Skip to content

fix(adblock): resolve race condition on rapid DNS domain changes#1673

Merged
gsanchietti merged 1 commit into
NethServer:adblock-updatefrom
gsanchietti:issue1572
May 15, 2026
Merged

fix(adblock): resolve race condition on rapid DNS domain changes#1673
gsanchietti merged 1 commit into
NethServer:adblock-updatefrom
gsanchietti:issue1572

Conversation

@gsanchietti
Copy link
Copy Markdown
Member

@gsanchietti gsanchietti commented May 15, 2026
edited
Loading

Summary

Rebase the DNS local allow/block list race fix onto the updated
adblock-update branch.

Store Threat Shield DNS local list changes in UCI, write the adblock
allow/block list files during reload, and migrate existing list files
to the new staged storage.

Supersedes #1663.

Related

See #1572
UI changes: NethServer/nethsecurity-ui#766

How to test

  1. On a firewall with the updated adblock package, add several DNS
    allow/block entries quickly with api-cli ns.threatshield dns-add-*.
  2. Confirm api-cli ns.threatshield dns-list-allowed and
    dns-list-blocked return all staged entries before commit.
  3. Confirm /etc/adblock/adblock.allowlist and
    /etc/adblock/adblock.blocklist stay unchanged before commit.
  4. Run uci commit adblock && reload_config.
  5. Verify the physical adblock list files contain the staged entries.

Dependencies

@gsanchietti gsanchietti self-assigned this May 15, 2026
@gsanchietti gsanchietti force-pushed the issue1572 branch 2 times, most recently from 21f1d37 to ead35d9 Compare May 15, 2026 08:04
@gsanchietti gsanchietti mentioned this pull request May 15, 2026
Merged
@gsanchietti gsanchietti requested a review from Tbaile May 15, 2026 08:06
@gsanchietti gsanchietti marked this pull request as ready for review May 15, 2026 08:07
Tbaile
Tbaile approved these changes May 15, 2026
View reviewed changes
Copy link
Copy Markdown
Collaborator

@Tbaile Tbaile left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fine by me, we should remove

/etc/adblock/adblock.allowlist
/etc/adblock/adblock.blocklist

from the config files of adblock

@gsanchietti
Copy link
Copy Markdown
Member Author

gsanchietti commented May 15, 2026

Fine by me, we should remove

/etc/adblock/adblock.allowlist
/etc/adblock/adblock.blocklist

from the config files of adblock

I'm doing it

@gsanchietti
fix(adblock): stage dns list changes
6aeb65f 
Store Threat Shield DNS local allow and block list edits in UCI
so rapid API calls no longer rewrite adblock files or restart the
service immediately.

Write the physical adblock list files during the next reload, add a
one-shot migration for existing list files, and document the staged
workflow for the affected API methods.

Refs NethServer#1572
Assisted-by: Copilot:gpt-5.4
@gsanchietti gsanchietti merged commit 4256908 into NethServer:adblock-update May 15, 2026
1 check failed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Tbaile Tbaile Tbaile approved these changes

Assignees

@gsanchietti gsanchietti

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@gsanchietti @Tbaile