mirrors
/
AdGuardHome
mirror of https://github.com/AdguardTeam/AdGuardHome.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Pull request 2060: 6368-conf-ratelimit-subnet-len 

Updates #6368.

Squashed commit of the following:

commit def3bd7c746c671efaf655c3cfbb1a7664becd85
Merge: 59d678c95 d3862614e
Author: Stanislav Chzhen <s.chzhen@adguard.com>
Date:   Thu Nov 9 16:27:36 2023 +0300

    Merge branch 'master' into 6368-conf-ratelimit-subnet-len

commit 59d678c95978d4ab21b952ef0cae70cad1ad50d8
Author: Stanislav Chzhen <s.chzhen@adguard.com>
Date:   Wed Nov 8 18:16:40 2023 +0300

    all: imp chlog

commit 69d6a57d7facbdc6038612f31796f727adcb107f
Author: Stanislav Chzhen <s.chzhen@adguard.com>
Date:   Wed Nov 8 17:48:19 2023 +0300

    all: upd chlog

commit fa1998352618c839e248eb86c84e75933e0a5d0f
Merge: 236ba3bce f8fe9bfc8
Author: Stanislav Chzhen <s.chzhen@adguard.com>
Date:   Wed Nov 8 16:22:31 2023 +0300

    Merge branch 'master' into 6368-conf-ratelimit-subnet-len

commit 236ba3bceefbe6f9eeb6c70150f5a371f014f60d
Author: Stanislav Chzhen <s.chzhen@adguard.com>
Date:   Wed Nov 8 16:21:09 2023 +0300

    all: upd dnsproxy

commit 771af632f7795af6cdd53ffd81d0294165441439
Merge: 5a23b039e cbcc17a58
Author: Stanislav Chzhen <s.chzhen@adguard.com>
Date:   Tue Nov 7 17:51:56 2023 +0300

    Merge branch 'master' into 6368-conf-ratelimit-subnet-len

commit 5a23b039e59d1ec5cb2bfea3942da7104db3b9bd
Author: Stanislav Chzhen <s.chzhen@adguard.com>
Date:   Tue Nov 7 17:49:27 2023 +0300

    all: upd dnsproxy

commit 8b7aca3fbd21897183378470fd687380630602eb
Author: Stanislav Chzhen <s.chzhen@adguard.com>
Date:   Fri Nov 3 16:37:41 2023 +0300

    all: upd chlog

commit bd7d23bacc08d8f907e0e7e07a48259bb9ed17e8
Author: Stanislav Chzhen <s.chzhen@adguard.com>
Date:   Fri Nov 3 15:52:06 2023 +0300

    all: conf ratelimit subnet len
This commit is contained in:
Stanislav Chzhen 2023-11-09 16:44:28 +03:00
parent d3862614e5
commit 53170d8711
6 changed files with 50 additions and 26 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
CHANGELOG.md
View File

@ -25,6 +25,8 @@ NOTE: Add new changes BELOW THIS COMMENT.
### Added ### Added
- Ability to specify subnet lengths for IPv4 and IPv6 addresses, used for rate
limiting requests, in the configuration file ([#6368]).
- Ability to specify multiple domain specific upstreams per line, e.g. - Ability to specify multiple domain specific upstreams per line, e.g.
`[/domain1/../domain2/]upstream1 upstream2 .. upstreamN` ([#4977]). `[/domain1/../domain2/]upstream1 upstream2 .. upstreamN` ([#4977]).
@ -33,6 +35,11 @@ NOTE: Add new changes BELOW THIS COMMENT.
- The height of ready-to-use filter lists has been increased ([#6358]). - The height of ready-to-use filter lists has been increased ([#6358]).
- Improved authentication failure logging ([#6357]). - Improved authentication failure logging ([#6357]).
#### Configuration Changes
- New properties `dns.ratelimit_subnet_len_ipv4` and
`dns.ratelimit_subnet_len_ipv6` in the configuration file ([#6368]).
### Fixed ### Fixed
- Average request processing time calculation ([#6220]). - Average request processing time calculation ([#6220]).
@ -52,6 +59,7 @@ NOTE: Add new changes BELOW THIS COMMENT.
[#6338]: https://github.com/AdguardTeam/AdGuardHome/issues/6338 [#6338]: https://github.com/AdguardTeam/AdGuardHome/issues/6338
[#6357]: https://github.com/AdguardTeam/AdGuardHome/issues/6357 [#6357]: https://github.com/AdguardTeam/AdGuardHome/issues/6357
[#6358]: https://github.com/AdguardTeam/AdGuardHome/issues/6358 [#6358]: https://github.com/AdguardTeam/AdGuardHome/issues/6358
[#6368]: https://github.com/AdguardTeam/AdGuardHome/issues/6368
<!-- <!--
NOTE: Add new changes ABOVE THIS COMMENT. NOTE: Add new changes ABOVE THIS COMMENT.

3
go.mod
View File

@ -3,8 +3,7 @@ module github.com/AdguardTeam/AdGuardHome
go 1.20 go 1.20
require ( require (
// TODO(e.burkov): Update to v0.57.3. github.com/AdguardTeam/dnsproxy v0.57.3
github.com/AdguardTeam/dnsproxy v0.56.4-0.20231031121835-8d20902c442f
github.com/AdguardTeam/golibs v0.17.2 github.com/AdguardTeam/golibs v0.17.2
github.com/AdguardTeam/urlfilter v0.17.3 github.com/AdguardTeam/urlfilter v0.17.3
github.com/NYTimes/gziphandler v1.1.1 github.com/NYTimes/gziphandler v1.1.1

4
go.sum
View File

@ -1,5 +1,5 @@
github.com/AdguardTeam/dnsproxy v0.56.4-0.20231031121835-8d20902c442f h1:0fgscvsWpMq5G8Ab653inTgo2TXB6RxM2PjYArfs7t4= github.com/AdguardTeam/dnsproxy v0.57.3 h1:0v7D+LQrOL2k2fvkG3Ft3Cn3ayUsvAdlOlJR+gLxSGA=
github.com/AdguardTeam/dnsproxy v0.56.4-0.20231031121835-8d20902c442f/go.mod h1:ZvkbM71HwpilgkCnTubDiR4Ba6x5Qvnhy2iasMWaTDM= github.com/AdguardTeam/dnsproxy v0.57.3/go.mod h1:ZvkbM71HwpilgkCnTubDiR4Ba6x5Qvnhy2iasMWaTDM=
github.com/AdguardTeam/golibs v0.17.2 h1:vg6wHMjUKscnyPGRvxS5kAt7Uw4YxcJiITZliZ476W8= github.com/AdguardTeam/golibs v0.17.2 h1:vg6wHMjUKscnyPGRvxS5kAt7Uw4YxcJiITZliZ476W8=
github.com/AdguardTeam/golibs v0.17.2/go.mod h1:DKhCIXHcUYtBhU8ibTLKh1paUL96n5zhQBlx763sj+U= github.com/AdguardTeam/golibs v0.17.2/go.mod h1:DKhCIXHcUYtBhU8ibTLKh1paUL96n5zhQBlx763sj+U=
github.com/AdguardTeam/urlfilter v0.17.3 h1:fg/ObbnO0Cv6aw0tW6N/ETDMhhNvmcUUOZ7HlmKC3rw= github.com/AdguardTeam/urlfilter v0.17.3 h1:fg/ObbnO0Cv6aw0tW6N/ETDMhhNvmcUUOZ7HlmKC3rw=

5
internal/confmigrate/migrator_test.go
View File

@ -7,11 +7,16 @@ import (
"testing" "testing"
"github.com/AdguardTeam/AdGuardHome/internal/confmigrate" "github.com/AdguardTeam/AdGuardHome/internal/confmigrate"
"github.com/AdguardTeam/golibs/testutil"
"github.com/stretchr/testify/require" "github.com/stretchr/testify/require"
"golang.org/x/crypto/bcrypt" "golang.org/x/crypto/bcrypt"
yaml "gopkg.in/yaml.v3" yaml "gopkg.in/yaml.v3"
) )
func TestMain(m *testing.M) {
testutil.DiscardLogOutput(m)
}
// testdata is a virtual filesystem containing test data. // testdata is a virtual filesystem containing test data.
var testdata = os.DirFS("testdata") var testdata = os.DirFS("testdata")

10
internal/dnsforward/config.go
View File

@ -46,6 +46,14 @@ type Config struct {
// (0 to disable). // (0 to disable).
Ratelimit uint32 `yaml:"ratelimit"` Ratelimit uint32 `yaml:"ratelimit"`
// RatelimitSubnetLenIPv4 is a subnet length for IPv4 addresses used for
// rate limiting requests.
RatelimitSubnetLenIPv4 int `yaml:"ratelimit_subnet_len_ipv4"`
// RatelimitSubnetLenIPv6 is a subnet length for IPv6 addresses used for
// rate limiting requests.
RatelimitSubnetLenIPv6 int `yaml:"ratelimit_subnet_len_ipv6"`
// RatelimitWhitelist is the list of whitelisted client IP addresses. // RatelimitWhitelist is the list of whitelisted client IP addresses.
RatelimitWhitelist []string `yaml:"ratelimit_whitelist"` RatelimitWhitelist []string `yaml:"ratelimit_whitelist"`
@ -279,6 +287,8 @@ func (s *Server) createProxyConfig() (conf proxy.Config, err error) {
TCPListenAddr: srvConf.TCPListenAddrs, TCPListenAddr: srvConf.TCPListenAddrs,
HTTP3: srvConf.ServeHTTP3, HTTP3: srvConf.ServeHTTP3,
Ratelimit: int(srvConf.Ratelimit), Ratelimit: int(srvConf.Ratelimit),
RatelimitSubnetMaskIPv4: net.CIDRMask(srvConf.RatelimitSubnetLenIPv4, netutil.IPv4BitLen),
RatelimitSubnetMaskIPv6: net.CIDRMask(srvConf.RatelimitSubnetLenIPv6, netutil.IPv6BitLen),
RatelimitWhitelist: srvConf.RatelimitWhitelist, RatelimitWhitelist: srvConf.RatelimitWhitelist,
RefuseAny: srvConf.RefuseAny, RefuseAny: srvConf.RefuseAny,
TrustedProxies: srvConf.TrustedProxies, TrustedProxies: srvConf.TrustedProxies,

2
internal/home/config.go
View File

@ -307,6 +307,8 @@ var config = &configuration{
Port: defaultPortDNS, Port: defaultPortDNS,
Config: dnsforward.Config{ Config: dnsforward.Config{
Ratelimit: 20, Ratelimit: 20,
RatelimitSubnetLenIPv4: 24,
RatelimitSubnetLenIPv6: 56,
RefuseAny: true, RefuseAny: true,
AllServers: false, AllServers: false,
HandleDDR: true, HandleDDR: true,