cofyc / dnscrypt-wrapper Goto Github PK
View Code? Open in Web Editor NEWThis is dnscrypt wrapper (server-side dnscrypt proxy), which helps to add dnscrypt support to any name resolver.
License: Other
This is dnscrypt wrapper (server-side dnscrypt proxy), which helps to add dnscrypt support to any name resolver.
License: Other
Many servers I tried use 1 year rotating keys that are bad for forward secrecy. I think they use dnscrypt-wrapper defaults. Could the defaults be changed to 24 hours as per specification so everyone upgrading the wrapper will make their service more secure?
The problem is described in DNSCrypt/dnscrypt-proxy#520
[INFO] The key rotation period for this server may exceed the recommended value. This is bad for forward secrecy.
dnscrypt-proxy will complain about PFS for anything more than 24 hours.
See this post for a practical example that works fine (I use this dns service with no problems) https://dnscrypt.pl/2017/02/26/how-key-rotation-is-automated/
在centos7上布置好了dnscrypt-wrapper 可是怎么运行不了多久就会出现段错误 (core dumped)呀,抓狂了一下午,求菊苴指导
[2697] 28 Nov 09:02:40.899 [debug] client to proxy cb
[2697] 28 Nov 09:02:40.984 [debug] resolver to proxy cb
[2697] 28 Nov 09:02:41.054 [debug] client to proxy cb
[2697] 28 Nov 09:02:41.055 [debug] client to proxy cb
[2697] 28 Nov 09:02:41.056 [debug] client to proxy cb
[2697] 28 Nov 09:02:41.058 [debug] resolver to proxy cb
[2697] 28 Nov 09:02:41.059 [debug] resolver to proxy cb
段错误
[root@localhost dnscrypt-wrapper]#
唯一异常的就是执行这段命令后服务器不响应。
$ dnscrypt-wrapper --resolver-address=8.8.8.8:53 --listen-address=0.0.0.0:443
--provider-name=2.dnscrypt-cert.yechengfu.com
--crypt-secretkey-file=1.key --provider-cert-file=1.cert
每步严格安装你的方法去执行,就是dns不通。防火墙也关闭了。
全部重新安装了dnscrypt-wrapper,clone最新的版本,结果输入
./dnscrypt-wrapper -r 8.8.8.8:53 -a 0.0.0.0:443 --crypt-secretkey-file=crypt_secret.key --crypt-publickey-file=crypt_public.key --provider-cert-file=dnscrypt.cert --provider-name=2.dnscrypt-cert.yechengfu.com
后就没响应了....求帮忙解决下
I really want use this on windows , Could you make a Windows Version please? really thanks !
I'm not sure if this is a bug in my setup or if this is a dnscrypt-wrapper related bug, bug here we go:
My dnscrypt-wrapper keeps crashing AFTER I kill the previous process which listened on the exact same IP+Port with exact same configuration:
root@fvz-rec-hk-nt-01:~# /usr/local/sbin/dnscrypt-wrapper -U -r 127.0.0.1:53 -a 151.236.20.236:443 --crypt-secretkey-file=/etc/dnscrypt-wrapper/crypt_secret.key --crypt-publickey-file=/etc/dnscrypt-wrapper/crypt_public.key --provider-cert-file=/etc/dnscrypt-wrapper/dnscrypt.cert --provider-name=2.fvz-rec-hk-nt-01.dnscrypt-cert.meo.ws -VVV
[31760] 02 Jul 12:15:31.087 [info] [main.c:318] Crypt public key fingerprint: C311:BD17:3CE5:D12F:4CE8:033B:275A:DF44:7EAC:D207:32DB:FF6E:DE22:3E03:537A:7B74
[31760] 02 Jul 12:15:31.116 [debug] [udp_request.c:308] client to proxy cb
[31760] 02 Jul 12:15:31.228 [debug] [udp_request.c:308] client to proxy cb
[31760] 02 Jul 12:15:31.381 [debug] [udp_request.c:308] client to proxy cb
[31760] 02 Jul 12:15:31.384 [debug] [udp_request.c:308] client to proxy cb
[...]
[31760] 02 Jul 12:15:34.558 [debug] [udp_request.c:444] resolver to proxy cb
[31760] 02 Jul 12:15:34.558 [debug] [udp_request.c:444] resolver to proxy cb
[31760] 02 Jul 12:15:34.628 [debug] [udp_request.c:308] client to proxy cb
[31760] 02 Jul 12:15:34.717 [debug] [udp_request.c:308] client to proxy cb
[31760] 02 Jul 12:15:34.775 [debug] [udp_request.c:444] resolver to proxy cb
^C
root@fvz-rec-hk-nt-01:~# /usr/local/sbin/dnscrypt-wrapper -U -r 127.0.0.1:53 -a 151.236.20.236:443 --crypt-secretkey-file=/etc/dnscrypt-wrapper/crypt_secret.key --crypt-publickey-file=/etc/dnscrypt-wrapper/crypt_public.key --provider-cert-file=/etc/dnscrypt-wrapper/dnscrypt.cert --provider-name=2.fvz-rec-hk-nt-01.dnscrypt-cert.meo.ws -VVV
[31761] 02 Jul 12:15:36.054 [info] [main.c:318] Crypt public key fingerprint: C311:BD17:3CE5:D12F:4CE8:033B:275A:DF44:7EAC:D207:32DB:FF6E:DE22:3E03:537A:7B74
[31761] 02 Jul 12:15:36.055 [warning] [debug.c:93] Crashed by signal: 11
[31761] 02 Jul 12:15:36.055 [warning] [debug.c:94] --- STACK TRACE
[31761] 02 Jul 12:15:36.055 [warning] [debug.c:96] Failed assertion: <no assertion failed> (<no file>:0)
[31761] 02 Jul 12:15:36.055 [warning] [debug.c:98] --- STACK TRACE
[0x407fd8]
/lib/x86_64-linux-gnu/libc.so.6(_IO_vfprintf+0x273a)[0x7ff9c4310aaa]
/lib/x86_64-linux-gnu/libc.so.6(_IO_vfprintf+0x273a)[0x7ff9c4310aaa]
/lib/x86_64-linux-gnu/libc.so.6(vsnprintf+0xa2)[0x7ff9c4336512]
[0x406ea3]
[0x40684b]
[0x403831]
/lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xfd)[0x7ff9c42e9ead]
[0x403c9d]
Segmentation fault
Here is an strace of the command:
https://scr.meo.ws/paste/2015-07-02-14-18-19-O0YvcDhn.txt
GDB:
root@fvz-rec-hk-nt-01:~# gdb --args /usr/local/sbin/dnscrypt-wrapper -U -r 127.0.0.1:53 -a 151.236.20.236:443 --crypt-secretkey-file=/etc/dnscrypt-wrapper/crypt_secret.key --crypt-publickey-file=/etc/dnscrypt-wrapper/crypt_public.key --provider-cert-file=/etc/dnscrypt-wrapper/dnscrypt.cert --provider-name=2.fvz-rec-hk-nt-01.dnscrypt-cert.meo.ws -VVV
GNU gdb (GDB) 7.4.1-debian
Copyright (C) 2012 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law. Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu".
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>...
Reading symbols from /usr/local/sbin/dnscrypt-wrapper...done.
(gdb) r
Starting program: /usr/local/sbin/dnscrypt-wrapper -U -r 127.0.0.1:53 -a 151.236.20.236:443 --crypt-secretkey-file=/etc/dnscrypt-wrapper/crypt_secret.key --crypt-publickey-file=/etc/dnscrypt-wrapper/crypt_public.key --provider-cert-file=/etc/dnscrypt-wrapper/dnscrypt.cert --provider-name=2.fvz-rec-hk-nt-01.dnscrypt-cert.meo.ws -VVV
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
[32063] 02 Jul 12:20:49.385 [info] [main.c:318] Crypt public key fingerprint: C311:BD17:3CE5:D12F:4CE8:033B:275A:DF44:7EAC:D207:32DB:FF6E:DE22:3E03:537A:7B74
Program received signal SIGSEGV, Segmentation fault.
0x00007ffff716aaaa in vfprintf () from /lib/x86_64-linux-gnu/libc.so.6
(gdb) bt
#0 0x00007ffff716aaaa in vfprintf () from /lib/x86_64-linux-gnu/libc.so.6
#1 0x00007ffff7190512 in vsnprintf () from /lib/x86_64-linux-gnu/libc.so.6
#2 0x0000000000406ea3 in _logger_with_fileline (priority=priority@entry=3, fmt=fmt@entry=0x4092ea "Unable to bind (TCP): %s", file=file@entry=0x409233 "tcp_request.c", line=line@entry=418) at logger.c:58
#3 0x000000000040684b in tcp_listener_bind (c=c@entry=0x7fffffffe2b0) at tcp_request.c:418
#4 0x0000000000403831 in main (argc=<optimized out>, argv=0x7fffffffeab8) at main.c:428
(gdb) kill
Kill the program being debugged? (y or n) y
(gdb) quit
So from what I can see, it's crashing while trying to bind to the requested IP/Port AND failed to print an error message(?).
But there is no process listening on that IP/Port pair:
root@fvz-rec-hk-nt-01:~# ss -ln
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 2a03:f80:852:151:236:20:236:1:5353 :::*
LISTEN 0 128 151.236.20.236:5353 *:*
LISTEN 0 128 2a03:f80:852:151:236:20:236:1:1194 :::*
LISTEN 0 128 151.236.20.236:1194 *:*
LISTEN 0 128 2a03:f80:852:151:236:20:236:1:8080 :::*
LISTEN 0 128 151.236.20.236:8080 *:*
LISTEN 0 128 2a03:f80:852:151:236:20:236:1:53 :::*
LISTEN 0 128 151.236.20.236:53 *:*
LISTEN 0 128 ::1:53 :::*
LISTEN 0 128 127.0.0.1:53 *:*
LISTEN 0 128 2a03:f80:852:151:236:20:236:1:54 :::*
LISTEN 0 128 151.236.20.236:54 *:*
LISTEN 0 128 :::22 :::*
LISTEN 0 128 *:22 *:*
LISTEN 0 128 127.0.0.1:9050 *:*
LISTEN 0 128 2a03:f80:852:151:236:20:236:1:443 :::*
LISTEN 0 128 *:2812 *:*
LISTEN 0 128 2a03:f80:852:151:236:20:236:1:1053 :::*
LISTEN 0 128 151.236.20.236:1053 *:*
LISTEN 0 128 2a03:f80:852:151:236:20:236:1:27015 :::*
LISTEN 0 128 151.236.20.236:27015 *:*
root@fvz-rec-hk-nt-01:~# /usr/local/sbin/dnscrypt-wrapper -U -r 127.0.0.1:53 -a 151.236.20.236:443 --crypt-secretkey-file=/etc/dnscrypt-wrapper/crypt_secret.key --crypt-publickey-file=/etc/dnscrypt-wrapper/crypt_public.key --provider-cert-file=/etc/dnscrypt-wrapper/dnscrypt.cert --provider-name=2.fvz-rec-hk-nt-01.dnscrypt-cert.meo.ws -VV
V
[32088] 02 Jul 12:22:24.073 [info] [main.c:318] Crypt public key fingerprint: C311:BD17:3CE5:D12F:4CE8:033B:275A:DF44:7EAC:D207:32DB:FF6E:DE22:3E03:537A:7B74
[32088] 02 Jul 12:22:24.073 [warning] [debug.c:93] Crashed by signal: 11
[32088] 02 Jul 12:22:24.073 [warning] [debug.c:94] --- STACK TRACE
[32088] 02 Jul 12:22:24.073 [warning] [debug.c:96] Failed assertion: <no assertion failed> (<no file>:0)
[32088] 02 Jul 12:22:24.074 [warning] [debug.c:98] --- STACK TRACE
[0x407fd8]
/lib/x86_64-linux-gnu/libc.so.6(_IO_vfprintf+0x273a)[0x7f8200aa5aaa]
/lib/x86_64-linux-gnu/libc.so.6(_IO_vfprintf+0x273a)[0x7f8200aa5aaa]
/lib/x86_64-linux-gnu/libc.so.6(vsnprintf+0xa2)[0x7f8200acb512]
[0x406ea3]
[0x40684b]
[0x403831]
/lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xfd)[0x7f8200a7eead]
[0x403c9d]
Segmentation fault
But, this appears to only happen on this server with this IP and this Port only; other IPs or Ports seem to work fine:
root@fvz-rec-hk-nt-01:~# /usr/local/sbin/dnscrypt-wrapper -U -r 127.0.0.1:53 -a 151.236.20.236:12345 --crypt-secretkey-file=/etc/dnscrypt-wrapper/crypt_secret.key --crypt-publickey-file=/etc/dnscrypt-wrapper/crypt_public.key --provider-cert-file=/etc/dnscrypt-wrapper/dnscrypt.cert --provider-name=2.fvz-rec-hk-nt-01.dnscrypt-cert.meo.ws -
VVV
[32123] 02 Jul 12:28:54.848 [info] [main.c:318] Crypt public key fingerprint: C311:BD17:3CE5:D12F:4CE8:033B:275A:DF44:7EAC:D207:32DB:FF6E:DE22:3E03:537A:7B74
^C
root@fvz-rec-hk-nt-01:~# /usr/local/sbin/dnscrypt-wrapper -U -r 127.0.0.1:53 -a 151.236.20.236:12345 --crypt-secretkey-file=/etc/dnscrypt-wrapper/crypt_secret.key --crypt-publickey-file=/etc/dnscrypt-wrapper/crypt_public.key --provider-cert-file=/etc/dnscrypt-wrapper/dnscrypt.cert --provider-name=2.fvz-rec-hk-nt-01.dnscrypt-cert.meo.ws -VVV
[32124] 02 Jul 12:28:59.673 [info] [main.c:318] Crypt public key fingerprint: C311:BD17:3CE5:D12F:4CE8:033B:275A:DF44:7EAC:D207:32DB:FF6E:DE22:3E03:537A:7B74
^C
root@fvz-rec-hk-nt-01:~# /usr/local/sbin/dnscrypt-wrapper -U -r 127.0.0.1:53 -a 151.236.20.236:12345 --crypt-secretkey-file=/etc/dnscrypt-wrapper/crypt_secret.key --crypt-publickey-file=/etc/dnscrypt-wrapper/crypt_public.key --provider-cert-file=/etc/dnscrypt-wrapper/dnscrypt.cert --provider-name=2.fvz-rec-hk-nt-01.dnscrypt-cert.meo.ws -VVV
[32129] 02 Jul 12:29:01.920 [info] [main.c:318] Crypt public key fingerprint: C311:BD17:3CE5:D12F:4CE8:033B:275A:DF44:7EAC:D207:32DB:FF6E:DE22:3E03:537A:7B74
^C
Hi, I notice my router dnscrypt-proxy logs as followings ...
Sun Sep 10 07:30:47 2017 [INFO] Refetching server certificates
Sun Sep 10 07:30:47 2017 [ERROR] Unable to retrieve server certificates
Sun Sep 10 07:30:50 2017 [INFO] Refetching server certificates
Sun Sep 10 07:30:50 2017 [ERROR] Unable to retrieve server certificates
Sun Sep 10 07:30:56 2017 [INFO] Refetching server certificates
Sun Sep 10 07:30:56 2017 [ERROR] Unable to retrieve server certificates
Sun Sep 10 07:31:05 2017 [INFO] Refetching server certificates
Sun Sep 10 07:31:10 2017 [ERROR] Unable to retrieve server certificates
Sun Sep 10 07:31:22 2017 [INFO] Refetching server certificates
Sun Sep 10 07:31:22 2017 [ERROR] Unable to retrieve server certificates
Sun Sep 10 07:31:37 2017 [INFO] Refetching server certificates
Sun Sep 10 07:31:38 2017 [ERROR] Unable to retrieve server certificates
but, when I retry several times, it worked now.
I don't know why.
Thanks
I run the latest docker-image https://github.com/jedisct1/dnscrypt-server-docker on an Ubuntu server.
But the dnscrypt-wrapper is not able to generate some short-term keys or even a certificate (he short-term folder is empty).
When i try to generate them manually on the docker console i get:
./dnscrypt-wrapper --gen-crypt-keypair --crypt-secretkey-file=1.key
Generate crypt key pair...[3179] 16 Dec 07:17:19.460 [warning] [debug.c:93] Crashed by signal: 4
[3179] 16 Dec 07:17:19.460 [warning] [debug.c:94] --- STACK TRACE
[3179] 16 Dec 07:17:19.460 [warning] [debug.c:96] Failed assertion: <no assertion failed> (<no file>:0)
[3179] 16 Dec 07:17:19.460 [warning] [debug.c:98] --- STACK TRACE
[0x408528]
/opt/libsodium/lib/libsodium.so.18(+0x79c73)[0x7fbecf608c73]
/opt/libsodium/lib/libsodium.so.18(+0x79c73)[0x7fbecf608c73]
Illegal instruction (core dumped)
System:
dnscrypt-proxy's log reports error when trying to connect the dnscrypt-wrapper running inside a docker container( but through host's tcp port mapped)
the error message is : [ERROR] Unable to retrieve server certificates
so I tried running the dnscrypt-proxy directly inside the container too and it worked.
Now I am confused with this result. Is this docker's network mapping issue or some kind of restrictions with the dnscrypt itself.
[29615] 09 Aug 00:35:07.522 [debug] [udp_request.c:446] resolver to proxy cb
[29615] 09 Aug 00:35:07.522 [debug] [udp_request.c:487] Received a reply that doesn't match any active query
[29615] 09 Aug 00:35:07.522 [debug] [udp_request.c:446] resolver to proxy cb
[29615] 09 Aug 00:35:07.522 [debug] [udp_request.c:487] Received a reply that doesn't match any active query
[29615] 09 Aug 00:35:07.522 [debug] [udp_request.c:446] resolver to proxy cb
[29615] 09 Aug 00:35:07.522 [debug] [udp_request.c:487] Received a reply that doesn't match any active query
[29615] 09 Aug 00:35:07.522 [debug] [udp_request.c:446] resolver to proxy cb
[29615] 09 Aug 00:35:07.522 [debug] [udp_request.c:487] Received a reply that doesn't match any active query
Heya.
When my dnscrypt-wrapper suddenly crashed today I decided to dig deeper into the issue and noticed something strange: I noticed that doing a PTR lookup against the zone 10.29.96.63.in-addr.arpa
(which contains roughly 2k PTR records) over a secured dnscrypt link easily crashes dnscrypt-wrapper 0.2.1-1.g6ac9ae3
(6ac9ae3) with the following strace:
readv(11, [{"dgroupinc\300A\300\f\0\f\0\1\0\0\5\277\0\7\4kcdc\300A\300\f\0\f\0\1\0\0\5\277\0\20\rvictoriaplace\300A\300\f\0\f\0\1\0\0\5\277\0\r\nconwaymgmt\300A\300\f\0\f\0\1\0\0\5\277\0\f\tnew"..., 352}, {"ure\300A\300\f\0\f\0\1\0\0\5\277\0\36\33renaissancecollaborativeinc\300A\300\f\0\f\0\1\0\0\5\277\0\23\20choctawhopedevel\300A\300\f\0\f\0\1\0\0\5\277\0\16\vevagiord"..., 3744}], 2) = 4096
epoll_wait(4, {{EPOLLIN, {u32=11, u64=11}}}, 32, 9973) = 1
clock_gettime(CLOCK_MONOTONIC, {2158235, 555787530}) = 0
ioctl(11, FIONREAD, [4026]) = 0
readv(11, [{"ight\300A\300\f\0\f\0\1\0\0\5\277\0\20\rswhproperties\300A\300\f\0\f\0\1\0\0\5\277\0\n\7hmneinc\300A\300\f\0\f\0\1\0\0\5\277\0\23\20mendhamareasrhse\300A\300\f\0\f\0\1\0\0\5\277\0\t"..., 304}, {"c\300A\300\f\0\f\0\1\0\0\5\277\0\22\17jacksonpropcomp\300A\300\f\0\f\0\1\0\0\5\277\0\6\3sqa\300A\300\f\0\f\0\1\0\0\5\277\0\v\10montford\300A\300\f\0\f\0\1\0\0\5\277\0\f\thunterdon\300A\300"..., 3722}], 2) = 4026
epoll_ctl(4, EPOLL_CTL_DEL, 11, 7ffef153c6f0) = 0
write(1, "[5850] 09 Jul 10:11:21.385 [debug] [tcp_request.c:324] Resolver read callback.\n", 79) = 79
brk(0x1a35000) = 0x1a35000
read(3, "'\21B\250", 4) = 4
read(3, "V\2411w", 4) = 4
epoll_ctl(4, EPOLL_CTL_ADD, 10, {EPOLLOUT, {u32=10, u64=10}}) = 0
--- SIGSEGV {si_signo=SIGSEGV, si_code=SI_KERNEL, si_addr=0} ---
write(1, "[5850] 09 Jul 10:11:21.386 [warning] [debug.c:95] Crashed by signal: 11\n", 72) = 72
write(1, "[5850] 09 Jul 10:11:21.386 [warning] [debug.c:96] --- STACK TRACE\n", 66) = 66
write(1, "[5850] 09 Jul 10:11:21.386 [warning] [debug.c:98] Failed assertion: <no assertion failed> (<no file"..., 104) = 104
write(1, "[5850] 09 Jul 10:11:21.386 [warning] [debug.c:100] --- STACK TRACE\n", 67) = 67
open("/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 12
fstat(12, {st_mode=S_IFREG|0644, st_size=16850, ...}) = 0
mmap(NULL, 16850, PROT_READ, MAP_PRIVATE, 12, 0) = 0x7f1016c81000
close(12) = 0
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
open("/lib/x86_64-linux-gnu/libgcc_s.so.1", O_RDONLY|O_CLOEXEC) = 12
read(12, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\260*\0\0\0\0\0\0@\0\0\0\0\0\0\0000Y\1\0\0\0\0\0\0\0\0\0@\0008\0\6\0@\0\33\0\32\0\1\0\0\0\5\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0LT\1"..., 832) = 832
fstat(12, {st_mode=S_IFREG|0644, st_size=90096, ...}) = 0
mmap(NULL, 2185952, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 12, 0) = 0x7f10158f0000
mprotect(0x7f1015906000, 2093056, PROT_NONE) = 0
mmap(0x7f1015b05000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 12, 0x15000) = 0x7f1015b05000
close(12) = 0
munmap(0x7f1016c81000, 16850) = 0
futex(0x7f10160cc190, FUTEX_WAKE_PRIVATE, 2147483647) = 0
futex(0x7f1015b05850, FUTEX_WAKE_PRIVATE, 2147483647) = 0
--- SIGSEGV {si_signo=SIGSEGV, si_code=SI_KERNEL, si_addr=0} ---
+++ killed by SIGSEGV +++
Segmentation fault
GDB:
Starting program: /usr/local/src/dnscrypt-wrapper/dnscrypt-wrapper -U -r 127.0.0.1:53 -a 185.121.177.177:443 --crypt-secretkey-file=/etc/dnscrypt-wrapper/crypt_secret.key --provider-secretkey-file=/etc/dnscrypt-wrapper/secret.key --provider-publickey-file=/etc/dnscrypt-wrapper/public.key --provider-cert-file=/etc/dnscrypt-wrapper/dnscrypt.cert --provider-name=2.dnscrypt-cert.dnsrec.meo.ws
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
Program received signal SIGSEGV, Segmentation fault.
0x0000000000406f69 in resolver_proxy_read_cb (proxy_resolver_bev=0x60fd00, tcp_request_=0x60f930) at tcp_request.c:368
368 if (bufferevent_write(tcp_request->client_proxy_bev,
(gdb) bt
#0 0x0000000000406f69 in resolver_proxy_read_cb (proxy_resolver_bev=0x60fd00, tcp_request_=0x60f930) at tcp_request.c:368
#1 0xb5576419f14aedcd in ?? ()
#2 0x34266dc62a3382cb in ?? ()
#3 0x01a17f2c705b53ea in ?? ()
#4 0x81ec1f30a063ecd3 in ?? ()
#5 0x4163b2dafaa4a4a8 in ?? ()
#6 0x55bc841f26efbbdf in ?? ()
#7 0xef2a7c0aed7ddf99 in ?? ()
#8 0xa6190d18a66a9176 in ?? ()
#9 0xeb15ed989a1b5ac3 in ?? ()
#10 0x8da1bf09160c4727 in ?? ()
#11 0x96376e18e63672e0 in ?? ()
#12 0x980352867fa50cbb in ?? ()
#13 0xe46b3866037c8266 in ?? ()
#14 0x121b1c3d474adbe7 in ?? ()
#15 0xb29599bb498b8c34 in ?? ()
#16 0x358b9dff13200f36 in ?? ()
#17 0xc11a24a9502a5fa5 in ?? ()
#18 0x6ae6412d06310f3c in ?? ()
#19 0xeca37448351df131 in ?? ()
#20 0x0000000000000000 in ?? ()
Client side args:
dnscrypt-proxy
-a 127.123.45.0
-N 2.dnscrypt-cert.dnsrec.meo.ws
-k 1A6A:D0A3:2B4C:5A61:A695:D153:670D:69AB:1690:3F9E:C3F7:F64F:13E5:35A3:18B2:28A5
-r 185.121.177.177
[6446] 13 Jun 08:50:05.369 [debug] [udp_request.c:381] Unauthenticated query received over UDP
[6446] 13 Jun 08:50:16.381 [debug] [udp_request.c:308] client to proxy cb
[6446] 13 Jun 08:50:16.381 [debug] [udp_request.c:381] Unauthenticated query received over UDP
[6446] 13 Jun 08:50:21.385 [debug] [udp_request.c:308] client to proxy cb
[6446] 13 Jun 08:50:21.385 [debug] [udp_request.c:381] Unauthenticated query received over UDP
[6446] 13 Jun 08:50:26.391 [debug] [udp_request.c:308] client to proxy cb
[6446] 13 Jun 08:50:26.391 [debug] [udp_request.c:381] Unauthenticated query received over UDP
[6446] 13 Jun 08:50:40.353 [debug] [udp_request.c:308] client to proxy cb
[6446] 13 Jun 08:50:40.353 [debug] [udp_request.c:381] Unauthenticated query received over UDP
[6446] 13 Jun 08:50:45.403 [debug] [udp_request.c:308] client to proxy cb
[6446] 13 Jun 08:50:45.403 [debug] [udp_request.c:381] Unauthenticated query received over UDP
[6446] 13 Jun 08:50:50.415 [debug] [udp_request.c:308] client to proxy cb
[6446] 13 Jun 08:50:50.415 [debug] [udp_request.c:381] Unauthenticated query received over UDP
[6446] 13 Jun 08:51:07.433 [debug] [udp_request.c:308] client to proxy cb
[6446] 13 Jun 08:51:07.433 [debug] [udp_request.c:381] Unauthenticated query received over UDP
Hi all,
I'm sniffing around dnscrypt and have a proof of concept (dnscrypt-proxy + dnscrypt-wrapper) working, but I'd love to add client authentication to it. I see this mentioned in various places as a means of having a dnscrypt "server" be able to identify clients that are authorized to query it. But I can't find much documentation about how this works or how to set it up.
is that something that dnscrypt-wrapper supports? if so, is there any docs (or hints?) on how to generate an appropriate key to use on authorized clients?
Thanks!
Joel
Saw this today. Is this just a precautionary warning or there is impact on dnscrypt-wrapper?
Bonus (perhaps related) question: what enables support for xchacha20?
By your compilation instruction, where can I find the ./configure? may you miss this file in your git source?
Hi,
my dnscrypt-wrapper crashed today. Sadly, I don't have a core dump or any logs. Haven't found anything in the system logs.
It's been up since Oct 20th or something. I'm going to enable core dumps and see if I catch it again, I don't thing it's OOM, probably something else.
Will keep you posted if I find anything.
While there may be situations where you would not start dnscrypt-wrapper as the root user, in most of the use cases I can imagine you would. Supporting this, the --listen-address option defaults to port 53 (which requires root to bind to) and I believe the --user option can only be used if you launch as root. Because of this, would it make more sense for dnscrypt-wrapper to install into the "sbin" directory rather than "bin"?
[root@centos dnscrypt-wrapper]# make
CC dnscrypt.o
In file included from dnscrypt.c:1:
dnscrypt.h:6:26: warning: event2/event.h: No such file or directory
dnscrypt.h:7:29: warning: event2/listener.h: No such file or directory
dnscrypt.h:8:32: warning: event2/bufferevent.h: No such file or directory
dnscrypt.h:9:27: warning: event2/buffer.h: No such file or directory
dnscrypt.h:10:25: warning: event2/util.h: No such file or directory
In file included from dnscrypt.h:74,
from dnscrypt.c:1:
udp_request.h:24: error: expected specifier-qualifier-list before 'evutil_socket_t'
In file included from dnscrypt.c:1:
dnscrypt.h:92: error: expected specifier-qualifier-list before 'ev_socklen_t'
dnscrypt.c: In function 'dnscrypt_hrtime':
dnscrypt.c:26: warning: implicit declaration of function 'evutil_gettimeofday'
dnscrypt.c: In function 'dnscrypt_key_to_fingerprint':
dnscrypt.c:45: warning: implicit declaration of function 'evutil_snprintf'
dnscrypt.c: In function 'dnscrypt_server_uncurve':
dnscrypt.c:186: error: 'struct context' has no member named 'crypt_secretkey'
dnscrypt.c: In function 'add_server_nonce':
dnscrypt.c:224: error: 'struct context' has no member named 'nonce_ts_last'
dnscrypt.c:225: error: 'struct context' has no member named 'nonce_ts_last'
dnscrypt.c:227: error: 'struct context' has no member named 'nonce_ts_last'
dnscrypt.c: In function 'dnscrypt_server_curve':
dnscrypt.c:266: error: 'struct context' has no member named 'crypt_secretkey'
make: *** [dnscrypt.o] Error 1
I made a patch to add option --gen-cert-file-days to specify certificate validity other then 365 days.
One example is setting it for 3 or 5 years.
Another is experimenting with short numbers of days.
I've got it ready and tested, but I've just have one question: If you think this is a good feature, shall we allow <= 0 validity in days? i.e. to generate a cert that's already expired (for testing) ?
嘿, 我发现如果一段时间不使用设备连接 dnscrypt-wrapper 解析 DNS, 稍后再用的时候, 常常打不开网页,
然后, 用 dig 发现, 是域名解析不可用.
这时候, 需要重启下 dnscrypt-wrapper 服务, 然后就好了.
下面是服务器和客户端命令示例:
客户端:
#!/bin/sh
ENABLED=yes
PROCS=dnscrypt-proxy
ARGS="-T -a 127.0.0.1:65053 -r 123.123.123.123:22335 -N 2.dnscrypt-cert.domain.com -k 3750:AED7:CEAB:DA91:137A:AFCD:3330:AEAA:2FEB:22AB:07FB:KVCE:3E72:31A3:5F1E:FE78"
PREARGS=""
DESC=$PROCS
PATH=/opt/sbin:/opt/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
. /opt/etc/init.d/rc.func
服务器:
/usr/sbin/dnscrypt-wrapper \
-r 8.8.4.4:53 \
-a 0.0.0.0:22335 \
--provider-name=2.dnscrypt-cert.domain.com \
--crypt-secretkey-file=/root/.dnskey/1.key \
--provider-cert-file=/root/.dnskey/1.cert \
-d \
-VVV \
-l /tmp/dnscrypt-wrapper.log
谢谢.
Opening this task for more visibility. @cofyc more detail available in DNSCrypt/dnscrypt-proxy#503
Hi!
Version 0.2.2 was released a while back, and quite a lot of things happened since.
XChaCha20 support would be good to have, especially since Unbound just added support for it.
Do you think you could tag version 0.3.0 soon?
我的系统是Centos 6 x86,根据http://03k.org/dnscrypt-wrapper-usage.html进行的操作。但是在命令行执行dnscrypt-wrapper --gen-crypt-keypair,显示如下:
Generate crypt key pair... ok.
Secret key stored in crypt_secret.key
无法生成crypt_public.key 。请各位朋友帮忙分析一下。
Recently, the first certificate that I created with dnscrypt-wrapper expired, causing dnscrypt-proxy to refuse to speak to it. I fixed the problem by removing the following files:
rm crypt_public.key crypt_secret.key dnscrypt.cert
This left only public.key
and secret.key
. I then re-generated them with the following commands:
dnscrypt-wrapper --gen-crypt-keypair
dnscrypt-wrapper --crypt-secretkey-file crypt_secret.key --provider-publickey-file=public.key --provider-secretkey-file=secret.key --gen-cert-file
This seemed to work, but I wanted to check and see if this was the correct way to do this?
Hello!
Thank you for programm!
I try to run 2 instances of dnscrypt-wrapper, but get this message:
[err] [udp_request.c:536] Unable to bind (UDP) [Address already in use] for second instance.
How I can swith to a new configuration with zero downtime?
If I set a different listening port for dnscrypt-wrapper - clients don't know the new port.
Ubuntu 10.04.3 LTS
dnscrypt-wrapper --version
dnscrypt-wrapper 0.2.2.g6136535
Hi Guys,
Sorry to bother you all but I have been trying to figure out what the correct way to generate the fingerprint for my new OpenNIC/DNSCRYPT bind server record.
When I created the keys, it generated the records for tinydns and also nsd but looking at the records they generated they are not the same (content wise) which I half expected it just be the syntax thats different, but this doesn't appear to be so. If it was the same, then I would of just created a usual TXT record in bind and then the job would be done but they are nothing really similar which surprised me.
Could someone please be so kind and give me a hint on what I need to do to create/generate the TXT or SRV records needed. Thank you.
p.s. I know that: $ dnscrypt-wrapper --show-provider-publickey-fingerprint --provider-publickey-file generates the fingerprint from the key file, but how to generate the code/syntax for bind type of record. Thank you.
Following is a example
/usr/sbin/dnscrypt-wrapper \
-r 8.8.4.4:53 \
-a 0.0.0.0:22335 \
--provider-name=2.dnscrypt-cert.domain.com \
--crypt-secretkey-file=/root/.dnskey/1.key \
--provider-cert-file=/root/.dnskey/1.cert \
-d \
-VVV \
-l /tmp/dnscrypt-wrapper.log
It worked when invoked from terminal in VPS, but, when start with
systemctl, it failed.
I am attempting to build on openbsd 5.7 following the instructions provided however, I get the following error.
Makefile:189: recipe for target 'dnscrypt.o' failed
gmake: *** [dnscrypt.o] Error 1
有没有遇到过这种情况,就是刚刚启动还可以正常解析,一段时间请求没有反应,也没有log打出,重启后正常
tcpdump抓包是有包发送到端口的,有没有什么方法可以打出更加详细的日志,已经加上-VVV了
我这里CentOS7 启动一段时间后必现
Linux li1439-167 4.1.5-x86_64 x86_64 x86_64 x86_64 GNU/Linux
I am trying to install dnscrypt-wrapper but every 0.1.15 releases hits on this error:
git submodule update --init argparse
make: git: Command not found
make: *** [argparse/argparse.h] Error 127
but with git clone
everything works fine.
Any idea for 0.1.15 releases ?
Thanks in advance
DNSCrypt-proxy 1.6.0
[ERROR] Unsupported server protocol version
while wrapper using this --resolver-address=203.80.96.10, client lookup fbcdn-profile-a.akamaihd.net return Name or service not known .
change to --resolver-address=8.8.8.8 work fine,
and 'nslookup fbcdn-profile-a.akamaihd.net 203.80.96.10' on server site work fine too
Any chance we can get DNS over TLS for upstream servers?
I've tried making out from the source code what's happening, but I had to give up. The only thing I can make out from the logs is that it dies on the message "resolver read callback".
I'm seeing this randomly happen on A lookups regardless of the host being cached or not and with the same hostname lookup sometimes causing a crash and sometimes not.
I'm suspecting some sort of client compatibility issue.
DNS server: BIND 9.8.4-rpz2+rl005.12-P1
Clients: Well, it's public so I cant answer that.
Linux kernel: 2.6.32-042stab079.6
Let me know if you'd like more info.
Greetings,
It seems the jedisct1/dnscrypt-proxy project was recently archived, making it read-only. A couple months ago jedisct1 created an issue asking for new maintainers but nobody seemed willing or able to take over ownership. The most pressing issue right now is probably that the public resolver list can no longer be updated and clients may end up trying to access dead or changed servers.
I have created an issue here on my fork in an attempt to create a place for users to discuss the future of the project (since a new issue obviously can not be opened on the original project page). If anyone has a better idea or is able to contact jedisct1 I am all ears. Hopefully opening an issue here doesn't seem like an overreaction, I just don't know of another way to locate dnscrypt-proxy users and discuss the future of the project.
If this is really an inappropriate place to look for help please accept my sincere apologies.
Snork.
New git version compile on Windows10 + cygwin64 will cause error:
error: �±SA_ONSTACK�² undeclared (first use in this function)
Fix:
add
#ifdef __CYGWIN__
#ifndef SA_ONSTACK
#define SA_ONSTACK 0x08000000
#endif
#endif
to debug.c
from: redis/redis#232
Trying to make request for certificate and getting it back. Looks like it is not supported yet?
DNSCrypt/dnscrypt-proxy#374
你好,我部署好dnscrypt-wrapper之后,用dnscrypt-proxy来测试,出现
[ERROR] Suspicious certificate received
[ERROR] No useable certificates found
的报错,请问是哪里出问题了?
部署过程是按照readme操作的,之后能够运行,ps -A看的到进程。
生成证书密钥的过程都很正常。
[root@localhost bin]# ./dnscrypt-wrapper --gen-provider-keypairGenerate provider key pair... ok.
Public key fingerprint: 2937:B40E:1B3C:8C09:DCD2:CA6E:71BC:BB4E:FA5C:FDE1:B3B9:273A:B279:F841:9B21:AFB6
Keys are stored in public.key & secret.key.
[root@localhost bin]# ./dnscrypt-wrapper --gen-crypt-keypair
Generate crypt key pair... ok.
Keys are stored in crypt_public.key & crypt_secret.key.
[root@localhost bin]# ./dnscrypt-wrapper --crypt-secretkey-file crypt_secret.key --crypt-publickey-file=crypt_public.key --provider-publickey-file=public.key --provider-secretkey-file=secret.key --gen-cert-file
[32115] 14 Sep 17:03:56.796 [notice] Generating pre-signed certificate.
[32115] 14 Sep 17:03:56.797 [notice] TXT record for signed-certificate:
[32115] 14 Sep 17:03:56.797 [notice] Certificate stored in dnscrypt.cert.
[root@localhost bin]# dig txt 2.dnscrypt-cert.ntr.cu.cc
; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> txt 2.dnscrypt-cert.ntr.cu.cc
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 15606
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; MBZ: 0005 , udp: 4096
;; QUESTION SECTION:
;2.dnscrypt-cert.ntr.cu.cc. IN TXT
;; ANSWER SECTION:
2.dnscrypt-cert.ntr.cu.cc. 5 IN TXT "DNSC\000\001\000\000\144\139\158\240i\248\010\186g\222\156\136\132Xo@\135c\252\157\245\163\162\159\173e\155N\005\206\153\137\002F\208\183\024\134G\169x\225o\2216\021'\160U\127\003\224\190\215\251\228o\173s\172\248\015\005\144\139\158\240i\248\010\186g" "\222\156\136\132Xo@\135c\252\157\245\163\162\159\173e\155N\005\206\153\137\002F\208\183\024\134G\169x\225o\2216\021'\160U\127\003"
;; Query time: 306 msec
;; SERVER: 192.168.30.2#53(192.168.30.2)
;; WHEN: 日 9月 14 17:06:07 CST 2014
;; MSG SIZE rcvd: 192
[root@localhost bin]# ./dnscrypt-wrapper -r 8.8.8.8:53 -a 0.0.0.0:3762 --crypt-secretkey-file=crypt_secret.key --crypt-publickey-file=crypt_public.key --provider-cert-file=dnscrypt.cert --provider-name=2.dnscrypt-cert.ntr.cu.cc -VV
[32158] 14 Sep 17:07:56.434 [info] Crypt public key fingerprint: 7C34:22B2:EF89:B3C4:183B:8945:18F3:1260:A66D:477A:78C2:765C:5508:A955:E683:8D38
dig查看了txt记录得知已生效,另开终端窗口用dnscrypt-proxy进行测试:
[root@localhost ~]# dnscrypt-proxy -a 127.0.0.1:55 --provider-name=2.dnscrypt-cert.ntr.cu.cc -r 192.168.30.128:3762 --provider-key=2937:B40E:1B3C:8C09:DCD2:CA6E:71BC:BB4E:FA5C:FDE1:B3B9:273A:B279:F841:9B21:AFB6
[NOTICE] Starting dnscrypt-proxy 1.4.0
[INFO] Initializing libsodium for optimal performance
[INFO] Generating a new key pair
[INFO] Done
[ERROR] Suspicious certificate received
[ERROR] No useable certificates found
[INFO] Refetching server certificates
[ERROR] Suspicious certificate received
[ERROR] No useable certificates found
[INFO] Refetching server certificates
[ERROR] Suspicious certificate received
[ERROR] No useable certificates found
[INFO] Refetching server certificates
[ERROR] Suspicious certificate received
[ERROR] No useable certificates found
^C
dnscrypt-wrapper的IP用127.0.0.1和局域网的IP都试过结果相同。
在运行dnscrypt-wrapper的窗口可以看到log,
[root@localhost bin]# ./dnscrypt-wrapper -r 8.8.8.8:53 -a 0.0.0.0:3762 --crypt-secretkey-file=crypt_secret.key --crypt-publickey-file=crypt_public.key --provider-cert-file=dnscrypt.cert --provider-name=2.dnscrypt-cert.ntr.cu.cc -VV
[32517] 14 Sep 17:18:23.834 [info] Crypt public key fingerprint: 7C34:22B2:EF89:B3C4:183B:8945:18F3:1260:A66D:477A:78C2:765C:5508:A955:E683:8D38
[32517] 14 Sep 17:33:53.962 [debug] client to proxy cb
[32517] 14 Sep 17:33:58.968 [debug] client to proxy cb
[32517] 14 Sep 17:34:03.973 [debug] client to proxy cb
[32517] 14 Sep 17:34:09.980 [debug] client to proxy cb
[32517] 14 Sep 17:34:14.986 [debug] client to proxy cb
[32517] 14 Sep 17:34:19.990 [debug] client to proxy cb
[32517] 14 Sep 17:34:27.999 [debug] client to proxy cb
[32517] 14 Sep 17:34:33.003 [debug] client to proxy cb
[32517] 14 Sep 17:34:38.009 [debug] client to proxy cb
[32517] 14 Sep 17:34:56.137 [debug] client to proxy cb
[32517] 14 Sep 17:34:57.140 [debug] client to proxy cb
[32517] 14 Sep 17:35:00.144 [debug] client to proxy cb
[32517] 14 Sep 17:35:06.154 [debug] client to proxy cb
[32517] 14 Sep 17:35:15.164 [debug] client to proxy cb
[32517] 14 Sep 17:35:27.169 [debug] client to proxy cb
[32517] 14 Sep 17:35:42.190 [debug] client to proxy cb
[32517] 14 Sep 17:36:00.210 [debug] client to proxy cb
之前在一台VPS上测试得到的结果也是这样,通过Win客户端dnscrypt-proxy.exe的test参数来测试也一样。
对了,在dnscrypt-wrapper安装的make环节,出现了两个警告,不知含义,可能以上问题与其有关。
[root@localhost dnscrypt-wrapper]# make
CC dnscrypt.o
CC udp_request.o
CC tcp_request.o
CC edns.o
CC logger.o
CC rfc1035.o
CC safe_rw.o
CC cert.o
cert.c: 在函数‘cert_display_txt_record_tinydns’中:
cert.c:76:18: 警告:iteration 4ul invokes undefined behavior [-Waggressive-loop-optimizations]
c = (int)(signed_cert->magic_cert + i);
^
cert.c:75:11: 附注:containing loop
while (i < sizeof(struct SignedCert)) {
^
cert.c: 在函数‘cert_display_txt_record’中:
cert.c:96:18: 警告:iteration 4ul invokes undefined behavior [-Waggressive-loop-optimizations]
c = (int)(signed_cert->magic_cert + i);
^
cert.c:95:11: 附注:containing loop
while (i < sizeof(struct SignedCert)) {
^
CC pidfile.o
CC main.o
make[1]: 进入目录“/root/dnscrypt-wrapper/argparse”
cc -o argparse.o -c -Wall -O3 -g -ggdb -fPIC argparse.c
ar rcs libargparse.a argparse.o
make[1]: 离开目录“/root/dnscrypt-wrapper/argparse”
LINK dnscrypt-wrapper
环境都是CentOS,安装了必要的libevent和libsodium,dnscrypt-wrapper版本0.1.10,dnscrypt-proxy版本1.4.0。
你好!我部署好服务器端后,用dnscrypt-proxy --test参数测试出现unsupported server protocol version,请问有办法解决吗?
Hi,
I'm trying to build this on OpenBSD 5.5, using a similar command to your instructions for FreeBSD. It seems to be failing during linking:
# gmake LDFLAGS='-L/usr/local/include/event2 -L/usr/local/lib' CFLAGS=-I/usr/local/include
LINK dnscrypt-wrapper
rfc1035.o(.text+0x7d0): In function `extract_name':
: warning: sprintf() is often misused, please use snprintf()
udp_request.o(.text+0x43): In function `udp_request_kill':
: undefined reference to `event_get_callback_arg'
udp_request.o(.text+0x57): In function `udp_request_kill':
: undefined reference to `event_free'
udp_request.o(.text+0x73): In function `udp_request_kill':
: undefined reference to `event_free'
udp_request.o(.text+0x19c): In function `udp_listener_stop':
: undefined reference to `event_free'
udp_request.o(.text+0x1fe): In function `udp_listener_start':
: undefined reference to `event_new'
udp_request.o(.text+0x24b): In function `udp_listener_start':
: undefined reference to `event_new'
udp_request.o(.text+0x399): In function `sendto_with_retry':
: undefined reference to `event_get_callback_arg'
udp_request.o(.text+0x419): In function `sendto_with_retry':
: undefined reference to `event_new'
udp_request.o(.text+0x475): In function `sendto_with_retry':
: undefined reference to `event_get_callback_arg'
udp_request.o(.text+0x4e8): In function `sendto_with_retry':
: undefined reference to `event_free'
udp_request.o(.text+0x517): In function `sendto_with_retry':
: undefined reference to `event_get_callback_arg'
udp_request.o(.text+0x668): In function `resolver_to_proxy_cb':
: undefined reference to `evutil_sockaddr_cmp'
udp_request.o(.text+0x81f): In function `sendto_with_retry_timer_cb':
: undefined reference to `event_get_fd'
udp_request.o(.text+0xcde): In function `client_to_proxy_cb':
: undefined reference to `event_new'
udp_request.o(.text+0xf38): In function `udp_listener_bind':
: undefined reference to `evutil_make_socket_closeonexec'
udp_request.o(.text+0xfc0): In function `udp_listener_bind':
: undefined reference to `evutil_make_socket_closeonexec'
udp_request.o(.text+0x101a): In function `udp_listener_bind':
: undefined reference to `evutil_closesocket'
udp_request.o(.text+0x104f): In function `udp_listener_bind':
: undefined reference to `evutil_closesocket'
tcp_request.o(.text+0x31): In function `tcp_accept_error_cb':
: undefined reference to `evconnlistener_disable'
tcp_request.o(.text+0x79): In function `tcp_accept_error_cb':
: undefined reference to `event_new'
tcp_request.o(.text+0x9c): In function `tcp_accept_timer_cb':
: undefined reference to `event_free'
tcp_request.o(.text+0xee): In function `tcp_request_kill':
: undefined reference to `event_free'
tcp_request.o(.text+0x2a0): In function `tcp_connection_cb':
: undefined reference to `bufferevent_socket_new'
tcp_request.o(.text+0x2c3): In function `tcp_connection_cb':
: undefined reference to `bufferevent_socket_new'
tcp_request.o(.text+0x31d): In function `tcp_connection_cb':
: undefined reference to `event_new'
tcp_request.o(.text+0x395): In function `tcp_connection_cb':
: undefined reference to `bufferevent_socket_connect'
tcp_request.o(.text+0x404): In function `tcp_connection_cb':
: undefined reference to `evutil_closesocket'
tcp_request.o(.text+0x465): In function `proxy_resolver_event_cb':
: undefined reference to `bufferevent_getfd'
tcp_request.o(.text+0x50c): In function `tcp_listener_stop':
: undefined reference to `evconnlistener_free'
tcp_request.o(.text+0x576): In function `tcp_listener_start':
: undefined reference to `evconnlistener_enable'
tcp_request.o(.text+0x64e): In function `tcp_listener_bind':
: undefined reference to `evconnlistener_new_bind'
tcp_request.o(.text+0x662): In function `tcp_listener_bind':
: undefined reference to `evconnlistener_disable'
tcp_request.o(.text+0x679): In function `tcp_listener_bind':
: undefined reference to `evconnlistener_set_error_cb'
tcp_request.o(.text+0x6a6): In function `tcp_listener_bind':
: undefined reference to `evconnlistener_free'
tcp_request.o(.text+0x704): In function `resolver_proxy_read_cb':
: undefined reference to `bufferevent_get_input'
tcp_request.o(.text+0x777): In function `resolver_proxy_read_cb':
: undefined reference to `evbuffer_get_length'
tcp_request.o(.text+0x78d): In function `resolver_proxy_read_cb':
: undefined reference to `evbuffer_pullup'
tcp_request.o(.text+0x834): In function `resolver_proxy_read_cb':
: undefined reference to `evbuffer_get_length'
tcp_request.o(.text+0x964): In function `client_proxy_read_cb':
: undefined reference to `bufferevent_get_input'
tcp_request.o(.text+0x98f): In function `client_proxy_read_cb':
: undefined reference to `evbuffer_get_length'
tcp_request.o(.text+0xa7e): In function `client_proxy_read_cb':
: undefined reference to `evbuffer_remove_buffer'
tcp_request.o(.text+0xb86): In function `client_proxy_read_cb':
: undefined reference to `evbuffer_get_length'
tcp_request.o(.text+0xb4): In function `tcp_accept_timer_cb':
: undefined reference to `evconnlistener_enable'
main.o(.text+0x17e): In function `sockaddr_from_ip_and_port':
: undefined reference to `evutil_parse_sockaddr_port'
main.o(.text+0x214): In function `sockaddr_from_ip_and_port':
: undefined reference to `evutil_parse_sockaddr_port'
collect2: ld returned 1 exit status
Makefile:181: recipe for target 'dnscrypt-wrapper' failed
gmake: *** [dnscrypt-wrapper] Error 1
Both libsodium and libevent2 are installed, as well as gmake and autoconf.
Thanks.
The documentation says to use this syntax when allowing both old and new key to work temporarily.
dnscrypt-wrapper --resolver-address=8.8.8.8:53 --listen-address=0.0.0.0:443
--provider-name=2.dnscrypt-cert.yechengfu.com
--crypt-secretkey-file=1.key,2.key --provider-cert-file=2.cert
This worked fine in 1.2.0
I upgraded to 1.3.0 and now that syntax generates this error.
[24984] 17 Aug 05:30:28.290 [err] [main.c:287] could not match secret key 1 with a certificate.
I can successfully start by specifying both certificates like so.
dnscrypt-wrapper --resolver-address=8.8.8.8:53 --listen-address=0.0.0.0:443
--provider-name=2.dnscrypt-cert.yechengfu.com
--crypt-secretkey-file=1.key,2.key --provider-cert-file=1.cert,2.cert
I dont know if this actually wont break anything tho.
So either there is a bug or documentation needs updating.
Hello,
It appears that the text in the COPYING file exactly matches the ISC license, but the release notes for v0.2.2 instead say that this project switched from the GPLv2 license to BSD 0-Clause. That seems incorrect, since the BSD 0-Clause license doesn't require the copying of the copyright and permission notices, but COPYING (and the ISC license) do. So, am I correct that the release note mentioning BSD 0-Clause is just an error, and that this project is instead released under the ISC license?
I ask only because I maintain the FreeBSD port of your project, and FreeBSD requires that I identify the license of your code, so I wanted to make sure that ISC is correct. Thanks for your help, and for all your work!
Hi,
I updated today to the last version and tried to start dnscrypt-wrapper 4 times on 4 different ports...
Two times it's running but 3 times i got this issue... And yes there are only 4 ports...
[ 429.524058] dnscrypt-wrappe[4965]: segfault at 91 ip 00000000004044bd sp 00007fff19fd6020 error 4 in dnscrypt-wrapper[400000+a000]
[ 431.519669] dnscrypt-wrappe[4963]: segfault at 90 ip 00000000004044bd sp 00007fffbb460970 error 4 in dnscrypt-wrapper[400000+a000]
[ 484.112097] dnscrypt-wrappe[4977]: segfault at 91 ip 00000000004044bd sp 00007fff13188bb0 error 4 in dnscrypt-wrapper[400000+a000]
Ello,
I've been trying to setup dnscrypt-wrapper on my server, followed the instructions from the README.
Problem is, I get the error [ERROR] Unable to retrieve server certificate
when I try to connect with dnscrypt-proxy...
After I followed all the instructions I did this:
dnscrypt-wrapper -r 127.0.0.1:5333 -a 128.199.56.201:4434 --crypt-secretkey-file=secret.key --crypt-publickey-file=public.key --provider-cert-file=dnscrypt.cert --provider-name=2.dnscrypt-cert.megalicious.org -V
It gives me the crypt public key fingerprint, but nothing more.
Then, I try to connect with dnscrypt-proxy:
dnscrypt-proxy -a 127.0.0.1:5333 --resolver-address=128.199.56.201:4434 --provider-name 2.dnscrypt-cert.megalicious.org -r 127.0.0.1:54 --provider-key=8EAE:E1C1:2C9A:F21E:F3C6:A070:B54D:4161:9ACE:61CF:515D:B337:97C0:8B06:1C4D:26E5
Which outputs:
[NOTICE] Starting dnscrypt-proxy 1.4.1
[INFO] Initializing libsodium for optimal performance
[INFO] Generating a new key pair
[INFO] Done
[ERROR] Unable to retrieve server certificates
[INFO] Refetching server certificates
And it keeps repeating the last 2 lines.
dig 2.dnscrypt-cert.megalicious.org txt
gives:
; <<>> DiG 9.9.2-P2 <<>> 2.dnscrypt-cert.megalicious.org txt
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4337
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 3
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1280
;; QUESTION SECTION:
;2.dnscrypt-cert.megalicious.org. IN TXT
;; ANSWER SECTION:
2.dnscrypt-cert.megalicious.org. 552 IN TXT "DNSC0000010000002019178132179011163x143151244224p1820312521209225A203138M020g172h127175$215217189>+A 150157xu237034009159*0040112150012480341651709173&s1752091450092500041271380180011241252226x128202234=177168211016U-155029147137j007V135199024243`T7PYqwfz" "t0001TZU|V\;136252"
;; AUTHORITY SECTION:
megalicious.org. 3648 IN NS ns3176.dns.dyn.com.
megalicious.org. 3648 IN NS ns1129.dns.dyn.com.
megalicious.org. 3648 IN NS ns2137.dns.dyn.com.
megalicious.org. 3648 IN NS ns4149.dns.dyn.com.
;; ADDITIONAL SECTION:
ns1129.dns.dyn.com. 64284 IN A 208.76.58.129
ns2137.dns.dyn.com. 166875 IN A 208.76.59.137
;; Query time: 15 msec
;; SERVER: 192.168.1.1#53(192.168.1.1)
;; WHEN: Wed Nov 5 18:46:21 2014
;; MSG SIZE rcvd: 473
Where could I have done wrong? I suppose it's something obvious because I'm rather new to this subject...
执行 make install 后提示错误
make[1]: Entering directory /root/dnscrypt-wrapper/argparse' cc -o argparse.o -c -Wall -O3 -g -ggdb -fPIC argparse.c ar rcs libargparse.a argparse.o make[1]: Leaving directory
/root/dnscrypt-wrapper/argparse'
LINK dnscrypt-wrapper
udp_request.o: In function udp_request_kill': udp_request.c:(.text+0x3f): undefined reference to
event_get_callback_arg'
udp_request.c:(.text+0x50): undefined reference to event_free' udp_request.c:(.text+0x66): undefined reference to
event_free'
udp_request.o: In function udp_listener_stop': udp_request.c:(.text+0x5ec): undefined reference to
event_free'
udp_request.o: In function udp_listener_start': udp_request.c:(.text+0x658): undefined reference to
event_new'
udp_request.c:(.text+0x69b): undefined reference to event_new' udp_request.o: In function
sendto_with_retry':
udp_request.c:(.text+0x7aa): undefined reference to event_get_callback_arg' udp_request.c:(.text+0x83d): undefined reference to
event_get_callback_arg'
udp_request.c:(.text+0x873): undefined reference to event_free' udp_request.c:(.text+0x8cb): undefined reference to
event_get_callback_arg'
udp_request.c:(.text+0x933): undefined reference to event_new' udp_request.o: In function
resolver_to_proxy_cb':
udp_request.c:(.text+0xa9a): undefined reference to evutil_sockaddr_cmp' udp_request.o: In function
sendto_with_retry_timer_cb':
udp_request.c:(.text+0xdac): undefined reference to event_get_fd' udp_request.o: In function
client_to_proxy_cb':
udp_request.c:(.text+0x10e1): undefined reference to event_new' udp_request.o: In function
udp_listener_bind':
udp_request.c:(.text+0x1787): undefined reference to evutil_make_socket_closeonexec' udp_request.c:(.text+0x17e5): undefined reference to
evutil_make_socket_closeonexec'
udp_request.c:(.text+0x183a): undefined reference to evutil_closesocket' udp_request.c:(.text+0x1881): undefined reference to
evutil_closesocket'
tcp_request.o: In function tcp_listener_start': tcp_request.c:(.text+0x11): undefined reference to
evconnlistener_enable'
tcp_request.o: In function tcp_listener_bind': tcp_request.c:(.text+0x112): undefined reference to
evconnlistener_new'
tcp_request.c:(.text+0x12a): undefined reference to evconnlistener_disable' tcp_request.c:(.text+0x13f): undefined reference to
evconnlistener_set_error_cb'
tcp_request.c:(.text+0x170): undefined reference to evconnlistener_free' tcp_request.o: In function
tcp_accept_error_cb':
tcp_request.c:(.text+0x22c): undefined reference to evconnlistener_disable' tcp_request.c:(.text+0x277): undefined reference to
event_new'
tcp_request.o: In function tcp_accept_timer_cb': tcp_request.c:(.text+0x29c): undefined reference to
event_free'
tcp_request.o: In function tcp_request_kill': tcp_request.c:(.text+0x2e9): undefined reference to
event_free'
tcp_request.o: In function tcp_connection_cb': tcp_request.c:(.text+0x448): undefined reference to
bufferevent_socket_new'
tcp_request.c:(.text+0x46b): undefined reference to bufferevent_socket_new' tcp_request.c:(.text+0x4be): undefined reference to
event_new'
tcp_request.c:(.text+0x530): undefined reference to bufferevent_socket_connect' tcp_request.c:(.text+0x59c): undefined reference to
evutil_closesocket'
tcp_request.o: In function tcp_listener_stop': tcp_request.c:(.text+0x65c): undefined reference to
evconnlistener_free'
tcp_request.o: In function resolver_proxy_read_cb': tcp_request.c:(.text+0x6b3): undefined reference to
bufferevent_get_input'
tcp_request.c:(.text+0x6f9): undefined reference to evbuffer_get_length' tcp_request.c:(.text+0x712): undefined reference to
evbuffer_pullup'
tcp_request.c:(.text+0x814): undefined reference to evbuffer_get_length' tcp_request.o: In function
proxy_resolver_event_cb':
tcp_request.c:(.text+0x911): undefined reference to bufferevent_getfd' tcp_request.o: In function
client_proxy_read_cb':
tcp_request.c:(.text+0x95d): undefined reference to bufferevent_get_input' tcp_request.c:(.text+0x988): undefined reference to
evbuffer_get_length'
tcp_request.c:(.text+0x9d7): undefined reference to evbuffer_remove_buffer' tcp_request.c:(.text+0xb5c): undefined reference to
evbuffer_get_length'
tcp_request.o: In function tcp_accept_timer_cb': tcp_request.c:(.text+0x2b4): undefined reference to
evconnlistener_enable'
main.o: In function sockaddr_from_ip_and_port.clone.0': main.c:(.text+0x185): undefined reference to
evutil_parse_sockaddr_port'
main.c:(.text+0x1cd): undefined reference to `evutil_parse_sockaddr_port'
collect2: ld returned 1 exit status
make: *** [dnscrypt-wrapper] Error 1
I'm using the docker image from dnscrypt-proxy.
The proxy is working with resolvers inside the resolver list.
I tested dnscrypt-wrapper compiled with libsodium master and with the provided docker image.
I get the Suspicious certificate received
error from the proxy every time.
准备在 docker 容器 alpine:edge 中尝试
已安装 autoconf bsd-compat-headers build-base curl libevent-dev libexecinfo-dev libsodium-dev
make install 时出错:
/dnscrypt-wrapper-0.2.2 # make configure
GEN configure
/dnscrypt-wrapper-0.2.2 # ./configure --prefix=/usr
checking for gcc... gcc
checking whether the C compiler works... yes
checking for C compiler default output file name... a.out
checking for suffix of executables...
checking whether we are cross compiling... no
checking for suffix of object files... o
checking whether we are using the GNU C compiler... yes
checking whether gcc accepts -g... yes
checking for gcc option to accept ISO C89... none needed
checking for gar... no
checking for ar... ar
checking for gtar... no
checking for tar... tar
checking for event_base_new in -levent... yes
checking how to run the C preprocessor... gcc -E
checking for grep that handles long lines and -e... /bin/grep
checking for egrep... /bin/grep -E
checking for ANSI C header files... yes
checking for sys/types.h... yes
checking for sys/stat.h... yes
checking for stdlib.h... yes
checking for string.h... yes
checking for memory.h... yes
checking for strings.h... yes
checking for inttypes.h... yes
checking for stdint.h... yes
checking for unistd.h... yes
checking event2/event.h usability... yes
checking event2/event.h presence... yes
checking for event2/event.h... yes
checking for sodium_init in -lsodium... yes
configure: creating ./config.status
config.status: creating config.mak.autogen
config.status: executing config.mak.autogen commands
Configuration summary:
Support for event library: yes
Support for sodium library: yes
/dnscrypt-wrapper-0.2.2 # make install
CC dnscrypt.o
CC udp_request.o
CC tcp_request.o
CC edns.o
CC logger.o
CC rfc1035.o
CC safe_rw.o
CC cert.o
CC pidfile.o
CC debug.o
CC main.o
make[1]: Entering directory '/dnscrypt-wrapper-0.2.2/argparse'
cc -o argparse.o -c -Wall -fPIC -O3 -g -ggdb argparse.c
ar rcs libargparse.a argparse.o
make[1]: Leaving directory '/dnscrypt-wrapper-0.2.2/argparse'
LINK dnscrypt-wrapper
debug.o: In function `log_stack_trace':
/dnscrypt-wrapper-0.2.2/debug.c:82: undefined reference to `backtrace'
/dnscrypt-wrapper-0.2.2/debug.c:87: undefined reference to `backtrace_symbols_fd'
collect2: error: ld returned 1 exit status
make: *** [Makefile:192: dnscrypt-wrapper] Error 1
/dnscrypt-wrapper-0.2.2 #
When attempting to issue make or make install command returns the following error:
"Makefile", line 16: Missing dependency operator
"Makefile", line 18: Need an operator
make: fatal errors encountered -- cannot continue
Running on FreeBSD 9.2
libevent 2.0.21
libsodium 0.4.5
So I removed those lines and retried, but then received the following error:
root@dns1:~/dnscrypt-wrapper # make
cc -O2 -pipe -c dnscrypt.c
In file included from dnscrypt.c:1:
dnscrypt.h:5:26: error: event2/event.h: No such file or directory
dnscrypt.h:6:29: error: event2/listener.h: No such file or directory
dnscrypt.h:7:32: error: event2/bufferevent.h: No such file or directory
dnscrypt.h:8:27: error: event2/buffer.h: No such file or directory
dnscrypt.h:9:25: error: event2/util.h: No such file or directory
dnscrypt.h:10:20: error: sodium.h: No such file or directory
In file included from dnscrypt.h:73,
from dnscrypt.c:1:
udp_request.h:17: error: 'crypto_box_NONCEBYTES' undeclared here (not in a funct ion)
udp_request.h:18: error: 'crypto_box_BEFORENMBYTES' undeclared here (not in a fu nction)
udp_request.h:20: error: field 'client_sockaddr' has incomplete type
udp_request.h:24: error: expected specifier-qualifier-list before 'evutil_socket _t'
In file included from dnscrypt.h:78,
from dnscrypt.c:1:
cert.h:16: error: 'crypto_box_PUBLICKEYBYTES' undeclared here (not in a function )
In file included from dnscrypt.c:1:
dnscrypt.h:89: error: field 'local_sockaddr' has incomplete type
dnscrypt.h:90: error: field 'resolver_sockaddr' has incomplete type
dnscrypt.h:91: error: expected specifier-qualifier-list before 'ev_socklen_t'
dnscrypt.h: In function 'print_binary_string':
dnscrypt.h:144: error: 'for' loop initial declaration used outside C99 mode
dnscrypt.h: In function 'print_binary_string_hex':
dnscrypt.h:166: error: 'for' loop initial declaration used outside C99 mode
dnscrypt.h: At top level:
dnscrypt.h:200: error: 'crypto_box_MACBYTES' undeclared here (not in a function)
dnscrypt.c: In function 'dnscrypt_key_to_fingerprint':
dnscrypt.c:42: error: 'crypto_box_SECRETKEYBYTES' undeclared (first use in this function)
dnscrypt.c:42: error: (Each undeclared identifier is reported only once
dnscrypt.c:42: error: for each function it appears in.)
dnscrypt.c: In function 'dnscrypt_fingerprint_to_key':
dnscrypt.c:114: error: type of formal parameter 1 is incomplete
dnscrypt.c: In function 'dnscrypt_server_uncurve':
dnscrypt.c:182: error: 'struct context' has no member named 'crypt_secretkey'
dnscrypt.c:190: error: 'crypto_box_BOXZEROBYTES' undeclared (first use in this f unction)
dnscrypt.c: In function 'add_server_nonce':
dnscrypt.c:220: error: 'struct context' has no member named 'nonce_ts_last'
dnscrypt.c:221: error: 'struct context' has no member named 'nonce_ts_last'
dnscrypt.c:223: error: 'struct context' has no member named 'nonce_ts_last'
dnscrypt.c: In function 'dnscrypt_server_curve':
dnscrypt.c:256: error: 'struct context' has no member named 'crypt_secretkey'
dnscrypt.c:257: error: 'crypto_box_BOXZEROBYTES' undeclared (first use in this f unction)
dnscrypt.c:257: error: 'crypto_box_ZEROBYTES' undeclared (first use in this func tion)
*** [dnscrypt.o] Error code 1
Stop in /root/dnscrypt-wrapper.
root@dns1:~/dnscrypt-wrapper # make install
cc -O2 -pipe -c dnscrypt.c
In file included from dnscrypt.c:1:
dnscrypt.h:5:26: error: event2/event.h: No such file or directory
dnscrypt.h:6:29: error: event2/listener.h: No such file or directory
dnscrypt.h:7:32: error: event2/bufferevent.h: No such file or directory
dnscrypt.h:8:27: error: event2/buffer.h: No such file or directory
dnscrypt.h:9:25: error: event2/util.h: No such file or directory
dnscrypt.h:10:20: error: sodium.h: No such file or directory
In file included from dnscrypt.h:73,
from dnscrypt.c:1:
udp_request.h:17: error: 'crypto_box_NONCEBYTES' undeclared here (not in a funct ion)
udp_request.h:18: error: 'crypto_box_BEFORENMBYTES' undeclared here (not in a fu nction)
udp_request.h:20: error: field 'client_sockaddr' has incomplete type
udp_request.h:24: error: expected specifier-qualifier-list before 'evutil_socket _t'
In file included from dnscrypt.h:78,
from dnscrypt.c:1:
cert.h:16: error: 'crypto_box_PUBLICKEYBYTES' undeclared here (not in a function )
In file included from dnscrypt.c:1:
dnscrypt.h:89: error: field 'local_sockaddr' has incomplete type
dnscrypt.h:90: error: field 'resolver_sockaddr' has incomplete type
dnscrypt.h:91: error: expected specifier-qualifier-list before 'ev_socklen_t'
dnscrypt.h: In function 'print_binary_string':
dnscrypt.h:144: error: 'for' loop initial declaration used outside C99 mode
dnscrypt.h: In function 'print_binary_string_hex':
dnscrypt.h:166: error: 'for' loop initial declaration used outside C99 mode
dnscrypt.h: At top level:
dnscrypt.h:200: error: 'crypto_box_MACBYTES' undeclared here (not in a function)
dnscrypt.c: In function 'dnscrypt_key_to_fingerprint':
dnscrypt.c:42: error: 'crypto_box_SECRETKEYBYTES' undeclared (first use in this function)
dnscrypt.c:42: error: (Each undeclared identifier is reported only once
dnscrypt.c:42: error: for each function it appears in.)
dnscrypt.c: In function 'dnscrypt_fingerprint_to_key':
dnscrypt.c:114: error: type of formal parameter 1 is incomplete
dnscrypt.c: In function 'dnscrypt_server_uncurve':
dnscrypt.c:182: error: 'struct context' has no member named 'crypt_secretkey'
dnscrypt.c:190: error: 'crypto_box_BOXZEROBYTES' undeclared (first use in this f unction)
dnscrypt.c: In function 'add_server_nonce':
dnscrypt.c:220: error: 'struct context' has no member named 'nonce_ts_last'
dnscrypt.c:221: error: 'struct context' has no member named 'nonce_ts_last'
dnscrypt.c:223: error: 'struct context' has no member named 'nonce_ts_last'
dnscrypt.c: In function 'dnscrypt_server_curve':
dnscrypt.c:256: error: 'struct context' has no member named 'crypt_secretkey'
dnscrypt.c:257: error: 'crypto_box_BOXZEROBYTES' undeclared (first use in this f unction)
dnscrypt.c:257: error: 'crypto_box_ZEROBYTES' undeclared (first use in this func tion)
*** [dnscrypt.o] Error code 1
Stop in /root/dnscrypt-wrapper.
Hi @cofyc ,
Thanks for awesome work,
I just install a dnscrypt-proxy server today with docker images,
and found there was an error in log file.
Jul 30 14:42:02 lenbox dnscrypt-proxy[18666]: [INFO] This certificate is valid
Jul 30 14:42:02 lenbox dnscrypt-proxy[18666]: [INFO] Chosen certificate #1469859743 is valid from [2016-07-31] to [2016-07-32]
As far as i know, thers is no 2016-07-32 exist. 😂
Not a big issue through, I will submit a PR if get some time.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.