2018-12-05 20:13:35 +03:00
|
|
|
|
package dnsforward
|
|
|
|
|
|
|
|
|
|
import (
|
2019-02-22 15:23:39 +03:00
|
|
|
|
"crypto/ecdsa"
|
|
|
|
|
"crypto/rand"
|
|
|
|
|
"crypto/rsa"
|
|
|
|
|
"crypto/tls"
|
|
|
|
|
"crypto/x509"
|
|
|
|
|
"crypto/x509/pkix"
|
|
|
|
|
"encoding/pem"
|
2020-09-08 17:20:24 +03:00
|
|
|
|
"fmt"
|
2020-09-11 11:53:36 +03:00
|
|
|
|
"io/ioutil"
|
2019-02-22 15:23:39 +03:00
|
|
|
|
"math/big"
|
2018-12-05 20:13:35 +03:00
|
|
|
|
"net"
|
2020-09-11 11:53:36 +03:00
|
|
|
|
"os"
|
2020-01-22 18:40:43 +03:00
|
|
|
|
"sort"
|
2019-02-22 15:23:39 +03:00
|
|
|
|
"sync"
|
2018-12-05 20:13:35 +03:00
|
|
|
|
"testing"
|
2018-12-24 15:19:52 +03:00
|
|
|
|
"time"
|
|
|
|
|
|
2021-02-04 20:35:13 +03:00
|
|
|
|
"github.com/AdguardTeam/AdGuardHome/internal/aghtest"
|
2020-10-30 13:32:02 +03:00
|
|
|
|
"github.com/AdguardTeam/AdGuardHome/internal/dhcpd"
|
|
|
|
|
"github.com/AdguardTeam/AdGuardHome/internal/dnsfilter"
|
2021-03-25 16:00:27 +03:00
|
|
|
|
"github.com/AdguardTeam/AdGuardHome/internal/util"
|
2019-05-30 15:36:39 +03:00
|
|
|
|
"github.com/AdguardTeam/dnsproxy/proxy"
|
2019-11-21 16:13:19 +03:00
|
|
|
|
"github.com/AdguardTeam/dnsproxy/upstream"
|
2018-12-05 20:13:35 +03:00
|
|
|
|
"github.com/miekg/dns"
|
2019-10-31 12:32:14 +03:00
|
|
|
|
"github.com/stretchr/testify/assert"
|
2021-03-11 17:32:58 +03:00
|
|
|
|
"github.com/stretchr/testify/require"
|
2018-12-05 20:13:35 +03:00
|
|
|
|
)
|
|
|
|
|
|
2020-11-16 15:52:05 +03:00
|
|
|
|
func TestMain(m *testing.M) {
|
2021-02-04 20:35:13 +03:00
|
|
|
|
aghtest.DiscardLogOutput(m)
|
2020-11-16 15:52:05 +03:00
|
|
|
|
}
|
|
|
|
|
|
2019-02-22 15:23:39 +03:00
|
|
|
|
const (
|
|
|
|
|
tlsServerName = "testdns.adguard.com"
|
|
|
|
|
testMessagesCount = 10
|
|
|
|
|
)
|
|
|
|
|
|
2021-02-02 15:13:12 +03:00
|
|
|
|
func startDeferStop(t *testing.T, s *Server) {
|
|
|
|
|
t.Helper()
|
|
|
|
|
|
|
|
|
|
err := s.Start()
|
2021-03-25 16:00:27 +03:00
|
|
|
|
require.NoErrorf(t, err, "failed to start server: %s", err)
|
2021-02-02 15:13:12 +03:00
|
|
|
|
|
|
|
|
|
t.Cleanup(func() {
|
2021-03-11 21:30:52 +03:00
|
|
|
|
serr := s.Stop()
|
2021-03-25 16:00:27 +03:00
|
|
|
|
require.NoErrorf(t, serr, "dns server failed to stop: %s", serr)
|
2021-02-02 15:13:12 +03:00
|
|
|
|
})
|
|
|
|
|
}
|
|
|
|
|
|
2021-03-11 17:32:58 +03:00
|
|
|
|
func createTestServer(t *testing.T, filterConf *dnsfilter.Config, forwardConf ServerConfig) *Server {
|
|
|
|
|
t.Helper()
|
|
|
|
|
|
|
|
|
|
rules := `||nxdomain.example.org
|
|
|
|
|
||null.example.org^
|
|
|
|
|
127.0.0.1 host.example.org
|
|
|
|
|
@@||whitelist.example.org^
|
|
|
|
|
||127.0.0.255`
|
|
|
|
|
filters := []dnsfilter.Filter{{
|
|
|
|
|
ID: 0, Data: []byte(rules),
|
|
|
|
|
}}
|
|
|
|
|
|
|
|
|
|
f := dnsfilter.New(filterConf, filters)
|
|
|
|
|
|
2021-03-25 16:00:27 +03:00
|
|
|
|
s, err := NewServer(DNSCreateParams{DNSFilter: f})
|
|
|
|
|
require.NoError(t, err)
|
|
|
|
|
|
2021-03-11 17:32:58 +03:00
|
|
|
|
s.conf = forwardConf
|
2021-03-25 16:00:27 +03:00
|
|
|
|
|
|
|
|
|
err = s.Prepare(nil)
|
|
|
|
|
require.NoError(t, err)
|
2021-03-11 17:32:58 +03:00
|
|
|
|
|
|
|
|
|
return s
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func createServerTLSConfig(t *testing.T) (*tls.Config, []byte, []byte) {
|
|
|
|
|
t.Helper()
|
|
|
|
|
|
|
|
|
|
privateKey, err := rsa.GenerateKey(rand.Reader, 2048)
|
2021-03-25 16:00:27 +03:00
|
|
|
|
require.NoErrorf(t, err, "cannot generate RSA key: %s", err)
|
2021-03-11 17:32:58 +03:00
|
|
|
|
|
|
|
|
|
serialNumberLimit := new(big.Int).Lsh(big.NewInt(1), 128)
|
|
|
|
|
serialNumber, err := rand.Int(rand.Reader, serialNumberLimit)
|
2021-03-25 16:00:27 +03:00
|
|
|
|
require.NoErrorf(t, err, "failed to generate serial number: %s", err)
|
2021-03-11 17:32:58 +03:00
|
|
|
|
|
|
|
|
|
notBefore := time.Now()
|
|
|
|
|
notAfter := notBefore.Add(5 * 365 * time.Hour * 24)
|
|
|
|
|
|
|
|
|
|
template := x509.Certificate{
|
|
|
|
|
SerialNumber: serialNumber,
|
|
|
|
|
Subject: pkix.Name{
|
|
|
|
|
Organization: []string{"AdGuard Tests"},
|
|
|
|
|
},
|
|
|
|
|
NotBefore: notBefore,
|
|
|
|
|
NotAfter: notAfter,
|
|
|
|
|
|
|
|
|
|
KeyUsage: x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature | x509.KeyUsageCertSign,
|
|
|
|
|
ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth},
|
|
|
|
|
BasicConstraintsValid: true,
|
|
|
|
|
IsCA: true,
|
|
|
|
|
}
|
|
|
|
|
template.DNSNames = append(template.DNSNames, tlsServerName)
|
|
|
|
|
|
|
|
|
|
derBytes, err := x509.CreateCertificate(rand.Reader, &template, &template, publicKey(privateKey), privateKey)
|
2021-03-25 16:00:27 +03:00
|
|
|
|
require.NoErrorf(t, err, "failed to create certificate: %s", err)
|
2021-03-11 17:32:58 +03:00
|
|
|
|
|
|
|
|
|
certPem := pem.EncodeToMemory(&pem.Block{Type: "CERTIFICATE", Bytes: derBytes})
|
|
|
|
|
keyPem := pem.EncodeToMemory(&pem.Block{Type: "RSA PRIVATE KEY", Bytes: x509.MarshalPKCS1PrivateKey(privateKey)})
|
|
|
|
|
|
|
|
|
|
cert, err := tls.X509KeyPair(certPem, keyPem)
|
2021-03-25 16:00:27 +03:00
|
|
|
|
require.NoErrorf(t, err, "failed to create certificate: %s", err)
|
2021-03-11 17:32:58 +03:00
|
|
|
|
|
|
|
|
|
return &tls.Config{
|
|
|
|
|
Certificates: []tls.Certificate{cert},
|
|
|
|
|
ServerName: tlsServerName,
|
|
|
|
|
MinVersion: tls.VersionTLS12,
|
|
|
|
|
}, certPem, keyPem
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func createTestTLS(t *testing.T, tlsConf TLSConfig) (s *Server, certPem []byte) {
|
|
|
|
|
t.Helper()
|
|
|
|
|
|
|
|
|
|
var keyPem []byte
|
|
|
|
|
_, certPem, keyPem = createServerTLSConfig(t)
|
|
|
|
|
|
|
|
|
|
s = createTestServer(t, &dnsfilter.Config{}, ServerConfig{
|
2021-03-23 12:32:07 +03:00
|
|
|
|
UDPListenAddrs: []*net.UDPAddr{{}},
|
|
|
|
|
TCPListenAddrs: []*net.TCPAddr{{}},
|
2021-03-11 17:32:58 +03:00
|
|
|
|
})
|
|
|
|
|
|
|
|
|
|
tlsConf.CertificateChainData, tlsConf.PrivateKeyData = certPem, keyPem
|
|
|
|
|
s.conf.TLSConfig = tlsConf
|
|
|
|
|
|
|
|
|
|
err := s.Prepare(nil)
|
2021-03-25 16:00:27 +03:00
|
|
|
|
require.NoErrorf(t, err, "failed to prepare server: %s", err)
|
2021-03-11 17:32:58 +03:00
|
|
|
|
|
|
|
|
|
return s, certPem
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func createGoogleATestMessage() *dns.Msg {
|
|
|
|
|
return createTestMessage("google-public-dns-a.google.com.")
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func createTestMessage(host string) *dns.Msg {
|
|
|
|
|
return &dns.Msg{
|
|
|
|
|
MsgHdr: dns.MsgHdr{
|
|
|
|
|
Id: dns.Id(),
|
|
|
|
|
RecursionDesired: true,
|
|
|
|
|
},
|
|
|
|
|
Question: []dns.Question{{
|
|
|
|
|
Name: host,
|
|
|
|
|
Qtype: dns.TypeA,
|
|
|
|
|
Qclass: dns.ClassINET,
|
|
|
|
|
}},
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func createTestMessageWithType(host string, qtype uint16) *dns.Msg {
|
|
|
|
|
req := createTestMessage(host)
|
|
|
|
|
req.Question[0].Qtype = qtype
|
|
|
|
|
|
|
|
|
|
return req
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func assertGoogleAResponse(t *testing.T, reply *dns.Msg) {
|
|
|
|
|
assertResponse(t, reply, net.IP{8, 8, 8, 8})
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func assertResponse(t *testing.T, reply *dns.Msg, ip net.IP) {
|
|
|
|
|
t.Helper()
|
|
|
|
|
|
|
|
|
|
require.Lenf(t, reply.Answer, 1, "dns server returned reply with wrong number of answers - %d", len(reply.Answer))
|
|
|
|
|
|
|
|
|
|
a, ok := reply.Answer[0].(*dns.A)
|
|
|
|
|
require.Truef(t, ok, "dns server returned wrong answer type instead of A: %v", reply.Answer[0])
|
|
|
|
|
assert.Truef(t, a.A.Equal(ip), "dns server returned wrong answer instead of %s: %s", ip, a.A)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// sendTestMessagesAsync sends messages in parallel to check for race issues.
|
|
|
|
|
//
|
|
|
|
|
//lint:ignore U1000 it's called from the function which is skipped for now.
|
|
|
|
|
func sendTestMessagesAsync(t *testing.T, conn *dns.Conn) {
|
|
|
|
|
t.Helper()
|
|
|
|
|
|
|
|
|
|
wg := &sync.WaitGroup{}
|
|
|
|
|
|
|
|
|
|
for i := 0; i < testMessagesCount; i++ {
|
|
|
|
|
msg := createGoogleATestMessage()
|
|
|
|
|
wg.Add(1)
|
|
|
|
|
|
|
|
|
|
go func() {
|
|
|
|
|
defer wg.Done()
|
|
|
|
|
|
|
|
|
|
err := conn.WriteMsg(msg)
|
2021-03-25 16:00:27 +03:00
|
|
|
|
require.NoErrorf(t, err, "cannot write message: %s", err)
|
2021-03-11 17:32:58 +03:00
|
|
|
|
|
|
|
|
|
res, err := conn.ReadMsg()
|
2021-03-25 16:00:27 +03:00
|
|
|
|
require.NoErrorf(t, err, "cannot read response to message: %s", err)
|
2021-03-11 17:32:58 +03:00
|
|
|
|
|
|
|
|
|
assertGoogleAResponse(t, res)
|
|
|
|
|
}()
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
wg.Wait()
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func sendTestMessages(t *testing.T, conn *dns.Conn) {
|
|
|
|
|
t.Helper()
|
|
|
|
|
|
|
|
|
|
for i := 0; i < testMessagesCount; i++ {
|
|
|
|
|
req := createGoogleATestMessage()
|
|
|
|
|
err := conn.WriteMsg(req)
|
|
|
|
|
assert.Nilf(t, err, "cannot write message #%d: %s", i, err)
|
|
|
|
|
|
|
|
|
|
res, err := conn.ReadMsg()
|
|
|
|
|
assert.Nilf(t, err, "cannot read response to message #%d: %s", i, err)
|
|
|
|
|
assertGoogleAResponse(t, res)
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2018-12-05 20:13:35 +03:00
|
|
|
|
func TestServer(t *testing.T) {
|
2021-02-04 20:35:13 +03:00
|
|
|
|
s := createTestServer(t, &dnsfilter.Config{}, ServerConfig{
|
2021-03-23 12:32:07 +03:00
|
|
|
|
UDPListenAddrs: []*net.UDPAddr{{}},
|
|
|
|
|
TCPListenAddrs: []*net.TCPAddr{{}},
|
2021-02-04 20:35:13 +03:00
|
|
|
|
})
|
2021-02-02 15:13:12 +03:00
|
|
|
|
s.conf.UpstreamConfig.Upstreams = []upstream.Upstream{
|
2021-02-04 20:35:13 +03:00
|
|
|
|
&aghtest.TestUpstream{
|
|
|
|
|
IPv4: map[string][]net.IP{
|
2021-02-02 15:13:12 +03:00
|
|
|
|
"google-public-dns-a.google.com.": {{8, 8, 8, 8}},
|
|
|
|
|
},
|
|
|
|
|
},
|
2018-12-05 20:13:35 +03:00
|
|
|
|
}
|
2021-02-02 15:13:12 +03:00
|
|
|
|
startDeferStop(t, s)
|
|
|
|
|
|
|
|
|
|
testCases := []struct {
|
|
|
|
|
name string
|
|
|
|
|
proto string
|
|
|
|
|
}{{
|
|
|
|
|
name: "message_over_udp",
|
|
|
|
|
proto: proxy.ProtoUDP,
|
|
|
|
|
}, {
|
|
|
|
|
name: "message_over_tcp",
|
|
|
|
|
proto: proxy.ProtoTCP,
|
|
|
|
|
}}
|
2018-12-05 20:13:35 +03:00
|
|
|
|
|
2021-02-02 15:13:12 +03:00
|
|
|
|
for _, tc := range testCases {
|
|
|
|
|
t.Run(tc.name, func(t *testing.T) {
|
|
|
|
|
addr := s.dnsProxy.Addr(tc.proto)
|
|
|
|
|
client := dns.Client{Net: tc.proto}
|
2018-12-05 20:13:35 +03:00
|
|
|
|
|
2021-02-02 15:13:12 +03:00
|
|
|
|
reply, _, err := client.Exchange(createGoogleATestMessage(), addr.String())
|
2021-03-25 16:00:27 +03:00
|
|
|
|
require.NoErrorf(t, err, "сouldn't talk to server %s: %s", addr, err)
|
2018-12-05 20:13:35 +03:00
|
|
|
|
|
2021-02-02 15:13:12 +03:00
|
|
|
|
assertGoogleAResponse(t, reply)
|
|
|
|
|
})
|
2018-12-24 15:19:52 +03:00
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2019-08-20 00:55:32 +03:00
|
|
|
|
func TestServerWithProtectionDisabled(t *testing.T) {
|
2021-02-04 20:35:13 +03:00
|
|
|
|
s := createTestServer(t, &dnsfilter.Config{}, ServerConfig{
|
2021-03-23 12:32:07 +03:00
|
|
|
|
UDPListenAddrs: []*net.UDPAddr{{}},
|
|
|
|
|
TCPListenAddrs: []*net.TCPAddr{{}},
|
2021-02-04 20:35:13 +03:00
|
|
|
|
})
|
2021-02-02 15:13:12 +03:00
|
|
|
|
s.conf.UpstreamConfig.Upstreams = []upstream.Upstream{
|
2021-02-04 20:35:13 +03:00
|
|
|
|
&aghtest.TestUpstream{
|
|
|
|
|
IPv4: map[string][]net.IP{
|
2021-02-02 15:13:12 +03:00
|
|
|
|
"google-public-dns-a.google.com.": {{8, 8, 8, 8}},
|
|
|
|
|
},
|
|
|
|
|
},
|
2019-08-20 00:55:32 +03:00
|
|
|
|
}
|
2021-02-02 15:13:12 +03:00
|
|
|
|
startDeferStop(t, s)
|
2019-08-20 00:55:32 +03:00
|
|
|
|
|
2021-02-02 15:13:12 +03:00
|
|
|
|
// Message over UDP.
|
2019-08-20 00:55:32 +03:00
|
|
|
|
req := createGoogleATestMessage()
|
|
|
|
|
addr := s.dnsProxy.Addr(proxy.ProtoUDP)
|
2021-02-02 15:13:12 +03:00
|
|
|
|
client := dns.Client{Net: proxy.ProtoUDP}
|
2021-03-11 17:32:58 +03:00
|
|
|
|
|
2019-08-20 00:55:32 +03:00
|
|
|
|
reply, _, err := client.Exchange(req, addr.String())
|
2021-03-25 16:00:27 +03:00
|
|
|
|
require.NoErrorf(t, err, "сouldn't talk to server %s: %s", addr, err)
|
2019-08-20 00:55:32 +03:00
|
|
|
|
assertGoogleAResponse(t, reply)
|
|
|
|
|
}
|
|
|
|
|
|
2021-02-02 15:13:12 +03:00
|
|
|
|
func TestDoTServer(t *testing.T) {
|
|
|
|
|
s, certPem := createTestTLS(t, TLSConfig{
|
2021-03-23 12:32:07 +03:00
|
|
|
|
TLSListenAddrs: []*net.TCPAddr{{}},
|
2021-02-02 15:13:12 +03:00
|
|
|
|
})
|
|
|
|
|
s.conf.UpstreamConfig.Upstreams = []upstream.Upstream{
|
2021-02-04 20:35:13 +03:00
|
|
|
|
&aghtest.TestUpstream{
|
|
|
|
|
IPv4: map[string][]net.IP{
|
2021-02-02 15:13:12 +03:00
|
|
|
|
"google-public-dns-a.google.com.": {{8, 8, 8, 8}},
|
|
|
|
|
},
|
|
|
|
|
},
|
2019-02-22 15:23:39 +03:00
|
|
|
|
}
|
2021-02-02 15:13:12 +03:00
|
|
|
|
startDeferStop(t, s)
|
2019-02-22 15:23:39 +03:00
|
|
|
|
|
2021-02-02 15:13:12 +03:00
|
|
|
|
// Add our self-signed generated config to roots.
|
2019-02-22 15:23:39 +03:00
|
|
|
|
roots := x509.NewCertPool()
|
|
|
|
|
roots.AppendCertsFromPEM(certPem)
|
2019-04-17 12:02:56 +03:00
|
|
|
|
tlsConfig := &tls.Config{
|
|
|
|
|
ServerName: tlsServerName,
|
|
|
|
|
RootCAs: roots,
|
|
|
|
|
MinVersion: tls.VersionTLS12,
|
|
|
|
|
}
|
2019-02-22 15:23:39 +03:00
|
|
|
|
|
2021-02-02 15:13:12 +03:00
|
|
|
|
// Create a DNS-over-TLS client connection.
|
2019-02-22 15:23:39 +03:00
|
|
|
|
addr := s.dnsProxy.Addr(proxy.ProtoTLS)
|
|
|
|
|
conn, err := dns.DialWithTLS("tcp-tls", addr.String(), tlsConfig)
|
2021-03-25 16:00:27 +03:00
|
|
|
|
require.NoErrorf(t, err, "cannot connect to the proxy: %s", err)
|
2019-02-22 15:23:39 +03:00
|
|
|
|
|
|
|
|
|
sendTestMessages(t, conn)
|
|
|
|
|
}
|
|
|
|
|
|
2021-02-02 15:13:12 +03:00
|
|
|
|
func TestDoQServer(t *testing.T) {
|
|
|
|
|
s, _ := createTestTLS(t, TLSConfig{
|
2021-03-23 12:32:07 +03:00
|
|
|
|
QUICListenAddrs: []*net.UDPAddr{{}},
|
2021-02-02 15:13:12 +03:00
|
|
|
|
})
|
|
|
|
|
s.conf.UpstreamConfig.Upstreams = []upstream.Upstream{
|
2021-02-04 20:35:13 +03:00
|
|
|
|
&aghtest.TestUpstream{
|
|
|
|
|
IPv4: map[string][]net.IP{
|
2021-02-02 15:13:12 +03:00
|
|
|
|
"google-public-dns-a.google.com.": {{8, 8, 8, 8}},
|
|
|
|
|
},
|
|
|
|
|
},
|
2020-09-08 17:20:24 +03:00
|
|
|
|
}
|
2021-02-02 15:13:12 +03:00
|
|
|
|
startDeferStop(t, s)
|
2020-09-08 17:20:24 +03:00
|
|
|
|
|
2021-02-02 15:13:12 +03:00
|
|
|
|
// Create a DNS-over-QUIC upstream.
|
2020-09-08 17:20:24 +03:00
|
|
|
|
addr := s.dnsProxy.Addr(proxy.ProtoQUIC)
|
|
|
|
|
opts := upstream.Options{InsecureSkipVerify: true}
|
2021-02-02 15:13:12 +03:00
|
|
|
|
u, err := upstream.AddressToUpstream(fmt.Sprintf("%s://%s", proxy.ProtoQUIC, addr), opts)
|
2021-03-25 16:00:27 +03:00
|
|
|
|
require.NoError(t, err)
|
2020-09-08 17:20:24 +03:00
|
|
|
|
|
2021-02-02 15:13:12 +03:00
|
|
|
|
// Send the test message.
|
2020-09-08 17:20:24 +03:00
|
|
|
|
req := createGoogleATestMessage()
|
|
|
|
|
res, err := u.Exchange(req)
|
2021-03-25 16:00:27 +03:00
|
|
|
|
require.NoError(t, err)
|
2020-09-08 17:20:24 +03:00
|
|
|
|
|
2021-02-02 15:13:12 +03:00
|
|
|
|
assertGoogleAResponse(t, res)
|
2020-09-08 17:20:24 +03:00
|
|
|
|
}
|
|
|
|
|
|
2019-02-22 15:23:39 +03:00
|
|
|
|
func TestServerRace(t *testing.T) {
|
2021-02-02 15:13:12 +03:00
|
|
|
|
t.Skip("TODO(e.burkov): inspect the golibs/cache package for locks")
|
|
|
|
|
|
2021-02-04 20:35:13 +03:00
|
|
|
|
filterConf := &dnsfilter.Config{
|
|
|
|
|
SafeBrowsingEnabled: true,
|
|
|
|
|
SafeBrowsingCacheSize: 1000,
|
|
|
|
|
SafeSearchEnabled: true,
|
|
|
|
|
SafeSearchCacheSize: 1000,
|
|
|
|
|
ParentalCacheSize: 1000,
|
|
|
|
|
CacheTime: 30,
|
|
|
|
|
}
|
|
|
|
|
forwardConf := ServerConfig{
|
2021-03-23 12:32:07 +03:00
|
|
|
|
UDPListenAddrs: []*net.UDPAddr{{}},
|
|
|
|
|
TCPListenAddrs: []*net.TCPAddr{{}},
|
2021-02-04 20:35:13 +03:00
|
|
|
|
FilteringConfig: FilteringConfig{
|
|
|
|
|
ProtectionEnabled: true,
|
|
|
|
|
UpstreamDNS: []string{"8.8.8.8:53", "8.8.4.4:53"},
|
|
|
|
|
},
|
|
|
|
|
ConfigModified: func() {},
|
|
|
|
|
}
|
|
|
|
|
s := createTestServer(t, filterConf, forwardConf)
|
2021-02-02 15:13:12 +03:00
|
|
|
|
s.conf.UpstreamConfig.Upstreams = []upstream.Upstream{
|
2021-02-04 20:35:13 +03:00
|
|
|
|
&aghtest.TestUpstream{
|
|
|
|
|
IPv4: map[string][]net.IP{
|
2021-02-02 15:13:12 +03:00
|
|
|
|
"google-public-dns-a.google.com.": {{8, 8, 8, 8}},
|
|
|
|
|
},
|
|
|
|
|
},
|
2019-02-22 15:23:39 +03:00
|
|
|
|
}
|
2021-02-02 15:13:12 +03:00
|
|
|
|
startDeferStop(t, s)
|
2019-02-22 15:23:39 +03:00
|
|
|
|
|
2021-02-02 15:13:12 +03:00
|
|
|
|
// Message over UDP.
|
2019-02-22 15:23:39 +03:00
|
|
|
|
addr := s.dnsProxy.Addr(proxy.ProtoUDP)
|
2021-02-02 15:13:12 +03:00
|
|
|
|
conn, err := dns.Dial(proxy.ProtoUDP, addr.String())
|
2021-03-25 16:00:27 +03:00
|
|
|
|
require.NoErrorf(t, err, "cannot connect to the proxy: %s", err)
|
2019-02-22 15:23:39 +03:00
|
|
|
|
|
|
|
|
|
sendTestMessagesAsync(t, conn)
|
2021-02-02 15:13:12 +03:00
|
|
|
|
}
|
2019-02-22 15:23:39 +03:00
|
|
|
|
|
2019-02-25 14:58:54 +03:00
|
|
|
|
func TestSafeSearch(t *testing.T) {
|
2021-02-04 20:35:13 +03:00
|
|
|
|
resolver := &aghtest.TestResolver{}
|
|
|
|
|
filterConf := &dnsfilter.Config{
|
|
|
|
|
SafeSearchEnabled: true,
|
|
|
|
|
SafeSearchCacheSize: 1000,
|
|
|
|
|
CacheTime: 30,
|
|
|
|
|
CustomResolver: resolver,
|
2019-02-25 14:58:54 +03:00
|
|
|
|
}
|
2021-02-04 20:35:13 +03:00
|
|
|
|
forwardConf := ServerConfig{
|
2021-03-23 12:32:07 +03:00
|
|
|
|
UDPListenAddrs: []*net.UDPAddr{{}},
|
|
|
|
|
TCPListenAddrs: []*net.TCPAddr{{}},
|
2021-02-04 20:35:13 +03:00
|
|
|
|
FilteringConfig: FilteringConfig{
|
|
|
|
|
ProtectionEnabled: true,
|
|
|
|
|
},
|
|
|
|
|
}
|
|
|
|
|
s := createTestServer(t, filterConf, forwardConf)
|
|
|
|
|
startDeferStop(t, s)
|
2019-02-25 14:58:54 +03:00
|
|
|
|
|
2021-02-04 20:35:13 +03:00
|
|
|
|
addr := s.dnsProxy.Addr(proxy.ProtoUDP).String()
|
|
|
|
|
client := dns.Client{Net: proxy.ProtoUDP}
|
|
|
|
|
|
|
|
|
|
yandexIP := net.IP{213, 180, 193, 56}
|
|
|
|
|
googleIP, _ := resolver.HostToIPs("forcesafesearch.google.com")
|
2019-02-25 14:58:54 +03:00
|
|
|
|
|
2021-02-04 20:35:13 +03:00
|
|
|
|
testCases := []struct {
|
|
|
|
|
host string
|
|
|
|
|
want net.IP
|
|
|
|
|
}{{
|
|
|
|
|
host: "yandex.com.",
|
|
|
|
|
want: yandexIP,
|
|
|
|
|
}, {
|
|
|
|
|
host: "yandex.by.",
|
|
|
|
|
want: yandexIP,
|
|
|
|
|
}, {
|
|
|
|
|
host: "yandex.kz.",
|
|
|
|
|
want: yandexIP,
|
|
|
|
|
}, {
|
|
|
|
|
host: "yandex.ru.",
|
|
|
|
|
want: yandexIP,
|
|
|
|
|
}, {
|
|
|
|
|
host: "www.google.com.",
|
|
|
|
|
want: googleIP,
|
|
|
|
|
}, {
|
|
|
|
|
host: "www.google.com.af.",
|
|
|
|
|
want: googleIP,
|
|
|
|
|
}, {
|
|
|
|
|
host: "www.google.be.",
|
|
|
|
|
want: googleIP,
|
|
|
|
|
}, {
|
|
|
|
|
host: "www.google.by.",
|
|
|
|
|
want: googleIP,
|
|
|
|
|
}}
|
2019-02-25 14:58:54 +03:00
|
|
|
|
|
2021-02-04 20:35:13 +03:00
|
|
|
|
for _, tc := range testCases {
|
|
|
|
|
t.Run(tc.host, func(t *testing.T) {
|
|
|
|
|
req := createTestMessage(tc.host)
|
2021-03-11 17:32:58 +03:00
|
|
|
|
|
2021-02-04 20:35:13 +03:00
|
|
|
|
reply, _, err := client.Exchange(req, addr)
|
2021-03-25 16:00:27 +03:00
|
|
|
|
require.NoErrorf(t, err, "couldn't talk to server %s: %s", addr, err)
|
2021-02-04 20:35:13 +03:00
|
|
|
|
assertResponse(t, reply, tc.want)
|
2021-02-02 15:13:12 +03:00
|
|
|
|
})
|
2019-02-25 14:58:54 +03:00
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2018-12-24 15:19:52 +03:00
|
|
|
|
func TestInvalidRequest(t *testing.T) {
|
2021-02-04 20:35:13 +03:00
|
|
|
|
s := createTestServer(t, &dnsfilter.Config{}, ServerConfig{
|
2021-03-23 12:32:07 +03:00
|
|
|
|
UDPListenAddrs: []*net.UDPAddr{{}},
|
|
|
|
|
TCPListenAddrs: []*net.TCPAddr{{}},
|
2021-02-04 20:35:13 +03:00
|
|
|
|
})
|
2021-02-02 15:13:12 +03:00
|
|
|
|
startDeferStop(t, s)
|
2018-12-24 15:19:52 +03:00
|
|
|
|
|
2021-02-02 15:13:12 +03:00
|
|
|
|
addr := s.dnsProxy.Addr(proxy.ProtoUDP).String()
|
|
|
|
|
req := dns.Msg{
|
|
|
|
|
MsgHdr: dns.MsgHdr{
|
|
|
|
|
Id: dns.Id(),
|
|
|
|
|
RecursionDesired: true,
|
|
|
|
|
},
|
2018-12-24 15:19:52 +03:00
|
|
|
|
}
|
|
|
|
|
|
2021-02-02 15:13:12 +03:00
|
|
|
|
// Send a DNS request without question.
|
|
|
|
|
_, _, err := (&dns.Client{
|
|
|
|
|
Net: proxy.ProtoUDP,
|
|
|
|
|
Timeout: 500 * time.Millisecond,
|
|
|
|
|
}).Exchange(&req, addr)
|
|
|
|
|
|
2021-03-25 16:00:27 +03:00
|
|
|
|
assert.NoErrorf(t, err, "got a response to an invalid query")
|
2018-12-24 15:19:52 +03:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func TestBlockedRequest(t *testing.T) {
|
2021-02-04 20:35:13 +03:00
|
|
|
|
forwardConf := ServerConfig{
|
2021-03-23 12:32:07 +03:00
|
|
|
|
UDPListenAddrs: []*net.UDPAddr{{}},
|
|
|
|
|
TCPListenAddrs: []*net.TCPAddr{{}},
|
2021-02-04 20:35:13 +03:00
|
|
|
|
FilteringConfig: FilteringConfig{
|
|
|
|
|
ProtectionEnabled: true,
|
|
|
|
|
},
|
|
|
|
|
}
|
|
|
|
|
s := createTestServer(t, &dnsfilter.Config{}, forwardConf)
|
2021-02-02 15:13:12 +03:00
|
|
|
|
startDeferStop(t, s)
|
|
|
|
|
|
2019-02-22 15:23:39 +03:00
|
|
|
|
addr := s.dnsProxy.Addr(proxy.ProtoUDP)
|
2018-12-24 15:19:52 +03:00
|
|
|
|
|
2021-02-02 15:13:12 +03:00
|
|
|
|
// Default blocking.
|
|
|
|
|
req := createTestMessage("nxdomain.example.org.")
|
2018-12-24 15:19:52 +03:00
|
|
|
|
|
2021-02-02 15:13:12 +03:00
|
|
|
|
reply, err := dns.Exchange(req, addr.String())
|
2021-03-25 16:00:27 +03:00
|
|
|
|
require.NoErrorf(t, err, "couldn't talk to server %s: %s", addr, err)
|
|
|
|
|
|
2020-10-02 12:51:55 +03:00
|
|
|
|
assert.Equal(t, dns.RcodeSuccess, reply.Rcode)
|
2021-03-11 17:32:58 +03:00
|
|
|
|
|
|
|
|
|
require.Len(t, reply.Answer, 1)
|
2021-02-02 15:13:12 +03:00
|
|
|
|
assert.True(t, reply.Answer[0].(*dns.A).A.IsUnspecified())
|
2018-12-24 15:19:52 +03:00
|
|
|
|
}
|
|
|
|
|
|
2020-05-14 12:57:41 +03:00
|
|
|
|
func TestServerCustomClientUpstream(t *testing.T) {
|
2021-02-04 20:35:13 +03:00
|
|
|
|
forwardConf := ServerConfig{
|
2021-03-23 12:32:07 +03:00
|
|
|
|
UDPListenAddrs: []*net.UDPAddr{{}},
|
|
|
|
|
TCPListenAddrs: []*net.TCPAddr{{}},
|
2021-02-04 20:35:13 +03:00
|
|
|
|
FilteringConfig: FilteringConfig{
|
|
|
|
|
ProtectionEnabled: true,
|
|
|
|
|
},
|
|
|
|
|
}
|
|
|
|
|
s := createTestServer(t, &dnsfilter.Config{}, forwardConf)
|
2020-12-17 13:32:46 +03:00
|
|
|
|
s.conf.GetCustomUpstreamByClient = func(_ string) *proxy.UpstreamConfig {
|
2021-02-02 15:13:12 +03:00
|
|
|
|
return &proxy.UpstreamConfig{
|
|
|
|
|
Upstreams: []upstream.Upstream{
|
2021-02-04 20:35:13 +03:00
|
|
|
|
&aghtest.TestUpstream{
|
|
|
|
|
IPv4: map[string][]net.IP{
|
2021-02-02 15:13:12 +03:00
|
|
|
|
"host.": {{192, 168, 0, 1}},
|
|
|
|
|
},
|
|
|
|
|
},
|
|
|
|
|
},
|
|
|
|
|
}
|
2020-05-14 12:57:41 +03:00
|
|
|
|
}
|
2021-02-02 15:13:12 +03:00
|
|
|
|
startDeferStop(t, s)
|
2020-08-13 11:49:42 +03:00
|
|
|
|
|
2020-05-14 12:57:41 +03:00
|
|
|
|
addr := s.dnsProxy.Addr(proxy.ProtoUDP)
|
|
|
|
|
|
2021-02-02 15:13:12 +03:00
|
|
|
|
// Send test request.
|
|
|
|
|
req := createTestMessage("host.")
|
2020-05-14 12:57:41 +03:00
|
|
|
|
|
2021-02-02 15:13:12 +03:00
|
|
|
|
reply, err := dns.Exchange(req, addr.String())
|
2021-03-25 16:00:27 +03:00
|
|
|
|
require.NoError(t, err)
|
2020-05-14 12:57:41 +03:00
|
|
|
|
|
|
|
|
|
assert.Equal(t, dns.RcodeSuccess, reply.Rcode)
|
2021-03-11 17:32:58 +03:00
|
|
|
|
require.NotEmpty(t, reply.Answer)
|
2021-02-02 15:13:12 +03:00
|
|
|
|
|
2021-03-11 17:32:58 +03:00
|
|
|
|
require.Len(t, reply.Answer, 1)
|
2021-02-02 15:13:12 +03:00
|
|
|
|
assert.Equal(t, net.IP{192, 168, 0, 1}, reply.Answer[0].(*dns.A).A)
|
2020-05-14 12:57:41 +03:00
|
|
|
|
}
|
|
|
|
|
|
2021-02-04 20:35:13 +03:00
|
|
|
|
// testCNAMEs is a map of names and CNAMEs necessary for the TestUpstream work.
|
2019-11-21 16:13:19 +03:00
|
|
|
|
var testCNAMEs = map[string]string{
|
|
|
|
|
"badhost.": "null.example.org.",
|
|
|
|
|
"whitelist.example.org.": "null.example.org.",
|
|
|
|
|
}
|
|
|
|
|
|
2021-02-04 20:35:13 +03:00
|
|
|
|
// testIPv4 is a map of names and IPv4s necessary for the TestUpstream work.
|
2019-11-21 16:13:19 +03:00
|
|
|
|
var testIPv4 = map[string][]net.IP{
|
|
|
|
|
"null.example.org.": {{1, 2, 3, 4}},
|
|
|
|
|
"example.org.": {{127, 0, 0, 255}},
|
|
|
|
|
}
|
|
|
|
|
|
2020-01-09 19:52:06 +03:00
|
|
|
|
func TestBlockCNAMEProtectionEnabled(t *testing.T) {
|
2021-02-04 20:35:13 +03:00
|
|
|
|
s := createTestServer(t, &dnsfilter.Config{}, ServerConfig{
|
2021-03-23 12:32:07 +03:00
|
|
|
|
UDPListenAddrs: []*net.UDPAddr{{}},
|
|
|
|
|
TCPListenAddrs: []*net.TCPAddr{{}},
|
2021-02-04 20:35:13 +03:00
|
|
|
|
})
|
|
|
|
|
testUpstm := &aghtest.TestUpstream{
|
|
|
|
|
CName: testCNAMEs,
|
|
|
|
|
IPv4: testIPv4,
|
|
|
|
|
IPv6: nil,
|
2021-02-02 15:13:12 +03:00
|
|
|
|
}
|
2020-01-09 19:52:06 +03:00
|
|
|
|
s.conf.ProtectionEnabled = false
|
2021-03-11 17:32:58 +03:00
|
|
|
|
s.dnsProxy.UpstreamConfig = &proxy.UpstreamConfig{
|
|
|
|
|
Upstreams: []upstream.Upstream{testUpstm},
|
|
|
|
|
}
|
|
|
|
|
startDeferStop(t, s)
|
|
|
|
|
|
2020-01-09 19:52:06 +03:00
|
|
|
|
addr := s.dnsProxy.Addr(proxy.ProtoUDP)
|
|
|
|
|
|
2021-03-11 17:32:58 +03:00
|
|
|
|
// 'badhost' has a canonical name 'null.example.org' which should be
|
|
|
|
|
// blocked by filters, but protection is disabled so it is not.
|
2020-01-09 19:52:06 +03:00
|
|
|
|
req := createTestMessage("badhost.")
|
2021-03-11 17:32:58 +03:00
|
|
|
|
|
2020-01-09 19:52:06 +03:00
|
|
|
|
reply, err := dns.Exchange(req, addr.String())
|
2021-03-25 16:00:27 +03:00
|
|
|
|
require.NoError(t, err)
|
|
|
|
|
|
2020-05-13 20:31:43 +03:00
|
|
|
|
assert.Equal(t, dns.RcodeSuccess, reply.Rcode)
|
2020-01-09 19:52:06 +03:00
|
|
|
|
}
|
|
|
|
|
|
2019-11-21 16:13:19 +03:00
|
|
|
|
func TestBlockCNAME(t *testing.T) {
|
2021-02-04 20:35:13 +03:00
|
|
|
|
forwardConf := ServerConfig{
|
2021-03-23 12:32:07 +03:00
|
|
|
|
UDPListenAddrs: []*net.UDPAddr{{}},
|
|
|
|
|
TCPListenAddrs: []*net.TCPAddr{{}},
|
2021-02-04 20:35:13 +03:00
|
|
|
|
FilteringConfig: FilteringConfig{
|
|
|
|
|
ProtectionEnabled: true,
|
|
|
|
|
},
|
|
|
|
|
}
|
|
|
|
|
s := createTestServer(t, &dnsfilter.Config{}, forwardConf)
|
2021-02-02 15:13:12 +03:00
|
|
|
|
s.conf.UpstreamConfig.Upstreams = []upstream.Upstream{
|
2021-02-04 20:35:13 +03:00
|
|
|
|
&aghtest.TestUpstream{
|
|
|
|
|
CName: testCNAMEs,
|
|
|
|
|
IPv4: testIPv4,
|
2021-02-02 15:13:12 +03:00
|
|
|
|
},
|
|
|
|
|
}
|
|
|
|
|
startDeferStop(t, s)
|
|
|
|
|
|
|
|
|
|
addr := s.dnsProxy.Addr(proxy.ProtoUDP).String()
|
|
|
|
|
|
|
|
|
|
testCases := []struct {
|
|
|
|
|
host string
|
|
|
|
|
want bool
|
|
|
|
|
}{{
|
|
|
|
|
host: "badhost.",
|
|
|
|
|
// 'badhost' has a canonical name 'null.example.org' which is
|
|
|
|
|
// blocked by filters: response is blocked.
|
|
|
|
|
want: true,
|
|
|
|
|
}, {
|
|
|
|
|
host: "whitelist.example.org.",
|
|
|
|
|
// 'whitelist.example.org' has a canonical name
|
|
|
|
|
// 'null.example.org' which is blocked by filters
|
|
|
|
|
// but 'whitelist.example.org' is in a whitelist:
|
|
|
|
|
// response isn't blocked.
|
|
|
|
|
want: false,
|
|
|
|
|
}, {
|
|
|
|
|
host: "example.org.",
|
|
|
|
|
// 'example.org' has a canonical name 'cname1' with IP
|
|
|
|
|
// 127.0.0.255 which is blocked by filters: response is blocked.
|
|
|
|
|
want: true,
|
|
|
|
|
}}
|
2019-11-21 16:13:19 +03:00
|
|
|
|
|
2021-02-02 15:13:12 +03:00
|
|
|
|
for _, tc := range testCases {
|
|
|
|
|
t.Run("block_cname_"+tc.host, func(t *testing.T) {
|
|
|
|
|
req := createTestMessage(tc.host)
|
2021-03-11 17:32:58 +03:00
|
|
|
|
|
2021-02-02 15:13:12 +03:00
|
|
|
|
reply, err := dns.Exchange(req, addr)
|
2021-03-25 16:00:27 +03:00
|
|
|
|
require.NoError(t, err)
|
|
|
|
|
|
2021-02-02 15:13:12 +03:00
|
|
|
|
assert.Equal(t, dns.RcodeSuccess, reply.Rcode)
|
|
|
|
|
if tc.want {
|
2021-03-11 17:32:58 +03:00
|
|
|
|
require.Len(t, reply.Answer, 1)
|
|
|
|
|
a, ok := reply.Answer[0].(*dns.A)
|
|
|
|
|
require.True(t, ok)
|
|
|
|
|
assert.True(t, a.A.IsUnspecified())
|
2021-02-02 15:13:12 +03:00
|
|
|
|
}
|
|
|
|
|
})
|
|
|
|
|
}
|
2019-11-21 16:13:19 +03:00
|
|
|
|
}
|
|
|
|
|
|
2019-12-23 13:36:59 +03:00
|
|
|
|
func TestClientRulesForCNAMEMatching(t *testing.T) {
|
2021-02-04 20:35:13 +03:00
|
|
|
|
forwardConf := ServerConfig{
|
2021-03-23 12:32:07 +03:00
|
|
|
|
UDPListenAddrs: []*net.UDPAddr{{}},
|
|
|
|
|
TCPListenAddrs: []*net.TCPAddr{{}},
|
2021-02-04 20:35:13 +03:00
|
|
|
|
FilteringConfig: FilteringConfig{
|
|
|
|
|
ProtectionEnabled: true,
|
|
|
|
|
FilterHandler: func(_ net.IP, _ string, settings *dnsfilter.RequestFilteringSettings) {
|
|
|
|
|
settings.FilteringEnabled = false
|
|
|
|
|
},
|
|
|
|
|
},
|
2019-12-23 13:36:59 +03:00
|
|
|
|
}
|
2021-02-04 20:35:13 +03:00
|
|
|
|
s := createTestServer(t, &dnsfilter.Config{}, forwardConf)
|
2021-02-02 15:13:12 +03:00
|
|
|
|
s.conf.UpstreamConfig.Upstreams = []upstream.Upstream{
|
2021-02-04 20:35:13 +03:00
|
|
|
|
&aghtest.TestUpstream{
|
|
|
|
|
CName: testCNAMEs,
|
|
|
|
|
IPv4: testIPv4,
|
2021-02-02 15:13:12 +03:00
|
|
|
|
},
|
|
|
|
|
}
|
|
|
|
|
startDeferStop(t, s)
|
|
|
|
|
|
2019-12-23 13:36:59 +03:00
|
|
|
|
addr := s.dnsProxy.Addr(proxy.ProtoUDP)
|
|
|
|
|
|
2021-02-02 15:13:12 +03:00
|
|
|
|
// 'badhost' has a canonical name 'null.example.org' which is blocked by
|
|
|
|
|
// filters: response is blocked.
|
|
|
|
|
req := dns.Msg{
|
|
|
|
|
MsgHdr: dns.MsgHdr{
|
|
|
|
|
Id: dns.Id(),
|
|
|
|
|
},
|
|
|
|
|
Question: []dns.Question{{
|
|
|
|
|
Name: "badhost.",
|
|
|
|
|
Qtype: dns.TypeA,
|
|
|
|
|
Qclass: dns.ClassINET,
|
|
|
|
|
}},
|
2019-12-23 13:36:59 +03:00
|
|
|
|
}
|
2021-02-02 15:13:12 +03:00
|
|
|
|
|
|
|
|
|
// However, in our case it should not be blocked as filtering is
|
|
|
|
|
// disabled on the client level.
|
2019-12-23 13:36:59 +03:00
|
|
|
|
reply, err := dns.Exchange(&req, addr.String())
|
2021-03-25 16:00:27 +03:00
|
|
|
|
require.NoError(t, err)
|
|
|
|
|
|
2019-12-23 13:36:59 +03:00
|
|
|
|
assert.Equal(t, dns.RcodeSuccess, reply.Rcode)
|
|
|
|
|
}
|
|
|
|
|
|
2019-05-14 15:53:31 +03:00
|
|
|
|
func TestNullBlockedRequest(t *testing.T) {
|
2021-02-04 20:35:13 +03:00
|
|
|
|
forwardConf := ServerConfig{
|
2021-03-23 12:32:07 +03:00
|
|
|
|
UDPListenAddrs: []*net.UDPAddr{{}},
|
|
|
|
|
TCPListenAddrs: []*net.TCPAddr{{}},
|
2021-02-04 20:35:13 +03:00
|
|
|
|
FilteringConfig: FilteringConfig{
|
|
|
|
|
ProtectionEnabled: true,
|
|
|
|
|
BlockingMode: "null_ip",
|
|
|
|
|
},
|
|
|
|
|
}
|
|
|
|
|
s := createTestServer(t, &dnsfilter.Config{}, forwardConf)
|
2021-02-02 15:13:12 +03:00
|
|
|
|
startDeferStop(t, s)
|
2019-05-14 15:53:31 +03:00
|
|
|
|
addr := s.dnsProxy.Addr(proxy.ProtoUDP)
|
|
|
|
|
|
2021-02-02 15:13:12 +03:00
|
|
|
|
// Nil filter blocking.
|
|
|
|
|
req := dns.Msg{
|
|
|
|
|
MsgHdr: dns.MsgHdr{
|
|
|
|
|
Id: dns.Id(),
|
|
|
|
|
RecursionDesired: true,
|
|
|
|
|
},
|
|
|
|
|
Question: []dns.Question{{
|
|
|
|
|
Name: "null.example.org.",
|
|
|
|
|
Qtype: dns.TypeA,
|
|
|
|
|
Qclass: dns.ClassINET,
|
|
|
|
|
}},
|
2019-05-14 15:53:31 +03:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
reply, err := dns.Exchange(&req, addr.String())
|
2021-03-25 16:00:27 +03:00
|
|
|
|
require.NoErrorf(t, err, "couldn't talk to server %s: %s", addr, err)
|
2021-03-11 17:32:58 +03:00
|
|
|
|
require.Lenf(t, reply.Answer, 1, "dns server %s returned reply with wrong number of answers - %d", addr, len(reply.Answer))
|
2021-02-02 15:13:12 +03:00
|
|
|
|
a, ok := reply.Answer[0].(*dns.A)
|
2021-03-11 17:32:58 +03:00
|
|
|
|
require.Truef(t, ok, "dns server %s returned wrong answer type instead of A: %v", addr, reply.Answer[0])
|
2021-02-02 15:13:12 +03:00
|
|
|
|
assert.Truef(t, a.A.IsUnspecified(), "dns server %s returned wrong answer instead of 0.0.0.0: %v", addr, a.A)
|
2019-05-14 15:53:31 +03:00
|
|
|
|
}
|
|
|
|
|
|
2019-12-16 17:04:30 +03:00
|
|
|
|
func TestBlockedCustomIP(t *testing.T) {
|
|
|
|
|
rules := "||nxdomain.example.org^\n||null.example.org^\n127.0.0.1 host.example.org\n@@||whitelist.example.org^\n||127.0.0.255\n"
|
2020-05-13 20:31:43 +03:00
|
|
|
|
filters := []dnsfilter.Filter{{
|
2021-02-02 15:13:12 +03:00
|
|
|
|
ID: 0,
|
|
|
|
|
Data: []byte(rules),
|
2020-02-26 19:58:25 +03:00
|
|
|
|
}}
|
2019-12-16 17:04:30 +03:00
|
|
|
|
|
2021-03-25 16:00:27 +03:00
|
|
|
|
s, err := NewServer(DNSCreateParams{
|
2021-02-02 15:13:12 +03:00
|
|
|
|
DNSFilter: dnsfilter.New(&dnsfilter.Config{}, filters),
|
|
|
|
|
})
|
2021-03-25 16:00:27 +03:00
|
|
|
|
require.NoError(t, err)
|
|
|
|
|
|
2021-03-11 17:32:58 +03:00
|
|
|
|
conf := &ServerConfig{
|
2021-03-23 12:32:07 +03:00
|
|
|
|
UDPListenAddrs: []*net.UDPAddr{{}},
|
|
|
|
|
TCPListenAddrs: []*net.TCPAddr{{}},
|
2021-02-02 15:13:12 +03:00
|
|
|
|
FilteringConfig: FilteringConfig{
|
|
|
|
|
ProtectionEnabled: true,
|
|
|
|
|
BlockingMode: "custom_ip",
|
|
|
|
|
BlockingIPv4: nil,
|
|
|
|
|
UpstreamDNS: []string{"8.8.8.8:53", "8.8.4.4:53"},
|
|
|
|
|
},
|
|
|
|
|
}
|
2021-03-25 16:00:27 +03:00
|
|
|
|
|
2021-02-02 15:13:12 +03:00
|
|
|
|
// Invalid BlockingIPv4.
|
2021-03-25 16:00:27 +03:00
|
|
|
|
err = s.Prepare(conf)
|
|
|
|
|
assert.Error(t, err)
|
2019-12-16 17:04:30 +03:00
|
|
|
|
|
2021-01-13 16:56:05 +03:00
|
|
|
|
conf.BlockingIPv4 = net.IP{0, 0, 0, 1}
|
|
|
|
|
conf.BlockingIPv6 = net.ParseIP("::1")
|
2021-03-25 16:00:27 +03:00
|
|
|
|
|
|
|
|
|
err = s.Prepare(conf)
|
|
|
|
|
require.NoError(t, err)
|
2021-02-02 15:13:12 +03:00
|
|
|
|
|
|
|
|
|
startDeferStop(t, s)
|
2019-12-16 17:04:30 +03:00
|
|
|
|
|
|
|
|
|
addr := s.dnsProxy.Addr(proxy.ProtoUDP)
|
|
|
|
|
|
|
|
|
|
req := createTestMessageWithType("null.example.org.", dns.TypeA)
|
|
|
|
|
reply, err := dns.Exchange(req, addr.String())
|
2021-03-25 16:00:27 +03:00
|
|
|
|
require.NoError(t, err)
|
|
|
|
|
|
2021-03-11 17:32:58 +03:00
|
|
|
|
require.Len(t, reply.Answer, 1)
|
2021-03-25 16:00:27 +03:00
|
|
|
|
|
2019-12-16 17:04:30 +03:00
|
|
|
|
a, ok := reply.Answer[0].(*dns.A)
|
2021-03-11 17:32:58 +03:00
|
|
|
|
require.True(t, ok)
|
2021-03-25 16:00:27 +03:00
|
|
|
|
|
2021-01-20 17:27:53 +03:00
|
|
|
|
assert.True(t, net.IP{0, 0, 0, 1}.Equal(a.A))
|
2019-12-16 17:04:30 +03:00
|
|
|
|
|
|
|
|
|
req = createTestMessageWithType("null.example.org.", dns.TypeAAAA)
|
|
|
|
|
reply, err = dns.Exchange(req, addr.String())
|
2021-03-25 16:00:27 +03:00
|
|
|
|
require.NoError(t, err)
|
|
|
|
|
|
2021-03-11 17:32:58 +03:00
|
|
|
|
require.Len(t, reply.Answer, 1)
|
2021-03-25 16:00:27 +03:00
|
|
|
|
|
2019-12-16 17:04:30 +03:00
|
|
|
|
a6, ok := reply.Answer[0].(*dns.AAAA)
|
2021-03-11 17:32:58 +03:00
|
|
|
|
require.True(t, ok)
|
2021-03-25 16:00:27 +03:00
|
|
|
|
|
2020-05-13 20:31:43 +03:00
|
|
|
|
assert.Equal(t, "::1", a6.AAAA.String())
|
2019-12-16 17:04:30 +03:00
|
|
|
|
}
|
|
|
|
|
|
2018-12-24 15:19:52 +03:00
|
|
|
|
func TestBlockedByHosts(t *testing.T) {
|
2021-02-04 20:35:13 +03:00
|
|
|
|
forwardConf := ServerConfig{
|
2021-03-23 12:32:07 +03:00
|
|
|
|
UDPListenAddrs: []*net.UDPAddr{{}},
|
|
|
|
|
TCPListenAddrs: []*net.TCPAddr{{}},
|
2021-02-04 20:35:13 +03:00
|
|
|
|
FilteringConfig: FilteringConfig{
|
|
|
|
|
ProtectionEnabled: true,
|
|
|
|
|
},
|
|
|
|
|
}
|
|
|
|
|
s := createTestServer(t, &dnsfilter.Config{}, forwardConf)
|
2021-02-02 15:13:12 +03:00
|
|
|
|
startDeferStop(t, s)
|
2019-02-22 15:23:39 +03:00
|
|
|
|
addr := s.dnsProxy.Addr(proxy.ProtoUDP)
|
2018-12-24 15:19:52 +03:00
|
|
|
|
|
2021-02-02 15:13:12 +03:00
|
|
|
|
// Hosts blocking.
|
|
|
|
|
req := createTestMessage("host.example.org.")
|
2018-12-24 15:19:52 +03:00
|
|
|
|
|
2021-02-02 15:13:12 +03:00
|
|
|
|
reply, err := dns.Exchange(req, addr.String())
|
2021-03-25 16:00:27 +03:00
|
|
|
|
require.NoErrorf(t, err, "couldn't talk to server %s: %s", addr, err)
|
2021-03-11 17:32:58 +03:00
|
|
|
|
require.Lenf(t, reply.Answer, 1, "dns server %s returned reply with wrong number of answers - %d", addr, len(reply.Answer))
|
2021-02-02 15:13:12 +03:00
|
|
|
|
a, ok := reply.Answer[0].(*dns.A)
|
2021-03-11 17:32:58 +03:00
|
|
|
|
require.Truef(t, ok, "dns server %s returned wrong answer type instead of A: %v", addr, reply.Answer[0])
|
2021-02-02 15:13:12 +03:00
|
|
|
|
assert.Equalf(t, net.IP{127, 0, 0, 1}, a.A, "dns server %s returned wrong answer instead of 8.8.8.8: %v", addr, a.A)
|
2018-12-24 15:19:52 +03:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func TestBlockedBySafeBrowsing(t *testing.T) {
|
2021-02-04 20:35:13 +03:00
|
|
|
|
const hostname = "wmconvirus.narod.ru"
|
2021-02-02 15:13:12 +03:00
|
|
|
|
|
2021-02-04 20:35:13 +03:00
|
|
|
|
sbUps := &aghtest.TestBlockUpstream{
|
|
|
|
|
Hostname: hostname,
|
|
|
|
|
Block: true,
|
|
|
|
|
}
|
2021-03-11 17:32:58 +03:00
|
|
|
|
ans4, _ := (&aghtest.TestResolver{}).HostToIPs(hostname)
|
2021-02-04 20:35:13 +03:00
|
|
|
|
|
|
|
|
|
filterConf := &dnsfilter.Config{
|
|
|
|
|
SafeBrowsingEnabled: true,
|
|
|
|
|
}
|
|
|
|
|
forwardConf := ServerConfig{
|
2021-03-23 12:32:07 +03:00
|
|
|
|
UDPListenAddrs: []*net.UDPAddr{{}},
|
|
|
|
|
TCPListenAddrs: []*net.TCPAddr{{}},
|
2021-02-04 20:35:13 +03:00
|
|
|
|
FilteringConfig: FilteringConfig{
|
2021-03-11 17:32:58 +03:00
|
|
|
|
SafeBrowsingBlockHost: ans4.String(),
|
2021-02-04 20:35:13 +03:00
|
|
|
|
ProtectionEnabled: true,
|
2021-02-02 15:13:12 +03:00
|
|
|
|
},
|
2018-12-24 15:19:52 +03:00
|
|
|
|
}
|
2021-02-04 20:35:13 +03:00
|
|
|
|
s := createTestServer(t, filterConf, forwardConf)
|
|
|
|
|
s.dnsFilter.SetSafeBrowsingUpstream(sbUps)
|
2021-02-02 15:13:12 +03:00
|
|
|
|
startDeferStop(t, s)
|
2019-02-22 15:23:39 +03:00
|
|
|
|
addr := s.dnsProxy.Addr(proxy.ProtoUDP)
|
2018-12-24 15:19:52 +03:00
|
|
|
|
|
2021-02-02 15:13:12 +03:00
|
|
|
|
// SafeBrowsing blocking.
|
2021-02-04 20:35:13 +03:00
|
|
|
|
req := createTestMessage(hostname + ".")
|
2021-02-02 15:13:12 +03:00
|
|
|
|
|
|
|
|
|
reply, err := dns.Exchange(req, addr.String())
|
2021-03-25 16:00:27 +03:00
|
|
|
|
require.NoErrorf(t, err, "couldn't talk to server %s: %s", addr, err)
|
2021-03-11 17:32:58 +03:00
|
|
|
|
require.Lenf(t, reply.Answer, 1, "dns server %s returned reply with wrong number of answers - %d", addr, len(reply.Answer))
|
2018-12-24 15:19:52 +03:00
|
|
|
|
|
2021-02-02 15:13:12 +03:00
|
|
|
|
a, ok := reply.Answer[0].(*dns.A)
|
2021-03-11 17:32:58 +03:00
|
|
|
|
require.Truef(t, ok, "dns server %s returned wrong answer type instead of A: %v", addr, reply.Answer[0])
|
|
|
|
|
assert.Equal(t, ans4, a.A, "dns server %s returned wrong answer: %v", addr, a.A)
|
2018-12-24 15:19:52 +03:00
|
|
|
|
}
|
|
|
|
|
|
2020-06-01 15:23:08 +03:00
|
|
|
|
func TestRewrite(t *testing.T) {
|
2021-02-02 15:13:12 +03:00
|
|
|
|
c := &dnsfilter.Config{
|
|
|
|
|
Rewrites: []dnsfilter.RewriteEntry{{
|
2020-06-01 15:23:08 +03:00
|
|
|
|
Domain: "test.com",
|
|
|
|
|
Answer: "1.2.3.4",
|
|
|
|
|
Type: dns.TypeA,
|
2021-02-02 15:13:12 +03:00
|
|
|
|
}, {
|
2020-06-01 15:23:08 +03:00
|
|
|
|
Domain: "alias.test.com",
|
|
|
|
|
Answer: "test.com",
|
|
|
|
|
Type: dns.TypeCNAME,
|
2021-02-02 15:13:12 +03:00
|
|
|
|
}, {
|
2020-06-01 15:23:08 +03:00
|
|
|
|
Domain: "my.alias.example.org",
|
|
|
|
|
Answer: "example.org",
|
|
|
|
|
Type: dns.TypeCNAME,
|
2021-02-02 15:13:12 +03:00
|
|
|
|
}},
|
2020-06-01 15:23:08 +03:00
|
|
|
|
}
|
2021-02-02 15:13:12 +03:00
|
|
|
|
f := dnsfilter.New(c, nil)
|
2020-06-01 15:23:08 +03:00
|
|
|
|
|
2021-03-25 16:00:27 +03:00
|
|
|
|
s, err := NewServer(DNSCreateParams{DNSFilter: f})
|
|
|
|
|
require.NoError(t, err)
|
|
|
|
|
|
|
|
|
|
err = s.Prepare(&ServerConfig{
|
2021-03-23 12:32:07 +03:00
|
|
|
|
UDPListenAddrs: []*net.UDPAddr{{}},
|
|
|
|
|
TCPListenAddrs: []*net.TCPAddr{{}},
|
2021-02-02 15:13:12 +03:00
|
|
|
|
FilteringConfig: FilteringConfig{
|
|
|
|
|
ProtectionEnabled: true,
|
|
|
|
|
UpstreamDNS: []string{"8.8.8.8:53"},
|
|
|
|
|
},
|
2021-03-25 16:00:27 +03:00
|
|
|
|
})
|
|
|
|
|
assert.NoError(t, err)
|
|
|
|
|
|
2021-02-02 15:13:12 +03:00
|
|
|
|
s.conf.UpstreamConfig.Upstreams = []upstream.Upstream{
|
2021-02-04 20:35:13 +03:00
|
|
|
|
&aghtest.TestUpstream{
|
|
|
|
|
CName: map[string]string{
|
2021-02-02 15:13:12 +03:00
|
|
|
|
"example.org": "somename",
|
|
|
|
|
},
|
2021-02-04 20:35:13 +03:00
|
|
|
|
IPv4: map[string][]net.IP{
|
2021-02-02 15:13:12 +03:00
|
|
|
|
"example.org.": {{4, 3, 2, 1}},
|
|
|
|
|
},
|
|
|
|
|
},
|
|
|
|
|
}
|
|
|
|
|
startDeferStop(t, s)
|
|
|
|
|
|
2020-06-01 15:23:08 +03:00
|
|
|
|
addr := s.dnsProxy.Addr(proxy.ProtoUDP)
|
|
|
|
|
|
|
|
|
|
req := createTestMessageWithType("test.com.", dns.TypeA)
|
|
|
|
|
reply, err := dns.Exchange(req, addr.String())
|
2021-03-25 16:00:27 +03:00
|
|
|
|
require.NoError(t, err)
|
|
|
|
|
|
2021-03-11 17:32:58 +03:00
|
|
|
|
require.Len(t, reply.Answer, 1)
|
2021-03-25 16:00:27 +03:00
|
|
|
|
|
2020-06-01 15:23:08 +03:00
|
|
|
|
a, ok := reply.Answer[0].(*dns.A)
|
2021-03-11 17:32:58 +03:00
|
|
|
|
require.True(t, ok)
|
2021-03-25 16:00:27 +03:00
|
|
|
|
|
2021-01-20 17:27:53 +03:00
|
|
|
|
assert.True(t, net.IP{1, 2, 3, 4}.Equal(a.A))
|
2020-06-01 15:23:08 +03:00
|
|
|
|
|
2020-07-24 13:27:14 +03:00
|
|
|
|
req = createTestMessageWithType("test.com.", dns.TypeAAAA)
|
|
|
|
|
reply, err = dns.Exchange(req, addr.String())
|
2021-03-25 16:00:27 +03:00
|
|
|
|
require.NoError(t, err)
|
|
|
|
|
|
2021-01-13 16:56:05 +03:00
|
|
|
|
assert.Empty(t, reply.Answer)
|
2020-07-24 13:27:14 +03:00
|
|
|
|
|
2020-06-01 15:23:08 +03:00
|
|
|
|
req = createTestMessageWithType("alias.test.com.", dns.TypeA)
|
|
|
|
|
reply, err = dns.Exchange(req, addr.String())
|
2021-03-25 16:00:27 +03:00
|
|
|
|
require.NoError(t, err)
|
2021-03-11 17:32:58 +03:00
|
|
|
|
|
|
|
|
|
require.Len(t, reply.Answer, 2)
|
2021-03-25 16:00:27 +03:00
|
|
|
|
|
2020-06-01 15:23:08 +03:00
|
|
|
|
assert.Equal(t, "test.com.", reply.Answer[0].(*dns.CNAME).Target)
|
2021-01-20 17:27:53 +03:00
|
|
|
|
assert.True(t, net.IP{1, 2, 3, 4}.Equal(reply.Answer[1].(*dns.A).A))
|
2020-06-01 15:23:08 +03:00
|
|
|
|
|
|
|
|
|
req = createTestMessageWithType("my.alias.example.org.", dns.TypeA)
|
|
|
|
|
reply, err = dns.Exchange(req, addr.String())
|
2021-03-25 16:00:27 +03:00
|
|
|
|
require.NoError(t, err)
|
2021-03-11 17:32:58 +03:00
|
|
|
|
|
2021-02-04 20:35:13 +03:00
|
|
|
|
// The original question is restored.
|
2021-03-11 17:32:58 +03:00
|
|
|
|
require.Len(t, reply.Question, 1)
|
2021-03-25 16:00:27 +03:00
|
|
|
|
|
2021-02-04 20:35:13 +03:00
|
|
|
|
assert.Equal(t, "my.alias.example.org.", reply.Question[0].Name)
|
2021-03-11 17:32:58 +03:00
|
|
|
|
|
|
|
|
|
require.Len(t, reply.Answer, 2)
|
2021-03-25 16:00:27 +03:00
|
|
|
|
|
2020-06-01 15:23:08 +03:00
|
|
|
|
assert.Equal(t, "example.org.", reply.Answer[0].(*dns.CNAME).Target)
|
|
|
|
|
assert.Equal(t, dns.TypeA, reply.Answer[1].Header().Rrtype)
|
|
|
|
|
}
|
|
|
|
|
|
2019-02-22 15:23:39 +03:00
|
|
|
|
func publicKey(priv interface{}) interface{} {
|
|
|
|
|
switch k := priv.(type) {
|
|
|
|
|
case *rsa.PrivateKey:
|
|
|
|
|
return &k.PublicKey
|
2021-02-04 20:35:13 +03:00
|
|
|
|
|
2019-02-22 15:23:39 +03:00
|
|
|
|
case *ecdsa.PrivateKey:
|
|
|
|
|
return &k.PublicKey
|
2021-02-04 20:35:13 +03:00
|
|
|
|
|
2019-02-22 15:23:39 +03:00
|
|
|
|
default:
|
|
|
|
|
return nil
|
|
|
|
|
}
|
|
|
|
|
}
|
2019-05-24 14:49:26 +03:00
|
|
|
|
|
2019-10-30 17:23:13 +03:00
|
|
|
|
func TestValidateUpstream(t *testing.T) {
|
2021-02-02 15:13:12 +03:00
|
|
|
|
testCases := []struct {
|
|
|
|
|
name string
|
|
|
|
|
upstream string
|
|
|
|
|
valid bool
|
|
|
|
|
wantDef bool
|
|
|
|
|
}{{
|
|
|
|
|
name: "invalid",
|
|
|
|
|
upstream: "1.2.3.4.5",
|
|
|
|
|
valid: false,
|
|
|
|
|
}, {
|
|
|
|
|
name: "invalid",
|
|
|
|
|
upstream: "123.3.7m",
|
|
|
|
|
valid: false,
|
|
|
|
|
}, {
|
|
|
|
|
name: "invalid",
|
|
|
|
|
upstream: "htttps://google.com/dns-query",
|
|
|
|
|
valid: false,
|
|
|
|
|
}, {
|
|
|
|
|
name: "invalid",
|
|
|
|
|
upstream: "[/host.com]tls://dns.adguard.com",
|
|
|
|
|
valid: false,
|
|
|
|
|
}, {
|
|
|
|
|
name: "invalid",
|
|
|
|
|
upstream: "[host.ru]#",
|
|
|
|
|
valid: false,
|
|
|
|
|
}, {
|
|
|
|
|
name: "valid_default",
|
|
|
|
|
upstream: "1.1.1.1",
|
|
|
|
|
valid: true,
|
|
|
|
|
wantDef: true,
|
|
|
|
|
}, {
|
|
|
|
|
name: "valid_default",
|
|
|
|
|
upstream: "tls://1.1.1.1",
|
|
|
|
|
valid: true,
|
|
|
|
|
wantDef: true,
|
|
|
|
|
}, {
|
|
|
|
|
name: "valid_default",
|
|
|
|
|
upstream: "https://dns.adguard.com/dns-query",
|
|
|
|
|
valid: true,
|
|
|
|
|
wantDef: true,
|
|
|
|
|
}, {
|
|
|
|
|
name: "valid_default",
|
|
|
|
|
upstream: "sdns://AQMAAAAAAAAAFDE3Ni4xMDMuMTMwLjEzMDo1NDQzINErR_JS3PLCu_iZEIbq95zkSV2LFsigxDIuUso_OQhzIjIuZG5zY3J5cHQuZGVmYXVsdC5uczEuYWRndWFyZC5jb20",
|
|
|
|
|
valid: true,
|
|
|
|
|
wantDef: true,
|
|
|
|
|
}, {
|
|
|
|
|
name: "valid",
|
|
|
|
|
upstream: "[/host.com/]1.1.1.1",
|
|
|
|
|
valid: true,
|
|
|
|
|
wantDef: false,
|
|
|
|
|
}, {
|
|
|
|
|
name: "valid",
|
|
|
|
|
upstream: "[//]tls://1.1.1.1",
|
|
|
|
|
valid: true,
|
|
|
|
|
wantDef: false,
|
|
|
|
|
}, {
|
|
|
|
|
name: "valid",
|
|
|
|
|
upstream: "[/www.host.com/]#",
|
|
|
|
|
valid: true,
|
|
|
|
|
wantDef: false,
|
|
|
|
|
}, {
|
|
|
|
|
name: "valid",
|
|
|
|
|
upstream: "[/host.com/google.com/]8.8.8.8",
|
|
|
|
|
valid: true,
|
|
|
|
|
wantDef: false,
|
|
|
|
|
}, {
|
|
|
|
|
name: "valid",
|
|
|
|
|
upstream: "[/host/]sdns://AQMAAAAAAAAAFDE3Ni4xMDMuMTMwLjEzMDo1NDQzINErR_JS3PLCu_iZEIbq95zkSV2LFsigxDIuUso_OQhzIjIuZG5zY3J5cHQuZGVmYXVsdC5uczEuYWRndWFyZC5jb20",
|
|
|
|
|
valid: true,
|
|
|
|
|
wantDef: false,
|
|
|
|
|
}}
|
2019-10-30 17:23:13 +03:00
|
|
|
|
|
2021-02-02 15:13:12 +03:00
|
|
|
|
for _, tc := range testCases {
|
|
|
|
|
t.Run(tc.name, func(t *testing.T) {
|
|
|
|
|
defaultUpstream, err := validateUpstream(tc.upstream)
|
2021-03-11 17:32:58 +03:00
|
|
|
|
require.Equal(t, tc.valid, err == nil)
|
|
|
|
|
if tc.valid {
|
2021-02-02 15:13:12 +03:00
|
|
|
|
assert.Equal(t, tc.wantDef, defaultUpstream)
|
|
|
|
|
}
|
|
|
|
|
})
|
2019-05-24 14:49:26 +03:00
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2019-10-30 17:23:13 +03:00
|
|
|
|
func TestValidateUpstreamsSet(t *testing.T) {
|
2021-03-11 17:32:58 +03:00
|
|
|
|
testCases := []struct {
|
|
|
|
|
name string
|
|
|
|
|
msg string
|
|
|
|
|
set []string
|
|
|
|
|
wantNil bool
|
|
|
|
|
}{{
|
|
|
|
|
name: "empty",
|
|
|
|
|
msg: "empty upstreams array should be valid",
|
|
|
|
|
set: nil,
|
|
|
|
|
wantNil: true,
|
|
|
|
|
}, {
|
|
|
|
|
name: "comment",
|
|
|
|
|
msg: "comments should not be validated",
|
|
|
|
|
set: []string{"# comment"},
|
|
|
|
|
wantNil: true,
|
|
|
|
|
}, {
|
|
|
|
|
name: "valid_no_default",
|
|
|
|
|
msg: "there is no default upstream",
|
|
|
|
|
set: []string{
|
|
|
|
|
"[/host.com/]1.1.1.1",
|
|
|
|
|
"[//]tls://1.1.1.1",
|
|
|
|
|
"[/www.host.com/]#",
|
|
|
|
|
"[/host.com/google.com/]8.8.8.8",
|
|
|
|
|
"[/host/]sdns://AQMAAAAAAAAAFDE3Ni4xMDMuMTMwLjEzMDo1NDQzINErR_JS3PLCu_iZEIbq95zkSV2LFsigxDIuUso_OQhzIjIuZG5zY3J5cHQuZGVmYXVsdC5uczEuYWRndWFyZC5jb20",
|
|
|
|
|
},
|
|
|
|
|
wantNil: false,
|
|
|
|
|
}, {
|
|
|
|
|
name: "valid_with_default",
|
|
|
|
|
msg: "upstreams set is valid, but doesn't pass through validation cause: %s",
|
|
|
|
|
set: []string{
|
|
|
|
|
"[/host.com/]1.1.1.1",
|
|
|
|
|
"[//]tls://1.1.1.1",
|
|
|
|
|
"[/www.host.com/]#",
|
|
|
|
|
"[/host.com/google.com/]8.8.8.8",
|
|
|
|
|
"[/host/]sdns://AQMAAAAAAAAAFDE3Ni4xMDMuMTMwLjEzMDo1NDQzINErR_JS3PLCu_iZEIbq95zkSV2LFsigxDIuUso_OQhzIjIuZG5zY3J5cHQuZGVmYXVsdC5uczEuYWRndWFyZC5jb20",
|
|
|
|
|
"8.8.8.8",
|
|
|
|
|
},
|
|
|
|
|
wantNil: true,
|
|
|
|
|
}, {
|
|
|
|
|
name: "invalid",
|
|
|
|
|
msg: "there is an invalid upstream in set, but it pass through validation",
|
|
|
|
|
set: []string{"dhcp://fake.dns"},
|
|
|
|
|
wantNil: false,
|
|
|
|
|
}}
|
2019-05-24 14:49:26 +03:00
|
|
|
|
|
2021-03-11 17:32:58 +03:00
|
|
|
|
for _, tc := range testCases {
|
|
|
|
|
t.Run(tc.name, func(t *testing.T) {
|
|
|
|
|
err := ValidateUpstreams(tc.set)
|
2019-05-24 14:49:26 +03:00
|
|
|
|
|
2021-03-11 17:32:58 +03:00
|
|
|
|
assert.Equalf(t, tc.wantNil, err == nil, tc.msg, err)
|
|
|
|
|
})
|
|
|
|
|
}
|
2019-05-24 14:49:26 +03:00
|
|
|
|
}
|
2019-12-16 12:36:52 +03:00
|
|
|
|
|
2021-01-13 16:56:05 +03:00
|
|
|
|
func TestIPStringFromAddr(t *testing.T) {
|
2021-03-11 17:32:58 +03:00
|
|
|
|
t.Run("not_nil", func(t *testing.T) {
|
|
|
|
|
addr := net.UDPAddr{
|
|
|
|
|
IP: net.ParseIP("1:2:3::4"),
|
|
|
|
|
Port: 12345,
|
|
|
|
|
Zone: "eth0",
|
|
|
|
|
}
|
|
|
|
|
assert.Equal(t, IPStringFromAddr(&addr), addr.IP.String())
|
|
|
|
|
})
|
|
|
|
|
|
|
|
|
|
t.Run("nil", func(t *testing.T) {
|
|
|
|
|
assert.Empty(t, IPStringFromAddr(nil))
|
|
|
|
|
})
|
2019-12-16 12:36:52 +03:00
|
|
|
|
}
|
2020-01-22 18:40:43 +03:00
|
|
|
|
|
|
|
|
|
func TestMatchDNSName(t *testing.T) {
|
|
|
|
|
dnsNames := []string{"host1", "*.host2", "1.2.3.4"}
|
|
|
|
|
sort.Strings(dnsNames)
|
2021-02-02 15:13:12 +03:00
|
|
|
|
|
|
|
|
|
testCases := []struct {
|
|
|
|
|
name string
|
|
|
|
|
dnsName string
|
|
|
|
|
want bool
|
|
|
|
|
}{{
|
|
|
|
|
name: "match",
|
|
|
|
|
dnsName: "host1",
|
|
|
|
|
want: true,
|
|
|
|
|
}, {
|
|
|
|
|
name: "match",
|
|
|
|
|
dnsName: "a.host2",
|
|
|
|
|
want: true,
|
|
|
|
|
}, {
|
|
|
|
|
name: "match",
|
|
|
|
|
dnsName: "b.a.host2",
|
|
|
|
|
want: true,
|
|
|
|
|
}, {
|
|
|
|
|
name: "match",
|
|
|
|
|
dnsName: "1.2.3.4",
|
|
|
|
|
want: true,
|
|
|
|
|
}, {
|
|
|
|
|
name: "mismatch",
|
|
|
|
|
dnsName: "host2",
|
|
|
|
|
want: false,
|
|
|
|
|
}, {
|
|
|
|
|
name: "mismatch",
|
|
|
|
|
dnsName: "",
|
|
|
|
|
want: false,
|
|
|
|
|
}, {
|
|
|
|
|
name: "mismatch",
|
|
|
|
|
dnsName: "*.host2",
|
|
|
|
|
want: false,
|
|
|
|
|
}}
|
|
|
|
|
for _, tc := range testCases {
|
|
|
|
|
t.Run(tc.name, func(t *testing.T) {
|
|
|
|
|
assert.Equal(t, tc.want, matchDNSName(dnsNames, tc.dnsName))
|
|
|
|
|
})
|
|
|
|
|
}
|
2020-01-22 18:40:43 +03:00
|
|
|
|
}
|
2020-06-23 12:13:13 +03:00
|
|
|
|
|
2021-01-27 18:32:13 +03:00
|
|
|
|
type testDHCP struct{}
|
2020-07-03 18:20:01 +03:00
|
|
|
|
|
|
|
|
|
func (d *testDHCP) Leases(flags int) []dhcpd.Lease {
|
2021-02-02 15:13:12 +03:00
|
|
|
|
l := dhcpd.Lease{
|
|
|
|
|
IP: net.IP{127, 0, 0, 1},
|
|
|
|
|
HWAddr: net.HardwareAddr{0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA},
|
|
|
|
|
Hostname: "localhost",
|
|
|
|
|
}
|
2021-02-04 20:35:13 +03:00
|
|
|
|
|
2020-07-03 18:20:01 +03:00
|
|
|
|
return []dhcpd.Lease{l}
|
|
|
|
|
}
|
2020-11-03 15:39:55 +03:00
|
|
|
|
func (d *testDHCP) SetOnLeaseChanged(onLeaseChanged dhcpd.OnLeaseChangedT) {}
|
2020-07-03 18:20:01 +03:00
|
|
|
|
|
2020-09-11 11:53:36 +03:00
|
|
|
|
func TestPTRResponseFromDHCPLeases(t *testing.T) {
|
2021-03-25 16:00:27 +03:00
|
|
|
|
s, err := NewServer(DNSCreateParams{
|
2021-02-02 15:13:12 +03:00
|
|
|
|
DNSFilter: dnsfilter.New(&dnsfilter.Config{}, nil),
|
2021-03-11 17:32:58 +03:00
|
|
|
|
DHCPServer: &testDHCP{},
|
2021-02-02 15:13:12 +03:00
|
|
|
|
})
|
2021-03-25 16:00:27 +03:00
|
|
|
|
require.NoError(t, err)
|
2021-02-02 15:13:12 +03:00
|
|
|
|
|
2021-03-23 12:32:07 +03:00
|
|
|
|
s.conf.UDPListenAddrs = []*net.UDPAddr{{}}
|
|
|
|
|
s.conf.TCPListenAddrs = []*net.TCPAddr{{}}
|
2020-06-23 12:13:13 +03:00
|
|
|
|
s.conf.UpstreamDNS = []string{"127.0.0.1:53"}
|
|
|
|
|
s.conf.FilteringConfig.ProtectionEnabled = true
|
2021-03-25 16:00:27 +03:00
|
|
|
|
|
|
|
|
|
err = s.Prepare(nil)
|
|
|
|
|
require.NoError(t, err)
|
|
|
|
|
|
|
|
|
|
err = s.Start()
|
|
|
|
|
require.NoError(t, err)
|
|
|
|
|
|
2021-03-11 17:32:58 +03:00
|
|
|
|
t.Cleanup(func() {
|
|
|
|
|
s.Close()
|
|
|
|
|
})
|
2020-06-23 12:13:13 +03:00
|
|
|
|
|
|
|
|
|
addr := s.dnsProxy.Addr(proxy.ProtoUDP)
|
2021-02-02 15:13:12 +03:00
|
|
|
|
req := createTestMessageWithType("1.0.0.127.in-addr.arpa.", dns.TypePTR)
|
2020-06-23 12:13:13 +03:00
|
|
|
|
|
|
|
|
|
resp, err := dns.Exchange(req, addr.String())
|
2021-03-25 16:00:27 +03:00
|
|
|
|
require.NoError(t, err)
|
|
|
|
|
|
2021-03-11 17:32:58 +03:00
|
|
|
|
require.Len(t, resp.Answer, 1)
|
2021-03-25 16:00:27 +03:00
|
|
|
|
|
2020-06-23 12:13:13 +03:00
|
|
|
|
assert.Equal(t, dns.TypePTR, resp.Answer[0].Header().Rrtype)
|
|
|
|
|
assert.Equal(t, "1.0.0.127.in-addr.arpa.", resp.Answer[0].Header().Name)
|
2021-02-02 15:13:12 +03:00
|
|
|
|
|
2021-02-04 15:12:34 +03:00
|
|
|
|
ptr, ok := resp.Answer[0].(*dns.PTR)
|
2021-03-11 17:32:58 +03:00
|
|
|
|
require.True(t, ok)
|
|
|
|
|
assert.Equal(t, "localhost.", ptr.Ptr)
|
2020-06-23 12:13:13 +03:00
|
|
|
|
}
|
2020-09-11 11:53:36 +03:00
|
|
|
|
|
|
|
|
|
func TestPTRResponseFromHosts(t *testing.T) {
|
|
|
|
|
c := dnsfilter.Config{
|
|
|
|
|
AutoHosts: &util.AutoHosts{},
|
|
|
|
|
}
|
|
|
|
|
|
2021-02-02 15:13:12 +03:00
|
|
|
|
// Prepare test hosts file.
|
|
|
|
|
hf, err := ioutil.TempFile("", "")
|
2021-03-25 16:00:27 +03:00
|
|
|
|
require.NoError(t, err)
|
|
|
|
|
|
2021-03-11 17:32:58 +03:00
|
|
|
|
t.Cleanup(func() {
|
2021-03-25 16:00:27 +03:00
|
|
|
|
assert.NoError(t, hf.Close())
|
|
|
|
|
assert.NoError(t, os.Remove(hf.Name()))
|
2021-03-11 17:32:58 +03:00
|
|
|
|
})
|
2020-09-11 11:53:36 +03:00
|
|
|
|
|
|
|
|
|
_, _ = hf.WriteString(" 127.0.0.1 host # comment \n")
|
|
|
|
|
_, _ = hf.WriteString(" ::1 localhost#comment \n")
|
|
|
|
|
|
2021-02-02 15:13:12 +03:00
|
|
|
|
// Init auto hosts.
|
2020-09-11 11:53:36 +03:00
|
|
|
|
c.AutoHosts.Init(hf.Name())
|
2021-02-02 15:13:12 +03:00
|
|
|
|
t.Cleanup(c.AutoHosts.Close)
|
2020-09-11 11:53:36 +03:00
|
|
|
|
|
2021-03-25 16:00:27 +03:00
|
|
|
|
s, err := NewServer(DNSCreateParams{DNSFilter: dnsfilter.New(&c, nil)})
|
|
|
|
|
require.NoError(t, err)
|
|
|
|
|
|
2021-03-23 12:32:07 +03:00
|
|
|
|
s.conf.UDPListenAddrs = []*net.UDPAddr{{}}
|
|
|
|
|
s.conf.TCPListenAddrs = []*net.TCPAddr{{}}
|
2020-09-11 11:53:36 +03:00
|
|
|
|
s.conf.UpstreamDNS = []string{"127.0.0.1:53"}
|
|
|
|
|
s.conf.FilteringConfig.ProtectionEnabled = true
|
2021-02-02 15:13:12 +03:00
|
|
|
|
|
2021-03-25 16:00:27 +03:00
|
|
|
|
err = s.Prepare(nil)
|
|
|
|
|
require.NoError(t, err)
|
|
|
|
|
|
|
|
|
|
err = s.Start()
|
|
|
|
|
require.NoError(t, err)
|
|
|
|
|
|
2021-03-11 17:32:58 +03:00
|
|
|
|
t.Cleanup(func() {
|
|
|
|
|
s.Close()
|
|
|
|
|
})
|
2020-09-11 11:53:36 +03:00
|
|
|
|
|
|
|
|
|
addr := s.dnsProxy.Addr(proxy.ProtoUDP)
|
2021-02-02 15:13:12 +03:00
|
|
|
|
req := createTestMessageWithType("1.0.0.127.in-addr.arpa.", dns.TypePTR)
|
2020-09-11 11:53:36 +03:00
|
|
|
|
|
|
|
|
|
resp, err := dns.Exchange(req, addr.String())
|
2021-03-25 16:00:27 +03:00
|
|
|
|
require.NoError(t, err)
|
|
|
|
|
|
2021-03-11 17:32:58 +03:00
|
|
|
|
require.Len(t, resp.Answer, 1)
|
2021-03-25 16:00:27 +03:00
|
|
|
|
|
2020-09-11 11:53:36 +03:00
|
|
|
|
assert.Equal(t, dns.TypePTR, resp.Answer[0].Header().Rrtype)
|
|
|
|
|
assert.Equal(t, "1.0.0.127.in-addr.arpa.", resp.Answer[0].Header().Name)
|
2021-02-02 15:13:12 +03:00
|
|
|
|
|
2021-02-04 15:12:34 +03:00
|
|
|
|
ptr, ok := resp.Answer[0].(*dns.PTR)
|
2021-03-11 17:32:58 +03:00
|
|
|
|
require.True(t, ok)
|
|
|
|
|
assert.Equal(t, "host.", ptr.Ptr)
|
2020-09-11 11:53:36 +03:00
|
|
|
|
}
|
2021-03-25 16:00:27 +03:00
|
|
|
|
|
|
|
|
|
func TestNewServer(t *testing.T) {
|
|
|
|
|
testCases := []struct {
|
|
|
|
|
name string
|
|
|
|
|
in DNSCreateParams
|
|
|
|
|
wantErrMsg string
|
|
|
|
|
}{{
|
|
|
|
|
name: "success",
|
|
|
|
|
in: DNSCreateParams{},
|
|
|
|
|
wantErrMsg: "",
|
|
|
|
|
}, {
|
|
|
|
|
name: "success_autohost_tld",
|
|
|
|
|
in: DNSCreateParams{
|
|
|
|
|
AutohostTLD: "mynet",
|
|
|
|
|
},
|
|
|
|
|
wantErrMsg: "",
|
|
|
|
|
}, {
|
|
|
|
|
name: "bad_autohost_tld",
|
|
|
|
|
in: DNSCreateParams{
|
|
|
|
|
AutohostTLD: "!!!",
|
|
|
|
|
},
|
|
|
|
|
wantErrMsg: `autohost tld: invalid char '!' at index 0 in "!!!"`,
|
|
|
|
|
}}
|
|
|
|
|
|
|
|
|
|
for _, tc := range testCases {
|
|
|
|
|
t.Run(tc.name, func(t *testing.T) {
|
|
|
|
|
_, err := NewServer(tc.in)
|
|
|
|
|
if tc.wantErrMsg == "" {
|
|
|
|
|
assert.NoError(t, err)
|
|
|
|
|
} else {
|
|
|
|
|
require.Error(t, err)
|
|
|
|
|
assert.Equal(t, tc.wantErrMsg, err.Error())
|
|
|
|
|
}
|
|
|
|
|
})
|
|
|
|
|
}
|
|
|
|
|
}
|