vikarti.anatra/safing-portmaster
1
0
Fork 0
mirror of https://github.com/safing/portmaster synced 2025-09-02 18:49:14 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Fix and improve resolver scoping

Browse source
This commit is contained in:
Daniel 2020-07-27 12:26:45 +02:00
parent 8512d7003f
commit caa9b3bdf9
3 changed files with 19 additions and 8 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
resolver/resolver.go
View file

@ -19,7 +19,7 @@ const (
ServerTypeEnv = "env" ServerTypeEnv = "env"
ServerSourceConfigured = "config" ServerSourceConfigured = "config"
ServerSourceAssigned = "dhcp" ServerSourceOperatingSystem = "system"
ServerSourceMDNS = "mdns" ServerSourceMDNS = "mdns"
ServerSourceEnv = "env" ServerSourceEnv = "env"
) )

17
resolver/resolvers.go
View file

@ -123,6 +123,7 @@ func createResolver(resolverURL, source string) (*Resolver, bool, error) {
Server: resolverURL, Server: resolverURL,
ServerType: u.Scheme, ServerType: u.Scheme,
ServerAddress: u.Host, ServerAddress: u.Host,
ServerIP: ip,
ServerIPScope: scope, ServerIPScope: scope,
Source: source, Source: source,
VerifyDomain: verifyDomain, VerifyDomain: verifyDomain,
@ -150,7 +151,7 @@ func configureSearchDomains(resolver *Resolver, searches []string) {
func getConfiguredResolvers(list []string) (resolvers []*Resolver) { func getConfiguredResolvers(list []string) (resolvers []*Resolver) {
for _, server := range list { for _, server := range list {
resolver, skip, err := createResolver(server, "config") resolver, skip, err := createResolver(server, ServerSourceConfigured)
if err != nil { if err != nil {
// TODO(ppacher): module error // TODO(ppacher): module error
log.Errorf("cannot use resolver %s: %s", server, err) log.Errorf("cannot use resolver %s: %s", server, err)
@ -169,7 +170,7 @@ func getConfiguredResolvers(list []string) (resolvers []*Resolver) {
func getSystemResolvers() (resolvers []*Resolver) { func getSystemResolvers() (resolvers []*Resolver) {
for _, nameserver := range netenv.Nameservers() { for _, nameserver := range netenv.Nameservers() {
serverURL := fmt.Sprintf("dns://%s", formatIPAndPort(nameserver.IP, 53)) serverURL := fmt.Sprintf("dns://%s", formatIPAndPort(nameserver.IP, 53))
resolver, skip, err := createResolver(serverURL, "dhcp") // TODO(ppacher): DHCP can actually be wrong resolver, skip, err := createResolver(serverURL, ServerSourceOperatingSystem)
if err != nil { if err != nil {
// that shouldn't happen but handle it anyway ... // that shouldn't happen but handle it anyway ...
log.Errorf("cannot use system resolver %s: %s", serverURL, err) log.Errorf("cannot use system resolver %s: %s", serverURL, err)
@ -250,6 +251,16 @@ func loadResolvers() {
log.Info("resolver: no local resolvers loaded") log.Info("resolver: no local resolvers loaded")
} }
// log system resolvers
if len(systemResolvers) > 0 {
log.Trace("resolver: loaded system/network-assigned resolvers:")
for _, resolver := range systemResolvers {
log.Tracef("resolver: %s", resolver.Server)
}
} else {
log.Info("resolver: no system/network-assigned resolvers loaded")
}
// log scopes // log scopes
if len(localScopes) > 0 { if len(localScopes) > 0 {
log.Trace("resolver: loaded scopes:") log.Trace("resolver: loaded scopes:")
@ -281,7 +292,7 @@ func setScopedResolvers(resolvers []*Resolver) {
localResolvers = append(localResolvers, resolver) localResolvers = append(localResolvers, resolver)
} }
if resolver.Source == "dhcp" { if resolver.Source == ServerSourceOperatingSystem {
systemResolvers = append(systemResolvers, resolver) systemResolvers = append(systemResolvers, resolver)
} }

2
resolver/scopes.go
View file

@ -274,7 +274,7 @@ func (resolver *Resolver) checkCompliance(_ context.Context, q *Query) error {
} }
if noAssignedNameservers(q.SecurityLevel) { if noAssignedNameservers(q.SecurityLevel) {
if resolver.Source == ServerSourceAssigned { if resolver.Source == ServerSourceOperatingSystem {
return errAssignedServer return errAssignedServer
} }
} }