Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

plugin_dns64: Fail to start due to index out of range #1477

Closed
joneskoo opened this issue Sep 16, 2020 · 2 comments
Closed

plugin_dns64: Fail to start due to index out of range #1477

joneskoo opened this issue Sep 16, 2020 · 2 comments
Labels
systemd

Comments

@joneskoo
Copy link

The bug affects users who configure dns64 support. As I understand, the bug triggers when the dnscrypt-proxy binds to no addresses (systemd socket activation) and dns64 is enabled.

The dnscrypt-proxy fails to start and prints out this stack trace:

dnscrypt-proxy[2960]: [2020-09-16 23:48:53] [NOTICE] dnscrypt-proxy 2.0.44
dnscrypt-proxy[2960]: [2020-09-16 23:48:53] [NOTICE] Network connectivity detected
dnscrypt-proxy[2960]: [2020-09-16 23:48:53] [WARNING] Systemd sockets are untested and unsupported - use at your own risk
dnscrypt-proxy[2960]: [2020-09-16 23:48:53] [NOTICE] Wiring systemd TCP socket #0, dnscrypt-proxy.socket, 127.0.2.1:5300
dnscrypt-proxy[2960]: [2020-09-16 23:48:53] [NOTICE] Wiring systemd UDP socket #1, dnscrypt-proxy.socket, 127.0.2.1:5300
dnscrypt-proxy[2960]: [2020-09-16 23:48:53] [NOTICE] Source [public-resolvers] loaded
dnscrypt-proxy[2960]: [2020-09-16 23:48:53] [NOTICE] Firefox workaround initialized
dnscrypt-proxy[2960]: [2020-09-16 23:48:53] [NOTICE] Loading the set of cloaking rules from [local-dns.txt]
dnscrypt-proxy[2960]: [2020-09-16 23:48:53] [NOTICE] Loading the set of forwarding rules from [forwarding-rules.txt]
dnscrypt-proxy[2960]: panic: runtime error: index out of range [0] with length 0
dnscrypt-proxy[2960]: goroutine 19 [running]:
dnscrypt-proxy[2960]: main.(*PluginDns64).Init(0xc000073ea0, 0xc0000c6900, 0x0, 0x0)
dnscrypt-proxy[2960]:         github.com/DNSCrypt/dnscrypt-proxy/dnscrypt-proxy/plugin_dns64.go:35 +0x3ef
dnscrypt-proxy[2960]: main.(*Proxy).InitPluginsGlobals(0xc0000c6900, 0xc0000c8480, 0x0)
dnscrypt-proxy[2960]:         github.com/DNSCrypt/dnscrypt-proxy/dnscrypt-proxy/plugins.go:156 +0x523
dnscrypt-proxy[2960]: main.(*App).AppMain(0xc00009b620)
dnscrypt-proxy[2960]:         github.com/DNSCrypt/dnscrypt-proxy/dnscrypt-proxy/main.go:130 +0xb3
dnscrypt-proxy[2960]: main.(*App).Start.func1(0xc00009b620)
dnscrypt-proxy[2960]:         github.com/DNSCrypt/dnscrypt-proxy/dnscrypt-proxy/main.go:118 +0x2b
dnscrypt-proxy[2960]: created by main.(*App).Start
dnscrypt-proxy[2960]:         github.com/DNSCrypt/dnscrypt-proxy/dnscrypt-proxy/main.go:117 +0x49
systemd[1]: dnscrypt-proxy.service: Main process exited, code=exited, status=2/INVALIDARGUMENT
systemd[1]: dnscrypt-proxy.service: Failed with result 'exit-code'.

I installed dnscrypt-proxy 2.0.44 from Debian testing on Debian stable.

I changed the port in the systemd socket file but that should not matter:

[Unit]
Description=dnscrypt-proxy listening socket
Documentation=https://github.com/DNSCrypt/dnscrypt-proxy/wiki
Before=nss-lookup.target
Wants=nss-lookup.target
Wants=dnscrypt-proxy-resolvconf.service

[Socket]
ListenStream=127.0.2.1:5300
ListenDatagram=127.0.2.1:5300
NoDelay=true
DeferAcceptSec=1

[Install]
WantedBy=sockets.target

The dnscrypt-proxy.toml is following (I believe mostly default + adding dns64):

# Empty listen_addresses to use systemd socket activation
listen_addresses = []
server_names = ['cloudflare']
cloaking_rules = 'local-dns.txt'
forwarding_rules = 'forwarding-rules.txt'

[query_log]
  file = '/var/log/dnscrypt-proxy/query.log'

[nx_log]
  file = '/var/log/dnscrypt-proxy/nx.log'

[sources]
  [sources.'public-resolvers']
  url = 'https://download.dnscrypt.info/resolvers-list/v2/public-resolvers.md'
  cache_file = '/var/cache/dnscrypt-proxy/public-resolvers.md'
  minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3'
  refresh_delay = 72
  prefix = ''

[dns64]
## (Option 1) Static prefix(es) as Pref64::/n CIDRs.
prefix = ["64:ff9b::/96"]

Expected behavior (i.e. solution)

dnscrypt-proxy should not crash on startup, or if this is a problem that truly prevents startup, it should exit with error explaining what to change to not fail to start.

Other comments

My guess is crash is because:

dnscrypt-proxy/dnscrypt-proxy/plugin_dns64.go

Line 35 in 03746b7

plugin.ipv4Resolver = proxy.listenAddresses[0] //recursively to ourselves

code attempts to uncoditionally use the first listener and with systemd that is empty (see dnscrypt-proxy.toml).
@joneskoo
Copy link
Author

Ping @s-s

@jedisct1
Copy link
Member

jedisct1 commented Sep 16, 2020
edited
Loading

The plugin sends queries to itself in order to add an A query when a response without IPv6 records has been received.

Instead of self-sent queries, maybe processIncomingQuery() could be called directly.

antonme pushed a commit to antonme/dnscrypt-proxy-home that referenced this issue Sep 25, 2020
@jedisct1
plugin_dns64: don't send queries to self
95d31e4 
Fixes DNSCrypt#1477
antonme pushed a commit to antonme/dnscrypt-proxy-home that referenced this issue Sep 25, 2020
@jedisct1
plugin_dns64: don't send queries to self
9a2f0da 
Fixes DNSCrypt#1477
@DNSCrypt DNSCrypt locked and limited conversation to collaborators Oct 16, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
systemd
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jedisct1 @joneskoo