From 6f7d5cc4be1d2ed16bbd387d19bec78de67a95a0 Mon Sep 17 00:00:00 2001 From: Eugene Burkov Date: Tue, 16 Apr 2024 17:23:46 +0300 Subject: [PATCH 1/2] Pull request 2202: Fix access error Squashed commit of the following: commit 55074010c38c0824c1df4a7c682a3baef4755015 Author: Eugene Burkov Date: Tue Apr 16 17:16:41 2024 +0300 all: rm replace commit 983f8d133199225f495e25efa4afae3ef6d2eee4 Merge: d9fc69d69 201ac73cf Author: Eugene Burkov Date: Tue Apr 16 16:06:28 2024 +0300 Merge branch 'master' into fix-access-error commit d9fc69d69a315de83ef50a64bf9f5b4b2e50c8d3 Author: Eugene Burkov Date: Thu Apr 11 19:18:24 2024 +0300 all: fix before request, upd golibs --- go.mod | 2 +- go.sum | 4 ++-- internal/dnsforward/beforerequest.go | 5 ++++- internal/dnsforward/http.go | 2 +- 4 files changed, 8 insertions(+), 5 deletions(-) diff --git a/go.mod b/go.mod index 5c8bbd38227..f81a3f38cb5 100644 --- a/go.mod +++ b/go.mod @@ -3,7 +3,7 @@ module github.com/AdguardTeam/AdGuardHome go 1.22.2 require ( - github.com/AdguardTeam/dnsproxy v0.69.1 + github.com/AdguardTeam/dnsproxy v0.69.2 github.com/AdguardTeam/golibs v0.23.2 github.com/AdguardTeam/urlfilter v0.18.0 github.com/NYTimes/gziphandler v1.1.1 diff --git a/go.sum b/go.sum index 0153ce9bee7..0dc25336a95 100644 --- a/go.sum +++ b/go.sum @@ -1,5 +1,5 @@ -github.com/AdguardTeam/dnsproxy v0.69.1 h1:KiLkKUSrvHeUO/YEf4Bbo/5zyFRIvQstjL7W9G/24pk= -github.com/AdguardTeam/dnsproxy v0.69.1/go.mod h1:atO3WeeuyepyhjSt6hC+MF7/IN7TZHfG3/ZwhImHzYs= +github.com/AdguardTeam/dnsproxy v0.69.2 h1:/qnjEILMIM7koAIcy+ZB19lb+PSZjJWKjxuGyqVVpp0= +github.com/AdguardTeam/dnsproxy v0.69.2/go.mod h1:zpA9eBxakSyjKC/bUac+UPSYTp/Q43aOmNlBV2/D6ug= github.com/AdguardTeam/golibs v0.23.2 h1:rMjYantwtQ39e8G4zBQ6ZLlm4s3XH30Bc9VxhoOHwao= github.com/AdguardTeam/golibs v0.23.2/go.mod h1:o9i55Sx6v7qogRQeqaBfmLbC/pZqeMBWi015U5PTDY0= github.com/AdguardTeam/urlfilter v0.18.0 h1:ZZzwODC/ADpjJSODxySrrUnt/fvOCfGFaCW6j+wsGfQ= diff --git a/internal/dnsforward/beforerequest.go b/internal/dnsforward/beforerequest.go index 75c64cecfc7..21bc43a3985 100644 --- a/internal/dnsforward/beforerequest.go +++ b/internal/dnsforward/beforerequest.go @@ -25,7 +25,10 @@ func (s *Server) HandleBefore( ) (err error) { clientID, err := s.clientIDFromDNSContext(pctx) if err != nil { - return fmt.Errorf("getting clientid: %w", err) + return &proxy.BeforeRequestError{ + Err: fmt.Errorf("getting clientid: %w", err), + Response: s.NewMsgSERVFAIL(pctx.Req), + } } blocked, _ := s.IsBlockedClient(pctx.Addr.Addr(), clientID) diff --git a/internal/dnsforward/http.go b/internal/dnsforward/http.go index 01fe6720837..76f88edc1e3 100644 --- a/internal/dnsforward/http.go +++ b/internal/dnsforward/http.go @@ -461,7 +461,7 @@ func (s *Server) handleSetConfig(w http.ResponseWriter, r *http.Request) { // TODO(e.burkov): Consider prebuilding this set on startup. ourAddrs, err := s.conf.ourAddrsSet() if err != nil { - // TODO(e.burkov): Put into openapi + // TODO(e.burkov): Put into openapi. aghhttp.Error(r, w, http.StatusInternalServerError, "getting our addresses: %s", err) return From 48c6242a7bd90ff5cf48f66a8a14d3e1e08666cb Mon Sep 17 00:00:00 2001 From: Stanislav Chzhen Date: Tue, 16 Apr 2024 17:33:34 +0300 Subject: [PATCH 2/2] Pull request 2201: 6192-access-ipv6-zone Updates #6192. Squashed commit of the following: commit e98c2f0fff0d617bff36f1bb583b1a95fe3a1af9 Merge: 4dd9218d4 6f7d5cc4b Author: Stanislav Chzhen Date: Tue Apr 16 17:24:38 2024 +0300 Merge branch 'master' into 6192-access-ipv6-zone commit 4dd9218d4eee5918c152ca768f5a0a5ed19bfa6f Author: Stanislav Chzhen Date: Tue Apr 16 16:12:24 2024 +0300 all: upd chlog commit e126e12f7024aaf9bb4d9abe0acbc5c1ccf00977 Merge: d57c34c51 201ac73cf Author: Stanislav Chzhen Date: Tue Apr 16 14:34:45 2024 +0300 Merge branch 'master' into 6192-access-ipv6-zone commit d57c34c51d2d5f6324c96e26a5a7c4134cae3a7f Merge: decb768d3 df7f19eb8 Author: Stanislav Chzhen Date: Mon Apr 15 16:26:57 2024 +0300 Merge branch 'master' into 6192-access-ipv6-zone commit decb768d3b9a9352f8012ae1f3e112d5774e5428 Author: Stanislav Chzhen Date: Thu Apr 11 17:06:54 2024 +0300 all: upd chlog commit c8184bef8f3ec579049b4ac6b8451b611ae66e17 Merge: 5e0059b51 ff7c715c5 Author: Stanislav Chzhen Date: Thu Apr 11 16:52:10 2024 +0300 Merge branch 'master' into 6192-access-ipv6-zone commit 5e0059b5199466ea88b246d1fc27563fc71af6d3 Author: Stanislav Chzhen Date: Wed Apr 10 16:59:37 2024 +0300 dnsforward: access ipv6 zone --- CHANGELOG.md | 3 +++ internal/dnsforward/access.go | 5 ++++- 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index a0cf3821cb8..7a276ffc090 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -29,6 +29,8 @@ NOTE: Add new changes BELOW THIS COMMENT. ### Fixed +- Support for link-local subnets, i.e. `fe80::/16`, in the access settings + ([#6192]). - The ability to apply an invalid configuration for private RDNS, which led to server inoperability. - Ignoring query log for clients with ClientID set ([#5812]). @@ -40,6 +42,7 @@ NOTE: Add new changes BELOW THIS COMMENT. [#5345]: https://github.com/AdguardTeam/AdGuardHome/issues/5345 [#5812]: https://github.com/AdguardTeam/AdGuardHome/issues/5812 +[#6192]: https://github.com/AdguardTeam/AdGuardHome/issues/6192 [#6854]: https://github.com/AdguardTeam/AdGuardHome/issues/6854 [#6875]: https://github.com/AdguardTeam/AdGuardHome/issues/6875 diff --git a/internal/dnsforward/access.go b/internal/dnsforward/access.go index c4d6c5913ca..c6c6beabc93 100644 --- a/internal/dnsforward/access.go +++ b/internal/dnsforward/access.go @@ -156,7 +156,10 @@ func (a *accessManager) isBlockedIP(ip netip.Addr) (blocked bool, rule string) { } for _, ipnet := range ipnets { - if ipnet.Contains(ip) { + // Remove zone before checking because prefixes stip zones. + // + // TODO(d.kolyshev): Cover with tests. + if ipnet.Contains(ip.WithZone("")) { return blocked, ipnet.String() } }