diff --git a/go.mod b/go.mod index 0f4def33..8ec3182d 100644 --- a/go.mod +++ b/go.mod @@ -18,7 +18,7 @@ require ( github.com/miekg/dns v1.1.55 github.com/oschwald/maxminddb-golang v1.12.0 github.com/safing/jess v0.3.1 - github.com/safing/portbase v0.17.2 + github.com/safing/portbase v0.17.3 github.com/safing/portmaster-android/go v0.0.0-20230605085256-6abf4c495626 github.com/safing/spn v0.6.17 github.com/shirou/gopsutil v3.21.11+incompatible diff --git a/go.sum b/go.sum index 4e2408df..d17847ba 100644 --- a/go.sum +++ b/go.sum @@ -210,6 +210,8 @@ github.com/safing/portbase v0.15.2/go.mod h1:5bHi99fz7Hh/wOsZUOI631WF9ePSHk57c4f github.com/safing/portbase v0.16.2/go.mod h1:mzNCWqPbO7vIYbbK5PElGbudwd2vx4YPNawymL8Aro8= github.com/safing/portbase v0.17.2 h1:HzJkURMmXkv30wMHB7xJ+Z5U5aTMe+EzvlHavKoKkos= github.com/safing/portbase v0.17.2/go.mod h1:1cVgDZIsPiqM5b+K88Kshir5PGIvsftYkx7y1x925+8= +github.com/safing/portbase v0.17.3 h1:LLV2kq4mli2phHFHxigTkIoOjConieMTWsDyi9kJd00= +github.com/safing/portbase v0.17.3/go.mod h1:1cVgDZIsPiqM5b+K88Kshir5PGIvsftYkx7y1x925+8= github.com/safing/portmaster-android/go v0.0.0-20230605085256-6abf4c495626 h1:olc/REnUdpJN/Gmz8B030OxLpMYxyPDTrDILNEw0eKs= github.com/safing/portmaster-android/go v0.0.0-20230605085256-6abf4c495626/go.mod h1:abwyAQrZGemWbSh/aCD9nnkp0SvFFf/mGWkAbOwPnFE= github.com/safing/spn v0.6.17 h1:3Lu1cpTcy8zYhA/2UEfeG08Rx1nlwIj1aobSfNXXgUI= diff --git a/nameserver/metrics.go b/nameserver/metrics.go index 3bab7121..eca11bd2 100644 --- a/nameserver/metrics.go +++ b/nameserver/metrics.go @@ -6,7 +6,10 @@ import ( "github.com/safing/portbase/metrics" ) -var requestsHistogram *metrics.Histogram +var ( + requestsHistogram *metrics.Histogram + totalHandledRequests *metrics.Counter +) func registerMetrics() (err error) { requestsHistogram, err = metrics.NewHistogram( @@ -15,7 +18,25 @@ func registerMetrics() (err error) { &metrics.Options{ Permission: api.PermitUser, ExpertiseLevel: config.ExpertiseLevelExpert, - }) + }, + ) + if err != nil { + return err + } - return err + totalHandledRequests, err = metrics.NewCounter( + "nameserver/request/total", + nil, + &metrics.Options{ + InternalID: "handled_dns_requests", + Permission: api.PermitUser, + ExpertiseLevel: config.ExpertiseLevelExpert, + Persist: true, + }, + ) + if err != nil { + return err + } + + return nil } diff --git a/nameserver/nameserver.go b/nameserver/nameserver.go index 19251007..493c88ad 100644 --- a/nameserver/nameserver.go +++ b/nameserver/nameserver.go @@ -84,6 +84,9 @@ func handleRequest(ctx context.Context, w dns.ResponseWriter, request *dns.Msg) defer tracer.Submit() tracer.Tracef("nameserver: handling new request for %s from %s:%d", q.ID(), remoteAddr.IP, remoteAddr.Port) + // Count request. + totalHandledRequests.Inc() + // Setup quick reply function. reply := func(responder nsutil.Responder, rrProviders ...nsutil.RRProvider) error { err := sendResponse(ctx, w, request, responder, rrProviders...) diff --git a/network/metrics.go b/network/metrics.go index 28a3b046..7101e921 100644 --- a/network/metrics.go +++ b/network/metrics.go @@ -37,6 +37,7 @@ func registerMetrics() (err error) { return float64(conns.active()) }, &metrics.Options{ + InternalID: "active_connections", Permission: api.PermitUser, ExpertiseLevel: config.ExpertiseLevelUser, }) @@ -58,7 +59,13 @@ func registerMetrics() (err error) { "direction": "out", "blocked": "true", }, - connCounterOpts, + &metrics.Options{ + Name: "Connections", + InternalID: "blocked_outgoing_connections", + Permission: api.PermitUser, + ExpertiseLevel: config.ExpertiseLevelUser, + Persist: true, + }, ) if err != nil { return err diff --git a/profile/config.go b/profile/config.go index eaaf3ea5..ceff101b 100644 --- a/profile/config.go +++ b/profile/config.go @@ -303,7 +303,8 @@ Set to 0 days to keep network history forever. Depending on your device, this mi - Matching with a wildcard prefix: "*xample.com" - Matching with a wildcard suffix: "example.*" - Matching domains containing text: "*example*" -- By country (based on IP): "US" (two-letter country codes according to ISO 3166-1 alpha-2) +- By country (based on IP): "US" ([two-letter country codes according to ISO 3166-1 alpha-2](https://en.wikipedia.org/wiki/ISO_3166-1_alpha-2)) +- By continent (based on IP): "C:US" (prefix "AF", "AN", "AS", "EU", "NA", "OC", or "SA" with "C:") - By AS number: "AS123456" - By filter list - use the filterlist ID prefixed with "L:": "L:MAL" - Match anything: "*" diff --git a/profile/endpoints/endpoints_test.go b/profile/endpoints/endpoints_test.go index e775a5a8..2d3fc76b 100644 --- a/profile/endpoints/endpoints_test.go +++ b/profile/endpoints/endpoints_test.go @@ -357,7 +357,7 @@ func TestEndpointMatching(t *testing.T) { //nolint:maintidx // TODO // ASN - ep, err = parseEndpoint("+ AS15169") + ep, err = parseEndpoint("+ AS15169") if err != nil { t.Fatal(err) } @@ -400,6 +400,20 @@ func TestEndpointMatching(t *testing.T) { //nolint:maintidx // TODO entity.SetIP(net.ParseIP("151.101.1.164")) // nytimes.com testEndpointMatch(t, ep, entity, NoMatch) + // Port with protocol wildcard + + ep, err = parseEndpoint("+ * */443") + if err != nil { + t.Fatal(err) + } + entity = &intel.Entity{ + Domain: "", + IP: net.ParseIP("10.2.3.4"), + Protocol: 6, + Port: 443, + } + testEndpointMatch(t, ep, entity, Permitted) + // Lists // Skip test that need the filter lists in CI.