add dns

mrhaoxx · Feb 13, 2024 · 988f7ec · 988f7ec
1 parent 89d80dc
commit 988f7ec
Show file tree

Hide file tree

Showing 10 changed files with 170 additions and 20 deletions.
diff --git a/auth/policybase.go b/auth/policybase.go
@@ -11,9 +11,9 @@ import (
  stdhttp "net/http"
 
  "github.com/dlclark/regexp2"
+ "github.com/mrhaoxx/OpenNG/dns"
  http "github.com/mrhaoxx/OpenNG/http"
  "github.com/mrhaoxx/OpenNG/log"
- ngtls "github.com/mrhaoxx/OpenNG/tls"
  utils "github.com/mrhaoxx/OpenNG/utils"
 )
 
@@ -392,7 +392,7 @@ func (LGM *policyBaseAuth) AddPolicy(name string, allow bool, users []string, ho
  if len(hosts) == 0 {
  p.hosts = append(p.hosts, regexpforall)
  } else {
- p.hosts = utils.MustCompileRegexp(ngtls.Dnsname2Regexp(hosts))
+ p.hosts = utils.MustCompileRegexp(dns.Dnsnames2Regexps(hosts))
  }
 
  if len(paths) == 0 {

diff --git a/dns/server.go b/dns/server.go
@@ -0,0 +1,93 @@
+package dns
+
+import (
+ "strconv"
+ "sync"
+ "sync/atomic"
+ "time"
+
+ "github.com/mrhaoxx/OpenNG/log"
+
+ "github.com/dlclark/regexp2"
+ "github.com/miekg/dns"
+)
+
+type record struct {
+ rr dns.RR
+ name *regexp2.Regexp
+}
+type filter struct {
+ name *regexp2.Regexp
+ allowance bool
+}
+
+type server struct {
+ records []*record
+ records_lock sync.RWMutex
+ filters []*filter
+ upstreamDNS string
+
+ count uint64
+}
+
+func (s *server) ServeDNS(w dns.ResponseWriter, req *dns.Msg) {
+ m := new(dns.Msg)
+ m.SetReply(req)
+ id := atomic.AddUint64(&s.count, 1)
+ startTime := time.Now()
+ defer func() {
+ log.Println("d"+strconv.FormatUint(id, 10), w.RemoteAddr().String(), time.Since(startTime).Round(1*time.Microsecond), m.Rcode, m.Question[0].Name, m.Answer)
+ }()
+
+ for _, q := range req.Question {
+ for _, r := range s.filters {
+ if ok, _ := r.name.MatchString(q.Name); ok {
+ if r.allowance {
+ m.Rcode = dns.RcodeSuccess
+ break
+ } else {
+ m.Rcode = dns.RcodeRefused
+ goto _end
+ }
+ }
+ }
+ }
+ {
+ c := new(dns.Client)
+ in, _, _ := c.Exchange(req, s.upstreamDNS)
+ w.WriteMsg(in)
+ return
+ }
+_end:
+ w.WriteMsg(m)
+}
+
+func (s *server) Listen(address string) error {
+ server := &dns.Server{Addr: address, Net: "udp"}
+ server.Handler = s
+ return server.ListenAndServe()
+}
+
+func (s *server) AddFilter(name *regexp2.Regexp, allowance bool) error {
+ s.filters = append(s.filters, &filter{name: name, allowance: allowance})
+ return nil
+}
+
+// func (s *server) AddRecord(domain string, rr dns.RR) error {
+// r, err := regexp2.Compile(domain, 0)
+// if err != nil {
+// return err
+// }
+// s.records_lock.Lock()
+// s.records = append(s.records, &record{rr: rr, domain: r})
+// s.records_lock.Unlock()
+// return nil
+// }
+
+func NewServer(upstreamDNS string) *server {
+ return &server{
+ records: []*record{},
+ filters: []*filter{},
+ upstreamDNS: upstreamDNS,
+ }
+}
diff --git a/dns/utils.go b/dns/utils.go
@@ -0,0 +1,18 @@
+package dns
+
+import "strings"
+
+func Dnsnames2Regexps(dnsnames []string) []string {
+ var out []string
+ for _, v := range dnsnames {
+ v = strings.ReplaceAll(v, ".", "\\.")
+ v = strings.ReplaceAll(v, "*", ".*")
+ out = append(out, "^"+v+"$")
+ }
+ return out
+}
+func Dnsname2Regexp(dnsname string) (v string) {
+ v = strings.ReplaceAll(dnsname, ".", "\\.")
+ v = strings.ReplaceAll(v, "*", ".*")
+ return "^" + v + "$"
+}
diff --git a/go.mod b/go.mod
@@ -14,6 +14,9 @@ require (
 )
 
 require (
+ github.com/miekg/dns v1.1.58 // indirect
+ golang.org/x/mod v0.14.0 // indirect
  golang.org/x/sys v0.16.0 // indirect
  golang.org/x/text v0.14.0 // indirect
+ golang.org/x/tools v0.17.0 // indirect
 )
diff --git a/go.sum b/go.sum
@@ -4,16 +4,22 @@ github.com/dlclark/regexp2 v1.10.0 h1:+/GIL799phkJqYW+3YbOd8LCcbHzT0Pbo8zl70MHsq
 github.com/dlclark/regexp2 v1.10.0/go.mod h1:DHkYz0B9wPfa6wondMfaivmHpzrQ3v9q8cnmRbL6yW8=
 github.com/fsnotify/fsnotify v1.7.0 h1:8JEhPFa5W2WU7YfeZzPNqzMP6Lwt7L2715Ggo0nosvA=
 github.com/fsnotify/fsnotify v1.7.0/go.mod h1:40Bi/Hjc2AVfZrqy+aj+yEI+/bRxZnMJyTJwOpGvigM=
+github.com/miekg/dns v1.1.58 h1:ca2Hdkz+cDg/7eNF6V56jjzuZ4aCAE+DbVkILdQWG/4=
+github.com/miekg/dns v1.1.58/go.mod h1:Ypv+3b/KadlvW9vJfXOTf300O4UqaHFzFCuHz+rPkBY=
 github.com/pires/go-proxyproto v0.7.0 h1:IukmRewDQFWC7kfnb66CSomk2q/seBuilHBYFwyq0Hs=
 github.com/pires/go-proxyproto v0.7.0/go.mod h1:Vz/1JPY/OACxWGQNIRY2BeyDmpoaWmEP40O9LbuiFR4=
 golang.org/x/crypto v0.18.0 h1:PGVlW0xEltQnzFZ55hkuX5+KLyrMYhHld1YHO4AKcdc=
 golang.org/x/crypto v0.18.0/go.mod h1:R0j02AL6hcrfOiy9T4ZYp/rcWeMxM3L6QYxlOuEG1mg=
+golang.org/x/mod v0.14.0 h1:dGoOF9QVLYng8IHTm7BAyWqCqSheQ5pYWGhzW00YJr0=
+golang.org/x/mod v0.14.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
 golang.org/x/net v0.20.0 h1:aCL9BSgETF1k+blQaYUBx9hJ9LOGP3gAVemcZlf1Kpo=
 golang.org/x/net v0.20.0/go.mod h1:z8BVo6PvndSri0LbOE3hAn0apkU+1YvI6E70E9jsnvY=
 golang.org/x/sys v0.16.0 h1:xWw16ngr6ZMtmxDyKyIgsE93KNKz5HKmMa3b8ALHidU=
 golang.org/x/sys v0.16.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ=
 golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
+golang.org/x/tools v0.17.0 h1:FvmRgNOcs3kOa+T20R1uhfP9F6HgG2mfxDv1vrx1Htc=
+golang.org/x/tools v0.17.0/go.mod h1:xsh6VxdV005rRVaS6SSAf9oiAqljS7UZUacMZ8Bnsps=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=

diff --git a/http/midware.go b/http/midware.go
@@ -10,9 +10,9 @@ import (
  "sync/atomic"
  "time"
 
+ "github.com/mrhaoxx/OpenNG/dns"
  "github.com/mrhaoxx/OpenNG/log"
  tcp "github.com/mrhaoxx/OpenNG/tcp"
- tls "github.com/mrhaoxx/OpenNG/tls"
  utils "github.com/mrhaoxx/OpenNG/utils"
  "golang.org/x/net/http2"
 
@@ -165,7 +165,7 @@ func NewHttpMidware(sni []string) *Midware {
  hmw.bufferedLookupForSNI = *utils.NewBufferedLookup(func(s string) interface{} {
  return hmw.sni == nil || hmw.sni.MatchString(s)
  })
- hmw.sni = utils.MustCompileRegexp(tls.Dnsname2Regexp(sni))
+ hmw.sni = utils.MustCompileRegexp(dns.Dnsnames2Regexps(sni))
  return hmw
 }
 
@@ -239,7 +239,7 @@ func (HMW *Midware) Bind(serviceid string, id string, _hosts []string) error {
  if len(_hosts) == 0 {
  hosts = service.Hosts()
  } else {
- hosts = utils.MustCompileRegexp(tls.Dnsname2Regexp(_hosts))
+ hosts = utils.MustCompileRegexp(dns.Dnsnames2Regexps(_hosts))
  }
  HMW.current = append(HMW.current, &ServiceStruct{
  Id: id,

diff --git a/http/proxy.go b/http/proxy.go
@@ -10,11 +10,10 @@ import (
  "strconv"
  "time"
 
+ "github.com/mrhaoxx/OpenNG/dns"
  "github.com/mrhaoxx/OpenNG/log"
  "github.com/mrhaoxx/OpenNG/utils"
 
- ngtls "github.com/mrhaoxx/OpenNG/tls"
-
  "github.com/dlclark/regexp2"
 )
 
@@ -120,7 +119,7 @@ func (hpx *httpproxy) Delete(id string) error {
 func (hpx *httpproxy) Insert(index int, id string, hosts []string, backend string, MaxConnsPerHost int, InsecureSkipVerify bool) error {
  buf := Httphost{
  Id: id,
- ServerName: utils.MustCompileRegexp(ngtls.Dnsname2Regexp(hosts)),
+ ServerName: utils.MustCompileRegexp(dns.Dnsnames2Regexps(hosts)),
  Backend: backend,
  }
 

diff --git a/tls/certificate.go b/tls/certificate.go
@@ -4,9 +4,9 @@ import (
  "crypto/tls"
  "crypto/x509"
  "errors"
- "strings"
  "sync"
 
+ "github.com/mrhaoxx/OpenNG/dns"
  utils "github.com/mrhaoxx/OpenNG/utils"
 )
 
@@ -65,7 +65,7 @@ func (m *tlsMgr) LoadCertificate(certfile, keyfile string) error {
 
  m.certs[certfile] = Cert{
  Certificate: &c,
- dnsnames: utils.MustCompileRegexp(Dnsname2Regexp(c.Leaf.DNSNames)),
+ dnsnames: utils.MustCompileRegexp(dns.Dnsnames2Regexps(c.Leaf.DNSNames)),
  certfile: certfile,
  }
  m.muCerts.Unlock()
@@ -90,13 +90,3 @@ func (mgr *tlsMgr) GetActiveCertificates() []Cert {
  }
  return certs
 }
-
-func Dnsname2Regexp(dnsnames []string) []string {
- var out []string
- for _, v := range dnsnames {
- v = strings.ReplaceAll(v, ".", "\\.")
- v = strings.ReplaceAll(v, "*", ".*")
- out = append(out, "^"+v+"$")
- }
- return out
-}
diff --git a/ui/config.go b/ui/config.go
@@ -7,6 +7,7 @@ type Cfg struct {
  TLS tlsConfig `yaml:"TLS,flow"`
  HTTP httpConfig `yaml:"HTTP,flow"`
  Logger logConfig `yaml:"Logger,flow"`
+ DNS DnsConfig `yaml:"DNS,flow"`
 }
 
 type authConfig struct {
@@ -87,3 +88,21 @@ type Certificate struct {
 type UdpLoggerConfig struct {
  Address string `yaml:"Address"`
 }
+
+type DnsConfig struct {
+ Bind string `yaml:"Bind"`
+ Upstream string `yaml:"Upstream"`
+ Records []DnsRecord `yaml:"Records,flow"`
+ Filters []DnsFilterRule `yaml:"Filters,flow"`
+}
+
+type DnsRecord struct {
+ Domain string `yaml:"Domain"`
+ Type string `yaml:"Type"`
+ Value string `yaml:"Value"`
+}
+
+type DnsFilterRule struct {
+ Name string `yaml:"Name"`
+ Allowance bool `yaml:"Allowance"`
+}
diff --git a/ui/myservice.go b/ui/myservice.go
@@ -8,7 +8,9 @@ import (
  "strings"
  "time"
 
+ "github.com/dlclark/regexp2"
  "github.com/mrhaoxx/OpenNG/auth"
+ "github.com/mrhaoxx/OpenNG/dns"
  "github.com/mrhaoxx/OpenNG/http"
  "github.com/mrhaoxx/OpenNG/log"
  "github.com/mrhaoxx/OpenNG/tcp"
@@ -240,6 +242,26 @@ func LoadCfg(cfgs []byte) error {
  log.Println("sys", "tcp", err)
  os.Exit(-1)
  }
+ var Dns = dns.NewServer(cfg.DNS.Upstream)
+ for _, f := range cfg.DNS.Filters {
+ log.Println("sys", "dns", "Filter", f.Name, f.Allowance)
+ r, err := regexp2.Compile(dns.Dnsname2Regexp(f.Name), 0)
+ if err != nil {
+ log.Println("sys", "dns", err)
+ os.Exit(-1)
+ }
+ Dns.AddFilter(r, f.Allowance)
+ }
+
+ if cfg.DNS.Bind != "" {
+ go func() {
+ log.Println("sys", "dns", "starting server at", cfg.DNS.Bind)
+ err := Dns.Listen(cfg.DNS.Bind)
+ if err != nil {
+ log.Println("sys", "dns", err)
+ }
+ }()
+ }
 
  return nil
 }