Merge pull request #122 in DNS/adguard-dns from feature/dnsproxy to master
* commit '374a0dc2e5b8a93ada7e69242a909607756074c8': Fixing review comments fix imports changed to logrus Start using dnsproxy
This commit is contained in:
commit
8227970d39
|
@ -12,6 +12,8 @@ import (
|
||||||
"strings"
|
"strings"
|
||||||
"time"
|
"time"
|
||||||
|
|
||||||
|
"github.com/AdguardTeam/dnsproxy/upstream"
|
||||||
|
|
||||||
"github.com/AdguardTeam/AdGuardHome/dnsforward"
|
"github.com/AdguardTeam/AdGuardHome/dnsforward"
|
||||||
"github.com/miekg/dns"
|
"github.com/miekg/dns"
|
||||||
|
|
||||||
|
@ -204,7 +206,7 @@ func handleTestUpstreamDNS(w http.ResponseWriter, r *http.Request) {
|
||||||
|
|
||||||
func checkDNS(input string) error {
|
func checkDNS(input string) error {
|
||||||
log.Printf("Checking if DNS %s works...", input)
|
log.Printf("Checking if DNS %s works...", input)
|
||||||
u, err := dnsforward.AddressToUpstream(input, "")
|
u, err := upstream.AddressToUpstream(input, "")
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return fmt.Errorf("Failed to choose upstream for %s: %s", input, err)
|
return fmt.Errorf("Failed to choose upstream for %s: %s", input, err)
|
||||||
}
|
}
|
||||||
|
|
6
dns.go
6
dns.go
|
@ -7,6 +7,7 @@ import (
|
||||||
|
|
||||||
"github.com/AdguardTeam/AdGuardHome/dnsfilter"
|
"github.com/AdguardTeam/AdGuardHome/dnsfilter"
|
||||||
"github.com/AdguardTeam/AdGuardHome/dnsforward"
|
"github.com/AdguardTeam/AdGuardHome/dnsforward"
|
||||||
|
"github.com/AdguardTeam/dnsproxy/upstream"
|
||||||
"github.com/joomcode/errorx"
|
"github.com/joomcode/errorx"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
@ -37,7 +38,7 @@ func generateServerConfig() dnsforward.ServerConfig {
|
||||||
}
|
}
|
||||||
|
|
||||||
for _, u := range config.DNS.UpstreamDNS {
|
for _, u := range config.DNS.UpstreamDNS {
|
||||||
upstream, err := dnsforward.AddressToUpstream(u, config.DNS.BootstrapDNS)
|
upstream, err := upstream.AddressToUpstream(u, config.DNS.BootstrapDNS)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Printf("Couldn't get upstream: %s", err)
|
log.Printf("Couldn't get upstream: %s", err)
|
||||||
// continue, just ignore the upstream
|
// continue, just ignore the upstream
|
||||||
|
@ -67,7 +68,8 @@ func reconfigureDNSServer() error {
|
||||||
return fmt.Errorf("Refusing to reconfigure forwarding DNS server: not running")
|
return fmt.Errorf("Refusing to reconfigure forwarding DNS server: not running")
|
||||||
}
|
}
|
||||||
|
|
||||||
err := dnsServer.Reconfigure(generateServerConfig())
|
config := generateServerConfig()
|
||||||
|
err := dnsServer.Reconfigure(&config)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return errorx.Decorate(err, "Couldn't start forwarding DNS server")
|
return errorx.Decorate(err, "Couldn't start forwarding DNS server")
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,107 +0,0 @@
|
||||||
package dnsforward
|
|
||||||
|
|
||||||
import (
|
|
||||||
"context"
|
|
||||||
"crypto/tls"
|
|
||||||
"fmt"
|
|
||||||
"net"
|
|
||||||
"net/url"
|
|
||||||
"strings"
|
|
||||||
"sync"
|
|
||||||
|
|
||||||
"github.com/joomcode/errorx"
|
|
||||||
)
|
|
||||||
|
|
||||||
type bootstrapper struct {
|
|
||||||
address string // in form of "tls://one.one.one.one:853"
|
|
||||||
resolver *net.Resolver // resolver to use to resolve hostname, if neccessary
|
|
||||||
resolved string // in form "IP:port"
|
|
||||||
resolvedConfig *tls.Config
|
|
||||||
sync.Mutex
|
|
||||||
}
|
|
||||||
|
|
||||||
func toBoot(address, bootstrapAddr string) bootstrapper {
|
|
||||||
var resolver *net.Resolver
|
|
||||||
if bootstrapAddr != "" {
|
|
||||||
resolver = &net.Resolver{
|
|
||||||
PreferGo: true,
|
|
||||||
Dial: func(ctx context.Context, network, address string) (net.Conn, error) {
|
|
||||||
d := net.Dialer{}
|
|
||||||
return d.DialContext(ctx, network, bootstrapAddr)
|
|
||||||
},
|
|
||||||
}
|
|
||||||
}
|
|
||||||
return bootstrapper{
|
|
||||||
address: address,
|
|
||||||
resolver: resolver,
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
// will get usable IP address from Address field, and caches the result
|
|
||||||
func (n *bootstrapper) get() (string, *tls.Config, error) {
|
|
||||||
// TODO: RLock() here but atomically upgrade to Lock() if fast path doesn't work
|
|
||||||
n.Lock()
|
|
||||||
if n.resolved != "" { // fast path
|
|
||||||
retval, tlsconfig := n.resolved, n.resolvedConfig
|
|
||||||
n.Unlock()
|
|
||||||
return retval, tlsconfig, nil
|
|
||||||
}
|
|
||||||
|
|
||||||
//
|
|
||||||
// slow path
|
|
||||||
//
|
|
||||||
|
|
||||||
defer n.Unlock()
|
|
||||||
|
|
||||||
justHostPort := n.address
|
|
||||||
if strings.Contains(n.address, "://") {
|
|
||||||
url, err := url.Parse(n.address)
|
|
||||||
if err != nil {
|
|
||||||
return "", nil, errorx.Decorate(err, "Failed to parse %s", n.address)
|
|
||||||
}
|
|
||||||
|
|
||||||
justHostPort = url.Host
|
|
||||||
}
|
|
||||||
|
|
||||||
// convert host to IP if neccessary, we know that it's scheme://hostname:port/
|
|
||||||
|
|
||||||
// get a host without port
|
|
||||||
host, port, err := net.SplitHostPort(justHostPort)
|
|
||||||
if err != nil {
|
|
||||||
return "", nil, fmt.Errorf("bootstrapper requires port in address %s", n.address)
|
|
||||||
}
|
|
||||||
|
|
||||||
// if it's an IP
|
|
||||||
ip := net.ParseIP(host)
|
|
||||||
if ip != nil {
|
|
||||||
n.resolved = justHostPort
|
|
||||||
return n.resolved, nil, nil
|
|
||||||
}
|
|
||||||
|
|
||||||
//
|
|
||||||
// if it's a hostname
|
|
||||||
//
|
|
||||||
|
|
||||||
resolver := n.resolver // no need to check for nil resolver -- documented that nil is default resolver
|
|
||||||
addrs, err := resolver.LookupIPAddr(context.TODO(), host)
|
|
||||||
if err != nil {
|
|
||||||
return "", nil, errorx.Decorate(err, "Failed to lookup %s", host)
|
|
||||||
}
|
|
||||||
for _, addr := range addrs {
|
|
||||||
// TODO: support ipv6, support multiple ipv4
|
|
||||||
if addr.IP.To4() == nil {
|
|
||||||
continue
|
|
||||||
}
|
|
||||||
ip = addr.IP
|
|
||||||
break
|
|
||||||
}
|
|
||||||
|
|
||||||
if ip == nil {
|
|
||||||
// couldn't find any suitable IP address
|
|
||||||
return "", nil, fmt.Errorf("Couldn't find any suitable IP address for host %s", host)
|
|
||||||
}
|
|
||||||
|
|
||||||
n.resolved = net.JoinHostPort(ip.String(), port)
|
|
||||||
n.resolvedConfig = &tls.Config{ServerName: host}
|
|
||||||
return n.resolved, n.resolvedConfig, nil
|
|
||||||
}
|
|
|
@ -1,225 +0,0 @@
|
||||||
package dnsforward
|
|
||||||
|
|
||||||
import (
|
|
||||||
"encoding/binary"
|
|
||||||
"log"
|
|
||||||
"math"
|
|
||||||
"strings"
|
|
||||||
"sync"
|
|
||||||
"time"
|
|
||||||
|
|
||||||
"github.com/miekg/dns"
|
|
||||||
)
|
|
||||||
|
|
||||||
type item struct {
|
|
||||||
m *dns.Msg
|
|
||||||
when time.Time
|
|
||||||
}
|
|
||||||
|
|
||||||
type cache struct {
|
|
||||||
items map[string]item
|
|
||||||
|
|
||||||
sync.RWMutex
|
|
||||||
}
|
|
||||||
|
|
||||||
func (c *cache) Get(request *dns.Msg) (*dns.Msg, bool) {
|
|
||||||
if request == nil {
|
|
||||||
return nil, false
|
|
||||||
}
|
|
||||||
ok, key := key(request)
|
|
||||||
if !ok {
|
|
||||||
log.Printf("Get(): key returned !ok")
|
|
||||||
return nil, false
|
|
||||||
}
|
|
||||||
|
|
||||||
c.RLock()
|
|
||||||
item, ok := c.items[key]
|
|
||||||
c.RUnlock()
|
|
||||||
if !ok {
|
|
||||||
return nil, false
|
|
||||||
}
|
|
||||||
// get item's TTL
|
|
||||||
ttl := findLowestTTL(item.m)
|
|
||||||
// zero TTL? delete and don't serve it
|
|
||||||
if ttl == 0 {
|
|
||||||
c.Lock()
|
|
||||||
delete(c.items, key)
|
|
||||||
c.Unlock()
|
|
||||||
return nil, false
|
|
||||||
}
|
|
||||||
// too much time has passed? delete and don't serve it
|
|
||||||
if time.Since(item.when) >= time.Duration(ttl)*time.Second {
|
|
||||||
c.Lock()
|
|
||||||
delete(c.items, key)
|
|
||||||
c.Unlock()
|
|
||||||
return nil, false
|
|
||||||
}
|
|
||||||
response := item.fromItem(request)
|
|
||||||
return response, true
|
|
||||||
}
|
|
||||||
|
|
||||||
func (c *cache) Set(m *dns.Msg) {
|
|
||||||
if m == nil {
|
|
||||||
return // no-op
|
|
||||||
}
|
|
||||||
if !isRequestCacheable(m) {
|
|
||||||
return
|
|
||||||
}
|
|
||||||
if !isResponseCacheable(m) {
|
|
||||||
return
|
|
||||||
}
|
|
||||||
ok, key := key(m)
|
|
||||||
if !ok {
|
|
||||||
return
|
|
||||||
}
|
|
||||||
|
|
||||||
i := toItem(m)
|
|
||||||
|
|
||||||
c.Lock()
|
|
||||||
if c.items == nil {
|
|
||||||
c.items = map[string]item{}
|
|
||||||
}
|
|
||||||
c.items[key] = i
|
|
||||||
c.Unlock()
|
|
||||||
}
|
|
||||||
|
|
||||||
// check only request fields
|
|
||||||
func isRequestCacheable(m *dns.Msg) bool {
|
|
||||||
// truncated messages aren't valid
|
|
||||||
if m.Truncated {
|
|
||||||
log.Printf("Refusing to cache truncated message")
|
|
||||||
return false
|
|
||||||
}
|
|
||||||
|
|
||||||
// if has wrong number of questions, also don't cache
|
|
||||||
if len(m.Question) != 1 {
|
|
||||||
log.Printf("Refusing to cache message with wrong number of questions")
|
|
||||||
return false
|
|
||||||
}
|
|
||||||
|
|
||||||
// only OK or NXdomain replies are cached
|
|
||||||
switch m.Rcode {
|
|
||||||
case dns.RcodeSuccess:
|
|
||||||
case dns.RcodeNameError: // that's an NXDomain
|
|
||||||
case dns.RcodeServerFailure:
|
|
||||||
return false // quietly refuse, don't log
|
|
||||||
default:
|
|
||||||
log.Printf("%s: Refusing to cache message with rcode: %s", m.Question[0].Name, dns.RcodeToString[m.Rcode])
|
|
||||||
return false
|
|
||||||
}
|
|
||||||
|
|
||||||
return true
|
|
||||||
}
|
|
||||||
|
|
||||||
func isResponseCacheable(m *dns.Msg) bool {
|
|
||||||
ttl := findLowestTTL(m)
|
|
||||||
if ttl == 0 {
|
|
||||||
return false
|
|
||||||
}
|
|
||||||
|
|
||||||
return true
|
|
||||||
}
|
|
||||||
|
|
||||||
func findLowestTTL(m *dns.Msg) uint32 {
|
|
||||||
var ttl uint32 = math.MaxUint32
|
|
||||||
found := false
|
|
||||||
|
|
||||||
if m.Answer != nil {
|
|
||||||
for _, r := range m.Answer {
|
|
||||||
if r.Header().Ttl < ttl {
|
|
||||||
ttl = r.Header().Ttl
|
|
||||||
found = true
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
if m.Ns != nil {
|
|
||||||
for _, r := range m.Ns {
|
|
||||||
if r.Header().Ttl < ttl {
|
|
||||||
ttl = r.Header().Ttl
|
|
||||||
found = true
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
if m.Extra != nil {
|
|
||||||
for _, r := range m.Extra {
|
|
||||||
if r.Header().Rrtype == dns.TypeOPT {
|
|
||||||
continue // OPT records use TTL for other purposes
|
|
||||||
}
|
|
||||||
if r.Header().Ttl < ttl {
|
|
||||||
ttl = r.Header().Ttl
|
|
||||||
found = true
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
if found == false {
|
|
||||||
return 0
|
|
||||||
}
|
|
||||||
|
|
||||||
return ttl
|
|
||||||
}
|
|
||||||
|
|
||||||
// key is binary little endian in sequence:
|
|
||||||
// uint16(qtype) then uint16(qclass) then name
|
|
||||||
func key(m *dns.Msg) (bool, string) {
|
|
||||||
if len(m.Question) != 1 {
|
|
||||||
log.Printf("got msg with len(m.Question) != 1: %d", len(m.Question))
|
|
||||||
return false, ""
|
|
||||||
}
|
|
||||||
|
|
||||||
bb := strings.Builder{}
|
|
||||||
b := make([]byte, 2)
|
|
||||||
binary.LittleEndian.PutUint16(b, m.Question[0].Qtype)
|
|
||||||
bb.Write(b)
|
|
||||||
binary.LittleEndian.PutUint16(b, m.Question[0].Qclass)
|
|
||||||
bb.Write(b)
|
|
||||||
name := strings.ToLower(m.Question[0].Name)
|
|
||||||
bb.WriteString(name)
|
|
||||||
return true, bb.String()
|
|
||||||
}
|
|
||||||
|
|
||||||
func toItem(m *dns.Msg) item {
|
|
||||||
return item{
|
|
||||||
m: m,
|
|
||||||
when: time.Now(),
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
func (i *item) fromItem(request *dns.Msg) *dns.Msg {
|
|
||||||
response := &dns.Msg{}
|
|
||||||
response.SetReply(request)
|
|
||||||
|
|
||||||
response.Authoritative = false
|
|
||||||
response.AuthenticatedData = i.m.AuthenticatedData
|
|
||||||
response.RecursionAvailable = i.m.RecursionAvailable
|
|
||||||
response.Rcode = i.m.Rcode
|
|
||||||
|
|
||||||
ttl := findLowestTTL(i.m)
|
|
||||||
timeleft := math.Round(float64(ttl) - time.Since(i.when).Seconds())
|
|
||||||
var newttl uint32
|
|
||||||
if timeleft > 0 {
|
|
||||||
newttl = uint32(timeleft)
|
|
||||||
}
|
|
||||||
for _, r := range i.m.Answer {
|
|
||||||
answer := dns.Copy(r)
|
|
||||||
answer.Header().Ttl = newttl
|
|
||||||
response.Answer = append(response.Answer, answer)
|
|
||||||
}
|
|
||||||
for _, r := range i.m.Ns {
|
|
||||||
ns := dns.Copy(r)
|
|
||||||
ns.Header().Ttl = newttl
|
|
||||||
response.Ns = append(response.Ns, ns)
|
|
||||||
}
|
|
||||||
for _, r := range i.m.Extra {
|
|
||||||
// don't return OPT records as these are hop-by-hop
|
|
||||||
if r.Header().Rrtype == dns.TypeOPT {
|
|
||||||
continue
|
|
||||||
}
|
|
||||||
extra := dns.Copy(r)
|
|
||||||
extra.Header().Ttl = newttl
|
|
||||||
response.Extra = append(response.Extra, extra)
|
|
||||||
}
|
|
||||||
return response
|
|
||||||
}
|
|
|
@ -1,144 +0,0 @@
|
||||||
package dnsforward
|
|
||||||
|
|
||||||
import (
|
|
||||||
"strings"
|
|
||||||
"testing"
|
|
||||||
|
|
||||||
"github.com/go-test/deep"
|
|
||||||
"github.com/miekg/dns"
|
|
||||||
)
|
|
||||||
|
|
||||||
func RR(rr string) dns.RR {
|
|
||||||
r, err := dns.NewRR(rr)
|
|
||||||
if err != nil {
|
|
||||||
panic(err)
|
|
||||||
}
|
|
||||||
return r
|
|
||||||
}
|
|
||||||
|
|
||||||
// deepEqual is same as deep.Equal, except:
|
|
||||||
// * ignores Id when comparing
|
|
||||||
// * question names are not case sensetive
|
|
||||||
func deepEqualMsg(left *dns.Msg, right *dns.Msg) []string {
|
|
||||||
temp := *left
|
|
||||||
temp.Id = right.Id
|
|
||||||
for i := range left.Question {
|
|
||||||
left.Question[i].Name = strings.ToLower(left.Question[i].Name)
|
|
||||||
}
|
|
||||||
for i := range right.Question {
|
|
||||||
right.Question[i].Name = strings.ToLower(right.Question[i].Name)
|
|
||||||
}
|
|
||||||
return deep.Equal(&temp, right)
|
|
||||||
}
|
|
||||||
|
|
||||||
func TestCacheSanity(t *testing.T) {
|
|
||||||
cache := cache{}
|
|
||||||
request := dns.Msg{}
|
|
||||||
request.SetQuestion("google.com.", dns.TypeA)
|
|
||||||
_, ok := cache.Get(&request)
|
|
||||||
if ok {
|
|
||||||
t.Fatal("empty cache replied with positive response")
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
type tests struct {
|
|
||||||
cache []testEntry
|
|
||||||
cases []testCase
|
|
||||||
}
|
|
||||||
|
|
||||||
type testEntry struct {
|
|
||||||
q string
|
|
||||||
t uint16
|
|
||||||
a []dns.RR
|
|
||||||
}
|
|
||||||
|
|
||||||
type testCase struct {
|
|
||||||
q string
|
|
||||||
t uint16
|
|
||||||
a []dns.RR
|
|
||||||
ok bool
|
|
||||||
}
|
|
||||||
|
|
||||||
func TestCache(t *testing.T) {
|
|
||||||
tests := tests{
|
|
||||||
cache: []testEntry{
|
|
||||||
{q: "google.com.", t: dns.TypeA, a: []dns.RR{RR("google.com. 3600 IN A 8.8.8.8")}},
|
|
||||||
},
|
|
||||||
cases: []testCase{
|
|
||||||
{q: "google.com.", t: dns.TypeA, a: []dns.RR{RR("google.com. 3600 IN A 8.8.8.8")}, ok: true},
|
|
||||||
{q: "google.com.", t: dns.TypeMX, ok: false},
|
|
||||||
},
|
|
||||||
}
|
|
||||||
runTests(t, tests)
|
|
||||||
}
|
|
||||||
|
|
||||||
func TestCacheMixedCase(t *testing.T) {
|
|
||||||
tests := tests{
|
|
||||||
cache: []testEntry{
|
|
||||||
{q: "gOOgle.com.", t: dns.TypeA, a: []dns.RR{RR("google.com. 3600 IN A 8.8.8.8")}},
|
|
||||||
},
|
|
||||||
cases: []testCase{
|
|
||||||
{q: "gOOgle.com.", t: dns.TypeA, a: []dns.RR{RR("google.com. 3600 IN A 8.8.8.8")}, ok: true},
|
|
||||||
{q: "google.com.", t: dns.TypeA, a: []dns.RR{RR("google.com. 3600 IN A 8.8.8.8")}, ok: true},
|
|
||||||
{q: "GOOGLE.COM.", t: dns.TypeA, a: []dns.RR{RR("google.com. 3600 IN A 8.8.8.8")}, ok: true},
|
|
||||||
{q: "gOOgle.com.", t: dns.TypeMX, ok: false},
|
|
||||||
{q: "google.com.", t: dns.TypeMX, ok: false},
|
|
||||||
{q: "GOOGLE.COM.", t: dns.TypeMX, ok: false},
|
|
||||||
},
|
|
||||||
}
|
|
||||||
runTests(t, tests)
|
|
||||||
}
|
|
||||||
|
|
||||||
func TestZeroTTL(t *testing.T) {
|
|
||||||
tests := tests{
|
|
||||||
cache: []testEntry{
|
|
||||||
{q: "gOOgle.com.", t: dns.TypeA, a: []dns.RR{RR("google.com. 0 IN A 8.8.8.8")}},
|
|
||||||
},
|
|
||||||
cases: []testCase{
|
|
||||||
{q: "google.com.", t: dns.TypeA, ok: false},
|
|
||||||
{q: "google.com.", t: dns.TypeA, ok: false},
|
|
||||||
{q: "google.com.", t: dns.TypeA, ok: false},
|
|
||||||
{q: "google.com.", t: dns.TypeMX, ok: false},
|
|
||||||
{q: "google.com.", t: dns.TypeMX, ok: false},
|
|
||||||
{q: "google.com.", t: dns.TypeMX, ok: false},
|
|
||||||
},
|
|
||||||
}
|
|
||||||
runTests(t, tests)
|
|
||||||
}
|
|
||||||
|
|
||||||
func runTests(t *testing.T, tests tests) {
|
|
||||||
t.Helper()
|
|
||||||
cache := cache{}
|
|
||||||
for _, tc := range tests.cache {
|
|
||||||
reply := dns.Msg{}
|
|
||||||
reply.SetQuestion(tc.q, tc.t)
|
|
||||||
reply.Response = true
|
|
||||||
reply.Answer = tc.a
|
|
||||||
cache.Set(&reply)
|
|
||||||
}
|
|
||||||
for _, tc := range tests.cases {
|
|
||||||
request := dns.Msg{}
|
|
||||||
request.SetQuestion(tc.q, tc.t)
|
|
||||||
val, ok := cache.Get(&request)
|
|
||||||
if diff := deep.Equal(ok, tc.ok); diff != nil {
|
|
||||||
t.Error(diff)
|
|
||||||
}
|
|
||||||
if tc.a != nil {
|
|
||||||
if ok == false {
|
|
||||||
continue
|
|
||||||
}
|
|
||||||
reply := dns.Msg{}
|
|
||||||
reply.SetQuestion(tc.q, tc.t)
|
|
||||||
reply.Response = true
|
|
||||||
reply.Answer = tc.a
|
|
||||||
cache.Set(&reply)
|
|
||||||
if diff := deepEqualMsg(val, &reply); diff != nil {
|
|
||||||
t.Error(diff)
|
|
||||||
} else {
|
|
||||||
if diff := deep.Equal(val, reply); diff == nil {
|
|
||||||
t.Error("different message ID were not caught")
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
|
@ -1,18 +1,24 @@
|
||||||
package dnsforward
|
package dnsforward
|
||||||
|
|
||||||
import (
|
import (
|
||||||
|
"errors"
|
||||||
"fmt"
|
"fmt"
|
||||||
"log"
|
|
||||||
"net"
|
"net"
|
||||||
"reflect"
|
|
||||||
"strings"
|
"strings"
|
||||||
"sync"
|
"sync"
|
||||||
"time"
|
"time"
|
||||||
|
|
||||||
"github.com/AdguardTeam/AdGuardHome/dnsfilter"
|
"github.com/AdguardTeam/AdGuardHome/dnsfilter"
|
||||||
|
"github.com/AdguardTeam/dnsproxy/proxy"
|
||||||
|
"github.com/AdguardTeam/dnsproxy/upstream"
|
||||||
"github.com/joomcode/errorx"
|
"github.com/joomcode/errorx"
|
||||||
"github.com/miekg/dns"
|
"github.com/miekg/dns"
|
||||||
gocache "github.com/patrickmn/go-cache"
|
log "github.com/sirupsen/logrus"
|
||||||
|
)
|
||||||
|
|
||||||
|
const (
|
||||||
|
safeBrowsingBlockHost = "standard-block.dns.adguard.com"
|
||||||
|
parentalBlockHost = "family-block.dns.adguard.com"
|
||||||
)
|
)
|
||||||
|
|
||||||
// Server is the main way to start a DNS server.
|
// Server is the main way to start a DNS server.
|
||||||
|
@ -26,66 +32,18 @@ import (
|
||||||
//
|
//
|
||||||
// The zero Server is empty and ready for use.
|
// The zero Server is empty and ready for use.
|
||||||
type Server struct {
|
type Server struct {
|
||||||
udpListen *net.UDPConn
|
dnsProxy *proxy.Proxy // DNS proxy instance
|
||||||
|
|
||||||
dnsFilter *dnsfilter.Dnsfilter
|
dnsFilter *dnsfilter.Dnsfilter // DNS filter instance
|
||||||
|
|
||||||
cache cache
|
|
||||||
|
|
||||||
ratelimitBuckets *gocache.Cache // where the ratelimiters are stored, per IP
|
|
||||||
|
|
||||||
sync.RWMutex
|
sync.RWMutex
|
||||||
ServerConfig
|
ServerConfig
|
||||||
}
|
}
|
||||||
|
|
||||||
const (
|
// FilteringConfig represents the DNS filtering configuration of AdGuard Home
|
||||||
safeBrowsingBlockHost = "standard-block.dns.adguard.com"
|
|
||||||
parentalBlockHost = "family-block.dns.adguard.com"
|
|
||||||
)
|
|
||||||
|
|
||||||
// uncomment this block to have tracing of locks
|
|
||||||
/*
|
|
||||||
func (s *Server) Lock() {
|
|
||||||
pc := make([]uintptr, 10) // at least 1 entry needed
|
|
||||||
runtime.Callers(2, pc)
|
|
||||||
f := runtime.FuncForPC(pc[0])
|
|
||||||
file, line := f.FileLine(pc[0])
|
|
||||||
fmt.Fprintf(os.Stderr, "%s:%d %s() -> Lock() -> in progress\n", path.Base(file), line, path.Base(f.Name()))
|
|
||||||
s.RWMutex.Lock()
|
|
||||||
fmt.Fprintf(os.Stderr, "%s:%d %s() -> Lock() -> done\n", path.Base(file), line, path.Base(f.Name()))
|
|
||||||
}
|
|
||||||
func (s *Server) RLock() {
|
|
||||||
pc := make([]uintptr, 10) // at least 1 entry needed
|
|
||||||
runtime.Callers(2, pc)
|
|
||||||
f := runtime.FuncForPC(pc[0])
|
|
||||||
file, line := f.FileLine(pc[0])
|
|
||||||
fmt.Fprintf(os.Stderr, "%s:%d %s() -> RLock() -> in progress\n", path.Base(file), line, path.Base(f.Name()))
|
|
||||||
s.RWMutex.RLock()
|
|
||||||
fmt.Fprintf(os.Stderr, "%s:%d %s() -> RLock() -> done\n", path.Base(file), line, path.Base(f.Name()))
|
|
||||||
}
|
|
||||||
func (s *Server) Unlock() {
|
|
||||||
pc := make([]uintptr, 10) // at least 1 entry needed
|
|
||||||
runtime.Callers(2, pc)
|
|
||||||
f := runtime.FuncForPC(pc[0])
|
|
||||||
file, line := f.FileLine(pc[0])
|
|
||||||
fmt.Fprintf(os.Stderr, "%s:%d %s() -> Unlock() -> in progress\n", path.Base(file), line, path.Base(f.Name()))
|
|
||||||
s.RWMutex.Unlock()
|
|
||||||
fmt.Fprintf(os.Stderr, "%s:%d %s() -> Unlock() -> done\n", path.Base(file), line, path.Base(f.Name()))
|
|
||||||
}
|
|
||||||
func (s *Server) RUnlock() {
|
|
||||||
pc := make([]uintptr, 10) // at least 1 entry needed
|
|
||||||
runtime.Callers(2, pc)
|
|
||||||
f := runtime.FuncForPC(pc[0])
|
|
||||||
file, line := f.FileLine(pc[0])
|
|
||||||
fmt.Fprintf(os.Stderr, "%s:%d %s() -> RUnlock() -> in progress\n", path.Base(file), line, path.Base(f.Name()))
|
|
||||||
s.RWMutex.RUnlock()
|
|
||||||
fmt.Fprintf(os.Stderr, "%s:%d %s() -> RUnlock() -> done\n", path.Base(file), line, path.Base(f.Name()))
|
|
||||||
}
|
|
||||||
*/
|
|
||||||
|
|
||||||
type FilteringConfig struct {
|
type FilteringConfig struct {
|
||||||
ProtectionEnabled bool `yaml:"protection_enabled"`
|
ProtectionEnabled bool `yaml:"protection_enabled"` // whether or not use any of dnsfilter features
|
||||||
FilteringEnabled bool `yaml:"filtering_enabled"`
|
FilteringEnabled bool `yaml:"filtering_enabled"` // whether or not use filter lists
|
||||||
BlockedResponseTTL uint32 `yaml:"blocked_response_ttl"` // if 0, then default is used (3600)
|
BlockedResponseTTL uint32 `yaml:"blocked_response_ttl"` // if 0, then default is used (3600)
|
||||||
QueryLogEnabled bool `yaml:"querylog_enabled"`
|
QueryLogEnabled bool `yaml:"querylog_enabled"`
|
||||||
Ratelimit int `yaml:"ratelimit"`
|
Ratelimit int `yaml:"ratelimit"`
|
||||||
|
@ -96,11 +54,12 @@ type FilteringConfig struct {
|
||||||
dnsfilter.Config `yaml:",inline"`
|
dnsfilter.Config `yaml:",inline"`
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// ServerConfig represents server configuration.
|
||||||
// The zero ServerConfig is empty and ready for use.
|
// The zero ServerConfig is empty and ready for use.
|
||||||
type ServerConfig struct {
|
type ServerConfig struct {
|
||||||
UDPListenAddr *net.UDPAddr // if nil, then default is is used (port 53 on *)
|
UDPListenAddr *net.UDPAddr // UDP listen address
|
||||||
Upstreams []Upstream
|
Upstreams []upstream.Upstream // Configured upstreams
|
||||||
Filters []dnsfilter.Filter
|
Filters []dnsfilter.Filter // A list of filters to use
|
||||||
|
|
||||||
FilteringConfig
|
FilteringConfig
|
||||||
}
|
}
|
||||||
|
@ -109,103 +68,47 @@ type ServerConfig struct {
|
||||||
var defaultValues = ServerConfig{
|
var defaultValues = ServerConfig{
|
||||||
UDPListenAddr: &net.UDPAddr{Port: 53},
|
UDPListenAddr: &net.UDPAddr{Port: 53},
|
||||||
FilteringConfig: FilteringConfig{BlockedResponseTTL: 3600},
|
FilteringConfig: FilteringConfig{BlockedResponseTTL: 3600},
|
||||||
Upstreams: []Upstream{
|
|
||||||
//// dns over HTTPS
|
|
||||||
// &dnsOverHTTPS{boot: toBoot("https://1.1.1.1/dns-query", "")},
|
|
||||||
// &dnsOverHTTPS{boot: toBoot("https://dns.google.com/experimental", "")},
|
|
||||||
// &dnsOverHTTPS{boot: toBoot("https://doh.cleanbrowsing.org/doh/security-filter/", "")},
|
|
||||||
// &dnsOverHTTPS{boot: toBoot("https://dns10.quad9.net/dns-query", "")},
|
|
||||||
// &dnsOverHTTPS{boot: toBoot("https://doh.powerdns.org", "")},
|
|
||||||
// &dnsOverHTTPS{boot: toBoot("https://doh.securedns.eu/dns-query", "")},
|
|
||||||
|
|
||||||
//// dns over TLS
|
|
||||||
// &dnsOverTLS{boot: toBoot("tls://8.8.8.8:853", "")},
|
|
||||||
// &dnsOverTLS{boot: toBoot("tls://8.8.4.4:853", "")},
|
|
||||||
// &dnsOverTLS{boot: toBoot("tls://1.1.1.1:853", "")},
|
|
||||||
// &dnsOverTLS{boot: toBoot("tls://1.0.0.1:853", "")},
|
|
||||||
|
|
||||||
//// plainDNS
|
|
||||||
&plainDNS{boot: toBoot("8.8.8.8:53", "")},
|
|
||||||
&plainDNS{boot: toBoot("8.8.4.4:53", "")},
|
|
||||||
&plainDNS{boot: toBoot("1.1.1.1:53", "")},
|
|
||||||
&plainDNS{boot: toBoot("1.0.0.1:53", "")},
|
|
||||||
},
|
|
||||||
}
|
}
|
||||||
|
|
||||||
//
|
func init() {
|
||||||
// packet loop
|
defaultDNS := []string{"8.8.8.8:53", "8.8.4.4:53"}
|
||||||
//
|
|
||||||
func (s *Server) packetLoop() {
|
defaultUpstreams := make([]upstream.Upstream, 0)
|
||||||
log.Printf("Entering packet handle loop")
|
for _, addr := range defaultDNS {
|
||||||
b := make([]byte, dns.MaxMsgSize)
|
u, err := upstream.AddressToUpstream(addr, "")
|
||||||
for {
|
if err == nil {
|
||||||
s.RLock()
|
defaultUpstreams = append(defaultUpstreams, u)
|
||||||
conn := s.udpListen
|
|
||||||
s.RUnlock()
|
|
||||||
if conn == nil {
|
|
||||||
log.Printf("udp socket has disappeared, exiting loop")
|
|
||||||
break
|
|
||||||
}
|
|
||||||
n, addr, err := conn.ReadFrom(b)
|
|
||||||
// documentation says to handle the packet even if err occurs, so do that first
|
|
||||||
if n > 0 {
|
|
||||||
// make a copy of all bytes because ReadFrom() will overwrite contents of b on next call
|
|
||||||
// we need the contents to survive the call because we're handling them in goroutine
|
|
||||||
p := make([]byte, n)
|
|
||||||
copy(p, b)
|
|
||||||
go s.handlePacket(p, addr, conn) // ignore errors
|
|
||||||
}
|
|
||||||
if err != nil {
|
|
||||||
if isConnClosed(err) {
|
|
||||||
log.Printf("ReadFrom() returned because we're reading from a closed connection, exiting loop")
|
|
||||||
// don't try to nullify s.udpListen here, because s.udpListen could be already re-bound to listen
|
|
||||||
break
|
|
||||||
}
|
|
||||||
log.Printf("Got error when reading from udp listen: %s", err)
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
defaultValues.Upstreams = defaultUpstreams
|
||||||
}
|
}
|
||||||
|
|
||||||
//
|
// Start starts the DNS server
|
||||||
// Control functions
|
|
||||||
//
|
|
||||||
|
|
||||||
func (s *Server) Start(config *ServerConfig) error {
|
func (s *Server) Start(config *ServerConfig) error {
|
||||||
s.Lock()
|
s.Lock()
|
||||||
defer s.Unlock()
|
defer s.Unlock()
|
||||||
|
return s.startInternal(config)
|
||||||
|
}
|
||||||
|
|
||||||
|
// startInternal starts without locking
|
||||||
|
func (s *Server) startInternal(config *ServerConfig) error {
|
||||||
if config != nil {
|
if config != nil {
|
||||||
s.ServerConfig = *config
|
s.ServerConfig = *config
|
||||||
}
|
}
|
||||||
// TODO: handle being called Start() second time after Stop()
|
|
||||||
if s.udpListen == nil {
|
if s.dnsFilter != nil || s.dnsProxy != nil {
|
||||||
log.Printf("Creating UDP socket")
|
return errors.New("DNS server is already started")
|
||||||
var err error
|
|
||||||
addr := s.UDPListenAddr
|
|
||||||
if addr == nil {
|
|
||||||
addr = defaultValues.UDPListenAddr
|
|
||||||
}
|
|
||||||
s.udpListen, err = net.ListenUDP("udp", addr)
|
|
||||||
if err != nil {
|
|
||||||
s.udpListen = nil
|
|
||||||
return errorx.Decorate(err, "Couldn't listen to UDP socket")
|
|
||||||
}
|
|
||||||
log.Println(s.udpListen.LocalAddr(), s.UDPListenAddr)
|
|
||||||
}
|
}
|
||||||
|
|
||||||
if s.dnsFilter == nil {
|
err := s.initDNSFilter()
|
||||||
log.Printf("Creating dnsfilter")
|
if err != nil {
|
||||||
s.dnsFilter = dnsfilter.New(&s.Config)
|
return err
|
||||||
// add rules only if they are enabled
|
|
||||||
if s.FilteringEnabled {
|
|
||||||
s.dnsFilter.AddRules(s.Filters)
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
log.Printf("Loading stats from querylog")
|
log.Printf("Loading stats from querylog")
|
||||||
err := fillStatsFromQueryLog()
|
err = fillStatsFromQueryLog()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Printf("Failed to load stats from querylog: %s", err)
|
return errorx.Decorate(err, "failed to load stats from querylog")
|
||||||
return err
|
|
||||||
}
|
}
|
||||||
|
|
||||||
once.Do(func() {
|
once.Do(func() {
|
||||||
|
@ -214,22 +117,66 @@ func (s *Server) Start(config *ServerConfig) error {
|
||||||
go statsRotator()
|
go statsRotator()
|
||||||
})
|
})
|
||||||
|
|
||||||
go s.packetLoop()
|
// TODO: Add TCPListenAddr
|
||||||
|
proxyConfig := proxy.Config{
|
||||||
|
UDPListenAddr: s.UDPListenAddr,
|
||||||
|
Ratelimit: s.Ratelimit,
|
||||||
|
RatelimitWhitelist: s.RatelimitWhitelist,
|
||||||
|
RefuseAny: s.RefuseAny,
|
||||||
|
CacheEnabled: true,
|
||||||
|
Upstreams: s.Upstreams,
|
||||||
|
Handler: s.handleDNSRequest,
|
||||||
|
}
|
||||||
|
|
||||||
|
if proxyConfig.UDPListenAddr == nil {
|
||||||
|
proxyConfig.UDPListenAddr = defaultValues.UDPListenAddr
|
||||||
|
}
|
||||||
|
|
||||||
|
if len(proxyConfig.Upstreams) == 0 {
|
||||||
|
proxyConfig.Upstreams = defaultValues.Upstreams
|
||||||
|
}
|
||||||
|
|
||||||
|
// Initialize and start the DNS proxy
|
||||||
|
s.dnsProxy = &proxy.Proxy{Config: proxyConfig}
|
||||||
|
return s.dnsProxy.Start()
|
||||||
|
}
|
||||||
|
|
||||||
|
// Initializes the DNS filter
|
||||||
|
func (s *Server) initDNSFilter() error {
|
||||||
|
log.Printf("Creating dnsfilter")
|
||||||
|
s.dnsFilter = dnsfilter.New(&s.Config)
|
||||||
|
// add rules only if they are enabled
|
||||||
|
if s.FilteringEnabled {
|
||||||
|
err := s.dnsFilter.AddRules(s.Filters)
|
||||||
|
if err != nil {
|
||||||
|
return errorx.Decorate(err, "could not initialize dnsfilter")
|
||||||
|
}
|
||||||
|
}
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Stop stops the DNS server
|
||||||
func (s *Server) Stop() error {
|
func (s *Server) Stop() error {
|
||||||
s.Lock()
|
s.Lock()
|
||||||
defer s.Unlock()
|
defer s.Unlock()
|
||||||
if s.udpListen != nil {
|
return s.stopInternal()
|
||||||
err := s.udpListen.Close()
|
}
|
||||||
s.udpListen = nil
|
|
||||||
|
// stopInternal stops without locking
|
||||||
|
func (s *Server) stopInternal() error {
|
||||||
|
if s.dnsProxy != nil {
|
||||||
|
err := s.dnsProxy.Stop()
|
||||||
|
s.dnsProxy = nil
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return errorx.Decorate(err, "Couldn't close UDP listening socket")
|
return errorx.Decorate(err, "could not stop the DNS server properly")
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if s.dnsFilter != nil {
|
||||||
|
s.dnsFilter.Destroy()
|
||||||
|
s.dnsFilter = nil
|
||||||
|
}
|
||||||
|
|
||||||
// flush remainder to file
|
// flush remainder to file
|
||||||
logBufferLock.Lock()
|
logBufferLock.Lock()
|
||||||
flushBuffer := logBuffer
|
flushBuffer := logBuffer
|
||||||
|
@ -244,283 +191,55 @@ func (s *Server) Stop() error {
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// IsRunning returns true if the DNS server is running
|
||||||
func (s *Server) IsRunning() bool {
|
func (s *Server) IsRunning() bool {
|
||||||
s.RLock()
|
s.RLock()
|
||||||
isRunning := true
|
isRunning := true
|
||||||
if s.udpListen == nil {
|
if s.dnsProxy == nil {
|
||||||
isRunning = false
|
isRunning = false
|
||||||
}
|
}
|
||||||
s.RUnlock()
|
s.RUnlock()
|
||||||
return isRunning
|
return isRunning
|
||||||
}
|
}
|
||||||
|
|
||||||
//
|
// Reconfigure applies the new configuration to the DNS server
|
||||||
// Server reconfigure
|
func (s *Server) Reconfigure(config *ServerConfig) error {
|
||||||
//
|
|
||||||
|
|
||||||
func (s *Server) reconfigureListenAddr(new ServerConfig) error {
|
|
||||||
oldAddr := s.UDPListenAddr
|
|
||||||
if oldAddr == nil {
|
|
||||||
oldAddr = defaultValues.UDPListenAddr
|
|
||||||
}
|
|
||||||
newAddr := new.UDPListenAddr
|
|
||||||
if newAddr == nil {
|
|
||||||
newAddr = defaultValues.UDPListenAddr
|
|
||||||
}
|
|
||||||
if newAddr.Port == 0 {
|
|
||||||
return errorx.IllegalArgument.New("new port cannot be 0")
|
|
||||||
}
|
|
||||||
if reflect.DeepEqual(oldAddr, newAddr) {
|
|
||||||
// do nothing, the addresses are exactly the same
|
|
||||||
log.Printf("Not going to rebind because addresses are same: %v -> %v", oldAddr, newAddr)
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
|
|
||||||
// rebind, using a strategy:
|
|
||||||
// * if ports are different, bind new first, then close old
|
|
||||||
// * if ports are same, close old first, then bind new
|
|
||||||
var newListen *net.UDPConn
|
|
||||||
var err error
|
|
||||||
if oldAddr.Port != newAddr.Port {
|
|
||||||
log.Printf("Rebinding -- ports are different so bind first then close")
|
|
||||||
newListen, err = net.ListenUDP("udp", newAddr)
|
|
||||||
if err != nil {
|
|
||||||
return errorx.Decorate(err, "Couldn't bind to %v", newAddr)
|
|
||||||
}
|
|
||||||
s.Lock()
|
|
||||||
if s.udpListen != nil {
|
|
||||||
err = s.udpListen.Close()
|
|
||||||
s.udpListen = nil
|
|
||||||
}
|
|
||||||
s.Unlock()
|
|
||||||
if err != nil {
|
|
||||||
return errorx.Decorate(err, "Couldn't close UDP listening socket")
|
|
||||||
}
|
|
||||||
} else {
|
|
||||||
log.Printf("Rebinding -- ports are same so close first then bind")
|
|
||||||
s.Lock()
|
|
||||||
if s.udpListen != nil {
|
|
||||||
err = s.udpListen.Close()
|
|
||||||
s.udpListen = nil
|
|
||||||
}
|
|
||||||
s.Unlock()
|
|
||||||
if err != nil {
|
|
||||||
return errorx.Decorate(err, "Couldn't close UDP listening socket")
|
|
||||||
}
|
|
||||||
newListen, err = net.ListenUDP("udp", newAddr)
|
|
||||||
if err != nil {
|
|
||||||
return errorx.Decorate(err, "Couldn't bind to %v", newAddr)
|
|
||||||
}
|
|
||||||
}
|
|
||||||
s.Lock()
|
s.Lock()
|
||||||
s.udpListen = newListen
|
defer s.Unlock()
|
||||||
s.UDPListenAddr = new.UDPListenAddr
|
|
||||||
s.Unlock()
|
|
||||||
log.Println(s.udpListen.LocalAddr(), s.UDPListenAddr)
|
|
||||||
|
|
||||||
go s.packetLoop() // the old one has quit, use new one
|
log.Print("Start reconfiguring the server")
|
||||||
|
err := s.stopInternal()
|
||||||
|
if err != nil {
|
||||||
|
return errorx.Decorate(err, "could not reconfigure the server")
|
||||||
|
}
|
||||||
|
err = s.startInternal(config)
|
||||||
|
if err != nil {
|
||||||
|
return errorx.Decorate(err, "could not reconfigure the server")
|
||||||
|
}
|
||||||
|
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
func (s *Server) reconfigureBlockedResponseTTL(new ServerConfig) {
|
// handleDNSRequest filters the incoming DNS requests and writes them to the query log
|
||||||
newVal := new.BlockedResponseTTL
|
func (s *Server) handleDNSRequest(p *proxy.Proxy, d *proxy.DNSContext) error {
|
||||||
if newVal == 0 {
|
|
||||||
newVal = defaultValues.BlockedResponseTTL
|
|
||||||
}
|
|
||||||
oldVal := s.BlockedResponseTTL
|
|
||||||
if oldVal == 0 {
|
|
||||||
oldVal = defaultValues.BlockedResponseTTL
|
|
||||||
}
|
|
||||||
if newVal != oldVal {
|
|
||||||
s.BlockedResponseTTL = new.BlockedResponseTTL
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
func (s *Server) reconfigureUpstreams(new ServerConfig) {
|
|
||||||
newVal := new.Upstreams
|
|
||||||
if len(newVal) == 0 {
|
|
||||||
newVal = defaultValues.Upstreams
|
|
||||||
}
|
|
||||||
oldVal := s.Upstreams
|
|
||||||
if len(oldVal) == 0 {
|
|
||||||
oldVal = defaultValues.Upstreams
|
|
||||||
}
|
|
||||||
if reflect.DeepEqual(newVal, oldVal) {
|
|
||||||
// they're exactly the same, do nothing
|
|
||||||
return
|
|
||||||
}
|
|
||||||
s.Upstreams = new.Upstreams
|
|
||||||
}
|
|
||||||
|
|
||||||
func (s *Server) reconfigureFiltering(new ServerConfig) {
|
|
||||||
newFilters := new.Filters
|
|
||||||
if len(newFilters) == 0 {
|
|
||||||
newFilters = defaultValues.Filters
|
|
||||||
}
|
|
||||||
oldFilters := s.Filters
|
|
||||||
if len(oldFilters) == 0 {
|
|
||||||
oldFilters = defaultValues.Filters
|
|
||||||
}
|
|
||||||
|
|
||||||
needUpdate := false
|
|
||||||
if !reflect.DeepEqual(newFilters, oldFilters) {
|
|
||||||
needUpdate = true
|
|
||||||
}
|
|
||||||
|
|
||||||
if !reflect.DeepEqual(new.FilteringConfig, s.FilteringConfig) {
|
|
||||||
needUpdate = true
|
|
||||||
}
|
|
||||||
|
|
||||||
if !needUpdate {
|
|
||||||
// nothing to do, everything is same
|
|
||||||
return
|
|
||||||
}
|
|
||||||
|
|
||||||
// TODO: instead of creating new dnsfilter, change existing one's settings and filters
|
|
||||||
dnsFilter := dnsfilter.New(&new.Config) // sets safebrowsing, safesearch and parental
|
|
||||||
|
|
||||||
// add rules only if they are enabled
|
|
||||||
if new.FilteringEnabled {
|
|
||||||
dnsFilter.AddRules(newFilters)
|
|
||||||
}
|
|
||||||
|
|
||||||
s.Lock()
|
|
||||||
oldDNSFilter := s.dnsFilter
|
|
||||||
s.dnsFilter = dnsFilter
|
|
||||||
s.FilteringConfig = new.FilteringConfig
|
|
||||||
s.Unlock()
|
|
||||||
|
|
||||||
oldDNSFilter.Destroy()
|
|
||||||
}
|
|
||||||
|
|
||||||
func (s *Server) Reconfigure(new ServerConfig) error {
|
|
||||||
s.reconfigureBlockedResponseTTL(new)
|
|
||||||
s.reconfigureUpstreams(new)
|
|
||||||
s.reconfigureFiltering(new)
|
|
||||||
|
|
||||||
err := s.reconfigureListenAddr(new)
|
|
||||||
if err != nil {
|
|
||||||
return errorx.Decorate(err, "Couldn't reconfigure to new listening address %+v", new.UDPListenAddr)
|
|
||||||
}
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
|
|
||||||
//
|
|
||||||
// packet handling functions
|
|
||||||
//
|
|
||||||
|
|
||||||
// handlePacketInternal processes the incoming packet bytes and returns with an optional response packet.
|
|
||||||
//
|
|
||||||
// If an empty dns.Msg is returned, do not try to send anything back to client, otherwise send contents of dns.Msg.
|
|
||||||
//
|
|
||||||
// If an error is returned, log it, don't try to generate data based on that error.
|
|
||||||
func (s *Server) handlePacketInternal(msg *dns.Msg, addr net.Addr, conn *net.UDPConn) (*dns.Msg, *dnsfilter.Result, Upstream, error) {
|
|
||||||
// log.Printf("Got packet %d bytes from %s: %v", len(p), addr, p)
|
|
||||||
//
|
|
||||||
// DNS packet byte format is valid
|
|
||||||
//
|
|
||||||
// any errors below here require a response to client
|
|
||||||
// log.Printf("Unpacked: %v", msg.String())
|
|
||||||
if len(msg.Question) != 1 {
|
|
||||||
log.Printf("Got invalid number of questions: %v", len(msg.Question))
|
|
||||||
return s.genServerFailure(msg), nil, nil, nil
|
|
||||||
}
|
|
||||||
|
|
||||||
if msg.Question[0].Qtype == dns.TypeANY && s.RefuseAny {
|
|
||||||
return s.genNotImpl(msg), nil, nil, nil
|
|
||||||
}
|
|
||||||
|
|
||||||
// we need upstream to resolve A records
|
|
||||||
upstream := s.chooseUpstream()
|
|
||||||
|
|
||||||
host := strings.TrimSuffix(msg.Question[0].Name, ".")
|
|
||||||
// use dnsfilter before cache -- changed settings or filters would require cache invalidation otherwise
|
|
||||||
var res dnsfilter.Result
|
|
||||||
var err error
|
|
||||||
if s.ProtectionEnabled {
|
|
||||||
res, err = s.dnsFilter.CheckHost(host)
|
|
||||||
if err != nil {
|
|
||||||
log.Printf("dnsfilter failed to check host '%s': %s", host, err)
|
|
||||||
return s.genServerFailure(msg), &res, nil, err
|
|
||||||
} else if res.IsFiltered {
|
|
||||||
log.Printf("Host %s is filtered, reason - '%s', matched rule: '%s'", host, res.Reason, res.Rule)
|
|
||||||
switch res.Reason {
|
|
||||||
case dnsfilter.FilteredSafeBrowsing:
|
|
||||||
return s.genArecord(msg, safeBrowsingBlockHost, upstream), &res, nil, nil
|
|
||||||
case dnsfilter.FilteredParental:
|
|
||||||
return s.genArecord(msg, parentalBlockHost, upstream), &res, nil, nil
|
|
||||||
}
|
|
||||||
return s.genNXDomain(msg), &res, nil, nil
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
{
|
|
||||||
val, ok := s.cache.Get(msg)
|
|
||||||
if ok && val != nil {
|
|
||||||
return val, &res, nil, nil
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
// TODO: replace with single-socket implementation
|
|
||||||
reply, err := upstream.Exchange(msg)
|
|
||||||
if err != nil {
|
|
||||||
log.Printf("talking to upstream failed for host '%s': %s", host, err)
|
|
||||||
return s.genServerFailure(msg), &res, upstream, err
|
|
||||||
}
|
|
||||||
if reply == nil {
|
|
||||||
log.Printf("SHOULD NOT HAPPEN upstream returned empty message for host '%s'. Request is %v", host, msg.String())
|
|
||||||
return s.genServerFailure(msg), &res, upstream, nil
|
|
||||||
}
|
|
||||||
|
|
||||||
s.cache.Set(reply)
|
|
||||||
|
|
||||||
return reply, &res, upstream, nil
|
|
||||||
}
|
|
||||||
|
|
||||||
func (s *Server) handlePacket(p []byte, addr net.Addr, conn *net.UDPConn) {
|
|
||||||
start := time.Now()
|
start := time.Now()
|
||||||
ip, _, err := net.SplitHostPort(addr.String())
|
|
||||||
|
// use dnsfilter before cache -- changed settings or filters would require cache invalidation otherwise
|
||||||
|
res, err := s.filterDNSRequest(d)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Printf("Failed to split %v into host/port: %s", addr, err)
|
return err
|
||||||
// not a fatal error, move on
|
|
||||||
}
|
}
|
||||||
|
|
||||||
// ratelimit based on IP only, protects CPU cycles and outbound connections
|
if d.Res == nil {
|
||||||
if s.isRatelimited(ip) {
|
// request was not filtered so let it be processed further
|
||||||
// log.Printf("Ratelimiting %s based on IP only", ip)
|
err = p.Resolve(d)
|
||||||
return // do nothing, don't reply, we got ratelimited
|
if err != nil {
|
||||||
}
|
return err
|
||||||
|
|
||||||
msg := &dns.Msg{}
|
|
||||||
err = msg.Unpack(p)
|
|
||||||
if err != nil {
|
|
||||||
log.Printf("got invalid DNS packet: %s", err)
|
|
||||||
return // do nothing
|
|
||||||
}
|
|
||||||
|
|
||||||
reply, result, upstream, err := s.handlePacketInternal(msg, addr, conn)
|
|
||||||
|
|
||||||
if reply != nil {
|
|
||||||
// ratelimit based on reply size now
|
|
||||||
replysize := reply.Len()
|
|
||||||
if s.isRatelimitedForReply(ip, replysize) {
|
|
||||||
log.Printf("Ratelimiting %s based on IP and size %d", ip, replysize)
|
|
||||||
return // do nothing, don't reply, we got ratelimited
|
|
||||||
}
|
|
||||||
|
|
||||||
// we're good to respond
|
|
||||||
rerr := s.respond(reply, addr, conn)
|
|
||||||
if rerr != nil {
|
|
||||||
log.Printf("Couldn't respond to UDP packet: %s", err)
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
//
|
|
||||||
// query logging and stats counters
|
|
||||||
//
|
|
||||||
|
|
||||||
shouldLog := true
|
shouldLog := true
|
||||||
|
msg := d.Req
|
||||||
|
|
||||||
// don't log ANY request if refuseAny is enabled
|
// don't log ANY request if refuseAny is enabled
|
||||||
if len(msg.Question) >= 1 && msg.Question[0].Qtype == dns.TypeANY && s.RefuseAny {
|
if len(msg.Question) >= 1 && msg.Question[0].Qtype == dns.TypeANY && s.RefuseAny {
|
||||||
|
@ -530,35 +249,64 @@ func (s *Server) handlePacket(p []byte, addr net.Addr, conn *net.UDPConn) {
|
||||||
if s.QueryLogEnabled && shouldLog {
|
if s.QueryLogEnabled && shouldLog {
|
||||||
elapsed := time.Since(start)
|
elapsed := time.Since(start)
|
||||||
upstreamAddr := ""
|
upstreamAddr := ""
|
||||||
if upstream != nil {
|
if d.Upstream != nil {
|
||||||
upstreamAddr = upstream.Address()
|
upstreamAddr = d.Upstream.Address()
|
||||||
}
|
}
|
||||||
logRequest(msg, reply, result, elapsed, ip, upstreamAddr)
|
logRequest(msg, d.Res, res, elapsed, d.Addr.String(), upstreamAddr)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
//
|
// filterDNSRequest applies the dnsFilter and sets d.Res if the request was filtered
|
||||||
// packet sending functions
|
func (s *Server) filterDNSRequest(d *proxy.DNSContext) (*dnsfilter.Result, error) {
|
||||||
//
|
msg := d.Req
|
||||||
|
host := strings.TrimSuffix(msg.Question[0].Name, ".")
|
||||||
|
|
||||||
func (s *Server) respond(resp *dns.Msg, addr net.Addr, conn *net.UDPConn) error {
|
s.RLock()
|
||||||
// log.Printf("Replying to %s with %s", addr, resp)
|
protectionEnabled := s.ProtectionEnabled
|
||||||
resp.Compress = true
|
dnsFilter := s.dnsFilter
|
||||||
bytes, err := resp.Pack()
|
s.RUnlock()
|
||||||
|
|
||||||
|
if !protectionEnabled {
|
||||||
|
return nil, nil
|
||||||
|
}
|
||||||
|
|
||||||
|
var res dnsfilter.Result
|
||||||
|
var err error
|
||||||
|
|
||||||
|
res, err = dnsFilter.CheckHost(host)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return errorx.Decorate(err, "Couldn't convert message into wire format")
|
// Return immediately if there's an error
|
||||||
|
return nil, errorx.Decorate(err, "dnsfilter failed to check host '%s'", host)
|
||||||
|
} else if res.IsFiltered {
|
||||||
|
log.Debugf("Host %s is filtered, reason - '%s', matched rule: '%s'", host, res.Reason, res.Rule)
|
||||||
|
d.Res = s.genDNSFilterMessage(d, &res)
|
||||||
}
|
}
|
||||||
n, err := conn.WriteTo(bytes, addr)
|
|
||||||
if n == 0 && isConnClosed(err) {
|
return &res, err
|
||||||
return err
|
}
|
||||||
|
|
||||||
|
// genDNSFilterMessage generates a DNS message corresponding to the filtering result
|
||||||
|
func (s *Server) genDNSFilterMessage(d *proxy.DNSContext, result *dnsfilter.Result) *dns.Msg {
|
||||||
|
m := d.Req
|
||||||
|
|
||||||
|
if m.Question[0].Qtype != dns.TypeA {
|
||||||
|
return s.genNXDomain(m)
|
||||||
}
|
}
|
||||||
if n != len(bytes) {
|
|
||||||
return fmt.Errorf("WriteTo() returned with %d != %d", n, len(bytes))
|
switch result.Reason {
|
||||||
|
case dnsfilter.FilteredSafeBrowsing:
|
||||||
|
return s.genBlockedHost(m, safeBrowsingBlockHost, d.Upstream)
|
||||||
|
case dnsfilter.FilteredParental:
|
||||||
|
return s.genBlockedHost(m, parentalBlockHost, d.Upstream)
|
||||||
|
default:
|
||||||
|
if result.Ip != nil {
|
||||||
|
return s.genARecord(m, result.Ip)
|
||||||
|
}
|
||||||
|
|
||||||
|
return s.genNXDomain(m)
|
||||||
}
|
}
|
||||||
if err != nil {
|
|
||||||
return errorx.Decorate(err, "WriteTo() returned error")
|
|
||||||
}
|
|
||||||
return nil
|
|
||||||
}
|
}
|
||||||
|
|
||||||
func (s *Server) genServerFailure(request *dns.Msg) *dns.Msg {
|
func (s *Server) genServerFailure(request *dns.Msg) *dns.Msg {
|
||||||
|
@ -568,29 +316,19 @@ func (s *Server) genServerFailure(request *dns.Msg) *dns.Msg {
|
||||||
return &resp
|
return &resp
|
||||||
}
|
}
|
||||||
|
|
||||||
func (s *Server) genNotImpl(request *dns.Msg) *dns.Msg {
|
func (s *Server) genARecord(request *dns.Msg, ip net.IP) *dns.Msg {
|
||||||
resp := dns.Msg{}
|
resp := dns.Msg{}
|
||||||
resp.SetRcode(request, dns.RcodeNotImplemented)
|
resp.SetReply(request)
|
||||||
resp.RecursionAvailable = true
|
answer, err := dns.NewRR(fmt.Sprintf("%s %d A %s", request.Question[0].Name, s.BlockedResponseTTL, ip.String()))
|
||||||
resp.SetEdns0(1452, false) // NOTIMPL without EDNS is treated as 'we don't support EDNS', so explicitly set it
|
if err != nil {
|
||||||
|
log.Warnf("Couldn't generate A record for up replacement host '%s': %s", ip.String(), err)
|
||||||
|
return s.genServerFailure(request)
|
||||||
|
}
|
||||||
|
resp.Answer = append(resp.Answer, answer)
|
||||||
return &resp
|
return &resp
|
||||||
}
|
}
|
||||||
|
|
||||||
func (s *Server) genArecord(request *dns.Msg, newAddr string, upstream Upstream) *dns.Msg {
|
func (s *Server) genBlockedHost(request *dns.Msg, newAddr string, upstream upstream.Upstream) *dns.Msg {
|
||||||
addr := net.ParseIP(newAddr)
|
|
||||||
if addr != nil {
|
|
||||||
// this is an IP address, return it
|
|
||||||
resp := dns.Msg{}
|
|
||||||
resp.SetReply(request)
|
|
||||||
answer, err := dns.NewRR(fmt.Sprintf("%s %d A %s", request.Question[0].Name, s.BlockedResponseTTL, newAddr))
|
|
||||||
if err != nil {
|
|
||||||
log.Printf("Couldn't generate A record for up replacement host '%s': %s", newAddr, err)
|
|
||||||
return s.genServerFailure(request)
|
|
||||||
}
|
|
||||||
resp.Answer = append(resp.Answer, answer)
|
|
||||||
return &resp
|
|
||||||
}
|
|
||||||
|
|
||||||
// look up the hostname, TODO: cache
|
// look up the hostname, TODO: cache
|
||||||
replReq := dns.Msg{}
|
replReq := dns.Msg{}
|
||||||
replReq.SetQuestion(dns.Fqdn(newAddr), request.Question[0].Qtype)
|
replReq.SetQuestion(dns.Fqdn(newAddr), request.Question[0].Qtype)
|
||||||
|
|
|
@ -3,6 +3,9 @@ package dnsforward
|
||||||
import (
|
import (
|
||||||
"net"
|
"net"
|
||||||
"testing"
|
"testing"
|
||||||
|
"time"
|
||||||
|
|
||||||
|
"github.com/AdguardTeam/AdGuardHome/dnsfilter"
|
||||||
|
|
||||||
"github.com/miekg/dns"
|
"github.com/miekg/dns"
|
||||||
)
|
)
|
||||||
|
@ -14,12 +17,9 @@ func TestServer(t *testing.T) {
|
||||||
if err != nil {
|
if err != nil {
|
||||||
t.Fatalf("Failed to start server: %s", err)
|
t.Fatalf("Failed to start server: %s", err)
|
||||||
}
|
}
|
||||||
if s.udpListen == nil {
|
|
||||||
t.Fatal("Started server has nil udpListen")
|
|
||||||
}
|
|
||||||
|
|
||||||
// server is running, send a message
|
// server is running, send a message
|
||||||
addr := s.udpListen.LocalAddr()
|
addr := s.dnsProxy.Addr("udp")
|
||||||
req := dns.Msg{}
|
req := dns.Msg{}
|
||||||
req.Id = dns.Id()
|
req.Id = dns.Id()
|
||||||
req.RecursionDesired = true
|
req.RecursionDesired = true
|
||||||
|
@ -44,6 +44,171 @@ func TestServer(t *testing.T) {
|
||||||
|
|
||||||
err = s.Stop()
|
err = s.Stop()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
t.Fatalf("DNS server %s failed to stop: %s", addr, err)
|
t.Fatalf("DNS server failed to stop: %s", err)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func TestInvalidRequest(t *testing.T) {
|
||||||
|
s := Server{}
|
||||||
|
s.UDPListenAddr = &net.UDPAddr{Port: 0}
|
||||||
|
err := s.Start(nil)
|
||||||
|
if err != nil {
|
||||||
|
t.Fatalf("Failed to start server: %s", err)
|
||||||
|
}
|
||||||
|
|
||||||
|
// server is running, send a message
|
||||||
|
addr := s.dnsProxy.Addr("udp")
|
||||||
|
req := dns.Msg{}
|
||||||
|
req.Id = dns.Id()
|
||||||
|
req.RecursionDesired = true
|
||||||
|
|
||||||
|
// send a DNS request without question
|
||||||
|
client := dns.Client{Net: "udp", Timeout: 500 * time.Millisecond}
|
||||||
|
_, _, err = client.Exchange(&req, addr.String())
|
||||||
|
if err != nil {
|
||||||
|
t.Fatalf("got a response to an invalid query")
|
||||||
|
}
|
||||||
|
|
||||||
|
err = s.Stop()
|
||||||
|
if err != nil {
|
||||||
|
t.Fatalf("DNS server failed to stop: %s", err)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
func TestBlockedRequest(t *testing.T) {
|
||||||
|
s := createTestServer()
|
||||||
|
err := s.Start(nil)
|
||||||
|
if err != nil {
|
||||||
|
t.Fatalf("Failed to start server: %s", err)
|
||||||
|
}
|
||||||
|
addr := s.dnsProxy.Addr("udp")
|
||||||
|
|
||||||
|
//
|
||||||
|
// NXDomain blocking
|
||||||
|
//
|
||||||
|
req := dns.Msg{}
|
||||||
|
req.Id = dns.Id()
|
||||||
|
req.RecursionDesired = true
|
||||||
|
req.Question = []dns.Question{
|
||||||
|
{Name: "nxdomain.example.org.", Qtype: dns.TypeA, Qclass: dns.ClassINET},
|
||||||
|
}
|
||||||
|
|
||||||
|
reply, err := dns.Exchange(&req, addr.String())
|
||||||
|
if err != nil {
|
||||||
|
t.Fatalf("Couldn't talk to server %s: %s", addr, err)
|
||||||
|
}
|
||||||
|
if reply.Rcode != dns.RcodeNameError {
|
||||||
|
t.Fatalf("Wrong response: %s", reply.String())
|
||||||
|
}
|
||||||
|
|
||||||
|
err = s.Stop()
|
||||||
|
if err != nil {
|
||||||
|
t.Fatalf("DNS server failed to stop: %s", err)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
func TestBlockedByHosts(t *testing.T) {
|
||||||
|
s := createTestServer()
|
||||||
|
err := s.Start(nil)
|
||||||
|
if err != nil {
|
||||||
|
t.Fatalf("Failed to start server: %s", err)
|
||||||
|
}
|
||||||
|
addr := s.dnsProxy.Addr("udp")
|
||||||
|
|
||||||
|
//
|
||||||
|
// Hosts blocking
|
||||||
|
//
|
||||||
|
req := dns.Msg{}
|
||||||
|
req.Id = dns.Id()
|
||||||
|
req.RecursionDesired = true
|
||||||
|
req.Question = []dns.Question{
|
||||||
|
{Name: "host.example.org.", Qtype: dns.TypeA, Qclass: dns.ClassINET},
|
||||||
|
}
|
||||||
|
|
||||||
|
reply, err := dns.Exchange(&req, addr.String())
|
||||||
|
if err != nil {
|
||||||
|
t.Fatalf("Couldn't talk to server %s: %s", addr, err)
|
||||||
|
}
|
||||||
|
if len(reply.Answer) != 1 {
|
||||||
|
t.Fatalf("DNS server %s returned reply with wrong number of answers - %d", addr, len(reply.Answer))
|
||||||
|
}
|
||||||
|
if a, ok := reply.Answer[0].(*dns.A); ok {
|
||||||
|
if !net.IPv4(127, 0, 0, 1).Equal(a.A) {
|
||||||
|
t.Fatalf("DNS server %s returned wrong answer instead of 8.8.8.8: %v", addr, a.A)
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
t.Fatalf("DNS server %s returned wrong answer type instead of A: %v", addr, reply.Answer[0])
|
||||||
|
}
|
||||||
|
|
||||||
|
err = s.Stop()
|
||||||
|
if err != nil {
|
||||||
|
t.Fatalf("DNS server failed to stop: %s", err)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
func TestBlockedBySafeBrowsing(t *testing.T) {
|
||||||
|
s := createTestServer()
|
||||||
|
err := s.Start(nil)
|
||||||
|
if err != nil {
|
||||||
|
t.Fatalf("Failed to start server: %s", err)
|
||||||
|
}
|
||||||
|
addr := s.dnsProxy.Addr("udp")
|
||||||
|
|
||||||
|
//
|
||||||
|
// Safebrowsing blocking
|
||||||
|
//
|
||||||
|
req := dns.Msg{}
|
||||||
|
req.Id = dns.Id()
|
||||||
|
req.RecursionDesired = true
|
||||||
|
req.Question = []dns.Question{
|
||||||
|
{Name: "wmconvirus.narod.ru.", Qtype: dns.TypeA, Qclass: dns.ClassINET},
|
||||||
|
}
|
||||||
|
reply, err := dns.Exchange(&req, addr.String())
|
||||||
|
if err != nil {
|
||||||
|
t.Fatalf("Couldn't talk to server %s: %s", addr, err)
|
||||||
|
}
|
||||||
|
if len(reply.Answer) != 1 {
|
||||||
|
t.Fatalf("DNS server %s returned reply with wrong number of answers - %d", addr, len(reply.Answer))
|
||||||
|
}
|
||||||
|
if a, ok := reply.Answer[0].(*dns.A); ok {
|
||||||
|
addrs, lookupErr := net.LookupHost(safeBrowsingBlockHost)
|
||||||
|
if lookupErr != nil {
|
||||||
|
t.Fatalf("cannot resolve %s due to %s", safeBrowsingBlockHost, lookupErr)
|
||||||
|
}
|
||||||
|
|
||||||
|
found := false
|
||||||
|
for _, blockAddr := range addrs {
|
||||||
|
if blockAddr == a.A.String() {
|
||||||
|
found = true
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
if !found {
|
||||||
|
t.Fatalf("DNS server %s returned wrong answer: %v", addr, a.A)
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
t.Fatalf("DNS server %s returned wrong answer type instead of A: %v", addr, reply.Answer[0])
|
||||||
|
}
|
||||||
|
|
||||||
|
err = s.Stop()
|
||||||
|
if err != nil {
|
||||||
|
t.Fatalf("DNS server failed to stop: %s", err)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
func createTestServer() *Server {
|
||||||
|
s := Server{}
|
||||||
|
s.UDPListenAddr = &net.UDPAddr{Port: 0}
|
||||||
|
s.FilteringConfig.FilteringEnabled = true
|
||||||
|
s.FilteringConfig.ProtectionEnabled = true
|
||||||
|
s.FilteringConfig.SafeBrowsingEnabled = true
|
||||||
|
s.Filters = make([]dnsfilter.Filter, 0)
|
||||||
|
|
||||||
|
rules := []string{
|
||||||
|
"||nxdomain.example.org^",
|
||||||
|
"127.0.0.1 host.example.org",
|
||||||
|
}
|
||||||
|
filter := dnsfilter.Filter{ID: 1, Rules: rules}
|
||||||
|
s.Filters = append(s.Filters, filter)
|
||||||
|
return &s
|
||||||
|
}
|
||||||
|
|
|
@ -1,50 +0,0 @@
|
||||||
package dnsforward
|
|
||||||
|
|
||||||
import (
|
|
||||||
"fmt"
|
|
||||||
"net"
|
|
||||||
"os"
|
|
||||||
"path"
|
|
||||||
"runtime"
|
|
||||||
"strings"
|
|
||||||
)
|
|
||||||
|
|
||||||
func isConnClosed(err error) bool {
|
|
||||||
if err == nil {
|
|
||||||
return false
|
|
||||||
}
|
|
||||||
nerr, ok := err.(*net.OpError)
|
|
||||||
if !ok {
|
|
||||||
return false
|
|
||||||
}
|
|
||||||
|
|
||||||
if strings.Contains(nerr.Err.Error(), "use of closed network connection") {
|
|
||||||
return true
|
|
||||||
}
|
|
||||||
|
|
||||||
return false
|
|
||||||
}
|
|
||||||
|
|
||||||
// ---------------------
|
|
||||||
// debug logging helpers
|
|
||||||
// ---------------------
|
|
||||||
func _Func() string {
|
|
||||||
pc := make([]uintptr, 10) // at least 1 entry needed
|
|
||||||
runtime.Callers(2, pc)
|
|
||||||
f := runtime.FuncForPC(pc[0])
|
|
||||||
return path.Base(f.Name())
|
|
||||||
}
|
|
||||||
|
|
||||||
func trace(format string, args ...interface{}) {
|
|
||||||
pc := make([]uintptr, 10) // at least 1 entry needed
|
|
||||||
runtime.Callers(2, pc)
|
|
||||||
f := runtime.FuncForPC(pc[0])
|
|
||||||
var buf strings.Builder
|
|
||||||
buf.WriteString(fmt.Sprintf("%s(): ", path.Base(f.Name())))
|
|
||||||
text := fmt.Sprintf(format, args...)
|
|
||||||
buf.WriteString(text)
|
|
||||||
if len(text) == 0 || text[len(text)-1] != '\n' {
|
|
||||||
buf.WriteRune('\n')
|
|
||||||
}
|
|
||||||
fmt.Fprint(os.Stderr, buf.String())
|
|
||||||
}
|
|
|
@ -3,7 +3,6 @@ package dnsforward
|
||||||
import (
|
import (
|
||||||
"encoding/json"
|
"encoding/json"
|
||||||
"fmt"
|
"fmt"
|
||||||
"log"
|
|
||||||
"net/http"
|
"net/http"
|
||||||
"strconv"
|
"strconv"
|
||||||
"strings"
|
"strings"
|
||||||
|
@ -12,6 +11,7 @@ import (
|
||||||
|
|
||||||
"github.com/AdguardTeam/AdGuardHome/dnsfilter"
|
"github.com/AdguardTeam/AdGuardHome/dnsfilter"
|
||||||
"github.com/miekg/dns"
|
"github.com/miekg/dns"
|
||||||
|
log "github.com/sirupsen/logrus"
|
||||||
)
|
)
|
||||||
|
|
||||||
const (
|
const (
|
||||||
|
@ -53,6 +53,7 @@ func logRequest(question *dns.Msg, answer *dns.Msg, result *dnsfilter.Result, el
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if answer != nil {
|
if answer != nil {
|
||||||
a, err = answer.Pack()
|
a, err = answer.Pack()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
|
|
@ -5,11 +5,12 @@ import (
|
||||||
"compress/gzip"
|
"compress/gzip"
|
||||||
"encoding/json"
|
"encoding/json"
|
||||||
"fmt"
|
"fmt"
|
||||||
"log"
|
|
||||||
"os"
|
"os"
|
||||||
"sync"
|
"sync"
|
||||||
"time"
|
"time"
|
||||||
|
|
||||||
|
log "github.com/sirupsen/logrus"
|
||||||
|
|
||||||
"github.com/go-test/deep"
|
"github.com/go-test/deep"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
@ -191,15 +192,12 @@ func genericLoader(onEntry func(entry *logEntry) error, needMore func() bool, ti
|
||||||
var d *json.Decoder
|
var d *json.Decoder
|
||||||
|
|
||||||
if enableGzip {
|
if enableGzip {
|
||||||
trace("Creating gzip reader")
|
|
||||||
zr, err := gzip.NewReader(f)
|
zr, err := gzip.NewReader(f)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Printf("Failed to create gzip reader: %s", err)
|
log.Printf("Failed to create gzip reader: %s", err)
|
||||||
continue
|
continue
|
||||||
}
|
}
|
||||||
defer zr.Close()
|
defer zr.Close()
|
||||||
|
|
||||||
trace("Creating json decoder")
|
|
||||||
d = json.NewDecoder(zr)
|
d = json.NewDecoder(zr)
|
||||||
} else {
|
} else {
|
||||||
d = json.NewDecoder(f)
|
d = json.NewDecoder(f)
|
||||||
|
|
|
@ -3,7 +3,6 @@ package dnsforward
|
||||||
import (
|
import (
|
||||||
"bytes"
|
"bytes"
|
||||||
"fmt"
|
"fmt"
|
||||||
"log"
|
|
||||||
"net/http"
|
"net/http"
|
||||||
"os"
|
"os"
|
||||||
"path"
|
"path"
|
||||||
|
@ -14,6 +13,8 @@ import (
|
||||||
"sync"
|
"sync"
|
||||||
"time"
|
"time"
|
||||||
|
|
||||||
|
log "github.com/sirupsen/logrus"
|
||||||
|
|
||||||
"github.com/bluele/gcache"
|
"github.com/bluele/gcache"
|
||||||
"github.com/miekg/dns"
|
"github.com/miekg/dns"
|
||||||
)
|
)
|
||||||
|
|
|
@ -1,80 +0,0 @@
|
||||||
package dnsforward
|
|
||||||
|
|
||||||
import (
|
|
||||||
"log"
|
|
||||||
"sort"
|
|
||||||
"time"
|
|
||||||
|
|
||||||
"github.com/beefsack/go-rate"
|
|
||||||
gocache "github.com/patrickmn/go-cache"
|
|
||||||
)
|
|
||||||
|
|
||||||
func (s *Server) limiterForIP(ip string) interface{} {
|
|
||||||
if s.ratelimitBuckets == nil {
|
|
||||||
s.ratelimitBuckets = gocache.New(time.Hour, time.Hour)
|
|
||||||
}
|
|
||||||
|
|
||||||
// check if ratelimiter for that IP already exists, if not, create
|
|
||||||
value, found := s.ratelimitBuckets.Get(ip)
|
|
||||||
if !found {
|
|
||||||
value = rate.New(s.Ratelimit, time.Second)
|
|
||||||
s.ratelimitBuckets.Set(ip, value, time.Hour)
|
|
||||||
}
|
|
||||||
|
|
||||||
return value
|
|
||||||
}
|
|
||||||
|
|
||||||
func (s *Server) isRatelimited(ip string) bool {
|
|
||||||
if s.Ratelimit == 0 { // 0 -- disabled
|
|
||||||
return false
|
|
||||||
}
|
|
||||||
if len(s.RatelimitWhitelist) > 0 {
|
|
||||||
i := sort.SearchStrings(s.RatelimitWhitelist, ip)
|
|
||||||
|
|
||||||
if i < len(s.RatelimitWhitelist) && s.RatelimitWhitelist[i] == ip {
|
|
||||||
// found, don't ratelimit
|
|
||||||
return false
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
value := s.limiterForIP(ip)
|
|
||||||
rl, ok := value.(*rate.RateLimiter)
|
|
||||||
if !ok {
|
|
||||||
log.Println("SHOULD NOT HAPPEN: non-bool entry found in safebrowsing lookup cache")
|
|
||||||
return false
|
|
||||||
}
|
|
||||||
|
|
||||||
allow, _ := rl.Try()
|
|
||||||
return !allow
|
|
||||||
}
|
|
||||||
|
|
||||||
func (s *Server) isRatelimitedForReply(ip string, size int) bool {
|
|
||||||
if s.Ratelimit == 0 { // 0 -- disabled
|
|
||||||
return false
|
|
||||||
}
|
|
||||||
if len(s.RatelimitWhitelist) > 0 {
|
|
||||||
i := sort.SearchStrings(s.RatelimitWhitelist, ip)
|
|
||||||
|
|
||||||
if i < len(s.RatelimitWhitelist) && s.RatelimitWhitelist[i] == ip {
|
|
||||||
// found, don't ratelimit
|
|
||||||
return false
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
value := s.limiterForIP(ip)
|
|
||||||
rl, ok := value.(*rate.RateLimiter)
|
|
||||||
if !ok {
|
|
||||||
log.Println("SHOULD NOT HAPPEN: non-bool entry found in safebrowsing lookup cache")
|
|
||||||
return false
|
|
||||||
}
|
|
||||||
|
|
||||||
// For large UDP responses we try more times, effectively limiting per bandwidth
|
|
||||||
// The exact number of times depends on the response size
|
|
||||||
for i := 0; i < size/1000; i++ {
|
|
||||||
allow, _ := rl.Try()
|
|
||||||
if !allow { // not allowed -> ratelimited
|
|
||||||
return true
|
|
||||||
}
|
|
||||||
}
|
|
||||||
return false
|
|
||||||
}
|
|
|
@ -1,42 +0,0 @@
|
||||||
package dnsforward
|
|
||||||
|
|
||||||
import (
|
|
||||||
"testing"
|
|
||||||
)
|
|
||||||
|
|
||||||
func TestRatelimiting(t *testing.T) {
|
|
||||||
// rate limit is 1 per sec
|
|
||||||
p := Server{}
|
|
||||||
p.Ratelimit = 1
|
|
||||||
|
|
||||||
limited := p.isRatelimited("127.0.0.1")
|
|
||||||
|
|
||||||
if limited {
|
|
||||||
t.Fatal("First request must have been allowed")
|
|
||||||
}
|
|
||||||
|
|
||||||
limited = p.isRatelimited("127.0.0.1")
|
|
||||||
|
|
||||||
if !limited {
|
|
||||||
t.Fatal("Second request must have been ratelimited")
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
func TestWhitelist(t *testing.T) {
|
|
||||||
// rate limit is 1 per sec with whitelist
|
|
||||||
p := Server{}
|
|
||||||
p.Ratelimit = 1
|
|
||||||
p.RatelimitWhitelist = []string{"127.0.0.1", "127.0.0.2", "127.0.0.125"}
|
|
||||||
|
|
||||||
limited := p.isRatelimited("127.0.0.1")
|
|
||||||
|
|
||||||
if limited {
|
|
||||||
t.Fatal("First request must have been allowed")
|
|
||||||
}
|
|
||||||
|
|
||||||
limited = p.isRatelimited("127.0.0.1")
|
|
||||||
|
|
||||||
if limited {
|
|
||||||
t.Fatal("Second request must have been allowed due to whitelist")
|
|
||||||
}
|
|
||||||
}
|
|
|
@ -1 +0,0 @@
|
||||||
/standalone
|
|
|
@ -1,51 +0,0 @@
|
||||||
package main
|
|
||||||
|
|
||||||
import (
|
|
||||||
"log"
|
|
||||||
"net"
|
|
||||||
"net/http"
|
|
||||||
_ "net/http/pprof"
|
|
||||||
"os"
|
|
||||||
"os/signal"
|
|
||||||
"runtime"
|
|
||||||
"syscall"
|
|
||||||
"time"
|
|
||||||
|
|
||||||
"github.com/AdguardTeam/AdGuardHome/dnsforward"
|
|
||||||
)
|
|
||||||
|
|
||||||
//
|
|
||||||
// main function
|
|
||||||
//
|
|
||||||
func main() {
|
|
||||||
go func() {
|
|
||||||
log.Println(http.ListenAndServe("localhost:6060", nil))
|
|
||||||
}()
|
|
||||||
go func() {
|
|
||||||
for range time.Tick(time.Second) {
|
|
||||||
log.Printf("goroutines = %d", runtime.NumGoroutine())
|
|
||||||
}
|
|
||||||
}()
|
|
||||||
s := dnsforward.Server{}
|
|
||||||
err := s.Start(nil)
|
|
||||||
if err != nil {
|
|
||||||
panic(err)
|
|
||||||
}
|
|
||||||
time.Sleep(time.Second)
|
|
||||||
err = s.Stop()
|
|
||||||
if err != nil {
|
|
||||||
panic(err)
|
|
||||||
}
|
|
||||||
err = s.Start(&dnsforward.ServerConfig{UDPListenAddr: &net.UDPAddr{Port: 53535}})
|
|
||||||
if err != nil {
|
|
||||||
panic(err)
|
|
||||||
}
|
|
||||||
err = s.Reconfigure(dnsforward.ServerConfig{UDPListenAddr: &net.UDPAddr{Port: 53, IP: net.ParseIP("0.0.0.0")}})
|
|
||||||
if err != nil {
|
|
||||||
panic(err)
|
|
||||||
}
|
|
||||||
log.Printf("Now serving DNS")
|
|
||||||
signal_channel := make(chan os.Signal)
|
|
||||||
signal.Notify(signal_channel, syscall.SIGINT, syscall.SIGTERM)
|
|
||||||
<-signal_channel
|
|
||||||
}
|
|
|
@ -3,11 +3,12 @@ package dnsforward
|
||||||
import (
|
import (
|
||||||
"encoding/json"
|
"encoding/json"
|
||||||
"fmt"
|
"fmt"
|
||||||
"log"
|
|
||||||
"net/http"
|
"net/http"
|
||||||
"sync"
|
"sync"
|
||||||
"time"
|
"time"
|
||||||
|
|
||||||
|
log "github.com/sirupsen/logrus"
|
||||||
|
|
||||||
"github.com/AdguardTeam/AdGuardHome/dnsfilter"
|
"github.com/AdguardTeam/AdGuardHome/dnsfilter"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
|
|
@ -1,313 +0,0 @@
|
||||||
package dnsforward
|
|
||||||
|
|
||||||
import (
|
|
||||||
"bytes"
|
|
||||||
"fmt"
|
|
||||||
"io/ioutil"
|
|
||||||
"log"
|
|
||||||
"math/rand"
|
|
||||||
"net"
|
|
||||||
"net/http"
|
|
||||||
"net/url"
|
|
||||||
"strings"
|
|
||||||
"sync"
|
|
||||||
"time"
|
|
||||||
|
|
||||||
"github.com/jedisct1/go-dnsstamps"
|
|
||||||
|
|
||||||
"github.com/ameshkov/dnscrypt"
|
|
||||||
"github.com/joomcode/errorx"
|
|
||||||
"github.com/miekg/dns"
|
|
||||||
)
|
|
||||||
|
|
||||||
const defaultTimeout = time.Second * 10
|
|
||||||
|
|
||||||
type Upstream interface {
|
|
||||||
Exchange(m *dns.Msg) (*dns.Msg, error)
|
|
||||||
Address() string
|
|
||||||
}
|
|
||||||
|
|
||||||
//
|
|
||||||
// plain DNS
|
|
||||||
//
|
|
||||||
type plainDNS struct {
|
|
||||||
boot bootstrapper
|
|
||||||
preferTCP bool
|
|
||||||
}
|
|
||||||
|
|
||||||
var defaultUDPClient = dns.Client{
|
|
||||||
Timeout: defaultTimeout,
|
|
||||||
UDPSize: dns.MaxMsgSize,
|
|
||||||
}
|
|
||||||
|
|
||||||
var defaultTCPClient = dns.Client{
|
|
||||||
Net: "tcp",
|
|
||||||
UDPSize: dns.MaxMsgSize,
|
|
||||||
Timeout: defaultTimeout,
|
|
||||||
}
|
|
||||||
|
|
||||||
// Address returns the original address that we've put in initially, not resolved one
|
|
||||||
func (p *plainDNS) Address() string { return p.boot.address }
|
|
||||||
|
|
||||||
func (p *plainDNS) Exchange(m *dns.Msg) (*dns.Msg, error) {
|
|
||||||
addr, _, err := p.boot.get()
|
|
||||||
if err != nil {
|
|
||||||
return nil, err
|
|
||||||
}
|
|
||||||
if p.preferTCP {
|
|
||||||
reply, _, err := defaultTCPClient.Exchange(m, addr)
|
|
||||||
return reply, err
|
|
||||||
}
|
|
||||||
|
|
||||||
reply, _, err := defaultUDPClient.Exchange(m, addr)
|
|
||||||
if err != nil && reply != nil && reply.Truncated {
|
|
||||||
log.Printf("Truncated message was received, retrying over TCP, question: %s", m.Question[0].String())
|
|
||||||
reply, _, err = defaultTCPClient.Exchange(m, addr)
|
|
||||||
}
|
|
||||||
|
|
||||||
return reply, err
|
|
||||||
}
|
|
||||||
|
|
||||||
//
|
|
||||||
// DNS-over-TLS
|
|
||||||
//
|
|
||||||
type dnsOverTLS struct {
|
|
||||||
boot bootstrapper
|
|
||||||
pool *TLSPool
|
|
||||||
|
|
||||||
sync.RWMutex // protects pool
|
|
||||||
}
|
|
||||||
|
|
||||||
func (p *dnsOverTLS) Address() string { return p.boot.address }
|
|
||||||
|
|
||||||
func (p *dnsOverTLS) Exchange(m *dns.Msg) (*dns.Msg, error) {
|
|
||||||
var pool *TLSPool
|
|
||||||
p.RLock()
|
|
||||||
pool = p.pool
|
|
||||||
p.RUnlock()
|
|
||||||
if pool == nil {
|
|
||||||
p.Lock()
|
|
||||||
// lazy initialize it
|
|
||||||
p.pool = &TLSPool{boot: &p.boot}
|
|
||||||
p.Unlock()
|
|
||||||
}
|
|
||||||
|
|
||||||
p.RLock()
|
|
||||||
poolConn, err := p.pool.Get()
|
|
||||||
p.RUnlock()
|
|
||||||
if err != nil {
|
|
||||||
return nil, errorx.Decorate(err, "Failed to get a connection from TLSPool to %s", p.Address())
|
|
||||||
}
|
|
||||||
c := dns.Conn{Conn: poolConn}
|
|
||||||
err = c.WriteMsg(m)
|
|
||||||
if err != nil {
|
|
||||||
poolConn.Close()
|
|
||||||
return nil, errorx.Decorate(err, "Failed to send a request to %s", p.Address())
|
|
||||||
}
|
|
||||||
|
|
||||||
reply, err := c.ReadMsg()
|
|
||||||
if err != nil {
|
|
||||||
poolConn.Close()
|
|
||||||
return nil, errorx.Decorate(err, "Failed to read a request from %s", p.Address())
|
|
||||||
}
|
|
||||||
p.RLock()
|
|
||||||
p.pool.Put(poolConn)
|
|
||||||
p.RUnlock()
|
|
||||||
return reply, nil
|
|
||||||
}
|
|
||||||
|
|
||||||
//
|
|
||||||
// DNS-over-https
|
|
||||||
//
|
|
||||||
type dnsOverHTTPS struct {
|
|
||||||
boot bootstrapper
|
|
||||||
}
|
|
||||||
|
|
||||||
func (p *dnsOverHTTPS) Address() string { return p.boot.address }
|
|
||||||
|
|
||||||
func (p *dnsOverHTTPS) Exchange(m *dns.Msg) (*dns.Msg, error) {
|
|
||||||
addr, tlsConfig, err := p.boot.get()
|
|
||||||
if err != nil {
|
|
||||||
return nil, errorx.Decorate(err, "Couldn't bootstrap %s", p.boot.address)
|
|
||||||
}
|
|
||||||
|
|
||||||
buf, err := m.Pack()
|
|
||||||
if err != nil {
|
|
||||||
return nil, errorx.Decorate(err, "Couldn't pack request msg")
|
|
||||||
}
|
|
||||||
bb := bytes.NewBuffer(buf)
|
|
||||||
|
|
||||||
// set up a custom request with custom URL
|
|
||||||
url, err := url.Parse(p.boot.address)
|
|
||||||
if err != nil {
|
|
||||||
return nil, errorx.Decorate(err, "Couldn't parse URL %s", p.boot.address)
|
|
||||||
}
|
|
||||||
req := http.Request{
|
|
||||||
Method: "POST",
|
|
||||||
URL: url,
|
|
||||||
Body: ioutil.NopCloser(bb),
|
|
||||||
Header: make(http.Header),
|
|
||||||
Host: url.Host,
|
|
||||||
}
|
|
||||||
url.Host = addr
|
|
||||||
req.Header.Set("Content-Type", "application/dns-message")
|
|
||||||
client := http.Client{
|
|
||||||
Transport: &http.Transport{TLSClientConfig: tlsConfig},
|
|
||||||
}
|
|
||||||
resp, err := client.Do(&req)
|
|
||||||
if resp != nil && resp.Body != nil {
|
|
||||||
defer resp.Body.Close()
|
|
||||||
}
|
|
||||||
if err != nil {
|
|
||||||
return nil, errorx.Decorate(err, "Couldn't do a POST request to '%s'", addr)
|
|
||||||
}
|
|
||||||
|
|
||||||
body, err := ioutil.ReadAll(resp.Body)
|
|
||||||
if err != nil {
|
|
||||||
return nil, errorx.Decorate(err, "Couldn't read body contents for '%s'", addr)
|
|
||||||
}
|
|
||||||
if resp.StatusCode != http.StatusOK {
|
|
||||||
return nil, fmt.Errorf("Got an unexpected HTTP status code %d from '%s'", resp.StatusCode, addr)
|
|
||||||
}
|
|
||||||
if len(body) == 0 {
|
|
||||||
return nil, fmt.Errorf("Got an unexpected empty body from '%s'", addr)
|
|
||||||
}
|
|
||||||
response := dns.Msg{}
|
|
||||||
err = response.Unpack(body)
|
|
||||||
if err != nil {
|
|
||||||
return nil, errorx.Decorate(err, "Couldn't unpack DNS response from '%s': body is %s", addr, string(body))
|
|
||||||
}
|
|
||||||
return &response, nil
|
|
||||||
}
|
|
||||||
|
|
||||||
//
|
|
||||||
// DNSCrypt
|
|
||||||
//
|
|
||||||
type dnsCrypt struct {
|
|
||||||
boot bootstrapper
|
|
||||||
client *dnscrypt.Client // DNSCrypt client properties
|
|
||||||
serverInfo *dnscrypt.ServerInfo // DNSCrypt server info
|
|
||||||
|
|
||||||
sync.RWMutex // protects DNSCrypt client
|
|
||||||
}
|
|
||||||
|
|
||||||
func (p *dnsCrypt) Address() string { return p.boot.address }
|
|
||||||
|
|
||||||
func (p *dnsCrypt) Exchange(m *dns.Msg) (*dns.Msg, error) {
|
|
||||||
|
|
||||||
var client *dnscrypt.Client
|
|
||||||
var serverInfo *dnscrypt.ServerInfo
|
|
||||||
|
|
||||||
p.RLock()
|
|
||||||
client = p.client
|
|
||||||
serverInfo = p.serverInfo
|
|
||||||
p.RUnlock()
|
|
||||||
|
|
||||||
now := uint32(time.Now().Unix())
|
|
||||||
if client == nil || serverInfo == nil || (serverInfo != nil && serverInfo.ServerCert.NotAfter < now) {
|
|
||||||
p.Lock()
|
|
||||||
|
|
||||||
// Using "udp" for DNSCrypt upstreams by default
|
|
||||||
client = &dnscrypt.Client{Timeout: defaultTimeout, AdjustPayloadSize: true}
|
|
||||||
si, _, err := client.Dial(p.boot.address)
|
|
||||||
|
|
||||||
if err != nil {
|
|
||||||
p.Unlock()
|
|
||||||
return nil, errorx.Decorate(err, "Failed to fetch certificate info from %s", p.Address())
|
|
||||||
}
|
|
||||||
|
|
||||||
p.client = client
|
|
||||||
p.serverInfo = si
|
|
||||||
serverInfo = si
|
|
||||||
p.Unlock()
|
|
||||||
}
|
|
||||||
|
|
||||||
reply, _, err := client.Exchange(m, serverInfo)
|
|
||||||
|
|
||||||
if err, ok := err.(net.Error); ok && err.Timeout() {
|
|
||||||
// If request times out, it is possible that the server configuration has been changed.
|
|
||||||
// It is safe to assume that the key was rotated (for instance, as it is described here: https://dnscrypt.pl/2017/02/26/how-key-rotation-is-automated/).
|
|
||||||
// We should re-fetch the server certificate info so that the new requests were not failing.
|
|
||||||
p.Lock()
|
|
||||||
p.client = nil
|
|
||||||
p.serverInfo = nil
|
|
||||||
p.Unlock()
|
|
||||||
}
|
|
||||||
|
|
||||||
return reply, err
|
|
||||||
}
|
|
||||||
|
|
||||||
func (s *Server) chooseUpstream() Upstream {
|
|
||||||
upstreams := s.Upstreams
|
|
||||||
if upstreams == nil {
|
|
||||||
upstreams = defaultValues.Upstreams
|
|
||||||
}
|
|
||||||
if len(upstreams) == 0 {
|
|
||||||
panic("SHOULD NOT HAPPEN: no default upstreams specified")
|
|
||||||
}
|
|
||||||
if len(upstreams) == 1 {
|
|
||||||
return upstreams[0]
|
|
||||||
}
|
|
||||||
n := rand.Intn(len(upstreams))
|
|
||||||
upstream := upstreams[n]
|
|
||||||
return upstream
|
|
||||||
}
|
|
||||||
|
|
||||||
func AddressToUpstream(address string, bootstrap string) (Upstream, error) {
|
|
||||||
if strings.Contains(address, "://") {
|
|
||||||
url, err := url.Parse(address)
|
|
||||||
if err != nil {
|
|
||||||
return nil, errorx.Decorate(err, "Failed to parse %s", address)
|
|
||||||
}
|
|
||||||
switch url.Scheme {
|
|
||||||
case "sdns":
|
|
||||||
stamp, err := dnsstamps.NewServerStampFromString(address)
|
|
||||||
if err != nil {
|
|
||||||
return nil, errorx.Decorate(err, "Failed to parse %s", address)
|
|
||||||
}
|
|
||||||
|
|
||||||
switch stamp.Proto {
|
|
||||||
case dnsstamps.StampProtoTypeDNSCrypt:
|
|
||||||
return &dnsCrypt{boot: toBoot(url.String(), bootstrap)}, nil
|
|
||||||
case dnsstamps.StampProtoTypeDoH:
|
|
||||||
return AddressToUpstream(fmt.Sprintf("https://%s%s", stamp.ProviderName, stamp.Path), bootstrap)
|
|
||||||
}
|
|
||||||
|
|
||||||
return nil, fmt.Errorf("Unsupported protocol %v in %s", stamp.Proto, address)
|
|
||||||
case "dns":
|
|
||||||
if url.Port() == "" {
|
|
||||||
url.Host += ":53"
|
|
||||||
}
|
|
||||||
return &plainDNS{boot: toBoot(url.Host, bootstrap)}, nil
|
|
||||||
case "tcp":
|
|
||||||
if url.Port() == "" {
|
|
||||||
url.Host += ":53"
|
|
||||||
}
|
|
||||||
return &plainDNS{boot: toBoot(url.Host, bootstrap), preferTCP: true}, nil
|
|
||||||
case "tls":
|
|
||||||
if url.Port() == "" {
|
|
||||||
url.Host += ":853"
|
|
||||||
}
|
|
||||||
return &dnsOverTLS{boot: toBoot(url.String(), bootstrap)}, nil
|
|
||||||
case "https":
|
|
||||||
if url.Port() == "" {
|
|
||||||
url.Host += ":443"
|
|
||||||
}
|
|
||||||
return &dnsOverHTTPS{boot: toBoot(url.String(), bootstrap)}, nil
|
|
||||||
default:
|
|
||||||
// assume it's plain DNS
|
|
||||||
if url.Port() == "" {
|
|
||||||
url.Host += ":53"
|
|
||||||
}
|
|
||||||
return &plainDNS{boot: toBoot(url.String(), bootstrap)}, nil
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
// we don't have scheme in the url, so it's just a plain DNS host:port
|
|
||||||
_, _, err := net.SplitHostPort(address)
|
|
||||||
if err != nil {
|
|
||||||
// doesn't have port, default to 53
|
|
||||||
address = net.JoinHostPort(address, "53")
|
|
||||||
}
|
|
||||||
return &plainDNS{boot: toBoot(address, bootstrap)}, nil
|
|
||||||
}
|
|
|
@ -1,74 +0,0 @@
|
||||||
package dnsforward
|
|
||||||
|
|
||||||
import (
|
|
||||||
"crypto/tls"
|
|
||||||
"net"
|
|
||||||
"sync"
|
|
||||||
|
|
||||||
"github.com/joomcode/errorx"
|
|
||||||
)
|
|
||||||
|
|
||||||
// Upstream TLS pool.
|
|
||||||
//
|
|
||||||
// Example:
|
|
||||||
// pool := TLSPool{Address: "tls://1.1.1.1:853"}
|
|
||||||
// netConn, err := pool.Get()
|
|
||||||
// if err != nil {panic(err)}
|
|
||||||
// c := dns.Conn{Conn: netConn}
|
|
||||||
// q := dns.Msg{}
|
|
||||||
// q.SetQuestion("google.com.", dns.TypeA)
|
|
||||||
// log.Println(q)
|
|
||||||
// err = c.WriteMsg(&q)
|
|
||||||
// if err != nil {panic(err)}
|
|
||||||
// r, err := c.ReadMsg()
|
|
||||||
// if err != nil {panic(err)}
|
|
||||||
// log.Println(r)
|
|
||||||
// pool.Put(c.Conn)
|
|
||||||
type TLSPool struct {
|
|
||||||
boot *bootstrapper
|
|
||||||
|
|
||||||
// connections
|
|
||||||
conns []net.Conn
|
|
||||||
connsMutex sync.Mutex // protects conns
|
|
||||||
}
|
|
||||||
|
|
||||||
func (n *TLSPool) Get() (net.Conn, error) {
|
|
||||||
address, tlsConfig, err := n.boot.get()
|
|
||||||
if err != nil {
|
|
||||||
return nil, err
|
|
||||||
}
|
|
||||||
|
|
||||||
// get the connection from the slice inside the lock
|
|
||||||
var c net.Conn
|
|
||||||
n.connsMutex.Lock()
|
|
||||||
num := len(n.conns)
|
|
||||||
if num > 0 {
|
|
||||||
last := num - 1
|
|
||||||
c = n.conns[last]
|
|
||||||
n.conns = n.conns[:last]
|
|
||||||
}
|
|
||||||
n.connsMutex.Unlock()
|
|
||||||
|
|
||||||
// if we got connection from the slice, return it
|
|
||||||
if c != nil {
|
|
||||||
// log.Printf("Returning existing connection to %s", host)
|
|
||||||
return c, nil
|
|
||||||
}
|
|
||||||
|
|
||||||
// we'll need a new connection, dial now
|
|
||||||
// log.Printf("Dialing to %s", address)
|
|
||||||
conn, err := tls.Dial("tcp", address, tlsConfig)
|
|
||||||
if err != nil {
|
|
||||||
return nil, errorx.Decorate(err, "Failed to connect to %s", address)
|
|
||||||
}
|
|
||||||
return conn, nil
|
|
||||||
}
|
|
||||||
|
|
||||||
func (n *TLSPool) Put(c net.Conn) {
|
|
||||||
if c == nil {
|
|
||||||
return
|
|
||||||
}
|
|
||||||
n.connsMutex.Lock()
|
|
||||||
n.conns = append(n.conns, c)
|
|
||||||
n.connsMutex.Unlock()
|
|
||||||
}
|
|
|
@ -1,123 +0,0 @@
|
||||||
package dnsforward
|
|
||||||
|
|
||||||
import (
|
|
||||||
"net"
|
|
||||||
"testing"
|
|
||||||
|
|
||||||
"github.com/miekg/dns"
|
|
||||||
)
|
|
||||||
|
|
||||||
func TestUpstreams(t *testing.T) {
|
|
||||||
|
|
||||||
upstreams := []struct {
|
|
||||||
address string
|
|
||||||
bootstrap string
|
|
||||||
}{
|
|
||||||
{
|
|
||||||
address: "8.8.8.8:53",
|
|
||||||
bootstrap: "8.8.8.8:53",
|
|
||||||
},
|
|
||||||
{
|
|
||||||
address: "1.1.1.1",
|
|
||||||
bootstrap: "",
|
|
||||||
},
|
|
||||||
{
|
|
||||||
address: "tcp://1.1.1.1:53",
|
|
||||||
bootstrap: "",
|
|
||||||
},
|
|
||||||
{
|
|
||||||
address: "176.103.130.130:5353",
|
|
||||||
bootstrap: "",
|
|
||||||
},
|
|
||||||
{
|
|
||||||
address: "tls://1.1.1.1",
|
|
||||||
bootstrap: "",
|
|
||||||
},
|
|
||||||
{
|
|
||||||
address: "tls://9.9.9.9:853",
|
|
||||||
bootstrap: "",
|
|
||||||
},
|
|
||||||
{
|
|
||||||
address: "tls://security-filter-dns.cleanbrowsing.org",
|
|
||||||
bootstrap: "8.8.8.8:53",
|
|
||||||
},
|
|
||||||
{
|
|
||||||
address: "tls://adult-filter-dns.cleanbrowsing.org:853",
|
|
||||||
bootstrap: "8.8.8.8:53",
|
|
||||||
},
|
|
||||||
{
|
|
||||||
address: "https://cloudflare-dns.com/dns-query",
|
|
||||||
bootstrap: "8.8.8.8:53",
|
|
||||||
},
|
|
||||||
{
|
|
||||||
address: "https://dns.google.com/experimental",
|
|
||||||
bootstrap: "8.8.8.8:53",
|
|
||||||
},
|
|
||||||
{
|
|
||||||
address: "https://doh.cleanbrowsing.org/doh/security-filter/",
|
|
||||||
bootstrap: "",
|
|
||||||
},
|
|
||||||
{
|
|
||||||
// AdGuard DNS (DNSCrypt)
|
|
||||||
address: "sdns://AQIAAAAAAAAAFDE3Ni4xMDMuMTMwLjEzMDo1NDQzINErR_JS3PLCu_iZEIbq95zkSV2LFsigxDIuUso_OQhzIjIuZG5zY3J5cHQuZGVmYXVsdC5uczEuYWRndWFyZC5jb20",
|
|
||||||
bootstrap: "",
|
|
||||||
},
|
|
||||||
{
|
|
||||||
// Cisco OpenDNS (DNSCrypt)
|
|
||||||
address: "sdns://AQAAAAAAAAAADjIwOC42Ny4yMjAuMjIwILc1EUAgbyJdPivYItf9aR6hwzzI1maNDL4Ev6vKQ_t5GzIuZG5zY3J5cHQtY2VydC5vcGVuZG5zLmNvbQ",
|
|
||||||
bootstrap: "8.8.8.8:53",
|
|
||||||
},
|
|
||||||
{
|
|
||||||
// Cloudflare DNS (DoH)
|
|
||||||
address: "sdns://AgcAAAAAAAAABzEuMC4wLjGgENk8mGSlIfMGXMOlIlCcKvq7AVgcrZxtjon911-ep0cg63Ul-I8NlFj4GplQGb_TTLiczclX57DvMV8Q-JdjgRgSZG5zLmNsb3VkZmxhcmUuY29tCi9kbnMtcXVlcnk",
|
|
||||||
bootstrap: "8.8.8.8:53",
|
|
||||||
},
|
|
||||||
{
|
|
||||||
// doh-cleanbrowsing-security (https://doh.cleanbrowsing.org/doh/security-filter/)
|
|
||||||
address: "sdns://AgMAAAAAAAAAAAAVZG9oLmNsZWFuYnJvd3Npbmcub3JnFS9kb2gvc2VjdXJpdHktZmlsdGVyLw",
|
|
||||||
bootstrap: "8.8.8.8:53",
|
|
||||||
},
|
|
||||||
{
|
|
||||||
// Google (DNS-over-HTTPS)
|
|
||||||
address: "sdns://AgUAAAAAAAAAACAe9iTP_15r07rd8_3b_epWVGfjdymdx-5mdRZvMAzBuQ5kbnMuZ29vZ2xlLmNvbQ0vZXhwZXJpbWVudGFs",
|
|
||||||
bootstrap: "8.8.8.8:53",
|
|
||||||
},
|
|
||||||
}
|
|
||||||
for _, test := range upstreams {
|
|
||||||
|
|
||||||
t.Run(test.address, func(t *testing.T) {
|
|
||||||
u, err := AddressToUpstream(test.address, test.bootstrap)
|
|
||||||
if err != nil {
|
|
||||||
t.Fatalf("Failed to generate upstream from address %s: %s", test.address, err)
|
|
||||||
}
|
|
||||||
|
|
||||||
checkUpstream(t, u, test.address)
|
|
||||||
})
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
func checkUpstream(t *testing.T, u Upstream, addr string) {
|
|
||||||
t.Helper()
|
|
||||||
|
|
||||||
req := dns.Msg{}
|
|
||||||
req.Id = dns.Id()
|
|
||||||
req.RecursionDesired = true
|
|
||||||
req.Question = []dns.Question{
|
|
||||||
{Name: "google-public-dns-a.google.com.", Qtype: dns.TypeA, Qclass: dns.ClassINET},
|
|
||||||
}
|
|
||||||
|
|
||||||
reply, err := u.Exchange(&req)
|
|
||||||
if err != nil {
|
|
||||||
t.Fatalf("Couldn't talk to upstream %s: %s", addr, err)
|
|
||||||
}
|
|
||||||
if len(reply.Answer) != 1 {
|
|
||||||
t.Fatalf("DNS upstream %s returned reply with wrong number of answers - %d", addr, len(reply.Answer))
|
|
||||||
}
|
|
||||||
if a, ok := reply.Answer[0].(*dns.A); ok {
|
|
||||||
if !net.IPv4(8, 8, 8, 8).Equal(a.A) {
|
|
||||||
t.Fatalf("DNS upstream %s returned wrong answer instead of 8.8.8.8: %v", addr, a.A)
|
|
||||||
}
|
|
||||||
} else {
|
|
||||||
t.Fatalf("DNS upstream %s returned wrong answer type instead of A: %v", addr, reply.Answer[0])
|
|
||||||
}
|
|
||||||
}
|
|
8
go.mod
8
go.mod
|
@ -1,6 +1,7 @@
|
||||||
module github.com/AdguardTeam/AdGuardHome
|
module github.com/AdguardTeam/AdGuardHome
|
||||||
|
|
||||||
require (
|
require (
|
||||||
|
github.com/AdguardTeam/dnsproxy v0.9.1
|
||||||
github.com/StackExchange/wmi v0.0.0-20180725035823-b12b22c5341f // indirect
|
github.com/StackExchange/wmi v0.0.0-20180725035823-b12b22c5341f // indirect
|
||||||
github.com/ameshkov/dnscrypt v1.0.0
|
github.com/ameshkov/dnscrypt v1.0.0
|
||||||
github.com/beefsack/go-rate v0.0.0-20180408011153-efa7637bb9b6
|
github.com/beefsack/go-rate v0.0.0-20180408011153-efa7637bb9b6
|
||||||
|
@ -12,12 +13,15 @@ require (
|
||||||
github.com/joomcode/errorx v0.1.0
|
github.com/joomcode/errorx v0.1.0
|
||||||
github.com/miekg/dns v1.1.1
|
github.com/miekg/dns v1.1.1
|
||||||
github.com/patrickmn/go-cache v2.1.0+incompatible
|
github.com/patrickmn/go-cache v2.1.0+incompatible
|
||||||
|
github.com/pkg/errors v0.8.0
|
||||||
github.com/shirou/gopsutil v2.18.10+incompatible
|
github.com/shirou/gopsutil v2.18.10+incompatible
|
||||||
github.com/shirou/w32 v0.0.0-20160930032740-bb4de0191aa4 // indirect
|
github.com/shirou/w32 v0.0.0-20160930032740-bb4de0191aa4 // indirect
|
||||||
|
github.com/sirupsen/logrus v1.2.0
|
||||||
go.uber.org/goleak v0.10.0
|
go.uber.org/goleak v0.10.0
|
||||||
golang.org/x/crypto v0.0.0-20181203042331-505ab145d0a9
|
golang.org/x/crypto v0.0.0-20181203042331-505ab145d0a9
|
||||||
golang.org/x/net v0.0.0-20181217023233-e147a9138326
|
golang.org/x/net v0.0.0-20181220203305-927f97764cc3
|
||||||
golang.org/x/sys v0.0.0-20181217223516-dcdaa6325bcb // indirect
|
golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4 // indirect
|
||||||
|
golang.org/x/sys v0.0.0-20181221143128-b4a75ba826a6 // indirect
|
||||||
gopkg.in/asaskevich/govalidator.v4 v4.0.0-20160518190739-766470278477
|
gopkg.in/asaskevich/govalidator.v4 v4.0.0-20160518190739-766470278477
|
||||||
gopkg.in/yaml.v2 v2.2.1
|
gopkg.in/yaml.v2 v2.2.1
|
||||||
)
|
)
|
||||||
|
|
22
go.sum
22
go.sum
|
@ -1,11 +1,13 @@
|
||||||
|
github.com/AdguardTeam/dnsproxy v0.9.0 h1:doHDmVE9bV1fhiBV8rX76WWaSAB9w1H3u8WIiez5OFs=
|
||||||
|
github.com/AdguardTeam/dnsproxy v0.9.0/go.mod h1:CKZVVknYdoHVirXqqbALEkC+DBY65yCQrzSKYS78GoE=
|
||||||
|
github.com/AdguardTeam/dnsproxy v0.9.1 h1:+F6jqrVOrUjpbzhALjtbwqHfxW4M2YS3mYdhGxLXQ08=
|
||||||
|
github.com/AdguardTeam/dnsproxy v0.9.1/go.mod h1:CKZVVknYdoHVirXqqbALEkC+DBY65yCQrzSKYS78GoE=
|
||||||
github.com/StackExchange/wmi v0.0.0-20180725035823-b12b22c5341f h1:5ZfJxyXo8KyX8DgGXC5B7ILL8y51fci/qYz2B4j8iLY=
|
github.com/StackExchange/wmi v0.0.0-20180725035823-b12b22c5341f h1:5ZfJxyXo8KyX8DgGXC5B7ILL8y51fci/qYz2B4j8iLY=
|
||||||
github.com/StackExchange/wmi v0.0.0-20180725035823-b12b22c5341f/go.mod h1:3eOhrUMpNV+6aFIbp5/iudMxNCF27Vw2OZgy4xEx0Fg=
|
github.com/StackExchange/wmi v0.0.0-20180725035823-b12b22c5341f/go.mod h1:3eOhrUMpNV+6aFIbp5/iudMxNCF27Vw2OZgy4xEx0Fg=
|
||||||
github.com/aead/chacha20 v0.0.0-20180709150244-8b13a72661da h1:KjTM2ks9d14ZYCvmHS9iAKVt9AyzRSqNU1qabPih5BY=
|
github.com/aead/chacha20 v0.0.0-20180709150244-8b13a72661da h1:KjTM2ks9d14ZYCvmHS9iAKVt9AyzRSqNU1qabPih5BY=
|
||||||
github.com/aead/chacha20 v0.0.0-20180709150244-8b13a72661da/go.mod h1:eHEWzANqSiWQsof+nXEI9bUVUyV6F53Fp89EuCh2EAA=
|
github.com/aead/chacha20 v0.0.0-20180709150244-8b13a72661da/go.mod h1:eHEWzANqSiWQsof+nXEI9bUVUyV6F53Fp89EuCh2EAA=
|
||||||
github.com/aead/poly1305 v0.0.0-20180717145839-3fee0db0b635 h1:52m0LGchQBBVqJRyYYufQuIbVqRawmubW3OFGqK1ekw=
|
github.com/aead/poly1305 v0.0.0-20180717145839-3fee0db0b635 h1:52m0LGchQBBVqJRyYYufQuIbVqRawmubW3OFGqK1ekw=
|
||||||
github.com/aead/poly1305 v0.0.0-20180717145839-3fee0db0b635/go.mod h1:lmLxL+FV291OopO93Bwf9fQLQeLyt33VJRUg5VJ30us=
|
github.com/aead/poly1305 v0.0.0-20180717145839-3fee0db0b635/go.mod h1:lmLxL+FV291OopO93Bwf9fQLQeLyt33VJRUg5VJ30us=
|
||||||
github.com/ameshkov/dnscrypt v0.0.0-20181217090431-1215bb8b150f h1:vOaSvI9B3wqzV1g8raDeVzRJnq5RHQxsz0MVXudxdNU=
|
|
||||||
github.com/ameshkov/dnscrypt v0.0.0-20181217090431-1215bb8b150f/go.mod h1:EC7Z1GguyEEwhuLXrcgkRTE3GdyPDSWq2OXefhydGWo=
|
|
||||||
github.com/ameshkov/dnscrypt v1.0.0 h1:Y7YexPCxtVCTDXlXu9n17+1H5YS25vftx8vV8Dhuu+E=
|
github.com/ameshkov/dnscrypt v1.0.0 h1:Y7YexPCxtVCTDXlXu9n17+1H5YS25vftx8vV8Dhuu+E=
|
||||||
github.com/ameshkov/dnscrypt v1.0.0/go.mod h1:EC7Z1GguyEEwhuLXrcgkRTE3GdyPDSWq2OXefhydGWo=
|
github.com/ameshkov/dnscrypt v1.0.0/go.mod h1:EC7Z1GguyEEwhuLXrcgkRTE3GdyPDSWq2OXefhydGWo=
|
||||||
github.com/beefsack/go-rate v0.0.0-20180408011153-efa7637bb9b6 h1:KXlsf+qt/X5ttPGEjR0tPH1xaWWoKBEg9Q1THAj2h3I=
|
github.com/beefsack/go-rate v0.0.0-20180408011153-efa7637bb9b6 h1:KXlsf+qt/X5ttPGEjR0tPH1xaWWoKBEg9Q1THAj2h3I=
|
||||||
|
@ -29,10 +31,16 @@ github.com/jedisct1/go-dnsstamps v0.0.0-20180418170050-1e4999280f86 h1:Olj4M6T1o
|
||||||
github.com/jedisct1/go-dnsstamps v0.0.0-20180418170050-1e4999280f86/go.mod h1:j/ONpSHHmPgDwmFKXg9vhQvIjADe/ft1X4a3TVOmp9g=
|
github.com/jedisct1/go-dnsstamps v0.0.0-20180418170050-1e4999280f86/go.mod h1:j/ONpSHHmPgDwmFKXg9vhQvIjADe/ft1X4a3TVOmp9g=
|
||||||
github.com/jedisct1/xsecretbox v0.0.0-20180508184500-7a679c0bcd9a h1:2nyBWKszM41RO/gt5ElUXigAFiRgJ9KifHDlWOlw0lc=
|
github.com/jedisct1/xsecretbox v0.0.0-20180508184500-7a679c0bcd9a h1:2nyBWKszM41RO/gt5ElUXigAFiRgJ9KifHDlWOlw0lc=
|
||||||
github.com/jedisct1/xsecretbox v0.0.0-20180508184500-7a679c0bcd9a/go.mod h1:YlN58h704uRFD0BwsEGTq+7Wx+WG2i7P49bc+HwHyAY=
|
github.com/jedisct1/xsecretbox v0.0.0-20180508184500-7a679c0bcd9a/go.mod h1:YlN58h704uRFD0BwsEGTq+7Wx+WG2i7P49bc+HwHyAY=
|
||||||
|
github.com/jessevdk/go-flags v1.4.0 h1:4IU2WS7AumrZ/40jfhf4QVDMsQwqA7VEHozFRrGARJA=
|
||||||
|
github.com/jessevdk/go-flags v1.4.0/go.mod h1:4FA24M0QyGHXBuZZK/XkWh8h0e1EYbRYJSGM75WSRxI=
|
||||||
|
github.com/jmcvetta/randutil v0.0.0-20150817122601-2bb1b664bcff h1:6NvhExg4omUC9NfA+l4Oq3ibNNeJUdiAF3iBVB0PlDk=
|
||||||
|
github.com/jmcvetta/randutil v0.0.0-20150817122601-2bb1b664bcff/go.mod h1:ddfPX8Z28YMjiqoaJhNBzWHapTHXejnB5cDCUWDwriw=
|
||||||
github.com/joho/godotenv v1.3.0 h1:Zjp+RcGpHhGlrMbJzXTrZZPrWj+1vfm90La1wgB6Bhc=
|
github.com/joho/godotenv v1.3.0 h1:Zjp+RcGpHhGlrMbJzXTrZZPrWj+1vfm90La1wgB6Bhc=
|
||||||
github.com/joho/godotenv v1.3.0/go.mod h1:7hK45KPybAkOC6peb+G5yklZfMxEjkZhHbwpqxOKXbg=
|
github.com/joho/godotenv v1.3.0/go.mod h1:7hK45KPybAkOC6peb+G5yklZfMxEjkZhHbwpqxOKXbg=
|
||||||
github.com/joomcode/errorx v0.1.0 h1:QmJMiI1DE1UFje2aI1ZWO/VMT5a32qBoXUclGOt8vsc=
|
github.com/joomcode/errorx v0.1.0 h1:QmJMiI1DE1UFje2aI1ZWO/VMT5a32qBoXUclGOt8vsc=
|
||||||
github.com/joomcode/errorx v0.1.0/go.mod h1:kgco15ekB6cs+4Xjzo7SPeXzx38PbJzBwbnu9qfVNHQ=
|
github.com/joomcode/errorx v0.1.0/go.mod h1:kgco15ekB6cs+4Xjzo7SPeXzx38PbJzBwbnu9qfVNHQ=
|
||||||
|
github.com/konsorten/go-windows-terminal-sequences v1.0.1 h1:mweAR1A6xJ3oS2pRaGiHgQ4OO8tzTaLawm8vnODuwDk=
|
||||||
|
github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
|
||||||
github.com/markbates/oncer v0.0.0-20181014194634-05fccaae8fc4 h1:Mlji5gkcpzkqTROyE4ZxZ8hN7osunMb2RuGVrbvMvCc=
|
github.com/markbates/oncer v0.0.0-20181014194634-05fccaae8fc4 h1:Mlji5gkcpzkqTROyE4ZxZ8hN7osunMb2RuGVrbvMvCc=
|
||||||
github.com/markbates/oncer v0.0.0-20181014194634-05fccaae8fc4/go.mod h1:Ld9puTsIW75CHf65OeIOkyKbteujpZVXDpWK6YGZbxE=
|
github.com/markbates/oncer v0.0.0-20181014194634-05fccaae8fc4/go.mod h1:Ld9puTsIW75CHf65OeIOkyKbteujpZVXDpWK6YGZbxE=
|
||||||
github.com/miekg/dns v1.1.1 h1:DVkblRdiScEnEr0LR9nTnEQqHYycjkXW9bOjd+2EL2o=
|
github.com/miekg/dns v1.1.1 h1:DVkblRdiScEnEr0LR9nTnEQqHYycjkXW9bOjd+2EL2o=
|
||||||
|
@ -47,14 +55,18 @@ github.com/shirou/gopsutil v2.18.10+incompatible h1:cy84jW6EVRPa5g9HAHrlbxMSIjBh
|
||||||
github.com/shirou/gopsutil v2.18.10+incompatible/go.mod h1:5b4v6he4MtMOwMlS0TUMTu2PcXUg8+E1lC7eC3UO/RA=
|
github.com/shirou/gopsutil v2.18.10+incompatible/go.mod h1:5b4v6he4MtMOwMlS0TUMTu2PcXUg8+E1lC7eC3UO/RA=
|
||||||
github.com/shirou/w32 v0.0.0-20160930032740-bb4de0191aa4 h1:udFKJ0aHUL60LboW/A+DfgoHVedieIzIXE8uylPue0U=
|
github.com/shirou/w32 v0.0.0-20160930032740-bb4de0191aa4 h1:udFKJ0aHUL60LboW/A+DfgoHVedieIzIXE8uylPue0U=
|
||||||
github.com/shirou/w32 v0.0.0-20160930032740-bb4de0191aa4/go.mod h1:qsXQc7+bwAM3Q1u/4XEfrquwF8Lw7D7y5cD8CuHnfIc=
|
github.com/shirou/w32 v0.0.0-20160930032740-bb4de0191aa4/go.mod h1:qsXQc7+bwAM3Q1u/4XEfrquwF8Lw7D7y5cD8CuHnfIc=
|
||||||
|
github.com/sirupsen/logrus v1.2.0 h1:juTguoYk5qI21pwyTXY3B3Y5cOTH3ZUyZCg1v/mihuo=
|
||||||
|
github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo=
|
||||||
github.com/spf13/cobra v0.0.3 h1:ZlrZ4XsMRm04Fr5pSFxBgfND2EBVa1nLpiy1stUsX/8=
|
github.com/spf13/cobra v0.0.3 h1:ZlrZ4XsMRm04Fr5pSFxBgfND2EBVa1nLpiy1stUsX/8=
|
||||||
github.com/spf13/cobra v0.0.3/go.mod h1:1l0Ry5zgKvJasoi3XT1TypsSe7PqH0Sj9dhYf7v3XqQ=
|
github.com/spf13/cobra v0.0.3/go.mod h1:1l0Ry5zgKvJasoi3XT1TypsSe7PqH0Sj9dhYf7v3XqQ=
|
||||||
github.com/spf13/pflag v1.0.3 h1:zPAT6CGy6wXeQ7NtTnaTerfKOsV6V6F8agHXFiazDkg=
|
github.com/spf13/pflag v1.0.3 h1:zPAT6CGy6wXeQ7NtTnaTerfKOsV6V6F8agHXFiazDkg=
|
||||||
github.com/spf13/pflag v1.0.3/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4=
|
github.com/spf13/pflag v1.0.3/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4=
|
||||||
|
github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
|
||||||
github.com/stretchr/testify v1.2.2 h1:bSDNvY7ZPG5RlJ8otE/7V6gMiyenm9RtJ7IUVIAoJ1w=
|
github.com/stretchr/testify v1.2.2 h1:bSDNvY7ZPG5RlJ8otE/7V6gMiyenm9RtJ7IUVIAoJ1w=
|
||||||
github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
|
github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
|
||||||
go.uber.org/goleak v0.10.0 h1:G3eWbSNIskeRqtsN/1uI5B+eP73y3JUuBsv9AZjehb4=
|
go.uber.org/goleak v0.10.0 h1:G3eWbSNIskeRqtsN/1uI5B+eP73y3JUuBsv9AZjehb4=
|
||||||
go.uber.org/goleak v0.10.0/go.mod h1:VCZuO8V8mFPlL0F5J5GK1rtHV3DrFcQ1R8ryq7FK0aI=
|
go.uber.org/goleak v0.10.0/go.mod h1:VCZuO8V8mFPlL0F5J5GK1rtHV3DrFcQ1R8ryq7FK0aI=
|
||||||
|
golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
|
||||||
golang.org/x/crypto v0.0.0-20181203042331-505ab145d0a9 h1:mKdxBk7AujPs8kU4m80U72y/zjbZ3UcXC7dClwKbUI0=
|
golang.org/x/crypto v0.0.0-20181203042331-505ab145d0a9 h1:mKdxBk7AujPs8kU4m80U72y/zjbZ3UcXC7dClwKbUI0=
|
||||||
golang.org/x/crypto v0.0.0-20181203042331-505ab145d0a9/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
|
golang.org/x/crypto v0.0.0-20181203042331-505ab145d0a9/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
|
||||||
golang.org/x/net v0.0.0-20181102091132-c10e9556a7bc/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
|
golang.org/x/net v0.0.0-20181102091132-c10e9556a7bc/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
|
||||||
|
@ -62,14 +74,20 @@ golang.org/x/net v0.0.0-20181213202711-891ebc4b82d6 h1:gT0Y6H7hbVPUtvtk0YGxMXPgN
|
||||||
golang.org/x/net v0.0.0-20181213202711-891ebc4b82d6/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
|
golang.org/x/net v0.0.0-20181213202711-891ebc4b82d6/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
|
||||||
golang.org/x/net v0.0.0-20181217023233-e147a9138326 h1:iCzOf0xz39Tstp+Tu/WwyGjUXCk34QhQORRxBeXXTA4=
|
golang.org/x/net v0.0.0-20181217023233-e147a9138326 h1:iCzOf0xz39Tstp+Tu/WwyGjUXCk34QhQORRxBeXXTA4=
|
||||||
golang.org/x/net v0.0.0-20181217023233-e147a9138326/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
|
golang.org/x/net v0.0.0-20181217023233-e147a9138326/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
|
||||||
|
golang.org/x/net v0.0.0-20181220203305-927f97764cc3 h1:eH6Eip3UpmR+yM/qI9Ijluzb1bNv/cAU/n+6l8tRSis=
|
||||||
|
golang.org/x/net v0.0.0-20181220203305-927f97764cc3/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
|
||||||
golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f h1:wMNYb4v58l5UBM7MYRLPG6ZhfOqbKu7X5eyFl8ZhKvA=
|
golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f h1:wMNYb4v58l5UBM7MYRLPG6ZhfOqbKu7X5eyFl8ZhKvA=
|
||||||
golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
|
golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
|
||||||
golang.org/x/sync v0.0.0-20181108010431-42b317875d0f h1:Bl/8QSvNqXvPGPGXa2z5xUTmV7VDcZyvRZ+QQXkXTZQ=
|
golang.org/x/sync v0.0.0-20181108010431-42b317875d0f h1:Bl/8QSvNqXvPGPGXa2z5xUTmV7VDcZyvRZ+QQXkXTZQ=
|
||||||
golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
|
golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
|
||||||
|
golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
|
||||||
|
golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
|
||||||
golang.org/x/sys v0.0.0-20181213200352-4d1cda033e06 h1:0oC8rFnE+74kEmuHZ46F6KHsMr5Gx2gUQPuNz28iQZM=
|
golang.org/x/sys v0.0.0-20181213200352-4d1cda033e06 h1:0oC8rFnE+74kEmuHZ46F6KHsMr5Gx2gUQPuNz28iQZM=
|
||||||
golang.org/x/sys v0.0.0-20181213200352-4d1cda033e06/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
|
golang.org/x/sys v0.0.0-20181213200352-4d1cda033e06/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
|
||||||
golang.org/x/sys v0.0.0-20181217223516-dcdaa6325bcb h1:zzdd4xkMwu/GRxhSUJaCPh4/jil9kAbsU7AUmXboO+A=
|
golang.org/x/sys v0.0.0-20181217223516-dcdaa6325bcb h1:zzdd4xkMwu/GRxhSUJaCPh4/jil9kAbsU7AUmXboO+A=
|
||||||
golang.org/x/sys v0.0.0-20181217223516-dcdaa6325bcb/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
|
golang.org/x/sys v0.0.0-20181217223516-dcdaa6325bcb/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
|
||||||
|
golang.org/x/sys v0.0.0-20181221143128-b4a75ba826a6 h1:IcgEB62HYgAhX0Nd/QrVgZlxlcyxbGQHElLUhW2X4Fo=
|
||||||
|
golang.org/x/sys v0.0.0-20181221143128-b4a75ba826a6/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
|
||||||
gopkg.in/asaskevich/govalidator.v4 v4.0.0-20160518190739-766470278477 h1:5xUJw+lg4zao9W4HIDzlFbMYgSgtvNVHh00MEHvbGpQ=
|
gopkg.in/asaskevich/govalidator.v4 v4.0.0-20160518190739-766470278477 h1:5xUJw+lg4zao9W4HIDzlFbMYgSgtvNVHh00MEHvbGpQ=
|
||||||
gopkg.in/asaskevich/govalidator.v4 v4.0.0-20160518190739-766470278477/go.mod h1:QDV1vrFSrowdoOba0UM8VJPUZONT7dnfdLsM+GG53Z8=
|
gopkg.in/asaskevich/govalidator.v4 v4.0.0-20160518190739-766470278477/go.mod h1:QDV1vrFSrowdoOba0UM8VJPUZONT7dnfdLsM+GG53Z8=
|
||||||
gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM=
|
gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM=
|
||||||
|
|
Loading…
Reference in New Issue