+ pass client Name and IP to dnsfilter
* use urlfilter v0.11.0
This commit is contained in:
parent
49a92605b8
commit
890876cb05
|
@ -33,8 +33,12 @@ type RequestFilteringSettings struct {
|
||||||
SafeSearchEnabled bool
|
SafeSearchEnabled bool
|
||||||
SafeBrowsingEnabled bool
|
SafeBrowsingEnabled bool
|
||||||
ParentalEnabled bool
|
ParentalEnabled bool
|
||||||
ClientTags []string
|
|
||||||
ServicesRules []ServiceEntry
|
ClientName string
|
||||||
|
ClientIP string
|
||||||
|
ClientTags []string
|
||||||
|
|
||||||
|
ServicesRules []ServiceEntry
|
||||||
}
|
}
|
||||||
|
|
||||||
// Config allows you to configure DNS filtering with New() or just change variables directly.
|
// Config allows you to configure DNS filtering with New() or just change variables directly.
|
||||||
|
@ -297,7 +301,7 @@ func (d *Dnsfilter) CheckHostRules(host string, qtype uint16, setts *RequestFilt
|
||||||
return Result{}, nil
|
return Result{}, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
return d.matchHost(host, qtype, setts.ClientTags)
|
return d.matchHost(host, qtype, *setts)
|
||||||
}
|
}
|
||||||
|
|
||||||
// CheckHost tries to match the host against filtering rules,
|
// CheckHost tries to match the host against filtering rules,
|
||||||
|
@ -335,7 +339,7 @@ func (d *Dnsfilter) CheckHost(host string, qtype uint16, setts *RequestFiltering
|
||||||
|
|
||||||
// try filter lists first
|
// try filter lists first
|
||||||
if setts.FilteringEnabled {
|
if setts.FilteringEnabled {
|
||||||
result, err = d.matchHost(host, qtype, setts.ClientTags)
|
result, err = d.matchHost(host, qtype, *setts)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return result, err
|
return result, err
|
||||||
}
|
}
|
||||||
|
@ -545,14 +549,20 @@ func (d *Dnsfilter) initFiltering(allowFilters, blockFilters []Filter) error {
|
||||||
}
|
}
|
||||||
|
|
||||||
// matchHost is a low-level way to check only if hostname is filtered by rules, skipping expensive safebrowsing and parental lookups
|
// matchHost is a low-level way to check only if hostname is filtered by rules, skipping expensive safebrowsing and parental lookups
|
||||||
func (d *Dnsfilter) matchHost(host string, qtype uint16, ctags []string) (Result, error) {
|
func (d *Dnsfilter) matchHost(host string, qtype uint16, setts RequestFilteringSettings) (Result, error) {
|
||||||
d.engineLock.RLock()
|
d.engineLock.RLock()
|
||||||
// Keep in mind that this lock must be held no just when calling Match()
|
// Keep in mind that this lock must be held no just when calling Match()
|
||||||
// but also while using the rules returned by it.
|
// but also while using the rules returned by it.
|
||||||
defer d.engineLock.RUnlock()
|
defer d.engineLock.RUnlock()
|
||||||
|
|
||||||
|
ureq := urlfilter.DNSRequest{}
|
||||||
|
ureq.Hostname = host
|
||||||
|
ureq.ClientIP = setts.ClientIP
|
||||||
|
ureq.ClientName = setts.ClientName
|
||||||
|
ureq.SortedClientTags = setts.ClientTags
|
||||||
|
|
||||||
if d.filteringEngineWhite != nil {
|
if d.filteringEngineWhite != nil {
|
||||||
rr, ok := d.filteringEngineWhite.Match(host, ctags)
|
rr, ok := d.filteringEngineWhite.MatchRequest(ureq)
|
||||||
if ok {
|
if ok {
|
||||||
var rule rules.Rule
|
var rule rules.Rule
|
||||||
if rr.NetworkRule != nil {
|
if rr.NetworkRule != nil {
|
||||||
|
@ -574,7 +584,7 @@ func (d *Dnsfilter) matchHost(host string, qtype uint16, ctags []string) (Result
|
||||||
return Result{}, nil
|
return Result{}, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
rr, ok := d.filteringEngine.Match(host, ctags)
|
rr, ok := d.filteringEngine.MatchRequest(ureq)
|
||||||
if !ok {
|
if !ok {
|
||||||
return Result{}, nil
|
return Result{}, nil
|
||||||
}
|
}
|
||||||
|
|
|
@ -122,7 +122,7 @@ func (a *accessCtx) IsBlockedIP(ip string) bool {
|
||||||
// IsBlockedDomain - return TRUE if this domain should be blocked
|
// IsBlockedDomain - return TRUE if this domain should be blocked
|
||||||
func (a *accessCtx) IsBlockedDomain(host string) bool {
|
func (a *accessCtx) IsBlockedDomain(host string) bool {
|
||||||
a.lock.Lock()
|
a.lock.Lock()
|
||||||
_, ok := a.blockedHostsEngine.Match(host, nil)
|
_, ok := a.blockedHostsEngine.Match(host)
|
||||||
a.lock.Unlock()
|
a.lock.Unlock()
|
||||||
return ok
|
return ok
|
||||||
}
|
}
|
||||||
|
|
2
go.mod
2
go.mod
|
@ -5,7 +5,7 @@ go 1.14
|
||||||
require (
|
require (
|
||||||
github.com/AdguardTeam/dnsproxy v0.29.0
|
github.com/AdguardTeam/dnsproxy v0.29.0
|
||||||
github.com/AdguardTeam/golibs v0.4.2
|
github.com/AdguardTeam/golibs v0.4.2
|
||||||
github.com/AdguardTeam/urlfilter v0.10.1
|
github.com/AdguardTeam/urlfilter v0.11.0
|
||||||
github.com/NYTimes/gziphandler v1.1.1
|
github.com/NYTimes/gziphandler v1.1.1
|
||||||
github.com/fsnotify/fsnotify v1.4.7
|
github.com/fsnotify/fsnotify v1.4.7
|
||||||
github.com/gobuffalo/packr v1.30.1
|
github.com/gobuffalo/packr v1.30.1
|
||||||
|
|
5
go.sum
5
go.sum
|
@ -5,8 +5,9 @@ github.com/AdguardTeam/golibs v0.4.0/go.mod h1:skKsDKIBB7kkFflLJBpfGX+G8QFTx0WKU
|
||||||
github.com/AdguardTeam/golibs v0.4.2 h1:7M28oTZFoFwNmp8eGPb3ImmYbxGaJLyQXeIFVHjME0o=
|
github.com/AdguardTeam/golibs v0.4.2 h1:7M28oTZFoFwNmp8eGPb3ImmYbxGaJLyQXeIFVHjME0o=
|
||||||
github.com/AdguardTeam/golibs v0.4.2/go.mod h1:skKsDKIBB7kkFflLJBpfGX+G8QFTx0WKUzB6TIgtUj4=
|
github.com/AdguardTeam/golibs v0.4.2/go.mod h1:skKsDKIBB7kkFflLJBpfGX+G8QFTx0WKUzB6TIgtUj4=
|
||||||
github.com/AdguardTeam/gomitmproxy v0.2.0/go.mod h1:Qdv0Mktnzer5zpdpi5rAwixNJzW2FN91LjKJCkVbYGU=
|
github.com/AdguardTeam/gomitmproxy v0.2.0/go.mod h1:Qdv0Mktnzer5zpdpi5rAwixNJzW2FN91LjKJCkVbYGU=
|
||||||
github.com/AdguardTeam/urlfilter v0.10.1 h1:ECago6OvZjOTKlOqxU39C+V/ecAslaCDYcf5s+/hwaY=
|
github.com/AdguardTeam/urlfilter v0.11.0 h1:tgZss6uZs1UZAaxpovD/QuX+VVIQLDOlKc7rdF8dwNw=
|
||||||
github.com/AdguardTeam/urlfilter v0.10.1/go.mod h1:aMuejlNxpWppOVjiEV87X6z0eMf7wsXHTAIWQuylfZY=
|
github.com/AdguardTeam/urlfilter v0.11.0/go.mod h1:aMuejlNxpWppOVjiEV87X6z0eMf7wsXHTAIWQuylfZY=
|
||||||
|
github.com/BurntSushi/toml v0.3.1 h1:WXkYYl6Yr3qBf1K79EBnL4mak0OimBfB0XUf9Vl28OQ=
|
||||||
github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
|
github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
|
||||||
github.com/NYTimes/gziphandler v1.1.1 h1:ZUDjpQae29j0ryrS0u/B8HZfJBtBQHjqw2rQ2cqUQ3I=
|
github.com/NYTimes/gziphandler v1.1.1 h1:ZUDjpQae29j0ryrS0u/B8HZfJBtBQHjqw2rQ2cqUQ3I=
|
||||||
github.com/NYTimes/gziphandler v1.1.1/go.mod h1:n/CVRwUEOgIxrgPvAQhUUr9oeUtvrhMomdKFjzJNB0c=
|
github.com/NYTimes/gziphandler v1.1.1/go.mod h1:n/CVRwUEOgIxrgPvAQhUUr9oeUtvrhMomdKFjzJNB0c=
|
||||||
|
|
|
@ -235,6 +235,7 @@ func applyAdditionalFiltering(clientAddr string, setts *dnsfilter.RequestFilteri
|
||||||
if len(clientAddr) == 0 {
|
if len(clientAddr) == 0 {
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
setts.ClientIP = clientAddr
|
||||||
|
|
||||||
c, ok := Context.clients.Find(clientAddr)
|
c, ok := Context.clients.Find(clientAddr)
|
||||||
if !ok {
|
if !ok {
|
||||||
|
@ -247,6 +248,7 @@ func applyAdditionalFiltering(clientAddr string, setts *dnsfilter.RequestFilteri
|
||||||
Context.dnsFilter.ApplyBlockedServices(setts, c.BlockedServices, false)
|
Context.dnsFilter.ApplyBlockedServices(setts, c.BlockedServices, false)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
setts.ClientName = c.Name
|
||||||
setts.ClientTags = c.Tags
|
setts.ClientTags = c.Tags
|
||||||
|
|
||||||
if !c.UseOwnSettings {
|
if !c.UseOwnSettings {
|
||||||
|
|
Loading…
Reference in New Issue