kapiti 0.0.3

The Kapiti DNS Server
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278

use std::path::{Path, PathBuf};
use std::vec::Vec;

use anyhow::{Context, Result};
use hyper::{Client, Uri};
use sha2::{Digest, Sha256};
use tracing::trace;

use crate::filter::{path, reader, updater};
use crate::{fetcher, hyper_smol};

/// An iterator that goes over the parent domains of a provided child domain.
/// For example, www.domain.com => [www.domain.com, domain.com, com]
struct DomainParentIter<'a> {
    domain: &'a String,
    start_idx: usize,
}

impl<'a> DomainParentIter<'a> {
    fn new(domain: &'a String) -> DomainParentIter<'a> {
        DomainParentIter {
            domain,
            start_idx: 0,
        }
    }
}

impl<'a> Iterator for DomainParentIter<'a> {
    type Item = &'a str;

    fn next(&mut self) -> Option<&'a str> {
        if self.start_idx >= self.domain.len() {
            // Seeked past end of domain string, nothing left
            None
        } else {
            // Collect this result: everything from start_idx
            let remainder = &self.domain[self.start_idx..];
            // Update start for next result
            match remainder.find('.') {
                Some(idx) => {
                    // idx is within remainder's address space, which starts at start_idx
                    // add 1 to seek past the '.' itself
                    self.start_idx += idx + 1;
                }
                None => {
                    self.start_idx = self.domain.len();
                }
            }
            Some(remainder)
        }
    }
}

pub struct Filter {
    override_files: Vec<reader::FilterFile>,
    block_files: Vec<reader::FilterFile>,
}

impl Filter {
    pub fn new() -> Filter {
        Filter {
            override_files: vec![],
            block_files: vec![],
        }
    }

    pub fn update_override_entries(self: &mut Filter, files: Vec<reader::FilterFile>) {
        for file in files {
            upsert_entries(&mut self.override_files, file);
        }
    }

    pub fn update_block_entries(self: &mut Filter, files: Vec<reader::FilterFile>) {
        for file in files {
            upsert_entries(&mut self.block_files, file);
        }
    }

    pub fn set_hardcoded_block(self: &mut Filter, block_names: &[&str]) -> Result<()> {
        let hardcoded_entries = reader::block_hardcoded(block_names)?;
        upsert_entries(&mut self.block_files, hardcoded_entries);
        Ok(())
    }

    /// Search all filters for the domain in ancestor order.
    /// For example check all filters for 'www.example.com', then all again for 'example.com'.
    /// This allows file B with 'www.example.com' to take precedence over file A with 'example.com'
    /// Meanwhile if two files mention the exact same name then the first file in the list wins.
    /// So if file A says "127.0.0.1" and file B says "172.16.0.1" then "127.0.0.1" wins.
    pub fn check(
        self: &Filter,
        host: &String,
    ) -> Option<(&Option<reader::FileInfo>, &reader::FilterEntry)> {
        // NOTE: wildcards like 'foo*.example.com', 'foo.*.example.com' are not supported,
        // and it'd probably be too much trouble to deal with trying to support them.
        // Meanwhile due to how we parse the domains, wildcards like '*.example.com' are already supported.
        for domain_str in DomainParentIter::new(&host) {
            let domain = domain_str.to_string();
            for override_file in &self.override_files {
                match override_file.content.get(&domain) {
                    // Found in an override file: Tell upstream to let it through or use provided override value
                    Some(entry) => return Some((&override_file.info, entry)),
                    None => {}
                }
            }
            for block_file in &self.block_files {
                match block_file.content.get(&domain) {
                    // Found in block: Tell upstream to block it or use filter-provided override
                    Some(entry) => return Some((&block_file.info, entry)),
                    None => {}
                }
            }
        }

        return None;
    }
}

/// Returns the local path where the file was downloaded,
/// and whether the file was updated (true) or the update was skipped (false)
pub async fn update_if_url(
    fetch_client: &Client<hyper_smol::SmolConnector>,
    filters_dir: &PathBuf,
    filter_path_or_url: &String,
    timeout_ms: u64,
) -> Result<(reader::FileInfo, bool)> {
    // Check if this is a file or URL
    if let Ok(filter_uri) = Uri::try_from(filter_path_or_url) {
        // Filesystem paths can get parsed as URLs with no scheme
        if filter_uri.scheme() == None {
            trace!(
                "Assuming that no-schema filter path is local: {}",
                filter_path_or_url
            );
            return Ok((
                reader::FileInfo {
                    source_path: filter_path_or_url.clone(),
                    local_path: filter_path_or_url.clone(),
                },
                false,
            ));
        }

        let fetcher = fetcher::Fetcher::new(10 * 1024 * 1024, None);
        // We download files to the exact SHA of the URL string we were provided.
        // This is an easy way to avoid filename collisions in URLs: example1.com/hosts vs example2.com/hosts
        // If the user changes the URL string then that changes the SHA, perfect for "cache invalidation" purposes.
        let hosts_path_sha = Sha256::digest(filter_path_or_url.as_bytes());
        let download_path = Path::new(filters_dir).join(format!(
            "{:x}.sha256.{}",
            hosts_path_sha,
            path::ZSTD_EXTENSION
        ));
        let downloaded = updater::update_file(
            fetch_client,
            &fetcher,
            filter_path_or_url,
            download_path.as_path(),
            timeout_ms,
        )
        .await?;
        Ok((
            reader::FileInfo {
                source_path: filter_path_or_url.clone(),
                local_path: download_path
                    .to_str()
                    .with_context(|| format!("busted download path: {:?}", download_path))?
                    .to_string(),
            },
            downloaded,
        ))
    } else {
        trace!(
            "Assuming that non-url filter path is local: {}",
            filter_path_or_url
        );
        return Ok((
            reader::FileInfo {
                source_path: filter_path_or_url.clone(),
                local_path: filter_path_or_url.clone(),
            },
            false,
        ));
    }
}

fn upsert_entries(entries: &mut Vec<reader::FilterFile>, new_file: reader::FilterFile) {
    if let Some(new_file_info) = &new_file.info {
        // Before adding a new file entry, check for an existing file entry to be replaced/updated.
        for i in 0..entries.len() {
            let entry = entries.get(i).expect("incoherent vector size");
            if let Some(existing_file_info) = &entry.info {
                if existing_file_info.local_path == new_file_info.local_path {
                    // Delete or replace existing version
                    if new_file.content.is_empty() {
                        entries.remove(i);
                    } else {
                        entries.insert(i, new_file);
                    }
                    return;
                }
            }
        }
    }
    // Add new entry
    if !new_file.content.is_empty() {
        entries.push(new_file);
    }
}

#[cfg(test)]
mod tests {
    use super::*;

    #[test]
    fn iter_empty() {
        let domain = "".to_string();
        let mut iter = DomainParentIter::new(&domain);
        assert_eq!(None, iter.next());
    }

    #[test]
    fn iter_com() {
        let domain = "com".to_string();
        let mut iter = DomainParentIter::new(&domain);
        assert_eq!(Some("com"), iter.next());
        assert_eq!(None, iter.next());
    }

    #[test]
    fn iter_domaincom() {
        let domain = "domain.com".to_string();
        let mut iter = DomainParentIter::new(&domain);
        assert_eq!(Some("domain.com"), iter.next());
        assert_eq!(Some("com"), iter.next());
        assert_eq!(None, iter.next());
    }

    #[test]
    fn iter_wwwdomaincom() {
        let domain = "www.domain.com".to_string();
        let mut iter = DomainParentIter::new(&domain);
        assert_eq!(Some("www.domain.com"), iter.next());
        assert_eq!(Some("domain.com"), iter.next());
        assert_eq!(Some("com"), iter.next());
        assert_eq!(None, iter.next());
    }

    #[test]
    fn iter_wwwngeeknz() {
        let domain = "www.n.geek.nz".to_string();
        let mut iter = DomainParentIter::new(&domain);
        assert_eq!(Some("www.n.geek.nz"), iter.next());
        assert_eq!(Some("n.geek.nz"), iter.next());
        assert_eq!(Some("geek.nz"), iter.next());
        assert_eq!(Some("nz"), iter.next());
        assert_eq!(None, iter.next());
    }

    #[test]
    fn iter_averylongteststringwithmanysegments() {
        let domain = "a.very-long.test.string.with-many.segments".to_string();
        let mut iter = DomainParentIter::new(&domain);
        assert_eq!(
            Some("a.very-long.test.string.with-many.segments"),
            iter.next()
        );
        assert_eq!(
            Some("very-long.test.string.with-many.segments"),
            iter.next()
        );
        assert_eq!(Some("test.string.with-many.segments"), iter.next());
        assert_eq!(Some("string.with-many.segments"), iter.next());
        assert_eq!(Some("with-many.segments"), iter.next());
        assert_eq!(Some("segments"), iter.next());
        assert_eq!(None, iter.next());
    }
}