miracle091/dnscrypt-proxy
miracle091
/
dnscrypt-proxy
mirror of https://github.com/DNSCrypt/dnscrypt-proxy.git
1
0
Fork 0
Code Issues Releases Wiki Activity
dnscrypt-proxy/dnscrypt-proxy/config.go

626 lines
20 KiB
Go
Raw Normal View History

Add a config file
2018-01-10 12:01:49 +01:00
package main
import (
-list -json now prints the list of available servers as JSON Can be useful for GUIs, especially since this includes the description
2018-01-31 09:42:56 +01:00
"encoding/json"
Add a config file
2018-01-10 12:01:49 +01:00
"errors"
Get the path to the config file from the command line
2018-01-10 13:40:50 +01:00
"flag"
Add a config file
2018-01-10 12:01:49 +01:00
"fmt"
Wait for network connectivity before starting the proxy
2018-05-10 21:59:25 +02:00
"net"
Add support for HTTP/HTTPS proxies Fixes #638
2018-11-15 18:47:33 +01:00
"net/http"
Add built-in support for Tor
2018-06-06 15:54:51 +02:00
"net/url"
Add a -version command-line switch to print the version Fixes #2
2018-01-18 12:22:25 +01:00
"os"
Include the -config option in the installed service Untested on Linux and Windows. Fear. Fixes #304
2018-04-03 19:42:27 +02:00
"path"
Check if the config file exists from the current directory Try the executable directory if it fails Then, go to that config file directory no matter what Fixes #80
2018-02-03 10:46:47 +01:00
"path/filepath"
Restrict the set of resolvers used from a remote source
2018-01-14 00:08:46 +01:00
"strings"
Add a config file
2018-01-10 12:01:49 +01:00
"time"
"github.com/BurntSushi/toml"
Use dlog for everything
2018-01-11 11:50:54 +01:00
"github.com/jedisct1/dlog"
Deps update
2018-04-18 18:58:39 +02:00
stamps "github.com/jedisct1/go-dnsstamps"
Add built-in support for Tor
2018-06-06 15:54:51 +02:00
netproxy "golang.org/x/net/proxy"
Add a config file
2018-01-10 12:01:49 +01:00
)
type Config struct {
Add options to set the cipher suite as well as disable session tickets
2018-04-07 22:23:29 +02:00
LogLevel int `toml:"log_level"`
LogFile *string `toml:"log_file"`
UseSyslog bool `toml:"use_syslog"`
ServerNames []string `toml:"server_names"`
ListenAddresses []string `toml:"listen_addresses"`
Daemonize bool
username -> user_name in case we want to add user_group and whatnot. Remove the command-line option as it hides the caveats documented in the configuration file. Remove TODO. TODO statements always remain in that state forever.
2018-07-07 17:39:33 +02:00
UserName string `toml:"user_name"`
Add options to set the cipher suite as well as disable session tickets
2018-04-07 22:23:29 +02:00
ForceTCP bool `toml:"force_tcp"`
Timeout int `toml:"timeout"`
KeepAlive int `toml:"keepalive"`
Add built-in support for Tor
2018-06-06 15:54:51 +02:00
Proxy string `toml:"proxy"`
Add options to set the cipher suite as well as disable session tickets
2018-04-07 22:23:29 +02:00
CertRefreshDelay int `toml:"cert_refresh_delay"`
CertIgnoreTimestamp bool `toml:"cert_ignore_timestamp"`
Re-implement ephemeral keys for DNSCrypt
2018-04-09 03:12:34 +02:00
EphemeralKeys bool `toml:"dnscrypt_ephemeral_keys"`
Add options to set the cipher suite as well as disable session tickets
2018-04-07 22:23:29 +02:00
LBStrategy string `toml:"lb_strategy"`
BlockIPv6 bool `toml:"block_ipv6"`
Cache bool
CacheSize int `toml:"cache_size"`
CacheNegTTL uint32 `toml:"cache_neg_ttl"`
Add cache_neg_min_ttl and cache_neg_max_ttl
2018-04-17 00:24:49 +02:00
CacheNegMinTTL uint32 `toml:"cache_neg_min_ttl"`
CacheNegMaxTTL uint32 `toml:"cache_neg_max_ttl"`
Add options to set the cipher suite as well as disable session tickets
2018-04-07 22:23:29 +02:00
CacheMinTTL uint32 `toml:"cache_min_ttl"`
CacheMaxTTL uint32 `toml:"cache_max_ttl"`
QueryLog QueryLogConfig `toml:"query_log"`
NxLog NxLogConfig `toml:"nx_log"`
BlockName BlockNameConfig `toml:"blacklist"`
Implement whitelists Fixes #293
2018-04-07 23:02:40 +02:00
WhitelistName WhitelistNameConfig `toml:"whitelist"`
Add options to set the cipher suite as well as disable session tickets
2018-04-07 22:23:29 +02:00
BlockIP BlockIPConfig `toml:"ip_blacklist"`
ForwardFile string `toml:"forwarding_rules"`
CloakFile string `toml:"cloaking_rules"`
ServersConfig map[string]StaticConfig `toml:"static"`
SourcesConfig map[string]SourceConfig `toml:"sources"`
SourceRequireDNSSEC bool `toml:"require_dnssec"`
SourceRequireNoLog bool `toml:"require_nolog"`
SourceRequireNoFilter bool `toml:"require_nofilter"`
SourceDNSCrypt bool `toml:"dnscrypt_servers"`
SourceDoH bool `toml:"doh_servers"`
SourceIPv4 bool `toml:"ipv4_servers"`
SourceIPv6 bool `toml:"ipv6_servers"`
MaxClients uint32 `toml:"max_clients"`
FallbackResolver string `toml:"fallback_resolver"`
IgnoreSystemDNS bool `toml:"ignore_system_dns"`
AllWeeklyRanges map[string]WeeklyRangesStr `toml:"schedules"`
LogMaxSize int `toml:"log_files_max_size"`
LogMaxAge int `toml:"log_files_max_age"`
LogMaxBackups int `toml:"log_files_max_backups"`
TLSDisableSessionTickets bool `toml:"tls_disable_session_tickets"`
TLSCipherSuite []uint16 `toml:"tls_cipher_suite"`
Wait for network connectivity before starting the proxy
2018-05-10 21:59:25 +02:00
NetprobeAddress string `toml:"netprobe_address"`
NetprobeTimeout int `toml:"netprobe_timeout"`
Implement an offline mode Fixes #528
2018-07-05 18:05:24 +02:00
OfflineMode bool `toml:"offline_mode"`
Add support for HTTP/HTTPS proxies Fixes #638
2018-11-15 18:47:33 +01:00
HTTPProxyURL string `toml:"http_proxy"`
Add a config file
2018-01-10 12:01:49 +01:00
}
func newConfig() Config {
return Config{
Add options to set the cipher suite as well as disable session tickets
2018-04-07 22:23:29 +02:00
LogLevel: int(dlog.LogLevel()),
ListenAddresses: []string{"127.0.0.1:53"},
Timeout: 2500,
KeepAlive: 5,
CertRefreshDelay: 240,
CertIgnoreTimestamp: false,
Re-implement ephemeral keys for DNSCrypt
2018-04-09 03:12:34 +02:00
EphemeralKeys: false,
Add options to set the cipher suite as well as disable session tickets
2018-04-07 22:23:29 +02:00
Cache: true,
Bump default cache size
2018-04-10 13:24:13 +02:00
CacheSize: 512,
Add cache_neg_min_ttl and cache_neg_max_ttl
2018-04-17 00:24:49 +02:00
CacheNegTTL: 0,
CacheNegMinTTL: 60,
CacheNegMaxTTL: 600,
Add options to set the cipher suite as well as disable session tickets
2018-04-07 22:23:29 +02:00
CacheMinTTL: 60,
CacheMaxTTL: 8600,
SourceRequireNoLog: true,
SourceRequireNoFilter: true,
SourceIPv4: true,
SourceIPv6: false,
SourceDNSCrypt: true,
SourceDoH: true,
MaxClients: 250,
FallbackResolver: DefaultFallbackResolver,
IgnoreSystemDNS: false,
LogMaxSize: 10,
LogMaxAge: 7,
LogMaxBackups: 1,
TLSDisableSessionTickets: false,
TLSCipherSuite: nil,
Use a netprobe address less likely to be blocked/considered invalid
2018-05-19 00:06:28 +02:00
NetprobeAddress: "9.9.9.9:53",
Wait for network connectivity before starting the proxy
2018-05-10 21:59:25 +02:00
NetprobeTimeout: 30,
Implement an offline mode Fixes #528
2018-07-05 18:05:24 +02:00
OfflineMode: false,
Add a config file
2018-01-10 12:01:49 +01:00
}
}
ServerConfig -> StaticConfig to match the config file
2018-01-31 08:43:49 +01:00
type StaticConfig struct {
Require stamps in static server definitions Provider names, etc. are not future-proof. In particular, they are incompatible with other protocols such as DoH.
2018-01-22 09:59:32 +01:00
Stamp string
Add a config file
2018-01-10 12:01:49 +01:00
}
Preliminary support for remote sources
2018-01-13 23:52:44 +01:00
type SourceConfig struct {
URL string
Support multiple URLs for a given source Fixes #265
2018-03-28 13:36:19 +02:00
URLs []string
Preliminary support for remote sources
2018-01-13 23:52:44 +01:00
MinisignKeyStr string `toml:"minisign_key"`
CacheFile string `toml:"cache_file"`
FormatStr string `toml:"format"`
RefreshDelay int `toml:"refresh_delay"`
NXLOG: a new output plugin to log suspicious queries
2018-01-20 16:59:40 +01:00
Prefix string
Preliminary support for remote sources
2018-01-13 23:52:44 +01:00
}
Implement query logging
2018-01-16 00:23:16 +01:00
type QueryLogConfig struct {
Replace logged_qtypes with ignored_qtypes
2018-01-20 13:27:37 +01:00
File string
Format string
IgnoredQtypes []string `toml:"ignored_qtypes"`
Implement query logging
2018-01-16 00:23:16 +01:00
}
NXLOG: a new output plugin to log suspicious queries
2018-01-20 16:59:40 +01:00
type NxLogConfig struct {
File string
Format string
}
Implement blocking, fully compatible with rules from version 1
2018-01-17 02:40:47 +01:00
type BlockNameConfig struct {
Add the ability to log blocked queries
2018-01-17 17:03:42 +01:00
File string `toml:"blacklist_file"`
LogFile string `toml:"log_file"`
Format string `toml:"log_format"`
Implement blocking, fully compatible with rules from version 1
2018-01-17 02:40:47 +01:00
}
Implement whitelists Fixes #293
2018-04-07 23:02:40 +02:00
type WhitelistNameConfig struct {
File string `toml:"whitelist_file"`
LogFile string `toml:"log_file"`
Format string `toml:"log_format"`
}
IP blocking
2018-01-21 16:07:44 +01:00
type BlockIPConfig struct {
File string `toml:"blacklist_file"`
LogFile string `toml:"log_file"`
Format string `toml:"log_format"`
}
-list -json now prints the list of available servers as JSON Can be useful for GUIs, especially since this includes the description
2018-01-31 09:42:56 +01:00
type ServerSummary struct {
Add the list of addresses to the -list -json output
2018-03-28 12:22:37 +02:00
Name string `json:"name"`
Proto string `json:"proto"`
IPv6 bool `json:"ipv6"`
Addrs []string `json:"addrs,omitempty"`
Ports []int `json:"ports"`
DNSSEC bool `json:"dnssec"`
NoLog bool `json:"nolog"`
NoFilter bool `json:"nofilter"`
Description string `json:"description,omitempty"`
-list -json now prints the list of available servers as JSON Can be useful for GUIs, especially since this includes the description
2018-01-31 09:42:56 +01:00
}
Mainly revert 869d44c30ed684d21150c63d2b27a25e56fad5f2 Fixing #304 doesn't look trivial The service module needs to know the arguments right away. The arguments haven't been parsed yet. And if we do, we will prevent further arguments to be added to the set. Including the ones added by the service module itself. So, we have quite of a circular dependency here. If someone with some Go knowledge can fix that, that would be amazing. But it's probably never going to happen. Meanwhile, we can try to save the current directory and document that we have to be in that directory when running the install command. Which is not going to work on Windows, so this is a big fucking mess
2018-04-03 20:15:33 +02:00
func findConfigFile(configFile *string) (string, error) {
Check if the config file exists from the current directory Try the executable directory if it fails Then, go to that config file directory no matter what Fixes #80
2018-02-03 10:46:47 +01:00
if _, err := os.Stat(*configFile); os.IsNotExist(err) {
cdLocal()
Include the -config option in the installed service Untested on Linux and Windows. Fear. Fixes #304
2018-04-03 19:42:27 +02:00
if _, err := os.Stat(*configFile); err != nil {
return "", err
}
Check if the config file exists from the current directory Try the executable directory if it fails Then, go to that config file directory no matter what Fixes #80
2018-02-03 10:46:47 +01:00
}
Include the -config option in the installed service Untested on Linux and Windows. Fear. Fixes #304
2018-04-03 19:42:27 +02:00
pwd, err := os.Getwd()
if err != nil {
return "", err
}
Mainly revert 869d44c30ed684d21150c63d2b27a25e56fad5f2 Fixing #304 doesn't look trivial The service module needs to know the arguments right away. The arguments haven't been parsed yet. And if we do, we will prevent further arguments to be added to the set. Including the ones added by the service module itself. So, we have quite of a circular dependency here. If someone with some Go knowledge can fix that, that would be amazing. But it's probably never going to happen. Meanwhile, we can try to save the current directory and document that we have to be in that directory when running the install command. Which is not going to work on Windows, so this is a big fucking mess
2018-04-03 20:15:33 +02:00
if filepath.IsAbs(*configFile) {
return *configFile, nil
}
Include the -config option in the installed service Untested on Linux and Windows. Fear. Fixes #304
2018-04-03 19:42:27 +02:00
return path.Join(pwd, *configFile), nil
}
Mainly revert 869d44c30ed684d21150c63d2b27a25e56fad5f2 Fixing #304 doesn't look trivial The service module needs to know the arguments right away. The arguments haven't been parsed yet. And if we do, we will prevent further arguments to be added to the set. Including the ones added by the service module itself. So, we have quite of a circular dependency here. If someone with some Go knowledge can fix that, that would be amazing. But it's probably never going to happen. Meanwhile, we can try to save the current directory and document that we have to be in that directory when running the install command. Which is not going to work on Windows, so this is a big fucking mess
2018-04-03 20:15:33 +02:00
func ConfigLoad(proxy *Proxy, svcFlag *string) error {
Revert "Add a -v flag" This reverts commit d8c95aaca8fafef6afe7b0e35df40d48edc1b4b7.
2018-04-06 03:03:27 +02:00
version := flag.Bool("version", false, "print current proxy version")
Add a simple built-in DNS client for testing
2018-01-21 18:02:32 +01:00
resolve := flag.String("resolve", "", "resolve a name using system libraries")
Clarify
2018-01-30 19:47:26 +01:00
list := flag.Bool("list", false, "print the list of available resolvers for the enabled filters")
Add a -list-all switch; add IPv6 & port number info to the JSON output
2018-02-01 21:48:46 +01:00
listAll := flag.Bool("list-all", false, "print the complete list of available resolvers, ignoring filters")
-list -json now prints the list of available servers as JSON Can be useful for GUIs, especially since this includes the description
2018-01-31 09:42:56 +01:00
jsonOutput := flag.Bool("json", false, "output list as JSON")
Add -check
2018-02-19 18:35:06 +01:00
check := flag.Bool("check", false, "check the configuration file and exit")
Mainly revert 869d44c30ed684d21150c63d2b27a25e56fad5f2 Fixing #304 doesn't look trivial The service module needs to know the arguments right away. The arguments haven't been parsed yet. And if we do, we will prevent further arguments to be added to the set. Including the ones added by the service module itself. So, we have quite of a circular dependency here. If someone with some Go knowledge can fix that, that would be amazing. But it's probably never going to happen. Meanwhile, we can try to save the current directory and document that we have to be in that directory when running the install command. Which is not going to work on Windows, so this is a big fucking mess
2018-04-03 20:15:33 +02:00
configFile := flag.String("config", DefaultConfigFileName, "Path to the configuration file")
Keep the process running in foreground to avoid a breaking change/allow monitoring This currently doesn't replace the previous process. Maybe there is a way to achieve this in Go. Need to look closer at os.exec Also start-child -> child
2018-06-13 17:24:16 +02:00
child := flag.Bool("child", false, "Invokes program as a child process")
Make the network timeout configuration via the command line Fixes #619
2018-11-15 14:24:26 +01:00
netprobeTimeoutOverride := flag.Int("netprobe-timeout", 30, "Override the netprobe timeout")
Mainly revert 869d44c30ed684d21150c63d2b27a25e56fad5f2 Fixing #304 doesn't look trivial The service module needs to know the arguments right away. The arguments haven't been parsed yet. And if we do, we will prevent further arguments to be added to the set. Including the ones added by the service module itself. So, we have quite of a circular dependency here. If someone with some Go knowledge can fix that, that would be amazing. But it's probably never going to happen. Meanwhile, we can try to save the current directory and document that we have to be in that directory when running the install command. Which is not going to work on Windows, so this is a big fucking mess
2018-04-03 20:15:33 +02:00
Get the path to the config file from the command line
2018-01-10 13:40:50 +01:00
flag.Parse()
Mainly revert 869d44c30ed684d21150c63d2b27a25e56fad5f2 Fixing #304 doesn't look trivial The service module needs to know the arguments right away. The arguments haven't been parsed yet. And if we do, we will prevent further arguments to be added to the set. Including the ones added by the service module itself. So, we have quite of a circular dependency here. If someone with some Go knowledge can fix that, that would be amazing. But it's probably never going to happen. Meanwhile, we can try to save the current directory and document that we have to be in that directory when running the install command. Which is not going to work on Windows, so this is a big fucking mess
2018-04-03 20:15:33 +02:00
Support installation as a service
2018-01-17 11:28:43 +01:00
if *svcFlag == "stop" || *svcFlag == "uninstall" {
return nil
}
Revert "Add a -v flag" This reverts commit d8c95aaca8fafef6afe7b0e35df40d48edc1b4b7.
2018-04-06 03:03:27 +02:00
if *version {
Add a -version command-line switch to print the version Fixes #2
2018-01-18 12:22:25 +01:00
fmt.Println(AppVersion)
os.Exit(0)
}
Add a simple built-in DNS client for testing
2018-01-21 18:02:32 +01:00
if resolve != nil && len(*resolve) > 0 {
Resolve(*resolve)
os.Exit(0)
}
Mainly revert 869d44c30ed684d21150c63d2b27a25e56fad5f2 Fixing #304 doesn't look trivial The service module needs to know the arguments right away. The arguments haven't been parsed yet. And if we do, we will prevent further arguments to be added to the set. Including the ones added by the service module itself. So, we have quite of a circular dependency here. If someone with some Go knowledge can fix that, that would be amazing. But it's probably never going to happen. Meanwhile, we can try to save the current directory and document that we have to be in that directory when running the install command. Which is not going to work on Windows, so this is a big fucking mess
2018-04-03 20:15:33 +02:00
foundConfigFile, err := findConfigFile(configFile)
if err != nil {
dlog.Fatalf("Unable to load the configuration file [%s] -- Maybe use the -config command-line switch?", *configFile)
}
Add a config file
2018-01-10 12:01:49 +01:00
config := newConfig()
Mainly revert 869d44c30ed684d21150c63d2b27a25e56fad5f2 Fixing #304 doesn't look trivial The service module needs to know the arguments right away. The arguments haven't been parsed yet. And if we do, we will prevent further arguments to be added to the set. Including the ones added by the service module itself. So, we have quite of a circular dependency here. If someone with some Go knowledge can fix that, that would be amazing. But it's probably never going to happen. Meanwhile, we can try to save the current directory and document that we have to be in that directory when running the install command. Which is not going to work on Windows, so this is a big fucking mess
2018-04-03 20:15:33 +02:00
md, err := toml.DecodeFile(foundConfigFile, &config)
Error out if unknown properties are found in the config file And thanks to this, an inconsistency in the example config file vs the parser was found (`timeout` vs `timeout_ms`). Fixes #113
2018-02-10 21:19:40 +01:00
if err != nil {
Add a config file
2018-01-10 12:01:49 +01:00
return err
}
Error out if unknown properties are found in the config file And thanks to this, an inconsistency in the example config file vs the parser was found (`timeout` vs `timeout_ms`). Fixes #113
2018-02-10 21:19:40 +01:00
undecoded := md.Undecoded()
if len(undecoded) > 0 {
return fmt.Errorf("Unsupported key in configuration file: [%s]", undecoded[0])
}
Mainly revert 869d44c30ed684d21150c63d2b27a25e56fad5f2 Fixing #304 doesn't look trivial The service module needs to know the arguments right away. The arguments haven't been parsed yet. And if we do, we will prevent further arguments to be added to the set. Including the ones added by the service module itself. So, we have quite of a circular dependency here. If someone with some Go knowledge can fix that, that would be amazing. But it's probably never going to happen. Meanwhile, we can try to save the current directory and document that we have to be in that directory when running the install command. Which is not going to work on Windows, so this is a big fucking mess
2018-04-03 20:15:33 +02:00
cdFileDir(foundConfigFile)
More flexible logging; add support for the Windows event log
2018-01-19 20:06:04 +01:00
if config.LogLevel >= 0 && config.LogLevel < int(dlog.SeverityLast) {
dlog.SetLogLevel(dlog.Severity(config.LogLevel))
}
Print stamps; require an env variable for debug level
2018-01-20 13:56:26 +01:00
if dlog.LogLevel() <= dlog.SeverityDebug && os.Getenv("DEBUG") == "" {
dlog.SetLogLevel(dlog.SeverityInfo)
}
More flexible logging; add support for the Windows event log
2018-01-19 20:06:04 +01:00
if config.UseSyslog {
dlog.UseSyslog(true)
} else if config.LogFile != nil {
dlog.UseLogFile(*config.LogFile)
Drop privileges with exec (#467) * Drop privileges with exec and SysProcAttr * Fix windows build * Fix passing logfile fd
2018-06-13 16:52:41 +02:00
if !*child {
FileDescriptors = append(FileDescriptors, dlog.GetFileDescriptor())
} else {
FileDescriptorNum++
dlog.SetFileDescriptor(os.NewFile(uintptr(3), "logFile"))
}
More flexible logging; add support for the Windows event log
2018-01-19 20:06:04 +01:00
}
Add automatic log files rotation Fixes #172
2018-03-02 10:34:00 +01:00
proxy.logMaxSize = config.LogMaxSize
proxy.logMaxAge = config.LogMaxAge
proxy.logMaxBackups = config.LogMaxBackups
No need to initialize xTransport before we have all the parameters
2018-04-07 22:33:11 +02:00
Store the userName value again
2018-07-07 19:58:37 +02:00
proxy.userName = config.UserName
Drop privileges with exec (#467) * Drop privileges with exec and SysProcAttr * Fix windows build * Fix passing logfile fd
2018-06-13 16:52:41 +02:00
proxy.child = *child
No need to initialize xTransport before we have all the parameters
2018-04-07 22:33:11 +02:00
proxy.xTransport = NewXTransport()
Add options to set the cipher suite as well as disable session tickets
2018-04-07 22:23:29 +02:00
proxy.xTransport.tlsDisableSessionTickets = config.TLSDisableSessionTickets
proxy.xTransport.tlsCipherSuite = config.TLSCipherSuite
Use a fallback resolver if the local DNS configuration doesn't work This should fix all chicken-and-egg issues
2018-01-30 15:46:21 +01:00
proxy.xTransport.fallbackResolver = config.FallbackResolver
Add an option to always ignore the system resolver This makes startup faster when DoH resolvers without a static IP are used (Google).
2018-01-30 17:37:35 +01:00
if len(config.FallbackResolver) > 0 {
proxy.xTransport.ignoreSystemDNS = config.IgnoreSystemDNS
}
When using a fallback resolver, favor IPv6 for DoH servers if use_ipv6 is set Fixes #153
2018-03-21 09:05:30 +01:00
proxy.xTransport.useIPv4 = config.SourceIPv4
proxy.xTransport.useIPv6 = config.SourceIPv6
Make the keepalive configurable Fixes #300
2018-04-02 01:49:09 +02:00
proxy.xTransport.keepAlive = time.Duration(config.KeepAlive) * time.Second
Add support for HTTP/HTTPS proxies Fixes #638
2018-11-15 18:47:33 +01:00
if len(config.HTTPProxyURL) > 0 {
httpProxyURL, err := url.Parse(config.HTTPProxyURL)
if err != nil {
dlog.Fatalf("Unable to parse the HTTP proxy URL [%v]", config.HTTPProxyURL)
}
proxy.xTransport.httpProxyFunction = http.ProxyURL(httpProxyURL)
}
Add built-in support for Tor
2018-06-06 15:54:51 +02:00
if len(config.Proxy) > 0 {
proxyDialerURL, err := url.Parse(config.Proxy)
if err != nil {
Add support for HTTP/HTTPS proxies Fixes #638
2018-11-15 18:47:33 +01:00
dlog.Fatalf("Unable to parse the proxy URL [%v]", config.Proxy)
Add built-in support for Tor
2018-06-06 15:54:51 +02:00
}
proxyDialer, err := netproxy.FromURL(proxyDialerURL, netproxy.Direct)
if err != nil {
dlog.Fatalf("Unable to use the proxy: [%v]", err)
}
proxy.xTransport.proxyDialer = &proxyDialer
}
Add options to set the cipher suite as well as disable session tickets
2018-04-07 22:23:29 +02:00
proxy.xTransport.rebuildTransport()
Spacing
2018-04-07 22:33:40 +02:00
Add a config file
2018-01-10 12:01:49 +01:00
proxy.timeout = time.Duration(config.Timeout) * time.Millisecond
Add max_clients to cap the maximum number of client queries
2018-01-24 16:51:26 +01:00
proxy.maxClients = config.MaxClients
Add a config file
2018-01-10 12:01:49 +01:00
proxy.mainProto = "udp"
if config.ForceTCP {
proxy.mainProto = "tcp"
}
proxy.certRefreshDelay = time.Duration(config.CertRefreshDelay) * time.Minute
Retry more frequently if we don't have any useable certificates This will ahve to be done at startup time as well.
2018-01-17 17:22:29 +01:00
proxy.certRefreshDelayAfterFailure = time.Duration(10 * time.Second)
Add an undocumented option to ignore cert timestamps
2018-01-21 18:10:38 +01:00
proxy.certIgnoreTimestamp = config.CertIgnoreTimestamp
Re-implement ephemeral keys for DNSCrypt
2018-04-09 03:12:34 +02:00
proxy.ephemeralKeys = config.EphemeralKeys
Add a config file
2018-01-10 12:01:49 +01:00
if len(config.ListenAddresses) == 0 {
Do not consider the absence a listening sockets an error Because systemd. Fixes #64
2018-02-01 16:59:09 +01:00
dlog.Debug("No local IP/port configured")
Add a config file
2018-01-10 12:01:49 +01:00
}
Make the load-balancing strategy configurable
2018-02-04 21:23:39 +01:00
lbStrategy := DefaultLBStrategy
switch strings.ToLower(config.LBStrategy) {
Don't warn if lbStrategy is empty
2018-02-05 01:53:23 +01:00
case "":
// default
Make the load-balancing strategy configurable
2018-02-04 21:23:39 +01:00
case "p2":
lbStrategy = LBStrategyP2
case "ph":
lbStrategy = LBStrategyPH
case "fastest":
lbStrategy = LBStrategyFastest
case "random":
lbStrategy = LBStrategyRandom
default:
dlog.Warnf("Unknown load balancing strategy: [%s]", config.LBStrategy)
}
proxy.serversInfo.lbStrategy = lbStrategy
Add a config file
2018-01-10 12:01:49 +01:00
proxy.listenAddresses = config.ListenAddresses
proxy.daemonize = config.Daemonize
Implement the IPv6 block plugin
2018-01-10 17:23:20 +01:00
proxy.pluginBlockIPv6 = config.BlockIPv6
Start implementing a basic cache
2018-01-10 18:32:05 +01:00
proxy.cache = config.Cache
Add configuration cache size and other parameters
2018-01-10 19:32:56 +01:00
proxy.cacheSize = config.CacheSize
Add cache_neg_min_ttl and cache_neg_max_ttl
2018-04-17 00:24:49 +02:00
if config.CacheNegTTL > 0 {
proxy.cacheNegMinTTL = config.CacheNegTTL
proxy.cacheNegMaxTTL = config.CacheNegTTL
} else {
proxy.cacheNegMinTTL = config.CacheNegMinTTL
proxy.cacheNegMaxTTL = config.CacheNegMaxTTL
}
Add configuration cache size and other parameters
2018-01-10 19:32:56 +01:00
proxy.cacheMinTTL = config.CacheMinTTL
proxy.cacheMaxTTL = config.CacheMaxTTL
Add the ability to log blocked queries
2018-01-17 17:03:42 +01:00
Implement query logging
2018-01-16 00:23:16 +01:00
if len(config.QueryLog.Format) == 0 {
config.QueryLog.Format = "tsv"
} else {
config.QueryLog.Format = strings.ToLower(config.QueryLog.Format)
}
Add support for LTSV query logging
2018-01-16 18:10:04 +01:00
if config.QueryLog.Format != "tsv" && config.QueryLog.Format != "ltsv" {
Implement query logging
2018-01-16 00:23:16 +01:00
return errors.New("Unsupported query log format")
}
proxy.queryLogFile = config.QueryLog.File
proxy.queryLogFormat = config.QueryLog.Format
Replace logged_qtypes with ignored_qtypes
2018-01-20 13:27:37 +01:00
proxy.queryLogIgnoredQtypes = config.QueryLog.IgnoredQtypes
Add the ability to log blocked queries
2018-01-17 17:03:42 +01:00
NXLOG: a new output plugin to log suspicious queries
2018-01-20 16:59:40 +01:00
if len(config.NxLog.Format) == 0 {
config.NxLog.Format = "tsv"
} else {
config.NxLog.Format = strings.ToLower(config.NxLog.Format)
}
if config.NxLog.Format != "tsv" && config.NxLog.Format != "ltsv" {
return errors.New("Unsupported NX log format")
}
proxy.nxLogFile = config.NxLog.File
proxy.nxLogFormat = config.NxLog.Format
Add the ability to log blocked queries
2018-01-17 17:03:42 +01:00
if len(config.BlockName.Format) == 0 {
config.BlockName.Format = "tsv"
} else {
config.BlockName.Format = strings.ToLower(config.BlockName.Format)
}
if config.BlockName.Format != "tsv" && config.BlockName.Format != "ltsv" {
return errors.New("Unsupported block log format")
}
Implement blocking, fully compatible with rules from version 1
2018-01-17 02:40:47 +01:00
proxy.blockNameFile = config.BlockName.File
Add the ability to log blocked queries
2018-01-17 17:03:42 +01:00
proxy.blockNameFormat = config.BlockName.Format
proxy.blockNameLogFile = config.BlockName.LogFile
Implement whitelists Fixes #293
2018-04-07 23:02:40 +02:00
if len(config.WhitelistName.Format) == 0 {
config.WhitelistName.Format = "tsv"
} else {
config.WhitelistName.Format = strings.ToLower(config.WhitelistName.Format)
}
if config.WhitelistName.Format != "tsv" && config.WhitelistName.Format != "ltsv" {
return errors.New("Unsupported whitelist log format")
}
proxy.whitelistNameFile = config.WhitelistName.File
proxy.whitelistNameFormat = config.WhitelistName.Format
proxy.whitelistNameLogFile = config.WhitelistName.LogFile
IP blocking
2018-01-21 16:07:44 +01:00
if len(config.BlockIP.Format) == 0 {
config.BlockIP.Format = "tsv"
} else {
config.BlockIP.Format = strings.ToLower(config.BlockIP.Format)
}
if config.BlockIP.Format != "tsv" && config.BlockIP.Format != "ltsv" {
return errors.New("Unsupported IP block log format")
}
proxy.blockIPFile = config.BlockIP.File
proxy.blockIPFormat = config.BlockIP.Format
proxy.blockIPLogFile = config.BlockIP.LogFile
Forwarding plugin
2018-01-17 09:44:03 +01:00
proxy.forwardFile = config.ForwardFile
Add a new powerful plugin: DNS cloaking
2018-02-04 01:43:37 +01:00
proxy.cloakFile = config.CloakFile
Add require_nolog and require_dnssec filters
2018-01-18 13:01:16 +01:00
Time access restrictions [WIP] Because my daughter spends way too much time on Youtube Because people have been asking OpenDNS to implement this for the past 10 years Because existing tools suck Because I want something flexible, where every rule can be assigned a schedule
2018-01-31 23:08:38 +01:00
allWeeklyRanges, err := ParseAllWeeklyRanges(config.AllWeeklyRanges)
if err != nil {
phew
2018-01-31 22:49:40 +01:00
return err
}
Time access restrictions [WIP] Because my daughter spends way too much time on Youtube Because people have been asking OpenDNS to implement this for the past 10 years Because existing tools suck Because I want something flexible, where every rule can be assigned a schedule
2018-01-31 23:08:38 +01:00
proxy.allWeeklyRanges = allWeeklyRanges
bleh
2018-01-31 22:18:11 +01:00
Add a -list-all switch; add IPv6 & port number info to the JSON output
2018-02-01 21:48:46 +01:00
if *listAll {
Clear ServerName for -list-all Suggested by @glitsj16, thanks! Fixes #71
2018-02-02 14:51:14 +01:00
config.ServerNames = nil
Add a -list-all switch; add IPv6 & port number info to the JSON output
2018-02-01 21:48:46 +01:00
config.SourceRequireDNSSEC = false
config.SourceRequireNoFilter = false
config.SourceRequireNoLog = false
config.SourceIPv4 = true
config.SourceIPv6 = true
April 1st is already over in some time zones :) This reverts commit dac52ab42ab4d3c61df4a2c70f3cef298fc21220.
2018-04-01 16:35:32 +02:00
config.SourceDNSCrypt = true
Add knobs to filter by protocol
2018-02-06 14:11:58 +01:00
config.SourceDoH = true
Add a -list-all switch; add IPv6 & port number info to the JSON output
2018-02-01 21:48:46 +01:00
}
Make the network timeout configuration via the command line Fixes #619
2018-11-15 14:24:26 +01:00
netprobeTimeout := config.NetprobeTimeout
Do not always override the netprobe_timeout option from config file Fixes #641
2018-11-16 18:13:39 +01:00
flag.Visit(func(flag *flag.Flag) {
if flag.Name == "netprobe-timeout" && netprobeTimeoutOverride != nil {
netprobeTimeout = *netprobeTimeoutOverride
}
})
Make the network timeout configuration via the command line Fixes #619
2018-11-15 14:24:26 +01:00
netProbe(config.NetprobeAddress, netprobeTimeout)
Implement an offline mode Fixes #528
2018-07-05 18:05:24 +02:00
if !config.OfflineMode {
if err := config.loadSources(proxy); err != nil {
return err
}
if len(proxy.registeredServers) == 0 {
return errors.New("No servers configured")
}
Split ConfigLoad()
2018-01-31 08:27:59 +01:00
}
Add a -list-all switch; add IPv6 & port number info to the JSON output
2018-02-01 21:48:46 +01:00
if *list || *listAll {
-list -json now prints the list of available servers as JSON Can be useful for GUIs, especially since this includes the description
2018-01-31 09:42:56 +01:00
config.printRegisteredServers(proxy, *jsonOutput)
Split ConfigLoad()
2018-01-31 08:27:59 +01:00
os.Exit(0)
}
Add -check
2018-02-19 18:35:06 +01:00
if *check {
dlog.Notice("Configuration successfully checked")
os.Exit(0)
}
Split ConfigLoad()
2018-01-31 08:27:59 +01:00
return nil
}
-list -json now prints the list of available servers as JSON Can be useful for GUIs, especially since this includes the description
2018-01-31 09:42:56 +01:00
func (config *Config) printRegisteredServers(proxy *Proxy, jsonOutput bool) {
var summary []ServerSummary
for _, registeredServer := range proxy.registeredServers {
Split stamps into package
2018-04-14 15:03:21 +02:00
addrStr, port := registeredServer.stamp.ServerAddrStr, stamps.DefaultPort
Don't assume that DoH servers use port 443
2018-03-28 11:52:04 +02:00
port = ExtractPort(addrStr, port)
Add the list of addresses to the -list -json output
2018-03-28 12:22:37 +02:00
addrs := make([]string, 0)
Split stamps into package
2018-04-14 15:03:21 +02:00
if registeredServer.stamp.Proto == stamps.StampProtoTypeDoH && len(registeredServer.stamp.ProviderName) > 0 {
providerName := registeredServer.stamp.ProviderName
Add the list of addresses to the -list -json output
2018-03-28 12:22:37 +02:00
var host string
host, port = ExtractHostAndPort(providerName, port)
addrs = append(addrs, host)
}
if len(addrStr) > 0 {
addrs = append(addrs, ExtractHost(addrStr))
Add a -list-all switch; add IPv6 & port number info to the JSON output
2018-02-01 21:48:46 +01:00
}
-list -json now prints the list of available servers as JSON Can be useful for GUIs, especially since this includes the description
2018-01-31 09:42:56 +01:00
serverSummary := ServerSummary{
Name: registeredServer.name,
Split stamps into package
2018-04-14 15:03:21 +02:00
Proto: registeredServer.stamp.Proto.String(),
Add a -list-all switch; add IPv6 & port number info to the JSON output
2018-02-01 21:48:46 +01:00
IPv6: strings.HasPrefix(addrStr, "["),
Ports: []int{port},
Add the list of addresses to the -list -json output
2018-03-28 12:22:37 +02:00
Addrs: addrs,
Split stamps into package
2018-04-14 15:03:21 +02:00
DNSSEC: registeredServer.stamp.Props&stamps.ServerInformalPropertyDNSSEC != 0,
NoLog: registeredServer.stamp.Props&stamps.ServerInformalPropertyNoLog != 0,
NoFilter: registeredServer.stamp.Props&stamps.ServerInformalPropertyNoFilter != 0,
-list -json now prints the list of available servers as JSON Can be useful for GUIs, especially since this includes the description
2018-01-31 09:42:56 +01:00
Description: registeredServer.description,
}
if jsonOutput {
summary = append(summary, serverSummary)
} else {
fmt.Println(serverSummary.Name)
}
}
if jsonOutput {
jsonStr, err := json.MarshalIndent(summary, "", " ")
if err != nil {
dlog.Fatal(err)
}
fmt.Print(string(jsonStr))
}
}
Split ConfigLoad()
2018-01-31 08:27:59 +01:00
func (config *Config) loadSources(proxy *Proxy) error {
Split stamps into package
2018-04-14 15:03:21 +02:00
var requiredProps stamps.ServerInformalProperties
Add require_nolog and require_dnssec filters
2018-01-18 13:01:16 +01:00
if config.SourceRequireDNSSEC {
Split stamps into package
2018-04-14 15:03:21 +02:00
requiredProps |= stamps.ServerInformalPropertyDNSSEC
Add require_nolog and require_dnssec filters
2018-01-18 13:01:16 +01:00
}
if config.SourceRequireNoLog {
Split stamps into package
2018-04-14 15:03:21 +02:00
requiredProps |= stamps.ServerInformalPropertyNoLog
Add require_nolog and require_dnssec filters
2018-01-18 13:01:16 +01:00
}
Implement the nofilter filter
2018-01-30 19:13:50 +01:00
if config.SourceRequireNoFilter {
Split stamps into package
2018-04-14 15:03:21 +02:00
requiredProps |= stamps.ServerInformalPropertyNoFilter
Implement the nofilter filter
2018-01-30 19:13:50 +01:00
}
NXLOG: a new output plugin to log suspicious queries
2018-01-20 16:59:40 +01:00
for cfgSourceName, cfgSource := range config.SourcesConfig {
Nits
2018-01-31 08:38:22 +01:00
if err := config.loadSource(proxy, requiredProps, cfgSourceName, &cfgSource); err != nil {
Split ConfigLoad a bit more
2018-01-31 08:32:44 +01:00
return err
Restrict the set of resolvers used from a remote source
2018-01-14 00:08:46 +01:00
}
Add a config file
2018-01-10 12:01:49 +01:00
}
Use all resolvers simultaneously, even the ones from remote sources. Fireworks!
2018-01-17 21:41:36 +01:00
if len(config.ServerNames) == 0 {
for serverName := range config.ServersConfig {
config.ServerNames = append(config.ServerNames, serverName)
}
}
Add a config file
2018-01-10 12:01:49 +01:00
for _, serverName := range config.ServerNames {
ServerConfig -> StaticConfig to match the config file
2018-01-31 08:43:49 +01:00
staticConfig, ok := config.ServersConfig[serverName]
Add a config file
2018-01-10 12:01:49 +01:00
if !ok {
Restrict the set of resolvers used from a remote source
2018-01-14 00:08:46 +01:00
continue
Add a config file
2018-01-10 12:01:49 +01:00
}
ServerConfig -> StaticConfig to match the config file
2018-01-31 08:43:49 +01:00
if len(staticConfig.Stamp) == 0 {
Require stamps in static server definitions Provider names, etc. are not future-proof. In particular, they are incompatible with other protocols such as DoH.
2018-01-22 09:59:32 +01:00
dlog.Fatalf("Missing stamp for the static [%s] definition", serverName)
Preliminary implementation of stamps
2018-01-20 14:13:11 +01:00
}
Split stamps into package
2018-04-14 15:03:21 +02:00
stamp, err := stamps.NewServerStampFromString(staticConfig.Stamp)
Preliminary implementation of stamps
2018-01-20 14:13:11 +01:00
if err != nil {
return err
Add a config file
2018-01-10 12:01:49 +01:00
}
Split ConfigLoad()
2018-01-31 08:27:59 +01:00
proxy.registeredServers = append(proxy.registeredServers, RegisteredServer{name: serverName, stamp: stamp})
Add a -list option to display the list of available resolvers
2018-01-30 17:51:47 +01:00
}
Add a config file
2018-01-10 12:01:49 +01:00
return nil
}
Restrict the set of resolvers used from a remote source
2018-01-14 00:08:46 +01:00
Split stamps into package
2018-04-14 15:03:21 +02:00
func (config *Config) loadSource(proxy *Proxy, requiredProps stamps.ServerInformalProperties, cfgSourceName string, cfgSource *SourceConfig) error {
Support multiple URLs for a given source Fixes #265
2018-03-28 13:36:19 +02:00
if len(cfgSource.URLs) == 0 {
if len(cfgSource.URL) == 0 {
dlog.Debugf("Missing URLs for source [%s]", cfgSourceName)
} else {
cfgSource.URLs = []string{cfgSource.URL}
}
Split ConfigLoad a bit more
2018-01-31 08:32:44 +01:00
}
if cfgSource.MinisignKeyStr == "" {
return fmt.Errorf("Missing Minisign key for source [%s]", cfgSourceName)
}
if cfgSource.CacheFile == "" {
return fmt.Errorf("Missing cache file for source [%s]", cfgSourceName)
}
if cfgSource.FormatStr == "" {
Accept sources without an URL; use v2 format by default for remote sources
2018-01-31 14:23:44 +01:00
cfgSource.FormatStr = "v2"
Split ConfigLoad a bit more
2018-01-31 08:32:44 +01:00
}
if cfgSource.RefreshDelay <= 0 {
Set the default source refresh delay to 3 days
2018-02-03 18:55:46 +01:00
cfgSource.RefreshDelay = 72
Split ConfigLoad a bit more
2018-01-31 08:32:44 +01:00
}
Support multiple URLs for a given source Fixes #265
2018-03-28 13:36:19 +02:00
source, sourceUrlsToPrefetch, err := NewSource(proxy.xTransport, cfgSource.URLs, cfgSource.MinisignKeyStr, cfgSource.CacheFile, cfgSource.FormatStr, time.Duration(cfgSource.RefreshDelay)*time.Hour)
Split ConfigLoad a bit more
2018-01-31 08:32:44 +01:00
proxy.urlsToPrefetch = append(proxy.urlsToPrefetch, sourceUrlsToPrefetch...)
if err != nil {
Tiny typo in error message (#350) Tiny typo, missing TO in "Unable to use source"
2018-04-12 10:05:58 +02:00
dlog.Criticalf("Unable to use source [%s]: [%s]", cfgSourceName, err)
Split ConfigLoad a bit more
2018-01-31 08:32:44 +01:00
return nil
}
registeredServers, err := source.Parse(cfgSource.Prefix)
if err != nil {
Tiny typo in error message (#350) Tiny typo, missing TO in "Unable to use source"
2018-04-12 10:05:58 +02:00
dlog.Criticalf("Unable to use source [%s]: [%s]", cfgSourceName, err)
Split ConfigLoad a bit more
2018-01-31 08:32:44 +01:00
return nil
}
for _, registeredServer := range registeredServers {
if len(config.ServerNames) > 0 {
if !includesName(config.ServerNames, registeredServer.name) {
continue
}
Split stamps into package
2018-04-14 15:03:21 +02:00
} else if registeredServer.stamp.Props&requiredProps != requiredProps {
-list -json now prints the list of available servers as JSON Can be useful for GUIs, especially since this includes the description
2018-01-31 09:42:56 +01:00
continue
Split ConfigLoad a bit more
2018-01-31 08:32:44 +01:00
}
if config.SourceIPv4 || config.SourceIPv6 {
isIPv4, isIPv6 := true, false
Split stamps into package
2018-04-14 15:03:21 +02:00
if registeredServer.stamp.Proto == stamps.StampProtoTypeDoH {
Don't assume IPv6 or IPv4 about DoH servers
2018-03-21 08:48:57 +01:00
isIPv4, isIPv6 = true, true
}
Split stamps into package
2018-04-14 15:03:21 +02:00
if strings.HasPrefix(registeredServer.stamp.ServerAddrStr, "[") {
Split ConfigLoad a bit more
2018-01-31 08:32:44 +01:00
isIPv4, isIPv6 = false, true
}
if !(config.SourceIPv4 == isIPv4 || config.SourceIPv6 == isIPv6) {
continue
}
}
Split stamps into package
2018-04-14 15:03:21 +02:00
if !((config.SourceDNSCrypt && registeredServer.stamp.Proto == stamps.StampProtoTypeDNSCrypt) ||
(config.SourceDoH && registeredServer.stamp.Proto == stamps.StampProtoTypeDoH)) {
Add knobs to filter by protocol
2018-02-06 14:11:58 +01:00
continue
}
Split ConfigLoad a bit more
2018-01-31 08:32:44 +01:00
dlog.Debugf("Adding [%s] to the set of wanted resolvers", registeredServer.name)
proxy.registeredServers = append(proxy.registeredServers, registeredServer)
}
return nil
}
Restrict the set of resolvers used from a remote source
2018-01-14 00:08:46 +01:00
func includesName(names []string, name string) bool {
for _, found := range names {
if strings.EqualFold(found, name) {
return true
}
}
return false
}
Check if the config file exists from the current directory Try the executable directory if it fails Then, go to that config file directory no matter what Fixes #80
2018-02-03 10:46:47 +01:00
func cdFileDir(fileName string) {
os.Chdir(filepath.Dir(fileName))
}
func cdLocal() {
exeFileName, err := os.Executable()
if err != nil {
dlog.Warnf("Unable to determine the executable directory: [%s] -- You will need to specify absolute paths in the configuration file", err)
return
}
os.Chdir(filepath.Dir(exeFileName))
}
Wait for network connectivity before starting the proxy
2018-05-10 21:59:25 +02:00
func netProbe(address string, timeout int) error {
if len(address) <= 0 || timeout <= 0 {
return nil
}
remoteUDPAddr, err := net.ResolveUDPAddr("udp", address)
if err != nil {
return err
}
retried := false
for tries := timeout; tries > 0; tries-- {
pc, err := net.DialUDP("udp", nil, remoteUDPAddr)
if err != nil {
if !retried {
retried = true
dlog.Notice("Network not available yet -- waiting...")
}
dlog.Debug(err)
time.Sleep(1 * time.Second)
continue
}
pc.Close()
if retried {
dlog.Notice("Network connectivity detected")
}
return nil
}
es := "Timeout while waiting for network connectivity"
dlog.Error(es)
return errors.New(es)
}