Merge branch 'master' into 1472-edns-custom-ip

heyxkhoa · Feb 28, 2023 · defdec6 · defdec6
2 parents 1130ebd + a772212
commit defdec6
Show file tree

Hide file tree

Showing 15 changed files with 221 additions and 175 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -23,12 +23,6 @@ See also the [v0.107.26 GitHub milestone][ms-v0.107.26].
 NOTE: Add new changes BELOW THIS COMMENT.
 -->
 
-### Added
-
-- The ability to set custom IP for EDNS Client Subnet by using the new
-  `dns.edns_client_subnet.use_custom` and `dns.edns_client_subnet.custom_ip`
-  fields ([#1472]).  The UI changes are coming in the upcoming releases.
-
 ### Changed
 
 #### Configuration Changes
@@ -60,15 +54,28 @@ In this release, the schema version has changed from 16 to 17.
   `dns.edns_client_subnet.custom_ip`, and change the `schema_version` back to
   `16`.
 
+### Added
+
+- The ability to set custom IP for EDNS Client Subnet by using the new
+  `dns.edns_client_subnet.use_custom` and `dns.edns_client_subnet.custom_ip`
+  fields ([#1472]).  The UI changes are coming in the upcoming releases.
+- The ability to use `dnstype` rules in the disallowed domains list ([#5468]).
+  This allows dropping requests based on their question types.
+
 ### Fixed
 
+- Automatic update on MIPS64 and little-endian 32-bit MIPS architectures
+  ([#5270], [#5373]).
 - Requirements to domain names in domain-specific upstream configurations have
   been relaxed to meet those from [RFC 3696][rfc3696] ([#4884]).
 - Failing service installation via script on FreeBSD ([#5431]).
 
 [#1472]: https://github.com/AdguardTeam/AdGuardHome/issues/1472
 [#4884]: https://github.com/AdguardTeam/AdGuardHome/issues/4884
+[#5270]: https://github.com/AdguardTeam/AdGuardHome/issues/5270
+[#5373]: https://github.com/AdguardTeam/AdGuardHome/issues/5373
 [#5431]: https://github.com/AdguardTeam/AdGuardHome/issues/5431
+[#5468]: https://github.com/AdguardTeam/AdGuardHome/issues/5468
 
 [rfc3696]: https://datatracker.ietf.org/doc/html/rfc3696
 

diff --git a/internal/dnsforward/access.go b/internal/dnsforward/access.go
@@ -13,6 +13,7 @@ import (
 	"github.com/AdguardTeam/golibs/stringutil"
 	"github.com/AdguardTeam/urlfilter"
 	"github.com/AdguardTeam/urlfilter/filterlist"
+	"github.com/AdguardTeam/urlfilter/rules"
 )
 
 // unit is a convenient alias for struct{}
@@ -127,8 +128,12 @@ func (a *accessManager) isBlockedClientID(id string) (ok bool) {
 }
 
 // isBlockedHost returns true if host should be blocked.
-func (a *accessManager) isBlockedHost(host string) (ok bool) {
-	_, ok = a.blockedHostsEng.Match(strings.ToLower(host))
+func (a *accessManager) isBlockedHost(host string, qt rules.RRType) (ok bool) {
+	_, ok = a.blockedHostsEng.MatchRequest(&urlfilter.DNSRequest{
+		Hostname: host,
+		ClientIP: "0.0.0.0",
+		DNSType:  qt,
+	})
 
 	return ok
 }

diff --git a/internal/dnsforward/access_test.go b/internal/dnsforward/access_test.go
@@ -4,6 +4,8 @@ import (
 	"net/netip"
 	"testing"
 
+	"github.com/AdguardTeam/urlfilter/rules"
+	"github.com/miekg/dns"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 )
@@ -28,54 +30,75 @@ func TestIsBlockedHost(t *testing.T) {
 		"host1",
 		"*.host.com",
 		"||host3.com^",
+		"||*^$dnstype=HTTPS",
 	})
 	require.NoError(t, err)
 
 	testCases := []struct {
+		want assert.BoolAssertionFunc
 		name string
 		host string
-		want bool
+		qt   rules.RRType
 	}{{
+		want: assert.True,
 		name: "plain_match",
 		host: "host1",
-		want: true,
+		qt:   dns.TypeA,
 	}, {
+		want: assert.False,
 		name: "plain_mismatch",
 		host: "host2",
-		want: false,
+		qt:   dns.TypeA,
 	}, {
+		want: assert.True,
 		name: "subdomain_match_short",
 		host: "asdf.host.com",
-		want: true,
+		qt:   dns.TypeA,
 	}, {
+		want: assert.True,
 		name: "subdomain_match_long",
 		host: "qwer.asdf.host.com",
-		want: true,
+		qt:   dns.TypeA,
 	}, {
+		want: assert.False,
 		name: "subdomain_mismatch_no_lead",
 		host: "host.com",
-		want: false,
+		qt:   dns.TypeA,
 	}, {
+		want: assert.False,
 		name: "subdomain_mismatch_bad_asterisk",
 		host: "asdf.zhost.com",
-		want: false,
+		qt:   dns.TypeA,
 	}, {
+		want: assert.True,
 		name: "rule_match_simple",
 		host: "host3.com",
-		want: true,
+		qt:   dns.TypeA,
 	}, {
+		want: assert.True,
 		name: "rule_match_complex",
 		host: "asdf.host3.com",
-		want: true,
+		qt:   dns.TypeA,
 	}, {
+		want: assert.False,
 		name: "rule_mismatch",
 		host: ".host3.com",
-		want: false,
+		qt:   dns.TypeA,
+	}, {
+		want: assert.True,
+		name: "by_qtype",
+		host: "site-with-https-record.example",
+		qt:   dns.TypeHTTPS,
+	}, {
+		want: assert.False,
+		name: "by_qtype_other",
+		host: "site-with-https-record.example",
+		qt:   dns.TypeA,
 	}}
 
 	for _, tc := range testCases {
 		t.Run(tc.name, func(t *testing.T) {
-			assert.Equal(t, tc.want, a.isBlockedHost(tc.host))
+			tc.want(t, a.isBlockedHost(tc.host, tc.qt))
 		})
 	}
 }
@@ -93,29 +116,29 @@ func TestIsBlockedIP(t *testing.T) {
 	require.NoError(t, err)
 
 	testCases := []struct {
+		ip          netip.Addr
 		name        string
 		wantRule    string
-		ip          netip.Addr
 		wantBlocked bool
 	}{{
+		ip:          netip.MustParseAddr("1.2.3.4"),
 		name:        "match_ip",
 		wantRule:    "1.2.3.4",
-		ip:          netip.MustParseAddr("1.2.3.4"),
 		wantBlocked: true,
 	}, {
+		ip:          netip.MustParseAddr("5.6.7.100"),
 		name:        "match_cidr",
 		wantRule:    "5.6.7.8/24",
-		ip:          netip.MustParseAddr("5.6.7.100"),
 		wantBlocked: true,
 	}, {
+		ip:          netip.MustParseAddr("9.2.3.4"),
 		name:        "no_match_ip",
 		wantRule:    "",
-		ip:          netip.MustParseAddr("9.2.3.4"),
 		wantBlocked: false,
 	}, {
+		ip:          netip.MustParseAddr("9.6.7.100"),
 		name:        "no_match_cidr",
 		wantRule:    "",
-		ip:          netip.MustParseAddr("9.6.7.100"),
 		wantBlocked: false,
 	}}
 

diff --git a/internal/dnsforward/filter.go b/internal/dnsforward/filter.go
@@ -31,9 +31,11 @@ func (s *Server) beforeRequestHandler(
 	}
 
 	if len(pctx.Req.Question) == 1 {
-		host := strings.TrimSuffix(pctx.Req.Question[0].Name, ".")
-		if s.access.isBlockedHost(host) {
-			log.Debug("host %s is in access blocklist", host)
+		q := pctx.Req.Question[0]
+		qt := q.Qtype
+		host := strings.TrimSuffix(q.Name, ".")
+		if s.access.isBlockedHost(host, qt) {
+			log.Debug("request %s %s is in access blocklist", dns.Type(qt), host)
 
 			return s.preBlockedResponse(pctx)
 		}

diff --git a/internal/home/controlupdate.go b/internal/home/controlupdate.go
@@ -98,7 +98,7 @@ func requestVersionInfo(resp *versionResponse, recheck bool) (err error) {
 	if err != nil {
 		vcu := Context.updater.VersionCheckURL()
 
-		return fmt.Errorf("getting version info from %s: %s", vcu, err)
+		return fmt.Errorf("getting version info from %s: %w", vcu, err)
 	}
 
 	return nil

diff --git a/internal/querylog/decode.go b/internal/querylog/decode.go
@@ -247,55 +247,20 @@ var resultHandlers = map[string]logEntryHandler{
 }
 
 func decodeResultRuleKey(key string, i int, dec *json.Decoder, ent *logEntry) {
+	var vToken json.Token
 	switch key {
 	case "FilterListID":
-		vToken, err := dec.Token()
-		if err != nil {
-			if err != io.EOF {
-				log.Debug("decodeResultRuleKey %s err: %s", key, err)
-			}
-
-			return
-		}
-
-		if len(ent.Result.Rules) < i+1 {
-			ent.Result.Rules = append(ent.Result.Rules, &filtering.ResultRule{})
-		}
-
+		ent.Result.Rules, vToken = decodeVTokenAndAddRule(key, i, dec, ent.Result.Rules)
 		if n, ok := vToken.(json.Number); ok {
 			ent.Result.Rules[i].FilterListID, _ = n.Int64()
 		}
 	case "IP":
-		vToken, err := dec.Token()
-		if err != nil {
-			if err != io.EOF {
-				log.Debug("decodeResultRuleKey %s err: %s", key, err)
-			}
-
-			return
-		}
-
-		if len(ent.Result.Rules) < i+1 {
-			ent.Result.Rules = append(ent.Result.Rules, &filtering.ResultRule{})
-		}
-
+		ent.Result.Rules, vToken = decodeVTokenAndAddRule(key, i, dec, ent.Result.Rules)
 		if ipStr, ok := vToken.(string); ok {
 			ent.Result.Rules[i].IP = net.ParseIP(ipStr)
 		}
 	case "Text":
-		vToken, err := dec.Token()
-		if err != nil {
-			if err != io.EOF {
-				log.Debug("decodeResultRuleKey %s err: %s", key, err)
-			}
-
-			return
-		}
-
-		if len(ent.Result.Rules) < i+1 {
-			ent.Result.Rules = append(ent.Result.Rules, &filtering.ResultRule{})
-		}
-
+		ent.Result.Rules, vToken = decodeVTokenAndAddRule(key, i, dec, ent.Result.Rules)
 		if s, ok := vToken.(string); ok {
 			ent.Result.Rules[i].Text = s
 		}
@@ -304,6 +269,30 @@ func decodeResultRuleKey(key string, i int, dec *json.Decoder, ent *logEntry) {
 	}
 }
 
+func decodeVTokenAndAddRule(
+	key string,
+	i int,
+	dec *json.Decoder,
+	rules []*filtering.ResultRule,
+) (newRules []*filtering.ResultRule, vToken json.Token) {
+	newRules = rules
+
+	vToken, err := dec.Token()
+	if err != nil {
+		if err != io.EOF {
+			log.Debug("decodeResultRuleKey %s err: %s", key, err)
+		}
+
+		return newRules, nil
+	}
+
+	if len(rules) < i+1 {
+		newRules = append(newRules, &filtering.ResultRule{})
+	}
+
+	return newRules, vToken
+}
+
 func decodeResultRules(dec *json.Decoder, ent *logEntry) {
 	for {
 		delimToken, err := dec.Token()

diff --git a/internal/querylog/http.go b/internal/querylog/http.go
@@ -54,10 +54,7 @@ func (l *queryLog) handleQueryLog(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	// search for the log entries
 	entries, oldest := l.search(params)
-
-	// convert log entries to JSON
 	data := l.entriesToJSON(entries, oldest)
 
 	_ = aghhttp.WriteJSONResponse(w, r, data)