dnscrypt-proxy/dnscrypt-proxy/main.go

package main

import (
	"crypto/rand"
	"log"
	"net"
	"os"
	"path/filepath"
	"sync"
	"time"

	"github.com/jedisct1/dlog"
	"github.com/judwhite/go-svc/svc"
	"golang.org/x/crypto/curve25519"
)

type Proxy struct {
	proxyPublicKey        [32]byte
	proxySecretKey        [32]byte
	questionSizeEstimator QuestionSizeEstimator
	serversInfo           ServersInfo
	timeout               time.Duration
	certRefreshDelay      time.Duration
	mainProto             string
	listenAddresses       []string
	daemonize             bool
	registeredServers     []RegisteredServer
	pluginBlockIPv6       bool
	cache                 bool
	cacheSize             int
	cacheNegTTL           uint32
	cacheMinTTL           uint32
	cacheMaxTTL           uint32
	queryLogFile          string
	queryLogFormat        string
	blockNameFile         string
	forwardFile           string
	pluginsGlobals        PluginsGlobals
}

type App struct {
	wg   sync.WaitGroup
	quit chan struct{}
}

func main() {
	dlog.Init("dnscrypt-proxy", dlog.SeverityNotice)
	cdLocal()
	app := &App{}
	if err := svc.Run(app); err != nil {
		dlog.Fatal(err)
	}
}

func (app *App) Init(env svc.Environment) error {
	log.Printf("is win service? %v\n", env.IsWindowsService())
	return nil
}

func (app *App) Start() error {
	proxy := Proxy{}
	if err := ConfigLoad(&proxy, "dnscrypt-proxy.toml"); err != nil {
		dlog.Fatal(err)
	}
	if err := InitPluginsGlobals(&proxy.pluginsGlobals, &proxy); err != nil {
		dlog.Fatal(err)
	}
	if proxy.daemonize {
		Daemonize()
	}
	app.quit = make(chan struct{})
	app.wg.Add(1)
	go func() {
		proxy.StartProxy()
		<-app.quit
		dlog.Notice("Quit signal received...")
		app.wg.Done()
	}()
	return nil
}

func (app *App) Stop() error {
	dlog.Notice("Stopping...")
	close(app.quit)
	app.wg.Wait()
	dlog.Notice("Stopped.")
	return nil
}

func (proxy *Proxy) StartProxy() {
	proxy.questionSizeEstimator = NewQuestionSizeEstimator()
	if _, err := rand.Read(proxy.proxySecretKey[:]); err != nil {
		dlog.Fatal(err)
	}
	curve25519.ScalarBaseMult(&proxy.proxyPublicKey, &proxy.proxySecretKey)
	for _, registeredServer := range proxy.registeredServers {
		proxy.serversInfo.registerServer(proxy, registeredServer.name, registeredServer.stamp)
	}
	for _, listenAddrStr := range proxy.listenAddresses {
		listenUDPAddr, err := net.ResolveUDPAddr("udp", listenAddrStr)
		if err != nil {
			dlog.Fatal(err)
		}
		listenTCPAddr, err := net.ResolveTCPAddr("tcp", listenAddrStr)
		if err != nil {
			dlog.Fatal(err)
		}
		if err := proxy.udpListener(listenUDPAddr); err != nil {
			dlog.Fatal(err)
		}
		if err := proxy.tcpListener(listenTCPAddr); err != nil {
			dlog.Fatal(err)
		}
	}
	dlog.Notice("dnscrypt-proxy is ready")
	go func() {
		for {
			time.Sleep(proxy.certRefreshDelay)
			proxy.serversInfo.refresh(proxy)
		}
	}()
}

func (proxy *Proxy) udpListener(listenAddr *net.UDPAddr) error {
	clientPc, err := net.ListenUDP("udp", listenAddr)
	if err != nil {
		return err
	}
	go func() {
		defer clientPc.Close()
		dlog.Noticef("Now listening to %v [UDP]", listenAddr)
		for {
			buffer := make([]byte, MaxDNSPacketSize-1)
			length, clientAddr, err := clientPc.ReadFrom(buffer)
			if err != nil {
				return
			}
			packet := buffer[:length]
			go func() {
				proxy.processIncomingQuery(proxy.serversInfo.getOne(), "udp", proxy.mainProto, packet, &clientAddr, clientPc)
			}()
		}
	}()
	return nil
}

func (proxy *Proxy) tcpListener(listenAddr *net.TCPAddr) error {
	acceptPc, err := net.ListenTCP("tcp", listenAddr)
	if err != nil {
		return err
	}
	go func() {
		defer acceptPc.Close()
		dlog.Noticef("Now listening to %v [TCP]", listenAddr)
		for {
			clientPc, err := acceptPc.Accept()
			if err != nil {
				continue
			}
			go func() {
				defer clientPc.Close()
				clientPc.SetDeadline(time.Now().Add(proxy.timeout))
				packet, err := ReadPrefixed(clientPc.(*net.TCPConn))
				if err != nil || len(packet) < MinDNSPacketSize {
					return
				}
				clientAddr := clientPc.RemoteAddr()
				proxy.processIncomingQuery(proxy.serversInfo.getOne(), "tcp", "tcp", packet, &clientAddr, clientPc)
			}()
		}
	}()
	return nil
}

func (proxy *Proxy) exchangeWithUDPServer(serverInfo *ServerInfo, encryptedQuery []byte, clientNonce []byte) ([]byte, error) {
	pc, err := net.DialUDP("udp", nil, serverInfo.UDPAddr)
	if err != nil {
		return nil, err
	}
	pc.SetDeadline(time.Now().Add(serverInfo.Timeout))
	pc.Write(encryptedQuery)
	encryptedResponse := make([]byte, MaxDNSPacketSize)
	length, err := pc.Read(encryptedResponse)
	pc.Close()
	if err != nil {
		return nil, err
	}
	encryptedResponse = encryptedResponse[:length]
	return proxy.Decrypt(serverInfo, encryptedResponse, clientNonce)
}

func (proxy *Proxy) exchangeWithTCPServer(serverInfo *ServerInfo, encryptedQuery []byte, clientNonce []byte) ([]byte, error) {
	pc, err := net.DialTCP("tcp", nil, serverInfo.TCPAddr)
	if err != nil {
		return nil, err
	}
	pc.SetDeadline(time.Now().Add(serverInfo.Timeout))
	encryptedQuery, err = PrefixWithSize(encryptedQuery)
	if err != nil {
		return nil, err
	}
	pc.Write(encryptedQuery)

	encryptedResponse, err := ReadPrefixed(pc)
	pc.Close()
	if err != nil {
		return nil, err
	}
	return proxy.Decrypt(serverInfo, encryptedResponse, clientNonce)
}

func (proxy *Proxy) processIncomingQuery(serverInfo *ServerInfo, clientProto string, serverProto string, query []byte, clientAddr *net.Addr, clientPc net.Conn) {
	if len(query) < MinDNSPacketSize || serverInfo == nil {
		return
	}
	pluginsState := NewPluginsState(proxy, clientProto, clientAddr)
	query, _ = pluginsState.ApplyQueryPlugins(&proxy.pluginsGlobals, query)
	var response []byte
	var err error
	if pluginsState.action != PluginsActionForward {
		if pluginsState.synthResponse != nil {
			response, err = pluginsState.synthResponse.PackBuffer(response)
			if err != nil {
				return
			}
		}
		if pluginsState.action == PluginsActionDrop {
			return
		}
	}
	if len(response) == 0 {
		encryptedQuery, clientNonce, err := proxy.Encrypt(serverInfo, query, serverProto)
		if err != nil {
			return
		}
		serverInfo.noticeBegin(proxy)
		if serverProto == "udp" {
			response, err = proxy.exchangeWithUDPServer(serverInfo, encryptedQuery, clientNonce)
		} else {
			response, err = proxy.exchangeWithTCPServer(serverInfo, encryptedQuery, clientNonce)
		}
		if err != nil {
			serverInfo.noticeFailure(proxy)
			return
		}
		response, _ = pluginsState.ApplyResponsePlugins(&proxy.pluginsGlobals, response)
	}
	if clientProto == "udp" {
		if len(response) > MaxDNSUDPPacketSize {
			response, err = TruncatedResponse(response)
			if err != nil {
				return
			}
		}
		clientPc.(net.PacketConn).WriteTo(response, *clientAddr)
		if HasTCFlag(response) {
			proxy.questionSizeEstimator.blindAdjust()
		} else {
			proxy.questionSizeEstimator.adjust(ResponseOverhead + len(response))
		}
	} else {
		response, err = PrefixWithSize(response)
		if err != nil {
			serverInfo.noticeFailure(proxy)
			return
		}
		clientPc.Write(response)
	}
	serverInfo.noticeSuccess(proxy)
}

func cdLocal() {
	ex, err := os.Executable()
	if err != nil {
		dlog.Critical(err)
		return
	}
	exPath := filepath.Dir(ex)
	os.Chdir(exPath)
}
Let's start with a 15 minutes ugly PoC hack before going to bed Who said the DNSCrypt protocol was "complex"? 2018-01-09 00:24:51 +01:00			`package main`

			`import (`
			`"crypto/rand"`
Preliminary support for running as a Windows service 2018-01-17 10:58:19 +01:00			`"log"`
Let's start with a 15 minutes ugly PoC hack before going to bed Who said the DNSCrypt protocol was "complex"? 2018-01-09 00:24:51 +01:00			`"net"`
cd to the path of the executable file 2018-01-14 00:56:46 +01:00			`"os"`
			`"path/filepath"`
Preliminary support for running as a Windows service 2018-01-17 10:58:19 +01:00			`"sync"`
Let's start with a 15 minutes ugly PoC hack before going to bed Who said the DNSCrypt protocol was "complex"? 2018-01-09 00:24:51 +01:00			`"time"`

Use dlog for everything 2018-01-11 11:50:54 +01:00			`"github.com/jedisct1/dlog"`
Preliminary support for running as a Windows service 2018-01-17 10:58:19 +01:00			`"github.com/judwhite/go-svc/svc"`
Let's start with a 15 minutes ugly PoC hack before going to bed Who said the DNSCrypt protocol was "complex"? 2018-01-09 00:24:51 +01:00			`"golang.org/x/crypto/curve25519"`
			`)`

			`type Proxy struct {`
Handle TCP, padding, etc. 2018-01-09 16:40:37 +01:00			`proxyPublicKey [32]byte`
			`proxySecretKey [32]byte`
			`questionSizeEstimator QuestionSizeEstimator`
We want to support multiple servers simultaneously Prepare for that 2018-01-09 16:59:06 +01:00			`serversInfo ServersInfo`
Handle TCP, padding, etc. 2018-01-09 16:40:37 +01:00			`timeout time.Duration`
Add a config file 2018-01-10 12:01:49 +01:00			`certRefreshDelay time.Duration`
The preferred protocol will be a global (for Tor users) 2018-01-09 18:42:24 +01:00			`mainProto string`
Add a config file 2018-01-10 12:01:49 +01:00			`listenAddresses []string`
			`daemonize bool`
			`registeredServers []RegisteredServer`
Implement the IPv6 block plugin 2018-01-10 17:23:20 +01:00			`pluginBlockIPv6 bool`
Start implementing a basic cache 2018-01-10 18:32:05 +01:00			`cache bool`
Add configuration cache size and other parameters 2018-01-10 19:32:56 +01:00			`cacheSize int`
			`cacheNegTTL uint32`
			`cacheMinTTL uint32`
			`cacheMaxTTL uint32`
Implement query logging 2018-01-16 00:23:16 +01:00			`queryLogFile string`
			`queryLogFormat string`
Implement blocking, fully compatible with rules from version 1 2018-01-17 02:40:47 +01:00			`blockNameFile string`
Forwarding plugin 2018-01-17 09:44:03 +01:00			`forwardFile string`
Add Init/Drop/Update methods to plugins Eventually, we may want to provide a specific structure for plugin initialization. Sending the whole Proxy structure doesn't scale well. 2018-01-15 23:07:41 +01:00			`pluginsGlobals PluginsGlobals`
Let's start with a 15 minutes ugly PoC hack before going to bed Who said the DNSCrypt protocol was "complex"? 2018-01-09 00:24:51 +01:00			`}`

Preliminary support for running as a Windows service 2018-01-17 10:58:19 +01:00			`type App struct {`
			`wg sync.WaitGroup`
			`quit chan struct{}`
			`}`

Move a few things around 2018-01-09 13:35:10 +01:00			`func main() {`
Use dlog for everything 2018-01-11 11:50:54 +01:00			`dlog.Init("dnscrypt-proxy", dlog.SeverityNotice)`
cd to the path of the executable file 2018-01-14 00:56:46 +01:00			`cdLocal()`
Preliminary support for running as a Windows service 2018-01-17 10:58:19 +01:00			`app := &App{}`
			`if err := svc.Run(app); err != nil {`
			`dlog.Fatal(err)`
			`}`
			`}`

			`func (app *App) Init(env svc.Environment) error {`
			`log.Printf("is win service? %v\n", env.IsWindowsService())`
			`return nil`
			`}`

			`func (app *App) Start() error {`
Add a config file 2018-01-10 12:01:49 +01:00			`proxy := Proxy{}`
			`if err := ConfigLoad(&proxy, "dnscrypt-proxy.toml"); err != nil {`
Use dlog for everything 2018-01-11 11:50:54 +01:00			`dlog.Fatal(err)`
Add a config file 2018-01-10 12:01:49 +01:00			`}`
Add Init/Drop/Update methods to plugins Eventually, we may want to provide a specific structure for plugin initialization. Sending the whole Proxy structure doesn't scale well. 2018-01-15 23:07:41 +01:00			`if err := InitPluginsGlobals(&proxy.pluginsGlobals, &proxy); err != nil {`
			`dlog.Fatal(err)`
			`}`
Handle daemonization 2018-01-10 13:33:06 +01:00			`if proxy.daemonize {`
So, daemonization only works on linux :/ 2018-01-10 19:49:02 +01:00			`Daemonize()`
Handle daemonization 2018-01-10 13:33:06 +01:00			`}`
Preliminary support for running as a Windows service 2018-01-17 10:58:19 +01:00			`app.quit = make(chan struct{})`
			`app.wg.Add(1)`
			`go func() {`
			`proxy.StartProxy()`
			`<-app.quit`
			`dlog.Notice("Quit signal received...")`
			`app.wg.Done()`
			`}()`
			`return nil`
Let's start with a 15 minutes ugly PoC hack before going to bed Who said the DNSCrypt protocol was "complex"? 2018-01-09 00:24:51 +01:00			`}`

Preliminary support for running as a Windows service 2018-01-17 10:58:19 +01:00			`func (app *App) Stop() error {`
			`dlog.Notice("Stopping...")`
			`close(app.quit)`
			`app.wg.Wait()`
			`dlog.Notice("Stopped.")`
			`return nil`
cd to the path of the executable file 2018-01-14 00:56:46 +01:00			`}`

Add a config file 2018-01-10 12:01:49 +01:00			`func (proxy *Proxy) StartProxy() {`
			`proxy.questionSizeEstimator = NewQuestionSizeEstimator()`
Let's start with a 15 minutes ugly PoC hack before going to bed Who said the DNSCrypt protocol was "complex"? 2018-01-09 00:24:51 +01:00			`if _, err := rand.Read(proxy.proxySecretKey[:]); err != nil {`
Use dlog for everything 2018-01-11 11:50:54 +01:00			`dlog.Fatal(err)`
Let's start with a 15 minutes ugly PoC hack before going to bed Who said the DNSCrypt protocol was "complex"? 2018-01-09 00:24:51 +01:00			`}`
			`curve25519.ScalarBaseMult(&proxy.proxyPublicKey, &proxy.proxySecretKey)`
Add a config file 2018-01-10 12:01:49 +01:00			`for _, registeredServer := range proxy.registeredServers {`
			`proxy.serversInfo.registerServer(proxy, registeredServer.name, registeredServer.stamp)`
Handle TCP, padding, etc. 2018-01-09 16:40:37 +01:00			`}`
Add a config file 2018-01-10 12:01:49 +01:00			`for _, listenAddrStr := range proxy.listenAddresses {`
			`listenUDPAddr, err := net.ResolveUDPAddr("udp", listenAddrStr)`
			`if err != nil {`
Use dlog for everything 2018-01-11 11:50:54 +01:00			`dlog.Fatal(err)`
Add a config file 2018-01-10 12:01:49 +01:00			`}`
			`listenTCPAddr, err := net.ResolveTCPAddr("tcp", listenAddrStr)`
			`if err != nil {`
Use dlog for everything 2018-01-11 11:50:54 +01:00			`dlog.Fatal(err)`
Add a config file 2018-01-10 12:01:49 +01:00			`}`
			`if err := proxy.udpListener(listenUDPAddr); err != nil {`
Use dlog for everything 2018-01-11 11:50:54 +01:00			`dlog.Fatal(err)`
Add a config file 2018-01-10 12:01:49 +01:00			`}`
			`if err := proxy.tcpListener(listenTCPAddr); err != nil {`
Use dlog for everything 2018-01-11 11:50:54 +01:00			`dlog.Fatal(err)`
Add a config file 2018-01-10 12:01:49 +01:00			`}`
Handle TCP, padding, etc. 2018-01-09 16:40:37 +01:00			`}`
Use dlog for everything 2018-01-11 11:50:54 +01:00			`dlog.Notice("dnscrypt-proxy is ready")`
Preliminary support for running as a Windows service 2018-01-17 10:58:19 +01:00			`go func() {`
			`for {`
			`time.Sleep(proxy.certRefreshDelay)`
			`proxy.serversInfo.refresh(proxy)`
			`}`
			`}()`
Move a few things around 2018-01-09 13:35:10 +01:00			`}`

Handle TCP, padding, etc. 2018-01-09 16:40:37 +01:00			`func (proxy Proxy) udpListener(listenAddr net.UDPAddr) error {`
			`clientPc, err := net.ListenUDP("udp", listenAddr)`
Let's start with a 15 minutes ugly PoC hack before going to bed Who said the DNSCrypt protocol was "complex"? 2018-01-09 00:24:51 +01:00			`if err != nil {`
Move a few things around 2018-01-09 13:35:10 +01:00			`return err`
Let's start with a 15 minutes ugly PoC hack before going to bed Who said the DNSCrypt protocol was "complex"? 2018-01-09 00:24:51 +01:00			`}`
Add a config file 2018-01-10 12:01:49 +01:00			`go func() {`
			`defer clientPc.Close()`
Use dlog for everything 2018-01-11 11:50:54 +01:00			`dlog.Noticef("Now listening to %v [UDP]", listenAddr)`
Add a config file 2018-01-10 12:01:49 +01:00			`for {`
			`buffer := make([]byte, MaxDNSPacketSize-1)`
			`length, clientAddr, err := clientPc.ReadFrom(buffer)`
			`if err != nil {`
			`return`
			`}`
			`packet := buffer[:length]`
			`go func() {`
Pass the client protocol around, don't infer it from clientAddr 2018-01-14 23:39:55 +01:00			`proxy.processIncomingQuery(proxy.serversInfo.getOne(), "udp", proxy.mainProto, packet, &clientAddr, clientPc)`
Add a config file 2018-01-10 12:01:49 +01:00			`}()`
Let's start with a 15 minutes ugly PoC hack before going to bed Who said the DNSCrypt protocol was "complex"? 2018-01-09 00:24:51 +01:00			`}`
Add a config file 2018-01-10 12:01:49 +01:00			`}()`
			`return nil`
Handle TCP, padding, etc. 2018-01-09 16:40:37 +01:00			`}`

			`func (proxy Proxy) tcpListener(listenAddr net.TCPAddr) error {`
			`acceptPc, err := net.ListenTCP("tcp", listenAddr)`
			`if err != nil {`
			`return err`
			`}`
Add a config file 2018-01-10 12:01:49 +01:00			`go func() {`
			`defer acceptPc.Close()`
Use dlog for everything 2018-01-11 11:50:54 +01:00			`dlog.Noticef("Now listening to %v [TCP]", listenAddr)`
Add a config file 2018-01-10 12:01:49 +01:00			`for {`
			`clientPc, err := acceptPc.Accept()`
			`if err != nil {`
			`continue`
Handle TCP, padding, etc. 2018-01-09 16:40:37 +01:00			`}`
Add a config file 2018-01-10 12:01:49 +01:00			`go func() {`
			`defer clientPc.Close()`
			`clientPc.SetDeadline(time.Now().Add(proxy.timeout))`
			`packet, err := ReadPrefixed(clientPc.(*net.TCPConn))`
			`if err != nil \|\| len(packet) < MinDNSPacketSize {`
			`return`
			`}`
Plugins can now access the client IP. Useful for logging and ACLs. 2018-01-14 23:47:49 +01:00			`clientAddr := clientPc.RemoteAddr()`
			`proxy.processIncomingQuery(proxy.serversInfo.getOne(), "tcp", "tcp", packet, &clientAddr, clientPc)`
Add a config file 2018-01-10 12:01:49 +01:00			`}()`
			`}`
			`}()`
			`return nil`
Desuglify a bit 2018-01-09 13:27:03 +01:00			`}`

Cleanups 2018-01-10 00:31:12 +01:00			`func (proxy Proxy) exchangeWithUDPServer(serverInfo ServerInfo, encryptedQuery []byte, clientNonce []byte) ([]byte, error) {`
			`pc, err := net.DialUDP("udp", nil, serverInfo.UDPAddr)`
			`if err != nil {`
			`return nil, err`
			`}`
			`pc.SetDeadline(time.Now().Add(serverInfo.Timeout))`
			`pc.Write(encryptedQuery)`
			`encryptedResponse := make([]byte, MaxDNSPacketSize)`
			`length, err := pc.Read(encryptedResponse)`
			`pc.Close()`
			`if err != nil {`
			`return nil, err`
			`}`
			`encryptedResponse = encryptedResponse[:length]`
			`return proxy.Decrypt(serverInfo, encryptedResponse, clientNonce)`
			`}`

			`func (proxy Proxy) exchangeWithTCPServer(serverInfo ServerInfo, encryptedQuery []byte, clientNonce []byte) ([]byte, error) {`
			`pc, err := net.DialTCP("tcp", nil, serverInfo.TCPAddr)`
			`if err != nil {`
			`return nil, err`
			`}`
			`pc.SetDeadline(time.Now().Add(serverInfo.Timeout))`
			`encryptedQuery, err = PrefixWithSize(encryptedQuery)`
			`if err != nil {`
			`return nil, err`
			`}`
			`pc.Write(encryptedQuery)`

			`encryptedResponse, err := ReadPrefixed(pc)`
			`pc.Close()`
			`if err != nil {`
			`return nil, err`
			`}`
			`return proxy.Decrypt(serverInfo, encryptedResponse, clientNonce)`
			`}`

Pass the client protocol around, don't infer it from clientAddr 2018-01-14 23:39:55 +01:00			`func (proxy Proxy) processIncomingQuery(serverInfo ServerInfo, clientProto string, serverProto string, query []byte, clientAddr *net.Addr, clientPc net.Conn) {`
Many improvements 2018-01-10 16:01:29 +01:00			`if len(query) < MinDNSPacketSize \|\| serverInfo == nil {`
Desuglify a bit 2018-01-09 13:27:03 +01:00			`return`
			`}`
Plugins can now access the client IP. Useful for logging and ACLs. 2018-01-14 23:47:49 +01:00			`pluginsState := NewPluginsState(proxy, clientProto, clientAddr)`
Add Init/Drop/Update methods to plugins Eventually, we may want to provide a specific structure for plugin initialization. Sending the whole Proxy structure doesn't scale well. 2018-01-15 23:07:41 +01:00			`query, _ = pluginsState.ApplyQueryPlugins(&proxy.pluginsGlobals, query)`
Synthesize a truncated response if the response wouldn't fit the local MSS 2018-01-10 02:52:09 +01:00			`var response []byte`
Implement the IPv6 block plugin 2018-01-10 17:23:20 +01:00			`var err error`
			`if pluginsState.action != PluginsActionForward {`
			`if pluginsState.synthResponse != nil {`
			`response, err = pluginsState.synthResponse.PackBuffer(response)`
			`if err != nil {`
			`return`
			`}`
			`}`
Implement blocking, fully compatible with rules from version 1 2018-01-17 02:40:47 +01:00			`if pluginsState.action == PluginsActionDrop {`
			`return`
			`}`
Nits 2018-01-10 00:32:16 +01:00			`}`
Implement the IPv6 block plugin 2018-01-10 17:23:20 +01:00			`if len(response) == 0 {`
			`encryptedQuery, clientNonce, err := proxy.Encrypt(serverInfo, query, serverProto)`
			`if err != nil {`
			`return`
			`}`
			`serverInfo.noticeBegin(proxy)`
			`if serverProto == "udp" {`
			`response, err = proxy.exchangeWithUDPServer(serverInfo, encryptedQuery, clientNonce)`
			`} else {`
			`response, err = proxy.exchangeWithTCPServer(serverInfo, encryptedQuery, clientNonce)`
			`}`
			`if err != nil {`
			`serverInfo.noticeFailure(proxy)`
			`return`
			`}`
Add Init/Drop/Update methods to plugins Eventually, we may want to provide a specific structure for plugin initialization. Sending the whole Proxy structure doesn't scale well. 2018-01-15 23:07:41 +01:00			`response, _ = pluginsState.ApplyResponsePlugins(&proxy.pluginsGlobals, response)`
Let's start with a 15 minutes ugly PoC hack before going to bed Who said the DNSCrypt protocol was "complex"? 2018-01-09 00:24:51 +01:00			`}`
Pass the client protocol around, don't infer it from clientAddr 2018-01-14 23:39:55 +01:00			`if clientProto == "udp" {`
Synthesize a truncated response if the response wouldn't fit the local MSS 2018-01-10 02:52:09 +01:00			`if len(response) > MaxDNSUDPPacketSize {`
			`response, err = TruncatedResponse(response)`
			`if err != nil {`
			`return`
			`}`
			`}`
			`clientPc.(net.PacketConn).WriteTo(response, *clientAddr)`
			`if HasTCFlag(response) {`
Cleanups 2018-01-10 00:31:12 +01:00			`proxy.questionSizeEstimator.blindAdjust()`
Implement an actual estimator for the response size Scale back the minimum question size when relevant. Did I mention that this is yet another thing that was never properly implemented in dnscrypt-proxy 1.x? 2018-01-10 09:46:27 +01:00			`} else {`
Many improvements 2018-01-10 16:01:29 +01:00			`proxy.questionSizeEstimator.adjust(ResponseOverhead + len(response))`
Cleanups 2018-01-10 00:31:12 +01:00			`}`
Handle TCP, padding, etc. 2018-01-09 16:40:37 +01:00			`} else {`
Synthesize a truncated response if the response wouldn't fit the local MSS 2018-01-10 02:52:09 +01:00			`response, err = PrefixWithSize(response)`
Support TCP connection to the backend 2018-01-09 19:47:24 +01:00			`if err != nil {`
Basic load balancing/failover Try to send queries to one of the two fastest servers 2018-01-10 16:42:14 +01:00			`serverInfo.noticeFailure(proxy)`
Support TCP connection to the backend 2018-01-09 19:47:24 +01:00			`return`
			`}`
Cleanups 2018-01-10 00:31:12 +01:00			`clientPc.Write(response)`
Let's start with a 15 minutes ugly PoC hack before going to bed Who said the DNSCrypt protocol was "complex"? 2018-01-09 00:24:51 +01:00			`}`
Basic load balancing/failover Try to send queries to one of the two fastest servers 2018-01-10 16:42:14 +01:00			`serverInfo.noticeSuccess(proxy)`
Let's start with a 15 minutes ugly PoC hack before going to bed Who said the DNSCrypt protocol was "complex"? 2018-01-09 00:24:51 +01:00			`}`
Preliminary support for running as a Windows service 2018-01-17 10:58:19 +01:00
			`func cdLocal() {`
			`ex, err := os.Executable()`
			`if err != nil {`
			`dlog.Critical(err)`
			`return`
			`}`
			`exPath := filepath.Dir(ex)`
			`os.Chdir(exPath)`
			`}`