Daniel Hovie
2
go.mod
2
go.mod
@@ -18,7 +18,7 @@ require (
|
||||
github.com/miekg/dns v1.1.55
|
||||
github.com/oschwald/maxminddb-golang v1.12.0
|
||||
github.com/safing/jess v0.3.1
|
||||
github.com/safing/portbase v0.17.2
|
||||
github.com/safing/portbase v0.17.3
|
||||
github.com/safing/portmaster-android/go v0.0.0-20230605085256-6abf4c495626
|
||||
github.com/safing/spn v0.6.17
|
||||
github.com/shirou/gopsutil v3.21.11+incompatible
|
||||
|
||||
2
go.sum
2
go.sum
@@ -210,6 +210,8 @@ github.com/safing/portbase v0.15.2/go.mod h1:5bHi99fz7Hh/wOsZUOI631WF9ePSHk57c4f
|
||||
github.com/safing/portbase v0.16.2/go.mod h1:mzNCWqPbO7vIYbbK5PElGbudwd2vx4YPNawymL8Aro8=
|
||||
github.com/safing/portbase v0.17.2 h1:HzJkURMmXkv30wMHB7xJ+Z5U5aTMe+EzvlHavKoKkos=
|
||||
github.com/safing/portbase v0.17.2/go.mod h1:1cVgDZIsPiqM5b+K88Kshir5PGIvsftYkx7y1x925+8=
|
||||
github.com/safing/portbase v0.17.3 h1:LLV2kq4mli2phHFHxigTkIoOjConieMTWsDyi9kJd00=
|
||||
github.com/safing/portbase v0.17.3/go.mod h1:1cVgDZIsPiqM5b+K88Kshir5PGIvsftYkx7y1x925+8=
|
||||
github.com/safing/portmaster-android/go v0.0.0-20230605085256-6abf4c495626 h1:olc/REnUdpJN/Gmz8B030OxLpMYxyPDTrDILNEw0eKs=
|
||||
github.com/safing/portmaster-android/go v0.0.0-20230605085256-6abf4c495626/go.mod h1:abwyAQrZGemWbSh/aCD9nnkp0SvFFf/mGWkAbOwPnFE=
|
||||
github.com/safing/spn v0.6.17 h1:3Lu1cpTcy8zYhA/2UEfeG08Rx1nlwIj1aobSfNXXgUI=
|
||||
|
||||
@@ -6,7 +6,10 @@ import (
|
||||
"github.com/safing/portbase/metrics"
|
||||
)
|
||||
|
||||
var requestsHistogram *metrics.Histogram
|
||||
var (
|
||||
requestsHistogram *metrics.Histogram
|
||||
totalHandledRequests *metrics.Counter
|
||||
)
|
||||
|
||||
func registerMetrics() (err error) {
|
||||
requestsHistogram, err = metrics.NewHistogram(
|
||||
@@ -15,7 +18,25 @@ func registerMetrics() (err error) {
|
||||
&metrics.Options{
|
||||
Permission: api.PermitUser,
|
||||
ExpertiseLevel: config.ExpertiseLevelExpert,
|
||||
})
|
||||
},
|
||||
)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
return err
|
||||
totalHandledRequests, err = metrics.NewCounter(
|
||||
"nameserver/request/total",
|
||||
nil,
|
||||
&metrics.Options{
|
||||
InternalID: "handled_dns_requests",
|
||||
Permission: api.PermitUser,
|
||||
ExpertiseLevel: config.ExpertiseLevelExpert,
|
||||
Persist: true,
|
||||
},
|
||||
)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
@@ -84,6 +84,9 @@ func handleRequest(ctx context.Context, w dns.ResponseWriter, request *dns.Msg)
|
||||
defer tracer.Submit()
|
||||
tracer.Tracef("nameserver: handling new request for %s from %s:%d", q.ID(), remoteAddr.IP, remoteAddr.Port)
|
||||
|
||||
// Count request.
|
||||
totalHandledRequests.Inc()
|
||||
|
||||
// Setup quick reply function.
|
||||
reply := func(responder nsutil.Responder, rrProviders ...nsutil.RRProvider) error {
|
||||
err := sendResponse(ctx, w, request, responder, rrProviders...)
|
||||
|
||||
@@ -37,6 +37,7 @@ func registerMetrics() (err error) {
|
||||
return float64(conns.active())
|
||||
},
|
||||
&metrics.Options{
|
||||
InternalID: "active_connections",
|
||||
Permission: api.PermitUser,
|
||||
ExpertiseLevel: config.ExpertiseLevelUser,
|
||||
})
|
||||
@@ -58,7 +59,13 @@ func registerMetrics() (err error) {
|
||||
"direction": "out",
|
||||
"blocked": "true",
|
||||
},
|
||||
connCounterOpts,
|
||||
&metrics.Options{
|
||||
Name: "Connections",
|
||||
InternalID: "blocked_outgoing_connections",
|
||||
Permission: api.PermitUser,
|
||||
ExpertiseLevel: config.ExpertiseLevelUser,
|
||||
Persist: true,
|
||||
},
|
||||
)
|
||||
if err != nil {
|
||||
return err
|
||||
|
||||
@@ -303,7 +303,8 @@ Set to 0 days to keep network history forever. Depending on your device, this mi
|
||||
- Matching with a wildcard prefix: "*xample.com"
|
||||
- Matching with a wildcard suffix: "example.*"
|
||||
- Matching domains containing text: "*example*"
|
||||
- By country (based on IP): "US" (two-letter country codes according to ISO 3166-1 alpha-2)
|
||||
- By country (based on IP): "US" ([two-letter country codes according to ISO 3166-1 alpha-2](https://en.wikipedia.org/wiki/ISO_3166-1_alpha-2))
|
||||
- By continent (based on IP): "C:US" (prefix "AF", "AN", "AS", "EU", "NA", "OC", or "SA" with "C:")
|
||||
- By AS number: "AS123456"
|
||||
- By filter list - use the filterlist ID prefixed with "L:": "L:MAL"
|
||||
- Match anything: "*"
|
||||
|
||||
@@ -357,7 +357,7 @@ func TestEndpointMatching(t *testing.T) { //nolint:maintidx // TODO
|
||||
|
||||
// ASN
|
||||
|
||||
ep, err = parseEndpoint("+ AS15169")
|
||||
ep, err = parseEndpoint("+ AS15169")
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
@@ -400,6 +400,20 @@ func TestEndpointMatching(t *testing.T) { //nolint:maintidx // TODO
|
||||
entity.SetIP(net.ParseIP("151.101.1.164")) // nytimes.com
|
||||
testEndpointMatch(t, ep, entity, NoMatch)
|
||||
|
||||
// Port with protocol wildcard
|
||||
|
||||
ep, err = parseEndpoint("+ * */443")
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
entity = &intel.Entity{
|
||||
Domain: "",
|
||||
IP: net.ParseIP("10.2.3.4"),
|
||||
Protocol: 6,
|
||||
Port: 443,
|
||||
}
|
||||
testEndpointMatch(t, ep, entity, Permitted)
|
||||
|
||||
// Lists
|
||||
|
||||
// Skip test that need the filter lists in CI.
|
||||
|
||||
Reference in New Issue
Block a user