diff --git a/dnscrypt-proxy/config.go b/dnscrypt-proxy/config.go index 20d7a521..fec2792a 100644 --- a/dnscrypt-proxy/config.go +++ b/dnscrypt-proxy/config.go @@ -38,6 +38,7 @@ type Config struct { LocalDoH LocalDoHConfig `toml:"local_doh"` UserName string `toml:"user_name"` ForceTCP bool `toml:"force_tcp"` + HTTP3 bool `toml:"http3"` Timeout int `toml:"timeout"` KeepAlive int `toml:"keepalive"` Proxy string `toml:"proxy"` @@ -115,6 +116,7 @@ func newConfig() Config { Timeout: 5000, KeepAlive: 5, CertRefreshDelay: 240, + HTTP3: false, CertIgnoreTimestamp: false, EphemeralKeys: false, Cache: true, @@ -374,6 +376,7 @@ func ConfigLoad(proxy *Proxy, flags *ConfigFlags) error { proxy.xTransport.tlsDisableSessionTickets = config.TLSDisableSessionTickets proxy.xTransport.tlsCipherSuite = config.TLSCipherSuite proxy.xTransport.mainProto = proxy.mainProto + proxy.xTransport.http3 = config.HTTP3 if len(config.BootstrapResolvers) == 0 && len(config.BootstrapResolversLegacy) > 0 { dlog.Warnf("fallback_resolvers was renamed to bootstrap_resolvers - Please update your configuration") config.BootstrapResolvers = config.BootstrapResolversLegacy diff --git a/dnscrypt-proxy/proxy.go b/dnscrypt-proxy/proxy.go index c44ae17b..acd803e8 100644 --- a/dnscrypt-proxy/proxy.go +++ b/dnscrypt-proxy/proxy.go @@ -68,6 +68,9 @@ type Proxy struct { nxLogFile string proxySecretKey [32]byte proxyPublicKey [32]byte + ServerNames []string + DisabledServerNames []string + requiredProps stamps.ServerInformalProperties certRefreshDelayAfterFailure time.Duration timeout time.Duration certRefreshDelay time.Duration @@ -94,9 +97,6 @@ type Proxy struct { anonDirectCertFallback bool pluginBlockUndelegated bool child bool - requiredProps stamps.ServerInformalProperties - ServerNames []string - DisabledServerNames []string SourceIPv4 bool SourceIPv6 bool SourceDNSCrypt bool diff --git a/dnscrypt-proxy/xtransport.go b/dnscrypt-proxy/xtransport.go index 32d802df..aa45aabc 100644 --- a/dnscrypt-proxy/xtransport.go +++ b/dnscrypt-proxy/xtransport.go @@ -64,6 +64,7 @@ type XTransport struct { ignoreSystemDNS bool useIPv4 bool useIPv6 bool + http3 bool tlsDisableSessionTickets bool tlsCipherSuite []uint16 proxyDialer *netproxy.Dialer @@ -221,8 +222,10 @@ func (xTransport *XTransport) rebuildTransport() { http2Transport.AllowHTTP = false } xTransport.transport = transport - h3Transport := &http3.RoundTripper{DisableCompression: true, TLSClientConfig: &tlsClientConfig} - xTransport.h3Transport = h3Transport + if xTransport.http3 { + h3Transport := &http3.RoundTripper{DisableCompression: true, TLSClientConfig: &tlsClientConfig} + xTransport.h3Transport = h3Transport + } } func (xTransport *XTransport) resolveUsingSystem(host string) (ip net.IP, ttl time.Duration, err error) { @@ -395,13 +398,16 @@ func (xTransport *XTransport) Fetch( Timeout: timeout, } host, port := ExtractHostAndPort(url.Host, 443) - xTransport.altSupport.RLock() - altPort, hasAltSupport := xTransport.altSupport.cache[url.Host] - xTransport.altSupport.RUnlock() - if hasAltSupport { - if int(altPort) == port { - client.Transport = xTransport.h3Transport - dlog.Debugf("Using HTTP/3 transport for [%s]", url.Host) + hasAltSupport := false + if xTransport.h3Transport != nil { + xTransport.altSupport.RLock() + altPort, hasAltSupport := xTransport.altSupport.cache[url.Host] + xTransport.altSupport.RUnlock() + if hasAltSupport { + if int(altPort) == port { + client.Transport = xTransport.h3Transport + dlog.Debugf("Using HTTP/3 transport for [%s]", url.Host) + } } } header := map[string][]string{"User-Agent": {"dnscrypt-proxy"}} @@ -467,7 +473,7 @@ func (xTransport *XTransport) Fetch( } return nil, statusCode, nil, rtt, err } - if !hasAltSupport { + if xTransport.h3Transport != nil && !hasAltSupport { if alt, found := resp.Header["Alt-Svc"]; found { dlog.Debugf("Alt-Svc [%s]: [%s]", url.Host, alt) altPort := uint16(port)