miracle091/dnscrypt-proxy
miracle091
/
dnscrypt-proxy
mirror of https://github.com/DNSCrypt/dnscrypt-proxy.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Support workarounds for ancient/broken implementations 

Fixes #984
This commit is contained in:
Frank Denis 2019-11-16 18:51:16 +01:00
parent f76e0fd8cf
commit 15b405b552
5 changed files with 90 additions and 47 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
dnscrypt-proxy/config.go
View File

@ -63,6 +63,7 @@ type Config struct {
CloakFile string `toml:"cloaking_rules"` CloakFile string `toml:"cloaking_rules"`
StaticsConfig map[string]StaticConfig `toml:"static"` StaticsConfig map[string]StaticConfig `toml:"static"`
SourcesConfig map[string]SourceConfig `toml:"sources"` SourcesConfig map[string]SourceConfig `toml:"sources"`
BrokenImplementations BrokenImplementationsConfig `toml:"broken_implementations"`
SourceRequireDNSSEC bool `toml:"require_dnssec"` SourceRequireDNSSEC bool `toml:"require_dnssec"`
SourceRequireNoLog bool `toml:"require_nolog"` SourceRequireNoLog bool `toml:"require_nolog"`
SourceRequireNoFilter bool `toml:"require_nofilter"` SourceRequireNoFilter bool `toml:"require_nofilter"`
@ -181,6 +182,10 @@ type AnonymizedDNSConfig struct {
Routes []AnonymizedDNSRouteConfig `toml:"routes"` Routes []AnonymizedDNSRouteConfig `toml:"routes"`
} }
type BrokenImplementationsConfig struct {
IncorrectPadding []string `toml:"incorrect_padding"`
}
type ServerSummary struct { type ServerSummary struct {
Name string `json:"name"` Name string `json:"name"`
Proto string `json:"proto"` Proto string `json:"proto"`
@ -436,6 +441,7 @@ func ConfigLoad(proxy *Proxy, flags *ConfigFlags) error {
} }
proxy.routes = &routes proxy.routes = &routes
} }
proxy.serversWithIncorrectPadding = config.BrokenImplementations.IncorrectPadding
if *flags.ListAll { if *flags.ListAll {
config.ServerNames = nil config.ServerNames = nil

2
dnscrypt-proxy/crypto.go
View File

@ -79,6 +79,7 @@ func (proxy *Proxy) Encrypt(serverInfo *ServerInfo, packet []byte, proto string)
publicKey = &proxy.proxyPublicKey publicKey = &proxy.proxyPublicKey
} }
minQuestionSize := QueryOverhead + len(packet) minQuestionSize := QueryOverhead + len(packet)
if !serverInfo.knownBugs.incorrectPadding {
if proto == "udp" { if proto == "udp" {
minQuestionSize = Max(proxy.questionSizeEstimator.MinQuestionSize(), minQuestionSize) minQuestionSize = Max(proxy.questionSizeEstimator.MinQuestionSize(), minQuestionSize)
} else { } else {
@ -86,6 +87,7 @@ func (proxy *Proxy) Encrypt(serverInfo *ServerInfo, packet []byte, proto string)
rand.Read(xpad[:]) rand.Read(xpad[:])
minQuestionSize += int(xpad[0]) minQuestionSize += int(xpad[0])
} }
}
paddedLength := Min(MaxDNSUDPPacketSize, (Max(minQuestionSize, QueryOverhead)+63) & ^63) paddedLength := Min(MaxDNSUDPPacketSize, (Max(minQuestionSize, QueryOverhead)+63) & ^63)
if serverInfo.RelayUDPAddr != nil && proto == "tcp" { if serverInfo.RelayUDPAddr != nil && proto == "tcp" {
// XXX - Note: Cisco's broken implementation doesn't accept more than 1472 bytes // XXX - Note: Cisco's broken implementation doesn't accept more than 1472 bytes

16
dnscrypt-proxy/example-dnscrypt-proxy.toml
View File

@ -567,6 +567,22 @@ cache_neg_max_ttl = 600
# minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3' # minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3'
#########################################
# Servers with known bugs #
#########################################
[broken_implementations]
# Cisco servers currently cannot handle queries larger than 1472 bytes.
# This prevents large DNSCrypt responses from being received, and breaks relaying.
incorrect_padding = ['cisco', 'cisco-ipv6', 'cisco-familyshield']
################################ ################################
# Anonymized DNS # # Anonymized DNS #
################################ ################################

1
dnscrypt-proxy/proxy.go
View File

@ -71,6 +71,7 @@ type Proxy struct {
blockedQueryResponse string blockedQueryResponse string
queryMeta []string queryMeta []string
routes *map[string][]string routes *map[string][]string
serversWithIncorrectPadding []string
showCerts bool showCerts bool
} }

18
dnscrypt-proxy/serversInfo.go
View File

@ -31,6 +31,10 @@ type RegisteredServer struct {
description string description string
} }
type ServerBugs struct {
incorrectPadding bool
}
type ServerInfo struct { type ServerInfo struct {
Proto stamps.StampProtoType Proto stamps.StampProtoType
MagicQuery [8]byte MagicQuery [8]byte
@ -45,6 +49,7 @@ type ServerInfo struct {
TCPAddr *net.TCPAddr TCPAddr *net.TCPAddr
RelayUDPAddr *net.UDPAddr RelayUDPAddr *net.UDPAddr
RelayTCPAddr *net.TCPAddr RelayTCPAddr *net.TCPAddr
knownBugs ServerBugs
lastActionTS time.Time lastActionTS time.Time
rtt ewma.MovingAverage rtt ewma.MovingAverage
initialRtt int initialRtt int
@ -293,7 +298,19 @@ func fetchDNSCryptServerInfo(proxy *Proxy, name string, stamp stamps.ServerStamp
dlog.Warnf("Public key [%s] shouldn't be hex-encoded any more", string(stamp.ServerPk)) dlog.Warnf("Public key [%s] shouldn't be hex-encoded any more", string(stamp.ServerPk))
stamp.ServerPk = serverPk stamp.ServerPk = serverPk
} }
knownBugs := ServerBugs{}
for _, buggyServerName := range proxy.serversWithIncorrectPadding {
if buggyServerName == name {
knownBugs.incorrectPadding = true
dlog.Infof("Known bug in [%v]: padding is not correctly implemented", name)
break
}
}
relayUDPAddr, relayTCPAddr, err := route(proxy, name) relayUDPAddr, relayTCPAddr, err := route(proxy, name)
if knownBugs.incorrectPadding && (relayUDPAddr != nil || relayTCPAddr != nil) {
relayTCPAddr, relayUDPAddr = nil, nil
dlog.Warnf("[%v] is incompatible with anonymization", name)
}
if err != nil { if err != nil {
return ServerInfo{}, err return ServerInfo{}, err
} }
@ -322,6 +339,7 @@ func fetchDNSCryptServerInfo(proxy *Proxy, name string, stamp stamps.ServerStamp
RelayUDPAddr: relayUDPAddr, RelayUDPAddr: relayUDPAddr,
RelayTCPAddr: relayTCPAddr, RelayTCPAddr: relayTCPAddr,
initialRtt: rtt, initialRtt: rtt,
knownBugs: knownBugs,
}, nil }, nil
} }