Move to TOML (1)

5 years ago · 2c519a2b46
parent d8d8757c74
commit 2c519a2b46
5 changed files with 138 additions and 35 deletions
--- a/Cargo.toml
+++ b/Cargo.toml
@ -1,11 +1,10 @@
 [package]
-name = "dnscrypt-server"
+name = "encrypted-dns"
 version = "0.1.0"
 authors = ["Frank Denis <github@pureftpd.org>"]
 edition = "2018"

 [dependencies]
-bincode = "1.1.4"
 byteorder = "1.3.2"
 clap = { version="2.33.0", features=["suggestions", "wrap_help", "nightly"] }
 coarsetime = "0.1.11"
@ -26,6 +25,7 @@ serde-big-array = "0.1.5"
 siphasher = "0.3.0"
 tokio = "=0.2.0-alpha.4"
 tokio-net = "=0.2.0-alpha.4"
+toml = "0.5.3"

 [profile.release]
 lto = true
--- a/encrypted-dns.toml
+++ b/encrypted-dns.toml
@ -0,0 +1,74 @@
+####################################################
+#                                                  #
+#        Encrypted DNS Server configuration        #
+#                                                  #
+####################################################
+
+
+##################################
+#         Global settings        #
+##################################
+
+
+## IP addresses and ports to listen to
+
+listen_addrs = ["127.0.0.1:4443"]
+
+
+## IP address to connect to upstream servers from
+
+external_addr = "0.0.0.0"
+
+
+## File name to save the state to
+
+state_file = "encrypted-dns.state"
+
+
+## Upstream DNS server and port
+
+upstream_addr = "9.9.9.9:53"
+
+
+## UDP timeout in seconds
+
+udp_timeout = 10
+
+
+## TCP timeout in seconds
+
+tcp_timeout = 10
+
+
+## Maximum active UDP sockets
+
+udp_max_active_connections = 1000
+
+
+## Maximum active TCP connections
+
+tcp_max_active_connections = 100
+
+
+
+####################################
+#         DNSCrypt settings        #
+####################################
+
+[dnscrypt]
+
+## Provider name (without the `2.dnscrypt.` prefixe)
+
+provider_name = "secure.dns.test"
+
+
+
+###############################
+#         TLS settings        #
+###############################
+
+[tls]
+
+## Where to prooxy TLS connections to (e.g. DoH server)
+
+# upstream_addr = "127.0.0.1:4343"
--- a/src/config.rs
+++ b/src/config.rs
@ -1,7 +1,32 @@
 use crate::crypto::*;
 use crate::errors::*;

-use bincode;
+use std::net::{IpAddr, SocketAddr};
+use std::path::PathBuf;
+
+#[derive(Serialize, Deserialize, Debug)]
+pub struct DNSCryptConfig {
+    pub provider_name: String,
+}
+
+#[derive(Serialize, Deserialize, Debug)]
+pub struct TLSConfig {
+    pub upstream_addr: Option<SocketAddr>,
+}
+
+#[derive(Serialize, Deserialize, Debug)]
+pub struct Config {
+    pub listen_addrs: Vec<SocketAddr>,
+    pub external_addr: IpAddr,
+    pub upstream_addr: SocketAddr,
+    pub state_file: PathBuf,
+    pub udp_timeout: u32,
+    pub tcp_timeout: u32,
+    pub udp_max_active_connections: u32,
+    pub tcp_max_active_connections: u32,
+    pub dnscrypt: DNSCryptConfig,
+    pub tls: TLSConfig,
+}

 #[derive(Serialize, Deserialize, Debug)]
 pub struct State {
--- a/src/globals.rs
+++ b/src/globals.rs
@ -14,7 +14,7 @@ pub struct Globals {
    pub runtime: Arc<Runtime>,
    pub dnscrypt_encryption_params_set: Vec<DNSCryptEncryptionParams>,
    pub provider_name: String,
-    pub listen_addr: SocketAddr,
+    pub listen_addrs: Vec<SocketAddr>,
    pub external_addr: SocketAddr,
    pub upstream_addr: SocketAddr,
    pub tls_upstream_addr: Option<SocketAddr>,
--- a/src/main.rs
+++ b/src/main.rs
@ -48,7 +48,7 @@ use std::convert::TryFrom;
 use std::fs::File;
 use std::io::prelude::*;
 use std::mem;
-use std::net::SocketAddr;
+use std::net::{IpAddr, SocketAddr};
 use std::path::PathBuf;
 use std::sync::atomic::{AtomicU32, Ordering};
 use std::sync::Arc;
@ -357,11 +357,12 @@ async fn udp_acceptor(
 }

 async fn start(globals: Arc<Globals>, runtime: Arc<Runtime>) -> Result<(), Error> {
-    let socket_addr: SocketAddr = globals.listen_addr;
-    let tcp_listener = TcpListener::bind(&socket_addr).await?;
-    let udp_socket = std::net::UdpSocket::bind(&socket_addr)?;
-    runtime.spawn(tcp_acceptor(globals.clone(), tcp_listener).map(|_| {}));
-    runtime.spawn(udp_acceptor(globals.clone(), udp_socket).map(|_| {}));
+    for listen_addr in &globals.listen_addrs {
+        let tcp_listener = TcpListener::bind(&listen_addr).await?;
+        let udp_socket = std::net::UdpSocket::bind(&listen_addr)?;
+        runtime.spawn(tcp_acceptor(globals.clone(), tcp_listener).map(|_| {}));
+        runtime.spawn(udp_acceptor(globals.clone(), udp_socket).map(|_| {}));
+    }
    Ok(())
 }

@ -373,10 +374,11 @@ fn main() -> Result<(), Error> {

    let matches = app_from_crate!()
        .arg(
-            Arg::with_name("listen-addr")
-                .long("listen-addr")
+            Arg::with_name("listen-addrs")
+                .long("listen-addrs")
                .value_name("addr:port")
                .takes_value(true)
+                .multiple(true)
                .default_value("127.0.0.1:4443")
                .help("Address and port to listen to"),
        )
@ -416,7 +418,7 @@ fn main() -> Result<(), Error> {
                .long("state-file")
                .value_name("file")
                .takes_value(true)
-                .default_value("dnscrypt-server.state")
+                .default_value("encrypted-dns.state")
                .help("File to store the server state"),
        )
        .get_matches();
@ -426,19 +428,20 @@ fn main() -> Result<(), Error> {
        provider_name => format!("2.dnscrypt.{}", provider_name),
    };

-    let listen_addr_s = matches.value_of("listen-addr").unwrap();
-    let listen_addr: SocketAddr = listen_addr_s.parse()?;
+    let listen_addrs_s = matches.values_of("listen-addrs").unwrap();
+    let listen_addrs: Vec<SocketAddr> = listen_addrs_s
+        .map(|x| x.parse().expect("Invalid TLS upstream address"))
+        .collect();

    let upstream_addr_s = matches.value_of("upstream-addr").unwrap();
    let upstream_addr: SocketAddr = upstream_addr_s.parse()?;

    let tls_upstream_addr_s = matches.value_of("tls-upstream-addr");
-    dbg!(tls_upstream_addr_s);
    let tls_upstream_addr: Option<SocketAddr> =
        tls_upstream_addr_s.map(|x| x.parse().expect("Invalid TLS upstream address"));

    let external_addr_s = matches.value_of("external-addr").unwrap();
-    let external_addr: SocketAddr = external_addr_s.parse()?;
+    let external_addr: SocketAddr = SocketAddr::new(external_addr_s.parse::<IpAddr>()?, 0);

    let udp_timeout = Duration::from_secs(10);
    let tcp_timeout = Duration::from_secs(10);
@ -451,7 +454,7 @@ fn main() -> Result<(), Error> {
            println!("No state file found... creating a new provider key");
            let state = State::new();
            let mut fp = File::create(&state_file)?;
-            let state_bin = bincode::serialize(&state)?;
+            let state_bin = toml::to_vec(&state)?;
            fp.write_all(&state_bin)?;
            state
        }
@ -462,26 +465,27 @@ fn main() -> Result<(), Error> {
            );
            let mut state_bin = vec![];
            fp.read_to_end(&mut state_bin)?;
-            bincode::deserialize(&state_bin)?
+            toml::from_slice(&state_bin)?
        }
    };
    let provider_kp = state.provider_kp;

-    info!("Server address: {}", listen_addr);
-    info!("Provider public key: {}", provider_kp.pk.as_string());
-    info!("Provider name: {}", provider_name);
-
-    let stamp = dnsstamps::DNSCryptBuilder::new(dnsstamps::DNSCryptProvider::new(
-        provider_name.clone(),
-        provider_kp.pk.as_bytes().to_vec(),
-    ))
-    .with_addr(listen_addr_s.to_string())
-    .with_informal_property(InformalProperty::DNSSEC)
-    .with_informal_property(InformalProperty::NoFilters)
-    .with_informal_property(InformalProperty::NoLogs)
-    .serialize()
-    .unwrap();
-    println!("DNS Stamp: {}", stamp);
+    for listen_addr_s in &listen_addrs {
+        info!("Server address: {}", listen_addr_s);
+        info!("Provider public key: {}", provider_kp.pk.as_string());
+        info!("Provider name: {}", provider_name);
+        let stamp = dnsstamps::DNSCryptBuilder::new(dnsstamps::DNSCryptProvider::new(
+            provider_name.clone(),
+            provider_kp.pk.as_bytes().to_vec(),
+        ))
+        .with_addr(listen_addr_s.to_string())
+        .with_informal_property(InformalProperty::DNSSEC)
+        .with_informal_property(InformalProperty::NoFilters)
+        .with_informal_property(InformalProperty::NoLogs)
+        .serialize()
+        .unwrap();
+        println!("DNS Stamp: {}", stamp);
+    }

    let dnscrypt_encryption_params = DNSCryptEncryptionParams::new(&provider_kp);

@ -492,7 +496,7 @@ fn main() -> Result<(), Error> {
        runtime: runtime.clone(),
        dnscrypt_encryption_params_set: vec![dnscrypt_encryption_params],
        provider_name,
-        listen_addr,
+        listen_addrs,
        upstream_addr,
        tls_upstream_addr,
        external_addr,