mirrors/dnscrypt-proxy
1
0
Fork 0
mirror of https://github.com/DNSCrypt/dnscrypt-proxy.git synced 2025-03-04 10:24:40 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Preliminary propoer ODoH initialization

Browse source
This commit is contained in:
Frank Denis 2021-06-07 11:47:11 +02:00
parent 56f2e9adcc
commit 96b05e57ca
1 changed files with 62 additions and 14 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

76
dnscrypt-proxy/serversInfo.go
View file

@ -655,9 +655,8 @@ func fetchDoHServerInfo(proxy *Proxy, name string, stamp stamps.ServerStamp, isN
dlog.Criticalf("[%s] Certificate hash [%x] not found", name, wantedHash) dlog.Criticalf("[%s] Certificate hash [%x] not found", name, wantedHash)
return ServerInfo{}, fmt.Errorf("Certificate hash not found") return ServerInfo{}, fmt.Errorf("Certificate hash not found")
} }
respBody := serverResponse if len(serverResponse) < MinDNSPacketSize || len(serverResponse) > MaxDNSPacketSize ||
if len(respBody) < MinDNSPacketSize || len(respBody) > MaxDNSPacketSize || serverResponse[0] != 0xca || serverResponse[1] != 0xfe || serverResponse[4] != 0x00 || serverResponse[5] != 0x01 {
respBody[0] != 0xca || respBody[1] != 0xfe || respBody[4] != 0x00 || respBody[5] != 0x01 {
dlog.Info("Webserver returned an unexpected response") dlog.Info("Webserver returned an unexpected response")
return ServerInfo{}, errors.New("Webserver returned an unexpected response") return ServerInfo{}, errors.New("Webserver returned an unexpected response")
} }
@ -721,17 +720,66 @@ func fetchODoHTargetInfo(proxy *Proxy, name string, stamp stamps.ServerStamp, is
useGet := relay == nil useGet := relay == nil
return ServerInfo{ query := dohNXTestPacket(0xcafe)
Proto: stamps.StampProtoTypeODoHTarget, for _, odohTargetConfig := range odohTargetConfigs {
Name: name, odohQuery, err := odohTargetConfig.encryptQuery(query)
Timeout: proxy.timeout, if err != nil {
URL: url, continue
HostName: stamp.ProviderName, }
initialRtt: 100000, responseBody, responseCode, tls, rtt, err := proxy.xTransport.ObliviousDoHQuery(useGet, url, odohQuery.odohMessage, proxy.timeout)
useGet: useGet, if err != nil {
Relay: relay, continue
odohTargetConfigs: odohTargetConfigs, }
}, nil if responseCode == 401 {
return ServerInfo{}, fmt.Errorf("TODO: retry when the key changed during a probe")
}
serverResponse, err := odohQuery.decryptResponse(responseBody)
if err != nil {
dlog.Warnf("Unable to decrypt response from [%v]: [%v]", name, err)
continue
}
msg := dns.Msg{}
if err := msg.Unpack(serverResponse); err != nil {
dlog.Warnf("[%s]: %v", name, err)
return ServerInfo{}, err
}
if msg.Rcode != dns.RcodeNameError {
dlog.Criticalf("[%s] may be a lying resolver", name)
}
protocol := tls.NegotiatedProtocol
if len(protocol) == 0 {
protocol = "http/1.x"
}
if strings.HasPrefix(protocol, "http/1.") {
dlog.Warnf("[%s] does not support HTTP/2", name)
}
dlog.Infof("[%s] TLS version: %x - Protocol: %v - Cipher suite: %v", name, tls.Version, protocol, tls.CipherSuite)
if len(serverResponse) < MinDNSPacketSize || len(serverResponse) > MaxDNSPacketSize ||
serverResponse[0] != 0xca || serverResponse[1] != 0xfe || serverResponse[4] != 0x00 || serverResponse[5] != 0x01 {
dlog.Info("Webserver returned an unexpected response")
return ServerInfo{}, errors.New("Webserver returned an unexpected response")
}
xrtt := int(rtt.Nanoseconds() / 1000000)
if isNew {
dlog.Noticef("[%s] OK (ODoH) - rtt: %dms", name, xrtt)
} else {
dlog.Infof("[%s] OK (ODoH) - rtt: %dms", name, xrtt)
}
return ServerInfo{
Proto: stamps.StampProtoTypeODoHTarget,
Name: name,
Timeout: proxy.timeout,
URL: url,
HostName: stamp.ProviderName,
initialRtt: xrtt,
useGet: useGet,
Relay: relay,
odohTargetConfigs: odohTargetConfigs,
}, nil
}
return ServerInfo{}, fmt.Errorf("No valid network configuration for [%v]", name)
} }
func (serverInfo *ServerInfo) noticeFailure(proxy *Proxy) { func (serverInfo *ServerInfo) noticeFailure(proxy *Proxy) {