1
0
mirror of https://github.com/DNSCrypt/dnscrypt-proxy.git synced 2024-12-29 00:30:30 +01:00

Use dlog for everything

This commit is contained in:
Frank Denis 2018-01-11 11:50:54 +01:00
parent 735213f45a
commit 9a3cd91cd7
5 changed files with 30 additions and 28 deletions

View File

@ -7,7 +7,7 @@ import (
"strings"
"time"
"github.com/golang/glog"
"github.com/jedisct1/dlog"
"github.com/jedisct1/xsecretbox"
"github.com/miekg/dns"
"golang.org/x/crypto/ed25519"
@ -41,15 +41,15 @@ func FetchCurrentCert(proxy *Proxy, proto string, pk ed25519.PublicKey, serverAd
for _, answerRr := range in.Answer {
binCert, err := packTxtString(strings.Join(answerRr.(*dns.TXT).Txt, ""))
if err != nil {
glog.Warningf("[%v] Unable to unpack the certificate", providerName)
dlog.Warnf("[%v] Unable to unpack the certificate", providerName)
continue
}
if len(binCert) < 124 {
glog.Warningf("[%v] Certificate too short", providerName)
dlog.Warnf("[%v] Certificate too short", providerName)
continue
}
if !bytes.Equal(binCert[:4], CertMagic[:4]) {
glog.Warningf("[%v] Invalid cert magic", providerName)
dlog.Warnf("[%v] Invalid cert magic", providerName)
continue
}
cryptoConstruction := CryptoConstruction(0)
@ -59,36 +59,36 @@ func FetchCurrentCert(proxy *Proxy, proto string, pk ed25519.PublicKey, serverAd
case 0x0002:
cryptoConstruction = XChacha20Poly1305
default:
glog.Infof("[%v] Unsupported crypto construction", providerName)
dlog.Infof("[%v] Unsupported crypto construction", providerName)
continue
}
signature := binCert[8:72]
signed := binCert[72:]
if !ed25519.Verify(pk, signed, signature) {
glog.Warningf("[%v] Incorrect signature", providerName)
dlog.Warnf("[%v] Incorrect signature", providerName)
continue
}
serial := binary.BigEndian.Uint32(binCert[112:116])
tsBegin := binary.BigEndian.Uint32(binCert[116:120])
tsEnd := binary.BigEndian.Uint32(binCert[120:124])
if now > tsEnd || now < tsBegin {
glog.Infof("[%v] Certificate not valid at the current date", providerName)
dlog.Infof("[%v] Certificate not valid at the current date", providerName)
continue
}
if serial < highestSerial {
glog.Infof("[%v] Superseded by a previous certificate", providerName)
dlog.Infof("[%v] Superseded by a previous certificate", providerName)
continue
}
if serial == highestSerial {
if cryptoConstruction < certInfo.CryptoConstruction {
glog.Infof("[%v] Keeping the previous, preferred crypto construction", providerName)
dlog.Infof("[%v] Keeping the previous, preferred crypto construction", providerName)
continue
} else {
glog.Infof("[%v] Upgrading the construction from %v to %v", providerName, certInfo.CryptoConstruction, cryptoConstruction)
dlog.Infof("[%v] Upgrading the construction from %v to %v", providerName, certInfo.CryptoConstruction, cryptoConstruction)
}
}
if cryptoConstruction != XChacha20Poly1305 && cryptoConstruction != XSalsa20Poly1305 {
glog.Warningf("[%v] Cryptographic construction %v not supported", providerName, cryptoConstruction)
dlog.Warnf("[%v] Cryptographic construction %v not supported", providerName, cryptoConstruction)
continue
}
var serverPk [32]byte
@ -97,7 +97,7 @@ func FetchCurrentCert(proxy *Proxy, proto string, pk ed25519.PublicKey, serverAd
if cryptoConstruction == XChacha20Poly1305 {
sharedKey, err = xsecretbox.SharedKey(proxy.proxySecretKey, serverPk)
if err != nil {
glog.Warningf("[%v] Weak public key", providerName)
dlog.Errorf("[%v] Weak public key", providerName)
continue
}
} else {
@ -108,7 +108,7 @@ func FetchCurrentCert(proxy *Proxy, proto string, pk ed25519.PublicKey, serverAd
certInfo.CryptoConstruction = cryptoConstruction
copy(certInfo.ServerPk[:], serverPk[:])
copy(certInfo.MagicQuery[:], binCert[104:112])
glog.Infof("[%v] Valid cert found: [%x]", providerName, certInfo.ServerPk)
dlog.Noticef("[%v] Valid cert found: [%x]", providerName, certInfo.ServerPk)
}
if certInfo.CryptoConstruction == UndefinedConstruction {
return certInfo, errors.New("No useable certificate found")

View File

@ -7,7 +7,7 @@ import (
"time"
"github.com/BurntSushi/toml"
"github.com/golang/glog"
"github.com/jedisct1/dlog"
)
type Config struct {
@ -53,7 +53,6 @@ func ConfigLoad(proxy *Proxy, config_file string) error {
flag.Parse()
config := newConfig()
if _, err := toml.DecodeFile(*configFile, &config); err != nil {
glog.Error(err)
return err
}
proxy.timeout = time.Duration(config.Timeout) * time.Millisecond
@ -89,7 +88,7 @@ func ConfigLoad(proxy *Proxy, config_file string) error {
var stamp ServerStamp
var err error
if len(serverConfig.Stamp) > 0 {
panic("Stamps are not implemented yet")
dlog.Fatal("Stamps are not implemented yet")
} else {
stamp, err = NewServerStampFromLegacy(serverConfig.Address, serverConfig.PublicKey, serverConfig.ProviderName)
if err != nil {

View File

@ -5,7 +5,7 @@ import (
"net"
"time"
"github.com/golang/glog"
"github.com/jedisct1/dlog"
"golang.org/x/crypto/curve25519"
)
@ -29,9 +29,10 @@ type Proxy struct {
}
func main() {
dlog.Init("dnscrypt-proxy", dlog.SeverityNotice)
proxy := Proxy{}
if err := ConfigLoad(&proxy, "dnscrypt-proxy.toml"); err != nil {
panic(err)
dlog.Fatal(err)
}
if proxy.daemonize {
Daemonize()
@ -42,7 +43,7 @@ func main() {
func (proxy *Proxy) StartProxy() {
proxy.questionSizeEstimator = NewQuestionSizeEstimator()
if _, err := rand.Read(proxy.proxySecretKey[:]); err != nil {
glog.Fatal(err)
dlog.Fatal(err)
}
curve25519.ScalarBaseMult(&proxy.proxyPublicKey, &proxy.proxySecretKey)
for _, registeredServer := range proxy.registeredServers {
@ -51,19 +52,20 @@ func (proxy *Proxy) StartProxy() {
for _, listenAddrStr := range proxy.listenAddresses {
listenUDPAddr, err := net.ResolveUDPAddr("udp", listenAddrStr)
if err != nil {
glog.Fatal(err)
dlog.Fatal(err)
}
listenTCPAddr, err := net.ResolveTCPAddr("tcp", listenAddrStr)
if err != nil {
glog.Fatal(err)
dlog.Fatal(err)
}
if err := proxy.udpListener(listenUDPAddr); err != nil {
glog.Fatal(err)
dlog.Fatal(err)
}
if err := proxy.tcpListener(listenTCPAddr); err != nil {
glog.Fatal(err)
dlog.Fatal(err)
}
}
dlog.Notice("dnscrypt-proxy is ready")
for {
time.Sleep(proxy.certRefreshDelay)
proxy.serversInfo.refresh(proxy)
@ -77,7 +79,7 @@ func (proxy *Proxy) udpListener(listenAddr *net.UDPAddr) error {
}
go func() {
defer clientPc.Close()
glog.Infof("Now listening to %v [UDP]", listenAddr)
dlog.Noticef("Now listening to %v [UDP]", listenAddr)
for {
buffer := make([]byte, MaxDNSPacketSize-1)
length, clientAddr, err := clientPc.ReadFrom(buffer)
@ -100,7 +102,7 @@ func (proxy *Proxy) tcpListener(listenAddr *net.TCPAddr) error {
}
go func() {
defer acceptPc.Close()
glog.Infof("Now listening to %v [TCP]", listenAddr)
dlog.Noticef("Now listening to %v [TCP]", listenAddr)
for {
clientPc, err := acceptPc.Accept()
if err != nil {

View File

@ -9,7 +9,7 @@ import (
"time"
"github.com/VividCortex/ewma"
"github.com/golang/glog"
"github.com/jedisct1/dlog"
"golang.org/x/crypto/ed25519"
)
@ -76,7 +76,7 @@ func (serversInfo *ServersInfo) registerServer(proxy *Proxy, name string, stamp
}
func (serversInfo *ServersInfo) refresh(proxy *Proxy) {
glog.Infof("Refreshing certificates")
dlog.Infof("Refreshing certificates")
serversInfo.RLock()
registeredServers := serversInfo.registeredServers
serversInfo.RUnlock()
@ -107,7 +107,7 @@ func (serversInfo *ServersInfo) getOne() *ServerInfo {
func (serversInfo *ServersInfo) fetchServerInfo(proxy *Proxy, name string, stamp ServerStamp) (ServerInfo, error) {
serverPk, err := hex.DecodeString(strings.Replace(stamp.serverPkStr, ":", "", -1))
if err != nil || len(serverPk) != ed25519.PublicKeySize {
glog.Fatal("Unsupported public key: [%v]", serverPk)
dlog.Fatalf("Unsupported public key: [%v]", serverPk)
}
certInfo, err := FetchCurrentCert(proxy, proxy.mainProto, serverPk, stamp.serverAddrStr, stamp.providerName)
if err != nil {

View File

@ -6,6 +6,7 @@ import:
version: ^1.1.1
- package: github.com/VividCortex/godaemon
- package: github.com/hashicorp/golang-lru
- package: github.com/jedisct1/dlog
- package: github.com/jedisct1/xsecretbox
- package: github.com/miekg/dns
version: ^1.0.3