mirror of
https://github.com/DNSCrypt/dnscrypt-proxy.git
synced 2024-12-29 00:30:30 +01:00
Use dlog for everything
This commit is contained in:
parent
735213f45a
commit
9a3cd91cd7
@ -7,7 +7,7 @@ import (
|
||||
"strings"
|
||||
"time"
|
||||
|
||||
"github.com/golang/glog"
|
||||
"github.com/jedisct1/dlog"
|
||||
"github.com/jedisct1/xsecretbox"
|
||||
"github.com/miekg/dns"
|
||||
"golang.org/x/crypto/ed25519"
|
||||
@ -41,15 +41,15 @@ func FetchCurrentCert(proxy *Proxy, proto string, pk ed25519.PublicKey, serverAd
|
||||
for _, answerRr := range in.Answer {
|
||||
binCert, err := packTxtString(strings.Join(answerRr.(*dns.TXT).Txt, ""))
|
||||
if err != nil {
|
||||
glog.Warningf("[%v] Unable to unpack the certificate", providerName)
|
||||
dlog.Warnf("[%v] Unable to unpack the certificate", providerName)
|
||||
continue
|
||||
}
|
||||
if len(binCert) < 124 {
|
||||
glog.Warningf("[%v] Certificate too short", providerName)
|
||||
dlog.Warnf("[%v] Certificate too short", providerName)
|
||||
continue
|
||||
}
|
||||
if !bytes.Equal(binCert[:4], CertMagic[:4]) {
|
||||
glog.Warningf("[%v] Invalid cert magic", providerName)
|
||||
dlog.Warnf("[%v] Invalid cert magic", providerName)
|
||||
continue
|
||||
}
|
||||
cryptoConstruction := CryptoConstruction(0)
|
||||
@ -59,36 +59,36 @@ func FetchCurrentCert(proxy *Proxy, proto string, pk ed25519.PublicKey, serverAd
|
||||
case 0x0002:
|
||||
cryptoConstruction = XChacha20Poly1305
|
||||
default:
|
||||
glog.Infof("[%v] Unsupported crypto construction", providerName)
|
||||
dlog.Infof("[%v] Unsupported crypto construction", providerName)
|
||||
continue
|
||||
}
|
||||
signature := binCert[8:72]
|
||||
signed := binCert[72:]
|
||||
if !ed25519.Verify(pk, signed, signature) {
|
||||
glog.Warningf("[%v] Incorrect signature", providerName)
|
||||
dlog.Warnf("[%v] Incorrect signature", providerName)
|
||||
continue
|
||||
}
|
||||
serial := binary.BigEndian.Uint32(binCert[112:116])
|
||||
tsBegin := binary.BigEndian.Uint32(binCert[116:120])
|
||||
tsEnd := binary.BigEndian.Uint32(binCert[120:124])
|
||||
if now > tsEnd || now < tsBegin {
|
||||
glog.Infof("[%v] Certificate not valid at the current date", providerName)
|
||||
dlog.Infof("[%v] Certificate not valid at the current date", providerName)
|
||||
continue
|
||||
}
|
||||
if serial < highestSerial {
|
||||
glog.Infof("[%v] Superseded by a previous certificate", providerName)
|
||||
dlog.Infof("[%v] Superseded by a previous certificate", providerName)
|
||||
continue
|
||||
}
|
||||
if serial == highestSerial {
|
||||
if cryptoConstruction < certInfo.CryptoConstruction {
|
||||
glog.Infof("[%v] Keeping the previous, preferred crypto construction", providerName)
|
||||
dlog.Infof("[%v] Keeping the previous, preferred crypto construction", providerName)
|
||||
continue
|
||||
} else {
|
||||
glog.Infof("[%v] Upgrading the construction from %v to %v", providerName, certInfo.CryptoConstruction, cryptoConstruction)
|
||||
dlog.Infof("[%v] Upgrading the construction from %v to %v", providerName, certInfo.CryptoConstruction, cryptoConstruction)
|
||||
}
|
||||
}
|
||||
if cryptoConstruction != XChacha20Poly1305 && cryptoConstruction != XSalsa20Poly1305 {
|
||||
glog.Warningf("[%v] Cryptographic construction %v not supported", providerName, cryptoConstruction)
|
||||
dlog.Warnf("[%v] Cryptographic construction %v not supported", providerName, cryptoConstruction)
|
||||
continue
|
||||
}
|
||||
var serverPk [32]byte
|
||||
@ -97,7 +97,7 @@ func FetchCurrentCert(proxy *Proxy, proto string, pk ed25519.PublicKey, serverAd
|
||||
if cryptoConstruction == XChacha20Poly1305 {
|
||||
sharedKey, err = xsecretbox.SharedKey(proxy.proxySecretKey, serverPk)
|
||||
if err != nil {
|
||||
glog.Warningf("[%v] Weak public key", providerName)
|
||||
dlog.Errorf("[%v] Weak public key", providerName)
|
||||
continue
|
||||
}
|
||||
} else {
|
||||
@ -108,7 +108,7 @@ func FetchCurrentCert(proxy *Proxy, proto string, pk ed25519.PublicKey, serverAd
|
||||
certInfo.CryptoConstruction = cryptoConstruction
|
||||
copy(certInfo.ServerPk[:], serverPk[:])
|
||||
copy(certInfo.MagicQuery[:], binCert[104:112])
|
||||
glog.Infof("[%v] Valid cert found: [%x]", providerName, certInfo.ServerPk)
|
||||
dlog.Noticef("[%v] Valid cert found: [%x]", providerName, certInfo.ServerPk)
|
||||
}
|
||||
if certInfo.CryptoConstruction == UndefinedConstruction {
|
||||
return certInfo, errors.New("No useable certificate found")
|
||||
|
@ -7,7 +7,7 @@ import (
|
||||
"time"
|
||||
|
||||
"github.com/BurntSushi/toml"
|
||||
"github.com/golang/glog"
|
||||
"github.com/jedisct1/dlog"
|
||||
)
|
||||
|
||||
type Config struct {
|
||||
@ -53,7 +53,6 @@ func ConfigLoad(proxy *Proxy, config_file string) error {
|
||||
flag.Parse()
|
||||
config := newConfig()
|
||||
if _, err := toml.DecodeFile(*configFile, &config); err != nil {
|
||||
glog.Error(err)
|
||||
return err
|
||||
}
|
||||
proxy.timeout = time.Duration(config.Timeout) * time.Millisecond
|
||||
@ -89,7 +88,7 @@ func ConfigLoad(proxy *Proxy, config_file string) error {
|
||||
var stamp ServerStamp
|
||||
var err error
|
||||
if len(serverConfig.Stamp) > 0 {
|
||||
panic("Stamps are not implemented yet")
|
||||
dlog.Fatal("Stamps are not implemented yet")
|
||||
} else {
|
||||
stamp, err = NewServerStampFromLegacy(serverConfig.Address, serverConfig.PublicKey, serverConfig.ProviderName)
|
||||
if err != nil {
|
||||
|
@ -5,7 +5,7 @@ import (
|
||||
"net"
|
||||
"time"
|
||||
|
||||
"github.com/golang/glog"
|
||||
"github.com/jedisct1/dlog"
|
||||
"golang.org/x/crypto/curve25519"
|
||||
)
|
||||
|
||||
@ -29,9 +29,10 @@ type Proxy struct {
|
||||
}
|
||||
|
||||
func main() {
|
||||
dlog.Init("dnscrypt-proxy", dlog.SeverityNotice)
|
||||
proxy := Proxy{}
|
||||
if err := ConfigLoad(&proxy, "dnscrypt-proxy.toml"); err != nil {
|
||||
panic(err)
|
||||
dlog.Fatal(err)
|
||||
}
|
||||
if proxy.daemonize {
|
||||
Daemonize()
|
||||
@ -42,7 +43,7 @@ func main() {
|
||||
func (proxy *Proxy) StartProxy() {
|
||||
proxy.questionSizeEstimator = NewQuestionSizeEstimator()
|
||||
if _, err := rand.Read(proxy.proxySecretKey[:]); err != nil {
|
||||
glog.Fatal(err)
|
||||
dlog.Fatal(err)
|
||||
}
|
||||
curve25519.ScalarBaseMult(&proxy.proxyPublicKey, &proxy.proxySecretKey)
|
||||
for _, registeredServer := range proxy.registeredServers {
|
||||
@ -51,19 +52,20 @@ func (proxy *Proxy) StartProxy() {
|
||||
for _, listenAddrStr := range proxy.listenAddresses {
|
||||
listenUDPAddr, err := net.ResolveUDPAddr("udp", listenAddrStr)
|
||||
if err != nil {
|
||||
glog.Fatal(err)
|
||||
dlog.Fatal(err)
|
||||
}
|
||||
listenTCPAddr, err := net.ResolveTCPAddr("tcp", listenAddrStr)
|
||||
if err != nil {
|
||||
glog.Fatal(err)
|
||||
dlog.Fatal(err)
|
||||
}
|
||||
if err := proxy.udpListener(listenUDPAddr); err != nil {
|
||||
glog.Fatal(err)
|
||||
dlog.Fatal(err)
|
||||
}
|
||||
if err := proxy.tcpListener(listenTCPAddr); err != nil {
|
||||
glog.Fatal(err)
|
||||
dlog.Fatal(err)
|
||||
}
|
||||
}
|
||||
dlog.Notice("dnscrypt-proxy is ready")
|
||||
for {
|
||||
time.Sleep(proxy.certRefreshDelay)
|
||||
proxy.serversInfo.refresh(proxy)
|
||||
@ -77,7 +79,7 @@ func (proxy *Proxy) udpListener(listenAddr *net.UDPAddr) error {
|
||||
}
|
||||
go func() {
|
||||
defer clientPc.Close()
|
||||
glog.Infof("Now listening to %v [UDP]", listenAddr)
|
||||
dlog.Noticef("Now listening to %v [UDP]", listenAddr)
|
||||
for {
|
||||
buffer := make([]byte, MaxDNSPacketSize-1)
|
||||
length, clientAddr, err := clientPc.ReadFrom(buffer)
|
||||
@ -100,7 +102,7 @@ func (proxy *Proxy) tcpListener(listenAddr *net.TCPAddr) error {
|
||||
}
|
||||
go func() {
|
||||
defer acceptPc.Close()
|
||||
glog.Infof("Now listening to %v [TCP]", listenAddr)
|
||||
dlog.Noticef("Now listening to %v [TCP]", listenAddr)
|
||||
for {
|
||||
clientPc, err := acceptPc.Accept()
|
||||
if err != nil {
|
||||
|
@ -9,7 +9,7 @@ import (
|
||||
"time"
|
||||
|
||||
"github.com/VividCortex/ewma"
|
||||
"github.com/golang/glog"
|
||||
"github.com/jedisct1/dlog"
|
||||
"golang.org/x/crypto/ed25519"
|
||||
)
|
||||
|
||||
@ -76,7 +76,7 @@ func (serversInfo *ServersInfo) registerServer(proxy *Proxy, name string, stamp
|
||||
}
|
||||
|
||||
func (serversInfo *ServersInfo) refresh(proxy *Proxy) {
|
||||
glog.Infof("Refreshing certificates")
|
||||
dlog.Infof("Refreshing certificates")
|
||||
serversInfo.RLock()
|
||||
registeredServers := serversInfo.registeredServers
|
||||
serversInfo.RUnlock()
|
||||
@ -107,7 +107,7 @@ func (serversInfo *ServersInfo) getOne() *ServerInfo {
|
||||
func (serversInfo *ServersInfo) fetchServerInfo(proxy *Proxy, name string, stamp ServerStamp) (ServerInfo, error) {
|
||||
serverPk, err := hex.DecodeString(strings.Replace(stamp.serverPkStr, ":", "", -1))
|
||||
if err != nil || len(serverPk) != ed25519.PublicKeySize {
|
||||
glog.Fatal("Unsupported public key: [%v]", serverPk)
|
||||
dlog.Fatalf("Unsupported public key: [%v]", serverPk)
|
||||
}
|
||||
certInfo, err := FetchCurrentCert(proxy, proxy.mainProto, serverPk, stamp.serverAddrStr, stamp.providerName)
|
||||
if err != nil {
|
||||
|
@ -6,6 +6,7 @@ import:
|
||||
version: ^1.1.1
|
||||
- package: github.com/VividCortex/godaemon
|
||||
- package: github.com/hashicorp/golang-lru
|
||||
- package: github.com/jedisct1/dlog
|
||||
- package: github.com/jedisct1/xsecretbox
|
||||
- package: github.com/miekg/dns
|
||||
version: ^1.0.3
|
||||
|
Loading…
Reference in New Issue
Block a user