Add the ability to log blocked queries
This commit is contained in:
parent
9f8bce28a4
commit
b9c43c8ef3
|
@ -4,6 +4,7 @@ import (
|
||||||
"encoding/binary"
|
"encoding/binary"
|
||||||
"errors"
|
"errors"
|
||||||
"net"
|
"net"
|
||||||
|
"strconv"
|
||||||
"strings"
|
"strings"
|
||||||
"unicode"
|
"unicode"
|
||||||
)
|
)
|
||||||
|
@ -97,3 +98,8 @@ func StringTwoFields(str string) (string, string, bool) {
|
||||||
}
|
}
|
||||||
return a, b, true
|
return a, b, true
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func StringQuote(str string) string {
|
||||||
|
str = strconv.QuoteToGraphic(str)
|
||||||
|
return str[1 : len(str)-1]
|
||||||
|
}
|
||||||
|
|
|
@ -25,7 +25,7 @@ type Config struct {
|
||||||
CacheMinTTL uint32 `toml:"cache_min_ttl"`
|
CacheMinTTL uint32 `toml:"cache_min_ttl"`
|
||||||
CacheMaxTTL uint32 `toml:"cache_max_ttl"`
|
CacheMaxTTL uint32 `toml:"cache_max_ttl"`
|
||||||
QueryLog QueryLogConfig `toml:"query_log"`
|
QueryLog QueryLogConfig `toml:"query_log"`
|
||||||
BlockName BlockNameConfig `toml:"block_name"`
|
BlockName BlockNameConfig `toml:"blacklist"`
|
||||||
ForwardFile string `toml:"forwarding_rules"`
|
ForwardFile string `toml:"forwarding_rules"`
|
||||||
ServersConfig map[string]ServerConfig `toml:"servers"`
|
ServersConfig map[string]ServerConfig `toml:"servers"`
|
||||||
SourcesConfig map[string]SourceConfig `toml:"sources"`
|
SourcesConfig map[string]SourceConfig `toml:"sources"`
|
||||||
|
@ -67,7 +67,9 @@ type QueryLogConfig struct {
|
||||||
}
|
}
|
||||||
|
|
||||||
type BlockNameConfig struct {
|
type BlockNameConfig struct {
|
||||||
File string
|
File string `toml:"blacklist_file"`
|
||||||
|
LogFile string `toml:"log_file"`
|
||||||
|
Format string `toml:"log_format"`
|
||||||
}
|
}
|
||||||
|
|
||||||
func ConfigLoad(proxy *Proxy, svcFlag *string, config_file string) error {
|
func ConfigLoad(proxy *Proxy, svcFlag *string, config_file string) error {
|
||||||
|
@ -97,6 +99,7 @@ func ConfigLoad(proxy *Proxy, svcFlag *string, config_file string) error {
|
||||||
proxy.cacheNegTTL = config.CacheNegTTL
|
proxy.cacheNegTTL = config.CacheNegTTL
|
||||||
proxy.cacheMinTTL = config.CacheMinTTL
|
proxy.cacheMinTTL = config.CacheMinTTL
|
||||||
proxy.cacheMaxTTL = config.CacheMaxTTL
|
proxy.cacheMaxTTL = config.CacheMaxTTL
|
||||||
|
|
||||||
if len(config.QueryLog.Format) == 0 {
|
if len(config.QueryLog.Format) == 0 {
|
||||||
config.QueryLog.Format = "tsv"
|
config.QueryLog.Format = "tsv"
|
||||||
} else {
|
} else {
|
||||||
|
@ -107,7 +110,19 @@ func ConfigLoad(proxy *Proxy, svcFlag *string, config_file string) error {
|
||||||
}
|
}
|
||||||
proxy.queryLogFile = config.QueryLog.File
|
proxy.queryLogFile = config.QueryLog.File
|
||||||
proxy.queryLogFormat = config.QueryLog.Format
|
proxy.queryLogFormat = config.QueryLog.Format
|
||||||
|
|
||||||
|
if len(config.BlockName.Format) == 0 {
|
||||||
|
config.BlockName.Format = "tsv"
|
||||||
|
} else {
|
||||||
|
config.BlockName.Format = strings.ToLower(config.BlockName.Format)
|
||||||
|
}
|
||||||
|
if config.BlockName.Format != "tsv" && config.BlockName.Format != "ltsv" {
|
||||||
|
return errors.New("Unsupported block log format")
|
||||||
|
}
|
||||||
proxy.blockNameFile = config.BlockName.File
|
proxy.blockNameFile = config.BlockName.File
|
||||||
|
proxy.blockNameFormat = config.BlockName.Format
|
||||||
|
proxy.blockNameLogFile = config.BlockName.LogFile
|
||||||
|
|
||||||
proxy.forwardFile = config.ForwardFile
|
proxy.forwardFile = config.ForwardFile
|
||||||
if len(config.ServerNames) == 0 {
|
if len(config.ServerNames) == 0 {
|
||||||
for serverName := range config.ServersConfig {
|
for serverName := range config.ServersConfig {
|
||||||
|
|
|
@ -127,11 +127,21 @@ format = "tsv"
|
||||||
## ads*.example.*
|
## ads*.example.*
|
||||||
## ads*.example[0-9]*.com
|
## ads*.example[0-9]*.com
|
||||||
|
|
||||||
[block_name]
|
[blacklist]
|
||||||
|
|
||||||
## Full path to the file of blocking rules
|
## Full path to the file of blocking rules
|
||||||
|
|
||||||
# file = "blacklist.txt"
|
# blacklist_file = "blacklist.txt"
|
||||||
|
|
||||||
|
|
||||||
|
## Optional path to a file logging blocked queries
|
||||||
|
|
||||||
|
# log_file = "blocked.log"
|
||||||
|
|
||||||
|
|
||||||
|
## Optional log format: tsv or ltsv (default: tsv)
|
||||||
|
|
||||||
|
# log_format = "tsv"
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -35,6 +35,8 @@ type Proxy struct {
|
||||||
queryLogFile string
|
queryLogFile string
|
||||||
queryLogFormat string
|
queryLogFormat string
|
||||||
blockNameFile string
|
blockNameFile string
|
||||||
|
blockNameLogFile string
|
||||||
|
blockNameFormat string
|
||||||
forwardFile string
|
forwardFile string
|
||||||
pluginsGlobals PluginsGlobals
|
pluginsGlobals PluginsGlobals
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,9 +1,15 @@
|
||||||
package main
|
package main
|
||||||
|
|
||||||
import (
|
import (
|
||||||
|
"errors"
|
||||||
|
"fmt"
|
||||||
"io/ioutil"
|
"io/ioutil"
|
||||||
|
"net"
|
||||||
|
"os"
|
||||||
"path/filepath"
|
"path/filepath"
|
||||||
"strings"
|
"strings"
|
||||||
|
"sync"
|
||||||
|
"time"
|
||||||
"unicode"
|
"unicode"
|
||||||
|
|
||||||
"github.com/hashicorp/go-immutable-radix"
|
"github.com/hashicorp/go-immutable-radix"
|
||||||
|
@ -22,10 +28,13 @@ const (
|
||||||
)
|
)
|
||||||
|
|
||||||
type PluginBlockName struct {
|
type PluginBlockName struct {
|
||||||
|
sync.Mutex
|
||||||
blockedPrefixes *iradix.Tree
|
blockedPrefixes *iradix.Tree
|
||||||
blockedSuffixes *iradix.Tree
|
blockedSuffixes *iradix.Tree
|
||||||
blockedSubstrings []string
|
blockedSubstrings []string
|
||||||
blockedPatterns []string
|
blockedPatterns []string
|
||||||
|
outFd *os.File
|
||||||
|
format string
|
||||||
}
|
}
|
||||||
|
|
||||||
func (plugin *PluginBlockName) Name() string {
|
func (plugin *PluginBlockName) Name() string {
|
||||||
|
@ -100,6 +109,17 @@ func (plugin *PluginBlockName) Init(proxy *Proxy) error {
|
||||||
dlog.Fatal("Unexpected block type")
|
dlog.Fatal("Unexpected block type")
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
if len(proxy.blockNameLogFile) == 0 {
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
plugin.Lock()
|
||||||
|
defer plugin.Unlock()
|
||||||
|
outFd, err := os.OpenFile(proxy.blockNameLogFile, os.O_WRONLY|os.O_APPEND|os.O_CREATE, 0644)
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
plugin.outFd = outFd
|
||||||
|
plugin.format = proxy.blockNameFormat
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -116,30 +136,66 @@ func (plugin *PluginBlockName) Eval(pluginsState *PluginsState, msg *dns.Msg) er
|
||||||
if len(questions) != 1 {
|
if len(questions) != 1 {
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
question := strings.ToLower(StripTrailingDot(questions[0].Name))
|
qName := strings.ToLower(StripTrailingDot(questions[0].Name))
|
||||||
revQuestion := StringReverse(question)
|
revQname := StringReverse(qName)
|
||||||
match, _, found := plugin.blockedSuffixes.Root().LongestPrefix([]byte(revQuestion))
|
reject, reason := false, ""
|
||||||
|
if !reject {
|
||||||
|
match, _, found := plugin.blockedSuffixes.Root().LongestPrefix([]byte(revQname))
|
||||||
if found {
|
if found {
|
||||||
if len(match) == len(question) || question[len(match)] == '.' {
|
if len(match) == len(qName) || qName[len(match)] == '.' {
|
||||||
pluginsState.action = PluginsActionReject
|
reject, reason = true, "*"+string(match)
|
||||||
return nil
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
_, _, found = plugin.blockedPrefixes.Root().LongestPrefix([]byte(question))
|
}
|
||||||
|
if !reject {
|
||||||
|
match, _, found := plugin.blockedPrefixes.Root().LongestPrefix([]byte(qName))
|
||||||
if found {
|
if found {
|
||||||
pluginsState.action = PluginsActionReject
|
reject, reason = true, string(match)+"*"
|
||||||
return nil
|
|
||||||
}
|
}
|
||||||
|
}
|
||||||
|
if !reject {
|
||||||
for _, substring := range plugin.blockedSubstrings {
|
for _, substring := range plugin.blockedSubstrings {
|
||||||
if strings.Contains(substring, question) {
|
if strings.Contains(substring, qName) {
|
||||||
pluginsState.action = PluginsActionReject
|
reject, reason = true, "*"+substring+"*"
|
||||||
return nil
|
break
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
}
|
||||||
|
if !reject {
|
||||||
for _, pattern := range plugin.blockedPatterns {
|
for _, pattern := range plugin.blockedPatterns {
|
||||||
if found, _ := filepath.Match(pattern, question); found {
|
if found, _ := filepath.Match(pattern, qName); found {
|
||||||
|
reject, reason = true, pattern
|
||||||
|
break
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
if reject {
|
||||||
pluginsState.action = PluginsActionReject
|
pluginsState.action = PluginsActionReject
|
||||||
return nil
|
if plugin.outFd != nil {
|
||||||
|
var clientIPStr string
|
||||||
|
if pluginsState.clientProto == "udp" {
|
||||||
|
clientIPStr = (*pluginsState.clientAddr).(*net.UDPAddr).IP.String()
|
||||||
|
} else {
|
||||||
|
clientIPStr = (*pluginsState.clientAddr).(*net.TCPAddr).IP.String()
|
||||||
|
}
|
||||||
|
var line string
|
||||||
|
if plugin.format == "tsv" {
|
||||||
|
now := time.Now()
|
||||||
|
year, month, day := now.Date()
|
||||||
|
hour, minute, second := now.Clock()
|
||||||
|
tsStr := fmt.Sprintf("[%d-%02d-%02d %02d:%02d:%02d]", year, int(month), day, hour, minute, second)
|
||||||
|
line = fmt.Sprintf("%s\t%s\t%s\t%s\n", tsStr, clientIPStr, StringQuote(qName), StringQuote(reason))
|
||||||
|
} else if plugin.format == "ltsv" {
|
||||||
|
line = fmt.Sprintf("time:%d\thost:%s\tqname:%s\tmessage:%s\n", time.Now().Unix(), clientIPStr, StringQuote(qName), StringQuote(reason))
|
||||||
|
} else {
|
||||||
|
dlog.Fatalf("Unexpected log format: [%s]", plugin.format)
|
||||||
|
}
|
||||||
|
plugin.Lock()
|
||||||
|
if plugin.outFd == nil {
|
||||||
|
return errors.New("Log file not initialized")
|
||||||
|
}
|
||||||
|
plugin.outFd.WriteString(line)
|
||||||
|
defer plugin.Unlock()
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
return nil
|
return nil
|
||||||
|
|
|
@ -5,7 +5,6 @@ import (
|
||||||
"fmt"
|
"fmt"
|
||||||
"net"
|
"net"
|
||||||
"os"
|
"os"
|
||||||
"strings"
|
|
||||||
"sync"
|
"sync"
|
||||||
"time"
|
"time"
|
||||||
|
|
||||||
|
@ -60,10 +59,7 @@ func (plugin *PluginQueryLog) Eval(pluginsState *PluginsState, msg *dns.Msg) err
|
||||||
} else {
|
} else {
|
||||||
clientIPStr = (*pluginsState.clientAddr).(*net.TCPAddr).IP.String()
|
clientIPStr = (*pluginsState.clientAddr).(*net.TCPAddr).IP.String()
|
||||||
}
|
}
|
||||||
qName := question.Name
|
qName := StripTrailingDot(question.Name)
|
||||||
if len(qName) > 1 && strings.HasSuffix(qName, ".") {
|
|
||||||
qName = qName[0 : len(qName)-1]
|
|
||||||
}
|
|
||||||
qType, ok := dns.TypeToString[question.Qtype]
|
qType, ok := dns.TypeToString[question.Qtype]
|
||||||
if !ok {
|
if !ok {
|
||||||
qType = string(qType)
|
qType = string(qType)
|
||||||
|
@ -74,10 +70,10 @@ func (plugin *PluginQueryLog) Eval(pluginsState *PluginsState, msg *dns.Msg) err
|
||||||
year, month, day := now.Date()
|
year, month, day := now.Date()
|
||||||
hour, minute, second := now.Clock()
|
hour, minute, second := now.Clock()
|
||||||
tsStr := fmt.Sprintf("[%d-%02d-%02d %02d:%02d:%02d]", year, int(month), day, hour, minute, second)
|
tsStr := fmt.Sprintf("[%d-%02d-%02d %02d:%02d:%02d]", year, int(month), day, hour, minute, second)
|
||||||
line = fmt.Sprintf("%s\t%s\t%s\t%s\n", tsStr, clientIPStr, qName, qType)
|
line = fmt.Sprintf("%s\t%s\t%s\t%s\n", tsStr, clientIPStr, StringQuote(qName), qType)
|
||||||
} else if plugin.format == "ltsv" {
|
} else if plugin.format == "ltsv" {
|
||||||
line = fmt.Sprintf("time:%d\thost:%s\tmessage:%s\ttype:%s\n",
|
line = fmt.Sprintf("time:%d\thost:%s\tmessage:%s\ttype:%s\n",
|
||||||
time.Now().Unix(), clientIPStr, qName, qType)
|
time.Now().Unix(), clientIPStr, StringQuote(qName), qType)
|
||||||
} else {
|
} else {
|
||||||
dlog.Fatalf("Unexpected log format: [%s]", plugin.format)
|
dlog.Fatalf("Unexpected log format: [%s]", plugin.format)
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue