Documentation ¶
Overview ¶
Package filtering implements a DNS request and response filter.
Index ¶
- Constants
- func InitModule()
- func ValidateUpdateIvl(i uint32) bool
- type BlockedServices
- type Checker
- type Config
- type DNSFilter
- func (d *DNSFilter) ApplyBlockedServices(setts *Settings)
- func (d *DNSFilter) ApplyBlockedServicesList(setts *Settings, list []string)
- func (d *DNSFilter) CheckHost(host string, qtype uint16, setts *Settings) (res Result, err error)
- func (d *DNSFilter) CheckHostRules(host string, rrtype uint16, setts *Settings) (Result, error)
- func (d *DNSFilter) Close()
- func (d *DNSFilter) EnableFilters(async bool)
- func (d *DNSFilter) RegisterFilteringHandlers()
- func (d *DNSFilter) SetEnabled(enabled bool)
- func (d *DNSFilter) Settings() (s *Settings)
- func (d *DNSFilter) Start()
- func (d *DNSFilter) WriteDiskConfig(c *Config)
- type DNSRewriteResult
- type DNSRewriteResultResponse
- type Filter
- type FilterYAML
- type LegacyRewrite
- type LookupStats
- type Reason
- type Resolver
- type Result
- type ResultRule
- type SafeSearch
- type SafeSearchConfig
- type ServiceEntry
- type Settings
- type Stats
Constants ¶
const ( CustomListID = -iota SysHostsListID BlockedSvcsListID ParentalListID SafeBrowsingListID SafeSearchListID )
The IDs of built-in filter lists.
Keep in sync with client/src/helpers/constants.js. TODO(d.kolyshev): Add RewritesListID and don't forget to keep in sync.
Variables ¶
This section is empty.
Functions ¶
func ValidateUpdateIvl ¶ added in v0.107.14
ValidateUpdateIvl returns false if i is not a valid filters update interval.
Types ¶
type BlockedServices ¶ added in v0.107.33
type BlockedServices struct { // Schedule is blocked services schedule for every day of the week. Schedule *schedule.Weekly `yaml:"schedule"` // IDs is the names of blocked services. IDs []string `yaml:"ids"` }
BlockedServices is the configuration of blocked services.
func (*BlockedServices) Clone ¶ added in v0.107.33
func (s *BlockedServices) Clone() (c *BlockedServices)
Clone returns a deep copy of blocked services.
func (*BlockedServices) Validate ¶ added in v0.107.33
func (s *BlockedServices) Validate() (err error)
Validate returns an error if blocked services contain unknown service ID. s must not be nil.
type Checker ¶ added in v0.107.30
type Checker interface { // Check returns true if request for the host should be blocked. Check(host string) (block bool, err error) }
Checker is used for safe browsing or parental control hash-prefix filtering.
type Config ¶
type Config struct { // SafeBrowsingChecker is the safe browsing hash-prefix checker. SafeBrowsingChecker Checker `yaml:"-"` // ParentControl is the parental control hash-prefix checker. ParentalControlChecker Checker `yaml:"-"` FilteringEnabled bool `yaml:"filtering_enabled"` // whether or not use filter lists FiltersUpdateIntervalHours uint32 `yaml:"filters_update_interval"` // time period to update filters (in hours) ParentalEnabled bool `yaml:"parental_enabled"` SafeBrowsingEnabled bool `yaml:"safebrowsing_enabled"` SafeBrowsingCacheSize uint `yaml:"safebrowsing_cache_size"` // (in bytes) SafeSearchCacheSize uint `yaml:"safesearch_cache_size"` // (in bytes) ParentalCacheSize uint `yaml:"parental_cache_size"` // (in bytes) // TODO(a.garipov): Use timeutil.Duration CacheTime uint `yaml:"cache_time"` // Element's TTL (in minutes) SafeSearchConf SafeSearchConfig `yaml:"safe_search"` SafeSearch SafeSearch `yaml:"-"` Rewrites []*LegacyRewrite `yaml:"rewrites"` // BlockedServices is the configuration of blocked services. // Per-client settings can override this configuration. BlockedServices *BlockedServices `yaml:"blocked_services"` // EtcHosts is a container of IP-hostname pairs taken from the operating // system configuration files (e.g. /etc/hosts). EtcHosts *aghnet.HostsContainer `yaml:"-"` // Called when the configuration is changed by HTTP request ConfigModified func() `yaml:"-"` // Register an HTTP handler HTTPRegister aghhttp.RegisterFunc `yaml:"-"` // HTTPClient is the client to use for updating the remote filters. HTTPClient *http.Client `yaml:"-"` // DataDir is used to store filters' contents. DataDir string `yaml:"-"` // Filters are the blocking filter lists. Filters []FilterYAML `yaml:"-"` // WhitelistFilters are the allowing filter lists. WhitelistFilters []FilterYAML `yaml:"-"` // UserRules is the global list of custom rules. UserRules []string `yaml:"-"` // contains filtered or unexported fields }
Config allows you to configure DNS filtering with New() or just change variables directly.
type DNSFilter ¶
type DNSFilter struct { Config // for direct access by library users, even a = assignment // contains filtered or unexported fields }
DNSFilter matches hostnames and DNS requests against filtering rules.
func (*DNSFilter) ApplyBlockedServices ¶
ApplyBlockedServices - set blocked services settings for this DNS request
func (*DNSFilter) ApplyBlockedServicesList ¶ added in v0.107.33
ApplyBlockedServicesList appends filtering rules to the settings.
func (*DNSFilter) CheckHost ¶
func (d *DNSFilter) CheckHost( host string, qtype uint16, setts *Settings, ) (res Result, err error)
CheckHost tries to match the host against filtering rules, then safebrowsing and parental control rules, if they are enabled.
func (*DNSFilter) CheckHostRules ¶
CheckHostRules tries to match the host against filtering rules only.
func (*DNSFilter) EnableFilters ¶ added in v0.107.14
func (*DNSFilter) RegisterFilteringHandlers ¶ added in v0.107.14
func (d *DNSFilter) RegisterFilteringHandlers()
RegisterFilteringHandlers - register handlers
func (*DNSFilter) SetEnabled ¶
SetEnabled sets the status of the *DNSFilter.
func (*DNSFilter) Start ¶
func (d *DNSFilter) Start()
Start - start the module: . start async filtering initializer goroutine . register web handlers
func (*DNSFilter) WriteDiskConfig ¶
WriteDiskConfig - write configuration
type DNSRewriteResult ¶
type DNSRewriteResult struct { Response DNSRewriteResultResponse `json:",omitempty"` RCode rules.RCode `json:",omitempty"` }
DNSRewriteResult is the result of application of $dnsrewrite rules.
type DNSRewriteResultResponse ¶
DNSRewriteResultResponse is the collection of DNS response records the server returns.
type Filter ¶
type Filter struct { // FilePath is the path to a filtering rules list file. FilePath string `yaml:"-"` // Data is the content of the file. Data []byte `yaml:"-"` // ID is automatically assigned when filter is added using nextFilterID. ID int64 `yaml:"id"` }
Filter represents a filter list
type FilterYAML ¶ added in v0.107.14
type FilterYAML struct { Enabled bool URL string // URL or a file path Name string `yaml:"name"` RulesCount int `yaml:"-"` LastUpdated time.Time `yaml:"-"` Filter `yaml:",inline"` // contains filtered or unexported fields }
FilterYAML represents a filter list in the configuration file.
TODO(e.burkov): Investigate if the field ordering is important.
func (*FilterYAML) Path ¶ added in v0.107.14
func (filter *FilterYAML) Path(dataDir string) string
Path to the filter contents
type LegacyRewrite ¶ added in v0.107.1
type LegacyRewrite struct { // Domain is the domain pattern for which this rewrite should work. Domain string `yaml:"domain"` // Answer is the IP address, canonical name, or one of the special // values: "A" or "AAAA". Answer string `yaml:"answer"` // IP is the IP address that should be used in the response if Type is // dns.TypeA or dns.TypeAAAA. IP net.IP `yaml:"-"` // Type is the DNS record type: A, AAAA, or CNAME. Type uint16 `yaml:"-"` }
LegacyRewrite is a single legacy DNS rewrite record.
Instances of *LegacyRewrite must never be nil.
type LookupStats ¶
type LookupStats struct { Requests uint64 // number of HTTP requests that were sent CacheHits uint64 // number of lookups that didn't need HTTP requests Pending int64 // number of currently pending HTTP requests PendingMax int64 // maximum number of pending HTTP requests }
LookupStats store stats collected during safebrowsing or parental checks
type Reason ¶
type Reason int
Reason holds an enum detailing why it was filtered or not filtered
const ( // NotFilteredNotFound - host was not find in any checks, default value for result NotFilteredNotFound Reason = iota // NotFilteredAllowList - the host is explicitly allowed NotFilteredAllowList // NotFilteredError is returned when there was an error during // checking. Reserved, currently unused. NotFilteredError // FilteredBlockList - the host was matched to be advertising host FilteredBlockList // FilteredSafeBrowsing - the host was matched to be malicious/phishing FilteredSafeBrowsing // FilteredParental - the host was matched to be outside of parental control settings FilteredParental // FilteredInvalid - the request was invalid and was not processed FilteredInvalid // FilteredSafeSearch - the host was replaced with safesearch variant FilteredSafeSearch // FilteredBlockedService - the host is blocked by "blocked services" settings FilteredBlockedService // Rewritten is returned when there was a rewrite by a legacy DNS rewrite // rule. Rewritten // RewrittenAutoHosts is returned when there was a rewrite by autohosts // rules (/etc/hosts and so on). RewrittenAutoHosts // RewrittenRule is returned when a $dnsrewrite filter rule was applied. // // TODO(a.garipov): Remove Rewritten and RewrittenAutoHosts by merging their // functionality into RewrittenRule. // // See https://github.com/AdguardTeam/AdGuardHome/issues/2499. RewrittenRule )
type Resolver ¶
type Resolver interface {
LookupIP(ctx context.Context, network, host string) (ips []net.IP, err error)
}
Resolver is the interface for net.Resolver to simplify testing.
type Result ¶
type Result struct { // DNSRewriteResult is the $dnsrewrite filter rule result. DNSRewriteResult *DNSRewriteResult `json:",omitempty"` // CanonName is the CNAME value from the lookup rewrite result. It is empty // unless Reason is set to Rewritten or RewrittenRule. CanonName string `json:",omitempty"` // ServiceName is the name of the blocked service. It is empty unless // Reason is set to FilteredBlockedService. ServiceName string `json:",omitempty"` // IPList is the lookup rewrite result. It is empty unless Reason is set to // Rewritten. IPList []net.IP `json:",omitempty"` // Rules are applied rules. If Rules are not empty, each rule is not nil. Rules []*ResultRule `json:",omitempty"` // Reason is the reason for blocking or unblocking the request. Reason Reason `json:",omitempty"` // IsFiltered is true if the request is filtered. IsFiltered bool `json:",omitempty"` }
Result contains the result of a request check.
All fields transitively have omitempty tags so that the query log doesn't become too large.
TODO(a.garipov): Clarify relationships between fields. Perhaps replace with a sum type or an interface?
type ResultRule ¶
type ResultRule struct { // Text is the text of the rule. Text string `json:",omitempty"` // IP is the host IP. It is nil unless the rule uses the // /etc/hosts syntax or the reason is FilteredSafeSearch. IP net.IP `json:",omitempty"` // FilterListID is the ID of the rule's filter list. FilterListID int64 `json:",omitempty"` }
ResultRule contains information about applied rules.
type SafeSearch ¶ added in v0.107.26
type SafeSearch interface { // CheckHost checks host with safe search filter. CheckHost must be safe // for concurrent use. qtype must be either [dns.TypeA] or [dns.TypeAAAA]. CheckHost(host string, qtype uint16) (res Result, err error) // Update updates the configuration of the safe search filter. Update must // be safe for concurrent use. An implementation of Update may ignore some // fields, but it must document which. Update(conf SafeSearchConfig) (err error) }
SafeSearch interface describes a service for search engines hosts rewrites.
type SafeSearchConfig ¶ added in v0.107.26
type SafeSearchConfig struct { // CustomResolver is the resolver used by safe search. CustomResolver Resolver `yaml:"-" json:"-"` // Enabled indicates if safe search is enabled entirely. Enabled bool `yaml:"enabled" json:"enabled"` Bing bool `yaml:"bing" json:"bing"` DuckDuckGo bool `yaml:"duckduckgo" json:"duckduckgo"` Google bool `yaml:"google" json:"google"` Pixabay bool `yaml:"pixabay" json:"pixabay"` Yandex bool `yaml:"yandex" json:"yandex"` YouTube bool `yaml:"youtube" json:"youtube"` }
SafeSearchConfig is a struct with safe search related settings.
type ServiceEntry ¶
type ServiceEntry struct { Name string Rules []*rules.NetworkRule }
ServiceEntry - blocked service array element
type Settings ¶
type Settings struct { ClientName string ClientIP net.IP ClientTags []string ServicesRules []ServiceEntry ProtectionEnabled bool FilteringEnabled bool SafeSearchEnabled bool SafeBrowsingEnabled bool ParentalEnabled bool // ClientSafeSearch is a client configured safe search. ClientSafeSearch SafeSearch }
Settings are custom filtering settings for a client.
type Stats ¶
type Stats struct { Safebrowsing LookupStats Parental LookupStats Safesearch LookupStats }
Stats store LookupStats for safebrowsing, parental and safesearch
Source Files ¶
Directories ¶
Path | Synopsis |
---|---|
Package hashprefix used for safe browsing and parent control.
|
Package hashprefix used for safe browsing and parent control. |
Package rewrite implements DNS Rewrites storage and request matching.
|
Package rewrite implements DNS Rewrites storage and request matching. |
Package rulelist contains the implementation of the standard rule-list filter that wraps an urlfilter filtering-engine.
|
Package rulelist contains the implementation of the standard rule-list filter that wraps an urlfilter filtering-engine. |
Package safesearch implements safesearch host matching.
|
Package safesearch implements safesearch host matching. |