2020-11-16 16:45:31 +00:00
|
|
|
package dnsforward
|
|
|
|
|
|
|
|
import (
|
2021-04-07 18:16:06 +01:00
|
|
|
"bytes"
|
|
|
|
"encoding/json"
|
2021-05-21 12:55:42 +01:00
|
|
|
"io"
|
2021-02-04 17:35:13 +00:00
|
|
|
"net"
|
2020-11-16 16:45:31 +00:00
|
|
|
"net/http"
|
|
|
|
"net/http/httptest"
|
2022-12-05 14:24:32 +00:00
|
|
|
"net/netip"
|
|
|
|
"net/url"
|
2021-04-07 18:16:06 +01:00
|
|
|
"os"
|
|
|
|
"path/filepath"
|
2021-04-13 11:44:29 +01:00
|
|
|
"strings"
|
2020-11-16 16:45:31 +00:00
|
|
|
"testing"
|
2023-06-30 10:41:10 +01:00
|
|
|
"testing/fstest"
|
2022-12-05 14:24:32 +00:00
|
|
|
"time"
|
2020-11-16 16:45:31 +00:00
|
|
|
|
2022-10-03 16:08:05 +01:00
|
|
|
"github.com/AdguardTeam/AdGuardHome/internal/aghhttp"
|
2021-06-01 12:28:34 +01:00
|
|
|
"github.com/AdguardTeam/AdGuardHome/internal/aghnet"
|
2023-06-30 10:41:10 +01:00
|
|
|
"github.com/AdguardTeam/AdGuardHome/internal/aghtest"
|
2021-05-21 14:15:47 +01:00
|
|
|
"github.com/AdguardTeam/AdGuardHome/internal/filtering"
|
2023-04-07 12:21:37 +01:00
|
|
|
"github.com/AdguardTeam/golibs/httphdr"
|
2022-03-18 10:37:27 +00:00
|
|
|
"github.com/AdguardTeam/golibs/netutil"
|
2021-10-22 09:58:18 +01:00
|
|
|
"github.com/AdguardTeam/golibs/testutil"
|
2022-12-05 14:24:32 +00:00
|
|
|
"github.com/miekg/dns"
|
2020-11-16 16:45:31 +00:00
|
|
|
"github.com/stretchr/testify/assert"
|
2021-03-11 14:32:58 +00:00
|
|
|
"github.com/stretchr/testify/require"
|
2020-11-16 16:45:31 +00:00
|
|
|
)
|
|
|
|
|
2023-10-05 13:26:19 +01:00
|
|
|
// emptySysResolvers is an empty [SystemResolvers] implementation that always
|
|
|
|
// returns nil.
|
|
|
|
type emptySysResolvers struct{}
|
2021-06-01 12:28:34 +01:00
|
|
|
|
2023-10-05 13:26:19 +01:00
|
|
|
// Addrs implements the aghnet.SystemResolvers interface for emptySysResolvers.
|
|
|
|
func (emptySysResolvers) Addrs() (addrs []netip.AddrPort) {
|
2021-06-01 12:28:34 +01:00
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
2022-08-03 12:36:18 +01:00
|
|
|
func loadTestData(t *testing.T, casesFileName string, cases any) {
|
2021-04-07 18:16:06 +01:00
|
|
|
t.Helper()
|
|
|
|
|
|
|
|
var f *os.File
|
|
|
|
f, err := os.Open(filepath.Join("testdata", casesFileName))
|
|
|
|
require.NoError(t, err)
|
2021-10-22 09:58:18 +01:00
|
|
|
testutil.CleanupAndRequireSuccess(t, f.Close)
|
2021-04-07 18:16:06 +01:00
|
|
|
|
|
|
|
err = json.NewDecoder(f).Decode(cases)
|
|
|
|
require.NoError(t, err)
|
|
|
|
}
|
|
|
|
|
2023-10-27 18:18:29 +01:00
|
|
|
const (
|
|
|
|
jsonExt = ".json"
|
|
|
|
|
|
|
|
// testBlockedRespTTL is the TTL for blocked responses to use in tests.
|
|
|
|
testBlockedRespTTL = 10
|
|
|
|
)
|
2021-04-07 18:16:06 +01:00
|
|
|
|
2021-07-14 19:03:56 +01:00
|
|
|
func TestDNSForwardHTTP_handleGetConfig(t *testing.T) {
|
2021-05-21 14:15:47 +01:00
|
|
|
filterConf := &filtering.Config{
|
2023-08-30 16:26:02 +01:00
|
|
|
ProtectionEnabled: true,
|
|
|
|
BlockingMode: filtering.BlockingModeDefault,
|
2023-10-27 18:18:29 +01:00
|
|
|
BlockedResponseTTL: testBlockedRespTTL,
|
2021-02-04 17:35:13 +00:00
|
|
|
SafeBrowsingEnabled: true,
|
|
|
|
SafeBrowsingCacheSize: 1000,
|
2023-03-15 11:31:07 +00:00
|
|
|
SafeSearchConf: filtering.SafeSearchConfig{Enabled: true},
|
2021-02-04 17:35:13 +00:00
|
|
|
SafeSearchCacheSize: 1000,
|
|
|
|
ParentalCacheSize: 1000,
|
|
|
|
CacheTime: 30,
|
|
|
|
}
|
|
|
|
forwardConf := ServerConfig{
|
2021-03-23 09:32:07 +00:00
|
|
|
UDPListenAddrs: []*net.UDPAddr{},
|
|
|
|
TCPListenAddrs: []*net.TCPAddr{},
|
2023-08-30 16:26:02 +01:00
|
|
|
Config: Config{
|
2023-11-15 16:27:13 +00:00
|
|
|
UpstreamDNS: []string{"8.8.8.8:53", "8.8.4.4:53"},
|
|
|
|
FallbackDNS: []string{"9.9.9.10"},
|
|
|
|
RatelimitSubnetLenIPv4: 24,
|
|
|
|
RatelimitSubnetLenIPv6: 56,
|
|
|
|
EDNSClientSubnet: &EDNSClientSubnet{Enabled: false},
|
2021-02-04 17:35:13 +00:00
|
|
|
},
|
|
|
|
ConfigModified: func() {},
|
|
|
|
}
|
2021-04-09 19:01:21 +01:00
|
|
|
s := createTestServer(t, filterConf, forwardConf, nil)
|
2023-10-05 13:26:19 +01:00
|
|
|
s.sysResolvers = &emptySysResolvers{}
|
2021-06-01 12:28:34 +01:00
|
|
|
|
2021-10-22 09:58:18 +01:00
|
|
|
require.NoError(t, s.Start())
|
|
|
|
testutil.CleanupAndRequireSuccess(t, s.Stop)
|
2020-11-16 16:45:31 +00:00
|
|
|
|
|
|
|
defaultConf := s.conf
|
|
|
|
|
|
|
|
w := httptest.NewRecorder()
|
|
|
|
|
|
|
|
testCases := []struct {
|
|
|
|
conf func() ServerConfig
|
2021-04-07 18:16:06 +01:00
|
|
|
name string
|
2020-11-16 16:45:31 +00:00
|
|
|
}{{
|
|
|
|
conf: func() ServerConfig {
|
|
|
|
return defaultConf
|
|
|
|
},
|
2021-04-07 18:16:06 +01:00
|
|
|
name: "all_right",
|
2020-11-16 16:45:31 +00:00
|
|
|
}, {
|
|
|
|
conf: func() ServerConfig {
|
|
|
|
conf := defaultConf
|
|
|
|
conf.FastestAddr = true
|
2021-02-04 17:35:13 +00:00
|
|
|
|
2020-11-16 16:45:31 +00:00
|
|
|
return conf
|
|
|
|
},
|
2021-04-07 18:16:06 +01:00
|
|
|
name: "fastest_addr",
|
2020-11-16 16:45:31 +00:00
|
|
|
}, {
|
|
|
|
conf: func() ServerConfig {
|
|
|
|
conf := defaultConf
|
|
|
|
conf.AllServers = true
|
2021-02-04 17:35:13 +00:00
|
|
|
|
2020-11-16 16:45:31 +00:00
|
|
|
return conf
|
|
|
|
},
|
2021-04-07 18:16:06 +01:00
|
|
|
name: "parallel",
|
2020-11-16 16:45:31 +00:00
|
|
|
}}
|
|
|
|
|
2021-04-07 18:16:06 +01:00
|
|
|
var data map[string]json.RawMessage
|
|
|
|
loadTestData(t, t.Name()+jsonExt, &data)
|
|
|
|
|
2020-11-16 16:45:31 +00:00
|
|
|
for _, tc := range testCases {
|
2021-04-07 18:16:06 +01:00
|
|
|
caseWant, ok := data[tc.name]
|
|
|
|
require.True(t, ok)
|
|
|
|
|
2020-11-16 16:45:31 +00:00
|
|
|
t.Run(tc.name, func(t *testing.T) {
|
2021-03-11 14:32:58 +00:00
|
|
|
t.Cleanup(w.Body.Reset)
|
|
|
|
|
2020-11-16 16:45:31 +00:00
|
|
|
s.conf = tc.conf()
|
|
|
|
s.handleGetConfig(w, nil)
|
|
|
|
|
2023-04-07 12:21:37 +01:00
|
|
|
cType := w.Header().Get(httphdr.ContentType)
|
2022-10-03 16:08:05 +01:00
|
|
|
assert.Equal(t, aghhttp.HdrValApplicationJSON, cType)
|
2021-04-07 18:16:06 +01:00
|
|
|
assert.JSONEq(t, string(caseWant), w.Body.String())
|
2020-11-16 16:45:31 +00:00
|
|
|
})
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2021-07-14 19:03:56 +01:00
|
|
|
func TestDNSForwardHTTP_handleSetConfig(t *testing.T) {
|
2021-05-21 14:15:47 +01:00
|
|
|
filterConf := &filtering.Config{
|
2023-08-30 16:26:02 +01:00
|
|
|
ProtectionEnabled: true,
|
|
|
|
BlockingMode: filtering.BlockingModeDefault,
|
2023-10-27 18:18:29 +01:00
|
|
|
BlockedResponseTTL: testBlockedRespTTL,
|
2021-02-04 17:35:13 +00:00
|
|
|
SafeBrowsingEnabled: true,
|
|
|
|
SafeBrowsingCacheSize: 1000,
|
2023-03-15 11:31:07 +00:00
|
|
|
SafeSearchConf: filtering.SafeSearchConfig{Enabled: true},
|
2021-02-04 17:35:13 +00:00
|
|
|
SafeSearchCacheSize: 1000,
|
|
|
|
ParentalCacheSize: 1000,
|
|
|
|
CacheTime: 30,
|
|
|
|
}
|
|
|
|
forwardConf := ServerConfig{
|
2021-03-23 09:32:07 +00:00
|
|
|
UDPListenAddrs: []*net.UDPAddr{},
|
|
|
|
TCPListenAddrs: []*net.TCPAddr{},
|
2023-08-30 16:26:02 +01:00
|
|
|
Config: Config{
|
2023-11-15 16:27:13 +00:00
|
|
|
UpstreamDNS: []string{"8.8.8.8:53", "8.8.4.4:53"},
|
|
|
|
RatelimitSubnetLenIPv4: 24,
|
|
|
|
RatelimitSubnetLenIPv6: 56,
|
|
|
|
EDNSClientSubnet: &EDNSClientSubnet{Enabled: false},
|
2021-02-04 17:35:13 +00:00
|
|
|
},
|
|
|
|
ConfigModified: func() {},
|
|
|
|
}
|
2021-04-09 19:01:21 +01:00
|
|
|
s := createTestServer(t, filterConf, forwardConf, nil)
|
2023-10-05 13:26:19 +01:00
|
|
|
s.sysResolvers = &emptySysResolvers{}
|
2020-11-16 16:45:31 +00:00
|
|
|
|
|
|
|
defaultConf := s.conf
|
|
|
|
|
|
|
|
err := s.Start()
|
2021-10-22 09:58:18 +01:00
|
|
|
assert.NoError(t, err)
|
|
|
|
testutil.CleanupAndRequireSuccess(t, s.Stop)
|
2020-11-16 16:45:31 +00:00
|
|
|
|
|
|
|
w := httptest.NewRecorder()
|
|
|
|
|
|
|
|
testCases := []struct {
|
|
|
|
name string
|
|
|
|
wantSet string
|
|
|
|
}{{
|
|
|
|
name: "upstream_dns",
|
|
|
|
wantSet: "",
|
|
|
|
}, {
|
|
|
|
name: "bootstraps",
|
|
|
|
wantSet: "",
|
|
|
|
}, {
|
|
|
|
name: "blocking_mode_good",
|
|
|
|
wantSet: "",
|
|
|
|
}, {
|
2023-11-15 16:27:13 +00:00
|
|
|
name: "blocking_mode_bad",
|
|
|
|
wantSet: "validating dns config: " +
|
|
|
|
"blocking_ipv4 must be valid ipv4 on custom_ip blocking_mode",
|
2020-11-16 16:45:31 +00:00
|
|
|
}, {
|
|
|
|
name: "ratelimit",
|
|
|
|
wantSet: "",
|
2023-11-15 16:27:13 +00:00
|
|
|
}, {
|
|
|
|
name: "ratelimit_subnet_len",
|
|
|
|
wantSet: "",
|
|
|
|
}, {
|
|
|
|
name: "ratelimit_whitelist_not_ip",
|
|
|
|
wantSet: `validating dns config: ratelimit whitelist: at index 1: ParseAddr("not.ip"): ` +
|
|
|
|
`unexpected character (at "not.ip")`,
|
2020-11-16 16:45:31 +00:00
|
|
|
}, {
|
|
|
|
name: "edns_cs_enabled",
|
|
|
|
wantSet: "",
|
2023-03-22 10:42:20 +00:00
|
|
|
}, {
|
|
|
|
name: "edns_cs_use_custom",
|
|
|
|
wantSet: "",
|
|
|
|
}, {
|
|
|
|
name: "edns_cs_use_custom_bad_ip",
|
|
|
|
wantSet: "decoding request: ParseAddr(\"bad.ip\"): unexpected character (at \"bad.ip\")",
|
2020-11-16 16:45:31 +00:00
|
|
|
}, {
|
|
|
|
name: "dnssec_enabled",
|
|
|
|
wantSet: "",
|
|
|
|
}, {
|
|
|
|
name: "cache_size",
|
|
|
|
wantSet: "",
|
|
|
|
}, {
|
|
|
|
name: "upstream_mode_parallel",
|
|
|
|
wantSet: "",
|
|
|
|
}, {
|
|
|
|
name: "upstream_mode_fastest_addr",
|
|
|
|
wantSet: "",
|
|
|
|
}, {
|
2023-11-15 16:27:13 +00:00
|
|
|
name: "upstream_dns_bad",
|
|
|
|
wantSet: `validating dns config: ` +
|
|
|
|
`upstream servers: validating upstream "!!!": not an ip:port`,
|
2020-11-16 16:45:31 +00:00
|
|
|
}, {
|
2021-04-13 11:44:29 +01:00
|
|
|
name: "bootstraps_bad",
|
2023-11-16 11:05:10 +00:00
|
|
|
wantSet: `validating dns config: checking bootstrap a: invalid address: not a bootstrap: ` +
|
2023-04-18 15:52:22 +01:00
|
|
|
`ParseAddr("a"): unable to parse IP`,
|
2020-11-16 16:45:31 +00:00
|
|
|
}, {
|
|
|
|
name: "cache_bad_ttl",
|
2023-11-15 16:27:13 +00:00
|
|
|
wantSet: `validating dns config: cache_ttl_min must be less or equal than cache_ttl_max`,
|
2020-11-16 16:45:31 +00:00
|
|
|
}, {
|
|
|
|
name: "upstream_mode_bad",
|
2023-11-15 16:27:13 +00:00
|
|
|
wantSet: `validating dns config: upstream_mode: incorrect value "somethingelse"`,
|
2021-04-07 18:16:06 +01:00
|
|
|
}, {
|
|
|
|
name: "local_ptr_upstreams_good",
|
|
|
|
wantSet: "",
|
2022-02-14 13:56:14 +00:00
|
|
|
}, {
|
|
|
|
name: "local_ptr_upstreams_bad",
|
2023-11-15 16:27:13 +00:00
|
|
|
wantSet: `validating dns config: ` +
|
|
|
|
`private upstream servers: checking domain-specific upstreams: ` +
|
2023-03-17 14:10:33 +00:00
|
|
|
`bad arpa domain name "non.arpa.": not a reversed ip network`,
|
2021-04-07 18:16:06 +01:00
|
|
|
}, {
|
|
|
|
name: "local_ptr_upstreams_null",
|
|
|
|
wantSet: "",
|
2023-08-30 11:21:31 +01:00
|
|
|
}, {
|
|
|
|
name: "fallbacks",
|
|
|
|
wantSet: "",
|
2023-09-13 11:58:12 +01:00
|
|
|
}, {
|
|
|
|
name: "blocked_response_ttl",
|
|
|
|
wantSet: "",
|
2023-10-27 18:18:29 +01:00
|
|
|
}, {
|
|
|
|
name: "multiple_domain_specific_upstreams",
|
|
|
|
wantSet: "",
|
2020-11-16 16:45:31 +00:00
|
|
|
}}
|
|
|
|
|
2021-04-07 18:16:06 +01:00
|
|
|
var data map[string]struct {
|
|
|
|
Req json.RawMessage `json:"req"`
|
|
|
|
Want json.RawMessage `json:"want"`
|
|
|
|
}
|
2023-03-22 10:42:20 +00:00
|
|
|
|
|
|
|
testData := t.Name() + jsonExt
|
|
|
|
loadTestData(t, testData, &data)
|
2021-04-07 18:16:06 +01:00
|
|
|
|
2020-11-16 16:45:31 +00:00
|
|
|
for _, tc := range testCases {
|
2023-03-22 10:42:20 +00:00
|
|
|
// NOTE: Do not use require.Contains, because the size of the data
|
|
|
|
// prevents it from printing a meaningful error message.
|
2021-04-07 18:16:06 +01:00
|
|
|
caseData, ok := data[tc.name]
|
2023-03-22 10:42:20 +00:00
|
|
|
require.Truef(t, ok, "%q does not contain test data for test case %s", testData, tc.name)
|
2021-04-07 18:16:06 +01:00
|
|
|
|
2020-11-16 16:45:31 +00:00
|
|
|
t.Run(tc.name, func(t *testing.T) {
|
2023-03-01 13:16:16 +00:00
|
|
|
t.Cleanup(func() {
|
2023-09-04 15:18:43 +01:00
|
|
|
s.dnsFilter.SetBlockingMode(filtering.BlockingModeDefault, netip.Addr{}, netip.Addr{})
|
2023-03-01 13:16:16 +00:00
|
|
|
s.conf = defaultConf
|
2023-08-30 16:26:02 +01:00
|
|
|
s.conf.Config.EDNSClientSubnet = &EDNSClientSubnet{}
|
2023-10-27 18:18:29 +01:00
|
|
|
s.dnsFilter.SetBlockedResponseTTL(testBlockedRespTTL)
|
2023-03-01 13:16:16 +00:00
|
|
|
})
|
2021-03-11 14:32:58 +00:00
|
|
|
|
2021-05-21 12:55:42 +01:00
|
|
|
rBody := io.NopCloser(bytes.NewReader(caseData.Req))
|
2021-03-11 18:30:52 +00:00
|
|
|
var r *http.Request
|
|
|
|
r, err = http.NewRequest(http.MethodPost, "http://example.com", rBody)
|
2021-10-22 09:58:18 +01:00
|
|
|
require.NoError(t, err)
|
2020-11-16 16:45:31 +00:00
|
|
|
|
|
|
|
s.handleSetConfig(w, r)
|
2021-04-13 11:44:29 +01:00
|
|
|
assert.Equal(t, tc.wantSet, strings.TrimSuffix(w.Body.String(), "\n"))
|
2020-11-16 16:45:31 +00:00
|
|
|
w.Body.Reset()
|
|
|
|
|
|
|
|
s.handleGetConfig(w, nil)
|
2021-04-07 18:16:06 +01:00
|
|
|
assert.JSONEq(t, string(caseData.Want), w.Body.String())
|
2020-11-16 16:45:31 +00:00
|
|
|
w.Body.Reset()
|
|
|
|
})
|
|
|
|
}
|
|
|
|
}
|
2021-04-07 14:36:38 +01:00
|
|
|
|
2021-07-29 15:40:31 +01:00
|
|
|
func TestIsCommentOrEmpty(t *testing.T) {
|
2022-01-13 12:05:44 +00:00
|
|
|
for _, tc := range []struct {
|
|
|
|
want assert.BoolAssertionFunc
|
|
|
|
str string
|
|
|
|
}{{
|
|
|
|
want: assert.True,
|
|
|
|
str: "",
|
|
|
|
}, {
|
|
|
|
want: assert.True,
|
|
|
|
str: "# comment",
|
|
|
|
}, {
|
|
|
|
want: assert.False,
|
|
|
|
str: "1.2.3.4",
|
|
|
|
}} {
|
|
|
|
tc.want(t, IsCommentOrEmpty(tc.str))
|
|
|
|
}
|
2021-07-29 15:40:31 +01:00
|
|
|
}
|
|
|
|
|
2022-02-14 13:56:14 +00:00
|
|
|
func TestValidateUpstreams(t *testing.T) {
|
2023-06-30 10:41:10 +01:00
|
|
|
const sdnsStamp = `sdns://AQMAAAAAAAAAFDE3Ni4xMDMuMTMwLjEzMDo1NDQzINErR_J` +
|
|
|
|
`S3PLCu_iZEIbq95zkSV2LFsigxDIuUso_OQhzIjIuZG5zY3J5cHQuZGVmYXVsdC5uczE` +
|
|
|
|
`uYWRndWFyZC5jb20`
|
|
|
|
|
2021-04-07 14:36:38 +01:00
|
|
|
testCases := []struct {
|
|
|
|
name string
|
2022-01-13 12:05:44 +00:00
|
|
|
wantErr string
|
2021-04-07 14:36:38 +01:00
|
|
|
set []string
|
|
|
|
}{{
|
|
|
|
name: "empty",
|
2022-01-13 12:05:44 +00:00
|
|
|
wantErr: ``,
|
2021-04-07 14:36:38 +01:00
|
|
|
set: nil,
|
|
|
|
}, {
|
|
|
|
name: "comment",
|
2022-01-13 12:05:44 +00:00
|
|
|
wantErr: ``,
|
2021-04-07 14:36:38 +01:00
|
|
|
set: []string{"# comment"},
|
|
|
|
}, {
|
2022-07-29 17:27:15 +01:00
|
|
|
name: "no_default",
|
2022-01-13 12:05:44 +00:00
|
|
|
wantErr: `no default upstreams specified`,
|
2021-04-07 14:36:38 +01:00
|
|
|
set: []string{
|
|
|
|
"[/host.com/]1.1.1.1",
|
|
|
|
"[//]tls://1.1.1.1",
|
|
|
|
"[/www.host.com/]#",
|
|
|
|
"[/host.com/google.com/]8.8.8.8",
|
2023-06-30 10:41:10 +01:00
|
|
|
"[/host/]" + sdnsStamp,
|
2021-04-07 14:36:38 +01:00
|
|
|
},
|
|
|
|
}, {
|
2022-07-29 17:27:15 +01:00
|
|
|
name: "with_default",
|
2022-01-13 12:05:44 +00:00
|
|
|
wantErr: ``,
|
2021-04-07 14:36:38 +01:00
|
|
|
set: []string{
|
|
|
|
"[/host.com/]1.1.1.1",
|
|
|
|
"[//]tls://1.1.1.1",
|
|
|
|
"[/www.host.com/]#",
|
|
|
|
"[/host.com/google.com/]8.8.8.8",
|
2023-06-30 10:41:10 +01:00
|
|
|
"[/host/]" + sdnsStamp,
|
2021-04-07 14:36:38 +01:00
|
|
|
"8.8.8.8",
|
|
|
|
},
|
|
|
|
}, {
|
|
|
|
name: "invalid",
|
2022-10-21 18:42:00 +01:00
|
|
|
wantErr: `validating upstream "dhcp://fake.dns": bad protocol "dhcp"`,
|
2021-04-07 14:36:38 +01:00
|
|
|
set: []string{"dhcp://fake.dns"},
|
2022-07-29 17:27:15 +01:00
|
|
|
}, {
|
|
|
|
name: "invalid",
|
2022-10-21 18:42:00 +01:00
|
|
|
wantErr: `validating upstream "1.2.3.4.5": not an ip:port`,
|
2022-07-29 17:27:15 +01:00
|
|
|
set: []string{"1.2.3.4.5"},
|
|
|
|
}, {
|
|
|
|
name: "invalid",
|
2022-10-21 18:42:00 +01:00
|
|
|
wantErr: `validating upstream "123.3.7m": not an ip:port`,
|
2022-07-29 17:27:15 +01:00
|
|
|
set: []string{"123.3.7m"},
|
|
|
|
}, {
|
2023-06-30 10:41:10 +01:00
|
|
|
name: "invalid",
|
|
|
|
wantErr: `bad upstream for domain "[/host.com]tls://dns.adguard.com": ` +
|
|
|
|
`missing separator`,
|
|
|
|
set: []string{"[/host.com]tls://dns.adguard.com"},
|
2022-07-29 17:27:15 +01:00
|
|
|
}, {
|
|
|
|
name: "invalid",
|
2022-10-21 18:42:00 +01:00
|
|
|
wantErr: `validating upstream "[host.ru]#": not an ip:port`,
|
2022-07-29 17:27:15 +01:00
|
|
|
set: []string{"[host.ru]#"},
|
|
|
|
}, {
|
|
|
|
name: "valid_default",
|
|
|
|
wantErr: ``,
|
|
|
|
set: []string{
|
|
|
|
"1.1.1.1",
|
|
|
|
"tls://1.1.1.1",
|
|
|
|
"https://dns.adguard.com/dns-query",
|
2023-06-30 10:41:10 +01:00
|
|
|
sdnsStamp,
|
2022-07-29 17:27:15 +01:00
|
|
|
"udp://dns.google",
|
|
|
|
"udp://8.8.8.8",
|
|
|
|
"[/host.com/]1.1.1.1",
|
|
|
|
"[//]tls://1.1.1.1",
|
|
|
|
"[/www.host.com/]#",
|
|
|
|
"[/host.com/google.com/]8.8.8.8",
|
2023-06-30 10:41:10 +01:00
|
|
|
"[/host/]" + sdnsStamp,
|
2022-07-29 17:27:15 +01:00
|
|
|
"[/пример.рф/]8.8.8.8",
|
|
|
|
},
|
|
|
|
}, {
|
|
|
|
name: "bad_domain",
|
|
|
|
wantErr: `bad upstream for domain "[/!/]8.8.8.8": domain at index 0: ` +
|
2023-02-21 13:52:33 +00:00
|
|
|
`bad domain name "!": bad top-level domain name label "!": ` +
|
|
|
|
`bad top-level domain name label rune '!'`,
|
2022-07-29 17:27:15 +01:00
|
|
|
set: []string{"[/!/]8.8.8.8"},
|
2021-04-07 14:36:38 +01:00
|
|
|
}}
|
|
|
|
|
|
|
|
for _, tc := range testCases {
|
|
|
|
t.Run(tc.name, func(t *testing.T) {
|
|
|
|
err := ValidateUpstreams(tc.set)
|
2022-01-13 12:05:44 +00:00
|
|
|
testutil.AssertErrorMsg(t, tc.wantErr, err)
|
2021-04-07 14:36:38 +01:00
|
|
|
})
|
|
|
|
}
|
|
|
|
}
|
2022-02-14 13:56:14 +00:00
|
|
|
|
|
|
|
func TestValidateUpstreamsPrivate(t *testing.T) {
|
2022-03-18 10:37:27 +00:00
|
|
|
ss := netutil.SubnetSetFunc(netutil.IsLocallyServed)
|
2022-02-14 13:56:14 +00:00
|
|
|
|
|
|
|
testCases := []struct {
|
|
|
|
name string
|
|
|
|
wantErr string
|
|
|
|
u string
|
|
|
|
}{{
|
|
|
|
name: "success_address",
|
|
|
|
wantErr: ``,
|
|
|
|
u: "[/1.0.0.127.in-addr.arpa/]#",
|
|
|
|
}, {
|
|
|
|
name: "success_subnet",
|
|
|
|
wantErr: ``,
|
|
|
|
u: "[/127.in-addr.arpa/]#",
|
|
|
|
}, {
|
|
|
|
name: "not_arpa_subnet",
|
|
|
|
wantErr: `checking domain-specific upstreams: ` +
|
2023-03-17 14:10:33 +00:00
|
|
|
`bad arpa domain name "hello.world.": not a reversed ip network`,
|
2022-02-14 13:56:14 +00:00
|
|
|
u: "[/hello.world/]#",
|
|
|
|
}, {
|
|
|
|
name: "non-private_arpa_address",
|
|
|
|
wantErr: `checking domain-specific upstreams: ` +
|
|
|
|
`arpa domain "1.2.3.4.in-addr.arpa." should point to a locally-served network`,
|
|
|
|
u: "[/1.2.3.4.in-addr.arpa/]#",
|
|
|
|
}, {
|
|
|
|
name: "non-private_arpa_subnet",
|
|
|
|
wantErr: `checking domain-specific upstreams: ` +
|
|
|
|
`arpa domain "128.in-addr.arpa." should point to a locally-served network`,
|
|
|
|
u: "[/128.in-addr.arpa/]#",
|
|
|
|
}, {
|
|
|
|
name: "several_bad",
|
2023-08-15 13:09:08 +01:00
|
|
|
wantErr: `checking domain-specific upstreams: ` +
|
|
|
|
`arpa domain "1.2.3.4.in-addr.arpa." should point to a locally-served network` + "\n" +
|
|
|
|
`bad arpa domain name "non.arpa.": not a reversed ip network`,
|
2022-02-14 13:56:14 +00:00
|
|
|
u: "[/non.arpa/1.2.3.4.in-addr.arpa/127.in-addr.arpa/]#",
|
2023-03-17 14:10:33 +00:00
|
|
|
}, {
|
|
|
|
name: "partial_good",
|
|
|
|
wantErr: "",
|
|
|
|
u: "[/a.1.2.3.10.in-addr.arpa/a.10.in-addr.arpa/]#",
|
2022-02-14 13:56:14 +00:00
|
|
|
}}
|
|
|
|
|
|
|
|
for _, tc := range testCases {
|
|
|
|
set := []string{"192.168.0.1", tc.u}
|
|
|
|
|
|
|
|
t.Run(tc.name, func(t *testing.T) {
|
2022-03-18 10:37:27 +00:00
|
|
|
err := ValidateUpstreamsPrivate(set, ss)
|
2022-02-14 13:56:14 +00:00
|
|
|
testutil.AssertErrorMsg(t, tc.wantErr, err)
|
|
|
|
})
|
|
|
|
}
|
|
|
|
}
|
2022-12-05 14:24:32 +00:00
|
|
|
|
2023-06-30 10:41:10 +01:00
|
|
|
func newLocalUpstreamListener(t *testing.T, port uint16, handler dns.Handler) (real netip.AddrPort) {
|
|
|
|
t.Helper()
|
|
|
|
|
2022-12-05 14:24:32 +00:00
|
|
|
startCh := make(chan struct{})
|
|
|
|
upsSrv := &dns.Server{
|
2023-06-30 10:41:10 +01:00
|
|
|
Addr: netip.AddrPortFrom(netutil.IPv4Localhost(), port).String(),
|
2022-12-05 14:24:32 +00:00
|
|
|
Net: "tcp",
|
|
|
|
Handler: handler,
|
|
|
|
NotifyStartedFunc: func() { close(startCh) },
|
|
|
|
}
|
|
|
|
go func() {
|
|
|
|
err := upsSrv.ListenAndServe()
|
2023-06-30 10:41:10 +01:00
|
|
|
require.NoError(testutil.PanicT{}, err)
|
2022-12-05 14:24:32 +00:00
|
|
|
}()
|
2023-06-30 10:41:10 +01:00
|
|
|
|
2022-12-05 14:24:32 +00:00
|
|
|
<-startCh
|
|
|
|
testutil.CleanupAndRequireSuccess(t, upsSrv.Shutdown)
|
|
|
|
|
2023-06-30 10:41:10 +01:00
|
|
|
return testutil.RequireTypeAssert[*net.TCPAddr](t, upsSrv.Listener.Addr()).AddrPort()
|
2022-12-05 14:24:32 +00:00
|
|
|
}
|
|
|
|
|
2023-06-30 10:41:10 +01:00
|
|
|
func TestServer_HandleTestUpstreamDNS(t *testing.T) {
|
2022-12-05 14:24:32 +00:00
|
|
|
goodHandler := dns.HandlerFunc(func(w dns.ResponseWriter, m *dns.Msg) {
|
|
|
|
err := w.WriteMsg(new(dns.Msg).SetReply(m))
|
|
|
|
require.NoError(testutil.PanicT{}, err)
|
|
|
|
})
|
|
|
|
badHandler := dns.HandlerFunc(func(w dns.ResponseWriter, _ *dns.Msg) {
|
|
|
|
err := w.WriteMsg(new(dns.Msg))
|
|
|
|
require.NoError(testutil.PanicT{}, err)
|
|
|
|
})
|
|
|
|
|
|
|
|
goodUps := (&url.URL{
|
|
|
|
Scheme: "tcp",
|
|
|
|
Host: newLocalUpstreamListener(t, 0, goodHandler).String(),
|
|
|
|
}).String()
|
|
|
|
badUps := (&url.URL{
|
|
|
|
Scheme: "tcp",
|
|
|
|
Host: newLocalUpstreamListener(t, 0, badHandler).String(),
|
|
|
|
}).String()
|
|
|
|
|
2023-11-10 15:22:09 +00:00
|
|
|
goodAndBadUps := strings.Join([]string{goodUps, badUps}, " ")
|
|
|
|
|
2023-06-30 10:41:10 +01:00
|
|
|
const (
|
|
|
|
upsTimeout = 100 * time.Millisecond
|
|
|
|
|
|
|
|
hostsFileName = "hosts"
|
|
|
|
upstreamHost = "custom.localhost"
|
|
|
|
)
|
|
|
|
|
|
|
|
hostsListener := newLocalUpstreamListener(t, 0, goodHandler)
|
|
|
|
hostsUps := (&url.URL{
|
|
|
|
Scheme: "tcp",
|
2023-10-05 13:26:19 +01:00
|
|
|
Host: netutil.JoinHostPort(upstreamHost, hostsListener.Port()),
|
2023-06-30 10:41:10 +01:00
|
|
|
}).String()
|
|
|
|
|
|
|
|
hc, err := aghnet.NewHostsContainer(
|
|
|
|
fstest.MapFS{
|
|
|
|
hostsFileName: &fstest.MapFile{
|
|
|
|
Data: []byte(hostsListener.Addr().String() + " " + upstreamHost),
|
|
|
|
},
|
|
|
|
},
|
|
|
|
&aghtest.FSWatcher{
|
|
|
|
OnEvents: func() (e <-chan struct{}) { return nil },
|
|
|
|
OnAdd: func(_ string) (err error) { return nil },
|
|
|
|
OnClose: func() (err error) { return nil },
|
|
|
|
},
|
|
|
|
hostsFileName,
|
|
|
|
)
|
|
|
|
require.NoError(t, err)
|
2022-12-05 14:24:32 +00:00
|
|
|
|
2023-06-30 10:41:10 +01:00
|
|
|
srv := createTestServer(t, &filtering.Config{
|
2023-09-04 15:18:43 +01:00
|
|
|
BlockingMode: filtering.BlockingModeDefault,
|
|
|
|
EtcHosts: hc,
|
2023-06-30 10:41:10 +01:00
|
|
|
}, ServerConfig{
|
2022-12-05 14:24:32 +00:00
|
|
|
UDPListenAddrs: []*net.UDPAddr{{}},
|
|
|
|
TCPListenAddrs: []*net.TCPAddr{{}},
|
|
|
|
UpstreamTimeout: upsTimeout,
|
2023-08-30 16:26:02 +01:00
|
|
|
Config: Config{
|
2023-03-01 13:16:16 +00:00
|
|
|
EDNSClientSubnet: &EDNSClientSubnet{Enabled: false},
|
|
|
|
},
|
2022-12-05 14:24:32 +00:00
|
|
|
}, nil)
|
2023-11-16 11:05:10 +00:00
|
|
|
srv.etcHosts = hc
|
2022-12-05 14:24:32 +00:00
|
|
|
startDeferStop(t, srv)
|
|
|
|
|
|
|
|
testCases := []struct {
|
|
|
|
body map[string]any
|
|
|
|
wantResp map[string]any
|
|
|
|
name string
|
|
|
|
}{{
|
|
|
|
body: map[string]any{
|
|
|
|
"upstream_dns": []string{goodUps},
|
|
|
|
},
|
|
|
|
wantResp: map[string]any{
|
|
|
|
goodUps: "OK",
|
|
|
|
},
|
|
|
|
name: "success",
|
|
|
|
}, {
|
|
|
|
body: map[string]any{
|
|
|
|
"upstream_dns": []string{badUps},
|
|
|
|
},
|
|
|
|
wantResp: map[string]any{
|
2023-06-30 10:41:10 +01:00
|
|
|
badUps: `couldn't communicate with upstream: exchanging with ` +
|
2023-06-02 15:19:44 +01:00
|
|
|
badUps + ` over tcp: dns: id mismatch`,
|
2022-12-05 14:24:32 +00:00
|
|
|
},
|
|
|
|
name: "broken",
|
|
|
|
}, {
|
|
|
|
body: map[string]any{
|
|
|
|
"upstream_dns": []string{goodUps, badUps},
|
|
|
|
},
|
|
|
|
wantResp: map[string]any{
|
|
|
|
goodUps: "OK",
|
2023-06-30 10:41:10 +01:00
|
|
|
badUps: `couldn't communicate with upstream: exchanging with ` +
|
2023-06-02 15:19:44 +01:00
|
|
|
badUps + ` over tcp: dns: id mismatch`,
|
2022-12-05 14:24:32 +00:00
|
|
|
},
|
|
|
|
name: "both",
|
2023-06-30 10:41:10 +01:00
|
|
|
}, {
|
|
|
|
body: map[string]any{
|
|
|
|
"upstream_dns": []string{"[/domain.example/]" + badUps},
|
|
|
|
},
|
|
|
|
wantResp: map[string]any{
|
2023-10-27 18:18:29 +01:00
|
|
|
badUps: `WARNING: couldn't communicate ` +
|
2023-06-30 10:41:10 +01:00
|
|
|
`with upstream: exchanging with ` + badUps + ` over tcp: ` +
|
|
|
|
`dns: id mismatch`,
|
|
|
|
},
|
|
|
|
name: "domain_specific_error",
|
|
|
|
}, {
|
|
|
|
body: map[string]any{
|
|
|
|
"upstream_dns": []string{hostsUps},
|
|
|
|
},
|
|
|
|
wantResp: map[string]any{
|
|
|
|
hostsUps: "OK",
|
|
|
|
},
|
|
|
|
name: "etc_hosts",
|
2023-09-06 10:29:45 +01:00
|
|
|
}, {
|
|
|
|
body: map[string]any{
|
|
|
|
"fallback_dns": []string{goodUps},
|
|
|
|
},
|
|
|
|
wantResp: map[string]any{
|
|
|
|
goodUps: "OK",
|
|
|
|
},
|
|
|
|
name: "fallback_success",
|
|
|
|
}, {
|
|
|
|
body: map[string]any{
|
|
|
|
"fallback_dns": []string{badUps},
|
|
|
|
},
|
|
|
|
wantResp: map[string]any{
|
|
|
|
badUps: `couldn't communicate with upstream: exchanging with ` +
|
|
|
|
badUps + ` over tcp: dns: id mismatch`,
|
|
|
|
},
|
|
|
|
name: "fallback_broken",
|
2023-09-08 15:37:28 +01:00
|
|
|
}, {
|
|
|
|
body: map[string]any{
|
|
|
|
"fallback_dns": []string{goodUps, "#this.is.comment"},
|
|
|
|
},
|
|
|
|
wantResp: map[string]any{
|
|
|
|
goodUps: "OK",
|
|
|
|
},
|
|
|
|
name: "fallback_comment_mix",
|
2023-10-27 18:18:29 +01:00
|
|
|
}, {
|
|
|
|
body: map[string]any{
|
|
|
|
"upstream_dns": []string{"[/domain.example/]" + goodUps + " " + badUps},
|
|
|
|
},
|
|
|
|
wantResp: map[string]any{
|
|
|
|
goodUps: "OK",
|
|
|
|
badUps: `WARNING: couldn't communicate ` +
|
|
|
|
`with upstream: exchanging with ` + badUps + ` over tcp: ` +
|
|
|
|
`dns: id mismatch`,
|
|
|
|
},
|
|
|
|
name: "multiple_domain_specific_upstreams",
|
2023-11-10 15:22:09 +00:00
|
|
|
}, {
|
|
|
|
body: map[string]any{
|
|
|
|
"upstream_dns": []string{"[/domain.example/]/]1.2.3.4"},
|
|
|
|
},
|
|
|
|
wantResp: map[string]any{
|
|
|
|
"[/domain.example/]/]1.2.3.4": `wrong upstream format: ` +
|
|
|
|
`bad upstream for domain "[/domain.example/]/]1.2.3.4": ` +
|
|
|
|
`duplicated separator`,
|
|
|
|
},
|
|
|
|
name: "bad_specification",
|
|
|
|
}, {
|
|
|
|
body: map[string]any{
|
|
|
|
"upstream_dns": []string{"[/domain.example/]" + goodAndBadUps},
|
|
|
|
"fallback_dns": []string{"[/domain.example/]" + goodAndBadUps},
|
|
|
|
"private_upstream": []string{"[/domain.example/]" + goodAndBadUps},
|
|
|
|
},
|
|
|
|
wantResp: map[string]any{
|
|
|
|
goodUps: "OK",
|
|
|
|
badUps: `WARNING: couldn't communicate ` +
|
|
|
|
`with upstream: exchanging with ` + badUps + ` over tcp: ` +
|
|
|
|
`dns: id mismatch`,
|
|
|
|
},
|
|
|
|
name: "all_different",
|
2022-12-05 14:24:32 +00:00
|
|
|
}}
|
|
|
|
|
|
|
|
for _, tc := range testCases {
|
|
|
|
t.Run(tc.name, func(t *testing.T) {
|
2023-06-30 10:41:10 +01:00
|
|
|
var reqBody []byte
|
|
|
|
reqBody, err = json.Marshal(tc.body)
|
2022-12-05 14:24:32 +00:00
|
|
|
require.NoError(t, err)
|
|
|
|
|
|
|
|
w := httptest.NewRecorder()
|
2023-06-30 10:41:10 +01:00
|
|
|
|
|
|
|
var r *http.Request
|
|
|
|
r, err = http.NewRequest(http.MethodPost, "", bytes.NewReader(reqBody))
|
2022-12-05 14:24:32 +00:00
|
|
|
require.NoError(t, err)
|
|
|
|
|
|
|
|
srv.handleTestUpstreamDNS(w, r)
|
|
|
|
require.Equal(t, http.StatusOK, w.Code)
|
|
|
|
|
|
|
|
resp := map[string]any{}
|
|
|
|
err = json.NewDecoder(w.Body).Decode(&resp)
|
|
|
|
require.NoError(t, err)
|
|
|
|
|
|
|
|
assert.Equal(t, tc.wantResp, resp)
|
|
|
|
})
|
|
|
|
}
|
|
|
|
|
|
|
|
t.Run("timeout", func(t *testing.T) {
|
|
|
|
slowHandler := dns.HandlerFunc(func(w dns.ResponseWriter, m *dns.Msg) {
|
|
|
|
time.Sleep(upsTimeout * 2)
|
|
|
|
writeErr := w.WriteMsg(new(dns.Msg).SetReply(m))
|
|
|
|
require.NoError(testutil.PanicT{}, writeErr)
|
|
|
|
})
|
|
|
|
sleepyUps := (&url.URL{
|
|
|
|
Scheme: "tcp",
|
|
|
|
Host: newLocalUpstreamListener(t, 0, slowHandler).String(),
|
|
|
|
}).String()
|
|
|
|
|
|
|
|
req := map[string]any{
|
|
|
|
"upstream_dns": []string{sleepyUps},
|
|
|
|
}
|
2023-06-30 10:41:10 +01:00
|
|
|
|
|
|
|
var reqBody []byte
|
|
|
|
reqBody, err = json.Marshal(req)
|
2022-12-05 14:24:32 +00:00
|
|
|
require.NoError(t, err)
|
|
|
|
|
|
|
|
w := httptest.NewRecorder()
|
2023-06-30 10:41:10 +01:00
|
|
|
|
|
|
|
var r *http.Request
|
|
|
|
r, err = http.NewRequest(http.MethodPost, "", bytes.NewReader(reqBody))
|
2022-12-05 14:24:32 +00:00
|
|
|
require.NoError(t, err)
|
|
|
|
|
|
|
|
srv.handleTestUpstreamDNS(w, r)
|
|
|
|
require.Equal(t, http.StatusOK, w.Code)
|
|
|
|
|
|
|
|
resp := map[string]any{}
|
|
|
|
err = json.NewDecoder(w.Body).Decode(&resp)
|
|
|
|
require.NoError(t, err)
|
|
|
|
|
|
|
|
require.Contains(t, resp, sleepyUps)
|
|
|
|
require.IsType(t, "", resp[sleepyUps])
|
|
|
|
sleepyRes, _ := resp[sleepyUps].(string)
|
|
|
|
|
|
|
|
// TODO(e.burkov): Improve the format of an error in dnsproxy.
|
|
|
|
assert.True(t, strings.HasSuffix(sleepyRes, "i/o timeout"))
|
|
|
|
})
|
|
|
|
}
|