ipmap,core: refactor undelegated domains

Author: ignoramous

intra/dnsx/undelegated.go intra/core/undelegated.gointra/dnsx/undelegated.go renamed to intra/core/undelegated.go

@@ -4,17 +4,9 @@
 // License, v. 2.0. If a copy of the MPL was not distributed with this
 // file, You can obtain one at http://mozilla.org/MPL/2.0/.
 
-package dnsx
+package core
 
-import (
-	"strings"
-
-	x "github.com/celzero/firestack/intra/backend"
-	"github.com/celzero/firestack/intra/settings"
-	"github.com/celzero/firestack/intra/xdns"
-)
-
-var undelegatedSet = []string{
+var UndelegatedDomains = []string{
 	"0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa",
 	"0.in-addr.arpa",
 	"1",
@@ -161,24 +153,3 @@ var undelegatedSet = []string{
 	".workgroup",
 	".zghjccbob3n0",
 }
-
-func newUndelegatedDomainsTrie() x.RadixTree {
-	t := x.NewRadixTree()
-	for _, domain := range undelegatedSet {
-		t.Add(x.StrOf(domain))
-	}
-	return t
-}
-
-func (r *resolver) requiresGoosOrLocal(qname string) (id string) {
-	if strings.HasSuffix(qname, ".local") || xdns.IsMDNSQuery(qname) {
-		id = Local
-	} else if !settings.SystemDNSForUndelegatedDomains.Load() {
-		// todo: remove this once we let users "pin" domains to resolvers
-		// github.com/celzero/rethink-app/issues/1153
-		// skip override when preventing DNS capture on port53 is turned off
-	} else if len(qname) > 0 && r.localdomains.HasAny(x.StrOf(qname)) {
-		id = Goos // system is primary; see: transport.go:determineTransports()
-	}
-	return
-}

intra/dnsx/transport.go

@@ -199,7 +199,7 @@ func NewResolver(pctx context.Context, fakeaddrs string, dtr x.DNSTransport, l x
 		listener:     l,
 		smms:         make(chan *x.DNSSummary, 64),
 		transports:   make(map[string]Transport),
-		localdomains: newUndelegatedDomainsTrie(),
+		localdomains: ipmap.UndelegatedDomainsTrie,
 	}
 	r.loadaddrs(fakeaddrs)
 	r.gateway = NewDNSGateway(ctx, r.dnsaddrs, r, pt)
@@ -1050,6 +1050,19 @@ func (r *resolver) preferencesFrom(qname string, qtyp uint16, s *x.DNSOpts, chos
 	return
 }
 
+func (r *resolver) requiresGoosOrLocal(qname string) (id string) {
+	if strings.HasSuffix(qname, ".local") || xdns.IsMDNSQuery(qname) {
+		id = Local
+	} else if !settings.SystemDNSForUndelegatedDomains.Load() {
+		// todo: remove this once we let users "pin" domains to resolvers
+		// github.com/celzero/rethink-app/issues/1153
+		// skip override when preventing DNS capture on port53 is turned off
+	} else if len(qname) > 0 && r.localdomains.HasAny(x.StrOf(qname)) {
+		id = Goos // system is primary; see: transport.go:determineTransports()
+	}
+	return
+}
+
 func (r *resolver) chooseOne(ids ...string) string {
 	if len(ids) <= 0 {
 		return ""

intra/protect/ipmap/ipmap.go

@@ -35,6 +35,7 @@ import (
 	"github.com/celzero/firestack/intra/core"
 	"github.com/celzero/firestack/intra/log"
 	"github.com/celzero/firestack/intra/protect"
+	"github.com/celzero/firestack/intra/xdns"
 )
 
 const maxFailLimit = 8
@@ -66,6 +67,16 @@ func (h IPSetType) String() string {
 	}
 }
 
+var UndelegatedDomainsTrie = newUndelegatedDomainTrie()
+
+func newUndelegatedDomainTrie() x.RadixTree {
+	t := x.NewRadixTree()
+	for _, domain := range core.UndelegatedDomains {
+		t.Add(x.StrOf(domain))
+	}
+	return t
+}
+
 // IPMapper is an interface for resolving hostnames to IP addresses.
 // For internal used by firestack.
 type IPMapper interface {
@@ -263,12 +274,24 @@ func (m *ipmap) ReverseGetMany(n uint8) []string {
 	m.RLock()
 	defer m.RUnlock()
 
+	possiblyPublicHost := func(host string) bool {
+		if xdns.IsMDNSQuery(host) {
+			return false
+		}
+		if UndelegatedDomainsTrie.HasAny(x.StrOf(host)) {
+			return false
+		}
+		if _, err := netip.ParseAddr(host); err == nil {
+			return false // not a host, but an IP address
+		}
+		return strings.Contains(host, ".")
+	}
 	// TODO: use hosts with public prefixes
 	for host := range m.m {
 		if len(hosts) >= int(n) {
 			break
 		}
-		if _, err := netip.ParseAddr(host); err != nil {
+		if possiblyPublicHost(host) {
 			// append if not an IP address
 			hosts = append(hosts, host)
 		}
@@ -277,7 +300,7 @@ func (m *ipmap) ReverseGetMany(n uint8) []string {
 		if len(hosts) >= int(n) {
 			break
 		}
-		if _, err := netip.ParseAddr(host); err != nil {
+		if possiblyPublicHost(host) {
 			// append if not an IP address
 			hosts = append(hosts, host)
 		}