diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index c232120a..da8ca358 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -1,7 +1,7 @@ 'name': 'build' 'env': - 'GO_VERSION': '1.19.11' + 'GO_VERSION': '1.20.7' 'NODE_VERSION': '14' 'on': diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index 900a1478..773f0494 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -1,7 +1,7 @@ 'name': 'lint' 'env': - 'GO_VERSION': '1.19.11' + 'GO_VERSION': '1.20.7' 'on': 'push': diff --git a/CHANGELOG.md b/CHANGELOG.md index e04f023d..f56595b0 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -14,11 +14,11 @@ and this project adheres to @@ -29,6 +29,36 @@ NOTE: Add new changes ABOVE THIS COMMENT. +## [v0.107.36] - 2023-08-02 + +See also the [v0.107.36 GitHub milestone][ms-v0.107.36]. + +### Security + +- Go version has been updated to prevent the possibility of exploiting the + CVE-2023-29409 Go vulnerability fixed in [Go 1.20.7][go-1.20.7]. + +### Deprecated + +- Go 1.20 support. Future versions will require at least Go 1.21 to build. + +### Fixed + +- Inability to block queries for the root domain, such as `NS .` queries, using + the *Disallowed domains* feature on the *DNS settings* page ([#6049]). Users + who want to block `.` queries should use the `|.^` AdBlock rule or a similar + regular expression. +- Client hostnames not resolving when upstream server responds with zero-TTL + records ([#6046]). + +[#6046]: https://github.com/AdguardTeam/AdGuardHome/issues/6046 +[#6049]: https://github.com/AdguardTeam/AdGuardHome/issues/6049 + +[go-1.20.7]: https://groups.google.com/g/golang-announce/c/X0b6CsSAaYI/m/Efv5DbZ9AwAJ +[ms-v0.107.36]: https://github.com/AdguardTeam/AdGuardHome/milestone/71?closed=1 + + + ## [v0.107.35] - 2023-07-26 See also the [v0.107.35 GitHub milestone][ms-v0.107.35]. @@ -2270,11 +2300,12 @@ See also the [v0.104.2 GitHub milestone][ms-v0.104.2]. -[Unreleased]: https://github.com/AdguardTeam/AdGuardHome/compare/v0.107.35...HEAD +[Unreleased]: https://github.com/AdguardTeam/AdGuardHome/compare/v0.107.36...HEAD +[v0.107.36]: https://github.com/AdguardTeam/AdGuardHome/compare/v0.107.35...v0.107.36 [v0.107.35]: https://github.com/AdguardTeam/AdGuardHome/compare/v0.107.34...v0.107.35 [v0.107.34]: https://github.com/AdguardTeam/AdGuardHome/compare/v0.107.33...v0.107.34 [v0.107.33]: https://github.com/AdguardTeam/AdGuardHome/compare/v0.107.32...v0.107.33 diff --git a/README.md b/README.md index 52aedc32..16f94b6f 100644 --- a/README.md +++ b/README.md @@ -54,7 +54,7 @@ code. * [Getting Started](#getting-started) - * [Automated install (Unix)](#automated-install-linux-and-mac) + * [Automated install (Linux/Unix/MacOS/FreeBSD/OpenBSD)](#automated-install-linux-and-mac) * [Alternative methods](#alternative-methods) * [Guides](#guides) * [API](#api) @@ -79,7 +79,7 @@ code. ## Getting Started - ### Automated install (Unix) + ### Automated install (Linux/Unix/MacOS/FreeBSD/OpenBSD) To install with `curl` run the following command: @@ -261,7 +261,7 @@ Run `make init` to prepare the development environment. You will need this to build AdGuard Home: - * [Go](https://golang.org/dl/) v1.19 or later; + * [Go](https://golang.org/dl/) v1.20 or later; * [Node.js](https://nodejs.org/en/download/) v10.16.2 or later; * [npm](https://www.npmjs.com/) v6.14 or later; * [yarn](https://yarnpkg.com/) v1.22.5 or later. diff --git a/bamboo-specs/release.yaml b/bamboo-specs/release.yaml index 5ca1f8c0..d4efb97b 100644 --- a/bamboo-specs/release.yaml +++ b/bamboo-specs/release.yaml @@ -7,7 +7,7 @@ # Make sure to sync any changes with the branch overrides below. 'variables': 'channel': 'edge' - 'dockerGo': 'adguard/golang-ubuntu:6.8' + 'dockerGo': 'adguard/golang-ubuntu:7.0' 'stages': - 'Build frontend': @@ -272,7 +272,7 @@ # need to build a few of these. 'variables': 'channel': 'beta' - 'dockerGo': 'adguard/golang-ubuntu:6.8' + 'dockerGo': 'adguard/golang-ubuntu:7.0' # release-vX.Y.Z branches are the branches from which the actual final # release is built. - '^release-v[0-9]+\.[0-9]+\.[0-9]+': @@ -287,4 +287,4 @@ # are the ones that actually get released. 'variables': 'channel': 'release' - 'dockerGo': 'adguard/golang-ubuntu:6.8' + 'dockerGo': 'adguard/golang-ubuntu:7.0' diff --git a/bamboo-specs/snapcraft.yaml b/bamboo-specs/snapcraft.yaml index ac8a2217..7d8c5f38 100644 --- a/bamboo-specs/snapcraft.yaml +++ b/bamboo-specs/snapcraft.yaml @@ -10,7 +10,7 @@ # Make sure to sync any changes with the branch overrides below. 'variables': 'channel': 'edge' - 'dockerGo': 'adguard/golang-ubuntu:6.8' + 'dockerGo': 'adguard/golang-ubuntu:7.0' 'snapcraftChannel': 'edge' 'stages': @@ -191,7 +191,7 @@ # need to build a few of these. 'variables': 'channel': 'beta' - 'dockerGo': 'adguard/golang-ubuntu:6.8' + 'dockerGo': 'adguard/golang-ubuntu:7.0' 'snapcraftChannel': 'beta' # release-vX.Y.Z branches are the branches from which the actual final # release is built. @@ -207,5 +207,5 @@ # are the ones that actually get released. 'variables': 'channel': 'release' - 'dockerGo': 'adguard/golang-ubuntu:6.8' + 'dockerGo': 'adguard/golang-ubuntu:7.0' 'snapcraftChannel': 'candidate' diff --git a/bamboo-specs/test.yaml b/bamboo-specs/test.yaml index 39361afe..fe858950 100644 --- a/bamboo-specs/test.yaml +++ b/bamboo-specs/test.yaml @@ -5,7 +5,7 @@ 'key': 'AHBRTSPECS' 'name': 'AdGuard Home - Build and run tests' 'variables': - 'dockerGo': 'adguard/golang-ubuntu:6.8' + 'dockerGo': 'adguard/golang-ubuntu:7.0' 'stages': - 'Tests': diff --git a/client/src/__locales/hr.json b/client/src/__locales/hr.json index 32e029d5..feb50c0b 100644 --- a/client/src/__locales/hr.json +++ b/client/src/__locales/hr.json @@ -444,7 +444,7 @@ "client_confirm_delete": "Jeste li sigurni da želite ukloniti \"{{key}}\" klijenta?", "list_confirm_delete": "Jeste li sigurni da želite ukloniti ovaj popis?", "auto_clients_title": "Runtime klijenti", - "auto_clients_desc": "Podaci na klijentu koji koriste AdGuard Home, ali se ne mijenjaju u postavkama", + "auto_clients_desc": "Informacije o IP adresama uređaja koji koriste ili bi mogli koristiti AdGuard Home. Ove informacije prikupljaju se iz nekoliko izvora, uključujući datoteke hostova, obrnuti DNS itd.", "access_title": "Postavke pristupa", "access_desc": "Ovdje možete konfigurirati pravila pristupa za AdGuard Home DNS poslužitelj", "access_allowed_title": "Dopušteni klijenti", diff --git a/client/src/__locales/hu.json b/client/src/__locales/hu.json index 6ddc9443..37e5cdfe 100644 --- a/client/src/__locales/hu.json +++ b/client/src/__locales/hu.json @@ -444,7 +444,7 @@ "client_confirm_delete": "Biztosan törölni szeretné a(z) \"{{key}}\" klienst?", "list_confirm_delete": "Biztosan törölni kívánja ezt a listát?", "auto_clients_title": "Futási idejű kliensek", - "auto_clients_desc": "Ezek az eszközök nem szerepelnek a fenntartott kliensek listáján, de használják az AdGuard Home-ot", + "auto_clients_desc": "Az AdGuard Home-ot használó vagy esetleg használó eszközök IP-címeire vonatkozó információk. Ezeket az információkat több forrásból gyűjtik, beleértve a hosts fájlokat, a fordított DNS-t stb.", "access_title": "Hozzáférési beállítások", "access_desc": "Itt konfigurálhatja az AdGuard Home DNS-kiszolgáló hozzáférési szabályait", "access_allowed_title": "Engedélyezett kliensek", diff --git a/client/src/__locales/ro.json b/client/src/__locales/ro.json index 955dd822..411cf75b 100644 --- a/client/src/__locales/ro.json +++ b/client/src/__locales/ro.json @@ -444,7 +444,7 @@ "client_confirm_delete": "Sunteți sigur că doriți să ștergeți clientul \"{{key}}\"?", "list_confirm_delete": "Sigur doriți să ștergeți această listă?", "auto_clients_title": "Clienți runtime", - "auto_clients_desc": "Dispozitivele care nu se află pe lista de clienți Persistent care pot utiliza în continuare AdGuard Home", + "auto_clients_desc": "Informații despre adresele IP ale dispozitivelor care utilizează sau pot utiliza AdGuard Home. Aceste informații sunt colectate din mai multe surse, inclusiv din fișiere hosts, DNS inversat etc.", "access_title": "Setări de acces", "access_desc": "Aici puteți configura regulile de acces pentru serverul DNS AdGuard Home", "access_allowed_title": "Clienți autorizați", diff --git a/client/src/__locales/sk.json b/client/src/__locales/sk.json index 740a8e8f..47e78933 100644 --- a/client/src/__locales/sk.json +++ b/client/src/__locales/sk.json @@ -444,7 +444,7 @@ "client_confirm_delete": "Naozaj chcete vymazať \"{{key}}\" klienta?", "list_confirm_delete": "Naozaj chcete vymazať tento zoznam?", "auto_clients_title": "Runtime klienti", - "auto_clients_desc": "Zariadenia, ktoré nie sú na zozname trvalých klientov, ktorí môžu stále používať AdGuard Home", + "auto_clients_desc": "Informácie o IP adresách zariadení, ktoré používajú alebo môžu používať AdGuard Home. Tieto informácie sa získavajú z viacerých zdrojov vrátane súborov hosts, reverzného DNS atď.", "access_title": "Nastavenia prístupu", "access_desc": "Tu môžete konfigurovať pravidlá prístupu pre server DNS AdGuard Home.", "access_allowed_title": "Povolení klienti", diff --git a/client/src/__locales/th.json b/client/src/__locales/th.json index c7ccb39b..9751530a 100644 --- a/client/src/__locales/th.json +++ b/client/src/__locales/th.json @@ -172,6 +172,7 @@ "dnscrypt": "DNSCrypt", "dns_over_https": "DNS-over-HTTPS", "dns_over_tls": "DNS-over-TLS", + "dns_over_quic": "DNS-over-QUIC", "form_enter_rate_limit": "ป้อนขีดจำกัดอัตรา", "rate_limit": "จำกัดอัตรา", "edns_enable": "เปิดใช้งานซับเน็ตไคลเอ็นต์ EDNS", @@ -392,6 +393,7 @@ "show_processed_responses": "การประมวลผล", "blocked_adult_websites": "ถูกปิดกั้นโดยการควบคุมของผู้ปกครอง", "safe_search": "ค้นหาอย่างปลอดภัย", + "blocklist": "บัญชีดำ", "filter_category_other": "อื่น ๆ", "parental_control": "ควบคุมโดยผู้ปกครอง" } diff --git a/client/src/__locales/uk.json b/client/src/__locales/uk.json index 104e2476..8cb111d0 100644 --- a/client/src/__locales/uk.json +++ b/client/src/__locales/uk.json @@ -444,7 +444,7 @@ "client_confirm_delete": "Ви впевнені, що хочете видалити клієнта «{{key}}»?", "list_confirm_delete": "Ви впевнені, що хочете видалити цей список?", "auto_clients_title": "Runtime-клієнти", - "auto_clients_desc": "Клієнти, які використовують AdGuard Home, незалежно від того, чи збережені вони в списку постійних", + "auto_clients_desc": "Інформація про IP-адреси пристроїв, які використовують або можуть використовувати AdGuard Home. Ця інформація збирається з кількох джерел, зокрема з файлів hosts, зворотного DNS тощо.", "access_title": "Налаштування доступу", "access_desc": "Тут ви можете налаштувати правила доступу для DNS-сервера AdGuard Home", "access_allowed_title": "Дозволені клієнти", diff --git a/client/src/__locales/vi.json b/client/src/__locales/vi.json index 44f8451e..52ffccec 100644 --- a/client/src/__locales/vi.json +++ b/client/src/__locales/vi.json @@ -444,7 +444,7 @@ "client_confirm_delete": "Bạn có chắc chắn muốn xóa máy khách \"{{key}}\" không?", "list_confirm_delete": "Bạn có muốn xóa bộ lọc này?", "auto_clients_title": "Máy khách (thời gian chạy)", - "auto_clients_desc": "Các thiết bị không có trong danh sách khách hàng ổn định vẫn có thể sử dụng AdGuard Home", + "auto_clients_desc": "Thông tin về địa chỉ IP của thiết bị đang sử dụng hoặc có thể sử dụng AdGuard Home. Thông tin này được thu thập từ nhiều nguồn, bao gồm tệp máy chủ, DNS ngược, v.v.", "access_title": "Cài đặt truy cập", "access_desc": "Tại đây bạn có thể định cấu hình quy tắc truy cập cho máy chủ AdGuard Home DNS", "access_allowed_title": "Máy chủ được phép", diff --git a/client/src/__locales/zh-tw.json b/client/src/__locales/zh-tw.json index e31ed29c..0d6419e1 100644 --- a/client/src/__locales/zh-tw.json +++ b/client/src/__locales/zh-tw.json @@ -138,9 +138,9 @@ "block_domain_use_filters_and_hosts": "透過過濾器和主機檔案封鎖網域", "filters_block_toggle_hint": "您可在過濾器設定中設置封鎖規則。", "use_adguard_browsing_sec": "使用 AdGuard 瀏覽安全網路服務", - "use_adguard_browsing_sec_hint": "AdGuard Home 將檢查該網域是否被瀏覽安全網路服務封鎖。它將使用友好的隱私查找應用程式介面(API)以執行檢查:僅域名 SHA256 雜湊的短前綴被傳送到該伺服器。", + "use_adguard_browsing_sec_hint": "AdGuard Home 將檢查該網域是否被瀏覽安全網路服務封鎖。它將使用對隱私友好的查找應用程式介面(API)以執行檢查:僅域名 SHA256 雜湊的短前綴被傳送到該伺服器。", "use_adguard_parental": "使用 AdGuard 家長控制之網路服務", - "use_adguard_parental_hint": "AdGuard Home 將檢查網域是否包含成人資料。它使用如同瀏覽安全網路服務一樣之友好的隱私應用程式介面(API)。", + "use_adguard_parental_hint": "AdGuard Home 將檢查網域是否包含成人資料。它使用如同瀏覽安全網路服務一樣之對隱私友好的應用程式介面(API)。", "enforce_safe_search": "使用安全搜尋", "enforce_save_search_hint": "AdGuard Home 將在下列的搜尋引擎:Google、YouTube、Bing、DuckDuckGo、Yandex 和 Pixabay 中強制執行安全搜尋。", "no_servers_specified": "無已明確指定的伺服器", diff --git a/client/src/helpers/trackers/trackers.json b/client/src/helpers/trackers/trackers.json index 2b26213e..e061c1d4 100644 --- a/client/src/helpers/trackers/trackers.json +++ b/client/src/helpers/trackers/trackers.json @@ -1,5 +1,5 @@ { - "timeUpdated": "2023-07-15T00:10:47.501Z", + "timeUpdated": "2023-08-01T00:10:42.759Z", "categories": { "0": "audio_video_player", "1": "comments", @@ -42,7 +42,8 @@ "name": "1822direkt.de", "categoryId": 8, "url": "https://www.1822direkt.de/", - "companyId": null + "companyId": "1822direkt", + "source": "AdGuard" }, "1dmp.io": { "name": "1DMP", @@ -69,16 +70,18 @@ "companyId": "dentsu_aegis_network" }, "1und1": { - "name": "1&1 Internet", + "name": "1&1 IONOS", "categoryId": 8, - "url": null, - "companyId": null + "url": "http://www.ionos.com/", + "companyId": "1und1", + "source": "AdGuard" }, "24-ads.com": { - "name": "24-ADS GmbH", + "name": "24-ADS", "categoryId": 4, "url": "http://www.24-ads.com/", - "companyId": null + "companyId": "24-ads.com", + "source": "AdGuard" }, "24_7": { "name": "[24]7", @@ -93,10 +96,11 @@ "companyId": "24log" }, "24smi": { - "name": "24СМИ", + "name": "24SMI", "categoryId": 8, "url": "https://24smi.org/", - "companyId": null + "companyId": "24smi", + "source": "AdGuard" }, "2leep": { "name": "2leep", @@ -127,13 +131,15 @@ "name": "4Chan", "categoryId": 8, "url": "https://www.4chan.org/", - "companyId": null + "companyId": "4chan", + "source": "AdGuard" }, "4finance_com": { - "name": "4finance.com", + "name": "4finance", "categoryId": 2, - "url": "http://4finance.com/", - "companyId": null + "url": "https://4finance.com/", + "companyId": "4finance", + "source": "AdGuard" }, "4w_marketplace": { "name": "4w Marketplace", @@ -179,10 +185,11 @@ "source": "AdGuard" }, "7tv.de": { - "name": "7tv.de", + "name": "7tv.app", "categoryId": 0, - "url": "https://www.7tv.de/", - "companyId": null + "url": "https://www.7tv.app/", + "companyId": "7tv", + "source": "AdGuard" }, "888media": { "name": "888media", @@ -2554,7 +2561,7 @@ "name": "Microsoft App Center", "categoryId": 5, "url": "https://appcenter.ms/", - "companyId": null, + "companyId": "microsoft", "source": "AdGuard" }, "appcues": { @@ -3925,7 +3932,7 @@ "name": "Button", "categoryId": 4, "url": "https://www.usebutton.com/", - "companyId": null, + "companyId": "button", "source": "AdGuard" }, "buysellads": { @@ -5276,7 +5283,7 @@ "name": "Crashlytics", "categoryId": 101, "url": "https://crashlytics.com/", - "companyId": null, + "companyId": "google", "source": "AdGuard" }, "crazy_egg": { @@ -6427,6 +6434,13 @@ "url": "http://www.amazon.com/", "companyId": "amazon_associates" }, + "electronic_arts": { + "name": "Electronic Arts", + "categoryId": 2, + "url": "https://www.ea.com/", + "companyId": "electronic_arts", + "source": "AdGuard" + }, "element": { "name": "Element", "categoryId": 7, @@ -7014,6 +7028,13 @@ "url": null, "companyId": null }, + "farlight_pte_ltd": { + "name": "Farlight Pte Ltd.", + "categoryId": 8, + "url": "https://farlightgames.com/", + "companyId": "farlight", + "source": "AdGuard" + }, "fastly_insights": { "name": "Fastly Insights", "categoryId": 6, @@ -8655,7 +8676,7 @@ "name": "HockeyApp", "categoryId": 101, "url": "https://hockeyapp.net/", - "companyId": null, + "companyId": "microsoft", "source": "AdGuard" }, "hoholikik.club": { @@ -16729,6 +16750,13 @@ "url": "http://www.sundaysky.com/", "companyId": "sundaysky" }, + "supercell": { + "name": "Supercell", + "categoryId": 2, + "url": "https://supercell.com/", + "companyId": "supercell", + "source": "AdGuard" + }, "supercounters": { "name": "SuperCounters", "categoryId": 6, @@ -19318,10 +19346,11 @@ "companyId": "xapads" }, "xen-media.com": { - "name": "xen-media.com", + "name": "Xen Media", "categoryId": 11, - "url": null, - "companyId": null + "url": "https://www.xenmedia.net/", + "companyId": "xenmedia", + "source": "AdGuard" }, "xfreeservice.com": { "name": "xfreeservice.com", @@ -19332,8 +19361,9 @@ "xhamster": { "name": "xHamster", "categoryId": 3, - "url": null, - "companyId": null + "url": "https://xhamster.com/", + "companyId": "xhamster", + "source": "AdGuard" }, "xing": { "name": "Xing", @@ -19348,10 +19378,11 @@ "companyId": "exoclick" }, "xnxx_cdn": { - "name": "xnxx CDN", + "name": "XNXX", "categoryId": 9, "url": "https://www.xnxx.com", - "companyId": null + "companyId": "xnxx", + "source": "AdGuard" }, "xplosion": { "name": "xplosion", @@ -19366,16 +19397,18 @@ "companyId": "matomy_media" }, "xvideos_com": { - "name": "xvideos.com", + "name": "Xvideos", "categoryId": 8, - "url": null, - "companyId": null + "url": "https://www.xvideos.com", + "companyId": "xvideos", + "source": "AdGuard" }, "xxxlshop.de": { - "name": "xxxlshop.de", + "name": "XXXLutz", "categoryId": 8, - "url": "https://www.xxxlshop.de/", - "companyId": null + "url": "https://www.xxxlutz.de/", + "companyId": "xxxlutz", + "source": "AdGuard" }, "xxxlutz": { "name": "XXXLutz", @@ -19387,7 +19420,8 @@ "name": "Yabbi", "categoryId": 4, "url": "https://yabbi.me/", - "companyId": null + "companyId": "yabbi", + "source": "AdGuard" }, "yabuka": { "name": "Yabuka", @@ -19649,10 +19683,11 @@ "companyId": "yomedia" }, "yoochoose.net": { - "name": "YOOCHOOSE", + "name": "Ibexa Personalizaton Software", "categoryId": 4, - "url": "https://yoochoose.com/", - "companyId": null + "url": "https://yoochoose.net/", + "companyId": "ibexa", + "source": "AdGuard" }, "yotpo": { "name": "Yotpo", @@ -19687,8 +19722,9 @@ "youporn": { "name": "YouPorn", "categoryId": 3, - "url": null, - "companyId": null + "url": "https://www.youporn.com/", + "companyId": "youporn", + "source": "AdGuard" }, "youtube": { "name": "YouTube", @@ -19826,7 +19862,8 @@ "name": "ZeusClicks", "categoryId": 4, "url": "http://zeusclicks.com/", - "companyId": null + "companyId": "zeusclicks", + "source": "AdGuard" }, "ziff_davis": { "name": "Ziff Davis", @@ -19844,7 +19881,8 @@ "name": "Zimbio", "categoryId": 8, "url": "http://www.zimbio.com/", - "companyId": null + "companyId": "livinglymedia", + "source": "AdGuard" }, "zippyshare_widget": { "name": "Zippyshare Widget", @@ -21450,6 +21488,9 @@ "ekomi.de": "ekomi", "elasticad.net": "elastic_ad", "elasticbeanstalk.com": "elastic_beanstalk", + "cloudcell.com": "electronic_arts", + "ea.com": "electronic_arts", + "eamobile.com": "electronic_arts", "element.io": "element", "riot.im": "element", "elicitapp.com": "elicit", @@ -21570,6 +21611,7 @@ "thefancy.com": "fancy_widget", "d1q7pknmpq2wkm.cloudfront.net": "fanplayr", "fap.to": "fap.to", + "farlightgames.com": "farlight_pte_ltd", "fastly-insights.com": "fastly_insights", "fastly.net": "fastlylb.net", "fastlylb.net": "fastlylb.net", @@ -24146,6 +24188,8 @@ "sumo.com": "sumome", "sumome.com": "sumome", "sundaysky.com": "sundaysky", + "supercell.com": "supercell", + "supercellsupport.com": "supercell", "supercounters.com": "supercounters", "superfastcdn.com": "superfastcdn.com", "socdm.com": "supership", diff --git a/go.mod b/go.mod index 0e1be23c..cf985173 100644 --- a/go.mod +++ b/go.mod @@ -1,9 +1,9 @@ module github.com/AdguardTeam/AdGuardHome -go 1.19 +go 1.20 require ( - github.com/AdguardTeam/dnsproxy v0.52.0 + github.com/AdguardTeam/dnsproxy v0.52.1-0.20230726165924-30c459b0cdef github.com/AdguardTeam/golibs v0.13.6 github.com/AdguardTeam/urlfilter v0.16.1 github.com/NYTimes/gziphandler v1.1.1 @@ -17,7 +17,7 @@ require ( github.com/google/gopacket v1.1.19 github.com/google/renameio/v2 v2.0.0 github.com/google/uuid v1.3.0 - github.com/insomniacslk/dhcp v0.0.0-20230612134759-b20c9ba983df + github.com/insomniacslk/dhcp v0.0.0-20230720093626-5648422c16cd github.com/josharian/native v1.1.1-0.20230202152459-5c7d0dd6ab86 github.com/kardianos/service v1.2.2 github.com/mdlayher/ethernet v0.0.0-20220221185849-529eae5b6118 @@ -27,12 +27,15 @@ require ( // own code for that. Perhaps, use gopacket. github.com/mdlayher/raw v0.1.0 github.com/miekg/dns v1.1.55 - github.com/quic-go/quic-go v0.36.1 + // TODO(a.garipov): Update to ≥ v0.37.0 once we update to Go 1.20. + github.com/quic-go/quic-go v0.36.2 github.com/stretchr/testify v1.8.4 github.com/ti-mo/netfilter v0.5.0 go.etcd.io/bbolt v1.3.7 golang.org/x/crypto v0.11.0 - golang.org/x/exp v0.0.0-20230713183714-613f0c0eb8a1 + // TODO(a.garipov): Update after updating slices.Sort and friends to + // stdlib versions in dnsproxy and golibs in Go 1.20. + golang.org/x/exp v0.0.0-20230724220655-d98519c11495 golang.org/x/net v0.12.0 golang.org/x/sys v0.10.0 gopkg.in/natefinch/lumberjack.v2 v2.2.1 @@ -48,7 +51,7 @@ require ( github.com/davecgh/go-spew v1.1.1 // indirect github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 // indirect github.com/golang/mock v1.6.0 // indirect - github.com/google/pprof v0.0.0-20230602150820-91b7bce49751 // indirect + github.com/google/pprof v0.0.0-20230705174524-200ffdc848b8 // indirect github.com/mdlayher/socket v0.4.1 // indirect github.com/onsi/ginkgo/v2 v2.11.0 // indirect github.com/patrickmn/go-cache v2.1.0+incompatible // indirect @@ -59,8 +62,8 @@ require ( github.com/quic-go/qtls-go1-19 v0.3.2 // indirect github.com/quic-go/qtls-go1-20 v0.2.2 // indirect github.com/u-root/uio v0.0.0-20230305220412-3e8cd9d6bf63 // indirect - golang.org/x/mod v0.11.0 // indirect + golang.org/x/mod v0.12.0 // indirect golang.org/x/sync v0.3.0 // indirect golang.org/x/text v0.11.0 // indirect - golang.org/x/tools v0.10.0 // indirect + golang.org/x/tools v0.11.0 // indirect ) diff --git a/go.sum b/go.sum index adee4015..cee4fd30 100644 --- a/go.sum +++ b/go.sum @@ -1,5 +1,5 @@ -github.com/AdguardTeam/dnsproxy v0.52.0 h1:uZxCXflHSAwtJ7uTYXP6qgWcxaBsH0pJvldpwTqIDJk= -github.com/AdguardTeam/dnsproxy v0.52.0/go.mod h1:Jo2zeRe97Rxt3yikXc+fn0LdLtqCj0Xlyh1PNBj6bpM= +github.com/AdguardTeam/dnsproxy v0.52.1-0.20230726165924-30c459b0cdef h1:3ZJieG+PV+wJEXLgUndW4yL9/7iubyipbDmA0w3sa7Y= +github.com/AdguardTeam/dnsproxy v0.52.1-0.20230726165924-30c459b0cdef/go.mod h1:Jo2zeRe97Rxt3yikXc+fn0LdLtqCj0Xlyh1PNBj6bpM= github.com/AdguardTeam/golibs v0.4.0/go.mod h1:skKsDKIBB7kkFflLJBpfGX+G8QFTx0WKUzB6TIgtUj4= github.com/AdguardTeam/golibs v0.10.4/go.mod h1:rSfQRGHIdgfxriDDNgNJ7HmE5zRoURq8R+VdR81Zuzw= github.com/AdguardTeam/golibs v0.13.6 h1:z/0Q25pRLdaQxtoxvfSaooz5mdv8wj0R8KREj54q8yQ= @@ -50,16 +50,16 @@ github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38= github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= github.com/google/gopacket v1.1.19 h1:ves8RnFZPGiFnTS0uPQStjwru6uO6h+nlr9j6fL7kF8= github.com/google/gopacket v1.1.19/go.mod h1:iJ8V8n6KS+z2U1A8pUwu8bW5SyEMkXJB8Yo/Vo+TKTo= -github.com/google/pprof v0.0.0-20230602150820-91b7bce49751 h1:hR7/MlvK23p6+lIw9SN1TigNLn9ZnF3W4SYRKq2gAHs= -github.com/google/pprof v0.0.0-20230602150820-91b7bce49751/go.mod h1:Jh3hGz2jkYak8qXPD19ryItVnUgpgeqzdkY/D0EaeuA= +github.com/google/pprof v0.0.0-20230705174524-200ffdc848b8 h1:n6vlPhxsA+BW/XsS5+uqi7GyzaLa5MH7qlSLBZtRdiA= +github.com/google/pprof v0.0.0-20230705174524-200ffdc848b8/go.mod h1:Jh3hGz2jkYak8qXPD19ryItVnUgpgeqzdkY/D0EaeuA= github.com/google/renameio/v2 v2.0.0 h1:UifI23ZTGY8Tt29JbYFiuyIU3eX+RNFtUwefq9qAhxg= github.com/google/renameio/v2 v2.0.0/go.mod h1:BtmJXm5YlszgC+TD4HOEEUFgkJP3nLxehU6hfe7jRt4= github.com/google/uuid v1.2.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/google/uuid v1.3.0 h1:t6JiXgmwXMjEs8VusXIJk2BXHsn+wx8BZdTaoZ5fu7I= github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/hugelgupf/socketpair v0.0.0-20190730060125-05d35a94e714 h1:/jC7qQFrv8CrSJVmaolDVOxTfS9kc36uB6H40kdbQq8= -github.com/insomniacslk/dhcp v0.0.0-20230612134759-b20c9ba983df h1:pF1MMIzEJzJ/MyI4bXYXVYyN8CJgoQ2PPKT2z3O/Cl4= -github.com/insomniacslk/dhcp v0.0.0-20230612134759-b20c9ba983df/go.mod h1:7474bZ1YNCvarT6WFKie4kEET6J0KYRDC4XJqqXzQW4= +github.com/insomniacslk/dhcp v0.0.0-20230720093626-5648422c16cd h1:D772X7igTag7yKErVWAR7boXpOml3fqqBzH1wNaD/jk= +github.com/insomniacslk/dhcp v0.0.0-20230720093626-5648422c16cd/go.mod h1:7474bZ1YNCvarT6WFKie4kEET6J0KYRDC4XJqqXzQW4= github.com/jessevdk/go-flags v1.4.0/go.mod h1:4FA24M0QyGHXBuZZK/XkWh8h0e1EYbRYJSGM75WSRxI= github.com/josharian/native v1.0.0/go.mod h1:7X/raswPFr05uY3HiLlYeyQntB6OO7E/d2Cu7qoaN2w= github.com/josharian/native v1.0.1-0.20221213033349-c1e37c09b531/go.mod h1:7X/raswPFr05uY3HiLlYeyQntB6OO7E/d2Cu7qoaN2w= @@ -108,8 +108,8 @@ github.com/quic-go/qtls-go1-19 v0.3.2 h1:tFxjCFcTQzK+oMxG6Zcvp4Dq8dx4yD3dDiIiyc8 github.com/quic-go/qtls-go1-19 v0.3.2/go.mod h1:ySOI96ew8lnoKPtSqx2BlI5wCpUVPT05RMAlajtnyOI= github.com/quic-go/qtls-go1-20 v0.2.2 h1:WLOPx6OY/hxtTxKV1Zrq20FtXtDEkeY00CGQm8GEa3E= github.com/quic-go/qtls-go1-20 v0.2.2/go.mod h1:JKtK6mjbAVcUTN/9jZpvLbGxvdWIKS8uT7EiStoU1SM= -github.com/quic-go/quic-go v0.36.1 h1:WsG73nVtnDy1TiACxFxhQ3TqaW+DipmqzLEtNlAwZyY= -github.com/quic-go/quic-go v0.36.1/go.mod h1:zPetvwDlILVxt15n3hr3Gf/I3mDf7LpLKPhR4Ez0AZQ= +github.com/quic-go/quic-go v0.36.2 h1:ZX/UNQ4gvpCv2RmwdbA6lrRjF6EBm5yZ7TMoT4NQVrA= +github.com/quic-go/quic-go v0.36.2/go.mod h1:zPetvwDlILVxt15n3hr3Gf/I3mDf7LpLKPhR4Ez0AZQ= github.com/shirou/gopsutil/v3 v3.21.8 h1:nKct+uP0TV8DjjNiHanKf8SAuub+GNsbrOtM9Nl9biA= github.com/shirou/gopsutil/v3 v3.21.8/go.mod h1:YWp/H8Qs5fVmf17v7JNZzA0mPJ+mS2e9JdiUF9LlKzQ= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= @@ -136,13 +136,13 @@ golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACk golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.11.0 h1:6Ewdq3tDic1mg5xRO4milcWCfMVQhI4NkqWWvqejpuA= golang.org/x/crypto v0.11.0/go.mod h1:xgJhtzW8F9jGdVFWZESrid1U1bjeNy4zgy5cRr/CIio= -golang.org/x/exp v0.0.0-20230713183714-613f0c0eb8a1 h1:MGwJjxBy0HJshjDNfLsYO8xppfqWlA5ZT9OhtUUhTNw= -golang.org/x/exp v0.0.0-20230713183714-613f0c0eb8a1/go.mod h1:FXUEEKJgO7OQYeo8N01OfiKP8RXMtf6e8aTskBGqWdc= +golang.org/x/exp v0.0.0-20230724220655-d98519c11495 h1:zKGKw2WlGb8oPoRGqQ2PT8g2YoCN1w/YbbQjHXCdUWE= +golang.org/x/exp v0.0.0-20230724220655-d98519c11495/go.mod h1:FXUEEKJgO7OQYeo8N01OfiKP8RXMtf6e8aTskBGqWdc= golang.org/x/lint v0.0.0-20200302205851-738671d3881b/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY= golang.org/x/mod v0.1.1-0.20191105210325-c90efee705ee/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg= golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= -golang.org/x/mod v0.11.0 h1:bUO06HqtnRcc/7l71XBe4WcqTZ+3AH1J59zWDDwLKgU= -golang.org/x/mod v0.11.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= +golang.org/x/mod v0.12.0 h1:rmsUpXtvNzj340zd98LZ4KntptpfRHwpFOHG188oHXc= +golang.org/x/mod v0.12.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/net v0.0.0-20190503192946-f4e77d36d62c/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= @@ -191,8 +191,8 @@ golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGm golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20200130002326-2f3ba24bd6e7/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= golang.org/x/tools v0.1.1/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= -golang.org/x/tools v0.10.0 h1:tvDr/iQoUqNdohiYm0LmmKcBk+q86lb9EprIUFhHHGg= -golang.org/x/tools v0.10.0/go.mod h1:UJwyiVBsOA2uwvK/e5OY3GTpDUJriEd+/YlqAwLPmyM= +golang.org/x/tools v0.11.0 h1:EMCa6U9S2LtZXLAMoWiR/R8dAQFRqbAitmbJ2UKhoi8= +golang.org/x/tools v0.11.0/go.mod h1:anzJrxPjNtfgiYQYirP2CPGzGLxrH2u2QBhn6Bf3qY8= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= diff --git a/internal/client/addrproc.go b/internal/client/addrproc.go index 04ee50d5..2b8046f6 100644 --- a/internal/client/addrproc.go +++ b/internal/client/addrproc.go @@ -58,6 +58,12 @@ type DefaultAddrProcConfig struct { // immediately by [NewDefaultAddrProc]. InitialAddresses []netip.Addr + // CatchPanics, if true, makes the address processor catch and log panics. + // + // TODO(a.garipov): Consider better ways to do this or apply this method to + // other parts of the codebase. + CatchPanics bool + // UseRDNS, if true, enables resolving of client IP addresses using reverse // DNS. UseRDNS bool @@ -151,7 +157,7 @@ func NewDefaultAddrProc(c *DefaultAddrProcConfig) (p *DefaultAddrProc) { p.whois = newWHOIS(c.DialContext) } - go p.process() + go p.process(c.CatchPanics) for _, ip := range c.InitialAddresses { p.Process(ip) @@ -214,8 +220,10 @@ func (p *DefaultAddrProc) Process(ip netip.Addr) { // process processes the incoming client IP-address information. It is intended // to be used as a goroutine. Once clientIPs is closed, process exits. -func (p *DefaultAddrProc) process() { - defer log.OnPanic("addrProcessor.process") +func (p *DefaultAddrProc) process(catchPanics bool) { + if catchPanics { + defer log.OnPanic("addrProcessor.process") + } log.Info("clients: processing addresses") diff --git a/internal/client/addrproc_test.go b/internal/client/addrproc_test.go index c6b847cd..c6b38657 100644 --- a/internal/client/addrproc_test.go +++ b/internal/client/addrproc_test.go @@ -2,6 +2,7 @@ package client_test import ( "context" + "fmt" "io" "net" "net/netip" @@ -112,6 +113,7 @@ func TestDefaultAddrProc_Process_rDNS(t *testing.T) { AddressUpdater: &aghtest.AddressUpdater{ OnUpdateAddress: newOnUpdateAddress(tc.wantUpd, updIPCh, updHostCh, updInfoCh), }, + CatchPanics: false, UseRDNS: true, UsePrivateRDNS: tc.usePrivate, UseWHOIS: false, @@ -146,8 +148,8 @@ func newOnUpdateAddress( infos chan<- *whois.Info, ) (f func(ip netip.Addr, host string, info *whois.Info)) { return func(ip netip.Addr, host string, info *whois.Info) { - if !want { - panic("got unexpected update") + if !want && (host != "" || info != nil) { + panic(fmt.Errorf("got unexpected update for %v with %q and %v", ip, host, info)) } ips <- ip @@ -222,6 +224,7 @@ func TestDefaultAddrProc_Process_WHOIS(t *testing.T) { AddressUpdater: &aghtest.AddressUpdater{ OnUpdateAddress: newOnUpdateAddress(tc.wantUpd, updIPCh, updHostCh, updInfoCh), }, + CatchPanics: false, UseRDNS: false, UsePrivateRDNS: false, UseWHOIS: true, diff --git a/internal/dnsforward/access.go b/internal/dnsforward/access.go index 12f5f3c7..c367d05b 100644 --- a/internal/dnsforward/access.go +++ b/internal/dnsforward/access.go @@ -90,7 +90,7 @@ func newAccessCtx(allowed, blocked, blockedHosts []string) (a *accessManager, er lists := []filterlist.RuleList{ &filterlist.StringRuleList{ - ID: int(0), + ID: 0, RulesText: b.String(), IgnoreCosmetic: true, }, diff --git a/internal/dnsforward/access_test.go b/internal/dnsforward/access_test.go index d5d7da26..9ca8013b 100644 --- a/internal/dnsforward/access_test.go +++ b/internal/dnsforward/access_test.go @@ -31,6 +31,7 @@ func TestIsBlockedHost(t *testing.T) { "*.host.com", "||host3.com^", "||*^$dnstype=HTTPS", + "|.^", }) require.NoError(t, err) @@ -94,6 +95,11 @@ func TestIsBlockedHost(t *testing.T) { name: "by_qtype_other", host: "site-with-https-record.example", qt: dns.TypeA, + }, { + want: assert.True, + name: "ns_root", + host: ".", + qt: dns.TypeNS, }} for _, tc := range testCases { diff --git a/internal/dnsforward/dnsforward.go b/internal/dnsforward/dnsforward.go index 730e88f8..894d2ecd 100644 --- a/internal/dnsforward/dnsforward.go +++ b/internal/dnsforward/dnsforward.go @@ -346,19 +346,21 @@ func (s *Server) Exchange(ip netip.Addr) (host string, ttl time.Duration, err er } var resolver *proxy.Proxy + var errMsg string if s.privateNets.Contains(ip.AsSlice()) { if !s.conf.UsePrivateRDNS { return "", 0, nil } resolver = s.localResolvers + errMsg = "resolving a private address: %w" s.recDetector.add(*req) } else { resolver = s.internalProxy + errMsg = "resolving an address: %w" } - if err = resolver.Resolve(dctx); err != nil { - return "", 0, err + return "", 0, fmt.Errorf(errMsg, err) } return hostFromPTR(dctx.Res) @@ -377,13 +379,18 @@ func hostFromPTR(resp *dns.Msg) (host string, ttl time.Duration, err error) { var ttlSec uint32 + log.Debug("dnsforward: resolving ptr, received %d answers", len(resp.Answer)) for _, ans := range resp.Answer { ptr, ok := ans.(*dns.PTR) if !ok { continue } - if ptr.Hdr.Ttl > ttlSec { + // Respect zero TTL records since some DNS servers use it to + // locally-resolved addresses. + // + // See https://github.com/AdguardTeam/AdGuardHome/issues/6046. + if ptr.Hdr.Ttl >= ttlSec { host = ptr.Ptr ttlSec = ptr.Hdr.Ttl } @@ -465,6 +472,7 @@ func (s *Server) filterOurDNSAddrs(addrs []string) (filtered []string, err error } ourAddrsSet := stringutil.NewSet(ourAddrs...) + log.Debug("dnsforward: filtering out %s", ourAddrsSet.String()) // TODO(e.burkov): The approach of subtracting sets of strings is not // really applicable here since in case of listening on all network @@ -501,7 +509,7 @@ func (s *Server) setupLocalResolvers() (err error) { PreferIPv6: s.conf.BootstrapPreferIPv6, }) if err != nil { - return fmt.Errorf("parsing private upstreams: %w", err) + return fmt.Errorf("preparing private upstreams: %w", err) } s.localResolvers = &proxy.Proxy{ diff --git a/internal/dnsforward/dnsforward_test.go b/internal/dnsforward/dnsforward_test.go index 775a97b5..e1927a65 100644 --- a/internal/dnsforward/dnsforward_test.go +++ b/internal/dnsforward/dnsforward_test.go @@ -72,13 +72,6 @@ func startDeferStop(t *testing.T, s *Server) { testutil.CleanupAndRequireSuccess(t, s.Stop) } -// packageUpstreamVariableMu is used to serialize access to the package-level -// variables of package upstream. -// -// TODO(s.chzhen): Move these parameters to upstream options and remove this -// crutch. -var packageUpstreamVariableMu = &sync.Mutex{} - func createTestServer( t *testing.T, filterConf *filtering.Config, @@ -87,9 +80,6 @@ func createTestServer( ) (s *Server) { t.Helper() - packageUpstreamVariableMu.Lock() - defer packageUpstreamVariableMu.Unlock() - rules := `||nxdomain.example.org ||NULL.example.org^ 127.0.0.1 host.example.org @@ -1374,6 +1364,24 @@ func TestServer_Exchange(t *testing.T) { refusingUpstream := aghtest.NewUpstreamMock(func(req *dns.Msg) (resp *dns.Msg, err error) { return new(dns.Msg).SetRcode(req, dns.RcodeRefused), nil }) + zeroTTLUps := &aghtest.UpstreamMock{ + OnAddress: func() (addr string) { return "zero.ttl.example" }, + OnExchange: func(req *dns.Msg) (resp *dns.Msg, err error) { + resp = new(dns.Msg).SetReply(req) + hdr := dns.RR_Header{ + Name: req.Question[0].Name, + Rrtype: dns.TypePTR, + Class: dns.ClassINET, + Ttl: 0, + } + resp.Answer = []dns.RR{&dns.PTR{ + Hdr: hdr, + Ptr: localDomainHost, + }} + + return resp, nil + }, + } srv := &Server{ recDetector: newRecursionDetector(0, 1), @@ -1445,6 +1453,13 @@ func TestServer_Exchange(t *testing.T) { locUpstream: nil, req: twosIP, wantTTL: defaultTTL * 2, + }, { + name: "zero_ttl", + want: localDomainHost, + wantErr: nil, + locUpstream: zeroTTLUps, + req: localIP, + wantTTL: 0, }} for _, tc := range testCases { @@ -1468,6 +1483,7 @@ func TestServer_Exchange(t *testing.T) { t.Run("resolving_disabled", func(t *testing.T) { srv.conf.UsePrivateRDNS = false + t.Cleanup(func() { srv.conf.UsePrivateRDNS = true }) host, _, eerr := srv.Exchange(localIP) diff --git a/internal/dnsforward/filter.go b/internal/dnsforward/filter.go index 3f35afc2..4dee0c07 100644 --- a/internal/dnsforward/filter.go +++ b/internal/dnsforward/filter.go @@ -5,6 +5,7 @@ import ( "fmt" "strings" + "github.com/AdguardTeam/AdGuardHome/internal/aghnet" "github.com/AdguardTeam/AdGuardHome/internal/filtering" "github.com/AdguardTeam/dnsproxy/proxy" "github.com/AdguardTeam/golibs/log" @@ -33,9 +34,9 @@ func (s *Server) beforeRequestHandler( if len(pctx.Req.Question) == 1 { q := pctx.Req.Question[0] qt := q.Qtype - host := strings.TrimSuffix(q.Name, ".") + host := aghnet.NormalizeDomain(q.Name) if s.access.isBlockedHost(host, qt) { - log.Debug("request %s %s is in access blocklist", dns.Type(qt), host) + log.Debug("access: request %s %s is in access blocklist", dns.Type(qt), host) return s.preBlockedResponse(pctx) } @@ -79,7 +80,12 @@ func (s *Server) filterDNSRequest(dctx *dnsContext) (res *filtering.Result, err res = &resVal switch { case res.IsFiltered: - log.Tracef("host %q is filtered, reason %q, rule: %q", host, res.Reason, res.Rules[0].Text) + log.Debug( + "dnsforward: host %q is filtered, reason: %q; rule: %q", + host, + res.Reason, + res.Rules[0].Text, + ) pctx.Res = s.genDNSFilterMessage(pctx, res) case res.Reason.In(filtering.Rewritten, filtering.RewrittenRule) && res.CanonName != "" && @@ -189,7 +195,7 @@ func (s *Server) filterDNSResponse( continue } else if res.IsFiltered { pctx.Res = s.genDNSFilterMessage(pctx, res) - log.Debug("DNSFwd: Matched %s by response: %s", pctx.Req.Question[0].Name, host) + log.Debug("dnsforward: matched %q by response: %q", pctx.Req.Question[0].Name, host) return res, nil } diff --git a/internal/dnsforward/process.go b/internal/dnsforward/process.go index 60feb968..13a8a2eb 100644 --- a/internal/dnsforward/process.go +++ b/internal/dnsforward/process.go @@ -719,6 +719,8 @@ func (s *Server) processLocalPTR(dctx *dnsContext) (rc resultCode) { if s.conf.UsePrivateRDNS { s.recDetector.add(*pctx.Req) if err := s.localResolvers.Resolve(pctx); err != nil { + log.Debug("dnsforward: resolving private address: %s", err) + // Generate the server failure if the private upstream configuration // is empty. // diff --git a/internal/dnsforward/upstreams.go b/internal/dnsforward/upstreams.go index ceec1cb7..6d1eac1f 100644 --- a/internal/dnsforward/upstreams.go +++ b/internal/dnsforward/upstreams.go @@ -42,16 +42,6 @@ func (s *Server) loadUpstreams() (upstreams []string, err error) { // prepareUpstreamSettings sets upstream DNS server settings. func (s *Server) prepareUpstreamSettings() (err error) { - // Use a customized set of RootCAs, because Go's default mechanism of - // loading TLS roots does not always work properly on some routers so we're - // loading roots manually and pass it here. - // - // See [aghtls.SystemRootCAs]. - // - // TODO(a.garipov): Investigate if that's true. - upstream.RootCAs = s.conf.TLSv12Roots - upstream.CipherSuites = s.conf.TLSCiphers - // Load upstreams either from the file, or from the settings var upstreams []string upstreams, err = s.loadUpstreams() @@ -64,6 +54,15 @@ func (s *Server) prepareUpstreamSettings() (err error) { Timeout: s.conf.UpstreamTimeout, HTTPVersions: UpstreamHTTPVersions(s.conf.UseHTTP3Upstreams), PreferIPv6: s.conf.BootstrapPreferIPv6, + // Use a customized set of RootCAs, because Go's default mechanism of + // loading TLS roots does not always work properly on some routers so we're + // loading roots manually and pass it here. + // + // See [aghtls.SystemRootCAs]. + // + // TODO(a.garipov): Investigate if that's true. + RootCAs: s.conf.TLSv12Roots, + CipherSuites: s.conf.TLSCiphers, }) if err != nil { return fmt.Errorf("preparing upstream config: %w", err) diff --git a/internal/filtering/servicelist.go b/internal/filtering/servicelist.go index 305baa52..246b2bc3 100644 --- a/internal/filtering/servicelist.go +++ b/internal/filtering/servicelist.go @@ -253,6 +253,30 @@ var blockedServices = []blockedService{{ "||z.cn^", "||zappos^", }, +}, { + ID: "apple_streaming", + Name: "Apple Streaming", + IconSVG: []byte(""), + Rules: []string{ + "||applemusic.apple^", + "||hls-svod-aoc-ve.itunes.g.aaplimg.com^", + "||itun.es^", + "||itunes.apple.com^", + "||itunes.ca^", + "||itunes.co.th^", + "||itunes.co^", + "||itunes.com^", + "||itunes.es^", + "||itunes.g.aaplimg.com^", + "||itunes.hk^", + "||itunes.mx^", + "||itunes.org^", + "||itunes.us^", + "||music.apple.com^", + "||tv.apple.com^", + "||tv.g.apple.com^", + "||tv.v.aaplimg.com^", + }, }, { ID: "battle_net", Name: "Battle.net", @@ -327,6 +351,34 @@ var blockedServices = []blockedService{{ "||bnet.cn^", "||lizzard.com^", }, +}, { + ID: "claro", + Name: "Claro", + IconSVG: []byte(""), + Rules: []string{ + "||claro.com.ar^", + "||claro.com.br^", + "||claro.com.co^", + "||claro.com.do^", + "||claro.com.ec^", + "||claro.com.gt^", + "||claro.com.hn^", + "||claro.com.ni^", + "||claro.com.pa^", + "||claro.com.pe^", + "||claro.com.py^", + "||claro.com.sv^", + "||claro.com.uy^", + "||claro.com^", + "||claro.cr^", + "||claro.net.br^", + "||claro.net.co^", + "||clarochile.cl^", + "||claromusica.com^", + "||claropr.com^", + "||clarovideo.com^", + "||usclaro.com^", + }, }, { ID: "cloudflare", Name: "CloudFlare", @@ -1505,6 +1557,7 @@ var blockedServices = []blockedService{{ "||aus.social^", "||awscommunity.social^", "||climatejustice.social^", + "||cupoftea.social^", "||cyberplace.social^", "||defcon.social^", "||det.social^", @@ -1595,7 +1648,6 @@ var blockedServices = []blockedService{{ "||toot.io^", "||toot.wales^", "||troet.cafe^", - "||twingyeo.kr^", "||union.place^", "||universeodon.com^", "||urbanists.social^", diff --git a/internal/home/dns.go b/internal/home/dns.go index 87cb70fd..cb6a5142 100644 --- a/internal/home/dns.go +++ b/internal/home/dns.go @@ -254,6 +254,7 @@ func newServerConfig( Exchanger: Context.dnsServer, AddressUpdater: &Context.clients, InitialAddresses: initialAddresses, + CatchPanics: true, UseRDNS: config.Clients.Sources.RDNS, UseWHOIS: config.Clients.Sources.WHOIS, } diff --git a/internal/querylog/decode_test.go b/internal/querylog/decode_test.go index 8e557e50..3e4e4f0d 100644 --- a/internal/querylog/decode_test.go +++ b/internal/querylog/decode_test.go @@ -127,7 +127,7 @@ func TestDecodeLogEntry(t *testing.T) { }, { name: "bad_time", log: `{"IP":"127.0.0.1","T":"12/09/1998T15:00:00.000000+05:00","QH":"an.yandex.ru","QT":"A","QC":"IN","CP":"","Answer":"Qz+BgAABAAEAAAAAAmFuBnlhbmRleAJydQAAAQABwAwAAQABAAAACgAEAAAAAA==","Result":{"IsFiltered":true,"Reason":3},"Elapsed":837429}`, - want: "decodeLogEntry handler err: parsing time \"12/09/1998T15:00:00.000000+05:00\" as \"2006-01-02T15:04:05Z07:00\": cannot parse \"9/1998T15:00:00.000000+05:00\" as \"2006\"\n", + want: "decodeLogEntry handler err: parsing time \"12/09/1998T15:00:00.000000+05:00\" as \"2006-01-02T15:04:05Z07:00\": cannot parse \"12/09/1998T15:00:00.000000+05:00\" as \"2006\"\n", }, { name: "bad_host", log: `{"IP":"127.0.0.1","T":"2020-11-25T18:55:56.519796+03:00","QH":6,"QT":"A","QC":"IN","CP":"","Answer":"Qz+BgAABAAEAAAAAAmFuBnlhbmRleAJydQAAAQABwAwAAQABAAAACgAEAAAAAA==","Result":{"IsFiltered":true,"Reason":3},"Elapsed":837429}`, diff --git a/internal/rdns/rdns.go b/internal/rdns/rdns.go index b33e212c..93898b3e 100644 --- a/internal/rdns/rdns.go +++ b/internal/rdns/rdns.go @@ -101,6 +101,8 @@ func (r *Default) Process(ip netip.Addr) (host string, changed bool) { log.Debug("rdns: cache: adding item %q: %s", ip, err) } + // TODO(e.burkov): The name doesn't change if it's neither stored in cache + // nor resolved successfully. Is it correct? return host, fromCache == "" || host != fromCache } diff --git a/internal/rdns/rdns_test.go b/internal/rdns/rdns_test.go index 61130ec5..0db13728 100644 --- a/internal/rdns/rdns_test.go +++ b/internal/rdns/rdns_test.go @@ -25,11 +25,6 @@ func TestDefault_Process(t *testing.T) { localRevAddr1, err := netutil.IPToReversedAddr(localIP.AsSlice()) require.NoError(t, err) - config := &rdns.Config{ - CacheSize: 100, - CacheTTL: time.Hour, - } - testCases := []struct { name string addr netip.Addr @@ -60,21 +55,21 @@ func TestDefault_Process(t *testing.T) { switch ip { case ip1: - return revAddr1, 0, nil + return revAddr1, time.Hour, nil case ip2: - return revAddr2, 0, nil + return revAddr2, time.Hour, nil case localIP: - return localRevAddr1, 0, nil + return localRevAddr1, time.Hour, nil default: - return "", 0, nil + return "", time.Hour, nil } } - exchanger := &aghtest.Exchanger{ - OnExchange: onExchange, - } - config.Exchanger = exchanger - r := rdns.New(config) + r := rdns.New(&rdns.Config{ + CacheSize: 100, + CacheTTL: time.Hour, + Exchanger: &aghtest.Exchanger{OnExchange: onExchange}, + }) got, changed := r.Process(tc.addr) require.True(t, changed) @@ -90,4 +85,40 @@ func TestDefault_Process(t *testing.T) { assert.Equal(t, 1, hit) }) } + + t.Run("zero_ttl", func(t *testing.T) { + const cacheTTL = time.Second / 2 + + zeroTTLExchanger := &aghtest.Exchanger{ + OnExchange: func(ip netip.Addr) (host string, ttl time.Duration, err error) { + return revAddr1, 0, nil + }, + } + + r := rdns.New(&rdns.Config{ + CacheSize: 1, + CacheTTL: cacheTTL, + Exchanger: zeroTTLExchanger, + }) + + got, changed := r.Process(ip1) + require.True(t, changed) + assert.Equal(t, revAddr1, got) + + zeroTTLExchanger.OnExchange = func(ip netip.Addr) (host string, ttl time.Duration, err error) { + return revAddr2, time.Hour, nil + } + + require.EventuallyWithT(t, func(t *assert.CollectT) { + got, changed = r.Process(ip1) + assert.True(t, changed) + assert.Equal(t, revAddr2, got) + }, 2*cacheTTL, time.Millisecond*100) + + assert.Never(t, func() (changed bool) { + _, changed = r.Process(ip1) + + return changed + }, 2*cacheTTL, time.Millisecond*100) + }) } diff --git a/internal/tools/go.mod b/internal/tools/go.mod index 2dd18576..8cdd6e81 100644 --- a/internal/tools/go.mod +++ b/internal/tools/go.mod @@ -1,6 +1,6 @@ module github.com/AdguardTeam/AdGuardHome/internal/tools -go 1.19 +go 1.20 require ( github.com/fzipp/gocyclo v0.6.0 @@ -10,7 +10,7 @@ require ( github.com/kyoh86/looppointer v0.2.1 github.com/securego/gosec/v2 v2.16.0 github.com/uudashr/gocognit v1.0.7 - golang.org/x/tools v0.11.0 + golang.org/x/tools v0.11.1 golang.org/x/vuln v1.0.0 // TODO(a.garipov): Return to tagged releases once a new one appears. honnef.co/go/tools v0.5.0-0.dev.0.20230709092525-bc759185c5ee @@ -27,7 +27,7 @@ require ( github.com/nbutton23/zxcvbn-go v0.0.0-20210217022336-fa2cb2858354 // indirect github.com/xo/terminfo v0.0.0-20220910002029-abceb7e1c41e // indirect golang.org/x/exp v0.0.0-20230321023759-10a507213a29 // indirect - golang.org/x/exp/typeparams v0.0.0-20230725093048-515e97ebf090 // indirect + golang.org/x/exp/typeparams v0.0.0-20230801115018-d63ba01acd4b // indirect golang.org/x/mod v0.12.0 // indirect golang.org/x/sync v0.3.0 // indirect golang.org/x/sys v0.10.0 // indirect diff --git a/internal/tools/go.sum b/internal/tools/go.sum index 56a70261..609f4a84 100644 --- a/internal/tools/go.sum +++ b/internal/tools/go.sum @@ -52,8 +52,8 @@ golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPh golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/exp v0.0.0-20230321023759-10a507213a29 h1:ooxPy7fPvB4kwsA2h+iBNHkAbp/4JxTSwCmvdjEYmug= golang.org/x/exp v0.0.0-20230321023759-10a507213a29/go.mod h1:CxIveKay+FTh1D0yPZemJVgC/95VzuuOLq5Qi4xnoYc= -golang.org/x/exp/typeparams v0.0.0-20230725093048-515e97ebf090 h1:qOYhjyK9OeXREdh7Zrta8JRvnmnFIzhkosQpp+852Ag= -golang.org/x/exp/typeparams v0.0.0-20230725093048-515e97ebf090/go.mod h1:AbB0pIl9nAr9wVwH+Z2ZpaocVmF5I4GyWCDIsVjR0bk= +golang.org/x/exp/typeparams v0.0.0-20230801115018-d63ba01acd4b h1:3dfup1Bt5y1sKG6rbyAX4qNymwAtJcqx+Aqm1DPP/Qg= +golang.org/x/exp/typeparams v0.0.0-20230801115018-d63ba01acd4b/go.mod h1:AbB0pIl9nAr9wVwH+Z2ZpaocVmF5I4GyWCDIsVjR0bk= golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.6.0-dev.0.20220106191415-9b9b3d81d5e3/go.mod h1:3p9vT2HGsQu2K1YbXdKPJLVgG5VJdoTa1poYQBtP1AY= @@ -96,8 +96,8 @@ golang.org/x/tools v0.0.0-20201007032633-0806396f153e/go.mod h1:z6u4i615ZeAfBE4X golang.org/x/tools v0.1.5/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= golang.org/x/tools v0.1.10/go.mod h1:Uh6Zz+xoGYZom868N8YTex3t7RhtHDBrE8Gzo9bV56E= golang.org/x/tools v0.1.11/go.mod h1:SgwaegtQh8clINPpECJMqnxLv9I09HLqnW3RMqW0CA4= -golang.org/x/tools v0.11.0 h1:EMCa6U9S2LtZXLAMoWiR/R8dAQFRqbAitmbJ2UKhoi8= -golang.org/x/tools v0.11.0/go.mod h1:anzJrxPjNtfgiYQYirP2CPGzGLxrH2u2QBhn6Bf3qY8= +golang.org/x/tools v0.11.1 h1:ojD5zOW8+7dOGzdnNgersm8aPfcDjhMp12UfG93NIMc= +golang.org/x/tools v0.11.1/go.mod h1:anzJrxPjNtfgiYQYirP2CPGzGLxrH2u2QBhn6Bf3qY8= golang.org/x/vuln v1.0.0 h1:tYLAU3jD9LQr98Y+3el06lWyGMCnvzw06PIWP3LIy7g= golang.org/x/vuln v1.0.0/go.mod h1:V0eyhHwaAaHrt42J9bgrN6rd12f6GU4T0Lu0ex2wDg4= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= diff --git a/scripts/make/go-lint.sh b/scripts/make/go-lint.sh index 77df4af7..458a68cf 100644 --- a/scripts/make/go-lint.sh +++ b/scripts/make/go-lint.sh @@ -35,7 +35,7 @@ set -f -u go_version="$( "${GO:-go}" version )" readonly go_version -go_min_version='go1.19.11' +go_min_version='go1.20.7' go_version_msg=" warning: your go version (${go_version}) is different from the recommended minimal one (${go_min_version}). if you have the version installed, please set the GO environment variable.