Merge pull request #122 in DNS/adguard-dns from feature/dnsproxy to master
* commit '374a0dc2e5b8a93ada7e69242a909607756074c8': Fixing review comments fix imports changed to logrus Start using dnsproxy
This commit is contained in:
commit
8227970d39
|
@ -12,6 +12,8 @@ import (
|
|||
"strings"
|
||||
"time"
|
||||
|
||||
"github.com/AdguardTeam/dnsproxy/upstream"
|
||||
|
||||
"github.com/AdguardTeam/AdGuardHome/dnsforward"
|
||||
"github.com/miekg/dns"
|
||||
|
||||
|
@ -204,7 +206,7 @@ func handleTestUpstreamDNS(w http.ResponseWriter, r *http.Request) {
|
|||
|
||||
func checkDNS(input string) error {
|
||||
log.Printf("Checking if DNS %s works...", input)
|
||||
u, err := dnsforward.AddressToUpstream(input, "")
|
||||
u, err := upstream.AddressToUpstream(input, "")
|
||||
if err != nil {
|
||||
return fmt.Errorf("Failed to choose upstream for %s: %s", input, err)
|
||||
}
|
||||
|
|
6
dns.go
6
dns.go
|
@ -7,6 +7,7 @@ import (
|
|||
|
||||
"github.com/AdguardTeam/AdGuardHome/dnsfilter"
|
||||
"github.com/AdguardTeam/AdGuardHome/dnsforward"
|
||||
"github.com/AdguardTeam/dnsproxy/upstream"
|
||||
"github.com/joomcode/errorx"
|
||||
)
|
||||
|
||||
|
@ -37,7 +38,7 @@ func generateServerConfig() dnsforward.ServerConfig {
|
|||
}
|
||||
|
||||
for _, u := range config.DNS.UpstreamDNS {
|
||||
upstream, err := dnsforward.AddressToUpstream(u, config.DNS.BootstrapDNS)
|
||||
upstream, err := upstream.AddressToUpstream(u, config.DNS.BootstrapDNS)
|
||||
if err != nil {
|
||||
log.Printf("Couldn't get upstream: %s", err)
|
||||
// continue, just ignore the upstream
|
||||
|
@ -67,7 +68,8 @@ func reconfigureDNSServer() error {
|
|||
return fmt.Errorf("Refusing to reconfigure forwarding DNS server: not running")
|
||||
}
|
||||
|
||||
err := dnsServer.Reconfigure(generateServerConfig())
|
||||
config := generateServerConfig()
|
||||
err := dnsServer.Reconfigure(&config)
|
||||
if err != nil {
|
||||
return errorx.Decorate(err, "Couldn't start forwarding DNS server")
|
||||
}
|
||||
|
|
|
@ -1,107 +0,0 @@
|
|||
package dnsforward
|
||||
|
||||
import (
|
||||
"context"
|
||||
"crypto/tls"
|
||||
"fmt"
|
||||
"net"
|
||||
"net/url"
|
||||
"strings"
|
||||
"sync"
|
||||
|
||||
"github.com/joomcode/errorx"
|
||||
)
|
||||
|
||||
type bootstrapper struct {
|
||||
address string // in form of "tls://one.one.one.one:853"
|
||||
resolver *net.Resolver // resolver to use to resolve hostname, if neccessary
|
||||
resolved string // in form "IP:port"
|
||||
resolvedConfig *tls.Config
|
||||
sync.Mutex
|
||||
}
|
||||
|
||||
func toBoot(address, bootstrapAddr string) bootstrapper {
|
||||
var resolver *net.Resolver
|
||||
if bootstrapAddr != "" {
|
||||
resolver = &net.Resolver{
|
||||
PreferGo: true,
|
||||
Dial: func(ctx context.Context, network, address string) (net.Conn, error) {
|
||||
d := net.Dialer{}
|
||||
return d.DialContext(ctx, network, bootstrapAddr)
|
||||
},
|
||||
}
|
||||
}
|
||||
return bootstrapper{
|
||||
address: address,
|
||||
resolver: resolver,
|
||||
}
|
||||
}
|
||||
|
||||
// will get usable IP address from Address field, and caches the result
|
||||
func (n *bootstrapper) get() (string, *tls.Config, error) {
|
||||
// TODO: RLock() here but atomically upgrade to Lock() if fast path doesn't work
|
||||
n.Lock()
|
||||
if n.resolved != "" { // fast path
|
||||
retval, tlsconfig := n.resolved, n.resolvedConfig
|
||||
n.Unlock()
|
||||
return retval, tlsconfig, nil
|
||||
}
|
||||
|
||||
//
|
||||
// slow path
|
||||
//
|
||||
|
||||
defer n.Unlock()
|
||||
|
||||
justHostPort := n.address
|
||||
if strings.Contains(n.address, "://") {
|
||||
url, err := url.Parse(n.address)
|
||||
if err != nil {
|
||||
return "", nil, errorx.Decorate(err, "Failed to parse %s", n.address)
|
||||
}
|
||||
|
||||
justHostPort = url.Host
|
||||
}
|
||||
|
||||
// convert host to IP if neccessary, we know that it's scheme://hostname:port/
|
||||
|
||||
// get a host without port
|
||||
host, port, err := net.SplitHostPort(justHostPort)
|
||||
if err != nil {
|
||||
return "", nil, fmt.Errorf("bootstrapper requires port in address %s", n.address)
|
||||
}
|
||||
|
||||
// if it's an IP
|
||||
ip := net.ParseIP(host)
|
||||
if ip != nil {
|
||||
n.resolved = justHostPort
|
||||
return n.resolved, nil, nil
|
||||
}
|
||||
|
||||
//
|
||||
// if it's a hostname
|
||||
//
|
||||
|
||||
resolver := n.resolver // no need to check for nil resolver -- documented that nil is default resolver
|
||||
addrs, err := resolver.LookupIPAddr(context.TODO(), host)
|
||||
if err != nil {
|
||||
return "", nil, errorx.Decorate(err, "Failed to lookup %s", host)
|
||||
}
|
||||
for _, addr := range addrs {
|
||||
// TODO: support ipv6, support multiple ipv4
|
||||
if addr.IP.To4() == nil {
|
||||
continue
|
||||
}
|
||||
ip = addr.IP
|
||||
break
|
||||
}
|
||||
|
||||
if ip == nil {
|
||||
// couldn't find any suitable IP address
|
||||
return "", nil, fmt.Errorf("Couldn't find any suitable IP address for host %s", host)
|
||||
}
|
||||
|
||||
n.resolved = net.JoinHostPort(ip.String(), port)
|
||||
n.resolvedConfig = &tls.Config{ServerName: host}
|
||||
return n.resolved, n.resolvedConfig, nil
|
||||
}
|
|
@ -1,225 +0,0 @@
|
|||
package dnsforward
|
||||
|
||||
import (
|
||||
"encoding/binary"
|
||||
"log"
|
||||
"math"
|
||||
"strings"
|
||||
"sync"
|
||||
"time"
|
||||
|
||||
"github.com/miekg/dns"
|
||||
)
|
||||
|
||||
type item struct {
|
||||
m *dns.Msg
|
||||
when time.Time
|
||||
}
|
||||
|
||||
type cache struct {
|
||||
items map[string]item
|
||||
|
||||
sync.RWMutex
|
||||
}
|
||||
|
||||
func (c *cache) Get(request *dns.Msg) (*dns.Msg, bool) {
|
||||
if request == nil {
|
||||
return nil, false
|
||||
}
|
||||
ok, key := key(request)
|
||||
if !ok {
|
||||
log.Printf("Get(): key returned !ok")
|
||||
return nil, false
|
||||
}
|
||||
|
||||
c.RLock()
|
||||
item, ok := c.items[key]
|
||||
c.RUnlock()
|
||||
if !ok {
|
||||
return nil, false
|
||||
}
|
||||
// get item's TTL
|
||||
ttl := findLowestTTL(item.m)
|
||||
// zero TTL? delete and don't serve it
|
||||
if ttl == 0 {
|
||||
c.Lock()
|
||||
delete(c.items, key)
|
||||
c.Unlock()
|
||||
return nil, false
|
||||
}
|
||||
// too much time has passed? delete and don't serve it
|
||||
if time.Since(item.when) >= time.Duration(ttl)*time.Second {
|
||||
c.Lock()
|
||||
delete(c.items, key)
|
||||
c.Unlock()
|
||||
return nil, false
|
||||
}
|
||||
response := item.fromItem(request)
|
||||
return response, true
|
||||
}
|
||||
|
||||
func (c *cache) Set(m *dns.Msg) {
|
||||
if m == nil {
|
||||
return // no-op
|
||||
}
|
||||
if !isRequestCacheable(m) {
|
||||
return
|
||||
}
|
||||
if !isResponseCacheable(m) {
|
||||
return
|
||||
}
|
||||
ok, key := key(m)
|
||||
if !ok {
|
||||
return
|
||||
}
|
||||
|
||||
i := toItem(m)
|
||||
|
||||
c.Lock()
|
||||
if c.items == nil {
|
||||
c.items = map[string]item{}
|
||||
}
|
||||
c.items[key] = i
|
||||
c.Unlock()
|
||||
}
|
||||
|
||||
// check only request fields
|
||||
func isRequestCacheable(m *dns.Msg) bool {
|
||||
// truncated messages aren't valid
|
||||
if m.Truncated {
|
||||
log.Printf("Refusing to cache truncated message")
|
||||
return false
|
||||
}
|
||||
|
||||
// if has wrong number of questions, also don't cache
|
||||
if len(m.Question) != 1 {
|
||||
log.Printf("Refusing to cache message with wrong number of questions")
|
||||
return false
|
||||
}
|
||||
|
||||
// only OK or NXdomain replies are cached
|
||||
switch m.Rcode {
|
||||
case dns.RcodeSuccess:
|
||||
case dns.RcodeNameError: // that's an NXDomain
|
||||
case dns.RcodeServerFailure:
|
||||
return false // quietly refuse, don't log
|
||||
default:
|
||||
log.Printf("%s: Refusing to cache message with rcode: %s", m.Question[0].Name, dns.RcodeToString[m.Rcode])
|
||||
return false
|
||||
}
|
||||
|
||||
return true
|
||||
}
|
||||
|
||||
func isResponseCacheable(m *dns.Msg) bool {
|
||||
ttl := findLowestTTL(m)
|
||||
if ttl == 0 {
|
||||
return false
|
||||
}
|
||||
|
||||
return true
|
||||
}
|
||||
|
||||
func findLowestTTL(m *dns.Msg) uint32 {
|
||||
var ttl uint32 = math.MaxUint32
|
||||
found := false
|
||||
|
||||
if m.Answer != nil {
|
||||
for _, r := range m.Answer {
|
||||
if r.Header().Ttl < ttl {
|
||||
ttl = r.Header().Ttl
|
||||
found = true
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if m.Ns != nil {
|
||||
for _, r := range m.Ns {
|
||||
if r.Header().Ttl < ttl {
|
||||
ttl = r.Header().Ttl
|
||||
found = true
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if m.Extra != nil {
|
||||
for _, r := range m.Extra {
|
||||
if r.Header().Rrtype == dns.TypeOPT {
|
||||
continue // OPT records use TTL for other purposes
|
||||
}
|
||||
if r.Header().Ttl < ttl {
|
||||
ttl = r.Header().Ttl
|
||||
found = true
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if found == false {
|
||||
return 0
|
||||
}
|
||||
|
||||
return ttl
|
||||
}
|
||||
|
||||
// key is binary little endian in sequence:
|
||||
// uint16(qtype) then uint16(qclass) then name
|
||||
func key(m *dns.Msg) (bool, string) {
|
||||
if len(m.Question) != 1 {
|
||||
log.Printf("got msg with len(m.Question) != 1: %d", len(m.Question))
|
||||
return false, ""
|
||||
}
|
||||
|
||||
bb := strings.Builder{}
|
||||
b := make([]byte, 2)
|
||||
binary.LittleEndian.PutUint16(b, m.Question[0].Qtype)
|
||||
bb.Write(b)
|
||||
binary.LittleEndian.PutUint16(b, m.Question[0].Qclass)
|
||||
bb.Write(b)
|
||||
name := strings.ToLower(m.Question[0].Name)
|
||||
bb.WriteString(name)
|
||||
return true, bb.String()
|
||||
}
|
||||
|
||||
func toItem(m *dns.Msg) item {
|
||||
return item{
|
||||
m: m,
|
||||
when: time.Now(),
|
||||
}
|
||||
}
|
||||
|
||||
func (i *item) fromItem(request *dns.Msg) *dns.Msg {
|
||||
response := &dns.Msg{}
|
||||
response.SetReply(request)
|
||||
|
||||
response.Authoritative = false
|
||||
response.AuthenticatedData = i.m.AuthenticatedData
|
||||
response.RecursionAvailable = i.m.RecursionAvailable
|
||||
response.Rcode = i.m.Rcode
|
||||
|
||||
ttl := findLowestTTL(i.m)
|
||||
timeleft := math.Round(float64(ttl) - time.Since(i.when).Seconds())
|
||||
var newttl uint32
|
||||
if timeleft > 0 {
|
||||
newttl = uint32(timeleft)
|
||||
}
|
||||
for _, r := range i.m.Answer {
|
||||
answer := dns.Copy(r)
|
||||
answer.Header().Ttl = newttl
|
||||
response.Answer = append(response.Answer, answer)
|
||||
}
|
||||
for _, r := range i.m.Ns {
|
||||
ns := dns.Copy(r)
|
||||
ns.Header().Ttl = newttl
|
||||
response.Ns = append(response.Ns, ns)
|
||||
}
|
||||
for _, r := range i.m.Extra {
|
||||
// don't return OPT records as these are hop-by-hop
|
||||
if r.Header().Rrtype == dns.TypeOPT {
|
||||
continue
|
||||
}
|
||||
extra := dns.Copy(r)
|
||||
extra.Header().Ttl = newttl
|
||||
response.Extra = append(response.Extra, extra)
|
||||
}
|
||||
return response
|
||||
}
|
|
@ -1,144 +0,0 @@
|
|||
package dnsforward
|
||||
|
||||
import (
|
||||
"strings"
|
||||
"testing"
|
||||
|
||||
"github.com/go-test/deep"
|
||||
"github.com/miekg/dns"
|
||||
)
|
||||
|
||||
func RR(rr string) dns.RR {
|
||||
r, err := dns.NewRR(rr)
|
||||
if err != nil {
|
||||
panic(err)
|
||||
}
|
||||
return r
|
||||
}
|
||||
|
||||
// deepEqual is same as deep.Equal, except:
|
||||
// * ignores Id when comparing
|
||||
// * question names are not case sensetive
|
||||
func deepEqualMsg(left *dns.Msg, right *dns.Msg) []string {
|
||||
temp := *left
|
||||
temp.Id = right.Id
|
||||
for i := range left.Question {
|
||||
left.Question[i].Name = strings.ToLower(left.Question[i].Name)
|
||||
}
|
||||
for i := range right.Question {
|
||||
right.Question[i].Name = strings.ToLower(right.Question[i].Name)
|
||||
}
|
||||
return deep.Equal(&temp, right)
|
||||
}
|
||||
|
||||
func TestCacheSanity(t *testing.T) {
|
||||
cache := cache{}
|
||||
request := dns.Msg{}
|
||||
request.SetQuestion("google.com.", dns.TypeA)
|
||||
_, ok := cache.Get(&request)
|
||||
if ok {
|
||||
t.Fatal("empty cache replied with positive response")
|
||||
}
|
||||
}
|
||||
|
||||
type tests struct {
|
||||
cache []testEntry
|
||||
cases []testCase
|
||||
}
|
||||
|
||||
type testEntry struct {
|
||||
q string
|
||||
t uint16
|
||||
a []dns.RR
|
||||
}
|
||||
|
||||
type testCase struct {
|
||||
q string
|
||||
t uint16
|
||||
a []dns.RR
|
||||
ok bool
|
||||
}
|
||||
|
||||
func TestCache(t *testing.T) {
|
||||
tests := tests{
|
||||
cache: []testEntry{
|
||||
{q: "google.com.", t: dns.TypeA, a: []dns.RR{RR("google.com. 3600 IN A 8.8.8.8")}},
|
||||
},
|
||||
cases: []testCase{
|
||||
{q: "google.com.", t: dns.TypeA, a: []dns.RR{RR("google.com. 3600 IN A 8.8.8.8")}, ok: true},
|
||||
{q: "google.com.", t: dns.TypeMX, ok: false},
|
||||
},
|
||||
}
|
||||
runTests(t, tests)
|
||||
}
|
||||
|
||||
func TestCacheMixedCase(t *testing.T) {
|
||||
tests := tests{
|
||||
cache: []testEntry{
|
||||
{q: "gOOgle.com.", t: dns.TypeA, a: []dns.RR{RR("google.com. 3600 IN A 8.8.8.8")}},
|
||||
},
|
||||
cases: []testCase{
|
||||
{q: "gOOgle.com.", t: dns.TypeA, a: []dns.RR{RR("google.com. 3600 IN A 8.8.8.8")}, ok: true},
|
||||
{q: "google.com.", t: dns.TypeA, a: []dns.RR{RR("google.com. 3600 IN A 8.8.8.8")}, ok: true},
|
||||
{q: "GOOGLE.COM.", t: dns.TypeA, a: []dns.RR{RR("google.com. 3600 IN A 8.8.8.8")}, ok: true},
|
||||
{q: "gOOgle.com.", t: dns.TypeMX, ok: false},
|
||||
{q: "google.com.", t: dns.TypeMX, ok: false},
|
||||
{q: "GOOGLE.COM.", t: dns.TypeMX, ok: false},
|
||||
},
|
||||
}
|
||||
runTests(t, tests)
|
||||
}
|
||||
|
||||
func TestZeroTTL(t *testing.T) {
|
||||
tests := tests{
|
||||
cache: []testEntry{
|
||||
{q: "gOOgle.com.", t: dns.TypeA, a: []dns.RR{RR("google.com. 0 IN A 8.8.8.8")}},
|
||||
},
|
||||
cases: []testCase{
|
||||
{q: "google.com.", t: dns.TypeA, ok: false},
|
||||
{q: "google.com.", t: dns.TypeA, ok: false},
|
||||
{q: "google.com.", t: dns.TypeA, ok: false},
|
||||
{q: "google.com.", t: dns.TypeMX, ok: false},
|
||||
{q: "google.com.", t: dns.TypeMX, ok: false},
|
||||
{q: "google.com.", t: dns.TypeMX, ok: false},
|
||||
},
|
||||
}
|
||||
runTests(t, tests)
|
||||
}
|
||||
|
||||
func runTests(t *testing.T, tests tests) {
|
||||
t.Helper()
|
||||
cache := cache{}
|
||||
for _, tc := range tests.cache {
|
||||
reply := dns.Msg{}
|
||||
reply.SetQuestion(tc.q, tc.t)
|
||||
reply.Response = true
|
||||
reply.Answer = tc.a
|
||||
cache.Set(&reply)
|
||||
}
|
||||
for _, tc := range tests.cases {
|
||||
request := dns.Msg{}
|
||||
request.SetQuestion(tc.q, tc.t)
|
||||
val, ok := cache.Get(&request)
|
||||
if diff := deep.Equal(ok, tc.ok); diff != nil {
|
||||
t.Error(diff)
|
||||
}
|
||||
if tc.a != nil {
|
||||
if ok == false {
|
||||
continue
|
||||
}
|
||||
reply := dns.Msg{}
|
||||
reply.SetQuestion(tc.q, tc.t)
|
||||
reply.Response = true
|
||||
reply.Answer = tc.a
|
||||
cache.Set(&reply)
|
||||
if diff := deepEqualMsg(val, &reply); diff != nil {
|
||||
t.Error(diff)
|
||||
} else {
|
||||
if diff := deep.Equal(val, reply); diff == nil {
|
||||
t.Error("different message ID were not caught")
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
|
@ -1,18 +1,24 @@
|
|||
package dnsforward
|
||||
|
||||
import (
|
||||
"errors"
|
||||
"fmt"
|
||||
"log"
|
||||
"net"
|
||||
"reflect"
|
||||
"strings"
|
||||
"sync"
|
||||
"time"
|
||||
|
||||
"github.com/AdguardTeam/AdGuardHome/dnsfilter"
|
||||
"github.com/AdguardTeam/dnsproxy/proxy"
|
||||
"github.com/AdguardTeam/dnsproxy/upstream"
|
||||
"github.com/joomcode/errorx"
|
||||
"github.com/miekg/dns"
|
||||
gocache "github.com/patrickmn/go-cache"
|
||||
log "github.com/sirupsen/logrus"
|
||||
)
|
||||
|
||||
const (
|
||||
safeBrowsingBlockHost = "standard-block.dns.adguard.com"
|
||||
parentalBlockHost = "family-block.dns.adguard.com"
|
||||
)
|
||||
|
||||
// Server is the main way to start a DNS server.
|
||||
|
@ -26,66 +32,18 @@ import (
|
|||
//
|
||||
// The zero Server is empty and ready for use.
|
||||
type Server struct {
|
||||
udpListen *net.UDPConn
|
||||
dnsProxy *proxy.Proxy // DNS proxy instance
|
||||
|
||||
dnsFilter *dnsfilter.Dnsfilter
|
||||
|
||||
cache cache
|
||||
|
||||
ratelimitBuckets *gocache.Cache // where the ratelimiters are stored, per IP
|
||||
dnsFilter *dnsfilter.Dnsfilter // DNS filter instance
|
||||
|
||||
sync.RWMutex
|
||||
ServerConfig
|
||||
}
|
||||
|
||||
const (
|
||||
safeBrowsingBlockHost = "standard-block.dns.adguard.com"
|
||||
parentalBlockHost = "family-block.dns.adguard.com"
|
||||
)
|
||||
|
||||
// uncomment this block to have tracing of locks
|
||||
/*
|
||||
func (s *Server) Lock() {
|
||||
pc := make([]uintptr, 10) // at least 1 entry needed
|
||||
runtime.Callers(2, pc)
|
||||
f := runtime.FuncForPC(pc[0])
|
||||
file, line := f.FileLine(pc[0])
|
||||
fmt.Fprintf(os.Stderr, "%s:%d %s() -> Lock() -> in progress\n", path.Base(file), line, path.Base(f.Name()))
|
||||
s.RWMutex.Lock()
|
||||
fmt.Fprintf(os.Stderr, "%s:%d %s() -> Lock() -> done\n", path.Base(file), line, path.Base(f.Name()))
|
||||
}
|
||||
func (s *Server) RLock() {
|
||||
pc := make([]uintptr, 10) // at least 1 entry needed
|
||||
runtime.Callers(2, pc)
|
||||
f := runtime.FuncForPC(pc[0])
|
||||
file, line := f.FileLine(pc[0])
|
||||
fmt.Fprintf(os.Stderr, "%s:%d %s() -> RLock() -> in progress\n", path.Base(file), line, path.Base(f.Name()))
|
||||
s.RWMutex.RLock()
|
||||
fmt.Fprintf(os.Stderr, "%s:%d %s() -> RLock() -> done\n", path.Base(file), line, path.Base(f.Name()))
|
||||
}
|
||||
func (s *Server) Unlock() {
|
||||
pc := make([]uintptr, 10) // at least 1 entry needed
|
||||
runtime.Callers(2, pc)
|
||||
f := runtime.FuncForPC(pc[0])
|
||||
file, line := f.FileLine(pc[0])
|
||||
fmt.Fprintf(os.Stderr, "%s:%d %s() -> Unlock() -> in progress\n", path.Base(file), line, path.Base(f.Name()))
|
||||
s.RWMutex.Unlock()
|
||||
fmt.Fprintf(os.Stderr, "%s:%d %s() -> Unlock() -> done\n", path.Base(file), line, path.Base(f.Name()))
|
||||
}
|
||||
func (s *Server) RUnlock() {
|
||||
pc := make([]uintptr, 10) // at least 1 entry needed
|
||||
runtime.Callers(2, pc)
|
||||
f := runtime.FuncForPC(pc[0])
|
||||
file, line := f.FileLine(pc[0])
|
||||
fmt.Fprintf(os.Stderr, "%s:%d %s() -> RUnlock() -> in progress\n", path.Base(file), line, path.Base(f.Name()))
|
||||
s.RWMutex.RUnlock()
|
||||
fmt.Fprintf(os.Stderr, "%s:%d %s() -> RUnlock() -> done\n", path.Base(file), line, path.Base(f.Name()))
|
||||
}
|
||||
*/
|
||||
|
||||
// FilteringConfig represents the DNS filtering configuration of AdGuard Home
|
||||
type FilteringConfig struct {
|
||||
ProtectionEnabled bool `yaml:"protection_enabled"`
|
||||
FilteringEnabled bool `yaml:"filtering_enabled"`
|
||||
ProtectionEnabled bool `yaml:"protection_enabled"` // whether or not use any of dnsfilter features
|
||||
FilteringEnabled bool `yaml:"filtering_enabled"` // whether or not use filter lists
|
||||
BlockedResponseTTL uint32 `yaml:"blocked_response_ttl"` // if 0, then default is used (3600)
|
||||
QueryLogEnabled bool `yaml:"querylog_enabled"`
|
||||
Ratelimit int `yaml:"ratelimit"`
|
||||
|
@ -96,11 +54,12 @@ type FilteringConfig struct {
|
|||
dnsfilter.Config `yaml:",inline"`
|
||||
}
|
||||
|
||||
// ServerConfig represents server configuration.
|
||||
// The zero ServerConfig is empty and ready for use.
|
||||
type ServerConfig struct {
|
||||
UDPListenAddr *net.UDPAddr // if nil, then default is is used (port 53 on *)
|
||||
Upstreams []Upstream
|
||||
Filters []dnsfilter.Filter
|
||||
UDPListenAddr *net.UDPAddr // UDP listen address
|
||||
Upstreams []upstream.Upstream // Configured upstreams
|
||||
Filters []dnsfilter.Filter // A list of filters to use
|
||||
|
||||
FilteringConfig
|
||||
}
|
||||
|
@ -109,103 +68,47 @@ type ServerConfig struct {
|
|||
var defaultValues = ServerConfig{
|
||||
UDPListenAddr: &net.UDPAddr{Port: 53},
|
||||
FilteringConfig: FilteringConfig{BlockedResponseTTL: 3600},
|
||||
Upstreams: []Upstream{
|
||||
//// dns over HTTPS
|
||||
// &dnsOverHTTPS{boot: toBoot("https://1.1.1.1/dns-query", "")},
|
||||
// &dnsOverHTTPS{boot: toBoot("https://dns.google.com/experimental", "")},
|
||||
// &dnsOverHTTPS{boot: toBoot("https://doh.cleanbrowsing.org/doh/security-filter/", "")},
|
||||
// &dnsOverHTTPS{boot: toBoot("https://dns10.quad9.net/dns-query", "")},
|
||||
// &dnsOverHTTPS{boot: toBoot("https://doh.powerdns.org", "")},
|
||||
// &dnsOverHTTPS{boot: toBoot("https://doh.securedns.eu/dns-query", "")},
|
||||
|
||||
//// dns over TLS
|
||||
// &dnsOverTLS{boot: toBoot("tls://8.8.8.8:853", "")},
|
||||
// &dnsOverTLS{boot: toBoot("tls://8.8.4.4:853", "")},
|
||||
// &dnsOverTLS{boot: toBoot("tls://1.1.1.1:853", "")},
|
||||
// &dnsOverTLS{boot: toBoot("tls://1.0.0.1:853", "")},
|
||||
|
||||
//// plainDNS
|
||||
&plainDNS{boot: toBoot("8.8.8.8:53", "")},
|
||||
&plainDNS{boot: toBoot("8.8.4.4:53", "")},
|
||||
&plainDNS{boot: toBoot("1.1.1.1:53", "")},
|
||||
&plainDNS{boot: toBoot("1.0.0.1:53", "")},
|
||||
},
|
||||
}
|
||||
|
||||
//
|
||||
// packet loop
|
||||
//
|
||||
func (s *Server) packetLoop() {
|
||||
log.Printf("Entering packet handle loop")
|
||||
b := make([]byte, dns.MaxMsgSize)
|
||||
for {
|
||||
s.RLock()
|
||||
conn := s.udpListen
|
||||
s.RUnlock()
|
||||
if conn == nil {
|
||||
log.Printf("udp socket has disappeared, exiting loop")
|
||||
break
|
||||
}
|
||||
n, addr, err := conn.ReadFrom(b)
|
||||
// documentation says to handle the packet even if err occurs, so do that first
|
||||
if n > 0 {
|
||||
// make a copy of all bytes because ReadFrom() will overwrite contents of b on next call
|
||||
// we need the contents to survive the call because we're handling them in goroutine
|
||||
p := make([]byte, n)
|
||||
copy(p, b)
|
||||
go s.handlePacket(p, addr, conn) // ignore errors
|
||||
}
|
||||
if err != nil {
|
||||
if isConnClosed(err) {
|
||||
log.Printf("ReadFrom() returned because we're reading from a closed connection, exiting loop")
|
||||
// don't try to nullify s.udpListen here, because s.udpListen could be already re-bound to listen
|
||||
break
|
||||
}
|
||||
log.Printf("Got error when reading from udp listen: %s", err)
|
||||
func init() {
|
||||
defaultDNS := []string{"8.8.8.8:53", "8.8.4.4:53"}
|
||||
|
||||
defaultUpstreams := make([]upstream.Upstream, 0)
|
||||
for _, addr := range defaultDNS {
|
||||
u, err := upstream.AddressToUpstream(addr, "")
|
||||
if err == nil {
|
||||
defaultUpstreams = append(defaultUpstreams, u)
|
||||
}
|
||||
}
|
||||
defaultValues.Upstreams = defaultUpstreams
|
||||
}
|
||||
|
||||
//
|
||||
// Control functions
|
||||
//
|
||||
|
||||
// Start starts the DNS server
|
||||
func (s *Server) Start(config *ServerConfig) error {
|
||||
s.Lock()
|
||||
defer s.Unlock()
|
||||
return s.startInternal(config)
|
||||
}
|
||||
|
||||
// startInternal starts without locking
|
||||
func (s *Server) startInternal(config *ServerConfig) error {
|
||||
if config != nil {
|
||||
s.ServerConfig = *config
|
||||
}
|
||||
// TODO: handle being called Start() second time after Stop()
|
||||
if s.udpListen == nil {
|
||||
log.Printf("Creating UDP socket")
|
||||
var err error
|
||||
addr := s.UDPListenAddr
|
||||
if addr == nil {
|
||||
addr = defaultValues.UDPListenAddr
|
||||
}
|
||||
s.udpListen, err = net.ListenUDP("udp", addr)
|
||||
if err != nil {
|
||||
s.udpListen = nil
|
||||
return errorx.Decorate(err, "Couldn't listen to UDP socket")
|
||||
}
|
||||
log.Println(s.udpListen.LocalAddr(), s.UDPListenAddr)
|
||||
|
||||
if s.dnsFilter != nil || s.dnsProxy != nil {
|
||||
return errors.New("DNS server is already started")
|
||||
}
|
||||
|
||||
if s.dnsFilter == nil {
|
||||
log.Printf("Creating dnsfilter")
|
||||
s.dnsFilter = dnsfilter.New(&s.Config)
|
||||
// add rules only if they are enabled
|
||||
if s.FilteringEnabled {
|
||||
s.dnsFilter.AddRules(s.Filters)
|
||||
}
|
||||
err := s.initDNSFilter()
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
log.Printf("Loading stats from querylog")
|
||||
err := fillStatsFromQueryLog()
|
||||
err = fillStatsFromQueryLog()
|
||||
if err != nil {
|
||||
log.Printf("Failed to load stats from querylog: %s", err)
|
||||
return err
|
||||
return errorx.Decorate(err, "failed to load stats from querylog")
|
||||
}
|
||||
|
||||
once.Do(func() {
|
||||
|
@ -214,22 +117,66 @@ func (s *Server) Start(config *ServerConfig) error {
|
|||
go statsRotator()
|
||||
})
|
||||
|
||||
go s.packetLoop()
|
||||
// TODO: Add TCPListenAddr
|
||||
proxyConfig := proxy.Config{
|
||||
UDPListenAddr: s.UDPListenAddr,
|
||||
Ratelimit: s.Ratelimit,
|
||||
RatelimitWhitelist: s.RatelimitWhitelist,
|
||||
RefuseAny: s.RefuseAny,
|
||||
CacheEnabled: true,
|
||||
Upstreams: s.Upstreams,
|
||||
Handler: s.handleDNSRequest,
|
||||
}
|
||||
|
||||
if proxyConfig.UDPListenAddr == nil {
|
||||
proxyConfig.UDPListenAddr = defaultValues.UDPListenAddr
|
||||
}
|
||||
|
||||
if len(proxyConfig.Upstreams) == 0 {
|
||||
proxyConfig.Upstreams = defaultValues.Upstreams
|
||||
}
|
||||
|
||||
// Initialize and start the DNS proxy
|
||||
s.dnsProxy = &proxy.Proxy{Config: proxyConfig}
|
||||
return s.dnsProxy.Start()
|
||||
}
|
||||
|
||||
// Initializes the DNS filter
|
||||
func (s *Server) initDNSFilter() error {
|
||||
log.Printf("Creating dnsfilter")
|
||||
s.dnsFilter = dnsfilter.New(&s.Config)
|
||||
// add rules only if they are enabled
|
||||
if s.FilteringEnabled {
|
||||
err := s.dnsFilter.AddRules(s.Filters)
|
||||
if err != nil {
|
||||
return errorx.Decorate(err, "could not initialize dnsfilter")
|
||||
}
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
// Stop stops the DNS server
|
||||
func (s *Server) Stop() error {
|
||||
s.Lock()
|
||||
defer s.Unlock()
|
||||
if s.udpListen != nil {
|
||||
err := s.udpListen.Close()
|
||||
s.udpListen = nil
|
||||
return s.stopInternal()
|
||||
}
|
||||
|
||||
// stopInternal stops without locking
|
||||
func (s *Server) stopInternal() error {
|
||||
if s.dnsProxy != nil {
|
||||
err := s.dnsProxy.Stop()
|
||||
s.dnsProxy = nil
|
||||
if err != nil {
|
||||
return errorx.Decorate(err, "Couldn't close UDP listening socket")
|
||||
return errorx.Decorate(err, "could not stop the DNS server properly")
|
||||
}
|
||||
}
|
||||
|
||||
if s.dnsFilter != nil {
|
||||
s.dnsFilter.Destroy()
|
||||
s.dnsFilter = nil
|
||||
}
|
||||
|
||||
// flush remainder to file
|
||||
logBufferLock.Lock()
|
||||
flushBuffer := logBuffer
|
||||
|
@ -244,283 +191,55 @@ func (s *Server) Stop() error {
|
|||
return nil
|
||||
}
|
||||
|
||||
// IsRunning returns true if the DNS server is running
|
||||
func (s *Server) IsRunning() bool {
|
||||
s.RLock()
|
||||
isRunning := true
|
||||
if s.udpListen == nil {
|
||||
if s.dnsProxy == nil {
|
||||
isRunning = false
|
||||
}
|
||||
s.RUnlock()
|
||||
return isRunning
|
||||
}
|
||||
|
||||
//
|
||||
// Server reconfigure
|
||||
//
|
||||
|
||||
func (s *Server) reconfigureListenAddr(new ServerConfig) error {
|
||||
oldAddr := s.UDPListenAddr
|
||||
if oldAddr == nil {
|
||||
oldAddr = defaultValues.UDPListenAddr
|
||||
}
|
||||
newAddr := new.UDPListenAddr
|
||||
if newAddr == nil {
|
||||
newAddr = defaultValues.UDPListenAddr
|
||||
}
|
||||
if newAddr.Port == 0 {
|
||||
return errorx.IllegalArgument.New("new port cannot be 0")
|
||||
}
|
||||
if reflect.DeepEqual(oldAddr, newAddr) {
|
||||
// do nothing, the addresses are exactly the same
|
||||
log.Printf("Not going to rebind because addresses are same: %v -> %v", oldAddr, newAddr)
|
||||
return nil
|
||||
}
|
||||
|
||||
// rebind, using a strategy:
|
||||
// * if ports are different, bind new first, then close old
|
||||
// * if ports are same, close old first, then bind new
|
||||
var newListen *net.UDPConn
|
||||
var err error
|
||||
if oldAddr.Port != newAddr.Port {
|
||||
log.Printf("Rebinding -- ports are different so bind first then close")
|
||||
newListen, err = net.ListenUDP("udp", newAddr)
|
||||
if err != nil {
|
||||
return errorx.Decorate(err, "Couldn't bind to %v", newAddr)
|
||||
}
|
||||
// Reconfigure applies the new configuration to the DNS server
|
||||
func (s *Server) Reconfigure(config *ServerConfig) error {
|
||||
s.Lock()
|
||||
if s.udpListen != nil {
|
||||
err = s.udpListen.Close()
|
||||
s.udpListen = nil
|
||||
}
|
||||
s.Unlock()
|
||||
if err != nil {
|
||||
return errorx.Decorate(err, "Couldn't close UDP listening socket")
|
||||
}
|
||||
} else {
|
||||
log.Printf("Rebinding -- ports are same so close first then bind")
|
||||
s.Lock()
|
||||
if s.udpListen != nil {
|
||||
err = s.udpListen.Close()
|
||||
s.udpListen = nil
|
||||
}
|
||||
s.Unlock()
|
||||
if err != nil {
|
||||
return errorx.Decorate(err, "Couldn't close UDP listening socket")
|
||||
}
|
||||
newListen, err = net.ListenUDP("udp", newAddr)
|
||||
if err != nil {
|
||||
return errorx.Decorate(err, "Couldn't bind to %v", newAddr)
|
||||
}
|
||||
}
|
||||
s.Lock()
|
||||
s.udpListen = newListen
|
||||
s.UDPListenAddr = new.UDPListenAddr
|
||||
s.Unlock()
|
||||
log.Println(s.udpListen.LocalAddr(), s.UDPListenAddr)
|
||||
defer s.Unlock()
|
||||
|
||||
go s.packetLoop() // the old one has quit, use new one
|
||||
log.Print("Start reconfiguring the server")
|
||||
err := s.stopInternal()
|
||||
if err != nil {
|
||||
return errorx.Decorate(err, "could not reconfigure the server")
|
||||
}
|
||||
err = s.startInternal(config)
|
||||
if err != nil {
|
||||
return errorx.Decorate(err, "could not reconfigure the server")
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
func (s *Server) reconfigureBlockedResponseTTL(new ServerConfig) {
|
||||
newVal := new.BlockedResponseTTL
|
||||
if newVal == 0 {
|
||||
newVal = defaultValues.BlockedResponseTTL
|
||||
}
|
||||
oldVal := s.BlockedResponseTTL
|
||||
if oldVal == 0 {
|
||||
oldVal = defaultValues.BlockedResponseTTL
|
||||
}
|
||||
if newVal != oldVal {
|
||||
s.BlockedResponseTTL = new.BlockedResponseTTL
|
||||
}
|
||||
}
|
||||
|
||||
func (s *Server) reconfigureUpstreams(new ServerConfig) {
|
||||
newVal := new.Upstreams
|
||||
if len(newVal) == 0 {
|
||||
newVal = defaultValues.Upstreams
|
||||
}
|
||||
oldVal := s.Upstreams
|
||||
if len(oldVal) == 0 {
|
||||
oldVal = defaultValues.Upstreams
|
||||
}
|
||||
if reflect.DeepEqual(newVal, oldVal) {
|
||||
// they're exactly the same, do nothing
|
||||
return
|
||||
}
|
||||
s.Upstreams = new.Upstreams
|
||||
}
|
||||
|
||||
func (s *Server) reconfigureFiltering(new ServerConfig) {
|
||||
newFilters := new.Filters
|
||||
if len(newFilters) == 0 {
|
||||
newFilters = defaultValues.Filters
|
||||
}
|
||||
oldFilters := s.Filters
|
||||
if len(oldFilters) == 0 {
|
||||
oldFilters = defaultValues.Filters
|
||||
}
|
||||
|
||||
needUpdate := false
|
||||
if !reflect.DeepEqual(newFilters, oldFilters) {
|
||||
needUpdate = true
|
||||
}
|
||||
|
||||
if !reflect.DeepEqual(new.FilteringConfig, s.FilteringConfig) {
|
||||
needUpdate = true
|
||||
}
|
||||
|
||||
if !needUpdate {
|
||||
// nothing to do, everything is same
|
||||
return
|
||||
}
|
||||
|
||||
// TODO: instead of creating new dnsfilter, change existing one's settings and filters
|
||||
dnsFilter := dnsfilter.New(&new.Config) // sets safebrowsing, safesearch and parental
|
||||
|
||||
// add rules only if they are enabled
|
||||
if new.FilteringEnabled {
|
||||
dnsFilter.AddRules(newFilters)
|
||||
}
|
||||
|
||||
s.Lock()
|
||||
oldDNSFilter := s.dnsFilter
|
||||
s.dnsFilter = dnsFilter
|
||||
s.FilteringConfig = new.FilteringConfig
|
||||
s.Unlock()
|
||||
|
||||
oldDNSFilter.Destroy()
|
||||
}
|
||||
|
||||
func (s *Server) Reconfigure(new ServerConfig) error {
|
||||
s.reconfigureBlockedResponseTTL(new)
|
||||
s.reconfigureUpstreams(new)
|
||||
s.reconfigureFiltering(new)
|
||||
|
||||
err := s.reconfigureListenAddr(new)
|
||||
if err != nil {
|
||||
return errorx.Decorate(err, "Couldn't reconfigure to new listening address %+v", new.UDPListenAddr)
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
//
|
||||
// packet handling functions
|
||||
//
|
||||
|
||||
// handlePacketInternal processes the incoming packet bytes and returns with an optional response packet.
|
||||
//
|
||||
// If an empty dns.Msg is returned, do not try to send anything back to client, otherwise send contents of dns.Msg.
|
||||
//
|
||||
// If an error is returned, log it, don't try to generate data based on that error.
|
||||
func (s *Server) handlePacketInternal(msg *dns.Msg, addr net.Addr, conn *net.UDPConn) (*dns.Msg, *dnsfilter.Result, Upstream, error) {
|
||||
// log.Printf("Got packet %d bytes from %s: %v", len(p), addr, p)
|
||||
//
|
||||
// DNS packet byte format is valid
|
||||
//
|
||||
// any errors below here require a response to client
|
||||
// log.Printf("Unpacked: %v", msg.String())
|
||||
if len(msg.Question) != 1 {
|
||||
log.Printf("Got invalid number of questions: %v", len(msg.Question))
|
||||
return s.genServerFailure(msg), nil, nil, nil
|
||||
}
|
||||
|
||||
if msg.Question[0].Qtype == dns.TypeANY && s.RefuseAny {
|
||||
return s.genNotImpl(msg), nil, nil, nil
|
||||
}
|
||||
|
||||
// we need upstream to resolve A records
|
||||
upstream := s.chooseUpstream()
|
||||
|
||||
host := strings.TrimSuffix(msg.Question[0].Name, ".")
|
||||
// use dnsfilter before cache -- changed settings or filters would require cache invalidation otherwise
|
||||
var res dnsfilter.Result
|
||||
var err error
|
||||
if s.ProtectionEnabled {
|
||||
res, err = s.dnsFilter.CheckHost(host)
|
||||
if err != nil {
|
||||
log.Printf("dnsfilter failed to check host '%s': %s", host, err)
|
||||
return s.genServerFailure(msg), &res, nil, err
|
||||
} else if res.IsFiltered {
|
||||
log.Printf("Host %s is filtered, reason - '%s', matched rule: '%s'", host, res.Reason, res.Rule)
|
||||
switch res.Reason {
|
||||
case dnsfilter.FilteredSafeBrowsing:
|
||||
return s.genArecord(msg, safeBrowsingBlockHost, upstream), &res, nil, nil
|
||||
case dnsfilter.FilteredParental:
|
||||
return s.genArecord(msg, parentalBlockHost, upstream), &res, nil, nil
|
||||
}
|
||||
return s.genNXDomain(msg), &res, nil, nil
|
||||
}
|
||||
}
|
||||
|
||||
{
|
||||
val, ok := s.cache.Get(msg)
|
||||
if ok && val != nil {
|
||||
return val, &res, nil, nil
|
||||
}
|
||||
}
|
||||
|
||||
// TODO: replace with single-socket implementation
|
||||
reply, err := upstream.Exchange(msg)
|
||||
if err != nil {
|
||||
log.Printf("talking to upstream failed for host '%s': %s", host, err)
|
||||
return s.genServerFailure(msg), &res, upstream, err
|
||||
}
|
||||
if reply == nil {
|
||||
log.Printf("SHOULD NOT HAPPEN upstream returned empty message for host '%s'. Request is %v", host, msg.String())
|
||||
return s.genServerFailure(msg), &res, upstream, nil
|
||||
}
|
||||
|
||||
s.cache.Set(reply)
|
||||
|
||||
return reply, &res, upstream, nil
|
||||
}
|
||||
|
||||
func (s *Server) handlePacket(p []byte, addr net.Addr, conn *net.UDPConn) {
|
||||
// handleDNSRequest filters the incoming DNS requests and writes them to the query log
|
||||
func (s *Server) handleDNSRequest(p *proxy.Proxy, d *proxy.DNSContext) error {
|
||||
start := time.Now()
|
||||
ip, _, err := net.SplitHostPort(addr.String())
|
||||
|
||||
// use dnsfilter before cache -- changed settings or filters would require cache invalidation otherwise
|
||||
res, err := s.filterDNSRequest(d)
|
||||
if err != nil {
|
||||
log.Printf("Failed to split %v into host/port: %s", addr, err)
|
||||
// not a fatal error, move on
|
||||
return err
|
||||
}
|
||||
|
||||
// ratelimit based on IP only, protects CPU cycles and outbound connections
|
||||
if s.isRatelimited(ip) {
|
||||
// log.Printf("Ratelimiting %s based on IP only", ip)
|
||||
return // do nothing, don't reply, we got ratelimited
|
||||
}
|
||||
|
||||
msg := &dns.Msg{}
|
||||
err = msg.Unpack(p)
|
||||
if d.Res == nil {
|
||||
// request was not filtered so let it be processed further
|
||||
err = p.Resolve(d)
|
||||
if err != nil {
|
||||
log.Printf("got invalid DNS packet: %s", err)
|
||||
return // do nothing
|
||||
}
|
||||
|
||||
reply, result, upstream, err := s.handlePacketInternal(msg, addr, conn)
|
||||
|
||||
if reply != nil {
|
||||
// ratelimit based on reply size now
|
||||
replysize := reply.Len()
|
||||
if s.isRatelimitedForReply(ip, replysize) {
|
||||
log.Printf("Ratelimiting %s based on IP and size %d", ip, replysize)
|
||||
return // do nothing, don't reply, we got ratelimited
|
||||
}
|
||||
|
||||
// we're good to respond
|
||||
rerr := s.respond(reply, addr, conn)
|
||||
if rerr != nil {
|
||||
log.Printf("Couldn't respond to UDP packet: %s", err)
|
||||
return err
|
||||
}
|
||||
}
|
||||
|
||||
//
|
||||
// query logging and stats counters
|
||||
//
|
||||
|
||||
shouldLog := true
|
||||
msg := d.Req
|
||||
|
||||
// don't log ANY request if refuseAny is enabled
|
||||
if len(msg.Question) >= 1 && msg.Question[0].Qtype == dns.TypeANY && s.RefuseAny {
|
||||
|
@ -530,35 +249,64 @@ func (s *Server) handlePacket(p []byte, addr net.Addr, conn *net.UDPConn) {
|
|||
if s.QueryLogEnabled && shouldLog {
|
||||
elapsed := time.Since(start)
|
||||
upstreamAddr := ""
|
||||
if upstream != nil {
|
||||
upstreamAddr = upstream.Address()
|
||||
if d.Upstream != nil {
|
||||
upstreamAddr = d.Upstream.Address()
|
||||
}
|
||||
logRequest(msg, reply, result, elapsed, ip, upstreamAddr)
|
||||
logRequest(msg, d.Res, res, elapsed, d.Addr.String(), upstreamAddr)
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
//
|
||||
// packet sending functions
|
||||
//
|
||||
// filterDNSRequest applies the dnsFilter and sets d.Res if the request was filtered
|
||||
func (s *Server) filterDNSRequest(d *proxy.DNSContext) (*dnsfilter.Result, error) {
|
||||
msg := d.Req
|
||||
host := strings.TrimSuffix(msg.Question[0].Name, ".")
|
||||
|
||||
func (s *Server) respond(resp *dns.Msg, addr net.Addr, conn *net.UDPConn) error {
|
||||
// log.Printf("Replying to %s with %s", addr, resp)
|
||||
resp.Compress = true
|
||||
bytes, err := resp.Pack()
|
||||
s.RLock()
|
||||
protectionEnabled := s.ProtectionEnabled
|
||||
dnsFilter := s.dnsFilter
|
||||
s.RUnlock()
|
||||
|
||||
if !protectionEnabled {
|
||||
return nil, nil
|
||||
}
|
||||
|
||||
var res dnsfilter.Result
|
||||
var err error
|
||||
|
||||
res, err = dnsFilter.CheckHost(host)
|
||||
if err != nil {
|
||||
return errorx.Decorate(err, "Couldn't convert message into wire format")
|
||||
// Return immediately if there's an error
|
||||
return nil, errorx.Decorate(err, "dnsfilter failed to check host '%s'", host)
|
||||
} else if res.IsFiltered {
|
||||
log.Debugf("Host %s is filtered, reason - '%s', matched rule: '%s'", host, res.Reason, res.Rule)
|
||||
d.Res = s.genDNSFilterMessage(d, &res)
|
||||
}
|
||||
n, err := conn.WriteTo(bytes, addr)
|
||||
if n == 0 && isConnClosed(err) {
|
||||
return err
|
||||
|
||||
return &res, err
|
||||
}
|
||||
|
||||
// genDNSFilterMessage generates a DNS message corresponding to the filtering result
|
||||
func (s *Server) genDNSFilterMessage(d *proxy.DNSContext, result *dnsfilter.Result) *dns.Msg {
|
||||
m := d.Req
|
||||
|
||||
if m.Question[0].Qtype != dns.TypeA {
|
||||
return s.genNXDomain(m)
|
||||
}
|
||||
if n != len(bytes) {
|
||||
return fmt.Errorf("WriteTo() returned with %d != %d", n, len(bytes))
|
||||
|
||||
switch result.Reason {
|
||||
case dnsfilter.FilteredSafeBrowsing:
|
||||
return s.genBlockedHost(m, safeBrowsingBlockHost, d.Upstream)
|
||||
case dnsfilter.FilteredParental:
|
||||
return s.genBlockedHost(m, parentalBlockHost, d.Upstream)
|
||||
default:
|
||||
if result.Ip != nil {
|
||||
return s.genARecord(m, result.Ip)
|
||||
}
|
||||
if err != nil {
|
||||
return errorx.Decorate(err, "WriteTo() returned error")
|
||||
|
||||
return s.genNXDomain(m)
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
func (s *Server) genServerFailure(request *dns.Msg) *dns.Msg {
|
||||
|
@ -568,29 +316,19 @@ func (s *Server) genServerFailure(request *dns.Msg) *dns.Msg {
|
|||
return &resp
|
||||
}
|
||||
|
||||
func (s *Server) genNotImpl(request *dns.Msg) *dns.Msg {
|
||||
resp := dns.Msg{}
|
||||
resp.SetRcode(request, dns.RcodeNotImplemented)
|
||||
resp.RecursionAvailable = true
|
||||
resp.SetEdns0(1452, false) // NOTIMPL without EDNS is treated as 'we don't support EDNS', so explicitly set it
|
||||
return &resp
|
||||
}
|
||||
|
||||
func (s *Server) genArecord(request *dns.Msg, newAddr string, upstream Upstream) *dns.Msg {
|
||||
addr := net.ParseIP(newAddr)
|
||||
if addr != nil {
|
||||
// this is an IP address, return it
|
||||
func (s *Server) genARecord(request *dns.Msg, ip net.IP) *dns.Msg {
|
||||
resp := dns.Msg{}
|
||||
resp.SetReply(request)
|
||||
answer, err := dns.NewRR(fmt.Sprintf("%s %d A %s", request.Question[0].Name, s.BlockedResponseTTL, newAddr))
|
||||
answer, err := dns.NewRR(fmt.Sprintf("%s %d A %s", request.Question[0].Name, s.BlockedResponseTTL, ip.String()))
|
||||
if err != nil {
|
||||
log.Printf("Couldn't generate A record for up replacement host '%s': %s", newAddr, err)
|
||||
log.Warnf("Couldn't generate A record for up replacement host '%s': %s", ip.String(), err)
|
||||
return s.genServerFailure(request)
|
||||
}
|
||||
resp.Answer = append(resp.Answer, answer)
|
||||
return &resp
|
||||
}
|
||||
}
|
||||
|
||||
func (s *Server) genBlockedHost(request *dns.Msg, newAddr string, upstream upstream.Upstream) *dns.Msg {
|
||||
// look up the hostname, TODO: cache
|
||||
replReq := dns.Msg{}
|
||||
replReq.SetQuestion(dns.Fqdn(newAddr), request.Question[0].Qtype)
|
||||
|
|
|
@ -3,6 +3,9 @@ package dnsforward
|
|||
import (
|
||||
"net"
|
||||
"testing"
|
||||
"time"
|
||||
|
||||
"github.com/AdguardTeam/AdGuardHome/dnsfilter"
|
||||
|
||||
"github.com/miekg/dns"
|
||||
)
|
||||
|
@ -14,12 +17,9 @@ func TestServer(t *testing.T) {
|
|||
if err != nil {
|
||||
t.Fatalf("Failed to start server: %s", err)
|
||||
}
|
||||
if s.udpListen == nil {
|
||||
t.Fatal("Started server has nil udpListen")
|
||||
}
|
||||
|
||||
// server is running, send a message
|
||||
addr := s.udpListen.LocalAddr()
|
||||
addr := s.dnsProxy.Addr("udp")
|
||||
req := dns.Msg{}
|
||||
req.Id = dns.Id()
|
||||
req.RecursionDesired = true
|
||||
|
@ -44,6 +44,171 @@ func TestServer(t *testing.T) {
|
|||
|
||||
err = s.Stop()
|
||||
if err != nil {
|
||||
t.Fatalf("DNS server %s failed to stop: %s", addr, err)
|
||||
t.Fatalf("DNS server failed to stop: %s", err)
|
||||
}
|
||||
}
|
||||
|
||||
func TestInvalidRequest(t *testing.T) {
|
||||
s := Server{}
|
||||
s.UDPListenAddr = &net.UDPAddr{Port: 0}
|
||||
err := s.Start(nil)
|
||||
if err != nil {
|
||||
t.Fatalf("Failed to start server: %s", err)
|
||||
}
|
||||
|
||||
// server is running, send a message
|
||||
addr := s.dnsProxy.Addr("udp")
|
||||
req := dns.Msg{}
|
||||
req.Id = dns.Id()
|
||||
req.RecursionDesired = true
|
||||
|
||||
// send a DNS request without question
|
||||
client := dns.Client{Net: "udp", Timeout: 500 * time.Millisecond}
|
||||
_, _, err = client.Exchange(&req, addr.String())
|
||||
if err != nil {
|
||||
t.Fatalf("got a response to an invalid query")
|
||||
}
|
||||
|
||||
err = s.Stop()
|
||||
if err != nil {
|
||||
t.Fatalf("DNS server failed to stop: %s", err)
|
||||
}
|
||||
}
|
||||
|
||||
func TestBlockedRequest(t *testing.T) {
|
||||
s := createTestServer()
|
||||
err := s.Start(nil)
|
||||
if err != nil {
|
||||
t.Fatalf("Failed to start server: %s", err)
|
||||
}
|
||||
addr := s.dnsProxy.Addr("udp")
|
||||
|
||||
//
|
||||
// NXDomain blocking
|
||||
//
|
||||
req := dns.Msg{}
|
||||
req.Id = dns.Id()
|
||||
req.RecursionDesired = true
|
||||
req.Question = []dns.Question{
|
||||
{Name: "nxdomain.example.org.", Qtype: dns.TypeA, Qclass: dns.ClassINET},
|
||||
}
|
||||
|
||||
reply, err := dns.Exchange(&req, addr.String())
|
||||
if err != nil {
|
||||
t.Fatalf("Couldn't talk to server %s: %s", addr, err)
|
||||
}
|
||||
if reply.Rcode != dns.RcodeNameError {
|
||||
t.Fatalf("Wrong response: %s", reply.String())
|
||||
}
|
||||
|
||||
err = s.Stop()
|
||||
if err != nil {
|
||||
t.Fatalf("DNS server failed to stop: %s", err)
|
||||
}
|
||||
}
|
||||
|
||||
func TestBlockedByHosts(t *testing.T) {
|
||||
s := createTestServer()
|
||||
err := s.Start(nil)
|
||||
if err != nil {
|
||||
t.Fatalf("Failed to start server: %s", err)
|
||||
}
|
||||
addr := s.dnsProxy.Addr("udp")
|
||||
|
||||
//
|
||||
// Hosts blocking
|
||||
//
|
||||
req := dns.Msg{}
|
||||
req.Id = dns.Id()
|
||||
req.RecursionDesired = true
|
||||
req.Question = []dns.Question{
|
||||
{Name: "host.example.org.", Qtype: dns.TypeA, Qclass: dns.ClassINET},
|
||||
}
|
||||
|
||||
reply, err := dns.Exchange(&req, addr.String())
|
||||
if err != nil {
|
||||
t.Fatalf("Couldn't talk to server %s: %s", addr, err)
|
||||
}
|
||||
if len(reply.Answer) != 1 {
|
||||
t.Fatalf("DNS server %s returned reply with wrong number of answers - %d", addr, len(reply.Answer))
|
||||
}
|
||||
if a, ok := reply.Answer[0].(*dns.A); ok {
|
||||
if !net.IPv4(127, 0, 0, 1).Equal(a.A) {
|
||||
t.Fatalf("DNS server %s returned wrong answer instead of 8.8.8.8: %v", addr, a.A)
|
||||
}
|
||||
} else {
|
||||
t.Fatalf("DNS server %s returned wrong answer type instead of A: %v", addr, reply.Answer[0])
|
||||
}
|
||||
|
||||
err = s.Stop()
|
||||
if err != nil {
|
||||
t.Fatalf("DNS server failed to stop: %s", err)
|
||||
}
|
||||
}
|
||||
|
||||
func TestBlockedBySafeBrowsing(t *testing.T) {
|
||||
s := createTestServer()
|
||||
err := s.Start(nil)
|
||||
if err != nil {
|
||||
t.Fatalf("Failed to start server: %s", err)
|
||||
}
|
||||
addr := s.dnsProxy.Addr("udp")
|
||||
|
||||
//
|
||||
// Safebrowsing blocking
|
||||
//
|
||||
req := dns.Msg{}
|
||||
req.Id = dns.Id()
|
||||
req.RecursionDesired = true
|
||||
req.Question = []dns.Question{
|
||||
{Name: "wmconvirus.narod.ru.", Qtype: dns.TypeA, Qclass: dns.ClassINET},
|
||||
}
|
||||
reply, err := dns.Exchange(&req, addr.String())
|
||||
if err != nil {
|
||||
t.Fatalf("Couldn't talk to server %s: %s", addr, err)
|
||||
}
|
||||
if len(reply.Answer) != 1 {
|
||||
t.Fatalf("DNS server %s returned reply with wrong number of answers - %d", addr, len(reply.Answer))
|
||||
}
|
||||
if a, ok := reply.Answer[0].(*dns.A); ok {
|
||||
addrs, lookupErr := net.LookupHost(safeBrowsingBlockHost)
|
||||
if lookupErr != nil {
|
||||
t.Fatalf("cannot resolve %s due to %s", safeBrowsingBlockHost, lookupErr)
|
||||
}
|
||||
|
||||
found := false
|
||||
for _, blockAddr := range addrs {
|
||||
if blockAddr == a.A.String() {
|
||||
found = true
|
||||
}
|
||||
}
|
||||
|
||||
if !found {
|
||||
t.Fatalf("DNS server %s returned wrong answer: %v", addr, a.A)
|
||||
}
|
||||
} else {
|
||||
t.Fatalf("DNS server %s returned wrong answer type instead of A: %v", addr, reply.Answer[0])
|
||||
}
|
||||
|
||||
err = s.Stop()
|
||||
if err != nil {
|
||||
t.Fatalf("DNS server failed to stop: %s", err)
|
||||
}
|
||||
}
|
||||
|
||||
func createTestServer() *Server {
|
||||
s := Server{}
|
||||
s.UDPListenAddr = &net.UDPAddr{Port: 0}
|
||||
s.FilteringConfig.FilteringEnabled = true
|
||||
s.FilteringConfig.ProtectionEnabled = true
|
||||
s.FilteringConfig.SafeBrowsingEnabled = true
|
||||
s.Filters = make([]dnsfilter.Filter, 0)
|
||||
|
||||
rules := []string{
|
||||
"||nxdomain.example.org^",
|
||||
"127.0.0.1 host.example.org",
|
||||
}
|
||||
filter := dnsfilter.Filter{ID: 1, Rules: rules}
|
||||
s.Filters = append(s.Filters, filter)
|
||||
return &s
|
||||
}
|
||||
|
|
|
@ -1,50 +0,0 @@
|
|||
package dnsforward
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
"net"
|
||||
"os"
|
||||
"path"
|
||||
"runtime"
|
||||
"strings"
|
||||
)
|
||||
|
||||
func isConnClosed(err error) bool {
|
||||
if err == nil {
|
||||
return false
|
||||
}
|
||||
nerr, ok := err.(*net.OpError)
|
||||
if !ok {
|
||||
return false
|
||||
}
|
||||
|
||||
if strings.Contains(nerr.Err.Error(), "use of closed network connection") {
|
||||
return true
|
||||
}
|
||||
|
||||
return false
|
||||
}
|
||||
|
||||
// ---------------------
|
||||
// debug logging helpers
|
||||
// ---------------------
|
||||
func _Func() string {
|
||||
pc := make([]uintptr, 10) // at least 1 entry needed
|
||||
runtime.Callers(2, pc)
|
||||
f := runtime.FuncForPC(pc[0])
|
||||
return path.Base(f.Name())
|
||||
}
|
||||
|
||||
func trace(format string, args ...interface{}) {
|
||||
pc := make([]uintptr, 10) // at least 1 entry needed
|
||||
runtime.Callers(2, pc)
|
||||
f := runtime.FuncForPC(pc[0])
|
||||
var buf strings.Builder
|
||||
buf.WriteString(fmt.Sprintf("%s(): ", path.Base(f.Name())))
|
||||
text := fmt.Sprintf(format, args...)
|
||||
buf.WriteString(text)
|
||||
if len(text) == 0 || text[len(text)-1] != '\n' {
|
||||
buf.WriteRune('\n')
|
||||
}
|
||||
fmt.Fprint(os.Stderr, buf.String())
|
||||
}
|
|
@ -3,7 +3,6 @@ package dnsforward
|
|||
import (
|
||||
"encoding/json"
|
||||
"fmt"
|
||||
"log"
|
||||
"net/http"
|
||||
"strconv"
|
||||
"strings"
|
||||
|
@ -12,6 +11,7 @@ import (
|
|||
|
||||
"github.com/AdguardTeam/AdGuardHome/dnsfilter"
|
||||
"github.com/miekg/dns"
|
||||
log "github.com/sirupsen/logrus"
|
||||
)
|
||||
|
||||
const (
|
||||
|
@ -53,6 +53,7 @@ func logRequest(question *dns.Msg, answer *dns.Msg, result *dnsfilter.Result, el
|
|||
return
|
||||
}
|
||||
}
|
||||
|
||||
if answer != nil {
|
||||
a, err = answer.Pack()
|
||||
if err != nil {
|
||||
|
|
|
@ -5,11 +5,12 @@ import (
|
|||
"compress/gzip"
|
||||
"encoding/json"
|
||||
"fmt"
|
||||
"log"
|
||||
"os"
|
||||
"sync"
|
||||
"time"
|
||||
|
||||
log "github.com/sirupsen/logrus"
|
||||
|
||||
"github.com/go-test/deep"
|
||||
)
|
||||
|
||||
|
@ -191,15 +192,12 @@ func genericLoader(onEntry func(entry *logEntry) error, needMore func() bool, ti
|
|||
var d *json.Decoder
|
||||
|
||||
if enableGzip {
|
||||
trace("Creating gzip reader")
|
||||
zr, err := gzip.NewReader(f)
|
||||
if err != nil {
|
||||
log.Printf("Failed to create gzip reader: %s", err)
|
||||
continue
|
||||
}
|
||||
defer zr.Close()
|
||||
|
||||
trace("Creating json decoder")
|
||||
d = json.NewDecoder(zr)
|
||||
} else {
|
||||
d = json.NewDecoder(f)
|
||||
|
|
|
@ -3,7 +3,6 @@ package dnsforward
|
|||
import (
|
||||
"bytes"
|
||||
"fmt"
|
||||
"log"
|
||||
"net/http"
|
||||
"os"
|
||||
"path"
|
||||
|
@ -14,6 +13,8 @@ import (
|
|||
"sync"
|
||||
"time"
|
||||
|
||||
log "github.com/sirupsen/logrus"
|
||||
|
||||
"github.com/bluele/gcache"
|
||||
"github.com/miekg/dns"
|
||||
)
|
||||
|
|
|
@ -1,80 +0,0 @@
|
|||
package dnsforward
|
||||
|
||||
import (
|
||||
"log"
|
||||
"sort"
|
||||
"time"
|
||||
|
||||
"github.com/beefsack/go-rate"
|
||||
gocache "github.com/patrickmn/go-cache"
|
||||
)
|
||||
|
||||
func (s *Server) limiterForIP(ip string) interface{} {
|
||||
if s.ratelimitBuckets == nil {
|
||||
s.ratelimitBuckets = gocache.New(time.Hour, time.Hour)
|
||||
}
|
||||
|
||||
// check if ratelimiter for that IP already exists, if not, create
|
||||
value, found := s.ratelimitBuckets.Get(ip)
|
||||
if !found {
|
||||
value = rate.New(s.Ratelimit, time.Second)
|
||||
s.ratelimitBuckets.Set(ip, value, time.Hour)
|
||||
}
|
||||
|
||||
return value
|
||||
}
|
||||
|
||||
func (s *Server) isRatelimited(ip string) bool {
|
||||
if s.Ratelimit == 0 { // 0 -- disabled
|
||||
return false
|
||||
}
|
||||
if len(s.RatelimitWhitelist) > 0 {
|
||||
i := sort.SearchStrings(s.RatelimitWhitelist, ip)
|
||||
|
||||
if i < len(s.RatelimitWhitelist) && s.RatelimitWhitelist[i] == ip {
|
||||
// found, don't ratelimit
|
||||
return false
|
||||
}
|
||||
}
|
||||
|
||||
value := s.limiterForIP(ip)
|
||||
rl, ok := value.(*rate.RateLimiter)
|
||||
if !ok {
|
||||
log.Println("SHOULD NOT HAPPEN: non-bool entry found in safebrowsing lookup cache")
|
||||
return false
|
||||
}
|
||||
|
||||
allow, _ := rl.Try()
|
||||
return !allow
|
||||
}
|
||||
|
||||
func (s *Server) isRatelimitedForReply(ip string, size int) bool {
|
||||
if s.Ratelimit == 0 { // 0 -- disabled
|
||||
return false
|
||||
}
|
||||
if len(s.RatelimitWhitelist) > 0 {
|
||||
i := sort.SearchStrings(s.RatelimitWhitelist, ip)
|
||||
|
||||
if i < len(s.RatelimitWhitelist) && s.RatelimitWhitelist[i] == ip {
|
||||
// found, don't ratelimit
|
||||
return false
|
||||
}
|
||||
}
|
||||
|
||||
value := s.limiterForIP(ip)
|
||||
rl, ok := value.(*rate.RateLimiter)
|
||||
if !ok {
|
||||
log.Println("SHOULD NOT HAPPEN: non-bool entry found in safebrowsing lookup cache")
|
||||
return false
|
||||
}
|
||||
|
||||
// For large UDP responses we try more times, effectively limiting per bandwidth
|
||||
// The exact number of times depends on the response size
|
||||
for i := 0; i < size/1000; i++ {
|
||||
allow, _ := rl.Try()
|
||||
if !allow { // not allowed -> ratelimited
|
||||
return true
|
||||
}
|
||||
}
|
||||
return false
|
||||
}
|
|
@ -1,42 +0,0 @@
|
|||
package dnsforward
|
||||
|
||||
import (
|
||||
"testing"
|
||||
)
|
||||
|
||||
func TestRatelimiting(t *testing.T) {
|
||||
// rate limit is 1 per sec
|
||||
p := Server{}
|
||||
p.Ratelimit = 1
|
||||
|
||||
limited := p.isRatelimited("127.0.0.1")
|
||||
|
||||
if limited {
|
||||
t.Fatal("First request must have been allowed")
|
||||
}
|
||||
|
||||
limited = p.isRatelimited("127.0.0.1")
|
||||
|
||||
if !limited {
|
||||
t.Fatal("Second request must have been ratelimited")
|
||||
}
|
||||
}
|
||||
|
||||
func TestWhitelist(t *testing.T) {
|
||||
// rate limit is 1 per sec with whitelist
|
||||
p := Server{}
|
||||
p.Ratelimit = 1
|
||||
p.RatelimitWhitelist = []string{"127.0.0.1", "127.0.0.2", "127.0.0.125"}
|
||||
|
||||
limited := p.isRatelimited("127.0.0.1")
|
||||
|
||||
if limited {
|
||||
t.Fatal("First request must have been allowed")
|
||||
}
|
||||
|
||||
limited = p.isRatelimited("127.0.0.1")
|
||||
|
||||
if limited {
|
||||
t.Fatal("Second request must have been allowed due to whitelist")
|
||||
}
|
||||
}
|
|
@ -1 +0,0 @@
|
|||
/standalone
|
|
@ -1,51 +0,0 @@
|
|||
package main
|
||||
|
||||
import (
|
||||
"log"
|
||||
"net"
|
||||
"net/http"
|
||||
_ "net/http/pprof"
|
||||
"os"
|
||||
"os/signal"
|
||||
"runtime"
|
||||
"syscall"
|
||||
"time"
|
||||
|
||||
"github.com/AdguardTeam/AdGuardHome/dnsforward"
|
||||
)
|
||||
|
||||
//
|
||||
// main function
|
||||
//
|
||||
func main() {
|
||||
go func() {
|
||||
log.Println(http.ListenAndServe("localhost:6060", nil))
|
||||
}()
|
||||
go func() {
|
||||
for range time.Tick(time.Second) {
|
||||
log.Printf("goroutines = %d", runtime.NumGoroutine())
|
||||
}
|
||||
}()
|
||||
s := dnsforward.Server{}
|
||||
err := s.Start(nil)
|
||||
if err != nil {
|
||||
panic(err)
|
||||
}
|
||||
time.Sleep(time.Second)
|
||||
err = s.Stop()
|
||||
if err != nil {
|
||||
panic(err)
|
||||
}
|
||||
err = s.Start(&dnsforward.ServerConfig{UDPListenAddr: &net.UDPAddr{Port: 53535}})
|
||||
if err != nil {
|
||||
panic(err)
|
||||
}
|
||||
err = s.Reconfigure(dnsforward.ServerConfig{UDPListenAddr: &net.UDPAddr{Port: 53, IP: net.ParseIP("0.0.0.0")}})
|
||||
if err != nil {
|
||||
panic(err)
|
||||
}
|
||||
log.Printf("Now serving DNS")
|
||||
signal_channel := make(chan os.Signal)
|
||||
signal.Notify(signal_channel, syscall.SIGINT, syscall.SIGTERM)
|
||||
<-signal_channel
|
||||
}
|
|
@ -3,11 +3,12 @@ package dnsforward
|
|||
import (
|
||||
"encoding/json"
|
||||
"fmt"
|
||||
"log"
|
||||
"net/http"
|
||||
"sync"
|
||||
"time"
|
||||
|
||||
log "github.com/sirupsen/logrus"
|
||||
|
||||
"github.com/AdguardTeam/AdGuardHome/dnsfilter"
|
||||
)
|
||||
|
||||
|
|
|
@ -1,313 +0,0 @@
|
|||
package dnsforward
|
||||
|
||||
import (
|
||||
"bytes"
|
||||
"fmt"
|
||||
"io/ioutil"
|
||||
"log"
|
||||
"math/rand"
|
||||
"net"
|
||||
"net/http"
|
||||
"net/url"
|
||||
"strings"
|
||||
"sync"
|
||||
"time"
|
||||
|
||||
"github.com/jedisct1/go-dnsstamps"
|
||||
|
||||
"github.com/ameshkov/dnscrypt"
|
||||
"github.com/joomcode/errorx"
|
||||
"github.com/miekg/dns"
|
||||
)
|
||||
|
||||
const defaultTimeout = time.Second * 10
|
||||
|
||||
type Upstream interface {
|
||||
Exchange(m *dns.Msg) (*dns.Msg, error)
|
||||
Address() string
|
||||
}
|
||||
|
||||
//
|
||||
// plain DNS
|
||||
//
|
||||
type plainDNS struct {
|
||||
boot bootstrapper
|
||||
preferTCP bool
|
||||
}
|
||||
|
||||
var defaultUDPClient = dns.Client{
|
||||
Timeout: defaultTimeout,
|
||||
UDPSize: dns.MaxMsgSize,
|
||||
}
|
||||
|
||||
var defaultTCPClient = dns.Client{
|
||||
Net: "tcp",
|
||||
UDPSize: dns.MaxMsgSize,
|
||||
Timeout: defaultTimeout,
|
||||
}
|
||||
|
||||
// Address returns the original address that we've put in initially, not resolved one
|
||||
func (p *plainDNS) Address() string { return p.boot.address }
|
||||
|
||||
func (p *plainDNS) Exchange(m *dns.Msg) (*dns.Msg, error) {
|
||||
addr, _, err := p.boot.get()
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
if p.preferTCP {
|
||||
reply, _, err := defaultTCPClient.Exchange(m, addr)
|
||||
return reply, err
|
||||
}
|
||||
|
||||
reply, _, err := defaultUDPClient.Exchange(m, addr)
|
||||
if err != nil && reply != nil && reply.Truncated {
|
||||
log.Printf("Truncated message was received, retrying over TCP, question: %s", m.Question[0].String())
|
||||
reply, _, err = defaultTCPClient.Exchange(m, addr)
|
||||
}
|
||||
|
||||
return reply, err
|
||||
}
|
||||
|
||||
//
|
||||
// DNS-over-TLS
|
||||
//
|
||||
type dnsOverTLS struct {
|
||||
boot bootstrapper
|
||||
pool *TLSPool
|
||||
|
||||
sync.RWMutex // protects pool
|
||||
}
|
||||
|
||||
func (p *dnsOverTLS) Address() string { return p.boot.address }
|
||||
|
||||
func (p *dnsOverTLS) Exchange(m *dns.Msg) (*dns.Msg, error) {
|
||||
var pool *TLSPool
|
||||
p.RLock()
|
||||
pool = p.pool
|
||||
p.RUnlock()
|
||||
if pool == nil {
|
||||
p.Lock()
|
||||
// lazy initialize it
|
||||
p.pool = &TLSPool{boot: &p.boot}
|
||||
p.Unlock()
|
||||
}
|
||||
|
||||
p.RLock()
|
||||
poolConn, err := p.pool.Get()
|
||||
p.RUnlock()
|
||||
if err != nil {
|
||||
return nil, errorx.Decorate(err, "Failed to get a connection from TLSPool to %s", p.Address())
|
||||
}
|
||||
c := dns.Conn{Conn: poolConn}
|
||||
err = c.WriteMsg(m)
|
||||
if err != nil {
|
||||
poolConn.Close()
|
||||
return nil, errorx.Decorate(err, "Failed to send a request to %s", p.Address())
|
||||
}
|
||||
|
||||
reply, err := c.ReadMsg()
|
||||
if err != nil {
|
||||
poolConn.Close()
|
||||
return nil, errorx.Decorate(err, "Failed to read a request from %s", p.Address())
|
||||
}
|
||||
p.RLock()
|
||||
p.pool.Put(poolConn)
|
||||
p.RUnlock()
|
||||
return reply, nil
|
||||
}
|
||||
|
||||
//
|
||||
// DNS-over-https
|
||||
//
|
||||
type dnsOverHTTPS struct {
|
||||
boot bootstrapper
|
||||
}
|
||||
|
||||
func (p *dnsOverHTTPS) Address() string { return p.boot.address }
|
||||
|
||||
func (p *dnsOverHTTPS) Exchange(m *dns.Msg) (*dns.Msg, error) {
|
||||
addr, tlsConfig, err := p.boot.get()
|
||||
if err != nil {
|
||||
return nil, errorx.Decorate(err, "Couldn't bootstrap %s", p.boot.address)
|
||||
}
|
||||
|
||||
buf, err := m.Pack()
|
||||
if err != nil {
|
||||
return nil, errorx.Decorate(err, "Couldn't pack request msg")
|
||||
}
|
||||
bb := bytes.NewBuffer(buf)
|
||||
|
||||
// set up a custom request with custom URL
|
||||
url, err := url.Parse(p.boot.address)
|
||||
if err != nil {
|
||||
return nil, errorx.Decorate(err, "Couldn't parse URL %s", p.boot.address)
|
||||
}
|
||||
req := http.Request{
|
||||
Method: "POST",
|
||||
URL: url,
|
||||
Body: ioutil.NopCloser(bb),
|
||||
Header: make(http.Header),
|
||||
Host: url.Host,
|
||||
}
|
||||
url.Host = addr
|
||||
req.Header.Set("Content-Type", "application/dns-message")
|
||||
client := http.Client{
|
||||
Transport: &http.Transport{TLSClientConfig: tlsConfig},
|
||||
}
|
||||
resp, err := client.Do(&req)
|
||||
if resp != nil && resp.Body != nil {
|
||||
defer resp.Body.Close()
|
||||
}
|
||||
if err != nil {
|
||||
return nil, errorx.Decorate(err, "Couldn't do a POST request to '%s'", addr)
|
||||
}
|
||||
|
||||
body, err := ioutil.ReadAll(resp.Body)
|
||||
if err != nil {
|
||||
return nil, errorx.Decorate(err, "Couldn't read body contents for '%s'", addr)
|
||||
}
|
||||
if resp.StatusCode != http.StatusOK {
|
||||
return nil, fmt.Errorf("Got an unexpected HTTP status code %d from '%s'", resp.StatusCode, addr)
|
||||
}
|
||||
if len(body) == 0 {
|
||||
return nil, fmt.Errorf("Got an unexpected empty body from '%s'", addr)
|
||||
}
|
||||
response := dns.Msg{}
|
||||
err = response.Unpack(body)
|
||||
if err != nil {
|
||||
return nil, errorx.Decorate(err, "Couldn't unpack DNS response from '%s': body is %s", addr, string(body))
|
||||
}
|
||||
return &response, nil
|
||||
}
|
||||
|
||||
//
|
||||
// DNSCrypt
|
||||
//
|
||||
type dnsCrypt struct {
|
||||
boot bootstrapper
|
||||
client *dnscrypt.Client // DNSCrypt client properties
|
||||
serverInfo *dnscrypt.ServerInfo // DNSCrypt server info
|
||||
|
||||
sync.RWMutex // protects DNSCrypt client
|
||||
}
|
||||
|
||||
func (p *dnsCrypt) Address() string { return p.boot.address }
|
||||
|
||||
func (p *dnsCrypt) Exchange(m *dns.Msg) (*dns.Msg, error) {
|
||||
|
||||
var client *dnscrypt.Client
|
||||
var serverInfo *dnscrypt.ServerInfo
|
||||
|
||||
p.RLock()
|
||||
client = p.client
|
||||
serverInfo = p.serverInfo
|
||||
p.RUnlock()
|
||||
|
||||
now := uint32(time.Now().Unix())
|
||||
if client == nil || serverInfo == nil || (serverInfo != nil && serverInfo.ServerCert.NotAfter < now) {
|
||||
p.Lock()
|
||||
|
||||
// Using "udp" for DNSCrypt upstreams by default
|
||||
client = &dnscrypt.Client{Timeout: defaultTimeout, AdjustPayloadSize: true}
|
||||
si, _, err := client.Dial(p.boot.address)
|
||||
|
||||
if err != nil {
|
||||
p.Unlock()
|
||||
return nil, errorx.Decorate(err, "Failed to fetch certificate info from %s", p.Address())
|
||||
}
|
||||
|
||||
p.client = client
|
||||
p.serverInfo = si
|
||||
serverInfo = si
|
||||
p.Unlock()
|
||||
}
|
||||
|
||||
reply, _, err := client.Exchange(m, serverInfo)
|
||||
|
||||
if err, ok := err.(net.Error); ok && err.Timeout() {
|
||||
// If request times out, it is possible that the server configuration has been changed.
|
||||
// It is safe to assume that the key was rotated (for instance, as it is described here: https://dnscrypt.pl/2017/02/26/how-key-rotation-is-automated/).
|
||||
// We should re-fetch the server certificate info so that the new requests were not failing.
|
||||
p.Lock()
|
||||
p.client = nil
|
||||
p.serverInfo = nil
|
||||
p.Unlock()
|
||||
}
|
||||
|
||||
return reply, err
|
||||
}
|
||||
|
||||
func (s *Server) chooseUpstream() Upstream {
|
||||
upstreams := s.Upstreams
|
||||
if upstreams == nil {
|
||||
upstreams = defaultValues.Upstreams
|
||||
}
|
||||
if len(upstreams) == 0 {
|
||||
panic("SHOULD NOT HAPPEN: no default upstreams specified")
|
||||
}
|
||||
if len(upstreams) == 1 {
|
||||
return upstreams[0]
|
||||
}
|
||||
n := rand.Intn(len(upstreams))
|
||||
upstream := upstreams[n]
|
||||
return upstream
|
||||
}
|
||||
|
||||
func AddressToUpstream(address string, bootstrap string) (Upstream, error) {
|
||||
if strings.Contains(address, "://") {
|
||||
url, err := url.Parse(address)
|
||||
if err != nil {
|
||||
return nil, errorx.Decorate(err, "Failed to parse %s", address)
|
||||
}
|
||||
switch url.Scheme {
|
||||
case "sdns":
|
||||
stamp, err := dnsstamps.NewServerStampFromString(address)
|
||||
if err != nil {
|
||||
return nil, errorx.Decorate(err, "Failed to parse %s", address)
|
||||
}
|
||||
|
||||
switch stamp.Proto {
|
||||
case dnsstamps.StampProtoTypeDNSCrypt:
|
||||
return &dnsCrypt{boot: toBoot(url.String(), bootstrap)}, nil
|
||||
case dnsstamps.StampProtoTypeDoH:
|
||||
return AddressToUpstream(fmt.Sprintf("https://%s%s", stamp.ProviderName, stamp.Path), bootstrap)
|
||||
}
|
||||
|
||||
return nil, fmt.Errorf("Unsupported protocol %v in %s", stamp.Proto, address)
|
||||
case "dns":
|
||||
if url.Port() == "" {
|
||||
url.Host += ":53"
|
||||
}
|
||||
return &plainDNS{boot: toBoot(url.Host, bootstrap)}, nil
|
||||
case "tcp":
|
||||
if url.Port() == "" {
|
||||
url.Host += ":53"
|
||||
}
|
||||
return &plainDNS{boot: toBoot(url.Host, bootstrap), preferTCP: true}, nil
|
||||
case "tls":
|
||||
if url.Port() == "" {
|
||||
url.Host += ":853"
|
||||
}
|
||||
return &dnsOverTLS{boot: toBoot(url.String(), bootstrap)}, nil
|
||||
case "https":
|
||||
if url.Port() == "" {
|
||||
url.Host += ":443"
|
||||
}
|
||||
return &dnsOverHTTPS{boot: toBoot(url.String(), bootstrap)}, nil
|
||||
default:
|
||||
// assume it's plain DNS
|
||||
if url.Port() == "" {
|
||||
url.Host += ":53"
|
||||
}
|
||||
return &plainDNS{boot: toBoot(url.String(), bootstrap)}, nil
|
||||
}
|
||||
}
|
||||
|
||||
// we don't have scheme in the url, so it's just a plain DNS host:port
|
||||
_, _, err := net.SplitHostPort(address)
|
||||
if err != nil {
|
||||
// doesn't have port, default to 53
|
||||
address = net.JoinHostPort(address, "53")
|
||||
}
|
||||
return &plainDNS{boot: toBoot(address, bootstrap)}, nil
|
||||
}
|
|
@ -1,74 +0,0 @@
|
|||
package dnsforward
|
||||
|
||||
import (
|
||||
"crypto/tls"
|
||||
"net"
|
||||
"sync"
|
||||
|
||||
"github.com/joomcode/errorx"
|
||||
)
|
||||
|
||||
// Upstream TLS pool.
|
||||
//
|
||||
// Example:
|
||||
// pool := TLSPool{Address: "tls://1.1.1.1:853"}
|
||||
// netConn, err := pool.Get()
|
||||
// if err != nil {panic(err)}
|
||||
// c := dns.Conn{Conn: netConn}
|
||||
// q := dns.Msg{}
|
||||
// q.SetQuestion("google.com.", dns.TypeA)
|
||||
// log.Println(q)
|
||||
// err = c.WriteMsg(&q)
|
||||
// if err != nil {panic(err)}
|
||||
// r, err := c.ReadMsg()
|
||||
// if err != nil {panic(err)}
|
||||
// log.Println(r)
|
||||
// pool.Put(c.Conn)
|
||||
type TLSPool struct {
|
||||
boot *bootstrapper
|
||||
|
||||
// connections
|
||||
conns []net.Conn
|
||||
connsMutex sync.Mutex // protects conns
|
||||
}
|
||||
|
||||
func (n *TLSPool) Get() (net.Conn, error) {
|
||||
address, tlsConfig, err := n.boot.get()
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
// get the connection from the slice inside the lock
|
||||
var c net.Conn
|
||||
n.connsMutex.Lock()
|
||||
num := len(n.conns)
|
||||
if num > 0 {
|
||||
last := num - 1
|
||||
c = n.conns[last]
|
||||
n.conns = n.conns[:last]
|
||||
}
|
||||
n.connsMutex.Unlock()
|
||||
|
||||
// if we got connection from the slice, return it
|
||||
if c != nil {
|
||||
// log.Printf("Returning existing connection to %s", host)
|
||||
return c, nil
|
||||
}
|
||||
|
||||
// we'll need a new connection, dial now
|
||||
// log.Printf("Dialing to %s", address)
|
||||
conn, err := tls.Dial("tcp", address, tlsConfig)
|
||||
if err != nil {
|
||||
return nil, errorx.Decorate(err, "Failed to connect to %s", address)
|
||||
}
|
||||
return conn, nil
|
||||
}
|
||||
|
||||
func (n *TLSPool) Put(c net.Conn) {
|
||||
if c == nil {
|
||||
return
|
||||
}
|
||||
n.connsMutex.Lock()
|
||||
n.conns = append(n.conns, c)
|
||||
n.connsMutex.Unlock()
|
||||
}
|
|
@ -1,123 +0,0 @@
|
|||
package dnsforward
|
||||
|
||||
import (
|
||||
"net"
|
||||
"testing"
|
||||
|
||||
"github.com/miekg/dns"
|
||||
)
|
||||
|
||||
func TestUpstreams(t *testing.T) {
|
||||
|
||||
upstreams := []struct {
|
||||
address string
|
||||
bootstrap string
|
||||
}{
|
||||
{
|
||||
address: "8.8.8.8:53",
|
||||
bootstrap: "8.8.8.8:53",
|
||||
},
|
||||
{
|
||||
address: "1.1.1.1",
|
||||
bootstrap: "",
|
||||
},
|
||||
{
|
||||
address: "tcp://1.1.1.1:53",
|
||||
bootstrap: "",
|
||||
},
|
||||
{
|
||||
address: "176.103.130.130:5353",
|
||||
bootstrap: "",
|
||||
},
|
||||
{
|
||||
address: "tls://1.1.1.1",
|
||||
bootstrap: "",
|
||||
},
|
||||
{
|
||||
address: "tls://9.9.9.9:853",
|
||||
bootstrap: "",
|
||||
},
|
||||
{
|
||||
address: "tls://security-filter-dns.cleanbrowsing.org",
|
||||
bootstrap: "8.8.8.8:53",
|
||||
},
|
||||
{
|
||||
address: "tls://adult-filter-dns.cleanbrowsing.org:853",
|
||||
bootstrap: "8.8.8.8:53",
|
||||
},
|
||||
{
|
||||
address: "https://cloudflare-dns.com/dns-query",
|
||||
bootstrap: "8.8.8.8:53",
|
||||
},
|
||||
{
|
||||
address: "https://dns.google.com/experimental",
|
||||
bootstrap: "8.8.8.8:53",
|
||||
},
|
||||
{
|
||||
address: "https://doh.cleanbrowsing.org/doh/security-filter/",
|
||||
bootstrap: "",
|
||||
},
|
||||
{
|
||||
// AdGuard DNS (DNSCrypt)
|
||||
address: "sdns://AQIAAAAAAAAAFDE3Ni4xMDMuMTMwLjEzMDo1NDQzINErR_JS3PLCu_iZEIbq95zkSV2LFsigxDIuUso_OQhzIjIuZG5zY3J5cHQuZGVmYXVsdC5uczEuYWRndWFyZC5jb20",
|
||||
bootstrap: "",
|
||||
},
|
||||
{
|
||||
// Cisco OpenDNS (DNSCrypt)
|
||||
address: "sdns://AQAAAAAAAAAADjIwOC42Ny4yMjAuMjIwILc1EUAgbyJdPivYItf9aR6hwzzI1maNDL4Ev6vKQ_t5GzIuZG5zY3J5cHQtY2VydC5vcGVuZG5zLmNvbQ",
|
||||
bootstrap: "8.8.8.8:53",
|
||||
},
|
||||
{
|
||||
// Cloudflare DNS (DoH)
|
||||
address: "sdns://AgcAAAAAAAAABzEuMC4wLjGgENk8mGSlIfMGXMOlIlCcKvq7AVgcrZxtjon911-ep0cg63Ul-I8NlFj4GplQGb_TTLiczclX57DvMV8Q-JdjgRgSZG5zLmNsb3VkZmxhcmUuY29tCi9kbnMtcXVlcnk",
|
||||
bootstrap: "8.8.8.8:53",
|
||||
},
|
||||
{
|
||||
// doh-cleanbrowsing-security (https://doh.cleanbrowsing.org/doh/security-filter/)
|
||||
address: "sdns://AgMAAAAAAAAAAAAVZG9oLmNsZWFuYnJvd3Npbmcub3JnFS9kb2gvc2VjdXJpdHktZmlsdGVyLw",
|
||||
bootstrap: "8.8.8.8:53",
|
||||
},
|
||||
{
|
||||
// Google (DNS-over-HTTPS)
|
||||
address: "sdns://AgUAAAAAAAAAACAe9iTP_15r07rd8_3b_epWVGfjdymdx-5mdRZvMAzBuQ5kbnMuZ29vZ2xlLmNvbQ0vZXhwZXJpbWVudGFs",
|
||||
bootstrap: "8.8.8.8:53",
|
||||
},
|
||||
}
|
||||
for _, test := range upstreams {
|
||||
|
||||
t.Run(test.address, func(t *testing.T) {
|
||||
u, err := AddressToUpstream(test.address, test.bootstrap)
|
||||
if err != nil {
|
||||
t.Fatalf("Failed to generate upstream from address %s: %s", test.address, err)
|
||||
}
|
||||
|
||||
checkUpstream(t, u, test.address)
|
||||
})
|
||||
}
|
||||
}
|
||||
|
||||
func checkUpstream(t *testing.T, u Upstream, addr string) {
|
||||
t.Helper()
|
||||
|
||||
req := dns.Msg{}
|
||||
req.Id = dns.Id()
|
||||
req.RecursionDesired = true
|
||||
req.Question = []dns.Question{
|
||||
{Name: "google-public-dns-a.google.com.", Qtype: dns.TypeA, Qclass: dns.ClassINET},
|
||||
}
|
||||
|
||||
reply, err := u.Exchange(&req)
|
||||
if err != nil {
|
||||
t.Fatalf("Couldn't talk to upstream %s: %s", addr, err)
|
||||
}
|
||||
if len(reply.Answer) != 1 {
|
||||
t.Fatalf("DNS upstream %s returned reply with wrong number of answers - %d", addr, len(reply.Answer))
|
||||
}
|
||||
if a, ok := reply.Answer[0].(*dns.A); ok {
|
||||
if !net.IPv4(8, 8, 8, 8).Equal(a.A) {
|
||||
t.Fatalf("DNS upstream %s returned wrong answer instead of 8.8.8.8: %v", addr, a.A)
|
||||
}
|
||||
} else {
|
||||
t.Fatalf("DNS upstream %s returned wrong answer type instead of A: %v", addr, reply.Answer[0])
|
||||
}
|
||||
}
|
8
go.mod
8
go.mod
|
@ -1,6 +1,7 @@
|
|||
module github.com/AdguardTeam/AdGuardHome
|
||||
|
||||
require (
|
||||
github.com/AdguardTeam/dnsproxy v0.9.1
|
||||
github.com/StackExchange/wmi v0.0.0-20180725035823-b12b22c5341f // indirect
|
||||
github.com/ameshkov/dnscrypt v1.0.0
|
||||
github.com/beefsack/go-rate v0.0.0-20180408011153-efa7637bb9b6
|
||||
|
@ -12,12 +13,15 @@ require (
|
|||
github.com/joomcode/errorx v0.1.0
|
||||
github.com/miekg/dns v1.1.1
|
||||
github.com/patrickmn/go-cache v2.1.0+incompatible
|
||||
github.com/pkg/errors v0.8.0
|
||||
github.com/shirou/gopsutil v2.18.10+incompatible
|
||||
github.com/shirou/w32 v0.0.0-20160930032740-bb4de0191aa4 // indirect
|
||||
github.com/sirupsen/logrus v1.2.0
|
||||
go.uber.org/goleak v0.10.0
|
||||
golang.org/x/crypto v0.0.0-20181203042331-505ab145d0a9
|
||||
golang.org/x/net v0.0.0-20181217023233-e147a9138326
|
||||
golang.org/x/sys v0.0.0-20181217223516-dcdaa6325bcb // indirect
|
||||
golang.org/x/net v0.0.0-20181220203305-927f97764cc3
|
||||
golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4 // indirect
|
||||
golang.org/x/sys v0.0.0-20181221143128-b4a75ba826a6 // indirect
|
||||
gopkg.in/asaskevich/govalidator.v4 v4.0.0-20160518190739-766470278477
|
||||
gopkg.in/yaml.v2 v2.2.1
|
||||
)
|
||||
|
|
22
go.sum
22
go.sum
|
@ -1,11 +1,13 @@
|
|||
github.com/AdguardTeam/dnsproxy v0.9.0 h1:doHDmVE9bV1fhiBV8rX76WWaSAB9w1H3u8WIiez5OFs=
|
||||
github.com/AdguardTeam/dnsproxy v0.9.0/go.mod h1:CKZVVknYdoHVirXqqbALEkC+DBY65yCQrzSKYS78GoE=
|
||||
github.com/AdguardTeam/dnsproxy v0.9.1 h1:+F6jqrVOrUjpbzhALjtbwqHfxW4M2YS3mYdhGxLXQ08=
|
||||
github.com/AdguardTeam/dnsproxy v0.9.1/go.mod h1:CKZVVknYdoHVirXqqbALEkC+DBY65yCQrzSKYS78GoE=
|
||||
github.com/StackExchange/wmi v0.0.0-20180725035823-b12b22c5341f h1:5ZfJxyXo8KyX8DgGXC5B7ILL8y51fci/qYz2B4j8iLY=
|
||||
github.com/StackExchange/wmi v0.0.0-20180725035823-b12b22c5341f/go.mod h1:3eOhrUMpNV+6aFIbp5/iudMxNCF27Vw2OZgy4xEx0Fg=
|
||||
github.com/aead/chacha20 v0.0.0-20180709150244-8b13a72661da h1:KjTM2ks9d14ZYCvmHS9iAKVt9AyzRSqNU1qabPih5BY=
|
||||
github.com/aead/chacha20 v0.0.0-20180709150244-8b13a72661da/go.mod h1:eHEWzANqSiWQsof+nXEI9bUVUyV6F53Fp89EuCh2EAA=
|
||||
github.com/aead/poly1305 v0.0.0-20180717145839-3fee0db0b635 h1:52m0LGchQBBVqJRyYYufQuIbVqRawmubW3OFGqK1ekw=
|
||||
github.com/aead/poly1305 v0.0.0-20180717145839-3fee0db0b635/go.mod h1:lmLxL+FV291OopO93Bwf9fQLQeLyt33VJRUg5VJ30us=
|
||||
github.com/ameshkov/dnscrypt v0.0.0-20181217090431-1215bb8b150f h1:vOaSvI9B3wqzV1g8raDeVzRJnq5RHQxsz0MVXudxdNU=
|
||||
github.com/ameshkov/dnscrypt v0.0.0-20181217090431-1215bb8b150f/go.mod h1:EC7Z1GguyEEwhuLXrcgkRTE3GdyPDSWq2OXefhydGWo=
|
||||
github.com/ameshkov/dnscrypt v1.0.0 h1:Y7YexPCxtVCTDXlXu9n17+1H5YS25vftx8vV8Dhuu+E=
|
||||
github.com/ameshkov/dnscrypt v1.0.0/go.mod h1:EC7Z1GguyEEwhuLXrcgkRTE3GdyPDSWq2OXefhydGWo=
|
||||
github.com/beefsack/go-rate v0.0.0-20180408011153-efa7637bb9b6 h1:KXlsf+qt/X5ttPGEjR0tPH1xaWWoKBEg9Q1THAj2h3I=
|
||||
|
@ -29,10 +31,16 @@ github.com/jedisct1/go-dnsstamps v0.0.0-20180418170050-1e4999280f86 h1:Olj4M6T1o
|
|||
github.com/jedisct1/go-dnsstamps v0.0.0-20180418170050-1e4999280f86/go.mod h1:j/ONpSHHmPgDwmFKXg9vhQvIjADe/ft1X4a3TVOmp9g=
|
||||
github.com/jedisct1/xsecretbox v0.0.0-20180508184500-7a679c0bcd9a h1:2nyBWKszM41RO/gt5ElUXigAFiRgJ9KifHDlWOlw0lc=
|
||||
github.com/jedisct1/xsecretbox v0.0.0-20180508184500-7a679c0bcd9a/go.mod h1:YlN58h704uRFD0BwsEGTq+7Wx+WG2i7P49bc+HwHyAY=
|
||||
github.com/jessevdk/go-flags v1.4.0 h1:4IU2WS7AumrZ/40jfhf4QVDMsQwqA7VEHozFRrGARJA=
|
||||
github.com/jessevdk/go-flags v1.4.0/go.mod h1:4FA24M0QyGHXBuZZK/XkWh8h0e1EYbRYJSGM75WSRxI=
|
||||
github.com/jmcvetta/randutil v0.0.0-20150817122601-2bb1b664bcff h1:6NvhExg4omUC9NfA+l4Oq3ibNNeJUdiAF3iBVB0PlDk=
|
||||
github.com/jmcvetta/randutil v0.0.0-20150817122601-2bb1b664bcff/go.mod h1:ddfPX8Z28YMjiqoaJhNBzWHapTHXejnB5cDCUWDwriw=
|
||||
github.com/joho/godotenv v1.3.0 h1:Zjp+RcGpHhGlrMbJzXTrZZPrWj+1vfm90La1wgB6Bhc=
|
||||
github.com/joho/godotenv v1.3.0/go.mod h1:7hK45KPybAkOC6peb+G5yklZfMxEjkZhHbwpqxOKXbg=
|
||||
github.com/joomcode/errorx v0.1.0 h1:QmJMiI1DE1UFje2aI1ZWO/VMT5a32qBoXUclGOt8vsc=
|
||||
github.com/joomcode/errorx v0.1.0/go.mod h1:kgco15ekB6cs+4Xjzo7SPeXzx38PbJzBwbnu9qfVNHQ=
|
||||
github.com/konsorten/go-windows-terminal-sequences v1.0.1 h1:mweAR1A6xJ3oS2pRaGiHgQ4OO8tzTaLawm8vnODuwDk=
|
||||
github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
|
||||
github.com/markbates/oncer v0.0.0-20181014194634-05fccaae8fc4 h1:Mlji5gkcpzkqTROyE4ZxZ8hN7osunMb2RuGVrbvMvCc=
|
||||
github.com/markbates/oncer v0.0.0-20181014194634-05fccaae8fc4/go.mod h1:Ld9puTsIW75CHf65OeIOkyKbteujpZVXDpWK6YGZbxE=
|
||||
github.com/miekg/dns v1.1.1 h1:DVkblRdiScEnEr0LR9nTnEQqHYycjkXW9bOjd+2EL2o=
|
||||
|
@ -47,14 +55,18 @@ github.com/shirou/gopsutil v2.18.10+incompatible h1:cy84jW6EVRPa5g9HAHrlbxMSIjBh
|
|||
github.com/shirou/gopsutil v2.18.10+incompatible/go.mod h1:5b4v6he4MtMOwMlS0TUMTu2PcXUg8+E1lC7eC3UO/RA=
|
||||
github.com/shirou/w32 v0.0.0-20160930032740-bb4de0191aa4 h1:udFKJ0aHUL60LboW/A+DfgoHVedieIzIXE8uylPue0U=
|
||||
github.com/shirou/w32 v0.0.0-20160930032740-bb4de0191aa4/go.mod h1:qsXQc7+bwAM3Q1u/4XEfrquwF8Lw7D7y5cD8CuHnfIc=
|
||||
github.com/sirupsen/logrus v1.2.0 h1:juTguoYk5qI21pwyTXY3B3Y5cOTH3ZUyZCg1v/mihuo=
|
||||
github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo=
|
||||
github.com/spf13/cobra v0.0.3 h1:ZlrZ4XsMRm04Fr5pSFxBgfND2EBVa1nLpiy1stUsX/8=
|
||||
github.com/spf13/cobra v0.0.3/go.mod h1:1l0Ry5zgKvJasoi3XT1TypsSe7PqH0Sj9dhYf7v3XqQ=
|
||||
github.com/spf13/pflag v1.0.3 h1:zPAT6CGy6wXeQ7NtTnaTerfKOsV6V6F8agHXFiazDkg=
|
||||
github.com/spf13/pflag v1.0.3/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4=
|
||||
github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
|
||||
github.com/stretchr/testify v1.2.2 h1:bSDNvY7ZPG5RlJ8otE/7V6gMiyenm9RtJ7IUVIAoJ1w=
|
||||
github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
|
||||
go.uber.org/goleak v0.10.0 h1:G3eWbSNIskeRqtsN/1uI5B+eP73y3JUuBsv9AZjehb4=
|
||||
go.uber.org/goleak v0.10.0/go.mod h1:VCZuO8V8mFPlL0F5J5GK1rtHV3DrFcQ1R8ryq7FK0aI=
|
||||
golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
|
||||
golang.org/x/crypto v0.0.0-20181203042331-505ab145d0a9 h1:mKdxBk7AujPs8kU4m80U72y/zjbZ3UcXC7dClwKbUI0=
|
||||
golang.org/x/crypto v0.0.0-20181203042331-505ab145d0a9/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
|
||||
golang.org/x/net v0.0.0-20181102091132-c10e9556a7bc/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
|
||||
|
@ -62,14 +74,20 @@ golang.org/x/net v0.0.0-20181213202711-891ebc4b82d6 h1:gT0Y6H7hbVPUtvtk0YGxMXPgN
|
|||
golang.org/x/net v0.0.0-20181213202711-891ebc4b82d6/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
|
||||
golang.org/x/net v0.0.0-20181217023233-e147a9138326 h1:iCzOf0xz39Tstp+Tu/WwyGjUXCk34QhQORRxBeXXTA4=
|
||||
golang.org/x/net v0.0.0-20181217023233-e147a9138326/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
|
||||
golang.org/x/net v0.0.0-20181220203305-927f97764cc3 h1:eH6Eip3UpmR+yM/qI9Ijluzb1bNv/cAU/n+6l8tRSis=
|
||||
golang.org/x/net v0.0.0-20181220203305-927f97764cc3/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
|
||||
golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f h1:wMNYb4v58l5UBM7MYRLPG6ZhfOqbKu7X5eyFl8ZhKvA=
|
||||
golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
|
||||
golang.org/x/sync v0.0.0-20181108010431-42b317875d0f h1:Bl/8QSvNqXvPGPGXa2z5xUTmV7VDcZyvRZ+QQXkXTZQ=
|
||||
golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
|
||||
golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
|
||||
golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
|
||||
golang.org/x/sys v0.0.0-20181213200352-4d1cda033e06 h1:0oC8rFnE+74kEmuHZ46F6KHsMr5Gx2gUQPuNz28iQZM=
|
||||
golang.org/x/sys v0.0.0-20181213200352-4d1cda033e06/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
|
||||
golang.org/x/sys v0.0.0-20181217223516-dcdaa6325bcb h1:zzdd4xkMwu/GRxhSUJaCPh4/jil9kAbsU7AUmXboO+A=
|
||||
golang.org/x/sys v0.0.0-20181217223516-dcdaa6325bcb/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
|
||||
golang.org/x/sys v0.0.0-20181221143128-b4a75ba826a6 h1:IcgEB62HYgAhX0Nd/QrVgZlxlcyxbGQHElLUhW2X4Fo=
|
||||
golang.org/x/sys v0.0.0-20181221143128-b4a75ba826a6/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
|
||||
gopkg.in/asaskevich/govalidator.v4 v4.0.0-20160518190739-766470278477 h1:5xUJw+lg4zao9W4HIDzlFbMYgSgtvNVHh00MEHvbGpQ=
|
||||
gopkg.in/asaskevich/govalidator.v4 v4.0.0-20160518190739-766470278477/go.mod h1:QDV1vrFSrowdoOba0UM8VJPUZONT7dnfdLsM+GG53Z8=
|
||||
gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM=
|
||||
|
|
Loading…
Reference in New Issue