+ pass client Name and IP to dnsfilter

* use urlfilter v0.11.0
This commit is contained in:
Simon Zolin 2020-06-23 14:36:26 +03:00
parent 49a92605b8
commit 890876cb05
5 changed files with 24 additions and 11 deletions

View File

@ -33,7 +33,11 @@ type RequestFilteringSettings struct {
SafeSearchEnabled bool SafeSearchEnabled bool
SafeBrowsingEnabled bool SafeBrowsingEnabled bool
ParentalEnabled bool ParentalEnabled bool
ClientName string
ClientIP string
ClientTags []string ClientTags []string
ServicesRules []ServiceEntry ServicesRules []ServiceEntry
} }
@ -297,7 +301,7 @@ func (d *Dnsfilter) CheckHostRules(host string, qtype uint16, setts *RequestFilt
return Result{}, nil return Result{}, nil
} }
return d.matchHost(host, qtype, setts.ClientTags) return d.matchHost(host, qtype, *setts)
} }
// CheckHost tries to match the host against filtering rules, // CheckHost tries to match the host against filtering rules,
@ -335,7 +339,7 @@ func (d *Dnsfilter) CheckHost(host string, qtype uint16, setts *RequestFiltering
// try filter lists first // try filter lists first
if setts.FilteringEnabled { if setts.FilteringEnabled {
result, err = d.matchHost(host, qtype, setts.ClientTags) result, err = d.matchHost(host, qtype, *setts)
if err != nil { if err != nil {
return result, err return result, err
} }
@ -545,14 +549,20 @@ func (d *Dnsfilter) initFiltering(allowFilters, blockFilters []Filter) error {
} }
// matchHost is a low-level way to check only if hostname is filtered by rules, skipping expensive safebrowsing and parental lookups // matchHost is a low-level way to check only if hostname is filtered by rules, skipping expensive safebrowsing and parental lookups
func (d *Dnsfilter) matchHost(host string, qtype uint16, ctags []string) (Result, error) { func (d *Dnsfilter) matchHost(host string, qtype uint16, setts RequestFilteringSettings) (Result, error) {
d.engineLock.RLock() d.engineLock.RLock()
// Keep in mind that this lock must be held no just when calling Match() // Keep in mind that this lock must be held no just when calling Match()
// but also while using the rules returned by it. // but also while using the rules returned by it.
defer d.engineLock.RUnlock() defer d.engineLock.RUnlock()
ureq := urlfilter.DNSRequest{}
ureq.Hostname = host
ureq.ClientIP = setts.ClientIP
ureq.ClientName = setts.ClientName
ureq.SortedClientTags = setts.ClientTags
if d.filteringEngineWhite != nil { if d.filteringEngineWhite != nil {
rr, ok := d.filteringEngineWhite.Match(host, ctags) rr, ok := d.filteringEngineWhite.MatchRequest(ureq)
if ok { if ok {
var rule rules.Rule var rule rules.Rule
if rr.NetworkRule != nil { if rr.NetworkRule != nil {
@ -574,7 +584,7 @@ func (d *Dnsfilter) matchHost(host string, qtype uint16, ctags []string) (Result
return Result{}, nil return Result{}, nil
} }
rr, ok := d.filteringEngine.Match(host, ctags) rr, ok := d.filteringEngine.MatchRequest(ureq)
if !ok { if !ok {
return Result{}, nil return Result{}, nil
} }

View File

@ -122,7 +122,7 @@ func (a *accessCtx) IsBlockedIP(ip string) bool {
// IsBlockedDomain - return TRUE if this domain should be blocked // IsBlockedDomain - return TRUE if this domain should be blocked
func (a *accessCtx) IsBlockedDomain(host string) bool { func (a *accessCtx) IsBlockedDomain(host string) bool {
a.lock.Lock() a.lock.Lock()
_, ok := a.blockedHostsEngine.Match(host, nil) _, ok := a.blockedHostsEngine.Match(host)
a.lock.Unlock() a.lock.Unlock()
return ok return ok
} }

2
go.mod
View File

@ -5,7 +5,7 @@ go 1.14
require ( require (
github.com/AdguardTeam/dnsproxy v0.29.0 github.com/AdguardTeam/dnsproxy v0.29.0
github.com/AdguardTeam/golibs v0.4.2 github.com/AdguardTeam/golibs v0.4.2
github.com/AdguardTeam/urlfilter v0.10.1 github.com/AdguardTeam/urlfilter v0.11.0
github.com/NYTimes/gziphandler v1.1.1 github.com/NYTimes/gziphandler v1.1.1
github.com/fsnotify/fsnotify v1.4.7 github.com/fsnotify/fsnotify v1.4.7
github.com/gobuffalo/packr v1.30.1 github.com/gobuffalo/packr v1.30.1

5
go.sum
View File

@ -5,8 +5,9 @@ github.com/AdguardTeam/golibs v0.4.0/go.mod h1:skKsDKIBB7kkFflLJBpfGX+G8QFTx0WKU
github.com/AdguardTeam/golibs v0.4.2 h1:7M28oTZFoFwNmp8eGPb3ImmYbxGaJLyQXeIFVHjME0o= github.com/AdguardTeam/golibs v0.4.2 h1:7M28oTZFoFwNmp8eGPb3ImmYbxGaJLyQXeIFVHjME0o=
github.com/AdguardTeam/golibs v0.4.2/go.mod h1:skKsDKIBB7kkFflLJBpfGX+G8QFTx0WKUzB6TIgtUj4= github.com/AdguardTeam/golibs v0.4.2/go.mod h1:skKsDKIBB7kkFflLJBpfGX+G8QFTx0WKUzB6TIgtUj4=
github.com/AdguardTeam/gomitmproxy v0.2.0/go.mod h1:Qdv0Mktnzer5zpdpi5rAwixNJzW2FN91LjKJCkVbYGU= github.com/AdguardTeam/gomitmproxy v0.2.0/go.mod h1:Qdv0Mktnzer5zpdpi5rAwixNJzW2FN91LjKJCkVbYGU=
github.com/AdguardTeam/urlfilter v0.10.1 h1:ECago6OvZjOTKlOqxU39C+V/ecAslaCDYcf5s+/hwaY= github.com/AdguardTeam/urlfilter v0.11.0 h1:tgZss6uZs1UZAaxpovD/QuX+VVIQLDOlKc7rdF8dwNw=
github.com/AdguardTeam/urlfilter v0.10.1/go.mod h1:aMuejlNxpWppOVjiEV87X6z0eMf7wsXHTAIWQuylfZY= github.com/AdguardTeam/urlfilter v0.11.0/go.mod h1:aMuejlNxpWppOVjiEV87X6z0eMf7wsXHTAIWQuylfZY=
github.com/BurntSushi/toml v0.3.1 h1:WXkYYl6Yr3qBf1K79EBnL4mak0OimBfB0XUf9Vl28OQ=
github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
github.com/NYTimes/gziphandler v1.1.1 h1:ZUDjpQae29j0ryrS0u/B8HZfJBtBQHjqw2rQ2cqUQ3I= github.com/NYTimes/gziphandler v1.1.1 h1:ZUDjpQae29j0ryrS0u/B8HZfJBtBQHjqw2rQ2cqUQ3I=
github.com/NYTimes/gziphandler v1.1.1/go.mod h1:n/CVRwUEOgIxrgPvAQhUUr9oeUtvrhMomdKFjzJNB0c= github.com/NYTimes/gziphandler v1.1.1/go.mod h1:n/CVRwUEOgIxrgPvAQhUUr9oeUtvrhMomdKFjzJNB0c=

View File

@ -235,6 +235,7 @@ func applyAdditionalFiltering(clientAddr string, setts *dnsfilter.RequestFilteri
if len(clientAddr) == 0 { if len(clientAddr) == 0 {
return return
} }
setts.ClientIP = clientAddr
c, ok := Context.clients.Find(clientAddr) c, ok := Context.clients.Find(clientAddr)
if !ok { if !ok {
@ -247,6 +248,7 @@ func applyAdditionalFiltering(clientAddr string, setts *dnsfilter.RequestFilteri
Context.dnsFilter.ApplyBlockedServices(setts, c.BlockedServices, false) Context.dnsFilter.ApplyBlockedServices(setts, c.BlockedServices, false)
} }
setts.ClientName = c.Name
setts.ClientTags = c.Tags setts.ClientTags = c.Tags
if !c.UseOwnSettings { if !c.UseOwnSettings {