ConfigFile change to allowlist and blocklist (#1375)

* ConfigFile change to allowlist and blocklist * revised names and warnings * consistent file naming in kebab case, and generic use of blocklist and allowlist in cmoments for clarity * update ci files Co-authored-by: Ian Bashford <ianbashford@gmail.com>
2020-06-26 22:18:30 +01:00 · 2020-06-26 22:18:30 +01:00 · b089d49d25
parent 19c0c3f7db
commit b089d49d25
10 changed files with 104 additions and 56 deletions
--- a/.ci/allowed-names.txt
+++ b/.ci/allowed-names.txt
--- a/.ci/ip-blacklist.txt
+++ b/.ci/ip-blacklist.txt
--- a/.ci/blocked-names.txt
+++ b/.ci/blocked-names.txt
@ -1,5 +1,5 @@
 ##################
-# Test blacklist #
+# Test blocklist #
 ##################
 ad.*
--- a/.ci/ci-test.sh
+++ b/.ci/ci-test.sh
@ -20,7 +20,7 @@ section() {
    true
 }
-rm -f blocked.log ip-blocked.log query.log nx.log whitelisted.log
+rm -f blocked-names.log blocked-ips.log query.log nx.log allowed-names.log
 t || (
    cd ../dnscrypt-proxy
@ -94,14 +94,14 @@ kill $(cat /tmp/dnscrypt-proxy.pidfile)
 sleep 5
 section
-t || grep -Fq 'telemetry.example' blocked.log || fail
+t || grep -Fq 'telemetry.example' blocked-names.log || fail
-t || grep -Fq 'telemetry.*' blocked.log || fail
+t || grep -Fq 'telemetry.*' blocked-names.log || fail
-t || grep -Fq 'tracker.xdebian.org' blocked.log || fail
+t || grep -Fq 'tracker.xdebian.org' blocked-names.log || fail
-t || grep -Fq 'tracker.*' blocked.log || fail
+t || grep -Fq 'tracker.*' blocked-names.log || fail
 section
-t || grep -Fq 'dns.google' ip-blocked.log || fail
+t || grep -Fq 'dns.google' blocked-ips.log || fail
-t || grep -Fq '8.8.8.8' ip-blocked.log || fail
+t || grep -Fq '8.8.8.8' blocked-ips.log || fail
 section
 t || grep -Fq 'a.www.dnscrypt-test' nx.log || fail
@ -127,8 +127,8 @@ t || grep -Eq 'tracker.xdebian.org.*REJECT' query.log || fail
 t || grep -Eq 'tracker.debian.org.*PASS' query.log || fail
 section
-t || grep -Fq 'tracker.debian.org' whitelisted.log || fail
+t || grep -Fq 'tracker.debian.org' allowed-names.log || fail
-t || grep -Fq '*.tracker.debian' whitelisted.log || fail
+t || grep -Fq '*.tracker.debian' allowed-names.log || fail
 if [ -s error.log ]; then
    cat *.log
--- a/.ci/test2-dnscrypt-proxy.toml
+++ b/.ci/test2-dnscrypt-proxy.toml
@ -23,17 +23,17 @@ file = 'query.log'
 [nx_log]
 file = 'nx.log'
-[blacklist]
+[blocked_names]
-blacklist_file = 'blacklist.txt'
+blocked_names_file = 'blocked-names.txt'
-log_file = 'blocked.log'
+log_file = 'blocked-names.log'
-[ip_blacklist]
+[blocked_ips]
-blacklist_file = 'ip-blacklist.txt'
+blocked_ips_file = 'blocked-ips.txt'
-log_file = 'ip-blocked.log'
+log_file = 'blocked-ips.log'
-[whitelist]
+[allowed_names]
-whitelist_file = 'whitelist.txt'
+allowed_names_file = 'allowed-names.txt'
-log_file = 'whitelisted.log'
+log_file = 'allowed-names.log'
 [schedules]
--- a/dnscrypt-proxy/config.go
+++ b/dnscrypt-proxy/config.go
@ -61,9 +61,12 @@ type Config struct {
 	CloakTTL                 uint32                      `toml:"cloak_ttl"`
 	QueryLog                 QueryLogConfig              `toml:"query_log"`
 	NxLog                    NxLogConfig                 `toml:"nx_log"`
-	BlockName                BlockNameConfig             `toml:"blacklist"`
+	BlockName                BlockNameConfig             `toml:"blocked_names"`
-	WhitelistName            WhitelistNameConfig         `toml:"whitelist"`
+	BlockNameLegacy          BlockNameConfigLegacy       `toml:"blacklist"`
-	BlockIP                  BlockIPConfig               `toml:"ip_blacklist"`
+	WhitelistNameLegacy      WhitelistNameConfigLegacy   `toml:"whitelist"`
 	AllowedName              AllowedNameConfig           `toml:"allowed_names"`
 	BlockIP                  BlockIPConfig               `toml:"blocked_ips"`
 	BlockIPLegacy            BlockIPConfigLegacy         `toml:"ip_blacklist"`
 	ForwardFile              string                      `toml:"forwarding_rules"`
 	CloakFile                string                      `toml:"cloaking_rules"`
 	StaticsConfig            map[string]StaticConfig     `toml:"static"`
@ -174,18 +177,36 @@ type NxLogConfig struct {
 }
 type BlockNameConfig struct {
 	File    string `toml:"blocked_names_file"`
 	LogFile string `toml:"log_file"`
 	Format  string `toml:"log_format"`
 }
 type BlockNameConfigLegacy struct {
 	File    string `toml:"blacklist_file"`
 	LogFile string `toml:"log_file"`
 	Format  string `toml:"log_format"`
 }
-type WhitelistNameConfig struct {
+type WhitelistNameConfigLegacy struct {
 	File    string `toml:"whitelist_file"`
 	LogFile string `toml:"log_file"`
 	Format  string `toml:"log_format"`
 }
 type AllowedNameConfig struct {
 	File    string `toml:"allowed_names_file"`
 	LogFile string `toml:"log_file"`
 	Format  string `toml:"log_format"`
 }
 type BlockIPConfig struct {
 	File    string `toml:"blocked_ips_file"`
 	LogFile string `toml:"log_file"`
 	Format  string `toml:"log_format"`
 }
 type BlockIPConfigLegacy struct {
 	File    string `toml:"blacklist_file"`
 	LogFile string `toml:"log_file"`
 	Format  string `toml:"log_format"`
@ -457,6 +478,15 @@ func ConfigLoad(proxy *Proxy, flags *ConfigFlags) error {
 	proxy.nxLogFile = config.NxLog.File
 	proxy.nxLogFormat = config.NxLog.Format
 	if len(config.BlockName.File) > 0 && len(config.BlockNameLegacy.File) > 0 {
 		dlog.Fatal("Don't specify both [blocked_names] and [blacklist] sections - Update your config file.")
 	}
 	if len(config.BlockNameLegacy.File) > 0 {
 		dlog.Notice("Use of [blacklist] is deprecated - Update your config file.")
 		config.BlockName.File = config.BlockNameLegacy.File
 		config.BlockName.Format = config.BlockNameLegacy.Format
 		config.BlockName.LogFile = config.BlockNameLegacy.LogFile
 	}
 	if len(config.BlockName.Format) == 0 {
 		config.BlockName.Format = "tsv"
 	} else {
@ -469,18 +499,36 @@ func ConfigLoad(proxy *Proxy, flags *ConfigFlags) error {
 	proxy.blockNameFormat = config.BlockName.Format
 	proxy.blockNameLogFile = config.BlockName.LogFile
-	if len(config.WhitelistName.Format) == 0 {
+	if len(config.AllowedName.File) > 0 && len(config.WhitelistNameLegacy.File) > 0 {
-		config.WhitelistName.Format = "tsv"
+		dlog.Fatal("Don't specify both [whitelist] and [allowed_names] sections - Update your config file.")
 	}
 	if len(config.WhitelistNameLegacy.File) > 0 {
 		dlog.Notice("Use of [whitelist] is deprecated - Update your config file.")
 		config.AllowedName.File = config.WhitelistNameLegacy.File
 		config.AllowedName.Format = config.WhitelistNameLegacy.Format
 		config.AllowedName.LogFile = config.WhitelistNameLegacy.LogFile
 	}
 	if len(config.AllowedName.Format) == 0 {
 		config.AllowedName.Format = "tsv"
 	} else {
-		config.WhitelistName.Format = strings.ToLower(config.WhitelistName.Format)
+		config.AllowedName.Format = strings.ToLower(config.AllowedName.Format)
 	}
-	if config.WhitelistName.Format != "tsv" && config.WhitelistName.Format != "ltsv" {
+	if config.AllowedName.Format != "tsv" && config.AllowedName.Format != "ltsv" {
-		return errors.New("Unsupported whitelist log format")
+		return errors.New("Unsupported allowed_names log format")
 	}
-	proxy.whitelistNameFile = config.WhitelistName.File
+	proxy.whitelistNameFile = config.AllowedName.File
-	proxy.whitelistNameFormat = config.WhitelistName.Format
+	proxy.whitelistNameFormat = config.AllowedName.Format
-	proxy.whitelistNameLogFile = config.WhitelistName.LogFile
+	proxy.whitelistNameLogFile = config.AllowedName.LogFile
 	if len(config.BlockIP.File) > 0 && len(config.BlockIPLegacy.File) > 0 {
 		dlog.Fatal("Don't specify both [blocked_ips] and [ip_blacklist] sections - Update your config file.")
 	}
 	if len(config.BlockIPLegacy.File) > 0 {
 		dlog.Notice("Use of [ip_blacklist] is deprecated - Update your config file.")
 		config.BlockIP.File = config.BlockIPLegacy.File
 		config.BlockIP.Format = config.BlockIPLegacy.Format
 		config.BlockIP.LogFile = config.BlockIPLegacy.LogFile
 	}
 	if len(config.BlockIP.Format) == 0 {
 		config.BlockIP.Format = "tsv"
 	} else {
--- a/dnscrypt-proxy/example-allowed-names.txt
+++ b/dnscrypt-proxy/example-allowed-names.txt
--- a/dnscrypt-proxy/example-ip-blacklist.txt
+++ b/dnscrypt-proxy/example-ip-blacklist.txt
--- a/dnscrypt-proxy/example-blocked-names.txt
+++ b/dnscrypt-proxy/example-blocked-names.txt
--- a/dnscrypt-proxy/example-dnscrypt-proxy.toml
+++ b/dnscrypt-proxy/example-dnscrypt-proxy.toml
@ -75,7 +75,7 @@ require_dnssec = false
 # Server must not log user queries (declarative)
 require_nolog = true
-# Server must not enforce its own blacklist (for parental control, ads blocking...)
+# Server must not enforce its own blocklist (for parental control, ads blocking...)
 require_nofilter = true
 # Server names to avoid even if they match all criteria
@ -275,7 +275,7 @@ log_files_max_backups = 1
 ## Note: if you are using dnsmasq, disable the `dnssec` option in dnsmasq if you
 ## configure dnscrypt-proxy to do any kind of filtering (including the filters
-## below and blacklists).
+## below and blocklists).
 ## You can still choose resolvers that do DNSSEC validation.
@ -298,7 +298,7 @@ block_undelegated = true
 ## TTL for synthetic responses sent when a request has been blocked (due to
-## IPv6 or blacklists).
+## IPv6 or blocklists).
 reject_ttl = 600
@ -444,10 +444,10 @@ cache_neg_max_ttl = 600
 ######################################################
-#        Pattern-based blocking (blacklists)        #
+#        Pattern-based blocking (blocklists)        #
 ######################################################
-## Blacklists are made of one pattern per line. Example of valid patterns:
+## Blocklists are made of one pattern per line. Example of valid patterns:
 ##
 ##   example.com
 ##   =example.com
@ -456,20 +456,20 @@ cache_neg_max_ttl = 600
 ##   ads*.example.*
 ##   ads*.example[0-9]*.com
 ##
-## Example blacklist files can be found at https://download.dnscrypt.info/blacklists/
+## Example blocklist files can be found at https://download.dnscrypt.info/blacklists/
-## A script to build blacklists from public feeds can be found in the
+## A script to build blocklists from public feeds can be found in the
 ## `utils/generate-domains-blacklists` directory of the dnscrypt-proxy source code.
-[blacklist]
+[blocked_names]
  ## Path to the file of blocking rules (absolute, or relative to the same directory as the config file)
-  # blacklist_file = 'blacklist.txt'
+  # blocked_names_file = 'blocked-names.txt'
  ## Optional path to a file logging blocked queries
-  # log_file = 'blocked.log'
+  # log_file = 'blocked-names.log'
  ## Optional log format: tsv or ltsv (default: tsv)
@ -479,25 +479,25 @@ cache_neg_max_ttl = 600
 ###########################################################
-#        Pattern-based IP blocking (IP blacklists)        #
+#        Pattern-based IP blocking (IP blocklists)        #
 ###########################################################
-## IP blacklists are made of one pattern per line. Example of valid patterns:
+## IP blocklists are made of one pattern per line. Example of valid patterns:
 ##
 ##   127.*
 ##   fe80:abcd:*
 ##   192.168.1.4
-[ip_blacklist]
+[blocked_ips]
  ## Path to the file of blocking rules (absolute, or relative to the same directory as the config file)
-  # blacklist_file = 'ip-blacklist.txt'
+  # blocked_ips_file = 'blocked-ips.txt'
  ## Optional path to a file logging blocked queries
-  # log_file = 'ip-blocked.log'
+  # log_file = 'blocked-ips.log'
  ## Optional log format: tsv or ltsv (default: tsv)
@ -507,25 +507,25 @@ cache_neg_max_ttl = 600
 ######################################################
-#   Pattern-based whitelisting (blacklists bypass)   #
+#   Pattern-based allowlisting (blocklists bypass)   #
 ######################################################
-## Whitelists support the same patterns as blacklists
+## Allowlists support the same patterns as blocklists
-## If a name matches a whitelist entry, the corresponding session
+## If a name matches a allowlist entry, the corresponding session
 ## will bypass names and IP filters.
 ##
 ## Time-based rules are also supported to make some websites only accessible at specific times of the day.
-[whitelist]
+[allowed_names]
-  ## Path to the file of whitelisting rules (absolute, or relative to the same directory as the config file)
+  ## Path to the file of allowlisting rules (absolute, or relative to the same directory as the config file)
-  # whitelist_file = 'whitelist.txt'
+  # allowed_names_file = 'allowed-names.txt'
-  ## Optional path to a file logging whitelisted queries
+  ## Optional path to a file logging allowlisted queries
-  # log_file = 'whitelisted.log'
+  # log_file = 'allowed-names.log'
  ## Optional log format: tsv or ltsv (default: tsv)
@ -539,10 +539,10 @@ cache_neg_max_ttl = 600
 ##########################################
 ## One or more weekly schedules can be defined here.
-## Patterns in the name-based blocklist can optionally be followed with @schedule_name
+## Patterns in the name-based blocked_names file can optionally be followed with @schedule_name
 ## to apply the pattern 'schedule_name' only when it matches a time range of that schedule.
 ##
-## For example, the following rule in a blacklist file:
+## For example, the following rule in a blocklist file:
 ## *.youtube.* @time-to-sleep
 ## would block access to YouTube during the times defined by the 'time-to-sleep' schedule.
 ##