+ rewrites: support exceptions:

*.host -> IP
my.host -> my.host
*.my.host -> *.my.host

Requests for my.host and *.my.host will be passed to upstream servers,
 while all other requests for *.host will be answered with a rewritten IP
This commit is contained in:
Simon Zolin 2020-05-26 11:42:42 +03:00
parent 383507bc0c
commit 118b170210
3 changed files with 52 additions and 5 deletions

View File

@ -390,6 +390,7 @@ func (d *Dnsfilter) CheckHost(host string, qtype uint16, setts *RequestFiltering
// Process rewrites table // Process rewrites table
// . Find CNAME for a domain name (exact match or by wildcard) // . Find CNAME for a domain name (exact match or by wildcard)
// . if found and CNAME equals to domain name - this is an exception; exit
// . if found, set domain name to canonical name // . if found, set domain name to canonical name
// . repeat for the new domain name (Note: we return only the last CNAME) // . repeat for the new domain name (Note: we return only the last CNAME)
// . Find A or AAAA record for a domain name (exact match or by wildcard) // . Find A or AAAA record for a domain name (exact match or by wildcard)
@ -409,6 +410,12 @@ func (d *Dnsfilter) processRewrites(host string) Result {
origHost := host origHost := host
for len(rr) != 0 && rr[0].Type == dns.TypeCNAME { for len(rr) != 0 && rr[0].Type == dns.TypeCNAME {
log.Debug("Rewrite: CNAME for %s is %s", host, rr[0].Answer) log.Debug("Rewrite: CNAME for %s is %s", host, rr[0].Answer)
if host == rr[0].Answer { // "host == CNAME" is an exception
res.Reason = 0
return res
}
host = rr[0].Answer host = rr[0].Answer
_, ok := cnames[host] _, ok := cnames[host]
if ok { if ok {

View File

@ -43,14 +43,14 @@ func (a rewritesArray) Len() int { return len(a) }
func (a rewritesArray) Swap(i, j int) { a[i], a[j] = a[j], a[i] } func (a rewritesArray) Swap(i, j int) { a[i], a[j] = a[j], a[i] }
// Priority: // Priority:
// . CNAME > A/AAAA; // . CNAME < A/AAAA;
// . exact > wildcard; // . exact < wildcard;
// . higher level wildcard > lower level wildcard // . higher level wildcard < lower level wildcard
func (a rewritesArray) Less(i, j int) bool { func (a rewritesArray) Less(i, j int) bool {
if a[i].Type == dns.TypeCNAME && a[j].Type != dns.TypeCNAME { if a[i].Type == dns.TypeCNAME && a[j].Type != dns.TypeCNAME {
return false
} else if a[i].Type != dns.TypeCNAME && a[j].Type == dns.TypeCNAME {
return true return true
} else if a[i].Type != dns.TypeCNAME && a[j].Type == dns.TypeCNAME {
return false
} }
if isWildcard(a[i].Domain) { if isWildcard(a[i].Domain) {

View File

@ -125,3 +125,43 @@ func TestRewritesLevels(t *testing.T) {
assert.Equal(t, 1, len(r.IPList)) assert.Equal(t, 1, len(r.IPList))
assert.Equal(t, "3.3.3.3", r.IPList[0].String()) assert.Equal(t, "3.3.3.3", r.IPList[0].String())
} }
func TestRewritesException(t *testing.T) {
d := Dnsfilter{}
// wildcard; exception for a sub-domain
d.Rewrites = []RewriteEntry{
RewriteEntry{"*.host.com", "2.2.2.2", 0, nil},
RewriteEntry{"sub.host.com", "sub.host.com", 0, nil},
}
d.prepareRewrites()
// match sub-domain
r := d.processRewrites("my.host.com")
assert.Equal(t, ReasonRewrite, r.Reason)
assert.Equal(t, 1, len(r.IPList))
assert.Equal(t, "2.2.2.2", r.IPList[0].String())
// match sub-domain, but handle exception
r = d.processRewrites("sub.host.com")
assert.Equal(t, NotFilteredNotFound, r.Reason)
}
func TestRewritesExceptionWC(t *testing.T) {
d := Dnsfilter{}
// wildcard; exception for a sub-wildcard
d.Rewrites = []RewriteEntry{
RewriteEntry{"*.host.com", "2.2.2.2", 0, nil},
RewriteEntry{"*.sub.host.com", "*.sub.host.com", 0, nil},
}
d.prepareRewrites()
// match sub-domain
r := d.processRewrites("my.host.com")
assert.Equal(t, ReasonRewrite, r.Reason)
assert.Equal(t, 1, len(r.IPList))
assert.Equal(t, "2.2.2.2", r.IPList[0].String())
// match sub-domain, but handle exception
r = d.processRewrites("my.sub.host.com")
assert.Equal(t, NotFilteredNotFound, r.Reason)
}