mirrors/dnscrypt-proxy
1
0
Fork 0
mirror of https://github.com/DNSCrypt/dnscrypt-proxy.git synced 2025-04-06 14:47:35 +03:00
Code Issues Projects Releases Packages Wiki Activity
2223 commits 5 branches 92 tags 32 MiB
Commit graph

1384 commits

Author SHA1 Message Date
Frank Denis
dd9cf5cc9a Kill nacl/box 2019-06-24 19:13:34 +02:00
Frank Denis
5d130cdf0b Use CIRCL for X25519. That makes ephemeral key computation faster. 2019-06-24 14:17:00 +02:00
Frank Denis
d27171f62b Have fetchFromCache support a TTL parameter 
Partially
fixes #854
 2019-06-13 11:24:15 +02:00
Frank Denis
df24db9b9d Remove refresh_delay from the example configuration file 
It is not implemented
 2019-06-13 11:14:10 +02:00
Frank Denis
8933980121 netprobe_timeout=0 doesn't make much sense 2019-06-07 01:50:03 +02:00
Frank Denis
8def2d5edc Document TLS 1.3 cipher suite IDs 2019-06-07 01:39:35 +02:00
Frank Denis
d2aa521369 Add a command-line option to print the server certificate hashes 2019-06-07 01:23:48 +02:00
Frank Denis
9604b8b3e5 Use an example server instead of a real one in the static section 2019-06-04 12:17:47 +02:00
Frank Denis
0f264fe38e 2.0.25 2019-06-04 01:42:02 +02:00
Frank Denis
a060407db1 Use a different address than 255.255.255.0 for netprobes 
Windows doesn't seem to like this address.

Also default to the fallback resolver IP if there is one and
no netprobe_address option in the configuration file.

Fix netprobe_timeout = -1 by the way
 2019-06-04 01:37:59 +02:00
Frank Denis
aca031c2ec Don't display sorted latencies if there is only one (or none) 2019-06-03 18:51:21 +02:00
Frank Denis
8e01421304 Bump 2019-06-03 18:31:58 +02:00
Frank Denis
ae2d036703 setting -> lowering 2019-06-03 17:35:16 +02:00
Frank Denis
313ca48cad rtt -> RTT 2019-06-03 17:32:54 +02:00
Frank Denis
36e3691ccc Log the current candidate's RTT 2019-06-03 17:32:23 +02:00
Frank Denis
62e8d193c0 Round numbers 2019-06-03 17:10:38 +02:00
Frank Denis
b63df9cdfa Initialize the server rtt with the startup measurement 2019-06-03 17:07:30 +02:00
Frank Denis
30f2a4fd6b Misc fixes 
- Set LBEstimator to true by default
- Shuffle the servers list at startup
- Add the server name to the query log
 2019-06-03 16:49:06 +02:00
Frank Denis
ec1b03b026 Renamed "hit" to "cached", and add the duration unit in TSV logs 2019-06-03 13:16:59 +02:00
Frank Denis
9e2a945fff Print the sorted list of latencies 
Add an option to disable the load-balancing estimator
 2019-06-03 13:04:59 +02:00
Frank Denis
a417f0d282 Use 255.255.255.0 as the default netprobe address 2019-06-03 12:22:53 +02:00
Frank Denis
5b5b5ec583 Verify that ApplyQueryPlugins() doesn't blow the packet size 2019-06-03 00:47:39 +02:00
Frank Denis
2e89c8da01 Rename LbStrategyFastest to LbStrategyFirst 2019-06-02 13:24:24 +02:00
Frank Denis
3f2656dbe3 Document netprobe_address 2019-05-31 23:02:45 +02:00
Frank Denis
b22d6dfc96 Send a byte to the netprobe IP only on Windows 2019-05-31 11:15:59 +02:00
Mathias Berchtold
cf261da79a Fix netProbe write check 
Write at least 1 byte. This ensures that sockets are ready to use for writing.
Windows specific: during the system startup, sockets can be created but the underlying buffers may not be setup yet. If this is the case Write fails with WSAENOBUFS: "An operation on a socket could not be performed because the system lacked sufficient buffer space or because a queue was full
This fixes: https://github.com/jedisct1/dnscrypt-proxy/issues/841
 2019-05-31 11:05:22 +02:00
Mathias Berchtold
7c8e20a533 netProbe: Always log Network connectivity detected 
In the netProb function, always log whether network connectivity is detected or not.
 2019-05-30 22:28:57 +02:00
Ferdinand Holzer
4e76cd2245 Rename cacheHit to hit in ltsv log 2019-05-28 23:14:28 +02:00
Ferdinand Holzer
14b464e56d Log whether response was served from cache 2019-05-28 23:14:28 +02:00
Ferdinand Holzer
af096f8488 Remove request forwarding measurement from log 2019-05-28 23:14:28 +02:00
Frank Denis
578c090890 Send an empty packet to the probe 
This seems to be required on Windows.

Also add the ability to wait for up to an hour.
 2019-05-28 13:22:11 +02:00
Ferdinand Holzer
da2e4b0b4b Change duration output in query log to milliseconds (#836) 2019-05-26 21:53:15 +02:00
Ferdinand Holzer
eab77ff871 Enhance logging (#834) 
* Enhance query logging

Add request duration, and forward duration if applicable.

* Also measure requests forwarded based on forwarding_rules
 2019-05-26 21:16:47 +02:00
Frank Denis
0e2d78d21b Warn is DoH is requested but HTTP/2 is not supported 2019-05-12 09:55:13 +02:00
Frank Denis
50a2018633 Keep holding the read lock in the cloaking load-balancing code 
Maybe
fixes #807
 2019-05-02 23:53:47 +02:00
Frank Denis
02d07df43f Cloaking example: yandex.ru to familysearch.yandex.ru 2019-04-29 14:35:24 +02:00
Frank Denis
a8045e0a7a Bump 2019-04-28 23:26:33 +02:00
Frank Denis
5c9edfccfe Ignore onion servers if Tor is not being used 2019-04-14 14:19:12 +02:00
Frank Denis
4940b34c76 Improve caching of server addresses, especially when using proxies 2019-04-14 13:46:07 +02:00
Frank Denis
d143ae5279 Set the main protocol to TCP when using a SOCKS proxy 2019-04-14 13:41:43 +02:00
Frank Denis
4b001e3b8e Skip DNS resolution on Tor services 2019-04-14 11:18:14 +02:00
Frank Denis
0a535e28ab Stop printing "crypto v1/v2", as both are equally secure 2019-04-08 08:30:43 +02:00
Frank Denis
25ac94e7b2 Revert "Add Stretch-Hash-and-Truncate option for extreme DNS privacy" 
This reverts commit 2d1dd7eaab.
 2019-04-02 01:57:48 +02:00
Frank Denis
2d1dd7eaab Add Stretch-Hash-and-Truncate option for extreme DNS privacy 
This works over DNSCrypt and DoH, but requires a specifically configured
server.

Instead of sending the actual DNS queries, the SH-T system works as follows:

Step 1: the client query is evaluated through Argon2id, a military-grade,
memory-hard, CPU-hard stretching function. This makes it very expensive
for an attacker to find the original query, even using GPUs and ASICs.
For post-quantum resistance, we use it to generate a 1024-bit key.

Step 2: in case the Argon2id algorithm has a vulnerability, or, since this
is a popular function used for hashing passwords and for cryptocurrencices,
and people may have built rainbow tables already, we use a hash function over
the result of the previous function. This immediately defeats rainbow tables.

Step 3: the output of the hash function is truncated to 64-bit.
Due to a property of this operation known as collision-misresistance, and even
if the previous steps fail due to a nation-state actor, it is impossible for a
server operator to prove what exact query was originally sent by a client.

This feature is experimental.
 2019-04-01 09:36:56 +02:00
Frank Denis
f744110d38 Bump 2019-04-01 08:24:58 +02:00
Frank Denis
8b608403b1 Do not cache truncated messages 
Fixes #774
 2019-04-01 08:19:26 +02:00
Frank Denis
85abbeac61 Bump 2019-03-14 20:21:26 +01:00
Frank Denis
8076e206e0 Revert "Install the windows service as "NT AUTHORITY\NetworkService"" 
This reverts commit 17db0a658f.

On Windows, switching to user `NT AUTHORITY\NetworkService` apparently
breaks logging (reported by @Aland_123).
 2019-03-14 20:10:53 +01:00
Frank Denis
707098a922 Bump 2019-03-14 02:18:20 +01:00
Frank Denis
26cc68b748 Make startup *way* faster, especially when using DoH 2019-03-14 01:59:57 +01:00