Commit Graph

1444 Commits

Author SHA1 Message Date
Frank Denis 8945cb1b90 Add log_file_latest 2020-06-08 22:31:03 +02:00
Frank Denis 9f9318701f Update dlog 2020-06-08 20:33:18 +02:00
Frank Denis 87c161ab76 Clarify what log_file is 2020-06-08 20:07:24 +02:00
Frank Denis e9227daf6a Update deps 2020-06-08 19:22:36 +02:00
Frank Denis 9c5cf611a4 Preliminary ChangeLog 2020-06-08 19:20:55 +02:00
Frank Denis b32ffbb807 Discourage from blindly using dns64 2020-06-08 18:59:39 +02:00
s-s f48b13f7b8 Add DNS64 support 2020-06-08 18:42:54 +02:00
Frank Denis d766dc8bf7 doh_client_x509_auth: make it clear that root_ca is optional 2020-06-08 18:09:37 +02:00
Kevin O'Sullivan 5db4365540
Adding support for additional root CAs for DoH TLS Auth (#1281) 2020-06-08 18:01:40 +02:00
Frank Denis 68ccd1410f Support multiple stamps per resolver
For now, a single stamp is randomly chosen in order to spread the load,
but we may eventually want to also use this for failover mechanisms.
2020-06-08 17:54:49 +02:00
Frank Denis b0e883ebc6 Android: use getprop persist.sys.timezone to get and set the time zone
Untested. Maybe
fixes #1351
2020-06-06 15:32:27 +02:00
Frank Denis 9d1eee4b29 Expand default whitelist 2020-06-03 09:47:34 +02:00
IceCodeNew dd1f32ebfd
Add comments for domains-blacklist.conf, with a little sorting on it. (#1350)
* Update domains-blacklist.conf

0. Add more comments so it should be much easier for anyone to get understanding how to choose the rules which is delivered in varies levels.
1. Sort rules from Energized so it is ordered in the sort of size, which would make sense.

* Add rule from AdAway

AdAway seems to be a project last more than 9 years. I tried it for several days and haven't experienced any false positive yet.
2020-06-03 09:42:50 +02:00
Frank Denis 2739db2733 Update deps 2020-06-02 13:56:05 +02:00
Frank Denis 010cedd7b8 whitelist qualtrics.com 2020-06-02 13:51:37 +02:00
Frank Denis 45628702b6 Add SANS lists 2020-06-02 13:03:41 +02:00
Frank Denis 1f6d8cc53c Nits 2020-05-31 13:46:44 +02:00
Frank Denis c5d2459752 Whitelist domains required to check for captive portals 2020-05-31 13:36:15 +02:00
Frank Denis 8ddd5fe36e Merge branch 'master' of github.com:jedisct1/dnscrypt-proxy
* 'master' of github.com:jedisct1/dnscrypt-proxy:
  Fallback to cache_file avoiding termination for not offline_mode (#1332)
  Minor update to GH Actions workflow (#1341)
2020-05-31 13:27:28 +02:00
Frank Denis d59d9427b3 Don't wait for the whole server list before accepting connections
Blocking until all servers have been checked is safe, but significantly
increases startup times.

OTOH, we shouldn't accept connections unless we have at least one live
server.

So, a better approach may be to add the ability for `serversInfo.refresh()`
to write to a channel after a live server has been found, and block on
that channel in the main thread before accepting client connections.
2020-05-31 13:24:35 +02:00
lifenjoiner c4a13d25ce
Fallback to cache_file avoiding termination for not offline_mode (#1332)
Ignore downloading error from `NewSource` when startup (cache loaded).
2020-05-30 07:38:04 +01:00
Will Elwood ee62eb7b23
Minor update to GH Actions workflow (#1341)
* Update releases.yml

Run CI for pull requests and new tags, and only when relevant files change in a push or PR.

* Update releases.yml

"Path filters are not evaluated for pushes to tags."
2020-05-29 15:06:02 +02:00
IceCodeNew 3d5f877058
Added Ads-blocking rules from Disconnect (#1336) 2020-05-28 12:10:59 +02:00
IceCodeNew da8620cdda
Update link to Spam404 rule (#1334)
Though the old link is still available, the rule file has stop updating for a long while.
2020-05-27 21:46:15 +02:00
Stathis Xantinidis 230c171c71
Added Block spying and tracking on Windows (#1327)
Reduces a great amount of telemetry on Microsoft based operating systems, for those who need it :)
2020-05-21 14:05:39 +02:00
Frank Denis 7e2404ffef Use domain lists for energized.pro 2020-05-20 16:01:25 +02:00
Linuxfreak ece0d2e8b9
Update EnergizedProtection URLs (#1325)
* Update Energized Protection URLs

EnergizedProtection url links have changed, it seems they had to delete them from github and moved them to their self hosted domain (block.energized.pro).

* Re enabling EnergizedProtection BLU

I commented it out by mistake oops :)
2020-05-20 15:57:11 +02:00
Frank Denis 82f78ef4fa s/BrokenQueryPadding/FragmentsBlocked/
Maybe
fixes #1323
2020-05-19 15:57:56 +02:00
Frank Denis 5c911ad2aa Merge branch 'master' of github.com:DNSCrypt/dnscrypt-proxy
* 'master' of github.com:DNSCrypt/dnscrypt-proxy:
  move mis-categorized line (#1308)
2020-05-06 19:34:55 +02:00
Frank Denis fa2b693506 Remove parse_time_restricted_list 2020-05-06 19:34:41 +02:00
David Refoua 5c36dcb818
move mis-categorized line (#1308) 2020-05-01 21:33:48 +02:00
Frank Denis 35a6fc858f CI: stop publishing MacOS binaries since they now require notarization
Fixes #1300
2020-04-28 10:00:49 +02:00
Frank Denis 3e264b9da9 Rename tls_client_auth to doh_client_x509_auth
Maybe improves clarity? I can never remember what tls_client_auth does.
2020-04-26 21:21:00 +02:00
Frank Denis 3775d59217 Add some comments for an obscure feature 2020-04-26 21:05:23 +02:00
Frank Denis 8f7015f0bc Avoid UTF-8 in domains-blacklist.conf
Fixes #1299
2020-04-26 20:53:47 +02:00
Frank Denis c6b32e0590 Another example of an IP blocklist 2020-04-26 19:42:42 +02:00
Frank Denis 80b95b1ba6 Use accessors for systemd things, too 2020-04-26 17:08:24 +02:00
Frank Denis 436bce9edf Define functions to register socket handles, to improve clarity 2020-04-26 16:52:50 +02:00
Frank Denis 38cfa437db Repair Local DoH; should fix CI tests 2020-04-26 16:34:26 +02:00
Frank Denis 12219c7490 listener->pc
Spotted by @welwood08
2020-04-26 16:19:49 +02:00
Frank Denis 52f87aee8e Accept data from systemd sockets at the same time as everything else 2020-04-26 15:00:39 +02:00
Frank Denis 4029d3d4f3 proxy.dropPrivilege() doesn't return on success 2020-04-26 14:49:43 +02:00
Frank Denis 3c510b74bb Start listeners as goroutines 2020-04-26 14:26:40 +02:00
Frank Denis c6b2869317 Update Poly1305 dep 2020-04-26 13:03:48 +02:00
Frank Denis 4a50736457 Only start accepting connections after everyting has been initialized
Fixes #1295

And more. The estimator, key and servers list were not initialized either.
2020-04-26 12:52:55 +02:00
Frank Denis 7d0e1440e1 ESNI has been renamed to ECHO 2020-04-24 11:15:40 +02:00
Frank Denis 252b10c996 Remove blacklisted names due to globbing patterns
This is very clumsy, as it doesn't handle time-based rules properly,
and doesn't handle whitelists at all.

Adding globs to the "names" list is also an ugly hack just to have
them included in the final output.
2020-04-22 17:55:24 +02:00
Frank Denis a71b531d2e Re-add -o / --output-file 2020-04-21 23:40:58 +02:00
Frank Denis dcd6f8448d Revert "Improve generate-domains-blacklist.py to remove redundant lines (#1184)"
This reverts commit 58871de725.
2020-04-21 23:08:40 +02:00
Huhni 58871de725
Improve generate-domains-blacklist.py to remove redundant lines (#1184)
* Improve script to remove redundant lines

Let the script remove those lines that are covered by regular expressions already

* add optional "-o OUTPUT_FILE" argument 

This ensures that UTF-8 is used.
The redirect to file functionality from before is maintained, because "default=None" is used for the -o argument

I also fixed the formatting slightly to avoid newlines at the beginning of the file.

* improve glob matching

- rename regexes into globs 
- only check trusted (local) files for globs
- use fnmatch instead of manually converting globs into regular expressions and matching them
- modify is_glob function to check only for the following characters: * [ ] ?
- improve get_lines_with_globs function, by using the native filter and lambda functions
- improve covered_by_glob function, by checking if line is part of glob_list, instead of calling is_glob again
- print "ignored entries due to globs in local-additions" to the output as well to better differentiate from other duplicates
2020-04-21 23:07:32 +02:00