From 2c519a2b46709bc2498e5f236493d03fc072d695 Mon Sep 17 00:00:00 2001
From: Frank Denis <github@pureftpd.org>
Date: Thu, 19 Sep 2019 12:09:00 +0200
Subject: [PATCH] Move to TOML (1)

---
 Cargo.toml         |  4 +--
 encrypted-dns.toml | 74 ++++++++++++++++++++++++++++++++++++++++++++++
 src/config.rs      | 27 ++++++++++++++++-
 src/globals.rs     |  2 +-
 src/main.rs        | 66 ++++++++++++++++++++++-------------------
 5 files changed, 138 insertions(+), 35 deletions(-)
 create mode 100644 encrypted-dns.toml

diff --git a/Cargo.toml b/Cargo.toml
index 66560ff..6b9ae14 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -1,11 +1,10 @@
 [package]
-name = "dnscrypt-server"
+name = "encrypted-dns"
 version = "0.1.0"
 authors = ["Frank Denis <github@pureftpd.org>"]
 edition = "2018"
 
 [dependencies]
-bincode = "1.1.4"
 byteorder = "1.3.2"
 clap = { version="2.33.0", features=["suggestions", "wrap_help", "nightly"] }
 coarsetime = "0.1.11"
@@ -26,6 +25,7 @@ serde-big-array = "0.1.5"
 siphasher = "0.3.0"
 tokio = "=0.2.0-alpha.4"
 tokio-net = "=0.2.0-alpha.4"
+toml = "0.5.3"
 
 [profile.release]
 lto = true
diff --git a/encrypted-dns.toml b/encrypted-dns.toml
new file mode 100644
index 0000000..1d35487
--- /dev/null
+++ b/encrypted-dns.toml
@@ -0,0 +1,74 @@
+####################################################
+#                                                  #
+#        Encrypted DNS Server configuration        #
+#                                                  #
+####################################################
+
+
+##################################
+#         Global settings        #
+##################################
+
+
+## IP addresses and ports to listen to
+
+listen_addrs = ["127.0.0.1:4443"]
+
+
+## IP address to connect to upstream servers from
+
+external_addr = "0.0.0.0"
+
+
+## File name to save the state to
+
+state_file = "encrypted-dns.state"
+
+
+## Upstream DNS server and port
+
+upstream_addr = "9.9.9.9:53"
+
+
+## UDP timeout in seconds
+
+udp_timeout = 10
+
+
+## TCP timeout in seconds
+
+tcp_timeout = 10
+
+
+## Maximum active UDP sockets
+
+udp_max_active_connections = 1000
+
+
+## Maximum active TCP connections
+
+tcp_max_active_connections = 100
+
+
+
+####################################
+#         DNSCrypt settings        #
+####################################
+
+[dnscrypt]
+
+## Provider name (without the `2.dnscrypt.` prefixe)
+
+provider_name = "secure.dns.test"
+
+
+
+###############################
+#         TLS settings        #
+###############################
+
+[tls]
+
+## Where to prooxy TLS connections to (e.g. DoH server)
+
+# upstream_addr = "127.0.0.1:4343"
\ No newline at end of file
diff --git a/src/config.rs b/src/config.rs
index 52aba7a..0e2310c 100644
--- a/src/config.rs
+++ b/src/config.rs
@@ -1,7 +1,32 @@
 use crate::crypto::*;
 use crate::errors::*;
 
-use bincode;
+use std::net::{IpAddr, SocketAddr};
+use std::path::PathBuf;
+
+#[derive(Serialize, Deserialize, Debug)]
+pub struct DNSCryptConfig {
+    pub provider_name: String,
+}
+
+#[derive(Serialize, Deserialize, Debug)]
+pub struct TLSConfig {
+    pub upstream_addr: Option<SocketAddr>,
+}
+
+#[derive(Serialize, Deserialize, Debug)]
+pub struct Config {
+    pub listen_addrs: Vec<SocketAddr>,
+    pub external_addr: IpAddr,
+    pub upstream_addr: SocketAddr,
+    pub state_file: PathBuf,
+    pub udp_timeout: u32,
+    pub tcp_timeout: u32,
+    pub udp_max_active_connections: u32,
+    pub tcp_max_active_connections: u32,
+    pub dnscrypt: DNSCryptConfig,
+    pub tls: TLSConfig,
+}
 
 #[derive(Serialize, Deserialize, Debug)]
 pub struct State {
diff --git a/src/globals.rs b/src/globals.rs
index 395bae0..0c75ba1 100644
--- a/src/globals.rs
+++ b/src/globals.rs
@@ -14,7 +14,7 @@ pub struct Globals {
     pub runtime: Arc<Runtime>,
     pub dnscrypt_encryption_params_set: Vec<DNSCryptEncryptionParams>,
     pub provider_name: String,
-    pub listen_addr: SocketAddr,
+    pub listen_addrs: Vec<SocketAddr>,
     pub external_addr: SocketAddr,
     pub upstream_addr: SocketAddr,
     pub tls_upstream_addr: Option<SocketAddr>,
diff --git a/src/main.rs b/src/main.rs
index f7e8920..5a7a7e2 100644
--- a/src/main.rs
+++ b/src/main.rs
@@ -48,7 +48,7 @@ use std::convert::TryFrom;
 use std::fs::File;
 use std::io::prelude::*;
 use std::mem;
-use std::net::SocketAddr;
+use std::net::{IpAddr, SocketAddr};
 use std::path::PathBuf;
 use std::sync::atomic::{AtomicU32, Ordering};
 use std::sync::Arc;
@@ -357,11 +357,12 @@ async fn udp_acceptor(
 }
 
 async fn start(globals: Arc<Globals>, runtime: Arc<Runtime>) -> Result<(), Error> {
-    let socket_addr: SocketAddr = globals.listen_addr;
-    let tcp_listener = TcpListener::bind(&socket_addr).await?;
-    let udp_socket = std::net::UdpSocket::bind(&socket_addr)?;
-    runtime.spawn(tcp_acceptor(globals.clone(), tcp_listener).map(|_| {}));
-    runtime.spawn(udp_acceptor(globals.clone(), udp_socket).map(|_| {}));
+    for listen_addr in &globals.listen_addrs {
+        let tcp_listener = TcpListener::bind(&listen_addr).await?;
+        let udp_socket = std::net::UdpSocket::bind(&listen_addr)?;
+        runtime.spawn(tcp_acceptor(globals.clone(), tcp_listener).map(|_| {}));
+        runtime.spawn(udp_acceptor(globals.clone(), udp_socket).map(|_| {}));
+    }
     Ok(())
 }
 
@@ -373,10 +374,11 @@ fn main() -> Result<(), Error> {
 
     let matches = app_from_crate!()
         .arg(
-            Arg::with_name("listen-addr")
-                .long("listen-addr")
+            Arg::with_name("listen-addrs")
+                .long("listen-addrs")
                 .value_name("addr:port")
                 .takes_value(true)
+                .multiple(true)
                 .default_value("127.0.0.1:4443")
                 .help("Address and port to listen to"),
         )
@@ -416,7 +418,7 @@ fn main() -> Result<(), Error> {
                 .long("state-file")
                 .value_name("file")
                 .takes_value(true)
-                .default_value("dnscrypt-server.state")
+                .default_value("encrypted-dns.state")
                 .help("File to store the server state"),
         )
         .get_matches();
@@ -426,19 +428,20 @@ fn main() -> Result<(), Error> {
         provider_name => format!("2.dnscrypt.{}", provider_name),
     };
 
-    let listen_addr_s = matches.value_of("listen-addr").unwrap();
-    let listen_addr: SocketAddr = listen_addr_s.parse()?;
+    let listen_addrs_s = matches.values_of("listen-addrs").unwrap();
+    let listen_addrs: Vec<SocketAddr> = listen_addrs_s
+        .map(|x| x.parse().expect("Invalid TLS upstream address"))
+        .collect();
 
     let upstream_addr_s = matches.value_of("upstream-addr").unwrap();
     let upstream_addr: SocketAddr = upstream_addr_s.parse()?;
 
     let tls_upstream_addr_s = matches.value_of("tls-upstream-addr");
-    dbg!(tls_upstream_addr_s);
     let tls_upstream_addr: Option<SocketAddr> =
         tls_upstream_addr_s.map(|x| x.parse().expect("Invalid TLS upstream address"));
 
     let external_addr_s = matches.value_of("external-addr").unwrap();
-    let external_addr: SocketAddr = external_addr_s.parse()?;
+    let external_addr: SocketAddr = SocketAddr::new(external_addr_s.parse::<IpAddr>()?, 0);
 
     let udp_timeout = Duration::from_secs(10);
     let tcp_timeout = Duration::from_secs(10);
@@ -451,7 +454,7 @@ fn main() -> Result<(), Error> {
             println!("No state file found... creating a new provider key");
             let state = State::new();
             let mut fp = File::create(&state_file)?;
-            let state_bin = bincode::serialize(&state)?;
+            let state_bin = toml::to_vec(&state)?;
             fp.write_all(&state_bin)?;
             state
         }
@@ -462,26 +465,27 @@ fn main() -> Result<(), Error> {
             );
             let mut state_bin = vec![];
             fp.read_to_end(&mut state_bin)?;
-            bincode::deserialize(&state_bin)?
+            toml::from_slice(&state_bin)?
         }
     };
     let provider_kp = state.provider_kp;
 
-    info!("Server address: {}", listen_addr);
-    info!("Provider public key: {}", provider_kp.pk.as_string());
-    info!("Provider name: {}", provider_name);
-
-    let stamp = dnsstamps::DNSCryptBuilder::new(dnsstamps::DNSCryptProvider::new(
-        provider_name.clone(),
-        provider_kp.pk.as_bytes().to_vec(),
-    ))
-    .with_addr(listen_addr_s.to_string())
-    .with_informal_property(InformalProperty::DNSSEC)
-    .with_informal_property(InformalProperty::NoFilters)
-    .with_informal_property(InformalProperty::NoLogs)
-    .serialize()
-    .unwrap();
-    println!("DNS Stamp: {}", stamp);
+    for listen_addr_s in &listen_addrs {
+        info!("Server address: {}", listen_addr_s);
+        info!("Provider public key: {}", provider_kp.pk.as_string());
+        info!("Provider name: {}", provider_name);
+        let stamp = dnsstamps::DNSCryptBuilder::new(dnsstamps::DNSCryptProvider::new(
+            provider_name.clone(),
+            provider_kp.pk.as_bytes().to_vec(),
+        ))
+        .with_addr(listen_addr_s.to_string())
+        .with_informal_property(InformalProperty::DNSSEC)
+        .with_informal_property(InformalProperty::NoFilters)
+        .with_informal_property(InformalProperty::NoLogs)
+        .serialize()
+        .unwrap();
+        println!("DNS Stamp: {}", stamp);
+    }
 
     let dnscrypt_encryption_params = DNSCryptEncryptionParams::new(&provider_kp);
 
@@ -492,7 +496,7 @@ fn main() -> Result<(), Error> {
         runtime: runtime.clone(),
         dnscrypt_encryption_params_set: vec![dnscrypt_encryption_params],
         provider_name,
-        listen_addr,
+        listen_addrs,
         upstream_addr,
         tls_upstream_addr,
         external_addr,