Merge pull request #272 from safing/fix/patch-set-1

Minor fixes and improvements
2021-03-11 15:20:09 +01:00
parent dd5273add7 f447aa58aa
commit a221fdd3d2
13 changed files with 871 additions and 133 deletions
--- a/resolver/config.go
+++ b/resolver/config.go
@@ -5,6 +5,7 @@ import (
 	"strings"

 	"github.com/safing/portbase/config"
+	"github.com/safing/portmaster/netenv"
 	"github.com/safing/portmaster/status"
 )

@@ -138,7 +139,7 @@ The format is: "protocol://ip:port?parameter=value&parameter=value"
 					},
 				},
 				{
-					Name:   "Cloudflare",
+					Name:   "Cloudflare (with Malware Filter)",
 					Action: config.QuickReplace,
 					Value: []string{
 						"dot://1.1.1.2:853?verify=cloudflare-dns.com&name=Cloudflare&blockedif=zeroip",
@@ -146,6 +147,8 @@ The format is: "protocol://ip:port?parameter=value&parameter=value"
 					},
 				},
 			},
+			"self:detail:internalSpecialUseDomains": internalSpecialUseDomains,
+			"self:detail:connectivityDomains":       netenv.ConnectivityDomains,
 		},
 	})
 	if err != nil {
@@ -176,16 +179,17 @@ The format is: "protocol://ip:port?parameter=value&parameter=value"
 	err = config.Register(&config.Option{
 		Name:           "Ignore System/Network Servers",
 		Key:            CfgOptionNoAssignedNameserversKey,
-		Description:    "Ignore DNS servers configured in your system or network.",
+		Description:    "Ignore DNS servers configured in your system or network. This may break domains from your local network.",
 		OptType:        config.OptTypeInt,
 		ExpertiseLevel: config.ExpertiseLevelExpert,
 		ReleaseLevel:   config.ReleaseLevelStable,
 		DefaultValue:   status.SecurityLevelsHighAndExtreme,
 		PossibleValues: status.SecurityLevelValues,
 		Annotations: config.Annotations{
-			config.DisplayOrderAnnotation: cfgOptionNoAssignedNameserversOrder,
-			config.DisplayHintAnnotation:  status.DisplayHintSecurityLevel,
-			config.CategoryAnnotation:     "Servers",
+			config.DisplayOrderAnnotation:   cfgOptionNoAssignedNameserversOrder,
+			config.DisplayHintAnnotation:    status.DisplayHintSecurityLevel,
+			config.CategoryAnnotation:       "Servers",
+			"self:detail:specialUseDomains": specialUseDomains,
 		},
 	})
 	if err != nil {
@@ -196,16 +200,17 @@ The format is: "protocol://ip:port?parameter=value&parameter=value"
 	err = config.Register(&config.Option{
 		Name:           "Ignore Multicast DNS",
 		Key:            CfgOptionNoMulticastDNSKey,
-		Description:    "Do not resolve using Multicast DNS. This may break certain Plug and Play devices or services.",
+		Description:    "Do not resolve using Multicast DNS. This may break certain Plug and Play devices and services.",
 		OptType:        config.OptTypeInt,
 		ExpertiseLevel: config.ExpertiseLevelExpert,
 		ReleaseLevel:   config.ReleaseLevelStable,
 		DefaultValue:   status.SecurityLevelsHighAndExtreme,
 		PossibleValues: status.SecurityLevelValues,
 		Annotations: config.Annotations{
-			config.DisplayOrderAnnotation: cfgOptionNoMulticastDNSOrder,
-			config.DisplayHintAnnotation:  status.DisplayHintSecurityLevel,
-			config.CategoryAnnotation:     "Resolving",
+			config.DisplayOrderAnnotation:  cfgOptionNoMulticastDNSOrder,
+			config.DisplayHintAnnotation:   status.DisplayHintSecurityLevel,
+			config.CategoryAnnotation:      "Resolving",
+			"self:detail:multicastDomains": multicastDomains,
 		},
 	})
 	if err != nil {
@@ -237,7 +242,7 @@ The format is: "protocol://ip:port?parameter=value&parameter=value"
 		Name: "Block Unofficial TLDs",
 		Key:  CfgOptionDontResolveSpecialDomainsKey,
 		Description: fmt.Sprintf(
-			"Block %s. Unofficial domains may pose a security risk. This does not affect .onion domains in the Tor Browser.",
+			"Block %s. Unofficial domains may pose a security risk. This setting does not affect .onion domains in the Tor Browser.",
 			formatScopeList(specialServiceDomains),
 		),
 		OptType:        config.OptTypeInt,
@@ -246,9 +251,10 @@ The format is: "protocol://ip:port?parameter=value&parameter=value"
 		DefaultValue:   status.SecurityLevelsAll,
 		PossibleValues: status.AllSecurityLevelValues,
 		Annotations: config.Annotations{
-			config.DisplayOrderAnnotation: cfgOptionDontResolveSpecialDomainsOrder,
-			config.DisplayHintAnnotation:  status.DisplayHintSecurityLevel,
-			config.CategoryAnnotation:     "Resolving",
+			config.DisplayOrderAnnotation:       cfgOptionDontResolveSpecialDomainsOrder,
+			config.DisplayHintAnnotation:        status.DisplayHintSecurityLevel,
+			config.CategoryAnnotation:           "Resolving",
+			"self:detail:specialServiceDomains": specialServiceDomains,
 		},
 	})
 	if err != nil {
--- a/resolver/rrcache.go
+++ b/resolver/rrcache.go
@@ -308,9 +308,12 @@ func (rrCache *RRCache) GetExtraRRs(ctx context.Context, query *dns.Msg) (extra
 	}

 	// Add expiry and cache information.
-	if rrCache.Expired() {
+	switch {
+	case rrCache.Expires == 0:
+		extra = addExtra(ctx, extra, "record does not expire")
+	case rrCache.Expired():
 		extra = addExtra(ctx, extra, fmt.Sprintf("record expired since %s", time.Since(time.Unix(rrCache.Expires, 0)).Round(time.Second)))
-	} else {
+	default:
 		extra = addExtra(ctx, extra, fmt.Sprintf("record valid for %s", time.Until(time.Unix(rrCache.Expires, 0)).Round(time.Second)))
 	}
 	if rrCache.RequestingNew {
--- a/resolver/scopes.go
+++ b/resolver/scopes.go
@@ -25,7 +25,9 @@ var (

 	// Internal Special-Use Domain
 	// Used by Portmaster for special addressing.
-	internalSpecialUseDomainScope = "." + internalSpecialUseDomain
+	internalSpecialUseDomains = []string{
+		"." + internalSpecialUseDomain,
+	}

 	// Multicast DNS
 	// Handling: Send to nameservers with matching search scope, then MDNS
@@ -112,7 +114,7 @@ func GetResolversInScope(ctx context.Context, q *Query) (selected []*Resolver, t
 	defer resolversLock.RUnlock()

 	// Internal use domains
-	if strings.HasSuffix(q.dotPrefixedFQDN, internalSpecialUseDomainScope) {
+	if domainInScope(q.dotPrefixedFQDN, internalSpecialUseDomains) {
 		return envResolvers, false
 	}

@@ -133,10 +135,8 @@ func GetResolversInScope(ctx context.Context, q *Query) (selected []*Resolver, t
 	// Handle multicast domains
 	if domainInScope(q.dotPrefixedFQDN, multicastDomains) {
 		selected = addResolvers(ctx, q, selected, mDNSResolvers)
-		// Add local resolvers if no resolvers were selected.
-		if len(selected) == 0 {
-			selected = addResolvers(ctx, q, selected, localResolvers)
-		}
+		selected = addResolvers(ctx, q, selected, localResolvers)
+		selected = addResolvers(ctx, q, selected, systemResolvers)
 		return selected, true
 	}