Daniel Hovie
2
go.mod
2
go.mod
@@ -18,7 +18,7 @@ require (
|
|||||||
github.com/miekg/dns v1.1.55
|
github.com/miekg/dns v1.1.55
|
||||||
github.com/oschwald/maxminddb-golang v1.12.0
|
github.com/oschwald/maxminddb-golang v1.12.0
|
||||||
github.com/safing/jess v0.3.1
|
github.com/safing/jess v0.3.1
|
||||||
github.com/safing/portbase v0.17.2
|
github.com/safing/portbase v0.17.3
|
||||||
github.com/safing/portmaster-android/go v0.0.0-20230605085256-6abf4c495626
|
github.com/safing/portmaster-android/go v0.0.0-20230605085256-6abf4c495626
|
||||||
github.com/safing/spn v0.6.17
|
github.com/safing/spn v0.6.17
|
||||||
github.com/shirou/gopsutil v3.21.11+incompatible
|
github.com/shirou/gopsutil v3.21.11+incompatible
|
||||||
|
|||||||
2
go.sum
2
go.sum
@@ -210,6 +210,8 @@ github.com/safing/portbase v0.15.2/go.mod h1:5bHi99fz7Hh/wOsZUOI631WF9ePSHk57c4f
|
|||||||
github.com/safing/portbase v0.16.2/go.mod h1:mzNCWqPbO7vIYbbK5PElGbudwd2vx4YPNawymL8Aro8=
|
github.com/safing/portbase v0.16.2/go.mod h1:mzNCWqPbO7vIYbbK5PElGbudwd2vx4YPNawymL8Aro8=
|
||||||
github.com/safing/portbase v0.17.2 h1:HzJkURMmXkv30wMHB7xJ+Z5U5aTMe+EzvlHavKoKkos=
|
github.com/safing/portbase v0.17.2 h1:HzJkURMmXkv30wMHB7xJ+Z5U5aTMe+EzvlHavKoKkos=
|
||||||
github.com/safing/portbase v0.17.2/go.mod h1:1cVgDZIsPiqM5b+K88Kshir5PGIvsftYkx7y1x925+8=
|
github.com/safing/portbase v0.17.2/go.mod h1:1cVgDZIsPiqM5b+K88Kshir5PGIvsftYkx7y1x925+8=
|
||||||
|
github.com/safing/portbase v0.17.3 h1:LLV2kq4mli2phHFHxigTkIoOjConieMTWsDyi9kJd00=
|
||||||
|
github.com/safing/portbase v0.17.3/go.mod h1:1cVgDZIsPiqM5b+K88Kshir5PGIvsftYkx7y1x925+8=
|
||||||
github.com/safing/portmaster-android/go v0.0.0-20230605085256-6abf4c495626 h1:olc/REnUdpJN/Gmz8B030OxLpMYxyPDTrDILNEw0eKs=
|
github.com/safing/portmaster-android/go v0.0.0-20230605085256-6abf4c495626 h1:olc/REnUdpJN/Gmz8B030OxLpMYxyPDTrDILNEw0eKs=
|
||||||
github.com/safing/portmaster-android/go v0.0.0-20230605085256-6abf4c495626/go.mod h1:abwyAQrZGemWbSh/aCD9nnkp0SvFFf/mGWkAbOwPnFE=
|
github.com/safing/portmaster-android/go v0.0.0-20230605085256-6abf4c495626/go.mod h1:abwyAQrZGemWbSh/aCD9nnkp0SvFFf/mGWkAbOwPnFE=
|
||||||
github.com/safing/spn v0.6.17 h1:3Lu1cpTcy8zYhA/2UEfeG08Rx1nlwIj1aobSfNXXgUI=
|
github.com/safing/spn v0.6.17 h1:3Lu1cpTcy8zYhA/2UEfeG08Rx1nlwIj1aobSfNXXgUI=
|
||||||
|
|||||||
@@ -6,7 +6,10 @@ import (
|
|||||||
"github.com/safing/portbase/metrics"
|
"github.com/safing/portbase/metrics"
|
||||||
)
|
)
|
||||||
|
|
||||||
var requestsHistogram *metrics.Histogram
|
var (
|
||||||
|
requestsHistogram *metrics.Histogram
|
||||||
|
totalHandledRequests *metrics.Counter
|
||||||
|
)
|
||||||
|
|
||||||
func registerMetrics() (err error) {
|
func registerMetrics() (err error) {
|
||||||
requestsHistogram, err = metrics.NewHistogram(
|
requestsHistogram, err = metrics.NewHistogram(
|
||||||
@@ -15,7 +18,25 @@ func registerMetrics() (err error) {
|
|||||||
&metrics.Options{
|
&metrics.Options{
|
||||||
Permission: api.PermitUser,
|
Permission: api.PermitUser,
|
||||||
ExpertiseLevel: config.ExpertiseLevelExpert,
|
ExpertiseLevel: config.ExpertiseLevelExpert,
|
||||||
})
|
},
|
||||||
|
)
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
|
||||||
return err
|
totalHandledRequests, err = metrics.NewCounter(
|
||||||
|
"nameserver/request/total",
|
||||||
|
nil,
|
||||||
|
&metrics.Options{
|
||||||
|
InternalID: "handled_dns_requests",
|
||||||
|
Permission: api.PermitUser,
|
||||||
|
ExpertiseLevel: config.ExpertiseLevelExpert,
|
||||||
|
Persist: true,
|
||||||
|
},
|
||||||
|
)
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
|
||||||
|
return nil
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -84,6 +84,9 @@ func handleRequest(ctx context.Context, w dns.ResponseWriter, request *dns.Msg)
|
|||||||
defer tracer.Submit()
|
defer tracer.Submit()
|
||||||
tracer.Tracef("nameserver: handling new request for %s from %s:%d", q.ID(), remoteAddr.IP, remoteAddr.Port)
|
tracer.Tracef("nameserver: handling new request for %s from %s:%d", q.ID(), remoteAddr.IP, remoteAddr.Port)
|
||||||
|
|
||||||
|
// Count request.
|
||||||
|
totalHandledRequests.Inc()
|
||||||
|
|
||||||
// Setup quick reply function.
|
// Setup quick reply function.
|
||||||
reply := func(responder nsutil.Responder, rrProviders ...nsutil.RRProvider) error {
|
reply := func(responder nsutil.Responder, rrProviders ...nsutil.RRProvider) error {
|
||||||
err := sendResponse(ctx, w, request, responder, rrProviders...)
|
err := sendResponse(ctx, w, request, responder, rrProviders...)
|
||||||
|
|||||||
@@ -37,6 +37,7 @@ func registerMetrics() (err error) {
|
|||||||
return float64(conns.active())
|
return float64(conns.active())
|
||||||
},
|
},
|
||||||
&metrics.Options{
|
&metrics.Options{
|
||||||
|
InternalID: "active_connections",
|
||||||
Permission: api.PermitUser,
|
Permission: api.PermitUser,
|
||||||
ExpertiseLevel: config.ExpertiseLevelUser,
|
ExpertiseLevel: config.ExpertiseLevelUser,
|
||||||
})
|
})
|
||||||
@@ -58,7 +59,13 @@ func registerMetrics() (err error) {
|
|||||||
"direction": "out",
|
"direction": "out",
|
||||||
"blocked": "true",
|
"blocked": "true",
|
||||||
},
|
},
|
||||||
connCounterOpts,
|
&metrics.Options{
|
||||||
|
Name: "Connections",
|
||||||
|
InternalID: "blocked_outgoing_connections",
|
||||||
|
Permission: api.PermitUser,
|
||||||
|
ExpertiseLevel: config.ExpertiseLevelUser,
|
||||||
|
Persist: true,
|
||||||
|
},
|
||||||
)
|
)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
|
|||||||
@@ -303,7 +303,8 @@ Set to 0 days to keep network history forever. Depending on your device, this mi
|
|||||||
- Matching with a wildcard prefix: "*xample.com"
|
- Matching with a wildcard prefix: "*xample.com"
|
||||||
- Matching with a wildcard suffix: "example.*"
|
- Matching with a wildcard suffix: "example.*"
|
||||||
- Matching domains containing text: "*example*"
|
- Matching domains containing text: "*example*"
|
||||||
- By country (based on IP): "US" (two-letter country codes according to ISO 3166-1 alpha-2)
|
- By country (based on IP): "US" ([two-letter country codes according to ISO 3166-1 alpha-2](https://en.wikipedia.org/wiki/ISO_3166-1_alpha-2))
|
||||||
|
- By continent (based on IP): "C:US" (prefix "AF", "AN", "AS", "EU", "NA", "OC", or "SA" with "C:")
|
||||||
- By AS number: "AS123456"
|
- By AS number: "AS123456"
|
||||||
- By filter list - use the filterlist ID prefixed with "L:": "L:MAL"
|
- By filter list - use the filterlist ID prefixed with "L:": "L:MAL"
|
||||||
- Match anything: "*"
|
- Match anything: "*"
|
||||||
|
|||||||
@@ -357,7 +357,7 @@ func TestEndpointMatching(t *testing.T) { //nolint:maintidx // TODO
|
|||||||
|
|
||||||
// ASN
|
// ASN
|
||||||
|
|
||||||
ep, err = parseEndpoint("+ AS15169")
|
ep, err = parseEndpoint("+ AS15169")
|
||||||
if err != nil {
|
if err != nil {
|
||||||
t.Fatal(err)
|
t.Fatal(err)
|
||||||
}
|
}
|
||||||
@@ -400,6 +400,20 @@ func TestEndpointMatching(t *testing.T) { //nolint:maintidx // TODO
|
|||||||
entity.SetIP(net.ParseIP("151.101.1.164")) // nytimes.com
|
entity.SetIP(net.ParseIP("151.101.1.164")) // nytimes.com
|
||||||
testEndpointMatch(t, ep, entity, NoMatch)
|
testEndpointMatch(t, ep, entity, NoMatch)
|
||||||
|
|
||||||
|
// Port with protocol wildcard
|
||||||
|
|
||||||
|
ep, err = parseEndpoint("+ * */443")
|
||||||
|
if err != nil {
|
||||||
|
t.Fatal(err)
|
||||||
|
}
|
||||||
|
entity = &intel.Entity{
|
||||||
|
Domain: "",
|
||||||
|
IP: net.ParseIP("10.2.3.4"),
|
||||||
|
Protocol: 6,
|
||||||
|
Port: 443,
|
||||||
|
}
|
||||||
|
testEndpointMatch(t, ep, entity, Permitted)
|
||||||
|
|
||||||
// Lists
|
// Lists
|
||||||
|
|
||||||
// Skip test that need the filter lists in CI.
|
// Skip test that need the filter lists in CI.
|
||||||
|
|||||||
Reference in New Issue
Block a user