From 890876cb0539d4916a21c0e0771a9d4e8322b9be Mon Sep 17 00:00:00 2001 From: Simon Zolin Date: Tue, 23 Jun 2020 14:36:26 +0300 Subject: [PATCH] + pass client Name and IP to dnsfilter * use urlfilter v0.11.0 --- dnsfilter/dnsfilter.go | 24 +++++++++++++++++------- dnsforward/access.go | 2 +- go.mod | 2 +- go.sum | 5 +++-- home/dns.go | 2 ++ 5 files changed, 24 insertions(+), 11 deletions(-) diff --git a/dnsfilter/dnsfilter.go b/dnsfilter/dnsfilter.go index bcd597d8..1014c462 100644 --- a/dnsfilter/dnsfilter.go +++ b/dnsfilter/dnsfilter.go @@ -33,8 +33,12 @@ type RequestFilteringSettings struct { SafeSearchEnabled bool SafeBrowsingEnabled bool ParentalEnabled bool - ClientTags []string - ServicesRules []ServiceEntry + + ClientName string + ClientIP string + ClientTags []string + + ServicesRules []ServiceEntry } // Config allows you to configure DNS filtering with New() or just change variables directly. @@ -297,7 +301,7 @@ func (d *Dnsfilter) CheckHostRules(host string, qtype uint16, setts *RequestFilt return Result{}, nil } - return d.matchHost(host, qtype, setts.ClientTags) + return d.matchHost(host, qtype, *setts) } // CheckHost tries to match the host against filtering rules, @@ -335,7 +339,7 @@ func (d *Dnsfilter) CheckHost(host string, qtype uint16, setts *RequestFiltering // try filter lists first if setts.FilteringEnabled { - result, err = d.matchHost(host, qtype, setts.ClientTags) + result, err = d.matchHost(host, qtype, *setts) if err != nil { return result, err } @@ -545,14 +549,20 @@ func (d *Dnsfilter) initFiltering(allowFilters, blockFilters []Filter) error { } // matchHost is a low-level way to check only if hostname is filtered by rules, skipping expensive safebrowsing and parental lookups -func (d *Dnsfilter) matchHost(host string, qtype uint16, ctags []string) (Result, error) { +func (d *Dnsfilter) matchHost(host string, qtype uint16, setts RequestFilteringSettings) (Result, error) { d.engineLock.RLock() // Keep in mind that this lock must be held no just when calling Match() // but also while using the rules returned by it. defer d.engineLock.RUnlock() + ureq := urlfilter.DNSRequest{} + ureq.Hostname = host + ureq.ClientIP = setts.ClientIP + ureq.ClientName = setts.ClientName + ureq.SortedClientTags = setts.ClientTags + if d.filteringEngineWhite != nil { - rr, ok := d.filteringEngineWhite.Match(host, ctags) + rr, ok := d.filteringEngineWhite.MatchRequest(ureq) if ok { var rule rules.Rule if rr.NetworkRule != nil { @@ -574,7 +584,7 @@ func (d *Dnsfilter) matchHost(host string, qtype uint16, ctags []string) (Result return Result{}, nil } - rr, ok := d.filteringEngine.Match(host, ctags) + rr, ok := d.filteringEngine.MatchRequest(ureq) if !ok { return Result{}, nil } diff --git a/dnsforward/access.go b/dnsforward/access.go index 6eed4337..eadd1141 100644 --- a/dnsforward/access.go +++ b/dnsforward/access.go @@ -122,7 +122,7 @@ func (a *accessCtx) IsBlockedIP(ip string) bool { // IsBlockedDomain - return TRUE if this domain should be blocked func (a *accessCtx) IsBlockedDomain(host string) bool { a.lock.Lock() - _, ok := a.blockedHostsEngine.Match(host, nil) + _, ok := a.blockedHostsEngine.Match(host) a.lock.Unlock() return ok } diff --git a/go.mod b/go.mod index a67e8747..3dfd6d97 100644 --- a/go.mod +++ b/go.mod @@ -5,7 +5,7 @@ go 1.14 require ( github.com/AdguardTeam/dnsproxy v0.29.0 github.com/AdguardTeam/golibs v0.4.2 - github.com/AdguardTeam/urlfilter v0.10.1 + github.com/AdguardTeam/urlfilter v0.11.0 github.com/NYTimes/gziphandler v1.1.1 github.com/fsnotify/fsnotify v1.4.7 github.com/gobuffalo/packr v1.30.1 diff --git a/go.sum b/go.sum index 38971352..ed9051b0 100644 --- a/go.sum +++ b/go.sum @@ -5,8 +5,9 @@ github.com/AdguardTeam/golibs v0.4.0/go.mod h1:skKsDKIBB7kkFflLJBpfGX+G8QFTx0WKU github.com/AdguardTeam/golibs v0.4.2 h1:7M28oTZFoFwNmp8eGPb3ImmYbxGaJLyQXeIFVHjME0o= github.com/AdguardTeam/golibs v0.4.2/go.mod h1:skKsDKIBB7kkFflLJBpfGX+G8QFTx0WKUzB6TIgtUj4= github.com/AdguardTeam/gomitmproxy v0.2.0/go.mod h1:Qdv0Mktnzer5zpdpi5rAwixNJzW2FN91LjKJCkVbYGU= -github.com/AdguardTeam/urlfilter v0.10.1 h1:ECago6OvZjOTKlOqxU39C+V/ecAslaCDYcf5s+/hwaY= -github.com/AdguardTeam/urlfilter v0.10.1/go.mod h1:aMuejlNxpWppOVjiEV87X6z0eMf7wsXHTAIWQuylfZY= +github.com/AdguardTeam/urlfilter v0.11.0 h1:tgZss6uZs1UZAaxpovD/QuX+VVIQLDOlKc7rdF8dwNw= +github.com/AdguardTeam/urlfilter v0.11.0/go.mod h1:aMuejlNxpWppOVjiEV87X6z0eMf7wsXHTAIWQuylfZY= +github.com/BurntSushi/toml v0.3.1 h1:WXkYYl6Yr3qBf1K79EBnL4mak0OimBfB0XUf9Vl28OQ= github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= github.com/NYTimes/gziphandler v1.1.1 h1:ZUDjpQae29j0ryrS0u/B8HZfJBtBQHjqw2rQ2cqUQ3I= github.com/NYTimes/gziphandler v1.1.1/go.mod h1:n/CVRwUEOgIxrgPvAQhUUr9oeUtvrhMomdKFjzJNB0c= diff --git a/home/dns.go b/home/dns.go index a5547627..6d7f4cf6 100644 --- a/home/dns.go +++ b/home/dns.go @@ -235,6 +235,7 @@ func applyAdditionalFiltering(clientAddr string, setts *dnsfilter.RequestFilteri if len(clientAddr) == 0 { return } + setts.ClientIP = clientAddr c, ok := Context.clients.Find(clientAddr) if !ok { @@ -247,6 +248,7 @@ func applyAdditionalFiltering(clientAddr string, setts *dnsfilter.RequestFilteri Context.dnsFilter.ApplyBlockedServices(setts, c.BlockedServices, false) } + setts.ClientName = c.Name setts.ClientTags = c.Tags if !c.UseOwnSettings {