diff --git a/CHANGELOG.md b/CHANGELOG.md index db23109c..de190c29 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -15,6 +15,12 @@ and this project adheres to ## [v0.108.0] - 2022-12-01 (APPROX.) --> +### Added + +- The new optional `dns.ipset_file` property in the configuration file allows + loading the `ipset` list from a file, just like `dns.upstream_dns_file` does + for upstream servers ([#4686]). + ### Changed - The minimum DHCP message size is reassigned back to BOOTP's constraint of 300 @@ -26,6 +32,7 @@ and this project adheres to operation have been disabled ([#2993]). [#2993]: https://github.com/AdguardTeam/AdGuardHome/issues/2993 +[#4686]: https://github.com/AdguardTeam/AdGuardHome/issues/4686 [#4904]: https://github.com/AdguardTeam/AdGuardHome/issues/4904 @@ -37,12 +44,6 @@ and this project adheres to See also the [v0.107.13 GitHub milestone][ms-v0.107.13]. [ms-v0.107.13]: https://github.com/AdguardTeam/AdGuardHome/milestone/49?closed=1 - -### Added - -- The `dns.ipset_file` property in the configuration file now allows you to - load the ipset list from a separate file instead of setting all upstreams - in AdGuard Home settings. ([#4686]). --> diff --git a/internal/dnsforward/config.go b/internal/dnsforward/config.go index 5febc457..747767c4 100644 --- a/internal/dnsforward/config.go +++ b/internal/dnsforward/config.go @@ -128,12 +128,13 @@ type FilteringConfig struct { // IpsetList is the ipset configuration that allows AdGuard Home to add // IP addresses of the specified domain names to an ipset list. Syntax: // - // DOMAIN[,DOMAIN].../IPSET_NAME + // DOMAIN[,DOMAIN].../IPSET_NAME // + // This field is ignored if [IpsetListFileName] is set. IpsetList []string `yaml:"ipset"` // IpsetListFileName, if set, points to the file with ipset configuration. - // The format is the same as in IpsetList. + // The format is the same as in [IpsetList]. IpsetListFileName string `yaml:"ipset_file"` } @@ -404,6 +405,26 @@ func setProxyUpstreamMode( } } +// prepareIpsetListSettings reads and prepares the ipset configuration either +// from a file or from the data in the configuration file. +func (s *Server) prepareIpsetListSettings() (err error) { + fn := s.conf.IpsetListFileName + if fn == "" { + return s.ipset.init(s.conf.IpsetList) + } + + data, err := os.ReadFile(fn) + if err != nil { + return err + } + + ipsets := stringutil.SplitTrimmed(string(data), "\n") + + log.Debug("dns: using %d ipset rules from file %q", len(ipsets), fn) + + return s.ipset.init(ipsets) +} + // prepareTLS - prepares TLS configuration for the DNS proxy func (s *Server) prepareTLS(proxyConfig *proxy.Config) error { if len(s.conf.CertificateChainData) == 0 || len(s.conf.PrivateKeyData) == 0 { @@ -505,22 +526,3 @@ func (s *Server) onGetCertificate(ch *tls.ClientHelloInfo) (*tls.Certificate, er } return &s.conf.cert, nil } - -// prepareIpsetListSettings - prepares ipset list settings -func (s *Server) prepareIpsetListSettings() error { - var ipsets []string - if s.conf.IpsetListFileName != "" { - data, err := os.ReadFile(s.conf.IpsetListFileName) - if err != nil { - return err - } - - ipsets = stringutil.SplitTrimmed(string(data), "\n") - - log.Debug("dns: using %d ipset list from file %s", len(ipsets), s.conf.IpsetListFileName) - } else { - ipsets = s.conf.IpsetList - } - - return s.ipset.init(ipsets) -} diff --git a/internal/dnsforward/dnsforward.go b/internal/dnsforward/dnsforward.go index 0ed97b8a..4af874b4 100644 --- a/internal/dnsforward/dnsforward.go +++ b/internal/dnsforward/dnsforward.go @@ -449,7 +449,7 @@ func (s *Server) Prepare(conf *ServerConfig) (err error) { err = s.prepareIpsetListSettings() if err != nil { // Don't wrap the error, because it's informative enough as is. - return err + return fmt.Errorf("preparing ipset settings: %w", err) } err = s.prepareUpstreamSettings()