Pull request: 4686-ipset-file

Updates #4686.

* commit '10a8f7964482fd07502ac041ef92b4ea8adb3c3a':
  all: imp chlog
  all: imp docs
  feat: add dns.ipset_file setting
This commit is contained in:
Ainar Garipov 2022-09-12 16:51:26 +03:00
commit 88812f05f5
3 changed files with 35 additions and 3 deletions

View File

@ -15,6 +15,12 @@ and this project adheres to
## [v0.108.0] - 2022-12-01 (APPROX.)
-->
### Added
- The new optional `dns.ipset_file` property in the configuration file. It
allows loading the `ipset` list from a file, just like `dns.upstream_dns_file`
does for upstream servers ([#4686]).
### Changed
- The minimum DHCP message size is reassigned back to BOOTP's constraint of 300
@ -26,6 +32,7 @@ and this project adheres to
operation have been disabled ([#2993]).
[#2993]: https://github.com/AdguardTeam/AdGuardHome/issues/2993
[#4686]: https://github.com/AdguardTeam/AdGuardHome/issues/4686
[#4904]: https://github.com/AdguardTeam/AdGuardHome/issues/4904

View File

@ -128,9 +128,14 @@ type FilteringConfig struct {
// IpsetList is the ipset configuration that allows AdGuard Home to add
// IP addresses of the specified domain names to an ipset list. Syntax:
//
// DOMAIN[,DOMAIN].../IPSET_NAME
// DOMAIN[,DOMAIN].../IPSET_NAME
//
// This field is ignored if [IpsetListFileName] is set.
IpsetList []string `yaml:"ipset"`
// IpsetListFileName, if set, points to the file with ipset configuration.
// The format is the same as in [IpsetList].
IpsetListFileName string `yaml:"ipset_file"`
}
// TLSConfig is the TLS configuration for HTTPS, DNS-over-HTTPS, and DNS-over-TLS
@ -400,6 +405,26 @@ func setProxyUpstreamMode(
}
}
// prepareIpsetListSettings reads and prepares the ipset configuration either
// from a file or from the data in the configuration file.
func (s *Server) prepareIpsetListSettings() (err error) {
fn := s.conf.IpsetListFileName
if fn == "" {
return s.ipset.init(s.conf.IpsetList)
}
data, err := os.ReadFile(fn)
if err != nil {
return err
}
ipsets := stringutil.SplitTrimmed(string(data), "\n")
log.Debug("dns: using %d ipset rules from file %q", len(ipsets), fn)
return s.ipset.init(ipsets)
}
// prepareTLS - prepares TLS configuration for the DNS proxy
func (s *Server) prepareTLS(proxyConfig *proxy.Config) error {
if len(s.conf.CertificateChainData) == 0 || len(s.conf.PrivateKeyData) == 0 {

View File

@ -446,10 +446,10 @@ func (s *Server) Prepare(conf *ServerConfig) (err error) {
s.initDefaultSettings()
err = s.ipset.init(s.conf.IpsetList)
err = s.prepareIpsetListSettings()
if err != nil {
// Don't wrap the error, because it's informative enough as is.
return err
return fmt.Errorf("preparing ipset settings: %w", err)
}
err = s.prepareUpstreamSettings()