Compare commits

...

4 Commits

Author SHA1 Message Date
Quentin McGaw 29186feccc Fix ordering in cleanup function 2026-06-09 14:07:05 +00:00
Quentin McGaw b5366b9e44 Change tests to be more integration oriented 2026-06-09 14:05:30 +00:00
Quentin McGaw dd07205b85 add tests 2026-06-09 12:47:13 +00:00
Quentin McGaw e2256dd1b2 moare fixes 2026-06-05 15:52:51 +00:00
8 changed files with 226 additions and 122 deletions
+1
View File
@@ -116,6 +116,7 @@ Mocking works with the `go.uber.org/mock` library, and the `mockgen` tool.
- **Never** use `.AnyTimes()` on mocks. Always define the number of times a certain mock call should be called, with `.Times(3)` for example. - **Never** use `.AnyTimes()` on mocks. Always define the number of times a certain mock call should be called, with `.Times(3)` for example.
- **Always** set the `.Return(...)` on the mock if the function returns something. - **Always** set the `.Return(...)` on the mock if the function returns something.
- Avoid using **mock helpers** functions, prefer a bit of repetition than tight coupling and dependency - Avoid using **mock helpers** functions, prefer a bit of repetition than tight coupling and dependency
- Always define the gomock controller `ctrl` in the subtest and not in the parent test, or a subtest mock failing will crash all the other subtests.
### main.go ### main.go
+30 -18
View File
@@ -4,7 +4,10 @@ import (
"context" "context"
"errors" "errors"
"fmt" "fmt"
"net"
"net/http" "net/http"
"net/netip"
"strconv"
"github.com/qdm12/dns/v2/pkg/provider" "github.com/qdm12/dns/v2/pkg/provider"
) )
@@ -14,44 +17,53 @@ import (
// It is not meant to be high performance, although it can be used for // It is not meant to be high performance, although it can be used for
// multiple requests and concurrently. // multiple requests and concurrently.
type Client struct { type Client struct {
outboundInterface string
ipv6Supported bool ipv6Supported bool
firewall Firewall firewall Firewall
outboundInterface string
dohServers []provider.DoHServer dohServers []provider.DoHServer
httpsPort uint16
} }
func New(firewall Firewall, defaultInterface string, ipv6Supported bool, func New(settings Settings) *Client {
upstreamResolvers []provider.Provider, if err := settings.validate(); err != nil {
) (*Client, error) { panic(fmt.Sprintf("invalid settings: %v", err)) // programming error
dohServers := make([]provider.DoHServer, len(upstreamResolvers)) }
for i, upstreamResolver := range upstreamResolvers { dohServers := make([]provider.DoHServer, len(settings.UpstreamResolvers))
for i, upstreamResolver := range settings.UpstreamResolvers {
dohServers[i] = upstreamResolver.DoH dohServers[i] = upstreamResolver.DoH
} }
const defaultHTTPSPort = 443
return &Client{ return &Client{
firewall: firewall, outboundInterface: settings.DefaultInterface,
outboundInterface: defaultInterface, ipv6Supported: *settings.IPv6Supported,
ipv6Supported: ipv6Supported, firewall: settings.Firewall,
dohServers: dohServers, dohServers: dohServers,
httpsPort: defaultHTTPSPort, }
}, nil
} }
func (c *Client) OpenHTTPSByDomain(ctx context.Context, domain string) ( func (c *Client) OpenHTTPSByDomain(ctx context.Context, hostname string) (
httpClient *http.Client, cleanup func() error, err error, httpClient *http.Client, cleanup func() error, err error,
) { ) {
resolvedIPs, err := c.ResolveName(ctx, domain) host, portStr, err := net.SplitHostPort(hostname)
if err != nil {
return nil, nil, fmt.Errorf("splitting host and port: %w", err)
}
resolvedIPs, err := c.ResolveName(ctx, host)
if err != nil { if err != nil {
return nil, nil, fmt.Errorf("resolving name: %w", err) return nil, nil, fmt.Errorf("resolving name: %w", err)
} else if len(resolvedIPs) == 0 { } else if len(resolvedIPs) == 0 {
return nil, nil, fmt.Errorf("no IP address found for name %q", domain) return nil, nil, fmt.Errorf("no IP address found for name %q", host)
} }
portUint, err := strconv.ParseUint(portStr, 10, 16)
if err != nil {
return nil, nil, fmt.Errorf("parsing port: %w", err)
}
port := uint16(portUint)
errs := make([]error, 0, len(resolvedIPs)) errs := make([]error, 0, len(resolvedIPs))
for _, ip := range resolvedIPs { for _, ip := range resolvedIPs {
httpClient, cleanup, err := c.OpenHTTPS(ctx, domain, ip) addrPort := netip.AddrPortFrom(ip, port)
httpClient, cleanup, err := c.OpenHTTPS(ctx, host, addrPort)
if err != nil { if err != nil {
errs = append(errs, fmt.Errorf("for %s: %w", ip, err)) errs = append(errs, fmt.Errorf("for %s: %w", ip, err))
continue continue
@@ -59,5 +71,5 @@ func (c *Client) OpenHTTPSByDomain(ctx context.Context, domain string) (
return httpClient, cleanup, nil return httpClient, cleanup, nil
} }
return nil, nil, fmt.Errorf("opening HTTPS to %s: %w", domain, errors.Join(errs...)) return nil, nil, fmt.Errorf("opening HTTPS to %s: %w", hostname, errors.Join(errs...))
} }
+5
View File
@@ -0,0 +1,5 @@
package restrictednet
func ptrTo[T any](value T) *T {
return &value
}
+32 -29
View File
@@ -17,15 +17,13 @@ import (
// OpenHTTPS opens temporary restrictive firewall output for one HTTPS destination. // OpenHTTPS opens temporary restrictive firewall output for one HTTPS destination.
// The returned cleanup function must be called to remove the temporary firewall rule and close connections. // The returned cleanup function must be called to remove the temporary firewall rule and close connections.
func (c *Client) OpenHTTPS(ctx context.Context, destinationTLSName string, destinationIP netip.Addr, func (c *Client) OpenHTTPS(ctx context.Context, destinationTLSName string, destinationAddrPort netip.AddrPort,
) (httpClient *http.Client, cleanup func() error, err error) { ) (httpClient *http.Client, cleanup func() error, err error) {
fd, sourceAddrPort, err := bindSourceConnection(destinationIP) fd, sourceAddrPort, err := bindSourceConnection(destinationAddrPort.Addr())
if err != nil { if err != nil {
return nil, nil, fmt.Errorf("binding source port: %w", err) return nil, nil, fmt.Errorf("binding source port: %w", err)
} }
destinationAddrPort := netip.AddrPortFrom(destinationIP, c.httpsPort)
const remove = false const remove = false
err = c.firewall.AcceptOutputFromIPPortToIPPort(ctx, "tcp", c.outboundInterface, err = c.firewall.AcceptOutputFromIPPortToIPPort(ctx, "tcp", c.outboundInterface,
sourceAddrPort, destinationAddrPort, remove) sourceAddrPort, destinationAddrPort, remove)
@@ -37,25 +35,26 @@ func (c *Client) OpenHTTPS(ctx context.Context, destinationTLSName string, desti
connection, err := connectSourceConnection(ctx, fd, destinationAddrPort) connection, err := connectSourceConnection(ctx, fd, destinationAddrPort)
if err != nil { if err != nil {
const remove = true const remove = true
_ = c.firewall.AcceptOutputFromIPPortToIPPort(ctx, "tcp", c.outboundInterface, _ = c.firewall.AcceptOutputFromIPPortToIPPort(context.Background(), "tcp", c.outboundInterface,
sourceAddrPort, destinationAddrPort, remove) sourceAddrPort, destinationAddrPort, remove)
return nil, nil, fmt.Errorf("connecting source socket: %w", err) return nil, nil, fmt.Errorf("connecting source socket: %w", err)
} }
httpClient = newHTTPSClient(destinationTLSName, connection) dial := makeDial(connection, destinationTLSName)
httpClient = newHTTPSClient(destinationTLSName, dial)
cleanup = func() error { cleanup = func() error {
var errs []error var errs []error
httpClient.CloseIdleConnections() httpClient.CloseIdleConnections()
err = connection.Close()
if err != nil && !errors.Is(err, net.ErrClosed) {
errs = append(errs, fmt.Errorf("closing connection: %w", err))
}
const remove = true const remove = true
err := c.firewall.AcceptOutputFromIPPortToIPPort(context.Background(), "tcp", c.outboundInterface, err := c.firewall.AcceptOutputFromIPPortToIPPort(context.Background(), "tcp", c.outboundInterface,
sourceAddrPort, destinationAddrPort, remove) sourceAddrPort, destinationAddrPort, remove)
if err != nil { if err != nil {
errs = append(errs, fmt.Errorf("removing output traffic rule: %w", err)) errs = append(errs, fmt.Errorf("removing output traffic rule: %w", err))
} }
err = connection.Close()
if err != nil {
errs = append(errs, fmt.Errorf("closing connection: %w", err))
}
if len(errs) > 0 { if len(errs) > 0 {
return errors.Join(errs...) return errors.Join(errs...)
} }
@@ -64,21 +63,31 @@ func (c *Client) OpenHTTPS(ctx context.Context, destinationTLSName string, desti
return httpClient, cleanup, nil return httpClient, cleanup, nil
} }
func newHTTPSClient(destinationTLSName string, connection net.Conn) *http.Client { type dialFunc func(ctx context.Context, network, address string) (net.Conn, error)
httpTransport := http.DefaultTransport.(*http.Transport).Clone() //nolint:forcetypeassert
httpTransport.Proxy = nil
httpTransport.MaxIdleConns = 1
httpTransport.MaxIdleConnsPerHost = 1
httpTransport.MaxConnsPerHost = 1
httpTransport.IdleConnTimeout = time.Second
httpTransport.TLSClientConfig = &tls.Config{
MinVersion: tls.VersionTLS12,
ServerName: destinationTLSName,
}
func newHTTPSClient(destinationTLSName string, dial dialFunc) *http.Client {
const timeout = 5 * time.Second
transport := &http.Transport{
MaxIdleConns: 1,
MaxIdleConnsPerHost: 1,
MaxConnsPerHost: 1,
IdleConnTimeout: time.Second,
TLSClientConfig: &tls.Config{
MinVersion: tls.VersionTLS12,
ServerName: destinationTLSName,
},
DialContext: dial,
}
return &http.Client{
Timeout: timeout,
Transport: transport,
}
}
func makeDial(connection net.Conn, tlsName string) dialFunc {
_, destinationPort, _ := net.SplitHostPort(connection.RemoteAddr().String()) _, destinationPort, _ := net.SplitHostPort(connection.RemoteAddr().String())
expectedAddress := net.JoinHostPort(destinationTLSName, destinationPort) expectedAddress := net.JoinHostPort(tlsName, destinationPort)
httpTransport.DialContext = func(_ context.Context, network, address string) (net.Conn, error) { return func(_ context.Context, network, address string) (net.Conn, error) {
switch network { switch network {
case "tcp", "tcp4", "tcp6": case "tcp", "tcp4", "tcp6":
default: default:
@@ -89,12 +98,6 @@ func newHTTPSClient(destinationTLSName string, connection net.Conn) *http.Client
} }
return connection, nil return connection, nil
} }
const timeout = 5 * time.Second
return &http.Client{
Timeout: timeout,
Transport: httpTransport,
}
} }
func bindSourceConnection(destinationIP netip.Addr) (fd int, sourceAddr netip.AddrPort, err error) { func bindSourceConnection(destinationIP netip.Addr) (fd int, sourceAddr netip.AddrPort, err error) {
+50 -24
View File
@@ -2,12 +2,14 @@ package restrictednet
import ( import (
"context" "context"
"net" "fmt"
"net/http"
"net/netip" "net/netip"
"testing" "testing"
"github.com/golang/mock/gomock" "github.com/golang/mock/gomock"
"github.com/qdm12/dns/v2/pkg/provider" "github.com/qdm12/dns/v2/pkg/provider"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require" "github.com/stretchr/testify/require"
) )
@@ -33,31 +35,40 @@ func (m listenAddrPortMatcher) String() string {
return "is a valid netip.AddrPort with a valid IP and non-zero port" return "is a valid netip.AddrPort with a valid IP and non-zero port"
} }
type destinationAddrPortMatcher struct {
expected netip.AddrPort
}
func (m destinationAddrPortMatcher) Matches(x any) bool {
ip, ok := x.(netip.AddrPort)
if !ok {
return false
}
if m.expected.IsValid() {
return ip == m.expected
}
return ip.IsValid() && ip.Port() == m.expected.Port()
}
func (m destinationAddrPortMatcher) String() string {
if m.expected.IsValid() {
return "is the same as " + m.expected.String()
}
return "matches the port " + fmt.Sprint(m.expected.Port())
}
func Test_Client_OpenHTTPS(t *testing.T) { func Test_Client_OpenHTTPS(t *testing.T) {
t.Parallel() t.Parallel()
ctx := t.Context() ctx := t.Context()
netConfig := net.ListenConfig{}
listener, err := netConfig.Listen(ctx, "tcp", "127.0.0.1:0")
require.NoError(t, err)
t.Cleanup(func() {
_ = listener.Close()
})
listeningPort := uint16(listener.Addr().(*net.TCPAddr).Port) //nolint:gosec,forcetypeassert
go func() {
connection, acceptErr := listener.Accept()
if acceptErr == nil {
_ = connection.Close()
}
}()
ctrl := gomock.NewController(t) ctrl := gomock.NewController(t)
firewall := NewMockFirewall(ctrl)
destination := netip.AddrPortFrom(netip.MustParseAddr("127.0.0.1"), listeningPort) const destinationTLSName = "one.one.one.one"
destinationAddrPort := netip.AddrPortFrom(netip.AddrFrom4([4]byte{1, 1, 1, 1}), 443)
firewall := NewMockFirewall(ctrl)
sourceMatcher := listenAddrPortMatcher{} sourceMatcher := listenAddrPortMatcher{}
firewall.EXPECT().AcceptOutputFromIPPortToIPPort( firewall.EXPECT().AcceptOutputFromIPPortToIPPort(
ctx, "tcp", "eth0", sourceMatcher, destination, false, ctx, "tcp", "eth0", sourceMatcher, destinationAddrPort, false,
).DoAndReturn(func(_ context.Context, ).DoAndReturn(func(_ context.Context,
_, _ string, source, _ netip.AddrPort, _ bool, _, _ string, source, _ netip.AddrPort, _ bool,
) error { ) error {
@@ -65,20 +76,35 @@ func Test_Client_OpenHTTPS(t *testing.T) {
return nil return nil
}) })
firewall.EXPECT().AcceptOutputFromIPPortToIPPort( firewall.EXPECT().AcceptOutputFromIPPortToIPPort(
context.Background(), "tcp", "eth0", sourceMatcher, destination, true, context.Background(), "tcp", "eth0", sourceMatcher, destinationAddrPort, true,
) )
const ipv6Supported = false const ipv6Supported = false
upstreamResolvers := []provider.Provider{provider.Google()} upstreamResolvers := []provider.Provider{provider.Google()}
client, err := New(firewall, "eth0", ipv6Supported, upstreamResolvers) settings := Settings{
require.NoError(t, err) Firewall: firewall,
client.httpsPort = listeningPort DefaultInterface: "eth0",
IPv6Supported: ptrTo(ipv6Supported),
UpstreamResolvers: upstreamResolvers,
}
client := New(settings)
httpClient, cleanup, err := client.OpenHTTPS(ctx, "api.example.com", netip.MustParseAddr("127.0.0.1")) httpClient, cleanup, err := client.OpenHTTPS(ctx, destinationTLSName, destinationAddrPort)
require.NoError(t, err) require.NoError(t, err)
require.NotNil(t, httpClient) require.NotNil(t, httpClient)
require.NotNil(t, cleanup) require.NotNil(t, cleanup)
request, err := http.NewRequestWithContext(ctx, http.MethodGet, "https://"+destinationTLSName, nil)
require.NoError(t, err)
response, err := httpClient.Do(request)
t.Cleanup(func() {
response.Body.Close()
})
require.NoError(t, err)
assert.Equal(t, http.StatusOK, response.StatusCode)
err = cleanup() err = cleanup()
require.NoError(t, err) require.NoError(t, err)
} }
+9 -7
View File
@@ -76,15 +76,17 @@ func (c *Client) resolveOneQuestionType(ctx context.Context,
dohServerIPs = append(dohServerIPs, dohServer.IPv4...) dohServerIPs = append(dohServerIPs, dohServer.IPv4...)
for _, dohServerIP := range dohServerIPs { for _, dohServerIP := range dohServerIPs {
responseMessage, err := c.doHQuery(ctx, queryWire, dohURL, dohServerIP) const defaultDoHPort = 443
dohServerAddrPort := netip.AddrPortFrom(dohServerIP, defaultDoHPort)
responseMessage, err := c.doHQuery(ctx, queryWire, dohURL, dohServerAddrPort)
switch { switch {
case err != nil: case err != nil:
errs = append(errs, fmt.Errorf("querying DoH server %q at %s: %w", errs = append(errs, fmt.Errorf("querying DoH server %q (%s): %w",
dohServer.URL, dohServerIP, err)) dohServer.URL, dohServerAddrPort, err))
continue continue
case responseMessage.Rcode != dns.RcodeSuccess: case responseMessage.Rcode != dns.RcodeSuccess:
errs = append(errs, fmt.Errorf("querying DoH server %q at %s: DNS rcode %s", errs = append(errs, fmt.Errorf("querying DoH server %q (%s): DNS rcode %s",
dohServer.URL, dohServerIP, dns.RcodeToString[responseMessage.Rcode])) dohServer.URL, dohServerAddrPort, dns.RcodeToString[responseMessage.Rcode]))
continue continue
} }
addresses := answersToNetipAddrs(responseMessage) addresses := answersToNetipAddrs(responseMessage)
@@ -104,9 +106,9 @@ func (c *Client) resolveOneQuestionType(ctx context.Context,
} }
func (c *Client) doHQuery(ctx context.Context, queryWire []byte, func (c *Client) doHQuery(ctx context.Context, queryWire []byte,
dohURL *url.URL, dohServerIP netip.Addr, dohURL *url.URL, dohServerAddrPort netip.AddrPort,
) (responseMessage *dns.Msg, err error) { ) (responseMessage *dns.Msg, err error) {
httpClient, cleanup, err := c.OpenHTTPS(ctx, dohURL.Hostname(), dohServerIP) httpClient, cleanup, err := c.OpenHTTPS(ctx, dohURL.Hostname(), dohServerAddrPort)
if err != nil { if err != nil {
return nil, fmt.Errorf("opening https connection: %w", err) return nil, fmt.Errorf("opening https connection: %w", err)
} }
+71 -44
View File
@@ -1,80 +1,107 @@
package restrictednet package restrictednet
import ( import (
"context"
"net" "net"
"net/netip" "net/netip"
"testing" "testing"
"github.com/golang/mock/gomock"
"github.com/miekg/dns" "github.com/miekg/dns"
"github.com/qdm12/dns/v2/pkg/provider"
"github.com/stretchr/testify/assert" "github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
) )
func Test_Client_ResolveName(t *testing.T) {
t.Parallel()
ctx := t.Context()
ctrl := gomock.NewController(t)
firewall := NewMockFirewall(ctrl)
sourceMatcher := listenAddrPortMatcher{}
destinationMatcher := destinationAddrPortMatcher{
expected: netip.AddrPortFrom(netip.Addr{}, 443),
}
// Add rule
firstCall := firewall.EXPECT().AcceptOutputFromIPPortToIPPort(
ctx, "tcp", "eth0", sourceMatcher, destinationMatcher, false,
).DoAndReturn(func(
_ context.Context, _, _ string, source, destination netip.AddrPort, _ bool,
) error {
sourceMatcher.expected = source
destinationMatcher.expected = destination
return nil
})
// Removal rule
firewall.EXPECT().AcceptOutputFromIPPortToIPPort(
context.Background(), "tcp", "eth0", sourceMatcher, destinationMatcher, true,
).Return(nil).After(firstCall)
settings := Settings{
DefaultInterface: "eth0",
IPv6Supported: ptrTo(false),
Firewall: firewall,
UpstreamResolvers: []provider.Provider{provider.Cloudflare()},
}
client := New(settings)
addresses, err := client.ResolveName(ctx, "github.com")
require.NoError(t, err)
assert.NotEmpty(t, addresses)
}
func Test_answersToNetipAddrs(t *testing.T) { func Test_answersToNetipAddrs(t *testing.T) {
t.Parallel() t.Parallel()
testCases := map[string]struct { testCases := map[string]struct {
message *dns.Msg message *dns.Msg
expected []netip.Addr expected []netip.Addr
errorIsNil bool
}{ }{
"nil_message": { "nil_message": {},
message: nil,
expected: nil,
errorIsNil: true,
},
"no_answers": { "no_answers": {
message: &dns.Msg{}, message: &dns.Msg{},
expected: []netip.Addr{}, expected: []netip.Addr{},
errorIsNil: true,
}, },
"a_record": { "a_record": {
message: &dns.Msg{ message: &dns.Msg{Answer: []dns.RR{
Answer: []dns.RR{ &dns.A{
&dns.A{ Hdr: dns.RR_Header{Name: "example.com.", Rrtype: dns.TypeA, Class: dns.ClassINET},
Hdr: dns.RR_Header{Name: "example.com.", Rrtype: dns.TypeA, Class: dns.ClassINET}, A: net.IP{1, 1, 1, 1},
A: net.IP{1, 1, 1, 1},
},
}, },
}, }},
expected: []netip.Addr{netip.MustParseAddr("1.1.1.1")}, expected: []netip.Addr{netip.MustParseAddr("1.1.1.1")},
errorIsNil: true,
}, },
"aaaa_record": { "aaaa_record": {
message: &dns.Msg{ message: &dns.Msg{Answer: []dns.RR{
Answer: []dns.RR{ &dns.AAAA{
&dns.AAAA{ Hdr: dns.RR_Header{Name: "example.com.", Rrtype: dns.TypeAAAA, Class: dns.ClassINET},
Hdr: dns.RR_Header{Name: "example.com.", Rrtype: dns.TypeAAAA, Class: dns.ClassINET}, AAAA: net.IP{0x20, 0x01, 0x48, 0x60, 0x48, 0x60, 0, 0, 0, 0, 0, 0, 0, 0, 0x88, 0x88},
AAAA: net.IP{0x20, 0x01, 0x48, 0x60, 0x48, 0x60, 0, 0, 0, 0, 0, 0, 0, 0, 0x88, 0x88},
},
}, },
}, }},
expected: []netip.Addr{netip.MustParseAddr("2001:4860:4860::8888")}, expected: []netip.Addr{netip.MustParseAddr("2001:4860:4860::8888")},
errorIsNil: true,
}, },
"mixed_records": { "mixed_records": {
message: &dns.Msg{ message: &dns.Msg{Answer: []dns.RR{
Answer: []dns.RR{ &dns.A{
&dns.A{ Hdr: dns.RR_Header{Name: "example.com.", Rrtype: dns.TypeA, Class: dns.ClassINET},
Hdr: dns.RR_Header{Name: "example.com.", Rrtype: dns.TypeA, Class: dns.ClassINET}, A: net.IP{1, 1, 1, 1},
A: net.IP{1, 1, 1, 1},
},
&dns.AAAA{
Hdr: dns.RR_Header{Name: "example.com.", Rrtype: dns.TypeAAAA, Class: dns.ClassINET},
AAAA: net.IP{0x20, 0x01, 0x48, 0x60, 0x48, 0x60, 0, 0, 0, 0, 0, 0, 0, 0, 0x88, 0x88},
},
}, },
}, &dns.AAAA{
expected: []netip.Addr{netip.MustParseAddr("1.1.1.1"), netip.MustParseAddr("2001:4860:4860::8888")}, Hdr: dns.RR_Header{Name: "example.com.", Rrtype: dns.TypeAAAA, Class: dns.ClassINET},
errorIsNil: true, AAAA: net.IP{0x20, 0x01, 0x48, 0x60, 0x48, 0x60, 0, 0, 0, 0, 0, 0, 0, 0, 0x88, 0x88},
},
}},
expected: []netip.Addr{netip.MustParseAddr("1.1.1.1"), netip.MustParseAddr("2001:4860:4860::8888")},
}, },
} }
for testName, testCase := range testCases { for testName, testCase := range testCases {
t.Run(testName, func(t *testing.T) { t.Run(testName, func(t *testing.T) {
t.Parallel() t.Parallel()
addresses := answersToNetipAddrs(testCase.message) addresses := answersToNetipAddrs(testCase.message)
assert.Equal(t, testCase.expected, addresses) assert.Equal(t, testCase.expected, addresses)
}) })
} }
+28
View File
@@ -0,0 +1,28 @@
package restrictednet
import (
"errors"
"github.com/qdm12/dns/v2/pkg/provider"
)
type Settings struct {
DefaultInterface string
IPv6Supported *bool
Firewall Firewall
UpstreamResolvers []provider.Provider
}
func (s *Settings) validate() error {
switch {
case s.DefaultInterface == "":
return errors.New("default interface is not set")
case s.IPv6Supported == nil:
return errors.New("IPv6 support field is not set")
case s.Firewall == nil:
return errors.New("firewall is not set")
case len(s.UpstreamResolvers) == 0:
return errors.New("no upstream resolvers provided")
}
return nil
}