proxy

package
v0.26.2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 20, 2020 License: GPL-3.0 Imports: 25 Imported by: 8

Documentation

Overview

Package proxy implements a DNS proxy that supports all known DNS encryption protocols

Index

Constants

View Source 
const (
	// ProtoUDP is plain DNS-over-UDP
	ProtoUDP = "udp"
	// ProtoTCP is plain DNS-over-TCP
	ProtoTCP = "tcp"
	// ProtoTLS is DNS-over-TLS
	ProtoTLS = "tls"
	// ProtoHTTPS is DNS-over-HTTPS
	ProtoHTTPS = "https"
	// UnqualifiedNames is reserved name for "unqualified names only", ie names without dots
	UnqualifiedNames = "unqualified_names"
)

Variables

This section is empty.

Functions

func CheckDisabledAAAARequest added in v0.20.1 

func CheckDisabledAAAARequest(ctx *DNSContext, ipv6Disabled bool) bool

CheckDisabledAAAARequest checks if AAAA requests should be disabled or not and sets NoError empty response to given DNSContext if needed

func GenEmptyMessage added in v0.20.1 

func GenEmptyMessage(request *dns.Msg, rCode int, retry uint32) *dns.Msg

GenEmptyMessage generates empty message with given response code and retry time

Types

type AddressToUpstreamFunction added in v0.15.1 

type AddressToUpstreamFunction func(address string, opts upstream.Options) (upstream.Upstream, error)

AddressToUpstreamFunction is a type for a callback function which creates an upstream object

type BeforeRequestHandler added in v0.14.0 

type BeforeRequestHandler func(p *Proxy, d *DNSContext) (bool, error)

BeforeRequestHandler is an optional custom handler called before DNS requests If it returns false, the request won't be processed at all

type Config 

type Config struct {
	UDPListenAddr *net.UDPAddr // if nil, then it does not listen for UDP
	TCPListenAddr *net.TCPAddr // if nil, then it does not listen for TCP

	HTTPSListenAddr *net.TCPAddr // if nil, then it does not listen for HTTPS (DoH)
	TLSListenAddr   *net.TCPAddr // if nil, then it does not listen for TLS (DoT)
	TLSConfig       *tls.Config  // necessary for listening for TLS

	Ratelimit          int      // max number of requests per second from a given IP (0 to disable)
	RatelimitWhitelist []string // a list of whitelisted client IP addresses

	RefuseAny  bool // if true, refuse ANY requests
	AllServers bool // if true, parallel queries to all configured upstream servers are enabled

	// Enable EDNS Client Subnet option
	// DNS requests to the upstream server will contain an OPT record with Client Subnet option.
	//  If the original request already has this option set, we pass it through as is.
	//  Otherwise, we set it ourselves using the client IP with subnet /24 (for IPv4) and /112 (for IPv6).
	//
	// If the upstream server supports ECS, it sets subnet number in the response.
	// This subnet number along with the client IP and other data is used as a cache key.
	// Next time, if a client from the same subnet requests this host name,
	//  we get the response from cache.
	// If another client from a different subnet requests this host name,
	//  we pass his request to the upstream server.
	//
	// If the upstream server doesn't support ECS (there's no subnet number in response),
	//  this response will be cached for all clients.
	//
	// If client IP is private (i.e. not public), we don't add EDNS record into a request.
	// And so there will be no EDNS record in response either.
	// We store these responses in general cache (without subnet)
	//  so they will never be used for clients with public IP addresses.
	EnableEDNSClientSubnet bool
	EDNSAddr               net.IP // ECS IP used in request

	CacheEnabled   bool   // cache status
	CacheSizeBytes int    // Cache size (in bytes). Default: 64k
	CacheMinTTL    uint32 // Minimum TTL for DNS entries (in seconds).
	CacheMaxTTL    uint32 // Maximum TTL for DNS entries (in seconds).

	Upstreams []upstream.Upstream // list of upstreams
	Fallbacks []upstream.Upstream // list of fallback resolvers (which will be used if regular upstream failed to answer)

	BeforeRequestHandler BeforeRequestHandler // callback that is called before each request
	RequestHandler       RequestHandler       // callback that can handle incoming DNS requests
	ResponseHandler      ResponseHandler      // response callback

	DomainsReservedUpstreams map[string][]upstream.Upstream // map of domains and lists of corresponding upstreams

	FindFastestAddr bool // use Fastest Address algorithm

	MaxGoroutines int // maximum number of goroutines processing the DNS requests (important for mobile)
}

Config contains all the fields necessary for proxy configuration

type DNSContext 

type DNSContext struct {
	Proto string   // "udp", "tcp", "tls", "https"
	Req   *dns.Msg // DNS request
	Res   *dns.Msg // DNS response from an upstream
	Conn  net.Conn // underlying client connection. Can be null in the case of DOH.
	Addr  net.Addr // client address.

	HTTPRequest        *http.Request       // HTTP request (for DOH only)
	HTTPResponseWriter http.ResponseWriter // HTTP response writer (for DOH only)
	StartTime          time.Time           // processing start time
	Upstream           upstream.Upstream   // upstream that resolved DNS request

	// Upstream servers to use for this request
	// If set, Resolve() uses it instead of default servers
	Upstreams []upstream.Upstream
	// contains filtered or unexported fields
}

DNSContext represents a DNS request message context

type FastestAddr added in v0.24.0 

type FastestAddr struct {
	// contains filtered or unexported fields
}

FastestAddr - object data

func (*FastestAddr) Init added in v0.24.0 

func (f *FastestAddr) Init()

Init - initialize module

type Proxy 

type Proxy struct {
	Config // proxy configuration

	sync.RWMutex // protects parallel access to proxy structures
	// contains filtered or unexported fields
}

Proxy combines the proxy server state and configuration

func (*Proxy) Addr added in v0.9.1 

func (p *Proxy) Addr(proto string) net.Addr

Addr returns the listen address for the specified proto or null if the proxy does not listen to it proto must be "tcp", "tls", "https" or "udp"

func (*Proxy) Init added in v0.23.0 

func (p *Proxy) Init()

Init - initializes the proxy structures but does not start it

func (*Proxy) LookupIPAddr added in v0.23.0 

func (p *Proxy) LookupIPAddr(host string) ([]net.IPAddr, error)

LookupIPAddr resolves the specified host IP addresses It sends two DNS queries (A and AAAA) in parallel and returns both results

func (*Proxy) Resolve added in v0.9.1 

func (p *Proxy) Resolve(d *DNSContext) error

Resolve is the default resolving method used by the DNS proxy to query upstreams

func (*Proxy) ServeHTTP added in v0.9.11 

func (p *Proxy) ServeHTTP(w http.ResponseWriter, r *http.Request)

ServeHTTP is the http.RequestHandler implementation that handles DOH queries Here is what it returns: http.StatusBadRequest - if there is no DNS request data http.StatusUnsupportedMediaType - if request content type is not application/dns-message http.StatusMethodNotAllowed - if request method is not GET or POST

func (*Proxy) SetNAT64Prefix added in v0.13.0 

func (p *Proxy) SetNAT64Prefix(prefix []byte)

SetNAT64Prefix sets NAT64 prefix

func (*Proxy) Start 

func (p *Proxy) Start() error

Start initializes the proxy server and starts listening

func (*Proxy) Stop 

func (p *Proxy) Stop() error

Stop stops the proxy server including all its listeners

type RequestHandler added in v0.14.0 

type RequestHandler func(p *Proxy, d *DNSContext) error

RequestHandler is an optional custom handler for DNS requests It is called instead of the default method (Proxy.Resolve()) See handler_test.go for examples

type ResponseHandler added in v0.13.0 

type ResponseHandler func(d *DNSContext, err error)

ResponseHandler is a callback method that is called when DNS query has been processed d -- current DNS query context (contains response if it was successful) err -- error (if any)

type UpstreamConfig added in v0.12.0 

type UpstreamConfig struct {
	Upstreams               []upstream.Upstream            // list of default upstreams
	DomainReservedUpstreams map[string][]upstream.Upstream // map of reserved domains and lists of corresponding upstreams
}

UpstreamConfig is a wrapper for list of default upstreams and map of reserved domains and corresponding upstreams

func ParseUpstreamsConfig added in v0.12.0 

func ParseUpstreamsConfig(upstreamConfig, bootstrapDNS []string, timeout time.Duration) (UpstreamConfig, error)

ParseUpstreamsConfig returns UpstreamConfig and error if upstreams configuration is invalid default upstream syntax: <upstreamString> reserved upstream syntax: [/domain1/../domainN/]<upstreamString> More specific domains take priority over less specific domains, To exclude more specific domains from reserved upstreams querying you should use the following syntax: [/domain1/../domainN/]# So the following config: ["[/host.com/]1.2.3.4", "[/www.host.com/]2.3.4.5", "[/maps.host.com/]#", "3.4.5.6"] will send queries for *.host.com to 1.2.3.4, except for *.www.host.com, which will go to 2.3.4.5 and *.maps.host.com, which will go to default server 3.4.5.6 with all other domains

func ParseUpstreamsConfigEx added in v0.15.1 

func ParseUpstreamsConfigEx(upstreamConfig, bootstrapDNS []string, timeout time.Duration, addressToUpstreamFunction AddressToUpstreamFunction) (UpstreamConfig, error)

ParseUpstreamsConfigEx is an extended version of ParseUpstreamsConfig() which has a custom callback function which creates an upstream object

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.