Pull request 1877: 5913-fix-safesearch-ipv6
Updates #5913. Squashed commit of the following: commit a0ab1320ea22dc1b4e2804ef2d14e0091daa6a1e Author: Ainar Garipov <A.Garipov@AdGuard.COM> Date: Mon Jun 19 15:23:44 2023 +0300 all: fmt; typo commit 3a2e561c535bbbd2b2eeeaa1a6f423bc123b1a6b Author: Ainar Garipov <A.Garipov@AdGuard.COM> Date: Mon Jun 19 15:16:28 2023 +0300 all: fix safesearch for ipv6
This commit is contained in:
parent
b6d00f774b
commit
d26c480d03
|
@ -82,11 +82,11 @@ In this release, the schema version has changed from 20 to 21.
|
||||||
|
|
||||||
### Fixed
|
### Fixed
|
||||||
|
|
||||||
- DNSCrypt upstream not resetting the client and resolver information on
|
- Safe Search not working with `AAAA` queries for Yandex domains ([#5913]).
|
||||||
dialing errors ([#5872]).
|
|
||||||
|
|
||||||
[#951]: https://github.com/AdguardTeam/AdGuardHome/issues/951
|
[#951]: https://github.com/AdguardTeam/AdGuardHome/issues/951
|
||||||
[#1577]: https://github.com/AdguardTeam/AdGuardHome/issues/1577
|
[#1577]: https://github.com/AdguardTeam/AdGuardHome/issues/1577
|
||||||
|
[#5913]: https://github.com/AdguardTeam/AdGuardHome/issues/5913
|
||||||
|
|
||||||
<!--
|
<!--
|
||||||
NOTE: Add new changes ABOVE THIS COMMENT.
|
NOTE: Add new changes ABOVE THIS COMMENT.
|
||||||
|
|
|
@ -57,16 +57,13 @@ func (s *Server) genDNSFilterMessage(
|
||||||
return s.genBlockedHost(req, s.conf.SafeBrowsingBlockHost, dctx)
|
return s.genBlockedHost(req, s.conf.SafeBrowsingBlockHost, dctx)
|
||||||
case filtering.FilteredParental:
|
case filtering.FilteredParental:
|
||||||
return s.genBlockedHost(req, s.conf.ParentalBlockHost, dctx)
|
return s.genBlockedHost(req, s.conf.ParentalBlockHost, dctx)
|
||||||
|
case filtering.FilteredSafeSearch:
|
||||||
|
// If Safe Search generated the necessary IP addresses, use them.
|
||||||
|
// Otherwise, if there were no errors, there are no addresses for the
|
||||||
|
// requested IP version, so produce a NODATA response.
|
||||||
|
return s.genResponseWithIPs(req, ipsFromRules(res.Rules))
|
||||||
default:
|
default:
|
||||||
// If the query was filtered by Safe Search, filtering also must return
|
return s.genForBlockingMode(req, ipsFromRules(res.Rules))
|
||||||
// the IP addresses that must be used in response. Return them
|
|
||||||
// regardless of the filtering method.
|
|
||||||
ips := ipsFromRules(res.Rules)
|
|
||||||
if res.Reason == filtering.FilteredSafeSearch && len(ips) > 0 {
|
|
||||||
return s.genResponseWithIPs(req, ips)
|
|
||||||
}
|
|
||||||
|
|
||||||
return s.genForBlockingMode(req, ips)
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -84,7 +84,7 @@ func (s *DefaultStorage) MatchRequest(dReq *urlfilter.DNSRequest) (rws []*rules.
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
// TODO(a.garipov): Check cnames for cycles on initialisation.
|
// TODO(a.garipov): Check cnames for cycles on initialization.
|
||||||
cnames := stringutil.NewSet()
|
cnames := stringutil.NewSet()
|
||||||
host := dReq.Hostname
|
host := dReq.Hostname
|
||||||
for len(rrules) > 0 && rrules[0].DNSRewrite != nil && rrules[0].DNSRewrite.NewCNAME != "" {
|
for len(rrules) > 0 && rrules[0].DNSRewrite != nil && rrules[0].DNSRewrite.NewCNAME != "" {
|
||||||
|
|
|
@ -203,7 +203,7 @@ func (ss *Default) CheckHost(
|
||||||
return res, nil
|
return res, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
return filtering.Result{}, fmt.Errorf("no ipv4 addresses for %q", host)
|
return filtering.Result{}, fmt.Errorf("no ip addresses for %q", host)
|
||||||
}
|
}
|
||||||
|
|
||||||
// searchHost looks up DNS rewrites in the internal DNS filtering engine.
|
// searchHost looks up DNS rewrites in the internal DNS filtering engine.
|
||||||
|
@ -255,7 +255,14 @@ func (ss *Default) newResult(
|
||||||
|
|
||||||
host := rewrite.NewCNAME
|
host := rewrite.NewCNAME
|
||||||
if host == "" {
|
if host == "" {
|
||||||
return nil, nil
|
// If there is a rewrite, but it's neither a CNAME one nor one matching
|
||||||
|
// the IP version, then it's a service that only has one type of IP
|
||||||
|
// record but not the other. Return the empty result to be converted
|
||||||
|
// into a NODATA response.
|
||||||
|
//
|
||||||
|
// TODO(a.garipov): Use the main rewrite result mechanism used in
|
||||||
|
// [dnsforward.Server.filterDNSRequest].
|
||||||
|
return res, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
ss.log(log.DEBUG, "resolving %q", host)
|
ss.log(log.DEBUG, "resolving %q", host)
|
||||||
|
|
|
@ -71,6 +71,17 @@ func TestDefault_CheckHost_yandex(t *testing.T) {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func TestDefault_CheckHost_yandexAAAA(t *testing.T) {
|
||||||
|
conf := testConf
|
||||||
|
ss, err := safesearch.NewDefault(conf, "", testCacheSize, testCacheTTL)
|
||||||
|
require.NoError(t, err)
|
||||||
|
|
||||||
|
res, err := ss.CheckHost("www.yandex.ru", dns.TypeAAAA)
|
||||||
|
require.NoError(t, err)
|
||||||
|
|
||||||
|
assert.True(t, res.IsFiltered)
|
||||||
|
}
|
||||||
|
|
||||||
func TestDefault_CheckHost_google(t *testing.T) {
|
func TestDefault_CheckHost_google(t *testing.T) {
|
||||||
resolver := &aghtest.TestResolver{}
|
resolver := &aghtest.TestResolver{}
|
||||||
ip, _ := resolver.HostToIPs("forcesafesearch.google.com")
|
ip, _ := resolver.HostToIPs("forcesafesearch.google.com")
|
||||||
|
|
Loading…
Reference in New Issue