CalvinBackup/ctrld
1
0
Fork 0
mirror of https://github.com/Control-D-Inc/ctrld.git synced 2026-03-25 23:30:41 +01:00
Code Issues Packages Projects Releases Wiki Activity
837 Commits 28 Branches 32 Tags
a4f04188112b6314fbc72ee897cf09a400fe2853
Commit Graph

18 Commits

Author SHA1 Message Date
Cuong Manh Le
209c9211b9 fix(dns): handle empty and invalid IP addresses gracefully 
Add guard checks to prevent panics when processing client info with
empty IP addresses. Replace netip.MustParseAddr with ParseAddr to
handle invalid IP addresses gracefully instead of panicking.

Add test to verify queryFromSelf handles IP addresses safely.
 2026-03-03 14:24:07 +07:00
Cuong Manh Le
c7168739c7 cmd/cli: use OS resolver as default upstream for SRV lan hostname 
Since application may need SRV record for public domains, which could be
blocked by OS resolver, but not with remote upstreams.

This was reported by a Minecraft user, who seeing thing is broken after
upgrading to v1.4.0 release.
 2025-02-21 20:44:34 +07:00
Cuong Manh Le
cb49d0d947 cmd/cli: perform leaking queries in non-cd mode 2024-12-19 21:50:00 +07:00
Cuong Manh Le
09426dcd36 cmd/cli: new flow for LAN hostname query 
If there is no explicit rules for LAN hostname queries, using OS
resolver instead of forwarding requests to remote upstreams.
 2024-12-19 21:50:00 +07:00
Cuong Manh Le
17941882a9 cmd/cli: split-route SRV record to OS resolver 
Since SRV record is mostly useful in AD environment. Even in non-AD one,
the OS resolver could still resolve the query for external services.

Users who want special treatment can still specify domain rules to
forward requests to ControlD upstreams explicitly.
 2024-12-19 21:50:00 +07:00
Cuong Manh Le
c654398981 cmd/cli: make widcard rules match case-insensitively 
Domain name comparisons are done in case-insensitive manner.

See: https://datatracker.ietf.org/doc/html/rfc1034#section-3.1
 2024-11-13 15:03:17 +07:00
Cuong Manh Le
34ebe9b054 cmd/cli: allow MAC wildcard matching 2024-03-22 16:08:53 +07:00
Cuong Manh Le
71f26a6d81 Add prometheus exporter 
Updates #6
 2024-01-22 23:12:17 +07:00
Cuong Manh Le
41846b6d4c all: add config to enable/disable answering WAN clients 2023-12-13 14:53:29 +07:00
Cuong Manh Le
0bb51aa71d cmd/cli: add loop guard for LAN/PTR queries 2023-12-06 15:33:05 +07:00
Cuong Manh Le
af2c1c87e0 cmd/cli: improve logging for new LAN/PTR flow 2023-12-06 15:33:05 +07:00
Cuong Manh Le
5897c174d3 all: fix LAN hostname checking condition 
The LAN hostname in question is FQDN, "." suffix must be trimmed before
checking.

While at it, also add tests for LAN/PTR query checking functions.
 2023-12-06 15:33:05 +07:00
Cuong Manh Le
f9a3f4c045 Implement new flow for LAN and private PTR resolution 
- Use client info table.
 - If no sufficient data, use gateway/os/defined local upstreams.
 - If no data is returned, use remote upstream
 2023-11-30 18:28:51 +07:00
Cuong Manh Le
990bc620f7 cmd/cli: strip EDNS0_SUBNET for RFC 1918 and loopback address 
Since passing them to upstream is pointless, these cannot be used by
anything on the WAN.
 2023-11-09 00:23:38 +07:00
Cuong Manh Le
4816a09e3a all: use private resolver for private IP address 
These queries could not be resolved by Control D upstreams, so it's
useless and less performance to send them to servers.
 2023-11-08 23:51:18 +07:00
Cuong Manh Le
2440d922c6 all: add MAC address base policy 
While at it, also update the config doc to clarify the order of matching
preference, and the matter of rules order within each policy.
 2023-11-06 19:57:50 +07:00
Cuong Manh Le
0f3e8c7ada all: include client IP if ctrld is dnsmasq upstream 
So ctrld can record the raw/original client IP instead of looking up
from MAC to IP, which may not the right choice in some network setup
like using wireguard/vpn on Merlin router.
 2023-09-22 18:40:25 +07:00
Cuong Manh Le
829e93c079 cmd: allow import/running ctrld as library 2023-08-15 18:22:38 +07:00