Archives
/
encrypted-dns-server
mirror of https://github.com/jedisct1/encrypted-dns-server
2
0
Fork 0
Code Issues Releases Wiki Activity

Forward certificates

Browse Source
pull/12/head
Frank Denis 5 years ago
parent 916aded9c8
commit 5848713ffd
2 changed files with 23 additions and 3 deletions
Show Stats Download Patch File Download Diff File

21
src/anonymized_dns.rs
Unescape Escape View File

@ -96,9 +96,8 @@ pub async fn handle_anonymized_dns(
let fut = ext_socket.recv_from(&mut response[..]);
let (response_len, response_addr) = fut.await?;
if response_addr == upstream_address
&& (DNSCRYPT_UDP_RESPONSE_MIN_SIZE..=DNSCRYPT_UDP_RESPONSE_MAX_SIZE)
.contains(&response_len)
&& response[..DNSCRYPT_RESPONSE_MAGIC_SIZE] == DNSCRYPT_RESPONSE_MAGIC
&& (is_encrypted_response(&response, response_len)
|| is_certificate_response(&response, response_len))
{
response.truncate(response_len);
break;
@ -110,3 +109,19 @@ pub async fn handle_anonymized_dns(
respond_to_query(client_ctx, response).await
}
#[inline]
fn is_encrypted_response(response: &[u8], response_len: usize) -> bool {
(DNSCRYPT_UDP_RESPONSE_MIN_SIZE..=DNSCRYPT_UDP_RESPONSE_MAX_SIZE).contains(&response_len)
&& response[..DNSCRYPT_RESPONSE_MAGIC_SIZE] == DNSCRYPT_RESPONSE_MAGIC
}
#[inline]
fn is_certificate_response(response: &[u8], response_len: usize) -> bool {
(DNSCRYPT_RESPONSE_CERT_PREFIX_OFFSET + DNSCRYPT_RESPONSE_CERT_PREFIX.len()
..=DNS_MAX_PACKET_SIZE)
.contains(&response_len)
&& response[DNSCRYPT_RESPONSE_CERT_PREFIX_OFFSET
..DNSCRYPT_RESPONSE_CERT_PREFIX_OFFSET + DNSCRYPT_RESPONSE_CERT_PREFIX.len()]
== DNSCRYPT_RESPONSE_CERT_PREFIX
}

5
src/dnscrypt.rs
Unescape Escape View File

@ -23,6 +23,11 @@ pub const DNSCRYPT_QUERY_MIN_OVERHEAD: usize =
pub const DNSCRYPT_RESPONSE_MAGIC_SIZE: usize = 8;
pub const DNSCRYPT_RESPONSE_MAGIC: [u8; DNSCRYPT_RESPONSE_MAGIC_SIZE] =
[0x72, 0x36, 0x66, 0x6e, 0x76, 0x57, 0x6a, 0x38];
pub const DNSCRYPT_RESPONSE_CERT_PREFIX: [u8; 24] = [
0x00, 0x01, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x01, 0x32, 0x0d, 0x64, 0x6e, 0x73, 0x63, 0x72,
0x79, 0x70, 0x74, 0x2d, 0x63, 0x65, 0x72, 0x74,
];
pub const DNSCRYPT_RESPONSE_CERT_PREFIX_OFFSET: usize = 4;
pub const DNSCRYPT_RESPONSE_NONCE_SIZE: usize = DNSCRYPT_FULL_NONCE_SIZE;
pub const DNSCRYPT_RESPONSE_HEADER_SIZE: usize =
DNSCRYPT_RESPONSE_MAGIC_SIZE + DNSCRYPT_RESPONSE_NONCE_SIZE;

Write Preview
Loading…
Cancel
Save