all: safesearch https

2024-04-10 12:41:47 +02:00 · 2024-04-10 12:41:47 +02:00 · 1c9564b9b4
parent 5f42688fba
commit 1c9564b9b4
2 changed files with 29 additions and 12 deletions
--- a/internal/dnsforward/msg.go
+++ b/internal/dnsforward/msg.go
@ -48,7 +48,7 @@ func (s *Server) genDNSFilterMessage(
 ) (resp *dns.Msg) {
 	req := dctx.Req
 	qt := req.Question[0].Qtype
-	if qt != dns.TypeA && qt != dns.TypeAAAA {
+	if qt != dns.TypeA && qt != dns.TypeAAAA && qt != dns.TypeHTTPS {
 		m, _, _ := s.dnsFilter.BlockingMode()
 		if m == filtering.BlockingModeNullIP {
 			return s.makeResponse(req)
@ -97,6 +97,13 @@ func (s *Server) getCNAMEWithIPs(req *dns.Msg, ips []netip.Addr, cname string) (
 				ans = append(ans, s.genAnswerAAAA(req, ip))
 			}
 		}
+	case dns.TypeHTTPS:
+		ans = append(ans, s.genAnswersWithIPv4s(req, ips)...)
+		for _, ip := range ips {
+			if ip.Is6() {
+				ans = append(ans, s.genAnswerAAAA(req, ip))
+			}
+		}
 	default:
 		// Go on and return an empty response.
 	}
--- a/internal/filtering/safesearch/safesearch.go
+++ b/internal/filtering/safesearch/safesearch.go
@ -226,8 +226,8 @@ func (ss *Default) searchHost(host string, qtype rules.RRType) (res *rules.DNSRe
 }

 // newResult creates Result object from rewrite rule.  qtype must be either
-// [dns.TypeA] or [dns.TypeAAAA].  If err is nil, res is never nil, so that the
-// empty result is converted into a NODATA response.
+// [dns.TypeA] or [dns.TypeAAAA], or [dns.TypeHTTPS].  If err is nil, res is
+// never nil, so that the empty result is converted into a NODATA response.
 //
 // TODO(a.garipov): Use the main rewrite result mechanism used in
 // [dnsforward.Server.filterDNSRequest].  Now we resolve IPs for CNAME to save
@ -286,11 +286,11 @@ func (ss *Default) newResult(
 	return res, nil
 }

-// qtypeToProto returns "ip4" for [dns.TypeA] and "ip6" for [dns.TypeAAAA].
-// It panics for other types.
+// qtypeToProto returns "ip4" for [dns.TypeA] or [dns.TypeHTTPS], and "ip6" for
+// [dns.TypeAAAA].  It panics for other types.
 func qtypeToProto(qtype rules.RRType) (proto string) {
 	switch qtype {
-	case dns.TypeA:
+	case dns.TypeA, dns.TypeHTTPS:
 		return "ip4"
 	case dns.TypeAAAA:
 		return "ip6"
@ -300,21 +300,31 @@ func qtypeToProto(qtype rules.RRType) (proto string) {
 }

 // fitToProto returns a non-nil IP address if ip is the correct protocol version
-// for qtype.  qtype is expected to be either [dns.TypeA] or [dns.TypeAAAA].
+// for qtype.  qtype is expected to be either [dns.TypeA] or [dns.TypeAAAA], or
+// [dns.TypeHTTPS].
 func fitToProto(ip net.IP, qtype rules.RRType) (res netip.Addr) {
-	if ip4 := ip.To4(); qtype == dns.TypeA {
+	ip4 := ip.To4()
+	ip6 := ip.To16()
+
+	if qtype == dns.TypeA && ip4 != nil {
+		return netip.AddrFrom4([4]byte(ip4))
+	} else if ip6 != nil && qtype == dns.TypeAAAA {
+		return netip.AddrFrom16([16]byte(ip6))
+	}
+
+	if qtype == dns.TypeHTTPS {
 		if ip4 != nil {
 			return netip.AddrFrom4([4]byte(ip4))
+		} else if ip6 != nil {
+			return netip.AddrFrom16([16]byte(ip6))
 		}
-	} else if ip = ip.To16(); ip != nil && qtype == dns.TypeAAAA {
-		return netip.AddrFrom16([16]byte(ip))
 	}

 	return netip.Addr{}
 }

 // setCacheResult stores data in cache for host.  qtype is expected to be either
-// [dns.TypeA] or [dns.TypeAAAA].
+// [dns.TypeA] or [dns.TypeAAAA], or [dns.TypeHTTPS].
 func (ss *Default) setCacheResult(host string, qtype rules.RRType, res filtering.Result) {
 	expire := uint32(time.Now().Add(ss.cacheTTL).Unix())
 	exp := make([]byte, 4)
@ -335,7 +345,7 @@ func (ss *Default) setCacheResult(host string, qtype rules.RRType, res filtering
 }

 // getCachedResult returns stored data from cache for host.  qtype is expected
-// to be either [dns.TypeA] or [dns.TypeAAAA].
+// to be either [dns.TypeA] or [dns.TypeAAAA], or [dns.TypeHTTPS].
 func (ss *Default) getCachedResult(
 	host string,
 	qtype rules.RRType,