vikarti.anatra/safing-portmaster
1
0
Fork 0
mirror of https://github.com/safing/portmaster synced 2025-09-02 02:29:12 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Copy resolver IPScope to DNS connection IPScope

Browse source
This commit is contained in:
Daniel 2023-08-04 21:41:37 +02:00
parent bf6bf0705d
commit b645e440ad
3 changed files with 20 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
intel/entity.go
View file

@ -60,6 +60,7 @@ type Entity struct { //nolint:maligned
IP net.IP IP net.IP
// IPScope holds the network scope of the IP. // IPScope holds the network scope of the IP.
// For DNS requests, this signifies in which scope the DNS request was resolved.
IPScope netutils.IPScope IPScope netutils.IPScope
// Country holds the country the IP address (ASN) is // Country holds the country the IP address (ASN) is

16
nameserver/nameserver.go
View file

@ -22,7 +22,7 @@ import (
var hostname string var hostname string
func handleRequestAsWorker(w dns.ResponseWriter, query *dns.Msg) { func handleRequestAsWorker(w dns.ResponseWriter, query *dns.Msg) {
err := module.RunWorker("dns request", func(ctx context.Context) error { err := module.RunWorker("handle dns request", func(ctx context.Context) error {
return handleRequest(ctx, w, query) return handleRequest(ctx, w, query)
}) })
if err != nil { if err != nil {
@ -187,6 +187,13 @@ func handleRequest(ctx context.Context, w dns.ResponseWriter, request *dns.Msg)
if rrCache != nil { if rrCache != nil {
conn.DNSContext = rrCache.ToDNSRequestContext() conn.DNSContext = rrCache.ToDNSRequestContext()
conn.Resolver = rrCache.Resolver conn.Resolver = rrCache.Resolver
conn.Entity.IPScope = rrCache.Resolver.IPScope
} else {
// Get resolvers for this query to determine the resolving scope.
resolvers, _, _ := resolver.GetResolversInScope(ctx, q)
if len(resolvers) > 0 {
conn.Entity.IPScope = resolvers[0].Info.IPScope
}
} }
switch conn.Verdict.Active { switch conn.Verdict.Active {
@ -297,11 +304,14 @@ func handleRequest(ctx context.Context, w dns.ResponseWriter, request *dns.Msg)
return reply(nsutil.ServerFailure("internal error: empty reply")) return reply(nsutil.ServerFailure("internal error: empty reply"))
case rrCache.RCode == dns.RcodeNameError: case rrCache.RCode == dns.RcodeNameError:
// Try alternatives domain names for unofficial domain spaces. // Try alternatives domain names for unofficial domain spaces.
rrCache = checkAlternativeCaches(ctx, q) altRRCache := checkAlternativeCaches(ctx, q)
if rrCache == nil { if altRRCache != nil {
rrCache = altRRCache
} else {
// Return now if NXDomain. // Return now if NXDomain.
return reply(nsutil.NxDomain("no answer found (NXDomain)")) return reply(nsutil.NxDomain("no answer found (NXDomain)"))
} }
} }
// Check with firewall again after resolving. // Check with firewall again after resolving.

10
network/connection.go
View file

@ -325,8 +325,9 @@ func NewConnectionFromDNSRequest(ctx context.Context, fqdn string, cnames []stri
Scope: fqdn, Scope: fqdn,
PID: proc.Pid, PID: proc.Pid,
Entity: &intel.Entity{ Entity: &intel.Entity{
Domain: fqdn, Domain: fqdn,
CNAME: cnames, CNAME: cnames,
IPScope: netutils.Global, // Assign a global IP scope as default.
}, },
process: proc, process: proc,
ProcessContext: getProcessContext(ctx, proc), ProcessContext: getProcessContext(ctx, proc),
@ -367,8 +368,9 @@ func NewConnectionFromExternalDNSRequest(ctx context.Context, fqdn string, cname
Scope: fqdn, Scope: fqdn,
PID: process.NetworkHostProcessID, PID: process.NetworkHostProcessID,
Entity: &intel.Entity{ Entity: &intel.Entity{
Domain: fqdn, Domain: fqdn,
CNAME: cnames, CNAME: cnames,
IPScope: netutils.Global, // Assign a global IP scope as default.
}, },
process: remoteHost, process: remoteHost,
ProcessContext: getProcessContext(ctx, remoteHost), ProcessContext: getProcessContext(ctx, remoteHost),