+ pass client Name and IP to dnsfilter

* use urlfilter v0.11.0
This commit is contained in:
Simon Zolin 2020-06-23 14:36:26 +03:00
parent 49a92605b8
commit 890876cb05
5 changed files with 24 additions and 11 deletions

View File

@ -33,7 +33,11 @@ type RequestFilteringSettings struct {
SafeSearchEnabled bool
SafeBrowsingEnabled bool
ParentalEnabled bool
ClientName string
ClientIP string
ClientTags []string
ServicesRules []ServiceEntry
}
@ -297,7 +301,7 @@ func (d *Dnsfilter) CheckHostRules(host string, qtype uint16, setts *RequestFilt
return Result{}, nil
}
return d.matchHost(host, qtype, setts.ClientTags)
return d.matchHost(host, qtype, *setts)
}
// CheckHost tries to match the host against filtering rules,
@ -335,7 +339,7 @@ func (d *Dnsfilter) CheckHost(host string, qtype uint16, setts *RequestFiltering
// try filter lists first
if setts.FilteringEnabled {
result, err = d.matchHost(host, qtype, setts.ClientTags)
result, err = d.matchHost(host, qtype, *setts)
if err != nil {
return result, err
}
@ -545,14 +549,20 @@ func (d *Dnsfilter) initFiltering(allowFilters, blockFilters []Filter) error {
}
// matchHost is a low-level way to check only if hostname is filtered by rules, skipping expensive safebrowsing and parental lookups
func (d *Dnsfilter) matchHost(host string, qtype uint16, ctags []string) (Result, error) {
func (d *Dnsfilter) matchHost(host string, qtype uint16, setts RequestFilteringSettings) (Result, error) {
d.engineLock.RLock()
// Keep in mind that this lock must be held no just when calling Match()
// but also while using the rules returned by it.
defer d.engineLock.RUnlock()
ureq := urlfilter.DNSRequest{}
ureq.Hostname = host
ureq.ClientIP = setts.ClientIP
ureq.ClientName = setts.ClientName
ureq.SortedClientTags = setts.ClientTags
if d.filteringEngineWhite != nil {
rr, ok := d.filteringEngineWhite.Match(host, ctags)
rr, ok := d.filteringEngineWhite.MatchRequest(ureq)
if ok {
var rule rules.Rule
if rr.NetworkRule != nil {
@ -574,7 +584,7 @@ func (d *Dnsfilter) matchHost(host string, qtype uint16, ctags []string) (Result
return Result{}, nil
}
rr, ok := d.filteringEngine.Match(host, ctags)
rr, ok := d.filteringEngine.MatchRequest(ureq)
if !ok {
return Result{}, nil
}

View File

@ -122,7 +122,7 @@ func (a *accessCtx) IsBlockedIP(ip string) bool {
// IsBlockedDomain - return TRUE if this domain should be blocked
func (a *accessCtx) IsBlockedDomain(host string) bool {
a.lock.Lock()
_, ok := a.blockedHostsEngine.Match(host, nil)
_, ok := a.blockedHostsEngine.Match(host)
a.lock.Unlock()
return ok
}

2
go.mod
View File

@ -5,7 +5,7 @@ go 1.14
require (
github.com/AdguardTeam/dnsproxy v0.29.0
github.com/AdguardTeam/golibs v0.4.2
github.com/AdguardTeam/urlfilter v0.10.1
github.com/AdguardTeam/urlfilter v0.11.0
github.com/NYTimes/gziphandler v1.1.1
github.com/fsnotify/fsnotify v1.4.7
github.com/gobuffalo/packr v1.30.1

5
go.sum
View File

@ -5,8 +5,9 @@ github.com/AdguardTeam/golibs v0.4.0/go.mod h1:skKsDKIBB7kkFflLJBpfGX+G8QFTx0WKU
github.com/AdguardTeam/golibs v0.4.2 h1:7M28oTZFoFwNmp8eGPb3ImmYbxGaJLyQXeIFVHjME0o=
github.com/AdguardTeam/golibs v0.4.2/go.mod h1:skKsDKIBB7kkFflLJBpfGX+G8QFTx0WKUzB6TIgtUj4=
github.com/AdguardTeam/gomitmproxy v0.2.0/go.mod h1:Qdv0Mktnzer5zpdpi5rAwixNJzW2FN91LjKJCkVbYGU=
github.com/AdguardTeam/urlfilter v0.10.1 h1:ECago6OvZjOTKlOqxU39C+V/ecAslaCDYcf5s+/hwaY=
github.com/AdguardTeam/urlfilter v0.10.1/go.mod h1:aMuejlNxpWppOVjiEV87X6z0eMf7wsXHTAIWQuylfZY=
github.com/AdguardTeam/urlfilter v0.11.0 h1:tgZss6uZs1UZAaxpovD/QuX+VVIQLDOlKc7rdF8dwNw=
github.com/AdguardTeam/urlfilter v0.11.0/go.mod h1:aMuejlNxpWppOVjiEV87X6z0eMf7wsXHTAIWQuylfZY=
github.com/BurntSushi/toml v0.3.1 h1:WXkYYl6Yr3qBf1K79EBnL4mak0OimBfB0XUf9Vl28OQ=
github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
github.com/NYTimes/gziphandler v1.1.1 h1:ZUDjpQae29j0ryrS0u/B8HZfJBtBQHjqw2rQ2cqUQ3I=
github.com/NYTimes/gziphandler v1.1.1/go.mod h1:n/CVRwUEOgIxrgPvAQhUUr9oeUtvrhMomdKFjzJNB0c=

View File

@ -235,6 +235,7 @@ func applyAdditionalFiltering(clientAddr string, setts *dnsfilter.RequestFilteri
if len(clientAddr) == 0 {
return
}
setts.ClientIP = clientAddr
c, ok := Context.clients.Find(clientAddr)
if !ok {
@ -247,6 +248,7 @@ func applyAdditionalFiltering(clientAddr string, setts *dnsfilter.RequestFilteri
Context.dnsFilter.ApplyBlockedServices(setts, c.BlockedServices, false)
}
setts.ClientName = c.Name
setts.ClientTags = c.Tags
if !c.UseOwnSettings {