Add support for EDNS-client-subnet

Fixes #1471
2020-09-18 00:11:26 +02:00 · 2020-09-18 00:11:26 +02:00 · 272984a640
parent 4d7f253e6b
commit 272984a640
4 changed files with 26 additions and 0 deletions
--- a/dnscrypt-proxy/config.go
+++ b/dnscrypt-proxy/config.go
@ -6,6 +6,7 @@ import (
 	"flag"
 	"fmt"
 	"math/rand"
+	"net"
 	"net/http"
 	"net/url"
 	"os"
@ -100,6 +101,7 @@ type Config struct {
 	DoHClientX509Auth        DoHClientX509AuthConfig     `toml:"doh_client_x509_auth"`
 	DoHClientX509AuthLegacy  DoHClientX509AuthConfig     `toml:"tls_client_auth"`
 	DNS64                    DNS64Config                 `toml:"dns64"`
+	EDNSClientSubnet         []string                    `toml:"edns_client_subnet"`
 }

 func newConfig() Config {
@ -459,6 +461,17 @@ func ConfigLoad(proxy *Proxy, flags *ConfigFlags) error {

 	proxy.queryMeta = config.QueryMeta

+	if len(config.EDNSClientSubnet) != 0 {
+		proxy.ednsClientSubnets = make([]*net.IPNet, 0)
+		for _, cidr := range config.EDNSClientSubnet {
+			_, net, err := net.ParseCIDR(cidr)
+			if err != nil {
+				return fmt.Errorf("Invalid EDNS-client-subnet CIDR: [%v]", cidr)
+			}
+			proxy.ednsClientSubnets = append(proxy.ednsClientSubnets, net)
+		}
+	}
+
 	if len(config.QueryLog.Format) == 0 {
 		config.QueryLog.Format = "tsv"
 	} else {
--- a/dnscrypt-proxy/example-dnscrypt-proxy.toml
+++ b/dnscrypt-proxy/example-dnscrypt-proxy.toml
@ -117,6 +117,14 @@ timeout = 5000
 keepalive = 30


+## Add EDNS-client-subnet information to outgoing queries
+##
+## Multiple networks can be listed; they will be randomly chosen.
+## These networks don't have to match your actual networks.
+
+# edns_client_subnet = ["0.0.0.0/0", "2001:db8::/32"]
+
+
 ## Response for blocked queries.  Options are `refused`, `hinfo` (default) or
 ## an IP response.  To give an IP response, use the format `a:<IPv4>,aaaa:<IPv6>`.
 ## Using the `hinfo` option means that some responses will be lies.
--- a/dnscrypt-proxy/plugins.go
+++ b/dnscrypt-proxy/plugins.go
@ -102,6 +102,9 @@ func (proxy *Proxy) InitPluginsGlobals() error {

 	*queryPlugins = append(*queryPlugins, Plugin(new(PluginFirefox)))

+	if len(proxy.ednsClientSubnets) != 0 {
+		*queryPlugins = append(*queryPlugins, Plugin(new(PluginECS)))
+	}
 	if len(proxy.blockNameFile) != 0 {
 		*queryPlugins = append(*queryPlugins, Plugin(new(PluginBlockName)))
 	}
@ -284,6 +287,7 @@ func (pluginsState *PluginsState) ApplyQueryPlugins(pluginsGlobals *PluginsGloba
 			break
 		}
 	}
+
 	packet2, err := msg.PackBuffer(packet)
 	if err != nil {
 		return packet, err
--- a/dnscrypt-proxy/proxy.go
+++ b/dnscrypt-proxy/proxy.go
@ -87,6 +87,7 @@ type Proxy struct {
 	anonDirectCertFallback         bool
 	dns64Prefixes                  []string
 	dns64Resolvers                 []string
+	ednsClientSubnets              []*net.IPNet
 }

 func (proxy *Proxy) registerUDPListener(conn *net.UDPConn) {