Merge: dnsfilter: prevent recursion when both parental control and safebrowsing are enabled
Close #732 * commit 'c4e67690f4fcceb055cbea73610b5974855db96f': * dnsfilter: don't use global variable for custom resolver function - dnsfilter: prevent recursion when both parental control and safebrowsing are enabled
This commit is contained in:
commit
e1bb89c393
|
@ -162,8 +162,6 @@ var (
|
||||||
safeSearchCache gcache.Cache
|
safeSearchCache gcache.Cache
|
||||||
)
|
)
|
||||||
|
|
||||||
var resolverAddr string // DNS server address
|
|
||||||
|
|
||||||
// Result holds state of hostname check
|
// Result holds state of hostname check
|
||||||
type Result struct {
|
type Result struct {
|
||||||
IsFiltered bool `json:",omitempty"` // True if the host name is filtered
|
IsFiltered bool `json:",omitempty"` // True if the host name is filtered
|
||||||
|
@ -185,6 +183,10 @@ func (d *Dnsfilter) CheckHost(host string) (Result, error) {
|
||||||
return Result{Reason: NotFilteredNotFound}, nil
|
return Result{Reason: NotFilteredNotFound}, nil
|
||||||
}
|
}
|
||||||
host = strings.ToLower(host)
|
host = strings.ToLower(host)
|
||||||
|
// prevent recursion
|
||||||
|
if host == d.parentalServer || host == d.safeBrowsingServer {
|
||||||
|
return Result{}, nil
|
||||||
|
}
|
||||||
|
|
||||||
// try filter lists first
|
// try filter lists first
|
||||||
result, err := d.matchHost(host)
|
result, err := d.matchHost(host)
|
||||||
|
@ -674,10 +676,6 @@ func (d *Dnsfilter) checkSafeBrowsing(host string) (Result, error) {
|
||||||
defer timer.LogElapsed("SafeBrowsing HTTP lookup for %s", host)
|
defer timer.LogElapsed("SafeBrowsing HTTP lookup for %s", host)
|
||||||
}
|
}
|
||||||
|
|
||||||
// prevent recursion -- checking the host of safebrowsing server makes no sense
|
|
||||||
if host == d.safeBrowsingServer {
|
|
||||||
return Result{}, nil
|
|
||||||
}
|
|
||||||
format := func(hashparam string) string {
|
format := func(hashparam string) string {
|
||||||
url := fmt.Sprintf(defaultSafebrowsingURL, d.safeBrowsingServer, hashparam)
|
url := fmt.Sprintf(defaultSafebrowsingURL, d.safeBrowsingServer, hashparam)
|
||||||
return url
|
return url
|
||||||
|
@ -720,10 +718,6 @@ func (d *Dnsfilter) checkParental(host string) (Result, error) {
|
||||||
defer timer.LogElapsed("Parental HTTP lookup for %s", host)
|
defer timer.LogElapsed("Parental HTTP lookup for %s", host)
|
||||||
}
|
}
|
||||||
|
|
||||||
// prevent recursion -- checking the host of parental safety server makes no sense
|
|
||||||
if host == d.parentalServer {
|
|
||||||
return Result{}, nil
|
|
||||||
}
|
|
||||||
format := func(hashparam string) string {
|
format := func(hashparam string) string {
|
||||||
url := fmt.Sprintf(defaultParentalURL, d.parentalServer, hashparam, d.ParentalSensitivity)
|
url := fmt.Sprintf(defaultParentalURL, d.parentalServer, hashparam, d.ParentalSensitivity)
|
||||||
return url
|
return url
|
||||||
|
@ -978,8 +972,11 @@ func (d *Dnsfilter) matchHost(host string) (Result, error) {
|
||||||
// lifecycle helper functions
|
// lifecycle helper functions
|
||||||
//
|
//
|
||||||
|
|
||||||
|
type dialFunctionType func(ctx context.Context, network, addr string) (net.Conn, error)
|
||||||
|
|
||||||
// Connect to a remote server resolving hostname using our own DNS server
|
// Connect to a remote server resolving hostname using our own DNS server
|
||||||
func customDialContext(ctx context.Context, network, addr string) (net.Conn, error) {
|
func createCustomDialContext(resolverAddr string) dialFunctionType {
|
||||||
|
return func(ctx context.Context, network, addr string) (net.Conn, error) {
|
||||||
log.Tracef("network:%v addr:%v", network, addr)
|
log.Tracef("network:%v addr:%v", network, addr)
|
||||||
|
|
||||||
host, port, err := net.SplitHostPort(addr)
|
host, port, err := net.SplitHostPort(addr)
|
||||||
|
@ -1017,6 +1014,7 @@ func customDialContext(ctx context.Context, network, addr string) (net.Conn, err
|
||||||
return con, err
|
return con, err
|
||||||
}
|
}
|
||||||
return nil, firstErr
|
return nil, firstErr
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// New creates properly initialized DNS Filter that is ready to be used
|
// New creates properly initialized DNS Filter that is ready to be used
|
||||||
|
@ -1039,8 +1037,7 @@ func New(c *Config) *Dnsfilter {
|
||||||
ExpectContinueTimeout: 1 * time.Second,
|
ExpectContinueTimeout: 1 * time.Second,
|
||||||
}
|
}
|
||||||
if c != nil && len(c.ResolverAddress) != 0 {
|
if c != nil && len(c.ResolverAddress) != 0 {
|
||||||
resolverAddr = c.ResolverAddress
|
d.transport.DialContext = createCustomDialContext(c.ResolverAddress)
|
||||||
d.transport.DialContext = customDialContext
|
|
||||||
}
|
}
|
||||||
d.client = http.Client{
|
d.client = http.Client{
|
||||||
Transport: d.transport,
|
Transport: d.transport,
|
||||||
|
|
Loading…
Reference in New Issue