CalvinBackup/ctrld
1
0
Fork 0
mirror of https://github.com/Control-D-Inc/ctrld.git synced 2026-02-03 22:18:39 +00:00
Code Issues Packages Projects Releases Wiki Activity
776 Commits 25 Branches 31 Tags
v1.4.2
Commit Graph

776 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Cuong Manh Le
f5ba8be182 Use ControlD Public DNS when non-available 
This logic was missed when new initializing OS resolver logic was
implemented. While at it, also adding this test case to prevent
regression.
 2024-12-19 21:50:00 +07:00
Cuong Manh Le
a9f76322bd Bump quic-go to v0.48.2 
For fixing GO-2024-3302 (CVE-2024-53259)
 2024-12-19 21:50:00 +07:00
Cuong Manh Le
ed39269c80 Implementing new initializing OS resolver logic 
Since the nameservers that we got during startup are the good ones that
work, saving it for later usage if we could not find available ones.
 2024-12-19 21:50:00 +07:00
Cuong Manh Le
09426dcd36 cmd/cli: new flow for LAN hostname query 
If there is no explicit rules for LAN hostname queries, using OS
resolver instead of forwarding requests to remote upstreams.
 2024-12-19 21:50:00 +07:00
Cuong Manh Le
17941882a9 cmd/cli: split-route SRV record to OS resolver 
Since SRV record is mostly useful in AD environment. Even in non-AD one,
the OS resolver could still resolve the query for external services.

Users who want special treatment can still specify domain rules to
forward requests to ControlD upstreams explicitly.
 2024-12-19 21:50:00 +07:00
Cuong Manh Le
70ab8032a0 cmd/cli: silent WMI query 
The log is being printed by the wmi library, which may cause confusion.
 2024-12-19 21:50:00 +07:00
Cuong Manh Le
8360bdc50a cmd/cli: add split route AD top level domain on Windows 
The sub-domains are matched using wildcard domain rule, but this rule
won't match top level domain, causing requests are forwarded to ControlD
upstreams.

To fix this, add the split route for top level domain explicitly.
 2024-12-19 21:49:57 +07:00
Cuong Manh Le
6837176ec7 cmd/cli: get static DNS using syscall 2024-12-19 21:34:37 +07:00
Cuong Manh Le
5e9b4244e7 cmd/cli: get physical interfaces using Windows WMI 2024-12-19 21:34:26 +07:00
Cuong Manh Le
9b6a308958 cmd/cli: get AD domain using Windows API 2024-12-19 21:34:26 +07:00
Cuong Manh Le
71e327653a cmd/cli: check local DNS using Windows API 2024-12-19 21:34:21 +07:00
Cuong Manh Le
a56711796f cmd/cli: set DNS using Windows API 2024-12-19 21:32:49 +07:00
Cuong Manh Le
09495f2a7c Merge pull request #194 from Control-D-Inc/release-branch-v1.3.11 
Release branch v1.3.11
v1.3.11 		2024-11-20 12:54:22 +07:00
Cuong Manh Le
484643e114 cmd/cli: lowercase AD domain to be consistent with network rules 
While at it, also add a note that the domain comparison are done in
case-insensitive manner.
 2024-11-13 15:03:38 +07:00
Cuong Manh Le
da91aabc35 cmd/cli: ensure extra split rule is always written 
Otherwise, the rule may not be added if ctrld does not run in cd mode.
 2024-11-13 15:03:27 +07:00
Cuong Manh Le
c654398981 cmd/cli: make widcard rules match case-insensitively 
Domain name comparisons are done in case-insensitive manner.

See: https://datatracker.ietf.org/doc/html/rfc1034#section-3.1
 2024-11-13 15:03:17 +07:00
Cuong Manh Le
47a90ec2a1 cmd/cli: re-fetch pin code during deactivation checking 
So if the pin code was updated/removed, it will be checked correctly by
ctrld during stop/uninstall commands.
 2024-11-13 15:02:52 +07:00
Cuong Manh Le
2875e22d0b cmd/cli: re-fetch deactivation pin code when reloading API config 2024-11-13 15:01:44 +07:00
Cuong Manh Le
c5d14e0075 cmd/cli: only cleanup log file if set 
Otherwise, normalizeLogFilePath may return incorrect log file path,
causing invalid log file/backup initialization. Thus "--cleanup" will
complain about invalid files.
 2024-11-13 15:01:27 +07:00
Cuong Manh Le
84e06c363c Avoid tailscale.com/tsd dependency 
Since it brings gvisor.dev/gvisor to the dependency graph, causing the
binary size bloating on *nix (except darwin).
 2024-11-13 15:00:41 +07:00
Cuong Manh Le
5b9ccc5065 Merge pull request #182 from Control-D-Inc/release-branch-v1.3.10 
[WIP] Release branch v1.3.10
v1.3.10 		2024-10-29 14:56:32 +07:00
Cuong Manh Le
6ca1a7ccc7 .github/workflows: use go1.23.x 
And also upgrade staticcheck version to 2024.1.1
 2024-10-24 13:05:48 +07:00
Cuong Manh Le
9d666be5d4 all: add custom hostname support for provisoning 2024-10-24 13:05:48 +07:00
Cuong Manh Le
65de7edcde Only store last LAN server if available 
Otherwise, queries may still be forwarded to this un-available LAN
server, causing slow query time.
 2024-10-22 22:01:37 +07:00
Cuong Manh Le
0cdff0d368 Prefer LAN server answer over public one 
While at it, also implementing new OS resolver chosing logic, keeping
only 2 LAN servers at any time, 1 for current one, and 1 for last used
one.
 2024-10-22 00:14:32 +07:00
Cuong Manh Le
f87220a908 Avoid data race when initializing OS resolver 
With new leaking queries features, the initialization of OS resolver can
now lead to data race if queries are resolving while re-initialization
happens.

To fix it, using an atomic pointer to store list of nameservers which
were initialized, making read/write to the list concurrently safe.
 2024-10-17 23:41:12 +07:00
Cuong Manh Le
30ea0c6499 Log nameserver in OS resolver response 2024-10-17 23:41:12 +07:00
Cuong Manh Le
9501e35c60 Skip virtual interfaces when parsing route table 
Since routing through virtual interfaces may trigger DNS loop in VPN
like observing in UnifiOS Site Magic VPN.
 2024-10-12 00:12:46 +07:00
Cuong Manh Le
5ac9d17bdf cmd/cli: simplify queryFromSelf 
By using netmon.LocalAddresses instead of looping through interfaces
list manually.
 2024-10-08 22:08:48 +07:00
Cuong Manh Le
cb14992ddc Ignore local addresses for OS resolver 
Otherwise, DNS loop may be triggered if requests are forwarded from
ctrld to OS resolver.
 2024-10-08 22:08:48 +07:00
Cuong Manh Le
e88372fc8c cmd/cli: log request id when leaking 2024-09-30 18:21:30 +07:00
Cuong Manh Le
b320662d67 cmd/cli: emit warning for MacOS 15.0 in case of timeout error 2024-09-30 18:21:22 +07:00
Cuong Manh Le
ce353cd4d9 cmd/cli: write auto split rule for AD to config file 2024-09-30 18:21:11 +07:00
Cuong Manh Le
4befd33866 cmd/cli: notify log server before ctrld process exit 
So if ctrld process terminated for any reason, other processes will get
the signal immediately instead of waiting for timeout to report error.
 2024-09-30 18:20:56 +07:00
Cuong Manh Le
4b36e3ac44 Change test query to use controld.com 
Since some Active Directory could blocks clients to query for "."
 2024-09-30 18:20:39 +07:00
Cuong Manh Le
f507bc8f9e cmd/cli: cache query from self result 
So we don't waste time to compute a result which is not likely to be
changed.
 2024-09-30 18:20:39 +07:00
Cuong Manh Le
14c88f4a6d all: allow empty type for h3 and sdns 2024-09-30 18:20:39 +07:00
Cuong Manh Le
3e388c2857 all: leaking queries to OS resolver instead of SRVFAIL 
So it would work in more general case than just captive portal network,
which ctrld have supported recently.

Uses who may want no leaking behavior can use a config to turn off this
feature.
 2024-09-30 18:20:27 +07:00
Cuong Manh Le
cfe1209d61 cmd/cli: use powershell to get physical interfaces 2024-09-30 18:17:41 +07:00
Cuong Manh Le
5a88a7c22c cmd/cli: decouple reset DNS task from ctrld status 
So it can be run regardless of ctrld current status. This prevents a
racy behavior when reset DNS task restores DNS settings of the system,
but current running ctrld process may revert it immediately.
 2024-09-30 18:17:31 +07:00
Cuong Manh Le
8c661c4401 cmd/cli: fix typo in powershell command to get domain 2024-09-30 18:17:12 +07:00
Cuong Manh Le
e6f256d640 all: add pull API config based on special DNS query 
For query domain that matches "uid.verify.controld.com" in cd mode, and
the uid has the same value with "--cd" flag, ctrld will fetch uid config
from ControlD API, using this config if valid.

This is useful for force syncing API without waiting until the API
reload ticker fire.
 2024-09-30 18:17:00 +07:00
Cuong Manh Le
ede354166b cmd/cli: add split route AD domain on Windows 2024-09-30 18:16:47 +07:00
Cuong Manh Le
282a8ce78e all: add DNS Stamps support 
See: https://dnscrypt.info/stamps-specifications
 2024-09-30 18:15:16 +07:00
Cuong Manh Le
08fe04f1ee all: support h3:// protocol prefix 2024-09-30 18:15:01 +07:00
Cuong Manh Le
082d14a9ba cmd/cli: implement auto captive portal detection 
ControlD have global list of known captive portals that user can augment
with proper setup. However, this requires manual actions, and involving
restart ctrld for taking effects.

By allowing ctrld "leaks" DNS queries to OS resolver, this process
becomes automatically, the captive portal could intercept these queries,
and as long as it was passed, ctrld will resume normal operation.
 2024-09-30 18:14:46 +07:00
Cuong Manh Le
617674ce43 all: update tailscale.com to v1.74.0 2024-09-30 18:14:30 +07:00
Cuong Manh Le
7088df58dd Merge pull request #179 from Control-D-Inc/release-branch-v1.3.9 
Release branch v1.3.9
v1.3.9 		2024-09-18 23:50:57 +07:00
Cuong Manh Le
9cbd9b3e44 cmd/cli: use powershell to set/reset DNS on Windows 
Using netsh command will emit unexpected SOA queries, do not use it.

While at it, also ensure that local ipv6 will be added to nameservers
list on systems that require ipv6 local listener.
 2024-09-18 22:49:52 +07:00
Cuong Manh Le
e6586fd360 Merge pull request #169 from Control-D-Inc/release-branch-v1.3.8 
Release branch v1.3.8
v1.3.8 		2024-09-14 22:07:22 +07:00