dnsforward: https filtering

AdguardTeam · Aug 8, 2023 · 832b599 · 832b599
1 parent 6a2bdd1
commit 832b599
Show file tree

Hide file tree

Showing 2 changed files with 33 additions and 38 deletions.
diff --git a/internal/dnsforward/filter.go b/internal/dnsforward/filter.go
@@ -184,7 +184,7 @@ func (s *Server) filterDNSResponse(
 			rrtype = dns.TypeAAAA
 
 			res, err = s.checkHostRules(host, rrtype, setts)
-		case *dns.SVCB:
+		case *dns.HTTPS:
 			res, err = s.filterHTTPSRecords(a, setts)
 		default:
 			continue
@@ -210,7 +210,7 @@ func (s *Server) filterDNSResponse(
 // filterHTTPSRecords filters HTTPS answers information through all rule list
 // filters of the server filters.
 func (s *Server) filterHTTPSRecords(
-	rr *dns.SVCB,
+	rr *dns.HTTPS,
 	setts *filtering.Settings,
 ) (r *filtering.Result, err error) {
 	for _, kv := range rr.Value {

diff --git a/internal/dnsforward/filter_test.go b/internal/dnsforward/filter_test.go
@@ -260,66 +260,46 @@ func TestHandleDNSRequest_filterDNSResponse(t *testing.T) {
 		name:     "ipv4hint",
 		req:      createTestMessageWithType(aghtest.ReqFQDN, dns.TypeHTTPS),
 		wantRule: blockedIPv4Str,
-		respAns: []dns.RR{&dns.SVCB{
-			Hdr: dns.RR_Header{
-				Name:   aghtest.ReqFQDN,
-				Rrtype: dns.TypeHTTPS,
-				Class:  dns.ClassINET,
-			},
-			Target: aghtest.ReqFQDN,
-			Value: []dns.SVCBKeyValue{
+		respAns: newSVCBHintsAnswer(
+			aghtest.ReqFQDN,
+			[]dns.SVCBKeyValue{
 				&dns.SVCBIPv4Hint{Hint: []net.IP{blockedIPv4}},
 				&dns.SVCBIPv6Hint{Hint: []net.IP{}},
 			},
-		}},
+		),
 	}, {
 		name:     "ipv6hint",
 		req:      createTestMessageWithType(aghtest.ReqFQDN, dns.TypeHTTPS),
 		wantRule: blockedIPv6Str,
-		respAns: []dns.RR{&dns.SVCB{
-			Hdr: dns.RR_Header{
-				Name:   aghtest.ReqFQDN,
-				Rrtype: dns.TypeHTTPS,
-				Class:  dns.ClassINET,
-			},
-			Target: aghtest.ReqFQDN,
-			Value: []dns.SVCBKeyValue{
+		respAns: newSVCBHintsAnswer(
+			aghtest.ReqFQDN,
+			[]dns.SVCBKeyValue{
 				&dns.SVCBIPv4Hint{Hint: []net.IP{}},
 				&dns.SVCBIPv6Hint{Hint: []net.IP{blockedIPv6}},
 			},
-		}},
+		),
 	}, {
 		name:     "ipv4_ipv6_hints",
 		req:      createTestMessageWithType(aghtest.ReqFQDN, dns.TypeHTTPS),
 		wantRule: blockedIPv4Str,
-		respAns: []dns.RR{&dns.SVCB{
-			Hdr: dns.RR_Header{
-				Name:   aghtest.ReqFQDN,
-				Rrtype: dns.TypeHTTPS,
-				Class:  dns.ClassINET,
-			},
-			Target: aghtest.ReqFQDN,
-			Value: []dns.SVCBKeyValue{
+		respAns: newSVCBHintsAnswer(
+			aghtest.ReqFQDN,
+			[]dns.SVCBKeyValue{
 				&dns.SVCBIPv4Hint{Hint: []net.IP{blockedIPv4}},
 				&dns.SVCBIPv6Hint{Hint: []net.IP{blockedIPv6}},
 			},
-		}},
+		),
 	}, {
 		name:     "pass_hints",
 		req:      createTestMessageWithType(aghtest.ReqFQDN, dns.TypeHTTPS),
 		wantRule: "",
-		respAns: []dns.RR{&dns.SVCB{
-			Hdr: dns.RR_Header{
-				Name:   aghtest.ReqFQDN,
-				Rrtype: dns.TypeHTTPS,
-				Class:  dns.ClassINET,
-			},
-			Target: aghtest.ReqFQDN,
-			Value: []dns.SVCBKeyValue{
+		respAns: newSVCBHintsAnswer(
+			aghtest.ReqFQDN,
+			[]dns.SVCBKeyValue{
 				&dns.SVCBIPv4Hint{Hint: []net.IP{passedIPv4}},
 				&dns.SVCBIPv6Hint{Hint: []net.IP{}},
 			},
-		}},
+		),
 	}}
 
 	for _, tc := range testCases {
@@ -356,3 +336,18 @@ func TestHandleDNSRequest_filterDNSResponse(t *testing.T) {
 		})
 	}
 }
+
+// newSVCBHintsAnswer returns a test HTTPS answer RRs with SVCB hints.
+func newSVCBHintsAnswer(target string, hints []dns.SVCBKeyValue) (rrs []dns.RR) {
+	return []dns.RR{&dns.HTTPS{
+		SVCB: dns.SVCB{
+			Hdr: dns.RR_Header{
+				Name:   target,
+				Rrtype: dns.TypeHTTPS,
+				Class:  dns.ClassINET,
+			},
+			Target: target,
+			Value:  hints,
+		},
+	}}
+}