| Age | Commit message (Collapse) | Author |
|---|
|
|
|
Using port makes the IP address of DoT and DoH listen on the same
address with UDP.
If we set ListenAddress to 0.0.0.0 and TLS termination is handled
by proxy, this cause DoT and DoH will also listen on all
addresses.
|
|
The "tag" prefix already indicate the forwarder type.
|
|
In handleDoHRequest, we did not need to call append, just copy it as is.
In DoTClient and TCPClient, since we already do make, use direct copy
instead of another append.
|
|
Using the [http.DefaultServeMux] will cause panic when the server
restarted automatically.
|
|
Previously, we did not store response with empty RR answer for all record
types.
Meanwhile, some domains still does not have AAAA(28) and HTTPS(65) records
set, but browser will requesting them.
So, to minimize traffic for those query we skip caching only for query type
A and cache the rest of types.
|
|
The DebugLevelDNS log the error on DNS level, for example empty answer,
error on name, class not implemented, refused; which is now on by
default.
|
|
This is to minimize lookup on map each time we need the string
representation.
|
|
The hook function, OnAnswerReceived, will be triggered when server
receive valid answer but before its put to caches.
|
|
The SetTTL method set all RRs answer time to live.
|
|
The log level cache changed to the following format,
... {MSG_ID QNAME TYPE TTL} ...
where MSG_ID is the message ID, QNAME is the question name, TYPE is the
type of question, and TTL is the time-to-live of the answer.
This changes require adding field TTL to Answer and exporting the field
Message.
|
|
For each logged request, there should be one line of response logged,
success or fail.
This changes remove redundant log "^" (request forwarded) and
"~" (answer is expired).
The final log would be only "+" (new answer cached), or "#" (answer
updated), or "!" (error).
|
|
The 6 seconds timeout will works only on fast, stable connection.
On some environment with bad network connection, it will cause I/O timeout
during recv and this affect the whole internet connections, like
browsing.
Since the browser wait for domain to be resolved but it does
not get the response, it send another query.
The next query also got timeout again.
Increasing to 10-30 seconds also does not help on that environment.
After some tests, 60 seconds is the lower timeout limit that reduce
the I/O timeout.
It is better that we receive the response and store it to caches, so
the next query can be handled quickly, rather than timeout and retrying
with the same error.
|
|
With help of spdxconv tool [1], we able to bulk update all files license
and copyright format to comply with SPDX formats.
[1] https://kilabit.info/project/spdxconv/
|
|
The "nolint" tag is used to ignore lines from being processed by
golangci-lint.
Since we are not using golangci-lint anymore, now and in the
future, those lines can be removed.
|
|
Go 1.22 now support for-range on numeric value.
|
|
|
|
The "encoding/binary.BigEndian" in standard library provides method
PutXxx that do the same thing.
|
|
Package "encoding/binary" from standard library support reading integer
from bytes using BigEndian, LittleEndian variables.
|
|
Since Go 1.19, package "encoding/binary.BigEndian" support appending
byte order.
|
|
Since Go 1.20, the standard bytes package have the Copy function.
Since Go 1.22, the standard slices package have the Concat function.
|
|
The serveTCPClient is used to serve TCP and DoT clients.
Previously, the error returned from this method is prefixed
based on the kind, for example
serveTCPClient TCP: ...
serveTCPClient DoT: ...
This changes pass the log prefix to the method so now it
become
serveTCPClient: ...
serveDoTClient: ...
|
|
Previously, we unpack the header and then question without
detecting whether the header itself is valid or not, for
example the op-code, the response code.
This cause the unpacking question return an error like
label length overflow at index xxx
One of the case is when someone sent random or HTTP request
to DoT port.
|
|
Instead of passing the whole packet, pass the packet for unpacking
target name only and rdata for unpacking the SVCB HTTPS record.
|
|
Package hexdump implements reading and writing bytes from and into
hexadecimal number.
It support parsing output from hexdump(1) tool.
|
|
|
|
|
|
The record type ANY contains multiple A, AAAA or any known resource
records that we already support.
|
|
By returning error errInvalidMessage, the caller can check whether the
issue is in connection or in the message itself.
If the issue is not in the message, the caller needs to re-create the
connection.
|
|
The RDATA in OPT records can contains zero or _more_ options.
Previously, we only handle unpacking and packing one option, now we
handle multiple options.
|
|
If the length of packet is not as expected, return immendiately with
an error.
This is to prevent panic when unpacking the response message.
|
|
Somehow the test passed on my main machine, but failed on my laptop.
Weird.
|
|
The previous API for Message is a little bit weird.
Its provides creating Message manually, but expose the method
[UnpackHeaderQuestion], meanwhile the field packet itself is unexported.
In order to make it more clear we refactor [Message.Unpack] to
function [UnpackMessage] that accept raw DNS packet.
|
|
|
|
Previously, we use ParseInt to parse escaped octet "\NNN", but using
this method only allow decimal from 0 to 127, while the specification
allow 0 to 255.
|
|
When we want to test a function or methods that does not interact
with DNS server, there is no need to run dummy DNS server.
|
|
For HTTP server that use TLS, set the minimum TLS version and
ReadHeaderTimeout to mitigate slowloris attack.
For HTTP client or server that parameterize the use of InsecureSkipVerify,
annotate the line with "nolint:gosec" to allow the code pass the check.
Library that still use sha1, in example in DKIM and TOTP, skip the
warnings by annotating the line with "nolint:gosec".
A pointer variable now allocated their address before assigning its
value.
Any error that returned now wrapped using "%w".
Also, replace error checking using [errors.Is] or [errors.As] instead of
using equal or not-equal operators.
In "lib/http", replace any usage of "math/rand" with "crypto/rand".
Any call of [math/big.Rat.SetString] now annotated with "nolint:gosec"
since its false positive, the issue has been fixed in Go >= 1.17.7.
Any switch case that does not cover the rest of the possible values now
handled by adding the cases or by replacing the "default" case with
the rest of values.
|
|
HTTP request now implicitly create request with context.
Any false positive related to not closing HTTP response body has been
annotated with "nolint:bodyclose".
In the example code, use consistent "// Output:" comment format, by
prefixing with single space.
Any comment on code now also prefixing with single space.
An error returned without variables now use [errors.New] instead of
[fmt.Errorf].
Any error returned using [fmt.Errorf] now wrapped using "%w" instead of
"%s".
Also, replace error checking using [errors.Is] or [errors.As], instead
of using equal/not-equal operator.
Any statement like "x = x OP y" now replaced with "x OP= y".
Also, swap statement is simplified using "x, y = y, x".
Any switch statement with single case now replaced with if-condition.
Any call to defer on function or program that call [os.Exit], now
replaced by calling the deferred function directly.
Any if-else condition now replaced with switch statement, if possible.
|
|
Instead of annotating the lines that caught by linters, fix it to comply
with the recommendations.
This causes several breaking changes, especially related to naming,
* api/slack: [Message.IconUrl] become [Message.IconURL]
* lib/dns: DefaultSoaMinumumTtl become DefaultSoaMinimumTTL
* lib/email: [Message.SetBodyHtml] become [Message.SetBodyHTML]
* lib/http: [Client.GenerateHttpRequest] become
[Client.GenerateHTTPRequest]
* lib/http: [ClientOptions.ServerUrl] become [ClientOptions.ServerURL]
* lib/http: [EndpointRequest.HttpWriter] become
[EndpointRequest.HTTPWriter]
* lib/http: [EndpointRequest.HttpRequest] become
[EndpointRequest.HTTPRequest]
* lib/http: [ServerOptions.EnableIndexHtml] become
[ServerOptions.EnableIndexHTML]
* lib/http: [SSEConn.HttpRequest] become [SSEConn.HTTPRequest]
* lib/smtp: [ClientOptions.ServerUrl] become [ClientOptions.ServerURL]
* lib/ssh/sftp: [FileAttrs.SetUid] become [FileAttrs.SetUID]
* lib/ssh/sftp: [FileAttrs.Uid] become [FileAttrs.UID]
|
|
There are several reasons that why we move from github.com.
First, related to the name of package.
We accidentally name the package with "share" a common word in English
that does not reflect the content of repository.
By moving to other repository, we can rename it to better and unique
name, in this "pakakeh.go".
Pakakeh is Minang word for tools, and ".go" suffix indicate that the
repository related to Go programming language.
Second, supporting open source.
The new repository is hosted under sourcehut.org, the founder is known
to support open source, and all their services are licensed under AGPL,
unlike GitHub that are closed sources.
Third, regarding GitHub CoPilot.
The GitHub Terms of Service [1], allow any public content that are hosted
there granted them to parse the content.
On one side, GitHub helps and flourish the open source, but on another
side have an issues regarding scraping the copyleft license [2].
[1]: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#4-license-grant-to-us
[2]: https://githubcopilotinvestigation.com
|
|
By prefixing the error message it allow us to better track the error
message written by application.
|
|
If Query return a message but the failed to unpack due to invalid
format, for example
unpackOPT: data length is out of range
ignore it instead of disconnect the client connection.
|
|
This changes introduce three mode of debug:
- DebugLevelDNS: log error on DNS level, in example empty answer,
ERR_NAME (domain name is invalid or not known) and so on.
- DebugLevelCache: log cache operations.
- DebugLevelConnPacket: log low level connection and package,
including request and response.
|
|
There are some reports that I disagree with revive, in example, code
should not declare the type after variables.
In my opinion, on some cases, declaring the type make the code more
readable and explicit.
Since I did not want to add new configuration file, we changes it and
follow revive for now.
|
|
The WriteTo should return int64 not int.
|
|
The realign reduce the struct cost from 200 to 176 bytes (-24 bytes).
|
|
Previously, if the server have internal zone "my.internal" and the client
query "sub.my.internal" that does not exist in the zone, the server then
forward the query to parent name server.
This cause the internal zone and its domains leaked to parent name server.
This changes fix this issue by checking if the query is subset of
internal zone Origin if domain does not exist, and response with error
code 3 (ERR_NAME) with the Zone SOA in Authority.
|
|
The InternalPopulateZone populate the internal caches from Zone's
messages.
|
|
Previously, the LoadZoneDir return the key as file name of zone.
This changes return the key as Zone Origin to prevent same zones defined
in different files.
|
|
Previously, the zoneParser store its own origin and TTL, which make it
duplicates and confuse with the zone field that stored and returned by
parser.
To make things simple, use the zone field value as single source of
truth for origin (using zone.Origin) and TTL (using zone.SOA.Minimum).
|
