Skip to content

Commit

Permalink
Pull request 1758: 1472-edns-custom-ip-api
Browse files Browse the repository at this point in the history
Merge in DNS/adguard-home from 1472-edns-custom-ip-api to master

Updates #1472

Squashed commit of the following:

commit 7605ec5
Merge: 8b2ac22 194ead3
Author: Stanislav Chzhen <s.chzhen@adguard.com>
Date:   Wed Mar 22 13:39:25 2023 +0300

    Merge branch 'master' into 1472-edns-custom-ip-api

commit 8b2ac22
Merge: d5ca8b6 c3edab4
Author: Stanislav Chzhen <s.chzhen@adguard.com>
Date:   Tue Mar 21 18:26:55 2023 +0300

    Merge branch 'master' into 1472-edns-custom-ip-api

commit d5ca8b6
Author: Stanislav Chzhen <s.chzhen@adguard.com>
Date:   Tue Mar 21 18:26:24 2023 +0300

    dnsforward: imp tests

commit 1302586
Author: Vladislav Abdulmyanov <v.abdulmyanov@adguard.com>
Date:   Tue Mar 21 16:47:56 2023 +0200

    client: change validation for custom edns ip

commit 44e4dc6
Author: Vladislav Abdulmyanov <v.abdulmyanov@adguard.com>
Date:   Tue Mar 21 16:31:42 2023 +0200

    client: implement edns custom ip

commit 8a3e7ad
Merge: 04ac111 f736d85
Author: Stanislav Chzhen <s.chzhen@adguard.com>
Date:   Tue Mar 21 15:04:40 2023 +0300

    Merge branch 'master' into 1472-edns-custom-ip-api

commit 04ac111
Author: Stanislav Chzhen <s.chzhen@adguard.com>
Date:   Tue Mar 21 15:03:39 2023 +0300

    dnsforward: imp tests

commit b44f6d0
Merge: 19c6851 48431f8
Author: Stanislav Chzhen <s.chzhen@adguard.com>
Date:   Mon Mar 20 17:55:49 2023 +0300

    Merge branch 'master' into 1472-edns-custom-ip-api

commit 19c6851
Author: Stanislav Chzhen <s.chzhen@adguard.com>
Date:   Fri Mar 10 10:40:15 2023 +0300

    all: fix chlog

commit 6dcdcbd
Merge: a7f1bf7 a205352
Author: Stanislav Chzhen <s.chzhen@adguard.com>
Date:   Fri Mar 10 10:23:37 2023 +0300

    Merge branch 'master' into 1472-edns-custom-ip-api

commit a7f1bf7
Author: Stanislav Chzhen <s.chzhen@adguard.com>
Date:   Tue Mar 7 19:24:18 2023 +0300

    home: fix default value

commit 0311a9b
Merge: 7e0bb3d 1011b8f
Author: Stanislav Chzhen <s.chzhen@adguard.com>
Date:   Tue Mar 7 19:04:18 2023 +0300

    Merge branch 'master' into 1472-edns-custom-ip-api

commit 7e0bb3d
Author: Stanislav Chzhen <s.chzhen@adguard.com>
Date:   Tue Mar 7 19:03:24 2023 +0300

    all: fix chlog

commit 202d7cc
Author: Stanislav Chzhen <s.chzhen@adguard.com>
Date:   Tue Mar 7 11:35:41 2023 +0300

    dnsforward: fix typo

commit fe95e00
Author: Stanislav Chzhen <s.chzhen@adguard.com>
Date:   Tue Mar 7 11:28:21 2023 +0300

    all: fix docs

commit 66835a9
Author: Stanislav Chzhen <s.chzhen@adguard.com>
Date:   Tue Mar 7 10:48:08 2023 +0300

    dnsforward: add todo

commit b58255e
Author: Stanislav Chzhen <s.chzhen@adguard.com>
Date:   Mon Mar 6 15:40:02 2023 +0300

    all: upd chlog

commit 9b2be7f
Author: Stanislav Chzhen <s.chzhen@adguard.com>
Date:   Fri Mar 3 11:22:19 2023 +0300

    dnsforward: edns custom ip api
  • Loading branch information
schzhn committed Mar 22, 2023
1 parent 194ead3 commit 306c198
Show file tree
Hide file tree
Showing 12 changed files with 326 additions and 97 deletions.
3 changes: 3 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,8 @@ NOTE: Add new changes BELOW THIS COMMENT.

### Added

- The ability to set custom IP for EDNS Client Subnet by using the DNS-server
configuration section on the DNS settings page in the UI ([#1472]).
- The ability to manage safesearch for each service by using the new
`safe_search` field ([#1163]).

Expand Down Expand Up @@ -68,6 +70,7 @@ In this release, the schema version has changed from 17 to 19.
([#5584]).

[#1163]: https://github.com/AdguardTeam/AdGuardHome/issues/1163
[#1472]: https://github.com/AdguardTeam/AdGuardHome/issues/1472
[#5567]: https://github.com/AdguardTeam/AdGuardHome/issues/5567
[#5584]: https://github.com/AdguardTeam/AdGuardHome/issues/5584

Expand Down
2 changes: 2 additions & 0 deletions client/src/__locales/en.json
Original file line number Diff line number Diff line change
Expand Up @@ -290,6 +290,8 @@
"rate_limit": "Rate limit",
"edns_enable": "Enable EDNS client subnet",
"edns_cs_desc": "Add the EDNS Client Subnet option (ECS) to upstream requests and log the values sent by the clients in the query log.",
"edns_use_custom_ip": "Use custom IP for EDNS",
"edns_use_custom_ip_desc": "Allow to use custom IP for EDNS",
"rate_limit_desc": "The number of requests per second allowed per client. Setting it to 0 means no limit.",
"blocking_ipv4_desc": "IP address to be returned for a blocked A request",
"blocking_ipv6_desc": "IP address to be returned for a blocked AAAA request",
Expand Down
41 changes: 36 additions & 5 deletions client/src/components/Settings/Dns/Config/Form.js
Original file line number Diff line number Diff line change
Expand Up @@ -13,15 +13,11 @@ import {
validateIpv4,
validateIpv6,
validateRequiredValue,
validateIp,
} from '../../../../helpers/validators';
import { BLOCKING_MODES, FORM_NAME, UINT32_RANGE } from '../../../../helpers/constants';

const checkboxes = [
{
name: 'edns_cs_enabled',
placeholder: 'edns_enable',
subtitle: 'edns_cs_desc',
},
{
name: 'dnssec_enabled',
placeholder: 'dnssec_enable',
Expand Down Expand Up @@ -66,6 +62,8 @@ const Form = ({
const { t } = useTranslation();
const {
blocking_mode,
edns_cs_enabled,
edns_cs_use_custom,
} = useSelector((state) => state.form[FORM_NAME.BLOCKING_MODE].values ?? {}, shallowEqual);

return <form onSubmit={handleSubmit}>
Expand All @@ -92,6 +90,39 @@ const Form = ({
/>
</div>
</div>
<div className="col-12">
<div className="form__group form__group--settings">
<Field
name="edns_cs_enabled"
type="checkbox"
component={CheckboxField}
placeholder={t('edns_enable')}
disabled={processing}
subtitle={t('edns_cs_desc')}
/>
</div>
</div>
<div className="col-12 form__group form__group--inner">
<div className="form__group ">
<Field
name="edns_cs_use_custom"
type="checkbox"
component={CheckboxField}
placeholder={t('edns_use_custom_ip')}
disabled={processing || !edns_cs_enabled}
subtitle={t('edns_use_custom_ip_desc')}
/>
</div>

{edns_cs_use_custom && (<Field
name="edns_cs_custom_ip"
component={renderInputField}
className="form-control"
placeholder={t('form_enter_ip')}
validate={[validateIp, validateRequiredValue]}
/>)}

</div>
{checkboxes.map(({ name, placeholder, subtitle }) => <div className="col-12" key={name}>
<div className="form__group form__group--settings">
<Field
Expand Down
4 changes: 4 additions & 0 deletions client/src/components/Settings/Dns/Config/index.js
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,8 @@ const Config = () => {
blocking_ipv4,
blocking_ipv6,
edns_cs_enabled,
edns_cs_use_custom,
edns_cs_custom_ip,
dnssec_enabled,
disable_ipv6,
processingSetConfig,
Expand All @@ -39,6 +41,8 @@ const Config = () => {
edns_cs_enabled,
disable_ipv6,
dnssec_enabled,
edns_cs_use_custom,
edns_cs_custom_ip,
}}
onSubmit={handleFormSubmit}
processing={processingSetConfig}
Expand Down
15 changes: 4 additions & 11 deletions internal/dnsforward/config.go
Original file line number Diff line number Diff line change
Expand Up @@ -200,7 +200,7 @@ type FilteringConfig struct {
// EDNSClientSubnet is the settings list for EDNS Client Subnet.
type EDNSClientSubnet struct {
// CustomIP for EDNS Client Subnet.
CustomIP string `yaml:"custom_ip"`
CustomIP netip.Addr `yaml:"custom_ip"`

// Enabled defines if EDNS Client Subnet is enabled.
Enabled bool `yaml:"enabled"`
Expand Down Expand Up @@ -340,15 +340,8 @@ func (s *Server) createProxyConfig() (conf proxy.Config, err error) {
}

if srvConf.EDNSClientSubnet.UseCustom {
// TODO(s.chzhen): Add wrapper around netip.Addr.
var ip net.IP
ip, err = netutil.ParseIP(srvConf.EDNSClientSubnet.CustomIP)
if err != nil {
return conf, fmt.Errorf("edns: %w", err)
}

// TODO(s.chzhen): Use netip.Addr instead of net.IP inside dnsproxy.
conf.EDNSAddr = ip
conf.EDNSAddr = net.IP(srvConf.EDNSClientSubnet.CustomIP.AsSlice())
}

if srvConf.CacheSize != 0 {
Expand Down Expand Up @@ -377,7 +370,7 @@ func (s *Server) createProxyConfig() (conf proxy.Config, err error) {

err = s.prepareTLS(&conf)
if err != nil {
return conf, fmt.Errorf("validating tls: %w", err)
return proxy.Config{}, fmt.Errorf("validating tls: %w", err)
}

if c := srvConf.DNSCryptConfig; c.Enabled {
Expand All @@ -388,7 +381,7 @@ func (s *Server) createProxyConfig() (conf proxy.Config, err error) {
}

if conf.UpstreamConfig == nil || len(conf.UpstreamConfig.Upstreams) == 0 {
return conf, errors.Error("no default upstream servers configured")
return proxy.Config{}, errors.Error("no default upstream servers configured")
}

return conf, nil
Expand Down
164 changes: 110 additions & 54 deletions internal/dnsforward/http.go
Original file line number Diff line number Diff line change
Expand Up @@ -23,26 +23,78 @@ import (
)

// jsonDNSConfig is the JSON representation of the DNS server configuration.
//
// TODO(s.chzhen): Split it into smaller pieces. Use aghalg.NullBool instead
// of *bool.
type jsonDNSConfig struct {
Upstreams *[]string `json:"upstream_dns"`
UpstreamsFile *string `json:"upstream_dns_file"`
Bootstraps *[]string `json:"bootstrap_dns"`
ProtectionEnabled *bool `json:"protection_enabled"`
RateLimit *uint32 `json:"ratelimit"`
BlockingMode *BlockingMode `json:"blocking_mode"`
EDNSCSEnabled *bool `json:"edns_cs_enabled"`
DNSSECEnabled *bool `json:"dnssec_enabled"`
DisableIPv6 *bool `json:"disable_ipv6"`
UpstreamMode *string `json:"upstream_mode"`
CacheSize *uint32 `json:"cache_size"`
CacheMinTTL *uint32 `json:"cache_ttl_min"`
CacheMaxTTL *uint32 `json:"cache_ttl_max"`
CacheOptimistic *bool `json:"cache_optimistic"`
ResolveClients *bool `json:"resolve_clients"`
UsePrivateRDNS *bool `json:"use_private_ptr_resolvers"`
LocalPTRUpstreams *[]string `json:"local_ptr_upstreams"`
BlockingIPv4 net.IP `json:"blocking_ipv4"`
BlockingIPv6 net.IP `json:"blocking_ipv6"`
// Upstreams is the list of upstream DNS servers.
Upstreams *[]string `json:"upstream_dns"`

// UpstreamsFile is the file containing upstream DNS servers.
UpstreamsFile *string `json:"upstream_dns_file"`

// Bootstraps is the list of DNS servers resolving IP addresses of the
// upstream DoH/DoT resolvers.
Bootstraps *[]string `json:"bootstrap_dns"`

// ProtectionEnabled defines if protection is enabled.
ProtectionEnabled *bool `json:"protection_enabled"`

// RateLimit is the number of requests per second allowed per client.
RateLimit *uint32 `json:"ratelimit"`

// BlockingMode defines the way blocked responses are constructed.
BlockingMode *BlockingMode `json:"blocking_mode"`

// EDNSCSEnabled defines if EDNS Client Subnet is enabled.
EDNSCSEnabled *bool `json:"edns_cs_enabled"`

// EDNSCSUseCustom defines if EDNSCSCustomIP should be used.
EDNSCSUseCustom *bool `json:"edns_cs_use_custom"`

// DNSSECEnabled defines if DNSSEC is enabled.
DNSSECEnabled *bool `json:"dnssec_enabled"`

// DisableIPv6 defines if IPv6 addresses should be dropped.
DisableIPv6 *bool `json:"disable_ipv6"`

// UpstreamMode defines the way DNS requests are constructed.
UpstreamMode *string `json:"upstream_mode"`

// CacheSize in bytes.
CacheSize *uint32 `json:"cache_size"`

// CacheMinTTL is custom minimum TTL for cached DNS responses.
CacheMinTTL *uint32 `json:"cache_ttl_min"`

// CacheMaxTTL is custom maximum TTL for cached DNS responses.
CacheMaxTTL *uint32 `json:"cache_ttl_max"`

// CacheOptimistic defines if expired entries should be served.
CacheOptimistic *bool `json:"cache_optimistic"`

// ResolveClients defines if clients IPs should be resolved into hostnames.
ResolveClients *bool `json:"resolve_clients"`

// UsePrivateRDNS defines if privates DNS resolvers should be used.
UsePrivateRDNS *bool `json:"use_private_ptr_resolvers"`

// LocalPTRUpstreams is the list of local private DNS resolvers.
LocalPTRUpstreams *[]string `json:"local_ptr_upstreams"`

// BlockingIPv4 is custom IPv4 address for blocked A requests.
BlockingIPv4 net.IP `json:"blocking_ipv4"`

// BlockingIPv6 is custom IPv6 address for blocked AAAA requests.
BlockingIPv6 net.IP `json:"blocking_ipv6"`

// EDNSCSCustomIP is custom IP for EDNS Client Subnet.
EDNSCSCustomIP netip.Addr `json:"edns_cs_custom_ip"`

// DefaultLocalPTRUpstreams is used to pass the addresses from
// systemResolvers to the front-end. It's not a pointer to the slice since
// there is no need to omit it while decoding from JSON.
DefaultLocalPTRUpstreams []string `json:"default_local_ptr_upstreams,omitempty"`
}

func (s *Server) getDNSConfig() (c *jsonDNSConfig) {
Expand All @@ -57,7 +109,11 @@ func (s *Server) getDNSConfig() (c *jsonDNSConfig) {
blockingIPv4 := s.conf.BlockingIPv4
blockingIPv6 := s.conf.BlockingIPv6
ratelimit := s.conf.Ratelimit

customIP := s.conf.EDNSClientSubnet.CustomIP
enableEDNSClientSubnet := s.conf.EDNSClientSubnet.Enabled
useCustom := s.conf.EDNSClientSubnet.UseCustom

enableDNSSEC := s.conf.EnableDNSSEC
aaaaDisabled := s.conf.AAAADisabled
cacheSize := s.conf.CacheSize
Expand All @@ -74,46 +130,40 @@ func (s *Server) getDNSConfig() (c *jsonDNSConfig) {
upstreamMode = "parallel"
}

return &jsonDNSConfig{
Upstreams: &upstreams,
UpstreamsFile: &upstreamFile,
Bootstraps: &bootstraps,
ProtectionEnabled: &protectionEnabled,
BlockingMode: &blockingMode,
BlockingIPv4: blockingIPv4,
BlockingIPv6: blockingIPv6,
RateLimit: &ratelimit,
EDNSCSEnabled: &enableEDNSClientSubnet,
DNSSECEnabled: &enableDNSSEC,
DisableIPv6: &aaaaDisabled,
CacheSize: &cacheSize,
CacheMinTTL: &cacheMinTTL,
CacheMaxTTL: &cacheMaxTTL,
CacheOptimistic: &cacheOptimistic,
UpstreamMode: &upstreamMode,
ResolveClients: &resolveClients,
UsePrivateRDNS: &usePrivateRDNS,
LocalPTRUpstreams: &localPTRUpstreams,
}
}

func (s *Server) handleGetConfig(w http.ResponseWriter, r *http.Request) {
defLocalPTRUps, err := s.filterOurDNSAddrs(s.sysResolvers.Get())
if err != nil {
log.Debug("getting dns configuration: %s", err)
}

resp := struct {
jsonDNSConfig
// DefautLocalPTRUpstreams is used to pass the addresses from
// systemResolvers to the front-end. It's not a pointer to the slice
// since there is no need to omit it while decoding from JSON.
DefautLocalPTRUpstreams []string `json:"default_local_ptr_upstreams,omitempty"`
}{
jsonDNSConfig: *s.getDNSConfig(),
DefautLocalPTRUpstreams: defLocalPTRUps,
return &jsonDNSConfig{
Upstreams: &upstreams,
UpstreamsFile: &upstreamFile,
Bootstraps: &bootstraps,
ProtectionEnabled: &protectionEnabled,
BlockingMode: &blockingMode,
BlockingIPv4: blockingIPv4,
BlockingIPv6: blockingIPv6,
RateLimit: &ratelimit,
EDNSCSCustomIP: customIP,
EDNSCSEnabled: &enableEDNSClientSubnet,
EDNSCSUseCustom: &useCustom,
DNSSECEnabled: &enableDNSSEC,
DisableIPv6: &aaaaDisabled,
CacheSize: &cacheSize,
CacheMinTTL: &cacheMinTTL,
CacheMaxTTL: &cacheMaxTTL,
CacheOptimistic: &cacheOptimistic,
UpstreamMode: &upstreamMode,
ResolveClients: &resolveClients,
UsePrivateRDNS: &usePrivateRDNS,
LocalPTRUpstreams: &localPTRUpstreams,
DefaultLocalPTRUpstreams: defLocalPTRUps,
}
}

// handleGetConfig handles requests to the GET /control/dns_info endpoint.
func (s *Server) handleGetConfig(w http.ResponseWriter, r *http.Request) {
resp := s.getDNSConfig()
_ = aghhttp.WriteJSONResponse(w, r, resp)
}

Expand Down Expand Up @@ -204,6 +254,7 @@ func (req *jsonDNSConfig) checkCacheTTL() bool {
return min <= max
}

// handleSetConfig handles requests to the POST /control/dns_config endpoint.
func (s *Server) handleSetConfig(w http.ResponseWriter, r *http.Request) {
req := &jsonDNSConfig{}
err := json.NewDecoder(r.Body).Decode(req)
Expand Down Expand Up @@ -231,8 +282,8 @@ func (s *Server) handleSetConfig(w http.ResponseWriter, r *http.Request) {
}
}

// setConfigRestartable sets the server parameters. shouldRestart is true if
// the server should be restarted to apply changes.
// setConfig sets the server parameters. shouldRestart is true if the server
// should be restarted to apply changes.
func (s *Server) setConfig(dc *jsonDNSConfig) (shouldRestart bool) {
s.serverLock.Lock()
defer s.serverLock.Unlock()
Expand All @@ -250,6 +301,10 @@ func (s *Server) setConfig(dc *jsonDNSConfig) (shouldRestart bool) {
s.conf.FastestAddr = *dc.UpstreamMode == "fastest_addr"
}

if dc.EDNSCSUseCustom != nil && *dc.EDNSCSUseCustom {
s.conf.EDNSClientSubnet.CustomIP = dc.EDNSCSCustomIP
}

setIfNotNil(&s.conf.ProtectionEnabled, dc.ProtectionEnabled)
setIfNotNil(&s.conf.EnableDNSSEC, dc.DNSSECEnabled)
setIfNotNil(&s.conf.AAAADisabled, dc.DisableIPv6)
Expand Down Expand Up @@ -281,6 +336,7 @@ func (s *Server) setConfigRestartable(dc *jsonDNSConfig) (shouldRestart bool) {
setIfNotNil(&s.conf.UpstreamDNSFileName, dc.UpstreamsFile),
setIfNotNil(&s.conf.BootstrapDNS, dc.Bootstraps),
setIfNotNil(&s.conf.EDNSClientSubnet.Enabled, dc.EDNSCSEnabled),
setIfNotNil(&s.conf.EDNSClientSubnet.UseCustom, dc.EDNSCSUseCustom),
setIfNotNil(&s.conf.CacheSize, dc.CacheSize),
setIfNotNil(&s.conf.CacheMinTTL, dc.CacheMinTTL),
setIfNotNil(&s.conf.CacheMaxTTL, dc.CacheMaxTTL),
Expand Down
Loading

0 comments on commit 306c198

Please sign in to comment.