l4dns

package

v0.0.0-...-ec8fae2 Latest Latest Go to latest Published: Nov 4, 2024 License: Apache-2.0 Imports: 10 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/mholt/caddy-l4

Documentation ¶

Index ¶

type MatchDNS
type MatchDNSRule
- func (r *MatchDNSRule) Match(cx context.Context, qClass string, qType string, qName string) bool
- func (r *MatchDNSRule) Provision(_ caddy.Context) (err error)
type MatchDNSRules
- func (rs *MatchDNSRules) Match(cx context.Context, qClass string, qType string, qName string) bool
- func (rs *MatchDNSRules) Provision(cx caddy.Context) error

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type MatchDNS ¶

type MatchDNS struct {
	// Allow contains an optional list of rules to match the question section of the DNS request message against.
	// The matcher returns false if not matched by any of them (in the absence of any deny rules).
	Allow MatchDNSRules `json:"allow,omitempty"`
	// Deny contains an optional list of rules to match the question section of the DNS request message against.
	// The matcher returns false if matched by any of them  (in the absence of any allow rules).
	Deny MatchDNSRules `json:"deny,omitempty"`

	// If DefaultDeny is true, DNS request messages that haven't been matched by any allow and deny rules are denied.
	// The default action is allow. Use it to make the filter more restrictive when the rules aren't exhaustive.
	DefaultDeny bool `json:"default_deny,omitempty"`
	// If PreferAllow is true, DNS request messages that have been matched by both allow and deny rules are allowed.
	// The default action is deny. Use it to make the filter less restrictive when the rules are mutually exclusive.
	PreferAllow bool `json:"prefer_allow,omitempty"`
}

MatchDNS is able to match connections that look like DNS protocol. Note: DNS messages sent via TCP are 2 bytes longer then those sent via UDP. Consequently, if Caddy listens on TCP, it has to proxy DNS messages to TCP upstreams only. The same is true for UDP. No TCP/UDP mixing is allowed. However, it's technically possible: an intermediary handler is required to add/strip 2 bytes before/after proxy. Please open a feature request and describe your use case if you need TCP/UDP mixing.

func (*MatchDNS) CaddyModule ¶

func (m *MatchDNS) CaddyModule() caddy.ModuleInfo

CaddyModule returns the Caddy module information.

func (*MatchDNS) Match ¶

func (m *MatchDNS) Match(cx *layer4.Connection) (bool, error)

Match returns true if the connection bytes represent a valid DNS request message.

func (*MatchDNS) Provision ¶

func (m *MatchDNS) Provision(cx caddy.Context) error

Provision prepares m's allow and deny rules.

func (*MatchDNS) UnmarshalCaddyfile ¶

func (m *MatchDNS) UnmarshalCaddyfile(d *caddyfile.Dispenser) error

UnmarshalCaddyfile sets up the MatchDNS from Caddyfile tokens. Syntax:

dns {
	<allow|deny> <*|name> [<*|type> [<*|class>]]
	<allow_regexp|deny_regexp> <*|name_pattern> [<*|type_pattern> [<*|class_pattern>]]
	default_deny
	prefer_allow
}
dns

Note: multiple allow and deny options are allowed. If default_deny is set, DNS request messages that haven't been matched by any allow and deny rules are denied (the default action is allow). If prefer_allow is set, DNS request messages that have been matched by both allow and deny rules are allowed (the default action is deny). An asterisk should be used to skip filtering the corresponding question section field, i.e. it will match any value provided.

type MatchDNSRule ¶

type MatchDNSRule struct {
	// Class may contain a value to match the question class. Use upper case letters, e.g. "IN", "CH", "ANY".
	// See the full list of valid class values in dns.StringToClass.
	Class string `json:"class,omitempty"`
	// ClassRegexp may contain a regular expression to match the question class. E.g. "^(IN|CH)$".
	// See the full list of valid class values in dns.StringToClass.
	ClassRegexp string `json:"class_regexp,omitempty"`
	// Name may contain a value to match the question domain name. E.g. "example.com.".
	// The domain name is provided in lower case ending with a dot.
	Name string `json:"name,omitempty"`
	// NameRegexp may contain a regular expression to match the question domain name.
	// E.g. "^(|[-0-9a-z]+\.)example\.com\.$". The domain name is provided in lower case ending with a dot.
	NameRegexp string `json:"name_regexp,omitempty"`
	// Type may contain a value to match the question type. Use upper case letters, e.g. "A", "MX", "NS".
	// See the full list of valid type values in dns.StringToType.
	Type string `json:"type,omitempty"`
	// TypeRegexp may contain a regular expression to match the question type. E.g. "^(MX|NS)$".
	// See the full list of valid type values in dns.StringToType.
	TypeRegexp string `json:"type_regexp,omitempty"`
	// contains filtered or unexported fields
}

MatchDNSRule represents a set of filters to match against the question section of a DNS request message. Full and regular expression matching filters are supported. If both filters are provided for a single field, the full matcher is evaluated first. An empty MatchDNSRule will match anything.

func (*MatchDNSRule) Match ¶

func (r *MatchDNSRule) Match(cx context.Context, qClass string, qType string, qName string) bool

func (*MatchDNSRule) Provision ¶

func (r *MatchDNSRule) Provision(_ caddy.Context) (err error)

type MatchDNSRules ¶

type MatchDNSRules []*MatchDNSRule

MatchDNSRules may contain a number of MatchDNSRule instances. An empty MatchDNSRules instance won't match anything.

func (*MatchDNSRules) Match ¶

func (rs *MatchDNSRules) Match(cx context.Context, qClass string, qType string, qName string) bool

func (*MatchDNSRules) Provision ¶

func (rs *MatchDNSRules) Provision(cx caddy.Context) error

Source Files ¶

View all Source files

matcher.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL