miracle091/dnscrypt-proxy
miracle091
/
dnscrypt-proxy
mirror of https://github.com/DNSCrypt/dnscrypt-proxy.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Add support for EDNS-client-subnet 

Fixes #1471
This commit is contained in:
Frank Denis 2020-09-18 00:11:26 +02:00
parent 4d7f253e6b
commit 272984a640
4 changed files with 26 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
dnscrypt-proxy/config.go
View File

@ -6,6 +6,7 @@ import (
"flag" "flag"
"fmt" "fmt"
"math/rand" "math/rand"
"net"
"net/http" "net/http"
"net/url" "net/url"
"os" "os"
@ -100,6 +101,7 @@ type Config struct {
DoHClientX509Auth DoHClientX509AuthConfig `toml:"doh_client_x509_auth"` DoHClientX509Auth DoHClientX509AuthConfig `toml:"doh_client_x509_auth"`
DoHClientX509AuthLegacy DoHClientX509AuthConfig `toml:"tls_client_auth"` DoHClientX509AuthLegacy DoHClientX509AuthConfig `toml:"tls_client_auth"`
DNS64 DNS64Config `toml:"dns64"` DNS64 DNS64Config `toml:"dns64"`
EDNSClientSubnet []string `toml:"edns_client_subnet"`
} }
func newConfig() Config { func newConfig() Config {
@ -459,6 +461,17 @@ func ConfigLoad(proxy *Proxy, flags *ConfigFlags) error {
proxy.queryMeta = config.QueryMeta proxy.queryMeta = config.QueryMeta
if len(config.EDNSClientSubnet) != 0 {
proxy.ednsClientSubnets = make([]*net.IPNet, 0)
for _, cidr := range config.EDNSClientSubnet {
_, net, err := net.ParseCIDR(cidr)
if err != nil {
return fmt.Errorf("Invalid EDNS-client-subnet CIDR: [%v]", cidr)
}
proxy.ednsClientSubnets = append(proxy.ednsClientSubnets, net)
}
}
if len(config.QueryLog.Format) == 0 { if len(config.QueryLog.Format) == 0 {
config.QueryLog.Format = "tsv" config.QueryLog.Format = "tsv"
} else { } else {

8
dnscrypt-proxy/example-dnscrypt-proxy.toml
View File

@ -117,6 +117,14 @@ timeout = 5000
keepalive = 30 keepalive = 30
## Add EDNS-client-subnet information to outgoing queries
##
## Multiple networks can be listed; they will be randomly chosen.
## These networks don't have to match your actual networks.
# edns_client_subnet = ["0.0.0.0/0", "2001:db8::/32"]
## Response for blocked queries. Options are `refused`, `hinfo` (default) or ## Response for blocked queries. Options are `refused`, `hinfo` (default) or
## an IP response. To give an IP response, use the format `a:<IPv4>,aaaa:<IPv6>`. ## an IP response. To give an IP response, use the format `a:<IPv4>,aaaa:<IPv6>`.
## Using the `hinfo` option means that some responses will be lies. ## Using the `hinfo` option means that some responses will be lies.

4
dnscrypt-proxy/plugins.go
View File

@ -102,6 +102,9 @@ func (proxy *Proxy) InitPluginsGlobals() error {
*queryPlugins = append(*queryPlugins, Plugin(new(PluginFirefox))) *queryPlugins = append(*queryPlugins, Plugin(new(PluginFirefox)))
if len(proxy.ednsClientSubnets) != 0 {
*queryPlugins = append(*queryPlugins, Plugin(new(PluginECS)))
}
if len(proxy.blockNameFile) != 0 { if len(proxy.blockNameFile) != 0 {
*queryPlugins = append(*queryPlugins, Plugin(new(PluginBlockName))) *queryPlugins = append(*queryPlugins, Plugin(new(PluginBlockName)))
} }
@ -284,6 +287,7 @@ func (pluginsState *PluginsState) ApplyQueryPlugins(pluginsGlobals *PluginsGloba
break break
} }
} }
packet2, err := msg.PackBuffer(packet) packet2, err := msg.PackBuffer(packet)
if err != nil { if err != nil {
return packet, err return packet, err

1
dnscrypt-proxy/proxy.go
View File

@ -87,6 +87,7 @@ type Proxy struct {
anonDirectCertFallback bool anonDirectCertFallback bool
dns64Prefixes []string dns64Prefixes []string
dns64Resolvers []string dns64Resolvers []string
ednsClientSubnets []*net.IPNet
} }
func (proxy *Proxy) registerUDPListener(conn *net.UDPConn) { func (proxy *Proxy) registerUDPListener(conn *net.UDPConn) {