Commit Graph

205 Commits

Author SHA1 Message Date
Simon Zolin c8c76ae12b Merge: + DNS: TLS handshake: terminate handshake on bad SNI
Close #1014

Squashed commit of the following:

commit 759248efc0587ff2f288996c47739e602c557a76
Author: Simon Zolin <s.zolin@adguard.com>
Date:   Thu Dec 12 19:26:46 2019 +0300

    support empty ServerName

commit 68afecd5eca5ae66262b12dcb414b50efe88dc02
Author: Simon Zolin <s.zolin@adguard.com>
Date:   Wed Dec 11 14:40:22 2019 +0300

    + DNS: TLS handshake: terminate handshake on bad SNI
2019-12-13 13:06:37 +03:00
Simon Zolin ef57f7e192 - DNS: fix race in WriteDiskConfig() 2019-12-12 15:04:29 +03:00
Simon Zolin 000e842f7b - DNS: fix deadlock in Server.ServeHTTP()
s.RLock() is called again in filterResponse() while another thread
 holds s.Lock()
2019-12-12 15:00:10 +03:00
Simon Zolin c9ccc53282 Merge: * set BlockingMode: "null_ip" by default; minor improvements
Squashed commit of the following:

commit 653544b98dc4d1b9a74e1509d0e6104b71bcdcb3
Author: Simon Zolin <s.zolin@adguard.com>
Date:   Wed Dec 11 17:34:41 2019 +0300

    * DNS reconfigure: protect against delayed socket fd close

commit 9e650f37dee7f771bf1d9d714c35f0a81788aa16
Author: Simon Zolin <s.zolin@adguard.com>
Date:   Wed Dec 11 15:28:33 2019 +0300

    - fix race on startup

commit 878fdb8fc4ebbc6fab683a65f5e4298e64c2073e
Author: Simon Zolin <s.zolin@adguard.com>
Date:   Wed Dec 11 15:11:21 2019 +0300

    * travis: don't run tests

commit 1c4ab60684ee22d55e6d2a3350c0f24d9844255c
Author: Simon Zolin <s.zolin@adguard.com>
Date:   Wed Dec 11 14:56:28 2019 +0300

    * travis: 'release.sh' and then run tests

commit e1f644b8d9a1f3b46990cdfb1b75fd81b3a49d33
Author: Simon Zolin <s.zolin@adguard.com>
Date:   Wed Dec 11 14:52:59 2019 +0300

    * set BlockingMode: "null_ip" by default
2019-12-11 17:54:34 +03:00
Simon Zolin 0a66913b4d Merge: * use upstream servers directly for the internal DNS resolver
Close #1212

* Server.Start(config *ServerConfig) -> Start()
+ Server.Prepare(config *ServerConfig)
+ Server.Resolve(host string)
+ Server.Exchange()
* rDNS: use internal DNS resolver
- clients: fix race in WriteDiskConfig()
- fix race: move 'clients' object from 'configuration' to 'HomeContext'
    Go race detector didn't like our 'clients' object in 'configuration'.
+ add AGH startup test
    . Create a configuration file
    . Start AGH instance
    . Check Web server
    . Check DNS server
    . Wait until the filters are downloaded
    . Stop and cleanup
* move module objects from config.* to Context.*
* don't call log.SetLevel() if not necessary
    This helps to avoid Go race detector's warning
* ci.sh: 'make' and then run tests

Squashed commit of the following:

commit 86500c7f749307f37af4cc8c2a1066f679d0cfad
Author: Simon Zolin <s.zolin@adguard.com>
Date:   Tue Dec 10 18:08:53 2019 +0300

    minor

commit 6e6abb9dca3cd250c458bec23aa30d2250a9eb40
Author: Simon Zolin <s.zolin@adguard.com>
Date:   Tue Dec 10 18:08:31 2019 +0300

    * ci.sh: 'make' and then run tests

commit 114192eefea6800e565ba9ab238202c006516c27
Author: Simon Zolin <s.zolin@adguard.com>
Date:   Tue Dec 10 17:50:04 2019 +0300

    fix

commit d426deea7f02cdfd4c7217a38c59e51251956a0f
Author: Simon Zolin <s.zolin@adguard.com>
Date:   Tue Dec 10 17:46:33 2019 +0300

    tests

commit 7b350edf03027895b4e43dee908d0155a9b0ac9b
Author: Simon Zolin <s.zolin@adguard.com>
Date:   Tue Dec 10 15:56:12 2019 +0300

    fix test

commit 2f5f116873bbbfdd4bb7f82a596f9e1f5c2bcfd8
Author: Simon Zolin <s.zolin@adguard.com>
Date:   Tue Dec 10 15:48:56 2019 +0300

    fix tests

commit 3fbdc77f9c34726e2295185279444983652d559e
Author: Simon Zolin <s.zolin@adguard.com>
Date:   Tue Dec 10 15:45:00 2019 +0300

    linter

commit 9da0b6965a2b6863bcd552fa83a4de2866600bb8
Author: Simon Zolin <s.zolin@adguard.com>
Date:   Tue Dec 10 15:33:23 2019 +0300

    * config.dnsctx.whois -> Context.whois

commit c71ebdbdf6efd88c877b2f243c69d3bc00a997d7
Author: Simon Zolin <s.zolin@adguard.com>
Date:   Tue Dec 10 15:31:08 2019 +0300

    * don't call log.SetLevel() if not necessary

    This helps to avoid Go race detector's warning

commit 0f250220133cefdcb0843a50000cb932802b8324
Author: Simon Zolin <s.zolin@adguard.com>
Date:   Tue Dec 10 15:28:19 2019 +0300

    * rdns: refactor

commit c460d8c9414940dac852e390b6c1b4d4fb38dff9
Author: Simon Zolin <s.zolin@adguard.com>
Date:   Tue Dec 10 14:08:08 2019 +0300

    Revert: * stats: serialize access to 'limit'

    Use 'conf *Config' and update it atomically, as in querylog module.
    (Note: Race detector still doesn't like it)

commit 488bcb884971276de0d5629384b29e22c59ee7e6
Author: Simon Zolin <s.zolin@adguard.com>
Date:   Tue Dec 10 13:50:23 2019 +0300

    * config.dnsFilter -> Context.dnsFilter

commit 86c0a6827a450414b50acec7ebfc5220d13b81e4
Author: Simon Zolin <s.zolin@adguard.com>
Date:   Tue Dec 10 13:45:05 2019 +0300

    * config.dnsServer -> Context.dnsServer

commit ee35ef095ccaabc89e3de0ef52c9b5ed56b36873
Author: Simon Zolin <s.zolin@adguard.com>
Date:   Tue Dec 10 13:42:10 2019 +0300

    * config.dhcpServer -> Context.dhcpServer

commit 1537001cd211099d5fad01696c0b806ae5d257b1
Author: Simon Zolin <s.zolin@adguard.com>
Date:   Tue Dec 10 13:39:45 2019 +0300

    * config.queryLog -> Context.queryLog

commit e5955fe4ff1ef6f41763461b37b502ea25a3d04c
Author: Simon Zolin <s.zolin@adguard.com>
Date:   Tue Dec 10 13:03:18 2019 +0300

    * config.httpsServer -> Context.httpsServer

commit 6153c10a9ac173e159d1f05e0db1512579b9203c
Author: Simon Zolin <s.zolin@adguard.com>
Date:   Mon Dec 9 20:12:24 2019 +0300

    * config.httpServer -> Context.httpServer

commit abd021fb94039015cd45c97614e8b78d4694f956
Author: Simon Zolin <s.zolin@adguard.com>
Date:   Mon Dec 9 20:08:05 2019 +0300

    * stats: serialize access to 'limit'

commit 38c2decfd87c712100edcabe62a6d4518719cb53
Author: Simon Zolin <s.zolin@adguard.com>
Date:   Mon Dec 9 19:57:04 2019 +0300

    * config.stats -> Context.stats

commit 6caf8965ad44db9dce9a7a5103aa8fa305ad9a06
Author: Simon Zolin <s.zolin@adguard.com>
Date:   Mon Dec 9 19:45:23 2019 +0300

    fix Restart()

... and 6 more commits
2019-12-11 12:38:58 +03:00
Simon Zolin 19a94bf789 + dns: add "edns_client_subnet" setting 2019-12-10 16:01:17 +03:00
Simon Zolin 87bb773d3e * DNS: remove /enable_protection and /disable_protection 2019-12-10 16:01:17 +03:00
Simon Zolin 1b3122dd35 * /control/set_upstreams_config: allow empty upstream list 2019-12-10 16:01:17 +03:00
Simon Zolin 4f4da3397c + dns: support blocking_mode=custom_ip 2019-12-10 16:01:16 +03:00
Simon Zolin 26ccee47b5 + DNS: Get/Set DNS general settings
GET /control/dns_info
POST /control/dns_config
2019-12-10 16:01:16 +03:00
Simon Zolin 7313c3bc53 + use per-client DNS servers 2019-12-05 13:16:41 +03:00
Simon Zolin e7727e9f63 + dnsforward: match CNAME with filtering rules
+ GET /control/querylog: add "cname_match" field

* querylog: Add() now receives an object with parameters
2019-12-03 17:01:26 +03:00
Simon Zolin d6d0d53761 * DNS: use Quad9 as default server 2019-12-02 15:40:54 +03:00
Simon Zolin f579c23bc9 * minor fixes 2019-12-02 15:25:11 +03:00
Simon Zolin 9b8cccdfcf * dnsforward: refactor code for default DNS servers logic 2019-12-02 14:58:17 +03:00
Simon Zolin 8bf75b54a4 * update tests 2019-12-02 14:58:17 +03:00
Simon Zolin 19a1c03d3b * dnsforward: move access settings and web handlers 2019-12-02 14:58:17 +03:00
Simon Zolin 7bb32eae3d + dnsforward: refactor
+ dnsforward: own HTTP handlers
* dnsforward: no DNS reload on ProtectionEnabled setting change
* dnsforward: move QueryLog* settings out
* dnsforward: move dnsfilter settings out
* clients,i18n: no DNS reload on settings change
2019-12-02 14:58:17 +03:00
Simon Zolin 0cd6781a9a * QueryLog.Add() now receives net.IP, not net.Addr 2019-11-19 15:09:53 +03:00
Simon Zolin 090f549833 - dns rewrites: CNAME record didn't work 2019-11-07 15:27:39 +03:00
Simon Zolin 3b443bc9c8 * dns: enable DNS message compression 2019-10-23 20:02:42 +03:00
Simon Zolin b7b32e2f01 - windows: dns: fix reconfigure procedure 2019-10-21 15:58:14 +03:00
Simon Zolin a59e346d4a * dnsfilter: major refactoring
* dnsfilter is controlled by package home, not dnsforward
* move HTTP handlers to dnsfilter/
* apply filtering settings without DNS server restart
* use only 1 goroutine for filters update
* apply new filters quickly (after they are ready to be used)
2019-10-09 20:05:21 +03:00
Simon Zolin 90db91b0fd * querylog: refactor: move HTTP handlers to querylog/ 2019-10-09 19:38:58 +03:00
Simon Zolin bbb5413331 * stats: refactor: move HTTP handlers to stats/
DNS module passes additional parameters to Stats module.
This allows Stats to handle HTTP requests by itself - completely removing
 all stats-related code from outside.
2019-09-26 16:52:28 +03:00
Simon Zolin 75b864f25e * dnsforward: create dnsfilter asynchronously 2019-09-23 20:00:11 +03:00
Simon Zolin d7f256ba7f - fix crash after stats module is closed
Close DNS forward module BEFORE stats.
2019-09-19 12:47:55 +03:00
Simon Zolin f4c29715b5 - rewrites: AAAA rewrites didn't work 2019-09-16 16:28:00 +03:00
Simon Zolin 30ca77303b Merge: Add Filters Update Interval setting; refactor
Close #641

* commit 'd0fc1dc54dfbc017f28c6c0afa4623c6259af557':
  + client: handle filters configuration
  * openapi: update /filtering
  filtering: refactor;  change API;  add "filters_update_interval" setting
2019-09-12 19:06:39 +03:00
Simon Zolin df5b41458f Merge: + dnsforward: disable Mozilla DoH - block use-application-dns.net
#988

* commit '47e29f96dfb9f254babcf4763912dc5e9a07ee2a':
  + dnsforward: disable Mozilla DoH - block use-application-dns.net
2019-09-12 19:05:29 +03:00
Simon Zolin 47e29f96df + dnsforward: disable Mozilla DoH - block use-application-dns.net 2019-09-12 18:56:11 +03:00
Simon Zolin adb422fedf filtering: refactor; change API; add "filters_update_interval" setting
+ config: "filters_update_interval"
* add /control/filtering_info
* remove /control/filtering/enable
* remove /control/filtering/disable

* add /control/filtering_config
* remove /control/filtering/status

* add /control/filtering/set_url
* remove /control/filtering/enable_url
* remove /control/filtering/disable_url
2019-09-12 18:38:13 +03:00
Simon Zolin 8104c902ee * querylog: move code to a separate package
+ config: "querylog_interval" setting
/control/querylog_config, /control/querylog_info
+ POST /control/querylog_clear
2019-09-12 18:35:13 +03:00
Simon Zolin 04e2566e9e * stats: use uint32 or uint64 integer values, not int 2019-09-12 17:53:27 +03:00
Simon Zolin 4a58266ba3 + statistics: store in separate file
+ GET /control/stats handler
2019-09-04 10:12:02 +03:00
Simon Zolin 60eb55bdce * stats: remove old code 2019-09-04 10:12:01 +03:00
Simon Zolin c616259e8b * dnsfilter: use golibs/cache
+ config: add cache size settings
+ config: add cache_time setting
2019-09-02 19:12:53 +03:00
Simon Zolin 24bb708b21 + config: add certificate_path, private_key_path
* POST /control/tls/configure: support certificate_path and private_key_path
2019-08-30 19:18:14 +03:00
Andrey Meshkov 64d40bdc47 Merge: - config: global "blocked_services" settings were reset on startup
* commit 'b1ca7c90d3ef0e72d3535b7cf195adfe83d34e5a':
  - config: global "blocked_services" settings were reset on startup
2019-08-22 15:38:24 +03:00
Simon Zolin b1ca7c90d3 - config: global "blocked_services" settings were reset on startup 2019-08-22 15:30:48 +03:00
Simon Zolin a370cd0bf0 - dnsforward: don't use dnsfilter object after it's closed (additional check) 2019-08-22 12:01:59 +03:00
Simon Zolin 94552a30d7 - dnsforward: don't use dnsfilter object after it's closed 2019-08-20 15:07:39 +03:00
Andrey Meshkov c82e93cfc7 -(dnsforward): fixed sigsegv when protection is disabled
Also, fixed all golint issues

 Closes: #941
2019-08-20 00:55:32 +03:00
Simon Zolin b37208564b - fix build: we're using a new gcache module now 2019-08-16 15:43:12 +03:00
Simon Zolin 56c69cdb79 Revert "fix tests"
This reverts commit d9265aa9a8.
2019-08-16 15:11:57 +03:00
Simon Zolin 15d07a40eb * refactor 2019-08-05 14:12:22 +03:00
Simon Zolin e81a9c7d56 + dnsfilter: use global and per-client BlockedServices array 2019-08-05 14:12:22 +03:00
Simon Zolin 1bb6638db7 + dnsforward: use Rewrites table 2019-07-29 11:48:24 +03:00
Simon Zolin a9fbb93f0f Merge: + Add "parental_block_host" and "safebrowsing_block_host" settings
#454

* commit 'fdf7ee2c08d4177d78fcdc20571bc7d2b61320ae':
  * refactor: don't set new configuration while running DNS server
  * refactor
  * dnsforward: parental control server can be an IP address, not just host name
  + dnsforward, config: add "parental_block_host" and "safebrowsing_block_host" settings
2019-07-24 19:35:46 +03:00
Simon Zolin d9265aa9a8 fix tests 2019-07-23 20:01:50 +03:00
Simon Zolin fdf7ee2c08 * refactor: don't set new configuration while running DNS server 2019-07-22 12:52:27 +03:00
Simon Zolin 5a3de2a276 * refactor 2019-07-22 12:33:58 +03:00
Simon Zolin 4a05ab0057 * dnsforward: parental control server can be an IP address, not just host name 2019-07-22 12:33:45 +03:00
Simon Zolin 4134a8c30e + dnsforward, config: add "parental_block_host" and "safebrowsing_block_host" settings 2019-07-22 12:16:30 +03:00
Simon Zolin 2bbd262968 * dnsforward: move initialization of periodic tasks to NewServer() 2019-07-19 12:18:16 +03:00
Simon Zolin 0a1d7fd707 - fix tests 2019-07-09 11:35:39 +03:00
Simon Zolin 134d9275bb * use urlfilter v0.4.0
Now we pass filtering rules to urlfilter as filer file names,
 rather than the list of rule strings.
(Note: user rules are still passed as the list of rule strings).

As a result, we don't store the contents of filter files in memory.
2019-07-04 14:10:01 +03:00
Andrey Meshkov 07db927246 Fix #727 - use default parental sensitivity when it's not set 2019-06-06 22:42:17 +03:00
Andrey Meshkov a3b8d4d923 Fix #706 -- rDNS for DOH/DOT clients 2019-06-04 20:38:53 +03:00
Simon Zolin 1d09ff0562 Merge: + dnsforward: add access settings for blocking DNS requests
Close #728

* commit 'e4532a27cd2a6f92aaf724fddbffa00fcecb064c':
  - openapi: correct format
  + client: handle access settings
  * go.mod: update dnsproxy
  + control: /access/list, /access/set handlers
  + dnsforward: add access settings for blocking DNS requests
2019-06-03 15:04:52 +03:00
Simon Zolin 3baa6919dc - fix tests and linter issues 2019-05-31 12:27:13 +03:00
Simon Zolin 36ffcf7d22 + dnsforward: add access settings for blocking DNS requests
Block by client IP or target domain name.
2019-05-30 18:21:36 +03:00
Simon Zolin a12f01793f + clients: find DNS client's hostname by IP using rDNS 2019-05-28 19:07:57 +03:00
Simon Zolin 8bf76c331d + dnsfilter: use callback function for applying per-client settings 2019-05-28 18:44:27 +03:00
Simon Zolin ac8f703407 + dnsforward: support IPv6 (AAAA response)
If question type is AAAA:
 Before this patch we responded with NXDOMAIN.
 Now we send an empty response if host rule is IPv4;
 or we send an AAAA answer if host rule is IPv6.

+ block ipv6 if rule is "0.0.0.0 blockdomain"
2019-05-24 18:08:08 +03:00
Simon Zolin 096a959987 * dnsforward: use new dnsfilter interface 2019-05-17 18:22:57 +03:00
Simon Zolin 9644f79a03 * dnsforward: use separate ServerConfig object 2019-05-17 18:22:57 +03:00
Simon Zolin d5f6dd1a46 - dns query log: robust file flushing mechanism
Before this patch we could exit the process without waiting for
 file writing task to complete.
As a result a file could become corrupted or a large chunk of data
 could be missing.

Now the main thread either waits until file writing task completes
 or it writes log buffer to file itself.
2019-05-15 13:12:03 +03:00
Simon Zolin 0f28a989e9 * improve logging 2019-05-15 13:12:03 +03:00
Alexander Turcic cd2dd00da3 * dnsforward_test: add test for null filter 2019-05-14 16:53:09 +03:00
Alexander Turcic 07ffcbec3d * dnsforward, config: add unspecified IP blocking option
* dnsforward: prioritize host files over null filter

* dnsforward, config: adjust setting variable to blocking_mode

* dnsforward: use net.IPv4zero for null IP
2019-05-14 16:53:06 +03:00
Aleksey Dmitrevskiy c82887d3aa * app, dnsforward: add MinVersion for TLS configs 2019-04-17 12:02:56 +03:00
Aleksey Dmitrevskiy 9ea5c1abe1 + control, dns, client: add ability to set DNS upstream per domain 2019-03-20 14:24:33 +03:00
Aleksey Dmitrevskiy bc4c2e2ff7 Merge branch 'master' into fix/596 2019-03-06 18:25:42 +03:00
Aleksey Dmitrevskiy 53d680a5df Fix #597 - [bugfix] querylog_top: Empty domain gets to the Top Queried domains 2019-02-28 16:19:23 +03:00
Aleksey Dmitrevskiy acb4a98466 [change] dnsforward: Add comments for public fields 2019-02-28 13:40:40 +03:00
Aleksey Dmitrevskiy 3929f0da44 [change] control: Handle upstream config with JSON 2019-02-28 13:01:41 +03:00
Aleksey Dmitrevskiy 81e88472cb Merge branch 'fix/542' into fix/596 2019-02-28 11:16:03 +03:00
Aleksey Dmitrevskiy 967a1e6b87 Merge branch 'master' into fix/596 2019-02-27 18:56:36 +03:00
Aleksey Dmitrevskiy ffa4429818 Merge branch 'master' into fix/542 2019-02-27 18:47:01 +03:00
Simon Zolin 5cb6d97cd7 * use new logger - AdguardTeam/golibs/log 2019-02-27 15:02:11 +03:00
Aleksey Dmitrevskiy dc05556c5a Fix #542 - Add Bootstrap DNS resolver settings 2019-02-27 11:15:18 +03:00
Aleksey Dmitrevskiy 5bc6d00aa0 Fix #596 - Intelligent Optimal DNS Resolution 2019-02-26 18:19:05 +03:00
Andrey Meshkov c71d6ed433 Fix race in safesearch tests 2019-02-25 18:56:51 +03:00
Aleksey Dmitrevskiy 86279f19b0 Add TODO 2019-02-25 17:15:50 +03:00
Aleksey Dmitrevskiy 3d901a82ad Fix merge issues 2019-02-25 17:07:26 +03:00
Aleksey Dmitrevskiy d351ed82c1 Merge branch 'master' into fix/576 2019-02-25 17:07:02 +03:00
Aleksey Dmitrevskiy 8e13f22aa5 Add stats assertions 2019-02-25 17:01:57 +03:00
Aleksey Dmitrevskiy d0f4f22e0d Add safesearch test for dnsforward 2019-02-25 14:58:54 +03:00
Andrey Meshkov 1da954fa97 Fix tests 2019-02-22 18:41:59 +03:00
Andrey Meshkov ad4b58472f Update dnsproxy to 0.11.0 2019-02-22 18:16:47 +03:00
Andrey Meshkov e8898811fe Added DOH url 2019-02-22 15:52:12 +03:00
Andrey Meshkov 71df659dc9 Added DNS-over-TLS unit-test and a test looking for race-conditions 2019-02-22 15:23:39 +03:00
Andrey Meshkov 37431735fd Added new config fields to readme 2019-02-21 17:48:18 +03:00
Eugene Bujak 229ef78085 Activate DNS-over-TLS server when certificates, keys and ports are configured. 2019-02-15 16:28:28 +03:00
Andrey Meshkov a40ddb094b Fix review comments 2019-02-11 14:22:36 +03:00
Andrey Meshkov 9ff420bb52 Do not store last_updated in the config file anymore 2019-02-10 21:44:16 +03:00
Andrey Meshkov 9a03190a62 Fix #579
1. Added --workdir command-line argument that lets configure the working dir.
2. Made "dnsforward" use this workdir parameter when saving/reading querylog.
3. Reworked "dnsforward" -- moved http handlers out of there to control.go
2019-02-10 20:47:43 +03:00
Eugene Bujak 68c8a4d484 Demote some log.printf into log.tracef 2019-02-07 18:24:43 +03:00
Andrey Meshkov ec6b1f7c42 Added golangci-lint configuration and prepared for the integrattion 2019-01-25 20:13:57 +03:00