Github
/
FTL
mirror of
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Report debug setting if enabled 

Signed-off-by: DL6ER <dl6er@dl6er.de>
This commit is contained in:
DL6ER 2021-06-10 12:30:02 +02:00
parent 55bf825a81
commit 018dc6788c
No known key found for this signature in database
GPG Key ID: 00135ACBD90B28DD
10 changed files with 55 additions and 199 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
src/api/auth.c
View File

@ -86,7 +86,7 @@ static void sha256_hex(uint8_t *data, char *buffer)
int check_client_auth(struct ftl_conn *api)
{
// Is the user requesting from localhost?
if(!config.http.api_auth_for_localhost && (strcmp(api->request->remote_addr, LOCALHOSTv4) == 0 ||
if(!config.http.localAPIauth && (strcmp(api->request->remote_addr, LOCALHOSTv4) == 0 ||
strcmp(api->request->remote_addr, LOCALHOSTv6) == 0))
{
return API_AUTH_LOCALHOST;
@ -179,12 +179,12 @@ int check_client_auth(struct ftl_conn *api)
// Update timestamp of this client to extend
// the validity of their API authentication
auth_data[user_id].valid_until = now + config.http.session_timeout;
auth_data[user_id].valid_until = now + config.http.sessionTimeout;
// Update user cookie
if(snprintf(pi_hole_extra_headers, sizeof(pi_hole_extra_headers),
FTL_SET_COOKIE,
auth_data[user_id].sid, config.http.session_timeout) < 0)
auth_data[user_id].sid, config.http.sessionTimeout) < 0)
{
return send_json_error(api, 500, "internal_error", "Internal server error", NULL);
}
@ -488,7 +488,7 @@ int api_auth(struct ftl_conn *api)
if(!auth_data[i].used)
{
auth_data[i].used = true;
auth_data[i].valid_until = now + config.http.session_timeout;
auth_data[i].valid_until = now + config.http.sessionTimeout;
strncpy(auth_data[i].remote_addr, api->request->remote_addr, sizeof(auth_data[i].remote_addr));
auth_data[i].remote_addr[sizeof(auth_data[i].remote_addr)-1] = '\0';
generateSID(auth_data[i].sid);

10
src/config/config.c
View File

@ -36,8 +36,8 @@ void setDefaults(void)
defaults.DBimport = true;
defaults.parse_arp_cache = true;
defaults.cname_deep_inspection = true;
defaults.block_esni = true;
defaults.names_from_netdb = true;
defaults.blockESNI = true;
defaults.networkNames = true;
defaults.edns0_ecs = true;
// enums
@ -52,7 +52,7 @@ void setDefaults(void)
defaults.network_expire = defaults.maxDBdays;
// unsigned integer
defaults.maxlogage = MAXLOGAGE*3600;
defaults.maxHistory = MAXLOGAGE*3600;
defaults.delay_startup = 0;
defaults.DBinterval = 60;
@ -67,9 +67,9 @@ void setDefaults(void)
memset(&defaults.reply_addr.v6, 0, sizeof(config.reply_addr.v6));
// struct http
defaults.http.api_auth_for_localhost = true;
defaults.http.localAPIauth = true;
defaults.http.prettyJSON = false;
defaults.http.session_timeout = 300;
defaults.http.sessionTimeout = 300;
defaults.http.domain = (char*)"pi.hole";
defaults.http.acl = (char*)"+0.0.0.0/0";
defaults.http.port = (char*)"8080,[::]:8080";

12
src/config/config.h
View File

@ -48,8 +48,8 @@ typedef struct {
bool DBexport; // set in database/common.c
bool parse_arp_cache;
bool cname_deep_inspection;
bool block_esni;
bool names_from_netdb;
bool blockESNI;
bool networkNames;
bool edns0_ecs;
enum privacy_level privacylevel;
enum blocking_mode blockingmode;
@ -58,9 +58,9 @@ typedef struct {
int nice;
int maxDBdays;
int network_expire;
unsigned int maxlogage;
unsigned int maxHistory;
unsigned int delay_startup;
unsigned int DBinterval;// +
unsigned int DBinterval;
unsigned int dns_port; // set in fork_and_bind.c
struct {
unsigned int count;
@ -73,9 +73,9 @@ typedef struct {
struct in6_addr v6;
} reply_addr;
struct {
bool api_auth_for_localhost;
bool localAPIauth;
bool prettyJSON;
unsigned int session_timeout;
unsigned int sessionTimeout;
char *domain;
char *acl;
char *port;

10
src/config/legacy_reader.c
View File

@ -182,7 +182,7 @@ const char *readFTLlegacy(void)
if(buffer != NULL && sscanf(buffer, "%f", &fvalue))
{
if(fvalue >= 0.0f && fvalue <= 1.0f*MAXLOGAGE)
config.maxlogage = (int)(fvalue * 3600);
config.maxHistory = (int)(fvalue * 3600);
}
// PRIVACYLEVEL
@ -256,7 +256,7 @@ const char *readFTLlegacy(void)
// BLOCK_ESNI
// defaults to: true
buffer = parseFTLconf(fp, "BLOCK_ESNI");
parseBool(buffer, &config.block_esni);
parseBool(buffer, &config.blockESNI);
// WEBROOT
getPath(fp, "WEBROOT", &config.http.paths.webroot);
@ -302,7 +302,7 @@ const char *readFTLlegacy(void)
// API_AUTH_FOR_LOCALHOST
// defaults to: true
buffer = parseFTLconf(fp, "API_AUTH_FOR_LOCALHOST");
parseBool(buffer, &config.http.api_auth_for_localhost);
parseBool(buffer, &config.http.localAPIauth);
// API_SESSION_TIMEOUT
// How long should a session be considered valid after login?
@ -311,7 +311,7 @@ const char *readFTLlegacy(void)
value = 0;
if(buffer != NULL && sscanf(buffer, "%i", &value) && value > 0)
config.http.session_timeout = value;
config.http.sessionTimeout = value;
// API_PRETTY_JSON
// defaults to: false
@ -359,7 +359,7 @@ const char *readFTLlegacy(void)
// device. This behavior can be disabled using NAMES_FROM_NETDB=false
// defaults to: true
buffer = parseFTLconf(fp, "NAMES_FROM_NETDB");
parseBool(buffer, &config.names_from_netdb);
parseBool(buffer, &config.networkNames);
// EDNS0_ECS
// Should we overwrite the query source when client information is

196
src/config/toml_reader.c
View File

@ -29,7 +29,7 @@
// Private prototypes
static toml_table_t *parseTOML(void);
static void reportConfig(void);
static void reportDebugConfig(void);
bool readFTLtoml(void)
{
@ -60,7 +60,7 @@ bool readFTLtoml(void)
toml_datum_t block_esni = toml_bool_in(dns, "blockESNI");
if(block_esni.ok)
config.block_esni = cname_deep_inspect.u.b;
config.blockESNI = cname_deep_inspect.u.b;
else
log_debug(DEBUG_CONFIG, "dns.blockESNI DOES NOT EXIST");
@ -137,7 +137,7 @@ bool readFTLtoml(void)
toml_datum_t network_names = toml_bool_in(resolver, "networkNames");
if(network_names.ok)
config.names_from_netdb = network_names.u.b;
config.networkNames = network_names.u.b;
else
log_debug(DEBUG_CONFIG, "resolver.networkNames DOES NOT EXIST");
@ -179,12 +179,12 @@ bool readFTLtoml(void)
{
// Sanity check
if(max_history.u.i >= 0.0 && max_history.u.i <= MAXLOGAGE * 3600)
config.maxlogage = max_history.u.i;
config.maxHistory = max_history.u.i;
else
log_warn("Invalid setting for database.maxHistory, using default");
}
else
log_debug(DEBUG_CONFIG, "database.maxlogage DOES NOT EXIST");
log_debug(DEBUG_CONFIG, "database.maxHistory DOES NOT EXIST");
toml_datum_t maxdbdays = toml_int_in(database, "maxDBdays");
if(maxdbdays.ok)
@ -249,9 +249,9 @@ bool readFTLtoml(void)
toml_table_t *http = toml_table_in(conf, "http");
if(http)
{
toml_datum_t api_auth_for_localhost = toml_bool_in(http, "localAPIauth");
if(api_auth_for_localhost.ok)
config.http.api_auth_for_localhost = api_auth_for_localhost.u.b;
toml_datum_t localAPIauth = toml_bool_in(http, "localAPIauth");
if(localAPIauth.ok)
config.http.localAPIauth = localAPIauth.u.b;
else
log_debug(DEBUG_CONFIG, "http.localAPIauth DOES NOT EXIST");
@ -261,11 +261,11 @@ bool readFTLtoml(void)
else
log_debug(DEBUG_CONFIG, "http.prettyJSON DOES NOT EXIST");
toml_datum_t session_timeout = toml_int_in(http, "sessionTimeout");
if(session_timeout.ok)
toml_datum_t sessionTimeout = toml_int_in(http, "sessionTimeout");
if(sessionTimeout.ok)
{
if(session_timeout.u.i >= 0)
config.http.session_timeout = session_timeout.u.i;
if(sessionTimeout.u.i >= 0)
config.http.sessionTimeout = sessionTimeout.u.i;
else
log_warn("Invalid setting for http.sessionTimeout, using default");
}
@ -418,10 +418,6 @@ bool readFTLtoml(void)
}
toml_free(conf);
// Only report config options when debugging
if(config.debug & DEBUG_CONFIG)
reportConfig();
return true;
}
@ -582,6 +578,8 @@ bool readDebugSettings(void)
// External variable
debug_dnsmasq_lines = config.debug & DEBUG_DNSMASQ_LINES ? 1 : 0;
reportDebugConfig();
toml_free(conf);
return true;
}
@ -620,161 +618,19 @@ bool getLogFilePathTOML(void)
return true;
}
static void reportConfig(void)
static void reportDebugConfig(void)
{
log_debug(DEBUG_CONFIG, "Config file parsing result:");
switch(config.blockingmode)
if(!config.debug)
return;
log_debug(DEBUG_ANY, "***********************");
log_debug(DEBUG_ANY, "* DEBUG SETTINGS *");
for(enum debug_flag flag = DEBUG_DATABASE; flag < DEBUG_EXTRA; flag <<= 1)
{
case MODE_NX:
log_debug(DEBUG_CONFIG, " dns.blockingmode: NXDOMAIN for blocked domains");
break;
case MODE_NULL:
log_debug(DEBUG_CONFIG, " dns.blockingmode: Null IPs for blocked domains");
break;
case MODE_IP_NODATA_AAAA:
log_debug(DEBUG_CONFIG, " dns.blockingmode: Pi-hole's IP + NODATA-IPv6 for blocked domains");
break;
case MODE_NODATA:
log_debug(DEBUG_CONFIG, " dns.blockingmode: Using NODATA for blocked domains");
break;
case MODE_IP:
log_debug(DEBUG_CONFIG, " dns.blockingmode: Pi-hole's IPs for blocked domains");
break;
case MODE_MAX:
log_debug(DEBUG_CONFIG, " dns.blockingmode: INVALID");
break;
const char *name, *desc;
debugstr(flag, &name, &desc);
unsigned int spaces = 20 - strlen(name);
log_debug(DEBUG_ANY, "* %s:%*s %s", name+6, spaces, "", config.debug & flag ? "YES *" : "NO *");
}
if(config.cname_deep_inspection)
log_debug(DEBUG_CONFIG, " dns.cname_deep_inspect: Active");
else
log_debug(DEBUG_CONFIG, " dns.cname_deep_inspect: Inactive");
if(config.block_esni)
log_debug(DEBUG_CONFIG, " dns.block_esni: Enabled, blocking _esni.{blocked domain}");
else
log_debug(DEBUG_CONFIG, " dns.block_esni: Disabled");
if(config.edns0_ecs)
log_debug(DEBUG_CONFIG, " dns.block_esni: Overwrite client from ECS information");
else
log_debug(DEBUG_CONFIG, " dns.block_esni: Don't use ECS information");
if(config.ignore_localhost)
log_debug(DEBUG_CONFIG, " dns.ignore_localhost: Hide queries from localhost");
else
log_debug(DEBUG_CONFIG, " dns.ignore_localhost: Show queries from localhost");
if(config.reply_addr.overwrite_v4)
{
char addr[INET_ADDRSTRLEN] = { 0 };
inet_ntop(AF_INET, &config.reply_addr.v4, addr, INET_ADDRSTRLEN);
log_debug(DEBUG_CONFIG, " dns.ip_blocking.ipv4: Using IPv4 address %s in IP blocking mode", addr);
}
else
log_debug(DEBUG_CONFIG, " dns.ip_blocking.ipv4: Automatic interface-dependent detection of address");
if(config.reply_addr.overwrite_v6)
{
char addr[INET6_ADDRSTRLEN] = { 0 };
inet_ntop(AF_INET6, &config.reply_addr.v6, addr, INET6_ADDRSTRLEN);
log_debug(DEBUG_CONFIG, " dns.ip_blocking.ipv6: Using IPv6 address %s in IP blocking mode", addr);
}
else
log_debug(DEBUG_CONFIG, " dns.ip_blocking.ipv6: Automatic interface-dependent detection of address");
if(config.rate_limit.count > 0)
log_debug(DEBUG_CONFIG, " dns.rate_limit: Rate-limiting client making more than %u queries in %u second%s",
config.rate_limit.count, config.rate_limit.interval, config.rate_limit.interval == 1 ? "" : "s");
else
log_debug(DEBUG_CONFIG, " dns.rate_limit: Disabled");
if(config.resolveIPv4)
log_debug(DEBUG_CONFIG, " dns.resolver.resolve_ipv4: Resolve IPv4 addresses");
else
log_debug(DEBUG_CONFIG, " dns.resolver.resolve_ipv4: Don\'t resolve IPv4 addresses");
if(config.resolveIPv6)
log_debug(DEBUG_CONFIG, " dns.resolver.resolve_ipv6: Resolve IPv6 addresses");
else
log_debug(DEBUG_CONFIG, " dns.resolver.resolve_ipv6: Don\'t resolve IPv6 addresses");
switch(config.refresh_hostnames)
{
case REFRESH_ALL:
log_debug(DEBUG_CONFIG, " dns.resolver.refresh_hostnames: Periodically refreshing all names");
break;
case REFRESH_NONE:
log_debug(DEBUG_CONFIG, " dns.resolver.refresh_hostnames: Not periodically refreshing names");
break;
case REFRESH_UNKNOWN:
log_debug(DEBUG_CONFIG, " dns.resolver.refresh_hostnames: Only refreshing recently active clients with unknown hostnames");
break;
case REFRESH_IPV4_ONLY:
log_debug(DEBUG_CONFIG, " dns.resolver.refresh_hostnames: Periodically refreshing IPv4 names");
break;
}
if(config.DBimport)
{
log_debug(DEBUG_CONFIG, " database.dbimport/.maxlogage: Importing up to %.1f hours of log data history from database",
(float)config.maxlogage/3600.0);
if(config.maxDBdays == 0)
log_debug(DEBUG_CONFIG, " Hint: Exporting queries has been disabled (database.maxlogage=0)!");
}
else
log_debug(DEBUG_CONFIG, " database.dbimport: Not importing history from database");
if(config.maxDBdays == 0)
log_debug(DEBUG_CONFIG, " database.maxdbdays: --- (DB disabled)");
else if(config.maxDBdays == -1)
log_debug(DEBUG_CONFIG, " database.maxdbdays: --- (cleaning disabled)");
else
log_debug(DEBUG_CONFIG, " database.maxdbdays: max age for stored queries is %i days", config.maxDBdays);
if(config.DBinterval == defaults.DBinterval)
log_debug(DEBUG_CONFIG, " database.dbinterval: saving to DB file every minute");
else
log_debug(DEBUG_CONFIG, " database.dbinterval: saving to DB file every %u seconds", config.DBinterval);
if(config.parse_arp_cache)
log_debug(DEBUG_CONFIG, " database.network.parse_arp: Active");
else
log_debug(DEBUG_CONFIG, " database.network.parse_arp: Inactive");
if(config.network_expire > 0)
log_debug(DEBUG_CONFIG, " database.network.expire: Removing IP addresses and host names from network table after %u days",
config.network_expire);
else
log_debug(DEBUG_CONFIG, " database.network.expire: No automated removal of IP addresses and host names from the network table");
if(config.names_from_netdb)
log_debug(DEBUG_CONFIG, " database.network.import_names: Enabled, trying to get hostnames from network database");
else
log_debug(DEBUG_CONFIG, " database.network.import_names: Disabled");
log_debug(DEBUG_CONFIG, " misc.privacylevel: Set to %d", config.privacylevel);
log_debug(DEBUG_CONFIG, " misc.nice: Set process niceness to %d", config.nice);
if(config.delay_startup > 0)
log_debug(DEBUG_CONFIG, " misc.delay_startup: Requested to wait %u seconds during startup.", config.delay_startup);
else
log_debug(DEBUG_CONFIG, " misc.delay_startup: No delay requested.");
if(config.debug)
{
char buffer[64];
for(enum debug_flag flag = DEBUG_DATABASE; flag < DEBUG_EXTRA; flag <<= 1)
{
const char *name, *desc;
debugstr(flag, &name, &desc);
memset(buffer, 0, sizeof(buffer));
strcpy(buffer, name+6); // offset "debug_"
strtolower(buffer);
log_debug(DEBUG_CONFIG, " debug.%s: %s", name, config.debug & flag ? "true" : "false");
}
}
else
log_debug(DEBUG_CONFIG, " debug: No debugging enabled");
log_debug(DEBUG_ANY, "***********************");
}

10
src/config/toml_writer.c
View File

@ -48,7 +48,7 @@ bool writeFTLtoml(void)
const char *defblockingmode = get_blocking_mode_str(defaults.blockingmode);
catTOMLstring(fp, 1, "blockingmode", "How should FTL reply to blocked queries?", "[ \"NULL\", \"IP-NODATA-AAAA\", \"IP\", \"NXDOMAIN\" ]", blockingmode, defblockingmode);
catTOMLbool(fp, 1, "CNAMEdeepInspect", "Should FTL walk CNAME paths?", config.cname_deep_inspection, defaults.cname_deep_inspection);
catTOMLbool(fp, 1, "blockESNI", "Should _esni. subdomains be blocked by default?", config.block_esni, defaults.block_esni);
catTOMLbool(fp, 1, "blockESNI", "Should _esni. subdomains be blocked by default?", config.blockESNI, defaults.blockESNI);
catTOMLbool(fp, 1, "EDNS0ECS", "Should FTL analyze possible ECS information to obtain client IPs hidden behind NATs?", config.edns0_ecs, defaults.edns0_ecs);
catTOMLbool(fp, 1, "ignoreLocalhost", "Should FTL hide queries made by localhost?", config.ignore_localhost, defaults.ignore_localhost);
@ -80,7 +80,7 @@ bool writeFTLtoml(void)
catTOMLbool(fp, 1, "resolveIPv6", "Should FTL try to resolve IPv6 addresses to hostnames?", config.resolveIPv6, defaults.resolveIPv6);
const char *refresh = get_refresh_hostnames_str(config.refresh_hostnames);
const char *refresh_default = get_refresh_hostnames_str(defaults.refresh_hostnames);
catTOMLbool(fp, 1, "networkNames", "Try to obtain client names from the network table", config.names_from_netdb, defaults.names_from_netdb);
catTOMLbool(fp, 1, "networkNames", "Try to obtain client names from the network table", config.networkNames, defaults.networkNames);
catTOMLstring(fp, 1, "refresh", "How (and if) hourly PTR lookups should be made", "[ \"IPV4_ONLY\", \"ALL\", \"UNKNOWN\", \"NONE\" ]", refresh, refresh_default);
@ -88,7 +88,7 @@ bool writeFTLtoml(void)
// [database] section
catTOMLsection(fp, 0, "database");
catTOMLbool(fp, 1, "DBimport", "Should FTL load information from the database on startup to be aware of the most recent history?", config.DBimport, defaults.DBimport);
catTOMLuint(fp, 1, "maxHistory", "How much history should be imported from the database [seconds]? (max 24*60*60 = 86400)", config.maxlogage, defaults.maxlogage);
catTOMLuint(fp, 1, "maxHistory", "How much history should be imported from the database [seconds]? (max 24*60*60 = 86400)", config.maxHistory, defaults.maxHistory);
catTOMLint(fp, 1, "maxDBdays", "How long should queries be stored in the database [days]?", config.maxDBdays, defaults.maxDBdays);
catTOMLint(fp, 1, "DBinterval", "How often do we store queries in FTL's database [seconds]?", config.DBinterval, defaults.DBinterval);
@ -103,9 +103,9 @@ bool writeFTLtoml(void)
// [http] section
catTOMLsection(fp, 0, "http");
catTOMLbool(fp, 1, "localAPIauth", "Does local clients need to authenticate to access the API?", config.http.api_auth_for_localhost, defaults.http.api_auth_for_localhost);
catTOMLbool(fp, 1, "localAPIauth", "Does local clients need to authenticate to access the API?", config.http.localAPIauth, defaults.http.localAPIauth);
catTOMLbool(fp, 1, "prettyJSON", "Should FTL insert extra spaces to prettify the API output?", config.http.prettyJSON, defaults.http.prettyJSON);
catTOMLuint(fp, 1, "sessionTimeout", "How long should a session be considered valid after login [seconds]?", config.http.session_timeout, defaults.http.session_timeout);
catTOMLuint(fp, 1, "sessionTimeout", "How long should a session be considered valid after login [seconds]?", config.http.sessionTimeout, defaults.http.sessionTimeout);
catTOMLstring(fp, 1, "domain", "On which domain is the web interface served?", "<valid domain>", config.http.domain, defaults.http.domain);
// Webserver access control list
// Allows restrictions to be put on the list of IP addresses which have access to our web server.

2
src/database/query-table.c
View File

@ -335,7 +335,7 @@ bool import_queries_from_disk(void)
// Get time stamp 24 hours (or what was configured) in the past
bool okay = false;
const double now = double_time();
const double mintime = now - config.maxlogage;
const double mintime = now - config.maxHistory;
const char *querystr = "INSERT INTO queries SELECT * FROM disk.queries WHERE timestamp >= ?";
// Attach disk database

2
src/gc.c
View File

@ -72,7 +72,7 @@ void *GC_thread(void *val)
lock_shm();
// Get minimum timestamp to keep (this can be set with MAXLOGAGE)
time_t mintime = (now - GCdelay) - config.maxlogage;
time_t mintime = (now - GCdelay) - config.maxHistory;
// Align to the start of the next hour. This will also align with
// the oldest overTime interval after GC is done.

2
src/hooks/check_blocking.c
View File

@ -217,7 +217,7 @@ bool _FTL_check_blocking(int queryID, int domainID, int clientID, const char **b
}
// Check blacklist (exact + regex) and gravity for _esni.domain if enabled (defaulting to true)
if(config.block_esni && !query->flags.allowed && !blockDomain && strncasecmp(domainstr, "_esni.", 6u) == 0)
if(config.blockESNI && !query->flags.allowed && !blockDomain && strncasecmp(domainstr, "_esni.", 6u) == 0)
{
blockDomain = check_domain_blocked(domainstr + 6u, clientID, client, query, dns_cache, blockingreason, &new_status);

2
src/resolve.c
View File

@ -315,7 +315,7 @@ static size_t resolveAndAddHostname(size_t ippos, size_t oldnamepos)
// If no hostname was found, try to obtain hostname from the network table
// This may be disabled due to a user setting
if(strlen(newname) == 0 && config.names_from_netdb)
if(strlen(newname) == 0 && config.networkNames)
{
free(newname);
newname = getNameFromIP(NULL, ipaddr);