Working on portmaster restructure

intel/rrcache.go

@@ -3,9 +3,13 @@
 package intel
 
 import (
+	"fmt"
 	"net"
+	"strings"
 	"time"
 
+	"github.com/Safing/portbase/log"
+	"github.com/Safing/portmaster/network/netutils"
 	"github.com/miekg/dns"
 )
 
@@ -22,6 +26,7 @@ type RRCache struct {
 	updated         int64
 	servedFromCache bool
 	requestingNew   bool
+	Filtered        bool
 }
 
 // Clean sets all TTLs to 17 and sets cache expiry with specified minimum.
@@ -77,6 +82,7 @@ func (m *RRCache) ToNameRecord() *NameRecord {
 		Domain:   m.Domain,
 		Question: m.Question.String(),
 		TTL:      m.TTL,
+		Filtered: m.Filtered,
 	}
 
 	// stringify RR entries
@@ -130,6 +136,7 @@ func GetRRCache(domain string, question dns.Type) (*RRCache, error) {
 		}
 	}
 
+	rrCache.Filtered = nameRecord.Filtered
 	rrCache.servedFromCache = true
 	return rrCache, nil
 }
@@ -146,19 +153,104 @@ func (m *RRCache) RequestingNew() bool {
 
 // Flags formats ServedFromCache and RequestingNew to a condensed, flag-like format.
 func (m *RRCache) Flags() string {
-	switch {
-	case m.servedFromCache && m.requestingNew:
-		return " [CR]"
-	case m.servedFromCache:
-		return " [C]"
-	case m.requestingNew:
-		return " [R]" // should never enter this state, but let's leave it here, just in case
-	default:
-		return ""
+	var s string
+	if m.servedFromCache {
+		s += "C"
 	}
+	if m.requestingNew {
+		s += "R"
+	}
+	if m.Filtered {
+		s += "F"
+	}
+
+	if s != "" {
+		return fmt.Sprintf(" [%s]", s)
+	}
+	return ""
 }
 
 // IsNXDomain returnes whether the result is nxdomain.
 func (m *RRCache) IsNXDomain() bool {
 	return len(m.Answer) == 0
 }
+
+// Duplicate returns a duplicate of the cache. slices are not copied, but referenced.
+func (m *RRCache) Duplicate() *RRCache {
+	return &RRCache{
+		Domain:          m.Domain,
+		Question:        m.Question,
+		Answer:          m.Answer,
+		Ns:              m.Ns,
+		Extra:           m.Extra,
+		TTL:             m.TTL,
+		updated:         m.updated,
+		servedFromCache: m.servedFromCache,
+		requestingNew:   m.requestingNew,
+		Filtered:        m.Filtered,
+	}
+}
+
+// FilterEntries filters resource records according to the given permission scope.
+func (m *RRCache) FilterEntries(internet, lan, host bool) {
+	var filtered bool
+
+	m.Answer, filtered = filterEntries(m, m.Answer, internet, lan, host)
+	if filtered {
+		m.Filtered = true
+	}
+	m.Extra, filtered = filterEntries(m, m.Extra, internet, lan, host)
+	if filtered {
+		m.Filtered = true
+	}
+}
+
+func filterEntries(m *RRCache, entries []dns.RR, internet, lan, host bool) (filteredEntries []dns.RR, filtered bool) {
+	filteredEntries = make([]dns.RR, 0, len(entries))
+	var classification int8
+	var deletedEntries []string
+
+entryLoop:
+	for _, rr := range entries {
+
+		classification = -1
+		switch v := rr.(type) {
+		case *dns.A:
+			classification = netutils.ClassifyAddress(v.A)
+		case *dns.AAAA:
+			classification = netutils.ClassifyAddress(v.AAAA)
+		}
+
+		if classification >= 0 {
+			switch {
+			case !internet && classification == netutils.Global:
+				filtered = true
+				deletedEntries = append(deletedEntries, rr.String())
+				continue entryLoop
+			case !lan && (classification == netutils.SiteLocal || classification == netutils.LinkLocal):
+				filtered = true
+				deletedEntries = append(deletedEntries, rr.String())
+				continue entryLoop
+			case !host && classification == netutils.HostLocal:
+				filtered = true
+				deletedEntries = append(deletedEntries, rr.String())
+				continue entryLoop
+			}
+		}
+
+		filteredEntries = append(filteredEntries, rr)
+	}
+
+	if len(deletedEntries) > 0 {
+		log.Infof("intel: filtered DNS replies for %s%s: %s (Settings: Int=%v LAN=%v Host=%v)",
+			m.Domain,
+			m.Question.String(),
+			strings.Join(deletedEntries, ", "),
+			internet,
+			lan,
+			host,
+		)
+	}
+
+	return
+}