Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

If multiple whitelist-only groups are defined, blocking of not whitelisted domains does not work #202

Closed
0xERR0R opened this issue May 5, 2021 · 0 comments · Fixed by #199
Closed

If multiple whitelist-only groups are defined, blocking of not whitelisted domains does not work #202

0xERR0R opened this issue May 5, 2021 · 0 comments · Fixed by #199
Labels
🐞 bug Something isn't working
Milestone
v0.15

Comments

@0xERR0R
Copy link
Owner

0xERR0R commented May 5, 2021

Problem

WhitelistOnly is only used, if no more than two whitelists are available or all clients include all whitelists.

Look at the following config snippet. Two Groups are defined, each with their own set of "whitelist" entries.

blocking:
 whiteLists:
   net_one:
      - net_one_whitelist.txt
   net_two:
      - net_two_whitelist.txt
  clientGroupsBlock:
    one-client*:
       - net_one
    two-client*:
       - net_two

clientLookup:
 clients:
   one-client-1:  [127.0.0.1]
   two-client-2:  [127.0.0.2]

If multiple WhitelistOnly groups are defined, then every client, which do NOT include ALL whitelists, can resolve non-whitelist items.
The reflect.DeepEqual() list now contains the check if [net_one] == [net_one, net_two], which will always return false.

Expected Behavior: Both clients are restricted to the defined whitelistOnly domains.

Behavior: None of them have whitelist enabled.

Possible solution

  • if groupsToCheck contains ONE whitelistOnly group, then the client can only lookup whitelisted domains (this is implemented in the PR)
  • if groupsToCheck groups are ALL whitelistOnly group, then the client can only lookup whitelisted domains

I changed the data type from slice to dict for performance reason.

Best regards,
c-f
@0xERR0R 0xERR0R added the 🐞 bug Something isn't working label May 5, 2021
@0xERR0R 0xERR0R added this to the 0.15 milestone May 5, 2021
@0xERR0R 0xERR0R mentioned this issue May 5, 2021
Merged
0xERR0R added a commit that referenced this issue May 5, 2021
@c-f @0xERR0R
#202: WhitelistOnly Fix for multiple entries (#199)
dd69a3e 
* Update blocking_resolver.go

Adjusted WhitelistOnly

* added test

* fixed golint issues

Co-authored-by: Dimitri Herzog <dimitri.herzog@gmail.com>
@0xERR0R 0xERR0R closed this as completed May 5, 2021
@0xERR0R 0xERR0R linked a pull request May 6, 2021 that will close this issue
WhitelistOnly Fix for multiple entries #199
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
🐞 bug Something isn't working
Projects
None yet
Milestone
v0.15
Development

Successfully merging a pull request may close this issue.

WhitelistOnly Fix for multiple entries c-f/blocky
1 participant
@0xERR0R