Merge pull request #453 from safing/fix/patch-set-11

Improve nameserver

intel/filterlists/decoder.go

@@ -83,14 +83,11 @@ func decodeFile(ctx context.Context, r io.Reader, ch chan<- *listEntry) error {
 		// JSON, BSON or GenCode. So LoadAsFormat MUST return the value
 		// passed as the third parameter. String or RAW encoding IS AN
 		// error here.
-		val, err := dsd.LoadAsFormat(blob, format, &listEntry{})
+		entry := &listEntry{}
+		err := dsd.LoadAsFormat(blob, format, entry)
 		if err != nil {
 			return fmt.Errorf("failed to decoded DSD encoded entity: %w", err)
 		}
-		entry, ok := val.(*listEntry)
-		if !ok {
-			return fmt.Errorf("unsupported encoding format: %d (%c)", format, format)
-		}
 
 		select {
 		case ch <- entry:

nameserver/module.go

@@ -4,6 +4,7 @@ import (
 	"context"
 	"fmt"
 	"net"
+	"os"
 	"strconv"
 
 	"github.com/safing/portbase/log"
@@ -46,6 +47,12 @@ func start() error {
 		return fmt.Errorf("failed to parse nameserver listen address: %w", err)
 	}
 
+	hostname, err = os.Hostname()
+	if err != nil {
+		log.Warningf("nameserver: failed to get hostname: %s", err)
+	}
+	hostname += "."
+
 	// Start listener(s).
 	if ip2 == nil {
 		// Start a single listener.

nameserver/nameserver.go

@@ -19,6 +19,8 @@ import (
 	"github.com/miekg/dns"
 )
 
+var hostname string
+
 func handleRequestAsWorker(w dns.ResponseWriter, query *dns.Msg) {
 	err := module.RunWorker("dns request", func(ctx context.Context) error {
 		return handleRequest(ctx, w, query)
@@ -87,8 +89,8 @@ func handleRequest(ctx context.Context, w dns.ResponseWriter, request *dns.Msg)
 		return reply(nsutil.Refused("unsupported qclass"))
 	}
 
-	// Handle request for localhost.
+	// Handle request for localhost and the hostname.
-	if strings.HasSuffix(q.FQDN, "localhost.") {
+	if strings.HasSuffix(q.FQDN, "localhost.") || q.FQDN == hostname {
 		tracer.Tracef("nameserver: returning localhost records")
 		return reply(nsutil.Localhost())
 	}

netenv/main.go

@@ -22,6 +22,10 @@ func init() {
 }
 
 func prep() error {
+	if err := registerAPIEndpoints(); err != nil {
+		return err
+	}
+
 	if err := prepOnlineStatus(); err != nil {
 		return err
 	}
@@ -30,10 +34,6 @@ func prep() error {
 }
 
 func start() error {
-	if err := registerAPIEndpoints(); err != nil {
-		return err
-	}
-
 	module.StartServiceWorker(
 		"monitor network changes",
 		0,

netenv/online-status.go

@@ -74,7 +74,8 @@ var (
 		"connectivity-check.ubuntu.com.", // Ubuntu
 		"nmcheck.gnome.org.",             // Gnome DE
 		"network-test.debian.org.",       // Debian
-		"204.pop-os.org",                 // Pop OS
+		"204.pop-os.org.",                // Pop OS
+		"conncheck.opensuse.org.",        // OpenSUSE
 		// There are probably a lot more domains for all the Linux Distro/DE Variants. Please raise issues and/or submit PRs!
 		// https://github.com/solus-project/budgie-desktop/issues/807
 		// https://www.lguruprasad.in/blog/2015/07/21/enabling-captive-portal-detection-in-gnome-3-14-on-debian-jessie/

network/module.go

@@ -11,7 +11,7 @@ var (
 )
 
 func init() {
-	module = modules.Register("network", nil, start, nil, "base", "processes")
+	module = modules.Register("network", prep, start, nil, "base", "processes")
 }
 
 // SetDefaultFirewallHandler sets the default firewall handler.

process/profile.go

@@ -72,7 +72,11 @@ func (p *Process) GetProfile(ctx context.Context) (changed bool, err error) {
 			case "/lib/systemd/systemd-resolved",
 				"/usr/lib/systemd/systemd-resolved",
 				"/lib64/systemd/systemd-resolved",
-				"/usr/lib64/systemd/systemd-resolved":
+				"/usr/lib64/systemd/systemd-resolved",
+				"/usr/bin/nscd",
+				"/usr/sbin/nscd",
+				"/usr/bin/dnsmasq",
+				"/usr/sbin/dnsmasq":
 				profileID = profile.SystemResolverProfileID
 			}
 		}

resolver/rrcache.go

@@ -135,20 +135,30 @@ func (rrCache *RRCache) ToNameRecord() *NameRecord {
 		Resolver: rrCache.Resolver,
 	}
 
-	// stringify RR entries
+	// Serialize RR entries to strings.
-	for _, entry := range rrCache.Answer {
+	new.Answer = toNameRecordSection(rrCache.Answer)
-		new.Answer = append(new.Answer, entry.String())
+	new.Ns = toNameRecordSection(rrCache.Ns)
-	}
+	new.Extra = toNameRecordSection(rrCache.Extra)
-	for _, entry := range rrCache.Ns {
-		new.Ns = append(new.Ns, entry.String())
-	}
-	for _, entry := range rrCache.Extra {
-		new.Extra = append(new.Extra, entry.String())
-	}
 
 	return new
 }
 
+func toNameRecordSection(rrSection []dns.RR) []string {
+	serialized := make([]string, 0, len(rrSection))
+	for _, entry := range rrSection {
+		// Ignore some RR types.
+		switch entry.Header().Rrtype {
+		case dns.TypeOPT:
+			// This record type cannot be unserialized again and only consists of
+			// additional metadata.
+		case dns.TypeNULL:
+		default:
+			serialized = append(serialized, entry.String())
+		}
+	}
+	return serialized
+}
+
 // rcodeIsCacheable returns whether a record with the given RCode should be cached.
 func rcodeIsCacheable(rCode int) bool {
 	switch rCode {

ui/serve.go

@@ -205,7 +205,7 @@ var (
 		".jpeg":  "image/jpeg",
 		".jpg":   "image/jpeg",
 		".js":    "text/javascript; charset=utf-8",
-		".json":  "application/json",
+		".json":  "application/json; charset=utf-8",
 		".m3u":   "audio/mpegurl",
 		".m4a":   "audio/mpeg",
 		".md":    "text/markdown; charset=utf-8",