Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Improve externally blocked detection #372

Merged
merged 3 commits into from
Sep 2, 2018
Merged

Improve externally blocked detection #372

Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
007a047
Detect upstream returned NULL address as externally blocked query
DL6ER Sep 2, 2018
b90f6a0
Also compare against IP adresses if serving content from cache
DL6ER Sep 2, 2018
cc5f8b5
Add clarifying comment
DL6ER Sep 2, 2018
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
99 changes: 67 additions & 32 deletions dnsmasq_interface.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,7 @@ void print_flags(unsigned int flags);
void save_reply_type(unsigned int flags, int queryID, struct timeval response);
unsigned long converttimeval(struct timeval time);
static void block_single_domain(char *domain);
static void detect_blocked_IP(unsigned short flags, char* answer, int queryID);
static void query_externally_blocked(int i);
static int findQueryID(int id);

Expand Down Expand Up @@ -478,33 +479,8 @@ void FTL_reply(unsigned short flags, char *name, struct all_addr *addr, int id)
query_externally_blocked(i);
}

// If received one of the following IPs as reply, OpenDNS
// (Cisco Umbrella) blocked this query
// See https://support.opendns.com/hc/en-us/articles/227986927-What-are-the-Cisco-Umbrella-Block-Page-IP-Addresses-
// for a full list of these IP addresses
else if(flags & F_IPV4 && answer != NULL &&
(strcmp("146.112.61.104", answer) == 0 ||
strcmp("146.112.61.105", answer) == 0 ||
strcmp("146.112.61.106", answer) == 0 ||
strcmp("146.112.61.107", answer) == 0 ||
strcmp("146.112.61.108", answer) == 0 ||
strcmp("146.112.61.109", answer) == 0 ||
strcmp("146.112.61.110", answer) == 0 ))
{
query_externally_blocked(i);
}

else if(flags & F_IPV6 && answer != NULL &&
(strcmp("::ffff:146.112.61.104", answer) == 0 ||
strcmp("::ffff:146.112.61.105", answer) == 0 ||
strcmp("::ffff:146.112.61.106", answer) == 0 ||
strcmp("::ffff:146.112.61.107", answer) == 0 ||
strcmp("::ffff:146.112.61.108", answer) == 0 ||
strcmp("::ffff:146.112.61.109", answer) == 0 ||
strcmp("::ffff:146.112.61.110", answer) == 0 ))
{
query_externally_blocked(i);
}
// Detect if returned IP indicates that this query was blocked
detect_blocked_IP(flags, answer, i);
}
}
else if(flags & F_REVERSE)
Expand All @@ -521,13 +497,62 @@ void FTL_reply(unsigned short flags, char *name, struct all_addr *addr, int id)
disable_thread_lock();
}

static void detect_blocked_IP(unsigned short flags, char* answer, int queryID)
{
// If received one of the following IPs as reply, OpenDNS
// (Cisco Umbrella) blocked this query
// See https://support.opendns.com/hc/en-us/articles/227986927-What-are-the-Cisco-Umbrella-Block-Page-IP-Addresses-
// for a full list of these IP addresses
if(flags & F_IPV4 && answer != NULL &&
(strcmp("146.112.61.104", answer) == 0 ||
strcmp("146.112.61.105", answer) == 0 ||
strcmp("146.112.61.106", answer) == 0 ||
strcmp("146.112.61.107", answer) == 0 ||
strcmp("146.112.61.108", answer) == 0 ||
strcmp("146.112.61.109", answer) == 0 ||
strcmp("146.112.61.110", answer) == 0 ))
{
query_externally_blocked(queryID);
}

else if(flags & F_IPV6 && answer != NULL &&
(strcmp("::ffff:146.112.61.104", answer) == 0 ||
strcmp("::ffff:146.112.61.105", answer) == 0 ||
strcmp("::ffff:146.112.61.106", answer) == 0 ||
strcmp("::ffff:146.112.61.107", answer) == 0 ||
strcmp("::ffff:146.112.61.108", answer) == 0 ||
strcmp("::ffff:146.112.61.109", answer) == 0 ||
strcmp("::ffff:146.112.61.110", answer) == 0 ))
{
query_externally_blocked(queryID);
}

// If upstream replied with 0.0.0.0 or ::,
// we assume that it filtered the reply as
// nothing is reachable under these addresses
else if(flags & F_IPV4 && answer != NULL &&
strcmp("0.0.0.0", answer) == 0)
{
query_externally_blocked(queryID);
}

else if(flags & F_IPV6 && answer != NULL &&
strcmp("::", answer) == 0)
{
query_externally_blocked(queryID);
}
}

static void query_externally_blocked(int i)
{
// Correct counters as we won't count this as forwarded ...
counters.forwardedqueries--;
overTime[queries[i].timeidx].forwarded--;
validate_access("forwarded", queries[i].forwardID, true, __LINE__, __FUNCTION__, __FILE__);
forwarded[queries[i].forwardID].count--;
// Correct counters if necessary ...
if(queries[i].status == QUERY_FORWARDED)
{
counters.forwardedqueries--;
overTime[queries[i].timeidx].forwarded--;
validate_access("forwarded", queries[i].forwardID, true, __LINE__, __FUNCTION__, __FILE__);
forwarded[queries[i].forwardID].count--;
}

// ... but as blocked
counters.blocked++;
Expand Down Expand Up @@ -647,6 +672,12 @@ void FTL_cache(unsigned int flags, char *name, struct all_addr *addr, char *arg,

queries[i].status = requesttype;

// Detect if returned IP indicates that this query was blocked
detect_blocked_IP(flags, dest, i);

// Re-read requesttype as detect_blocked_IP() might have changed it
requesttype = queries[i].status;

// Handle counters accordingly
switch(requesttype)
{
Expand All @@ -662,6 +693,10 @@ void FTL_cache(unsigned int flags, char *name, struct all_addr *addr, char *arg,
counters.cached++;
overTime[timeidx].cached++;
break;
case QUERY_EXTERNAL_BLOCKED:
// everything has already done
// in query_externally_blocked()
break;
}

// Save reply type and update individual reply counters
Expand Down