From df3fb0c9f805519b598f885d343f08fc5c522c4d Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Wed, 23 Mar 2022 17:48:48 +0100 Subject: [PATCH] Keep lines short $ golines -w -m 120 --shorten-comments . --- dnscrypt-proxy/coldstart.go | 7 +- dnscrypt-proxy/config.go | 40 ++++++++-- dnscrypt-proxy/crypto.go | 20 ++++- dnscrypt-proxy/dnscrypt_certs.go | 47 +++++++++-- dnscrypt-proxy/dnsutils.go | 28 ++++++- dnscrypt-proxy/estimators.go | 5 +- dnscrypt-proxy/fuzzing_test.go | 8 +- dnscrypt-proxy/local-doh.go | 20 ++++- dnscrypt-proxy/logger.go | 9 ++- dnscrypt-proxy/netprobe_windows.go | 5 +- dnscrypt-proxy/plugin_allow_ip.go | 9 ++- dnscrypt-proxy/plugin_block_ip.go | 9 ++- dnscrypt-proxy/plugin_cache.go | 8 +- dnscrypt-proxy/plugin_cloak.go | 10 ++- dnscrypt-proxy/plugin_dns64.go | 20 ++++- dnscrypt-proxy/plugin_forward.go | 3 +- dnscrypt-proxy/plugin_get_set_payload_size.go | 10 ++- dnscrypt-proxy/plugin_query_log.go | 12 ++- dnscrypt-proxy/plugins.go | 40 ++++++++-- dnscrypt-proxy/privilege_linux.go | 14 +++- dnscrypt-proxy/privilege_others.go | 14 +++- dnscrypt-proxy/proxy.go | 59 +++++++++++--- dnscrypt-proxy/serversInfo.go | 58 +++++++++++--- dnscrypt-proxy/setsockopts_linux.go | 7 +- dnscrypt-proxy/sources.go | 20 ++++- dnscrypt-proxy/sources_test.go | 36 ++++++++- dnscrypt-proxy/systemd_linux.go | 4 +- dnscrypt-proxy/time_ranges.go | 10 ++- dnscrypt-proxy/xtransport.go | 77 ++++++++++++++++--- 29 files changed, 516 insertions(+), 93 deletions(-) diff --git a/dnscrypt-proxy/coldstart.go b/dnscrypt-proxy/coldstart.go index 8b8e7367..36baaab6 100644 --- a/dnscrypt-proxy/coldstart.go +++ b/dnscrypt-proxy/coldstart.go @@ -116,7 +116,12 @@ func handleColdStartClient(clientPc *net.UDPConn, cancelChannel chan struct{}, i return false } -func addColdStartListener(proxy *Proxy, ipsMap *CaptivePortalMap, listenAddrStr string, cancelChannel chan struct{}) error { +func addColdStartListener( + proxy *Proxy, + ipsMap *CaptivePortalMap, + listenAddrStr string, + cancelChannel chan struct{}, +) error { listenUDPAddr, err := net.ResolveUDPAddr("udp", listenAddrStr) if err != nil { return err diff --git a/dnscrypt-proxy/config.go b/dnscrypt-proxy/config.go index b45476d6..20d7a521 100644 --- a/dnscrypt-proxy/config.go +++ b/dnscrypt-proxy/config.go @@ -314,7 +314,10 @@ func findConfigFile(configFile *string) (string, error) { func ConfigLoad(proxy *Proxy, flags *ConfigFlags) error { foundConfigFile, err := findConfigFile(flags.ConfigFile) if err != nil { - return fmt.Errorf("Unable to load the configuration file [%s] -- Maybe use the -config command-line switch?", *flags.ConfigFile) + return fmt.Errorf( + "Unable to load the configuration file [%s] -- Maybe use the -config command-line switch?", + *flags.ConfigFile, + ) } config := newConfig() md, err := toml.DecodeFile(foundConfigFile, &config) @@ -638,7 +641,9 @@ func ConfigLoad(proxy *Proxy, flags *ConfigFlags) error { } // Backwards compatibility - config.BrokenImplementations.FragmentsBlocked = append(config.BrokenImplementations.FragmentsBlocked, config.BrokenImplementations.BrokenQueryPadding...) + config.BrokenImplementations.FragmentsBlocked = append( + config.BrokenImplementations.FragmentsBlocked, + config.BrokenImplementations.BrokenQueryPadding...) proxy.serversBlockingFragments = config.BrokenImplementations.FragmentsBlocked @@ -707,7 +712,9 @@ func ConfigLoad(proxy *Proxy, flags *ConfigFlags) error { // if 'userName' is set and we are the parent process drop privilege and exit if len(proxy.userName) > 0 && !proxy.child { proxy.dropPrivilege(proxy.userName, FileDescriptors) - return errors.New("Dropping privileges is not supporting on this operating system. Unset `user_name` in the configuration file") + return errors.New( + "Dropping privileges is not supporting on this operating system. Unset `user_name` in the configuration file", + ) } if !config.OfflineMode { if err := config.loadSources(proxy); err != nil { @@ -727,8 +734,12 @@ func ConfigLoad(proxy *Proxy, flags *ConfigFlags) error { hasSpecificRoutes := false for _, server := range proxy.registeredServers { if via, ok := (*proxy.routes)[server.name]; ok { - if server.stamp.Proto != stamps.StampProtoTypeDNSCrypt && server.stamp.Proto != stamps.StampProtoTypeODoHTarget { - dlog.Errorf("DNS anonymization is only supported with the DNSCrypt and ODoH protocols - Connections to [%v] cannot be anonymized", server.name) + if server.stamp.Proto != stamps.StampProtoTypeDNSCrypt && + server.stamp.Proto != stamps.StampProtoTypeODoHTarget { + dlog.Errorf( + "DNS anonymization is only supported with the DNSCrypt and ODoH protocols - Connections to [%v] cannot be anonymized", + server.name, + ) } else { dlog.Noticef("Anonymized DNS: routing [%v] via %v", server.name, via) } @@ -757,7 +768,8 @@ func (config *Config) printRegisteredServers(proxy *Proxy, jsonOutput bool) erro var hostAddr string hostAddr, port = ExtractHostAndPort(addrStr, port) addrs := make([]string, 0) - if (registeredServer.stamp.Proto == stamps.StampProtoTypeDoH || registeredServer.stamp.Proto == stamps.StampProtoTypeODoHTarget) && len(registeredServer.stamp.ProviderName) > 0 { + if (registeredServer.stamp.Proto == stamps.StampProtoTypeDoH || registeredServer.stamp.Proto == stamps.StampProtoTypeODoHTarget) && + len(registeredServer.stamp.ProviderName) > 0 { providerName := registeredServer.stamp.ProviderName var host string host, port = ExtractHostAndPort(providerName, port) @@ -866,7 +878,16 @@ func (config *Config) loadSource(proxy *Proxy, cfgSourceName string, cfgSource * } else if cfgSource.RefreshDelay > 168 { cfgSource.RefreshDelay = 168 } - source, err := NewSource(cfgSourceName, proxy.xTransport, cfgSource.URLs, cfgSource.MinisignKeyStr, cfgSource.CacheFile, cfgSource.FormatStr, time.Duration(cfgSource.RefreshDelay)*time.Hour, cfgSource.Prefix) + source, err := NewSource( + cfgSourceName, + proxy.xTransport, + cfgSource.URLs, + cfgSource.MinisignKeyStr, + cfgSource.CacheFile, + cfgSource.FormatStr, + time.Duration(cfgSource.RefreshDelay)*time.Hour, + cfgSource.Prefix, + ) if err != nil { if len(source.in) <= 0 { dlog.Criticalf("Unable to retrieve source [%s]: [%s]", cfgSourceName, err) @@ -894,7 +915,10 @@ func cdFileDir(fileName string) error { func cdLocal() { exeFileName, err := os.Executable() if err != nil { - dlog.Warnf("Unable to determine the executable directory: [%s] -- You will need to specify absolute paths in the configuration file", err) + dlog.Warnf( + "Unable to determine the executable directory: [%s] -- You will need to specify absolute paths in the configuration file", + err, + ) } else if err := os.Chdir(filepath.Dir(exeFileName)); err != nil { dlog.Warnf("Unable to change working directory to [%s]: %s", exeFileName, err) } diff --git a/dnscrypt-proxy/crypto.go b/dnscrypt-proxy/crypto.go index 87f9ed86..e52d3e5a 100644 --- a/dnscrypt-proxy/crypto.go +++ b/dnscrypt-proxy/crypto.go @@ -45,7 +45,12 @@ func unpad(packet []byte) ([]byte, error) { } } -func ComputeSharedKey(cryptoConstruction CryptoConstruction, secretKey *[32]byte, serverPk *[32]byte, providerName *string) (sharedKey [32]byte) { +func ComputeSharedKey( + cryptoConstruction CryptoConstruction, + secretKey *[32]byte, + serverPk *[32]byte, + providerName *string, +) (sharedKey [32]byte) { if cryptoConstruction == XChacha20Poly1305 { var err error sharedKey, err = xsecretbox.SharedKey(*secretKey, *serverPk) @@ -68,7 +73,11 @@ func ComputeSharedKey(cryptoConstruction CryptoConstruction, secretKey *[32]byte return } -func (proxy *Proxy) Encrypt(serverInfo *ServerInfo, packet []byte, proto string) (sharedKey *[32]byte, encrypted []byte, clientNonce []byte, err error) { +func (proxy *Proxy) Encrypt( + serverInfo *ServerInfo, + packet []byte, + proto string, +) (sharedKey *[32]byte, encrypted []byte, clientNonce []byte, err error) { nonce, clientNonce := make([]byte, NonceSize), make([]byte, HalfNonceSize) crypto_rand.Read(clientNonce) copy(nonce, clientNonce) @@ -120,7 +129,12 @@ func (proxy *Proxy) Encrypt(serverInfo *ServerInfo, packet []byte, proto string) return } -func (proxy *Proxy) Decrypt(serverInfo *ServerInfo, sharedKey *[32]byte, encrypted []byte, nonce []byte) ([]byte, error) { +func (proxy *Proxy) Decrypt( + serverInfo *ServerInfo, + sharedKey *[32]byte, + encrypted []byte, + nonce []byte, +) ([]byte, error) { serverMagicLen := len(ServerMagic) responseHeaderLen := serverMagicLen + NonceSize if len(encrypted) < responseHeaderLen+TagSize+int(MinDNSPacketSize) || diff --git a/dnscrypt-proxy/dnscrypt_certs.go b/dnscrypt-proxy/dnscrypt_certs.go index 14e52212..7305ca2e 100644 --- a/dnscrypt-proxy/dnscrypt_certs.go +++ b/dnscrypt-proxy/dnscrypt_certs.go @@ -20,7 +20,17 @@ type CertInfo struct { ForwardSecurity bool } -func FetchCurrentDNSCryptCert(proxy *Proxy, serverName *string, proto string, pk ed25519.PublicKey, serverAddress string, providerName string, isNew bool, relay *DNSCryptRelay, knownBugs ServerBugs) (CertInfo, int, bool, error) { +func FetchCurrentDNSCryptCert( + proxy *Proxy, + serverName *string, + proto string, + pk ed25519.PublicKey, + serverAddress string, + providerName string, + isNew bool, + relay *DNSCryptRelay, + knownBugs ServerBugs, +) (CertInfo, int, bool, error) { if len(pk) != ed25519.PublicKeySize { return CertInfo{}, 0, false, errors.New("Invalid public key length") } @@ -34,7 +44,11 @@ func FetchCurrentDNSCryptCert(proxy *Proxy, serverName *string, proto string, pk query.SetQuestion(providerName, dns.TypeTXT) if !strings.HasPrefix(providerName, "2.dnscrypt-cert.") { if relay != nil && !proxy.anonDirectCertFallback { - dlog.Warnf("[%v] uses a non-standard provider name, enable direct cert fallback to use with a relay ('%v' doesn't start with '2.dnscrypt-cert.')", *serverName, providerName) + dlog.Warnf( + "[%v] uses a non-standard provider name, enable direct cert fallback to use with a relay ('%v' doesn't start with '2.dnscrypt-cert.')", + *serverName, + providerName, + ) } else { dlog.Warnf("[%v] uses a non-standard provider name ('%v' doesn't start with '2.dnscrypt-cert.')", *serverName, providerName) relay = nil @@ -44,7 +58,15 @@ func FetchCurrentDNSCryptCert(proxy *Proxy, serverName *string, proto string, pk if knownBugs.fragmentsBlocked { tryFragmentsSupport = false } - in, rtt, fragmentsBlocked, err := DNSExchange(proxy, proto, &query, serverAddress, relay, serverName, tryFragmentsSupport) + in, rtt, fragmentsBlocked, err := DNSExchange( + proxy, + proto, + &query, + serverAddress, + relay, + serverName, + tryFragmentsSupport, + ) if err != nil { dlog.Noticef("[%s] TIMEOUT", *serverName) return CertInfo{}, 0, fragmentsBlocked, err @@ -95,10 +117,17 @@ func FetchCurrentDNSCryptCert(proxy *Proxy, serverName *string, proto string, pk } ttl := tsEnd - tsBegin if ttl > 86400*7 { - dlog.Infof("[%v] the key validity period for this server is excessively long (%d days), significantly reducing reliability and forward security.", *serverName, ttl/86400) + dlog.Infof( + "[%v] the key validity period for this server is excessively long (%d days), significantly reducing reliability and forward security.", + *serverName, + ttl/86400, + ) daysLeft := (tsEnd - now) / 86400 if daysLeft < 1 { - dlog.Criticalf("[%v] certificate will expire today -- Switch to a different resolver as soon as possible", *serverName) + dlog.Criticalf( + "[%v] certificate will expire today -- Switch to a different resolver as soon as possible", + *serverName, + ) } else if daysLeft <= 7 { dlog.Warnf("[%v] certificate is about to expire -- if you don't manage this server, tell the server operator about it", *serverName) } else if daysLeft <= 30 { @@ -112,7 +141,13 @@ func FetchCurrentDNSCryptCert(proxy *Proxy, serverName *string, proto string, pk } if !proxy.certIgnoreTimestamp { if now > tsEnd || now < tsBegin { - dlog.Debugf("[%v] Certificate not valid at the current date (now: %v is not in [%v..%v])", *serverName, now, tsBegin, tsEnd) + dlog.Debugf( + "[%v] Certificate not valid at the current date (now: %v is not in [%v..%v])", + *serverName, + now, + tsBegin, + tsEnd, + ) continue } } diff --git a/dnscrypt-proxy/dnsutils.go b/dnscrypt-proxy/dnsutils.go index f725b929..6f473e4d 100644 --- a/dnscrypt-proxy/dnsutils.go +++ b/dnscrypt-proxy/dnsutils.go @@ -135,7 +135,8 @@ func NormalizeQName(str string) (string, error) { } func getMinTTL(msg *dns.Msg, minTTL uint32, maxTTL uint32, cacheNegMinTTL uint32, cacheNegMaxTTL uint32) time.Duration { - if (msg.Rcode != dns.RcodeSuccess && msg.Rcode != dns.RcodeNameError) || (len(msg.Answer) <= 0 && len(msg.Ns) <= 0) { + if (msg.Rcode != dns.RcodeSuccess && msg.Rcode != dns.RcodeNameError) || + (len(msg.Answer) <= 0 && len(msg.Ns) <= 0) { return time.Duration(cacheNegMinTTL) * time.Second } var ttl uint32 @@ -304,7 +305,15 @@ type DNSExchangeResponse struct { err error } -func DNSExchange(proxy *Proxy, proto string, query *dns.Msg, serverAddress string, relay *DNSCryptRelay, serverName *string, tryFragmentsSupport bool) (*dns.Msg, time.Duration, bool, error) { +func DNSExchange( + proxy *Proxy, + proto string, + query *dns.Msg, + serverAddress string, + relay *DNSCryptRelay, + serverName *string, + tryFragmentsSupport bool, +) (*dns.Msg, time.Duration, bool, error) { for { cancelChannel := make(chan struct{}) channel := make(chan DNSExchangeResponse) @@ -375,12 +384,23 @@ func DNSExchange(proxy *Proxy, proto string, query *dns.Msg, serverAddress strin } return nil, 0, false, err } - dlog.Infof("Unable to get the public key for [%v] via relay [%v], retrying over a direct connection", *serverName, relay.RelayUDPAddr.IP) + dlog.Infof( + "Unable to get the public key for [%v] via relay [%v], retrying over a direct connection", + *serverName, + relay.RelayUDPAddr.IP, + ) relay = nil } } -func _dnsExchange(proxy *Proxy, proto string, query *dns.Msg, serverAddress string, relay *DNSCryptRelay, paddedLen int) DNSExchangeResponse { +func _dnsExchange( + proxy *Proxy, + proto string, + query *dns.Msg, + serverAddress string, + relay *DNSCryptRelay, + paddedLen int, +) DNSExchangeResponse { var packet []byte var rtt time.Duration diff --git a/dnscrypt-proxy/estimators.go b/dnscrypt-proxy/estimators.go index cd6b6dda..e003e9fe 100644 --- a/dnscrypt-proxy/estimators.go +++ b/dnscrypt-proxy/estimators.go @@ -17,7 +17,10 @@ type QuestionSizeEstimator struct { } func NewQuestionSizeEstimator() QuestionSizeEstimator { - return QuestionSizeEstimator{minQuestionSize: InitialMinQuestionSize, ewma: ewma.NewMovingAverage(SizeEstimatorEwmaDecay)} + return QuestionSizeEstimator{ + minQuestionSize: InitialMinQuestionSize, + ewma: ewma.NewMovingAverage(SizeEstimatorEwmaDecay), + } } func (questionSizeEstimator *QuestionSizeEstimator) MinQuestionSize() int { diff --git a/dnscrypt-proxy/fuzzing_test.go b/dnscrypt-proxy/fuzzing_test.go index a29f0d39..586089b8 100644 --- a/dnscrypt-proxy/fuzzing_test.go +++ b/dnscrypt-proxy/fuzzing_test.go @@ -23,8 +23,12 @@ func FuzzParseODoHTargetConfigs(f *testing.F) { func FuzzParseStampParser(f *testing.F) { f.Add("sdns://AgcAAAAAAAAACzEwNC4yMS42Ljc4AA1kb2guY3J5cHRvLnN4Ci9kbnMtcXVlcnk") f.Add("sdns://AgcAAAAAAAAAGlsyNjA2OjQ3MDA6MzAzNzo6NjgxNTo2NGVdABJkb2gtaXB2Ni5jcnlwdG8uc3gKL2Rucy1xdWVyeQ") - f.Add("sdns://AQcAAAAAAAAADTUxLjE1LjEyMi4yNTAg6Q3ZfapcbHgiHKLF7QFoli0Ty1Vsz3RXs1RUbxUrwZAcMi5kbnNjcnlwdC1jZXJ0LnNjYWxld2F5LWFtcw") - f.Add("sdns://AQcAAAAAAAAAFlsyMDAxOmJjODoxODIwOjUwZDo6MV0g6Q3ZfapcbHgiHKLF7QFoli0Ty1Vsz3RXs1RUbxUrwZAcMi5kbnNjcnlwdC1jZXJ0LnNjYWxld2F5LWFtcw") + f.Add( + "sdns://AQcAAAAAAAAADTUxLjE1LjEyMi4yNTAg6Q3ZfapcbHgiHKLF7QFoli0Ty1Vsz3RXs1RUbxUrwZAcMi5kbnNjcnlwdC1jZXJ0LnNjYWxld2F5LWFtcw", + ) + f.Add( + "sdns://AQcAAAAAAAAAFlsyMDAxOmJjODoxODIwOjUwZDo6MV0g6Q3ZfapcbHgiHKLF7QFoli0Ty1Vsz3RXs1RUbxUrwZAcMi5kbnNjcnlwdC1jZXJ0LnNjYWxld2F5LWFtcw", + ) f.Add("sdns://gQ8xNjMuMTcyLjE4MC4xMjU") f.Add("sdns://BQcAAAAAAAAADm9kb2guY3J5cHRvLnN4Ci9kbnMtcXVlcnk") f.Add("sdns://hQcAAAAAAAAAACCi3jNJDEdtNW4tvHN8J3lpIklSa2Wrj7qaNCgEgci9_BpvZG9oLXJlbGF5LmVkZ2Vjb21wdXRlLmFwcAEv") diff --git a/dnscrypt-proxy/local-doh.go b/dnscrypt-proxy/local-doh.go index f4a817b6..3c1ee23a 100644 --- a/dnscrypt-proxy/local-doh.go +++ b/dnscrypt-proxy/local-doh.go @@ -114,7 +114,25 @@ func (proxy *Proxy) localDoHListener(acceptPc *net.TCPListener) { } func dohPaddedLen(unpaddedLen int) int { - boundaries := [...]int{64, 128, 192, 256, 320, 384, 512, 704, 768, 896, 960, 1024, 1088, 1152, 2688, 4080, MaxDNSPacketSize} + boundaries := [...]int{ + 64, + 128, + 192, + 256, + 320, + 384, + 512, + 704, + 768, + 896, + 960, + 1024, + 1088, + 1152, + 2688, + 4080, + MaxDNSPacketSize, + } for _, boundary := range boundaries { if boundary >= unpaddedLen { return boundary diff --git a/dnscrypt-proxy/logger.go b/dnscrypt-proxy/logger.go index 03e40d66..5e789ebc 100644 --- a/dnscrypt-proxy/logger.go +++ b/dnscrypt-proxy/logger.go @@ -22,7 +22,14 @@ func Logger(logMaxSize int, logMaxAge int, logMaxBackups int, fileName string) i } return fp } - logger := &lumberjack.Logger{LocalTime: true, MaxSize: logMaxSize, MaxAge: logMaxAge, MaxBackups: logMaxBackups, Filename: fileName, Compress: true} + logger := &lumberjack.Logger{ + LocalTime: true, + MaxSize: logMaxSize, + MaxAge: logMaxAge, + MaxBackups: logMaxBackups, + Filename: fileName, + Compress: true, + } return logger } diff --git a/dnscrypt-proxy/netprobe_windows.go b/dnscrypt-proxy/netprobe_windows.go index 799a3117..bf5a061e 100644 --- a/dnscrypt-proxy/netprobe_windows.go +++ b/dnscrypt-proxy/netprobe_windows.go @@ -32,8 +32,9 @@ func NetProbe(proxy *Proxy, address string, timeout int) error { pc, err := net.DialUDP("udp", nil, remoteUDPAddr) if err == nil { // Write at least 1 byte. This ensures that sockets are ready to use for writing. - // Windows specific: during the system startup, sockets can be created but the underlying buffers may not be setup yet. If this is the case - // Write fails with WSAENOBUFS: "An operation on a socket could not be performed because the system lacked sufficient buffer space or because a queue was full" + // Windows specific: during the system startup, sockets can be created but the underlying buffers may not be + // setup yet. If this is the case Write fails with WSAENOBUFS: "An operation on a socket could not be + // performed because the system lacked sufficient buffer space or because a queue was full" _, err = pc.Write([]byte{0}) } if err != nil { diff --git a/dnscrypt-proxy/plugin_allow_ip.go b/dnscrypt-proxy/plugin_allow_ip.go index 8f98a726..b880e417 100644 --- a/dnscrypt-proxy/plugin_allow_ip.go +++ b/dnscrypt-proxy/plugin_allow_ip.go @@ -130,7 +130,14 @@ func (plugin *PluginAllowedIP) Eval(pluginsState *PluginsState, msg *dns.Msg) er year, month, day := now.Date() hour, minute, second := now.Clock() tsStr := fmt.Sprintf("[%d-%02d-%02d %02d:%02d:%02d]", year, int(month), day, hour, minute, second) - line = fmt.Sprintf("%s\t%s\t%s\t%s\t%s\n", tsStr, clientIPStr, StringQuote(qName), StringQuote(ipStr), StringQuote(reason)) + line = fmt.Sprintf( + "%s\t%s\t%s\t%s\t%s\n", + tsStr, + clientIPStr, + StringQuote(qName), + StringQuote(ipStr), + StringQuote(reason), + ) } else if plugin.format == "ltsv" { line = fmt.Sprintf("time:%d\thost:%s\tqname:%s\tip:%s\tmessage:%s\n", time.Now().Unix(), clientIPStr, StringQuote(qName), StringQuote(ipStr), StringQuote(reason)) } else { diff --git a/dnscrypt-proxy/plugin_block_ip.go b/dnscrypt-proxy/plugin_block_ip.go index 52b7f8f9..dd13c686 100644 --- a/dnscrypt-proxy/plugin_block_ip.go +++ b/dnscrypt-proxy/plugin_block_ip.go @@ -134,7 +134,14 @@ func (plugin *PluginBlockIP) Eval(pluginsState *PluginsState, msg *dns.Msg) erro year, month, day := now.Date() hour, minute, second := now.Clock() tsStr := fmt.Sprintf("[%d-%02d-%02d %02d:%02d:%02d]", year, int(month), day, hour, minute, second) - line = fmt.Sprintf("%s\t%s\t%s\t%s\t%s\n", tsStr, clientIPStr, StringQuote(qName), StringQuote(ipStr), StringQuote(reason)) + line = fmt.Sprintf( + "%s\t%s\t%s\t%s\t%s\n", + tsStr, + clientIPStr, + StringQuote(qName), + StringQuote(ipStr), + StringQuote(reason), + ) } else if plugin.format == "ltsv" { line = fmt.Sprintf("time:%d\thost:%s\tqname:%s\tip:%s\tmessage:%s\n", time.Now().Unix(), clientIPStr, StringQuote(qName), StringQuote(ipStr), StringQuote(reason)) } else { diff --git a/dnscrypt-proxy/plugin_cache.go b/dnscrypt-proxy/plugin_cache.go index cc632213..e123b86e 100644 --- a/dnscrypt-proxy/plugin_cache.go +++ b/dnscrypt-proxy/plugin_cache.go @@ -139,7 +139,13 @@ func (plugin *PluginCacheResponse) Eval(pluginsState *PluginsState, msg *dns.Msg return nil } cacheKey := computeCacheKey(pluginsState, msg) - ttl := getMinTTL(msg, pluginsState.cacheMinTTL, pluginsState.cacheMaxTTL, pluginsState.cacheNegMinTTL, pluginsState.cacheNegMaxTTL) + ttl := getMinTTL( + msg, + pluginsState.cacheMinTTL, + pluginsState.cacheMaxTTL, + pluginsState.cacheNegMinTTL, + pluginsState.cacheNegMaxTTL, + ) cachedResponse := CachedResponse{ expiration: time.Now().Add(ttl), msg: *msg, diff --git a/dnscrypt-proxy/plugin_cloak.go b/dnscrypt-proxy/plugin_cloak.go index 572320db..7a1845b5 100644 --- a/dnscrypt-proxy/plugin_cloak.go +++ b/dnscrypt-proxy/plugin_cloak.go @@ -93,7 +93,7 @@ func (plugin *PluginCloak) Init(proxy *Proxy) error { var ptrLine string if ipv4 := ip.To4(); ipv4 != nil { - reversed, _ := dns.ReverseAddr(ip.To4().String()) + reversed, _ := dns.ReverseAddr(ip.To4().String()) ptrLine = strings.TrimSuffix(reversed, ".") } else { reversed, _ := dns.ReverseAddr(cloakedName.ipv6[0].To16().String()) @@ -136,7 +136,8 @@ func (plugin *PluginCloak) Reload() error { func (plugin *PluginCloak) Eval(pluginsState *PluginsState, msg *dns.Msg) error { question := msg.Question[0] - if question.Qclass != dns.ClassINET || (question.Qtype != dns.TypeA && question.Qtype != dns.TypeAAAA && question.Qtype != dns.TypePTR) { + if question.Qclass != dns.ClassINET || + (question.Qtype != dns.TypeA && question.Qtype != dns.TypeAAAA && question.Qtype != dns.TypePTR) { return nil } now := time.Now() @@ -207,7 +208,10 @@ func (plugin *PluginCloak) Eval(pluginsState *PluginsState, msg *dns.Msg) error synth.Answer = append(synth.Answer, rr) } } - rand.Shuffle(len(synth.Answer), func(i, j int) { synth.Answer[i], synth.Answer[j] = synth.Answer[j], synth.Answer[i] }) + rand.Shuffle( + len(synth.Answer), + func(i, j int) { synth.Answer[i], synth.Answer[j] = synth.Answer[j], synth.Answer[i] }, + ) pluginsState.synthResponse = synth pluginsState.action = PluginsActionSynth pluginsState.returnCode = PluginsReturnCodeCloak diff --git a/dnscrypt-proxy/plugin_dns64.go b/dnscrypt-proxy/plugin_dns64.go index 3e1976b8..ed5ef588 100644 --- a/dnscrypt-proxy/plugin_dns64.go +++ b/dnscrypt-proxy/plugin_dns64.go @@ -87,7 +87,15 @@ func (plugin *PluginDNS64) Eval(pluginsState *PluginsState, msg *dns.Msg) error if !plugin.proxy.clientsCountInc() { return errors.New("Too many concurrent connections to handle DNS64 subqueries") } - respPacket := plugin.proxy.processIncomingQuery("trampoline", plugin.proxy.mainProto, msgAPacket, nil, nil, time.Now(), false) + respPacket := plugin.proxy.processIncomingQuery( + "trampoline", + plugin.proxy.mainProto, + msgAPacket, + nil, + nil, + time.Now(), + false, + ) plugin.proxy.clientsCountDec() resp := dns.Msg{} if err := resp.Unpack(respPacket); err != nil { @@ -125,7 +133,12 @@ func (plugin *PluginDNS64) Eval(pluginsState *PluginsState, msg *dns.Msg) error for _, prefix := range plugin.pref64 { ipv6 := translateToIPv6(ipv4, prefix) synthAAAA := new(dns.AAAA) - synthAAAA.Hdr = dns.RR_Header{Name: header.Name, Rrtype: dns.TypeAAAA, Class: header.Class, Ttl: ttl} + synthAAAA.Hdr = dns.RR_Header{ + Name: header.Name, + Rrtype: dns.TypeAAAA, + Class: header.Class, + Ttl: ttl, + } synthAAAA.AAAA = ipv6 synthAAAAs = append(synthAAAAs, synthAAAA) } @@ -190,7 +203,8 @@ func (plugin *PluginDNS64) fetchPref64(resolver string) error { if ipv6 != nil && len(ipv6) == net.IPv6len { prefEnd := 0 - if wka := net.IPv4(ipv6[12], ipv6[13], ipv6[14], ipv6[15]); wka.Equal(rfc7050WKA1) || wka.Equal(rfc7050WKA2) { //96 + if wka := net.IPv4(ipv6[12], ipv6[13], ipv6[14], ipv6[15]); wka.Equal(rfc7050WKA1) || + wka.Equal(rfc7050WKA2) { //96 prefEnd = 12 } else if wka := net.IPv4(ipv6[9], ipv6[10], ipv6[11], ipv6[12]); wka.Equal(rfc7050WKA1) || wka.Equal(rfc7050WKA2) { //64 prefEnd = 8 diff --git a/dnscrypt-proxy/plugin_forward.go b/dnscrypt-proxy/plugin_forward.go index e3daf75c..a16ac2d5 100644 --- a/dnscrypt-proxy/plugin_forward.go +++ b/dnscrypt-proxy/plugin_forward.go @@ -82,7 +82,8 @@ func (plugin *PluginForward) Eval(pluginsState *PluginsState, msg *dns.Msg) erro if candidateLen > qNameLen { continue } - if qName[qNameLen-candidateLen:] == candidate.domain && (candidateLen == qNameLen || (qName[qNameLen-candidateLen-1] == '.')) { + if qName[qNameLen-candidateLen:] == candidate.domain && + (candidateLen == qNameLen || (qName[qNameLen-candidateLen-1] == '.')) { servers = candidate.servers break } diff --git a/dnscrypt-proxy/plugin_get_set_payload_size.go b/dnscrypt-proxy/plugin_get_set_payload_size.go index acb8589f..097dd0b0 100644 --- a/dnscrypt-proxy/plugin_get_set_payload_size.go +++ b/dnscrypt-proxy/plugin_get_set_payload_size.go @@ -30,12 +30,18 @@ func (plugin *PluginGetSetPayloadSize) Eval(pluginsState *PluginsState, msg *dns dnssec := false if edns0 != nil { pluginsState.maxUnencryptedUDPSafePayloadSize = int(edns0.UDPSize()) - pluginsState.originalMaxPayloadSize = Max(pluginsState.maxUnencryptedUDPSafePayloadSize-ResponseOverhead, pluginsState.originalMaxPayloadSize) + pluginsState.originalMaxPayloadSize = Max( + pluginsState.maxUnencryptedUDPSafePayloadSize-ResponseOverhead, + pluginsState.originalMaxPayloadSize, + ) dnssec = edns0.Do() } var options *[]dns.EDNS0 pluginsState.dnssec = dnssec - pluginsState.maxPayloadSize = Min(MaxDNSUDPPacketSize-ResponseOverhead, Max(pluginsState.originalMaxPayloadSize, pluginsState.maxPayloadSize)) + pluginsState.maxPayloadSize = Min( + MaxDNSUDPPacketSize-ResponseOverhead, + Max(pluginsState.originalMaxPayloadSize, pluginsState.maxPayloadSize), + ) if pluginsState.maxPayloadSize > 512 { extra2 := []dns.RR{} for _, extra := range msg.Extra { diff --git a/dnscrypt-proxy/plugin_query_log.go b/dnscrypt-proxy/plugin_query_log.go index 5a806647..fa4f623b 100644 --- a/dnscrypt-proxy/plugin_query_log.go +++ b/dnscrypt-proxy/plugin_query_log.go @@ -86,8 +86,16 @@ func (plugin *PluginQueryLog) Eval(pluginsState *PluginsState, msg *dns.Msg) err year, month, day := now.Date() hour, minute, second := now.Clock() tsStr := fmt.Sprintf("[%d-%02d-%02d %02d:%02d:%02d]", year, int(month), day, hour, minute, second) - line = fmt.Sprintf("%s\t%s\t%s\t%s\t%s\t%dms\t%s\n", tsStr, clientIPStr, StringQuote(qName), qType, returnCode, requestDuration/time.Millisecond, - StringQuote(pluginsState.serverName)) + line = fmt.Sprintf( + "%s\t%s\t%s\t%s\t%s\t%dms\t%s\n", + tsStr, + clientIPStr, + StringQuote(qName), + qType, + returnCode, + requestDuration/time.Millisecond, + StringQuote(pluginsState.serverName), + ) } else if plugin.format == "ltsv" { cached := 0 if pluginsState.cacheHit { diff --git a/dnscrypt-proxy/plugins.go b/dnscrypt-proxy/plugins.go index 86351134..37bc41e9 100644 --- a/dnscrypt-proxy/plugins.go +++ b/dnscrypt-proxy/plugins.go @@ -206,7 +206,9 @@ func parseBlockedQueryResponse(blockedResponse string, pluginsGlobals *PluginsGl (*pluginsGlobals).respondWithIPv6 = net.ParseIP(ipv6Response) if (*pluginsGlobals).respondWithIPv6 == nil { - dlog.Notice("Error parsing IPv6 response given in blocked_query_response option, defaulting to IPv4") + dlog.Notice( + "Error parsing IPv6 response given in blocked_query_response option, defaulting to IPv4", + ) } } else { dlog.Noticef("Invalid IPv6 response given in blocked_query_response option [%s], the option should take the form 'a:,aaaa:'", blockedIPStrings[1]) @@ -238,7 +240,13 @@ type Plugin interface { Eval(pluginsState *PluginsState, msg *dns.Msg) error } -func NewPluginsState(proxy *Proxy, clientProto string, clientAddr *net.Addr, serverProto string, start time.Time) PluginsState { +func NewPluginsState( + proxy *Proxy, + clientProto string, + clientAddr *net.Addr, + serverProto string, + start time.Time, +) PluginsState { return PluginsState{ action: PluginsActionContinue, returnCode: PluginsReturnCodePass, @@ -262,7 +270,11 @@ func NewPluginsState(proxy *Proxy, clientProto string, clientAddr *net.Addr, ser } } -func (pluginsState *PluginsState) ApplyQueryPlugins(pluginsGlobals *PluginsGlobals, packet []byte, needsEDNS0Padding bool) ([]byte, error) { +func (pluginsState *PluginsState) ApplyQueryPlugins( + pluginsGlobals *PluginsGlobals, + packet []byte, + needsEDNS0Padding bool, +) ([]byte, error) { msg := dns.Msg{} if err := msg.Unpack(packet); err != nil { return packet, err @@ -288,7 +300,13 @@ func (pluginsState *PluginsState) ApplyQueryPlugins(pluginsGlobals *PluginsGloba return packet, err } if pluginsState.action == PluginsActionReject { - synth := RefusedResponseFromMessage(&msg, pluginsGlobals.refusedCodeInResponses, pluginsGlobals.respondWithIPv4, pluginsGlobals.respondWithIPv6, pluginsState.rejectTTL) + synth := RefusedResponseFromMessage( + &msg, + pluginsGlobals.refusedCodeInResponses, + pluginsGlobals.respondWithIPv4, + pluginsGlobals.respondWithIPv6, + pluginsState.rejectTTL, + ) pluginsState.synthResponse = synth } if pluginsState.action != PluginsActionContinue { @@ -309,7 +327,11 @@ func (pluginsState *PluginsState) ApplyQueryPlugins(pluginsGlobals *PluginsGloba return packet2, nil } -func (pluginsState *PluginsState) ApplyResponsePlugins(pluginsGlobals *PluginsGlobals, packet []byte, ttl *uint32) ([]byte, error) { +func (pluginsState *PluginsState) ApplyResponsePlugins( + pluginsGlobals *PluginsGlobals, + packet []byte, + ttl *uint32, +) ([]byte, error) { msg := dns.Msg{Compress: true} if err := msg.Unpack(packet); err != nil { if len(packet) >= MinDNSPacketSize && HasTCFlag(packet) { @@ -336,7 +358,13 @@ func (pluginsState *PluginsState) ApplyResponsePlugins(pluginsGlobals *PluginsGl return packet, err } if pluginsState.action == PluginsActionReject { - synth := RefusedResponseFromMessage(&msg, pluginsGlobals.refusedCodeInResponses, pluginsGlobals.respondWithIPv4, pluginsGlobals.respondWithIPv6, pluginsState.rejectTTL) + synth := RefusedResponseFromMessage( + &msg, + pluginsGlobals.refusedCodeInResponses, + pluginsGlobals.respondWithIPv4, + pluginsGlobals.respondWithIPv6, + pluginsState.rejectTTL, + ) pluginsState.synthResponse = synth } if pluginsState.action != PluginsActionContinue { diff --git a/dnscrypt-proxy/privilege_linux.go b/dnscrypt-proxy/privilege_linux.go index e30198dc..dcadd3b7 100644 --- a/dnscrypt-proxy/privilege_linux.go +++ b/dnscrypt-proxy/privilege_linux.go @@ -25,9 +25,19 @@ func (proxy *Proxy) dropPrivilege(userStr string, fds []*os.File) { if err != nil { uid, err2 := strconv.Atoi(userStr) if err2 != nil || uid <= 0 { - dlog.Fatalf("Unable to retrieve any information about user [%s]: [%s] - Remove the user_name directive from the configuration file in order to avoid identity switch", userStr, err) + dlog.Fatalf( + "Unable to retrieve any information about user [%s]: [%s] - Remove the user_name directive from the configuration file in order to avoid identity switch", + userStr, + err, + ) } - dlog.Warnf("Unable to retrieve any information about user [%s]: [%s] - Switching to user id [%v] with the same group id, as [%v] looks like a user id. But you should remove or fix the user_name directive in the configuration file if possible", userStr, err, uid, uid) + dlog.Warnf( + "Unable to retrieve any information about user [%s]: [%s] - Switching to user id [%v] with the same group id, as [%v] looks like a user id. But you should remove or fix the user_name directive in the configuration file if possible", + userStr, + err, + uid, + uid, + ) userInfo = &user.User{Uid: userStr, Gid: userStr} } uid, err := strconv.Atoi(userInfo.Uid) diff --git a/dnscrypt-proxy/privilege_others.go b/dnscrypt-proxy/privilege_others.go index 78f01e03..81b1741b 100644 --- a/dnscrypt-proxy/privilege_others.go +++ b/dnscrypt-proxy/privilege_others.go @@ -27,9 +27,19 @@ func (proxy *Proxy) dropPrivilege(userStr string, fds []*os.File) { if err != nil { uid, err2 := strconv.Atoi(userStr) if err2 != nil || uid <= 0 { - dlog.Fatalf("Unable to retrieve any information about user [%s]: [%s] - Remove the user_name directive from the configuration file in order to avoid identity switch", userStr, err) + dlog.Fatalf( + "Unable to retrieve any information about user [%s]: [%s] - Remove the user_name directive from the configuration file in order to avoid identity switch", + userStr, + err, + ) } - dlog.Warnf("Unable to retrieve any information about user [%s]: [%s] - Switching to user id [%v] with the same group id, as [%v] looks like a user id. But you should remove or fix the user_name directive in the configuration file if possible", userStr, err, uid, uid) + dlog.Warnf( + "Unable to retrieve any information about user [%s]: [%s] - Switching to user id [%v] with the same group id, as [%v] looks like a user id. But you should remove or fix the user_name directive in the configuration file if possible", + userStr, + err, + uid, + uid, + ) userInfo = &user.User{Uid: userStr, Gid: userStr} } uid, err := strconv.Atoi(userInfo.Uid) diff --git a/dnscrypt-proxy/proxy.go b/dnscrypt-proxy/proxy.go index b0cebbd4..104616dd 100644 --- a/dnscrypt-proxy/proxy.go +++ b/dnscrypt-proxy/proxy.go @@ -83,7 +83,7 @@ type Proxy struct { cacheMinTTL uint32 cacheNegMaxTTL uint32 cloakTTL uint32 - cloakedPTR bool + cloakedPTR bool cache bool pluginBlockIPv6 bool ephemeralKeys bool @@ -284,10 +284,16 @@ func (proxy *Proxy) updateRegisteredServers() error { dlog.Criticalf("Unable to use source [%s]: [%s]", source.name, err) return err } - dlog.Warnf("Error in source [%s]: [%s] -- Continuing with reduced server count [%d]", source.name, err, len(registeredServers)) + dlog.Warnf( + "Error in source [%s]: [%s] -- Continuing with reduced server count [%d]", + source.name, + err, + len(registeredServers), + ) } for _, registeredServer := range registeredServers { - if registeredServer.stamp.Proto != stamps.StampProtoTypeDNSCryptRelay && registeredServer.stamp.Proto != stamps.StampProtoTypeODoHRelay { + if registeredServer.stamp.Proto != stamps.StampProtoTypeDNSCryptRelay && + registeredServer.stamp.Proto != stamps.StampProtoTypeODoHRelay { if len(proxy.ServerNames) > 0 { if !includesName(proxy.ServerNames, registeredServer.name) { continue @@ -311,13 +317,19 @@ func (proxy *Proxy) updateRegisteredServers() error { continue } } - if registeredServer.stamp.Proto == stamps.StampProtoTypeDNSCryptRelay || registeredServer.stamp.Proto == stamps.StampProtoTypeODoHRelay { + if registeredServer.stamp.Proto == stamps.StampProtoTypeDNSCryptRelay || + registeredServer.stamp.Proto == stamps.StampProtoTypeODoHRelay { var found bool for i, currentRegisteredRelay := range proxy.registeredRelays { if currentRegisteredRelay.name == registeredServer.name { found = true if currentRegisteredRelay.stamp.String() != registeredServer.stamp.String() { - dlog.Infof("Updating stamp for [%s] was: %s now: %s", registeredServer.name, currentRegisteredRelay.stamp.String(), registeredServer.stamp.String()) + dlog.Infof( + "Updating stamp for [%s] was: %s now: %s", + registeredServer.name, + currentRegisteredRelay.stamp.String(), + registeredServer.stamp.String(), + ) proxy.registeredRelays[i].stamp = registeredServer.stamp dlog.Debugf("Total count of registered relays %v", len(proxy.registeredRelays)) } @@ -371,7 +383,15 @@ func (proxy *Proxy) udpListener(clientPc *net.UDPConn) { packet := buffer[:length] if !proxy.clientsCountInc() { dlog.Warnf("Too many incoming connections (max=%d)", proxy.maxClients) - proxy.processIncomingQuery("udp", proxy.mainProto, packet, &clientAddr, clientPc, time.Now(), true) // respond synchronously, but only to cached/synthesized queries + proxy.processIncomingQuery( + "udp", + proxy.mainProto, + packet, + &clientAddr, + clientPc, + time.Now(), + true, + ) // respond synchronously, but only to cached/synthesized queries continue } go func() { @@ -477,7 +497,12 @@ func (proxy *Proxy) prepareForRelay(ip net.IP, port int, encryptedQuery *[]byte) *encryptedQuery = relayedQuery } -func (proxy *Proxy) exchangeWithUDPServer(serverInfo *ServerInfo, sharedKey *[32]byte, encryptedQuery []byte, clientNonce []byte) ([]byte, error) { +func (proxy *Proxy) exchangeWithUDPServer( + serverInfo *ServerInfo, + sharedKey *[32]byte, + encryptedQuery []byte, + clientNonce []byte, +) ([]byte, error) { upstreamAddr := serverInfo.UDPAddr if serverInfo.Relay != nil && serverInfo.Relay.Dnscrypt != nil { upstreamAddr = serverInfo.Relay.Dnscrypt.RelayUDPAddr @@ -515,7 +540,12 @@ func (proxy *Proxy) exchangeWithUDPServer(serverInfo *ServerInfo, sharedKey *[32 return proxy.Decrypt(serverInfo, sharedKey, encryptedResponse, clientNonce) } -func (proxy *Proxy) exchangeWithTCPServer(serverInfo *ServerInfo, sharedKey *[32]byte, encryptedQuery []byte, clientNonce []byte) ([]byte, error) { +func (proxy *Proxy) exchangeWithTCPServer( + serverInfo *ServerInfo, + sharedKey *[32]byte, + encryptedQuery []byte, + clientNonce []byte, +) ([]byte, error) { upstreamAddr := serverInfo.TCPAddr if serverInfo.Relay != nil && serverInfo.Relay.Dnscrypt != nil { upstreamAddr = serverInfo.Relay.Dnscrypt.RelayTCPAddr @@ -567,13 +597,22 @@ func (proxy *Proxy) clientsCountInc() bool { func (proxy *Proxy) clientsCountDec() { for { - if count := atomic.LoadUint32(&proxy.clientsCount); count == 0 || atomic.CompareAndSwapUint32(&proxy.clientsCount, count, count-1) { + if count := atomic.LoadUint32(&proxy.clientsCount); count == 0 || + atomic.CompareAndSwapUint32(&proxy.clientsCount, count, count-1) { break } } } -func (proxy *Proxy) processIncomingQuery(clientProto string, serverProto string, query []byte, clientAddr *net.Addr, clientPc net.Conn, start time.Time, onlyCached bool) []byte { +func (proxy *Proxy) processIncomingQuery( + clientProto string, + serverProto string, + query []byte, + clientAddr *net.Addr, + clientPc net.Conn, + start time.Time, + onlyCached bool, +) []byte { var response []byte = nil if len(query) < MinDNSPacketSize { return response diff --git a/dnscrypt-proxy/serversInfo.go b/dnscrypt-proxy/serversInfo.go index 26c0abf6..fcf35e3a 100644 --- a/dnscrypt-proxy/serversInfo.go +++ b/dnscrypt-proxy/serversInfo.go @@ -147,7 +147,12 @@ type ServersInfo struct { } func NewServersInfo() ServersInfo { - return ServersInfo{lbStrategy: DefaultLBStrategy, lbEstimator: true, registeredServers: make([]RegisteredServer, 0), registeredRelays: make([]RegisteredServer, 0)} + return ServersInfo{ + lbStrategy: DefaultLBStrategy, + lbEstimator: true, + registeredServers: make([]RegisteredServer, 0), + registeredRelays: make([]RegisteredServer, 0), + } } func (serversInfo *ServersInfo) registerServer(name string, stamp stamps.ServerStamp) { @@ -262,7 +267,12 @@ func (serversInfo *ServersInfo) estimatorUpdate() { partialSort := false if candidateRtt < currentActiveRtt { serversInfo.inner[candidate], serversInfo.inner[currentActive] = serversInfo.inner[currentActive], serversInfo.inner[candidate] - dlog.Debugf("New preferred candidate: %s (RTT: %d vs previous: %d)", serversInfo.inner[currentActive].Name, int(candidateRtt), int(currentActiveRtt)) + dlog.Debugf( + "New preferred candidate: %s (RTT: %d vs previous: %d)", + serversInfo.inner[currentActive].Name, + int(candidateRtt), + int(currentActiveRtt), + ) partialSort = true } else if candidateRtt > 0 && candidateRtt >= (serversInfo.inner[0].rtt.Value()+serversInfo.inner[activeCount-1].rtt.Value())/2.0*4.0 { if time.Since(serversInfo.inner[candidate].lastActionTS) > time.Duration(1*time.Minute) { @@ -462,7 +472,8 @@ func route(proxy *Proxy, name string, serverProto stamps.StampProtoType) (*Relay relayName := relayCandidateStamp.ServerAddrStr proxy.serversInfo.RLock() for _, registeredServer := range proxy.serversInfo.registeredRelays { - if registeredServer.stamp.Proto == relayProto && registeredServer.stamp.ServerAddrStr == relayCandidateStamp.ServerAddrStr { + if registeredServer.stamp.Proto == relayProto && + registeredServer.stamp.ServerAddrStr == relayCandidateStamp.ServerAddrStr { relayName = registeredServer.name break } @@ -479,9 +490,14 @@ func route(proxy *Proxy, name string, serverProto stamps.StampProtoType) (*Relay return nil, err } dlog.Noticef("Anonymizing queries for [%v] via [%v]", name, relayName) - return &Relay{Proto: stamps.StampProtoTypeDNSCryptRelay, Dnscrypt: &DNSCryptRelay{RelayUDPAddr: relayUDPAddr, RelayTCPAddr: relayTCPAddr}}, nil + return &Relay{ + Proto: stamps.StampProtoTypeDNSCryptRelay, + Dnscrypt: &DNSCryptRelay{RelayUDPAddr: relayUDPAddr, RelayTCPAddr: relayTCPAddr}, + }, nil case stamps.StampProtoTypeODoHRelay: - relayBaseURL, err := url.Parse("https://" + url.PathEscape(relayCandidateStamp.ProviderName) + relayCandidateStamp.Path) + relayBaseURL, err := url.Parse( + "https://" + url.PathEscape(relayCandidateStamp.ProviderName) + relayCandidateStamp.Path, + ) if err != nil { return nil, err } @@ -541,7 +557,17 @@ func fetchDNSCryptServerInfo(proxy *Proxy, name string, stamp stamps.ServerStamp if relay != nil { dnscryptRelay = relay.Dnscrypt } - certInfo, rtt, fragmentsBlocked, err := FetchCurrentDNSCryptCert(proxy, &name, proxy.mainProto, stamp.ServerPk, stamp.ServerAddrStr, stamp.ProviderName, isNew, dnscryptRelay, knownBugs) + certInfo, rtt, fragmentsBlocked, err := FetchCurrentDNSCryptCert( + proxy, + &name, + proxy.mainProto, + stamp.ServerPk, + stamp.ServerAddrStr, + stamp.ProviderName, + isNew, + dnscryptRelay, + knownBugs, + ) if !knownBugs.fragmentsBlocked && fragmentsBlocked { dlog.Debugf("[%v] drops fragmented queries", name) knownBugs.fragmentsBlocked = true @@ -750,7 +776,10 @@ func _fetchODoHTargetInfo(proxy *Proxy, name string, stamp stamps.ServerStamp, i } if relay == nil { - dlog.Criticalf("No relay defined for [%v] - Configuring a relay is required for ODoH servers (see the `[anonymized_dns]` section)", name) + dlog.Criticalf( + "No relay defined for [%v] - Configuring a relay is required for ODoH servers (see the `[anonymized_dns]` section)", + name, + ) return ServerInfo{}, errors.New("No ODoH relay") } else { if relay.ODoH == nil { @@ -798,7 +827,12 @@ func _fetchODoHTargetInfo(proxy *Proxy, name string, stamp stamps.ServerStamp, i continue } - responseBody, responseCode, tls, rtt, err := proxy.xTransport.ObliviousDoHQuery(useGet, url, odohQuery.odohMessage, proxy.timeout) + responseBody, responseCode, tls, rtt, err := proxy.xTransport.ObliviousDoHQuery( + useGet, + url, + odohQuery.odohMessage, + proxy.timeout, + ) if err != nil { continue } @@ -828,7 +862,13 @@ func _fetchODoHTargetInfo(proxy *Proxy, name string, stamp stamps.ServerStamp, i if strings.HasPrefix(protocol, "http/1.") { dlog.Warnf("[%s] does not support HTTP/2", name) } - dlog.Infof("[%s] TLS version: %x - Protocol: %v - Cipher suite: %v", name, tls.Version, protocol, tls.CipherSuite) + dlog.Infof( + "[%s] TLS version: %x - Protocol: %v - Cipher suite: %v", + name, + tls.Version, + protocol, + tls.CipherSuite, + ) showCerts := proxy.showCerts found := false var wantedHash [32]byte diff --git a/dnscrypt-proxy/setsockopts_linux.go b/dnscrypt-proxy/setsockopts_linux.go index d7b67655..6de744f0 100644 --- a/dnscrypt-proxy/setsockopts_linux.go +++ b/dnscrypt-proxy/setsockopts_linux.go @@ -12,7 +12,12 @@ func (proxy *Proxy) udpListenerConfig() (*net.ListenConfig, error) { _ = syscall.SetsockoptInt(int(fd), syscall.IPPROTO_IP, syscall.IP_FREEBIND, 1) _ = syscall.SetsockoptInt(int(fd), syscall.IPPROTO_IP, syscall.IP_DF, 0) _ = syscall.SetsockoptInt(int(fd), syscall.IPPROTO_IP, syscall.IP_TOS, 0x70) - _ = syscall.SetsockoptInt(int(fd), syscall.IPPROTO_IP, syscall.IP_MTU_DISCOVER, syscall.IP_PMTUDISC_DONT) + _ = syscall.SetsockoptInt( + int(fd), + syscall.IPPROTO_IP, + syscall.IP_MTU_DISCOVER, + syscall.IP_PMTUDISC_DONT, + ) _ = syscall.SetsockoptInt(int(fd), syscall.SOL_SOCKET, syscall.SO_RCVBUFFORCE, 4096) _ = syscall.SetsockoptInt(int(fd), syscall.SOL_SOCKET, syscall.SO_SNDBUFFORCE, 4096) }) diff --git a/dnscrypt-proxy/sources.go b/dnscrypt-proxy/sources.go index bf4866e8..811704ac 100644 --- a/dnscrypt-proxy/sources.go +++ b/dnscrypt-proxy/sources.go @@ -180,11 +180,27 @@ func (source *Source) fetchWithCache(xTransport *XTransport, now time.Time) (del } // NewSource loads a new source using the given cacheFile and urls, ensuring it has a valid signature -func NewSource(name string, xTransport *XTransport, urls []string, minisignKeyStr string, cacheFile string, formatStr string, refreshDelay time.Duration, prefix string) (source *Source, err error) { +func NewSource( + name string, + xTransport *XTransport, + urls []string, + minisignKeyStr string, + cacheFile string, + formatStr string, + refreshDelay time.Duration, + prefix string, +) (source *Source, err error) { if refreshDelay < DefaultPrefetchDelay { refreshDelay = DefaultPrefetchDelay } - source = &Source{name: name, urls: []*url.URL{}, cacheFile: cacheFile, cacheTTL: refreshDelay, prefetchDelay: DefaultPrefetchDelay, prefix: prefix} + source = &Source{ + name: name, + urls: []*url.URL{}, + cacheFile: cacheFile, + cacheTTL: refreshDelay, + prefetchDelay: DefaultPrefetchDelay, + prefix: prefix, + } if formatStr == "v2" { source.format = SourceFormatV2 } else { diff --git a/dnscrypt-proxy/sources_test.go b/dnscrypt-proxy/sources_test.go index 6d347104..fbbc0fef 100644 --- a/dnscrypt-proxy/sources_test.go +++ b/dnscrypt-proxy/sources_test.go @@ -296,7 +296,13 @@ func prepSourceTestCache(t *testing.T, d *SourceTestData, e *SourceTestExpect, s writeSourceCache(t, e) } -func prepSourceTestDownload(t *testing.T, d *SourceTestData, e *SourceTestExpect, source string, downloadTest []SourceTestState) { +func prepSourceTestDownload( + t *testing.T, + d *SourceTestData, + e *SourceTestExpect, + source string, + downloadTest []SourceTestState, +) { if len(downloadTest) == 0 { return } @@ -313,7 +319,11 @@ func prepSourceTestDownload(t *testing.T, d *SourceTestData, e *SourceTestExpect case TestStateOpenErr, TestStateOpenSigErr: if u, err := url.Parse(serverURL + path); err == nil { host, port := ExtractHostAndPort(u.Host, -1) - u.Host = fmt.Sprintf("%s:%d", host, port|0x10000) // high numeric port is parsed but then fails to connect + u.Host = fmt.Sprintf( + "%s:%d", + host, + port|0x10000, + ) // high numeric port is parsed but then fails to connect serverURL = u.String() } e.err = "invalid port" @@ -394,7 +404,16 @@ func TestNewSource(t *testing.T) { {"v2", "", DefaultPrefetchDelay * 3, &SourceTestExpect{err: "Invalid encoded public key", Source: &Source{name: "invalid public key", urls: []*url.URL{}, cacheTTL: DefaultPrefetchDelay * 3, prefetchDelay: DefaultPrefetchDelay}}}, } { t.Run(tt.e.Source.name, func(t *testing.T) { - got, err := NewSource(tt.e.Source.name, d.xTransport, tt.e.urls, tt.key, tt.e.cachePath, tt.v, tt.refreshDelay, tt.e.prefix) + got, err := NewSource( + tt.e.Source.name, + d.xTransport, + tt.e.urls, + tt.key, + tt.e.cachePath, + tt.v, + tt.refreshDelay, + tt.e.prefix, + ) checkResult(t, tt.e, got, err) }) } @@ -404,7 +423,16 @@ func TestNewSource(t *testing.T) { for i := range d.sources { id, e := setupSourceTestCase(t, d, i, &cacheTest, downloadTest) t.Run("cache "+cacheTestName+", download "+downloadTestName+"/"+id, func(t *testing.T) { - got, err := NewSource(id, d.xTransport, e.urls, d.keyStr, e.cachePath, "v2", DefaultPrefetchDelay*3, "") + got, err := NewSource( + id, + d.xTransport, + e.urls, + d.keyStr, + e.cachePath, + "v2", + DefaultPrefetchDelay*3, + "", + ) checkResult(t, e, got, err) }) } diff --git a/dnscrypt-proxy/systemd_linux.go b/dnscrypt-proxy/systemd_linux.go index d8615cb0..14d37dcc 100644 --- a/dnscrypt-proxy/systemd_linux.go +++ b/dnscrypt-proxy/systemd_linux.go @@ -15,7 +15,9 @@ func (proxy *Proxy) addSystemDListeners() error { if len(files) > 0 { if len(proxy.userName) > 0 || proxy.child { - dlog.Fatal("Systemd activated sockets are incompatible with privilege dropping. Remove activated sockets and fill `listen_addresses` in the dnscrypt-proxy configuration file instead.") + dlog.Fatal( + "Systemd activated sockets are incompatible with privilege dropping. Remove activated sockets and fill `listen_addresses` in the dnscrypt-proxy configuration file instead.", + ) } dlog.Warn("Systemd sockets are untested and unsupported - use at your own risk") } diff --git a/dnscrypt-proxy/time_ranges.go b/dnscrypt-proxy/time_ranges.go index a8147390..1b5b9f12 100644 --- a/dnscrypt-proxy/time_ranges.go +++ b/dnscrypt-proxy/time_ranges.go @@ -62,7 +62,15 @@ func parseTimeRanges(timeRangesStr []TimeRangeStr) ([]TimeRange, error) { func parseWeeklyRanges(weeklyRangesStr WeeklyRangesStr) (WeeklyRanges, error) { weeklyRanges := WeeklyRanges{} - weeklyRangesStrX := [7][]TimeRangeStr{weeklyRangesStr.Sun, weeklyRangesStr.Mon, weeklyRangesStr.Tue, weeklyRangesStr.Wed, weeklyRangesStr.Thu, weeklyRangesStr.Fri, weeklyRangesStr.Sat} + weeklyRangesStrX := [7][]TimeRangeStr{ + weeklyRangesStr.Sun, + weeklyRangesStr.Mon, + weeklyRangesStr.Tue, + weeklyRangesStr.Wed, + weeklyRangesStr.Thu, + weeklyRangesStr.Fri, + weeklyRangesStr.Sat, + } for day, weeklyRangeStrX := range weeklyRangesStrX { timeRanges, err := parseTimeRanges(weeklyRangeStrX) if err != nil { diff --git a/dnscrypt-proxy/xtransport.go b/dnscrypt-proxy/xtransport.go index c8db28fb..3114086d 100644 --- a/dnscrypt-proxy/xtransport.go +++ b/dnscrypt-proxy/xtransport.go @@ -187,7 +187,12 @@ func (xTransport *XTransport) rebuildTransport() { if clientCreds.clientCert != "" { cert, err := tls.LoadX509KeyPair(clientCreds.clientCert, clientCreds.clientKey) if err != nil { - dlog.Fatalf("Unable to use certificate [%v] (key: [%v]): %v", clientCreds.clientCert, clientCreds.clientKey, err) + dlog.Fatalf( + "Unable to use certificate [%v] (key: [%v]): %v", + clientCreds.clientCert, + clientCreds.clientKey, + err, + ) } tlsClientConfig.Certificates = []tls.Certificate{cert} } @@ -238,7 +243,10 @@ func (xTransport *XTransport) resolveUsingSystem(host string) (ip net.IP, ttl ti return } -func (xTransport *XTransport) resolveUsingResolver(proto, host string, resolver string) (ip net.IP, ttl time.Duration, err error) { +func (xTransport *XTransport) resolveUsingResolver( + proto, host string, + resolver string, +) (ip net.IP, ttl time.Duration, err error) { dnsClient := dns.Client{Net: proto} if xTransport.useIPv4 { msg := dns.Msg{} @@ -283,7 +291,10 @@ func (xTransport *XTransport) resolveUsingResolver(proto, host string, resolver return } -func (xTransport *XTransport) resolveUsingResolvers(proto, host string, resolvers []string) (ip net.IP, ttl time.Duration, err error) { +func (xTransport *XTransport) resolveUsingResolvers( + proto, host string, + resolvers []string, +) (ip net.IP, ttl time.Duration, err error) { for i, resolver := range resolvers { ip, ttl, err = xTransport.resolveUsingResolver(proto, host, resolver) if err == nil { @@ -323,7 +334,11 @@ func (xTransport *XTransport) resolveAndUpdateCache(host string) error { } for _, proto := range protos { if err != nil { - dlog.Noticef("System DNS configuration not usable yet, exceptionally resolving [%s] using bootstrap resolvers over %s", host, proto) + dlog.Noticef( + "System DNS configuration not usable yet, exceptionally resolving [%s] using bootstrap resolvers over %s", + host, + proto, + ) } else { dlog.Debugf("Resolving [%s] using bootstrap resolvers over %s", host, proto) } @@ -354,7 +369,14 @@ func (xTransport *XTransport) resolveAndUpdateCache(host string) error { return nil } -func (xTransport *XTransport) Fetch(method string, url *url.URL, accept string, contentType string, body *[]byte, timeout time.Duration) ([]byte, int, *tls.ConnectionState, time.Duration, error) { +func (xTransport *XTransport) Fetch( + method string, + url *url.URL, + accept string, + contentType string, + body *[]byte, + timeout time.Duration, +) ([]byte, int, *tls.ConnectionState, time.Duration, error) { if timeout <= 0 { timeout = xTransport.timeout } @@ -380,7 +402,10 @@ func (xTransport *XTransport) Fetch(method string, url *url.URL, accept string, return nil, 0, nil, 0, errors.New("Onion service is not reachable without Tor") } if err := xTransport.resolveAndUpdateCache(host); err != nil { - dlog.Errorf("Unable to resolve [%v] - Make sure that the system resolver works, or that `bootstrap_resolvers` has been set to resolvers that can be reached", host) + dlog.Errorf( + "Unable to resolve [%v] - Make sure that the system resolver works, or that `bootstrap_resolvers` has been set to resolvers that can be reached", + host, + ) return nil, 0, nil, 0, err } req := &http.Request{ @@ -412,7 +437,9 @@ func (xTransport *XTransport) Fetch(method string, url *url.URL, accept string, if err != nil { dlog.Debugf("[%s]: [%s]", req.URL, err) if xTransport.tlsCipherSuite != nil && strings.Contains(err.Error(), "handshake failure") { - dlog.Warnf("TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file") + dlog.Warnf( + "TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file", + ) xTransport.tlsCipherSuite = nil xTransport.rebuildTransport() } @@ -427,15 +454,31 @@ func (xTransport *XTransport) Fetch(method string, url *url.URL, accept string, return bin, statusCode, tls, rtt, err } -func (xTransport *XTransport) Get(url *url.URL, accept string, timeout time.Duration) ([]byte, int, *tls.ConnectionState, time.Duration, error) { +func (xTransport *XTransport) Get( + url *url.URL, + accept string, + timeout time.Duration, +) ([]byte, int, *tls.ConnectionState, time.Duration, error) { return xTransport.Fetch("GET", url, accept, "", nil, timeout) } -func (xTransport *XTransport) Post(url *url.URL, accept string, contentType string, body *[]byte, timeout time.Duration) ([]byte, int, *tls.ConnectionState, time.Duration, error) { +func (xTransport *XTransport) Post( + url *url.URL, + accept string, + contentType string, + body *[]byte, + timeout time.Duration, +) ([]byte, int, *tls.ConnectionState, time.Duration, error) { return xTransport.Fetch("POST", url, accept, contentType, body, timeout) } -func (xTransport *XTransport) dohLikeQuery(dataType string, useGet bool, url *url.URL, body []byte, timeout time.Duration) ([]byte, int, *tls.ConnectionState, time.Duration, error) { +func (xTransport *XTransport) dohLikeQuery( + dataType string, + useGet bool, + url *url.URL, + body []byte, + timeout time.Duration, +) ([]byte, int, *tls.ConnectionState, time.Duration, error) { if useGet { qs := url.Query() encBody := base64.RawURLEncoding.EncodeToString(body) @@ -447,10 +490,20 @@ func (xTransport *XTransport) dohLikeQuery(dataType string, useGet bool, url *ur return xTransport.Post(url, dataType, dataType, &body, timeout) } -func (xTransport *XTransport) DoHQuery(useGet bool, url *url.URL, body []byte, timeout time.Duration) ([]byte, int, *tls.ConnectionState, time.Duration, error) { +func (xTransport *XTransport) DoHQuery( + useGet bool, + url *url.URL, + body []byte, + timeout time.Duration, +) ([]byte, int, *tls.ConnectionState, time.Duration, error) { return xTransport.dohLikeQuery("application/dns-message", useGet, url, body, timeout) } -func (xTransport *XTransport) ObliviousDoHQuery(useGet bool, url *url.URL, body []byte, timeout time.Duration) ([]byte, int, *tls.ConnectionState, time.Duration, error) { +func (xTransport *XTransport) ObliviousDoHQuery( + useGet bool, + url *url.URL, + body []byte, + timeout time.Duration, +) ([]byte, int, *tls.ConnectionState, time.Duration, error) { return xTransport.dohLikeQuery("application/oblivious-dns-message", useGet, url, body, timeout) }