From 8a55b6a30d1cee7def614b455c020375b91b9456 Mon Sep 17 00:00:00 2001
From: Daniel <dhaavi@users.noreply.github.com>
Date: Wed, 10 Mar 2021 17:10:15 +0100
Subject: [PATCH] Improve resolver and process docs

---
 netenv/online-status.go | 48 ++++++++++++++++++++++-------------------
 process/config.go       |  2 +-
 resolver/config.go      | 32 ++++++++++++++++-----------
 resolver/scopes.go      |  6 ++++--
 4 files changed, 50 insertions(+), 38 deletions(-)

diff --git a/netenv/online-status.go b/netenv/online-status.go
index db1d868e..44d5a0ff 100644
--- a/netenv/online-status.go
+++ b/netenv/online-status.go
@@ -45,27 +45,10 @@ var (
 	// or the captive portal test IP. The default value should be overridden by the resolver package,
 	// which defines the custom internal domain name to use.
 	SpecialCaptivePortalDomain = "captiveportal.invalid."
-)
 
-var (
-	parsedPortalTestURL *url.URL
-)
-
-func prepOnlineStatus() (err error) {
-	parsedPortalTestURL, err = url.Parse(PortalTestURL)
-	return err
-}
-
-// IsConnectivityDomain checks whether the given domain (fqdn) is used for any
-// connectivity related network connections and should always be resolved using
-// the network assigned DNS server.
-func IsConnectivityDomain(domain string) bool {
-	if domain == "" {
-		return false
-	}
-
-	switch domain {
-	case SpecialCaptivePortalDomain,
+	// ConnectivityDomains holds all connectivity domains. This slice must not be modified.
+	ConnectivityDomains = []string{
+		SpecialCaptivePortalDomain,
 		"one.one.one.one.", // Internal DNS Check
 
 		// Windows
@@ -87,6 +70,7 @@ func IsConnectivityDomain(domain string) bool {
 		"connectivity-check.ubuntu.com.", // Ubuntu
 		"nmcheck.gnome.org.",             // Gnome DE
 		"network-test.debian.org.",       // Debian
+		"204.pop-os.org",                 // Pop OS
 		// There are probably a lot more domains for all the Linux Distro/DE Variants. Please raise issues and/or submit PRs!
 		// https://github.com/solus-project/budgie-desktop/issues/807
 		// https://www.lguruprasad.in/blog/2015/07/21/enabling-captive-portal-detection-in-gnome-3-14-on-debian-jessie/
@@ -98,9 +82,29 @@ func IsConnectivityDomain(domain string) bool {
 
 		// Other
 		"neverssl.com.",             // Common Community Service
-		"detectportal.firefox.com.": // Firefox
+		"detectportal.firefox.com.", // Firefox
+	}
 
-		return true
+	parsedPortalTestURL *url.URL
+)
+
+func prepOnlineStatus() (err error) {
+	parsedPortalTestURL, err = url.Parse(PortalTestURL)
+	return err
+}
+
+// IsConnectivityDomain checks whether the given domain (fqdn) is used for any
+// connectivity related network connections and should always be resolved using
+// the network assigned DNS server.
+func IsConnectivityDomain(domain string) bool {
+	if domain == "" {
+		return false
+	}
+
+	for _, connectivityDomain := range ConnectivityDomains {
+		if domain == connectivityDomain {
+			return true
+		}
 	}
 
 	// Check for captive portal domain.
diff --git a/process/config.go b/process/config.go
index 6b5fcdf1..19f239ce 100644
--- a/process/config.go
+++ b/process/config.go
@@ -17,7 +17,7 @@ func registerConfiguration() error {
 	err := config.Register(&config.Option{
 		Name:           "Process Detection",
 		Key:            CfgOptionEnableProcessDetectionKey,
-		Description:    "This option enables the attribution of network traffic to processes. This should always be enabled, and effectively disables app profiles if disabled.",
+		Description:    "This option enables the attribution of network traffic to processes. This should always be enabled, and effectively disables app settings if disabled.",
 		OptType:        config.OptTypeBool,
 		ExpertiseLevel: config.ExpertiseLevelDeveloper,
 		DefaultValue:   true,
diff --git a/resolver/config.go b/resolver/config.go
index 2a360d82..d49229c9 100644
--- a/resolver/config.go
+++ b/resolver/config.go
@@ -5,6 +5,7 @@ import (
 	"strings"
 
 	"github.com/safing/portbase/config"
+	"github.com/safing/portmaster/netenv"
 	"github.com/safing/portmaster/status"
 )
 
@@ -138,7 +139,7 @@ The format is: "protocol://ip:port?parameter=value&parameter=value"
 					},
 				},
 				{
-					Name:   "Cloudflare",
+					Name:   "Cloudflare (with Malware Filter)",
 					Action: config.QuickReplace,
 					Value: []string{
 						"dot://1.1.1.2:853?verify=cloudflare-dns.com&name=Cloudflare&blockedif=zeroip",
@@ -146,6 +147,8 @@ The format is: "protocol://ip:port?parameter=value&parameter=value"
 					},
 				},
 			},
+			"self:detail:internalSpecialUseDomains": internalSpecialUseDomains,
+			"self:detail:connectivityDomains":       netenv.ConnectivityDomains,
 		},
 	})
 	if err != nil {
@@ -175,16 +178,17 @@ The format is: "protocol://ip:port?parameter=value&parameter=value"
 	err = config.Register(&config.Option{
 		Name:           "Ignore System/Network Servers",
 		Key:            CfgOptionNoAssignedNameserversKey,
-		Description:    "Ignore DNS servers configured in your system or network.",
+		Description:    "Ignore DNS servers configured in your system or network. This may break domains from your local network.",
 		OptType:        config.OptTypeInt,
 		ExpertiseLevel: config.ExpertiseLevelExpert,
 		ReleaseLevel:   config.ReleaseLevelStable,
 		DefaultValue:   status.SecurityLevelsHighAndExtreme,
 		PossibleValues: status.SecurityLevelValues,
 		Annotations: config.Annotations{
-			config.DisplayOrderAnnotation: cfgOptionNoAssignedNameserversOrder,
-			config.DisplayHintAnnotation:  status.DisplayHintSecurityLevel,
-			config.CategoryAnnotation:     "Servers",
+			config.DisplayOrderAnnotation:   cfgOptionNoAssignedNameserversOrder,
+			config.DisplayHintAnnotation:    status.DisplayHintSecurityLevel,
+			config.CategoryAnnotation:       "Servers",
+			"self:detail:specialUseDomains": specialUseDomains,
 		},
 	})
 	if err != nil {
@@ -195,16 +199,17 @@ The format is: "protocol://ip:port?parameter=value&parameter=value"
 	err = config.Register(&config.Option{
 		Name:           "Ignore Multicast DNS",
 		Key:            CfgOptionNoMulticastDNSKey,
-		Description:    "Do not resolve using Multicast DNS. This may break certain Plug and Play devices or services.",
+		Description:    "Do not resolve using Multicast DNS. This may break certain Plug and Play devices and services.",
 		OptType:        config.OptTypeInt,
 		ExpertiseLevel: config.ExpertiseLevelExpert,
 		ReleaseLevel:   config.ReleaseLevelStable,
 		DefaultValue:   status.SecurityLevelsHighAndExtreme,
 		PossibleValues: status.SecurityLevelValues,
 		Annotations: config.Annotations{
-			config.DisplayOrderAnnotation: cfgOptionNoMulticastDNSOrder,
-			config.DisplayHintAnnotation:  status.DisplayHintSecurityLevel,
-			config.CategoryAnnotation:     "Resolving",
+			config.DisplayOrderAnnotation:  cfgOptionNoMulticastDNSOrder,
+			config.DisplayHintAnnotation:   status.DisplayHintSecurityLevel,
+			config.CategoryAnnotation:      "Resolving",
+			"self:detail:multicastDomains": multicastDomains,
 		},
 	})
 	if err != nil {
@@ -236,7 +241,7 @@ The format is: "protocol://ip:port?parameter=value&parameter=value"
 		Name: "Block Unofficial TLDs",
 		Key:  CfgOptionDontResolveSpecialDomainsKey,
 		Description: fmt.Sprintf(
-			"Block %s. Unofficial domains may pose a security risk. This does not affect .onion domains in the Tor Browser.",
+			"Block %s. Unofficial domains may pose a security risk. This setting does not affect .onion domains in the Tor Browser.",
 			formatScopeList(specialServiceDomains),
 		),
 		OptType:        config.OptTypeInt,
@@ -245,9 +250,10 @@ The format is: "protocol://ip:port?parameter=value&parameter=value"
 		DefaultValue:   status.SecurityLevelsAll,
 		PossibleValues: status.AllSecurityLevelValues,
 		Annotations: config.Annotations{
-			config.DisplayOrderAnnotation: cfgOptionDontResolveSpecialDomainsOrder,
-			config.DisplayHintAnnotation:  status.DisplayHintSecurityLevel,
-			config.CategoryAnnotation:     "Resolving",
+			config.DisplayOrderAnnotation:       cfgOptionDontResolveSpecialDomainsOrder,
+			config.DisplayHintAnnotation:        status.DisplayHintSecurityLevel,
+			config.CategoryAnnotation:           "Resolving",
+			"self:detail:specialServiceDomains": specialServiceDomains,
 		},
 	})
 	if err != nil {
diff --git a/resolver/scopes.go b/resolver/scopes.go
index c8d01aaa..a7772186 100644
--- a/resolver/scopes.go
+++ b/resolver/scopes.go
@@ -25,7 +25,9 @@ var (
 
 	// Internal Special-Use Domain
 	// Used by Portmaster for special addressing.
-	internalSpecialUseDomainScope = "." + internalSpecialUseDomain
+	internalSpecialUseDomains = []string{
+		"." + internalSpecialUseDomain,
+	}
 
 	// Multicast DNS
 	// Handling: Send to nameservers with matching search scope, then MDNS
@@ -112,7 +114,7 @@ func GetResolversInScope(ctx context.Context, q *Query) (selected []*Resolver, t
 	defer resolversLock.RUnlock()
 
 	// Internal use domains
-	if strings.HasSuffix(q.dotPrefixedFQDN, internalSpecialUseDomainScope) {
+	if domainInScope(q.dotPrefixedFQDN, internalSpecialUseDomains) {
 		return envResolvers, false
 	}