Commit Graph

89 Commits

Author SHA1 Message Date
Simon Zolin
140d5553e7 * DNS rewrites: don't pass request to an upstream server if matched by Rewrite rule
For example, if there's an A rewrite rule, but no AAAA rule,
 the response to AAAA request must be empty.
2020-03-02 15:24:40 +03:00
Andrey Meshkov
d839136fee Merge: fix #822 - Whitelist filter rules
Squashed commit of the following:

commit 350c6d5fadd77145b801df8887284bf4d64fbd19
Author: Ildar Kamalov <i.kamalov@adguard.com>
Date:   Wed Feb 26 15:43:29 2020 +0300

    * client: update translations

commit a884dffcd59f2259e2eee2c1e5a3270819bf8962
Author: Ildar Kamalov <i.kamalov@adguard.com>
Date:   Mon Feb 17 17:32:10 2020 +0300

    + client: handle whitelist filters

commit a586ec5bc614ffb0e01584a1fbdc7292b4865e68
Author: ArtemBaskal <a.baskal@adguard.com>
Date:   Wed Jan 29 18:16:59 2020 +0300

    + client: add whitelist

commit a52c3de62cf2fa34be6394771fb8bb56b4ee81e3
Author: Simon Zolin <s.zolin@adguard.com>
Date:   Thu Feb 20 17:50:44 2020 +0300

    * change /filtering/refresh

commit 7f8f2ecccb9f7fa65318c1717dc6a7bd61afccf4
Author: Simon Zolin <s.zolin@adguard.com>
Date:   Thu Feb 20 16:17:07 2020 +0300

    * fix race-detector issue

commit ac4b64c4a52c5b364a4b154bf18dea0fdf45647f
Author: Simon Zolin <s.zolin@adguard.com>
Date:   Mon Jan 20 20:08:21 2020 +0300

    + whitelist filters
2020-02-26 19:58:25 +03:00
Andrey Meshkov
6c18b71010 *(dnsforward): fix safe search returning nxdomain
 Closes: https://github.com/AdguardTeam/AdGuardHome/issues/1387
2020-02-05 14:30:43 +03:00
Simon Zolin
1a88a63415 Merge: - filtering: fix host rules matching
Close #1365

Squashed commit of the following:

commit 9cbca2d330ae12b222633201f4864abb7f7cd7a3
Merge: 8ce6b015 be93dc34
Author: Simon Zolin <s.zolin@adguard.com>
Date:   Thu Jan 30 19:03:21 2020 +0300

    Merge remote-tracking branch 'origin/master' into 1365-hostrules

commit 8ce6b0151a2b552c4ccb3ee1f7e36ce260ba96ea
Merge: c752ab33 5c814b29
Author: Simon Zolin <s.zolin@adguard.com>
Date:   Thu Jan 30 18:57:20 2020 +0300

    Merge remote-tracking branch 'origin/master' into 1365-hostrules

commit c752ab33b074312f10772467436a27a90339a919
Author: Simon Zolin <s.zolin@adguard.com>
Date:   Thu Jan 30 14:18:58 2020 +0300

    use new Match()

commit ce2f628aca9f934c776c8c690813efeed5d5427b
Author: Simon Zolin <s.zolin@adguard.com>
Date:   Thu Jan 30 12:03:21 2020 +0300

    minor

commit ebebe02a63821fedd3904db384406c30de52d515
Author: Simon Zolin <s.zolin@adguard.com>
Date:   Thu Jan 30 11:21:47 2020 +0300

    * dnsfilter: use new version of urlfilter's Match()

commit 84edc44f2ee5a67316114f048740825259cc87ff
Author: Simon Zolin <s.zolin@adguard.com>
Date:   Fri Jan 24 14:10:41 2020 +0300

    - filtering: fix host rules matching

    Match by both IPv4 and IPv6 rules, not just the first one in list.
2020-01-30 19:06:09 +03:00
Simon Zolin
91c2712366 + clients: support per-client tags 2020-01-28 14:06:52 +03:00
Simon Zolin
6563886b49 Merge: - install: recover from error on DNS server start
Close #1293

Squashed commit of the following:

commit 0981754c5c2c67f2567ee4af0d9ab24377c53413
Merge: ef81f2c8 a6d75118
Author: Simon Zolin <s.zolin@adguard.com>
Date:   Thu Jan 16 14:19:20 2020 +0300

    Merge remote-tracking branch 'origin/master' into 1293-install

commit ef81f2c886f3bfcff4e4352d7ecea6642be7d8e1
Author: Simon Zolin <s.zolin@adguard.com>
Date:   Mon Dec 30 18:32:11 2019 +0300

    linter

commit 9e205be53d9de25bd2ad63398644e14b09f95238
Author: Simon Zolin <s.zolin@adguard.com>
Date:   Mon Dec 30 17:22:17 2019 +0300

    - install: recover from error on DNS server start

    Close all modules properly
    Don't register HTTP handlers twice
2020-01-16 14:25:40 +03:00
Simon Zolin
a6d7511806 Merge: + dns rewrites: support wildcard override
Close #922

Squashed commit of the following:

commit 8ab742d84916a02043989fcfa5fc258e84046205
Merge: 2abde92f e398117d
Author: Simon Zolin <s.zolin@adguard.com>
Date:   Thu Jan 16 12:47:44 2020 +0300

    Merge remote-tracking branch 'origin/master' into 922-rewrites

commit 2abde92fe2d1bdb153787b4ecac60f9744c7fd1a
Author: Simon Zolin <s.zolin@adguard.com>
Date:   Thu Jan 16 12:34:41 2020 +0300

    minor

commit 3c20579cde85967786830d2d1b87cd987fc2ae12
Author: Simon Zolin <s.zolin@adguard.com>
Date:   Fri Jan 10 19:06:53 2020 +0300

    don't change the order of rewrite entry list (apply priority at runtime)

commit 4f658f98011a7e31852c0ce379f2a02738f5614f
Author: Simon Zolin <s.zolin@adguard.com>
Date:   Tue Dec 31 15:21:50 2019 +0300

    minor

commit 9e56b4f3abefe3ff1d19bc61375f31dc55242e52
Author: Simon Zolin <s.zolin@adguard.com>
Date:   Tue Dec 31 15:14:14 2019 +0300

    * remove unused code

commit 4178f025a388eb768914306efa91ffead87e5a0c
Author: Simon Zolin <s.zolin@adguard.com>
Date:   Tue Dec 31 15:13:57 2019 +0300

    + dns rewrites: support wildcard override
2020-01-16 12:51:35 +03:00
Simon Zolin
8d2a9ce923 * dnsfilter: change DNS answer for host rules
When matched by a host rule, return only the IP address specified in rule.
Respond with an empty IP list to another request type.

:: host -- return nothing to A, return :: to AAAA request
0.0.0.0 host -- return 0.0.0.0 to A, return nothing to AAAA request
2020-01-09 19:31:14 +03:00
Andrey Meshkov
b4f4111609 -(dnsfilter): match DNS response against filtering rules only
Supposedly, this will fix #1290
2019-12-23 15:59:49 +03:00
Simon Zolin
8685584bf5 + DNS Rewrites: support wildcard domain name 2019-12-20 16:45:58 +03:00
Simon Zolin
864c91e524 Merge: - DNS: fix security checks via PC/SB services
Squashed commit of the following:

commit e73bc282d77a11c923a86166035f1b44427d7066
Author: Simon Zolin <s.zolin@adguard.com>
Date:   Fri Dec 13 17:17:36 2019 +0300

    fix

commit f8b5c174816c6fd57fb3930cc465318f468fc8ff
Author: Simon Zolin <s.zolin@adguard.com>
Date:   Fri Dec 13 17:03:13 2019 +0300

    fix

commit 9d5483a2fb89a172218547b5ee356e7122dca609
Author: Simon Zolin <s.zolin@adguard.com>
Date:   Fri Dec 13 16:54:30 2019 +0300

    - fix security checks via PC/SB services
2019-12-13 17:42:01 +03:00
Simon Zolin
8dbdf49c32 * use dnsproxy v0.22.0 and urlfilter v0.7.0 2019-12-03 20:55:45 +03:00
Simon Zolin
7f69848084 + dnsfilter: use AG DNS server for SB/PC services
* move SS/SB/PC services to security.go
* remove old useless code (HTTP client)
2019-11-08 10:38:12 +03:00
Simon Zolin
6ba1d857ac * dnsfilter: windows: store rules in memory
* dnsfilter: ignore cosmetic rules
2019-10-22 16:15:51 +03:00
Simon Zolin
a59e346d4a * dnsfilter: major refactoring
* dnsfilter is controlled by package home, not dnsforward
* move HTTP handlers to dnsfilter/
* apply filtering settings without DNS server restart
* use only 1 goroutine for filters update
* apply new filters quickly (after they are ready to be used)
2019-10-09 20:05:21 +03:00
Simon Zolin
adb422fedf filtering: refactor; change API; add "filters_update_interval" setting
+ config: "filters_update_interval"
* add /control/filtering_info
* remove /control/filtering/enable
* remove /control/filtering/disable

* add /control/filtering_config
* remove /control/filtering/status

* add /control/filtering/set_url
* remove /control/filtering/enable_url
* remove /control/filtering/disable_url
2019-09-12 18:38:13 +03:00
Simon Zolin
c616259e8b * dnsfilter: use golibs/cache
+ config: add cache size settings
+ config: add cache_time setting
2019-09-02 19:12:53 +03:00
Andrey Meshkov
c82e93cfc7 -(dnsforward): fixed sigsegv when protection is disabled
Also, fixed all golint issues

 Closes: #941
2019-08-20 00:55:32 +03:00
Simon Zolin
d46ebe1c8b Revert "+ config: add cache size settings"
This reverts commit 81303b5db7.
2019-08-16 15:17:38 +03:00
Simon Zolin
68d5d595b6 Revert "* dnsfilter: use fastcache instead of gcache"
This reverts commit 6f51df7d2e.
2019-08-16 15:17:38 +03:00
Simon Zolin
ccf72b6008 * safebrowsing/parental: split some code
* dnsfilter.CheckHost() doesn't support host="hostname." (with a trailing dot) anymore
2019-08-08 12:11:24 +03:00
Simon Zolin
15d07a40eb * refactor 2019-08-05 14:12:22 +03:00
Simon Zolin
e81a9c7d56 + dnsfilter: use global and per-client BlockedServices array 2019-08-05 14:12:22 +03:00
Simon Zolin
1bb6638db7 + dnsforward: use Rewrites table 2019-07-29 11:48:24 +03:00
Simon Zolin
b66e370ffc * dnsfilter: refactor: a simple approach to convert Reason to string 2019-07-29 11:37:10 +03:00
Simon Zolin
6f51df7d2e * dnsfilter: use fastcache instead of gcache 2019-07-23 17:14:13 +03:00
Simon Zolin
81303b5db7 + config: add cache size settings 2019-07-23 15:57:44 +03:00
Simon Zolin
57c510631e - dnsfilter: fix crash when global setting 'SafeSearch' is off
but per-client setting is on
2019-07-15 12:10:43 +03:00
Simon Zolin
b0cfd7228e - dnsfilter: fix post-install error "filter file not found"
Right after installation we don't have the filter files downloaded.
While they are being downloaded, we replace them with an empty filter.
2019-07-05 17:35:40 +03:00
Simon Zolin
134d9275bb * use urlfilter v0.4.0
Now we pass filtering rules to urlfilter as filer file names,
 rather than the list of rule strings.
(Note: user rules are still passed as the list of rule strings).

As a result, we don't store the contents of filter files in memory.
2019-07-04 14:10:01 +03:00
Simon Zolin
42b76ada9d rename dnsfContext -> dnsFilterContext 2019-06-27 10:48:12 +03:00
Simon Zolin
2307f55715 * dnsfilter: use a single global context object 2019-06-24 19:00:03 +03:00
Andrey Meshkov
082354204b Fix #831
This commit fixes panic when customDialContext fails to resolve the host's address.
2019-06-18 16:18:13 +03:00
Andrey Meshkov
07db927246 Fix #727 - use default parental sensitivity when it's not set 2019-06-06 22:42:17 +03:00
Simon Zolin
3baa6919dc - fix tests and linter issues 2019-05-31 12:27:13 +03:00
Simon Zolin
8bf76c331d + dnsfilter: use callback function for applying per-client settings 2019-05-28 18:44:27 +03:00
Simon Zolin
f23507a554 * dnsfilter: parental/safebrowsing: add setting to switch between HTTP and HTTPS 2019-05-27 18:11:05 +03:00
Simon Zolin
ac8f703407 + dnsforward: support IPv6 (AAAA response)
If question type is AAAA:
 Before this patch we responded with NXDOMAIN.
 Now we send an empty response if host rule is IPv4;
 or we send an AAAA answer if host rule is IPv6.

+ block ipv6 if rule is "0.0.0.0 blockdomain"
2019-05-24 18:08:08 +03:00
Simon Zolin
9ad4bba9ab * dnsfilter: return the correct IP address (host rules) 2019-05-24 18:08:08 +03:00
Simon Zolin
00e1b6ca08 * dnsfilter: use 'https' for safe-browsing and parental control 2019-05-23 17:26:50 +03:00
Simon Zolin
829415da5b * dnsfilter: use urlfilter package
+ new config setting 'filtering_temp_filename'

* remove AddRules(), modify New()
2019-05-17 18:22:57 +03:00
Simon Zolin
3396d68019 * dnsfilter: remove code for filtering rules 2019-05-17 18:22:57 +03:00
Simon Zolin
bd68bf2e25 * dns: rename dnsfilter.Filter.Rule -> dnsfilter.Filter.Data 2019-05-17 18:22:57 +03:00
Simon Zolin
d918e5b418 use maxDialCacheSize constant 2019-05-15 12:03:20 +03:00
Simon Zolin
b3461d37ca rename functions and container 2019-05-13 14:47:55 +03:00
Simon Zolin
24ae61de3e + dnsfilter: cache IP addresses of safebrowsing and parental control servers 2019-05-13 14:16:07 +03:00
Simon Zolin
c4e67690f4 * dnsfilter: don't use global variable for custom resolver function 2019-04-24 12:49:12 +03:00
Simon Zolin
f6023b395e - dnsfilter: prevent recursion when both parental control and safebrowsing are enabled 2019-04-24 12:38:05 +03:00
Aleksey Dmitrevskiy
a860c8e6ff - dnsfilter: fix npe in dnsfilter test 2019-04-23 15:09:23 +03:00
Aleksey Dmitrevskiy
0794704f74 - dnsfilter: fix safesearch issue #268 2019-04-23 15:08:41 +03:00