Archives
/
encrypted-dns-server
mirror of https://github.com/jedisct1/encrypted-dns-server
2
0
Fork 0
Code Issues Releases Wiki Activity

Nits

Browse Source
pull/72/head
Frank Denis 3 years ago
parent e50b82f524
commit 65b11b8380
5 changed files with 15 additions and 15 deletions
Show Stats Download Patch File Download Diff File

6
src/anonymized_dns.rs
Unescape Escape View File

@ -96,7 +96,7 @@ pub async fn handle_anonymized_dns(
},
};
ext_socket.connect(&upstream_address).await?;
ext_socket.send(&encrypted_packet).await?;
ext_socket.send(encrypted_packet).await?;
let mut response = vec![0u8; DNSCRYPT_UDP_RESPONSE_MAX_SIZE];
let (response_len, is_certificate_response) = loop {
let fut = ext_socket.recv_from(&mut response[..]);
@ -107,7 +107,7 @@ pub async fn handle_anonymized_dns(
if is_encrypted_response(&response, response_len) {
break (response_len, false);
}
if is_certificate_response(&response, &encrypted_packet) {
if is_certificate_response(&response, encrypted_packet) {
break (response_len, true);
}
};
@ -115,7 +115,7 @@ pub async fn handle_anonymized_dns(
if is_certificate_response {
let mut hasher = globals.hasher;
hasher.write(&relayed_packet[..ANONYMIZED_DNSCRYPT_OVERHEAD]);
hasher.write(&dns::qname(&encrypted_packet)?);
hasher.write(&dns::qname(encrypted_packet)?);
let packet_hash = hasher.finish128().as_u128();
let cached_response = {
match globals.cert_cache.lock().get(&packet_hash) {

2
src/crypto.rs
Unescape Escape View File

@ -204,7 +204,7 @@ impl SharedKey {
max_target_size - crypto_box_curve25519xchacha20poly1305_MACBYTES as usize;
let mut hasher = SipHasher13::new();
hasher.write(&self.0);
hasher.write(&client_nonce);
hasher.write(client_nonce);
let pad_size: usize = 1 + (hasher.finish() as usize & 0xff);
let mut padded_plaintext_len = (plaintext_len + pad_size) & !63;
if padded_plaintext_len < plaintext_len {

6
src/dns.rs
Unescape Escape View File

@ -467,7 +467,7 @@ pub fn serve_certificates<'t>(
ensure!(client_packet.len() >= DNS_HEADER_SIZE, "Short packet");
ensure!(qdcount(client_packet) == 1, "No question");
ensure!(
!is_response(&client_packet),
!is_response(client_packet),
"Question expected, but got a response instead"
);
let offset = skip_name(client_packet, DNS_HEADER_SIZE)?;
@ -477,7 +477,7 @@ pub fn serve_certificates<'t>(
if qtype != DNS_TYPE_TXT || qclass != DNS_CLASS_INET {
return Ok(None);
}
let qname_v = qname(&client_packet)?;
let qname_v = qname(client_packet)?;
let qname = std::str::from_utf8(&qname_v)?;
if !qname.eq_ignore_ascii_case(expected_qname) {
return Ok(None);
@ -523,7 +523,7 @@ pub fn serve_truncated_response(client_packet: Vec<u8>) -> Result<Vec<u8>, Error
pub fn qtype_qclass(packet: &[u8]) -> Result<(u16, u16), Error> {
ensure!(packet.len() >= DNS_HEADER_SIZE, "Short packet");
ensure!(qdcount(&packet) == 1, "No question");
ensure!(qdcount(packet) == 1, "No question");
let offset = skip_name(packet, DNS_HEADER_SIZE)?;
ensure!(packet.len() - offset >= 4, "Short packet");
let qtype = BigEndian::read_u16(&packet[offset..]);

4
src/dnscrypt_certs.rs
Unescape Escape View File

@ -139,7 +139,7 @@ impl DNSCryptEncryptionParams {
continue;
}
if now >= ts_start {
let dnscrypt_cert = DNSCryptCert::new(&provider_kp, &resolver_kp, ts_start);
let dnscrypt_cert = DNSCryptCert::new(provider_kp, &resolver_kp, ts_start);
let cache = ClockProCache::new(cache_capacity).unwrap();
active_params.push(DNSCryptEncryptionParams {
dnscrypt_cert,
@ -153,7 +153,7 @@ impl DNSCryptEncryptionParams {
warn!("Unable to recover a seed; creating an emergency certificate");
let ts_start = now - (now % DNSCRYPT_CERTS_RENEWAL);
let resolver_kp = CryptKeyPair::from_seed(seed);
let dnscrypt_cert = DNSCryptCert::new(&provider_kp, &resolver_kp, ts_start);
let dnscrypt_cert = DNSCryptCert::new(provider_kp, &resolver_kp, ts_start);
let cache = ClockProCache::new(cache_capacity).unwrap();
active_params.push(DNSCryptEncryptionParams {
dnscrypt_cert,

12
src/resolver.rs
Unescape Escape View File

@ -47,7 +47,7 @@ pub async fn resolve_udp(
globals.udp_timeout
};
loop {
ext_socket.send(&packet).await?;
ext_socket.send(packet).await?;
response = vec![0u8; DNS_MAX_PACKET_SIZE];
dns::set_rcode_servfail(&mut response);
let fut = tokio::time::timeout(timeout, ext_socket.recv_from(&mut response[..]));
@ -103,7 +103,7 @@ pub async fn resolve_tcp(
let mut binlen = [0u8, 0];
BigEndian::write_u16(&mut binlen[..], packet.len() as u16);
ext_socket.write_all(&binlen).await?;
ext_socket.write_all(&packet).await?;
ext_socket.write_all(packet).await?;
ext_socket.flush().await?;
ext_socket.read_exact(&mut binlen).await?;
let response_len = BigEndian::read_u16(&binlen) as usize;
@ -185,7 +185,7 @@ pub async fn get_cached_response_or_resolve(
client_ctx: &ClientCtx,
mut packet: &mut Vec<u8>,
) -> Result<Vec<u8>, Error> {
let packet_qname = dns::qname(&packet)?;
let packet_qname = dns::qname(packet)?;
if let Some(my_ip) = &globals.my_ip {
if &packet_qname.to_ascii_lowercase() == my_ip {
let client_ip = match client_ctx {
@ -206,7 +206,7 @@ pub async fn get_cached_response_or_resolve(
let tld = dns::qname_tld(&packet_qname);
let synthesize_nxdomain = {
if globals.ignore_unqualified_hostnames && tld.len() == packet_qname.len() {
let (qtype, qclass) = dns::qtype_qclass(&packet)?;
let (qtype, qclass) = dns::qtype_qclass(packet)?;
qtype == dns::DNS_CLASS_INET
&& (qclass == dns::DNS_TYPE_A || qclass == dns::DNS_TYPE_AAAA)
} else if let Some(undelegated_list) = &globals.undelegated_list {
@ -220,11 +220,11 @@ pub async fn get_cached_response_or_resolve(
globals.varz.client_queries_rcode_nxdomain.inc();
return dns::serve_nxdomain_response(packet.to_vec());
}
let original_tid = dns::tid(&packet);
let original_tid = dns::tid(packet);
dns::set_tid(&mut packet, 0);
dns::normalize_qname(&mut packet)?;
let mut hasher = globals.hasher;
hasher.write(&packet);
hasher.write(packet);
let packet_hash = hasher.finish128().as_u128();
let cached_response = {
match globals.cache.lock().get(&packet_hash) {

Write Preview
Loading…
Cancel
Save