From edfa8c147f6d4b5ad0f6ac96bfa55a0c9c873731 Mon Sep 17 00:00:00 2001 From: Eugene Burkov Date: Mon, 5 Aug 2024 17:12:33 +0300 Subject: [PATCH] Pull request 2263: AGDNS-2280 Upd dnsproxy, golibs Squashed commit of the following: commit 8d83eebba851e8e09bb08b1c94a247cb049a1b75 Merge: c6574a33c b6ed76965 Author: Eugene Burkov Date: Mon Aug 5 16:59:50 2024 +0300 Merge branch 'master' into AGDNS-2280-upd-golibs commit c6574a33c62171190199c8c07118d0ecd2174801 Author: Eugene Burkov Date: Wed Jul 31 19:56:58 2024 +0300 all: upd proxy, golibs --- go.mod | 16 +++++++-------- go.sum | 32 +++++++++++++++--------------- internal/aghnet/net_freebsd.go | 12 +++++++---- internal/aghnet/net_openbsd.go | 10 ++++++++-- internal/aghtls/aghtls.go | 15 +++----------- internal/dnsforward/config.go | 2 +- internal/dnsforward/dialcontext.go | 3 ++- internal/home/middlewares.go | 23 ++++++++++++--------- internal/home/middlewares_test.go | 10 +++++----- internal/home/web.go | 4 ++-- internal/next/websvc/websvc.go | 4 ++-- 11 files changed, 69 insertions(+), 62 deletions(-) diff --git a/go.mod b/go.mod index 488eb665..17f6cbf9 100644 --- a/go.mod +++ b/go.mod @@ -3,8 +3,8 @@ module github.com/AdguardTeam/AdGuardHome go 1.22.5 require ( - github.com/AdguardTeam/dnsproxy v0.72.1 - github.com/AdguardTeam/golibs v0.24.1 + github.com/AdguardTeam/dnsproxy v0.72.2 + github.com/AdguardTeam/golibs v0.25.1 github.com/AdguardTeam/urlfilter v0.19.0 github.com/NYTimes/gziphandler v1.1.1 github.com/ameshkov/dnscrypt/v2 v2.3.0 @@ -32,10 +32,10 @@ require ( github.com/stretchr/testify v1.9.0 github.com/ti-mo/netfilter v0.5.2 go.etcd.io/bbolt v1.3.10 - golang.org/x/crypto v0.24.0 - golang.org/x/exp v0.0.0-20240604190554-fc45aab8b7f8 - golang.org/x/net v0.26.0 - golang.org/x/sys v0.21.0 + golang.org/x/crypto v0.25.0 + golang.org/x/exp v0.0.0-20240707233637-46b078467d37 + golang.org/x/net v0.27.0 + golang.org/x/sys v0.22.0 gopkg.in/natefinch/lumberjack.v2 v2.2.1 gopkg.in/yaml.v3 v3.0.1 howett.net/plist v1.0.1 @@ -58,9 +58,9 @@ require ( github.com/quic-go/qpack v0.4.0 // indirect github.com/u-root/uio v0.0.0-20240224005618-d2acac8f3701 // indirect go.uber.org/mock v0.4.0 // indirect - golang.org/x/mod v0.18.0 // indirect + golang.org/x/mod v0.19.0 // indirect golang.org/x/sync v0.7.0 // indirect golang.org/x/text v0.16.0 // indirect - golang.org/x/tools v0.22.0 // indirect + golang.org/x/tools v0.23.0 // indirect gonum.org/v1/gonum v0.15.0 // indirect ) diff --git a/go.sum b/go.sum index eae59543..71fa228b 100644 --- a/go.sum +++ b/go.sum @@ -1,7 +1,7 @@ -github.com/AdguardTeam/dnsproxy v0.72.1 h1:VOibdyFLBGEdfG8W4hq+kBJten/tkK6KID43Q4gQyjI= -github.com/AdguardTeam/dnsproxy v0.72.1/go.mod h1:5ehzbfInAu07not4beAM+FlFPqntw18T1sQCK/kIQR8= -github.com/AdguardTeam/golibs v0.24.1 h1:/ulkfm65wi33p72ybxiOt3lSdP0nr1GggSoaT4sHbns= -github.com/AdguardTeam/golibs v0.24.1/go.mod h1:9/vJcYznW7RlmCT/Qzi8XNZGj+ZbWfHZJmEXKnRpCAU= +github.com/AdguardTeam/dnsproxy v0.72.2 h1:0uItzXnUIuC9r+ZvPbNquGaAHvdWnWLbhSDdxsZk5og= +github.com/AdguardTeam/dnsproxy v0.72.2/go.mod h1:PA1UiTtTHMbXPv9NjHat+zrsgK8S7p/RJ+j/3tNqtUE= +github.com/AdguardTeam/golibs v0.25.1 h1:po5dBbFCoZAySsbsMN/ZRB0WTLYDA1d8BxPgvriu/EA= +github.com/AdguardTeam/golibs v0.25.1/go.mod h1:HaTyS2wCbxFudjht9N/+/Qf1b5cMad2BAYSwe7DPCXI= github.com/AdguardTeam/urlfilter v0.19.0 h1:q7eH13+yNETlpD/VD3u5rLQOripcUdEktqZFy+KiQLk= github.com/AdguardTeam/urlfilter v0.19.0/go.mod h1:+N54ZvxqXYLnXuvpaUhK2exDQW+djZBRSb6F6j0rkBY= github.com/NYTimes/gziphandler v1.1.1 h1:ZUDjpQae29j0ryrS0u/B8HZfJBtBQHjqw2rQ2cqUQ3I= @@ -128,22 +128,22 @@ go.uber.org/mock v0.4.0 h1:VcM4ZOtdbR4f6VXfiOpwpVJDL6lCReaZ6mw31wqh7KU= go.uber.org/mock v0.4.0/go.mod h1:a6FSlNadKUHUa9IP5Vyt1zh4fC7uAwxMutEAscFbkZc= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= -golang.org/x/crypto v0.24.0 h1:mnl8DM0o513X8fdIkmyFE/5hTYxbwYOjDS/+rK6qpRI= -golang.org/x/crypto v0.24.0/go.mod h1:Z1PMYSOR5nyMcyAVAIQSKCDwalqy85Aqn1x3Ws4L5DM= -golang.org/x/exp v0.0.0-20240604190554-fc45aab8b7f8 h1:LoYXNGAShUG3m/ehNk4iFctuhGX/+R1ZpfJ4/ia80JM= -golang.org/x/exp v0.0.0-20240604190554-fc45aab8b7f8/go.mod h1:jj3sYF3dwk5D+ghuXyeI3r5MFf+NT2An6/9dOA95KSI= +golang.org/x/crypto v0.25.0 h1:ypSNr+bnYL2YhwoMt2zPxHFmbAN1KZs/njMG3hxUp30= +golang.org/x/crypto v0.25.0/go.mod h1:T+wALwcMOSE0kXgUAnPAHqTLW+XHgcELELW8VaDgm/M= +golang.org/x/exp v0.0.0-20240707233637-46b078467d37 h1:uLDX+AfeFCct3a2C7uIWBKMJIR3CJMhcgfrUAqjRK6w= +golang.org/x/exp v0.0.0-20240707233637-46b078467d37/go.mod h1:M4RDyNAINzryxdtnbRXRL/OHtkFuWGRjvuhBJpk2IlY= golang.org/x/lint v0.0.0-20200302205851-738671d3881b/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY= golang.org/x/mod v0.1.1-0.20191105210325-c90efee705ee/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg= -golang.org/x/mod v0.18.0 h1:5+9lSbEzPSdWkH32vYPBwEpX8KwDbM52Ud9xBUvNlb0= -golang.org/x/mod v0.18.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= +golang.org/x/mod v0.19.0 h1:fEdghXQSo20giMthA7cd28ZC+jts4amQ3YMXiP5oMQ8= +golang.org/x/mod v0.19.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/net v0.0.0-20190503192946-f4e77d36d62c/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks= golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20210316092652-d523dce5a7f4/go.mod h1:RBQZq4jEuRlivfhVLdyRGr576XBO4/greRjx4P4O3yc= -golang.org/x/net v0.26.0 h1:soB7SVo0PWrY4vPW/+ay0jKDNScG2X9wFeYlXIvJsOQ= -golang.org/x/net v0.26.0/go.mod h1:5YKkiSynbBIh3p6iOc/vibscux0x38BZDkn8sCUPxHE= +golang.org/x/net v0.27.0 h1:5K3Njcw06/l2y9vpGCSdcxWOYHOUk3dVNGDXN+FvAys= +golang.org/x/net v0.27.0/go.mod h1:dDi0PyhWNoiUOrAS8uXv/vnScO4wnHQO4mj9fn/RytE= golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.7.0 h1:YsImfSBoP9QPYL0xyKJPq0gcaJdG3rInoqxTWbfQu9M= @@ -158,8 +158,8 @@ golang.org/x/sys v0.0.0-20210315160823-c6e025ad8005/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20210927094055-39ccf1dd6fa6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220209214540-3681064d5158/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.4.1-0.20230131160137-e7d7f63158de/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.21.0 h1:rF+pYz3DAGSQAxAu1CbC7catZg4ebC4UIeIhKxBZvws= -golang.org/x/sys v0.21.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.22.0 h1:RI27ohtqKCnwULzJLqkv897zojh5/DwS/ENaMzUOaWI= +golang.org/x/sys v0.22.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= @@ -169,8 +169,8 @@ golang.org/x/time v0.5.0 h1:o7cqy6amK/52YcAKIPlM3a+Fpj35zvRj2TP+e1xFSfk= golang.org/x/time v0.5.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20200130002326-2f3ba24bd6e7/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= -golang.org/x/tools v0.22.0 h1:gqSGLZqv+AI9lIQzniJ0nZDRG5GBPsSi+DRNHWNz6yA= -golang.org/x/tools v0.22.0/go.mod h1:aCwcsjqvq7Yqt6TNyX7QMU2enbQ/Gt0bo6krSeEri+c= +golang.org/x/tools v0.23.0 h1:SGsXPZ+2l4JsgaCKkx+FQ9YZ5XEtA1GZYuoDjenLjvg= +golang.org/x/tools v0.23.0/go.mod h1:pnu6ufv6vQkll6szChhK3C3L/ruaIv5eBeztNG8wtsI= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= gonum.org/v1/gonum v0.15.0 h1:2lYxjRbTYyxkJxlhC+LvJIx3SsANPdRybu1tGj9/OrQ= diff --git a/internal/aghnet/net_freebsd.go b/internal/aghnet/net_freebsd.go index 94ce77c7..6b205639 100644 --- a/internal/aghnet/net_freebsd.go +++ b/internal/aghnet/net_freebsd.go @@ -6,10 +6,10 @@ import ( "bufio" "fmt" "io" - "net" "strings" "github.com/AdguardTeam/AdGuardHome/internal/aghos" + "github.com/AdguardTeam/golibs/netutil" ) func ifaceHasStaticIP(ifaceName string) (ok bool, err error) { @@ -38,9 +38,13 @@ func (n interfaceName) rcConfStaticConfig(r io.Reader) (_ []string, cont bool, e // TODO(e.burkov): Expand the check to cover possible // configurations from man rc.conf(5). fields := strings.Fields(line[cfgLeft:cfgRight]) - if len(fields) >= 2 && - strings.EqualFold(fields[0], "inet") && - net.ParseIP(fields[1]) != nil { + switch { + case + len(fields) < 2, + !strings.EqualFold(fields[0], "inet"), + !netutil.IsValidIPString(fields[1]): + continue + default: return nil, false, s.Err() } } diff --git a/internal/aghnet/net_openbsd.go b/internal/aghnet/net_openbsd.go index a2650aee..073ff109 100644 --- a/internal/aghnet/net_openbsd.go +++ b/internal/aghnet/net_openbsd.go @@ -6,10 +6,10 @@ import ( "bufio" "fmt" "io" - "net" "strings" "github.com/AdguardTeam/AdGuardHome/internal/aghos" + "github.com/AdguardTeam/golibs/netutil" ) func ifaceHasStaticIP(ifaceName string) (ok bool, err error) { @@ -25,7 +25,13 @@ func hostnameIfStaticConfig(r io.Reader) (_ []string, ok bool, err error) { for s.Scan() { line := strings.TrimSpace(s.Text()) fields := strings.Fields(line) - if len(fields) >= 2 && fields[0] == "inet" && net.ParseIP(fields[1]) != nil { + switch { + case + len(fields) < 2, + fields[0] != "inet", + !netutil.IsValidIPString(fields[1]): + continue + default: return nil, false, s.Err() } } diff --git a/internal/aghtls/aghtls.go b/internal/aghtls/aghtls.go index 7aa35b0c..017bfc12 100644 --- a/internal/aghtls/aghtls.go +++ b/internal/aghtls/aghtls.go @@ -5,9 +5,10 @@ import ( "crypto/tls" "crypto/x509" "fmt" - "net/netip" + "slices" "github.com/AdguardTeam/golibs/log" + "github.com/AdguardTeam/golibs/netutil" ) // init makes sure that the cipher name map is filled. @@ -75,15 +76,5 @@ func SaferCipherSuites() (safe []uint16) { // CertificateHasIP returns true if cert has at least a single IP address among // its subjectAltNames. func CertificateHasIP(cert *x509.Certificate) (ok bool) { - if len(cert.IPAddresses) > 0 { - return true - } - - for _, name := range cert.DNSNames { - if _, err := netip.ParseAddr(name); err == nil { - return true - } - } - - return false + return len(cert.IPAddresses) > 0 || slices.ContainsFunc(cert.DNSNames, netutil.IsValidIPString) } diff --git a/internal/dnsforward/config.go b/internal/dnsforward/config.go index 9e0af7a5..d0f2ca51 100644 --- a/internal/dnsforward/config.go +++ b/internal/dnsforward/config.go @@ -697,7 +697,7 @@ func matchesDomainWildcard(host, pat string) (ok bool) { // the DNS names and patterns from certificate. dnsNames must be sorted. func anyNameMatches(dnsNames []string, sni string) (ok bool) { // Check sni is either a valid hostname or a valid IP address. - if netutil.ValidateHostname(sni) != nil && net.ParseIP(sni) == nil { + if !netutil.IsValidHostname(sni) && !netutil.IsValidIPString(sni) { return false } diff --git a/internal/dnsforward/dialcontext.go b/internal/dnsforward/dialcontext.go index edb96b14..0ed91fb8 100644 --- a/internal/dnsforward/dialcontext.go +++ b/internal/dnsforward/dialcontext.go @@ -10,6 +10,7 @@ import ( "github.com/AdguardTeam/golibs/errors" "github.com/AdguardTeam/golibs/log" + "github.com/AdguardTeam/golibs/netutil" ) // DialContext is an [aghnet.DialContextFunc] that uses s to resolve hostnames. @@ -28,7 +29,7 @@ func (s *Server) DialContext(ctx context.Context, network, addr string) (conn ne Timeout: time.Minute * 5, } - if net.ParseIP(host) != nil { + if netutil.IsValidIPString(host) { return dialer.DialContext(ctx, network, addr) } diff --git a/internal/home/middlewares.go b/internal/home/middlewares.go index c6297375..2a6c3a8e 100644 --- a/internal/home/middlewares.go +++ b/internal/home/middlewares.go @@ -5,12 +5,15 @@ import ( "net/http" "github.com/AdguardTeam/golibs/ioutil" + "github.com/c2h5oh/datasize" ) // middlerware is a wrapper function signature. type middleware func(http.Handler) http.Handler // withMiddlewares consequently wraps h with all the middlewares. +// +// TODO(e.burkov): Use [httputil.Wrap]. func withMiddlewares(h http.Handler, middlewares ...middleware) (wrapped http.Handler) { wrapped = h @@ -23,11 +26,11 @@ func withMiddlewares(h http.Handler, middlewares ...middleware) (wrapped http.Ha const ( // defaultReqBodySzLim is the default maximum request body size. - defaultReqBodySzLim = 64 * 1024 + defaultReqBodySzLim datasize.ByteSize = 64 * datasize.KB // largerReqBodySzLim is the maximum request body size for APIs expecting // larger requests. - largerReqBodySzLim = 4 * 1024 * 1024 + largerReqBodySzLim datasize.ByteSize = 4 * datasize.MB ) // expectsLargerRequests shows if this request should use a larger body size @@ -38,26 +41,28 @@ const ( // See https://github.com/AdguardTeam/AdGuardHome/issues/2666 and // https://github.com/AdguardTeam/AdGuardHome/issues/2675. func expectsLargerRequests(r *http.Request) (ok bool) { - m := r.Method - if m != http.MethodPost { + if r.Method != http.MethodPost { return false } - p := r.URL.Path - return p == "/control/access/set" || - p == "/control/filtering/set_rules" + switch r.URL.Path { + case "/control/access/set", "/control/filtering/set_rules": + return true + default: + return false + } } // limitRequestBody wraps underlying handler h, making it's request's body Read // method limited. func limitRequestBody(h http.Handler) (limited http.Handler) { return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - var szLim uint64 = defaultReqBodySzLim + szLim := defaultReqBodySzLim if expectsLargerRequests(r) { szLim = largerReqBodySzLim } - reader := ioutil.LimitReader(r.Body, szLim) + reader := ioutil.LimitReader(r.Body, szLim.Bytes()) // HTTP handlers aren't supposed to call r.Body.Close(), so just // replace the body in a clone. diff --git a/internal/home/middlewares_test.go b/internal/home/middlewares_test.go index 5393503f..0b8d7db3 100644 --- a/internal/home/middlewares_test.go +++ b/internal/home/middlewares_test.go @@ -14,29 +14,29 @@ import ( func TestLimitRequestBody(t *testing.T) { errReqLimitReached := &ioutil.LimitError{ - Limit: defaultReqBodySzLim, + Limit: defaultReqBodySzLim.Bytes(), } testCases := []struct { + wantErr error name string body string want []byte - wantErr error }{{ + wantErr: nil, name: "not_so_big", body: "somestr", want: []byte("somestr"), - wantErr: nil, }, { + wantErr: errReqLimitReached, name: "so_big", body: string(make([]byte, defaultReqBodySzLim+1)), want: make([]byte, defaultReqBodySzLim), - wantErr: errReqLimitReached, }, { + wantErr: nil, name: "empty", body: "", want: []byte(nil), - wantErr: nil, }} makeHandler := func(t *testing.T, err *error) http.HandlerFunc { diff --git a/internal/home/web.go b/internal/home/web.go index d3d1fc41..37f5a5dc 100644 --- a/internal/home/web.go +++ b/internal/home/web.go @@ -17,7 +17,7 @@ import ( "github.com/AdguardTeam/golibs/errors" "github.com/AdguardTeam/golibs/log" "github.com/AdguardTeam/golibs/netutil" - "github.com/AdguardTeam/golibs/pprofutil" + "github.com/AdguardTeam/golibs/netutil/httputil" "github.com/NYTimes/gziphandler" "github.com/quic-go/quic-go/http3" "golang.org/x/net/http2" @@ -333,7 +333,7 @@ func startPprof(port uint16) { runtime.SetMutexProfileFraction(1) mux := http.NewServeMux() - pprofutil.RoutePprof(mux) + httputil.RoutePprof(mux) go func() { defer log.OnPanic("pprof server") diff --git a/internal/next/websvc/websvc.go b/internal/next/websvc/websvc.go index 2dc309d4..31dbbb65 100644 --- a/internal/next/websvc/websvc.go +++ b/internal/next/websvc/websvc.go @@ -24,7 +24,7 @@ import ( "github.com/AdguardTeam/golibs/errors" "github.com/AdguardTeam/golibs/log" "github.com/AdguardTeam/golibs/mathutil" - "github.com/AdguardTeam/golibs/pprofutil" + "github.com/AdguardTeam/golibs/netutil/httputil" httptreemux "github.com/dimfeld/httptreemux/v5" ) @@ -107,7 +107,7 @@ func (svc *Service) setupPprof(c *PprofConfig) { runtime.SetMutexProfileFraction(1) pprofMux := http.NewServeMux() - pprofutil.RoutePprof(pprofMux) + httputil.RoutePprof(pprofMux) svc.pprofPort = c.Port addr := netip.AddrPortFrom(netip.AddrFrom4([4]byte{127, 0, 0, 1}), c.Port)