Implement blocking, fully compatible with rules from version 1

dnscrypt-proxy/plugins.go

@@ -1,9 +1,11 @@
 package main
 
 import (
+	"errors"
 	"net"
 	"sync"
 
+	"github.com/jedisct1/dlog"
 	"github.com/miekg/dns"
 )
 
@@ -43,6 +45,9 @@ func InitPluginsGlobals(pluginsGlobals *PluginsGlobals, proxy *Proxy) error {
 	if len(proxy.queryLogFile) != 0 {
 		*queryPlugins = append(*queryPlugins, Plugin(new(PluginQueryLog)))
 	}
+	if len(proxy.blockNameFile) != 0 {
+		*queryPlugins = append(*queryPlugins, Plugin(new(PluginBlockName)))
+	}
 	if proxy.pluginBlockIPv6 {
 		*queryPlugins = append(*queryPlugins, Plugin(new(PluginBlockIPv6)))
 	}
@@ -103,6 +108,9 @@ func (pluginsState *PluginsState) ApplyQueryPlugins(pluginsGlobals *PluginsGloba
 	if err := msg.Unpack(packet); err != nil {
 		return packet, err
 	}
+	if len(msg.Question) > 1 {
+		return packet, errors.New("Unexpected number of questions")
+	}
 	pluginsGlobals.RLock()
 	for _, plugin := range *pluginsGlobals.queryPlugins {
 		if ret := plugin.Eval(pluginsState, &msg); ret != nil {
@@ -110,6 +118,13 @@ func (pluginsState *PluginsState) ApplyQueryPlugins(pluginsGlobals *PluginsGloba
 			pluginsState.action = PluginsActionDrop
 			return packet, ret
 		}
+		if pluginsState.action == PluginsActionReject {
+			synth, err := RefusedResponseFromMessage(&msg)
+			if err != nil {
+				return nil, err
+			}
+			pluginsState.synthResponse = synth
+		}
 		if pluginsState.action != PluginsActionForward {
 			break
 		}
@@ -138,6 +153,14 @@ func (pluginsState *PluginsState) ApplyResponsePlugins(pluginsGlobals *PluginsGl
 			pluginsState.action = PluginsActionDrop
 			return packet, ret
 		}
+		if pluginsState.action == PluginsActionReject {
+			synth, err := RefusedResponseFromMessage(&msg)
+			if err != nil {
+				return nil, err
+			}
+			dlog.Infof("Blocking [%s]", synth.Question[0].Name)
+			pluginsState.synthResponse = synth
+		}
 		if pluginsState.action != PluginsActionForward {
 			break
 		}