diff --git a/CHANGELOG.md b/CHANGELOG.md index 1464d3ff..8b14fa13 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -186,7 +186,7 @@ See also the [v0.107.0 GitHub milestone][ms-v0.107.0]. - Static IP address detection on FreeBSD ([#3289]). - Optimistic cache ([#2145]). - New possible value of `6h` for `querylog_interval` setting ([#2504]). -- Blocking access using client IDs ([#2624], [#3162]). +- Blocking access using ClientIDs ([#2624], [#3162]). - `source` directives support in `/etc/network/interfaces` on Linux ([#3257]). - RFC 9000 support in DNS-over-QUIC. - Completely disabling statistics by setting the statistics interval to zero @@ -317,7 +317,7 @@ In this release, the schema version has changed from 10 to 12. - Occasional panics when reading old statistics databases ([#3506]). - `reload` service action on macOS and FreeBSD ([#3457]). - Inaccurate using of service actions in the installation script ([#3450]). -- Client ID checking ([#3437]). +- ClientID checking ([#3437]). - Discovering other DHCP servers on `darwin` and `freebsd` ([#3417]). - Switching listening address to unspecified one when bound to a single specified IPv4 address on Darwin (macOS) ([#2807]). @@ -334,7 +334,7 @@ In this release, the schema version has changed from 10 to 12. - Redundant hostname generating while loading static leases with empty hostname ([#3166]). - Domain name case in responses ([#3194]). -- Custom upstreams selection for clients with client IDs in DNS-over-TLS and +- Custom upstreams selection for clients with ClientIDs in DNS-over-TLS and DNS-over-HTTP ([#3186]). - Incorrect client-based filtering applying logic ([#2875]). @@ -668,7 +668,7 @@ See also the [v0.105.0 GitHub milestone][ms-v0.105.0]. - Added more services to the "Blocked services" list ([#2224], [#2401]). - `ipset` subdomain matching, just like `dnsmasq` does ([#2179]). -- Client ID support for DNS-over-HTTPS, DNS-over-QUIC, and DNS-over-TLS +- ClientID support for DNS-over-HTTPS, DNS-over-QUIC, and DNS-over-TLS ([#1383]). - `$dnsrewrite` modifier for filters ([#2102]). - The host checking API and the query logs API can now return multiple matched diff --git a/client/src/__locales/en.json b/client/src/__locales/en.json index 4b19ea7a..07021b59 100644 --- a/client/src/__locales/en.json +++ b/client/src/__locales/en.json @@ -1,7 +1,7 @@ { "client_settings": "Client settings", - "example_upstream_reserved": "You can specify a DNS upstream <0>for the specific domain(s)", - "example_upstream_comment": "You can specify a comment", + "example_upstream_reserved": "an upstream <0>for specific domains;", + "example_upstream_comment": "a comment.", "upstream_parallel": "Use parallel queries to speed up resolving by querying all upstream servers simultaneously.", "parallel_requests": "Parallel requests", "load_balancing": "Load-balancing", @@ -43,7 +43,7 @@ "form_error_ip6_format": "Invalid IPv6 address", "form_error_ip_format": "Invalid IP address", "form_error_mac_format": "Invalid MAC address", - "form_error_client_id_format": "Client ID must contain only numbers, lowercase letters, and hyphens", + "form_error_client_id_format": "ClientID must contain only numbers, lowercase letters, and hyphens", "form_error_server_name": "Invalid server name", "form_error_subnet": "Subnet \"{{cidr}}\" does not contain the IP address \"{{ip}}\"", "form_error_positive": "Must be greater than 0", @@ -143,7 +143,7 @@ "use_adguard_browsing_sec_hint": "AdGuard Home will check if the domain is blocked by the browsing security web service. It will use privacy-friendly lookup API to perform the check: only a short prefix of the domain name SHA256 hash is sent to the server.", "use_adguard_parental": "Use AdGuard parental control web service", "use_adguard_parental_hint": "AdGuard Home will check if domain contains adult materials. It uses the same privacy-friendly API as the browsing security web service.", - "enforce_safe_search": "Use safe search", + "enforce_safe_search": "Use Safe Search", "enforce_save_search_hint": "AdGuard Home will enforce safe search in the following search engines: Google, YouTube, Bing, DuckDuckGo, Yandex, Pixabay.", "no_servers_specified": "No servers specified", "general_settings": "General settings", @@ -165,10 +165,10 @@ "enabled_filtering_toast": "Enabled filtering", "disabled_safe_browsing_toast": "Disabled Safe Browsing", "enabled_safe_browsing_toast": "Enabled Safe Browsing", - "disabled_parental_toast": "Disabled parental control", - "enabled_parental_toast": "Enabled parental control", - "disabled_safe_search_toast": "Disabled safe search", - "enabled_save_search_toast": "Enabled safe search", + "disabled_parental_toast": "Disabled Parental Control", + "enabled_parental_toast": "Enabled Parental Control", + "disabled_safe_search_toast": "Disabled Safe Search", + "enabled_save_search_toast": "Enabled Safe Search", "enabled_table_header": "Enabled", "name_table_header": "Name", "list_url_table_header": "List URL", @@ -202,19 +202,19 @@ "custom_filter_rules_hint": "Enter one rule on a line. You can use either adblock rules or hosts files syntax.", "system_host_files": "System hosts files", "examples_title": "Examples", - "example_meaning_filter_block": "block access to the example.org domain and all its subdomains", - "example_meaning_filter_whitelist": "unblock access to the example.org domain and all its subdomains", - "example_meaning_host_block": "AdGuard Home will now return 127.0.0.1 address for the example.org domain (but not its subdomains).", - "example_comment": "! Here goes a comment", - "example_comment_meaning": "just a comment", - "example_comment_hash": "# Also a comment", - "example_regex_meaning": "block access to the domains matching the specified regular expression", - "example_upstream_regular": "regular DNS (over UDP)", - "example_upstream_dot": "encrypted <0>DNS-over-TLS", - "example_upstream_doh": "encrypted <0>DNS-over-HTTPS", - "example_upstream_doq": "encrypted <0>DNS-over-QUIC", - "example_upstream_sdns": "you can use <0>DNS Stamps for <1>DNSCrypt or <2>DNS-over-HTTPS resolvers", - "example_upstream_tcp": "regular DNS (over TCP)", + "example_meaning_filter_block": "block access to example.org and all its subdomains;", + "example_meaning_filter_whitelist": "unblock access to example.org and all its subdomains;", + "example_meaning_host_block": "respond with 127.0.0.1 for example.org (but not for its subdomains);", + "example_comment": "! Here goes a comment.", + "example_comment_meaning": "just a comment;", + "example_comment_hash": "# Also a comment.", + "example_regex_meaning": "block access to domains matching the specified regular expression.", + "example_upstream_regular": "regular DNS (over UDP);", + "example_upstream_dot": "encrypted <0>DNS-over-TLS;", + "example_upstream_doh": "encrypted <0>DNS-over-HTTPS;", + "example_upstream_doq": "encrypted <0>DNS-over-QUIC (experimental);", + "example_upstream_sdns": "<0>DNS Stamps for <1>DNSCrypt or <2>DNS-over-HTTPS resolvers;", + "example_upstream_tcp": "regular DNS (over TCP);", "all_lists_up_to_date_toast": "All lists are already up-to-date", "updated_upstream_dns_toast": "Upstream servers successfully saved", "dns_test_ok_toast": "Specified DNS servers are working correctly", @@ -259,10 +259,10 @@ "query_log_strict_search": "Use double quotes for strict search", "query_log_retention_confirm": "Are you sure you want to change query log retention? If you decrease the interval value, some data will be lost", "anonymize_client_ip": "Anonymize client IP", - "anonymize_client_ip_desc": "Don't save the full IP address of the client in logs and statistics", + "anonymize_client_ip_desc": "Don't save the client's full IP address to logs or statistics.", "dns_config": "DNS server configuration", "dns_cache_config": "DNS cache configuration", - "dns_cache_config_desc": "Here you can configure DNS cache", + "dns_cache_config_desc": "Here you can configure DNS cache.", "blocking_mode": "Blocking mode", "default": "Default", "nxdomain": "NXDOMAIN", @@ -275,9 +275,9 @@ "dns_over_https": "DNS-over-HTTPS", "dns_over_tls": "DNS-over-TLS", "dns_over_quic": "DNS-over-QUIC", - "client_id": "Client ID", - "client_id_placeholder": "Enter client ID", - "client_id_desc": "Different clients can be identified by a special client ID. Here you can learn more about how to identify clients.", + "client_id": "ClientID", + "client_id_placeholder": "Enter a ClientID", + "client_id_desc": "Clients can be identified by ClientID. Learn more about how to identify clients here.", "download_mobileconfig_doh": "Download .mobileconfig for DNS-over-HTTPS", "download_mobileconfig_dot": "Download .mobileconfig for DNS-over-TLS", "download_mobileconfig": "Download configuration file", @@ -334,12 +334,12 @@ "install_devices_router_list_4": "On some router types, a custom DNS server cannot be set up. In that case, setting up AdGuard Home as a <0>DHCP server may help. Otherwise, you should check the router manual on how to customize DNS servers on your specific router model.", "install_devices_windows_list_1": "Open Control Panel through Start menu or Windows search.", "install_devices_windows_list_2": "Go to Network and Internet category and then to Network and Sharing Center.", - "install_devices_windows_list_3": "On the left side of the screen find \"Change adapter settings\" and click on it.", - "install_devices_windows_list_4": "Select your active connection, right-click on it and choose Properties.", + "install_devices_windows_list_3": "In the left panel, click \"Change adapter settings\".", + "install_devices_windows_list_4": "Right-click your active connection and select Properties.", "install_devices_windows_list_5": "Find \"Internet Protocol Version 4 (TCP/IPv4)\" (or, for IPv6, \"Internet Protocol Version 6 (TCP/IPv6)\") in the list, select it and then click on Properties again.", "install_devices_windows_list_6": "Choose \"Use the following DNS server addresses\" and enter your AdGuard Home server addresses.", - "install_devices_macos_list_1": "Click on Apple icon and go to System Preferences.", - "install_devices_macos_list_2": "Click on Network.", + "install_devices_macos_list_1": "Click the Apple icon and go to System Preferences.", + "install_devices_macos_list_2": "Click Network.", "install_devices_macos_list_3": "Select the first connection in your list and click Advanced.", "install_devices_macos_list_4": "Select the DNS tab and enter your AdGuard Home server addresses.", "install_devices_android_list_1": "From the Android Menu home screen, tap Settings.", @@ -356,7 +356,7 @@ "open_dashboard": "Open Dashboard", "install_saved": "Saved successfully", "encryption_title": "Encryption", - "encryption_desc": "Encryption (HTTPS/TLS) support for both DNS and admin web interface", + "encryption_desc": "Encryption (HTTPS/TLS) support for both DNS and admin web interface.", "encryption_config_saved": "Encryption configuration saved", "encryption_server": "Server name", "encryption_server_enter": "Enter your domain name", @@ -367,7 +367,7 @@ "encryption_https_desc": "If HTTPS port is configured, AdGuard Home admin interface will be accessible via HTTPS, and it will also provide DNS-over-HTTPS on '/dns-query' location.", "encryption_dot": "DNS-over-TLS port", "encryption_dot_desc": "If this port is configured, AdGuard Home will run a DNS-over-TLS server on this port.", - "encryption_doq": "DNS-over-QUIC port", + "encryption_doq": "DNS-over-QUIC port (experimental)", "encryption_doq_desc": "If this port is configured, AdGuard Home will run a DNS-over-QUIC server on this port. It's experimental and may not be reliable. Also, there are not too many clients that support it at the moment.", "encryption_certificates": "Certificates", "encryption_certificates_desc": "In order to use encryption, you need to provide a valid SSL certificates chain for your domain. You can get a free certificate on <0>{{link}} or you can buy it from one of the trusted Certificate Authorities.", @@ -405,8 +405,8 @@ "update_failed": "Auto-update failed. Please follow these steps to update manually.", "manual_update": "Please follow these steps to update manually.", "processing_update": "Please wait, AdGuard Home is being updated", - "clients_title": "Clients", - "clients_desc": "Configure devices connected to AdGuard Home", + "clients_title": "Persistent clients", + "clients_desc": "Configure persistent client records for devices connected to AdGuard Home.", "settings_global": "Global", "settings_custom": "Custom", "table_client": "Client", @@ -417,7 +417,7 @@ "client_edit": "Edit Client", "client_identifier": "Identifier", "ip_address": "IP address", - "client_identifier_desc": "Clients can be identified by the IP address, CIDR, MAC address, or a special client ID (can be used for DoT/DoH/DoQ). <0>Here you can learn more about how to identify clients.", + "client_identifier_desc": "Clients can be identified by their IP address, CIDR, MAC address, or ClientID (can be used for DoT/DoH/DoQ). Learn more about how to identify clients <0>here.", "form_enter_ip": "Enter IP", "form_enter_subnet_ip": "Enter an IP address in the subnet \"{{cidr}}\"", "form_enter_mac": "Enter MAC", @@ -432,14 +432,14 @@ "clients_not_found": "No clients found", "client_confirm_delete": "Are you sure you want to delete client \"{{key}}\"?", "list_confirm_delete": "Are you sure you want to delete this list?", - "auto_clients_title": "Clients (runtime)", - "auto_clients_desc": "Data on the clients that use AdGuard Home, but not stored in the configuration", + "auto_clients_title": "Runtime clients", + "auto_clients_desc": "Devices not on the list of Persistent clients that may still use AdGuard Home.", "access_title": "Access settings", "access_desc": "Here you can configure access rules for the AdGuard Home DNS server.", "access_allowed_title": "Allowed clients", - "access_allowed_desc": "A list of CIDRs, IP addresses, or client IDs. If configured, AdGuard Home will accept requests only from these clients.", + "access_allowed_desc": "A list of CIDRs, IP addresses, or ClientIDs. If this list has entries, AdGuard Home will accept requests only from these clients.", "access_disallowed_title": "Disallowed clients", - "access_disallowed_desc": "A list of CIDRs, IP addresses, or client IDs. If configured, AdGuard Home will drop requests from these clients. If allowed clients are configured, this field is ignored.", + "access_disallowed_desc": "A list of CIDRs, IP addresses, or ClientIDs. If this list has entries, AdGuard Home will drop requests from these clients. This field is ignored if there are entries in Allowed clients.", "access_blocked_title": "Disallowed domains", "access_blocked_desc": "Not to be confused with filters. AdGuard Home drops DNS queries matching these domains, and these queries don't even appear in the query log. You can specify exact domain names, wildcards, or URL filter rules, e.g. \"example.org\", \"*.example.org\", or \"||example.org^\" correspondingly.", "access_settings_saved": "Access settings successfully saved", @@ -507,7 +507,7 @@ "filter_updated": "The list has been successfully updated", "statistics_configuration": "Statistics configuration", "statistics_retention": "Statistics retention", - "statistics_retention_desc": "If you decrease the interval value, some data will be lost", + "statistics_retention_desc": "If you decrease the interval value, some data will be lost.", "statistics_clear": "Clear statistics", "statistics_clear_confirm": "Are you sure you want to clear statistics?", "statistics_retention_confirm": "Are you sure you want to change statistics retention? If you decrease the interval value, some data will be lost", @@ -532,7 +532,7 @@ "netname": "Network name", "network": "Network", "descr": "Description", - "whois": "Whois", + "whois": "WHOIS", "filtering_rules_learn_more": "<0>Learn more about creating your own hosts lists.", "blocked_by_response": "Blocked by CNAME or IP in response", "blocked_by_cname_or_ip": "Blocked by CNAME or IP", @@ -552,10 +552,10 @@ "autofix_warning_list": "It will perform these tasks: <0>Deactivate system DNSStubListener <0>Set DNS server address to 127.0.0.1 <0>Replace symbolic link target of /etc/resolv.conf with /run/systemd/resolve/resolv.conf <0>Stop DNSStubListener (reload systemd-resolved service)", "autofix_warning_result": "As a result all DNS requests from your system will be processed by AdGuard Home by default.", "tags_title": "Tags", - "tags_desc": "You can select the tags that correspond to the client. Tags can be included in the filtering rules and allow you to apply them more accurately. <0>Learn more", + "tags_desc": "You can select tags that correspond to the client. Include tags in filtering rules to apply them more precisely. <0>Learn more.", "form_select_tags": "Select client tags", "check_title": "Check the filtering", - "check_desc": "Check if the host name is filtered", + "check_desc": "Check if a host name is filtered.", "check": "Check", "form_enter_host": "Enter a host name", "filtered_custom_rules": "Filtered by Custom filtering rules", @@ -594,19 +594,19 @@ "allowed": "Allowed", "filtered": "Filtered", "rewritten": "Rewritten", - "safe_search": "Safe search", + "safe_search": "Safe Search", "blocklist": "Blocklist", "milliseconds_abbreviation": "ms", "cache_size": "Cache size", - "cache_size_desc": "DNS cache size (in bytes)", + "cache_size_desc": "DNS cache size (in bytes).", "cache_ttl_min_override": "Override minimum TTL", "cache_ttl_max_override": "Override maximum TTL", "enter_cache_size": "Enter cache size (bytes)", "enter_cache_ttl_min_override": "Enter minimum TTL (seconds)", "enter_cache_ttl_max_override": "Enter maximum TTL (seconds)", - "cache_ttl_min_override_desc": "Extend short time-to-live values (seconds) received from the upstream server when caching DNS responses", - "cache_ttl_max_override_desc": "Set a maximum time-to-live value (seconds) for entries in the DNS cache", - "ttl_cache_validation": "Minimum cache TTL value must be less than or equal to the maximum value", + "cache_ttl_min_override_desc": "Extend short time-to-live values (seconds) received from the upstream server when caching DNS responses.", + "cache_ttl_max_override_desc": "Set a maximum time-to-live value (seconds) for entries in the DNS cache.", + "ttl_cache_validation": "Minimum cache TTL override must be less than or equal to the maximum.", "cache_optimistic": "Optimistic caching", "cache_optimistic_desc": "Make AdGuard Home respond from the cache even when the entries are expired and also try to refresh them.", "filter_category_general": "General", @@ -624,7 +624,6 @@ "adg_will_drop_dns_queries": "AdGuard Home will be dropping all DNS queries from this client.", "filter_allowlist": "WARNING: This action also will exclude the rule \"{{disallowed_rule}}\" from the list of allowed clients.", "last_rule_in_allowlist": "Cannot disallow this client because excluding the rule \"{{disallowed_rule}}\" will DISABLE \"Allowed clients\" list.", - "experimental": "Experimental", "use_saved_key": "Use the previously saved key", "parental_control": "Parental Control", "safe_browsing": "Safe Browsing", diff --git a/client/src/components/Filters/Examples.js b/client/src/components/Filters/Examples.js index 9164b646..6dcc01c7 100644 --- a/client/src/components/Filters/Examples.js +++ b/client/src/components/Filters/Examples.js @@ -7,27 +7,27 @@ const Examples = () => ( examples_title:
  1. - ||example.org^ –  + ||example.org^: example_meaning_filter_block
  2. - @@||example.org^ –  + @@||example.org^: example_meaning_filter_whitelist
  3. - 127.0.0.1 example.org –  + 127.0.0.1 example.org: example_meaning_host_block
  4. - example_comment –  + example_comment: example_comment_meaning
  5. - example_comment_hash –  + example_comment_hash: example_comment_meaning
  6. - /REGEX/ –  + /REGEX/: example_regex_meaning
diff --git a/client/src/components/Settings/Clients/Form.js b/client/src/components/Settings/Clients/Form.js index 631272d8..d5f80c62 100644 --- a/client/src/components/Settings/Clients/Form.js +++ b/client/src/components/Settings/Clients/Form.js @@ -19,7 +19,7 @@ import { renderServiceField, } from '../../../helpers/form'; import { validateClientId, validateRequiredValue } from '../../../helpers/validators'; -import { FORM_NAME, SERVICES } from '../../../helpers/constants'; +import { CLIENT_ID_LINK, FORM_NAME, SERVICES } from '../../../helpers/constants'; import './Service.css'; const settingsCheckboxes = [ @@ -281,11 +281,11 @@ let Form = (props) => {
- link + components={{ + a: + text , - ]} + }} > client_identifier_desc diff --git a/client/src/components/Settings/Dns/Access/Form.js b/client/src/components/Settings/Dns/Access/Form.js index aaf60412..868e3fde 100644 --- a/client/src/components/Settings/Dns/Access/Form.js +++ b/client/src/components/Settings/Dns/Access/Form.js @@ -9,7 +9,7 @@ import { trimMultilineString, removeEmptyLines, } from '../../../../helpers/helpers'; -import { FORM_NAME } from '../../../../helpers/constants'; +import { CLIENT_ID_LINK, FORM_NAME } from '../../../../helpers/constants'; const fields = [ { @@ -48,7 +48,7 @@ let Form = (props) => { }
- {subtitle} + text }}>{subtitle}
( examples_title:
  1. - 94.140.14.140 - {props.t('example_upstream_regular')} + 94.140.14.140: {props.t('example_upstream_regular')}
  2. - tls://dns-unfiltered.adguard.com –  + tls://dns-unfiltered.adguard.com: (
  3. - https://dns-unfiltered.adguard.com/dns-query –  + https://dns-unfiltered.adguard.com/dns-query: (
  4. - quic://dns-unfiltered.adguard.com:784 –  + quic://dns-unfiltered.adguard.com:784: ( > example_upstream_doq -   - (experimental)
  5. - tcp://94.140.14.140example_upstream_tcp + tcp://94.140.14.140: example_upstream_tcp
  6. - sdns://... –  + sdns://...: (
  7. - [/example.local/]94.140.14.140 –  + [/example.local/]94.140.14.140: (
  8. - {COMMENT_LINE_DEFAULT_TOKEN} comment –  + {COMMENT_LINE_DEFAULT_TOKEN} comment: example_upstream_comment diff --git a/client/src/components/Settings/Encryption/Form.js b/client/src/components/Settings/Encryption/Form.js index 82b3acdd..b94dd94b 100644 --- a/client/src/components/Settings/Encryption/Form.js +++ b/client/src/components/Settings/Encryption/Form.js @@ -201,8 +201,6 @@ let Form = (props) => {
    { const githubLink = ( diff --git a/client/src/helpers/constants.js b/client/src/helpers/constants.js index de65ad5e..d4477b72 100644 --- a/client/src/helpers/constants.js +++ b/client/src/helpers/constants.js @@ -55,10 +55,11 @@ export const REPOSITORY = { ISSUES: 'https://github.com/AdguardTeam/AdGuardHome/issues/new/choose', }; -export const PRIVACY_POLICY_LINK = 'https://adguard.com/privacy/home.html'; -export const PORT_53_FAQ_LINK = 'https://github.com/AdguardTeam/AdGuardHome/wiki/FAQ#bindinuse'; -export const UPSTREAM_CONFIGURATION_WIKI_LINK = 'https://github.com/AdguardTeam/AdGuardHome/wiki/Configuration#upstreams'; +export const CLIENT_ID_LINK = 'https://github.com/AdguardTeam/AdGuardHome/wiki/Clients#clientid'; export const MANUAL_UPDATE_LINK = 'https://github.com/AdguardTeam/AdGuardHome/wiki/FAQ#manual-update'; +export const PORT_53_FAQ_LINK = 'https://github.com/AdguardTeam/AdGuardHome/wiki/FAQ#bindinuse'; +export const PRIVACY_POLICY_LINK = 'https://adguard.com/privacy/home.html'; +export const UPSTREAM_CONFIGURATION_WIKI_LINK = 'https://github.com/AdguardTeam/AdGuardHome/wiki/Configuration#upstreams'; export const FILTERS_RELATIVE_LINK = '#filters'; diff --git a/internal/dnsforward/access.go b/internal/dnsforward/access.go index 76145fdf..7a771946 100644 --- a/internal/dnsforward/access.go +++ b/internal/dnsforward/access.go @@ -119,8 +119,8 @@ func (a *accessCtx) allowlistMode() (ok bool) { func (a *accessCtx) isBlockedClientID(id string) (ok bool) { allowlistMode := a.allowlistMode() if id == "" { - // In allowlist mode, consider requests without client IDs - // blocked by default. + // In allowlist mode, consider requests without ClientIDs blocked by + // default. return allowlistMode } diff --git a/internal/dnsforward/clientid.go b/internal/dnsforward/clientid.go index 1580e416..481fb84d 100644 --- a/internal/dnsforward/clientid.go +++ b/internal/dnsforward/clientid.go @@ -12,12 +12,12 @@ import ( "github.com/lucas-clemente/quic-go" ) -// ValidateClientID returns an error if clientID is not a valid client ID. -func ValidateClientID(clientID string) (err error) { - err = netutil.ValidateDomainNameLabel(clientID) +// ValidateClientID returns an error if id is not a valid ClientID. +func ValidateClientID(id string) (err error) { + err = netutil.ValidateDomainNameLabel(id) if err != nil { // Replace the domain name label wrapper with our own. - return fmt.Errorf("invalid client id %q: %w", clientID, errors.Unwrap(err)) + return fmt.Errorf("invalid clientid %q: %w", id, errors.Unwrap(err)) } return nil @@ -33,7 +33,7 @@ func hasLabelSuffix(s, suffix string) (ok bool) { return strings.HasSuffix(s, suffix) && s[len(s)-len(suffix)-1] == '.' } -// clientIDFromClientServerName extracts and validates a client ID. hostSrvName +// clientIDFromClientServerName extracts and validates a ClientID. hostSrvName // is the server name of the host. cliSrvName is the server name as sent by the // client. When strict is true, and client and host server name don't match, // clientIDFromClientServerName will return an error. @@ -86,22 +86,22 @@ func clientIDFromDNSContextHTTPS(pctx *proxy.DNSContext) (clientID string, err e } if len(parts) == 0 || parts[0] != "dns-query" { - return "", fmt.Errorf("client id check: invalid path %q", origPath) + return "", fmt.Errorf("clientid check: invalid path %q", origPath) } switch len(parts) { case 1: - // Just /dns-query, no client ID. + // Just /dns-query, no ClientID. return "", nil case 2: clientID = parts[1] default: - return "", fmt.Errorf("client id check: invalid path %q: extra parts", origPath) + return "", fmt.Errorf("clientid check: invalid path %q: extra parts", origPath) } err = ValidateClientID(clientID) if err != nil { - return "", fmt.Errorf("client id check: %w", err) + return "", fmt.Errorf("clientid check: %w", err) } return clientID, nil @@ -166,7 +166,7 @@ func (s *Server) clientIDFromDNSContext(pctx *proxy.DNSContext) (clientID string s.conf.StrictSNICheck, ) if err != nil { - return "", fmt.Errorf("client id check: %w", err) + return "", fmt.Errorf("clientid check: %w", err) } return clientID, nil diff --git a/internal/dnsforward/clientid_test.go b/internal/dnsforward/clientid_test.go index d43de02f..e62dbe58 100644 --- a/internal/dnsforward/clientid_test.go +++ b/internal/dnsforward/clientid_test.go @@ -65,7 +65,7 @@ func TestServer_clientIDFromDNSContext(t *testing.T) { wantErrMsg: "", strictSNI: false, }, { - name: "tls_no_client_id", + name: "tls_no_clientid", proto: proxy.ProtoTLS, hostSrvName: "example.com", cliSrvName: "example.com", @@ -78,7 +78,7 @@ func TestServer_clientIDFromDNSContext(t *testing.T) { hostSrvName: "example.com", cliSrvName: "", wantClientID: "", - wantErrMsg: `client id check: client server name "" ` + + wantErrMsg: `clientid check: client server name "" ` + `doesn't match host server name "example.com"`, strictSNI: true, }, { @@ -90,7 +90,7 @@ func TestServer_clientIDFromDNSContext(t *testing.T) { wantErrMsg: "", strictSNI: false, }, { - name: "tls_client_id", + name: "tls_clientid", proto: proxy.ProtoTLS, hostSrvName: "example.com", cliSrvName: "cli.example.com", @@ -98,36 +98,36 @@ func TestServer_clientIDFromDNSContext(t *testing.T) { wantErrMsg: "", strictSNI: true, }, { - name: "tls_client_id_hostname_error", + name: "tls_clientid_hostname_error", proto: proxy.ProtoTLS, hostSrvName: "example.com", cliSrvName: "cli.example.net", wantClientID: "", - wantErrMsg: `client id check: client server name "cli.example.net" ` + + wantErrMsg: `clientid check: client server name "cli.example.net" ` + `doesn't match host server name "example.com"`, strictSNI: true, }, { - name: "tls_invalid_client_id", + name: "tls_invalid_clientid", proto: proxy.ProtoTLS, hostSrvName: "example.com", cliSrvName: "!!!.example.com", wantClientID: "", - wantErrMsg: `client id check: invalid client id "!!!": ` + + wantErrMsg: `clientid check: invalid clientid "!!!": ` + `bad domain name label rune '!'`, strictSNI: true, }, { - name: "tls_client_id_too_long", + name: "tls_clientid_too_long", proto: proxy.ProtoTLS, hostSrvName: "example.com", cliSrvName: `abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmno` + `pqrstuvwxyz0123456789.example.com`, wantClientID: "", - wantErrMsg: `client id check: invalid client id "abcdefghijklmno` + + wantErrMsg: `clientid check: invalid clientid "abcdefghijklmno` + `pqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz0123456789": ` + `domain name label is too long: got 72, max 63`, strictSNI: true, }, { - name: "quic_client_id", + name: "quic_clientid", proto: proxy.ProtoQUIC, hostSrvName: "example.com", cliSrvName: "cli.example.com", @@ -135,12 +135,12 @@ func TestServer_clientIDFromDNSContext(t *testing.T) { wantErrMsg: "", strictSNI: true, }, { - name: "tls_client_id_issue3437", + name: "tls_clientid_issue3437", proto: proxy.ProtoTLS, hostSrvName: "example.com", cliSrvName: "cli.myexample.com", wantClientID: "", - wantErrMsg: `client id check: client server name "cli.myexample.com" ` + + wantErrMsg: `clientid check: client server name "cli.myexample.com" ` + `doesn't match host server name "example.com"`, strictSNI: true, }} @@ -191,22 +191,22 @@ func TestClientIDFromDNSContextHTTPS(t *testing.T) { wantClientID string wantErrMsg string }{{ - name: "no_client_id", + name: "no_clientid", path: "/dns-query", wantClientID: "", wantErrMsg: "", }, { - name: "no_client_id_slash", + name: "no_clientid_slash", path: "/dns-query/", wantClientID: "", wantErrMsg: "", }, { - name: "client_id", + name: "clientid", path: "/dns-query/cli", wantClientID: "cli", wantErrMsg: "", }, { - name: "client_id_slash", + name: "clientid_slash", path: "/dns-query/cli/", wantClientID: "cli", wantErrMsg: "", @@ -214,18 +214,17 @@ func TestClientIDFromDNSContextHTTPS(t *testing.T) { name: "bad_url", path: "/foo", wantClientID: "", - wantErrMsg: `client id check: invalid path "/foo"`, + wantErrMsg: `clientid check: invalid path "/foo"`, }, { name: "extra", path: "/dns-query/cli/foo", wantClientID: "", - wantErrMsg: `client id check: invalid path "/dns-query/cli/foo": extra parts`, + wantErrMsg: `clientid check: invalid path "/dns-query/cli/foo": extra parts`, }, { - name: "invalid_client_id", + name: "invalid_clientid", path: "/dns-query/!!!", wantClientID: "", - wantErrMsg: `client id check: invalid client id "!!!": ` + - `bad domain name label rune '!'`, + wantErrMsg: `clientid check: invalid clientid "!!!": bad domain name label rune '!'`, }} for _, tc := range testCases { diff --git a/internal/dnsforward/config.go b/internal/dnsforward/config.go index cb93e278..9a050f52 100644 --- a/internal/dnsforward/config.go +++ b/internal/dnsforward/config.go @@ -150,8 +150,8 @@ type TLSConfig struct { CertificateChainData []byte `yaml:"-" json:"-"` PrivateKeyData []byte `yaml:"-" json:"-"` - // ServerName is the hostname of the server. Currently, it is only - // being used for client ID checking. + // ServerName is the hostname of the server. Currently, it is only being + // used for ClientID checking. ServerName string `yaml:"-" json:"-"` cert tls.Certificate diff --git a/internal/dnsforward/dns.go b/internal/dnsforward/dns.go index 87cb5194..dd5a4dd5 100644 --- a/internal/dnsforward/dns.go +++ b/internal/dnsforward/dns.go @@ -35,7 +35,7 @@ type dnsContext struct { // err is the error returned from a processing function. err error - // clientID is the clientID from DoH, DoQ, or DoT, if provided. + // clientID is the ClientID from DoH, DoQ, or DoT, if provided. clientID string // origQuestion is the question received from the client. It is set @@ -546,7 +546,7 @@ func (s *Server) processUpstream(dctx *dnsContext) (rc resultCode) { } if pctx.Addr != nil && s.conf.GetCustomUpstreamByClient != nil { - // Use the clientID first, since it has a higher priority. + // Use the ClientID first, since it has a higher priority. id := stringutil.Coalesce(dctx.clientID, ipStringFromAddr(pctx.Addr)) upsConf, err := s.conf.GetCustomUpstreamByClient(id) if err != nil { diff --git a/internal/dnsforward/dnsforward.go b/internal/dnsforward/dnsforward.go index fcd438e3..2d32cfd2 100644 --- a/internal/dnsforward/dnsforward.go +++ b/internal/dnsforward/dnsforward.go @@ -28,7 +28,7 @@ import ( // DefaultTimeout is the default upstream timeout const DefaultTimeout = 10 * time.Second -// defaultClientIDCacheCount is the default count of items in the LRU client ID +// defaultClientIDCacheCount is the default count of items in the LRU ClientID // cache. The assumption here is that there won't be more than this many // requests between the BeforeRequestHandler stage and the actual processing. const defaultClientIDCacheCount = 1024 @@ -88,8 +88,8 @@ type Server struct { tableIPToHost *netutil.IPMap tableIPToHostLock sync.Mutex - // clientIDCache is a temporary storage for clientIDs that were - // extracted during the BeforeRequestHandler stage. + // clientIDCache is a temporary storage for ClientIDs that were extracted + // during the BeforeRequestHandler stage. clientIDCache cache.Cache // DNS proxy instance for internal usage diff --git a/internal/dnsforward/stats_test.go b/internal/dnsforward/stats_test.go index bdd4f4f5..fdaa3678 100644 --- a/internal/dnsforward/stats_test.go +++ b/internal/dnsforward/stats_test.go @@ -66,7 +66,7 @@ func TestProcessQueryLogsAndStats(t *testing.T) { reason: filtering.NotFilteredNotFound, wantStatResult: stats.RNotFiltered, }, { - name: "success_tls_client_id", + name: "success_tls_clientid", proto: proxy.ProtoTLS, addr: &net.TCPAddr{IP: net.IP{1, 2, 3, 4}, Port: 1234}, clientID: "cli42", diff --git a/internal/home/clients.go b/internal/home/clients.go index 098fba91..f539adbe 100644 --- a/internal/home/clients.go +++ b/internal/home/clients.go @@ -532,7 +532,7 @@ func (clients *clientsContainer) check(c *Client) (err error) { } else if err = dnsforward.ValidateClientID(id); err == nil { c.IDs[i] = id } else { - return fmt.Errorf("invalid client id at index %d: %q", i, id) + return fmt.Errorf("invalid clientid at index %d: %q", i, id) } } diff --git a/internal/home/dns.go b/internal/home/dns.go index 4278a321..4c27abd9 100644 --- a/internal/home/dns.go +++ b/internal/home/dns.go @@ -318,7 +318,7 @@ func applyAdditionalFiltering(clientAddr net.IP, clientID string, setts *filteri } } - log.Debug("using settings for client %s with ip %s and id %q", c.Name, clientAddr, clientID) + log.Debug("using settings for client %s with ip %s and clientid %q", c.Name, clientAddr, clientID) if c.UseOwnBlockedServices { Context.dnsFilter.ApplyBlockedServices(setts, c.BlockedServices, false) diff --git a/internal/querylog/search.go b/internal/querylog/search.go index d387c938..4a3de979 100644 --- a/internal/querylog/search.go +++ b/internal/querylog/search.go @@ -8,7 +8,7 @@ import ( "github.com/AdguardTeam/golibs/log" ) -// client finds the client info, if any, by its client ID and IP address, +// client finds the client info, if any, by its ClientID and IP address, // optionally checking the provided cache. It will use the IP address // regardless of if the IP anonymization is enabled now, because the // anonymization could have been disabled in the past, and client will try to @@ -57,7 +57,7 @@ func (l *queryLog) searchMemory(params *searchParams, cache clientCache) (entrie e.client, err = l.client(e.ClientID, e.IP.String(), cache) if err != nil { msg := "querylog: enriching memory record at time %s" + - " for client %q (client id %q): %s" + " for client %q (clientid %q): %s" log.Error(msg, e.Time, e.IP, e.ClientID, err) // Go on and try to match anyway. @@ -216,8 +216,8 @@ func (f quickMatchClientFinder) findClient(clientID, ip string) (c *Client) { var err error c, err = f.client(clientID, ip, f.cache) if err != nil { - log.Error("querylog: enriching file record for quick search:"+ - " for client %q (client id %q): %s", + log.Error( + "querylog: enriching file record for quick search: for client %q (clientid %q): %s", ip, clientID, err, @@ -259,8 +259,7 @@ func (l *queryLog) readNextEntry( e.client, err = l.client(e.ClientID, e.IP.String(), cache) if err != nil { log.Error( - "querylog: enriching file record at time %s"+ - " for client %q (client id %q): %s", + "querylog: enriching file record at time %s for client %q (clientid %q): %s", e.Time, e.IP, e.ClientID, diff --git a/openapi/CHANGELOG.md b/openapi/CHANGELOG.md index 9545d2ec..ef32f6ea 100644 --- a/openapi/CHANGELOG.md +++ b/openapi/CHANGELOG.md @@ -69,9 +69,9 @@ * The type of `"interval"` field is now `number` instead of `integer`. -### Client IDs in Access Settings +### ClientIDs in Access Settings -* The `POST /control/access/set` HTTP API now accepts client IDs in +* The `POST /control/access/set` HTTP API now accepts ClientIDs in `"allowed_clients"` and `"disallowed_clients"` fields. ### The new field `"unicode_name"` in `DNSQuestion` diff --git a/openapi/openapi.yaml b/openapi/openapi.yaml index 31dade36..30d25b44 100644 --- a/openapi/openapi.yaml +++ b/openapi/openapi.yaml @@ -822,12 +822,12 @@ - 'clients' 'operationId': 'clientsFind' 'summary': > - Get information about clients by their IP addresses or client IDs. + Get information about clients by their IP addresses or ClientIDs. 'parameters': - 'name': 'ip0' 'in': 'query' 'description': > - Filter by IP address or client IDs. Parameters with names `ip1`, + Filter by IP address or ClientIDs. Parameters with names `ip1`, `ip2`, and so on are also accepted and interpreted as "ip0 OR ip1 OR ip2". @@ -1150,7 +1150,7 @@ 'schema': 'type': 'string' - 'description': > - Client ID. + ClientID. 'example': 'client-1' 'in': 'query' 'name': 'client_id' @@ -1185,7 +1185,7 @@ 'schema': 'type': 'string' - 'description': > - Client ID. + ClientID. 'example': 'client-1' 'in': 'query' 'name': 'client_id' @@ -1890,7 +1890,7 @@ 'type': 'string' 'client_id': 'description': > - The client ID, if provided in DoH, DoQ, or DoT. + The ClientID, if provided in DoH, DoQ, or DoT. 'example': 'cli123' 'type': 'string' 'client_info': @@ -2276,7 +2276,7 @@ 'example': 'localhost' 'ids': 'type': 'array' - 'description': 'IP, CIDR, MAC, or client ID.' + 'description': 'IP, CIDR, MAC, or ClientID.' 'items': 'type': 'string' 'use_global_settings': @@ -2381,13 +2381,13 @@ 'properties': 'allowed_clients': 'description': > - The allowlist of clients: IP addresses, CIDRs, or client IDs. + The allowlist of clients: IP addresses, CIDRs, or ClientIDs. 'items': 'type': 'string' 'type': 'array' 'disallowed_clients': 'description': > - The blocklist of clients: IP addresses, CIDRs, or client IDs. + The blocklist of clients: IP addresses, CIDRs, or ClientIDs. 'items': 'type': 'string' 'type': 'array' @@ -2411,7 +2411,7 @@ 'example': 'localhost' 'ids': 'type': 'array' - 'description': 'IP, CIDR, MAC, or client ID.' + 'description': 'IP, CIDR, MAC, or ClientID.' 'items': 'type': 'string' 'use_global_settings':