mirror of
https://github.com/AdguardTeam/AdGuardHome.git
synced 2024-12-14 18:51:34 +03:00
Pull request 1877: 5913-fix-safesearch-ipv6
Updates #5913. Squashed commit of the following: commit a0ab1320ea22dc1b4e2804ef2d14e0091daa6a1e Author: Ainar Garipov <A.Garipov@AdGuard.COM> Date: Mon Jun 19 15:23:44 2023 +0300 all: fmt; typo commit 3a2e561c535bbbd2b2eeeaa1a6f423bc123b1a6b Author: Ainar Garipov <A.Garipov@AdGuard.COM> Date: Mon Jun 19 15:16:28 2023 +0300 all: fix safesearch for ipv6
This commit is contained in:
parent
b6d00f774b
commit
d26c480d03
@ -82,11 +82,11 @@ In this release, the schema version has changed from 20 to 21.
|
||||
|
||||
### Fixed
|
||||
|
||||
- DNSCrypt upstream not resetting the client and resolver information on
|
||||
dialing errors ([#5872]).
|
||||
- Safe Search not working with `AAAA` queries for Yandex domains ([#5913]).
|
||||
|
||||
[#951]: https://github.com/AdguardTeam/AdGuardHome/issues/951
|
||||
[#1577]: https://github.com/AdguardTeam/AdGuardHome/issues/1577
|
||||
[#5913]: https://github.com/AdguardTeam/AdGuardHome/issues/5913
|
||||
|
||||
<!--
|
||||
NOTE: Add new changes ABOVE THIS COMMENT.
|
||||
@ -98,8 +98,8 @@ NOTE: Add new changes ABOVE THIS COMMENT.
|
||||
|
||||
### Fixed
|
||||
|
||||
- DNSCrypt upstream not resetting the client and resolver information on
|
||||
dialing errors ([#5872]).
|
||||
- DNSCrypt upstream not resetting the client and resolver information on
|
||||
dialing errors ([#5872]).
|
||||
|
||||
|
||||
|
||||
|
@ -57,16 +57,13 @@ func (s *Server) genDNSFilterMessage(
|
||||
return s.genBlockedHost(req, s.conf.SafeBrowsingBlockHost, dctx)
|
||||
case filtering.FilteredParental:
|
||||
return s.genBlockedHost(req, s.conf.ParentalBlockHost, dctx)
|
||||
case filtering.FilteredSafeSearch:
|
||||
// If Safe Search generated the necessary IP addresses, use them.
|
||||
// Otherwise, if there were no errors, there are no addresses for the
|
||||
// requested IP version, so produce a NODATA response.
|
||||
return s.genResponseWithIPs(req, ipsFromRules(res.Rules))
|
||||
default:
|
||||
// If the query was filtered by Safe Search, filtering also must return
|
||||
// the IP addresses that must be used in response. Return them
|
||||
// regardless of the filtering method.
|
||||
ips := ipsFromRules(res.Rules)
|
||||
if res.Reason == filtering.FilteredSafeSearch && len(ips) > 0 {
|
||||
return s.genResponseWithIPs(req, ips)
|
||||
}
|
||||
|
||||
return s.genForBlockingMode(req, ips)
|
||||
return s.genForBlockingMode(req, ipsFromRules(res.Rules))
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -84,7 +84,7 @@ func (s *DefaultStorage) MatchRequest(dReq *urlfilter.DNSRequest) (rws []*rules.
|
||||
return nil
|
||||
}
|
||||
|
||||
// TODO(a.garipov): Check cnames for cycles on initialisation.
|
||||
// TODO(a.garipov): Check cnames for cycles on initialization.
|
||||
cnames := stringutil.NewSet()
|
||||
host := dReq.Hostname
|
||||
for len(rrules) > 0 && rrules[0].DNSRewrite != nil && rrules[0].DNSRewrite.NewCNAME != "" {
|
||||
|
@ -203,7 +203,7 @@ func (ss *Default) CheckHost(
|
||||
return res, nil
|
||||
}
|
||||
|
||||
return filtering.Result{}, fmt.Errorf("no ipv4 addresses for %q", host)
|
||||
return filtering.Result{}, fmt.Errorf("no ip addresses for %q", host)
|
||||
}
|
||||
|
||||
// searchHost looks up DNS rewrites in the internal DNS filtering engine.
|
||||
@ -255,7 +255,14 @@ func (ss *Default) newResult(
|
||||
|
||||
host := rewrite.NewCNAME
|
||||
if host == "" {
|
||||
return nil, nil
|
||||
// If there is a rewrite, but it's neither a CNAME one nor one matching
|
||||
// the IP version, then it's a service that only has one type of IP
|
||||
// record but not the other. Return the empty result to be converted
|
||||
// into a NODATA response.
|
||||
//
|
||||
// TODO(a.garipov): Use the main rewrite result mechanism used in
|
||||
// [dnsforward.Server.filterDNSRequest].
|
||||
return res, nil
|
||||
}
|
||||
|
||||
ss.log(log.DEBUG, "resolving %q", host)
|
||||
|
@ -71,6 +71,17 @@ func TestDefault_CheckHost_yandex(t *testing.T) {
|
||||
}
|
||||
}
|
||||
|
||||
func TestDefault_CheckHost_yandexAAAA(t *testing.T) {
|
||||
conf := testConf
|
||||
ss, err := safesearch.NewDefault(conf, "", testCacheSize, testCacheTTL)
|
||||
require.NoError(t, err)
|
||||
|
||||
res, err := ss.CheckHost("www.yandex.ru", dns.TypeAAAA)
|
||||
require.NoError(t, err)
|
||||
|
||||
assert.True(t, res.IsFiltered)
|
||||
}
|
||||
|
||||
func TestDefault_CheckHost_google(t *testing.T) {
|
||||
resolver := &aghtest.TestResolver{}
|
||||
ip, _ := resolver.HostToIPs("forcesafesearch.google.com")
|
||||
|
Loading…
Reference in New Issue
Block a user