feat(proxy): expose local block-list controls

maybeknott · maybeknott · commit feee67fd1922 · 2026-05-24T23:57:24.000+03:30
Add a desktop UI editor for network.block_hosts so local quota-saving block rules can be managed without hand-editing config.toml. The editor stores one hostname per line, trims blank and comment lines on save, preserves existing exact-host and leading-dot suffix semantics, and shows the number of active local block rules before the user saves or starts the proxy.

Account for local block-list decisions at the proxy short-circuit points. HTTP CONNECT and plain HTTP blocks increment the counter before returning a local 204, SOCKS5 CONNECT increments before returning the ruleset failure reply, SOCKS5 UDP increments before dropping a blocked datagram, and the shared dispatch guard increments before dropping a blocked tunnel path. Apps Script and Full-mode servers share the same counter with DomainFronter so relay stats reflect traffic avoided before any relay, tunnel-node, SNI rewrite, or upstream SOCKS5 work is opened.

Extend StatsSnapshot, the human-readable stats line, and the JSON stats export with blocked_requests. This gives the desktop traffic panel and Android/JNI consumers a stable numeric field for local block-list hits without changing the existing cache, quota, h2, or per-site fields.

Document the UI editor, the TOML representation, the matching rules, and the blocked_requests telemetry in the English and Persian guides. Add block_hosts comments to the shipped TOML examples so configuration-facing behavior is visible from the sample files.

Add focused regression coverage for block-host editor parsing and stats export formatting. Verification: git diff --check passed. cargo test stats_snapshot_exports_local_block_counter --lib and cargo test --bin mhrv-rs-ui host_list_editor could not run because winnow v0.7.15 is not available locally and static.crates.io timed out while Cargo attempted to download it.
diff --git a/config.direct.example.toml b/config.direct.example.toml
@@ -8,6 +8,8 @@ listen_host = "127.0.0.1"
 listen_port = 8085
 socks5_port = 8086
 verify_ssl = true
+# Local block-list rules answered before relay/tunnel dispatch.
+# Exact hostnames match only themselves; leading-dot entries also match subdomains.
 block_hosts = []
 
 [network.hosts]
diff --git a/docs/guide.fa.md b/docs/guide.fa.md
@@ -215,7 +215,9 @@ HTTP / HTTPS مثل قبل از Apps Script می‌رود (تغییری نمی
 block_hosts = ["ads.example.com", ".tracker.example"]
 ```
 
-درخواست‌های HTTP و HTTP CONNECT مسدودشده پاسخ محلی `204 No Content` می‌گیرند. درخواست‌های SOCKS5 CONNECT قبل از باز شدن هر اتصال خروجی، reply خطای ruleset می‌گیرند.
+همین لیست از UI دسکتاپ هم قابل ویرایش است: **Advanced → Block hosts**. هر خط یک hostname است و هنگام Save دوباره در `network.block_hosts` ذخیره می‌شود؛ قوانین exact-match و suffix-match دقیقاً مثل تنظیم TOML باقی می‌ماند.
+
+درخواست‌های HTTP و HTTP CONNECT مسدودشده پاسخ محلی `204 No Content` می‌گیرند. درخواست‌های SOCKS5 CONNECT قبل از باز شدن هر اتصال خروجی، reply خطای ruleset می‌گیرند. پنل Traffic در UI دسکتاپ و خروجی JSON آمار، مقدار `blocked_requests` را نشان می‌دهند؛ یعنی تعداد hitهای block-list که قبل از relay، tunnel-node، بازنویسی SNI، یا SOCKS5 upstream متوقف شده‌اند.
 
 ## حالت تونل کامل
 
diff --git a/docs/guide.md b/docs/guide.md
@@ -215,7 +215,9 @@ Use `block_hosts` for destinations that should be answered locally instead of sp
 block_hosts = ["ads.example.com", ".tracker.example"]
 ```
 
-Blocked HTTP and HTTP CONNECT requests receive a local `204 No Content` response. SOCKS5 CONNECT requests receive a ruleset failure reply before any outbound connection is opened.
+You can edit the same list in the desktop UI under **Advanced → Block hosts**. The editor saves one hostname per line back to `network.block_hosts`, preserving the same exact-match and suffix-match behavior as the TOML field.
+
+Blocked HTTP and HTTP CONNECT requests receive a local `204 No Content` response. SOCKS5 CONNECT requests receive a ruleset failure reply before any outbound connection is opened. The desktop traffic panel and stats JSON expose `blocked_requests`, which counts local block-list hits that avoided relay, tunnel-node, SNI rewrite, and upstream SOCKS5 dispatch.
 
 ## Full Tunnel mode
 
diff --git a/src/bin/ui.rs b/src/bin/ui.rs
@@ -252,12 +252,11 @@ struct FormState {
     normalize_x_graphql: bool,
     youtube_via_relay: bool,
     passthrough_hosts: Vec<String>,
-    /// Config-only local block list. Round-tripped from config.toml so
-    /// UI Save preserves hand-edited quota-saving filters.
-    block_hosts: Vec<String>,
-    /// Round-tripped from config.toml so the UI's save path doesn't
-    /// drop the user's setting. Not currently exposed as a UI control;
-    /// users edit `block_quic` directly in `config.toml` (Issue #213).
+    /// Multiline editor buffer for local block-list entries. Saved back to
+    /// `network.block_hosts` after trimming blank lines.
+    block_hosts_text: String,
+    /// Exposed beside local host blocking so users can keep browser HTTP/3
+    /// probes from burning Full-mode UDP tunnel work.
     block_quic: bool,
     /// Round-tripped from config.toml and exposed beside QUIC blocking.
     /// Default true to push WebRTC apps toward TCP TURN instead of slow
@@ -382,7 +381,7 @@ fn load_form() -> (FormState, Option<String>) {
             normalize_x_graphql: c.normalize_x_graphql,
             youtube_via_relay: c.youtube_via_relay,
             passthrough_hosts: c.passthrough_hosts.clone(),
-            block_hosts: c.block_hosts.clone(),
+            block_hosts_text: format_host_list_for_editor(&c.block_hosts),
             block_quic: c.block_quic,
             block_stun: c.block_stun,
             disable_padding: c.disable_padding,
@@ -423,7 +422,7 @@ fn load_form() -> (FormState, Option<String>) {
             normalize_x_graphql: false,
             youtube_via_relay: false,
             passthrough_hosts: Vec::new(),
-            block_hosts: Vec::new(),
+            block_hosts_text: String::new(),
             block_quic: true,
             block_stun: false,
             disable_padding: false,
@@ -488,6 +487,19 @@ fn sni_pool_for_form(user: Option<&[String]>, front_domain: &str) -> Vec<SniRow>
     out
 }
 
+fn format_host_list_for_editor(hosts: &[String]) -> String {
+    hosts.join("\n")
+}
+
+fn parse_host_list_editor(input: &str) -> Vec<String> {
+    input
+        .lines()
+        .map(str::trim)
+        .filter(|s| !s.is_empty() && !s.starts_with('#'))
+        .map(str::to_string)
+        .collect()
+}
+
 impl FormState {
     fn to_config(&self) -> Result<Config, String> {
         // `direct` and the legacy `google_only` alias both run without
@@ -583,11 +595,7 @@ impl FormState {
             // Similarly config-only for now; round-trips through the
             // file so the UI doesn't drop the user's entries on save.
             passthrough_hosts: self.passthrough_hosts.clone(),
-            // Local block list: config-only, preserved on Save.
-            block_hosts: self.block_hosts.clone(),
-            // Issue #213: block_quic is config-only for now (no UI
-            // control yet). Round-trip through the file so save
-            // doesn't drop a user-set true.
+            block_hosts: parse_host_list_editor(&self.block_hosts_text),
             block_quic: self.block_quic,
             block_stun: self.block_stun,
             // Issue #391: disable_padding is config-only for now.
@@ -1116,6 +1124,39 @@ impl eframe::App for App {
                              Script relay instead — slower for video, but the visible SNI matches the site.",
                         );
                     });
+                    form_row(ui, "Block hosts", Some(
+                        "One hostname per line. Exact entries match only that host; entries \
+                         starting with a dot match the parent suffix and subdomains. Matching \
+                         requests are answered locally before relay, tunnel-node, SNI rewrite, \
+                         or upstream SOCKS5 dispatch, saving quota and latency."
+                    ), |ui, label_id| {
+                        ui.add(egui::TextEdit::multiline(&mut self.form.block_hosts_text)
+                            .hint_text("ads.example.com\n.tracker.example")
+                            .desired_width(f32::INFINITY)
+                            .desired_rows(3))
+                        .labelled_by(label_id);
+                    });
+                    let block_host_count = parse_host_list_editor(&self.form.block_hosts_text).len();
+                    ui.horizontal(|ui| {
+                        ui.add_space(120.0 + 8.0);
+                        let text = if block_host_count == 0 {
+                            "No local block rules configured.".to_string()
+                        } else {
+                            format!(
+                                "{} local block rule{} configured.",
+                                block_host_count,
+                                if block_host_count == 1 { "" } else { "s" }
+                            )
+                        };
+                        ui.small(
+                            egui::RichText::new(text)
+                                .color(if block_host_count == 0 {
+                                    egui::Color32::from_gray(140)
+                                } else {
+                                    OK_GREEN
+                                }),
+                        );
+                    });
                     ui.horizontal(|ui| {
                         ui.add_space(120.0 + 8.0);
                         ui.checkbox(&mut self.form.block_quic, "Block QUIC (UDP/443)")
@@ -1189,6 +1230,7 @@ impl eframe::App for App {
                         ("relay calls", s.relay_calls.to_string()),
                         ("failures", s.relay_failures.to_string()),
                         ("coalesced", s.coalesced.to_string()),
+                        ("blocked local", s.blocked_requests.to_string()),
                         (
                             "cache hits",
                             format!(
@@ -2580,3 +2622,34 @@ fn push_log(shared: &Shared, msg: &str) {
         s.log.pop_front();
     }
 }
+
+#[cfg(test)]
+mod tests {
+    use super::{format_host_list_for_editor, parse_host_list_editor};
+
+    #[test]
+    fn host_list_editor_trims_blank_and_comment_lines() {
+        let parsed = parse_host_list_editor(
+            "\n  ads.example.com  \n# saved note\n.tracker.example\n   \n",
+        );
+        assert_eq!(
+            parsed,
+            vec![
+                "ads.example.com".to_string(),
+                ".tracker.example".to_string(),
+            ]
+        );
+    }
+
+    #[test]
+    fn host_list_editor_round_trips_one_host_per_line() {
+        let hosts = vec![
+            "ads.example.com".to_string(),
+            ".tracker.example".to_string(),
+        ];
+        assert_eq!(
+            parse_host_list_editor(&format_host_list_for_editor(&hosts)),
+            hosts
+        );
+    }
+}
diff --git a/src/domain_fronter.rs b/src/domain_fronter.rs
@@ -367,6 +367,11 @@ pub struct DomainFronter {
     relay_calls: AtomicU64,
     relay_failures: AtomicU64,
     bytes_relayed: AtomicU64,
+    /// Requests rejected locally by the proxy `block_hosts` gate before any
+    /// Apps Script, tunnel-node, SNI rewrite, or upstream SOCKS5 dispatch.
+    /// Shared with `ProxyServer` so the short-circuit path can account for
+    /// quota savings where the decision actually happens.
+    blocked_requests: Arc<AtomicU64>,
     /// Relay calls that successfully completed over the h2 fast path,
     /// across **all** entry points: Apps-Script direct relays,
     /// exit-node outer calls, full-mode tunnel single ops, and
@@ -626,6 +631,7 @@ impl DomainFronter {
             relay_calls: AtomicU64::new(0),
             relay_failures: AtomicU64::new(0),
             bytes_relayed: AtomicU64::new(0),
+            blocked_requests: Arc::new(AtomicU64::new(0)),
             h2_calls: AtomicU64::new(0),
             h2_fallbacks: AtomicU64::new(0),
             policy_quic_udp_drops: AtomicU64::new(0),
@@ -770,6 +776,7 @@ impl DomainFronter {
             relay_failures: self.relay_failures.load(Ordering::Relaxed),
             coalesced: self.coalesced.load(Ordering::Relaxed),
             bytes_relayed: self.bytes_relayed.load(Ordering::Relaxed),
+            blocked_requests: self.blocked_requests.load(Ordering::Relaxed),
             cache_hits: self.cache.hits(),
             cache_misses: self.cache.misses(),
             cache_bytes: self.cache.size(),
@@ -810,6 +817,10 @@ impl DomainFronter {
         &self.cache
     }
 
+    pub(crate) fn blocked_requests_counter(&self) -> Arc<AtomicU64> {
+        self.blocked_requests.clone()
+    }
+
     pub fn coalesced_count(&self) -> u64 {
         self.coalesced.load(Ordering::Relaxed)
     }
@@ -4813,6 +4824,9 @@ pub struct StatsSnapshot {
     pub relay_failures: u64,
     pub coalesced: u64,
     pub bytes_relayed: u64,
+    /// Local block-list hits rejected before a relay, tunnel-node, SNI
+    /// rewrite, or upstream SOCKS5 connection is opened.
+    pub blocked_requests: u64,
     pub cache_hits: u64,
     pub cache_misses: u64,
     pub cache_bytes: usize,
@@ -4886,11 +4900,12 @@ impl StatsSnapshot {
             }
         };
         format!(
-            "stats: relay={} ({}KB) failures={} coalesced={} cache={}/{} ({:.0}% hit, {}KB) scripts={}/{} active{} policy=quic-drops:{} https-rr:{}",
+            "stats: relay={} ({}KB) failures={} coalesced={} blocked={} cache={}/{} ({:.0}% hit, {}KB) scripts={}/{} active{} policy=quic-drops:{} https-rr:{}",
             self.relay_calls,
             self.bytes_relayed / 1024,
             self.relay_failures,
             self.coalesced,
+            self.blocked_requests,
             self.cache_hits,
             self.cache_hits + self.cache_misses,
             self.hit_rate(),
@@ -4912,11 +4927,12 @@ impl StatsSnapshot {
             s.replace('\\', "\\\\").replace('"', "\\\"")
         }
         format!(
-            r#"{{"relay_calls":{},"relay_failures":{},"coalesced":{},"bytes_relayed":{},"cache_hits":{},"cache_misses":{},"cache_bytes":{},"blacklisted_scripts":{},"total_scripts":{},"today_calls":{},"today_bytes":{},"today_key":"{}","today_reset_secs":{},"h2_calls":{},"h2_fallbacks":{},"h2_disabled":{},"policy_quic_udp_drops":{},"policy_https_rr_suppressed":{}}}"#,
+            r#"{{"relay_calls":{},"relay_failures":{},"coalesced":{},"bytes_relayed":{},"blocked_requests":{},"cache_hits":{},"cache_misses":{},"cache_bytes":{},"blacklisted_scripts":{},"total_scripts":{},"today_calls":{},"today_bytes":{},"today_key":"{}","today_reset_secs":{},"h2_calls":{},"h2_fallbacks":{},"h2_disabled":{},"policy_quic_udp_drops":{},"policy_https_rr_suppressed":{}}}"#,
             self.relay_calls,
             self.relay_failures,
             self.coalesced,
             self.bytes_relayed,
+            self.blocked_requests,
             self.cache_hits,
             self.cache_misses,
             self.cache_bytes,
@@ -5105,6 +5121,36 @@ mod tests {
         }
     }
 
+    #[test]
+    fn stats_snapshot_exports_local_block_counter() {
+        let snapshot = StatsSnapshot {
+            relay_calls: 10,
+            relay_failures: 1,
+            coalesced: 2,
+            bytes_relayed: 4096,
+            blocked_requests: 7,
+            cache_hits: 3,
+            cache_misses: 4,
+            cache_bytes: 2048,
+            blacklisted_scripts: 0,
+            total_scripts: 2,
+            today_calls: 5,
+            today_bytes: 1024,
+            today_key: "2026-05-24".to_string(),
+            today_reset_secs: 3600,
+            h2_calls: 8,
+            h2_fallbacks: 2,
+            h2_disabled: false,
+            policy_quic_udp_drops: 11,
+            policy_https_rr_suppressed: 13,
+        };
+
+        assert!(snapshot.fmt_line().contains("blocked=7"));
+        assert!(snapshot.to_json().contains(r#""blocked_requests":7"#));
+        assert!(snapshot.fmt_line().contains("quic-drops:11"));
+        assert!(snapshot.to_json().contains(r#""policy_https_rr_suppressed":13"#));
+    }
+
     #[tokio::test]
     async fn read_http_response_tolerates_unexpected_eof_with_content_length() {
         // Issue #585 / v1.9.4 exit-node bug. Some peers (the deployed exit-node in
diff --git a/src/proxy_server.rs b/src/proxy_server.rs
@@ -1,9 +1,11 @@
 use std::collections::{HashMap, VecDeque};
 use std::net::SocketAddr;
+use std::sync::atomic::Ordering;
 use std::sync::Arc;
 use std::time::Duration;
 
 use bytes::Bytes;
+use portable_atomic::AtomicU64;
 use tokio::io::{AsyncReadExt, AsyncWriteExt};
 use tokio::net::{TcpListener, TcpStream, UdpSocket};
 use tokio::sync::{mpsc, Mutex};
@@ -241,6 +243,7 @@ pub struct RewriteCtx {
     /// consuming relay, tunnel, SNI-rewrite, or upstream SOCKS5 resources.
     /// Matching follows `passthrough_hosts` semantics.
     pub block_hosts: Vec<String>,
+    pub blocked_requests: Arc<AtomicU64>,
     /// If true, drop SOCKS5 UDP datagrams destined for port 443 so
     /// callers fall back to TCP/HTTPS. See config.rs `block_quic` for
     /// the trade-off. Issue #213.
@@ -412,6 +415,12 @@ pub fn matches_block_host(host: &str, list: &[String]) -> bool {
     matches_passthrough(host, list)
 }
 
+fn record_blocked_request(rewrite_ctx: &RewriteCtx) {
+    rewrite_ctx
+        .blocked_requests
+        .fetch_add(1, Ordering::Relaxed);
+}
+
 impl ProxyServer {
     pub fn new(config: &Config, mitm: Arc<Mutex<MitmCertManager>>) -> Result<Self, ProxyError> {
         let mode = config
@@ -516,6 +525,10 @@ impl ProxyServer {
             youtube_via_relay: config.youtube_via_relay,
             passthrough_hosts: config.passthrough_hosts.clone(),
             block_hosts: config.block_hosts.clone(),
+            blocked_requests: fronter
+                .as_ref()
+                .map(|f| f.blocked_requests_counter())
+                .unwrap_or_else(|| Arc::new(AtomicU64::new(0))),
             block_quic: config.block_quic,
             block_stun: config.block_stun,
             bypass_doh: !config.tunnel_doh,
@@ -825,6 +838,7 @@ async fn handle_http_client(
     if method.eq_ignore_ascii_case("CONNECT") {
         let (host, port) = parse_host_port(&target);
         if matches_block_host(&host, &rewrite_ctx.block_hosts) {
+            record_blocked_request(&rewrite_ctx);
             tracing::info!("CONNECT {}:{} blocked locally by block_hosts", host, port);
             write_http_no_content(&mut sock).await?;
             return Ok(());
@@ -850,6 +864,7 @@ async fn handle_http_client(
     } else {
         if let Some((host, port, _path)) = resolve_plain_http_target(&target, &headers) {
             if matches_block_host(&host, &rewrite_ctx.block_hosts) {
+                record_blocked_request(&rewrite_ctx);
                 tracing::info!("HTTP {}:{} blocked locally by block_hosts", host, port);
                 write_http_no_content(&mut sock).await?;
                 return Ok(());
@@ -949,6 +964,7 @@ async fn handle_socks5_client(
     }
 
     if matches_block_host(&host, &rewrite_ctx.block_hosts) {
+        record_blocked_request(&rewrite_ctx);
         tracing::info!("SOCKS5 CONNECT -> {}:{} blocked locally by block_hosts", host, port);
         sock.write_all(&[0x05, 0x02, 0x00, 0x01, 0, 0, 0, 0, 0, 0])
             .await?;
@@ -1238,6 +1254,7 @@ async fn handle_socks5_udp_associate(
                 }
 
                 if matches_block_host(&target.host, &rewrite_ctx.block_hosts) {
+                    record_blocked_request(&rewrite_ctx);
                     tracing::debug!("udp dropped: target {} blocked by block_hosts", target.host);
                     continue;
                 }
@@ -1756,6 +1773,7 @@ async fn dispatch_tunnel(
     tunnel_mux: Option<Arc<TunnelMux>>,
 ) -> std::io::Result<()> {
     if matches_block_host(&host, &rewrite_ctx.block_hosts) {
+        record_blocked_request(&rewrite_ctx);
         tracing::info!("dispatch {}:{} -> blocked locally by block_hosts", host, port);
         drop(sock);
         return Ok(());
