mirror of
https://github.com/qdm12/gluetun.git
synced 2026-07-14 06:29:54 +02:00
Compare commits
4 Commits
8da913d7c6
...
29186feccc
| Author | SHA1 | Date | |
|---|---|---|---|
| 29186feccc | |||
| b5366b9e44 | |||
| dd07205b85 | |||
| e2256dd1b2 |
@@ -116,6 +116,7 @@ Mocking works with the `go.uber.org/mock` library, and the `mockgen` tool.
|
||||
- **Never** use `.AnyTimes()` on mocks. Always define the number of times a certain mock call should be called, with `.Times(3)` for example.
|
||||
- **Always** set the `.Return(...)` on the mock if the function returns something.
|
||||
- Avoid using **mock helpers** functions, prefer a bit of repetition than tight coupling and dependency
|
||||
- Always define the gomock controller `ctrl` in the subtest and not in the parent test, or a subtest mock failing will crash all the other subtests.
|
||||
|
||||
### main.go
|
||||
|
||||
|
||||
@@ -4,7 +4,10 @@ import (
|
||||
"context"
|
||||
"errors"
|
||||
"fmt"
|
||||
"net"
|
||||
"net/http"
|
||||
"net/netip"
|
||||
"strconv"
|
||||
|
||||
"github.com/qdm12/dns/v2/pkg/provider"
|
||||
)
|
||||
@@ -14,44 +17,53 @@ import (
|
||||
// It is not meant to be high performance, although it can be used for
|
||||
// multiple requests and concurrently.
|
||||
type Client struct {
|
||||
outboundInterface string
|
||||
ipv6Supported bool
|
||||
firewall Firewall
|
||||
outboundInterface string
|
||||
dohServers []provider.DoHServer
|
||||
httpsPort uint16
|
||||
}
|
||||
|
||||
func New(firewall Firewall, defaultInterface string, ipv6Supported bool,
|
||||
upstreamResolvers []provider.Provider,
|
||||
) (*Client, error) {
|
||||
dohServers := make([]provider.DoHServer, len(upstreamResolvers))
|
||||
for i, upstreamResolver := range upstreamResolvers {
|
||||
func New(settings Settings) *Client {
|
||||
if err := settings.validate(); err != nil {
|
||||
panic(fmt.Sprintf("invalid settings: %v", err)) // programming error
|
||||
}
|
||||
dohServers := make([]provider.DoHServer, len(settings.UpstreamResolvers))
|
||||
for i, upstreamResolver := range settings.UpstreamResolvers {
|
||||
dohServers[i] = upstreamResolver.DoH
|
||||
}
|
||||
|
||||
const defaultHTTPSPort = 443
|
||||
return &Client{
|
||||
firewall: firewall,
|
||||
outboundInterface: defaultInterface,
|
||||
ipv6Supported: ipv6Supported,
|
||||
outboundInterface: settings.DefaultInterface,
|
||||
ipv6Supported: *settings.IPv6Supported,
|
||||
firewall: settings.Firewall,
|
||||
dohServers: dohServers,
|
||||
httpsPort: defaultHTTPSPort,
|
||||
}, nil
|
||||
}
|
||||
}
|
||||
|
||||
func (c *Client) OpenHTTPSByDomain(ctx context.Context, domain string) (
|
||||
func (c *Client) OpenHTTPSByDomain(ctx context.Context, hostname string) (
|
||||
httpClient *http.Client, cleanup func() error, err error,
|
||||
) {
|
||||
resolvedIPs, err := c.ResolveName(ctx, domain)
|
||||
host, portStr, err := net.SplitHostPort(hostname)
|
||||
if err != nil {
|
||||
return nil, nil, fmt.Errorf("splitting host and port: %w", err)
|
||||
}
|
||||
resolvedIPs, err := c.ResolveName(ctx, host)
|
||||
if err != nil {
|
||||
return nil, nil, fmt.Errorf("resolving name: %w", err)
|
||||
} else if len(resolvedIPs) == 0 {
|
||||
return nil, nil, fmt.Errorf("no IP address found for name %q", domain)
|
||||
return nil, nil, fmt.Errorf("no IP address found for name %q", host)
|
||||
}
|
||||
|
||||
portUint, err := strconv.ParseUint(portStr, 10, 16)
|
||||
if err != nil {
|
||||
return nil, nil, fmt.Errorf("parsing port: %w", err)
|
||||
}
|
||||
port := uint16(portUint)
|
||||
|
||||
errs := make([]error, 0, len(resolvedIPs))
|
||||
for _, ip := range resolvedIPs {
|
||||
httpClient, cleanup, err := c.OpenHTTPS(ctx, domain, ip)
|
||||
addrPort := netip.AddrPortFrom(ip, port)
|
||||
httpClient, cleanup, err := c.OpenHTTPS(ctx, host, addrPort)
|
||||
if err != nil {
|
||||
errs = append(errs, fmt.Errorf("for %s: %w", ip, err))
|
||||
continue
|
||||
@@ -59,5 +71,5 @@ func (c *Client) OpenHTTPSByDomain(ctx context.Context, domain string) (
|
||||
return httpClient, cleanup, nil
|
||||
}
|
||||
|
||||
return nil, nil, fmt.Errorf("opening HTTPS to %s: %w", domain, errors.Join(errs...))
|
||||
return nil, nil, fmt.Errorf("opening HTTPS to %s: %w", hostname, errors.Join(errs...))
|
||||
}
|
||||
|
||||
@@ -0,0 +1,5 @@
|
||||
package restrictednet
|
||||
|
||||
func ptrTo[T any](value T) *T {
|
||||
return &value
|
||||
}
|
||||
@@ -17,15 +17,13 @@ import (
|
||||
|
||||
// OpenHTTPS opens temporary restrictive firewall output for one HTTPS destination.
|
||||
// The returned cleanup function must be called to remove the temporary firewall rule and close connections.
|
||||
func (c *Client) OpenHTTPS(ctx context.Context, destinationTLSName string, destinationIP netip.Addr,
|
||||
func (c *Client) OpenHTTPS(ctx context.Context, destinationTLSName string, destinationAddrPort netip.AddrPort,
|
||||
) (httpClient *http.Client, cleanup func() error, err error) {
|
||||
fd, sourceAddrPort, err := bindSourceConnection(destinationIP)
|
||||
fd, sourceAddrPort, err := bindSourceConnection(destinationAddrPort.Addr())
|
||||
if err != nil {
|
||||
return nil, nil, fmt.Errorf("binding source port: %w", err)
|
||||
}
|
||||
|
||||
destinationAddrPort := netip.AddrPortFrom(destinationIP, c.httpsPort)
|
||||
|
||||
const remove = false
|
||||
err = c.firewall.AcceptOutputFromIPPortToIPPort(ctx, "tcp", c.outboundInterface,
|
||||
sourceAddrPort, destinationAddrPort, remove)
|
||||
@@ -37,25 +35,26 @@ func (c *Client) OpenHTTPS(ctx context.Context, destinationTLSName string, desti
|
||||
connection, err := connectSourceConnection(ctx, fd, destinationAddrPort)
|
||||
if err != nil {
|
||||
const remove = true
|
||||
_ = c.firewall.AcceptOutputFromIPPortToIPPort(ctx, "tcp", c.outboundInterface,
|
||||
_ = c.firewall.AcceptOutputFromIPPortToIPPort(context.Background(), "tcp", c.outboundInterface,
|
||||
sourceAddrPort, destinationAddrPort, remove)
|
||||
return nil, nil, fmt.Errorf("connecting source socket: %w", err)
|
||||
}
|
||||
|
||||
httpClient = newHTTPSClient(destinationTLSName, connection)
|
||||
dial := makeDial(connection, destinationTLSName)
|
||||
httpClient = newHTTPSClient(destinationTLSName, dial)
|
||||
cleanup = func() error {
|
||||
var errs []error
|
||||
httpClient.CloseIdleConnections()
|
||||
err = connection.Close()
|
||||
if err != nil && !errors.Is(err, net.ErrClosed) {
|
||||
errs = append(errs, fmt.Errorf("closing connection: %w", err))
|
||||
}
|
||||
const remove = true
|
||||
err := c.firewall.AcceptOutputFromIPPortToIPPort(context.Background(), "tcp", c.outboundInterface,
|
||||
sourceAddrPort, destinationAddrPort, remove)
|
||||
if err != nil {
|
||||
errs = append(errs, fmt.Errorf("removing output traffic rule: %w", err))
|
||||
}
|
||||
err = connection.Close()
|
||||
if err != nil {
|
||||
errs = append(errs, fmt.Errorf("closing connection: %w", err))
|
||||
}
|
||||
if len(errs) > 0 {
|
||||
return errors.Join(errs...)
|
||||
}
|
||||
@@ -64,21 +63,31 @@ func (c *Client) OpenHTTPS(ctx context.Context, destinationTLSName string, desti
|
||||
return httpClient, cleanup, nil
|
||||
}
|
||||
|
||||
func newHTTPSClient(destinationTLSName string, connection net.Conn) *http.Client {
|
||||
httpTransport := http.DefaultTransport.(*http.Transport).Clone() //nolint:forcetypeassert
|
||||
httpTransport.Proxy = nil
|
||||
httpTransport.MaxIdleConns = 1
|
||||
httpTransport.MaxIdleConnsPerHost = 1
|
||||
httpTransport.MaxConnsPerHost = 1
|
||||
httpTransport.IdleConnTimeout = time.Second
|
||||
httpTransport.TLSClientConfig = &tls.Config{
|
||||
MinVersion: tls.VersionTLS12,
|
||||
ServerName: destinationTLSName,
|
||||
}
|
||||
type dialFunc func(ctx context.Context, network, address string) (net.Conn, error)
|
||||
|
||||
func newHTTPSClient(destinationTLSName string, dial dialFunc) *http.Client {
|
||||
const timeout = 5 * time.Second
|
||||
transport := &http.Transport{
|
||||
MaxIdleConns: 1,
|
||||
MaxIdleConnsPerHost: 1,
|
||||
MaxConnsPerHost: 1,
|
||||
IdleConnTimeout: time.Second,
|
||||
TLSClientConfig: &tls.Config{
|
||||
MinVersion: tls.VersionTLS12,
|
||||
ServerName: destinationTLSName,
|
||||
},
|
||||
DialContext: dial,
|
||||
}
|
||||
return &http.Client{
|
||||
Timeout: timeout,
|
||||
Transport: transport,
|
||||
}
|
||||
}
|
||||
|
||||
func makeDial(connection net.Conn, tlsName string) dialFunc {
|
||||
_, destinationPort, _ := net.SplitHostPort(connection.RemoteAddr().String())
|
||||
expectedAddress := net.JoinHostPort(destinationTLSName, destinationPort)
|
||||
httpTransport.DialContext = func(_ context.Context, network, address string) (net.Conn, error) {
|
||||
expectedAddress := net.JoinHostPort(tlsName, destinationPort)
|
||||
return func(_ context.Context, network, address string) (net.Conn, error) {
|
||||
switch network {
|
||||
case "tcp", "tcp4", "tcp6":
|
||||
default:
|
||||
@@ -89,12 +98,6 @@ func newHTTPSClient(destinationTLSName string, connection net.Conn) *http.Client
|
||||
}
|
||||
return connection, nil
|
||||
}
|
||||
|
||||
const timeout = 5 * time.Second
|
||||
return &http.Client{
|
||||
Timeout: timeout,
|
||||
Transport: httpTransport,
|
||||
}
|
||||
}
|
||||
|
||||
func bindSourceConnection(destinationIP netip.Addr) (fd int, sourceAddr netip.AddrPort, err error) {
|
||||
|
||||
@@ -2,12 +2,14 @@ package restrictednet
|
||||
|
||||
import (
|
||||
"context"
|
||||
"net"
|
||||
"fmt"
|
||||
"net/http"
|
||||
"net/netip"
|
||||
"testing"
|
||||
|
||||
"github.com/golang/mock/gomock"
|
||||
"github.com/qdm12/dns/v2/pkg/provider"
|
||||
"github.com/stretchr/testify/assert"
|
||||
"github.com/stretchr/testify/require"
|
||||
)
|
||||
|
||||
@@ -33,31 +35,40 @@ func (m listenAddrPortMatcher) String() string {
|
||||
return "is a valid netip.AddrPort with a valid IP and non-zero port"
|
||||
}
|
||||
|
||||
type destinationAddrPortMatcher struct {
|
||||
expected netip.AddrPort
|
||||
}
|
||||
|
||||
func (m destinationAddrPortMatcher) Matches(x any) bool {
|
||||
ip, ok := x.(netip.AddrPort)
|
||||
if !ok {
|
||||
return false
|
||||
}
|
||||
if m.expected.IsValid() {
|
||||
return ip == m.expected
|
||||
}
|
||||
return ip.IsValid() && ip.Port() == m.expected.Port()
|
||||
}
|
||||
|
||||
func (m destinationAddrPortMatcher) String() string {
|
||||
if m.expected.IsValid() {
|
||||
return "is the same as " + m.expected.String()
|
||||
}
|
||||
return "matches the port " + fmt.Sprint(m.expected.Port())
|
||||
}
|
||||
|
||||
func Test_Client_OpenHTTPS(t *testing.T) {
|
||||
t.Parallel()
|
||||
ctx := t.Context()
|
||||
|
||||
netConfig := net.ListenConfig{}
|
||||
listener, err := netConfig.Listen(ctx, "tcp", "127.0.0.1:0")
|
||||
require.NoError(t, err)
|
||||
t.Cleanup(func() {
|
||||
_ = listener.Close()
|
||||
})
|
||||
listeningPort := uint16(listener.Addr().(*net.TCPAddr).Port) //nolint:gosec,forcetypeassert
|
||||
go func() {
|
||||
connection, acceptErr := listener.Accept()
|
||||
if acceptErr == nil {
|
||||
_ = connection.Close()
|
||||
}
|
||||
}()
|
||||
|
||||
ctrl := gomock.NewController(t)
|
||||
firewall := NewMockFirewall(ctrl)
|
||||
|
||||
destination := netip.AddrPortFrom(netip.MustParseAddr("127.0.0.1"), listeningPort)
|
||||
const destinationTLSName = "one.one.one.one"
|
||||
destinationAddrPort := netip.AddrPortFrom(netip.AddrFrom4([4]byte{1, 1, 1, 1}), 443)
|
||||
|
||||
firewall := NewMockFirewall(ctrl)
|
||||
sourceMatcher := listenAddrPortMatcher{}
|
||||
firewall.EXPECT().AcceptOutputFromIPPortToIPPort(
|
||||
ctx, "tcp", "eth0", sourceMatcher, destination, false,
|
||||
ctx, "tcp", "eth0", sourceMatcher, destinationAddrPort, false,
|
||||
).DoAndReturn(func(_ context.Context,
|
||||
_, _ string, source, _ netip.AddrPort, _ bool,
|
||||
) error {
|
||||
@@ -65,20 +76,35 @@ func Test_Client_OpenHTTPS(t *testing.T) {
|
||||
return nil
|
||||
})
|
||||
firewall.EXPECT().AcceptOutputFromIPPortToIPPort(
|
||||
context.Background(), "tcp", "eth0", sourceMatcher, destination, true,
|
||||
context.Background(), "tcp", "eth0", sourceMatcher, destinationAddrPort, true,
|
||||
)
|
||||
|
||||
const ipv6Supported = false
|
||||
upstreamResolvers := []provider.Provider{provider.Google()}
|
||||
client, err := New(firewall, "eth0", ipv6Supported, upstreamResolvers)
|
||||
require.NoError(t, err)
|
||||
client.httpsPort = listeningPort
|
||||
settings := Settings{
|
||||
Firewall: firewall,
|
||||
DefaultInterface: "eth0",
|
||||
IPv6Supported: ptrTo(ipv6Supported),
|
||||
UpstreamResolvers: upstreamResolvers,
|
||||
}
|
||||
client := New(settings)
|
||||
|
||||
httpClient, cleanup, err := client.OpenHTTPS(ctx, "api.example.com", netip.MustParseAddr("127.0.0.1"))
|
||||
httpClient, cleanup, err := client.OpenHTTPS(ctx, destinationTLSName, destinationAddrPort)
|
||||
require.NoError(t, err)
|
||||
require.NotNil(t, httpClient)
|
||||
require.NotNil(t, cleanup)
|
||||
|
||||
request, err := http.NewRequestWithContext(ctx, http.MethodGet, "https://"+destinationTLSName, nil)
|
||||
require.NoError(t, err)
|
||||
|
||||
response, err := httpClient.Do(request)
|
||||
t.Cleanup(func() {
|
||||
response.Body.Close()
|
||||
})
|
||||
require.NoError(t, err)
|
||||
|
||||
assert.Equal(t, http.StatusOK, response.StatusCode)
|
||||
|
||||
err = cleanup()
|
||||
require.NoError(t, err)
|
||||
}
|
||||
|
||||
@@ -76,15 +76,17 @@ func (c *Client) resolveOneQuestionType(ctx context.Context,
|
||||
dohServerIPs = append(dohServerIPs, dohServer.IPv4...)
|
||||
|
||||
for _, dohServerIP := range dohServerIPs {
|
||||
responseMessage, err := c.doHQuery(ctx, queryWire, dohURL, dohServerIP)
|
||||
const defaultDoHPort = 443
|
||||
dohServerAddrPort := netip.AddrPortFrom(dohServerIP, defaultDoHPort)
|
||||
responseMessage, err := c.doHQuery(ctx, queryWire, dohURL, dohServerAddrPort)
|
||||
switch {
|
||||
case err != nil:
|
||||
errs = append(errs, fmt.Errorf("querying DoH server %q at %s: %w",
|
||||
dohServer.URL, dohServerIP, err))
|
||||
errs = append(errs, fmt.Errorf("querying DoH server %q (%s): %w",
|
||||
dohServer.URL, dohServerAddrPort, err))
|
||||
continue
|
||||
case responseMessage.Rcode != dns.RcodeSuccess:
|
||||
errs = append(errs, fmt.Errorf("querying DoH server %q at %s: DNS rcode %s",
|
||||
dohServer.URL, dohServerIP, dns.RcodeToString[responseMessage.Rcode]))
|
||||
errs = append(errs, fmt.Errorf("querying DoH server %q (%s): DNS rcode %s",
|
||||
dohServer.URL, dohServerAddrPort, dns.RcodeToString[responseMessage.Rcode]))
|
||||
continue
|
||||
}
|
||||
addresses := answersToNetipAddrs(responseMessage)
|
||||
@@ -104,9 +106,9 @@ func (c *Client) resolveOneQuestionType(ctx context.Context,
|
||||
}
|
||||
|
||||
func (c *Client) doHQuery(ctx context.Context, queryWire []byte,
|
||||
dohURL *url.URL, dohServerIP netip.Addr,
|
||||
dohURL *url.URL, dohServerAddrPort netip.AddrPort,
|
||||
) (responseMessage *dns.Msg, err error) {
|
||||
httpClient, cleanup, err := c.OpenHTTPS(ctx, dohURL.Hostname(), dohServerIP)
|
||||
httpClient, cleanup, err := c.OpenHTTPS(ctx, dohURL.Hostname(), dohServerAddrPort)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("opening https connection: %w", err)
|
||||
}
|
||||
|
||||
@@ -1,80 +1,107 @@
|
||||
package restrictednet
|
||||
|
||||
import (
|
||||
"context"
|
||||
"net"
|
||||
"net/netip"
|
||||
"testing"
|
||||
|
||||
"github.com/golang/mock/gomock"
|
||||
"github.com/miekg/dns"
|
||||
"github.com/qdm12/dns/v2/pkg/provider"
|
||||
"github.com/stretchr/testify/assert"
|
||||
"github.com/stretchr/testify/require"
|
||||
)
|
||||
|
||||
func Test_Client_ResolveName(t *testing.T) {
|
||||
t.Parallel()
|
||||
ctx := t.Context()
|
||||
ctrl := gomock.NewController(t)
|
||||
|
||||
firewall := NewMockFirewall(ctrl)
|
||||
sourceMatcher := listenAddrPortMatcher{}
|
||||
destinationMatcher := destinationAddrPortMatcher{
|
||||
expected: netip.AddrPortFrom(netip.Addr{}, 443),
|
||||
}
|
||||
|
||||
// Add rule
|
||||
firstCall := firewall.EXPECT().AcceptOutputFromIPPortToIPPort(
|
||||
ctx, "tcp", "eth0", sourceMatcher, destinationMatcher, false,
|
||||
).DoAndReturn(func(
|
||||
_ context.Context, _, _ string, source, destination netip.AddrPort, _ bool,
|
||||
) error {
|
||||
sourceMatcher.expected = source
|
||||
destinationMatcher.expected = destination
|
||||
return nil
|
||||
})
|
||||
|
||||
// Removal rule
|
||||
firewall.EXPECT().AcceptOutputFromIPPortToIPPort(
|
||||
context.Background(), "tcp", "eth0", sourceMatcher, destinationMatcher, true,
|
||||
).Return(nil).After(firstCall)
|
||||
|
||||
settings := Settings{
|
||||
DefaultInterface: "eth0",
|
||||
IPv6Supported: ptrTo(false),
|
||||
Firewall: firewall,
|
||||
UpstreamResolvers: []provider.Provider{provider.Cloudflare()},
|
||||
}
|
||||
client := New(settings)
|
||||
|
||||
addresses, err := client.ResolveName(ctx, "github.com")
|
||||
require.NoError(t, err)
|
||||
assert.NotEmpty(t, addresses)
|
||||
}
|
||||
|
||||
func Test_answersToNetipAddrs(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
testCases := map[string]struct {
|
||||
message *dns.Msg
|
||||
expected []netip.Addr
|
||||
errorIsNil bool
|
||||
message *dns.Msg
|
||||
expected []netip.Addr
|
||||
}{
|
||||
"nil_message": {
|
||||
message: nil,
|
||||
expected: nil,
|
||||
errorIsNil: true,
|
||||
},
|
||||
"nil_message": {},
|
||||
"no_answers": {
|
||||
message: &dns.Msg{},
|
||||
expected: []netip.Addr{},
|
||||
errorIsNil: true,
|
||||
message: &dns.Msg{},
|
||||
expected: []netip.Addr{},
|
||||
},
|
||||
"a_record": {
|
||||
message: &dns.Msg{
|
||||
Answer: []dns.RR{
|
||||
&dns.A{
|
||||
Hdr: dns.RR_Header{Name: "example.com.", Rrtype: dns.TypeA, Class: dns.ClassINET},
|
||||
A: net.IP{1, 1, 1, 1},
|
||||
},
|
||||
message: &dns.Msg{Answer: []dns.RR{
|
||||
&dns.A{
|
||||
Hdr: dns.RR_Header{Name: "example.com.", Rrtype: dns.TypeA, Class: dns.ClassINET},
|
||||
A: net.IP{1, 1, 1, 1},
|
||||
},
|
||||
},
|
||||
expected: []netip.Addr{netip.MustParseAddr("1.1.1.1")},
|
||||
errorIsNil: true,
|
||||
}},
|
||||
expected: []netip.Addr{netip.MustParseAddr("1.1.1.1")},
|
||||
},
|
||||
"aaaa_record": {
|
||||
message: &dns.Msg{
|
||||
Answer: []dns.RR{
|
||||
&dns.AAAA{
|
||||
Hdr: dns.RR_Header{Name: "example.com.", Rrtype: dns.TypeAAAA, Class: dns.ClassINET},
|
||||
AAAA: net.IP{0x20, 0x01, 0x48, 0x60, 0x48, 0x60, 0, 0, 0, 0, 0, 0, 0, 0, 0x88, 0x88},
|
||||
},
|
||||
message: &dns.Msg{Answer: []dns.RR{
|
||||
&dns.AAAA{
|
||||
Hdr: dns.RR_Header{Name: "example.com.", Rrtype: dns.TypeAAAA, Class: dns.ClassINET},
|
||||
AAAA: net.IP{0x20, 0x01, 0x48, 0x60, 0x48, 0x60, 0, 0, 0, 0, 0, 0, 0, 0, 0x88, 0x88},
|
||||
},
|
||||
},
|
||||
expected: []netip.Addr{netip.MustParseAddr("2001:4860:4860::8888")},
|
||||
errorIsNil: true,
|
||||
}},
|
||||
expected: []netip.Addr{netip.MustParseAddr("2001:4860:4860::8888")},
|
||||
},
|
||||
"mixed_records": {
|
||||
message: &dns.Msg{
|
||||
Answer: []dns.RR{
|
||||
&dns.A{
|
||||
Hdr: dns.RR_Header{Name: "example.com.", Rrtype: dns.TypeA, Class: dns.ClassINET},
|
||||
A: net.IP{1, 1, 1, 1},
|
||||
},
|
||||
&dns.AAAA{
|
||||
Hdr: dns.RR_Header{Name: "example.com.", Rrtype: dns.TypeAAAA, Class: dns.ClassINET},
|
||||
AAAA: net.IP{0x20, 0x01, 0x48, 0x60, 0x48, 0x60, 0, 0, 0, 0, 0, 0, 0, 0, 0x88, 0x88},
|
||||
},
|
||||
message: &dns.Msg{Answer: []dns.RR{
|
||||
&dns.A{
|
||||
Hdr: dns.RR_Header{Name: "example.com.", Rrtype: dns.TypeA, Class: dns.ClassINET},
|
||||
A: net.IP{1, 1, 1, 1},
|
||||
},
|
||||
},
|
||||
expected: []netip.Addr{netip.MustParseAddr("1.1.1.1"), netip.MustParseAddr("2001:4860:4860::8888")},
|
||||
errorIsNil: true,
|
||||
&dns.AAAA{
|
||||
Hdr: dns.RR_Header{Name: "example.com.", Rrtype: dns.TypeAAAA, Class: dns.ClassINET},
|
||||
AAAA: net.IP{0x20, 0x01, 0x48, 0x60, 0x48, 0x60, 0, 0, 0, 0, 0, 0, 0, 0, 0x88, 0x88},
|
||||
},
|
||||
}},
|
||||
expected: []netip.Addr{netip.MustParseAddr("1.1.1.1"), netip.MustParseAddr("2001:4860:4860::8888")},
|
||||
},
|
||||
}
|
||||
|
||||
for testName, testCase := range testCases {
|
||||
t.Run(testName, func(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
addresses := answersToNetipAddrs(testCase.message)
|
||||
|
||||
assert.Equal(t, testCase.expected, addresses)
|
||||
})
|
||||
}
|
||||
|
||||
@@ -0,0 +1,28 @@
|
||||
package restrictednet
|
||||
|
||||
import (
|
||||
"errors"
|
||||
|
||||
"github.com/qdm12/dns/v2/pkg/provider"
|
||||
)
|
||||
|
||||
type Settings struct {
|
||||
DefaultInterface string
|
||||
IPv6Supported *bool
|
||||
Firewall Firewall
|
||||
UpstreamResolvers []provider.Provider
|
||||
}
|
||||
|
||||
func (s *Settings) validate() error {
|
||||
switch {
|
||||
case s.DefaultInterface == "":
|
||||
return errors.New("default interface is not set")
|
||||
case s.IPv6Supported == nil:
|
||||
return errors.New("IPv6 support field is not set")
|
||||
case s.Firewall == nil:
|
||||
return errors.New("firewall is not set")
|
||||
case len(s.UpstreamResolvers) == 0:
|
||||
return errors.New("no upstream resolvers provided")
|
||||
}
|
||||
return nil
|
||||
}
|
||||
Reference in New Issue
Block a user