encrypted-dns-server/src/config.rs

use crate::crypto::*;
use crate::dnscrypt_certs::*;
use crate::errors::*;

use std::fs::File;
use std::io::prelude::*;
use std::mem;
use std::net::{IpAddr, SocketAddr};
use std::path::{Path, PathBuf};
use tokio::prelude::*;

#[derive(Serialize, Deserialize, Debug, Clone)]
pub struct AnonymizedDNSConfig {
    pub enabled: bool,
    pub allowed_ports: Vec<u16>,
    pub allow_non_reserved_ports: Option<bool>,
    pub blacklisted_ips: Vec<IpAddr>,
}

#[cfg(feature = "metrics")]
#[derive(Serialize, Deserialize, Debug, Clone)]
pub struct MetricsConfig {
    pub r#type: String,
    pub listen_addr: SocketAddr,
    pub path: String,
}

#[derive(Serialize, Deserialize, Debug, Clone)]
pub struct DNSCryptConfig {
    pub enabled: Option<bool>,
    pub provider_name: String,
    pub key_cache_capacity: usize,
    pub dnssec: bool,
    pub no_filters: bool,
    pub no_logs: bool,
}

#[derive(Serialize, Deserialize, Debug, Clone)]
pub struct TLSConfig {
    pub upstream_addr: Option<SocketAddr>,
}

#[derive(Serialize, Deserialize, Debug, Clone)]
pub struct ListenAddrConfig {
    pub local: SocketAddr,
    pub external: SocketAddr,
}

#[derive(Serialize, Deserialize, Debug, Clone)]
pub struct FilteringConfig {
    pub domain_blacklist: Option<PathBuf>,
    pub undelegated_list: Option<PathBuf>,
    pub ignore_unqualified_hostnames: Option<bool>,
}

#[derive(Serialize, Deserialize, Debug, Clone)]
pub struct Config {
    pub listen_addrs: Vec<ListenAddrConfig>,
    pub external_addr: Option<IpAddr>,
    pub upstream_addr: SocketAddr,
    pub state_file: PathBuf,
    pub udp_timeout: u32,
    pub tcp_timeout: u32,
    pub udp_max_active_connections: u32,
    pub tcp_max_active_connections: u32,
    pub cache_capacity: usize,
    pub cache_ttl_min: u32,
    pub cache_ttl_max: u32,
    pub cache_ttl_error: u32,
    pub user: Option<String>,
    pub group: Option<String>,
    pub chroot: Option<String>,
    pub filtering: FilteringConfig,
    pub dnscrypt: DNSCryptConfig,
    pub tls: TLSConfig,
    pub daemonize: bool,
    pub pid_file: Option<PathBuf>,
    pub log_file: Option<PathBuf>,
    #[cfg(feature = "metrics")]
    pub metrics: Option<MetricsConfig>,
    pub anonymized_dns: Option<AnonymizedDNSConfig>,
}

impl Config {
    pub fn from_string(toml: &str) -> Result<Config, Error> {
        let config: Config = match toml::from_str(toml) {
            Ok(config) => config,
            Err(e) => bail!("Parse error in the configuration file: {}", e),
        };
        Ok(config)
    }

    pub fn from_path<P: AsRef<Path>>(path: P) -> Result<Config, Error> {
        let mut fd = File::open(path)?;
        let mut toml = String::new();
        fd.read_to_string(&mut toml)?;
        Config::from_string(&toml)
    }
}

#[derive(Serialize, Deserialize, Debug)]
pub struct State {
    pub provider_kp: SignKeyPair,
    pub dnscrypt_encryption_params_set: Vec<DNSCryptEncryptionParams>,
}

impl State {
    pub fn with_key_pair(provider_kp: SignKeyPair, key_cache_capacity: usize) -> Self {
        let dnscrypt_encryption_params_set = vec![DNSCryptEncryptionParams::new(
            &provider_kp,
            key_cache_capacity,
        )];
        State {
            provider_kp,
            dnscrypt_encryption_params_set,
        }
    }

    pub fn new(key_cache_capacity: usize) -> Self {
        let provider_kp = SignKeyPair::new();
        State::with_key_pair(provider_kp, key_cache_capacity)
    }

    pub async fn async_save<P: AsRef<Path>>(&self, path: P) -> Result<(), Error> {
        let path_tmp = path.as_ref().with_extension("tmp");
        let mut fpb = tokio::fs::OpenOptions::new();
        let fpb = fpb.create(true).write(true);
        let mut fp = fpb.open(&path_tmp).await?;
        let state_bin = toml::to_vec(&self)?;
        fp.write_all(&state_bin).await?;
        fp.sync_data().await?;
        mem::drop(fp);
        tokio::fs::rename(path_tmp, path).await?;
        Ok(())
    }

    pub fn from_file<P: AsRef<Path>>(path: P, key_cache_capacity: usize) -> Result<Self, Error> {
        let mut fp = File::open(path.as_ref())?;
        let mut state_bin = vec![];
        fp.read_to_end(&mut state_bin)?;
        let mut state: State = toml::from_slice(&state_bin)?;
        for params_set in &mut state.dnscrypt_encryption_params_set {
            params_set.add_key_cache(key_cache_capacity);
        }
        Ok(state)
    }
}
Persist the provider key Of course we also need to persist the resolver keys 2019-09-18 10:34:19 +00:00			`use crate::crypto::*;`
kaboom the compiler 2019-09-19 18:47:44 +00:00			`use crate::dnscrypt_certs::*;`
Persist the provider key Of course we also need to persist the resolver keys 2019-09-18 10:34:19 +00:00			`use crate::errors::*;`

Save states asynchronously 2019-09-20 00:31:31 +00:00			`use std::fs::File;`
Move everything to a configuration file 2019-09-19 10:30:31 +00:00			`use std::io::prelude::*;`
Save states asynchronously 2019-09-20 00:31:31 +00:00			`use std::mem;`
Move to TOML (1) 2019-09-19 10:09:00 +00:00			`use std::net::{IpAddr, SocketAddr};`
Move everything to a configuration file 2019-09-19 10:30:31 +00:00			`use std::path::{Path, PathBuf};`
Save states asynchronously 2019-09-20 00:31:31 +00:00			`use tokio::prelude::*;`
kaboom the compiler 2019-09-19 18:47:44 +00:00
Prepare a new configuration section for Anonymized DNS 2019-10-13 20:47:57 +00:00			`#[derive(Serialize, Deserialize, Debug, Clone)]`
			`pub struct AnonymizedDNSConfig {`
			`pub enabled: bool,`
Anonymized DNS is here 2019-10-14 09:10:55 +00:00			`pub allowed_ports: Vec<u16>,`
Add a reasonable default set of ports + a new option 2019-10-17 20:44:43 +00:00			`pub allow_non_reserved_ports: Option<bool>,`
Anonymized DNS is here 2019-10-14 09:10:55 +00:00			`pub blacklisted_ips: Vec<IpAddr>,`
Prepare a new configuration section for Anonymized DNS 2019-10-13 20:47:57 +00:00			`}`

Prometheus metrics 2019-10-01 18:58:51 +00:00			`#[cfg(feature = "metrics")]`
			`#[derive(Serialize, Deserialize, Debug, Clone)]`
			`pub struct MetricsConfig {`
			`pub r#type: String,`
			`pub listen_addr: SocketAddr,`
			`pub path: String,`
			`}`

			`#[derive(Serialize, Deserialize, Debug, Clone)]`
Move to TOML (1) 2019-09-19 10:09:00 +00:00			`pub struct DNSCryptConfig {`
Add an option to disable DNSCrypt, and do only TLS and relaying 2019-12-21 23:50:09 +00:00			`pub enabled: Option<bool>,`
Move to TOML (1) 2019-09-19 10:09:00 +00:00			`pub provider_name: String,`
ADd a key cache and improve logging 2019-09-20 08:39:42 +00:00			`pub key_cache_capacity: usize,`
Change the format of how IP addresses are specified 2019-09-22 11:44:45 +00:00			`pub dnssec: bool,`
			`pub no_filters: bool,`
			`pub no_logs: bool,`
Move to TOML (1) 2019-09-19 10:09:00 +00:00			`}`

Prometheus metrics 2019-10-01 18:58:51 +00:00			`#[derive(Serialize, Deserialize, Debug, Clone)]`
Move to TOML (1) 2019-09-19 10:09:00 +00:00			`pub struct TLSConfig {`
			`pub upstream_addr: Option<SocketAddr>,`
			`}`

Prometheus metrics 2019-10-01 18:58:51 +00:00			`#[derive(Serialize, Deserialize, Debug, Clone)]`
Change the format of how IP addresses are specified 2019-09-22 11:44:45 +00:00			`pub struct ListenAddrConfig {`
			`pub local: SocketAddr,`
			`pub external: SocketAddr,`
			`}`

Prometheus metrics 2019-10-01 18:58:51 +00:00			`#[derive(Serialize, Deserialize, Debug, Clone)]`
Implement support for server-side blacklists 2019-09-25 13:51:13 +00:00			`pub struct FilteringConfig {`
			`pub domain_blacklist: Option<PathBuf>,`
Add the ability to return synthetic response for undelegated TLDs 2019-12-07 18:51:37 +00:00			`pub undelegated_list: Option<PathBuf>,`
Add ignore_unqualified_hostnames 2019-12-07 22:25:32 +00:00			`pub ignore_unqualified_hostnames: Option<bool>,`
Implement support for server-side blacklists 2019-09-25 13:51:13 +00:00			`}`

Prometheus metrics 2019-10-01 18:58:51 +00:00			`#[derive(Serialize, Deserialize, Debug, Clone)]`
Move to TOML (1) 2019-09-19 10:09:00 +00:00			`pub struct Config {`
Change the format of how IP addresses are specified 2019-09-22 11:44:45 +00:00			`pub listen_addrs: Vec<ListenAddrConfig>,`
Pick IPv4 or IPv6 wildcard source addresses according to the destination Fixes #10 2019-10-19 09:36:16 +00:00			`pub external_addr: Option<IpAddr>,`
Move to TOML (1) 2019-09-19 10:09:00 +00:00			`pub upstream_addr: SocketAddr,`
			`pub state_file: PathBuf,`
			`pub udp_timeout: u32,`
			`pub tcp_timeout: u32,`
			`pub udp_max_active_connections: u32,`
			`pub tcp_max_active_connections: u32,`
Add a simple built-in DNS cache (TTL is not handled yet) 2019-09-20 22:53:20 +00:00			`pub cache_capacity: usize,`
Make DNS cache TTLs configurable 2019-09-21 10:18:27 +00:00			`pub cache_ttl_min: u32,`
			`pub cache_ttl_max: u32,`
			`pub cache_ttl_error: u32,`
Drop privileges 2019-09-19 10:57:24 +00:00			`pub user: Option<String>,`
			`pub group: Option<String>,`
			`pub chroot: Option<String>,`
Implement support for server-side blacklists 2019-09-25 13:51:13 +00:00			`pub filtering: FilteringConfig,`
Move to TOML (1) 2019-09-19 10:09:00 +00:00			`pub dnscrypt: DNSCryptConfig,`
			`pub tls: TLSConfig,`
Improved daemonization 2019-09-21 14:19:39 +00:00			`pub daemonize: bool,`
			`pub pid_file: Option<PathBuf>,`
Log to file 2019-09-21 14:29:13 +00:00			`pub log_file: Option<PathBuf>,`
Prometheus metrics 2019-10-01 18:58:51 +00:00			`#[cfg(feature = "metrics")]`
			`pub metrics: Option<MetricsConfig>,`
Prepare a new configuration section for Anonymized DNS 2019-10-13 20:47:57 +00:00			`pub anonymized_dns: Option<AnonymizedDNSConfig>,`
Move to TOML (1) 2019-09-19 10:09:00 +00:00			`}`
Persist the provider key Of course we also need to persist the resolver keys 2019-09-18 10:34:19 +00:00
Move everything to a configuration file 2019-09-19 10:30:31 +00:00			`impl Config {`
			`pub fn from_string(toml: &str) -> Result<Config, Error> {`
			`let config: Config = match toml::from_str(toml) {`
			`Ok(config) => config,`
Move from failure to anyhow 2019-11-01 19:56:07 +00:00			`Err(e) => bail!("Parse error in the configuration file: {}", e),`
Move everything to a configuration file 2019-09-19 10:30:31 +00:00			`};`
			`Ok(config)`
			`}`

			`pub fn from_path<P: AsRef<Path>>(path: P) -> Result<Config, Error> {`
			`let mut fd = File::open(path)?;`
			`let mut toml = String::new();`
			`fd.read_to_string(&mut toml)?;`
			`Config::from_string(&toml)`
			`}`
			`}`

Persist the provider key Of course we also need to persist the resolver keys 2019-09-18 10:34:19 +00:00			`#[derive(Serialize, Deserialize, Debug)]`
			`pub struct State {`
			`pub provider_kp: SignKeyPair,`
kaboom the compiler 2019-09-19 18:47:44 +00:00			`pub dnscrypt_encryption_params_set: Vec<DNSCryptEncryptionParams>,`
Persist the provider key Of course we also need to persist the resolver keys 2019-09-18 10:34:19 +00:00			`}`

			`impl State {`
Import from dnscrypt-wrapper 2019-09-20 09:25:24 +00:00			`pub fn with_key_pair(provider_kp: SignKeyPair, key_cache_capacity: usize) -> Self {`
ADd a key cache and improve logging 2019-09-20 08:39:42 +00:00			`let dnscrypt_encryption_params_set = vec![DNSCryptEncryptionParams::new(`
			`&provider_kp,`
			`key_cache_capacity,`
			`)];`
kaboom the compiler 2019-09-19 18:47:44 +00:00			`State {`
			`provider_kp,`
			`dnscrypt_encryption_params_set,`
			`}`
			`}`

Import from dnscrypt-wrapper 2019-09-20 09:25:24 +00:00			`pub fn new(key_cache_capacity: usize) -> Self {`
			`let provider_kp = SignKeyPair::new();`
			`State::with_key_pair(provider_kp, key_cache_capacity)`
			`}`

Save states asynchronously 2019-09-20 00:31:31 +00:00			`pub async fn async_save<P: AsRef<Path>>(&self, path: P) -> Result<(), Error> {`
			`let path_tmp = path.as_ref().with_extension("tmp");`
			`let mut fpb = tokio::fs::OpenOptions::new();`
			`let fpb = fpb.create(true).write(true);`
			`let mut fp = fpb.open(&path_tmp).await?;`
kaboom the compiler 2019-09-19 18:47:44 +00:00			`let state_bin = toml::to_vec(&self)?;`
Save states asynchronously 2019-09-20 00:31:31 +00:00			`fp.write_all(&state_bin).await?;`
			`fp.sync_data().await?;`
			`mem::drop(fp);`
			`tokio::fs::rename(path_tmp, path).await?;`
kaboom the compiler 2019-09-19 18:47:44 +00:00			`Ok(())`
			`}`

ADd a key cache and improve logging 2019-09-20 08:39:42 +00:00			`pub fn from_file<P: AsRef<Path>>(path: P, key_cache_capacity: usize) -> Result<Self, Error> {`
kaboom the compiler 2019-09-19 18:47:44 +00:00			`let mut fp = File::open(path.as_ref())?;`
			`let mut state_bin = vec![];`
			`fp.read_to_end(&mut state_bin)?;`
ADd a key cache and improve logging 2019-09-20 08:39:42 +00:00			`let mut state: State = toml::from_slice(&state_bin)?;`
			`for params_set in &mut state.dnscrypt_encryption_params_set {`
			`params_set.add_key_cache(key_cache_capacity);`
			`}`
kaboom the compiler 2019-09-19 18:47:44 +00:00			`Ok(state)`
Persist the provider key Of course we also need to persist the resolver keys 2019-09-18 10:34:19 +00:00			`}`
			`}`