From 2c2c0d445b338a1411208339816c75898f9fad5e Mon Sep 17 00:00:00 2001 From: Dimitry Kolyshev Date: Tue, 12 Apr 2022 15:45:18 +0300 Subject: [PATCH] Pull request #1473: svcb dohpath support Merge in DNS/adguard-home from 4463-ddr-support to master Squashed commit of the following: commit 99a149e9024354ad0341739c3c9b08cefbd74468 Author: Dimitry Kolyshev Date: Tue Apr 12 14:13:17 2022 +0200 imp docs commit 26150be8df8b35e47c108f6e3319c57b39fb8e38 Author: Dimitry Kolyshev Date: Mon Apr 11 20:36:18 2022 +0200 imp code docs commit 5a4607f71abba83a9ac8753abd74c9fb97e4a545 Merge: 00f0abf5 9f0fdc5e Author: Dimitry Kolyshev Date: Mon Apr 11 16:14:49 2022 +0200 Merge remote-tracking branch 'origin/master' into 4463-ddr-support # Conflicts: # internal/dnsforward/svcbmsg.go commit 00f0abf5eea07aeeebc2a856a958215021a51ab7 Author: Dimitry Kolyshev Date: Mon Apr 11 16:06:42 2022 +0200 svcb dohpath support commit ace81ce1ea2fb96c4434c6c1fded4a79427cf17e Author: Dimitry Kolyshev Date: Thu Apr 7 14:31:32 2022 +0200 svcb dohpath support commit a1b5df4fb2e87dab265d6ca55928610a6acc1c00 Author: Dimitry Kolyshev Date: Wed Apr 6 16:53:17 2022 +0200 svcb dohpath support --- CHANGELOG.md | 4 ++++ go.mod | 3 +++ go.sum | 2 ++ internal/dnsforward/dnsrewrite_test.go | 32 +++++++++++++++++++++----- internal/dnsforward/svcbmsg.go | 6 +++++ internal/dnsforward/svcbmsg_test.go | 4 ++++ 6 files changed, 45 insertions(+), 6 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index ca7d27ad..aa305b2a 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -17,6 +17,8 @@ and this project adheres to ### Added +- Support for SVCB/HTTPS parameter `dohpath` in filtering rules with + `dnsrewrite` modifier according to the [RFC draft][dns-draft-02] ([#4463]). - The ability to customize the set of networks that are considered private through the new `dns.private_networks` property in the configuration file ([#3142]). @@ -120,10 +122,12 @@ In this release, the schema version has changed from 12 to 13. [#4238]: https://github.com/AdguardTeam/AdGuardHome/issues/4238 [#4276]: https://github.com/AdguardTeam/AdGuardHome/issues/4276 [#4437]: https://github.com/AdguardTeam/AdGuardHome/issues/4437 +[#4463]: https://github.com/AdguardTeam/AdGuardHome/issues/4463 [repr]: https://reproducible-builds.org/docs/source-date-epoch/ [doq-draft-10]: https://datatracker.ietf.org/doc/html/draft-ietf-dprive-dnsoquic-10#section-10.2 [svcb-draft-08]: https://www.ietf.org/archive/id/draft-ietf-dnsop-svcb-https-08.html +[dns-draft-02]: https://datatracker.ietf.org/doc/html/draft-ietf-add-svcb-dns-02#section-5.1 diff --git a/go.mod b/go.mod index 1886d519..110f2bbb 100644 --- a/go.mod +++ b/go.mod @@ -64,3 +64,6 @@ require ( gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b // indirect honnef.co/go/tools v0.2.2 // indirect ) + +// TODO(a.garipov): Return to the main repo once miekg/dns#1359 is merged. +replace github.com/miekg/dns => github.com/ainar-g/dns v1.1.49-0.20220411125901-8a162bbc18d8 diff --git a/go.sum b/go.sum index 1e8c5022..e405e27c 100644 --- a/go.sum +++ b/go.sum @@ -29,6 +29,8 @@ github.com/aead/chacha20 v0.0.0-20180709150244-8b13a72661da h1:KjTM2ks9d14ZYCvmH github.com/aead/chacha20 v0.0.0-20180709150244-8b13a72661da/go.mod h1:eHEWzANqSiWQsof+nXEI9bUVUyV6F53Fp89EuCh2EAA= github.com/aead/poly1305 v0.0.0-20180717145839-3fee0db0b635 h1:52m0LGchQBBVqJRyYYufQuIbVqRawmubW3OFGqK1ekw= github.com/aead/poly1305 v0.0.0-20180717145839-3fee0db0b635/go.mod h1:lmLxL+FV291OopO93Bwf9fQLQeLyt33VJRUg5VJ30us= +github.com/ainar-g/dns v1.1.49-0.20220411125901-8a162bbc18d8 h1:Hp2waLwK989ui3bDkFpedlIHfyWdZ77gynvd+GPEqXY= +github.com/ainar-g/dns v1.1.49-0.20220411125901-8a162bbc18d8/go.mod h1:e3IlAVfNqAllflbibAZEWOXOQ+Ynzk/dDozDxY7XnME= github.com/ameshkov/dnscrypt/v2 v2.2.3 h1:X9UP5AHtwp46Ji+sGFfF/1Is6OPI/SjxLqhKpx0P5UI= github.com/ameshkov/dnscrypt/v2 v2.2.3/go.mod h1:xJB9cE1/GF+NB6EEQqRlkoa4bjcV2w7VYn1G+zVq7Bs= github.com/ameshkov/dnsstamps v1.0.1/go.mod h1:Ii3eUu73dx4Vw5O4wjzmT5+lkCwovjzaEZZ4gKyIH5A= diff --git a/internal/dnsforward/dnsrewrite_test.go b/internal/dnsforward/dnsrewrite_test.go index 347b8f29..5ba10582 100644 --- a/internal/dnsforward/dnsrewrite_test.go +++ b/internal/dnsforward/dnsrewrite_test.go @@ -22,7 +22,7 @@ func TestServer_FilterDNSRewrite(t *testing.T) { Preference: 32, } svcbVal := &rules.DNSSVCB{ - Params: map[string]string{"alpn": "h3"}, + Params: map[string]string{"alpn": "h3", "dohpath": "/dns-query"}, Target: dns.Fqdn(domain), Priority: 32, } @@ -164,10 +164,20 @@ func TestServer_FilterDNSRewrite(t *testing.T) { require.Len(t, d.Res.Answer, 1) ans, ok := d.Res.Answer[0].(*dns.SVCB) - require.True(t, ok) - assert.Equal(t, dns.SVCB_ALPN, ans.Value[0].Key()) - assert.Equal(t, svcbVal.Params["alpn"], ans.Value[0].String()) + require.True(t, ok) + require.Len(t, ans.Value, 2) + + assert.ElementsMatch( + t, + []dns.SVCBKey{dns.SVCB_ALPN, dns.SVCB_DOHPATH}, + []dns.SVCBKey{ans.Value[0].Key(), ans.Value[1].Key()}, + ) + assert.ElementsMatch( + t, + []string{svcbVal.Params["alpn"], svcbVal.Params["dohpath"]}, + []string{ans.Value[0].String(), ans.Value[1].String()}, + ) assert.Equal(t, svcbVal.Target, ans.Target) assert.Equal(t, svcbVal.Priority, ans.Priority) }) @@ -186,8 +196,18 @@ func TestServer_FilterDNSRewrite(t *testing.T) { ans, ok := d.Res.Answer[0].(*dns.HTTPS) require.True(t, ok) - assert.Equal(t, dns.SVCB_ALPN, ans.Value[0].Key()) - assert.Equal(t, svcbVal.Params["alpn"], ans.Value[0].String()) + require.Len(t, ans.Value, 2) + + assert.ElementsMatch( + t, + []dns.SVCBKey{dns.SVCB_ALPN, dns.SVCB_DOHPATH}, + []dns.SVCBKey{ans.Value[0].Key(), ans.Value[1].Key()}, + ) + assert.ElementsMatch( + t, + []string{svcbVal.Params["alpn"], svcbVal.Params["dohpath"]}, + []string{ans.Value[0].String(), ans.Value[1].String()}, + ) assert.Equal(t, svcbVal.Target, ans.Target) assert.Equal(t, svcbVal.Priority, ans.Priority) }) diff --git a/internal/dnsforward/svcbmsg.go b/internal/dnsforward/svcbmsg.go index 3d25f05b..d1e3e3d8 100644 --- a/internal/dnsforward/svcbmsg.go +++ b/internal/dnsforward/svcbmsg.go @@ -143,6 +143,12 @@ var svcbKeyHandlers = map[string]svcbKeyHandler{ ECH: ech, } }, + + "dohpath": func(valStr string) (val dns.SVCBKeyValue) { + return &dns.SVCBDoHPath{ + Template: valStr, + } + }, } // genAnswerSVCB returns a properly initialized SVCB resource record. diff --git a/internal/dnsforward/svcbmsg_test.go b/internal/dnsforward/svcbmsg_test.go index 28794531..8de53988 100644 --- a/internal/dnsforward/svcbmsg_test.go +++ b/internal/dnsforward/svcbmsg_test.go @@ -127,6 +127,10 @@ func TestGenAnswerHTTPS_andSVCB(t *testing.T) { svcb: dnssvcb("no-default-alpn", ""), want: wantsvcb(&dns.SVCBNoDefaultAlpn{}), name: "no_default_alpn", + }, { + svcb: dnssvcb("dohpath", "/dns-query"), + want: wantsvcb(&dns.SVCBDoHPath{Template: "/dns-query"}), + name: "dohpath", }, { svcb: dnssvcb("port", "8080"), want: wantsvcb(&dns.SVCBPort{Port: 8080}),