_rule",
|
||||
item: &filtering.RewriteItem{
|
||||
Domain: testDomain,
|
||||
Answer: "1.1.1.1",
|
||||
},
|
||||
want: "|example.org^$dnsrewrite=NOERROR;A;1.1.1.1",
|
||||
}, {
|
||||
name: "aaaa_rule",
|
||||
item: &filtering.RewriteItem{
|
||||
Domain: testDomain,
|
||||
Answer: "1:2:3::4",
|
||||
},
|
||||
want: "|example.org^$dnsrewrite=NOERROR;AAAA;1:2:3::4",
|
||||
}, {
|
||||
name: "cname_rule",
|
||||
item: &filtering.RewriteItem{
|
||||
Domain: testDomain,
|
||||
Answer: "other.org",
|
||||
},
|
||||
want: "|example.org^$dnsrewrite=NOERROR;CNAME;other.org",
|
||||
}, {
|
||||
name: "wildcard_rule",
|
||||
item: &filtering.RewriteItem{
|
||||
Domain: "*.example.org",
|
||||
Answer: "other.org",
|
||||
},
|
||||
want: "|*.example.org^$dnsrewrite=NOERROR;CNAME;other.org",
|
||||
}, {
|
||||
name: "aaaa_exception",
|
||||
item: &filtering.RewriteItem{
|
||||
Domain: testDomain,
|
||||
Answer: "A",
|
||||
},
|
||||
want: "@@||example.org^$dnstype=A,dnsrewrite",
|
||||
}, {
|
||||
name: "aaaa_exception",
|
||||
item: &filtering.RewriteItem{
|
||||
Domain: testDomain,
|
||||
Answer: "AAAA",
|
||||
},
|
||||
want: "@@||example.org^$dnstype=AAAA,dnsrewrite",
|
||||
}}
|
||||
|
||||
for _, tc := range testCases {
|
||||
t.Run(tc.name, func(t *testing.T) {
|
||||
res := toRule(tc.item)
|
||||
assert.Equal(t, tc.want, res)
|
||||
})
|
||||
}
|
||||
}
|
||||
61
internal/filtering/rewrite_test.go
Normal file
61
internal/filtering/rewrite_test.go
Normal file
@@ -0,0 +1,61 @@
|
||||
package filtering
|
||||
|
||||
import (
|
||||
"testing"
|
||||
|
||||
"github.com/stretchr/testify/assert"
|
||||
)
|
||||
|
||||
func TestItem_equal(t *testing.T) {
|
||||
const (
|
||||
testDomain = "example.org"
|
||||
testAnswer = "1.1.1.1"
|
||||
)
|
||||
|
||||
testItem := &RewriteItem{
|
||||
Domain: testDomain,
|
||||
Answer: testAnswer,
|
||||
}
|
||||
|
||||
testCases := []struct {
|
||||
name string
|
||||
left *RewriteItem
|
||||
right *RewriteItem
|
||||
want bool
|
||||
}{{
|
||||
name: "nil_left",
|
||||
left: nil,
|
||||
right: testItem,
|
||||
want: false,
|
||||
}, {
|
||||
name: "nil_right",
|
||||
left: testItem,
|
||||
right: nil,
|
||||
want: false,
|
||||
}, {
|
||||
name: "nils",
|
||||
left: nil,
|
||||
right: nil,
|
||||
want: true,
|
||||
}, {
|
||||
name: "equal",
|
||||
left: testItem,
|
||||
right: testItem,
|
||||
want: true,
|
||||
}, {
|
||||
name: "distinct",
|
||||
left: testItem,
|
||||
right: &RewriteItem{
|
||||
Domain: "other",
|
||||
Answer: "other",
|
||||
},
|
||||
want: false,
|
||||
}}
|
||||
|
||||
for _, tc := range testCases {
|
||||
t.Run(tc.name, func(t *testing.T) {
|
||||
res := tc.left.Equal(tc.right)
|
||||
assert.Equal(t, tc.want, res)
|
||||
})
|
||||
}
|
||||
}
|
||||
65
internal/filtering/rewritehttp.go
Normal file
65
internal/filtering/rewritehttp.go
Normal file
@@ -0,0 +1,65 @@
|
||||
package filtering
|
||||
|
||||
import (
|
||||
"encoding/json"
|
||||
"net/http"
|
||||
|
||||
"github.com/AdguardTeam/AdGuardHome/internal/aghhttp"
|
||||
"github.com/AdguardTeam/golibs/log"
|
||||
)
|
||||
|
||||
// handleRewriteList is the handler for the GET /control/rewrite/list HTTP API.
|
||||
func (d *DNSFilter) handleRewriteList(w http.ResponseWriter, r *http.Request) {
|
||||
_ = aghhttp.WriteJSONResponse(w, r, d.rewriteStorage.List())
|
||||
}
|
||||
|
||||
// handleRewriteAdd is the handler for the POST /control/rewrite/add HTTP API.
|
||||
func (d *DNSFilter) handleRewriteAdd(w http.ResponseWriter, r *http.Request) {
|
||||
rw := &RewriteItem{}
|
||||
err := json.NewDecoder(r.Body).Decode(rw)
|
||||
if err != nil {
|
||||
aghhttp.Error(r, w, http.StatusBadRequest, "json.Decode: %s", err)
|
||||
|
||||
return
|
||||
}
|
||||
|
||||
err = d.rewriteStorage.Add(rw)
|
||||
if err != nil {
|
||||
aghhttp.Error(r, w, http.StatusBadRequest, "add rewrite: %s", err)
|
||||
|
||||
return
|
||||
}
|
||||
|
||||
log.Debug("rewrite: added element: %s -> %s", rw.Domain, rw.Answer)
|
||||
|
||||
d.confLock.Lock()
|
||||
d.Config.Rewrites = d.rewriteStorage.List()
|
||||
d.confLock.Unlock()
|
||||
|
||||
d.Config.ConfigModified()
|
||||
}
|
||||
|
||||
// handleRewriteDelete is the handler for the POST /control/rewrite/delete HTTP
|
||||
// API.
|
||||
func (d *DNSFilter) handleRewriteDelete(w http.ResponseWriter, r *http.Request) {
|
||||
entDel := RewriteItem{}
|
||||
err := json.NewDecoder(r.Body).Decode(&entDel)
|
||||
if err != nil {
|
||||
aghhttp.Error(r, w, http.StatusBadRequest, "json.Decode: %s", err)
|
||||
|
||||
return
|
||||
}
|
||||
|
||||
err = d.rewriteStorage.Remove(&entDel)
|
||||
if err != nil {
|
||||
aghhttp.Error(r, w, http.StatusBadRequest, "remove rewrite: %s", err)
|
||||
|
||||
return
|
||||
}
|
||||
|
||||
d.confLock.Lock()
|
||||
d.Config.Rewrites = d.rewriteStorage.List()
|
||||
d.confLock.Unlock()
|
||||
|
||||
d.Config.ConfigModified()
|
||||
}
|
||||
@@ -1,306 +0,0 @@
|
||||
// DNS Rewrites
|
||||
|
||||
package filtering
|
||||
|
||||
import (
|
||||
"encoding/json"
|
||||
"fmt"
|
||||
"net"
|
||||
"net/http"
|
||||
"sort"
|
||||
"strings"
|
||||
|
||||
"github.com/AdguardTeam/AdGuardHome/internal/aghhttp"
|
||||
"github.com/AdguardTeam/golibs/errors"
|
||||
"github.com/AdguardTeam/golibs/log"
|
||||
"github.com/miekg/dns"
|
||||
"golang.org/x/exp/slices"
|
||||
)
|
||||
|
||||
// LegacyRewrite is a single legacy DNS rewrite record.
|
||||
//
|
||||
// Instances of *LegacyRewrite must never be nil.
|
||||
type LegacyRewrite struct {
|
||||
// Domain is the domain pattern for which this rewrite should work.
|
||||
Domain string `yaml:"domain"`
|
||||
|
||||
// Answer is the IP address, canonical name, or one of the special
|
||||
// values: "A" or "AAAA".
|
||||
Answer string `yaml:"answer"`
|
||||
|
||||
// IP is the IP address that should be used in the response if Type is
|
||||
// dns.TypeA or dns.TypeAAAA.
|
||||
IP net.IP `yaml:"-"`
|
||||
|
||||
// Type is the DNS record type: A, AAAA, or CNAME.
|
||||
Type uint16 `yaml:"-"`
|
||||
}
|
||||
|
||||
// clone returns a deep clone of rw.
|
||||
func (rw *LegacyRewrite) clone() (cloneRW *LegacyRewrite) {
|
||||
return &LegacyRewrite{
|
||||
Domain: rw.Domain,
|
||||
Answer: rw.Answer,
|
||||
IP: slices.Clone(rw.IP),
|
||||
Type: rw.Type,
|
||||
}
|
||||
}
|
||||
|
||||
// equal returns true if the rw is equal to the other.
|
||||
func (rw *LegacyRewrite) equal(other *LegacyRewrite) (ok bool) {
|
||||
return rw.Domain == other.Domain && rw.Answer == other.Answer
|
||||
}
|
||||
|
||||
// matchesQType returns true if the entry matches the question type qt.
|
||||
func (rw *LegacyRewrite) matchesQType(qt uint16) (ok bool) {
|
||||
// Add CNAMEs, since they match for all types requests.
|
||||
if rw.Type == dns.TypeCNAME {
|
||||
return true
|
||||
}
|
||||
|
||||
// Reject types other than A and AAAA.
|
||||
if qt != dns.TypeA && qt != dns.TypeAAAA {
|
||||
return false
|
||||
}
|
||||
|
||||
// If the types match or the entry is set to allow only the other type,
|
||||
// include them.
|
||||
return rw.Type == qt || rw.IP == nil
|
||||
}
|
||||
|
||||
// normalize makes sure that the a new or decoded entry is normalized with
|
||||
// regards to domain name case, IP length, and so on.
|
||||
//
|
||||
// If rw is nil, it returns an errors.
|
||||
func (rw *LegacyRewrite) normalize() (err error) {
|
||||
if rw == nil {
|
||||
return errors.Error("nil rewrite entry")
|
||||
}
|
||||
|
||||
// TODO(a.garipov): Write a case-agnostic version of strings.HasSuffix and
|
||||
// use it in matchDomainWildcard instead of using strings.ToLower
|
||||
// everywhere.
|
||||
rw.Domain = strings.ToLower(rw.Domain)
|
||||
|
||||
switch rw.Answer {
|
||||
case "AAAA":
|
||||
rw.IP = nil
|
||||
rw.Type = dns.TypeAAAA
|
||||
|
||||
return nil
|
||||
case "A":
|
||||
rw.IP = nil
|
||||
rw.Type = dns.TypeA
|
||||
|
||||
return nil
|
||||
default:
|
||||
// Go on.
|
||||
}
|
||||
|
||||
ip := net.ParseIP(rw.Answer)
|
||||
if ip == nil {
|
||||
rw.Type = dns.TypeCNAME
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
ip4 := ip.To4()
|
||||
if ip4 != nil {
|
||||
rw.IP = ip4
|
||||
rw.Type = dns.TypeA
|
||||
} else {
|
||||
rw.IP = ip
|
||||
rw.Type = dns.TypeAAAA
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
// isWildcard returns true if pat is a wildcard domain pattern.
|
||||
func isWildcard(pat string) bool {
|
||||
return len(pat) > 1 && pat[0] == '*' && pat[1] == '.'
|
||||
}
|
||||
|
||||
// matchDomainWildcard returns true if host matches the wildcard pattern.
|
||||
func matchDomainWildcard(host, wildcard string) (ok bool) {
|
||||
return isWildcard(wildcard) && strings.HasSuffix(host, wildcard[1:])
|
||||
}
|
||||
|
||||
// rewritesSorted is a slice of legacy rewrites for sorting.
|
||||
//
|
||||
// The sorting priority:
|
||||
//
|
||||
// 1. A and AAAA > CNAME
|
||||
// 2. wildcard > exact
|
||||
// 3. lower level wildcard > higher level wildcard
|
||||
//
|
||||
// TODO(a.garipov): Replace with slices.Sort.
|
||||
type rewritesSorted []*LegacyRewrite
|
||||
|
||||
// Len implements the sort.Interface interface for rewritesSorted.
|
||||
func (a rewritesSorted) Len() (l int) { return len(a) }
|
||||
|
||||
// Swap implements the sort.Interface interface for rewritesSorted.
|
||||
func (a rewritesSorted) Swap(i, j int) { a[i], a[j] = a[j], a[i] }
|
||||
|
||||
// Less implements the sort.Interface interface for rewritesSorted.
|
||||
func (a rewritesSorted) Less(i, j int) (less bool) {
|
||||
ith, jth := a[i], a[j]
|
||||
if ith.Type == dns.TypeCNAME && jth.Type != dns.TypeCNAME {
|
||||
return true
|
||||
} else if ith.Type != dns.TypeCNAME && jth.Type == dns.TypeCNAME {
|
||||
return false
|
||||
}
|
||||
|
||||
if iw, jw := isWildcard(ith.Domain), isWildcard(jth.Domain); iw != jw {
|
||||
return jw
|
||||
}
|
||||
|
||||
// Both are either wildcards or not.
|
||||
return len(ith.Domain) > len(jth.Domain)
|
||||
}
|
||||
|
||||
// prepareRewrites normalizes and validates all legacy DNS rewrites.
|
||||
func (d *DNSFilter) prepareRewrites() (err error) {
|
||||
for i, r := range d.Rewrites {
|
||||
err = r.normalize()
|
||||
if err != nil {
|
||||
return fmt.Errorf("at index %d: %w", i, err)
|
||||
}
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
// findRewrites returns the list of matched rewrite entries. If rewrites are
|
||||
// empty, but matched is true, the domain is found among the rewrite rules but
|
||||
// not for this question type.
|
||||
//
|
||||
// The result priority is: CNAME, then A and AAAA; exact, then wildcard. If the
|
||||
// host is matched exactly, wildcard entries aren't returned. If the host
|
||||
// matched by wildcards, return the most specific for the question type.
|
||||
func findRewrites(
|
||||
entries []*LegacyRewrite,
|
||||
host string,
|
||||
qtype uint16,
|
||||
) (rewrites []*LegacyRewrite, matched bool) {
|
||||
for _, e := range entries {
|
||||
if e.Domain != host && !matchDomainWildcard(host, e.Domain) {
|
||||
continue
|
||||
}
|
||||
|
||||
matched = true
|
||||
if e.matchesQType(qtype) {
|
||||
rewrites = append(rewrites, e)
|
||||
}
|
||||
}
|
||||
|
||||
if len(rewrites) == 0 {
|
||||
return nil, matched
|
||||
}
|
||||
|
||||
sort.Sort(rewritesSorted(rewrites))
|
||||
|
||||
for i, r := range rewrites {
|
||||
if isWildcard(r.Domain) {
|
||||
// Don't use rewrites[:0], because we need to return at least one
|
||||
// item here.
|
||||
rewrites = rewrites[:max(1, i)]
|
||||
|
||||
break
|
||||
}
|
||||
}
|
||||
|
||||
return rewrites, matched
|
||||
}
|
||||
|
||||
func max(a, b int) int {
|
||||
if a > b {
|
||||
return a
|
||||
}
|
||||
|
||||
return b
|
||||
}
|
||||
|
||||
type rewriteEntryJSON struct {
|
||||
Domain string `json:"domain"`
|
||||
Answer string `json:"answer"`
|
||||
}
|
||||
|
||||
func (d *DNSFilter) handleRewriteList(w http.ResponseWriter, r *http.Request) {
|
||||
arr := []*rewriteEntryJSON{}
|
||||
|
||||
d.confLock.Lock()
|
||||
for _, ent := range d.Config.Rewrites {
|
||||
jsent := rewriteEntryJSON{
|
||||
Domain: ent.Domain,
|
||||
Answer: ent.Answer,
|
||||
}
|
||||
arr = append(arr, &jsent)
|
||||
}
|
||||
d.confLock.Unlock()
|
||||
|
||||
_ = aghhttp.WriteJSONResponse(w, r, arr)
|
||||
}
|
||||
|
||||
func (d *DNSFilter) handleRewriteAdd(w http.ResponseWriter, r *http.Request) {
|
||||
rwJSON := rewriteEntryJSON{}
|
||||
err := json.NewDecoder(r.Body).Decode(&rwJSON)
|
||||
if err != nil {
|
||||
aghhttp.Error(r, w, http.StatusBadRequest, "json.Decode: %s", err)
|
||||
|
||||
return
|
||||
}
|
||||
|
||||
rw := &LegacyRewrite{
|
||||
Domain: rwJSON.Domain,
|
||||
Answer: rwJSON.Answer,
|
||||
}
|
||||
|
||||
err = rw.normalize()
|
||||
if err != nil {
|
||||
// Shouldn't happen currently, since normalize only returns a non-nil
|
||||
// error when a rewrite is nil, but be change-proof.
|
||||
aghhttp.Error(r, w, http.StatusBadRequest, "normalizing: %s", err)
|
||||
|
||||
return
|
||||
}
|
||||
|
||||
d.confLock.Lock()
|
||||
d.Config.Rewrites = append(d.Config.Rewrites, rw)
|
||||
d.confLock.Unlock()
|
||||
log.Debug("rewrite: added element: %s -> %s [%d]", rw.Domain, rw.Answer, len(d.Config.Rewrites))
|
||||
|
||||
d.Config.ConfigModified()
|
||||
}
|
||||
|
||||
func (d *DNSFilter) handleRewriteDelete(w http.ResponseWriter, r *http.Request) {
|
||||
jsent := rewriteEntryJSON{}
|
||||
err := json.NewDecoder(r.Body).Decode(&jsent)
|
||||
if err != nil {
|
||||
aghhttp.Error(r, w, http.StatusBadRequest, "json.Decode: %s", err)
|
||||
|
||||
return
|
||||
}
|
||||
|
||||
entDel := &LegacyRewrite{
|
||||
Domain: jsent.Domain,
|
||||
Answer: jsent.Answer,
|
||||
}
|
||||
arr := []*LegacyRewrite{}
|
||||
|
||||
d.confLock.Lock()
|
||||
for _, ent := range d.Config.Rewrites {
|
||||
if ent.equal(entDel) {
|
||||
log.Debug("rewrite: removed element: %s -> %s", ent.Domain, ent.Answer)
|
||||
|
||||
continue
|
||||
}
|
||||
|
||||
arr = append(arr, ent)
|
||||
}
|
||||
d.Config.Rewrites = arr
|
||||
d.confLock.Unlock()
|
||||
|
||||
d.Config.ConfigModified()
|
||||
}
|
||||
@@ -1,371 +0,0 @@
|
||||
package filtering
|
||||
|
||||
import (
|
||||
"net"
|
||||
"testing"
|
||||
|
||||
"github.com/miekg/dns"
|
||||
"github.com/stretchr/testify/assert"
|
||||
"github.com/stretchr/testify/require"
|
||||
)
|
||||
|
||||
// TODO(e.burkov): All the tests in this file may and should me merged together.
|
||||
|
||||
func TestRewrites(t *testing.T) {
|
||||
d, _ := newForTest(t, nil, nil)
|
||||
t.Cleanup(d.Close)
|
||||
|
||||
d.Rewrites = []*LegacyRewrite{{
|
||||
// This one and below are about CNAME, A and AAAA.
|
||||
Domain: "somecname",
|
||||
Answer: "somehost.com",
|
||||
}, {
|
||||
Domain: "somehost.com",
|
||||
Answer: "0.0.0.0",
|
||||
}, {
|
||||
Domain: "host.com",
|
||||
Answer: "1.2.3.4",
|
||||
}, {
|
||||
Domain: "host.com",
|
||||
Answer: "1.2.3.5",
|
||||
}, {
|
||||
Domain: "host.com",
|
||||
Answer: "1:2:3::4",
|
||||
}, {
|
||||
Domain: "www.host.com",
|
||||
Answer: "host.com",
|
||||
}, {
|
||||
// This one is a wildcard.
|
||||
Domain: "*.host.com",
|
||||
Answer: "1.2.3.5",
|
||||
}, {
|
||||
// This one and below are about wildcard overriding.
|
||||
Domain: "a.host.com",
|
||||
Answer: "1.2.3.4",
|
||||
}, {
|
||||
// This one is about CNAME and wildcard interacting.
|
||||
Domain: "*.host2.com",
|
||||
Answer: "host.com",
|
||||
}, {
|
||||
// This one and below are about 2 level CNAME.
|
||||
Domain: "b.host.com",
|
||||
Answer: "somecname",
|
||||
}, {
|
||||
// This one and below are about 2 level CNAME and wildcard.
|
||||
Domain: "b.host3.com",
|
||||
Answer: "a.host3.com",
|
||||
}, {
|
||||
Domain: "a.host3.com",
|
||||
Answer: "x.host.com",
|
||||
}, {
|
||||
Domain: "*.hostboth.com",
|
||||
Answer: "1.2.3.6",
|
||||
}, {
|
||||
Domain: "*.hostboth.com",
|
||||
Answer: "1234::5678",
|
||||
}, {
|
||||
Domain: "BIGHOST.COM",
|
||||
Answer: "1.2.3.7",
|
||||
}, {
|
||||
Domain: "*.issue4016.com",
|
||||
Answer: "sub.issue4016.com",
|
||||
}}
|
||||
|
||||
require.NoError(t, d.prepareRewrites())
|
||||
|
||||
testCases := []struct {
|
||||
name string
|
||||
host string
|
||||
wantCName string
|
||||
wantIPs []net.IP
|
||||
wantReason Reason
|
||||
dtyp uint16
|
||||
}{{
|
||||
name: "not_filtered_not_found",
|
||||
host: "hoost.com",
|
||||
wantCName: "",
|
||||
wantIPs: nil,
|
||||
wantReason: NotFilteredNotFound,
|
||||
dtyp: dns.TypeA,
|
||||
}, {
|
||||
name: "rewritten_a",
|
||||
host: "www.host.com",
|
||||
wantCName: "host.com",
|
||||
wantIPs: []net.IP{{1, 2, 3, 4}, {1, 2, 3, 5}},
|
||||
wantReason: Rewritten,
|
||||
dtyp: dns.TypeA,
|
||||
}, {
|
||||
name: "rewritten_aaaa",
|
||||
host: "www.host.com",
|
||||
wantCName: "host.com",
|
||||
wantIPs: []net.IP{net.ParseIP("1:2:3::4")},
|
||||
wantReason: Rewritten,
|
||||
dtyp: dns.TypeAAAA,
|
||||
}, {
|
||||
name: "wildcard_match",
|
||||
host: "abc.host.com",
|
||||
wantCName: "",
|
||||
wantIPs: []net.IP{{1, 2, 3, 5}},
|
||||
wantReason: Rewritten,
|
||||
dtyp: dns.TypeA,
|
||||
}, {
|
||||
name: "wildcard_override",
|
||||
host: "a.host.com",
|
||||
wantCName: "",
|
||||
wantIPs: []net.IP{{1, 2, 3, 4}},
|
||||
wantReason: Rewritten,
|
||||
dtyp: dns.TypeA,
|
||||
}, {
|
||||
name: "wildcard_cname_interaction",
|
||||
host: "www.host2.com",
|
||||
wantCName: "host.com",
|
||||
wantIPs: []net.IP{{1, 2, 3, 4}, {1, 2, 3, 5}},
|
||||
wantReason: Rewritten,
|
||||
dtyp: dns.TypeA,
|
||||
}, {
|
||||
name: "two_cnames",
|
||||
host: "b.host.com",
|
||||
wantCName: "somehost.com",
|
||||
wantIPs: []net.IP{{0, 0, 0, 0}},
|
||||
wantReason: Rewritten,
|
||||
dtyp: dns.TypeA,
|
||||
}, {
|
||||
name: "two_cnames_and_wildcard",
|
||||
host: "b.host3.com",
|
||||
wantCName: "x.host.com",
|
||||
wantIPs: []net.IP{{1, 2, 3, 5}},
|
||||
wantReason: Rewritten,
|
||||
dtyp: dns.TypeA,
|
||||
}, {
|
||||
name: "issue3343",
|
||||
host: "www.hostboth.com",
|
||||
wantCName: "",
|
||||
wantIPs: []net.IP{net.ParseIP("1234::5678")},
|
||||
wantReason: Rewritten,
|
||||
dtyp: dns.TypeAAAA,
|
||||
}, {
|
||||
name: "issue3351",
|
||||
host: "bighost.com",
|
||||
wantCName: "",
|
||||
wantIPs: []net.IP{{1, 2, 3, 7}},
|
||||
wantReason: Rewritten,
|
||||
dtyp: dns.TypeA,
|
||||
}, {
|
||||
name: "issue4008",
|
||||
host: "somehost.com",
|
||||
wantCName: "",
|
||||
wantIPs: nil,
|
||||
wantReason: Rewritten,
|
||||
dtyp: dns.TypeHTTPS,
|
||||
}, {
|
||||
name: "issue4016",
|
||||
host: "www.issue4016.com",
|
||||
wantCName: "sub.issue4016.com",
|
||||
wantIPs: nil,
|
||||
wantReason: Rewritten,
|
||||
dtyp: dns.TypeA,
|
||||
}, {
|
||||
name: "issue4016_self",
|
||||
host: "sub.issue4016.com",
|
||||
wantCName: "",
|
||||
wantIPs: nil,
|
||||
wantReason: NotFilteredNotFound,
|
||||
dtyp: dns.TypeA,
|
||||
}}
|
||||
|
||||
for _, tc := range testCases {
|
||||
t.Run(tc.name, func(t *testing.T) {
|
||||
r := d.processRewrites(tc.host, tc.dtyp)
|
||||
require.Equalf(t, tc.wantReason, r.Reason, "got %s", r.Reason)
|
||||
|
||||
if tc.wantCName != "" {
|
||||
assert.Equal(t, tc.wantCName, r.CanonName)
|
||||
}
|
||||
|
||||
assert.Equal(t, tc.wantIPs, r.IPList)
|
||||
})
|
||||
}
|
||||
}
|
||||
|
||||
func TestRewritesLevels(t *testing.T) {
|
||||
d, _ := newForTest(t, nil, nil)
|
||||
t.Cleanup(d.Close)
|
||||
// Exact host, wildcard L2, wildcard L3.
|
||||
d.Rewrites = []*LegacyRewrite{{
|
||||
Domain: "host.com",
|
||||
Answer: "1.1.1.1",
|
||||
Type: dns.TypeA,
|
||||
}, {
|
||||
Domain: "*.host.com",
|
||||
Answer: "2.2.2.2",
|
||||
Type: dns.TypeA,
|
||||
}, {
|
||||
Domain: "*.sub.host.com",
|
||||
Answer: "3.3.3.3",
|
||||
Type: dns.TypeA,
|
||||
}}
|
||||
|
||||
require.NoError(t, d.prepareRewrites())
|
||||
|
||||
testCases := []struct {
|
||||
name string
|
||||
host string
|
||||
want net.IP
|
||||
}{{
|
||||
name: "exact_match",
|
||||
host: "host.com",
|
||||
want: net.IP{1, 1, 1, 1},
|
||||
}, {
|
||||
name: "l2_match",
|
||||
host: "sub.host.com",
|
||||
want: net.IP{2, 2, 2, 2},
|
||||
}, {
|
||||
name: "l3_match",
|
||||
host: "my.sub.host.com",
|
||||
want: net.IP{3, 3, 3, 3},
|
||||
}}
|
||||
|
||||
for _, tc := range testCases {
|
||||
t.Run(tc.name, func(t *testing.T) {
|
||||
r := d.processRewrites(tc.host, dns.TypeA)
|
||||
assert.Equal(t, Rewritten, r.Reason)
|
||||
require.Len(t, r.IPList, 1)
|
||||
})
|
||||
}
|
||||
}
|
||||
|
||||
func TestRewritesExceptionCNAME(t *testing.T) {
|
||||
d, _ := newForTest(t, nil, nil)
|
||||
t.Cleanup(d.Close)
|
||||
// Wildcard and exception for a sub-domain.
|
||||
d.Rewrites = []*LegacyRewrite{{
|
||||
Domain: "*.host.com",
|
||||
Answer: "2.2.2.2",
|
||||
}, {
|
||||
Domain: "sub.host.com",
|
||||
Answer: "sub.host.com",
|
||||
}, {
|
||||
Domain: "*.sub.host.com",
|
||||
Answer: "*.sub.host.com",
|
||||
}}
|
||||
|
||||
require.NoError(t, d.prepareRewrites())
|
||||
|
||||
testCases := []struct {
|
||||
name string
|
||||
host string
|
||||
want net.IP
|
||||
}{{
|
||||
name: "match_subdomain",
|
||||
host: "my.host.com",
|
||||
want: net.IP{2, 2, 2, 2},
|
||||
}, {
|
||||
name: "exception_cname",
|
||||
host: "sub.host.com",
|
||||
want: nil,
|
||||
}, {
|
||||
name: "exception_wildcard",
|
||||
host: "my.sub.host.com",
|
||||
want: nil,
|
||||
}}
|
||||
|
||||
for _, tc := range testCases {
|
||||
t.Run(tc.name, func(t *testing.T) {
|
||||
r := d.processRewrites(tc.host, dns.TypeA)
|
||||
if tc.want == nil {
|
||||
assert.Equal(t, NotFilteredNotFound, r.Reason, "got %s", r.Reason)
|
||||
|
||||
return
|
||||
}
|
||||
|
||||
assert.Equal(t, Rewritten, r.Reason)
|
||||
require.Len(t, r.IPList, 1)
|
||||
assert.True(t, tc.want.Equal(r.IPList[0]))
|
||||
})
|
||||
}
|
||||
}
|
||||
|
||||
func TestRewritesExceptionIP(t *testing.T) {
|
||||
d, _ := newForTest(t, nil, nil)
|
||||
t.Cleanup(d.Close)
|
||||
// Exception for AAAA record.
|
||||
d.Rewrites = []*LegacyRewrite{{
|
||||
Domain: "host.com",
|
||||
Answer: "1.2.3.4",
|
||||
Type: dns.TypeA,
|
||||
}, {
|
||||
Domain: "host.com",
|
||||
Answer: "AAAA",
|
||||
Type: dns.TypeAAAA,
|
||||
}, {
|
||||
Domain: "host2.com",
|
||||
Answer: "::1",
|
||||
Type: dns.TypeAAAA,
|
||||
}, {
|
||||
Domain: "host2.com",
|
||||
Answer: "A",
|
||||
Type: dns.TypeA,
|
||||
}, {
|
||||
Domain: "host3.com",
|
||||
Answer: "A",
|
||||
Type: dns.TypeA,
|
||||
}}
|
||||
|
||||
require.NoError(t, d.prepareRewrites())
|
||||
|
||||
testCases := []struct {
|
||||
name string
|
||||
host string
|
||||
want []net.IP
|
||||
dtyp uint16
|
||||
}{{
|
||||
name: "match_A",
|
||||
host: "host.com",
|
||||
want: []net.IP{{1, 2, 3, 4}},
|
||||
dtyp: dns.TypeA,
|
||||
}, {
|
||||
name: "exception_AAAA_host.com",
|
||||
host: "host.com",
|
||||
want: nil,
|
||||
dtyp: dns.TypeAAAA,
|
||||
}, {
|
||||
name: "exception_A_host2.com",
|
||||
host: "host2.com",
|
||||
want: nil,
|
||||
dtyp: dns.TypeA,
|
||||
}, {
|
||||
name: "match_AAAA_host2.com",
|
||||
host: "host2.com",
|
||||
want: []net.IP{net.ParseIP("::1")},
|
||||
dtyp: dns.TypeAAAA,
|
||||
}, {
|
||||
name: "exception_A_host3.com",
|
||||
host: "host3.com",
|
||||
want: nil,
|
||||
dtyp: dns.TypeA,
|
||||
}, {
|
||||
name: "match_AAAA_host3.com",
|
||||
host: "host3.com",
|
||||
want: []net.IP{},
|
||||
dtyp: dns.TypeAAAA,
|
||||
}}
|
||||
|
||||
for _, tc := range testCases {
|
||||
t.Run(tc.name+"_"+tc.host, func(t *testing.T) {
|
||||
r := d.processRewrites(tc.host, tc.dtyp)
|
||||
if tc.want == nil {
|
||||
assert.Equal(t, NotFilteredNotFound, r.Reason)
|
||||
|
||||
return
|
||||
}
|
||||
|
||||
assert.Equalf(t, Rewritten, r.Reason, "got %s", r.Reason)
|
||||
|
||||
require.Len(t, r.IPList, len(tc.want))
|
||||
|
||||
for _, ip := range tc.want {
|
||||
assert.True(t, ip.Equal(r.IPList[0]))
|
||||
}
|
||||
})
|
||||
}
|
||||
}
|
||||
@@ -246,6 +246,111 @@ var blockedServices = []blockedService{{
|
||||
Rules: []string{
|
||||
"||mail.ru^",
|
||||
},
|
||||
}, {
|
||||
ID: "mastodon",
|
||||
Name: "Mastodon",
|
||||
IconSVG: []byte("<svg xmlns=\"http://www.w3.org/2000/svg\" fill=\"currentColor\" viewBox=\"0 0 512 512\"><path d=\"M433 179.11c0-97.2-63.71-125.7-63.71-125.7-62.52-28.7-228.56-28.4-290.48 0 0 0-63.72 28.5-63.72 125.7 0 115.7-6.6 259.4 105.63 289.1 40.51 10.7 75.32 13 103.33 11.4 50.81-2.8 79.32-18.1 79.32-18.1l-1.7-36.9s-36.31 11.4-77.12 10.1c-40.41-1.4-83-4.4-89.63-54a102.54 102.54 0 0 1-.9-13.9c85.63 20.9 158.65 9.1 178.75 6.7 56.12-6.7 105-41.3 111.23-72.9 9.8-49.8 9-121.5 9-121.5zm-75.12 125.2h-46.63v-114.2c0-49.7-64-51.6-64 6.9v62.5h-46.33V197c0-58.5-64-56.6-64-6.9v114.2H90.19c0-122.1-5.2-147.9 18.41-175 25.9-28.9 79.82-30.8 103.83 6.1l11.6 19.5 11.6-19.5c24.11-37.1 78.12-34.8 103.83-6.1 23.71 27.3 18.4 53 18.4 175z\"/></svg>"),
|
||||
Rules: []string{
|
||||
"||aus.social^",
|
||||
"||awscommunity.social^",
|
||||
"||dresden.network^",
|
||||
"||fedibird.com^",
|
||||
"||fosstodon.org^",
|
||||
"||glasgow.social^",
|
||||
"||h4.io^",
|
||||
"||hachyderm.io^",
|
||||
"||hessen.social^",
|
||||
"||home.social^",
|
||||
"||hostux.social^",
|
||||
"||ieji.de^",
|
||||
"||indieweb.social^",
|
||||
"||infosec.exchange^",
|
||||
"||ioc.exchange^",
|
||||
"||kolektiva.social^",
|
||||
"||livellosegreto.it^",
|
||||
"||lor.sh^",
|
||||
"||m.cmx.im^",
|
||||
"||mas.to^",
|
||||
"||masto.ai^",
|
||||
"||masto.es^",
|
||||
"||masto.nobigtech.es^",
|
||||
"||masto.pt^",
|
||||
"||mastodon.au^",
|
||||
"||mastodon.bida.im^",
|
||||
"||mastodon.com.tr^",
|
||||
"||mastodon.eus^",
|
||||
"||mastodon.ie^",
|
||||
"||mastodon.iriseden.eu^",
|
||||
"||mastodon.lol^",
|
||||
"||mastodon.nl^",
|
||||
"||mastodon.nu^",
|
||||
"||mastodon.nz^",
|
||||
"||mastodon.online^",
|
||||
"||mastodon.online^",
|
||||
"||mastodon.scot^",
|
||||
"||mastodon.sdf.org^",
|
||||
"||mastodon.social^",
|
||||
"||mastodon.social^",
|
||||
"||mastodon.top^",
|
||||
"||mastodon.uno^",
|
||||
"||mastodon.world^",
|
||||
"||mastodon.zaclys.com^",
|
||||
"||mastodonapp.uk^",
|
||||
"||mastodont.cat^",
|
||||
"||mastodontech.de^",
|
||||
"||mastodontti.fi^",
|
||||
"||mastouille.fr^",
|
||||
"||mathstodon.xyz^",
|
||||
"||meow.social^",
|
||||
"||metalhead.club^",
|
||||
"||mindly.social^",
|
||||
"||mstdn.ca^",
|
||||
"||mstdn.jp^",
|
||||
"||mstdn.party^",
|
||||
"||mstdn.social^",
|
||||
"||muenchen.social^",
|
||||
"||muenster.im^",
|
||||
"||newsie.social^",
|
||||
"||noc.social^",
|
||||
"||norden.social^",
|
||||
"||nrw.social^",
|
||||
"||o3o.ca^",
|
||||
"||ohai.social^",
|
||||
"||pewtix.com^",
|
||||
"||phpc.social^",
|
||||
"||piaille.fr^",
|
||||
"||pol.social^",
|
||||
"||qdon.space^",
|
||||
"||ravenation.club^",
|
||||
"||rollenspiel.social^",
|
||||
"||ruby.social^",
|
||||
"||ruhr.social^",
|
||||
"||sfba.social^",
|
||||
"||socel.net^",
|
||||
"||social.anoxinon.de^",
|
||||
"||social.cologne^",
|
||||
"||social.dev-wiki.de^",
|
||||
"||social.linux.pizza^",
|
||||
"||social.politicaconciencia.org^",
|
||||
"||social.vivaldi.net^",
|
||||
"||sself.co^",
|
||||
"||sueden.social^",
|
||||
"||tech.lgbt^",
|
||||
"||techhub.social^",
|
||||
"||theblower.au^",
|
||||
"||tkz.one^",
|
||||
"||todon.eu^",
|
||||
"||toot.aquilenet.fr^",
|
||||
"||toot.community^",
|
||||
"||toot.funami.tech^",
|
||||
"||toot.wales^",
|
||||
"||troet.cafe^",
|
||||
"||twingyeo.kr^",
|
||||
"||union.place^",
|
||||
"||universeodon.com^",
|
||||
"||urbanists.social^",
|
||||
"||wxw.moe^",
|
||||
},
|
||||
}, {
|
||||
ID: "minecraft",
|
||||
Name: "Minecraft",
|
||||
@@ -435,6 +540,7 @@ var blockedServices = []blockedService{{
|
||||
Name: "Twitter",
|
||||
IconSVG: []byte("<svg xmlns=\"http://www.w3.org/2000/svg\" fill=\"currentColor\" viewBox=\"0 0 24 24\"><path d=\"M22.398 5.55a8.583 8.583 0 0 1-2.449.673 4.252 4.252 0 0 0 1.875-2.364 8.66 8.66 0 0 1-2.71 1.04A4.251 4.251 0 0 0 16 3.546a4.27 4.27 0 0 0-4.266 4.27c0 .335.036.66.11.972a12.126 12.126 0 0 1-8.797-4.46 4.259 4.259 0 0 0-.578 2.148c0 1.48.754 2.785 1.898 3.55a4.273 4.273 0 0 1-1.933-.535v.055a4.27 4.27 0 0 0 3.425 4.183c-.359.098-.734.149-1.125.149-.273 0-.543-.027-.804-.074a4.276 4.276 0 0 0 3.988 2.965 8.562 8.562 0 0 1-5.3 1.824 8.82 8.82 0 0 1-1.02-.059 12.088 12.088 0 0 0 6.543 1.918c7.851 0 12.14-6.504 12.14-12.144 0-.184-.004-.368-.011-.551a8.599 8.599 0 0 0 2.128-2.207zm0 0\" /></svg>"),
|
||||
Rules: []string{
|
||||
"||pscp.tv^",
|
||||
"||t.co^",
|
||||
"||twimg.com^",
|
||||
"||twitter.com^",
|
||||
|
||||
@@ -129,7 +129,7 @@ type RuntimeClientWHOISInfo struct {
|
||||
|
||||
type clientsContainer struct {
|
||||
// TODO(a.garipov): Perhaps use a number of separate indices for
|
||||
// different types (string, net.IP, and so on).
|
||||
// different types (string, netip.Addr, and so on).
|
||||
list map[string]*Client // name -> client
|
||||
idIndex map[string]*Client // ID -> client
|
||||
|
||||
@@ -333,7 +333,7 @@ func (clients *clientsContainer) onDHCPLeaseChanged(flags int) {
|
||||
}
|
||||
|
||||
// exists checks if client with this IP address already exists.
|
||||
func (clients *clientsContainer) exists(ip net.IP, source clientSource) (ok bool) {
|
||||
func (clients *clientsContainer) exists(ip netip.Addr, source clientSource) (ok bool) {
|
||||
clients.lock.Lock()
|
||||
defer clients.lock.Unlock()
|
||||
|
||||
@@ -342,7 +342,7 @@ func (clients *clientsContainer) exists(ip net.IP, source clientSource) (ok bool
|
||||
return true
|
||||
}
|
||||
|
||||
rc, ok := clients.findRuntimeClientLocked(ip)
|
||||
rc, ok := clients.ipToRC[ip]
|
||||
if !ok {
|
||||
return false
|
||||
}
|
||||
@@ -371,7 +371,8 @@ func (clients *clientsContainer) findMultiple(ids []string) (c *querylog.Client,
|
||||
var artClient *querylog.Client
|
||||
var art bool
|
||||
for _, id := range ids {
|
||||
c, art = clients.clientOrArtificial(net.ParseIP(id), id)
|
||||
ip, _ := netip.ParseAddr(id)
|
||||
c, art = clients.clientOrArtificial(ip, id)
|
||||
if art {
|
||||
artClient = c
|
||||
|
||||
@@ -389,7 +390,7 @@ func (clients *clientsContainer) findMultiple(ids []string) (c *querylog.Client,
|
||||
// records about this client besides maybe whether or not it is blocked. c is
|
||||
// never nil.
|
||||
func (clients *clientsContainer) clientOrArtificial(
|
||||
ip net.IP,
|
||||
ip netip.Addr,
|
||||
id string,
|
||||
) (c *querylog.Client, art bool) {
|
||||
defer func() {
|
||||
@@ -406,13 +407,6 @@ func (clients *clientsContainer) clientOrArtificial(
|
||||
}, false
|
||||
}
|
||||
|
||||
if ip == nil {
|
||||
// Technically should never happen, but still.
|
||||
return &querylog.Client{
|
||||
Name: "",
|
||||
}, true
|
||||
}
|
||||
|
||||
var rc *RuntimeClient
|
||||
rc, ok = clients.findRuntimeClient(ip)
|
||||
if ok {
|
||||
@@ -492,19 +486,20 @@ func (clients *clientsContainer) findLocked(id string) (c *Client, ok bool) {
|
||||
return c, true
|
||||
}
|
||||
|
||||
ip := net.ParseIP(id)
|
||||
if ip == nil {
|
||||
ip, err := netip.ParseAddr(id)
|
||||
if err != nil {
|
||||
return nil, false
|
||||
}
|
||||
|
||||
for _, c = range clients.list {
|
||||
for _, id := range c.IDs {
|
||||
_, ipnet, err := net.ParseCIDR(id)
|
||||
var n netip.Prefix
|
||||
n, err = netip.ParsePrefix(id)
|
||||
if err != nil {
|
||||
continue
|
||||
}
|
||||
|
||||
if ipnet.Contains(ip) {
|
||||
if n.Contains(ip) {
|
||||
return c, true
|
||||
}
|
||||
}
|
||||
@@ -514,19 +509,20 @@ func (clients *clientsContainer) findLocked(id string) (c *Client, ok bool) {
|
||||
return nil, false
|
||||
}
|
||||
|
||||
macFound := clients.dhcpServer.FindMACbyIP(ip)
|
||||
macFound := clients.dhcpServer.FindMACbyIP(ip.AsSlice())
|
||||
if macFound == nil {
|
||||
return nil, false
|
||||
}
|
||||
|
||||
for _, c = range clients.list {
|
||||
for _, id := range c.IDs {
|
||||
hwAddr, err := net.ParseMAC(id)
|
||||
var mac net.HardwareAddr
|
||||
mac, err = net.ParseMAC(id)
|
||||
if err != nil {
|
||||
continue
|
||||
}
|
||||
|
||||
if bytes.Equal(hwAddr, macFound) {
|
||||
if bytes.Equal(mac, macFound) {
|
||||
return c, true
|
||||
}
|
||||
}
|
||||
@@ -535,32 +531,18 @@ func (clients *clientsContainer) findLocked(id string) (c *Client, ok bool) {
|
||||
return nil, false
|
||||
}
|
||||
|
||||
// findRuntimeClientLocked finds a runtime client by their IP address. For
|
||||
// internal use only.
|
||||
func (clients *clientsContainer) findRuntimeClientLocked(ip net.IP) (rc *RuntimeClient, ok bool) {
|
||||
// TODO(a.garipov): Remove once we switch to netip.Addr more fully.
|
||||
ipAddr, err := netutil.IPToAddrNoMapped(ip)
|
||||
if err != nil {
|
||||
log.Error("clients: bad client ip %v: %s", ip, err)
|
||||
|
||||
return nil, false
|
||||
}
|
||||
|
||||
rc, ok = clients.ipToRC[ipAddr]
|
||||
|
||||
return rc, ok
|
||||
}
|
||||
|
||||
// findRuntimeClient finds a runtime client by their IP.
|
||||
func (clients *clientsContainer) findRuntimeClient(ip net.IP) (rc *RuntimeClient, ok bool) {
|
||||
if ip == nil {
|
||||
func (clients *clientsContainer) findRuntimeClient(ip netip.Addr) (rc *RuntimeClient, ok bool) {
|
||||
if ip == (netip.Addr{}) {
|
||||
return nil, false
|
||||
}
|
||||
|
||||
clients.lock.Lock()
|
||||
defer clients.lock.Unlock()
|
||||
|
||||
return clients.findRuntimeClientLocked(ip)
|
||||
rc, ok = clients.ipToRC[ip]
|
||||
|
||||
return rc, ok
|
||||
}
|
||||
|
||||
// check validates the client.
|
||||
@@ -578,14 +560,16 @@ func (clients *clientsContainer) check(c *Client) (err error) {
|
||||
|
||||
for i, id := range c.IDs {
|
||||
// Normalize structured data.
|
||||
var ip net.IP
|
||||
var ipnet *net.IPNet
|
||||
var mac net.HardwareAddr
|
||||
if ip = net.ParseIP(id); ip != nil {
|
||||
var (
|
||||
ip netip.Addr
|
||||
n netip.Prefix
|
||||
mac net.HardwareAddr
|
||||
)
|
||||
|
||||
if ip, err = netip.ParseAddr(id); err == nil {
|
||||
c.IDs[i] = ip.String()
|
||||
} else if ip, ipnet, err = net.ParseCIDR(id); err == nil {
|
||||
ipnet.IP = ip
|
||||
c.IDs[i] = ipnet.String()
|
||||
} else if n, err = netip.ParsePrefix(id); err == nil {
|
||||
c.IDs[i] = n.String()
|
||||
} else if mac, err = net.ParseMAC(id); err == nil {
|
||||
c.IDs[i] = mac.String()
|
||||
} else if err = dnsforward.ValidateClientID(id); err == nil {
|
||||
@@ -750,7 +734,7 @@ func (clients *clientsContainer) Update(name string, c *Client) (err error) {
|
||||
}
|
||||
|
||||
// setWHOISInfo sets the WHOIS information for a client.
|
||||
func (clients *clientsContainer) setWHOISInfo(ip net.IP, wi *RuntimeClientWHOISInfo) {
|
||||
func (clients *clientsContainer) setWHOISInfo(ip netip.Addr, wi *RuntimeClientWHOISInfo) {
|
||||
clients.lock.Lock()
|
||||
defer clients.lock.Unlock()
|
||||
|
||||
@@ -760,7 +744,7 @@ func (clients *clientsContainer) setWHOISInfo(ip net.IP, wi *RuntimeClientWHOISI
|
||||
return
|
||||
}
|
||||
|
||||
rc, ok := clients.findRuntimeClientLocked(ip)
|
||||
rc, ok := clients.ipToRC[ip]
|
||||
if ok {
|
||||
rc.WHOISInfo = wi
|
||||
log.Debug("clients: set whois info for runtime client %s: %+v", rc.Host, wi)
|
||||
@@ -776,32 +760,22 @@ func (clients *clientsContainer) setWHOISInfo(ip net.IP, wi *RuntimeClientWHOISI
|
||||
|
||||
rc.WHOISInfo = wi
|
||||
|
||||
// TODO(a.garipov): Remove once we switch to netip.Addr more fully.
|
||||
ipAddr, err := netutil.IPToAddrNoMapped(ip)
|
||||
if err != nil {
|
||||
log.Error("clients: bad client ip %v: %s", ip, err)
|
||||
|
||||
return
|
||||
}
|
||||
|
||||
clients.ipToRC[ipAddr] = rc
|
||||
clients.ipToRC[ip] = rc
|
||||
|
||||
log.Debug("clients: set whois info for runtime client with ip %s: %+v", ip, wi)
|
||||
}
|
||||
|
||||
// AddHost adds a new IP-hostname pairing. The priorities of the sources are
|
||||
// taken into account. ok is true if the pairing was added.
|
||||
func (clients *clientsContainer) AddHost(ip net.IP, host string, src clientSource) (ok bool, err error) {
|
||||
func (clients *clientsContainer) AddHost(
|
||||
ip netip.Addr,
|
||||
host string,
|
||||
src clientSource,
|
||||
) (ok bool) {
|
||||
clients.lock.Lock()
|
||||
defer clients.lock.Unlock()
|
||||
|
||||
// TODO(a.garipov): Remove once we switch to netip.Addr more fully.
|
||||
ipAddr, err := netutil.IPToAddrNoMapped(ip)
|
||||
if err != nil {
|
||||
return false, fmt.Errorf("adding host: %w", err)
|
||||
}
|
||||
|
||||
return clients.addHostLocked(ipAddr, host, src), nil
|
||||
return clients.addHostLocked(ip, host, src)
|
||||
}
|
||||
|
||||
// addHostLocked adds a new IP-hostname pairing. clients.lock is expected to be
|
||||
|
||||
@@ -22,8 +22,18 @@ func TestClients(t *testing.T) {
|
||||
clients.Init(nil, nil, nil, nil)
|
||||
|
||||
t.Run("add_success", func(t *testing.T) {
|
||||
var (
|
||||
cliNone = "1.2.3.4"
|
||||
cli1 = "1.1.1.1"
|
||||
cli2 = "2.2.2.2"
|
||||
|
||||
cliNoneIP = netip.MustParseAddr(cliNone)
|
||||
cli1IP = netip.MustParseAddr(cli1)
|
||||
cli2IP = netip.MustParseAddr(cli2)
|
||||
)
|
||||
|
||||
c := &Client{
|
||||
IDs: []string{"1.1.1.1", "1:2:3::4", "aa:aa:aa:aa:aa:aa"},
|
||||
IDs: []string{cli1, "1:2:3::4", "aa:aa:aa:aa:aa:aa"},
|
||||
Name: "client1",
|
||||
}
|
||||
|
||||
@@ -33,7 +43,7 @@ func TestClients(t *testing.T) {
|
||||
assert.True(t, ok)
|
||||
|
||||
c = &Client{
|
||||
IDs: []string{"2.2.2.2"},
|
||||
IDs: []string{cli2},
|
||||
Name: "client2",
|
||||
}
|
||||
|
||||
@@ -42,7 +52,7 @@ func TestClients(t *testing.T) {
|
||||
|
||||
assert.True(t, ok)
|
||||
|
||||
c, ok = clients.Find("1.1.1.1")
|
||||
c, ok = clients.Find(cli1)
|
||||
require.True(t, ok)
|
||||
|
||||
assert.Equal(t, "client1", c.Name)
|
||||
@@ -52,14 +62,14 @@ func TestClients(t *testing.T) {
|
||||
|
||||
assert.Equal(t, "client1", c.Name)
|
||||
|
||||
c, ok = clients.Find("2.2.2.2")
|
||||
c, ok = clients.Find(cli2)
|
||||
require.True(t, ok)
|
||||
|
||||
assert.Equal(t, "client2", c.Name)
|
||||
|
||||
assert.False(t, clients.exists(net.IP{1, 2, 3, 4}, ClientSourceHostsFile))
|
||||
assert.True(t, clients.exists(net.IP{1, 1, 1, 1}, ClientSourceHostsFile))
|
||||
assert.True(t, clients.exists(net.IP{2, 2, 2, 2}, ClientSourceHostsFile))
|
||||
assert.False(t, clients.exists(cliNoneIP, ClientSourceHostsFile))
|
||||
assert.True(t, clients.exists(cli1IP, ClientSourceHostsFile))
|
||||
assert.True(t, clients.exists(cli2IP, ClientSourceHostsFile))
|
||||
})
|
||||
|
||||
t.Run("add_fail_name", func(t *testing.T) {
|
||||
@@ -103,23 +113,31 @@ func TestClients(t *testing.T) {
|
||||
})
|
||||
|
||||
t.Run("update_success", func(t *testing.T) {
|
||||
var (
|
||||
cliOld = "1.1.1.1"
|
||||
cliNew = "1.1.1.2"
|
||||
|
||||
cliOldIP = netip.MustParseAddr(cliOld)
|
||||
cliNewIP = netip.MustParseAddr(cliNew)
|
||||
)
|
||||
|
||||
err := clients.Update("client1", &Client{
|
||||
IDs: []string{"1.1.1.2"},
|
||||
IDs: []string{cliNew},
|
||||
Name: "client1",
|
||||
})
|
||||
require.NoError(t, err)
|
||||
|
||||
assert.False(t, clients.exists(net.IP{1, 1, 1, 1}, ClientSourceHostsFile))
|
||||
assert.True(t, clients.exists(net.IP{1, 1, 1, 2}, ClientSourceHostsFile))
|
||||
assert.False(t, clients.exists(cliOldIP, ClientSourceHostsFile))
|
||||
assert.True(t, clients.exists(cliNewIP, ClientSourceHostsFile))
|
||||
|
||||
err = clients.Update("client1", &Client{
|
||||
IDs: []string{"1.1.1.2"},
|
||||
IDs: []string{cliNew},
|
||||
Name: "client1-renamed",
|
||||
UseOwnSettings: true,
|
||||
})
|
||||
require.NoError(t, err)
|
||||
|
||||
c, ok := clients.Find("1.1.1.2")
|
||||
c, ok := clients.Find(cliNew)
|
||||
require.True(t, ok)
|
||||
|
||||
assert.Equal(t, "client1-renamed", c.Name)
|
||||
@@ -132,14 +150,14 @@ func TestClients(t *testing.T) {
|
||||
|
||||
require.Len(t, c.IDs, 1)
|
||||
|
||||
assert.Equal(t, "1.1.1.2", c.IDs[0])
|
||||
assert.Equal(t, cliNew, c.IDs[0])
|
||||
})
|
||||
|
||||
t.Run("del_success", func(t *testing.T) {
|
||||
ok := clients.Del("client1-renamed")
|
||||
require.True(t, ok)
|
||||
|
||||
assert.False(t, clients.exists(net.IP{1, 1, 1, 2}, ClientSourceHostsFile))
|
||||
assert.False(t, clients.exists(netip.MustParseAddr("1.1.1.2"), ClientSourceHostsFile))
|
||||
})
|
||||
|
||||
t.Run("del_fail", func(t *testing.T) {
|
||||
@@ -148,45 +166,33 @@ func TestClients(t *testing.T) {
|
||||
})
|
||||
|
||||
t.Run("addhost_success", func(t *testing.T) {
|
||||
ip := net.IP{1, 1, 1, 1}
|
||||
|
||||
ok, err := clients.AddHost(ip, "host", ClientSourceARP)
|
||||
require.NoError(t, err)
|
||||
|
||||
ip := netip.MustParseAddr("1.1.1.1")
|
||||
ok := clients.AddHost(ip, "host", ClientSourceARP)
|
||||
assert.True(t, ok)
|
||||
|
||||
ok, err = clients.AddHost(ip, "host2", ClientSourceARP)
|
||||
require.NoError(t, err)
|
||||
|
||||
ok = clients.AddHost(ip, "host2", ClientSourceARP)
|
||||
assert.True(t, ok)
|
||||
|
||||
ok, err = clients.AddHost(ip, "host3", ClientSourceHostsFile)
|
||||
require.NoError(t, err)
|
||||
|
||||
ok = clients.AddHost(ip, "host3", ClientSourceHostsFile)
|
||||
assert.True(t, ok)
|
||||
|
||||
assert.True(t, clients.exists(ip, ClientSourceHostsFile))
|
||||
})
|
||||
|
||||
t.Run("dhcp_replaces_arp", func(t *testing.T) {
|
||||
ip := net.IP{1, 2, 3, 4}
|
||||
|
||||
ok, err := clients.AddHost(ip, "from_arp", ClientSourceARP)
|
||||
require.NoError(t, err)
|
||||
|
||||
ip := netip.MustParseAddr("1.2.3.4")
|
||||
ok := clients.AddHost(ip, "from_arp", ClientSourceARP)
|
||||
assert.True(t, ok)
|
||||
assert.True(t, clients.exists(ip, ClientSourceARP))
|
||||
|
||||
ok, err = clients.AddHost(ip, "from_dhcp", ClientSourceDHCP)
|
||||
require.NoError(t, err)
|
||||
|
||||
ok = clients.AddHost(ip, "from_dhcp", ClientSourceDHCP)
|
||||
assert.True(t, ok)
|
||||
assert.True(t, clients.exists(ip, ClientSourceDHCP))
|
||||
})
|
||||
|
||||
t.Run("addhost_fail", func(t *testing.T) {
|
||||
ok, err := clients.AddHost(net.IP{1, 1, 1, 1}, "host1", ClientSourceRDNS)
|
||||
require.NoError(t, err)
|
||||
ip := netip.MustParseAddr("1.1.1.1")
|
||||
ok := clients.AddHost(ip, "host1", ClientSourceRDNS)
|
||||
assert.False(t, ok)
|
||||
})
|
||||
}
|
||||
@@ -203,7 +209,7 @@ func TestClientsWHOIS(t *testing.T) {
|
||||
|
||||
t.Run("new_client", func(t *testing.T) {
|
||||
ip := netip.MustParseAddr("1.1.1.255")
|
||||
clients.setWHOISInfo(ip.AsSlice(), whois)
|
||||
clients.setWHOISInfo(ip, whois)
|
||||
rc := clients.ipToRC[ip]
|
||||
require.NotNil(t, rc)
|
||||
|
||||
@@ -212,12 +218,10 @@ func TestClientsWHOIS(t *testing.T) {
|
||||
|
||||
t.Run("existing_auto-client", func(t *testing.T) {
|
||||
ip := netip.MustParseAddr("1.1.1.1")
|
||||
ok, err := clients.AddHost(ip.AsSlice(), "host", ClientSourceRDNS)
|
||||
require.NoError(t, err)
|
||||
|
||||
ok := clients.AddHost(ip, "host", ClientSourceRDNS)
|
||||
assert.True(t, ok)
|
||||
|
||||
clients.setWHOISInfo(ip.AsSlice(), whois)
|
||||
clients.setWHOISInfo(ip, whois)
|
||||
rc := clients.ipToRC[ip]
|
||||
require.NotNil(t, rc)
|
||||
|
||||
@@ -234,7 +238,7 @@ func TestClientsWHOIS(t *testing.T) {
|
||||
require.NoError(t, err)
|
||||
assert.True(t, ok)
|
||||
|
||||
clients.setWHOISInfo(ip.AsSlice(), whois)
|
||||
clients.setWHOISInfo(ip, whois)
|
||||
rc := clients.ipToRC[ip]
|
||||
require.Nil(t, rc)
|
||||
|
||||
@@ -249,7 +253,7 @@ func TestClientsAddExisting(t *testing.T) {
|
||||
clients.Init(nil, nil, nil, nil)
|
||||
|
||||
t.Run("simple", func(t *testing.T) {
|
||||
ip := net.IP{1, 1, 1, 1}
|
||||
ip := netip.MustParseAddr("1.1.1.1")
|
||||
|
||||
// Add a client.
|
||||
ok, err := clients.Add(&Client{
|
||||
@@ -260,8 +264,7 @@ func TestClientsAddExisting(t *testing.T) {
|
||||
assert.True(t, ok)
|
||||
|
||||
// Now add an auto-client with the same IP.
|
||||
ok, err = clients.AddHost(ip, "test", ClientSourceRDNS)
|
||||
require.NoError(t, err)
|
||||
ok = clients.AddHost(ip, "test", ClientSourceRDNS)
|
||||
assert.True(t, ok)
|
||||
})
|
||||
|
||||
|
||||
@@ -3,8 +3,8 @@ package home
|
||||
import (
|
||||
"encoding/json"
|
||||
"fmt"
|
||||
"net"
|
||||
"net/http"
|
||||
"net/netip"
|
||||
|
||||
"github.com/AdguardTeam/AdGuardHome/internal/aghhttp"
|
||||
)
|
||||
@@ -47,8 +47,8 @@ type runtimeClientJSON struct {
|
||||
WHOISInfo *RuntimeClientWHOISInfo `json:"whois_info"`
|
||||
|
||||
Name string `json:"name"`
|
||||
IP netip.Addr `json:"ip"`
|
||||
Source clientSource `json:"source"`
|
||||
IP net.IP `json:"ip"`
|
||||
}
|
||||
|
||||
type clientListJSON struct {
|
||||
@@ -75,7 +75,7 @@ func (clients *clientsContainer) handleGetClients(w http.ResponseWriter, r *http
|
||||
|
||||
Name: rc.Host,
|
||||
Source: rc.Source,
|
||||
IP: ip.AsSlice(),
|
||||
IP: ip,
|
||||
}
|
||||
|
||||
data.RuntimeClients = append(data.RuntimeClients, cj)
|
||||
@@ -218,7 +218,7 @@ func (clients *clientsContainer) handleFindClient(w http.ResponseWriter, r *http
|
||||
break
|
||||
}
|
||||
|
||||
ip := net.ParseIP(idStr)
|
||||
ip, _ := netip.ParseAddr(idStr)
|
||||
c, ok := clients.Find(idStr)
|
||||
var cj *clientJSON
|
||||
if !ok {
|
||||
@@ -240,7 +240,7 @@ func (clients *clientsContainer) handleFindClient(w http.ResponseWriter, r *http
|
||||
// findRuntime looks up the IP in runtime and temporary storages, like
|
||||
// /etc/hosts tables, DHCP leases, or blocklists. cj is guaranteed to be
|
||||
// non-nil.
|
||||
func (clients *clientsContainer) findRuntime(ip net.IP, idStr string) (cj *clientJSON) {
|
||||
func (clients *clientsContainer) findRuntime(ip netip.Addr, idStr string) (cj *clientJSON) {
|
||||
rc, ok := clients.findRuntimeClient(ip)
|
||||
if !ok {
|
||||
// It is still possible that the IP used to be in the runtime clients
|
||||
|
||||
@@ -278,15 +278,20 @@ var config = &configuration{
|
||||
PortDNSOverTLS: defaultPortTLS, // needs to be passed through to dnsproxy
|
||||
PortDNSOverQUIC: defaultPortQUIC,
|
||||
},
|
||||
// NOTE: Keep these parameters in sync with the one put into
|
||||
// client/src/helpers/filters/filters.js by scripts/vetted-filters.
|
||||
//
|
||||
// TODO(a.garipov): Think of a way to make scripts/vetted-filters update
|
||||
// these as well if necessary.
|
||||
Filters: []filtering.FilterYAML{{
|
||||
Filter: filtering.Filter{ID: 1},
|
||||
Enabled: true,
|
||||
URL: "https://adguardteam.github.io/AdGuardSDNSFilter/Filters/filter.txt",
|
||||
URL: "https://adguardteam.github.io/HostlistsRegistry/assets/filter_1.txt",
|
||||
Name: "AdGuard DNS filter",
|
||||
}, {
|
||||
Filter: filtering.Filter{ID: 2},
|
||||
Enabled: false,
|
||||
URL: "https://adaway.org/hosts.txt",
|
||||
URL: "https://adguardteam.github.io/HostlistsRegistry/assets/filter_2.txt",
|
||||
Name: "AdAway Default Blocklist",
|
||||
}},
|
||||
DHCP: &dhcpd.ServerConfig{
|
||||
|
||||
@@ -71,9 +71,7 @@ func appendDNSAddrsWithIfaces(dst []string, src []netip.Addr) (res []string, err
|
||||
// on, including the addresses on all interfaces in cases of unspecified IPs.
|
||||
func collectDNSAddresses() (addrs []string, err error) {
|
||||
if hosts := config.DNS.BindHosts; len(hosts) == 0 {
|
||||
addr := aghnet.IPv4Localhost()
|
||||
|
||||
addrs = appendDNSAddrs(addrs, addr)
|
||||
addrs = appendDNSAddrs(addrs, netutil.IPv4Localhost())
|
||||
} else {
|
||||
addrs, err = appendDNSAddrsWithIfaces(addrs, hosts)
|
||||
if err != nil {
|
||||
|
||||
@@ -123,7 +123,7 @@ func handleUpdate(w http.ResponseWriter, r *http.Request) {
|
||||
return
|
||||
}
|
||||
|
||||
err = Context.updater.Update()
|
||||
err = Context.updater.Update(false)
|
||||
if err != nil {
|
||||
aghhttp.Error(r, w, http.StatusInternalServerError, "%s", err)
|
||||
|
||||
|
||||
@@ -8,9 +8,13 @@ import (
|
||||
"os"
|
||||
"path/filepath"
|
||||
|
||||
"github.com/AdguardTeam/AdGuardHome/internal/aghalg"
|
||||
"github.com/AdguardTeam/AdGuardHome/internal/aghhttp"
|
||||
"github.com/AdguardTeam/AdGuardHome/internal/aghnet"
|
||||
"github.com/AdguardTeam/AdGuardHome/internal/dhcpd"
|
||||
"github.com/AdguardTeam/AdGuardHome/internal/dnsforward"
|
||||
"github.com/AdguardTeam/AdGuardHome/internal/filtering"
|
||||
"github.com/AdguardTeam/AdGuardHome/internal/filtering/rewrite"
|
||||
"github.com/AdguardTeam/AdGuardHome/internal/querylog"
|
||||
"github.com/AdguardTeam/AdGuardHome/internal/stats"
|
||||
"github.com/AdguardTeam/dnsproxy/proxy"
|
||||
@@ -38,17 +42,13 @@ func onConfigModified() {
|
||||
}
|
||||
}
|
||||
|
||||
// initDNSServer creates an instance of the dnsforward.Server
|
||||
// Please note that we must do it even if we don't start it
|
||||
// so that we had access to the query log and the stats
|
||||
func initDNSServer() (err error) {
|
||||
// initDNS updates all the fields of the [Context] needed to initialize the DNS
|
||||
// server and initializes it at last. It also must not be called unless
|
||||
// [config] and [Context] are initialized.
|
||||
func initDNS() (err error) {
|
||||
baseDir := Context.getDataDir()
|
||||
|
||||
var anonFunc aghnet.IPMutFunc
|
||||
if config.DNS.AnonymizeClientIP {
|
||||
anonFunc = querylog.AnonymizeIP
|
||||
}
|
||||
anonymizer := aghnet.NewIPMut(anonFunc)
|
||||
anonymizer := config.anonymizer()
|
||||
|
||||
statsConf := stats.Config{
|
||||
Filename: filepath.Join(baseDir, "stats.db"),
|
||||
@@ -75,40 +75,57 @@ func initDNSServer() (err error) {
|
||||
}
|
||||
Context.queryLog = querylog.New(conf)
|
||||
|
||||
Context.filters, err = filtering.New(config.DNS.DnsfilterConf, nil)
|
||||
rewriteStorage, err := rewrite.NewDefaultStorage(config.DNS.DnsfilterConf.Rewrites)
|
||||
if err != nil {
|
||||
return fmt.Errorf("rewrites: init: %w", err)
|
||||
}
|
||||
|
||||
Context.filters, err = filtering.New(config.DNS.DnsfilterConf, nil, rewriteStorage)
|
||||
if err != nil {
|
||||
// Don't wrap the error, since it's informative enough as is.
|
||||
return err
|
||||
}
|
||||
|
||||
var privateNets netutil.SubnetSet
|
||||
switch len(config.DNS.PrivateNets) {
|
||||
case 0:
|
||||
// Use an optimized locally-served matcher.
|
||||
privateNets = netutil.SubnetSetFunc(netutil.IsLocallyServed)
|
||||
case 1:
|
||||
privateNets, err = netutil.ParseSubnet(config.DNS.PrivateNets[0])
|
||||
if err != nil {
|
||||
return fmt.Errorf("preparing the set of private subnets: %w", err)
|
||||
}
|
||||
default:
|
||||
var nets []*net.IPNet
|
||||
nets, err = netutil.ParseSubnets(config.DNS.PrivateNets...)
|
||||
if err != nil {
|
||||
return fmt.Errorf("preparing the set of private subnets: %w", err)
|
||||
}
|
||||
tlsConf := &tlsConfigSettings{}
|
||||
Context.tls.WriteDiskConfig(tlsConf)
|
||||
|
||||
privateNets = netutil.SliceSubnetSet(nets)
|
||||
return initDNSServer(
|
||||
Context.filters,
|
||||
Context.stats,
|
||||
Context.queryLog,
|
||||
Context.dhcpServer,
|
||||
anonymizer,
|
||||
httpRegister,
|
||||
tlsConf,
|
||||
)
|
||||
}
|
||||
|
||||
// initDNSServer initializes the [context.dnsServer]. To only use the internal
|
||||
// proxy, none of the arguments are required, but tlsConf still must not be nil,
|
||||
// in other cases all the arguments also must not be nil. It also must not be
|
||||
// called unless [config] and [Context] are initialized.
|
||||
func initDNSServer(
|
||||
filters *filtering.DNSFilter,
|
||||
sts stats.Interface,
|
||||
qlog querylog.QueryLog,
|
||||
dhcpSrv dhcpd.Interface,
|
||||
anonymizer *aghnet.IPMut,
|
||||
httpReg aghhttp.RegisterFunc,
|
||||
tlsConf *tlsConfigSettings,
|
||||
) (err error) {
|
||||
privateNets, err := parseSubnetSet(config.DNS.PrivateNets)
|
||||
if err != nil {
|
||||
return fmt.Errorf("preparing set of private subnets: %w", err)
|
||||
}
|
||||
|
||||
p := dnsforward.DNSCreateParams{
|
||||
DNSFilter: Context.filters,
|
||||
Stats: Context.stats,
|
||||
QueryLog: Context.queryLog,
|
||||
DNSFilter: filters,
|
||||
Stats: sts,
|
||||
QueryLog: qlog,
|
||||
PrivateNets: privateNets,
|
||||
Anonymizer: anonymizer,
|
||||
LocalDomain: config.DHCP.LocalDomainName,
|
||||
DHCPServer: Context.dhcpServer,
|
||||
DHCPServer: dhcpSrv,
|
||||
}
|
||||
|
||||
Context.dnsServer, err = dnsforward.NewServer(p)
|
||||
@@ -119,15 +136,15 @@ func initDNSServer() (err error) {
|
||||
}
|
||||
|
||||
Context.clients.dnsServer = Context.dnsServer
|
||||
var dnsConfig dnsforward.ServerConfig
|
||||
dnsConfig, err = generateServerConfig()
|
||||
|
||||
dnsConf, err := generateServerConfig(tlsConf, httpReg)
|
||||
if err != nil {
|
||||
closeDNSServer()
|
||||
|
||||
return fmt.Errorf("generateServerConfig: %w", err)
|
||||
}
|
||||
|
||||
err = Context.dnsServer.Prepare(&dnsConfig)
|
||||
err = Context.dnsServer.Prepare(&dnsConf)
|
||||
if err != nil {
|
||||
closeDNSServer()
|
||||
|
||||
@@ -145,13 +162,39 @@ func initDNSServer() (err error) {
|
||||
return nil
|
||||
}
|
||||
|
||||
// parseSubnetSet parses a slice of subnets. If the slice is empty, it returns
|
||||
// a subnet set that matches all locally served networks, see
|
||||
// [netutil.IsLocallyServed].
|
||||
func parseSubnetSet(nets []string) (s netutil.SubnetSet, err error) {
|
||||
switch len(nets) {
|
||||
case 0:
|
||||
// Use an optimized function-based matcher.
|
||||
return netutil.SubnetSetFunc(netutil.IsLocallyServed), nil
|
||||
case 1:
|
||||
s, err = netutil.ParseSubnet(nets[0])
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
return s, nil
|
||||
default:
|
||||
var nets []*net.IPNet
|
||||
nets, err = netutil.ParseSubnets(config.DNS.PrivateNets...)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
return netutil.SliceSubnetSet(nets), nil
|
||||
}
|
||||
}
|
||||
|
||||
func isRunning() bool {
|
||||
return Context.dnsServer != nil && Context.dnsServer.IsRunning()
|
||||
}
|
||||
|
||||
func onDNSRequest(pctx *proxy.DNSContext) {
|
||||
ip, _ := netutil.IPAndPortFromAddr(pctx.Addr)
|
||||
if ip == nil {
|
||||
ip := netutil.NetAddrToAddrPort(pctx.Addr).Addr()
|
||||
if ip == (netip.Addr{}) {
|
||||
// This would be quite weird if we get here.
|
||||
return
|
||||
}
|
||||
@@ -160,7 +203,8 @@ func onDNSRequest(pctx *proxy.DNSContext) {
|
||||
if srcs.RDNS && !ip.IsLoopback() {
|
||||
Context.rdns.Begin(ip)
|
||||
}
|
||||
if srcs.WHOIS && !netutil.IsSpecialPurpose(ip) {
|
||||
|
||||
if srcs.WHOIS && !netutil.IsSpecialPurposeAddr(ip) {
|
||||
Context.whois.Begin(ip)
|
||||
}
|
||||
}
|
||||
@@ -191,24 +235,21 @@ func ipsToUDPAddrs(ips []netip.Addr, port int) (udpAddrs []*net.UDPAddr) {
|
||||
return udpAddrs
|
||||
}
|
||||
|
||||
func generateServerConfig() (newConf dnsforward.ServerConfig, err error) {
|
||||
func generateServerConfig(
|
||||
tlsConf *tlsConfigSettings,
|
||||
httpReg aghhttp.RegisterFunc,
|
||||
) (newConf dnsforward.ServerConfig, err error) {
|
||||
dnsConf := config.DNS
|
||||
hosts := dnsConf.BindHosts
|
||||
if len(hosts) == 0 {
|
||||
hosts = []netip.Addr{aghnet.IPv4Localhost()}
|
||||
}
|
||||
|
||||
hosts := aghalg.CoalesceSlice(dnsConf.BindHosts, []netip.Addr{netutil.IPv4Localhost()})
|
||||
newConf = dnsforward.ServerConfig{
|
||||
UDPListenAddrs: ipsToUDPAddrs(hosts, dnsConf.Port),
|
||||
TCPListenAddrs: ipsToTCPAddrs(hosts, dnsConf.Port),
|
||||
FilteringConfig: dnsConf.FilteringConfig,
|
||||
ConfigModified: onConfigModified,
|
||||
HTTPRegister: httpRegister,
|
||||
HTTPRegister: httpReg,
|
||||
OnDNSRequest: onDNSRequest,
|
||||
}
|
||||
|
||||
tlsConf := tlsConfigSettings{}
|
||||
Context.tls.WriteDiskConfig(&tlsConf)
|
||||
if tlsConf.Enabled {
|
||||
newConf.TLSConfig = tlsConf.TLSConfig
|
||||
newConf.TLSConfig.ServerName = tlsConf.ServerName
|
||||
@@ -226,7 +267,7 @@ func generateServerConfig() (newConf dnsforward.ServerConfig, err error) {
|
||||
}
|
||||
|
||||
if tlsConf.PortDNSCrypt != 0 {
|
||||
newConf.DNSCryptConfig, err = newDNSCrypt(hosts, tlsConf)
|
||||
newConf.DNSCryptConfig, err = newDNSCrypt(hosts, *tlsConf)
|
||||
if err != nil {
|
||||
// Don't wrap the error, because it's already
|
||||
// wrapped by newDNSCrypt.
|
||||
@@ -400,15 +441,12 @@ func startDNSServer() error {
|
||||
|
||||
const topClientsNumber = 100 // the number of clients to get
|
||||
for _, ip := range Context.stats.TopClientsIP(topClientsNumber) {
|
||||
if ip == nil {
|
||||
continue
|
||||
}
|
||||
|
||||
srcs := config.Clients.Sources
|
||||
if srcs.RDNS && !ip.IsLoopback() {
|
||||
Context.rdns.Begin(ip)
|
||||
}
|
||||
if srcs.WHOIS && !netutil.IsSpecialPurpose(ip) {
|
||||
|
||||
if srcs.WHOIS && !netutil.IsSpecialPurposeAddr(ip) {
|
||||
Context.whois.Begin(ip)
|
||||
}
|
||||
}
|
||||
@@ -418,7 +456,11 @@ func startDNSServer() error {
|
||||
|
||||
func reconfigureDNSServer() (err error) {
|
||||
var newConf dnsforward.ServerConfig
|
||||
newConf, err = generateServerConfig()
|
||||
|
||||
tlsConf := &tlsConfigSettings{}
|
||||
Context.tls.WriteDiskConfig(tlsConf)
|
||||
|
||||
newConf, err = generateServerConfig(tlsConf, httpRegister)
|
||||
if err != nil {
|
||||
return fmt.Errorf("generating forwarding dns server config: %w", err)
|
||||
}
|
||||
|
||||
@@ -455,6 +455,10 @@ func run(opts options, clientBuildFS fs.FS) {
|
||||
err = setupConfig(opts)
|
||||
fatalOnError(err)
|
||||
|
||||
// TODO(e.burkov): This could be made earlier, probably as the option's
|
||||
// effect.
|
||||
cmdlineUpdate(opts)
|
||||
|
||||
if !Context.firstRun {
|
||||
// Save the updated config
|
||||
err = config.write()
|
||||
@@ -514,14 +518,15 @@ func run(opts options, clientBuildFS fs.FS) {
|
||||
|
||||
Context.tls, err = newTLSManager(config.TLS)
|
||||
if err != nil {
|
||||
log.Fatalf("initializing tls: %s", err)
|
||||
log.Error("initializing tls: %s", err)
|
||||
onConfigModified()
|
||||
}
|
||||
|
||||
Context.web, err = initWeb(opts, clientBuildFS)
|
||||
fatalOnError(err)
|
||||
|
||||
if !Context.firstRun {
|
||||
err = initDNSServer()
|
||||
err = initDNS()
|
||||
fatalOnError(err)
|
||||
|
||||
Context.tls.start()
|
||||
@@ -548,9 +553,18 @@ func run(opts options, clientBuildFS fs.FS) {
|
||||
select {}
|
||||
}
|
||||
|
||||
func (c *configuration) anonymizer() (ipmut *aghnet.IPMut) {
|
||||
var anonFunc aghnet.IPMutFunc
|
||||
if c.DNS.AnonymizeClientIP {
|
||||
anonFunc = querylog.AnonymizeIP
|
||||
}
|
||||
|
||||
return aghnet.NewIPMut(anonFunc)
|
||||
}
|
||||
|
||||
// startMods initializes and starts the DNS server after installation.
|
||||
func startMods() error {
|
||||
err := initDNSServer()
|
||||
func startMods() (err error) {
|
||||
err = initDNS()
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
@@ -576,7 +590,7 @@ func checkPermissions() {
|
||||
}
|
||||
|
||||
// We should check if AdGuard Home is able to bind to port 53
|
||||
err := aghnet.CheckPort("tcp", netip.AddrPortFrom(aghnet.IPv4Localhost(), defaultPortDNS))
|
||||
err := aghnet.CheckPort("tcp", netip.AddrPortFrom(netutil.IPv4Localhost(), defaultPortDNS))
|
||||
if err != nil {
|
||||
if errors.Is(err, os.ErrPermission) {
|
||||
log.Fatal(`Permission check failed.
|
||||
@@ -921,9 +935,53 @@ func getHTTPProxy(_ *http.Request) (*url.URL, error) {
|
||||
|
||||
// jsonError is a generic JSON error response.
|
||||
//
|
||||
// TODO(a.garipov): Merge together with the implementations in .../dhcpd and
|
||||
// other packages after refactoring the web handler registering.
|
||||
// TODO(a.garipov): Merge together with the implementations in [dhcpd] and other
|
||||
// packages after refactoring the web handler registering.
|
||||
type jsonError struct {
|
||||
// Message is the error message, an opaque string.
|
||||
Message string `json:"message"`
|
||||
}
|
||||
|
||||
// cmdlineUpdate updates current application and exits.
|
||||
func cmdlineUpdate(opts options) {
|
||||
if !opts.performUpdate {
|
||||
return
|
||||
}
|
||||
|
||||
// Initialize the DNS server to use the internal resolver which the updater
|
||||
// needs to be able to resolve the update source hostname.
|
||||
//
|
||||
// TODO(e.burkov): We could probably initialize the internal resolver
|
||||
// separately.
|
||||
err := initDNSServer(nil, nil, nil, nil, nil, nil, &tlsConfigSettings{})
|
||||
fatalOnError(err)
|
||||
|
||||
log.Info("cmdline update: performing update")
|
||||
|
||||
updater := Context.updater
|
||||
info, err := updater.VersionInfo(true)
|
||||
if err != nil {
|
||||
vcu := updater.VersionCheckURL()
|
||||
log.Error("getting version info from %s: %s", vcu, err)
|
||||
|
||||
os.Exit(1)
|
||||
}
|
||||
|
||||
if info.NewVersion == version.Version() {
|
||||
log.Info("no updates available")
|
||||
|
||||
os.Exit(0)
|
||||
}
|
||||
|
||||
err = updater.Update(Context.firstRun)
|
||||
fatalOnError(err)
|
||||
|
||||
err = restartService()
|
||||
if err != nil {
|
||||
log.Debug("restarting service: %s", err)
|
||||
log.Info("AdGuard Home was not installed as a service. " +
|
||||
"Please restart running instances of AdGuardHome manually.")
|
||||
}
|
||||
|
||||
os.Exit(0)
|
||||
}
|
||||
|
||||
@@ -47,6 +47,9 @@ type options struct {
|
||||
// disableUpdate, if set, makes AdGuard Home not check for updates.
|
||||
disableUpdate bool
|
||||
|
||||
// performUpdate, if set, updates AdGuard Home without GUI and exits.
|
||||
performUpdate bool
|
||||
|
||||
// verbose shows if verbose logging is enabled.
|
||||
verbose bool
|
||||
|
||||
@@ -221,6 +224,14 @@ var cmdLineOpts = []cmdLineOpt{{
|
||||
description: "Don't check for updates.",
|
||||
longName: "no-check-update",
|
||||
shortName: "",
|
||||
}, {
|
||||
updateWithValue: nil,
|
||||
updateNoValue: func(o options) (options, error) { o.performUpdate = true; return o, nil },
|
||||
effect: nil,
|
||||
serialize: func(o options) (val string, ok bool) { return "", o.performUpdate },
|
||||
description: "Update the current binary and restart the service in case it's installed.",
|
||||
longName: "update",
|
||||
shortName: "",
|
||||
}, {
|
||||
updateWithValue: nil,
|
||||
updateNoValue: nil,
|
||||
|
||||
@@ -103,6 +103,11 @@ func TestParseDisableUpdate(t *testing.T) {
|
||||
assert.True(t, testParseOK(t, "--no-check-update").disableUpdate, "--no-check-update is disable update")
|
||||
}
|
||||
|
||||
func TestParsePerformUpdate(t *testing.T) {
|
||||
assert.False(t, testParseOK(t).performUpdate, "empty is not perform update")
|
||||
assert.True(t, testParseOK(t, "--update").performUpdate, "--update is perform update")
|
||||
}
|
||||
|
||||
// TODO(e.burkov): Remove after v0.108.0.
|
||||
func TestParseDisableMemoryOptimization(t *testing.T) {
|
||||
o, eff, err := parseCmdOpts("", []string{"--no-mem-optimization"})
|
||||
@@ -169,6 +174,10 @@ func TestOptsToArgs(t *testing.T) {
|
||||
name: "disable_update",
|
||||
args: []string{"--no-check-update"},
|
||||
opts: options{disableUpdate: true},
|
||||
}, {
|
||||
name: "perform_update",
|
||||
args: []string{"--update"},
|
||||
opts: options{performUpdate: true},
|
||||
}, {
|
||||
name: "control_action",
|
||||
args: []string{"-s", "run"},
|
||||
|
||||
@@ -2,7 +2,7 @@ package home
|
||||
|
||||
import (
|
||||
"encoding/binary"
|
||||
"net"
|
||||
"net/netip"
|
||||
"sync/atomic"
|
||||
"time"
|
||||
|
||||
@@ -21,7 +21,7 @@ type RDNS struct {
|
||||
usePrivate uint32
|
||||
|
||||
// ipCh used to pass client's IP to rDNS workerLoop.
|
||||
ipCh chan net.IP
|
||||
ipCh chan netip.Addr
|
||||
|
||||
// ipCache caches the IP addresses to be resolved by rDNS. The resolved
|
||||
// address stays here while it's inside clients. After leaving clients the
|
||||
@@ -50,7 +50,7 @@ func NewRDNS(
|
||||
EnableLRU: true,
|
||||
MaxCount: defaultRDNSCacheSize,
|
||||
}),
|
||||
ipCh: make(chan net.IP, defaultRDNSIPChSize),
|
||||
ipCh: make(chan netip.Addr, defaultRDNSIPChSize),
|
||||
}
|
||||
if usePrivate {
|
||||
rDNS.usePrivate = 1
|
||||
@@ -80,9 +80,10 @@ func (r *RDNS) ensurePrivateCache() {
|
||||
|
||||
// isCached returns true if ip is already cached and not expired yet. It also
|
||||
// caches it otherwise.
|
||||
func (r *RDNS) isCached(ip net.IP) (ok bool) {
|
||||
func (r *RDNS) isCached(ip netip.Addr) (ok bool) {
|
||||
ipBytes := ip.AsSlice()
|
||||
now := uint64(time.Now().Unix())
|
||||
if expire := r.ipCache.Get(ip); len(expire) != 0 {
|
||||
if expire := r.ipCache.Get(ipBytes); len(expire) != 0 {
|
||||
if binary.BigEndian.Uint64(expire) > now {
|
||||
return true
|
||||
}
|
||||
@@ -91,14 +92,14 @@ func (r *RDNS) isCached(ip net.IP) (ok bool) {
|
||||
// The cache entry either expired or doesn't exist.
|
||||
ttl := make([]byte, 8)
|
||||
binary.BigEndian.PutUint64(ttl, now+defaultRDNSCacheTTL)
|
||||
r.ipCache.Set(ip, ttl)
|
||||
r.ipCache.Set(ipBytes, ttl)
|
||||
|
||||
return false
|
||||
}
|
||||
|
||||
// Begin adds the ip to the resolving queue if it is not cached or already
|
||||
// resolved.
|
||||
func (r *RDNS) Begin(ip net.IP) {
|
||||
func (r *RDNS) Begin(ip netip.Addr) {
|
||||
r.ensurePrivateCache()
|
||||
|
||||
if r.isCached(ip) || r.clients.exists(ip, ClientSourceRDNS) {
|
||||
@@ -107,9 +108,9 @@ func (r *RDNS) Begin(ip net.IP) {
|
||||
|
||||
select {
|
||||
case r.ipCh <- ip:
|
||||
log.Tracef("rdns: %q added to queue", ip)
|
||||
log.Debug("rdns: %q added to queue", ip)
|
||||
default:
|
||||
log.Tracef("rdns: queue is full")
|
||||
log.Debug("rdns: queue is full")
|
||||
}
|
||||
}
|
||||
|
||||
@@ -119,7 +120,7 @@ func (r *RDNS) workerLoop() {
|
||||
defer log.OnPanic("rdns")
|
||||
|
||||
for ip := range r.ipCh {
|
||||
host, err := r.exchanger.Exchange(ip)
|
||||
host, err := r.exchanger.Exchange(ip.AsSlice())
|
||||
if err != nil {
|
||||
log.Debug("rdns: resolving %q: %s", ip, err)
|
||||
|
||||
@@ -128,8 +129,6 @@ func (r *RDNS) workerLoop() {
|
||||
continue
|
||||
}
|
||||
|
||||
// Don't handle any errors since AddHost doesn't return non-nil errors
|
||||
// for now.
|
||||
_, _ = r.clients.AddHost(ip, host, ClientSourceRDNS)
|
||||
_ = r.clients.AddHost(ip, host, ClientSourceRDNS)
|
||||
}
|
||||
}
|
||||
|
||||
@@ -27,14 +27,14 @@ func TestRDNS_Begin(t *testing.T) {
|
||||
w := &bytes.Buffer{}
|
||||
aghtest.ReplaceLogWriter(t, w)
|
||||
|
||||
ip1234, ip1235 := net.IP{1, 2, 3, 4}, net.IP{1, 2, 3, 5}
|
||||
ip1234, ip1235 := netip.MustParseAddr("1.2.3.4"), netip.MustParseAddr("1.2.3.5")
|
||||
|
||||
testCases := []struct {
|
||||
cliIDIndex map[string]*Client
|
||||
customChan chan net.IP
|
||||
customChan chan netip.Addr
|
||||
name string
|
||||
wantLog string
|
||||
req net.IP
|
||||
ip netip.Addr
|
||||
wantCacheHit int
|
||||
wantCacheMiss int
|
||||
}{{
|
||||
@@ -42,7 +42,7 @@ func TestRDNS_Begin(t *testing.T) {
|
||||
customChan: nil,
|
||||
name: "cached",
|
||||
wantLog: "",
|
||||
req: ip1234,
|
||||
ip: ip1234,
|
||||
wantCacheHit: 1,
|
||||
wantCacheMiss: 0,
|
||||
}, {
|
||||
@@ -50,7 +50,7 @@ func TestRDNS_Begin(t *testing.T) {
|
||||
customChan: nil,
|
||||
name: "not_cached",
|
||||
wantLog: "rdns: queue is full",
|
||||
req: ip1235,
|
||||
ip: ip1235,
|
||||
wantCacheHit: 0,
|
||||
wantCacheMiss: 1,
|
||||
}, {
|
||||
@@ -58,15 +58,15 @@ func TestRDNS_Begin(t *testing.T) {
|
||||
customChan: nil,
|
||||
name: "already_in_clients",
|
||||
wantLog: "",
|
||||
req: ip1235,
|
||||
ip: ip1235,
|
||||
wantCacheHit: 0,
|
||||
wantCacheMiss: 1,
|
||||
}, {
|
||||
cliIDIndex: map[string]*Client{},
|
||||
customChan: make(chan net.IP, 1),
|
||||
customChan: make(chan netip.Addr, 1),
|
||||
name: "add_to_queue",
|
||||
wantLog: `rdns: "1.2.3.5" added to queue`,
|
||||
req: ip1235,
|
||||
ip: ip1235,
|
||||
wantCacheHit: 0,
|
||||
wantCacheMiss: 1,
|
||||
}}
|
||||
@@ -102,7 +102,7 @@ func TestRDNS_Begin(t *testing.T) {
|
||||
}
|
||||
|
||||
t.Run(tc.name, func(t *testing.T) {
|
||||
rdns.Begin(tc.req)
|
||||
rdns.Begin(tc.ip)
|
||||
assert.Equal(t, tc.wantCacheHit, ipCache.Stats().Hit)
|
||||
assert.Equal(t, tc.wantCacheMiss, ipCache.Stats().Miss)
|
||||
assert.Contains(t, w.String(), tc.wantLog)
|
||||
@@ -179,8 +179,8 @@ func TestRDNS_WorkerLoop(t *testing.T) {
|
||||
w := &bytes.Buffer{}
|
||||
aghtest.ReplaceLogWriter(t, w)
|
||||
|
||||
localIP := net.IP{192, 168, 1, 1}
|
||||
revIPv4, err := netutil.IPToReversedAddr(localIP)
|
||||
localIP := netip.MustParseAddr("192.168.1.1")
|
||||
revIPv4, err := netutil.IPToReversedAddr(localIP.AsSlice())
|
||||
require.NoError(t, err)
|
||||
|
||||
revIPv6, err := netutil.IPToReversedAddr(net.ParseIP("2a00:1450:400c:c06::93"))
|
||||
@@ -201,24 +201,24 @@ func TestRDNS_WorkerLoop(t *testing.T) {
|
||||
|
||||
testCases := []struct {
|
||||
ups upstream.Upstream
|
||||
cliIP netip.Addr
|
||||
wantLog string
|
||||
name string
|
||||
cliIP net.IP
|
||||
}{{
|
||||
ups: locUpstream,
|
||||
cliIP: localIP,
|
||||
wantLog: "",
|
||||
name: "all_good",
|
||||
cliIP: localIP,
|
||||
}, {
|
||||
ups: errUpstream,
|
||||
cliIP: netip.MustParseAddr("192.168.1.2"),
|
||||
wantLog: `rdns: resolving "192.168.1.2": test upstream error`,
|
||||
name: "resolve_error",
|
||||
cliIP: net.IP{192, 168, 1, 2},
|
||||
}, {
|
||||
ups: locUpstream,
|
||||
cliIP: netip.MustParseAddr("2a00:1450:400c:c06::93"),
|
||||
wantLog: "",
|
||||
name: "ipv6_good",
|
||||
cliIP: net.ParseIP("2a00:1450:400c:c06::93"),
|
||||
}}
|
||||
|
||||
for _, tc := range testCases {
|
||||
@@ -230,7 +230,7 @@ func TestRDNS_WorkerLoop(t *testing.T) {
|
||||
ipToRC: map[netip.Addr]*RuntimeClient{},
|
||||
allTags: stringutil.NewSet(),
|
||||
}
|
||||
ch := make(chan net.IP)
|
||||
ch := make(chan netip.Addr)
|
||||
rdns := &RDNS{
|
||||
exchanger: &rDNSExchanger{
|
||||
ex: tc.ups,
|
||||
|
||||
@@ -159,6 +159,38 @@ func sendSigReload() {
|
||||
log.Debug("service: sent signal to pid %d", pid)
|
||||
}
|
||||
|
||||
// restartService restarts the service. It returns error if the service is not
|
||||
// running.
|
||||
func restartService() (err error) {
|
||||
// Call chooseSystem explicitly to introduce OpenBSD support for service
|
||||
// package. It's a noop for other GOOS values.
|
||||
chooseSystem()
|
||||
|
||||
pwd, err := os.Getwd()
|
||||
if err != nil {
|
||||
return fmt.Errorf("getting current directory: %w", err)
|
||||
}
|
||||
|
||||
svcConfig := &service.Config{
|
||||
Name: serviceName,
|
||||
DisplayName: serviceDisplayName,
|
||||
Description: serviceDescription,
|
||||
WorkingDirectory: pwd,
|
||||
}
|
||||
configureService(svcConfig)
|
||||
|
||||
var s service.Service
|
||||
if s, err = service.New(&program{}, svcConfig); err != nil {
|
||||
return fmt.Errorf("initializing service: %w", err)
|
||||
}
|
||||
|
||||
if err = svcAction(s, "restart"); err != nil {
|
||||
return fmt.Errorf("restarting service: %w", err)
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
// handleServiceControlAction one of the possible control actions:
|
||||
//
|
||||
// - install: Installs a service/daemon.
|
||||
|
||||
@@ -7,6 +7,8 @@ import (
|
||||
"github.com/kardianos/service"
|
||||
)
|
||||
|
||||
// chooseSystem checks the current system detected and substitutes it with local
|
||||
// implementation if needed.
|
||||
func chooseSystem() {
|
||||
sys := service.ChosenSystem()
|
||||
// By default, package service uses the SysV system if it cannot detect
|
||||
|
||||
@@ -30,6 +30,8 @@ import (
|
||||
// sysVersion is the version of local service.System interface implementation.
|
||||
const sysVersion = "openbsd-runcom"
|
||||
|
||||
// chooseSystem checks the current system detected and substitutes it with local
|
||||
// implementation if needed.
|
||||
func chooseSystem() {
|
||||
service.ChooseSystem(openbsdSystem{})
|
||||
}
|
||||
|
||||
@@ -40,7 +40,9 @@ type tlsManager struct {
|
||||
conf tlsConfigSettings
|
||||
}
|
||||
|
||||
// newTLSManager initializes the TLS configuration.
|
||||
// newTLSManager initializes the manager of TLS configuration. m is always
|
||||
// non-nil while any returned error indicates that the TLS configuration isn't
|
||||
// valid. Thus TLS may be initialized later, e.g. via the web UI.
|
||||
func newTLSManager(conf tlsConfigSettings) (m *tlsManager, err error) {
|
||||
m = &tlsManager{
|
||||
status: &tlsConfigStatus{},
|
||||
@@ -50,7 +52,9 @@ func newTLSManager(conf tlsConfigSettings) (m *tlsManager, err error) {
|
||||
if m.conf.Enabled {
|
||||
err = m.load()
|
||||
if err != nil {
|
||||
return nil, err
|
||||
m.conf.Enabled = false
|
||||
|
||||
return m, err
|
||||
}
|
||||
|
||||
m.setCertFileTime()
|
||||
@@ -513,6 +517,11 @@ func validateCertChain(certs []*x509.Certificate, srvName string) (err error) {
|
||||
return nil
|
||||
}
|
||||
|
||||
// errNoIPInCert is the error that is returned from [parseCertChain] if the leaf
|
||||
// certificate doesn't contain IPs.
|
||||
const errNoIPInCert errors.Error = `certificates has no IP addresses; ` +
|
||||
`DNS-over-TLS won't be advertised via DDR`
|
||||
|
||||
// parseCertChain parses the certificate chain from raw data, and returns it.
|
||||
// If ok is true, the returned error, if any, is not critical.
|
||||
func parseCertChain(chain []byte) (parsedCerts []*x509.Certificate, ok bool, err error) {
|
||||
@@ -535,8 +544,7 @@ func parseCertChain(chain []byte) (parsedCerts []*x509.Certificate, ok bool, err
|
||||
log.Info("tls: number of certs: %d", len(parsedCerts))
|
||||
|
||||
if !aghtls.CertificateHasIP(parsedCerts[0]) {
|
||||
err = errors.Error(`certificate has no IP addresses` +
|
||||
`, this may cause issues with DNS-over-TLS clients`)
|
||||
err = errNoIPInCert
|
||||
}
|
||||
|
||||
return parsedCerts, true, err
|
||||
|
||||
@@ -6,6 +6,7 @@ import (
|
||||
"fmt"
|
||||
"io"
|
||||
"net"
|
||||
"net/netip"
|
||||
"strings"
|
||||
"time"
|
||||
|
||||
@@ -26,7 +27,7 @@ const (
|
||||
// WHOIS - module context
|
||||
type WHOIS struct {
|
||||
clients *clientsContainer
|
||||
ipChan chan net.IP
|
||||
ipChan chan netip.Addr
|
||||
|
||||
// dialContext specifies the dial function for creating unencrypted TCP
|
||||
// connections.
|
||||
@@ -51,7 +52,7 @@ func initWHOIS(clients *clientsContainer) *WHOIS {
|
||||
MaxCount: 10000,
|
||||
}),
|
||||
dialContext: customDialContext,
|
||||
ipChan: make(chan net.IP, 255),
|
||||
ipChan: make(chan netip.Addr, 255),
|
||||
}
|
||||
|
||||
go w.workerLoop()
|
||||
@@ -192,7 +193,7 @@ func (w *WHOIS) queryAll(ctx context.Context, target string) (string, error) {
|
||||
}
|
||||
|
||||
// Request WHOIS information
|
||||
func (w *WHOIS) process(ctx context.Context, ip net.IP) (wi *RuntimeClientWHOISInfo) {
|
||||
func (w *WHOIS) process(ctx context.Context, ip netip.Addr) (wi *RuntimeClientWHOISInfo) {
|
||||
resp, err := w.queryAll(ctx, ip.String())
|
||||
if err != nil {
|
||||
log.Debug("whois: error: %s IP:%s", err, ip)
|
||||
@@ -220,24 +221,25 @@ func (w *WHOIS) process(ctx context.Context, ip net.IP) (wi *RuntimeClientWHOISI
|
||||
}
|
||||
|
||||
// Begin - begin requesting WHOIS info
|
||||
func (w *WHOIS) Begin(ip net.IP) {
|
||||
func (w *WHOIS) Begin(ip netip.Addr) {
|
||||
ipBytes := ip.AsSlice()
|
||||
now := uint64(time.Now().Unix())
|
||||
expire := w.ipAddrs.Get([]byte(ip))
|
||||
expire := w.ipAddrs.Get(ipBytes)
|
||||
if len(expire) != 0 {
|
||||
exp := binary.BigEndian.Uint64(expire)
|
||||
if exp > now {
|
||||
return
|
||||
}
|
||||
// TTL expired
|
||||
}
|
||||
|
||||
expire = make([]byte, 8)
|
||||
binary.BigEndian.PutUint64(expire, now+whoisTTL)
|
||||
_ = w.ipAddrs.Set([]byte(ip), expire)
|
||||
_ = w.ipAddrs.Set(ipBytes, expire)
|
||||
|
||||
log.Debug("whois: adding %s", ip)
|
||||
|
||||
select {
|
||||
case w.ipChan <- ip:
|
||||
//
|
||||
default:
|
||||
log.Debug("whois: queue is full")
|
||||
}
|
||||
|
||||
Some files were not shown because too many files have changed in this diff Show More
Reference in New Issue
Block a user