Rewrite using libevent instead of libuv.

.gitignore

@@ -1,5 +1,5 @@
-*.dSYM
 *.cmake
+*.dSYM
 *.log
 *.o
 *.s
@@ -24,19 +24,47 @@ depcomp
 install-sh
 libtool
 ltmain.sh
+m4/libtool.m4
+m4/ltoptions.m4
+m4/ltsugar.m4
+m4/ltversion.m4
+m4/lt~obsolete.m4
 man/*.html
 man/Makefile.in
 missing
 probes.h
 probes_dnscrypt_proxy.h
-src/*.la
-src/*.lo
 src/*.o
 src/.deps
-src/.libs
 src/Makefile.in
 src/dnscrypt-proxy/Makefile.in
 src/dnscrypt-proxy/dnscrypt-proxy
+src/libevent/*.la
+src/libevent/*.lo
+src/libevent/*.pc
+src/libevent/.libs
+src/libevent/include/event2/event-config.h
+src/libevent/sample/.libs
+src/libevent/sample/dns-example
+src/libevent/sample/event-test
+src/libevent/sample/hello-world
+src/libevent/sample/http-server
+src/libevent/sample/le-proxy
+src/libevent/sample/signal-test
+src/libevent/sample/time-test
+src/libevent/test/.libs
+src/libevent/test/bench
+src/libevent/test/bench_cascade
+src/libevent/test/bench_http
+src/libevent/test/bench_httpclient
+src/libevent/test/regress
+src/libevent/test/rpcgen-attempted
+src/libevent/test/test-changelist
+src/libevent/test/test-eof
+src/libevent/test/test-init
+src/libevent/test/test-ratelim
+src/libevent/test/test-time
+src/libevent/test/test-weof
 src/libnacl/okcompilers/c
 src/libnacl/okcompilers/do
 stamp-*

AUTHORS

@@ -3,10 +3,10 @@ NaCl
 see http://nacl.cr.yp.to/ for more info about this library and the
 list of contributors.
 
-libuv
------
-see https://github.com/joyent/libuv for more info about this library
-and the src/libuv/AUTHORS file for the list of contributors.
+libevent
+--------
+see https://http://libevent.org/ for more info about this library
+and the src/libevent/README file for the list of contributors.
 
 dnscrypt
 --------

COPYING

@@ -26,8 +26,8 @@ The externally maintained libraries used by dnscrypt-proxy are:
 
   - NaCl (http://nacl.cr.yp.to/). Public domain.
 
-  - libuv (https://github.com/joyent/libuv). MIT license.
-    + libuv dependencies, see src/libuv/LICENSE.
+  - libevent (http://libevent.org/). 3-clause BSD license.
+    See src/libevent/LICENSE.
 
   - salsa20_random.c reuses code from OpenBSD written by Damien Miller.
     BSD license.

NEWS

@@ -1,4 +1,7 @@
 
+* Version 0.10:
+ - Almost a complete rewrite, with libuv being replaced by libevent.
+
 * Version 0.9.5:
  - Full IPv6 support.
 

README.markdown

@@ -33,8 +33,7 @@ Installation
 ------------
 
 The daemon is known to work on recent versions of OSX, OpenBSD,
-NetBSD, Dragonfly BSD, FreeBSD, Linux, Windows (MingW or Cygwin), and iOS
-(requires a jailbroken device).
+NetBSD, Dragonfly BSD, FreeBSD, Linux and iOS (requires a jailbroken device).
 
 Download the
 [latest version](https://github.com/opendns/dnscrypt-proxy/downloads)
@@ -54,9 +53,6 @@ compilation process.
 Running `make -j2 test` in the `src/libnacl` directory is also highly
 recommended.
 
-On BSD systems, _GNU Make_ should be installed prior to running the
-`./configure` script.
-
 The proxy will be installed as `/usr/local/sbin/dnscrypt-proxy` by default.
 
 Command-line switches are documented in the `dnscrypt-proxy(8)` man page.
@@ -73,8 +69,9 @@ The easiest way to start the daemon is:
 
     # dnscrypt-proxy --daemonize
 
-The proxy will accept incoming requests on 127.0.0.1 and
-encrypt/decrypt them from/to OpenDNS resolvers.
+The proxy will accept incoming requests on 127.0.0.1, tag them with an
+authentication code, forward them to OpenDNS resolvers, and validate
+each answer before passing it to the client.
 
 Given such a setup, in order to actually start using DNSCrypt, you
 need to update your `/etc/resolv.conf` file and replace your current
@@ -143,14 +140,16 @@ As a workaround, the port number can be changed using
 the `--resolver-port=<port>` option. For example, OpenDNS servers
 reply to queries sent to ports 53, 443 and 5353.
 
+By default, dnscrypt-proxy sends outgoing queries to UDP port 443.
+
 In addition, the DNSCrypt proxy can force outgoing queries to be
 sent over TCP. For example, TCP port 443, which is commonly used for
 communication over HTTPS, may not be filtered.
 
 The `--tcp-only` command-line switch forces this behavior. When
 an incoming query is received, the daemon immediately replies with a
 "response truncated" message, forcing the client to retry over TCP.
-The daemon then encrypts and signs the query and forwards it over TCP
+The daemon then authenticates the query and forwards it over TCP
 to the resolver.
 
 TCP is slower than UDP, and this workaround should never be used
@@ -174,7 +173,7 @@ adding `options edns0` to the `/etc/resolv.conf` file on most
 Unix-like operating systems.
 
 `dnscrypt-proxy` can transparently rewrite outgoing packets before
-signing and encrypting them, in order to add the EDNS0 mechanism. By
+authenticating them, in order to add the EDNS0 mechanism. By
 default, a conservative payload size of 1280 bytes is advertised.
 
 This size can be made larger by starting the proxy with the
@@ -197,8 +196,9 @@ DNS settings. OSX only, written in Objective C. 64-bit CPU required.
 Experimental.
 
 - [DNSCrypt WinClient](https://github.com/Noxwizard/dnscrypt-winclient):
-Easily enable/disable DNSCrypt on multiple adapters. Windows only,
-written in .NET.
+Easily enable/disable DNSCrypt on multiple adapters. Supports
+different ports and protocols, IPv6, parental controls and the proxy
+can act as a gateway service. Windows only, written in .NET.
 
 - [DNSCrypt Win Client](https://github.com/opendns/dnscrypt-win-client):
 Official GUI for Windows, by OpenDNS.

TECHNOTES

@@ -16,7 +16,7 @@ Cryptographic library
   so that portable packages can be built. CPU-specific implementations are
   used server-side.
 
-- crypto_box_curve25519xsalsa20poly1305_*() for signing/encrypting
+- crypto_box_curve25519xsalsa20poly1305_*() for authenticating/encrypting
   queries and replies, crypto_sign_ed25519_*() for signing certificates, and
   crypto_stream_salsa20() as a PRNG.
 
@@ -25,15 +25,14 @@ Cryptographic library
 Event-notification library
 --------------------------
 
-- Uses NodeJS' libuv, which wraps libev and native Windows functions, and
-  provides nice cross-platform wrappers for common functions. Unbound's
-  boilerplate is also excellent, but it hasn't been packaged as a
-  standalone library yet.
+- Uses libevent. Unbound's boilerplate is also excellent, but it hasn't been
+  packaged as a standalone library yet.
 
-- Because it is totally awesome for writing software that has to
-  eventually work on Windows.
+- Because it is totally awesome for writing portable software.
 
-- Bundled with dnscrypt, for now, because it's still a moving target.
+- Bundled with dnscrypt, for now, because it's a modified version (so
+  that evdns can cope with TXT records) and because some distributions
+  are still shipping dead old versions.
 
 Certificates
 ------------

autogen.sh

@@ -1,5 +1,11 @@
 #! /bin/sh
 
+if glibtoolize --version > /dev/null 2>&1; then
+  LIBTOOLIZE='glibtoolize'
+else
+  LIBTOOLIZE='libtoolize'
+fi
+$LIBTOOLIZE && \
 aclocal -I m4 && \
 autoheader && \
 automake --gnu --add-missing --include-deps && \

configure.ac

@@ -1,8 +1,9 @@
 AC_PREREQ(2.61)
-AC_INIT(dnscrypt-proxy, 0.9.5, https://github.com/opendns/dnscrypt-proxy/issues)
+AC_INIT(dnscrypt-proxy, 0.10, https://github.com/opendns/dnscrypt-proxy/issues)
 AC_CONFIG_MACRO_DIR([m4])
 AC_CONFIG_SRCDIR([src/dnscrypt-proxy/app.c])
 AC_CONFIG_HEADER([config.h])
+AC_CONFIG_SUBDIRS([src/libevent])
 AM_INIT_AUTOMAKE([1.9 dist-bzip2])
 AM_MAINTAINER_MODE
 AM_DEP_TRACK
@@ -11,27 +12,11 @@ AC_SUBST(VERSION)
 ISODATE=`date +%Y-%m-%d`
 AC_SUBST(ISODATE)
 
-# Checks for programs.
-AX_CHECK_GNU_MAKE
-AS_IF([test -n "${ifGNUmake}"],[
-  AC_MSG_ERROR([
-Found: ${MAKE}
-GNU make is required and was not found. If GNU make is not installed,
-please install it. www.gnu.org. If GNU make is installed, please adjust
-your PATH to make sure that GNU make is found before any other version
-of make that is installed on your system. rm config.cache and then
-re-run configure again.])
-],[
-  AC_SUBST(MAKE, $_cv_gnu_make_command)
-])
-
 LX_CFLAGS=${CFLAGS-NONE}
 AC_PROG_CC_C99
 AC_USE_SYSTEM_EXTENSIONS
 CPPFLAGS="$CPPFLAGS -D_XPG4_2=1 -D_GNU_SOURCE=1"
 
-AX_PTHREAD
-
 AS_IF([test "$cross_compiling" != no],
   AC_DEFINE(CROSS_COMPILING,,[define if you are cross-compiling])
 )
@@ -80,6 +65,7 @@ AX_CHECK_COMPILE_FLAG([-Wwrite-strings], [CFLAGS="$CFLAGS -Wwrite-strings"])
 AX_CHECK_COMPILE_FLAG([-Wdiv-by-zero], [CFLAGS="$CFLAGS -Wdiv-by-zero"])
 
 AC_ARG_VAR([CWFLAGS], [define to compilation flags for generating extra warnings])
+AX_CHECK_COMPILE_FLAG([-Wno-unknown-warning-option], [CWFLAGS="$CWFLAGS -Wno-unknown-warning-option"])
 AX_CHECK_COMPILE_FLAG([-Wall], [CWFLAGS="$CWFLAGS -Wall"])
 AX_CHECK_COMPILE_FLAG([-Wbad-function-cast], [CWFLAGS="$CWFLAGS -Wbad-function-cast"])
 AX_CHECK_COMPILE_FLAG([-Wcast-align], [CWFLAGS="$CWFLAGS -Wcast-align"])
@@ -91,7 +77,6 @@ AX_CHECK_COMPILE_FLAG([-Wfloat-equal], [CWFLAGS="$CWFLAGS -Wfloat-equal"])
 AX_CHECK_COMPILE_FLAG([-Wformat=2], [CWFLAGS="$CWFLAGS -Wformat=2"])
 AX_CHECK_COMPILE_FLAG([-Wimplicit], [CWFLAGS="$CWFLAGS -Wimplicit"])
 AX_CHECK_COMPILE_FLAG([-Wmissing-declarations], [CWFLAGS="$CWFLAGS -Wmissing-declarations"])
-AX_CHECK_COMPILE_FLAG([-Wmissing-noreturn], [CWFLAGS="$CWFLAGS -Wmissing-noreturn"])
 AX_CHECK_COMPILE_FLAG([-Wmissing-prototypes], [CWFLAGS="$CWFLAGS -Wmissing-prototypes"])
 AX_CHECK_COMPILE_FLAG([-Wnormalized=id], [CWFLAGS="$CWFLAGS -Wnormalized=id"])
 AX_CHECK_COMPILE_FLAG([-Woverride-init], [CWFLAGS="$CWFLAGS -Woverride-init"])
@@ -135,15 +120,14 @@ AS_IF([test -d /usr/local/lib], [
   LDFLAGS="$LDFLAGS -L/usr/local/lib"
 ])
 
-LIBS="$PTHREAD_LIBS $LIBS"
-CFLAGS="$CFLAGS $PTHREAD_CFLAGS"
-CC="$PTHREAD_CC"
+dnl Checks for header files.
 
-# Checks for header files.
 AC_SYS_LARGEFILE
-AC_CHECK_HEADERS([execinfo.h paths.h sys/cdefs.h sys/feature_tests.h])
+AC_CHECK_HEADERS([sys/cdefs.h sys/feature_tests.h])
+AC_CHECK_HEADERS([execinfo.h paths.h pwd.h])
+
+dnl Checks for typedefs, structures, and compiler characteristics.
 
-# Checks for typedefs, structures, and compiler characteristics.
 AC_C_RESTRICT
 
 AC_CHECK_TYPE([in_port_t], , [AC_DEFINE(in_port_t, uint16_t,
@@ -238,7 +222,8 @@ do {
   AC_MSG_RESULT(no)
 ])
 
-# Checks for library functions.
+dnl Checks for library functions.
+
 AC_SEARCH_LIBS(pow, [m])
 AC_SEARCH_LIBS(dlopen, [dl])
 AC_SEARCH_LIBS(clock_gettime, [rt],
@@ -260,7 +245,8 @@ AS_IF([echo `(uname -s) 2>/dev/null` | $GREP "CYGWIN" > /dev/null], [
 AC_CHECK_HEADER([CoreServices/CoreServices.h],
   [LIBS="$LIBS -framework CoreFoundation -framework CoreServices"])
 
-# Switches
+dnl Switches.
+
 AC_HEADER_ASSERT
 
 AC_ARG_ENABLE(blocking-random,
@@ -303,15 +289,36 @@ AC_SUBST([MAINT])
 AC_SUBST([NACL_PATH])
 AC_SUBST([PROBES_SOURCE])
 
+dnl Libtool.
+
+LT_INIT([disable-shared])
+
+dnl Subconfig.
+
+ac_configure_args="$ac_configure_args --disable-dependency-tracking"
+ac_configure_args="$ac_configure_args --disable-openssl"
+ac_configure_args="$ac_configure_args --disable-shared"
+ac_configure_args="$ac_configure_args --disable-thread-support"
+ac_configure_args="$ac_configure_args --enable-function-sections"
+ac_configure_args="$ac_configure_args --with-pic"
+export CC
+export CFLAGS
+export CPP
+export CPPFLAGS
+export LDFLAGS
+export LIBS
+
+dnl Output.
+
 AC_CONFIG_FILES([Makefile
                  man/Makefile
                  src/Makefile
                  src/dnscrypt-proxy/Makefile
+                 src/ext/Makefile
                  src/libnacl/Makefile
                  src/libnacl/tests/Makefile
                  src/libnacl/okcompilers/c
                  src/libnacl/okcompilers/do
-                 src/libuv/Makefile
                  test/Makefile])
 
 AC_OUTPUT

iphone.sh

@@ -3,9 +3,9 @@
 export XCODEDIR="/Applications/Xcode45-DP1.app/Contents/Developer"
 export BASEDIR="${XCODEDIR}/Platforms/iPhoneOS.platform/Developer"
 export PATH="${BASEDIR}/usr/bin:$BASEDIR/usr/sbin:$PATH"
-export SDK="${BASEDIR}/SDKs/iPhoneOS5.1.sdk"
-export CFLAGS="-pthread -mthumb -arch armv6 -isysroot ${SDK}"
-export LDFLAGS="-pthread -mthumb -arch armv6 -isysroot ${SDK}"
+export SDK="${BASEDIR}/SDKs/iPhoneOS6.0.sdk"
+export CFLAGS="-pthread -mthumb -arch armv7 -isysroot ${SDK}"
+export LDFLAGS="-pthread -mthumb -arch armv7 -isysroot ${SDK}"
 
 ./configure --host=arm-apple-darwin10 && make -j2
 

man/dnscrypt-proxy.8

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "DNSCRYPT\-PROXY" "8" "May 2012" "" ""
+.TH "DNSCRYPT\-PROXY" "8" "June 2012" "" ""
 .
 .SH "NAME"
 \fBdnscrypt\-proxy\fR \- A DNSCrypt forwarder
@@ -10,13 +10,13 @@
 \fBdnscrypt\-proxy\fR [\fIoptions\fR]
 .
 .SH "DESCRIPTION"
-\fBdnscrypt\-proxy\fR accepts DNS requests, encrypts and signs them using dnscrypt and forwards them to a remote dnscrypt\-enabled resolver\.
+\fBdnscrypt\-proxy\fR accepts DNS requests, authenticates and encrypts them using dnscrypt and forwards them to a remote dnscrypt\-enabled resolver\.
 .
 .P
-Replies from the resolver are expected also to be encrypted and signed\.
+Replies from the resolver are expected to be authenticated and encrypted or else they will be discarded\.
 .
 .P
-The proxy verifies the signature of replies, decrypts them, and transparently forwards them to the local stub resolver\.
+The proxy verifies the replies, decrypts them, and transparently forwards them to the local stub resolver\.
 .
 .P
 \fBdnscrypt\-proxy\fR listens to \fB127\.0\.0\.1\fR / port \fB53\fR by default\.
@@ -57,7 +57,7 @@ Intead, run a DNS cache like \fBUnbound\fR, and configure it to use \fBdnscrypt\
 \fB\-r\fR, \fB\-\-resolver\-address=<ip>\fR: a DNSCrypt\-capable resolver IP address\.
 .
 .IP "\(bu" 4
-\fB\-t\fR, \fB\-\-resolver\-port=<port>\fR: connect to the resolver on port \fIport\fR, as a workaround if UDP over port 53 is filtered\.
+\fB\-t\fR, \fB\-\-resolver\-port=<port>\fR: connect to the resolver on port \fIport\fR, as a workaround if UDP over port 53 is filtered\. The default port is 443\.
 .
 .IP "\(bu" 4
 \fB\-u\fR, \fB\-\-user=<user name>\fR: chroot(2) to this user\'s home directory and drop privileges\.