.github/workflows/release.yml

@@ -29,11 +29,11 @@ jobs:
       ARCHIVE_PATH: encrypted-dns_${{ github.ref_name }}_${{ matrix.target_alias }}${{ matrix.archive_suffix }}
 
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v3
 
       - uses: goto-bus-stop/setup-zig@v2
 
-      - uses: hecrj/setup-rust-action@v2
+      - uses: hecrj/setup-rust-action@master
         with:
           rust-version: stable
           targets: ${{ matrix.target }}
@@ -63,12 +63,12 @@ jobs:
           cargo install cargo-deb
           cargo deb --output=encrypted-dns_${{ github.ref_name }}_amd64.deb --no-build
 
-      - uses: actions/upload-artifact@v4
+      - uses: actions/upload-artifact@master
         with:
           name: encrypted-dns_${{ matrix.target_alias }}
           path: ${{ env.ARCHIVE_PATH }}
 
-      - uses: actions/upload-artifact@v4
+      - uses: actions/upload-artifact@master
         if: ${{ matrix.os == 'ubuntu-20.04' }}
         with:
           name: encrypted-dns_deb-amd64
@@ -81,10 +81,10 @@ jobs:
     runs-on: ubuntu-20.04
 
     steps:
-      - uses: actions/download-artifact@v4
+      - uses: actions/download-artifact@v3
 
       - name: Create release
-        uses: softprops/action-gh-release@v2
+        uses: softprops/action-gh-release@v1
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         with:

.github/workflows/test.yml

@@ -10,8 +10,8 @@ jobs:
         os: [ubuntu-latest, windows-latest]
 
     steps:
-      - uses: actions/checkout@v4
-      - uses: hecrj/setup-rust-action@v2
+      - uses: actions/checkout@master
+      - uses: hecrj/setup-rust-action@master
         with:
           rust-version: nightly
       - name: Check Cargo availability

.gitignore

@@ -3,5 +3,3 @@
 /target/
 encrypted-dns.state
 encrypted-dns.toml
-a.rb
-sizes.txt

Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "encrypted-dns"
-version = "0.9.15"
+version = "0.9.13"
 authors = ["Frank Denis <github@pureftpd.org>"]
 edition = "2018"
 description = "A modern encrypted DNS server (DNSCrypt v2, Anonymized DNSCrypt, DoH)"
@@ -12,41 +12,41 @@ categories = ["asynchronous", "network-programming", "command-line-utilities"]
 readme = "README.md"
 
 [dependencies]
-anyhow = "1.0.86"
-byteorder = "1.5.0"
+anyhow = "1.0.71"
+byteorder = "1.4.3"
 clap = { version = "3.2.25", default-features = false, features = [
   "std",
   "cargo",
   "wrap_help",
 ] }
-coarsetime = "0.1.34"
+clockpro-cache = "0.1.11"
+coarsetime = "0.1.23"
 daemonize-simple = "0.1.5"
 derivative = "2.2.0"
 dnsstamps = "0.1.9"
-env_logger = { version = "0.11.3", default-features = false, features = [
+env_logger = { version = "0.10.0", default-features = false, features = [
   "humantime",
 ] }
-futures = { version = "0.3.30", features = ["async-await"] }
-hyper = { version = "0.14.28", default-features = false, features = [
+futures = { version = "0.3.28", features = ["async-await"] }
+hyper = { version = "0.14.27", default-features = false, features = [
   "server",
   "http1",
 ], optional = true }
 ipext = "0.1.0"
-libsodium-sys-stable = "1.20.8"
-log = { version = "0.4.21", features = ["std", "release_max_level_debug"] }
-mimalloc = { version = "0.1.42", default-features = false }
-socket2 = "0.5.7"
-parking_lot = "0.12.2"
+libsodium-sys-stable = "1.19.29"
+log = { version = "0.4.19", features = ["std", "release_max_level_debug"] }
+mimalloc = { version = "0.1.37", default-features = false }
+socket2 = "0.5.3"
+parking_lot = "0.12.1"
 rand = "0.8.5"
-rlimit = "0.10.1"
+rlimit = "0.10.0"
 rustc-hash = "1.1.0"
-serde = "1.0.202"
-serde_derive = "1.0.202"
+serde = "1.0.171"
+serde_derive = "1.0.171"
 serde-big-array = "0.5.1"
-sieve-cache = "0.2.0"
-siphasher = "1.0.1"
-slabigator = "0.9.2"
-tokio = { version = "1.37.0", features = [
+siphasher = "0.3.10"
+slabigator = "0.2.0"
+tokio = { version = "1.29.1", features = [
   "net",
   "io-std",
   "io-util",
@@ -54,7 +54,7 @@ tokio = { version = "1.37.0", features = [
   "time",
   "rt-multi-thread"
 ] }
-toml = "0.8.13"
+toml = "0.7.6"
 
 [target.'cfg(target_family = "unix")'.dependencies]
 privdrop = "0.5.4"

LICENSE

@@ -1,6 +1,6 @@
 MIT License
 
-Copyright (c) 2019-2024 Frank Denis
+Copyright (c) 2019-2023 Frank Denis
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal

README.md

@@ -97,7 +97,7 @@ Putting it in a directory that is only readable by the super-user is not a bad i
 
 ## Filtering
 
-Domains can be filtered directly by the proxy, see the `[filtering]` section of the configuration file. Note: Filtering only works with the DNSCrypt protocol and does not apply to DNS-over-HTTP (DoH) forwarding.
+Domains can be filtered directly by the proxy, see the `[filtering]` section of the configuration file.
 
 ## Access control
 

src/cache.rs

@@ -1,8 +1,8 @@
 use std::sync::Arc;
 
+use clockpro_cache::ClockProCache;
 use coarsetime::{Duration, Instant};
 use parking_lot::{Mutex, MutexGuard};
-use sieve_cache::SieveCache;
 
 use crate::dns;
 
@@ -55,7 +55,7 @@ impl CachedResponse {
 #[derivative(Debug)]
 pub struct Cache {
     #[derivative(Debug = "ignore")]
-    cache: Arc<Mutex<SieveCache<u128, CachedResponse>>>,
+    cache: Arc<Mutex<ClockProCache<u128, CachedResponse>>>,
     pub ttl_min: u32,
     pub ttl_max: u32,
     pub ttl_error: u32,
@@ -63,13 +63,13 @@ pub struct Cache {
 
 impl Cache {
     pub fn new(
-        sieve_cache: SieveCache<u128, CachedResponse>,
+        clockpro_cache: ClockProCache<u128, CachedResponse>,
         ttl_min: u32,
         ttl_max: u32,
         ttl_error: u32,
     ) -> Self {
         Cache {
-            cache: Arc::new(Mutex::new(sieve_cache)),
+            cache: Arc::new(Mutex::new(clockpro_cache)),
             ttl_min,
             ttl_max,
             ttl_error,
@@ -77,7 +77,7 @@ impl Cache {
     }
 
     #[inline]
-    pub fn lock(&self) -> MutexGuard<'_, SieveCache<u128, CachedResponse>> {
+    pub fn lock(&self) -> MutexGuard<'_, ClockProCache<u128, CachedResponse>> {
         self.cache.lock()
     }
 }

src/dnscrypt.rs

@@ -126,7 +126,3 @@ pub fn encrypt(
     )?;
     Ok(wrapped_packet)
 }
-
-pub fn may_be_quic(packet: &[u8]) -> bool {
-    !packet.is_empty() && ((80..=127).contains(&packet[0]) || (192..=255).contains(&packet[0]))
-}

src/dnscrypt_certs.rs

@@ -4,10 +4,10 @@ use std::sync::Arc;
 use std::time::SystemTime;
 
 use byteorder::{BigEndian, ByteOrder};
+use clockpro_cache::ClockProCache;
 use parking_lot::Mutex;
 use rand::prelude::*;
 use serde_big_array::BigArray;
-use sieve_cache::SieveCache;
 
 use crate::anonymized_dns::*;
 use crate::config::*;
@@ -108,7 +108,7 @@ pub struct DNSCryptEncryptionParams {
     resolver_kp: CryptKeyPair,
     #[serde(skip)]
     #[derivative(Debug = "ignore")]
-    pub key_cache: Option<Arc<Mutex<SieveCache<[u8; DNSCRYPT_QUERY_PK_SIZE], SharedKey>>>>,
+    pub key_cache: Option<Arc<Mutex<ClockProCache<[u8; DNSCRYPT_QUERY_PK_SIZE], SharedKey>>>>,
 }
 
 impl DNSCryptEncryptionParams {
@@ -140,7 +140,7 @@ impl DNSCryptEncryptionParams {
             }
             if now >= ts_start {
                 let dnscrypt_cert = DNSCryptCert::new(provider_kp, &resolver_kp, ts_start);
-                let cache = SieveCache::new(key_cache_capacity).unwrap();
+                let cache = ClockProCache::new(key_cache_capacity).unwrap();
                 active_params.push(DNSCryptEncryptionParams {
                     dnscrypt_cert,
                     resolver_kp,
@@ -154,7 +154,7 @@ impl DNSCryptEncryptionParams {
             let ts_start = now - (now % DNSCRYPT_CERTS_RENEWAL);
             let resolver_kp = CryptKeyPair::from_seed(seed);
             let dnscrypt_cert = DNSCryptCert::new(provider_kp, &resolver_kp, ts_start);
-            let cache = SieveCache::new(key_cache_capacity).unwrap();
+            let cache = ClockProCache::new(key_cache_capacity).unwrap();
             active_params.push(DNSCryptEncryptionParams {
                 dnscrypt_cert,
                 resolver_kp,
@@ -165,7 +165,7 @@ impl DNSCryptEncryptionParams {
     }
 
     pub fn add_key_cache(&mut self, cache_capacity: usize) {
-        let cache = SieveCache::new(cache_capacity).unwrap();
+        let cache = ClockProCache::new(cache_capacity).unwrap();
         self.key_cache = Some(Arc::new(Mutex::new(cache)));
     }
 

src/main.rs

@@ -49,6 +49,7 @@ use blacklist::*;
 use byteorder::{BigEndian, ByteOrder};
 use cache::*;
 use clap::Arg;
+use clockpro_cache::ClockProCache;
 use config::*;
 use crypto::*;
 use dns::*;
@@ -65,7 +66,6 @@ use parking_lot::RwLock;
 #[cfg(target_family = "unix")]
 use privdrop::PrivDrop;
 use rand::prelude::*;
-use sieve_cache::SieveCache;
 use siphasher::sip128::SipHasher13;
 use slabigator::Slab;
 use tokio::io::{AsyncReadExt, AsyncWriteExt};
@@ -214,12 +214,7 @@ async fn handle_client_query(
                         .await
                     }
                     Ok(None) => return Ok(()),
-                    Err(_) => {
-                        if may_be_quic(&packet) {
-                            bail!("Likely a QUIC packet") // RFC 9443
-                        }
-                        bail!("Unencrypted query or different protocol")
-                    }
+                    Err(_) => bail!("Unencrypted query or QUIC protocol"),
                 };
             }
         };
@@ -353,16 +348,12 @@ async fn tcp_acceptor(globals: Arc<Globals>, tcp_listener: TcpListener) -> Resul
             #[cfg(feature = "metrics")]
             varz.inflight_tcp_queries.set(_count.saturating_sub(1) as _);
 
-            if let Ok(Either::Right(e)) = either {
+            if let Ok(Either::Right(_)) = either {
                 // Removing the active connection was already done during
                 // cancellation.
-                debug!("TCP query canceled: {:?}", e.0)
             } else {
                 let mut active_connections = active_connections.lock();
                 _ = active_connections.remove(tx_channel_index);
-                if let Ok(Either::Left(e)) = either {
-                    debug!("TCP query error: {:?}", e.0)
-                }
             }
         }));
     }
@@ -418,16 +409,12 @@ async fn udp_acceptor(
             #[cfg(feature = "metrics")]
             varz.inflight_udp_queries.set(_count.saturating_sub(1) as _);
 
-            if let Ok(Either::Right(e)) = either {
+            if let Ok(Either::Right(_)) = either {
                 // Removing the active connection was already done during
                 // cancellation.
-                debug!("UDP query canceled: {:?}", e.0)
             } else {
                 let mut active_connections = active_connections.lock();
                 _ = active_connections.remove(tx_channel_index);
-                if let Ok(Either::Left(e)) = either {
-                    debug!("UDP query error: {:?}", e.0)
-                }
             }
         }));
     }
@@ -573,6 +560,16 @@ fn set_limits(config: &Config) -> Result<(), Error> {
 }
 
 fn main() -> Result<(), Error> {
+    env_logger::Builder::from_default_env()
+        .write_style(env_logger::WriteStyle::Never)
+        .format_module_path(false)
+        .format_timestamp(None)
+        .filter_level(log::LevelFilter::Info)
+        .target(env_logger::Target::Stdout)
+        .init();
+
+    crypto::init()?;
+    let time_updater = coarsetime::Updater::new(1000).start()?;
     let matches = clap::command!()
         .arg(
             Arg::new("config")
@@ -596,31 +593,8 @@ fn main() -> Result<(), Error> {
                 .takes_value(false)
                 .help("Only print the connection information and quit"),
         )
-        .arg(
-            Arg::new("debug")
-                .long("debug")
-                .takes_value(false)
-                .help("Enable debug logs"),
-        )
         .get_matches();
 
-    let log_level = if matches.is_present("debug") {
-        log::LevelFilter::Debug
-    } else {
-        log::LevelFilter::Info
-    };
-
-    env_logger::Builder::from_default_env()
-        .write_style(env_logger::WriteStyle::Never)
-        .format_module_path(false)
-        .format_timestamp(None)
-        .filter_level(log_level)
-        .target(env_logger::Target::Stdout)
-        .init();
-
-    crypto::init()?;
-    let time_updater = coarsetime::Updater::new(1000).start()?;
-
     let config_path = matches.value_of("config").unwrap();
     let config = Config::from_path(config_path)?;
     if let Err(e) = set_limits(&config) {
@@ -735,14 +709,14 @@ fn main() -> Result<(), Error> {
     let hasher = SipHasher13::new_with_keys(sh_k0, sh_k1);
 
     let cache = Cache::new(
-        SieveCache::new(cache_capacity)
+        ClockProCache::new(cache_capacity)
             .map_err(|e| anyhow!("Unable to create the DNS cache: [{}]", e))?,
         config.cache_ttl_min,
         config.cache_ttl_max,
         config.cache_ttl_error,
     );
     let cert_cache = Cache::new(
-        SieveCache::new(RELAYED_CERT_CACHE_SIZE)
+        ClockProCache::new(RELAYED_CERT_CACHE_SIZE)
             .map_err(|e| anyhow!("Unable to create the relay cert cache: [{}]", e))?,
         RELAYED_CERT_CACHE_TTL,
         RELAYED_CERT_CACHE_TTL,

undelegated.txt

@@ -111,7 +111,6 @@ domain
 envoy
 example
 f.f.ip6.arpa
-fritz.box
 grp
 gw==
 home