Permalink
Browse files

Rewrite using libevent instead of libuv.

  • Loading branch information...
1 parent c622fd0 commit d33ce14302c828c8ea283b5c4b0a3860f4ba14be @jedisct1 jedisct1 committed Jun 14, 2012
Showing 508 changed files with 83,249 additions and 109,913 deletions.
View
@@ -1,5 +1,5 @@
-*.dSYM
*.cmake
+*.dSYM
*.log
*.o
*.s
@@ -24,19 +24,47 @@ depcomp
install-sh
libtool
ltmain.sh
+m4/libtool.m4
+m4/ltoptions.m4
+m4/ltsugar.m4
+m4/ltversion.m4
+m4/lt~obsolete.m4
man/*.html
man/Makefile.in
missing
probes.h
probes_dnscrypt_proxy.h
-src/*.la
-src/*.lo
src/*.o
src/.deps
-src/.libs
src/Makefile.in
src/dnscrypt-proxy/Makefile.in
src/dnscrypt-proxy/dnscrypt-proxy
+src/libevent/*.la
+src/libevent/*.lo
+src/libevent/*.pc
+src/libevent/.libs
+src/libevent/include/event2/event-config.h
+src/libevent/sample/.libs
+src/libevent/sample/dns-example
+src/libevent/sample/event-test
+src/libevent/sample/hello-world
+src/libevent/sample/http-server
+src/libevent/sample/le-proxy
+src/libevent/sample/signal-test
+src/libevent/sample/time-test
+src/libevent/test/.libs
+src/libevent/test/bench
+src/libevent/test/bench_cascade
+src/libevent/test/bench_http
+src/libevent/test/bench_httpclient
+src/libevent/test/regress
+src/libevent/test/rpcgen-attempted
+src/libevent/test/test-changelist
+src/libevent/test/test-eof
+src/libevent/test/test-init
+src/libevent/test/test-ratelim
+src/libevent/test/test-time
+src/libevent/test/test-weof
src/libnacl/okcompilers/c
src/libnacl/okcompilers/do
stamp-*
View
@@ -3,10 +3,10 @@ NaCl
see http://nacl.cr.yp.to/ for more info about this library and the
list of contributors.
-libuv
------
-see https://github.com/joyent/libuv for more info about this library
-and the src/libuv/AUTHORS file for the list of contributors.
+libevent
+--------
+see https://http://libevent.org/ for more info about this library
+and the src/libevent/README file for the list of contributors.
dnscrypt
--------
View
@@ -26,8 +26,8 @@ The externally maintained libraries used by dnscrypt-proxy are:
- NaCl (http://nacl.cr.yp.to/). Public domain.
- - libuv (https://github.com/joyent/libuv). MIT license.
- + libuv dependencies, see src/libuv/LICENSE.
+ - libevent (http://libevent.org/). 3-clause BSD license.
+ See src/libevent/LICENSE.
- salsa20_random.c reuses code from OpenBSD written by Damien Miller.
BSD license.
View
3 NEWS
@@ -1,4 +1,7 @@
+* Version 0.10:
+ - Almost a complete rewrite, with libuv being replaced by libevent.
+
* Version 0.9.5:
- Full IPv6 support.
View
@@ -33,8 +33,7 @@ Installation
------------
The daemon is known to work on recent versions of OSX, OpenBSD,
-NetBSD, Dragonfly BSD, FreeBSD, Linux, Windows (MingW or Cygwin), and iOS
-(requires a jailbroken device).
+NetBSD, Dragonfly BSD, FreeBSD, Linux and iOS (requires a jailbroken device).
Download the
[latest version](https://github.com/opendns/dnscrypt-proxy/downloads)
@@ -54,9 +53,6 @@ compilation process.
Running `make -j2 test` in the `src/libnacl` directory is also highly
recommended.
-On BSD systems, _GNU Make_ should be installed prior to running the
-`./configure` script.
-
The proxy will be installed as `/usr/local/sbin/dnscrypt-proxy` by default.
Command-line switches are documented in the `dnscrypt-proxy(8)` man page.
@@ -73,8 +69,9 @@ The easiest way to start the daemon is:
# dnscrypt-proxy --daemonize
-The proxy will accept incoming requests on 127.0.0.1 and
-encrypt/decrypt them from/to OpenDNS resolvers.
+The proxy will accept incoming requests on 127.0.0.1, tag them with an
+authentication code, forward them to OpenDNS resolvers, and validate
+each answer before passing it to the client.
Given such a setup, in order to actually start using DNSCrypt, you
need to update your `/etc/resolv.conf` file and replace your current
@@ -143,14 +140,16 @@ As a workaround, the port number can be changed using
the `--resolver-port=<port>` option. For example, OpenDNS servers
reply to queries sent to ports 53, 443 and 5353.
+By default, dnscrypt-proxy sends outgoing queries to UDP port 443.
+
In addition, the DNSCrypt proxy can force outgoing queries to be
sent over TCP. For example, TCP port 443, which is commonly used for
communication over HTTPS, may not be filtered.
The `--tcp-only` command-line switch forces this behavior. When
an incoming query is received, the daemon immediately replies with a
"response truncated" message, forcing the client to retry over TCP.
-The daemon then encrypts and signs the query and forwards it over TCP
+The daemon then authenticates the query and forwards it over TCP
to the resolver.
TCP is slower than UDP, and this workaround should never be used
@@ -174,7 +173,7 @@ adding `options edns0` to the `/etc/resolv.conf` file on most
Unix-like operating systems.
`dnscrypt-proxy` can transparently rewrite outgoing packets before
-signing and encrypting them, in order to add the EDNS0 mechanism. By
+authenticating them, in order to add the EDNS0 mechanism. By
default, a conservative payload size of 1280 bytes is advertised.
This size can be made larger by starting the proxy with the
@@ -197,8 +196,9 @@ DNS settings. OSX only, written in Objective C. 64-bit CPU required.
Experimental.
- [DNSCrypt WinClient](https://github.com/Noxwizard/dnscrypt-winclient):
-Easily enable/disable DNSCrypt on multiple adapters. Windows only,
-written in .NET.
+Easily enable/disable DNSCrypt on multiple adapters. Supports
+different ports and protocols, IPv6, parental controls and the proxy
+can act as a gateway service. Windows only, written in .NET.
- [DNSCrypt Win Client](https://github.com/opendns/dnscrypt-win-client):
Official GUI for Windows, by OpenDNS.
View
@@ -16,7 +16,7 @@ Cryptographic library
so that portable packages can be built. CPU-specific implementations are
used server-side.
-- crypto_box_curve25519xsalsa20poly1305_*() for signing/encrypting
+- crypto_box_curve25519xsalsa20poly1305_*() for authenticating/encrypting
queries and replies, crypto_sign_ed25519_*() for signing certificates, and
crypto_stream_salsa20() as a PRNG.
@@ -25,15 +25,14 @@ Cryptographic library
Event-notification library
--------------------------
-- Uses NodeJS' libuv, which wraps libev and native Windows functions, and
- provides nice cross-platform wrappers for common functions. Unbound's
- boilerplate is also excellent, but it hasn't been packaged as a
- standalone library yet.
+- Uses libevent. Unbound's boilerplate is also excellent, but it hasn't been
+ packaged as a standalone library yet.
-- Because it is totally awesome for writing software that has to
- eventually work on Windows.
+- Because it is totally awesome for writing portable software.
-- Bundled with dnscrypt, for now, because it's still a moving target.
+- Bundled with dnscrypt, for now, because it's a modified version (so
+ that evdns can cope with TXT records) and because some distributions
+ are still shipping dead old versions.
Certificates
------------
View
@@ -1,5 +1,11 @@
#! /bin/sh
+if glibtoolize --version > /dev/null 2>&1; then
+ LIBTOOLIZE='glibtoolize'
+else
+ LIBTOOLIZE='libtoolize'
+fi
+$LIBTOOLIZE && \
aclocal -I m4 && \
autoheader && \
automake --gnu --add-missing --include-deps && \
View
@@ -1,8 +1,9 @@
AC_PREREQ(2.61)
-AC_INIT(dnscrypt-proxy, 0.9.5, https://github.com/opendns/dnscrypt-proxy/issues)
+AC_INIT(dnscrypt-proxy, 0.10, https://github.com/opendns/dnscrypt-proxy/issues)
AC_CONFIG_MACRO_DIR([m4])
AC_CONFIG_SRCDIR([src/dnscrypt-proxy/app.c])
AC_CONFIG_HEADER([config.h])
+AC_CONFIG_SUBDIRS([src/libevent])
AM_INIT_AUTOMAKE([1.9 dist-bzip2])
AM_MAINTAINER_MODE
AM_DEP_TRACK
@@ -11,27 +12,11 @@ AC_SUBST(VERSION)
ISODATE=`date +%Y-%m-%d`
AC_SUBST(ISODATE)
-# Checks for programs.
-AX_CHECK_GNU_MAKE
-AS_IF([test -n "${ifGNUmake}"],[
- AC_MSG_ERROR([
-Found: ${MAKE}
-GNU make is required and was not found. If GNU make is not installed,
-please install it. www.gnu.org. If GNU make is installed, please adjust
-your PATH to make sure that GNU make is found before any other version
-of make that is installed on your system. rm config.cache and then
-re-run configure again.])
-],[
- AC_SUBST(MAKE, $_cv_gnu_make_command)
-])
-
LX_CFLAGS=${CFLAGS-NONE}
AC_PROG_CC_C99
AC_USE_SYSTEM_EXTENSIONS
CPPFLAGS="$CPPFLAGS -D_XPG4_2=1 -D_GNU_SOURCE=1"
-AX_PTHREAD
-
AS_IF([test "$cross_compiling" != no],
AC_DEFINE(CROSS_COMPILING,,[define if you are cross-compiling])
)
@@ -80,6 +65,7 @@ AX_CHECK_COMPILE_FLAG([-Wwrite-strings], [CFLAGS="$CFLAGS -Wwrite-strings"])
AX_CHECK_COMPILE_FLAG([-Wdiv-by-zero], [CFLAGS="$CFLAGS -Wdiv-by-zero"])
AC_ARG_VAR([CWFLAGS], [define to compilation flags for generating extra warnings])
+AX_CHECK_COMPILE_FLAG([-Wno-unknown-warning-option], [CWFLAGS="$CWFLAGS -Wno-unknown-warning-option"])
AX_CHECK_COMPILE_FLAG([-Wall], [CWFLAGS="$CWFLAGS -Wall"])
AX_CHECK_COMPILE_FLAG([-Wbad-function-cast], [CWFLAGS="$CWFLAGS -Wbad-function-cast"])
AX_CHECK_COMPILE_FLAG([-Wcast-align], [CWFLAGS="$CWFLAGS -Wcast-align"])
@@ -91,7 +77,6 @@ AX_CHECK_COMPILE_FLAG([-Wfloat-equal], [CWFLAGS="$CWFLAGS -Wfloat-equal"])
AX_CHECK_COMPILE_FLAG([-Wformat=2], [CWFLAGS="$CWFLAGS -Wformat=2"])
AX_CHECK_COMPILE_FLAG([-Wimplicit], [CWFLAGS="$CWFLAGS -Wimplicit"])
AX_CHECK_COMPILE_FLAG([-Wmissing-declarations], [CWFLAGS="$CWFLAGS -Wmissing-declarations"])
-AX_CHECK_COMPILE_FLAG([-Wmissing-noreturn], [CWFLAGS="$CWFLAGS -Wmissing-noreturn"])
AX_CHECK_COMPILE_FLAG([-Wmissing-prototypes], [CWFLAGS="$CWFLAGS -Wmissing-prototypes"])
AX_CHECK_COMPILE_FLAG([-Wnormalized=id], [CWFLAGS="$CWFLAGS -Wnormalized=id"])
AX_CHECK_COMPILE_FLAG([-Woverride-init], [CWFLAGS="$CWFLAGS -Woverride-init"])
@@ -135,15 +120,14 @@ AS_IF([test -d /usr/local/lib], [
LDFLAGS="$LDFLAGS -L/usr/local/lib"
])
-LIBS="$PTHREAD_LIBS $LIBS"
-CFLAGS="$CFLAGS $PTHREAD_CFLAGS"
-CC="$PTHREAD_CC"
+dnl Checks for header files.
-# Checks for header files.
AC_SYS_LARGEFILE
-AC_CHECK_HEADERS([execinfo.h paths.h sys/cdefs.h sys/feature_tests.h])
+AC_CHECK_HEADERS([sys/cdefs.h sys/feature_tests.h])
+AC_CHECK_HEADERS([execinfo.h paths.h pwd.h])
+
+dnl Checks for typedefs, structures, and compiler characteristics.
-# Checks for typedefs, structures, and compiler characteristics.
AC_C_RESTRICT
AC_CHECK_TYPE([in_port_t], , [AC_DEFINE(in_port_t, uint16_t,
@@ -238,7 +222,8 @@ do {
AC_MSG_RESULT(no)
])
-# Checks for library functions.
+dnl Checks for library functions.
+
AC_SEARCH_LIBS(pow, [m])
AC_SEARCH_LIBS(dlopen, [dl])
AC_SEARCH_LIBS(clock_gettime, [rt],
@@ -260,7 +245,8 @@ AS_IF([echo `(uname -s) 2>/dev/null` | $GREP "CYGWIN" > /dev/null], [
AC_CHECK_HEADER([CoreServices/CoreServices.h],
[LIBS="$LIBS -framework CoreFoundation -framework CoreServices"])
-# Switches
+dnl Switches.
+
AC_HEADER_ASSERT
AC_ARG_ENABLE(blocking-random,
@@ -303,15 +289,36 @@ AC_SUBST([MAINT])
AC_SUBST([NACL_PATH])
AC_SUBST([PROBES_SOURCE])
+dnl Libtool.
+
+LT_INIT([disable-shared])
+
+dnl Subconfig.
+
+ac_configure_args="$ac_configure_args --disable-dependency-tracking"
+ac_configure_args="$ac_configure_args --disable-openssl"
+ac_configure_args="$ac_configure_args --disable-shared"
+ac_configure_args="$ac_configure_args --disable-thread-support"
+ac_configure_args="$ac_configure_args --enable-function-sections"
+ac_configure_args="$ac_configure_args --with-pic"
+export CC
+export CFLAGS
+export CPP
+export CPPFLAGS
+export LDFLAGS
+export LIBS
+
+dnl Output.
+
AC_CONFIG_FILES([Makefile
man/Makefile
src/Makefile
src/dnscrypt-proxy/Makefile
+ src/ext/Makefile
src/libnacl/Makefile
src/libnacl/tests/Makefile
src/libnacl/okcompilers/c
src/libnacl/okcompilers/do
- src/libuv/Makefile
test/Makefile])
AC_OUTPUT
View
@@ -3,9 +3,9 @@
export XCODEDIR="/Applications/Xcode45-DP1.app/Contents/Developer"
export BASEDIR="${XCODEDIR}/Platforms/iPhoneOS.platform/Developer"
export PATH="${BASEDIR}/usr/bin:$BASEDIR/usr/sbin:$PATH"
-export SDK="${BASEDIR}/SDKs/iPhoneOS5.1.sdk"
-export CFLAGS="-pthread -mthumb -arch armv6 -isysroot ${SDK}"
-export LDFLAGS="-pthread -mthumb -arch armv6 -isysroot ${SDK}"
+export SDK="${BASEDIR}/SDKs/iPhoneOS6.0.sdk"
+export CFLAGS="-pthread -mthumb -arch armv7 -isysroot ${SDK}"
+export LDFLAGS="-pthread -mthumb -arch armv7 -isysroot ${SDK}"
./configure --host=arm-apple-darwin10 && make -j2
View
@@ -1,7 +1,7 @@
.\" generated with Ronn/v0.7.3
.\" http://github.com/rtomayko/ronn/tree/0.7.3
.
-.TH "DNSCRYPT\-PROXY" "8" "May 2012" "" ""
+.TH "DNSCRYPT\-PROXY" "8" "June 2012" "" ""
.
.SH "NAME"
\fBdnscrypt\-proxy\fR \- A DNSCrypt forwarder
@@ -10,13 +10,13 @@
\fBdnscrypt\-proxy\fR [\fIoptions\fR]
.
.SH "DESCRIPTION"
-\fBdnscrypt\-proxy\fR accepts DNS requests, encrypts and signs them using dnscrypt and forwards them to a remote dnscrypt\-enabled resolver\.
+\fBdnscrypt\-proxy\fR accepts DNS requests, authenticates and encrypts them using dnscrypt and forwards them to a remote dnscrypt\-enabled resolver\.
.
.P
-Replies from the resolver are expected also to be encrypted and signed\.
+Replies from the resolver are expected to be authenticated and encrypted or else they will be discarded\.
.
.P
-The proxy verifies the signature of replies, decrypts them, and transparently forwards them to the local stub resolver\.
+The proxy verifies the replies, decrypts them, and transparently forwards them to the local stub resolver\.
.
.P
\fBdnscrypt\-proxy\fR listens to \fB127\.0\.0\.1\fR / port \fB53\fR by default\.
@@ -57,7 +57,7 @@ Intead, run a DNS cache like \fBUnbound\fR, and configure it to use \fBdnscrypt\
\fB\-r\fR, \fB\-\-resolver\-address=<ip>\fR: a DNSCrypt\-capable resolver IP address\.
.
.IP "\(bu" 4
-\fB\-t\fR, \fB\-\-resolver\-port=<port>\fR: connect to the resolver on port \fIport\fR, as a workaround if UDP over port 53 is filtered\.
+\fB\-t\fR, \fB\-\-resolver\-port=<port>\fR: connect to the resolver on port \fIport\fR, as a workaround if UDP over port 53 is filtered\. The default port is 443\.
.
.IP "\(bu" 4
\fB\-u\fR, \fB\-\-user=<user name>\fR: chroot(2) to this user\'s home directory and drop privileges\.
Oops, something went wrong.

0 comments on commit d33ce14

Please sign in to comment.