Copy disabled (too large)
Download .txt
Showing preview only (16,473K chars total). Download the full file to get everything.
Repository: DNSCrypt/dnscrypt-proxy
Branch: master
Commit: 92d457b52d3a
Files: 1785
Total size: 18.2 MB
Directory structure:
gitextract_akws00m5/
├── .ci/
│ ├── allowed-names.txt
│ ├── blocked-ips.txt
│ ├── blocked-names.txt
│ ├── ci-build.sh
│ ├── ci-package.sh
│ ├── ci-test.sh
│ ├── cloaking-rules.txt
│ ├── forwarding-rules.txt
│ ├── test-odoh-proxied.toml
│ ├── test2-dnscrypt-proxy.toml
│ └── test3-dnscrypt-proxy.toml
├── .gitattributes
├── .github/
│ ├── ISSUE_TEMPLATE/
│ │ ├── bugs.md
│ │ └── suggestions.md
│ ├── dependabot.yml
│ └── workflows/
│ ├── autocloser.yml
│ ├── codeql-analysis.yml
│ └── releases.yml
├── .gitignore
├── ChangeLog
├── LICENSE
├── README.md
├── contrib/
│ └── msi/
│ ├── Dockerfile
│ ├── README.md
│ ├── build.sh
│ └── dnscrypt.wxs
├── dnscrypt-proxy/
│ ├── coldstart.go
│ ├── common.go
│ ├── common_test.go
│ ├── config.go
│ ├── config_loader.go
│ ├── config_watcher.go
│ ├── config_watcher_test.go
│ ├── crypto.go
│ ├── dnscrypt_certs.go
│ ├── dnsutils.go
│ ├── estimators.go
│ ├── example-allowed-ips.txt
│ ├── example-allowed-names.txt
│ ├── example-blocked-ips.txt
│ ├── example-blocked-names.txt
│ ├── example-captive-portals.txt
│ ├── example-cloaking-rules.txt
│ ├── example-dnscrypt-proxy.toml
│ ├── example-forwarding-rules.txt
│ ├── fuzzing_test.go
│ ├── hot_reload.go
│ ├── ipcrypt.go
│ ├── ipcrypt_test.go
│ ├── local-doh.go
│ ├── localhost.pem
│ ├── logger.go
│ ├── main.go
│ ├── monitoring_ui.go
│ ├── netprobe_others.go
│ ├── netprobe_windows.go
│ ├── oblivious_doh.go
│ ├── pattern_matcher.go
│ ├── permcheck_others.go
│ ├── permcheck_unix.go
│ ├── pidfile.go
│ ├── plugin_allow_ip.go
│ ├── plugin_allow_name.go
│ ├── plugin_block_ip.go
│ ├── plugin_block_ipv6.go
│ ├── plugin_block_name.go
│ ├── plugin_block_undelegated.go
│ ├── plugin_block_unqualified.go
│ ├── plugin_cache.go
│ ├── plugin_captive_portal.go
│ ├── plugin_cloak.go
│ ├── plugin_dns64.go
│ ├── plugin_ecs.go
│ ├── plugin_firefox.go
│ ├── plugin_forward.go
│ ├── plugin_get_set_payload_size.go
│ ├── plugin_nx_log.go
│ ├── plugin_query_log.go
│ ├── plugin_querymeta.go
│ ├── plugins.go
│ ├── privilege_linux.go
│ ├── privilege_others.go
│ ├── privilege_windows.go
│ ├── proxy.go
│ ├── query_processing.go
│ ├── reload_utils.go
│ ├── reload_utils_test.go
│ ├── resolve.go
│ ├── serversInfo.go
│ ├── service_android.go
│ ├── service_linux.go
│ ├── service_others.go
│ ├── service_windows.go
│ ├── setsockopts_darwin.go
│ ├── setsockopts_freebsd.go
│ ├── setsockopts_linux.go
│ ├── setsockopts_openbsd.go
│ ├── setsockopts_others.go
│ ├── setsockopts_windows.go
│ ├── signal_others.go
│ ├── signal_posix.go
│ ├── sources.go
│ ├── sources_test.go
│ ├── static/
│ │ ├── js/
│ │ │ └── monitoring.js
│ │ └── templates/
│ │ └── dashboard.html
│ ├── staticcheck.conf
│ ├── systemd_android.go
│ ├── systemd_free.go
│ ├── systemd_linux.go
│ ├── templates.go
│ ├── testdata/
│ │ ├── snakeoil.key
│ │ ├── snakeoil.pub
│ │ └── sources/
│ │ ├── empty.md
│ │ ├── empty.md.minisig
│ │ ├── minimal_relay.md
│ │ └── minimal_relay.md.minisig
│ ├── time_ranges.go
│ ├── timezone_android.go
│ ├── timezone_others.go
│ ├── udp_conn_pool.go
│ ├── udp_conn_pool_test.go
│ └── xtransport.go
├── go.mod
├── go.sum
├── utils/
│ └── generate-domains-blocklist/
│ ├── domains-allowlist.txt
│ ├── domains-blocklist-local-additions.txt
│ ├── domains-blocklist.conf
│ ├── domains-time-restricted.txt
│ └── generate-domains-blocklist.py
├── vendor/
│ ├── codeberg.org/
│ │ └── miekg/
│ │ └── dns/
│ │ ├── .changelog.go.tmpl
│ │ ├── CHANGELOG.md
│ │ ├── CONTRIBUTORS
│ │ ├── COPYRIGHT
│ │ ├── LICENSE
│ │ ├── Makefile.release
│ │ ├── README.md
│ │ ├── client.go
│ │ ├── dane.go
│ │ ├── deleg/
│ │ │ ├── deleg.go
│ │ │ ├── delegpack.go
│ │ │ ├── pack.go
│ │ │ ├── scan.go
│ │ │ └── zdnsutil.go
│ │ ├── dns.go
│ │ ├── dnssec.go
│ │ ├── dnssec_keygen.go
│ │ ├── dnssec_keyscan.go
│ │ ├── dnssec_privkey.go
│ │ ├── dnssec_signer.go
│ │ ├── doc.go
│ │ ├── dso_types.go
│ │ ├── edns_types.go
│ │ ├── errors.go
│ │ ├── generate.go
│ │ ├── headerpack.go
│ │ ├── internal/
│ │ │ ├── ddd/
│ │ │ │ └── ddd.go
│ │ │ ├── dnslex/
│ │ │ │ └── lex.go
│ │ │ ├── dnsstring/
│ │ │ │ ├── reader.go
│ │ │ │ ├── strconv.go
│ │ │ │ ├── types.go
│ │ │ │ └── zrr.go
│ │ │ ├── jump/
│ │ │ │ └── jump.go
│ │ │ ├── pack/
│ │ │ │ ├── errors.go
│ │ │ │ └── pack.go
│ │ │ ├── reverse/
│ │ │ │ └── reverse.go
│ │ │ └── unpack/
│ │ │ ├── errors.go
│ │ │ └── unpack.go
│ │ ├── listen_no_socket_options.go
│ │ ├── listen_socket_options.go
│ │ ├── msg.go
│ │ ├── nsecpack.go
│ │ ├── opt.go
│ │ ├── optpack.go
│ │ ├── pkg/
│ │ │ └── pool/
│ │ │ └── pool.go
│ │ ├── rdata/
│ │ │ ├── rdata.go
│ │ │ ├── string.go
│ │ │ ├── stringutil.go
│ │ │ ├── zdnsutil.go
│ │ │ └── zlen.go
│ │ ├── response.go
│ │ ├── reverse.go
│ │ ├── router
│ │ ├── scan.go
│ │ ├── scan_ednsrr.go
│ │ ├── scan_rdata.go
│ │ ├── scan_rr.go
│ │ ├── serve_mux.go
│ │ ├── server.go
│ │ ├── server_no_recvmmsg.go
│ │ ├── server_recvmmsg.go
│ │ ├── sig0.go
│ │ ├── sig0_signer.go
│ │ ├── smimea.go
│ │ ├── sort.go
│ │ ├── sort_rdata.go
│ │ ├── string.go
│ │ ├── svcb/
│ │ │ ├── pack.go
│ │ │ ├── scan.go
│ │ │ ├── svcb.go
│ │ │ ├── svcbpack.go
│ │ │ └── zdnsutil.go
│ │ ├── tlsa.go
│ │ ├── transfer.go
│ │ ├── transport.go
│ │ ├── tsig.go
│ │ ├── tsig_signer.go
│ │ ├── types.go
│ │ ├── udp.go
│ │ ├── udp_darwin.go
│ │ ├── udp_no_control.go
│ │ ├── udp_session.go
│ │ ├── udp_unix.go
│ │ ├── version.go
│ │ ├── zclone.go
│ │ ├── zcompare.go
│ │ ├── zdnstest.go
│ │ ├── zdnsutil.go
│ │ ├── zdsolen.go
│ │ ├── zdsorr.go
│ │ ├── zednspack.go
│ │ ├── zednsrr.go
│ │ ├── zlen.go
│ │ ├── zmsg.go
│ │ ├── zonemd.go
│ │ ├── zpack.go
│ │ ├── zparse.go
│ │ ├── zrdata.go
│ │ └── zrr.go
│ ├── github.com/
│ │ ├── BurntSushi/
│ │ │ └── toml/
│ │ │ ├── .gitignore
│ │ │ ├── COPYING
│ │ │ ├── README.md
│ │ │ ├── decode.go
│ │ │ ├── deprecated.go
│ │ │ ├── doc.go
│ │ │ ├── encode.go
│ │ │ ├── error.go
│ │ │ ├── internal/
│ │ │ │ └── tz.go
│ │ │ ├── lex.go
│ │ │ ├── meta.go
│ │ │ ├── parse.go
│ │ │ ├── type_fields.go
│ │ │ └── type_toml.go
│ │ ├── VividCortex/
│ │ │ └── ewma/
│ │ │ ├── .gitignore
│ │ │ ├── .whitesource
│ │ │ ├── LICENSE
│ │ │ ├── README.md
│ │ │ ├── codecov.yml
│ │ │ └── ewma.go
│ │ ├── coreos/
│ │ │ └── go-systemd/
│ │ │ ├── LICENSE
│ │ │ ├── NOTICE
│ │ │ ├── activation/
│ │ │ │ ├── files.go
│ │ │ │ ├── listeners.go
│ │ │ │ └── packetconns.go
│ │ │ └── daemon/
│ │ │ ├── sdnotify.go
│ │ │ └── watchdog.go
│ │ ├── davecgh/
│ │ │ └── go-spew/
│ │ │ ├── LICENSE
│ │ │ └── spew/
│ │ │ ├── bypass.go
│ │ │ ├── bypasssafe.go
│ │ │ ├── common.go
│ │ │ ├── config.go
│ │ │ ├── doc.go
│ │ │ ├── dump.go
│ │ │ ├── format.go
│ │ │ └── spew.go
│ │ ├── dchest/
│ │ │ └── safefile/
│ │ │ ├── .travis.yml
│ │ │ ├── LICENSE
│ │ │ ├── README.md
│ │ │ ├── appveyor.yml
│ │ │ ├── rename.go
│ │ │ ├── rename_nonatomic.go
│ │ │ └── safefile.go
│ │ ├── fsnotify/
│ │ │ └── fsnotify/
│ │ │ ├── .cirrus.yml
│ │ │ ├── .gitignore
│ │ │ ├── .mailmap
│ │ │ ├── CHANGELOG.md
│ │ │ ├── CONTRIBUTING.md
│ │ │ ├── LICENSE
│ │ │ ├── README.md
│ │ │ ├── backend_fen.go
│ │ │ ├── backend_inotify.go
│ │ │ ├── backend_kqueue.go
│ │ │ ├── backend_other.go
│ │ │ ├── backend_windows.go
│ │ │ ├── fsnotify.go
│ │ │ ├── internal/
│ │ │ │ ├── darwin.go
│ │ │ │ ├── debug_darwin.go
│ │ │ │ ├── debug_dragonfly.go
│ │ │ │ ├── debug_freebsd.go
│ │ │ │ ├── debug_kqueue.go
│ │ │ │ ├── debug_linux.go
│ │ │ │ ├── debug_netbsd.go
│ │ │ │ ├── debug_openbsd.go
│ │ │ │ ├── debug_solaris.go
│ │ │ │ ├── debug_windows.go
│ │ │ │ ├── freebsd.go
│ │ │ │ ├── internal.go
│ │ │ │ ├── unix.go
│ │ │ │ ├── unix2.go
│ │ │ │ └── windows.go
│ │ │ ├── shared.go
│ │ │ ├── staticcheck.conf
│ │ │ ├── system_bsd.go
│ │ │ └── system_darwin.go
│ │ ├── gorilla/
│ │ │ └── websocket/
│ │ │ ├── .gitignore
│ │ │ ├── AUTHORS
│ │ │ ├── LICENSE
│ │ │ ├── README.md
│ │ │ ├── client.go
│ │ │ ├── compression.go
│ │ │ ├── conn.go
│ │ │ ├── doc.go
│ │ │ ├── join.go
│ │ │ ├── json.go
│ │ │ ├── mask.go
│ │ │ ├── mask_safe.go
│ │ │ ├── prepared.go
│ │ │ ├── proxy.go
│ │ │ ├── server.go
│ │ │ ├── tls_handshake.go
│ │ │ ├── tls_handshake_116.go
│ │ │ ├── util.go
│ │ │ └── x_net_proxy.go
│ │ ├── hashicorp/
│ │ │ ├── go-immutable-radix/
│ │ │ │ ├── .gitignore
│ │ │ │ ├── CHANGELOG.md
│ │ │ │ ├── LICENSE
│ │ │ │ ├── README.md
│ │ │ │ ├── edges.go
│ │ │ │ ├── iradix.go
│ │ │ │ ├── iter.go
│ │ │ │ ├── node.go
│ │ │ │ ├── raw_iter.go
│ │ │ │ └── reverse_iter.go
│ │ │ ├── go-syslog/
│ │ │ │ ├── .gitignore
│ │ │ │ ├── LICENSE
│ │ │ │ ├── README.md
│ │ │ │ ├── builtin.go
│ │ │ │ ├── syslog.go
│ │ │ │ ├── unix.go
│ │ │ │ └── unsupported.go
│ │ │ └── golang-lru/
│ │ │ ├── LICENSE
│ │ │ └── simplelru/
│ │ │ ├── lru.go
│ │ │ └── lru_interface.go
│ │ ├── hectane/
│ │ │ └── go-acl/
│ │ │ ├── LICENSE.txt
│ │ │ ├── README.md
│ │ │ ├── api/
│ │ │ │ ├── acl.go
│ │ │ │ ├── api.go
│ │ │ │ ├── posix.go
│ │ │ │ ├── secinfo.go
│ │ │ │ └── sid.go
│ │ │ ├── apply.go
│ │ │ ├── appveyor.yml
│ │ │ ├── chmod.go
│ │ │ ├── posix.go
│ │ │ └── util.go
│ │ ├── jedisct1/
│ │ │ ├── dlog/
│ │ │ │ ├── .gitignore
│ │ │ │ ├── LICENSE
│ │ │ │ ├── README.md
│ │ │ │ ├── dlog.go
│ │ │ │ ├── sysdeps_others.go
│ │ │ │ └── sysdeps_windows.go
│ │ │ ├── go-clocksmith/
│ │ │ │ ├── .gitignore
│ │ │ │ ├── LICENSE
│ │ │ │ ├── README.md
│ │ │ │ └── clocksmith.go
│ │ │ ├── go-dnsstamps/
│ │ │ │ ├── .gitignore
│ │ │ │ ├── LICENSE
│ │ │ │ ├── README.md
│ │ │ │ └── dnsstamps.go
│ │ │ ├── go-hpke-compact/
│ │ │ │ ├── .gitignore
│ │ │ │ ├── LICENSE
│ │ │ │ ├── README.md
│ │ │ │ └── hpke.go
│ │ │ ├── go-minisign/
│ │ │ │ ├── .gitignore
│ │ │ │ ├── LICENSE
│ │ │ │ ├── README.md
│ │ │ │ └── minisign.go
│ │ │ ├── go-sieve-cache/
│ │ │ │ ├── LICENSE
│ │ │ │ └── pkg/
│ │ │ │ └── sievecache/
│ │ │ │ ├── bitset.go
│ │ │ │ ├── doc.go
│ │ │ │ ├── node.go
│ │ │ │ ├── sharded.go
│ │ │ │ ├── sievecache.go
│ │ │ │ └── sync.go
│ │ │ └── xsecretbox/
│ │ │ ├── .gitignore
│ │ │ ├── LICENSE
│ │ │ ├── README.md
│ │ │ ├── sharedkey.go
│ │ │ └── xsecretbox.go
│ │ ├── k-sone/
│ │ │ └── critbitgo/
│ │ │ ├── .travis.yml
│ │ │ ├── CHANGES.md
│ │ │ ├── LICENSE
│ │ │ ├── README.md
│ │ │ ├── critbit.go
│ │ │ ├── map.go
│ │ │ └── net.go
│ │ ├── kardianos/
│ │ │ └── service/
│ │ │ ├── .gitignore
│ │ │ ├── .travis.yml
│ │ │ ├── LICENSE
│ │ │ ├── README.md
│ │ │ ├── appveyor.yml
│ │ │ ├── console.go
│ │ │ ├── linux-test-su.sh
│ │ │ ├── service.go
│ │ │ ├── service_aix.go
│ │ │ ├── service_darwin.go
│ │ │ ├── service_freebsd.go
│ │ │ ├── service_go1.8.go
│ │ │ ├── service_linux.go
│ │ │ ├── service_openrc_linux.go
│ │ │ ├── service_procd_linux.go
│ │ │ ├── service_rcs_linux.go
│ │ │ ├── service_solaris.go
│ │ │ ├── service_systemd_linux.go
│ │ │ ├── service_sysv_linux.go
│ │ │ ├── service_unix.go
│ │ │ ├── service_upstart_linux.go
│ │ │ ├── service_windows.go
│ │ │ └── version.go
│ │ ├── lifenjoiner/
│ │ │ └── dhcpdns/
│ │ │ ├── .gitignore
│ │ │ ├── LICENSE
│ │ │ ├── dhcpdns.go
│ │ │ ├── readme.md
│ │ │ ├── sockopt_reuse0.go
│ │ │ ├── sockopt_reuse1.go
│ │ │ ├── sockopt_reuse2_1.go
│ │ │ └── sockopt_reuse2_2.go
│ │ ├── miekg/
│ │ │ └── dns/
│ │ │ ├── .codecov.yml
│ │ │ ├── .gitignore
│ │ │ ├── AUTHORS
│ │ │ ├── CODEOWNERS
│ │ │ ├── CONTRIBUTORS
│ │ │ ├── COPYRIGHT
│ │ │ ├── LICENSE
│ │ │ ├── Makefile.fuzz
│ │ │ ├── Makefile.release
│ │ │ ├── README.md
│ │ │ ├── acceptfunc.go
│ │ │ ├── client.go
│ │ │ ├── clientconfig.go
│ │ │ ├── dane.go
│ │ │ ├── defaults.go
│ │ │ ├── dns.go
│ │ │ ├── dnssec.go
│ │ │ ├── dnssec_keygen.go
│ │ │ ├── dnssec_keyscan.go
│ │ │ ├── dnssec_privkey.go
│ │ │ ├── doc.go
│ │ │ ├── duplicate.go
│ │ │ ├── edns.go
│ │ │ ├── format.go
│ │ │ ├── fuzz.go
│ │ │ ├── generate.go
│ │ │ ├── hash.go
│ │ │ ├── labels.go
│ │ │ ├── listen_no_socket_options.go
│ │ │ ├── listen_socket_options.go
│ │ │ ├── msg.go
│ │ │ ├── msg_helpers.go
│ │ │ ├── msg_truncate.go
│ │ │ ├── nsecx.go
│ │ │ ├── privaterr.go
│ │ │ ├── reverse.go
│ │ │ ├── sanitize.go
│ │ │ ├── scan.go
│ │ │ ├── scan_rr.go
│ │ │ ├── serve_mux.go
│ │ │ ├── server.go
│ │ │ ├── sig0.go
│ │ │ ├── smimea.go
│ │ │ ├── svcb.go
│ │ │ ├── tlsa.go
│ │ │ ├── tools.go
│ │ │ ├── tsig.go
│ │ │ ├── types.go
│ │ │ ├── udp.go
│ │ │ ├── udp_no_control.go
│ │ │ ├── update.go
│ │ │ ├── version.go
│ │ │ ├── xfr.go
│ │ │ ├── zduplicate.go
│ │ │ ├── zmsg.go
│ │ │ └── ztypes.go
│ │ ├── pkg/
│ │ │ └── errors/
│ │ │ ├── .gitignore
│ │ │ ├── .travis.yml
│ │ │ ├── LICENSE
│ │ │ ├── Makefile
│ │ │ ├── README.md
│ │ │ ├── appveyor.yml
│ │ │ ├── errors.go
│ │ │ ├── go113.go
│ │ │ └── stack.go
│ │ ├── pmezard/
│ │ │ └── go-difflib/
│ │ │ ├── LICENSE
│ │ │ └── difflib/
│ │ │ └── difflib.go
│ │ ├── powerman/
│ │ │ ├── check/
│ │ │ │ ├── .editorconfig
│ │ │ │ ├── .gitattributes
│ │ │ │ ├── .gitignore
│ │ │ │ ├── .golangci.yml
│ │ │ │ ├── CHANGELOG.md
│ │ │ │ ├── LICENSE
│ │ │ │ ├── README.md
│ │ │ │ ├── check.go
│ │ │ │ ├── color.go
│ │ │ │ ├── color_bsd.go
│ │ │ │ ├── color_linux.go
│ │ │ │ ├── color_other.go
│ │ │ │ ├── color_windows.go
│ │ │ │ ├── doc.go
│ │ │ │ ├── dump.go
│ │ │ │ ├── flags.go
│ │ │ │ ├── goconvey.go
│ │ │ │ ├── mise.toml
│ │ │ │ ├── stats.go
│ │ │ │ └── util.go
│ │ │ └── deepequal/
│ │ │ ├── LICENSE
│ │ │ ├── LICENSE-go
│ │ │ ├── README.md
│ │ │ ├── custom.go
│ │ │ ├── deepequal.go
│ │ │ ├── type.go
│ │ │ └── value.go
│ │ ├── quic-go/
│ │ │ ├── qpack/
│ │ │ │ ├── .codecov.yml
│ │ │ │ ├── .gitignore
│ │ │ │ ├── .gitmodules
│ │ │ │ ├── .golangci.yml
│ │ │ │ ├── LICENSE.md
│ │ │ │ ├── README.md
│ │ │ │ ├── decoder.go
│ │ │ │ ├── encoder.go
│ │ │ │ ├── header_field.go
│ │ │ │ ├── static_table.go
│ │ │ │ └── varint.go
│ │ │ └── quic-go/
│ │ │ ├── .gitignore
│ │ │ ├── .golangci.yml
│ │ │ ├── LICENSE
│ │ │ ├── README.md
│ │ │ ├── SECURITY.md
│ │ │ ├── buffer_pool.go
│ │ │ ├── client.go
│ │ │ ├── closed_conn.go
│ │ │ ├── codecov.yml
│ │ │ ├── config.go
│ │ │ ├── conn_id_generator.go
│ │ │ ├── conn_id_manager.go
│ │ │ ├── connection.go
│ │ │ ├── connection_logging.go
│ │ │ ├── crypto_stream.go
│ │ │ ├── crypto_stream_manager.go
│ │ │ ├── datagram_queue.go
│ │ │ ├── errors.go
│ │ │ ├── frame_sorter.go
│ │ │ ├── framer.go
│ │ │ ├── http3/
│ │ │ │ ├── README.md
│ │ │ │ ├── body.go
│ │ │ │ ├── capsule.go
│ │ │ │ ├── client.go
│ │ │ │ ├── conn.go
│ │ │ │ ├── error.go
│ │ │ │ ├── error_codes.go
│ │ │ │ ├── frames.go
│ │ │ │ ├── gzip_reader.go
│ │ │ │ ├── headers.go
│ │ │ │ ├── ip_addr.go
│ │ │ │ ├── mockgen.go
│ │ │ │ ├── qlog/
│ │ │ │ │ ├── event.go
│ │ │ │ │ ├── frame.go
│ │ │ │ │ └── qlog_dir.go
│ │ │ │ ├── qlog.go
│ │ │ │ ├── request_writer.go
│ │ │ │ ├── response_writer.go
│ │ │ │ ├── server.go
│ │ │ │ ├── server_conn.go
│ │ │ │ ├── state_tracking_stream.go
│ │ │ │ ├── stream.go
│ │ │ │ ├── trace.go
│ │ │ │ └── transport.go
│ │ │ ├── interface.go
│ │ │ ├── internal/
│ │ │ │ ├── ackhandler/
│ │ │ │ │ ├── ack_eliciting.go
│ │ │ │ │ ├── ecn.go
│ │ │ │ │ ├── frame.go
│ │ │ │ │ ├── interfaces.go
│ │ │ │ │ ├── lost_packet_tracker.go
│ │ │ │ │ ├── mockgen.go
│ │ │ │ │ ├── packet.go
│ │ │ │ │ ├── packet_number_generator.go
│ │ │ │ │ ├── received_packet_handler.go
│ │ │ │ │ ├── received_packet_history.go
│ │ │ │ │ ├── received_packet_tracker.go
│ │ │ │ │ ├── send_mode.go
│ │ │ │ │ ├── sent_packet_handler.go
│ │ │ │ │ └── sent_packet_history.go
│ │ │ │ ├── congestion/
│ │ │ │ │ ├── bandwidth.go
│ │ │ │ │ ├── clock.go
│ │ │ │ │ ├── cubic.go
│ │ │ │ │ ├── cubic_sender.go
│ │ │ │ │ ├── hybrid_slow_start.go
│ │ │ │ │ ├── interface.go
│ │ │ │ │ └── pacer.go
│ │ │ │ ├── flowcontrol/
│ │ │ │ │ ├── base_flow_controller.go
│ │ │ │ │ ├── connection_flow_controller.go
│ │ │ │ │ ├── interface.go
│ │ │ │ │ └── stream_flow_controller.go
│ │ │ │ ├── handshake/
│ │ │ │ │ ├── aead.go
│ │ │ │ │ ├── cipher_suite.go
│ │ │ │ │ ├── crypto_setup.go
│ │ │ │ │ ├── fake_conn.go
│ │ │ │ │ ├── header_protector.go
│ │ │ │ │ ├── hkdf.go
│ │ │ │ │ ├── initial_aead.go
│ │ │ │ │ ├── interface.go
│ │ │ │ │ ├── retry.go
│ │ │ │ │ ├── session_ticket.go
│ │ │ │ │ ├── tls_config.go
│ │ │ │ │ ├── token_generator.go
│ │ │ │ │ ├── token_protector.go
│ │ │ │ │ └── updatable_aead.go
│ │ │ │ ├── monotime/
│ │ │ │ │ └── time.go
│ │ │ │ ├── protocol/
│ │ │ │ │ ├── connection_id.go
│ │ │ │ │ ├── encryption_level.go
│ │ │ │ │ ├── key_phase.go
│ │ │ │ │ ├── packet_number.go
│ │ │ │ │ ├── params.go
│ │ │ │ │ ├── perspective.go
│ │ │ │ │ ├── protocol.go
│ │ │ │ │ ├── stream.go
│ │ │ │ │ └── version.go
│ │ │ │ ├── qerr/
│ │ │ │ │ ├── error_codes.go
│ │ │ │ │ └── errors.go
│ │ │ │ ├── utils/
│ │ │ │ │ ├── buffered_write_closer.go
│ │ │ │ │ ├── connstats.go
│ │ │ │ │ ├── linkedlist/
│ │ │ │ │ │ ├── README.md
│ │ │ │ │ │ └── linkedlist.go
│ │ │ │ │ ├── log.go
│ │ │ │ │ ├── rand.go
│ │ │ │ │ ├── ringbuffer/
│ │ │ │ │ │ └── ringbuffer.go
│ │ │ │ │ └── rtt_stats.go
│ │ │ │ └── wire/
│ │ │ │ ├── ack_frame.go
│ │ │ │ ├── ack_frequency_frame.go
│ │ │ │ ├── ack_range.go
│ │ │ │ ├── connection_close_frame.go
│ │ │ │ ├── crypto_frame.go
│ │ │ │ ├── data_blocked_frame.go
│ │ │ │ ├── datagram_frame.go
│ │ │ │ ├── extended_header.go
│ │ │ │ ├── frame.go
│ │ │ │ ├── frame_parser.go
│ │ │ │ ├── frame_type.go
│ │ │ │ ├── handshake_done_frame.go
│ │ │ │ ├── header.go
│ │ │ │ ├── immediate_ack_frame.go
│ │ │ │ ├── log.go
│ │ │ │ ├── max_data_frame.go
│ │ │ │ ├── max_stream_data_frame.go
│ │ │ │ ├── max_streams_frame.go
│ │ │ │ ├── new_connection_id_frame.go
│ │ │ │ ├── new_token_frame.go
│ │ │ │ ├── path_challenge_frame.go
│ │ │ │ ├── path_response_frame.go
│ │ │ │ ├── ping_frame.go
│ │ │ │ ├── pool.go
│ │ │ │ ├── reset_stream_frame.go
│ │ │ │ ├── retire_connection_id_frame.go
│ │ │ │ ├── short_header.go
│ │ │ │ ├── stop_sending_frame.go
│ │ │ │ ├── stream_data_blocked_frame.go
│ │ │ │ ├── stream_frame.go
│ │ │ │ ├── streams_blocked_frame.go
│ │ │ │ ├── transport_parameters.go
│ │ │ │ └── version_negotiation.go
│ │ │ ├── mockgen.go
│ │ │ ├── mtu_discoverer.go
│ │ │ ├── oss-fuzz.sh
│ │ │ ├── packet_packer.go
│ │ │ ├── packet_unpacker.go
│ │ │ ├── path_manager.go
│ │ │ ├── path_manager_outgoing.go
│ │ │ ├── qlog/
│ │ │ │ ├── event.go
│ │ │ │ ├── frame.go
│ │ │ │ ├── packet_header.go
│ │ │ │ ├── qlog_dir.go
│ │ │ │ └── types.go
│ │ │ ├── qlogwriter/
│ │ │ │ ├── jsontext/
│ │ │ │ │ └── encoder.go
│ │ │ │ ├── trace.go
│ │ │ │ └── writer.go
│ │ │ ├── quicvarint/
│ │ │ │ ├── io.go
│ │ │ │ └── varint.go
│ │ │ ├── receive_stream.go
│ │ │ ├── retransmission_queue.go
│ │ │ ├── send_conn.go
│ │ │ ├── send_queue.go
│ │ │ ├── send_stream.go
│ │ │ ├── server.go
│ │ │ ├── sni.go
│ │ │ ├── stateless_reset.go
│ │ │ ├── stream.go
│ │ │ ├── streams_map.go
│ │ │ ├── streams_map_incoming.go
│ │ │ ├── streams_map_outgoing.go
│ │ │ ├── sys_conn.go
│ │ │ ├── sys_conn_buffers.go
│ │ │ ├── sys_conn_buffers_write.go
│ │ │ ├── sys_conn_df.go
│ │ │ ├── sys_conn_df_darwin.go
│ │ │ ├── sys_conn_df_linux.go
│ │ │ ├── sys_conn_df_windows.go
│ │ │ ├── sys_conn_helper_darwin.go
│ │ │ ├── sys_conn_helper_freebsd.go
│ │ │ ├── sys_conn_helper_linux.go
│ │ │ ├── sys_conn_helper_nonlinux.go
│ │ │ ├── sys_conn_no_oob.go
│ │ │ ├── sys_conn_oob.go
│ │ │ ├── sys_conn_windows.go
│ │ │ ├── token_store.go
│ │ │ └── transport.go
│ │ └── smartystreets/
│ │ └── goconvey/
│ │ ├── LICENSE.md
│ │ └── convey/
│ │ ├── gotest/
│ │ │ └── utils.go
│ │ └── reporting/
│ │ ├── console.go
│ │ ├── doc.go
│ │ ├── dot.go
│ │ ├── gotest.go
│ │ ├── init.go
│ │ ├── json.go
│ │ ├── printer.go
│ │ ├── problems.go
│ │ ├── reporter.go
│ │ ├── reporting.goconvey
│ │ ├── reports.go
│ │ ├── statistics.go
│ │ └── story.go
│ ├── golang.org/
│ │ └── x/
│ │ ├── crypto/
│ │ │ ├── LICENSE
│ │ │ ├── PATENTS
│ │ │ ├── blake2b/
│ │ │ │ ├── blake2b.go
│ │ │ │ ├── blake2bAVX2_amd64.go
│ │ │ │ ├── blake2bAVX2_amd64.s
│ │ │ │ ├── blake2b_amd64.s
│ │ │ │ ├── blake2b_generic.go
│ │ │ │ ├── blake2b_ref.go
│ │ │ │ ├── blake2x.go
│ │ │ │ ├── go125.go
│ │ │ │ └── register.go
│ │ │ ├── chacha20/
│ │ │ │ ├── chacha_arm64.go
│ │ │ │ ├── chacha_arm64.s
│ │ │ │ ├── chacha_generic.go
│ │ │ │ ├── chacha_noasm.go
│ │ │ │ ├── chacha_ppc64x.go
│ │ │ │ ├── chacha_ppc64x.s
│ │ │ │ ├── chacha_s390x.go
│ │ │ │ ├── chacha_s390x.s
│ │ │ │ └── xor.go
│ │ │ ├── chacha20poly1305/
│ │ │ │ ├── chacha20poly1305.go
│ │ │ │ ├── chacha20poly1305_amd64.go
│ │ │ │ ├── chacha20poly1305_amd64.s
│ │ │ │ ├── chacha20poly1305_generic.go
│ │ │ │ ├── chacha20poly1305_noasm.go
│ │ │ │ ├── fips140only_compat.go
│ │ │ │ ├── fips140only_go1.26.go
│ │ │ │ └── xchacha20poly1305.go
│ │ │ ├── cryptobyte/
│ │ │ │ ├── asn1/
│ │ │ │ │ └── asn1.go
│ │ │ │ ├── asn1.go
│ │ │ │ ├── builder.go
│ │ │ │ └── string.go
│ │ │ ├── curve25519/
│ │ │ │ └── curve25519.go
│ │ │ ├── ed25519/
│ │ │ │ └── ed25519.go
│ │ │ ├── hkdf/
│ │ │ │ └── hkdf.go
│ │ │ ├── internal/
│ │ │ │ ├── alias/
│ │ │ │ │ ├── alias.go
│ │ │ │ │ └── alias_purego.go
│ │ │ │ └── poly1305/
│ │ │ │ ├── mac_noasm.go
│ │ │ │ ├── poly1305.go
│ │ │ │ ├── sum_amd64.s
│ │ │ │ ├── sum_asm.go
│ │ │ │ ├── sum_generic.go
│ │ │ │ ├── sum_loong64.s
│ │ │ │ ├── sum_ppc64x.s
│ │ │ │ ├── sum_s390x.go
│ │ │ │ └── sum_s390x.s
│ │ │ ├── nacl/
│ │ │ │ ├── box/
│ │ │ │ │ └── box.go
│ │ │ │ └── secretbox/
│ │ │ │ └── secretbox.go
│ │ │ ├── poly1305/
│ │ │ │ └── poly1305_compat.go
│ │ │ └── salsa20/
│ │ │ └── salsa/
│ │ │ ├── hsalsa20.go
│ │ │ ├── salsa208.go
│ │ │ ├── salsa20_amd64.go
│ │ │ ├── salsa20_amd64.s
│ │ │ ├── salsa20_noasm.go
│ │ │ └── salsa20_ref.go
│ │ ├── mod/
│ │ │ ├── LICENSE
│ │ │ ├── PATENTS
│ │ │ └── semver/
│ │ │ └── semver.go
│ │ ├── net/
│ │ │ ├── LICENSE
│ │ │ ├── PATENTS
│ │ │ ├── bpf/
│ │ │ │ ├── asm.go
│ │ │ │ ├── constants.go
│ │ │ │ ├── doc.go
│ │ │ │ ├── instructions.go
│ │ │ │ ├── setter.go
│ │ │ │ ├── vm.go
│ │ │ │ └── vm_instructions.go
│ │ │ ├── http/
│ │ │ │ └── httpguts/
│ │ │ │ ├── guts.go
│ │ │ │ └── httplex.go
│ │ │ ├── http2/
│ │ │ │ ├── .gitignore
│ │ │ │ ├── ascii.go
│ │ │ │ ├── ciphers.go
│ │ │ │ ├── client_conn_pool.go
│ │ │ │ ├── client_priority_go126.go
│ │ │ │ ├── client_priority_go127.go
│ │ │ │ ├── config.go
│ │ │ │ ├── config_go125.go
│ │ │ │ ├── config_go126.go
│ │ │ │ ├── databuffer.go
│ │ │ │ ├── errors.go
│ │ │ │ ├── flow.go
│ │ │ │ ├── frame.go
│ │ │ │ ├── gotrack.go
│ │ │ │ ├── hpack/
│ │ │ │ │ ├── encode.go
│ │ │ │ │ ├── hpack.go
│ │ │ │ │ ├── huffman.go
│ │ │ │ │ ├── static_table.go
│ │ │ │ │ └── tables.go
│ │ │ │ ├── http2.go
│ │ │ │ ├── pipe.go
│ │ │ │ ├── server.go
│ │ │ │ ├── transport.go
│ │ │ │ ├── unencrypted.go
│ │ │ │ ├── write.go
│ │ │ │ ├── writesched.go
│ │ │ │ ├── writesched_priority_rfc7540.go
│ │ │ │ ├── writesched_priority_rfc9218.go
│ │ │ │ ├── writesched_random.go
│ │ │ │ └── writesched_roundrobin.go
│ │ │ ├── idna/
│ │ │ │ ├── go118.go
│ │ │ │ ├── idna10.0.0.go
│ │ │ │ ├── idna9.0.0.go
│ │ │ │ ├── pre_go118.go
│ │ │ │ ├── punycode.go
│ │ │ │ ├── tables10.0.0.go
│ │ │ │ ├── tables11.0.0.go
│ │ │ │ ├── tables12.0.0.go
│ │ │ │ ├── tables13.0.0.go
│ │ │ │ ├── tables15.0.0.go
│ │ │ │ ├── tables9.0.0.go
│ │ │ │ ├── trie.go
│ │ │ │ ├── trie12.0.0.go
│ │ │ │ ├── trie13.0.0.go
│ │ │ │ └── trieval.go
│ │ │ ├── internal/
│ │ │ │ ├── httpcommon/
│ │ │ │ │ ├── ascii.go
│ │ │ │ │ ├── headermap.go
│ │ │ │ │ └── request.go
│ │ │ │ ├── httpsfv/
│ │ │ │ │ └── httpsfv.go
│ │ │ │ ├── iana/
│ │ │ │ │ └── const.go
│ │ │ │ ├── socket/
│ │ │ │ │ ├── cmsghdr.go
│ │ │ │ │ ├── cmsghdr_bsd.go
│ │ │ │ │ ├── cmsghdr_linux_32bit.go
│ │ │ │ │ ├── cmsghdr_linux_64bit.go
│ │ │ │ │ ├── cmsghdr_solaris_64bit.go
│ │ │ │ │ ├── cmsghdr_stub.go
│ │ │ │ │ ├── cmsghdr_unix.go
│ │ │ │ │ ├── cmsghdr_zos_s390x.go
│ │ │ │ │ ├── complete_dontwait.go
│ │ │ │ │ ├── complete_nodontwait.go
│ │ │ │ │ ├── empty.s
│ │ │ │ │ ├── error_unix.go
│ │ │ │ │ ├── error_windows.go
│ │ │ │ │ ├── iovec_32bit.go
│ │ │ │ │ ├── iovec_64bit.go
│ │ │ │ │ ├── iovec_solaris_64bit.go
│ │ │ │ │ ├── iovec_stub.go
│ │ │ │ │ ├── mmsghdr_stub.go
│ │ │ │ │ ├── mmsghdr_unix.go
│ │ │ │ │ ├── msghdr_bsd.go
│ │ │ │ │ ├── msghdr_bsdvar.go
│ │ │ │ │ ├── msghdr_linux.go
│ │ │ │ │ ├── msghdr_linux_32bit.go
│ │ │ │ │ ├── msghdr_linux_64bit.go
│ │ │ │ │ ├── msghdr_openbsd.go
│ │ │ │ │ ├── msghdr_solaris_64bit.go
│ │ │ │ │ ├── msghdr_stub.go
│ │ │ │ │ ├── msghdr_zos_s390x.go
│ │ │ │ │ ├── norace.go
│ │ │ │ │ ├── race.go
│ │ │ │ │ ├── rawconn.go
│ │ │ │ │ ├── rawconn_mmsg.go
│ │ │ │ │ ├── rawconn_msg.go
│ │ │ │ │ ├── rawconn_nommsg.go
│ │ │ │ │ ├── rawconn_nomsg.go
│ │ │ │ │ ├── socket.go
│ │ │ │ │ ├── sys_bsd.go
│ │ │ │ │ ├── sys_const_unix.go
│ │ │ │ │ ├── sys_linux.go
│ │ │ │ │ ├── sys_linux_386.go
│ │ │ │ │ ├── sys_linux_386.s
│ │ │ │ │ ├── sys_linux_amd64.go
│ │ │ │ │ ├── sys_linux_arm.go
│ │ │ │ │ ├── sys_linux_arm64.go
│ │ │ │ │ ├── sys_linux_loong64.go
│ │ │ │ │ ├── sys_linux_mips.go
│ │ │ │ │ ├── sys_linux_mips64.go
│ │ │ │ │ ├── sys_linux_mips64le.go
│ │ │ │ │ ├── sys_linux_mipsle.go
│ │ │ │ │ ├── sys_linux_ppc.go
│ │ │ │ │ ├── sys_linux_ppc64.go
│ │ │ │ │ ├── sys_linux_ppc64le.go
│ │ │ │ │ ├── sys_linux_riscv64.go
│ │ │ │ │ ├── sys_linux_s390x.go
│ │ │ │ │ ├── sys_linux_s390x.s
│ │ │ │ │ ├── sys_netbsd.go
│ │ │ │ │ ├── sys_posix.go
│ │ │ │ │ ├── sys_stub.go
│ │ │ │ │ ├── sys_unix.go
│ │ │ │ │ ├── sys_windows.go
│ │ │ │ │ ├── sys_zos_s390x.go
│ │ │ │ │ ├── sys_zos_s390x.s
│ │ │ │ │ ├── zsys_aix_ppc64.go
│ │ │ │ │ ├── zsys_darwin_amd64.go
│ │ │ │ │ ├── zsys_darwin_arm64.go
│ │ │ │ │ ├── zsys_dragonfly_amd64.go
│ │ │ │ │ ├── zsys_freebsd_386.go
│ │ │ │ │ ├── zsys_freebsd_amd64.go
│ │ │ │ │ ├── zsys_freebsd_arm.go
│ │ │ │ │ ├── zsys_freebsd_arm64.go
│ │ │ │ │ ├── zsys_freebsd_riscv64.go
│ │ │ │ │ ├── zsys_linux_386.go
│ │ │ │ │ ├── zsys_linux_amd64.go
│ │ │ │ │ ├── zsys_linux_arm.go
│ │ │ │ │ ├── zsys_linux_arm64.go
│ │ │ │ │ ├── zsys_linux_loong64.go
│ │ │ │ │ ├── zsys_linux_mips.go
│ │ │ │ │ ├── zsys_linux_mips64.go
│ │ │ │ │ ├── zsys_linux_mips64le.go
│ │ │ │ │ ├── zsys_linux_mipsle.go
│ │ │ │ │ ├── zsys_linux_ppc.go
│ │ │ │ │ ├── zsys_linux_ppc64.go
│ │ │ │ │ ├── zsys_linux_ppc64le.go
│ │ │ │ │ ├── zsys_linux_riscv64.go
│ │ │ │ │ ├── zsys_linux_s390x.go
│ │ │ │ │ ├── zsys_netbsd_386.go
│ │ │ │ │ ├── zsys_netbsd_amd64.go
│ │ │ │ │ ├── zsys_netbsd_arm.go
│ │ │ │ │ ├── zsys_netbsd_arm64.go
│ │ │ │ │ ├── zsys_openbsd_386.go
│ │ │ │ │ ├── zsys_openbsd_amd64.go
│ │ │ │ │ ├── zsys_openbsd_arm.go
│ │ │ │ │ ├── zsys_openbsd_arm64.go
│ │ │ │ │ ├── zsys_openbsd_mips64.go
│ │ │ │ │ ├── zsys_openbsd_ppc64.go
│ │ │ │ │ ├── zsys_openbsd_riscv64.go
│ │ │ │ │ ├── zsys_solaris_amd64.go
│ │ │ │ │ └── zsys_zos_s390x.go
│ │ │ │ └── socks/
│ │ │ │ ├── client.go
│ │ │ │ └── socks.go
│ │ │ ├── ipv4/
│ │ │ │ ├── batch.go
│ │ │ │ ├── control.go
│ │ │ │ ├── control_bsd.go
│ │ │ │ ├── control_pktinfo.go
│ │ │ │ ├── control_stub.go
│ │ │ │ ├── control_unix.go
│ │ │ │ ├── control_windows.go
│ │ │ │ ├── control_zos.go
│ │ │ │ ├── dgramopt.go
│ │ │ │ ├── doc.go
│ │ │ │ ├── endpoint.go
│ │ │ │ ├── genericopt.go
│ │ │ │ ├── header.go
│ │ │ │ ├── helper.go
│ │ │ │ ├── iana.go
│ │ │ │ ├── icmp.go
│ │ │ │ ├── icmp_linux.go
│ │ │ │ ├── icmp_stub.go
│ │ │ │ ├── packet.go
│ │ │ │ ├── payload.go
│ │ │ │ ├── payload_cmsg.go
│ │ │ │ ├── payload_nocmsg.go
│ │ │ │ ├── sockopt.go
│ │ │ │ ├── sockopt_posix.go
│ │ │ │ ├── sockopt_stub.go
│ │ │ │ ├── sys_aix.go
│ │ │ │ ├── sys_asmreq.go
│ │ │ │ ├── sys_asmreq_stub.go
│ │ │ │ ├── sys_asmreqn.go
│ │ │ │ ├── sys_asmreqn_stub.go
│ │ │ │ ├── sys_bpf.go
│ │ │ │ ├── sys_bpf_stub.go
│ │ │ │ ├── sys_bsd.go
│ │ │ │ ├── sys_darwin.go
│ │ │ │ ├── sys_dragonfly.go
│ │ │ │ ├── sys_freebsd.go
│ │ │ │ ├── sys_linux.go
│ │ │ │ ├── sys_solaris.go
│ │ │ │ ├── sys_ssmreq.go
│ │ │ │ ├── sys_ssmreq_stub.go
│ │ │ │ ├── sys_stub.go
│ │ │ │ ├── sys_windows.go
│ │ │ │ ├── sys_zos.go
│ │ │ │ ├── zsys_aix_ppc64.go
│ │ │ │ ├── zsys_darwin.go
│ │ │ │ ├── zsys_dragonfly.go
│ │ │ │ ├── zsys_freebsd_386.go
│ │ │ │ ├── zsys_freebsd_amd64.go
│ │ │ │ ├── zsys_freebsd_arm.go
│ │ │ │ ├── zsys_freebsd_arm64.go
│ │ │ │ ├── zsys_freebsd_riscv64.go
│ │ │ │ ├── zsys_linux_386.go
│ │ │ │ ├── zsys_linux_amd64.go
│ │ │ │ ├── zsys_linux_arm.go
│ │ │ │ ├── zsys_linux_arm64.go
│ │ │ │ ├── zsys_linux_loong64.go
│ │ │ │ ├── zsys_linux_mips.go
│ │ │ │ ├── zsys_linux_mips64.go
│ │ │ │ ├── zsys_linux_mips64le.go
│ │ │ │ ├── zsys_linux_mipsle.go
│ │ │ │ ├── zsys_linux_ppc.go
│ │ │ │ ├── zsys_linux_ppc64.go
│ │ │ │ ├── zsys_linux_ppc64le.go
│ │ │ │ ├── zsys_linux_riscv64.go
│ │ │ │ ├── zsys_linux_s390x.go
│ │ │ │ ├── zsys_netbsd.go
│ │ │ │ ├── zsys_openbsd.go
│ │ │ │ ├── zsys_solaris.go
│ │ │ │ └── zsys_zos_s390x.go
│ │ │ ├── ipv6/
│ │ │ │ ├── batch.go
│ │ │ │ ├── control.go
│ │ │ │ ├── control_rfc2292_unix.go
│ │ │ │ ├── control_rfc3542_unix.go
│ │ │ │ ├── control_stub.go
│ │ │ │ ├── control_unix.go
│ │ │ │ ├── control_windows.go
│ │ │ │ ├── dgramopt.go
│ │ │ │ ├── doc.go
│ │ │ │ ├── endpoint.go
│ │ │ │ ├── genericopt.go
│ │ │ │ ├── header.go
│ │ │ │ ├── helper.go
│ │ │ │ ├── iana.go
│ │ │ │ ├── icmp.go
│ │ │ │ ├── icmp_bsd.go
│ │ │ │ ├── icmp_linux.go
│ │ │ │ ├── icmp_solaris.go
│ │ │ │ ├── icmp_stub.go
│ │ │ │ ├── icmp_windows.go
│ │ │ │ ├── icmp_zos.go
│ │ │ │ ├── payload.go
│ │ │ │ ├── payload_cmsg.go
│ │ │ │ ├── payload_nocmsg.go
│ │ │ │ ├── sockopt.go
│ │ │ │ ├── sockopt_posix.go
│ │ │ │ ├── sockopt_stub.go
│ │ │ │ ├── sys_aix.go
│ │ │ │ ├── sys_asmreq.go
│ │ │ │ ├── sys_asmreq_stub.go
│ │ │ │ ├── sys_bpf.go
│ │ │ │ ├── sys_bpf_stub.go
│ │ │ │ ├── sys_bsd.go
│ │ │ │ ├── sys_darwin.go
│ │ │ │ ├── sys_freebsd.go
│ │ │ │ ├── sys_linux.go
│ │ │ │ ├── sys_solaris.go
│ │ │ │ ├── sys_ssmreq.go
│ │ │ │ ├── sys_ssmreq_stub.go
│ │ │ │ ├── sys_stub.go
│ │ │ │ ├── sys_windows.go
│ │ │ │ ├── sys_zos.go
│ │ │ │ ├── zsys_aix_ppc64.go
│ │ │ │ ├── zsys_darwin.go
│ │ │ │ ├── zsys_dragonfly.go
│ │ │ │ ├── zsys_freebsd_386.go
│ │ │ │ ├── zsys_freebsd_amd64.go
│ │ │ │ ├── zsys_freebsd_arm.go
│ │ │ │ ├── zsys_freebsd_arm64.go
│ │ │ │ ├── zsys_freebsd_riscv64.go
│ │ │ │ ├── zsys_linux_386.go
│ │ │ │ ├── zsys_linux_amd64.go
│ │ │ │ ├── zsys_linux_arm.go
│ │ │ │ ├── zsys_linux_arm64.go
│ │ │ │ ├── zsys_linux_loong64.go
│ │ │ │ ├── zsys_linux_mips.go
│ │ │ │ ├── zsys_linux_mips64.go
│ │ │ │ ├── zsys_linux_mips64le.go
│ │ │ │ ├── zsys_linux_mipsle.go
│ │ │ │ ├── zsys_linux_ppc.go
│ │ │ │ ├── zsys_linux_ppc64.go
│ │ │ │ ├── zsys_linux_ppc64le.go
│ │ │ │ ├── zsys_linux_riscv64.go
│ │ │ │ ├── zsys_linux_s390x.go
│ │ │ │ ├── zsys_netbsd.go
│ │ │ │ ├── zsys_openbsd.go
│ │ │ │ ├── zsys_solaris.go
│ │ │ │ └── zsys_zos_s390x.go
│ │ │ └── proxy/
│ │ │ ├── dial.go
│ │ │ ├── direct.go
│ │ │ ├── per_host.go
│ │ │ ├── proxy.go
│ │ │ └── socks5.go
│ │ ├── sync/
│ │ │ ├── LICENSE
│ │ │ ├── PATENTS
│ │ │ └── errgroup/
│ │ │ └── errgroup.go
│ │ ├── sys/
│ │ │ ├── LICENSE
│ │ │ ├── PATENTS
│ │ │ ├── cpu/
│ │ │ │ ├── asm_aix_ppc64.s
│ │ │ │ ├── asm_darwin_x86_gc.s
│ │ │ │ ├── byteorder.go
│ │ │ │ ├── cpu.go
│ │ │ │ ├── cpu_aix.go
│ │ │ │ ├── cpu_arm.go
│ │ │ │ ├── cpu_arm64.go
│ │ │ │ ├── cpu_arm64.s
│ │ │ │ ├── cpu_darwin_x86.go
│ │ │ │ ├── cpu_gc_arm64.go
│ │ │ │ ├── cpu_gc_s390x.go
│ │ │ │ ├── cpu_gc_x86.go
│ │ │ │ ├── cpu_gc_x86.s
│ │ │ │ ├── cpu_gccgo_arm64.go
│ │ │ │ ├── cpu_gccgo_s390x.go
│ │ │ │ ├── cpu_gccgo_x86.c
│ │ │ │ ├── cpu_gccgo_x86.go
│ │ │ │ ├── cpu_linux.go
│ │ │ │ ├── cpu_linux_arm.go
│ │ │ │ ├── cpu_linux_arm64.go
│ │ │ │ ├── cpu_linux_loong64.go
│ │ │ │ ├── cpu_linux_mips64x.go
│ │ │ │ ├── cpu_linux_noinit.go
│ │ │ │ ├── cpu_linux_ppc64x.go
│ │ │ │ ├── cpu_linux_riscv64.go
│ │ │ │ ├── cpu_linux_s390x.go
│ │ │ │ ├── cpu_loong64.go
│ │ │ │ ├── cpu_loong64.s
│ │ │ │ ├── cpu_mips64x.go
│ │ │ │ ├── cpu_mipsx.go
│ │ │ │ ├── cpu_netbsd_arm64.go
│ │ │ │ ├── cpu_openbsd_arm64.go
│ │ │ │ ├── cpu_openbsd_arm64.s
│ │ │ │ ├── cpu_other_arm.go
│ │ │ │ ├── cpu_other_arm64.go
│ │ │ │ ├── cpu_other_mips64x.go
│ │ │ │ ├── cpu_other_ppc64x.go
│ │ │ │ ├── cpu_other_riscv64.go
│ │ │ │ ├── cpu_other_x86.go
│ │ │ │ ├── cpu_ppc64x.go
│ │ │ │ ├── cpu_riscv64.go
│ │ │ │ ├── cpu_s390x.go
│ │ │ │ ├── cpu_s390x.s
│ │ │ │ ├── cpu_wasm.go
│ │ │ │ ├── cpu_windows_arm64.go
│ │ │ │ ├── cpu_x86.go
│ │ │ │ ├── cpu_zos.go
│ │ │ │ ├── cpu_zos_s390x.go
│ │ │ │ ├── endian_big.go
│ │ │ │ ├── endian_little.go
│ │ │ │ ├── hwcap_linux.go
│ │ │ │ ├── parse.go
│ │ │ │ ├── proc_cpuinfo_linux.go
│ │ │ │ ├── runtime_auxv.go
│ │ │ │ ├── runtime_auxv_go121.go
│ │ │ │ ├── syscall_aix_gccgo.go
│ │ │ │ ├── syscall_aix_ppc64_gc.go
│ │ │ │ └── syscall_darwin_x86_gc.go
│ │ │ ├── unix/
│ │ │ │ ├── .gitignore
│ │ │ │ ├── README.md
│ │ │ │ ├── affinity_linux.go
│ │ │ │ ├── aliases.go
│ │ │ │ ├── asm_aix_ppc64.s
│ │ │ │ ├── asm_bsd_386.s
│ │ │ │ ├── asm_bsd_amd64.s
│ │ │ │ ├── asm_bsd_arm.s
│ │ │ │ ├── asm_bsd_arm64.s
│ │ │ │ ├── asm_bsd_ppc64.s
│ │ │ │ ├── asm_bsd_riscv64.s
│ │ │ │ ├── asm_linux_386.s
│ │ │ │ ├── asm_linux_amd64.s
│ │ │ │ ├── asm_linux_arm.s
│ │ │ │ ├── asm_linux_arm64.s
│ │ │ │ ├── asm_linux_loong64.s
│ │ │ │ ├── asm_linux_mips64x.s
│ │ │ │ ├── asm_linux_mipsx.s
│ │ │ │ ├── asm_linux_ppc64x.s
│ │ │ │ ├── asm_linux_riscv64.s
│ │ │ │ ├── asm_linux_s390x.s
│ │ │ │ ├── asm_openbsd_mips64.s
│ │ │ │ ├── asm_solaris_amd64.s
│ │ │ │ ├── asm_zos_s390x.s
│ │ │ │ ├── auxv.go
│ │ │ │ ├── auxv_unsupported.go
│ │ │ │ ├── bluetooth_linux.go
│ │ │ │ ├── bpxsvc_zos.go
│ │ │ │ ├── bpxsvc_zos.s
│ │ │ │ ├── cap_freebsd.go
│ │ │ │ ├── constants.go
│ │ │ │ ├── dev_aix_ppc.go
│ │ │ │ ├── dev_aix_ppc64.go
│ │ │ │ ├── dev_darwin.go
│ │ │ │ ├── dev_dragonfly.go
│ │ │ │ ├── dev_freebsd.go
│ │ │ │ ├── dev_linux.go
│ │ │ │ ├── dev_netbsd.go
│ │ │ │ ├── dev_openbsd.go
│ │ │ │ ├── dev_zos.go
│ │ │ │ ├── dirent.go
│ │ │ │ ├── endian_big.go
│ │ │ │ ├── endian_little.go
│ │ │ │ ├── env_unix.go
│ │ │ │ ├── fcntl.go
│ │ │ │ ├── fcntl_darwin.go
│ │ │ │ ├── fcntl_linux_32bit.go
│ │ │ │ ├── fdset.go
│ │ │ │ ├── gccgo.go
│ │ │ │ ├── gccgo_c.c
│ │ │ │ ├── gccgo_linux_amd64.go
│ │ │ │ ├── ifreq_linux.go
│ │ │ │ ├── ioctl_linux.go
│ │ │ │ ├── ioctl_signed.go
│ │ │ │ ├── ioctl_unsigned.go
│ │ │ │ ├── ioctl_zos.go
│ │ │ │ ├── mkall.sh
│ │ │ │ ├── mkerrors.sh
│ │ │ │ ├── mmap_nomremap.go
│ │ │ │ ├── mremap.go
│ │ │ │ ├── pagesize_unix.go
│ │ │ │ ├── pledge_openbsd.go
│ │ │ │ ├── ptrace_darwin.go
│ │ │ │ ├── ptrace_ios.go
│ │ │ │ ├── race.go
│ │ │ │ ├── race0.go
│ │ │ │ ├── readdirent_getdents.go
│ │ │ │ ├── readdirent_getdirentries.go
│ │ │ │ ├── sockcmsg_dragonfly.go
│ │ │ │ ├── sockcmsg_linux.go
│ │ │ │ ├── sockcmsg_unix.go
│ │ │ │ ├── sockcmsg_unix_other.go
│ │ │ │ ├── sockcmsg_zos.go
│ │ │ │ ├── symaddr_zos_s390x.s
│ │ │ │ ├── syscall.go
│ │ │ │ ├── syscall_aix.go
│ │ │ │ ├── syscall_aix_ppc.go
│ │ │ │ ├── syscall_aix_ppc64.go
│ │ │ │ ├── syscall_bsd.go
│ │ │ │ ├── syscall_darwin.go
│ │ │ │ ├── syscall_darwin_amd64.go
│ │ │ │ ├── syscall_darwin_arm64.go
│ │ │ │ ├── syscall_darwin_libSystem.go
│ │ │ │ ├── syscall_dragonfly.go
│ │ │ │ ├── syscall_dragonfly_amd64.go
│ │ │ │ ├── syscall_freebsd.go
│ │ │ │ ├── syscall_freebsd_386.go
│ │ │ │ ├── syscall_freebsd_amd64.go
│ │ │ │ ├── syscall_freebsd_arm.go
│ │ │ │ ├── syscall_freebsd_arm64.go
│ │ │ │ ├── syscall_freebsd_riscv64.go
│ │ │ │ ├── syscall_hurd.go
│ │ │ │ ├── syscall_hurd_386.go
│ │ │ │ ├── syscall_illumos.go
│ │ │ │ ├── syscall_linux.go
│ │ │ │ ├── syscall_linux_386.go
│ │ │ │ ├── syscall_linux_alarm.go
│ │ │ │ ├── syscall_linux_amd64.go
│ │ │ │ ├── syscall_linux_amd64_gc.go
│ │ │ │ ├── syscall_linux_arm.go
│ │ │ │ ├── syscall_linux_arm64.go
│ │ │ │ ├── syscall_linux_gc.go
│ │ │ │ ├── syscall_linux_gc_386.go
│ │ │ │ ├── syscall_linux_gc_arm.go
│ │ │ │ ├── syscall_linux_gccgo_386.go
│ │ │ │ ├── syscall_linux_gccgo_arm.go
│ │ │ │ ├── syscall_linux_loong64.go
│ │ │ │ ├── syscall_linux_mips64x.go
│ │ │ │ ├── syscall_linux_mipsx.go
│ │ │ │ ├── syscall_linux_ppc.go
│ │ │ │ ├── syscall_linux_ppc64x.go
│ │ │ │ ├── syscall_linux_riscv64.go
│ │ │ │ ├── syscall_linux_s390x.go
│ │ │ │ ├── syscall_linux_sparc64.go
│ │ │ │ ├── syscall_netbsd.go
│ │ │ │ ├── syscall_netbsd_386.go
│ │ │ │ ├── syscall_netbsd_amd64.go
│ │ │ │ ├── syscall_netbsd_arm.go
│ │ │ │ ├── syscall_netbsd_arm64.go
│ │ │ │ ├── syscall_openbsd.go
│ │ │ │ ├── syscall_openbsd_386.go
│ │ │ │ ├── syscall_openbsd_amd64.go
│ │ │ │ ├── syscall_openbsd_arm.go
│ │ │ │ ├── syscall_openbsd_arm64.go
│ │ │ │ ├── syscall_openbsd_libc.go
│ │ │ │ ├── syscall_openbsd_mips64.go
│ │ │ │ ├── syscall_openbsd_ppc64.go
│ │ │ │ ├── syscall_openbsd_riscv64.go
│ │ │ │ ├── syscall_solaris.go
│ │ │ │ ├── syscall_solaris_amd64.go
│ │ │ │ ├── syscall_unix.go
│ │ │ │ ├── syscall_unix_gc.go
│ │ │ │ ├── syscall_unix_gc_ppc64x.go
│ │ │ │ ├── syscall_zos_s390x.go
│ │ │ │ ├── sysvshm_linux.go
│ │ │ │ ├── sysvshm_unix.go
│ │ │ │ ├── sysvshm_unix_other.go
│ │ │ │ ├── timestruct.go
│ │ │ │ ├── unveil_openbsd.go
│ │ │ │ ├── vgetrandom_linux.go
│ │ │ │ ├── vgetrandom_unsupported.go
│ │ │ │ ├── xattr_bsd.go
│ │ │ │ ├── zerrors_aix_ppc.go
│ │ │ │ ├── zerrors_aix_ppc64.go
│ │ │ │ ├── zerrors_darwin_amd64.go
│ │ │ │ ├── zerrors_darwin_arm64.go
│ │ │ │ ├── zerrors_dragonfly_amd64.go
│ │ │ │ ├── zerrors_freebsd_386.go
│ │ │ │ ├── zerrors_freebsd_amd64.go
│ │ │ │ ├── zerrors_freebsd_arm.go
│ │ │ │ ├── zerrors_freebsd_arm64.go
│ │ │ │ ├── zerrors_freebsd_riscv64.go
│ │ │ │ ├── zerrors_linux.go
│ │ │ │ ├── zerrors_linux_386.go
│ │ │ │ ├── zerrors_linux_amd64.go
│ │ │ │ ├── zerrors_linux_arm.go
│ │ │ │ ├── zerrors_linux_arm64.go
│ │ │ │ ├── zerrors_linux_loong64.go
│ │ │ │ ├── zerrors_linux_mips.go
│ │ │ │ ├── zerrors_linux_mips64.go
│ │ │ │ ├── zerrors_linux_mips64le.go
│ │ │ │ ├── zerrors_linux_mipsle.go
│ │ │ │ ├── zerrors_linux_ppc.go
│ │ │ │ ├── zerrors_linux_ppc64.go
│ │ │ │ ├── zerrors_linux_ppc64le.go
│ │ │ │ ├── zerrors_linux_riscv64.go
│ │ │ │ ├── zerrors_linux_s390x.go
│ │ │ │ ├── zerrors_linux_sparc64.go
│ │ │ │ ├── zerrors_netbsd_386.go
│ │ │ │ ├── zerrors_netbsd_amd64.go
│ │ │ │ ├── zerrors_netbsd_arm.go
│ │ │ │ ├── zerrors_netbsd_arm64.go
│ │ │ │ ├── zerrors_openbsd_386.go
│ │ │ │ ├── zerrors_openbsd_amd64.go
│ │ │ │ ├── zerrors_openbsd_arm.go
│ │ │ │ ├── zerrors_openbsd_arm64.go
│ │ │ │ ├── zerrors_openbsd_mips64.go
│ │ │ │ ├── zerrors_openbsd_ppc64.go
│ │ │ │ ├── zerrors_openbsd_riscv64.go
│ │ │ │ ├── zerrors_solaris_amd64.go
│ │ │ │ ├── zerrors_zos_s390x.go
│ │ │ │ ├── zptrace_armnn_linux.go
│ │ │ │ ├── zptrace_linux_arm64.go
│ │ │ │ ├── zptrace_mipsnn_linux.go
│ │ │ │ ├── zptrace_mipsnnle_linux.go
│ │ │ │ ├── zptrace_x86_linux.go
│ │ │ │ ├── zsymaddr_zos_s390x.s
│ │ │ │ ├── zsyscall_aix_ppc.go
│ │ │ │ ├── zsyscall_aix_ppc64.go
│ │ │ │ ├── zsyscall_aix_ppc64_gc.go
│ │ │ │ ├── zsyscall_aix_ppc64_gccgo.go
│ │ │ │ ├── zsyscall_darwin_amd64.go
│ │ │ │ ├── zsyscall_darwin_amd64.s
│ │ │ │ ├── zsyscall_darwin_arm64.go
│ │ │ │ ├── zsyscall_darwin_arm64.s
│ │ │ │ ├── zsyscall_dragonfly_amd64.go
│ │ │ │ ├── zsyscall_freebsd_386.go
│ │ │ │ ├── zsyscall_freebsd_amd64.go
│ │ │ │ ├── zsyscall_freebsd_arm.go
│ │ │ │ ├── zsyscall_freebsd_arm64.go
│ │ │ │ ├── zsyscall_freebsd_riscv64.go
│ │ │ │ ├── zsyscall_illumos_amd64.go
│ │ │ │ ├── zsyscall_linux.go
│ │ │ │ ├── zsyscall_linux_386.go
│ │ │ │ ├── zsyscall_linux_amd64.go
│ │ │ │ ├── zsyscall_linux_arm.go
│ │ │ │ ├── zsyscall_linux_arm64.go
│ │ │ │ ├── zsyscall_linux_loong64.go
│ │ │ │ ├── zsyscall_linux_mips.go
│ │ │ │ ├── zsyscall_linux_mips64.go
│ │ │ │ ├── zsyscall_linux_mips64le.go
│ │ │ │ ├── zsyscall_linux_mipsle.go
│ │ │ │ ├── zsyscall_linux_ppc.go
│ │ │ │ ├── zsyscall_linux_ppc64.go
│ │ │ │ ├── zsyscall_linux_ppc64le.go
│ │ │ │ ├── zsyscall_linux_riscv64.go
│ │ │ │ ├── zsyscall_linux_s390x.go
│ │ │ │ ├── zsyscall_linux_sparc64.go
│ │ │ │ ├── zsyscall_netbsd_386.go
│ │ │ │ ├── zsyscall_netbsd_amd64.go
│ │ │ │ ├── zsyscall_netbsd_arm.go
│ │ │ │ ├── zsyscall_netbsd_arm64.go
│ │ │ │ ├── zsyscall_openbsd_386.go
│ │ │ │ ├── zsyscall_openbsd_386.s
│ │ │ │ ├── zsyscall_openbsd_amd64.go
│ │ │ │ ├── zsyscall_openbsd_amd64.s
│ │ │ │ ├── zsyscall_openbsd_arm.go
│ │ │ │ ├── zsyscall_openbsd_arm.s
│ │ │ │ ├── zsyscall_openbsd_arm64.go
│ │ │ │ ├── zsyscall_openbsd_arm64.s
│ │ │ │ ├── zsyscall_openbsd_mips64.go
│ │ │ │ ├── zsyscall_openbsd_mips64.s
│ │ │ │ ├── zsyscall_openbsd_ppc64.go
│ │ │ │ ├── zsyscall_openbsd_ppc64.s
│ │ │ │ ├── zsyscall_openbsd_riscv64.go
│ │ │ │ ├── zsyscall_openbsd_riscv64.s
│ │ │ │ ├── zsyscall_solaris_amd64.go
│ │ │ │ ├── zsyscall_zos_s390x.go
│ │ │ │ ├── zsysctl_openbsd_386.go
│ │ │ │ ├── zsysctl_openbsd_amd64.go
│ │ │ │ ├── zsysctl_openbsd_arm.go
│ │ │ │ ├── zsysctl_openbsd_arm64.go
│ │ │ │ ├── zsysctl_openbsd_mips64.go
│ │ │ │ ├── zsysctl_openbsd_ppc64.go
│ │ │ │ ├── zsysctl_openbsd_riscv64.go
│ │ │ │ ├── zsysnum_darwin_amd64.go
│ │ │ │ ├── zsysnum_darwin_arm64.go
│ │ │ │ ├── zsysnum_dragonfly_amd64.go
│ │ │ │ ├── zsysnum_freebsd_386.go
│ │ │ │ ├── zsysnum_freebsd_amd64.go
│ │ │ │ ├── zsysnum_freebsd_arm.go
│ │ │ │ ├── zsysnum_freebsd_arm64.go
│ │ │ │ ├── zsysnum_freebsd_riscv64.go
│ │ │ │ ├── zsysnum_linux_386.go
│ │ │ │ ├── zsysnum_linux_amd64.go
│ │ │ │ ├── zsysnum_linux_arm.go
│ │ │ │ ├── zsysnum_linux_arm64.go
│ │ │ │ ├── zsysnum_linux_loong64.go
│ │ │ │ ├── zsysnum_linux_mips.go
│ │ │ │ ├── zsysnum_linux_mips64.go
│ │ │ │ ├── zsysnum_linux_mips64le.go
│ │ │ │ ├── zsysnum_linux_mipsle.go
│ │ │ │ ├── zsysnum_linux_ppc.go
│ │ │ │ ├── zsysnum_linux_ppc64.go
│ │ │ │ ├── zsysnum_linux_ppc64le.go
│ │ │ │ ├── zsysnum_linux_riscv64.go
│ │ │ │ ├── zsysnum_linux_s390x.go
│ │ │ │ ├── zsysnum_linux_sparc64.go
│ │ │ │ ├── zsysnum_netbsd_386.go
│ │ │ │ ├── zsysnum_netbsd_amd64.go
│ │ │ │ ├── zsysnum_netbsd_arm.go
│ │ │ │ ├── zsysnum_netbsd_arm64.go
│ │ │ │ ├── zsysnum_openbsd_386.go
│ │ │ │ ├── zsysnum_openbsd_amd64.go
│ │ │ │ ├── zsysnum_openbsd_arm.go
│ │ │ │ ├── zsysnum_openbsd_arm64.go
│ │ │ │ ├── zsysnum_openbsd_mips64.go
│ │ │ │ ├── zsysnum_openbsd_ppc64.go
│ │ │ │ ├── zsysnum_openbsd_riscv64.go
│ │ │ │ ├── zsysnum_zos_s390x.go
│ │ │ │ ├── ztypes_aix_ppc.go
│ │ │ │ ├── ztypes_aix_ppc64.go
│ │ │ │ ├── ztypes_darwin_amd64.go
│ │ │ │ ├── ztypes_darwin_arm64.go
│ │ │ │ ├── ztypes_dragonfly_amd64.go
│ │ │ │ ├── ztypes_freebsd_386.go
│ │ │ │ ├── ztypes_freebsd_amd64.go
│ │ │ │ ├── ztypes_freebsd_arm.go
│ │ │ │ ├── ztypes_freebsd_arm64.go
│ │ │ │ ├── ztypes_freebsd_riscv64.go
│ │ │ │ ├── ztypes_linux.go
│ │ │ │ ├── ztypes_linux_386.go
│ │ │ │ ├── ztypes_linux_amd64.go
│ │ │ │ ├── ztypes_linux_arm.go
│ │ │ │ ├── ztypes_linux_arm64.go
│ │ │ │ ├── ztypes_linux_loong64.go
│ │ │ │ ├── ztypes_linux_mips.go
│ │ │ │ ├── ztypes_linux_mips64.go
│ │ │ │ ├── ztypes_linux_mips64le.go
│ │ │ │ ├── ztypes_linux_mipsle.go
│ │ │ │ ├── ztypes_linux_ppc.go
│ │ │ │ ├── ztypes_linux_ppc64.go
│ │ │ │ ├── ztypes_linux_ppc64le.go
│ │ │ │ ├── ztypes_linux_riscv64.go
│ │ │ │ ├── ztypes_linux_s390x.go
│ │ │ │ ├── ztypes_linux_sparc64.go
│ │ │ │ ├── ztypes_netbsd_386.go
│ │ │ │ ├── ztypes_netbsd_amd64.go
│ │ │ │ ├── ztypes_netbsd_arm.go
│ │ │ │ ├── ztypes_netbsd_arm64.go
│ │ │ │ ├── ztypes_openbsd_386.go
│ │ │ │ ├── ztypes_openbsd_amd64.go
│ │ │ │ ├── ztypes_openbsd_arm.go
│ │ │ │ ├── ztypes_openbsd_arm64.go
│ │ │ │ ├── ztypes_openbsd_mips64.go
│ │ │ │ ├── ztypes_openbsd_ppc64.go
│ │ │ │ ├── ztypes_openbsd_riscv64.go
│ │ │ │ ├── ztypes_solaris_amd64.go
│ │ │ │ └── ztypes_zos_s390x.go
│ │ │ └── windows/
│ │ │ ├── aliases.go
│ │ │ ├── dll_windows.go
│ │ │ ├── env_windows.go
│ │ │ ├── eventlog.go
│ │ │ ├── exec_windows.go
│ │ │ ├── memory_windows.go
│ │ │ ├── mkerrors.bash
│ │ │ ├── mkknownfolderids.bash
│ │ │ ├── mksyscall.go
│ │ │ ├── race.go
│ │ │ ├── race0.go
│ │ │ ├── registry/
│ │ │ │ ├── key.go
│ │ │ │ ├── mksyscall.go
│ │ │ │ ├── syscall.go
│ │ │ │ ├── value.go
│ │ │ │ └── zsyscall_windows.go
│ │ │ ├── security_windows.go
│ │ │ ├── service.go
│ │ │ ├── setupapi_windows.go
│ │ │ ├── str.go
│ │ │ ├── svc/
│ │ │ │ ├── eventlog/
│ │ │ │ │ ├── install.go
│ │ │ │ │ └── log.go
│ │ │ │ ├── mgr/
│ │ │ │ │ ├── config.go
│ │ │ │ │ ├── mgr.go
│ │ │ │ │ ├── recovery.go
│ │ │ │ │ └── service.go
│ │ │ │ ├── security.go
│ │ │ │ └── service.go
│ │ │ ├── syscall.go
│ │ │ ├── syscall_windows.go
│ │ │ ├── types_windows.go
│ │ │ ├── types_windows_386.go
│ │ │ ├── types_windows_amd64.go
│ │ │ ├── types_windows_arm.go
│ │ │ ├── types_windows_arm64.go
│ │ │ ├── zerrors_windows.go
│ │ │ ├── zknownfolderids_windows.go
│ │ │ └── zsyscall_windows.go
│ │ ├── text/
│ │ │ ├── LICENSE
│ │ │ ├── PATENTS
│ │ │ ├── secure/
│ │ │ │ └── bidirule/
│ │ │ │ └── bidirule.go
│ │ │ ├── transform/
│ │ │ │ └── transform.go
│ │ │ └── unicode/
│ │ │ ├── bidi/
│ │ │ │ ├── bidi.go
│ │ │ │ ├── bracket.go
│ │ │ │ ├── core.go
│ │ │ │ ├── prop.go
│ │ │ │ ├── tables15.0.0.go
│ │ │ │ ├── tables17.0.0.go
│ │ │ │ └── trieval.go
│ │ │ └── norm/
│ │ │ ├── composition.go
│ │ │ ├── forminfo.go
│ │ │ ├── input.go
│ │ │ ├── iter.go
│ │ │ ├── normalize.go
│ │ │ ├── readwriter.go
│ │ │ ├── tables15.0.0.go
│ │ │ ├── tables17.0.0.go
│ │ │ ├── transform.go
│ │ │ └── trie.go
│ │ └── tools/
│ │ ├── LICENSE
│ │ ├── PATENTS
│ │ ├── go/
│ │ │ ├── ast/
│ │ │ │ ├── edge/
│ │ │ │ │ └── edge.go
│ │ │ │ └── inspector/
│ │ │ │ ├── cursor.go
│ │ │ │ ├── inspector.go
│ │ │ │ ├── iter.go
│ │ │ │ ├── typeof.go
│ │ │ │ └── walk.go
│ │ │ ├── gcexportdata/
│ │ │ │ ├── gcexportdata.go
│ │ │ │ └── importer.go
│ │ │ ├── packages/
│ │ │ │ ├── doc.go
│ │ │ │ ├── external.go
│ │ │ │ ├── golist.go
│ │ │ │ ├── golist_overlay.go
│ │ │ │ ├── loadmode_string.go
│ │ │ │ ├── packages.go
│ │ │ │ └── visit.go
│ │ │ └── types/
│ │ │ ├── objectpath/
│ │ │ │ └── objectpath.go
│ │ │ └── typeutil/
│ │ │ ├── callee.go
│ │ │ ├── imports.go
│ │ │ ├── map.go
│ │ │ ├── methodsetcache.go
│ │ │ └── ui.go
│ │ └── internal/
│ │ ├── aliases/
│ │ │ └── aliases.go
│ │ ├── event/
│ │ │ ├── core/
│ │ │ │ ├── event.go
│ │ │ │ ├── export.go
│ │ │ │ └── fast.go
│ │ │ ├── doc.go
│ │ │ ├── event.go
│ │ │ ├── keys/
│ │ │ │ ├── keys.go
│ │ │ │ ├── standard.go
│ │ │ │ └── util.go
│ │ │ └── label/
│ │ │ └── label.go
│ │ ├── gcimporter/
│ │ │ ├── bimport.go
│ │ │ ├── exportdata.go
│ │ │ ├── gcimporter.go
│ │ │ ├── iexport.go
│ │ │ ├── iimport.go
│ │ │ ├── predeclared.go
│ │ │ ├── support.go
│ │ │ └── ureader_yes.go
│ │ ├── gocommand/
│ │ │ ├── invoke.go
│ │ │ ├── invoke_notunix.go
│ │ │ ├── invoke_unix.go
│ │ │ ├── vendor.go
│ │ │ └── version.go
│ │ ├── packagesinternal/
│ │ │ └── packages.go
│ │ ├── pkgbits/
│ │ │ ├── codes.go
│ │ │ ├── decoder.go
│ │ │ ├── doc.go
│ │ │ ├── encoder.go
│ │ │ ├── flags.go
│ │ │ ├── reloc.go
│ │ │ ├── support.go
│ │ │ ├── sync.go
│ │ │ ├── syncmarker_string.go
│ │ │ └── version.go
│ │ ├── stdlib/
│ │ │ ├── deps.go
│ │ │ ├── import.go
│ │ │ ├── manifest.go
│ │ │ └── stdlib.go
│ │ ├── typeparams/
│ │ │ ├── common.go
│ │ │ ├── coretype.go
│ │ │ ├── free.go
│ │ │ ├── normalize.go
│ │ │ ├── termlist.go
│ │ │ └── typeterm.go
│ │ ├── typesinternal/
│ │ │ ├── classify_call.go
│ │ │ ├── element.go
│ │ │ ├── errorcode.go
│ │ │ ├── errorcode_string.go
│ │ │ ├── fx.go
│ │ │ ├── isnamed.go
│ │ │ ├── qualifier.go
│ │ │ ├── recv.go
│ │ │ ├── toonew.go
│ │ │ ├── types.go
│ │ │ ├── varkind.go
│ │ │ ├── varkind_go124.go
│ │ │ └── zerovalue.go
│ │ └── versions/
│ │ ├── features.go
│ │ ├── gover.go
│ │ ├── types.go
│ │ └── versions.go
│ ├── google.golang.org/
│ │ ├── genproto/
│ │ │ └── googleapis/
│ │ │ └── rpc/
│ │ │ ├── LICENSE
│ │ │ └── status/
│ │ │ └── status.pb.go
│ │ ├── grpc/
│ │ │ ├── AUTHORS
│ │ │ ├── LICENSE
│ │ │ ├── NOTICE.txt
│ │ │ ├── codes/
│ │ │ │ ├── code_string.go
│ │ │ │ └── codes.go
│ │ │ ├── connectivity/
│ │ │ │ └── connectivity.go
│ │ │ ├── grpclog/
│ │ │ │ ├── component.go
│ │ │ │ ├── grpclog.go
│ │ │ │ ├── internal/
│ │ │ │ │ ├── grpclog.go
│ │ │ │ │ ├── logger.go
│ │ │ │ │ └── loggerv2.go
│ │ │ │ ├── logger.go
│ │ │ │ └── loggerv2.go
│ │ │ ├── internal/
│ │ │ │ ├── experimental.go
│ │ │ │ ├── internal.go
│ │ │ │ ├── status/
│ │ │ │ │ └── status.go
│ │ │ │ ├── tcp_keepalive_others.go
│ │ │ │ ├── tcp_keepalive_unix.go
│ │ │ │ └── tcp_keepalive_windows.go
│ │ │ ├── serviceconfig/
│ │ │ │ └── serviceconfig.go
│ │ │ └── status/
│ │ │ └── status.go
│ │ └── protobuf/
│ │ ├── LICENSE
│ │ ├── PATENTS
│ │ ├── encoding/
│ │ │ ├── prototext/
│ │ │ │ ├── decode.go
│ │ │ │ ├── doc.go
│ │ │ │ └── encode.go
│ │ │ └── protowire/
│ │ │ └── wire.go
│ │ ├── internal/
│ │ │ ├── descfmt/
│ │ │ │ └── stringer.go
│ │ │ ├── descopts/
│ │ │ │ └── options.go
│ │ │ ├── detrand/
│ │ │ │ └── rand.go
│ │ │ ├── editiondefaults/
│ │ │ │ ├── defaults.go
│ │ │ │ └── editions_defaults.binpb
│ │ │ ├── encoding/
│ │ │ │ ├── defval/
│ │ │ │ │ └── default.go
│ │ │ │ ├── messageset/
│ │ │ │ │ └── messageset.go
│ │ │ │ ├── tag/
│ │ │ │ │ └── tag.go
│ │ │ │ └── text/
│ │ │ │ ├── decode.go
│ │ │ │ ├── decode_number.go
│ │ │ │ ├── decode_string.go
│ │ │ │ ├── decode_token.go
│ │ │ │ ├── doc.go
│ │ │ │ └── encode.go
│ │ │ ├── errors/
│ │ │ │ └── errors.go
│ │ │ ├── filedesc/
│ │ │ │ ├── build.go
│ │ │ │ ├── desc.go
│ │ │ │ ├── desc_init.go
│ │ │ │ ├── desc_lazy.go
│ │ │ │ ├── desc_list.go
│ │ │ │ ├── desc_list_gen.go
│ │ │ │ ├── editions.go
│ │ │ │ ├── placeholder.go
│ │ │ │ └── presence.go
│ │ │ ├── filetype/
│ │ │ │ └── build.go
│ │ │ ├── flags/
│ │ │ │ ├── flags.go
│ │ │ │ ├── proto_legacy_disable.go
│ │ │ │ └── proto_legacy_enable.go
│ │ │ ├── genid/
│ │ │ │ ├── any_gen.go
│ │ │ │ ├── api_gen.go
│ │ │ │ ├── descriptor_gen.go
│ │ │ │ ├── doc.go
│ │ │ │ ├── duration_gen.go
│ │ │ │ ├── empty_gen.go
│ │ │ │ ├── field_mask_gen.go
│ │ │ │ ├── go_features_gen.go
│ │ │ │ ├── goname.go
│ │ │ │ ├── map_entry.go
│ │ │ │ ├── name.go
│ │ │ │ ├── source_context_gen.go
│ │ │ │ ├── struct_gen.go
│ │ │ │ ├── timestamp_gen.go
│ │ │ │ ├── type_gen.go
│ │ │ │ ├── wrappers.go
│ │ │ │ └── wrappers_gen.go
│ │ │ ├── impl/
│ │ │ │ ├── api_export.go
│ │ │ │ ├── api_export_opaque.go
│ │ │ │ ├── bitmap.go
│ │ │ │ ├── bitmap_race.go
│ │ │ │ ├── checkinit.go
│ │ │ │ ├── codec_extension.go
│ │ │ │ ├── codec_field.go
│ │ │ │ ├── codec_field_opaque.go
│ │ │ │ ├── codec_gen.go
│ │ │ │ ├── codec_map.go
│ │ │ │ ├── codec_message.go
│ │ │ │ ├── codec_message_opaque.go
│ │ │ │ ├── codec_messageset.go
│ │ │ │ ├── codec_tables.go
│ │ │ │ ├── codec_unsafe.go
│ │ │ │ ├── convert.go
│ │ │ │ ├── convert_list.go
│ │ │ │ ├── convert_map.go
│ │ │ │ ├── decode.go
│ │ │ │ ├── encode.go
│ │ │ │ ├── enum.go
│ │ │ │ ├── equal.go
│ │ │ │ ├── extension.go
│ │ │ │ ├── lazy.go
│ │ │ │ ├── legacy_enum.go
│ │ │ │ ├── legacy_export.go
│ │ │ │ ├── legacy_extension.go
│ │ │ │ ├── legacy_file.go
│ │ │ │ ├── legacy_message.go
│ │ │ │ ├── merge.go
│ │ │ │ ├── merge_gen.go
│ │ │ │ ├── message.go
│ │ │ │ ├── message_opaque.go
│ │ │ │ ├── message_opaque_gen.go
│ │ │ │ ├── message_reflect.go
│ │ │ │ ├── message_reflect_field.go
│ │ │ │ ├── message_reflect_field_gen.go
│ │ │ │ ├── message_reflect_gen.go
│ │ │ │ ├── pointer_unsafe.go
│ │ │ │ ├── pointer_unsafe_opaque.go
│ │ │ │ ├── presence.go
│ │ │ │ └── validate.go
│ │ │ ├── order/
│ │ │ │ ├── order.go
│ │ │ │ └── range.go
│ │ │ ├── pragma/
│ │ │ │ └── pragma.go
│ │ │ ├── protolazy/
│ │ │ │ ├── bufferreader.go
│ │ │ │ ├── lazy.go
│ │ │ │ └── pointer_unsafe.go
│ │ │ ├── set/
│ │ │ │ └── ints.go
│ │ │ ├── strs/
│ │ │ │ ├── strings.go
│ │ │ │ └── strings_unsafe.go
│ │ │ └── version/
│ │ │ └── version.go
│ │ ├── proto/
│ │ │ ├── checkinit.go
│ │ │ ├── decode.go
│ │ │ ├── decode_gen.go
│ │ │ ├── doc.go
│ │ │ ├── encode.go
│ │ │ ├── encode_gen.go
│ │ │ ├── equal.go
│ │ │ ├── extension.go
│ │ │ ├── merge.go
│ │ │ ├── messageset.go
│ │ │ ├── proto.go
│ │ │ ├── proto_methods.go
│ │ │ ├── proto_reflect.go
│ │ │ ├── reset.go
│ │ │ ├── size.go
│ │ │ ├── size_gen.go
│ │ │ ├── wrapperopaque.go
│ │ │ └── wrappers.go
│ │ ├── protoadapt/
│ │ │ └── convert.go
│ │ ├── reflect/
│ │ │ ├── protoreflect/
│ │ │ │ ├── methods.go
│ │ │ │ ├── proto.go
│ │ │ │ ├── source.go
│ │ │ │ ├── source_gen.go
│ │ │ │ ├── type.go
│ │ │ │ ├── value.go
│ │ │ │ ├── value_equal.go
│ │ │ │ ├── value_union.go
│ │ │ │ └── value_unsafe.go
│ │ │ └── protoregistry/
│ │ │ └── registry.go
│ │ ├── runtime/
│ │ │ ├── protoiface/
│ │ │ │ ├── legacy.go
│ │ │ │ └── methods.go
│ │ │ └── protoimpl/
│ │ │ ├── impl.go
│ │ │ └── version.go
│ │ └── types/
│ │ └── known/
│ │ └── anypb/
│ │ └── any.pb.go
│ ├── gopkg.in/
│ │ └── natefinch/
│ │ └── lumberjack.v2/
│ │ ├── .gitignore
│ │ ├── .travis.yml
│ │ ├── LICENSE
│ │ ├── README.md
│ │ ├── chown.go
│ │ ├── chown_linux.go
│ │ └── lumberjack.go
│ └── modules.txt
└── windows/
├── service-install.bat
├── service-restart.bat
└── service-uninstall.bat
================================================
FILE CONTENTS
================================================
================================================
FILE: .ci/allowed-names.txt
================================================
tracker.debian.org
================================================
FILE: .ci/blocked-ips.txt
================================================
8.8.8.8
================================================
FILE: .ci/blocked-names.txt
================================================
##################
# Test blocklist #
##################
ad.*
ads.*
banner.*
banners.*
creatives.*
oas.*
oascentral.* # test inline comment
stats.* # test inline comment with trailing spaces
tag.*
telemetry.*
tracker.*
*.local
eth0.me
*.workgroup
*.youtube.* @time-to-sleep
facebook.com @work
================================================
FILE: .ci/ci-build.sh
================================================
#! /bin/sh
PACKAGE_VERSION="$1"
cd dnscrypt-proxy || exit 1
go clean
env GOOS=windows GOARCH=386 go build -mod vendor -ldflags="-s -w"
mkdir win32
ln dnscrypt-proxy.exe win32/
cp ../LICENSE example-dnscrypt-proxy.toml localhost.pem example-*.txt win32/
for i in win32/LICENSE win32/*.toml win32/*.txt; do ex -bsc '%!awk "{sub(/$/,\"\r\")}1"' -cx "$i"; done
ln ../windows/* win32/
zip -9 -r dnscrypt-proxy-win32-${PACKAGE_VERSION:-dev}.zip win32
go clean
env GOOS=windows GOARCH=amd64 go build -mod vendor -ldflags="-s -w"
mkdir win64
ln dnscrypt-proxy.exe win64/
cp ../LICENSE example-dnscrypt-proxy.toml localhost.pem example-*.txt win64/
for i in win64/LICENSE win64/*.toml win64/*.txt; do ex -bsc '%!awk "{sub(/$/,\"\r\")}1"' -cx "$i"; done
ln ../windows/* win64/
zip -9 -r dnscrypt-proxy-win64-${PACKAGE_VERSION:-dev}.zip win64
go clean
env GOOS=windows GOARCH=arm64 go build -mod vendor -ldflags="-s -w"
mkdir winarm
ln dnscrypt-proxy.exe winarm/
cp ../LICENSE example-dnscrypt-proxy.toml localhost.pem example-*.txt winarm/
for i in winarm/LICENSE winarm/*.toml winarm/*.txt; do ex -bsc '%!awk "{sub(/$/,\"\r\")}1"' -cx "$i"; done
ln ../windows/* winarm/
zip -9 -r dnscrypt-proxy-winarm-${PACKAGE_VERSION:-dev}.zip winarm
go clean
env GO386=softfloat GOOS=openbsd GOARCH=386 go build -mod vendor -ldflags="-s -w"
mkdir openbsd-i386
ln dnscrypt-proxy openbsd-i386/
ln ../LICENSE example-dnscrypt-proxy.toml localhost.pem example-*.txt openbsd-i386/
tar czpvf dnscrypt-proxy-openbsd_i386-${PACKAGE_VERSION:-dev}.tar.gz openbsd-i386
go clean
env GOOS=openbsd GOARCH=amd64 go build -mod vendor -ldflags="-s -w"
mkdir openbsd-amd64
ln dnscrypt-proxy openbsd-amd64/
ln ../LICENSE example-dnscrypt-proxy.toml localhost.pem example-*.txt openbsd-amd64/
tar czpvf dnscrypt-proxy-openbsd_amd64-${PACKAGE_VERSION:-dev}.tar.gz openbsd-amd64
go clean
env GOOS=freebsd GOARCH=386 go build -mod vendor -ldflags="-s -w"
mkdir freebsd-i386
ln dnscrypt-proxy freebsd-i386/
ln ../LICENSE example-dnscrypt-proxy.toml localhost.pem example-*.txt freebsd-i386/
tar czpvf dnscrypt-proxy-freebsd_i386-${PACKAGE_VERSION:-dev}.tar.gz freebsd-i386
go clean
env GOOS=freebsd GOARCH=amd64 go build -mod vendor -ldflags="-s -w"
mkdir freebsd-amd64
ln dnscrypt-proxy freebsd-amd64/
ln ../LICENSE example-dnscrypt-proxy.toml localhost.pem example-*.txt freebsd-amd64/
tar czpvf dnscrypt-proxy-freebsd_amd64-${PACKAGE_VERSION:-dev}.tar.gz freebsd-amd64
go clean
env GOOS=freebsd GOARCH=arm GOARM=5 go build -mod vendor -ldflags="-s -w"
mkdir freebsd-arm
ln dnscrypt-proxy freebsd-arm/
ln ../LICENSE example-dnscrypt-proxy.toml localhost.pem example-*.txt freebsd-arm/
tar czpvf dnscrypt-proxy-freebsd_arm-${PACKAGE_VERSION:-dev}.tar.gz freebsd-arm
go clean
env GOOS=freebsd GOARCH=arm64 go build -mod vendor -ldflags="-s -w"
mkdir freebsd-arm64
ln dnscrypt-proxy freebsd-arm64/
ln ../LICENSE example-dnscrypt-proxy.toml localhost.pem example-*.txt freebsd-arm64/
tar czpvf dnscrypt-proxy-freebsd_arm64-${PACKAGE_VERSION:-dev}.tar.gz freebsd-arm64
go clean
env GOOS=dragonfly GOARCH=amd64 go build -mod vendor -ldflags="-s -w"
mkdir dragonflybsd-amd64
ln dnscrypt-proxy dragonflybsd-amd64/
ln ../LICENSE example-dnscrypt-proxy.toml localhost.pem example-*.txt dragonflybsd-amd64/
tar czpvf dnscrypt-proxy-dragonflybsd_amd64-${PACKAGE_VERSION:-dev}.tar.gz dragonflybsd-amd64
go clean
env GOOS=netbsd GOARCH=386 go build -mod vendor -ldflags="-s -w"
mkdir netbsd-i386
ln dnscrypt-proxy netbsd-i386/
ln ../LICENSE example-dnscrypt-proxy.toml localhost.pem example-*.txt netbsd-i386/
tar czpvf dnscrypt-proxy-netbsd_i386-${PACKAGE_VERSION:-dev}.tar.gz netbsd-i386
go clean
env GOOS=netbsd GOARCH=amd64 go build -mod vendor -ldflags="-s -w"
mkdir netbsd-amd64
ln dnscrypt-proxy netbsd-amd64/
ln ../LICENSE example-dnscrypt-proxy.toml localhost.pem example-*.txt netbsd-amd64/
tar czpvf dnscrypt-proxy-netbsd_amd64-${PACKAGE_VERSION:-dev}.tar.gz netbsd-amd64
go clean
env GOOS=solaris GOARCH=amd64 go build -mod vendor -ldflags="-s -w"
mkdir solaris-amd64
ln dnscrypt-proxy solaris-amd64/
ln ../LICENSE example-dnscrypt-proxy.toml localhost.pem example-*.txt solaris-amd64/
tar czpvf dnscrypt-proxy-solaris_amd64-${PACKAGE_VERSION:-dev}.tar.gz solaris-amd64
go clean
env CGO_ENABLED=0 GOOS=linux GOARCH=386 go build -mod vendor -ldflags="-s -w"
mkdir linux-i386
ln dnscrypt-proxy linux-i386/
ln ../LICENSE example-dnscrypt-proxy.toml localhost.pem example-*.txt linux-i386/
tar czpvf dnscrypt-proxy-linux_i386-${PACKAGE_VERSION:-dev}.tar.gz linux-i386
go clean
env CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -mod vendor -ldflags="-s -w"
mkdir linux-x86_64
ln dnscrypt-proxy linux-x86_64/
ln ../LICENSE example-dnscrypt-proxy.toml localhost.pem example-*.txt linux-x86_64/
tar czpvf dnscrypt-proxy-linux_x86_64-${PACKAGE_VERSION:-dev}.tar.gz linux-x86_64
go clean
env CGO_ENABLED=0 GOOS=linux GOARCH=arm GOARM=5 go build -mod vendor -ldflags="-s -w"
mkdir linux-arm
ln dnscrypt-proxy linux-arm/
ln ../LICENSE example-dnscrypt-proxy.toml localhost.pem example-*.txt linux-arm/
tar czpvf dnscrypt-proxy-linux_arm-${PACKAGE_VERSION:-dev}.tar.gz linux-arm
go clean
env CGO_ENABLED=0 GOOS=linux GOARCH=arm64 go build -mod vendor -ldflags="-s -w"
mkdir linux-arm64
ln dnscrypt-proxy linux-arm64/
ln ../LICENSE example-dnscrypt-proxy.toml localhost.pem example-*.txt linux-arm64/
tar czpvf dnscrypt-proxy-linux_arm64-${PACKAGE_VERSION:-dev}.tar.gz linux-arm64
go clean
env CGO_ENABLED=0 GOOS=linux GOARCH=mips GOMIPS=softfloat go build -mod vendor -ldflags="-s -w"
mkdir linux-mips
ln dnscrypt-proxy linux-mips/
ln ../LICENSE example-dnscrypt-proxy.toml localhost.pem example-*.txt linux-mips/
tar czpvf dnscrypt-proxy-linux_mips-${PACKAGE_VERSION:-dev}.tar.gz linux-mips
go clean
env CGO_ENABLED=0 GOOS=linux GOARCH=mipsle GOMIPS=softfloat go build -mod vendor -ldflags="-s -w"
mkdir linux-mipsle
ln dnscrypt-proxy linux-mipsle/
ln ../LICENSE example-dnscrypt-proxy.toml localhost.pem example-*.txt linux-mipsle/
tar czpvf dnscrypt-proxy-linux_mipsle-${PACKAGE_VERSION:-dev}.tar.gz linux-mipsle
go clean
env CGO_ENABLED=0 GOOS=linux GOARCH=mips64 GOMIPS64=softfloat go build -mod vendor -ldflags="-s -w"
mkdir linux-mips64
ln dnscrypt-proxy linux-mips64/
ln ../LICENSE example-dnscrypt-proxy.toml localhost.pem example-*.txt linux-mips64/
tar czpvf dnscrypt-proxy-linux_mips64-${PACKAGE_VERSION:-dev}.tar.gz linux-mips64
go clean
env CGO_ENABLED=0 GOOS=linux GOARCH=mips64le GOMIPS64=softfloat go build -mod vendor -ldflags="-s -w"
mkdir linux-mips64le
ln dnscrypt-proxy linux-mips64le/
ln ../LICENSE example-dnscrypt-proxy.toml localhost.pem example-*.txt linux-mips64le/
tar czpvf dnscrypt-proxy-linux_mips64le-${PACKAGE_VERSION:-dev}.tar.gz linux-mips64le
go clean
env CGO_ENABLED=0 GOOS=linux GOARCH=riscv64 go build -mod vendor -ldflags="-s -w"
mkdir linux-riscv64
ln dnscrypt-proxy linux-riscv64/
ln ../LICENSE example-dnscrypt-proxy.toml localhost.pem example-*.txt linux-riscv64/
tar czpvf dnscrypt-proxy-linux_riscv64-${PACKAGE_VERSION:-dev}.tar.gz linux-riscv64
go clean
env CGO_ENABLED=0 GOOS=linux GOARCH=loong64 go build -mod vendor -ldflags="-s -w"
mkdir linux-loong64
ln dnscrypt-proxy linux-loong64/
ln ../LICENSE example-dnscrypt-proxy.toml localhost.pem example-*.txt linux-loong64/
tar czpvf dnscrypt-proxy-linux_loong64-${PACKAGE_VERSION:-dev}.tar.gz linux-loong64
go clean
env GOOS=darwin GOARCH=amd64 go build -mod vendor -ldflags="-s -w"
mkdir macos-x86_64
ln dnscrypt-proxy macos-x86_64/
ln ../LICENSE example-dnscrypt-proxy.toml localhost.pem example-*.txt macos-x86_64/
tar czpvf dnscrypt-proxy-macos_x86_64-${PACKAGE_VERSION:-dev}.tar.gz macos-x86_64
go clean
env GOOS=darwin GOARCH=arm64 go build -mod vendor -ldflags="-s -w"
mkdir macos-arm64
ln dnscrypt-proxy macos-arm64/
ln ../LICENSE example-dnscrypt-proxy.toml localhost.pem example-*.txt macos-arm64/
tar czpvf dnscrypt-proxy-macos_arm64-${PACKAGE_VERSION:-dev}.tar.gz macos-arm64
# Android
NDK_VER=r20
curl -LOs https://dl.google.com/android/repository/android-ndk-${NDK_VER}-linux-x86_64.zip
unzip -q android-ndk-${NDK_VER}-linux-x86_64.zip -d ${HOME}
rm android-ndk-${NDK_VER}-linux-x86_64.zip
NDK_TOOLS=${HOME}/android-ndk-${NDK_VER}
export PATH=${PATH}:${NDK_TOOLS}/toolchains/llvm/prebuilt/linux-x86_64/bin
go clean
env CC=armv7a-linux-androideabi19-clang CXX=armv7a-linux-androideabi19-clang++ CGO_ENABLED=1 GOOS=android GOARCH=arm GOARM=7 go build -mod vendor -ldflags="-s -w"
mkdir android-arm
ln dnscrypt-proxy android-arm/
cp ../LICENSE example-dnscrypt-proxy.toml localhost.pem example-*.txt android-arm/
zip -9 -r dnscrypt-proxy-android_arm-${PACKAGE_VERSION:-dev}.zip android-arm
go clean
env CC=aarch64-linux-android21-clang CXX=aarch64-linux-android21-clang++ CGO_ENABLED=1 GOOS=android GOARCH=arm64 go build -mod vendor -ldflags="-s -w"
mkdir android-arm64
ln dnscrypt-proxy android-arm64/
cp ../LICENSE example-dnscrypt-proxy.toml localhost.pem example-*.txt android-arm64/
zip -9 -r dnscrypt-proxy-android_arm64-${PACKAGE_VERSION:-dev}.zip android-arm64
go clean
env CC=i686-linux-android19-clang CXX=i686-linux-android19-clang++ CGO_ENABLED=1 GOOS=android GOARCH=386 go build -mod vendor -ldflags="-s -w"
mkdir android-i386
ln dnscrypt-proxy android-i386/
cp ../LICENSE example-dnscrypt-proxy.toml localhost.pem example-*.txt android-i386/
zip -9 -r dnscrypt-proxy-android_i386-${PACKAGE_VERSION:-dev}.zip android-i386
go clean
env CC=x86_64-linux-android21-clang CXX=x86_64-linux-android21-clang++ CGO_ENABLED=1 GOOS=android GOARCH=amd64 go build -mod vendor -ldflags="-s -w"
mkdir android-x86_64
ln dnscrypt-proxy android-x86_64/
cp ../LICENSE example-dnscrypt-proxy.toml localhost.pem example-*.txt android-x86_64/
zip -9 -r dnscrypt-proxy-android_x86_64-${PACKAGE_VERSION:-dev}.zip android-x86_64
# Done
ls -l dnscrypt-proxy-*.tar.gz dnscrypt-proxy-*.zip
================================================
FILE: .ci/ci-package.sh
================================================
#! /bin/sh
PACKAGE_VERSION="$1"
cd dnscrypt-proxy || exit 1
# setup the environment
sudo apt-get update -y
sudo apt-get install -y wget wine dotnet-sdk-8.0
sudo dpkg --add-architecture i386 && sudo apt-get update && sudo apt-get install -y wine32
sudo apt-get install -y unzip
export WINEPREFIX="$HOME"/.wine32
export WINEARCH=win32
export WINEDEBUG=-all
wget https://dl.winehq.org/wine/wine-mono/9.4.0/wine-mono-9.4.0-x86.msi
WINEPREFIX="$HOME/.wine32" WINEARCH=win32 wineboot --init
WINEPREFIX="$HOME/.wine32" WINEARCH=win32 wine msiexec /i wine-mono-9.4.0-x86.msi
mkdir "$HOME"/.wine32/drive_c/temp
mkdir -p "$HOME"/.wine/drive_c/temp
wget https://github.com/wixtoolset/wix3/releases/download/wix3141rtm/wix314-binaries.zip -nv -O wix.zip
unzip wix.zip -d "$HOME"/wix
rm -f wix.zip
builddir=$(pwd)
srcdir=$(
cd ..
pwd
)
version=$PACKAGE_VERSION
cd "$HOME"/wix || exit
ln -s "$builddir" "$HOME"/wix/build
ln -s "$srcdir"/contrib/msi "$HOME"/wix/wixproj
echo "builddir: $builddir"
# build the msi's
#################
for arch in x64 x86; do
binpath="win32"
if [ "$arch" = "x64" ]; then
binpath="win64"
fi
echo $arch
wine candle.exe -dVersion="$version" -dPlatform=$arch -dPath=build\\$binpath -arch $arch wixproj\\dnscrypt.wxs -out build\\dnscrypt-$arch.wixobj
wine light.exe -out build\\dnscrypt-proxy-$arch-"$version".msi build\\dnscrypt-$arch.wixobj -sval
done
cd "$builddir" || exit
================================================
FILE: .ci/ci-test.sh
================================================
#! /bin/sh
DNS_PORT=5300
HTTP_PORT=3053
TEST_COUNT=0
exec 2>error.log
t() {
TEST_COUNT=$((TEST_COUNT + 1))
echo "Test #${TEST_COUNT}..."
false
}
fail() (
echo "*** Test #${TEST_COUNT} FAILED, line: $1 ***" >&2
)
section() {
true
}
rm -f blocked-names.log blocked-ips.log query.log nx.log allowed-names.log
t || (
cd ../dnscrypt-proxy
go test -mod vendor
go build -mod vendor -race
) || fail $LINENO
section
sed -e "s/127.0.0.1:53/127.0.0.1:${DNS_PORT}/g" -e "s/# server_names =.*/server_names = ['scaleway-fr']/" ../dnscrypt-proxy/example-dnscrypt-proxy.toml >test-dnscrypt-proxy.toml
../dnscrypt-proxy/dnscrypt-proxy -loglevel 3 -config test-dnscrypt-proxy.toml -pidfile /tmp/dnscrypt-proxy.pidfile &
sleep 5
t ||
dig -p${DNS_PORT} . @127.0.0.1 | grep -Fq 'root-servers.net.' || fail $LINENO
t || dig -p${DNS_PORT} +dnssec . @127.0.0.1 | grep -Fq 'root-servers.net.' || fail $LINENO
t || dig -p${DNS_PORT} +dnssec . @127.0.0.1 | grep -Fq 'flags: do;' || fail $LINENO
t || dig -p${DNS_PORT} +short one.one.one.one @127.0.0.1 | grep -Fq '1.1.1.1' || fail $LINENO
t || dig -p${DNS_PORT} +dnssec dnscrypt.info @127.0.0.1 | grep -Fq 'flags: qr rd ra ad' || fail $LINENO
t || dig -p${DNS_PORT} +dnssec dnscrypt.info @127.0.0.1 | grep -Fq 'flags: do;' || fail $LINENO
kill $(cat /tmp/dnscrypt-proxy.pidfile)
sleep 5
section
../dnscrypt-proxy/dnscrypt-proxy -loglevel 3 -config test2-dnscrypt-proxy.toml -pidfile /tmp/dnscrypt-proxy.pidfile &
sleep 5
section
t || dig -p${DNS_PORT} A microsoft.com @127.0.0.1 | grep -Fq "NOERROR" || fail $LINENO
t || dig -p${DNS_PORT} A MICROSOFT.COM @127.0.0.1 | grep -Fq "NOERROR" || fail $LINENO
section
t || dig -p${DNS_PORT} AAAA ipv6.google.com @127.0.0.1 | grep -Fq 'locally blocked' || fail $LINENO
section
t || dig -p${DNS_PORT} invalid. @127.0.0.1 | grep -Fq NXDOMAIN || fail $LINENO
t || dig -p${DNS_PORT} +dnssec invalid. @127.0.0.1 | grep -Fq 'flags: do;' || fail $LINENO
t || dig -p${DNS_PORT} PTR 168.192.in-addr.arpa @127.0.0.1 | grep -Fq 'NXDOMAIN' || fail $LINENO
t || dig -p${DNS_PORT} +dnssec PTR 168.192.in-addr.arpa @127.0.0.1 | grep -Fq 'flags: do;' || fail $LINENO
section
t || dig -p${DNS_PORT} +dnssec darpa.mil @127.0.0.1 2>&1 | grep -Fvq 'RRSIG' || fail $LINENO
t || dig -p${DNS_PORT} +dnssec www.darpa.mil @127.0.0.1 2>&1 | grep -Fvq 'RRSIG' || fail $LINENO
t || dig -p${DNS_PORT} A download.windowsupdate.com @127.0.0.1 | grep -Fq "NOERROR" || fail $LINENO
section
t || dig -p${DNS_PORT} +short cloakedunregistered.com @127.0.0.1 | grep -Eq '1.1.1.1|1.0.0.1' || fail $LINENO
t || dig -p${DNS_PORT} +short MX cloakedunregistered.com @127.0.0.1 | grep -Fq 'locally blocked' || fail $LINENO
t || dig -p${DNS_PORT} +short MX example.com @127.0.0.1 | grep -Fvq 'locally blocked' || fail $LINENO
t || dig -p${DNS_PORT} NS cloakedunregistered.com @127.0.0.1 | grep -Fiq 'gtld-servers.net' || fail $LINENO
t || dig -p${DNS_PORT} +short www.cloakedunregistered2.com @127.0.0.1 | grep -Eq '1.1.1.1|1.0.0.1' || fail $LINENO
t || dig -p${DNS_PORT} +short www.dnscrypt-test @127.0.0.1 | grep -Fq '192.168.100.100' || fail $LINENO
t || dig -p${DNS_PORT} a.www.dnscrypt-test @127.0.0.1 | grep -Fq 'NXDOMAIN' || fail $LINENO
t || dig -p${DNS_PORT} +short ptr 101.100.168.192.in-addr.arpa. @127.0.0.1 | grep -Eq 'www.dnscrypt-test.com' || fail $LINENO
t || dig -p${DNS_PORT} +short ptr 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.d.f.ip6.arpa. @127.0.0.1 | grep -Eq 'ipv6.dnscrypt-test.com' || fail $LINENO
section
t || dig -p${DNS_PORT} telemetry.example @127.0.0.1 | grep -Fq 'locally blocked' || fail $LINENO
section
t || dig -p${DNS_PORT} dns.google @127.0.0.1 | grep -Fq 'locally blocked' || fail $LINENO
section
t || dig -p${DNS_PORT} tracker.xdebian.org @127.0.0.1 | grep -Fq 'locally blocked' || fail $LINENO
t || dig -p${DNS_PORT} tracker.debian.org @127.0.0.1 | grep -Fqv 'locally blocked' || fail $LINENO
section
t || curl --insecure -siL https://127.0.0.1:${HTTP_PORT}/ | grep -Fq 'HTTP/2 404' || fail $LINENO
t || curl --insecure -sL https://127.0.0.1:${HTTP_PORT}/dns-query | grep -Fq 'dnscrypt-proxy local DoH server' || fail $LINENO
t ||
echo yv4BAAABAAAAAAABAAACAAEAACkQAAAAgAAAAA== | base64 -d |
curl -H'Content-Type: application/dns-message' -H'Accept: application/dns-message' --data-binary @- -D - --insecure https://127.0.0.1:${HTTP_PORT}/dns-query 2>/dev/null |
grep -Fq application/dns-message || fail $LINENO
kill $(cat /tmp/dnscrypt-proxy.pidfile)
sleep 5
section
t || grep -Fq 'telemetry.example' blocked-names.log || fail $LINENO
t || grep -Fq 'telemetry.*' blocked-names.log || fail $LINENO
t || grep -Fq 'tracker.xdebian.org' blocked-names.log || fail $LINENO
t || grep -Fq 'tracker.*' blocked-names.log || fail $LINENO
section
t || grep -Fq 'dns.google' blocked-ips.log || fail $LINENO
t || grep -Fq '8.8.8.8' blocked-ips.log || fail $LINENO
section
t || grep -Fq 'a.www.dnscrypt-test' nx.log || fail $LINENO
section
t || grep -Fq 'a.www.dnscrypt-test' nx.log || fail $LINENO
section
t || grep -Eq 'microsoft.com.*PASS.*ms.[a-zA-Z]' query.log || fail $LINENO
t || grep -Eq 'microsoft.com.*PASS.*ms.-.' query.log || fail $LINENO
t || grep -Eq 'ipv6.google.com.*SYNTH' query.log || fail $LINENO
t || grep -Eq 'invalid.*SYNTH' query.log || fail $LINENO
t || grep -Eq '168.192.in-addr.arpa.*SYNTH' query.log || fail $LINENO
t || grep -Eq 'darpa.mil.*FORWARD' query.log || fail $LINENO
t || grep -Eq 'www.darpa.mil.*FORWARD' query.log || fail $LINENO
t || grep -Eq 'download.windowsupdate.com.*FORWARD' query.log || fail $LINENO
t || grep -Eq 'cloakedunregistered.com.*CLOAK' query.log || fail $LINENO
t || grep -Eq 'www.cloakedunregistered2.com.*CLOAK' query.log || fail $LINENO
t || grep -Eq 'www.dnscrypt-test.*CLOAK' query.log || fail $LINENO
t || grep -Eq 'a.www.dnscrypt-test.*NXDOMAIN' query.log || fail $LINENO
t || grep -Eq 'telemetry.example.*REJECT' query.log || fail $LINENO
t || grep -Eq 'dns.google.*REJECT' query.log || fail $LINENO
t || grep -Eq 'tracker.xdebian.org.*REJECT' query.log || fail $LINENO
t || grep -Eq 'tracker.debian.org.*PASS' query.log || fail $LINENO
t || grep -Eq '[.].*NS.*PASS' query.log || fail $LINENO
section
t || grep -Fq 'tracker.debian.org' allowed-names.log || fail $LINENO
t || grep -Fq '*.tracker.debian' allowed-names.log || fail $LINENO
section
../dnscrypt-proxy/dnscrypt-proxy -loglevel 3 -config test3-dnscrypt-proxy.toml -pidfile /tmp/dnscrypt-proxy.pidfile &
sleep 5
section
t || dig -p${DNS_PORT} A microsoft.com @127.0.0.1 | grep -Fq "NOERROR" || fail $LINENO
t || dig -p${DNS_PORT} A MICROSOFT.COM @127.0.0.1 | grep -Fq "NOERROR" || fail $LINENO
kill $(cat /tmp/dnscrypt-proxy.pidfile)
sleep 5
section
../dnscrypt-proxy/dnscrypt-proxy -loglevel 3 -config test-odoh-proxied.toml -pidfile /tmp/odoh-proxied.pidfile &
sleep 5
section
t || dig -p${DNS_PORT} A microsoft.com @127.0.0.1 | grep -Fq "NOERROR" || fail $LINENO
t || dig -p${DNS_PORT} A cloudflare.com @127.0.0.1 | grep -Fq "NOERROR" || fail $LINENO
kill $(cat /tmp/odoh-proxied.pidfile)
sleep 5
if [ -s error.log ]; then
cat *.log
exit 1
fi
================================================
FILE: .ci/cloaking-rules.txt
================================================
cloakedunregistered.* one.one.one.one
*.cloakedunregistered2.* one.one.one.one # inline comment
=www.dnscrypt-test 192.168.100.100
=www.dnscrypt-test.com 192.168.100.101
=ipv6.dnscrypt-test.com fd02::1
================================================
FILE: .ci/forwarding-rules.txt
================================================
darpa.mil 4.2.2.2
download.windowsupdate.com $BOOTSTRAP
================================================
FILE: .ci/test-odoh-proxied.toml
================================================
server_names = ['odohtarget']
listen_addresses = ['127.0.0.1:5300']
[query_log]
file = 'query.log'
[static]
[static.'odohtarget']
stamp = 'sdns://BQcAAAAAAAAADm9kb2guY3J5cHRvLnN4Ci9kbnMtcXVlcnk'
[static.'odohrelay']
stamp = 'sdns://hQcAAAAAAAAAAAAab2RvaC1yZWxheS5lZGdlY29tcHV0ZS5hcHABLw'
[anonymized_dns]
routes = [
{ server_name='odohtarget', via=['odohrelay'] }
]
================================================
FILE: .ci/test2-dnscrypt-proxy.toml
================================================
server_names = ['public-scaleway-fr']
listen_addresses = ['127.0.0.1:5300']
require_dnssec = true
dnscrypt_ephemeral_keys = true
tls_disable_session_tickets = false
ignore_system_dns = false
lb_strategy = 'p12'
block_ipv6 = true
block_unqualified = true
block_undelegated = true
forwarding_rules = 'forwarding-rules.txt'
cloaking_rules = 'cloaking-rules.txt'
cloak_ptr = true
cache = true
[local_doh]
listen_addresses = ['127.0.0.1:3053']
cert_file = "../dnscrypt-proxy/localhost.pem"
cert_key_file = "../dnscrypt-proxy/localhost.pem"
[query_log]
file = 'query.log'
[nx_log]
file = 'nx.log'
[blocked_names]
blocked_names_file = 'blocked-names.txt'
log_file = 'blocked-names.log'
[blocked_ips]
blocked_ips_file = 'blocked-ips.txt'
log_file = 'blocked-ips.log'
[allowed_names]
allowed_names_file = 'allowed-names.txt'
log_file = 'allowed-names.log'
[schedules]
[schedules.'time-to-sleep']
mon = [{after='21:00', before='7:00'}]
tue = [{after='21:00', before='7:00'}]
wed = [{after='21:00', before='7:00'}]
thu = [{after='21:00', before='7:00'}]
fri = [{after='23:00', before='7:00'}]
sat = [{after='23:00', before='7:00'}]
sun = [{after='21:00', before='7:00'}]
[schedules.'work']
mon = [{after='9:00', before='18:00'}]
tue = [{after='9:00', before='18:00'}]
wed = [{after='9:00', before='18:00'}]
thu = [{after='9:00', before='18:00'}]
fri = [{after='9:00', before='17:00'}]
[sources]
[sources.'public-resolvers']
urls = ['https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v2/public-resolvers.md', 'https://download.dnscrypt.info/resolvers-list/v2/public-resolvers.md']
cache_file = 'public-resolvers.md'
minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3'
prefix = 'public-'
[sources.'relays']
urls = ['https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v2/relays.md', 'https://download.dnscrypt.info/resolvers-list/v2/relays.md']
cache_file = 'relays.md'
minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3'
refresh_delay = 72
prefix = 'relay-'
================================================
FILE: .ci/test3-dnscrypt-proxy.toml
================================================
server_names = ['myserver']
listen_addresses = ['127.0.0.1:5300']
require_dnssec = true
dnscrypt_ephemeral_keys = true
tls_disable_session_tickets = false
ignore_system_dns = false
lb_strategy = 'p12'
block_ipv6 = true
block_unqualified = true
block_undelegated = true
cache = true
[query_log]
file = 'query.log'
[static]
[static.'myserver']
stamp = 'sdns://AQcAAAAAAAAADjIxMi40Ny4yMjguMTM2IOgBuE6mBr-wusDOQ0RbsV66ZLAvo8SqMa4QY2oHkDJNHzIuZG5zY3J5cHQtY2VydC5mci5kbnNjcnlwdC5vcmc'
================================================
FILE: .gitattributes
================================================
* text=auto
*.go text diff=golang
*.bat text eol=crlf
go.mod text eol=lf
# Ensure test fixtures don't get mangled
**/testdata/** -text
================================================
FILE: .github/ISSUE_TEMPLATE/bugs.md
================================================
---
name: "Bug Report"
about: Report a bug you've encountered
title: ''
labels: ''
assignees: ''
---
Thanks for taking the time to report a bug! Before filing, please note:
**Need help or have a question?** The issue tracker is for confirmed, reproducible bugs. For assistance with installation, configuration, or general questions, please use our [Q&A Discussions](https://github.com/DNSCrypt/dnscrypt-proxy/discussions/categories/q-a) instead - you'll likely get a faster response there.
---
### Before submitting
Please make sure:
- You're running the **latest version** of `dnscrypt-proxy` (precompiled binaries from this repository)
- The software is correctly installed and configured
- You can reliably reproduce the issue
If the bug requires specific steps to reproduce, please include detailed instructions that would work on a fresh install of macOS, Windows, OpenBSD, or Ubuntu Linux.
Not sure if it's a bug? Start a [discussion](https://github.com/DNSCrypt/dnscrypt-proxy/discussions) first - we're happy to help figure it out.
---
## Diagnostic output
Please run these commands and paste the output:
```
./dnscrypt-proxy -version
./dnscrypt-proxy -check
./dnscrypt-proxy -resolve example.com
```
- [ ] Initially raised as discussion #...
## What's happening?
## When does this occur?
## Where does it happen?
## How do we replicate the issue?
<!-- Starting from a fresh OS install, what steps trigger this bug? -->
## Expected behavior
## Additional context
================================================
FILE: .github/ISSUE_TEMPLATE/suggestions.md
================================================
---
name: "Feature Request"
about: Suggest an idea or improvement
title: ''
labels: ''
assignees: ''
---
Got an idea for improving dnscrypt-proxy? We'd love to hear it!
### Start with a discussion
The best way to propose a new feature is to start in [Discussions](https://github.com/DNSCrypt/dnscrypt-proxy/discussions/) under the "Ideas" category. This lets us:
- Talk through the idea together
- Get feedback from other users
- Figure out the best approach
Once we've discussed and agreed on a direction, we can convert it into a tracked issue here.
This helps keep the issue tracker focused on work that's ready to be done.
---
- [ ] Initially raised as discussion #...
## Summary
<!-- Brief description of your idea -->
## Why would this be useful?
<!-- What problem does it solve? Who would benefit? -->
## Possible implementation
<!-- Optional: any thoughts on how this could work? -->
================================================
FILE: .github/dependabot.yml
================================================
version: 2
updates:
# Maintain dependencies for GitHub Actions
- package-ecosystem: "github-actions"
directory: "/"
schedule:
interval: "daily"
# Maintain dependencies for Go
- package-ecosystem: "gomod"
directory: "/"
schedule:
interval: "daily"
open-pull-requests-limit: 10
================================================
FILE: .github/workflows/autocloser.yml
================================================
name: Autocloser
on: [issues]
jobs:
autoclose:
runs-on: ubuntu-latest
steps:
- name: Autoclose issues that did not follow issue template
uses: roots/issue-closer@v1.2
with:
repo-token: ${{ secrets.GITHUB_TOKEN }}
issue-close-message: "This issue was automatically closed because it did not follow the issue template. We use the issue tracker exclusively for bug reports and feature additions that have been previously discussed. However, this issue appears to be a support request. Please use the discussion forums for support requests."
issue-pattern: ".*(do we replicate the issue|Expected behavior|raised as discussion|# Impact).*"
================================================
FILE: .github/workflows/codeql-analysis.yml
================================================
name: "CodeQL scan"
on:
push:
pull_request:
schedule:
- cron: '0 14 * * 6'
jobs:
analyze:
name: Analyze
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v6
with:
fetch-depth: 2
- name: Setup Go
uses: actions/setup-go@v6
with:
go-version-file: 'go.mod'
- name: Initialize CodeQL
uses: github/codeql-action/init@v4
- name: Autobuild
uses: github/codeql-action/autobuild@v4
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v4
================================================
FILE: .github/workflows/releases.yml
================================================
on:
push:
paths:
- "**.go"
- "go.*"
- "**/testdata/**"
- ".ci/**"
- ".git*"
- ".github/workflows/releases.yml"
pull_request:
paths:
- "**.go"
- "go.*"
- "**/testdata/**"
- ".ci/**"
- ".git*"
- ".github/workflows/releases.yml"
name: GitHub CI
jobs:
build:
name: Build
runs-on: ubuntu-latest
steps:
- name: Get the version
id: get_version
run: |
if [[ $GITHUB_REF == refs/tags/* ]]; then
VERSION=${GITHUB_REF/refs\/tags\//}
else
VERSION="dev-$(date +'%Y%m%d-%H%M%S')-${GITHUB_SHA::8}"
fi
echo "VERSION=$VERSION" >> $GITHUB_OUTPUT
echo "Tag version: $VERSION"
- name: Check out code
uses: actions/checkout@v6
- name: Set up Go
uses: actions/setup-go@v6
with:
go-version: 1
check-latest: true
id: go
- name: Test suite
run: |
go version
cd .ci
./ci-test.sh
cd -
- name: Build all
run: |
.ci/ci-build.sh "${{ steps.get_version.outputs.VERSION }}"
- name: Package
run: |
.ci/ci-package.sh "${{ steps.get_version.outputs.VERSION }}"
- name: Install minisign and sign
if: startsWith(github.ref, 'refs/tags/')
run: |
sudo apt-get -y install libsodium-dev
git clone --depth 1 https://github.com/jedisct1/minisign.git
cd minisign/src
mkdir -p /tmp/bin
cc -O2 -o /tmp/bin/minisign -D_GNU_SOURCE *.c -lsodium
cd -
/tmp/bin/minisign -v
echo '#' > /tmp/minisign.key
echo "${{ secrets.MINISIGN_SK }}" >> /tmp/minisign.key
cd dnscrypt-proxy
echo | /tmp/bin/minisign -s /tmp/minisign.key -Sm *.tar.gz *.zip
ls -l dnscrypt-proxy*
- name: Upload artifacts
uses: actions/upload-artifact@v7
with:
name: dnscrypt-proxy-${{ steps.get_version.outputs.VERSION }}
path: |
dnscrypt-proxy/*.zip
dnscrypt-proxy/*.tar.gz
retention-days: 30
if-no-files-found: error
- name: Check if release exists
id: check_release
if: startsWith(github.ref, 'refs/tags/')
run: |
TAG="${GITHUB_REF#refs/tags/}"
HTTP_CODE=$(curl -s -o response.json -w "%{http_code}" \
-H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" \
https://api.github.com/repos/${{ github.repository }}/releases/tags/$TAG)
if [ "$HTTP_CODE" = "200" ]; then
echo "release_exists=true" >> $GITHUB_ENV
else
echo "release_exists=false" >> $GITHUB_ENV
fi
- name: Debug Release Existence
if: startsWith(github.ref, 'refs/tags/')
run: echo "Release exists? ${{ env.release_exists }}"
- name: Create release and upload assets
id: create_release
uses: softprops/action-gh-release@v2
if: startsWith(github.ref, 'refs/tags/') && env.release_exists == 'false'
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
name: Release ${{ github.ref }}
draft: false
prerelease: false
make_latest: true
fail_on_unmatched_files: false
files: |
dnscrypt-proxy/*.zip
dnscrypt-proxy/*.tar.gz
dnscrypt-proxy/*.minisig
dnscrypt-proxy/*.msi
- name: Upload assets to existing release
id: upload_to_existing_release
uses: softprops/action-gh-release@v2
if: startsWith(github.ref, 'refs/tags/') && env.release_exists == 'true'
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
tag_name: ${{ steps.get_version.outputs.VERSION }}
fail_on_unmatched_files: false
files: |
dnscrypt-proxy/*.zip
dnscrypt-proxy/*.tar.gz
dnscrypt-proxy/*.minisig
dnscrypt-proxy/*.msi
================================================
FILE: .gitignore
================================================
#*#
*.dll
*.dylib
*.exe
*.out
*.so
*.swp
*.test
*~
dnscrypt-proxy/dnscrypt-proxy2
dnscrypt-proxy/dnscrypt-proxy
.idea
.ci/*.log
.ci/*.md
.ci/*.md.minisig
.ci/test-dnscrypt-proxy.toml
contrib/msi/*.msi
contrib/msi/*.wixpdb
contrib/msi/*.wixobj
TODO.md
LOG.md
================================================
FILE: ChangeLog
================================================
# Version 2.1.15
- The proxy now dynamically reduces timeouts as the connection limit is
approached, improving performance and preventing connection exhaustion under
heavy load.
- Fixed crashes in the configuration file watcher when fsnotify creation
fails.
- DHCP resolver errors ($DHCP forwarding) are now properly logged and
visible to system administrators.
- Fixed double-bracketing of IPv6 addresses in DoH stamps that could prevent
proper connection to IPv6 DoH servers.
- Cache statistics are now more accurate by only counting queries that
actually participate in caching.
- The monitoring UI has been enhanced with server health indicators and
improved display of resolver performance metrics.
- Proxy hostnames (when using SOCKS/HTTP proxies) are now pre-resolved using
bootstrap resolvers if they are domain names.
- Multiple IP addresses per hostname are now cached instead of randomly
selecting one, improving connection reliability for multi-homed servers.
# Version 2.1.14
- Added support for client IP address encryption in logs using IPCrypt
(https://ipcrypt-std.github.io/). Three algorithms are supported:
deterministic, non-deterministic with 8-byte tweak, and extended
non-deterministic with 16-byte tweak.
- Enhanced pattern rule documentation with better examples.
- Fixed an issue where nil client addresses could cause crashes.
# Version 2.1.13
- Fixed race conditions in WebSocket handling for the monitoring dashboard,
improving stability and preventing potential crashes.
- Manual configuration reload via SIGHUP is now supported regardless of the
hot-reload setting, providing more flexibility for system administrators.
- Fixed a regression in IP prefix matching for allow/block lists that could
cause incorrect filtering behavior.
- The monitoring dashboard now properly displays blocked queries counter and
tracks blocked queries in the UI.
- Improved error handling in the cache plugin initialization.
- Enhanced the forward plugin to return the last valid response when
encountering only errors, improving resilience.
- Fixed various UI issues including scrolling behavior, WebSocket reconnection
handling, and response time calculations.
- Updated the example configuration with current Quad9 source URLs.
- The generate-domains-blocklist script now handles poor network conditions
more gracefully.
- Improved handling of DNS64 trampoline queries to prevent potential issues.
# Version 2.1.12
- A new Weighted Power of Two (WP2) load balancing strategy has been
implemented as the default, providing improved distribution across resolvers.
- An optional Prometheus metrics endpoint has been added for monitoring and
observability.
- Memory usage for the cache has been reduced.
- The monitoring dashboard has received significant improvements including
better security, performance optimizations, WebSocket rate limiting, and HTTP
caching headers.
- The monitoring UI has been refined with stable sorting to prevent
flickering, query type limitations, and improved scrolling behavior.
- Additional records in queries are now properly removed before forwarding.
- The simple view UI has been removed as it provided limited utility.
# Version 2.1.11
- The sievecache dependency was updated to fix a bug causing the cache to crash.
# Version 2.1.10
- Hot-reloading of configuration files is now optional and disabled by default.
It can be enabled by setting `enable_hot_reload = true` in the configuration file.
- The file system monitoring for hot-reloading now uses efficient OS-native
file notifications instead of polling, reducing CPU usage and improving responsiveness.
# Version 2.1.9
- A live web-based monitoring UI has been added, allowing you to monitor DNS
query activity and performance metrics through an interactive dashboard.
- Hot-reloading of configuration files has been implemented, allowing you to
modify filtering rules and other configurations without restarting the proxy.
Simply edit a configuration file (like blocked-names.txt) and changes are
applied instantaneously.
- HTTP/3 probing is now supported via the `http3_probe` option, which will
try HTTP/3 first for DoH servers, even if they don't advertise support via
Alt-Svc.
- Authentication for the monitoring UI can be disabled by setting the
username to an empty string in the configuration.
- Several race conditions have been fixed.
- Dependencies have been updated.
- DHCP DNS detector instances have been reduced to improve performance.
- Tor isolation for dnscrypt-proxy has been documented to enhance privacy.
- The default example configuration file has been improved for clarity and
usability.
- The cache lock contention has been reduced to improve performance under
high load.
- generate-domains-blocklist: added parallel downloading of block lists for
significantly improved performance.
# Version 2.1.8
- Dependencies have been updated, notably the QUIC implementation,
which could be vulnerable to denial-of-service attacks.
- In forwarding rules, the target can now optionally include a
non-standard DNS port number. The port number is also now optional when
using IPv6.
- An annoying log message related to permissions on Windows has been
suppressed.
- Resolver IP addresses can now be refreshed more frequently.
Additionally, jitter has been introduced to prevent all resolvers from
being refreshed simultaneously. Further changes have been implemented
to mitigate issues arising from multiple concurrent attempts to resolve
a resolver's IP address.
- An empty value for "tls_cipher_suite" is now equivalent to leaving
the property undefined. Previously, it disabled all TLS cipher suites,
which had little practical justification.
- In forwarding rules, an optional `*.` prefix is now accepted.
# Version 2.1.7
- This version reintroduces support for XSalsa20 enryption in DNSCrypt,
which was removed in 2.1.6. Unfortunately, a bunch of servers still
only support that encryption system.
- A check for lying resolvers was added for DNSCrypt, similar to the one
that was already present for DoH and ODoH.
- Binary packages for Windows/ARM are now available, albeit not in MSI
format yet.
# Version 2.1.6
- Forwarding: in the list of servers for a zone, the `$BOOTSTRAP` keyword
can be included as a shortcut to forward to the bootstrap servers.
And the `$DHCP` keyword can be included to forward to the DNS resolvers
provided by the local DHCP server. Based on work by YX Hao, thanks!
DHCP forwarding should be considered experimental and may not work on all
operating systems. A rule for a zone can mix and match multiple forwarder
types, such as `10.0.0.1,10.0.0.254,$DHCP,192.168.1.1,$BOOTSTRAP`.
Note that this is not implemented for captive portals yet.
- Lying resolvers are now skipped, instead of just printing an error.
This doesn't apply to captive portal and forwarding entries, which are the
only reasonable use case for lying resolvers.
- Support for XSalsa20 in DNSCrypt has been removed. This was not documented,
and was supserseded by XChaCha20 in 2016.
- Source files are now fetched with compression.
- DNS64: compatibility has been improved.
- Forwarding: the root domain (`.`) can now be forwarded.
- The ARC caching algorithm has been replaced by the SIEVE algorithm.
- Properties of multiple servers are now updated simultaneously.
The concurrency level can be adjusted with the new `cert_refresh_concurrency`
setting. Contributed by YX Hao.
- MSI packages for DNSCrypt can now easily be built.
- New command-line flag: `-include-relays` to include relays in `-list` and
`-list-all`.
- Support for DNS extended error codes has been added.
- Documentation updates, bug fixes, dependency updates.
# Version 2.1.5
- dnscrypt-proxy can be compiled with Go 1.21.0+
- Responses to blocked queries now include extended error codes
- Reliability of connections using HTTP/3 has been improved
- New configuration directive: `tls_key_log_file`. When defined, this
is the path to a file where TLS secret keys will be written to, so
that DoH traffic can be locally inspected.
# Version 2.1.4
- Fixes a regression from version 2.1.3: when cloaking was enabled,
blocked responses were returned for records that were not A/AAAA/PTR
even for names that were not in the cloaked list.
# Version 2.1.3
- DNS-over-HTTP/3 (QUIC) should be more reliable. In particular,
version 2.1.2 required another (non-QUIC) resolver to be present for
bootstrapping, or the resolver's IP address to be present in the
stamp. This is not the case any more.
- dnscrypt-proxy is now compatible with Go 1.20+
- Commands (-check, -show-certs, -list, -list-all) now ignore log
files and directly output the result to the standard output.
- The `cert_ignore_timestamp` configuration switch is now documented.
It allows ignoring timestamps for DNSCrypt certificate verification,
until a first server is available. This should only be used on devices
that don't have any ways to set the clock before DNS service is up.
However, a safer alternative remains to use an NTP server with a fixed
IP address (such as time.google.com), configured in the captive portals
file.
- Cloaking: when a name is cloaked, unsupported record types now
return a blocked response rather than the actual records.
- systemd: report Ready earlier as dnscrypt-proxy can itself manage
retries for updates/refreshes.
# Version 2.1.2
- Support for DoH over HTTP/3 (DoH3, HTTP over QUIC) has been added.
Compatible servers will automatically use it. Note that QUIC uses UDP
(usually over port 443, like DNSCrypt) instead of TCP.
- In previous versions, memory usage kept growing due to channels not
being properly closed, causing goroutines to pile up. This was fixed,
resulting in an important reduction of memory usage. Thanks to
@lifenjoiner for investigating and fixing this!
- DNS64: `CNAME` records are now translated like other responses.
Thanks to @ignoramous for this!
- A relay whose name has been configured, but doesn't exist in the
list of available relays is now a hard error. Thanks to @lifenjoiner!
- Mutexes/locking: bug fixes and improvements, by @ignoramous
- Official packages now include linux/riscv64 builds.
- `dnscrypt-proxy -resolve` now reports if ECS (EDNS-clientsubnet) is
supported by the server.
- `dnscrypt-proxy -list` now includes ODoH (Oblivious DoH) servers.
- Local DoH: queries made using the `GET` method are now handled.
- The service can now be installed on OpenRC-based systems.
- `PTR` queries are now supported for cloaked domains. Contributed by
Ian Bashford, thanks!
# Version 2.1.1
This is a bugfix only release, addressing regressions introduced in
version 2.1.0:
- When using DoH, cached responses were not served any more when
experiencing connectivity issues. This has been fixed.
- Time attributes in allow/block lists were ignored. This has been
fixed.
- The TTL as served to clients is now rounded and starts decreasing
before the first query is received.
- Time-based rules are properly handled again in
generate-domains-blocklist.
- DoH/ODoH: entries with an IP address and using a non-standard port
used to require help from a bootstrap resolver. This is not the case
any more.
# Version 2.1.0
- `dnscrypt-proxy` now includes support for Oblivious DoH.
- If the proxy is overloaded, cached and synthetic queries now keep being
served, while non-cached queries are delayed.
- A deprecation warning was added for `fallback_resolvers`.
- Source URLs are now randomized.
- On some platforms, redirecting the application log to a file was not
compatible with user switching; this has been fixed.
- `fallback_resolvers` was renamed to `bootstrap_resolvers` for
clarity. Please update your configuration file accordingly.
# Version 2.0.45
- Configuration changes (to be required in versions 2.1.x):
* `[blacklist]` has been renamed to `[blocked_names]`
* `[ip_blacklist]` has been renamed to `[blocked_ips]`
* `[whitelist]` has been renamed to `[allowed_names]`
* `generate-domains-blacklist.py` has been renamed to
`generate-domains-blocklist.py`, and the configuration files have been
renamed as well.
- `dnscrypt-proxy -resolve` has been completely revamped, and now requires
the configuration file to be accessible. It will send a query to an IP address
of the `dnscrypt-proxy` server by default. Sending queries to arbitrary
servers is also supported with the new `-resolve name,address` syntax.
- Relay lists can be set to `*` for automatic relay selection. When a wildcard
is used, either for the list of servers or relays, the proxy ensures that
relays and servers are on distinct networks.
- Lying resolvers are detected and reported.
- New return code: `NOT_READY` for queries received before the proxy has
been initialized.
- Server lists can't be older than a week any more, even if directory
permissions are incorrect and cache files cannot be written.
- macOS/arm64 is now officially supported.
- New feature: `allowed_ips`, to configure a set of IP addresses to
never block no matter what DNS name resolves to them.
- Hard-coded IP addresses can be immediately returned for test queries
sent by operating systems in order to check for connectivity and captive
portals. Such responses can be sent even before an interface is considered
as enabled by the operating system. This can be configured in a new section
called `[captive_portals]`.
- On Linux, OpenBSD and FreeBSD, `listen_addresses` can now include IP
addresses that haven't been assigned to an interface yet.
- The logo has been tweaked to look fine on a dark background.
- `generate-domains-blocklist.py`: regular expressions are now ignored in
time-based entries.
- Minor bug fixes and logging improvements.
- Cloaking plugin: if an entry has multiple IP addresses for a type,
all the IP addresses are now returned instead of a random one.
- Static entries can now include DNSCrypt relays.
- Name blocking: aliases relying on `SVCB` and `HTTPS` records can now
be blocked in addition to aliases via regular `CNAME` records.
- EDNS-Client-Subnet information can be added to outgoing queries.
Instead of sending the actual client IP, ECS information is user
configurable, and IP addresses will be randomly chosen for every query.
- Initial DoH queries are now checked using random names in order to
properly measure CDNs such as Tencent that ignore the padding.
- DoH: the `max-stale` cache control directive is now present in queries.
- Logs can now be sent to `/dev/stdout` instead of actual files.
- User switching is now supported on macOS.
- New download mirror (https://download.dnscrypt.net) for resolvers,
relays and parental-control.
Thanks to the nice people who contributed to this release:
- Ian Bashford
- Will Elwood
- Alison Winters
- Krish De Souza
- @hugepants
- @IceCodeNew
- @lifenjoiner
- @mibere
- @jacob755
- @petercooperjr
- @yofiji
# Version 2.0.44
- More updates to the set of block lists, thanks again to IceCodeNew.
- Netprobes and listening sockets are now ignored when the `-list`,
`-list-all`, `-show-certs` or `-check` command-line switches are used.
- `tls_client_auth` was renamed to `doh_client_x509_auth`. A section
with the previous name is temporarily ignored if empty, but will error
out if not.
- Unit tests are now working on 32-bit systems. Thanks to Will Elwood
and @lifenjoiner.
# Version 2.0.43
- Built-in support for DNS64 translation has been implemented.
(Contributed by Sergey Smirnov, thanks!)
- Connections to DoH servers can be authenticated using TLS client
certificates (Contributed by Kevin O'Sullivan, thanks!)
- Multiple stamps are now allowed for a single server in resolvers
and relays lists.
- Android: the time zone for log files is now set to the system
time zone.
- Quite a lot of updates and additions have been made to the
example domain block lists. Thanks to `IceCodeNew`!
- Cached configuration files can now be temporarily used if
they are out of date, but bootstraping is impossible. Contributed by
`lifenjoiner`, thanks!
- Precompiled macOS binaries are now notarized.
- `generate-domains-blacklists` now tries to deduplicate entries
clobbered by wildcard rules. Thanks to `Huhni`!
- `generate-domains-blacklists` can now directly write lists to a
file with the `-o` command-line option.
- cache files are now downloaded as the user the daemon will be running
as. This fixes permission issues at startup time.
- Forwarded queries are now subject to global timeouts, and can be
forced to use TCP.
- The `ct` parameter has been removed from DoH queries, as Google doesn't
require it any more.
- Service installation is now supported on FreeBSD.
- When stored into a file, service logs now only contain data from the most
recent launch. This can be changed with the new `log_file_latest` option.
- Breaking change: the `tls_client_auth` section was renamed to
`doh_client_x509_auth`. If you had a tls_client_auth section in the
configuration file, it needs to be updated.
# Version 2.0.42
- The current versions of the `dnsdist` load balancer (presumably used
by quad9, cleanbrowsing, qualityology, freetsa.org, ffmuc.net,
opennic-bongobow, sth-dnscrypt-se, ams-dnscrypt-nl and more)
is preventing queries over 1500 bytes from being received over UDP.
Temporary workarounds have been introduced to improve reliability
with these resolvers for regular DNSCrypt. Unfortunately, anonymized
DNS cannot be reliable until the issue is fixed server-side. `dnsdist`
authors are aware of it and are working on a fix.
- New option in the `[anonymized_dns]` section: `skip_incompatible`,
to ignore resolvers incompatible with Anonymized DNS instead of
using them without a relay.
- The server latency benchmark is faster while being able to perform
more retries if necessary.
- Continuous integration has been moved to GitHub Actions.
# Version 2.0.41
- Precompiled ARM binaries are compatible with ARMv5 CPUs. The
default arm builds were not compatible with older CPUs when compiled
with Go 1.14. mips64 binaries are explicitly compiled with `softfloat`
to improve compatibility.
- Quad9 seems to be only blocking fragmented queries over UDP for
some networks. They have been removed from the default list of broken
resolvers; runtime detection of support for fragments should now do
the job.
- Runtime detection of support for fragments was actually enabled.
# Version 2.0.40
- Servers blocking fragmented queries are now automatically detected.
- The server name is now only present in query logs when an actual
upstream servers was required to resolve a query.
- TLS client authentication has been added for DoH.
- The Firefox plugin is now skipped for connections coming from the
local DoH server.
- DoH RTT computation is now more accurate, especially when CDNs are
in the middle.
- The forwarding plugin is now more reliable, and handles retries over
TCP.
# Version 2.0.39
- The Firefox Local DoH service didn't properly work in version 2.0.38;
this has been fixed. Thanks to Simon Brand for the report!
# Version 2.0.38
- Entries from lists (forwarding, blacklists, whitelists) now support
inline comments.
- Reliability improvement: queries over UDP are retried after a timeout
instead of solely relying on the client.
- Reliability improvement: during temporary network outages, cached records
are now served even if they are stale.
- Bug fix: SOCKS proxies and DNS relays can be combined.
- New feature: multiple fallback resolvers are now supported (see the
new `fallback_resolvers` option. Note that `fallback_resolver` is
still supported for backward compatibility).
- Windows: the service can be installed with a configuration file
stored separately from the application.
- Security (affecting DoH): precompiled binaries of dnscrypt-proxy 2.0.37 are
built using Go 1.13.7 that fixes a TLS certificate parsing issue present in
previous versions of the compiler.
# Version 2.0.36
- New option: `block_undelegated`. When enabled, `dnscrypt-proxy` will
directly respond to queries for locally-served zones (https://sk.tl/2QqB971U)
and nonexistent zones that should have been kept local, but are frequently
leaked. This reduces latency and improves privacy.
- Conformance: the `DO` bit is now set in synthetic responses if it was
set in a question, and the `AD` bit is cleared.
- The `miegkg/dns` module was updated to version 1.1.26, that fixes a
security issue affecting non-encrypted/non-authenticated DNS traffic. In
`dnscrypt-proxy`, this only affects the forwarding feature.
# Version 2.0.35
- New option: `block_unqualified` to block `A`/`AAAA` queries with
unqualified host names. These will very rarely get an answer from upstream
resolvers, but can leak private information to these, as well as to root
servers.
- When a `CNAME` pointer is blocked, the original query name is now logged
along with the pointer. This makes it easier to know what the original
query name, so it can be whitelisted, or what the pointer was, so it
can be removed from the blacklist.
# Version 2.0.34
- Blacklisted names are now also blocked if they appear in `CNAME`
pointers.
- `dnscrypt-proxy` can now act as a local DoH *server*. Firefox can
be configured to use it, so that ESNI can be enabled without bypassing
your DNS proxy.
# Version 2.0.33
- Fixes an issue that caused some valid queries to return `PARSE_ERROR`.
# Version 2.0.32
- On certificate errors, the server name is now logged instead of the
provider name, which is generally more useful.
- IP addresses for DoH servers that require DNS lookups are now cached
for at least 12 hours.
- `ignore_system_dns` is now set to `true` by default.
- A workaround for a bug in Cisco servers has been implemented.
- A corrupted or incomplete resolvers list is now ignored, keeping the
last good known cached list until the next update. In addition, logging was
improved and unit tests were also added. Awesome contribution from William
Elwood, thanks!
- On Windows, the network probe immediately returned instead of blocking
if `netprobe_timeout` was set to `-1`. This has been fixed.
- Expired cached IP addresses now have a grace period, to avoid breaking the
service if they temporarily can't be refreshed.
- On Windows, the service now returns immediately, solving a long-standing
issue when initialization took more than 30 seconds ("The service did not
respond to the start or control request in a timely fashion"). Fantastic
work by Alison Winters, thanks!
- The `SERVER_ERROR` error code has been split into two new error codes:
`NETWORK_ERROR` (self-explanatory) and `SERVFAIL` (a response was returned,
but it includes a `SERVFAIL` error code).
- Responses are now always compressed.
# Version 2.0.31
- This version fixes two regressions introduced in version 2.0.29:
DoH server couldn't be reached over IPv6 any more, and the proxy
couldn't be interrupted while servers were being benchmarked.
# Version 2.0.30
- This version fixes a startup issue introduced in version 2.0.29,
on systems for which the service cannot be automatically installed
(such as OpenBSD and FreeBSD). Reported by @5ch17 and Vinícius Zavam,
and fixed by Will Elwood, thanks!
# Version 2.0.29
- Support for Anonymized DNS has been added!
- Wait before stopping, fixing an issue with Unbound (thanks to
Vladimir Bauer)
- DNS stamps are now included in the -list-all -json ouptut
- The netprobe_timeout setting from the configuration file or
command-line was ignored. This has been fixed.
- The TTL or cloaked entries can now be adjusted (thanks to Markus
Linnala)
- Cached IP address from DoH servers now expire (thanks to Markus
Linnala)
- DNSCrypt certificates can be fetched over Tor and SOCKS proxies
- Retries over TCP are faster
- Improved logging (thanks to Alison Winters)
- Ignore non-TXT records in certificate responses (thanks to Vladimir
Bauer)
- A lot of internal cleanups, thanks to Markus Linnala.
# Version 2.0.28
- Invalid server entries are now skipped instead of preventing a
source from being used. Thanks to Alison Winters for the contribution!
- Truncated responses are immediately retried over TCP instead of
waiting for the client to retry. This reduces the latency for large
responses.
- Responses sent to the local network are assumed to support at least
1252 bytes packets, and use optional information from EDNS up to 4096
bytes. This also reduces latency.
- Logging improvements: servers are not logged for cached, synthetic
and cloaked responses. And the forwarder is logged instead of the
regular server for forwarded responses.
# Version 2.0.27
- The X25519 implementation was changed from using the Go standard
implementation to using Cloudflare's CIRCL library. Unfortunately,
CIRCL appears to be broken on big-endian systems. That change has been
reverted.
- All the dependencies have been updated.
# Version 2.0.26
- A new plugin was added to prevent Firefox from bypassing the system
DNS settings.
- New configuration parameter to set how to respond to blocked
queries: `blocked_query_response`. Responses can now be empty record
sets, REFUSED response codes, or predefined IPv4 and/or IPv6 addresses.
- The `refused_code_in_responses` and `blocked_query_response` options
have been folded into a new `blocked_query_response` option.
- The fallback resolver is now accessed using TCP if `force_tcp` has
been set to `true`.
- CPU usage when enabling DNSCrypt ephemeral keys has been reduced.
- New command-line option: `-show-certs` to print DoH certificate
hashes.
- Solaris packages are now provided.
- DoH servers on a non-standard port, with stamps that don't include
IP addresses, and without working system resolvers can now be properly
bootstrapped.
- A new option, `query_meta`, is now available to add optional records
to client queries.
# Version 2.0.25
- The example IP address for network probes didn't work on Windows.
The example configuration file has been updated and the fallback
resolver IP is now used when no netprobe address has been configured.
# Version 2.0.24
- The query log now includes the time it took to complete the
transaction, the name of the resolver that sent the response and if
the response was served from the cache. Thanks to Ferdinand Holzer for
his help!
- The list of resolvers, sorted by latency, is now printed after all
the resolvers have been probed.
- The "fastest" load-balancing strategy has been renamed to "first".
- On Windows, a nul byte is sent to the netprobe address. This is
required to check for connectivity on this platform. Thanks to Mathias
Berchtold.
- The Malwaredomainlist URL was updated to directly parse the host
list. Thanks to Encrypted.Town.
- The Python script to generate lists of blacklisted domains is now
compatible both with Python 2 and Python 3. Thanks to Simon R.
- A warning is now displayed for DoH is requested but the server
doesn't speak HTTP/2.
- A crash with loaded-balanced sets of cloaked names was fixed.
Thanks to @inkblotadmirer for the report.
- Resolvers are now tried in random order to avoid favoring the first
ones at startup.
# Version 2.0.23
- Binaries for FreeBSD/armv7 are now available.
- .onion servers are now automatically ignored if Tor routing is not
enabled.
- Caching of server addresses has been improved, especially when
using proxies.
- DNSCrypt communications are now automatically forced to using TCP
when a SOCKS proxy has been set up.
# Version 2.0.22
- The previous version had issues with the .org TLD when used in
conjunction with dnsmasq. This has been fixed.
# Version 2.0.21
- The change to run the Windows service as `NT AUTHORITY\NetworkService`
has been reverted, as it was reported to break logging (Windows only).
# Version 2.0.20
- Startup is now *way* faster, especially when using DoH servers.
- A new action: `CLOAK` is logged when queries are being cloaked.
- A cloaking rule can now map to multiple IPv4 and IPv6 addresses,
with load-balancing.
- New option: `refused_code_in_responses` to return (or not) a
`REFUSED` code on blacklisted queries. This is disabled by default, in
order to work around a bug in Android Pie.
- Time-based restrictions are now properly handled in the
generate-domains-blacklist.py script.
- Other improvements have been made to the `generate-domains-blacklist.py`
script.
- The Windows service is now installed as `NT AUTHORITY\NetworkService`.
# Version 2.0.19
- The value for `netprobe_timeout` was read from the command-line, but
not from the configuration file any more. This is a regression introduced
in the previous version, that has been fixed.
- The default value for netprobe timeouts has been raised to 60 seconds.
- A hash of the body is added to query parameters when sending DoH
queries with the POST method in order to work around badly configured
proxies.
# Version 2.0.18
- Official builds now support TLS 1.3.
- The timeout for the initial connectivity check can now be set from
the command line.
- An `Accept:` header is now always sent with `GET` queries.
- BOMs are now ignored in configuration files.
- In addition to SOCKS, HTTP and HTTPS proxies are now supported for
DoH servers.
# Version 2.0.17
- Go >= 1.11 is now supported
- The flipside is that Windows XP is not supported any more :(
- When dropping privileges, there is no supervisor process any more.
- DNS options used to be cleared from DNS queries, with the exception
of flags and payload sizes. This is not the case any more.
- DoH queries are smaller, since workarounds are not required any more
after Google updated their implementation.
# Version 2.0.16
- On Unix-like systems, the server can run as an unprivileged user,
and the main process will automatically restart if an error occurs.
- pledge() on OpenBSD.
- New "offline" mode to serve queries locally without contacting any
upstream servers. This can be especially useful along with the
cloaking module for local development.
- New logo.
- TTL of OPT records is properly ignored by the caching module.
- The proxy doesn't quit any more if new TCP connections cannot be
created.
# Version 2.0.15
- Support for proxies (HTTP/SOCKS) was added. All it takes to route
all TCP queries to Tor is add `proxy = "socks5://127.0.0.1:9050"` to
the configuration file.
- Querylog files have a new record indicating the outcome of each
transaction.
- Pre-built binaries for Linux are statically linked on all
architectures.
# Version 2.0.14
- Supports DNS-over-HTTPS draft 08.
- Netprobes don't use port 0 by default, as this causes issues with
Little Snitch and FreeBSD.
# Version 2.0.13
- This version fixes a crash when using DoH for queries whose size
were a multiple of the block size. Reported by @char101, thanks!
# Version 2.0.12
- Further compatibility fixes for Alpine Linux/i386 and Android/i386
have been made. Thanks to @aead for his help!
- The proxy will now wait for network connectivity before starting.
This is useful if the proxy is automatically started at boot, possibly
before the network is fully configured.
- The IPv6 blocking module now returns synthetic SOA records to
improve compatibility with downstream resolvers and stub resolvers.
# Version 2.0.11
- This release fixes a long-standing bug that caused the proxy to
block or crash when Position-Independent Executables were produced.
This bug only showed up when compiled on (not for) Alpine Linux and
Android, for some CPU architectures.
- New configuration settings: cache_neg_min_ttl and
cache_neg_max_ttl, to clamp the negative caching TTL.
# Version 2.0.10
- This version fixes a crash when an incomplete size is sent by a
local client for a query over TCP.
- Slight performance improvement of DNSCrypt on non-Intel CPUs such
as Raspberry Pi.
# Version 2.0.9
- Whitelists have been implemented: one a name matches a pattern in
the whitelist, rules from the name-based and IP-based blacklists will
be bypassed. Whitelists support the same patterns as blacklists, as
well as time-based rules, so that some website can be normally
blocked, but accessible on specific days or times of the day.
- Lists are now faster to load, and large lists require significantly
less memory than before.
- New options have been added to disable TLS session tickets as well
as use a specific cipher suite. See the example configuration file for
a recommended configuration to speed up DoH servers on ARM such as
Android devices and Raspberry Pi.
- The `-service install` command now remembers what the current
directory was when the service was installed, in order to later load
configuration files with relative paths.
- DoH: The "Cache-Control: max-age" header is now ignored.
- Patterns can now be prefixed with `=` to do exact matching:
`=example.com` matches `example.com` but will not match `www.example.com`.
- Patterns are now fully supported by the cloaking module.
- A new option was added to use a specific cipher suite instead of
the server's provided one. Using RSA+ChaChaPoly over ECDSA+AES-GCM has
shown to decrease CPU usage and latency when connecting to Cloudflare,
especially on Mips and ARM systems.
- The ephemeral keys mode of dnscrypt-proxy v1.x was reimplemented: this
creates a new unique key for every single query.
# Version 2.0.8
- Multiple URLs can be defined for a source in order to improve
resiliency when servers are temporarily unreachable.
- Connections over IPv6 will be preferred over IPv4 for DoH servers
when using a fallback resolver if `ipv6_servers` is set.
- Improvements have been made to the example systemd configuration
files.
- The chacha20 implementation was updated to possibly fix a bug on
Android/x86.
- `generate-domains-blacklist.py` can now parse dnsmasq-style rules.
- FreeBSD/arm builds have been added.
- `dnscrypt-proxy -list -json` and `-list-all -json` now include the
remove servers names and IP addresses.
# Version 2.0.7
- Bug fix: optional ports were not properly parsed with IPv6
addresses -- thanks to @bleeee for the report and fix.
- Bug fix: truncate TCP queries to the prefixed length.
- Certificates are force-refreshed after a time jump (e.g. when a
system resumes from hibernation).
# Version 2.0.6
- Automatic log files rotation was finally implemented.
- A new -pidfile command-line option to write the PID file was added.
# Version 2.0.5
- Fixes a crash occasionally happening when using DoH servers, with
stamps not containing any IP addresses, a DNSSEC-signed name, a
non-working system DNS configuration, and a fallback server supporting
DNSSEC.
# Version 2.0.4
- Fixes a regression with truncated packets. Thanks to @mazesy and
@the-w1nd for spotting a case triggering this!
# Version 2.0.3
- Load balancing: resolvers that respond promptly, but with bogus
responses are now gradually removed from the preferred pool.
- Due to popular request, Android binaries are now available! Thanks
to @sporif for his help on getting these built.
- Binaries are built using Go 1.10-final.
# Version 2.0.2
- Properly error out on FreeBSD and other platforms where built-in
service installation is not supported yet.
- Improved load-balancing algorithm, which should result in lower
latency.
# Version 2.0.1
- Cached source data were not redownloaded if the proxy was used
without interruption. This has been fixed.
- If the network is down at startup time, fall back to cached source
data, even if is it out of date, and schedule an immediate update
after the networks is back.
- RTT estimation for DNS-over-HTTP/2 servers was off. This has been
fixed.
- The generate-domains-blacklist script now has a configurable
timeout value, and can produce time-based rules.
- The timeout parameter in the example configuration file didn't had
the correct name; this has been fixed.
- Cache: TTLs are now decreasing.
================================================
FILE: LICENSE
================================================
ISC License
Copyright (c) 2018-2026, Frank Denis <j at pureftpd dot org>
Permission to use, copy, modify, and/or distribute this software for any
purpose with or without fee is hereby granted, provided that the above
copyright notice and this permission notice appear in all copies.
THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES WITH
REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT,
INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
PERFORMANCE OF THIS SOFTWARE.
================================================
FILE: README.md
================================================
# 
[](https://opencollective.com/dnscrypt)
[](https://github.com/dnscrypt/dnscrypt-proxy/releases/latest)
[](https://github.com/DNSCrypt/dnscrypt-proxy/actions/workflows/releases.yml)
## Overview
A flexible DNS proxy, with support for modern encrypted DNS protocols such as [DNSCrypt v2](https://dnscrypt.info/protocol), [DNS-over-HTTPS](https://www.rfc-editor.org/rfc/rfc8484.txt), [Anonymized DNSCrypt](https://github.com/DNSCrypt/dnscrypt-protocol/blob/master/ANONYMIZED-DNSCRYPT.txt) and [ODoH (Oblivious DoH)](https://github.com/DNSCrypt/dnscrypt-resolvers/blob/master/v3/odoh-servers.md).
* **[dnscrypt-proxy documentation](https://dnscrypt.info/doc) ← Start here**
* [DNSCrypt project home page](https://dnscrypt.info/)
* [Discussions](https://github.com/DNSCrypt/dnscrypt-proxy/discussions)
* [DNS-over-HTTPS and DNSCrypt resolvers](https://dnscrypt.info/public-servers)
* [Server and client implementations](https://dnscrypt.info/implementations)
* [DNS stamps](https://dnscrypt.info/stamps)
* [FAQ](https://dnscrypt.info/faq)
## [Download the latest release](https://github.com/dnscrypt/dnscrypt-proxy/releases/latest)
Available as source code and pre-built binaries for most operating systems and architectures (see below).
## Features
* DNS traffic encryption and authentication. Supports DNS-over-HTTPS (DoH) using TLS 1.3 and QUIC, DNSCrypt, Anonymized DNS and ODoH
* Client IP addresses can be hidden using Tor, SOCKS proxies or Anonymized DNS relays
* DNS query monitoring, with separate log files for regular and suspicious queries
* Filtering: block ads, malware, and other unwanted content. Compatible with all DNS services
* Time-based filtering, with a flexible weekly schedule
* Transparent redirection of specific domains to specific resolvers
* Optional hot-reloading of configuration files (disabled by default from v2.1.10)
* DNS caching, to reduce latency and improve privacy
* Local IPv6 blocking to reduce latency on IPv4-only networks
* Load balancing: pick a set of resolvers, dnscrypt-proxy will automatically measure and keep track of their speed, and balance the traffic across the fastest available ones.
* Cloaking: like a `HOSTS` file on steroids, that can return preconfigured addresses for specific names, or resolve and return the IP address of other names. This can be used for local development as well as to enforce safe search results on Google, Yahoo, DuckDuckGo and Bing
* Automatic background updates of resolvers lists
* Can force outgoing connections to use TCP
* Compatible with DNSSEC
* Includes a local DoH server in order to support ECH (ESNI)
## Pre-built binaries
Up-to-date, pre-built binaries are available for:
* Android/arm
* Android/arm64
* Android/x86
* Android/x86_64
* Dragonfly BSD
* FreeBSD/arm
* FreeBSD/x86
* FreeBSD/x86_64
* Linux/arm
* Linux/arm64
* Linux/mips
* Linux/mipsle
* Linux/mips64
* Linux/mips64le
* Linux/x86
* Linux/x86_64
* macOS/arm64
* macOS/x86_64
* NetBSD/x86
* NetBSD/x86_64
* OpenBSD/x86
* OpenBSD/x86_64
* Windows
* Windows 64 bit
* Windows ARM
How to use these files, as well as how to verify their signatures, are documented in the [installation instructions](https://github.com/dnscrypt/dnscrypt-proxy/wiki/installation).
## Contributors
### Code Contributors
This project exists thanks to all the people who contribute.
<a href="https://github.com/dnscrypt/dnscrypt-proxy/graphs/contributors"><img src="https://opencollective.com/dnscrypt/contributors.svg?width=890&button=false" /></a>
### Financial Contributors
Become a financial contributor and help us sustain our community. [[Contribute](https://opencollective.com/dnscrypt/contribute)]
#### Individuals
<a href="https://opencollective.com/dnscrypt"><img src="https://opencollective.com/dnscrypt/individuals.svg?width=890"></a>
#### Organizations
Support this project with your organization. Your logo will show up here with a link to your website. [[Contribute](https://opencollective.com/dnscrypt/contribute)]
<a href="https://opencollective.com/dnscrypt/organization/0/website"><img src="https://opencollective.com/dnscrypt/organization/0/avatar.svg"></a>
<a href="https://opencollective.com/dnscrypt/organization/1/website"><img src="https://opencollective.com/dnscrypt/organization/1/avatar.svg"></a>
<a href="https://opencollective.com/dnscrypt/organization/2/website"><img src="https://opencollective.com/dnscrypt/organization/2/avatar.svg"></a>
<a href="https://opencollective.com/dnscrypt/organization/3/website"><img src="https://opencollective.com/dnscrypt/organization/3/avatar.svg"></a>
<a href="https://opencollective.com/dnscrypt/organization/4/website"><img src="https://opencollective.com/dnscrypt/organization/4/avatar.svg"></a>
<a href="https://opencollective.com/dnscrypt/organization/5/website"><img src="https://opencollective.com/dnscrypt/organization/5/avatar.svg"></a>
<a href="https://opencollective.com/dnscrypt/organization/6/website"><img src="https://opencollective.com/dnscrypt/organization/6/avatar.svg"></a>
<a href="https://opencollective.com/dnscrypt/organization/7/website"><img src="https://opencollective.com/dnscrypt/organization/7/avatar.svg"></a>
<a href="https://opencollective.com/dnscrypt/organization/8/website"><img src="https://opencollective.com/dnscrypt/organization/8/avatar.svg"></a>
<a href="https://opencollective.com/dnscrypt/organization/9/website"><img src="https://opencollective.com/dnscrypt/organization/9/avatar.svg"></a>
================================================
FILE: contrib/msi/Dockerfile
================================================
FROM ubuntu:latest
MAINTAINER dnscrypt-authors
RUN apt-get update && \
apt-get install -y wget wine dotnet-sdk-6.0 && \
dpkg --add-architecture i386 && apt-get update && apt-get install -y wine32
ENV WINEPREFIX=/root/.wine32 WINEARCH=win32 WINEDEBUG=-all
RUN wget https://dl.winehq.org/wine/wine-mono/8.1.0/wine-mono-8.1.0-x86.msi && \
WINEPREFIX="$HOME/.wine32" WINEARCH=win32 wineboot --init && \
WINEPREFIX="$HOME/.wine32" WINEARCH=win32 wine msiexec /i wine-mono-8.1.0-x86.msi && \
mkdir $WINEPREFIX/drive_c/temp && \
apt-get install -y unzip && \
wget https://github.com/wixtoolset/wix3/releases/download/wix3112rtm/wix311-binaries.zip -nv -O wix.zip && \
unzip wix.zip -d /wix && \
rm -f wix.zip
WORKDIR /wix
================================================
FILE: contrib/msi/README.md
================================================
# Scripts and utilities related to building an .msi (Microsoft Standard Installer) file.
## Docker test image for building an MSI locally
```sh
docker build . -f Dockerfile -t ubuntu:dnscrypt-msi
```
## Test building msi files for intel win32 & win64
```sh
./build.sh
```
================================================
FILE: contrib/msi/build.sh
================================================
#! /bin/sh
version=0.0.0
gitver=$(git describe --tags --always --match="[0-9]*.[0-9]*.[0-9]*" --exclude='*[^0-9.]*')
if [ "$gitver" != "" ]; then
version=$gitver
fi
# build the image by running: docker build . -f Dockerfile -t ubuntu:dnscrypt-msi
if [ "$(docker image list -q ubuntu:dnscrypt-msi)" = "" ]; then
docker build . -f Dockerfile -t ubuntu:dnscrypt-msi
fi
image=ubuntu:dnscrypt-msi
for arch in x64 x86; do
binpath="win32"
if [ "$arch" = "x64" ]; then
binpath="win64"
fi
src=$(
cd ../../dnscrypt-proxy/$binpath || exit
pwd
)
echo "$src"
docker run --rm -v "$(pwd)":/wixproj -v "$src":/src $image wine candle.exe -dVersion="$version" -dPlatform=$arch -dPath=\\src -arch $arch \\wixproj\\dnscrypt.wxs -out \\wixproj\\dnscrypt-$arch.wixobj
docker run --rm -v "$(pwd)":/wixproj -v "$src":/src $image wine light.exe -out \\wixproj\\dnscrypt-proxy-$arch-"$version".msi \\wixproj\\dnscrypt-$arch.wixobj -sval
done
================================================
FILE: contrib/msi/dnscrypt.wxs
================================================
<?xml version="1.0"?>
<?if $(var.Platform)="x64" ?>
<?define Program_Files="ProgramFiles64Folder"?>
<?else ?>
<?define Program_Files="ProgramFilesFolder"?>
<?endif ?>
<?ifndef var.Version?>
<?error Undefined Version variable?>
<?endif ?>
<?ifndef var.Path?>
<?error Undefined Path variable?>
<?endif ?>
<Wix xmlns="http://schemas.microsoft.com/wix/2006/wi">
<Product Id="*"
UpgradeCode="fbf99dd8-c21e-4f9b-a632-de53bb64c45e"
Name="dnscrypt-proxy"
Version="$(var.Version)"
Manufacturer="DNSCrypt"
Language="1033">
<Package InstallerVersion="200" Compressed="yes" Comments="Windows Installer Package" InstallScope="perMachine" />
<Media Id="1" Cabinet="product.cab" EmbedCab="yes" />
<MajorUpgrade DowngradeErrorMessage="A later version of [ProductName] is already installed. Setup will now exit." />
<Upgrade Id="fbf99dd8-c21e-4f9b-a632-de53bb64c45e">
<UpgradeVersion Minimum="$(var.Version)" OnlyDetect="yes" Property="NEWERVERSIONDETECTED" />
<UpgradeVersion Minimum="2.1.0" Maximum="$(var.Version)" IncludeMinimum="yes" IncludeMaximum="no" Property="OLDERVERSIONBEINGUPGRADED" />
</Upgrade>
<Condition Message="A newer version of this software is already installed.">NOT NEWERVERSIONDETECTED</Condition>
<Directory Id="TARGETDIR" Name="SourceDir">
<Directory Id="$(var.Program_Files)">
<Directory Id="INSTALLDIR" Name="DNSCrypt">
<Component Id="ApplicationFiles" Guid="7d693c0b-71d8-436a-9c84-60a11dc74092">
<File Id="dnscryptproxy.exe" KeyPath="yes" Source="$(var.Path)\dnscrypt-proxy.exe" DiskId="1"/>
<File Source="$(var.Path)\LICENSE"></File>
<File Source="$(var.Path)\service-install.bat"></File>
<File Source="$(var.Path)\service-restart.bat"></File>
<File Source="$(var.Path)\service-uninstall.bat"></File>
<File Source="$(var.Path)\example-dnscrypt-proxy.toml"></File>
</Component>
<Component Id="ConfigInstall" Guid="db7b691e-f7c7-4c9a-92e1-c6f21ce6430f" KeyPath="yes">
<Condition><![CDATA[CONFIGFILE]]></Condition>
<CopyFile Id="dnscryptproxytoml" DestinationDirectory="INSTALLDIR" DestinationName="dnscrypt-proxy.toml" SourceProperty="CONFIGFILE">
</CopyFile>
<RemoveFile Id="RemoveConfig" Directory="INSTALLDIR" Name="dnscrypt-proxy.toml" On="uninstall" />
</Component>
</Directory>
</Directory>
</Directory>
<Feature Id="Complete" Level="1">
<ComponentRef Id="ApplicationFiles" />
<ComponentRef Id="ConfigInstall" />
</Feature>
</Product>
</Wix>
================================================
FILE: dnscrypt-proxy/coldstart.go
================================================
package main
import (
"fmt"
"net"
"net/netip"
"strings"
"sync"
"time"
"codeberg.org/miekg/dns"
"codeberg.org/miekg/dns/rdata"
"github.com/jedisct1/dlog"
)
type CaptivePortalEntryIPs []net.IP
type CaptivePortalMap map[string]CaptivePortalEntryIPs
type CaptivePortalHandler struct {
wg sync.WaitGroup
cancelChannel chan struct{}
}
func (captivePortalHandler *CaptivePortalHandler) Stop() {
close(captivePortalHandler.cancelChannel)
captivePortalHandler.wg.Wait()
}
func (ipsMap *CaptivePortalMap) GetEntry(msg *dns.Msg) (dns.RR, *CaptivePortalEntryIPs) {
if len(msg.Question) != 1 {
return nil, nil
}
question := msg.Question[0]
hdr := question.Header()
name, err := NormalizeQName(hdr.Name)
if err != nil {
return nil, nil
}
ips, ok := (*ipsMap)[name]
if !ok {
return nil, nil
}
if hdr.Class != dns.ClassINET {
return nil, nil
}
return question, &ips
}
func HandleCaptivePortalQuery(msg *dns.Msg, question dns.RR, ips *CaptivePortalEntryIPs) *dns.Msg {
respMsg := EmptyResponseFromMessage(msg)
ttl := uint32(1)
hdr := question.Header()
qtype := dns.RRToType(question)
if qtype == dns.TypeA {
for _, xip := range *ips {
if ip := xip.To4(); ip != nil {
rr := new(dns.A)
rr.Hdr = dns.Header{Name: hdr.Name, Class: dns.ClassINET, TTL: ttl}
rr.A = rdata.A{Addr: netip.AddrFrom4([4]byte(ip))}
respMsg.Answer = append(respMsg.Answer, rr)
}
}
} else if qtype == dns.TypeAAAA {
for _, xip := range *ips {
if xip.To4() == nil {
rr := new(dns.AAAA)
rr.Hdr = dns.Header{Name: hdr.Name, Class: dns.ClassINET, TTL: ttl}
rr.AAAA = rdata.AAAA{Addr: netip.AddrFrom16([16]byte(xip.To16()))}
respMsg.Answer = append(respMsg.Answer, rr)
}
}
}
qTypeStr, ok := dns.TypeToString[qtype]
if !ok {
qTypeStr = fmt.Sprint(qtype)
}
dlog.Infof("Query for captive portal detection: [%v] (%v)", hdr.Name, qTypeStr)
return respMsg
}
func handleColdStartClient(clientPc *net.UDPConn, cancelChannel chan struct{}, ipsMap *CaptivePortalMap) bool {
buffer := make([]byte, MaxDNSPacketSize)
clientPc.SetDeadline(time.Now().Add(time.Duration(1) * time.Second))
length, clientAddr, err := clientPc.ReadFrom(buffer)
exit := false
select {
case <-cancelChannel:
exit = true
default:
}
if exit {
return true
}
if neterr, ok := err.(net.Error); ok && neterr.Timeout() {
return false
}
if err != nil {
dlog.Warn(err)
return true
}
packet := buffer[:length]
msg := &dns.Msg{}
msg.Data = packet
if err := msg.Unpack(); err != nil {
return false
}
question, ips := ipsMap.GetEntry(msg)
if ips == nil {
return false
}
respMsg := HandleCaptivePortalQuery(msg, question, ips)
if respMsg == nil {
return false
}
if err := respMsg.Pack(); err == nil {
clientPc.WriteTo(respMsg.Data, clientAddr)
}
return false
}
func addColdStartListener(
ipsMap *CaptivePortalMap,
listenAddrStr string,
captivePortalHandler *CaptivePortalHandler,
) error {
if len(listenAddrStr) == 0 {
return nil
}
network := "udp"
isIPv4 := isDigit(listenAddrStr[0])
if isIPv4 {
network = "udp4"
}
listenUDPAddr, err := net.ResolveUDPAddr(network, listenAddrStr)
if err != nil {
return err
}
clientPc, err := net.ListenUDP(network, listenUDPAddr)
if err != nil {
return err
}
captivePortalHandler.wg.Go(func() {
for !handleColdStartClient(clientPc, captivePortalHandler.cancelChannel, ipsMap) {
}
clientPc.Close()
})
return nil
}
func ColdStart(proxy *Proxy) (*CaptivePortalHandler, error) {
if len(proxy.captivePortalMapFile) == 0 {
return nil, nil
}
lines, err := ReadTextFile(proxy.captivePortalMapFile)
if err != nil {
dlog.Warn(err)
return nil, err
}
ipsMap := make(CaptivePortalMap)
for lineNo, line := range strings.Split(lines, "\n") {
line = TrimAndStripInlineComments(line)
if len(line) == 0 {
continue
}
name, ipsStr, ok := StringTwoFields(line)
if !ok {
return nil, fmt.Errorf(
"Syntax error for a captive portal rule at line %d",
1+lineNo,
)
}
name, err = NormalizeQName(name)
if err != nil {
continue
}
if strings.Contains(ipsStr, "*") {
return nil, fmt.Errorf(
"A captive portal rule must use an exact host name at line %d",
1+lineNo,
)
}
var ips []net.IP
for ip := range strings.SplitSeq(ipsStr, ",") {
ipStr := strings.TrimSpace(ip)
if ip := net.ParseIP(ipStr); ip != nil {
ips = append(ips, ip)
} else {
return nil, fmt.Errorf(
"Syntax error for a captive portal rule at line %d",
1+lineNo,
)
}
}
ipsMap[name] = ips
}
listenAddrStrs := proxy.listenAddresses
captivePortalHandler := CaptivePortalHandler{
cancelChannel: make(chan struct{}),
}
ok := false
for _, listenAddrStr := range listenAddrStrs {
err = addColdStartListener(&ipsMap, listenAddrStr, &captivePortalHandler)
if err == nil {
ok = true
}
}
if ok {
err = nil
}
proxy.captivePortalMap = &ipsMap
return &captivePortalHandler, err
}
================================================
FILE: dnscrypt-proxy/common.go
================================================
package main
import (
"bytes"
"encoding/binary"
"errors"
"fmt"
"io"
"net"
"os"
"strconv"
"strings"
"sync"
"time"
"unicode"
iradix "github.com/hashicorp/go-immutable-radix"
"github.com/jedisct1/dlog"
"github.com/k-sone/critbitgo"
)
type CryptoConstruction uint16
const (
UndefinedConstruction CryptoConstruction = iota
XSalsa20Poly1305
XChacha20Poly1305
)
const (
ClientMagicLen = 8
)
const (
MaxHTTPBodyLength = 1000000
)
var (
CertMagic = [4]byte{0x44, 0x4e, 0x53, 0x43}
ServerMagic = [8]byte{0x72, 0x36, 0x66, 0x6e, 0x76, 0x57, 0x6a, 0x38}
MinDNSPacketSize = 12 + 5
MaxDNSPacketSize = 4096
MaxDNSUDPPacketSize = 4096
MaxDNSUDPSafePacketSize = 1252
InitialMinQuestionSize = 512
)
var (
FileDescriptors = make([]*os.File, 0)
FileDescriptorNum = uintptr(0)
FileDescriptorsMu sync.Mutex
)
const (
InheritedDescriptorsBase = uintptr(50)
)
func PrefixWithSize(packet []byte) ([]byte, error) {
packetLen := len(packet)
if packetLen > 0xffff {
return packet, errors.New("Packet too large")
}
packet = append(append(packet, 0), 0)
copy(packet[2:], packet[:len(packet)-2])
binary.BigEndian.PutUint16(packet[0:2], uint16(len(packet)-2))
return packet, nil
}
func ReadPrefixed(conn *net.Conn) ([]byte, error) {
buf := make([]byte, 2+MaxDNSPacketSize)
packetLength, pos := -1, 0
for {
readnb, err := (*conn).Read(buf[pos:])
if err != nil {
return buf, err
}
pos += readnb
if pos >= 2 && packetLength < 0 {
packetLength = int(binary.BigEndian.Uint16(buf[0:2]))
if packetLength > MaxDNSPacketSize-1 {
return buf, errors.New("Packet too large")
}
if packetLength < MinDNSPacketSize {
return buf, errors.New("Packet too short")
}
}
if packetLength >= 0 && pos >= 2+packetLength {
return buf[2 : 2+packetLength], nil
}
}
}
func Min(a, b int) int {
if a < b {
return a
}
return b
}
func Max(a, b int) int {
if a > b {
return a
}
return b
}
func StringReverse(s string) string {
r := []rune(s)
for i, j := 0, len(r)-1; i < len(r)/2; i, j = i+1, j-1 {
r[i], r[j] = r[j], r[i]
}
return string(r)
}
func StringTwoFields(str string) (string, string, bool) {
if len(str) < 3 {
return "", "", false
}
pos := strings.IndexFunc(str, unicode.IsSpace)
if pos == -1 {
return "", "", false
}
a, b := strings.TrimSpace(str[:pos]), strings.TrimSpace(str[pos+1:])
if len(a) == 0 || len(b) == 0 {
return a, b, false
}
return a, b, true
}
func StringQuote(str string) string {
str = strconv.QuoteToGraphic(str)
return str[1 : len(str)-1]
}
func StringStripSpaces(str string) string {
return strings.Map(func(r rune) rune {
if unicode.IsSpace(r) {
return -1
}
return r
}, str)
}
func TrimAndStripInlineComments(str string) string {
if idx := strings.LastIndexByte(str, '#'); idx >= 0 {
if idx == 0 || str[0] == '#' {
return ""
}
if prev := str[idx-1]; prev == ' ' || prev == '\t' {
str = str[:idx-1]
}
}
return strings.TrimSpace(str)
}
// ExtractHostAndPort parses a string containing a host and optional port.
// If no port is present or cannot be parsed, the defaultPort is returned.
func ExtractHostAndPort(str string, defaultPort int) (host string, port int) {
host, port = str, defaultPort
if idx := strings.LastIndex(str, ":"); idx >= 0 && idx < len(str)-1 {
if portX, err := strconv.Atoi(str[idx+1:]); err == nil {
host, port = host[:idx], portX
}
}
return host, port
}
// ReadTextFile reads a file and returns its contents as a string.
// It automatically removes UTF-8 BOM if present.
func ReadTextFile(filename string) (string, error) {
bin, err := os.ReadFile(filename)
if err != nil {
return "", err
}
// Remove UTF-8 BOM if present
bin = bytes.TrimPrefix(bin, []byte{0xef, 0xbb, 0xbf})
return string(bin), nil
}
func isDigit(b byte) bool { return b >= '0' && b <= '9' }
// ExtractClientIPStr extracts client IP string from pluginsState based on protocol
func ExtractClientIPStr(pluginsState *PluginsState) (string, bool) {
if pluginsState.clientAddr == nil {
return "", false
}
switch pluginsState.clientProto {
case "udp":
return (*pluginsState.clientAddr).(*net.UDPAddr).IP.String(), true
case "tcp", "local_doh":
return (*pluginsState.clientAddr).(*net.TCPAddr).IP.String(), true
default:
return "", false
}
}
// ExtractClientIPStrEncrypted extracts and optionally encrypts client IP string
func ExtractClientIPStrEncrypted(pluginsState *PluginsState, ipCryptConfig *IPCryptConfig) (string, bool) {
ipStr, ok := ExtractClientIPStr(pluginsState)
if !ok || ipCryptConfig == nil {
return ipStr, ok
}
return ipCryptConfig.EncryptIPString(ipStr), ok
}
// FormatLogLine formats a log line based on the specified format (tsv or ltsv)
func FormatLogLine(format, clientIP, qName, reason string, additionalFields ...string) (string, error) {
if format == "tsv" {
now := time.Now()
year, month, day := now.Date()
hour, minute, second := now.Clock()
tsStr := fmt.Sprintf("[%d-%02d-%02d %02d:%02d:%02d]", year, int(month), day, hour, minute, second)
var line strings.Builder
line.WriteString(fmt.Sprintf("%s\t%s\t%s\t%s", tsStr, clientIP, StringQuote(qName), StringQuote(reason)))
for _, field := range additionalFields {
line.WriteString(fmt.Sprintf("\t%s", StringQuote(field)))
}
return line.String() + "\n", nil
} else if format == "ltsv" {
var line strings.Builder
line.WriteString(fmt.Sprintf("time:%d\thost:%s\tqname:%s\tmessage:%s", time.Now().Unix(), clientIP, StringQuote(qName), StringQuote(reason)))
// For LTSV format, additional fields are added with specific labels
for i, field := range additionalFields {
if i == 0 {
line.WriteString(fmt.Sprintf("\tip:%s", StringQuote(field)))
} else {
line.WriteString(fmt.Sprintf("\tfield%d:%s", i, StringQuote(field)))
}
}
return line.String() + "\n", nil
}
return "", fmt.Errorf("unexpected log format: [%s]", format)
}
// WritePluginLog writes a log entry for plugin actions
func WritePluginLog(logger io.Writer, format, clientIP, qName, reason string, additionalFields ...string) error {
if logger == nil {
return errors.New("Log file not initialized")
}
line, err := FormatLogLine(format, clientIP, qName, reason, additionalFields...)
if err != nil {
return err
}
_, err = logger.Write([]byte(line))
return err
}
// ParseTimeBasedRule parses a rule line that may contain time-based restrictions (@timerange)
func ParseTimeBasedRule(line string, lineNo int, allWeeklyRanges *map[string]WeeklyRanges) (rulePart string, weeklyRanges *WeeklyRanges, err error) {
parts := strings.Split(line, "@")
timeRangeName := ""
if len(parts) == 2 {
rulePart = strings.TrimSpace(parts[0])
timeRangeName = strings.TrimSpace(parts[1])
} else if len(parts) > 2 {
return "", nil, fmt.Errorf("syntax error at line %d -- Unexpected @ character", 1+lineNo)
} else {
rulePart = line
}
if len(timeRangeName) > 0 {
if weeklyRangesX, ok := (*allWeeklyRanges)[timeRangeName]; ok {
weeklyRanges = &weeklyRangesX
} else {
return "", nil, fmt.Errorf("time range [%s] not found at line %d", timeRangeName, 1+lineNo)
}
}
return rulePart, weeklyRanges, nil
}
// ParseIPRule parses and validates an IP rule line
func ParseIPRule(line string, lineNo int) (cleanLine string, trailingStar bool, err error) {
ip := net.ParseIP(line)
trailingStar = strings.HasSuffix(line, "*")
if len(line) < 2 || (ip != nil && trailingStar) {
return "", false, fmt.Errorf("suspicious IP rule [%s] at line %d", line, lineNo)
}
cleanLine = line
if trailingStar {
cleanLine = cleanLine[:len(cleanLine)-1]
}
if strings.HasSuffix(cleanLine, ":") || strings.HasSuffix(cleanLine, ".") {
cleanLine = cleanLine[:len(cleanLine)-1]
}
if len(cleanLine) == 0 {
return "", false, fmt.Errorf("empty IP rule at line %d", lineNo)
}
if strings.Contains(cleanLine, "*") {
return "", false, fmt.Errorf("invalid rule: [%s] - wildcards can only be used as a suffix at line %d", line, lineNo)
}
return strings.ToLower(cleanLine), trailingStar, nil
}
// ProcessConfigLines processes configuration file lines, calling the processor function for each non-empty line
func ProcessConfigLines(lines string, processor func(line string, lineNo int) error) error {
for lineNo, line := range strings.Split(lines, "\n") {
line = TrimAndStripInlineComments(line)
if len(line) == 0 {
continue
}
if err := processor(line, lineNo); err != nil {
return err
}
}
return nil
}
// LoadIPRules loads IP rules from text lines into three structures:
// - ips (map): exact IP addresses
// - prefixes (radix tree): wildcard prefix rules (e.g. "192.168.*")
// - networks (critbit net): CIDR network masks (e.g. "10.0.0.0/8")
func LoadIPRules(lines string, prefixes *iradix.Tree, ips map[string]any, networks *critbitgo.Net) (*iradix.Tree, error) {
err := ProcessConfigLines(lines, func(line string, lineNo int) error {
if strings.Contains(line, "/") {
if networks == nil {
dlog.Errorf("CIDR rule [%s] at line %d but no network table provided", line, lineNo)
return nil
}
if err := networks.AddCIDR(line, true); err != nil {
dlog.Errorf("Invalid CIDR rule [%s] at line %d: %v", line, lineNo, err)
}
return nil
}
cleanLine, trailingStar, lineErr := ParseIPRule(line, lineNo)
if lineErr != nil {
dlog.Error(lineErr)
return nil // Continue processing (matching existing behavior)
}
if trailingStar {
prefixes, _, _ = prefixes.Insert([]byte(cleanLine), 0)
} else {
ips[cleanLine] = true
}
return nil
})
return prefixes, err
}
// InitializePluginLogger initializes a logger for a plugin if the log file is configured
func InitializePluginLogger(logFile, format string, maxSize, maxAge, maxBackups int) (io.Writer, string) {
if len(logFile) > 0 {
return Logger(maxSize, maxAge, maxBackups, logFile), format
}
return nil, ""
}
// reverseAddr returns the in-addr.arpa. or ip6.arpa. hostname of the IP
// address suitable for reverse DNS (PTR) record lookups.
func reverseAddr(addr string) (string, error) {
ip := net.ParseIP(addr)
if ip == nil {
return "", errors.New("unrecognized address: " + addr)
}
if v4 := ip.To4(); v4 != nil {
buf := make([]byte, 0, net.IPv4len*4+len("in-addr.arpa."))
for i := len(v4) - 1; i >= 0; i-- {
buf = strconv.AppendInt(buf, int64(v4[i]), 10)
buf = append(buf, '.')
}
buf = append(buf, "in-addr.arpa."...)
return string(buf), nil
}
// Must be IPv6
const hexDigits = "0123456789abcdef"
buf := make([]byte, 0, net.IPv6len*4+len("ip6.arpa."))
for i := len(ip) - 1; i >= 0; i-- {
v := ip[i]
buf = append(buf, hexDigits[v&0xF], '.', hexDigits[v>>4], '.')
}
buf = append(buf, "ip6.arpa."...)
return string(buf), nil
}
// fqdn returns the fully qualified domain name (with trailing dot)
func fqdn(name string) string {
if len(name) == 0 || name[len(name)-1] == '.' {
return name
}
return name + "."
}
================================================
FILE: dnscrypt-proxy/common_test.go
================================================
package main
import (
"net"
"testing"
)
func TestExtractClientIPStr(t *testing.T) {
tests := []struct {
name string
pluginsState *PluginsState
wantIP string
wantOK bool
}{
{
name: "nil clientAddr should return empty",
pluginsState: &PluginsState{
clientProto: "tcp",
clientAddr: nil,
},
wantIP: "",
wantOK: false,
},
{
name: "valid UDP address",
pluginsState: &PluginsState{
clientProto: "udp",
clientAddr: func() *net.Addr {
addr := net.Addr(
&net.UDPAddr{
IP: net.ParseIP("192.168.1.1"),
Port: 53,
},
)
return &addr
}(),
},
wantIP: "192.168.1.1",
wantOK: true,
},
{
name: "valid TCP address",
pluginsState: &PluginsState{
clientProto: "tcp",
clientAddr: func() *net.Addr {
addr := net.Addr(
&net.TCPAddr{
IP: net.ParseIP("10.0.0.1"),
Port: 53,
},
)
return &addr
}(),
},
wantIP: "10.0.0.1",
wantOK: true,
},
{
name: "unknown protocol",
pluginsState: &PluginsState{
clientProto: "unknown",
clientAddr: func() *net.Addr {
addr := net.Addr(
&net.TCPAddr{
IP: net.ParseIP("10.0.0.1"),
Port: 53,
},
)
return &addr
}(),
},
wantIP: "",
wantOK: false,
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
gotIP, gotOK := ExtractClientIPStr(tt.pluginsState)
if gotIP != tt.wantIP {
t.Errorf("ExtractClientIPStr() IP = %v, want %v", gotIP, tt.wantIP)
}
if gotOK != tt.wantOK {
t.Errorf("ExtractClientIPStr() OK = %v, want %v", gotOK, tt.wantOK)
}
})
}
}
================================================
FILE: dnscrypt-proxy/config.go
================================================
package main
import (
"encoding/json"
"errors"
"fmt"
"math/rand"
"os"
"path"
"path/filepath"
"strconv"
"strings"
"time"
"github.com/BurntSushi/toml"
"github.com/jedisct1/dlog"
stamps "github.com/jedisct1/go-dnsstamps"
)
const (
MaxTimeout = 3600
DefaultNetprobeAddress = "9.9.9.9:53"
)
type Config struct {
LogLevel int `toml:"log_level"`
LogFile *string `toml:"log_file"`
LogFileLatest bool `toml:"log_file_latest"`
UseSyslog bool `toml:"use_syslog"`
ServerNames []string `toml:"server_names"`
DisabledServerNames []string `toml:"disabled_server_names"`
ListenAddresses []string `toml:"listen_addresses"`
LocalDoH LocalDoHConfig `toml:"local_doh"`
MonitoringUI MonitoringUIConfig `toml:"monitoring_ui"`
UserName string `toml:"user_name"`
ForceTCP bool `toml:"force_tcp"`
HTTP3 bool `toml:"http3"`
HTTP3Probe bool `toml:"http3_probe"`
Timeout int `toml:"timeout"`
KeepAlive int `toml:"keepalive"`
Proxy string `toml:"proxy"`
CertRefreshConcurrency int `toml:"cert_refresh_concurrency"`
CertRefreshDelay int `toml:"cert_refresh_delay"`
CertIgnoreTimestamp bool `toml:"cert_ignore_timestamp"`
EphemeralKeys bool `toml:"dnscrypt_ephemeral_keys"`
LBStrategy string `toml:"lb_strategy"`
LBEstimator bool `toml:"lb_estimator"`
BlockIPv6 bool `toml:"block_ipv6"`
BlockUnqualified bool `toml:"block_unqualified"`
BlockUndelegated bool `toml:"block_undelegated"`
EnableHotReload bool `toml:"enable_hot_reload"`
Cache bool
CacheSize int `toml:"cache_size"`
CacheNegTTL uint32 `toml:"cache_neg_ttl"`
CacheNegMinTTL uint32 `toml:"cache_neg_min_ttl"`
CacheNegMaxTTL uint32 `toml:"cache_neg_max_ttl"`
CacheMinTTL uint32 `toml:"cache_min_ttl"`
CacheMaxTTL uint32 `toml:"cache_max_ttl"`
RejectTTL uint32 `toml:"reject_ttl"`
CloakTTL uint32 `toml:"cloak_ttl"`
QueryLog QueryLogConfig `toml:"query_log"`
NxLog NxLogConfig `toml:"nx_log"`
BlockName BlockNameConfig `toml:"blocked_names"`
BlockNameLegacy BlockNameConfigLegacy `toml:"blacklist"`
WhitelistNameLegacy WhitelistNameConfigLegacy `toml:"whitelist"`
AllowedName AllowedNameConfig `toml:"allowed_names"`
BlockIP BlockIPConfig `toml:"blocked_ips"`
BlockIPLegacy BlockIPConfigLegacy `toml:"ip_blacklist"`
AllowIP AllowIPConfig `toml:"allowed_ips"`
ForwardFile string `toml:"forwarding_rules"`
CloakFile string `toml:"cloaking_rules"`
CaptivePortals CaptivePortalsConfig `toml:"captive_portals"`
StaticsConfig map[string]StaticConfig `toml:"static"`
SourcesConfig map[string]SourceConfig `toml:"sources"`
BrokenImplementations BrokenImplementationsConfig `toml:"broken_implementations"`
SourceRequireDNSSEC bool `toml:"require_dnssec"`
SourceRequireNoLog bool `toml:"require_nolog"`
SourceRequireNoFilter bool `toml:"require_nofilter"`
SourceDNSCrypt bool `toml:"dnscrypt_servers"`
SourceDoH bool `toml:"doh_servers"`
SourceODoH bool `toml:"odoh_servers"`
SourceIPv4 bool `toml:"ipv4_servers"`
SourceIPv6 bool `toml:"ipv6_servers"`
MaxClients uint32 `toml:"max_clients"`
TimeoutLoadReduction float64 `toml:"timeout_load_reduction"`
BootstrapResolversLegacy []string `toml:"fallback_resolvers"`
BootstrapResolvers []string `toml:"bootstrap_resolvers"`
IgnoreSystemDNS bool `toml:"ignore_system_dns"`
AllWeeklyRanges map[string]WeeklyRangesStr `toml:"schedules"`
LogMaxSize int `toml:"log_files_max_size"`
LogMaxAge int `toml:"log_files_max_age"`
LogMaxBackups int `toml:"log_files_max_backups"`
TLSDisableSessionTickets bool `toml:"tls_disable_session_tickets"`
TLSCipherSuite []uint16 `toml:"tls_cipher_suite"`
TLSPreferRSA bool `toml:"tls_prefer_rsa"`
TLSKeyLogFile string `toml:"tls_key_log_file"`
NetprobeAddress string `toml:"netprobe_address"`
NetprobeTimeout int `toml:"netprobe_timeout"`
OfflineMode bool `toml:"offline_mode"`
HTTPProxyURL string `toml:"http_proxy"`
RefusedCodeInResponses bool `toml:"refused_code_in_responses"`
BlockedQueryResponse string `toml:"blocked_query_response"`
QueryMeta []string `toml:"query_meta"`
CloakedPTR bool `toml:"cloak_ptr"`
AnonymizedDNS AnonymizedDNSConfig `toml:"anonymized_dns"`
DoHClientX509Auth DoHClientX509AuthConfig `toml:"doh_client_x509_auth"`
DoHClientX509AuthLegacy DoHClientX509AuthConfig `toml:"tls_client_auth"`
DNS64 DNS64Config `toml:"dns64"`
EDNSClientSubnet []string `toml:"edns_client_subnet"`
IPEncryption IPEncryptionConfig `toml:"ip_encryption"`
}
func newConfig() Config {
return Config{
LogLevel: int(dlog.LogLevel()),
LogFileLatest: true,
ListenAddresses: []string{"127.0.0.1:53"},
LocalDoH: LocalDoHConfig{Path: "/dns-query"},
MonitoringUI: MonitoringUIConfig{
Enabled: false,
ListenAddress: "127.0.0.1:8080",
Username: "admin", // Set to empty string to disable authentication
Password: "changeme",
EnableQueryLog: false,
PrivacyLevel: 2,
},
Timeout: 5000,
KeepAlive: 5,
CertRefreshConcurrency: 10,
CertRefreshDelay: 240,
HTTP3: false,
HTTP3Probe: false,
CertIgnoreTimestamp: false,
EphemeralKeys: false,
Cache: true,
CacheSize: 512,
CacheNegTTL: 0,
CacheNegMinTTL: 60,
CacheNegMaxTTL: 600,
CacheMinTTL: 60,
CacheMaxTTL: 86400,
RejectTTL: 600,
CloakTTL: 600,
SourceRequireNoLog: true,
SourceRequireNoFilter: true,
SourceIPv4: true,
SourceIPv6: false,
SourceDNSCrypt: true,
SourceDoH: true,
SourceODoH: false,
MaxClients: 250,
TimeoutLoadReduction: 0.75,
BootstrapResolvers: []string{DefaultBootstrapResolver},
IgnoreSystemDNS: false,
LogMaxSize: 10,
LogMaxAge: 7,
LogMaxBackups: 1,
TLSDisableSessionTickets: false,
TLSCipherSuite: nil,
TLSPreferRSA: false,
TLSKeyLogFile: "",
NetprobeTimeout: 60,
OfflineMode: false,
RefusedCodeInResponses: false,
LBEstimator: true,
BlockedQueryResponse: "hinfo",
BrokenImplementations: BrokenImplementationsConfig{
FragmentsBlocked: []string{
"cisco", "cisco-ipv6", "cisco-familyshield", "cisco-familyshield-ipv6",
"cleanbrowsing-adult", "cleanbrowsing-adult-ipv6", "cleanbrowsing-family", "cleanbrowsing-family-ipv6", "cleanbrowsing-security", "cleanbrowsing-security-ipv6",
},
},
AnonymizedDNS: AnonymizedDNSConfig{
DirectCertFallback: true,
},
CloakedPTR: false,
}
}
type StaticConfig struct {
Stamp string
}
type SourceConfig struct {
URL string
URLs []string
MinisignKeyStr string `toml:"minisign_key"`
CacheFile string `toml:"cache_file"`
FormatStr string `toml:"format"`
RefreshDelay int `toml:"refresh_delay"`
CacheTTL int `toml:"cache_ttl"`
Prefix string
}
type QueryLogConfig struct {
File string
Format string
IgnoredQtypes []string `toml:"ignored_qtypes"`
}
type NxLogConfig struct {
File string
Format string
}
type BlockNameConfig struct {
File string `toml:"blocked_names_file"`
LogFile string `toml:"log_file"`
Format string `toml:"log_format"`
}
type BlockNameConfigLegacy struct {
File string `toml:"blacklist_file"`
LogFile string `toml:"log_file"`
Format string `toml:"log_format"`
}
type WhitelistNameConfigLegacy struct {
File string `toml:"whitelist_file"`
LogFile string `toml:"log_file"`
Format string `toml:"log_format"`
}
type AllowedNameConfig struct {
File string `toml:"allowed_names_file"`
LogFile string `toml:"log_file"`
Format string `toml:"log_format"`
}
type BlockIPConfig struct {
File string `toml:"blocked_ips_file"`
LogFile string `toml:"log_file"`
Format string `toml:"log_format"`
}
type BlockIPConfigLegacy struct {
File string `toml:"blacklist_file"`
LogFile string `toml:"log_file"`
Format string `toml:"log_format"`
}
type AllowIPConfig struct {
File string `toml:"allowed_ips_file"`
LogFile string `toml:"log_file"`
Format string `toml:"log_format"`
}
type AnonymizedDNSRouteConfig struct {
ServerName string `toml:"server_name"`
RelayNames []string `toml:"via"`
}
type AnonymizedDNSConfig struct {
Routes []AnonymizedDNSRouteConfig `toml:"routes"`
SkipIncompatible bool `toml:"skip_incompatible"`
DirectCertFallback bool `toml:"direct_cert_fallback"`
}
type BrokenImplementationsConfig struct {
BrokenQueryPadding []string `toml:"broken_query_padding"`
FragmentsBlocked []string `toml:"fragments_blocked"`
}
type LocalDoHConfig struct {
ListenAddresses []string `toml:"listen_addresses"`
Path string `toml:"path"`
CertFile string `toml:"cert_file"`
CertKeyFile string `toml:"cert_key_file"`
}
type ServerSummary struct {
Name string `json:"name"`
Proto string `json:"proto"`
IPv6 bool `json:"ipv6"`
Addrs []string `json:"addrs,omitempty"`
Ports []int `json:"ports"`
DNSSEC *bool `json:"dnssec,omitempty"`
NoLog bool `json:"nolog"`
NoFilter bool `json:"nofilter"`
Description string `json:"description,omitempty"`
Stamp string `json:"stamp"`
}
type TLSClientAuthCredsConfig struct {
ServerName string `toml:"server_name"`
ClientCert string `toml:"client_cert"`
ClientKey string `toml:"client_key"`
RootCA string `toml:"root_ca"`
}
type DoHClientX509AuthConfig struct {
Creds []TLSClientAuthCredsConfig `toml:"creds"`
}
type DNS64Config struct {
Prefixes []string `toml:"prefix"`
Resolvers []string `toml:"resolver"`
}
type IPEncryptionConfig struct {
Key string `toml:"key"`
Algorithm string `toml:"algorithm"`
}
type CaptivePortalsConfig struct {
MapFile string `toml:"map_file"`
}
type ConfigFlags struct {
Resolve *string
List *bool
ListAll *bool
IncludeRelays *bool
JSONOutput *bool
Check *bool
ConfigFile *string
Child *bool
NetprobeTimeoutOverride *int
ShowCerts *bool
}
func findConfigFile(configFile *string) (string, error) {
if _, err := os.Stat(*configFile); os.IsNotExist(err) {
cdLocal()
if _, err := os.Stat(*configFile); err != nil {
return "", err
}
}
pwd, err := os.Getwd()
if err != nil {
return "", err
}
if filepath.IsAbs(*configFile) {
return *configFile, nil
}
return path.Join(pwd, *configFile), nil
}
func ConfigLoad(proxy *Proxy, flags *ConfigFlags) error {
foundConfigFile, err := findConfigFile(flags.ConfigFile)
if err != nil {
return fmt.Errorf(
"Unable to load the configuration file [%s] -- Maybe use the -config command-line switch?",
*flags.ConfigFile,
)
}
WarnIfMaybeWritableByOtherUsers(foundConfigFile)
config := newConfig()
md, err := toml.DecodeFile(foundConfigFile, &config)
if err != nil {
return err
}
if flags.Resolve != nil && len(*flags.Resolve) > 0 {
addr := "127.0.0.1:53"
if len(config.ListenAddresses) > 0 {
addr = config.ListenAddresses[0]
}
Resolve(addr, *flags.Resolve, len(config.ServerNames) == 1)
os.Exit(0)
}
if err := cdFileDir(foundConfigFile); err != nil {
return err
}
// Check for unsupported keys in configuration
undecoded := md.Undecoded()
if len(undecoded) > 0 {
return fmt.Errorf("Unsupported key in configuration file: [%s]", undecoded[0])
}
// Set up basic proxy properties
proxy.showCerts = *flags.ShowCerts || len(os.Getenv("SHOW_CERTS")) > 0
proxy.logMaxSize = config.LogMaxSize
proxy.logMaxAge = config.LogMaxAge
proxy.logMaxBackups = config.LogMaxBackups
proxy.userName = config.UserName
proxy.child = *flags.Child
proxy.enableHotReload = config.EnableHotReload
proxy.xTransport = NewXTransport()
// Configure logging
configureLogging(proxy, flags, &config)
// Configure server parameters
configureServerParams(proxy, &config)
// Configure XTransport (may override mainProto if proxy is configured)
if err := configureXTransport(proxy, &config); err != nil {
return err
}
// Configure DoH client authentication
if err := configureDoHClientAuth(proxy, &config); err != nil {
return err
}
// Configure load balancing
configureLoadBalancing(proxy, &config)
// Configure plugins
configurePlugins(proxy, &config)
// Configure EDNS client subnet
if err := configureEDNSClientSubnet(proxy, &config); err != nil {
return err
}
// Configure query logging
if err := configureQueryLog(proxy, &config); err != nil {
return err
}
// Configure NX domain logging
if err := configureNXLog(proxy, &config); err != nil {
return err
}
// Configure blocked names
if err := configureBlockedNames(proxy, &config); err != nil {
return err
}
// Configure allowed names
if err := configureAllowedNames(proxy, &config); err != nil {
return err
}
// Configure blocked IPs
if err := configureBlockedIPs(proxy, &config); err != nil {
return err
}
// Configure allowed IPs
if err := configureAllowedIPs(proxy, &config); err != nil {
return err
}
// Configure additional files
configureAdditionalFiles(proxy, &config)
// Configure weekly ranges
if err := configureWeeklyRanges(proxy, &config); err != nil {
return err
}
// Configure anonymized DNS
configureAnonymizedDNS(proxy, &config)
// Configure broken implementations
configureBrokenImplementations(proxy, &config)
// Configure DNS64
configureDNS64(proxy, &config)
// Configure IP encryption
if err := configureIPEncryption(proxy, &config); err != nil {
return err
}
// Configure source restrictions
configureSourceRestrictions(proxy, flags, &config)
// Initialize networking
if err := initializeNetworking(proxy, flags, &config); err != nil {
return err
}
// if 'userName' is set and we are the parent process drop privilege and exit
if len(proxy.userName) > 0 && !proxy.child {
proxy.dropPrivilege(proxy.userName, FileDescriptors)
return errors.New(
"Dropping privileges is not supported on this operating system. Unset `user_name` in the configuration file",
)
}
// Load sources and verify servers
if !config.OfflineMode {
if err := config.loadSources(proxy); err != nil {
return err
}
if len(proxy.registeredServers) == 0 {
return errors.New("None of the servers listed in the server_names list were found in the configured sources.")
}
}
// Handle listing servers if requested
if *flags.List || *flags.ListAll {
if err := config.printRegisteredServers(proxy, *flags.JSONOutput, *flags.IncludeRelays); err != nil {
return err
}
os.Exit(0)
}
// Log anonymized DNS routes
if proxy.routes != nil && len(*proxy.routes) > 0 {
hasSpecificRoutes := false
for _, server := range proxy.registeredServers {
if via, ok := (*proxy.routes)[server.name]; ok {
if server.stamp.Proto != stamps.StampProtoTypeDNSCrypt &&
server.stamp.Proto != stamps.StampProtoTypeODoHTarget {
dlog.Errorf(
"DNS anonymization is only supported with the DNSCrypt and ODoH protocols - Connections to [%v] cannot be anonymized",
server.name,
)
} else {
dlog.Noticef("Anonymized DNS: routing [%v] via %v", server.name, via)
}
hasSpecificRoutes = true
}
}
if via, ok := (*proxy.routes)["*"]; ok {
if hasSpecificRoutes {
dlog.Noticef("Anonymized DNS: routing everything else via %v", via)
} else {
dlog.Noticef("Anonymized DNS: routing everything via %v", via)
}
}
}
// Exit if just checking configuration
if *flags.Check {
dlog.Notice("Configuration successfully checked")
os.Exit(0)
}
return nil
}
// GetRefusedFlag - Returns whether the config has defined refused_code_in_responses
func (config *Config) GetRefusedFlag(configFile string) (bool, bool) {
var refused bool
md, err := toml.DecodeFile(configFile, &refused)
if err != nil {
return false, false
}
return refused, md.IsDefined("refused_code_in_responses")
}
// configureBrokenImplementations - Helper function for IsDefined check
func configureBrokenImplementations(proxy *Proxy, config *Config) {
// Backwards compatibility
config.BrokenImplementations.FragmentsBlocked = append(
config.BrokenImplementations.FragmentsBlocked,
config.BrokenImplementations.BrokenQueryPadding...)
proxy.serversBlockingFragments = config.BrokenImplementations.FragmentsBlocked
}
// configureDNS64 - Helper function for DNS64
func configureDNS64(proxy *Proxy, config *Config) {
proxy.dns64Prefixes = config.DNS64.Prefixes
proxy.dns64Resolvers = config.DNS64.Resolvers
}
// configureIPEncryption - Helper function for IP encryption
func configureIPEncryption(proxy *Proxy, config *Config) error {
ipCryptConfig, err := NewIPCryptConfig(
config.IPEncryption.Key,
config.IPEncryption.Algorithm,
)
if err != nil {
return fmt.Errorf("IP encryption configuration error: %w", err)
}
proxy.ipCryptConfig = ipCryptConfig
return nil
}
func (config *Config) printRegisteredServers(proxy *Proxy, jsonOutput bool, includeRelays bool) error {
var summary []ServerSummary
if includeRelays {
for _, registeredRelay := range proxy.registeredRelays {
addrStr, port := registeredRelay.stamp.ServerAddrStr, stamps.DefaultPort
var hostAddr string
hostAddr, port = ExtractHostAndPort(addrStr, port)
addrs := make([]string, 0)
if (registeredRelay.stamp.Proto == stamps.StampProtoTypeDoH || registeredRelay.stamp.Proto == stamps.StampProtoTypeODoHTarget) &&
len(registeredRelay.stamp.ProviderName) > 0 {
providerName := registeredRelay.stamp.ProviderName
var host string
host, port = ExtractHostAndPort(providerName, port)
addrs = append(addrs, host)
}
if len(addrStr) > 0 {
addrs = append(addrs, hostAddr)
}
nolog := true
nofilter := true
if registeredRelay.stamp.Proto == stamps.StampProtoTypeODoHRelay {
nolog = registeredRelay.stamp.Props&stamps.ServerInformalPropertyNoLog != 0
}
serverSummary := ServerSummary{
Name: registeredRelay.name,
Proto: registeredRelay.stamp.Proto.String(),
IPv6: strings.HasPrefix(addrStr, "["),
Ports: []int{port},
Addrs: addrs,
NoLog: nolog,
NoFilter: nofilter,
Description: registeredRelay.description,
Stamp: registeredRelay.stamp.String(),
}
if jsonOutput {
summary = append(summary, serverSummary)
} else {
fmt.Println(serverSummary.Name)
}
}
}
for _, registeredServer := range proxy.registeredServers {
addrStr, port := registeredServer.stamp.ServerAddrStr, stamps.DefaultPort
var hostAddr string
hostAddr, port = ExtractHostAndPort(addrStr, port)
addrs := make([]string, 0)
if (registeredServer.stamp.Proto == stamps.StampProtoTypeDoH || registeredServer.stamp.Proto == stamps.StampProtoTypeODoHTarget) &&
len(registeredServer.stamp.ProviderName) > 0 {
providerName := registeredServer.stamp.ProviderName
var host string
host, port = ExtractHostAndPort(providerName, port)
addrs = append(addrs, host)
}
if len(addrStr) > 0 {
addrs = append(addrs, hostAddr)
}
dnssec := registeredServer.stamp.Props&stamps.ServerInformalPropertyDNSSEC != 0
serverSummary := ServerSummary{
Name: registeredServer.name,
Proto: registeredServer.stamp.Proto.String(),
IPv6: strings.HasPrefix(addrStr, "["),
Ports: []int{port},
Addrs: addrs,
DNSSEC: &dnssec,
NoLog: registeredServer.stamp.Props&stamps.ServerInformalPropertyNoLog != 0,
NoFilter: registeredServer.stamp.Props&stamps.ServerInformalPropertyNoFilter != 0,
Description: registeredServer.description,
Stamp: registeredServer.stamp.String(),
}
if jsonOutput {
summary = append(summary, serverSummary)
} else {
fmt.Println(serverSummary.Name)
}
}
if jsonOutput {
jsonStr, err := json.MarshalIndent(summary, "", " ")
if err != nil {
return err
}
fmt.Print(string(jsonStr))
}
return nil
}
func (config *Config) loadSources(proxy *Proxy) error {
for cfgSourceName, cfgSource_ := range config.SourcesConfig {
cfgSource := cfgSource_
rand.Shuffle(len(cfgSource.URLs), func(i, j int) {
cfgSource.URLs[i], cfgSource.URLs[j] = cfgSource.URLs[j], cfgSource.URLs[i]
})
if err := config.loadSource(proxy, cfgSourceName, &cfgSource); err != nil {
return err
}
}
for name, config := range config.StaticsConfig {
if stamp, err := stamps.NewServerStampFromString(config.Stamp); err == nil {
if stamp.Proto == stamps.StampProtoTypeDNSCryptRelay || stamp.Proto == stamps.StampProtoTypeODoHRelay {
dlog.Debugf("Adding [%s] to the set of available static relays", name)
registeredServer := RegisteredServer{name: name, stamp: stamp, description: "static relay"}
proxy.registeredRelays = append(proxy.registeredRelays, registeredServer)
}
}
}
if len(config.ServerNames) == 0 {
for serverName := range config.StaticsConfig {
config.ServerNames = append(config.ServerNames, serverName)
}
}
for _, serverName := range config.ServerNames {
staticConfig, ok := config.StaticsConfig[serverName]
if !ok {
continue
}
if len(staticConfig.Stamp) == 0 {
return fmt.Errorf("Missing stamp for the static [%s] definition", serverName)
}
stamp, err := stamps.NewServerStampFromString(staticConfig.Stamp)
if err != nil {
return fmt.Errorf("Stamp error for the static [%s] definition: [%v]", serverName, err)
}
proxy.registeredServers = append(proxy.registeredServers, RegisteredServer{name: serverName, stamp: stamp})
}
if err := proxy.updateRegisteredServers(); err != nil {
return err
}
return nil
}
func (config *Config) loadSource(proxy *Proxy, cfgSourceName string, cfgSource *SourceConfig) error {
if len(cfgSource.URLs) == 0 {
if len(cfgSource.URL) == 0 {
dlog.Debugf("Missing URLs for source [%s]", cfgSourceName)
} else {
cfgSource.URLs = []string{cfgSource.URL}
}
}
if cfgSource.MinisignKeyStr == "" {
return fmt.Errorf("Missing Minisign key for source [%s]", cfgSourceName)
}
if cfgSource.CacheFile == "" {
return fmt.Errorf("Missing cache file for source [%s]", cfgSourceName)
}
if cfgSource.FormatStr == "" {
cfgSource.FormatStr = "v2"
}
if cfgSource.RefreshDelay <= 0 {
cfgSource.RefreshDelay = 72
}
cfgSource.RefreshDelay = Min(169, Max(25, cfgSource.RefreshDelay))
if cfgSource.CacheTTL <= 0 {
cfgSource.CacheTTL = 168
}
cfgSource.CacheTTL = Min(168, Max(cfgSource.RefreshDelay, cfgSource.CacheTTL))
source, err := NewSource(
cfgSourceName,
proxy.xTransport,
cfgSource.URLs,
cfgSource.MinisignKeyStr,
cfgSource.CacheFile,
cfgSource.FormatStr,
time.Duration(cfgSource.RefreshDelay)*time.Hour,
time.Duration(cfgSource.CacheTTL)*time.Hour,
cfgSource.Prefix,
)
if err != nil {
if len(source.bin) <= 0 {
dlog.Criticalf("Unable to retrieve source [%s]: [%s]", cfgSourceName, err)
return err
}
dlog.Infof("Downloading [%s] failed: %v, using cache file to startup", source.name, err)
}
proxy.sources = append(proxy.sources, source)
return nil
}
func includesName(names []string, name string) bool {
for _, found := range names {
if strings.EqualFold(found, name) {
return true
}
}
return false
}
func cdFileDir(fileName string) error {
return os.Chdir(filepath.Dir(fileName))
}
func cdLocal() {
exeFileName, err := os.Executable()
if err != nil {
dlog.Warnf(
"Unable to determine the executable directory: [%s] -- You will need to specify absolute paths in the configuration file",
err,
)
} else if err := os.Chdir(filepath.Dir(exeFileName)); err != nil {
dlog.Warnf("Unable to change working directory to [%s]: %s", exeFileName, err)
}
}
func isIPAndPort(addrStr string) error {
host, port := ExtractHostAndPort(addrStr, -1)
if ip := ParseIP(host); ip == nil {
return fmt.Errorf("Host does not parse as IP '%s'", addrStr)
} else if port == -1 {
return fmt.Errorf("Port missing '%s'", addrStr)
} else if _, err := strconv.ParseUint(strconv.Itoa(port), 10, 16); err != nil {
return fmt.Errorf("Port does not parse '%s' [%v]", addrStr, err)
} else if ip.To4() == nil {
// IPv6 address must use bracket notation to avoid ambiguity
if !strings.HasPrefix(host, "[") || !strings.HasSuffix(host, "]") {
return fmt.Errorf("IPv6 addresses must use bracket notation, e.g., [%s]:%d", ip.String(), port)
}
}
return nil
}
================================================
FILE: dnscrypt-proxy/config_loader.go
================================================
package main
import (
"errors"
"fmt"
"net"
"net/http"
"net/url"
"os"
"strconv"
"strings"
"time"
"github.com/jedisct1/dlog"
stamps "github.com/jedisct1/go-dnsstamps"
netproxy "golang.org/x/net/proxy"
)
// configureLogging - Configure logging based on the configuration
func configureLogging(proxy *Proxy, flags *ConfigFlags, config *Config) {
if config.LogLevel >= 0 && config.LogLevel < int(dlog.SeverityLast) {
dlog.SetLogLevel(dlog.Severity(config.LogLevel))
}
if dlog.LogLevel() <= dlog.SeverityDebug && os.Getenv("DEBUG") == "" {
dlog.SetLogLevel(dlog.SeverityInfo)
}
dlog.TruncateLogFile(config.LogFileLatest)
isCommandMode := false
if flags.Check != nil && *flags.Check {
isCommandMode = true
}
if proxy.showCerts {
isCommandMode = true
}
if flags.List != nil && *flags.List {
isCommandMode = true
}
if flags.ListAll != nil && *flags.ListAll {
isCommandMode = true
}
if isCommandMode {
// Don't configure additional logging for command mode
return
}
if config.UseSyslog {
dlog.UseSyslog(true)
} else if config.LogFile != nil {
dlog.UseLogFile(*config.LogFile)
if !*flags.Child {
FileDescriptors = append(FileDescriptors, dlog.GetFileDescriptor())
} else {
dlog.SetFileDescriptor(os.NewFile(uintptr(InheritedDescriptorsBase+FileDescriptorNum), "logFile"))
FileDescriptorNum++
}
}
if !*flags.Child {
dlog.Noticef("dnscrypt-proxy %s", AppVersion)
}
}
// configureXTransport - Configures the XTransport
func configureXTransport(proxy *Proxy, config *Config) error {
proxy.xTransport.tlsDisableSessionTickets = config.TLSDisableSessionTickets
proxy.xTransport.tlsPreferRSA = config.TLSPreferRSA
proxy.xTransport.http3 = config.HTTP3
proxy.xTransport.http3Probe = config.HTTP3Probe
// Configure bootstrap resolvers
if len(config.BootstrapResolvers) == 0 && len(config.BootstrapResolversLegacy) > 0 {
dlog.Warnf("fallback_resolvers was renamed to bootstrap_resolvers - Please update your configuration")
config.BootstrapResolvers = config.BootstrapResolversLegacy
}
if len(config.BootstrapResolvers) > 0 {
for _, resolver := range config.BootstrapResolvers {
if err := isIPAndPort(resolver); err != nil {
return fmt.Errorf("Bootstrap resolver [%v]: %v", resolver, err)
}
}
proxy.xTransport.ignoreSystemDNS = config.IgnoreSystemDNS
}
proxy.xTransport.bootstrapResolvers = config.BootstrapResolvers
proxy.xTransport.useIPv4 = config.SourceIPv4
proxy.xTransport.useIPv6 = config.SourceIPv6
proxy.xTransport.keepAlive = time.Duration(config.KeepAlive) * time.Second
// Configure HTTP proxy URL if specified
if len(config.HTTPProxyURL) > 0 {
httpProxyURL, err := url.Parse(config.HTTPProxyURL)
if err != nil {
return fmt.Errorf("Unable to parse the HTTP proxy URL [%v]", config.HTTPProxyURL)
}
// Pre-resolve proxy hostname using bootstrap resolvers if it's a domain
if httpProxyURL.Hostname() != "" && ParseIP(httpProxyURL.Hostname()) == nil {
ips, ttl, err := proxy.xTransport.resolve(httpProxyURL.Hostname(), proxy.xTransport.useIPv4, proxy.xTransport.useIPv6)
if err != nil {
dlog.Warnf("Unable to resolve HTTP proxy hostname [%s] using bootstrap resolvers: %v", httpProxyURL.Hostname(), err)
} else if len(ips) > 0 {
proxy.xTransport.saveCachedIPs(httpProxyURL.Hostname(), ips, ttl)
dlog.Infof("Resolved HTTP proxy hostname [%s] to [%s] using bootstrap resolvers", httpProxyURL.Hostname(), ips[0])
}
}
proxy.xTransport.httpProxyFunction = http.ProxyURL(httpProxyURL)
}
// Configure proxy dialer if specified
if len(config.Proxy) > 0 {
proxyDialerURL, err := url.Parse(config.Proxy)
if err != nil {
return fmt.Errorf("Unable to parse the proxy URL [%v]", config.Proxy)
}
proxyDialer, err := netproxy.FromURL(proxyDialerURL, netproxy.Direct)
if err != nil {
return fmt.Errorf("Unable to use the proxy: [%v]", err)
}
proxy.xTransport.proxyDialer = &proxyDialer
proxy.xTransport.mainProto = "tcp"
}
proxy.xTransport.rebuildTransport()
// Configure TLS key log if specified
if len(config.TLSKeyLogFile) > 0 {
f, err := os.OpenFile(config.TLSKeyLogFile, os.O_APPEND|os.O_CREATE|os.O_WRONLY, 0o600)
if err != nil {
dlog.Fatalf("Unable to create key log file [%s]: [%s]", config.TLSKeyLogFile, err)
}
dlog.Warnf("TLS key log file [%s] enabled", config.TLSKeyLogFile)
proxy.xTransport.keyLogWriter = f
proxy.xTransport.rebuildTransport()
}
return nil
}
// configureDoHClientAuth - Configures DoH client authentication
func configureDoHClientAuth(proxy *Proxy, config *Config) error {
if config.DoHClientX509AuthLegacy.Creds != nil {
return errors.New("[tls_client_auth] has been renamed to [doh_client_x509_auth] - Update your config file")
}
dohClientCreds := config.DoHClientX509Auth.Creds
if len(dohClientCreds) > 0 {
dlog.Noticef("Enabling TLS authentication")
configClientCred := dohClientCreds[0]
if len(dohClientCreds) > 1 {
dlog.Fatal("Only one tls_client_auth entry is currently supported")
}
proxy.xTransport.tlsClientCreds = DOHClientCreds{
clientCert: configClientCred.ClientCert,
clientKey: configClientCred.ClientKey,
rootCA: configClientCred.RootCA,
}
proxy.xTransport.rebuildTransport()
}
return nil
}
// configureServerParams - Configures server parameters
func configureServerParams(proxy *Proxy, config *Config) {
proxy.blockedQueryResponse = config.BlockedQueryResponse
proxy.timeout = time.Duration(config.Timeout) * time.Millisecond
proxy.maxClients = config.MaxClients
proxy.timeoutLoadReduction = config.TimeoutLoadReduction
if proxy.timeoutLoadReduction < 0.0 || proxy.timeoutLoadReduction > 1.0 {
dlog.Warnf("timeout_load_reduction must be between 0.0 and 1.0, using default 0.75")
proxy.timeoutLoadReduction = 0.75
}
proxy.xTransport.mainProto = "udp"
if config.ForceTCP {
proxy.xTransport.mainProto = "tcp"
}
// Configure certificate refresh parameters
proxy.certRefreshConcurrency = Max(1, config.CertRefreshConcurrency)
proxy.certRefreshDelay = time.Duration(Max(60, config.CertRefreshDelay)) * time.Minute
proxy.certRefreshDelayAfterFailure = time.Duration(10 * time.Second)
proxy.certIgnoreTimestamp = config.CertIgnoreTimestamp
proxy.ephemeralKeys = config.EphemeralKeys
proxy.monitoringUI = config.MonitoringUI
}
// configureLoadBalancing - Configures load balancing strategy
func configureLoadBalancing(proxy *Proxy, config *Config) {
lbStrategy := LBStrategy(DefaultLBStrategy)
switch lbStrategyStr := strings.ToLower(config.LBStrategy); lbStrategyStr {
case "":
// default - WP2 is now the default strategy
dlog.Noticef("Using default Weighted Power of Two (WP2) load balancing strategy")
case "p2":
lbStrategy = LBStrategyP2{}
case "ph":
lbStrategy = LBStrategyPH{}
case "fastest":
// "fastest" kept for backward compatibility with older configs
fallthrough
case "first":
lbStrategy = LBStrategyFirst{}
case "random":
lbStrategy = LBStrategyRandom{}
case "wp2":
lbStrategy = LBStrategyWP2{}
default:
if after, ok := strings.CutPrefix(lbStrategyStr, "p"); ok {
n, err := strconv.ParseInt(after, 10, 32)
if err != nil || n <= 0 {
dlog.Warnf("Invalid load balancing strategy: [%s]", config.LBStrategy)
} else {
lbStrategy = LBStrategyPN{n: int(n)}
}
} else {
dlog.Warnf("Unknown load balancing strategy: [%s]", config.LBStrategy)
}
}
proxy.serversInfo.lbStrategy = lbStrategy
proxy.serversInfo.lbEstimator = config.LBEstimator
}
// configurePlugins - Configures DNS plugins
func configurePlugins(proxy *Proxy, config *Config) {
// Configure listen addresses and paths
proxy.listenAddresses = config.ListenAddresses
proxy.localDoHListenAddresses = config.LocalDoH.ListenAddresses
if len(config.LocalDoH.Path) > 0 && config.LocalDoH.Path[0] != '/' {
dlog.Fatalf("local DoH: [%s] cannot be a valid URL path. Read the documentation", config.LocalDoH.Path)
}
proxy.localDoHPath = config.LocalDoH.Path
proxy.localDoHCertFile = config.LocalDoH.CertFile
proxy.localDoHCertKeyFile = config.LocalDoH.CertKeyFile
// Configure plugins
proxy.pluginBlockIPv6 = config.BlockIPv6
proxy.pluginBlockUnqualified = config.BlockUnqualified
proxy.pluginBlockUndelegated = config.BlockUndelegated
// Configure cache
proxy.cache = config.Cache
proxy.cacheSize = config.CacheSize
if config.CacheNegTTL > 0 {
proxy.cacheNegMinTTL = config.CacheNegTTL
proxy.cacheNegMaxTTL = config.CacheNegTTL
} else {
proxy.cacheNegMinTTL = config.CacheNegMinTTL
proxy.cacheNegMaxTTL = config.CacheNegMaxTTL
}
proxy.cacheMinTTL = config.CacheMinTTL
proxy.cacheMaxTTL = config.CacheMaxTTL
proxy.rejectTTL = config.RejectTTL
proxy.cloakTTL = config.CloakTTL
proxy.cloakedPTR = config.CloakedPTR
// Configure query meta
proxy.queryMeta = config.QueryMeta
}
// configureEDNSClientSubnet - Configures EDNS client subnet
func configureEDNSClientSubnet(proxy *Proxy, config *Config) error {
if len(config.EDNSClientSubnet) != 0 {
proxy.ednsClientSubnets = make([]*net.IPNet, 0)
for _, cidr := range config.EDNSClientSubnet {
_, ipnet, err := net.ParseCIDR(cidr)
if err != nil {
return fmt.Errorf("Invalid EDNS-client-subnet CIDR: [%v]", cidr)
}
proxy.ednsClientSubnets = append(proxy.ednsClientSubnets, ipnet)
}
}
return nil
}
// configureQueryLog - Configures query logging
func configureQueryLog(proxy *Proxy, config *Config) error {
if len(config.QueryLog.Format) == 0 {
config.QueryLog.Format = "tsv"
} else {
config.QueryLog.Format = strings.ToLower(config.QueryLog.Format)
}
if config.QueryLog.Format != "tsv" && config.QueryLog.Format != "ltsv" {
return errors.New("Unsupported query log format")
}
proxy.queryLogFile = config.QueryLog.File
proxy.queryLogFormat = config.QueryLog.Format
proxy.queryLogIgnoredQtypes = config.QueryLog.IgnoredQtypes
return nil
}
// configureNXLog - Configures NX domain logging
func configureNXLog(proxy *Proxy, config *Config) error {
if len(config.NxLog.Format) == 0 {
config.NxLog.Format = "tsv"
} else {
config.NxLog.Format = strings.ToLower(config.NxLog.Format)
}
if config.NxLog.Format != "tsv" && config.NxLog.Format != "ltsv" {
return errors.New("Unsupported NX log format")
}
proxy.nxLogFile = config.NxLog.File
proxy.nxLogFormat = config.NxLog.Format
return nil
}
// configureBlockedNames - Configures blocked names
func configureBlockedNames(proxy *Proxy, config *Config) error {
if len(config.BlockName.File) > 0 && len(config.BlockNameLegacy.File) > 0 {
return errors.New("Don't specify both [blocked_names] and [blacklist] sections - Update your config file")
}
if len(config.BlockNameLegacy.File) > 0 {
dlog.Notice("Use of [blacklist] is deprecated - Update your config file")
config.BlockName.File = config.BlockNameLegacy.File
config.BlockName.Format = config.BlockNameLegacy.Format
config.BlockName.LogFile = config.BlockNameLegacy.LogFile
}
if len(config.BlockName.Format) == 0 {
config.BlockName.Format = "tsv"
} else {
config.BlockName.Format = strings.ToLower(config.BlockName.Format)
}
if config.BlockName.Format != "tsv" && config.BlockName.Format != "ltsv" {
return errors.New("Unsupported block log format")
}
proxy.blockNameFile = config.BlockName.File
proxy.blockNameFormat = config.BlockName.Format
proxy.blockNameLogFile = config.BlockName.LogFile
return nil
}
// configureAllowedNames - Configures allowed names
func configureAllowedNames(proxy *Proxy, config *Config) error {
if len(config.AllowedName.File) > 0 && len(config.WhitelistNameLegacy.File) > 0 {
return errors.New("Don't specify both [whitelist] and [allowed_names] sections - Update your config file")
}
if len(config.WhitelistNameLegacy.File) > 0 {
dlog.Notice("Use of [whitelist] is deprecated - Update your config file")
config.AllowedName.File = config.WhitelistNameLegacy.File
config.AllowedName.Format = config.WhitelistNameLegacy.Format
config.AllowedName.LogFile = config.WhitelistNameLegacy.LogFile
}
if len(config.AllowedName.Format) == 0 {
config.AllowedName.Format = "tsv"
} else {
config.AllowedName.Format = strings.ToLower(config.AllowedName.Format)
}
if config.AllowedName.Format != "tsv" && config.AllowedName.Format != "ltsv" {
return errors.New("Unsupported allowed_names log format")
}
proxy.allowNameFile = config.AllowedName.File
proxy.allowNameFormat = config.AllowedName.Format
proxy.allowNameLogFile = config.AllowedName.LogFile
return nil
}
// configureBlockedIPs - Configures blocked IPs
func configureBlockedIPs(proxy *Proxy, config *Config) error {
if len(config.BlockIP.File) > 0 && len(config.BlockIPLegacy.File) > 0 {
return errors.New("Don't specify both [blocked_ips] and [ip_blacklist] sections - Update your config file")
}
if len(config.BlockIPLegacy.File) > 0 {
dlog.Notice("Use of [ip_blacklist] is deprecated - Update your config file")
config.BlockIP.File = config.BlockIPLegacy.File
config.BlockIP.Format = config.BlockIPLegacy.Format
config.BlockIP.LogFile = config.BlockIPLegacy.LogFile
}
if len(config.BlockIP.Format) == 0 {
config.BlockIP.Format = "tsv"
} else {
config.BlockIP.Format = strings.ToLower(config.BlockIP.Format)
}
if config.BlockIP.Format != "tsv" && config.BlockIP.Format != "ltsv" {
return errors.New("Unsupported IP block log format")
}
proxy.blockIPFile = config.BlockIP.File
proxy.blockIPFormat = config.BlockIP.Format
proxy.blockIPLogFile = config.BlockIP.LogFile
return nil
}
// configureAllowedIPs - Configures allowed IPs
func configureAllowedIPs(proxy *Proxy, config *Config) error {
if len(config.AllowIP.Format) == 0 {
config.AllowIP.Format = "tsv"
} else {
config.AllowIP.Format = strings.ToLower(config.AllowIP.Format)
}
if config.AllowIP.Format != "tsv" && config.AllowIP.Format != "ltsv" {
return errors.New("Unsupported allowed_ips log format")
}
proxy.allowedIPFile = config.AllowIP.File
proxy.allowedIPFormat = config.AllowIP.Format
proxy.allowedIPLogFile = config.AllowIP.LogFile
return nil
}
// configureAdditionalFiles - Configures forwarding, cloaking, and captive portal files
func configureAdditionalFiles(proxy *Proxy, config *Config) {
proxy.forwardFile = config.ForwardFile
proxy.cloakFile = config.CloakFile
proxy.captivePortalMapFile = config.CaptivePortals.MapFile
}
// configureWeeklyRanges - Parses and configures weekly ranges
func configureWeeklyRanges(proxy *Proxy, config *Config) error {
allWeeklyRanges, err := ParseAllWeeklyRanges(config.AllWeeklyRanges)
if err != nil {
return err
}
proxy.allWeeklyRanges = allWeeklyRanges
return nil
}
// The configureDNS64 function is now defined in config.go
// The configureBrokenImplementations function is now defined in config.go
// configureAnonymizedDNS - Configures anonymized DNS
func configureAnonymizedDNS(proxy *Proxy, config *Config) {
if configRoutes := config.AnonymizedDNS.Routes; configRoutes != nil {
routes := make(map[string][]string)
for _, configRoute := range configRoutes {
routes[configRoute.ServerName] = configRoute.RelayNames
}
proxy.routes = &routes
}
proxy.skipAnonIncompatibleResolvers = config.AnonymizedDNS.SkipIncompatible
proxy.anonDirectCertFallback = config.AnonymizedDNS.DirectCertFallback
}
// configureSourceRestrictions - Configures server source restrictions
func configureSourceRestrictions(proxy *Proxy, flags *ConfigFlags, config *Config) {
if *flags.ListAll {
config.ServerNames = nil
config.DisabledServerNames = nil
config.SourceRequireDNSSEC = false
config.SourceRequireNoFilter = false
config.SourceRequireNoLog = false
config.SourceIPv4 = true
config.SourceIPv6 = true
config.SourceDNSCrypt = true
config.SourceDoH = true
config.SourceODoH = true
}
var requiredProps stamps.ServerInformalProperties
if config.SourceRequireDNSSEC {
requiredProps |= stamps.ServerInformalPropertyDNSSEC
}
if config.SourceRequireNoLog {
requiredProps |= stamps.ServerInformalPropertyNoLog
}
if config.SourceRequireNoFilter {
requiredProps |= stamps.ServerInformalPropertyNoFilter
}
proxy.requiredProps = requiredProps
proxy.ServerNames = config.ServerNames
proxy.DisabledServerNames = config.DisabledServerNames
proxy.SourceIPv4 = config.SourceIPv4
proxy.SourceIPv6 = config.SourceIPv6
proxy.SourceDNSCrypt = config.SourceDNSCrypt
proxy.SourceDoH = config.SourceDoH
proxy.SourceODoH = config.SourceODoH
}
// determineNetprobeAddress - Determines the address to use for network probing
func determineNetprobeAddress(flags *ConfigFlags, config *Config) (string, int) {
netprobeTimeout := config.NetprobeTimeout
if flags.NetprobeTimeoutOverride != nil {
netprobeTimeout = *flags.NetprobeTimeoutOverride
}
netprobeAddress := DefaultNetprobeAddress
if len(config.NetprobeAddress) > 0 {
netprobeAddress = config.NetprobeAddress
} else if len(config.BootstrapResolvers) > 0 {
netprobeAddress = config.BootstrapResolvers[0]
}
return netprobeAddress, netprobeTimeout
}
// initializeNetworking - Initializes networking
func initializeNetworking(proxy *Proxy, flags *ConfigFlags, config *Config) error {
isCommandMode := *flags.Check || proxy.showCerts || *flags.List || *flags.ListAll
if isCommandMode {
return nil
}
netprobeAddress, netprobeTimeout := determineNetprobeAddress(flags, config)
if err := NetProbe(proxy, netprobeAddress, netprobeTimeout); err != nil {
return err
}
for _, listenAddrStr := range proxy.listenAddresses {
proxy.addDNSListener(listenAddrStr)
}
for _, listenAddrStr := range proxy.localDoHListenAddresses {
proxy.addLocalDoHListener(listenAddrStr)
}
return proxy.addSystemDListeners()
}
================================================
FILE: dnscrypt-proxy/config_watcher.go
================================================
package main
import (
"crypto/sha256"
"errors"
"io"
"os"
"path/filepath"
"sync"
"time"
"github.com/fsnotify/fsnotify"
"github.com/jedisct1/dlog"
)
// ConfigWatcher monitors configuration files for changes and safely reloads them
type ConfigWatcher struct {
watchedFiles map[string]*WatchedFile
mu sync.RWMutex
watcher *fsnotify.Watcher
shutdownCh chan struct{}
}
// WatchedFile stores information about a file being monitored for changes
type WatchedFile struct {
path string
lastHash []byte
lastSize int64
lastMod time.Time
reloadFunc func() error
mu sync.Mutex
}
// NewConfigWatcher creates a new configuration file watcher
func NewConfigWatcher(interval time.Duration) *ConfigWatcher {
watcher, err := fsnotify.NewWatcher()
if err != nil {
dlog.Errorf("Failed to create file system watcher: %v", err)
dlog.Notice("Falling back to polling-based file monitoring")
return newPollingConfigWatcher(interval)
}
cw := &ConfigWatcher{
watchedFiles: make(map[string]*WatchedFile),
watcher: watcher,
shutdownCh: make(chan struct{}),
}
go cw.watchLoop()
return cw
}
// watchLoop processes file system events
func (cw *ConfigWatcher) watchLoop() {
for {
select {
case event, ok := <-cw.watcher.Events:
if !ok {
return
}
if event.Has(fsnotify.Write) || event.Has(fsnotify.Create) {
cw.handleModifyEvent(event.Name)
}
case err, ok := <-cw.watcher.Errors:
if !ok {
return
}
dlog.Errorf("File watcher error: %v", err)
case <-cw.shutdownCh:
cw.watcher.Close()
return
}
}
}
// handleModifyEvent handles a file modification event
func (cw *ConfigWatcher) handleModifyEvent(path string) {
absPath, err := filepath.Abs(path)
if err != nil {
dlog.Debugf("Could not get absolute path for %s: %v", path, err)
return
}
cw.mu.RLock()
wf, exists := cw.watchedFiles[absPath]
cw.mu.RUnlock()
if !exists {
return
}
// Debounce rapid changes with a small delay
time.Sleep(100 * time.Millisecond)
cw.checkFile(wf)
}
// checkFile checks if a specific file has changed and is stable
func (cw *ConfigWatcher) checkFile(wf *WatchedFile) {
wf.mu.Lock()
defer wf.mu.Unlock()
// Get file information
fileInfo, err := os.Stat(wf.path)
if err != nil {
// File might be temporarily unavailable during writes
dlog.Debugf("Cannot stat file [%s]: %v", wf.path, err)
return
}
// File has been modified, but check if it's still being written
// by taking two measurements with a short delay
size1 := fileInfo.Size()
hash1, err := getFileHash(wf.path)
if err != nil {
dlog.Debugf("Cannot read file [%s]: %v", wf.path, err)
return
}
// Wait a moment to see if the file is still changing
time.Sleep(100 * time.Millisecond)
fileInfo, err = os.Stat(wf.path)
if err != nil {
return
}
size2 := fileInfo.Size()
hash2, err := getFileHash(wf.path)
if err != nil {
return
}
// If file size or hash is still changing, it's still being written
if size1 != size2 || !hashesEqual(hash1, hash2) {
dlog.Debugf("File [%s] is still being modified, waiting for stability", wf.path)
return
}
// The file appears stable, check if it's different from last loaded version
if wf.lastSize == size2 && hashesEqual(wf.lastHash, hash2) {
// Content hasn't changed despite mod time change
wf.lastMod = fileInfo.ModTime()
return
}
// File has changed and is stable, reload it
dlog.Noticef("Configuration file [%s] has changed, reloading", wf.path)
if err := wf.reloadFunc(); err != nil {
dlog.Errorf("Failed to reload [%s]: %v", wf.path, err)
return
}
// Update file info after successful reload
wf.lastHash = hash2
wf.lastSize = size2
wf.lastMod = fileInfo.ModTime()
dlog.Noticef("Successfully reloaded [%s]", wf.path)
}
// AddFile registers a file to be watched for changes
func (cw *ConfigWatcher) AddFile(path string, reloadFunc func() error) error {
if path == "" {
return errors.New("empty file path")
}
if reloadFunc == nil {
return errors.New("reload function is nil")
}
absPath, err := filepath.Abs(path)
if err != nil {
return err
}
// Check if file exists and is readable
fileInfo, err := os.Stat(absPath)
if err != nil {
return err
}
if fileInfo.IsDir() {
return errors.New("path is a directory, not a file")
}
// Calculate initial hash
hash, err := getFileHash(absPath)
if err != nil {
return err
}
wf := &WatchedFile{
path: absPath,
lastHash: hash,
lastSize: fileInfo.Size(),
lastMod: fileInfo.ModTime(),
reloadFunc: reloadFunc,
}
cw.mu.Lock()
defer cw.mu.Unlock()
// Add to tracked files
cw.watchedFiles[absPath] = wf
// Watch directory containing the file to catch moves/renames when fsnotify is available
if cw.watcher != nil {
dirPath := filepath.Dir(absPath)
if err := cw.watcher.Add(dirPath); err != nil {
return err
}
}
dlog.Noticef("Now watching [%s] for changes", absPath)
return nil
}
// RemoveFile stops watching a file
func (cw *ConfigWatcher) RemoveFile(path string) {
absPath, err := filepath.Abs(path)
if err != nil {
return
}
cw.mu.Lock()
defer cw.mu.Unlock()
if _, exists := cw.watchedFiles[absPath]; exists {
delete(cw.watchedFiles, absPath)
// We don't remove the watch on the directory since other files might still be watched
// This is fine as watching directories has minimal overhead
dlog.Noticef("Stopped watching [%s]", absPath)
}
}
// Shutdown stops the watcher
func (cw *ConfigWatcher) Shutdown() {
close(cw.shutdownCh)
}
// newPollingConfigWatcher creates a fallback polling-based watcher if fsnotify fails
func newPollingConfigWatcher(interval time.Duration) *ConfigWatcher {
if interval <= 0 {
interval = 1 * time.Second
}
cw := &ConfigWatcher{
watchedFiles: make(map[string]*WatchedFile),
shutdownCh: make(chan struct{}),
}
// Start a goroutine for polling
go func() {
ticker := time.NewTicker(interval)
defer ticker.Stop()
for {
select {
case <-ticker.C:
cw.checkAllFiles()
case <-cw.shutdownCh:
return
}
}
}()
return cw
}
// checkAllFiles examines all watched files for changes (used in polling mode)
func (cw *ConfigWatcher) checkAllFiles() {
cw.mu.RLock()
files := make([]*WatchedFile, 0, len(cw.watchedFiles))
for _, wf := range cw.watchedFiles {
files = append(files, wf)
}
cw.mu.RUnlock()
for _, wf := range files {
cw.checkFile(wf)
}
}
// getFileHash calculates a SHA-256 hash of a file's contents
func getFileHash(path string) ([]byte, error) {
file, err := os.Open(path)
if err != nil {
return nil, err
}
defer file.Close()
hash := sha256.New()
if _, err := io.Copy(hash, file); err != nil {
return nil, err
}
return hash.Sum(nil), nil
}
// hashesEqual compares two hashes for equality
func hashesEqual(h1, h2 []byte) bool {
if len(h1) != len(h2) {
return false
}
for i := range h1 {
if h1[i] != h2[i] {
return false
}
}
return true
}
================================================
FILE: dnscrypt-proxy/config_watcher_test.go
================================================
package main
import (
"fmt"
"os"
"path/filepath"
"sync/atomic"
"testing"
"time"
)
// TestConfigWatcher tests the basic functionality of the ConfigWatcher
func TestConfigWatcher(t *testing.T) {
// Create a temporary file for testing
tempDir := t.TempDir()
tempFile := filepath.Join(tempDir, "test_config.txt")
// Create test file with initial content
initialContent := "test content"
if err := os.WriteFile(tempFile, []byte(initialContent), 0o644); err != nil {
t.Fatalf("Failed to create test file: %v", err)
}
// Track reload calls
var reloadCount int32
// Create reload function that increments counter
reloadFunc := func() error {
atomic.AddInt32(&reloadCount, 1)
return nil
}
// Create a config watcher with short interval for testing
watcher := NewConfigWatcher(100) // 100ms interval
// Add file to watcher
if err := watcher.AddFile(tempFile, reloadFunc); err != nil {
t.Fatalf("Failed to add file to watcher: %v", err)
}
// Wait a short period to ensure initial monitoring is set up
time.Sleep(200 * time.Millisecond)
// Initial load should not trigger reload
if count := atomic.LoadInt32(&reloadCount); count != 0 {
t.Errorf("Expected 0 reloads initially, got %d", count)
}
// Modify the file
newContent := "updated content"
if err := os.WriteFile(tempFile, []byte(newContent), 0o644); err != nil {
t.Fatalf("Failed to update test file: %v", err)
}
// Wait for reload to be triggered
time.Sleep(500 * time.Millisecond)
// Check if reload was triggered
if count := atomic.LoadInt32(&reloadCount); count != 1 {
t.Errorf("Expected 1 reload after file change, got %d", count)
}
// Modify the file again
newerContent := "newer content"
if err := os.WriteFile(tempFile, []byte(newerContent), 0o644); err != nil {
t.Fatalf("Failed to update test file again: %v", err)
}
// Wait for second reload to be triggered
time.Sleep(500 * time.Millisecond)
// Check if second reload was triggered
if count := atomic.LoadInt32(&reloadCount); count != 2 {
t.Errorf("Expected 2 reloads after second file change, got %d", count)
}
// Test that rapid changes are debounced
for i := range 5 {
content := fmt.Appendf(nil, "%d content", i)
if err := os.WriteFile(tempFile, content, 0o644); err != nil {
t.Fatalf("Failed to update test file in loop: %v", err)
}
time.Sleep(10 * time.Millisecond) // Very small delay between writes
}
// Wait for reload to be triggered
time.Sleep(500 * time.Millisecond)
// Should be at most one or two additional reloads, not 5
finalCount := atomic.LoadInt32(&reloadCount)
if finalCount < 3 || finalCount > 4 {
t.Errorf("Expected 3-4 total reloads after rapid changes (debouncing), got %d", finalCount)
}
// Test removing file from watcher
watcher.RemoveFile(tempFile)
// Reset count
atomic.StoreInt32(&reloadCount, 0)
// Modify the file again
if err := os.WriteFile(tempFile, []byte("final content"), 0o644); err != nil {
t.Fatalf("Failed to update test file after removal: %v", err)
}
// Wait to see if reload is triggered
time.Sleep(500 * time.Millisecond)
// No reload should happen after removal
if count := atomic.LoadInt32(&reloadCount); count != 0 {
t.Errorf("Expected 0 reloads after file removal from watcher, got %d", count)
}
// Clean up
watcher.Shutdown()
}
func TestConfigWatcherPollingFallback(t *testing.T) {
// Create a temporary file for testing
tempDir := t.TempDir()
tempFile := filepath.Join(tempDir, "polling_config.txt")
if err := os.WriteFile(tempFile, []byte("initial content"), 0o644); err != nil {
t.Fatalf("Failed to create test file: %v", err)
}
watcher := newPollingConfigWatcher(10 * time.Millisecond)
defer watcher.Shutdown()
var reloadCount int32
reloadFunc := func() error {
atomic.AddInt32(&reloadCount, 1)
return nil
}
defer func() {
if r := recover(); r != nil {
t.Fatalf("AddFile should not panic in polling mode: %v", r)
}
}()
if err := watcher.AddFile(tempFile, reloadFunc); err != nil {
t.Fatalf("AddFile returned error: %v", err)
}
// Wait for polling loop to process
time.Sleep(50 * time.Millisecond)
// Modify file and allow fallback watcher to detect change
if err := os.WriteFile(tempFile, []byte("updated content"), 0o644); err != nil {
t.Fatalf("Failed to update test file: %v", err)
}
time.Sleep(200 * time.Millisecond)
if atomic.LoadInt32(&reloadCount) == 0 {
t.Fatalf("Expected at least one reload in polling mode")
}
}
================================================
FILE: dnscrypt-proxy/crypto.go
================================================
package main
import (
"bytes"
crypto_rand "crypto/rand"
"crypto/sha512"
"errors"
"github.com/jedisct1/dlog"
"github.com/jedisct1/xsecretbox"
"golang.org/x/crypto/curve25519"
"golang.org/x/crypto/nacl/box"
"golang.org/x/crypto/nacl/secretbox"
)
const (
NonceSize = xsecretbox.NonceSize
HalfNonceSize = xsecretbox.NonceSize / 2
TagSize = xsecretbox.TagSize
PublicKeySize = 32
QueryOverhead = ClientMagicLen + PublicKeySize + HalfNonceSize + TagSize
ResponseOverhead = len(ServerMagic) + NonceSize + TagSize
)
func pad(packet []byte, minSize int) []byte {
packet = append(packet, 0x80)
for len(packet) < minSize {
packet = append(packet, 0)
}
return packet
}
func unpad(packet []byte) ([]byte, error) {
for i := len(packet); ; {
if i == 0 {
return nil, errors.New("Invalid padding (short packet)")
}
i--
if packet[i] == 0x80 {
return packet[:i], nil
} else if packet[i] != 0x00 {
return nil, errors.New("Invalid padding (delimiter not found)")
}
}
}
func ComputeSharedKey(
cryptoConstruction CryptoConstruction,
secretKey *[32]byte,
serverPk *[32]byte,
providerName *string,
) (sharedKey [32]byte) {
if cryptoConstruction == XChacha20Poly1305 {
var err error
sharedKey, err = xsecretbox.SharedKey(*secretKey, *serverPk)
if err != nil {
dlog.Criticalf("[%v] Weak XChaCha20 public key", providerName)
}
} else {
box.Precompute(&sharedKey, serverPk, secretKey)
c := byte(0)
for i := range 32 {
c |= sharedKey[i]
}
if c == 0 {
dlog.Criticalf("[%v] Weak XSalsa20 public key", providerName)
if _, err := crypto_rand.Read(sharedKey[:]); err != nil {
dlog.Fatal(err)
}
}
}
return sharedKey
}
func (proxy *Proxy) Encrypt(
serverInfo *ServerInfo,
packet []byte,
proto string,
) (sharedKey *[32]byte, encrypted []byte, clientNonce []byte, err error) {
nonce, clientNonce := make([]byte, NonceSize), make([]byte, HalfNonceSize)
if _, err := crypto_rand.Read(clientNonce); err != nil {
return nil, nil, nil, err
}
copy(nonce, clientNonce)
var publicKey *[PublicKeySize]byte
if proxy.ephemeralKeys {
h := sha512.New512_256()
h.Write(clientNonce)
h.Write(proxy.proxySecretKey[:])
var ephSk [32]byte
h.Sum(ephSk[:0])
var xPublicKey [PublicKeySize]byte
curve25519.ScalarBaseMult(&xPublicKey, &ephSk)
publicKey = &xPublicKey
xsharedKey := ComputeSharedKey(serverInfo.CryptoConstruction, &ephSk, &serverInfo.ServerPk, nil)
sharedKey = &xsharedKey
} else {
sharedKey = &serverInfo.SharedKey
publicKey = &proxy.proxyPublicKey
}
minQuestionSize := QueryOverhead + len(packet)
if proto == "udp" {
minQuestionSize = Max(proxy.questionSizeEstimator.MinQuestionSize(), minQuestionSize)
} else {
var xpad [1]byte
if _, err := crypto_rand.Read(xpad[:]); err != nil {
return nil, nil, nil, err
}
minQuestionSize += int(xpad[0])
}
paddedLength := Min(MaxDNSUDPPacketSize, (Max(minQuestionSize, QueryOverhead)+1+63) & ^63)
if serverInfo.knownBugs.fragmentsBlocked && proto == "udp" {
paddedLength = MaxDNSUDPSafePacketSize
} else if serverInfo.Relay != nil && proto == "tcp" {
paddedLength = MaxDNSPacketSize
}
if QueryOverhead+len(packet)+1 > paddedLength {
err = errors.New("Question too large; cannot be padded")
return sharedKey, encrypted, clientNonce, err
}
encrypted = append(serverInfo.MagicQuery[:], publicKey[:]...)
encrypted = append(encrypted, nonce[:HalfNonceSize]...)
padded := pad(packet, paddedLength-QueryOverhead)
if serverInfo.CryptoConstruction == XChacha20Poly1305 {
encrypted = xsecretbox.Seal(encrypted, nonce, padded, sharedKey[:])
} else {
var xsalsaNonce [24]byte
copy(xsalsaNonce[:], nonce)
encrypted = secretbox.Seal(encrypted, padded, &xsalsaNonce, sharedKey)
}
return sharedKey, encrypted, clientNonce, err
}
func (proxy *Proxy) Decrypt(
serverInfo *ServerInfo,
sharedKey *[32]byte,
encrypted []byte,
nonce []byte,
) ([]byte, error) {
serverMagicLen := len(ServerMagic)
responseHeaderLen := serverMagicLen + NonceSize
if len(encrypted) < responseHeaderLen+TagSize+int(MinDNSPacketSize) ||
len(encrypted) > responseHeaderLen+TagSize+int(MaxDNSPacketSize) ||
!bytes.Equal(encrypted[:serverMagicLen], ServerMagic[:]) {
return encrypted, errors.New("Invalid message size or prefix")
}
serverNonce := encrypted[serverMagicLen:responseHeaderLen]
if !bytes.Equal(nonce[:HalfNonceSize], serverNonce[:HalfNonceSize]) {
return encrypted, errors.New("Unexpected nonce")
}
var packet []byte
var err error
if serverInfo.CryptoConstruction == XChacha20Poly1305 {
packet, err = xsecretbox.Open(nil, serverNonce, encrypted[responseHeaderLen:], sharedKey[:])
} else {
var xsalsaServerNonce [24]byte
copy(xsalsaServerNonce[:], serverNonce)
var ok bool
packet, ok = secretbox.Open(nil, encrypted[responseHeaderLen:], &xsalsaServerNonce, sharedKey)
if !ok {
err = errors.New("Incorrect tag")
}
}
if err != nil {
return encrypted, err
}
packet, err = unpad(packet)
if err != nil || len(packet) < MinDNSPacketSize {
return encrypted, errors.New("Incorrect padding")
}
return packet, nil
}
================================================
FILE: dnscrypt-proxy/dnscrypt_certs.go
================================================
package main
import (
"bytes"
"encoding/binary"
"errors"
"strings"
"time"
"codeberg.org/miekg/dns"
"github.com/jedisct1/dlog"
"golang.org/x/crypto/ed25519"
)
type CertInfo struct {
ServerPk [32]byte
SharedKey [32]byte
MagicQuery [ClientMagicLen]byte
CryptoConstruction CryptoConstruction
ForwardSecurity bool
}
func FetchCurrentDNSCryptCert(
proxy *Proxy,
serverName *string,
proto string,
pk ed25519.PublicKey,
serverAddress string,
providerName string,
isNew bool,
relay *DNSCryptRelay,
knownBugs ServerBugs,
) (CertInfo, int, bool, error) {
if len(pk) != ed25519.PublicKeySize {
return CertInfo{}, 0, false, errors.New("Invalid public key length")
}
if !strings.HasSuffix(providerName, ".") {
providerName += "."
}
if serverName == nil {
serverName = &providerName
}
query := dns.NewMsg(providerName, dns.TypeTXT)
if !strings.HasPrefix(providerName, "2.dnscrypt-cert.") {
if relay != nil && !proxy.anonDirectCertFallback {
dlog.Warnf(
"[%v] uses a non-standard provider name, enable direct cert fallback to use with a relay ('%v' doesn't start with '2.dnscrypt-cert.')",
*serverName,
providerName,
)
} else {
dlog.Warnf("[%v] uses a non-standard provider name ('%v' doesn't start with '2.dnscrypt-cert.')", *serverName, providerName)
relay = nil
}
}
tryFragmentsSupport := true
if knownBugs.fragmentsBlocked {
tryFragmentsSupport = false
}
in, rtt, fragmentsBlocked, err := DNSExchange(
proxy,
proto,
query,
serverAddress,
relay,
serverName,
tryFragmentsSupport,
)
if err != nil {
dlog.Noticef("[%s] TIMEOUT", *serverName)
return CertInfo{}, 0, fragmentsBlocked, err
}
now := uint32(time.Now().Unix())
certInfo := CertInfo{CryptoConstruction: UndefinedConstruction}
highestSerial := uint32(0)
certCountStr := ""
for _, answerRr := range in.Answer {
var txt string
if t, ok := answerRr.(*dns.TXT); !ok {
dlog.Noticef("[%v] Extra record of type [%v] found in certificate", *serverName, dns.RRToType(answerRr))
continue
} else {
txt = strings.Join(t.Txt, "")
}
binCert := PackTXTRR(txt)
if len(binCert) < 124 {
dlog.Warnf("[%v] Certificate too short", *serverName)
continue
}
if !bytes.Equal(binCert[:4], CertMagic[:4]) {
dlog.Warnf("[%v] Invalid cert magic", *serverName)
continue
}
cryptoConstruction := CryptoConstruction(0)
switch esVersion := binary.BigEndian.Uint16(binCert[4:6]); esVersion {
case 0x0001:
cryptoConstruction = XSalsa20Poly1305
dlog.Noticef("[%v] should upgrade to XChaCha20 for encryption", *serverName)
case 0x0002:
cryptoConstruction = XChacha20Poly1305
default:
dlog.Debugf("[%v] uses an unsupported encryption system", *serverName)
continue
}
signature := binCert[8:72]
signed := binCert[72:]
if !ed25519.Verify(pk, signed, signature) {
dlog.Warnf("[%v] Incorrect signature for provider name: [%v]", *serverName, providerName)
continue
}
serial := binary.BigEndian.Uint32(binCert[112:116])
tsBegin := binary.BigEndian.Uint32(binCert[116:120])
tsEnd := binary.BigEndian.Uint32(binCert[120:124])
if tsBegin >= tsEnd {
dlog.Warnf("[%v] certificate ends before it starts (%v >= %v)", *serverName, tsBegin, tsEnd)
continue
}
ttl := tsEnd - tsBegin
if ttl > 86400*7 {
dlog.Infof(
"[%v] the key validity period for this server is excessively long (%d days), significantly reducing reliability and forward security.",
*serverName,
ttl/86400,
)
daysLeft := (tsEnd - now) / 86400
if daysLeft < 1 {
dlog.Criticalf(
"[%v] certificate will expire today -- Switch to a different resolver as soon as possible",
*serverName,
)
} else if daysLeft <= 7 {
dlog.Warnf("[%v] certificate is about to expire -- if you don't manage this server, tell the server operator about it", *serverName)
} else if daysLeft <= 30 {
dlog.Infof("[%v] certificate will expire in %d days", *serverName, daysLeft)
} else {
dlog.Debugf("[%v] certificate still valid for %d days", *serverName, daysLeft)
}
certInfo.ForwardSecurity = false
} else {
certInfo.ForwardSecurity = true
}
if !proxy.certIgnoreTimestamp {
if now > tsEnd || now < tsBegin {
dlog.Debugf(
"[%v] Certificate not valid at the current date (now: %v is not in [%v..%v])",
*serverName,
now,
tsBegin,
tsEnd,
)
continue
}
}
if serial < highestSerial {
dlog.Debugf("[%v] Superseded by a previous certificate", *serverName)
continue
}
if serial == highestSerial {
if cryptoConstruction < certInfo.CryptoConstruction {
dlog.Debugf("[%v] Keeping the previous, preferred crypto construction", *serverName)
continue
} else {
dlog.Debugf("[%v] Upgrading the construction from %v to %v", *serverName, certInfo.CryptoConstruction, cryptoConstruction)
}
}
if cryptoConstruction != XChacha20Poly1305 && cryptoConstruction != XSalsa20Poly1305 {
dlog.Noticef("[%v] Cryptographic construction %v not supported", *serverName, cryptoConstruction)
continue
}
var serverPk [32]byte
copy(serverPk[:], binCert[72:104])
sharedKey := ComputeSharedKey(cryptoConstruction, &proxy.proxySecretKey, &serverPk, &providerName)
certInfo.SharedKey = sharedKey
highestSerial = serial
certInfo.CryptoConstruction = cryptoConstruction
copy(certInfo.ServerPk[:], serverPk[:])
copy(certInfo.MagicQuery[:], binCert[104:112])
if isNew {
dlog.Noticef("[%s] OK (DNSCrypt) - rtt: %dms%s", *serverName, rtt.Nanoseconds()/1000000, certCountStr)
} else {
dlog.Infof("[%s] OK (DNSCrypt) - rtt: %dms%s", *serverName, rtt.Nanoseconds()/1000000, certCountStr)
}
certCountStr = " - additional certificate"
}
if certInfo.CryptoConstruction == UndefinedConstruction {
return certInfo, 0, fragmentsBlocked, errors.New("No usable certificate found")
}
return certInfo, int(rtt.Nanoseconds() / 1000000), fragmentsBlocked, nil
}
================================================
FILE: dnscrypt-proxy/dnsutils.go
================================================
package main
import (
"encoding/binary"
"errors"
"net"
"net/netip"
"strings"
"time"
"unicode/utf8"
"codeberg.org/miekg/dns"
"codeberg.org/miekg/dns/rdata"
"github.com/jedisct1/dlog"
)
func EmptyResponseFromMessage(srcMsg *dns.Msg) *dns.Msg {
dstMsg := &dns.Msg{}
dstMsg.ID = srcMsg.ID
dstMsg.Opcode = srcMsg.Opcode
dstMsg.Question = srcMsg.Question
dstMsg.Response = true
dstMsg.RecursionAvailable = true
dstMsg.RecursionDesired = srcMsg.RecursionDesired
dstMsg.CheckingDisabled = false
dstMsg.AuthenticatedData = false
if srcMsg.UDPSize > 0 {
dstMsg.UDPSize = srcMsg.UDPSize
dstMsg.Security = srcMsg.Security
}
return dstMsg
}
func TruncatedResponse(packet []byte) ([]byte, error) {
srcMsg := dns.Msg{Data: packet}
if err := srcMsg.Unpack(); err != nil {
return nil, err
}
dstMsg := EmptyResponseFromMessage(&srcMsg)
dstMsg.Truncated = true
if err := dstMsg.Pack(); err != nil {
return nil, err
}
return dstMsg.Data, nil
}
func RefusedResponseFromMessage(srcMsg *dns.Msg, refusedCode bool, ipv4 net.IP, ipv6 net.IP, ttl uint32) *dns.Msg {
// Create an empty response based on the source message
dstMsg := EmptyResponseFromMessage(srcMsg)
// Add Extended DNS Error (EDE) field to pseudo section
ede := &dns.EDE{InfoCode: dns.ExtendedErrorFiltered}
if dstMsg.UDPSize > 0 {
dstMsg.Pseudo = append(dstMsg.Pseudo, ede)
}
// Either return with refused code or a synthetic response
if refusedCode {
// Return a simple refused response
dstMsg.Rcode = dns.RcodeRefused
} else {
// Return a synthetic response
dstMsg.Rcode = dns.RcodeSuccess
questions := srcMsg.Question
if len(questions) == 0 {
return dstMsg
}
question := questions[0]
qtype := dns.RRToType(question)
qname := question.Header().Name
sendHInfoResponse := true
// For A records, provide synthetic IPv4 if available
if ipv4 != nil && qtype == dns.TypeA {
if ip4 := ipv4.To4(); ip4 != nil {
rr := &dns.A{
Hdr: dns.Header{Name: qname, Class: dns.ClassINET, TTL: ttl},
A: rdata.A{Addr: netip.AddrFrom4([4]byte(ip4))},
}
dstMsg.Answer = []dns.RR{rr}
sendHInfoResponse = false
ede.InfoCode = dns.ExtendedErrorForgedAnswer
}
} else if ipv6 != nil && qtype == dns.TypeAAAA {
// For AAAA records, provide synthetic IPv6 if available
if ip6 := ipv6.To16(); ip6 != nil {
rr := &dns.AAAA{
Hdr: dns.Header{Name: qname, Class: dns.ClassINET, TTL: ttl},
AAAA: rdata.AAAA{Addr: netip.AddrFrom16([16]byte(ip6))},
}
dstMsg.Answer = []dns.RR{rr}
sendHInfoResponse = false
ede.InfoCode = dns.ExtendedErrorForgedAnswer
}
}
if sendHInfoResponse {
hinfo := &dns.HINFO{
Hdr: dns.Header{Name: qname, Class: dns.ClassINET, TTL: ttl},
HINFO: rdata.HINFO{
Cpu: "This query has been locally blocked",
Os: "by dnscrypt-proxy",
},
}
dstMsg.Answer = []dns.RR{hinfo}
} else {
ede.ExtraText = "This query has been locally blocked by dnscrypt-proxy"
}
}
return dstMsg
}
func HasTCFlag(packet []byte) bool {
return packet[2]&2 == 2
}
func TransactionID(packet []byte) uint16 {
return binary.BigEndian.Uint16(packet[0:2])
}
func SetTransactionID(packet []byte, tid uint16) {
binary.BigEndian.PutUint16(packet[0:2], tid)
}
func Rcode(packet []byte) uint8 {
return packet[3] & 0xf
}
func NormalizeRawQName(name *[]byte) {
for i, c := range *name {
if c >= 65 && c <= 90 {
(*name)[i] = c + 32
}
}
}
func NormalizeQName(str string) (string, error) {
if len(str) == 0 || str == "." {
return ".", nil
}
hasUpper := false
str = strings.TrimSuffix(str, ".")
strLen := len(str)
for i := range strLen {
c := str[i]
if c >= utf8.RuneSelf {
return str, errors.New("Query name is not an ASCII string")
}
hasUpper = hasUpper || ('A' <= c && c <= 'Z')
}
if !hasUpper {
return str, nil
}
var b strings.Builder
b.Grow(len(str))
for i := range strLen {
c := str[i]
if 'A' <= c && c <= 'Z' {
c += 'a' - 'A'
}
b.WriteByte(c)
}
return b.String(), nil
}
func getMinTTL(msg *dns.Msg, minTTL uint32, maxTTL uint32, cacheNegMinTTL uint32, cacheNegMaxTTL uint32) time.Duration {
if (msg.Rcode != dns.RcodeSuccess && msg.Rcode != dns.RcodeNameError) ||
(len(msg.Answer) <= 0 && len(msg.Ns) <= 0) {
return time.Duration(cacheNegMinTTL) * time.Second
}
var ttl uint32
if msg.Rcode == dns.RcodeSuccess {
ttl = uint32(maxTTL)
} else {
ttl = uint32(cacheNegMaxTTL)
}
if len(msg.Answer) > 0 {
for _, rr := range msg.Answer {
if rr.Header().TTL < ttl {
ttl = rr.Header().TTL
}
}
} else {
for _, rr := range msg.Ns {
if rr.Header().TTL < ttl {
ttl = rr.Header().TTL
}
}
}
if msg.Rcode == dns.RcodeSuccess {
if ttl < minTTL {
ttl = minTTL
}
} else {
if ttl < cacheNegMinTTL {
ttl = cacheNegMinTTL
}
}
return time.Duration(ttl) * time.Second
}
func updateTTL(msg *dns.Msg, expiration time.Time) {
until := time.Until(expiration)
ttl := uint32(0)
if until > 0 {
ttl = uint32(until / time.Second)
if until-time.Duration(ttl)*time.Second >= time.Second/2 {
ttl += 1
}
}
for _, rr := range msg.Answer {
rr.Header().TTL = ttl
}
for _, rr := range msg.Ns {
rr.Header().TTL = ttl
}
for _, rr := range msg.Extra {
if dns.RRToType(rr) != dns.TypeOPT {
rr.Header().TTL = ttl
}
}
}
func hasEDNS0Padding(packet []byte) (bool, error) {
msg := dns.Msg{Data: packet}
if err := msg.Unpack(); err != nil {
return false, err
}
for _, rr := range msg.Pseudo {
if _, ok := rr.(*dns.PADDING); ok {
return true, nil
}
}
return false, nil
}
func addEDNS0PaddingIfNoneFound(msg *dns.Msg, unpaddedPacket []byte, paddingLen int) ([]byte, error) {
// Enable EDNS0 if not already enabled
if msg.UDPSize == 0 {
msg.UDPSize = uint16(MaxDNSPacketSize)
}
// Check if padding already exists
for _, rr := range msg.Pseudo {
if _, ok := rr.(*dns.PADDING); ok {
return unpaddedPacket, nil
}
}
// Add padding
paddingRR := &dns.PADDING{Padding: strings.Repeat("58", paddingLen)}
msg.Pseudo = append(msg.Pseudo, paddingRR)
if err := msg.Pack(); err != nil {
return nil, err
}
return msg.Data, nil
}
func removeEDNS0Options(msg *dns.Msg) bool {
if len(msg.Pseudo) == 0 {
return false
}
msg.Pseudo = nil
return true
}
func dddToByte(s []byte) (byte, bool) {
n := int(s[0]-'0')*100 + int(s[1]-'0')*10 + int(s[2]-'0')
if n > 255 {
return 0, false
}
return byte(n), true
}
func PackTXTRR(s string) []byte {
bs := make([]byte, len(s))
msg := make([]byte, 0)
copy(bs, s)
for i := 0; i < len(bs); i++ {
if bs[i] == '\\' {
i++
if i == len(bs) {
break
}
if i+2 < len(bs) && isDigit(bs[i]) && isDigit(bs[i+1]) && isDigit(bs[i+2]) {
if b, ok := dddToByte(bs[i:]); ok {
msg = append(msg, b)
}
i += 2
} else if bs[i] == 't' {
msg = append(msg, '\t')
} else if bs[i] == 'r' {
msg = append(msg, '\r')
} else if bs[i] == 'n' {
msg = append(msg, '\n')
} else {
msg = append(msg, bs[i])
}
} else {
msg = append(msg, bs[i])
}
}
return msg
}
type DNSExchangeResponse struct {
response *dns.Msg
rtt time.Duration
priority int
fragmentsBlocked bool
err error
}
func DNSExchange(
proxy *Proxy,
proto string,
query *dns.Msg,
serverAddress string,
relay *DNSCryptRelay,
serverName *string,
tryFragmentsSupport bool,
) (*dns.Msg, time.Duration, bool, error) {
for {
cancelChannel := make(chan struct{})
maxTries := 3
channel := make(chan DNSExchangeResponse, 2*maxTries)
var err error
options := 0
for tries := range maxTries {
if tryFragmentsSupport {
queryCopy := query.Copy()
queryCopy.ID += uint16(options)
go func(query *dns.Msg, delay time.Duration) {
time.Sleep(delay)
option := DNSExchangeResponse{err: errors.New("Canceled")}
select {
case <-cancelChannel:
default:
option = _dnsExchange(proxy, proto, query, serverAddress, relay, 1500)
}
option.fragmentsBlocked = false
option.priority = 0
channel <- option
}(queryCopy, time.Duration(200*tries)*time.Millisecond)
options++
}
queryCopy := query.Copy()
queryCopy.ID += uint16(options)
go func(query *dns.Msg, delay time.Duration) {
time.Sleep(delay)
option := DNSExchangeResponse{err: errors.New("Canceled")}
select {
case <-cancelChannel:
default:
option = _dnsExchange(proxy, proto, query, serverAddress, relay, 480)
}
option.fragmentsBlocked = true
option.priority = 1
channel <- option
}(queryCopy, time.Duration(250*tries)*time.Millisecond)
options++
}
var bestOption *DNSExchangeResponse
for i := 0; i < options; i++ {
if dnsExchangeResponse := <-channel; dnsExchangeResponse.err == nil {
if bestOption == nil || dnsExchangeResponse.priority < bestOption.priority ||
(dnsExchangeResponse.priority == bestOption.priority && dnsExchangeResponse.rtt < bestOption.rtt) {
bestOption = &dnsExchangeResponse
if bestOption.priority == 0 {
close(cancelChannel)
break
}
}
} else {
err = dnsExchangeResponse.err
}
}
if bestOption != nil {
if bestOption.fragmentsBlocked {
dlog.Debugf("[%v] public key retrieval succeeded but server is blocking fragments", *serverName)
} else {
dlog.Debugf("[%v] public key retrieval succeeded", *serverName)
}
return bestOption.response, bestOption.rtt, bestOption.fragmentsBlocked, nil
}
if relay == nil || !proxy.anonDirectCertFallback {
if err == nil {
err = errors.New("Unable to reach the server")
}
return nil, 0, false, err
}
dlog.Infof(
"Unable to get the public key for [%v] via relay [%v], retrying over a direct connection",
*serverName,
relay.RelayUDPAddr.IP,
)
relay = nil
}
}
func _dnsExchange(
proxy *Proxy,
proto string,
query *dns.Msg,
serverAddress string,
relay *DNSCryptRelay,
paddedLen int,
) DNSExchangeResponse {
var packet []byte
var rtt time.Duration
if proto == "udp" {
qNameLen, padding := len(query.Question[0].Header().Name), 0
if qNameLen < paddedLen {
padding = paddedLen - qNameLen
}
if padding > 0 {
paddingRR := &dns.PADDING{Padding: strings.Repeat("00", padding)}
query.Pseudo = append(query.Pseudo, paddingRR)
if query.UDPSize == 0 {
query.UDPSize = uint16(MaxDNSPacketSize)
}
}
if err := query.Pack(); err != nil {
return DNSExchangeResponse{err: err}
}
binQuery := query.Data
udpAddr, err := net.ResolveUDPAddr("udp", serverAddress)
if err != nil {
return DNSExchangeResponse{err: err}
}
upstreamAddr := udpAddr
if relay != nil {
proxy.prepareForRelay(udpAddr.IP, udpAddr.Port, &binQuery)
upstreamAddr = relay.RelayUDPAddr
}
now := time.Now()
pc, err := net.DialTimeout("udp", upstreamAddr.String(), proxy.timeout)
if err != nil {
return DNSExchangeResponse{err: err}
}
defer pc.Close()
if err := pc.SetDeadline(time.Now().Add(proxy.timeout)); err != nil {
return DNSExchangeResponse{err: err}
}
if _, err := pc.Write(binQuery); err != nil {
return DNSExchangeResponse{err: err}
}
packet = make([]byte, MaxDNSPacketSize)
length, err := pc.Read(packet)
if err != nil {
return DNSExchangeResponse{err: err}
}
rtt = time.Since(now)
packet = packet[:length]
} else {
if err := query.Pack(); err != nil {
return DNSExchangeResponse{err: err}
}
binQuery := query.Data
tcpAddr, err := net.ResolveTCPAddr("tcp", serverAddress)
if err != nil {
return DNSExchangeResponse{err: err}
}
upstreamAddr := tcpAddr
if relay != nil {
proxy.prepareForRelay(tcpAddr.IP, tcpAddr.Port, &binQuery)
upstreamAddr = relay.RelayTCPAddr
}
now := time.Now()
var pc net.Conn
proxyDialer := proxy.xTransport.proxyDialer
if proxyDialer == nil {
pc, err = net.DialTimeout("tcp", upstreamAddr.String(), proxy.timeout)
} else {
pc, err = (*proxyDialer).Dial("tcp", tcpAddr.String())
}
if err != nil {
return DNSExchangeResponse{err: err}
}
defer pc.Close()
if err := pc.SetDeadline(time.Now().Add(proxy.timeout)); err != nil {
return DNSExchangeResponse{err: err}
}
binQuery, err = PrefixWithSize(binQuery)
if err != nil {
return DNSExchangeResponse{err: err}
}
if _, err := pc.Write(binQuery); err != nil {
return DNSExchangeResponse{err: err}
}
packet, err = ReadPrefixed(&pc)
if err != nil {
return DNSExchangeResponse{err: err}
}
rtt = time.Since(now)
}
msg := dns.Msg{Data: packet}
if err := msg.Unpack(); err != nil {
return DNSExchangeResponse{err: err}
}
return DNSExchangeResponse{response: &msg, rtt: rtt, err: nil}
}
================================================
FILE: dnscrypt-proxy/estimators.go
================================================
package main
import (
"sync"
"github.com/VividCortex/ewma"
)
type QuestionSizeEstimator struct {
sync.RWMutex
minQuestionSize int
ewma ewma.MovingAverage
}
func NewQuestionSizeEstimator() QuestionSizeEstimator {
return QuestionSizeEstimator{
minQuestionSize: InitialMinQuestionSize,
ewma: &ewma.SimpleEWMA{},
}
}
func (questionSizeEstimator *QuestionSizeEstimator) MinQuestionSize() int {
questionSizeEstimator.RLock()
minQuestionSize := questionSizeEstimator.minQuestionSize
questionSizeEstimator.RUnlock()
return minQuestionSize
}
func (questionSizeEstimator *QuestionSizeEstimator) blindAdjust() {
questionSizeEstimator.Lock()
if MaxDNSUDPPacketSize-questionSizeEstimator.minQuestionSize < questionSizeEstimator.minQuestionSize {
questionSizeEstimator.minQuestionSize = MaxDNSUDPPacketSize
} else {
questionSizeEstimator.minQuestionSize *= 2
}
questionSizeEstimator.ewma.Set(float64(questionSizeEstimator.minQuestionSize))
questionSizeEstimator.Unlock()
}
func (questionSizeEstimator *QuestionSizeEstimator) adjust(packetSize int) {
questionSizeEstimator.Lock()
questionSizeEstimator.ewma.Add(float64(packetSize))
ma, minQuestionSize := int(questionSizeEstimator.ewma.Value()), questionSizeEstimator.minQuestionSize
if ma > InitialMinQuestionSize && ma < minQuestionSize/2 {
questionSizeEstimator.minQuestionSize = Max(InitialMinQuestionSize, minQuestionSize/2)
}
questionSizeEstimator.Unlock()
}
================================================
FILE: dnscrypt-proxy/example-allowed-ips.txt
================================================
##############################
# Allowed IPs List #
##############################
#192.168.0.*
#fe80:53:* # IPv6 prefix example
#81.169.145.105
#192.168.0.0/16 # CIDR network mask
#fe80::/10 # IPv6 CIDR network mask
================================================
FILE: dnscrypt-proxy/example-allowed-names.txt
================================================
###########################
# Allowlist #
###########################
## Rules for allowing queries based on name, one per line
##
## Example of valid patterns:
##
## ads.* | matches anything with an "ads." prefix
## *.example.com | matches example.com and all names within that zone such as www.example.com
## example.com | identical to the above
## =example.com | allows example.com but not *.example.com
## [a-z0-9\-_]*.example.com | allows *.example.com but not example.com
## *sex* | matches any name containing that substring
## ads[0-9]* | matches "ads" followed by one or more digits
## ads*.example* | *, ? and [] can be used anywhere, but prefixes/suffixes are faster
# That one may be blocked due to 'tracker' being in the name.
tracker.debian.org
# That one may be blocked due to 'ads' being in the name.
# However, blocking it prevents all sponsored links from the Google
# search engine from being opened.
googleadservices.com
## Time-based rules
# *.youtube.* @time-to-play
# facebook.com @play
================================================
FILE: dnscrypt-proxy/example-blocked-ips.txt
================================================
##############################
# IP blocklist #
##############################
## Rules for blocking DNS responses if they contain
## IP addresses matching patterns.
##
## Sample feeds of suspect IP addresses:
## - https://github.com/stamparm/ipsum
## - https://github.com/tg12/bad_packets_blocklist
## - https://isc.sans.edu/block.txt
## - https://block.energized.pro/extensions/ips/formats/list.txt
## - https://www.iblocklist.com/lists
163.5.1.4
94.46.118.*
fe80:53:* # IPv6 prefix example
10.0.0.0/8 # CIDR network mask
fe80::/10 # IPv6 CIDR network mask
================================================
FILE: dnscrypt-proxy/example-blocked-names.txt
================================================
###########################
# Blocklist #
###########################
## Rules for name-based query blocking, one per line
##
## Example of valid patterns:
##
## ads.* | matches anything with an "ads." prefix
## *.example.com | matches example.com and all names within that zone such as www.example.com
## example.com | identical to the above
## =example.com | blocks example.com but not *.example.com
## [a-z0-9\-_]*.example.com | blocks *.example.com but not example.com
## *sex* | matches any name containing that substring
## ads[0-9]* | matches "ads" followed by one or more digits
## ads*.example* | *, ? and [] can be used anywhere, but prefixes/suffixes are faster
ad.*
ads.*
banner.*
banners.*
creatives.*
oas.*
oascentral.* # inline comments are allowed after a pound sign
stats.*
tag.*
telemetry.*
tracker.*
*.local
eth0.me
*.workgroup
## Prevent usage of Apple private relay, that bypasses DNS
# mask.apple-dns.net
# mask.icloud.com
# mask-api.icloud.com
# doh.dns.apple.com
## Time-based rules
# *.youtube.* @time-to-sleep
# facebook.com @work
================================================
FILE: dnscrypt-proxy/example-captive-portals.txt
================================================
###########################################
# Captive portal test names #
###########################################
## Some operating systems send queries to these names after a network change,
## in order to check if connectivity beyond the router is possible without
## going through a captive portal.
##
## This is a list of hard-coded IP addresses that will be returned when queries
## for these names are received, even before the operating system reports an interface
## as usable for reaching the Internet.
##
## Note that IPv6 addresses don't need to be specified within brackets,
## as there are no port numbers.
captive.apple.com 17.253.109.201, 17.253.113.202
connectivitycheck.gstatic.com 64.233.162.94, 64.233.164.94, 64.233.165.94, 64.233.177.94, 64.233.185.94, 74.125.132.94, 74.125.136.94, 74.125.20.94, 74.125.21.94, 74.125.28.94
connectivitycheck.android.com 64.233.162.100, 64.233.162.101, 64.233.162.102, 64.233.162.113, 64.233.162.138, 64.233.162.139
www.msftncsi.com 2.16.106.89, 2.16.106.91, 23.0.175.137, 23.0.175.146, 23.192.47.155, 23.192.47.203, 23.199.63.160, 23.199.63.184, 23.199.63.208, 23.204.146.160, 23.204.146.163, 23.46.238.243, 23.46.239.24, 23.48.39.16, 23.48.39.48, 23.55.38.139, 23.55.38.146, 23.59.190.185, 23.59.190.195
dns.msftncsi.com 131.107.255.255, fd3e:4f5a:5b81::1
www.msftconnecttest.com 13.107.4.52
ipv6.msftconnecttest.com 2a01:111:2003::52
ipv4only.arpa 192.0.0.170, 192.0.0.171
## Adding IP addresses of NTP servers is also a good idea
time.google.com 216.239.35.0, 2001:4860:4806::
================================================
FILE: dnscrypt-proxy/example-cloaking-rules.txt
================================================
################################
# Cloaking rules #
################################
# The following example rules force "safe" (without adult content) search
# results from Google, Bing and YouTube.
#
# This has to be enabled with the `cloaking_rules` parameter in the main
# configuration file
www.google.* forcesafesearch.google.com
www.bing.com strict.bing.com
yandex.ru familysearch.yandex.ru # inline comments are allowed after a pound sign
=duckduckgo.com safe.duckduckgo.com
www.youtube.com restrictmoderate.youtube.com
m.youtube.com restrictmoderate.youtube.com
youtubei.googleapis.com restrictmoderate.youtube.com
youtube.googleapis.com restrictmoderate.youtube.com
www.youtube-nocookie.com restrictmoderate.youtube.com
# Multiple IP entries for the same name are supported.
# In the following example, the same name maps both to IPv4 and IPv6 addresses:
localhost 127.0.0.1
localhost ::1
# For load-balancing, multiple IP addresses of the same class can also be
# provided using the same format, one <pattern> <ip> pair per line.
# ads.* 192.168.100.1
# ads.* 192.168.100.2
# ads.* ::1
# PTR records can be created by setting cloak_ptr in the main configuration file
# Entries with wild cards will not have PTR records created, but multiple
# names for the same IP are supported
# example.com 192.168.100.1
# my.example.com 192.168.100.1
================================================
FILE: dnscrypt-proxy/example-dnscrypt-proxy.toml
================================================
##############################################
# #
# dnscrypt-proxy configuration #
# #
##############################################
## This is an example configuration file.
## You should adjust it to your needs, and save it as "dnscrypt-proxy.toml"
##
## Online documentation is available here: https://dnscrypt.info/doc
###############################################################################
# Global settings #
###############################################################################
## List of servers to use
##
## Servers from the "public-resolvers" source (see down below) can
## be viewed here: https://dnscrypt.info/public-servers
##
## The proxy will automatically pick working servers from this list.
## Note that the require_* filters do NOT apply when using this setting.
##
## By default, this list is empty and all registered servers matching the
## require_* filters will be used instead.
##
## Remove the leading # first to enable this; lines starting with # are ignored.
# server_names = ['scaleway-fr', 'google', 'yandex', 'cloudflare']
## List of local addresses and ports to listen to. Can be IPv4 and/or IPv6.
## Example with both IPv4 and IPv6:
## listen_addresses = ['127.0.0.1:53', '[::1]:53']
##
## To listen to all IPv4 addresses, use `listen_addresses = ['0.0.0.0:53']`
## To listen to all IPv4+IPv6 addresses, use `listen_addresses = ['[::]:53']`
listen_addresses = ['127.0.0.1:53']
## Maximum number of simultaneous client connections to accept
max_clients = 250
## Switch to a different system user after listening sockets have been created.
## Note (1): this feature is currently unsupported on Windows.
## Note (2): this feature is not compatible with systemd socket activation.
## Note (3): when using -pidfile, the PID file directory must be writable by the new user
# user_name = 'nobody'
###############################################################################
# Server Selection #
###############################################################################
## Require servers (from remote sources) to satisfy specific properties
# Use servers reachable over IPv4
ipv4_servers = true
# Use servers reachable over IPv6 -- Do not enable if you don't have IPv6 connectivity
ipv6_servers = false
# Use servers implementing the DNSCrypt protocol
dnscrypt_servers = true
# Use servers implementing the DNS-over-HTTPS protocol
doh_servers = true
# Use servers implementing the Oblivious DoH protocol
odoh_servers = false
## Require servers defined by remote sources to satisfy specific properties
# Server must support DNS security extensions (DNSSEC)
require_dnssec = false
# Server must not log user queries (declarative)
require_nolog = true
# Server must not enforce its own blocklist (for parental control, ads blocking...)
require_nofilter = true
# Server names to avoid even if they match all criteria
disabled_server_names = []
###############################################################################
# Connection Settings #
###############################################################################
## Always use TCP to connect to upstream servers.
## This can be useful if you need to route everything through Tor.
## Otherwise, leave this to `false`, as it doesn't improve security
## (dnscrypt-proxy will always encrypt everything even using UDP), and can
## only increase latency.
force_tcp = false
## Enable support for HTTP/3 (HTTP over QUIC)
## Note that, like DNSCrypt but unlike other HTTP versions, this uses
## UDP and (usually) port 443 instead of TCP.
http3 = false
## When http3 is true, always try HTTP/3 first for DoH servers.
## If the HTTP/3 connection fails, fallback to HTTP/2 and don't try
## HTTP/3 again for that server. By default, HTTP/3 is only used for
## servers that advertise support via the Alt-Svc header.
##
## WARNING: This setting is disabled by default because it will make
## connections significantly slower for servers that don't support HTTP/3.
## This is primarily a workaround for server operators who haven't
## configured their servers to send proper Alt-Svc headers. The better
## solution is to reach out to these operators and encourage them to
## fix their servers to correctly advertise HTTP/3 support.
http3_probe = false
## SOCKS proxy
## Uncomment the following line to route all TCP connections to a local Tor node
## Tor doesn't support UDP, so set `force_tcp` to `true` as well. When passing
## a random username and password to Tor's socks5 connection, dnscrypt-proxy gets
## an isolated circuit so it will not share an exit node with other applications.
## Note: the random username and password used by dnscrypt-proxy should not
## actually be defined in Tor's configuration.
# proxy = 'socks5://dnscrypt:dnscrypt@127.0.0.1:9050'
## HTTP/HTTPS proxy
## Only for DoH servers
# http_proxy = 'http://127.0.0.1:8888'
## How long a DNS query will wait for a response, in milliseconds.
## If you have a network with *a lot* of latency, you may need to
## increase this. Startup may be slower if you do so.
## Don't increase it too much. 10000 is the highest reasonable value.
## A timeout below 5000 is not recommended.
timeout = 5000
## Keepalive for HTTP (HTTPS, HTTP/2, HTTP/3) queries, in seconds
keepalive = 30
## Add EDNS-client-subnet information to outgoing queries
##
## Multiple networks can be listed; they will be randomly chosen.
## These networks don't have to match your actual networks.
# edns_client_subnet = ['0.0.0.0/0', '2001:db8::/32']
## Response for blocked queries. Options are `refused`, `hinfo` (default) or
## an IP response. To give an IP response, use the format `a:<IPv4>,aaaa:<IPv6>`.
## Using the `hinfo` option means that some responses will be lies.
## Unfortunately, the `hinfo` option appears to be required for Android 8+
# blocked_query_response = 'refused'
###############################################################################
# Load Balancing & Performance #
###############################################################################
## Load-balancing strategy: 'wp2' (default), 'p2', 'ph', 'p<n>', 'first', or 'random'
## 'wp2' (default): Weighted Power of Two - selects the better performing server
## from two random candidates based on real-time RTT and success rates.
## 'p2': Randomly choose 1 of the fastest 2 servers by latency.
## 'ph': Randomly choose from fastest half of servers.
## 'p<n>': Randomly choose from fastest n servers (e.g., 'p3' for fastest 3).
## 'first': Always use the fastest server.
## 'random': Randomly choose from all servers.
## The response quality still depends on the server itself.
# lb_strategy = 'wp2'
## Set to `true` to constantly try to estimate the latency of all the resolvers
## and adjust the load-balancing parameters accordingly, or to `false` to disable.
## Default is `true` that makes 'p2' `lb_strategy` work well.
# lb_estimator = true
## Dynamically reduce query timeout as the number of concurrent connections
## approaches max_clients to prevent overload. Value must be between 0.0 and 1.0.
## 0.0 = no reduction, 1.0 = maximum reduction.
## Uses a quartic curve to keep timeout high at low load and reduce sharply near limit.
## For example, with timeout=5000ms, max_clients=250, and timeout_load_reduction=0.75:
## - At 125 connections (50% load): timeout remains ~4765ms (95.3%)
## - At 187 connections (75% load): timeout reduces to ~3826ms (76.5%)
## - At 225 connections (90% load): timeout reduces to ~2539ms (50.8%)
## - At 250 connections (100% load): timeout reduces to ~1250ms (25%)
## This helps maintain responsiveness under high load by failing fast.
# timeout_load_reduction = 0.75
## Set to `true` to enable hot reloading of configuration files (like allowed-names.txt,
## blocked-names.txt, etc.) when they are modified. This can increase CPU and memory usage.
## Default is `false` (hot reloading is disabled).
# enable_hot_reload = false
###############################################################################
# Logging #
###############################################################################
## Log level (0-6, default: 2 - 0 is very verbose, 6 only contains fatal errors)
# log_level = 2
## Log file for the application, as an alternative to sending logs to
## the standard system logging service (syslog/Windows event log).
##
## This file is different from other log files, and will not be
## automatically rotated by the application.
# log_file = 'dnscrypt-proxy.log'
## When using a log file, only keep logs from the most recent launch.
# log_file_latest = true
## Use the system logger (syslog on Unix, Event Log on Windows)
# use_syslog = true
## Automatic log files rotation
# Maximum log files size in MB - Set to 0 for unlimited.
log_files_max_size = 10
# How long to keep backup files, in days
log_files_max_age = 7
# Maximum log files backups to keep (or 0 to keep all backups)
log_files_max_backups = 1
###############################################################################
# Certificate Management #
###############################################################################
## The maximum concurrency to refresh resolvers (DNSCrypt, DoH, and ODoH).
## Default is 10. Reduce this on constrained devices such as small routers.
# cert_refresh_concurrency = 10
## Delay, in minutes, after which certificates are reloaded
cert_refresh_delay = 240
## Initially don't check DNSCrypt server certificates for expiration, and
## only start checking them after a first successful connection to a resolver.
## This can be useful on routers with no battery-backed clock.
# cert_ignore_timestamp = false
## DNSCrypt: Create a new, unique key for every single DNS query
## This may improve privacy but can also have a significant impact on CPU usage
## Only enable if you don't have a lot of network load
# dnscrypt_ephemeral_keys = false
## DoH: Disable TLS session tickets - increases privacy but also latency
# tls_disable_session_tickets = false
## Prefer RSA certificates over ECDSA for TLS connections.
## When this is enabled, some servers may become impossible to use,
## or may stop to work later as they upgrade their configuratione.
## Changing this setting is generally not recommended, but it may
## reduce CPU usage on small routers with slow CPUs.
# tls_prefer_rsa = false
## Log TLS key material to a file, for debugging purposes only.
## This file will contain the TLS master key, which can be used to decrypt
## all TLS traffic to/fro
gitextract_akws00m5/
├── .ci/
│ ├── allowed-names.txt
│ ├── blocked-ips.txt
│ ├── blocked-names.txt
│ ├── ci-build.sh
│ ├── ci-package.sh
│ ├── ci-test.sh
│ ├── cloaking-rules.txt
│ ├── forwarding-rules.txt
│ ├── test-odoh-proxied.toml
│ ├── test2-dnscrypt-proxy.toml
│ └── test3-dnscrypt-proxy.toml
├── .gitattributes
├── .github/
│ ├── ISSUE_TEMPLATE/
│ │ ├── bugs.md
│ │ └── suggestions.md
│ ├── dependabot.yml
│ └── workflows/
│ ├── autocloser.yml
│ ├── codeql-analysis.yml
│ └── releases.yml
├── .gitignore
├── ChangeLog
├── LICENSE
├── README.md
├── contrib/
│ └── msi/
│ ├── Dockerfile
│ ├── README.md
│ ├── build.sh
│ └── dnscrypt.wxs
├── dnscrypt-proxy/
│ ├── coldstart.go
│ ├── common.go
│ ├── common_test.go
│ ├── config.go
│ ├── config_loader.go
│ ├── config_watcher.go
│ ├── config_watcher_test.go
│ ├── crypto.go
│ ├── dnscrypt_certs.go
│ ├── dnsutils.go
│ ├── estimators.go
│ ├── example-allowed-ips.txt
│ ├── example-allowed-names.txt
│ ├── example-blocked-ips.txt
│ ├── example-blocked-names.txt
│ ├── example-captive-portals.txt
│ ├── example-cloaking-rules.txt
│ ├── example-dnscrypt-proxy.toml
│ ├── example-forwarding-rules.txt
│ ├── fuzzing_test.go
│ ├── hot_reload.go
│ ├── ipcrypt.go
│ ├── ipcrypt_test.go
│ ├── local-doh.go
│ ├── localhost.pem
│ ├── logger.go
│ ├── main.go
│ ├── monitoring_ui.go
│ ├── netprobe_others.go
│ ├── netprobe_windows.go
│ ├── oblivious_doh.go
│ ├── pattern_matcher.go
│ ├── permcheck_others.go
│ ├── permcheck_unix.go
│ ├── pidfile.go
│ ├── plugin_allow_ip.go
│ ├── plugin_allow_name.go
│ ├── plugin_block_ip.go
│ ├── plugin_block_ipv6.go
│ ├── plugin_block_name.go
│ ├── plugin_block_undelegated.go
│ ├── plugin_block_unqualified.go
│ ├── plugin_cache.go
│ ├── plugin_captive_portal.go
│ ├── plugin_cloak.go
│ ├── plugin_dns64.go
│ ├── plugin_ecs.go
│ ├── plugin_firefox.go
│ ├── plugin_forward.go
│ ├── plugin_get_set_payload_size.go
│ ├── plugin_nx_log.go
│ ├── plugin_query_log.go
│ ├── plugin_querymeta.go
│ ├── plugins.go
│ ├── privilege_linux.go
│ ├── privilege_others.go
│ ├── privilege_windows.go
│ ├── proxy.go
│ ├── query_processing.go
│ ├── reload_utils.go
│ ├── reload_utils_test.go
│ ├── resolve.go
│ ├── serversInfo.go
│ ├── service_android.go
│ ├── service_linux.go
│ ├── service_others.go
│ ├── service_windows.go
│ ├── setsockopts_darwin.go
│ ├── setsockopts_freebsd.go
│ ├── setsockopts_linux.go
│ ├── setsockopts_openbsd.go
│ ├── setsockopts_others.go
│ ├── setsockopts_windows.go
│ ├── signal_others.go
│ ├── signal_posix.go
│ ├── sources.go
│ ├── sources_test.go
│ ├── static/
│ │ ├── js/
│ │ │ └── monitoring.js
│ │ └── templates/
│ │ └── dashboard.html
│ ├── staticcheck.conf
│ ├── systemd_android.go
│ ├── systemd_free.go
│ ├── systemd_linux.go
│ ├── templates.go
│ ├── testdata/
│ │ ├── snakeoil.key
│ │ ├── snakeoil.pub
│ │ └── sources/
│ │ ├── empty.md
│ │ ├── empty.md.minisig
│ │ ├── minimal_relay.md
│ │ └── minimal_relay.md.minisig
│ ├── time_ranges.go
│ ├── timezone_android.go
│ ├── timezone_others.go
│ ├── udp_conn_pool.go
│ ├── udp_conn_pool_test.go
│ └── xtransport.go
├── go.mod
├── go.sum
├── utils/
│ └── generate-domains-blocklist/
│ ├── domains-allowlist.txt
│ ├── domains-blocklist-local-additions.txt
│ ├── domains-blocklist.conf
│ ├── domains-time-restricted.txt
│ └── generate-domains-blocklist.py
├── vendor/
│ ├── codeberg.org/
│ │ └── miekg/
│ │ └── dns/
│ │ ├── .changelog.go.tmpl
│ │ ├── CHANGELOG.md
│ │ ├── CONTRIBUTORS
│ │ ├── COPYRIGHT
│ │ ├── LICENSE
│ │ ├── Makefile.release
│ │ ├── README.md
│ │ ├── client.go
│ │ ├── dane.go
│ │ ├── deleg/
│ │ │ ├── deleg.go
│ │ │ ├── delegpack.go
│ │ │ ├── pack.go
│ │ │ ├── scan.go
│ │ │ └── zdnsutil.go
│ │ ├── dns.go
│ │ ├── dnssec.go
│ │ ├── dnssec_keygen.go
│ │ ├── dnssec_keyscan.go
│ │ ├── dnssec_privkey.go
│ │ ├── dnssec_signer.go
│ │ ├── doc.go
│ │ ├── dso_types.go
│ │ ├── edns_types.go
│ │ ├── errors.go
│ │ ├── generate.go
│ │ ├── headerpack.go
│ │ ├── internal/
│ │ │ ├── ddd/
│ │ │ │ └── ddd.go
│ │ │ ├── dnslex/
│ │ │ │ └── lex.go
│ │ │ ├── dnsstring/
│ │ │ │ ├── reader.go
│ │ │ │ ├── strconv.go
│ │ │ │ ├── types.go
│ │ │ │ └── zrr.go
│ │ │ ├── jump/
│ │ │ │ └── jump.go
│ │ │ ├── pack/
│ │ │ │ ├── errors.go
│ │ │ │ └── pack.go
│ │ │ ├── reverse/
│ │ │ │ └── reverse.go
│ │ │ └── unpack/
│ │ │ ├── errors.go
│ │ │ └── unpack.go
│ │ ├── listen_no_socket_options.go
│ │ ├── listen_socket_options.go
│ │ ├── msg.go
│ │ ├── nsecpack.go
│ │ ├── opt.go
│ │ ├── optpack.go
│ │ ├── pkg/
│ │ │ └── pool/
│ │ │ └── pool.go
│ │ ├── rdata/
│ │ │ ├── rdata.go
│ │ │ ├── string.go
│ │ │ ├── stringutil.go
│ │ │ ├── zdnsutil.go
│ │ │ └── zlen.go
│ │ ├── response.go
│ │ ├── reverse.go
│ │ ├── router
│ │ ├── scan.go
│ │ ├── scan_ednsrr.go
│ │ ├── scan_rdata.go
│ │ ├── scan_rr.go
│ │ ├── serve_mux.go
│ │ ├── server.go
│ │ ├── server_no_recvmmsg.go
│ │ ├── server_recvmmsg.go
│ │ ├── sig0.go
│ │ ├── sig0_signer.go
│ │ ├── smimea.go
│ │ ├── sort.go
│ │ ├── sort_rdata.go
│ │ ├── string.go
│ │ ├── svcb/
│ │ │ ├── pack.go
│ │ │ ├── scan.go
│ │ │ ├── svcb.go
│ │ │ ├── svcbpack.go
│ │ │ └── zdnsutil.go
│ │ ├── tlsa.go
│ │ ├── transfer.go
│ │ ├── transport.go
│ │ ├── tsig.go
│ │ ├── tsig_signer.go
│ │ ├── types.go
│ │ ├── udp.go
│ │ ├── udp_darwin.go
│ │ ├── udp_no_control.go
│ │ ├── udp_session.go
│ │ ├── udp_unix.go
│ │ ├── version.go
│ │ ├── zclone.go
│ │ ├── zcompare.go
│ │ ├── zdnstest.go
│ │ ├── zdnsutil.go
│ │ ├── zdsolen.go
│ │ ├── zdsorr.go
│ │ ├── zednspack.go
│ │ ├── zednsrr.go
│ │ ├── zlen.go
│ │ ├── zmsg.go
│ │ ├── zonemd.go
│ │ ├── zpack.go
│ │ ├── zparse.go
│ │ ├── zrdata.go
│ │ └── zrr.go
│ ├── github.com/
│ │ ├── BurntSushi/
│ │ │ └── toml/
│ │ │ ├── .gitignore
│ │ │ ├── COPYING
│ │ │ ├── README.md
│ │ │ ├── decode.go
│ │ │ ├── deprecated.go
│ │ │ ├── doc.go
│ │ │ ├── encode.go
│ │ │ ├── error.go
│ │ │ ├── internal/
│ │ │ │ └── tz.go
│ │ │ ├── lex.go
│ │ │ ├── meta.go
│ │ │ ├── parse.go
│ │ │ ├── type_fields.go
│ │ │ └── type_toml.go
│ │ ├── VividCortex/
│ │ │ └── ewma/
│ │ │ ├── .gitignore
│ │ │ ├── .whitesource
│ │ │ ├── LICENSE
│ │ │ ├── README.md
│ │ │ ├── codecov.yml
│ │ │ └── ewma.go
│ │ ├── coreos/
│ │ │ └── go-systemd/
│ │ │ ├── LICENSE
│ │ │ ├── NOTICE
│ │ │ ├── activation/
│ │ │ │ ├── files.go
│ │ │ │ ├── listeners.go
│ │ │ │ └── packetconns.go
│ │ │ └── daemon/
│ │ │ ├── sdnotify.go
│ │ │ └── watchdog.go
│ │ ├── davecgh/
│ │ │ └── go-spew/
│ │ │ ├── LICENSE
│ │ │ └── spew/
│ │ │ ├── bypass.go
│ │ │ ├── bypasssafe.go
│ │ │ ├── common.go
│ │ │ ├── config.go
│ │ │ ├── doc.go
│ │ │ ├── dump.go
│ │ │ ├── format.go
│ │ │ └── spew.go
│ │ ├── dchest/
│ │ │ └── safefile/
│ │ │ ├── .travis.yml
│ │ │ ├── LICENSE
│ │ │ ├── README.md
│ │ │ ├── appveyor.yml
│ │ │ ├── rename.go
│ │ │ ├── rename_nonatomic.go
│ │ │ └── safefile.go
│ │ ├── fsnotify/
│ │ │ └── fsnotify/
│ │ │ ├── .cirrus.yml
│ │ │ ├── .gitignore
│ │ │ ├── .mailmap
│ │ │ ├── CHANGELOG.md
│ │ │ ├── CONTRIBUTING.md
│ │ │ ├── LICENSE
│ │ │ ├── README.md
│ │ │ ├── backend_fen.go
│ │ │ ├── backend_inotify.go
│ │ │ ├── backend_kqueue.go
│ │ │ ├── backend_other.go
│ │ │ ├── backend_windows.go
│ │ │ ├── fsnotify.go
│ │ │ ├── internal/
│ │ │ │ ├── darwin.go
│ │ │ │ ├── debug_darwin.go
│ │ │ │ ├── debug_dragonfly.go
│ │ │ │ ├── debug_freebsd.go
│ │ │ │ ├── debug_kqueue.go
│ │ │ │ ├── debug_linux.go
│ │ │ │ ├── debug_netbsd.go
│ │ │ │ ├── debug_openbsd.go
│ │ │ │ ├── debug_solaris.go
│ │ │ │ ├── debug_windows.go
│ │ │ │ ├── freebsd.go
│ │ │ │ ├── internal.go
│ │ │ │ ├── unix.go
│ │ │ │ ├── unix2.go
│ │ │ │ └── windows.go
│ │ │ ├── shared.go
│ │ │ ├── staticcheck.conf
│ │ │ ├── system_bsd.go
│ │ │ └── system_darwin.go
│ │ ├── gorilla/
│ │ │ └── websocket/
│ │ │ ├── .gitignore
│ │ │ ├── AUTHORS
│ │ │ ├── LICENSE
│ │ │ ├── README.md
│ │ │ ├── client.go
│ │ │ ├── compression.go
│ │ │ ├── conn.go
│ │ │ ├── doc.go
│ │ │ ├── join.go
│ │ │ ├── json.go
│ │ │ ├── mask.go
│ │ │ ├── mask_safe.go
│ │ │ ├── prepared.go
│ │ │ ├── proxy.go
│ │ │ ├── server.go
│ │ │ ├── tls_handshake.go
│ │ │ ├── tls_handshake_116.go
│ │ │ ├── util.go
│ │ │ └── x_net_proxy.go
│ │ ├── hashicorp/
│ │ │ ├── go-immutable-radix/
│ │ │ │ ├── .gitignore
│ │ │ │ ├── CHANGELOG.md
│ │ │ │ ├── LICENSE
│ │ │ │ ├── README.md
│ │ │ │ ├── edges.go
│ │ │ │ ├── iradix.go
│ │ │ │ ├── iter.go
│ │ │ │ ├── node.go
│ │ │ │ ├── raw_iter.go
│ │ │ │ └── reverse_iter.go
│ │ │ ├── go-syslog/
│ │ │ │ ├── .gitignore
│ │ │ │ ├── LICENSE
│ │ │ │ ├── README.md
│ │ │ │ ├── builtin.go
│ │ │ │ ├── syslog.go
│ │ │ │ ├── unix.go
│ │ │ │ └── unsupported.go
│ │ │ └── golang-lru/
│ │ │ ├── LICENSE
│ │ │ └── simplelru/
│ │ │ ├── lru.go
│ │ │ └── lru_interface.go
│ │ ├── hectane/
│ │ │ └── go-acl/
│ │ │ ├── LICENSE.txt
│ │ │ ├── README.md
│ │ │ ├── api/
│ │ │ │ ├── acl.go
│ │ │ │ ├── api.go
│ │ │ │ ├── posix.go
│ │ │ │ ├── secinfo.go
│ │ │ │ └── sid.go
│ │ │ ├── apply.go
│ │ │ ├── appveyor.yml
│ │ │ ├── chmod.go
│ │ │ ├── posix.go
│ │ │ └── util.go
│ │ ├── jedisct1/
│ │ │ ├── dlog/
│ │ │ │ ├── .gitignore
│ │ │ │ ├── LICENSE
│ │ │ │ ├── README.md
│ │ │ │ ├── dlog.go
│ │ │ │ ├── sysdeps_others.go
│ │ │ │ └── sysdeps_windows.go
│ │ │ ├── go-clocksmith/
│ │ │ │ ├── .gitignore
│ │ │ │ ├── LICENSE
│ │ │ │ ├── README.md
│ │ │ │ └── clocksmith.go
│ │ │ ├── go-dnsstamps/
│ │ │ │ ├── .gitignore
│ │ │ │ ├── LICENSE
│ │ │ │ ├── README.md
│ │ │ │ └── dnsstamps.go
│ │ │ ├── go-hpke-compact/
│ │ │ │ ├── .gitignore
│ │ │ │ ├── LICENSE
│ │ │ │ ├── README.md
│ │ │ │ └── hpke.go
│ │ │ ├── go-minisign/
│ │ │ │ ├── .gitignore
│ │ │ │ ├── LICENSE
│ │ │ │ ├── README.md
│ │ │ │ └── minisign.go
│ │ │ ├── go-sieve-cache/
│ │ │ │ ├── LICENSE
│ │ │ │ └── pkg/
│ │ │ │ └── sievecache/
│ │ │ │ ├── bitset.go
│ │ │ │ ├── doc.go
│ │ │ │ ├── node.go
│ │ │ │ ├── sharded.go
│ │ │ │ ├── sievecache.go
│ │ │ │ └── sync.go
│ │ │ └── xsecretbox/
│ │ │ ├── .gitignore
│ │ │ ├── LICENSE
│ │ │ ├── README.md
│ │ │ ├── sharedkey.go
│ │ │ └── xsecretbox.go
│ │ ├── k-sone/
│ │ │ └── critbitgo/
│ │ │ ├── .travis.yml
│ │ │ ├── CHANGES.md
│ │ │ ├── LICENSE
│ │ │ ├── README.md
│ │ │ ├── critbit.go
│ │ │ ├── map.go
│ │ │ └── net.go
│ │ ├── kardianos/
│ │ │ └── service/
│ │ │ ├── .gitignore
│ │ │ ├── .travis.yml
│ │ │ ├── LICENSE
│ │ │ ├── README.md
│ │ │ ├── appveyor.yml
│ │ │ ├── console.go
│ │ │ ├── linux-test-su.sh
│ │ │ ├── service.go
│ │ │ ├── service_aix.go
│ │ │ ├── service_darwin.go
│ │ │ ├── service_freebsd.go
│ │ │ ├── service_go1.8.go
│ │ │ ├── service_linux.go
│ │ │ ├── service_openrc_linux.go
│ │ │ ├── service_procd_linux.go
│ │ │ ├── service_rcs_linux.go
│ │ │ ├── service_solaris.go
│ │ │ ├── service_systemd_linux.go
│ │ │ ├── service_sysv_linux.go
│ │ │ ├── service_unix.go
│ │ │ ├── service_upstart_linux.go
│ │ │ ├── service_windows.go
│ │ │ └── version.go
│ │ ├── lifenjoiner/
│ │ │ └── dhcpdns/
│ │ │ ├── .gitignore
│ │ │ ├── LICENSE
│ │ │ ├── dhcpdns.go
│ │ │ ├── readme.md
│ │ │ ├── sockopt_reuse0.go
│ │ │ ├── sockopt_reuse1.go
│ │ │ ├── sockopt_reuse2_1.go
│ │ │ └── sockopt_reuse2_2.go
│ │ ├── miekg/
│ │ │ └── dns/
│ │ │ ├── .codecov.yml
│ │ │ ├── .gitignore
│ │ │ ├── AUTHORS
│ │ │ ├── CODEOWNERS
│ │ │ ├── CONTRIBUTORS
│ │ │ ├── COPYRIGHT
│ │ │ ├── LICENSE
│ │ │ ├── Makefile.fuzz
│ │ │ ├── Makefile.release
│ │ │ ├── README.md
│ │ │ ├── acceptfunc.go
│ │ │ ├── client.go
│ │ │ ├── clientconfig.go
│ │ │ ├── dane.go
│ │ │ ├── defaults.go
│ │ │ ├── dns.go
│ │ │ ├── dnssec.go
│ │ │ ├── dnssec_keygen.go
│ │ │ ├── dnssec_keyscan.go
│ │ │ ├── dnssec_privkey.go
│ │ │ ├── doc.go
│ │ │ ├── duplicate.go
│ │ │ ├── edns.go
│ │ │ ├── format.go
│ │ │ ├── fuzz.go
│ │ │ ├── generate.go
│ │ │ ├── hash.go
│ │ │ ├── labels.go
│ │ │ ├── listen_no_socket_options.go
│ │ │ ├── listen_socket_options.go
│ │ │ ├── msg.go
│ │ │ ├── msg_helpers.go
│ │ │ ├── msg_truncate.go
│ │ │ ├── nsecx.go
│ │ │ ├── privaterr.go
│ │ │ ├── reverse.go
│ │ │ ├── sanitize.go
│ │ │ ├── scan.go
│ │ │ ├── scan_rr.go
│ │ │ ├── serve_mux.go
│ │ │ ├── server.go
│ │ │ ├── sig0.go
│ │ │ ├── smimea.go
│ │ │ ├── svcb.go
│ │ │ ├── tlsa.go
│ │ │ ├── tools.go
│ │ │ ├── tsig.go
│ │ │ ├── types.go
│ │ │ ├── udp.go
│ │ │ ├── udp_no_control.go
│ │ │ ├── update.go
│ │ │ ├── version.go
│ │ │ ├── xfr.go
│ │ │ ├── zduplicate.go
│ │ │ ├── zmsg.go
│ │ │ └── ztypes.go
│ │ ├── pkg/
│ │ │ └── errors/
│ │ │ ├── .gitignore
│ │ │ ├── .travis.yml
│ │ │ ├── LICENSE
│ │ │ ├── Makefile
│ │ │ ├── README.md
│ │ │ ├── appveyor.yml
│ │ │ ├── errors.go
│ │ │ ├── go113.go
│ │ │ └── stack.go
│ │ ├── pmezard/
│ │ │ └── go-difflib/
│ │ │ ├── LICENSE
│ │ │ └── difflib/
│ │ │ └── difflib.go
│ │ ├── powerman/
│ │ │ ├── check/
│ │ │ │ ├── .editorconfig
│ │ │ │ ├── .gitattributes
│ │ │ │ ├── .gitignore
│ │ │ │ ├── .golangci.yml
│ │ │ │ ├── CHANGELOG.md
│ │ │ │ ├── LICENSE
│ │ │ │ ├── README.md
│ │ │ │ ├── check.go
│ │ │ │ ├── color.go
│ │ │ │ ├── color_bsd.go
│ │ │ │ ├── color_linux.go
│ │ │ │ ├── color_other.go
│ │ │ │ ├── color_windows.go
│ │ │ │ ├── doc.go
│ │ │ │ ├── dump.go
│ │ │ │ ├── flags.go
│ │ │ │ ├── goconvey.go
│ │ │ │ ├── mise.toml
│ │ │ │ ├── stats.go
│ │ │ │ └── util.go
│ │ │ └── deepequal/
│ │ │ ├── LICENSE
│ │ │ ├── LICENSE-go
│ │ │ ├── README.md
│ │ │ ├── custom.go
│ │ │ ├── deepequal.go
│ │ │ ├── type.go
│ │ │ └── value.go
│ │ ├── quic-go/
│ │ │ ├── qpack/
│ │ │ │ ├── .codecov.yml
│ │ │ │ ├── .gitignore
│ │ │ │ ├── .gitmodules
│ │ │ │ ├── .golangci.yml
│ │ │ │ ├── LICENSE.md
│ │ │ │ ├── README.md
│ │ │ │ ├── decoder.go
│ │ │ │ ├── encoder.go
│ │ │ │ ├── header_field.go
│ │ │ │ ├── static_table.go
│ │ │ │ └── varint.go
│ │ │ └── quic-go/
│ │ │ ├── .gitignore
│ │ │ ├── .golangci.yml
│ │ │ ├── LICENSE
│ │ │ ├── README.md
│ │ │ ├── SECURITY.md
│ │ │ ├── buffer_pool.go
│ │ │ ├── client.go
│ │ │ ├── closed_conn.go
│ │ │ ├── codecov.yml
│ │ │ ├── config.go
│ │ │ ├── conn_id_generator.go
│ │ │ ├── conn_id_manager.go
│ │ │ ├── connection.go
│ │ │ ├── connection_logging.go
│ │ │ ├── crypto_stream.go
│ │ │ ├── crypto_stream_manager.go
│ │ │ ├── datagram_queue.go
│ │ │ ├── errors.go
│ │ │ ├── frame_sorter.go
│ │ │ ├── framer.go
│ │ │ ├── http3/
│ │ │ │ ├── README.md
│ │ │ │ ├── body.go
│ │ │ │ ├── capsule.go
│ │ │ │ ├── client.go
│ │ │ │ ├── conn.go
│ │ │ │ ├── error.go
│ │ │ │ ├── error_codes.go
│ │ │ │ ├── frames.go
│ │ │ │ ├── gzip_reader.go
│ │ │ │ ├── headers.go
│ │ │ │ ├── ip_addr.go
│ │ │ │ ├── mockgen.go
│ │ │ │ ├── qlog/
│ │ │ │ │ ├── event.go
│ │ │ │ │ ├── frame.go
│ │ │ │ │ └── qlog_dir.go
│ │ │ │ ├── qlog.go
│ │ │ │ ├── request_writer.go
│ │ │ │ ├── response_writer.go
│ │ │ │ ├── server.go
│ │ │ │ ├── server_conn.go
│ │ │ │ ├── state_tracking_stream.go
│ │ │ │ ├── stream.go
│ │ │ │ ├── trace.go
│ │ │ │ └── transport.go
│ │ │ ├── interface.go
│ │ │ ├── internal/
│ │ │ │ ├── ackhandler/
│ │ │ │ │ ├── ack_eliciting.go
│ │ │ │ │ ├── ecn.go
│ │ │ │ │ ├── frame.go
│ │ │ │ │ ├── interfaces.go
│ │ │ │ │ ├── lost_packet_tracker.go
│ │ │ │ │ ├── mockgen.go
│ │ │ │ │ ├── packet.go
│ │ │ │ │ ├── packet_number_generator.go
│ │ │ │ │ ├── received_packet_handler.go
│ │ │ │ │ ├── received_packet_history.go
│ │ │ │ │ ├── received_packet_tracker.go
│ │ │ │ │ ├── send_mode.go
│ │ │ │ │ ├── sent_packet_handler.go
│ │ │ │ │ └── sent_packet_history.go
│ │ │ │ ├── congestion/
│ │ │ │ │ ├── bandwidth.go
│ │ │ │ │ ├── clock.go
│ │ │ │ │ ├── cubic.go
│ │ │ │ │ ├── cubic_sender.go
│ │ │ │ │ ├── hybrid_slow_start.go
│ │ │ │ │ ├── interface.go
│ │ │ │ │ └── pacer.go
│ │ │ │ ├── flowcontrol/
│ │ │ │ │ ├── base_flow_controller.go
│ │ │ │ │ ├── connection_flow_controller.go
│ │ │ │ │ ├── interface.go
│ │ │ │ │ └── stream_flow_controller.go
│ │ │ │ ├── handshake/
│ │ │ │ │ ├── aead.go
│ │ │ │ │ ├── cipher_suite.go
│ │ │ │ │ ├── crypto_setup.go
│ │ │ │ │ ├── fake_conn.go
│ │ │ │ │ ├── header_protector.go
│ │ │ │ │ ├── hkdf.go
│ │ │ │ │ ├── initial_aead.go
│ │ │ │ │ ├── interface.go
│ │ │ │ │ ├── retry.go
│ │ │ │ │ ├── session_ticket.go
│ │ │ │ │ ├── tls_config.go
│ │ │ │ │ ├── token_generator.go
│ │ │ │ │ ├── token_protector.go
│ │ │ │ │ └── updatable_aead.go
│ │ │ │ ├── monotime/
│ │ │ │ │ └── time.go
│ │ │ │ ├── protocol/
│ │ │ │ │ ├── connection_id.go
│ │ │ │ │ ├── encryption_level.go
│ │ │ │ │ ├── key_phase.go
│ │ │ │ │ ├── packet_number.go
│ │ │ │ │ ├── params.go
│ │ │ │ │ ├── perspective.go
│ │ │ │ │ ├── protocol.go
│ │ │ │ │ ├── stream.go
│ │ │ │ │ └── version.go
│ │ │ │ ├── qerr/
│ │ │ │ │ ├── error_codes.go
│ │ │ │ │ └── errors.go
│ │ │ │ ├── utils/
│ │ │ │ │ ├── buffered_write_closer.go
│ │ │ │ │ ├── connstats.go
│ │ │ │ │ ├── linkedlist/
│ │ │ │ │ │ ├── README.md
│ │ │ │ │ │ └── linkedlist.go
│ │ │ │ │ ├── log.go
│ │ │ │ │ ├── rand.go
│ │ │ │ │ ├── ringbuffer/
│ │ │ │ │ │ └── ringbuffer.go
│ │ │ │ │ └── rtt_stats.go
│ │ │ │ └── wire/
│ │ │ │ ├── ack_frame.go
│ │ │ │ ├── ack_frequency_frame.go
│ │ │ │ ├── ack_range.go
│ │ │ │ ├── connection_close_frame.go
│ │ │ │ ├── crypto_frame.go
│ │ │ │ ├── data_blocked_frame.go
│ │ │ │ ├── datagram_frame.go
│ │ │ │ ├── extended_header.go
│ │ │ │ ├── frame.go
│ │ │ │ ├── frame_parser.go
│ │ │ │ ├── frame_type.go
│ │ │ │ ├── handshake_done_frame.go
│ │ │ │ ├── header.go
│ │ │ │ ├── immediate_ack_frame.go
│ │ │ │ ├── log.go
│ │ │ │ ├── max_data_frame.go
│ │ │ │ ├── max_stream_data_frame.go
│ │ │ │ ├── max_streams_frame.go
│ │ │ │ ├── new_connection_id_frame.go
│ │ │ │ ├── new_token_frame.go
│ │ │ │ ├── path_challenge_frame.go
│ │ │ │ ├── path_response_frame.go
│ │ │ │ ├── ping_frame.go
│ │ │ │ ├── pool.go
│ │ │ │ ├── reset_stream_frame.go
│ │ │ │ ├── retire_connection_id_frame.go
│ │ │ │ ├── short_header.go
│ │ │ │ ├── stop_sending_frame.go
│ │ │ │ ├── stream_data_blocked_frame.go
│ │ │ │ ├── stream_frame.go
│ │ │ │ ├── streams_blocked_frame.go
│ │ │ │ ├── transport_parameters.go
│ │ │ │ └── version_negotiation.go
│ │ │ ├── mockgen.go
│ │ │ ├── mtu_discoverer.go
│ │ │ ├── oss-fuzz.sh
│ │ │ ├── packet_packer.go
│ │ │ ├── packet_unpacker.go
│ │ │ ├── path_manager.go
│ │ │ ├── path_manager_outgoing.go
│ │ │ ├── qlog/
│ │ │ │ ├── event.go
│ │ │ │ ├── frame.go
│ │ │ │ ├── packet_header.go
│ │ │ │ ├── qlog_dir.go
│ │ │ │ └── types.go
│ │ │ ├── qlogwriter/
│ │ │ │ ├── jsontext/
│ │ │ │ │ └── encoder.go
│ │ │ │ ├── trace.go
│ │ │ │ └── writer.go
│ │ │ ├── quicvarint/
│ │ │ │ ├── io.go
│ │ │ │ └── varint.go
│ │ │ ├── receive_stream.go
│ │ │ ├── retransmission_queue.go
│ │ │ ├── send_conn.go
│ │ │ ├── send_queue.go
│ │ │ ├── send_stream.go
│ │ │ ├── server.go
│ │ │ ├── sni.go
│ │ │ ├── stateless_reset.go
│ │ │ ├── stream.go
│ │ │ ├── streams_map.go
│ │ │ ├── streams_map_incoming.go
│ │ │ ├── streams_map_outgoing.go
│ │ │ ├── sys_conn.go
│ │ │ ├── sys_conn_buffers.go
│ │ │ ├── sys_conn_buffers_write.go
│ │ │ ├── sys_conn_df.go
│ │ │ ├── sys_conn_df_darwin.go
│ │ │ ├── sys_conn_df_linux.go
│ │ │ ├── sys_conn_df_windows.go
│ │ │ ├── sys_conn_helper_darwin.go
│ │ │ ├── sys_conn_helper_freebsd.go
│ │ │ ├── sys_conn_helper_linux.go
│ │ │ ├── sys_conn_helper_nonlinux.go
│ │ │ ├── sys_conn_no_oob.go
│ │ │ ├── sys_conn_oob.go
│ │ │ ├── sys_conn_windows.go
│ │ │ ├── token_store.go
│ │ │ └── transport.go
│ │ └── smartystreets/
│ │ └── goconvey/
│ │ ├── LICENSE.md
│ │ └── convey/
│ │ ├── gotest/
│ │ │ └── utils.go
│ │ └── reporting/
│ │ ├── console.go
│ │ ├── doc.go
│ │ ├── dot.go
│ │ ├── gotest.go
│ │ ├── init.go
│ │ ├── json.go
│ │ ├── printer.go
│ │ ├── problems.go
│ │ ├── reporter.go
│ │ ├── reporting.goconvey
│ │ ├── reports.go
│ │ ├── statistics.go
│ │ └── story.go
│ ├── golang.org/
│ │ └── x/
│ │ ├── crypto/
│ │ │ ├── LICENSE
│ │ │ ├── PATENTS
│ │ │ ├── blake2b/
│ │ │ │ ├── blake2b.go
│ │ │ │ ├── blake2bAVX2_amd64.go
│ │ │ │ ├── blake2bAVX2_amd64.s
│ │ │ │ ├── blake2b_amd64.s
│ │ │ │ ├── blake2b_generic.go
│ │ │ │ ├── blake2b_ref.go
│ │ │ │ ├── blake2x.go
│ │ │ │ ├── go125.go
│ │ │ │ └── register.go
│ │ │ ├── chacha20/
│ │ │ │ ├── chacha_arm64.go
│ │ │ │ ├── chacha_arm64.s
│ │ │ │ ├── chacha_generic.go
│ │ │ │ ├── chacha_noasm.go
│ │ │ │ ├── chacha_ppc64x.go
│ │ │ │ ├── chacha_ppc64x.s
│ │ │ │ ├── chacha_s390x.go
│ │ │ │ ├── chacha_s390x.s
│ │ │ │ └── xor.go
│ │ │ ├── chacha20poly1305/
│ │ │ │ ├── chacha20poly1305.go
│ │ │ │ ├── chacha20poly1305_amd64.go
│ │ │ │ ├── chacha20poly1305_amd64.s
│ │ │ │ ├── chacha20poly1305_generic.go
│ │ │ │ ├── chacha20poly1305_noasm.go
│ │ │ │ ├── fips140only_compat.go
│ │ │ │ ├── fips140only_go1.26.go
│ │ │ │ └── xchacha20poly1305.go
│ │ │ ├── cryptobyte/
│ │ │ │ ├── asn1/
│ │ │ │ │ └── asn1.go
│ │ │ │ ├── asn1.go
│ │ │ │ ├── builder.go
│ │ │ │ └── string.go
│ │ │ ├── curve25519/
│ │ │ │ └── curve25519.go
│ │ │ ├── ed25519/
│ │ │ │ └── ed25519.go
│ │ │ ├── hkdf/
│ │ │ │ └── hkdf.go
│ │ │ ├── internal/
│ │ │ │ ├── alias/
│ │ │ │ │ ├── alias.go
│ │ │ │ │ └── alias_purego.go
│ │ │ │ └── poly1305/
│ │ │ │ ├── mac_noasm.go
│ │ │ │ ├── poly1305.go
│ │ │ │ ├── sum_amd64.s
│ │ │ │ ├── sum_asm.go
│ │ │ │ ├── sum_generic.go
│ │ │ │ ├── sum_loong64.s
│ │ │ │ ├── sum_ppc64x.s
│ │ │ │ ├── sum_s390x.go
│ │ │ │ └── sum_s390x.s
│ │ │ ├── nacl/
│ │ │ │ ├── box/
│ │ │ │ │ └── box.go
│ │ │ │ └── secretbox/
│ │ │ │ └── secretbox.go
│ │ │ ├── poly1305/
│ │ │ │ └── poly1305_compat.go
│ │ │ └── salsa20/
│ │ │ └── salsa/
│ │ │ ├── hsalsa20.go
│ │ │ ├── salsa208.go
│ │ │ ├── salsa20_amd64.go
│ │ │ ├── salsa20_amd64.s
│ │ │ ├── salsa20_noasm.go
│ │ │ └── salsa20_ref.go
│ │ ├── mod/
│ │ │ ├── LICENSE
│ │ │ ├── PATENTS
│ │ │ └── semver/
│ │ │ └── semver.go
│ │ ├── net/
│ │ │ ├── LICENSE
│ │ │ ├── PATENTS
│ │ │ ├── bpf/
│ │ │ │ ├── asm.go
│ │ │ │ ├── constants.go
│ │ │ │ ├── doc.go
│ │ │ │ ├── instructions.go
│ │ │ │ ├── setter.go
│ │ │ │ ├── vm.go
│ │ │ │ └── vm_instructions.go
│ │ │ ├── http/
│ │ │ │ └── httpguts/
│ │ │ │ ├── guts.go
│ │ │ │ └── httplex.go
│ │ │ ├── http2/
│ │ │ │ ├── .gitignore
│ │ │ │ ├── ascii.go
│ │ │ │ ├── ciphers.go
│ │ │ │ ├── client_conn_pool.go
│ │ │ │ ├── client_priority_go126.go
│ │ │ │ ├── client_priority_go127.go
│ │ │ │ ├── config.go
│ │ │ │ ├── config_go125.go
│ │ │ │ ├── config_go126.go
│ │ │ │ ├── databuffer.go
│ │ │ │ ├── errors.go
│ │ │ │ ├── flow.go
│ │ │ │ ├── frame.go
│ │ │ │ ├── gotrack.go
│ │ │ │ ├── hpack/
│ │ │ │ │ ├── encode.go
│ │ │ │ │ ├── hpack.go
│ │ │ │ │ ├── huffman.go
│ │ │ │ │ ├── static_table.go
│ │ │ │ │ └── tables.go
│ │ │ │ ├── http2.go
│ │ │ │ ├── pipe.go
│ │ │ │ ├── server.go
│ │ │ │ ├── transport.go
│ │ │ │ ├── unencrypted.go
│ │ │ │ ├── write.go
│ │ │ │ ├── writesched.go
│ │ │ │ ├── writesched_priority_rfc7540.go
│ │ │ │ ├── writesched_priority_rfc9218.go
│ │ │ │ ├── writesched_random.go
│ │ │ │ └── writesched_roundrobin.go
│ │ │ ├── idna/
│ │ │ │ ├── go118.go
│ │ │ │ ├── idna10.0.0.go
│ │ │ │ ├── idna9.0.0.go
│ │ │ │ ├── pre_go118.go
│ │ │ │ ├── punycode.go
│ │ │ │ ├── tables10.0.0.go
│ │ │ │ ├── tables11.0.0.go
│ │ │ │ ├── tables12.0.0.go
│ │ │ │ ├── tables13.0.0.go
│ │ │ │ ├── tables15.0.0.go
│ │ │ │ ├── tables9.0.0.go
│ │ │ │ ├── trie.go
│ │ │ │ ├── trie12.0.0.go
│ │ │ │ ├── trie13.0.0.go
│ │ │ │ └── trieval.go
│ │ │ ├── internal/
│ │ │ │ ├── httpcommon/
│ │ │ │ │ ├── ascii.go
│ │ │ │ │ ├── headermap.go
│ │ │ │ │ └── request.go
│ │ │ │ ├── httpsfv/
│ │ │ │ │ └── httpsfv.go
│ │ │ │ ├── iana/
│ │ │ │ │ └── const.go
│ │ │ │ ├── socket/
│ │ │ │ │ ├── cmsghdr.go
│ │ │ │ │ ├── cmsghdr_bsd.go
│ │ │ │ │ ├── cmsghdr_linux_32bit.go
│ │ │ │ │ ├── cmsghdr_linux_64bit.go
│ │ │ │ │ ├── cmsghdr_solaris_64bit.go
│ │ │ │ │ ├── cmsghdr_stub.go
│ │ │ │ │ ├── cmsghdr_unix.go
│ │ │ │ │ ├── cmsghdr_zos_s390x.go
│ │ │ │ │ ├── complete_dontwait.go
│ │ │ │ │ ├── complete_nodontwait.go
│ │ │ │ │ ├── empty.s
│ │ │ │ │ ├── error_unix.go
│ │ │ │ │ ├── error_windows.go
│ │ │ │ │ ├── iovec_32bit.go
│ │ │ │ │ ├── iovec_64bit.go
│ │ │ │ │ ├── iovec_solaris_64bit.go
│ │ │ │ │ ├── iovec_stub.go
│ │ │ │ │ ├── mmsghdr_stub.go
│ │ │ │ │ ├── mmsghdr_unix.go
│ │ │ │ │ ├── msghdr_bsd.go
│ │ │ │ │ ├── msghdr_bsdvar.go
│ │ │ │ │ ├── msghdr_linux.go
│ │ │ │ │ ├── msghdr_linux_32bit.go
│ │ │ │ │ ├── msghdr_linux_64bit.go
│ │ │ │ │ ├── msghdr_openbsd.go
│ │ │ │ │ ├── msghdr_solaris_64bit.go
│ │ │ │ │ ├── msghdr_stub.go
│ │ │ │ │ ├── msghdr_zos_s390x.go
│ │ │ │ │ ├── norace.go
│ │ │ │ │ ├── race.go
│ │ │ │ │ ├── rawconn.go
│ │ │ │ │ ├── rawconn_mmsg.go
│ │ │ │ │ ├── rawconn_msg.go
│ │ │ │ │ ├── rawconn_nommsg.go
│ │ │ │ │ ├── rawconn_nomsg.go
│ │ │ │ │ ├── socket.go
│ │ │ │ │ ├── sys_bsd.go
│ │ │ │ │ ├── sys_const_unix.go
│ │ │ │ │ ├── sys_linux.go
│ │ │ │ │ ├── sys_linux_386.go
│ │ │ │ │ ├── sys_linux_386.s
│ │ │ │ │ ├── sys_linux_amd64.go
│ │ │ │ │ ├── sys_linux_arm.go
│ │ │ │ │ ├── sys_linux_arm64.go
│ │ │ │ │ ├── sys_linux_loong64.go
│ │ │ │ │ ├── sys_linux_mips.go
│ │ │ │ │ ├── sys_linux_mips64.go
│ │ │ │ │ ├── sys_linux_mips64le.go
│ │ │ │ │ ├── sys_linux_mipsle.go
│ │ │ │ │ ├── sys_linux_ppc.go
│ │ │ │ │ ├── sys_linux_ppc64.go
│ │ │ │ │ ├── sys_linux_ppc64le.go
│ │ │ │ │ ├── sys_linux_riscv64.go
│ │ │ │ │ ├── sys_linux_s390x.go
│ │ │ │ │ ├── sys_linux_s390x.s
│ │ │ │ │ ├── sys_netbsd.go
│ │ │ │ │ ├── sys_posix.go
│ │ │ │ │ ├── sys_stub.go
│ │ │ │ │ ├── sys_unix.go
│ │ │ │ │ ├── sys_windows.go
│ │ │ │ │ ├── sys_zos_s390x.go
│ │ │ │ │ ├── sys_zos_s390x.s
│ │ │ │ │ ├── zsys_aix_ppc64.go
│ │ │ │ │ ├── zsys_darwin_amd64.go
│ │ │ │ │ ├── zsys_darwin_arm64.go
│ │ │ │ │ ├── zsys_dragonfly_amd64.go
│ │ │ │ │ ├── zsys_freebsd_386.go
│ │ │ │ │ ├── zsys_freebsd_amd64.go
│ │ │ │ │ ├── zsys_freebsd_arm.go
│ │ │ │ │ ├── zsys_freebsd_arm64.go
│ │ │ │ │ ├── zsys_freebsd_riscv64.go
│ │ │ │ │ ├── zsys_linux_386.go
│ │ │ │ │ ├── zsys_linux_amd64.go
│ │ │ │ │ ├── zsys_linux_arm.go
│ │ │ │ │ ├── zsys_linux_arm64.go
│ │ │ │ │ ├── zsys_linux_loong64.go
│ │ │ │ │ ├── zsys_linux_mips.go
│ │ │ │ │ ├── zsys_linux_mips64.go
│ │ │ │ │ ├── zsys_linux_mips64le.go
│ │ │ │ │ ├── zsys_linux_mipsle.go
│ │ │ │ │ ├── zsys_linux_ppc.go
│ │ │ │ │ ├── zsys_linux_ppc64.go
│ │ │ │ │ ├── zsys_linux_ppc64le.go
│ │ │ │ │ ├── zsys_linux_riscv64.go
│ │ │ │ │ ├── zsys_linux_s390x.go
│ │ │ │ │ ├── zsys_netbsd_386.go
│ │ │ │ │ ├── zsys_netbsd_amd64.go
│ │ │ │ │ ├── zsys_netbsd_arm.go
│ │ │ │ │ ├── zsys_netbsd_arm64.go
│ │ │ │ │ ├── zsys_openbsd_386.go
│ │ │ │ │ ├── zsys_openbsd_amd64.go
│ │ │ │ │ ├── zsys_openbsd_arm.go
│ │ │ │ │ ├── zsys_openbsd_arm64.go
│ │ │ │ │ ├── zsys_openbsd_mips64.go
│ │ │ │ │ ├── zsys_openbsd_ppc64.go
│ │ │ │ │ ├── zsys_openbsd_riscv64.go
│ │ │ │ │ ├── zsys_solaris_amd64.go
│ │ │ │ │ └── zsys_zos_s390x.go
│ │ │ │ └── socks/
│ │ │ │ ├── client.go
│ │ │ │ └── socks.go
│ │ │ ├── ipv4/
│ │ │ │ ├── batch.go
│ │ │ │ ├── control.go
│ │ │ │ ├── control_bsd.go
│ │ │ │ ├── control_pktinfo.go
│ │ │ │ ├── control_stub.go
│ │ │ │ ├── control_unix.go
│ │ │ │ ├── control_windows.go
│ │ │ │ ├── control_zos.go
│ │ │ │ ├── dgramopt.go
│ │ │ │ ├── doc.go
│ │ │ │ ├── endpoint.go
│ │ │ │ ├── genericopt.go
│ │ │ │ ├── header.go
│ │ │ │ ├── helper.go
│ │ │ │ ├── iana.go
│ │ │ │ ├── icmp.go
│ │ │ │ ├── icmp_linux.go
│ │ │ │ ├── icmp_stub.go
│ │ │ │ ├── packet.go
│ │ │ │ ├── payload.go
│ │ │ │ ├── payload_cmsg.go
│ │ │ │ ├── payload_nocmsg.go
│ │ │ │ ├── sockopt.go
│ │ │ │ ├── sockopt_posix.go
│ │ │ │ ├── sockopt_stub.go
│ │ │ │ ├── sys_aix.go
│ │ │ │ ├── sys_asmreq.go
│ │ │ │ ├── sys_asmreq_stub.go
│ │ │ │ ├── sys_asmreqn.go
│ │ │ │ ├── sys_asmreqn_stub.go
│ │ │ │ ├── sys_bpf.go
│ │ │ │ ├── sys_bpf_stub.go
│ │ │ │ ├── sys_bsd.go
│ │ │ │ ├── sys_darwin.go
│ │ │ │ ├── sys_dragonfly.go
│ │ │ │ ├── sys_freebsd.go
│ │ │ │ ├── sys_linux.go
│ │ │ │ ├── sys_solaris.go
│ │ │ │ ├── sys_ssmreq.go
│ │ │ │ ├── sys_ssmreq_stub.go
│ │ │ │ ├── sys_stub.go
│ │ │ │ ├── sys_windows.go
│ │ │ │ ├── sys_zos.go
│ │ │ │ ├── zsys_aix_ppc64.go
│ │ │ │ ├── zsys_darwin.go
│ │ │ │ ├── zsys_dragonfly.go
│ │ │ │ ├── zsys_freebsd_386.go
│ │ │ │ ├── zsys_freebsd_amd64.go
│ │ │ │ ├── zsys_freebsd_arm.go
│ │ │ │ ├── zsys_freebsd_arm64.go
│ │ │ │ ├── zsys_freebsd_riscv64.go
│ │ │ │ ├── zsys_linux_386.go
│ │ │ │ ├── zsys_linux_amd64.go
│ │ │ │ ├── zsys_linux_arm.go
│ │ │ │ ├── zsys_linux_arm64.go
│ │ │ │ ├── zsys_linux_loong64.go
│ │ │ │ ├── zsys_linux_mips.go
│ │ │ │ ├── zsys_linux_mips64.go
│ │ │ │ ├── zsys_linux_mips64le.go
│ │ │ │ ├── zsys_linux_mipsle.go
│ │ │ │ ├── zsys_linux_ppc.go
│ │ │ │ ├── zsys_linux_ppc64.go
│ │ │ │ ├── zsys_linux_ppc64le.go
│ │ │ │ ├── zsys_linux_riscv64.go
│ │ │ │ ├── zsys_linux_s390x.go
│ │ │ │ ├── zsys_netbsd.go
│ │ │ │ ├── zsys_openbsd.go
│ │ │ │ ├── zsys_solaris.go
│ │ │ │ └── zsys_zos_s390x.go
│ │ │ ├── ipv6/
│ │ │ │ ├── batch.go
│ │ │ │ ├── control.go
│ │ │ │ ├── control_rfc2292_unix.go
│ │ │ │ ├── control_rfc3542_unix.go
│ │ │ │ ├── control_stub.go
│ │ │ │ ├── control_unix.go
│ │ │ │ ├── control_windows.go
│ │ │ │ ├── dgramopt.go
│ │ │ │ ├── doc.go
│ │ │ │ ├── endpoint.go
│ │ │ │ ├── genericopt.go
│ │ │ │ ├── header.go
│ │ │ │ ├── helper.go
│ │ │ │ ├── iana.go
│ │ │ │ ├── icmp.go
│ │ │ │ ├── icmp_bsd.go
│ │ │ │ ├── icmp_linux.go
│ │ │ │ ├── icmp_solaris.go
│ │ │ │ ├── icmp_stub.go
│ │ │ │ ├── icmp_windows.go
│ │ │ │ ├── icmp_zos.go
│ │ │ │ ├── payload.go
│ │ │ │ ├── payload_cmsg.go
│ │ │ │ ├── payload_nocmsg.go
│ │ │ │ ├── sockopt.go
│ │ │ │ ├── sockopt_posix.go
│ │ │ │ ├── sockopt_stub.go
│ │ │ │ ├── sys_aix.go
│ │ │ │ ├── sys_asmreq.go
│ │ │ │ ├── sys_asmreq_stub.go
│ │ │ │ ├── sys_bpf.go
│ │ │ │ ├── sys_bpf_stub.go
│ │ │ │ ├── sys_bsd.go
│ │ │ │ ├── sys_darwin.go
│ │ │ │ ├── sys_freebsd.go
│ │ │ │ ├── sys_linux.go
│ │ │ │ ├── sys_solaris.go
│ │ │ │ ├── sys_ssmreq.go
│ │ │ │ ├── sys_ssmreq_stub.go
│ │ │ │ ├── sys_stub.go
│ │ │ │ ├── sys_windows.go
│ │ │ │ ├── sys_zos.go
│ │ │ │ ├── zsys_aix_ppc64.go
│ │ │ │ ├── zsys_darwin.go
│ │ │ │ ├── zsys_dragonfly.go
│ │ │ │ ├── zsys_freebsd_386.go
│ │ │ │ ├── zsys_freebsd_amd64.go
│ │ │ │ ├── zsys_freebsd_arm.go
│ │ │ │ ├── zsys_freebsd_arm64.go
│ │ │ │ ├── zsys_freebsd_riscv64.go
│ │ │ │ ├── zsys_linux_386.go
│ │ │ │ ├── zsys_linux_amd64.go
│ │ │ │ ├── zsys_linux_arm.go
│ │ │ │ ├── zsys_linux_arm64.go
│ │ │ │ ├── zsys_linux_loong64.go
│ │ │ │ ├── zsys_linux_mips.go
│ │ │ │ ├── zsys_linux_mips64.go
│ │ │ │ ├── zsys_linux_mips64le.go
│ │ │ │ ├── zsys_linux_mipsle.go
│ │ │ │ ├── zsys_linux_ppc.go
│ │ │ │ ├── zsys_linux_ppc64.go
│ │ │ │ ├── zsys_linux_ppc64le.go
│ │ │ │ ├── zsys_linux_riscv64.go
│ │ │ │ ├── zsys_linux_s390x.go
│ │ │ │ ├── zsys_netbsd.go
│ │ │ │ ├── zsys_openbsd.go
│ │ │ │ ├── zsys_solaris.go
│ │ │ │ └── zsys_zos_s390x.go
│ │ │ └── proxy/
│ │ │ ├── dial.go
│ │ │ ├── direct.go
│ │ │ ├── per_host.go
│ │ │ ├── proxy.go
│ │ │ └── socks5.go
│ │ ├── sync/
│ │ │ ├── LICENSE
│ │ │ ├── PATENTS
│ │ │ └── errgroup/
│ │ │ └── errgroup.go
│ │ ├── sys/
│ │ │ ├── LICENSE
│ │ │ ├── PATENTS
│ │ │ ├── cpu/
│ │ │ │ ├── asm_aix_ppc64.s
│ │ │ │ ├── asm_darwin_x86_gc.s
│ │ │ │ ├── byteorder.go
│ │ │ │ ├── cpu.go
│ │ │ │ ├── cpu_aix.go
│ │ │ │ ├── cpu_arm.go
│ │ │ │ ├── cpu_arm64.go
│ │ │ │ ├── cpu_arm64.s
│ │ │ │ ├── cpu_darwin_x86.go
│ │ │ │ ├── cpu_gc_arm64.go
│ │ │ │ ├── cpu_gc_s390x.go
│ │ │ │ ├── cpu_gc_x86.go
│ │ │ │ ├── cpu_gc_x86.s
│ │ │ │ ├── cpu_gccgo_arm64.go
│ │ │ │ ├── cpu_gccgo_s390x.go
│ │ │ │ ├── cpu_gccgo_x86.c
│ │ │ │ ├── cpu_gccgo_x86.go
│ │ │ │ ├── cpu_linux.go
│ │ │ │ ├── cpu_linux_arm.go
│ │ │ │ ├── cpu_linux_arm64.go
│ │ │ │ ├── cpu_linux_loong64.go
│ │ │ │ ├── cpu_linux_mips64x.go
│ │ │ │ ├── cpu_linux_noinit.go
│ │ │ │ ├── cpu_linux_ppc64x.go
│ │ │ │ ├── cpu_linux_riscv64.go
│ │ │ │ ├── cpu_linux_s390x.go
│ │ │ │ ├── cpu_loong64.go
│ │ │ │ ├── cpu_loong64.s
│ │ │ │ ├── cpu_mips64x.go
│ │ │ │ ├── cpu_mipsx.go
│ │ │ │ ├── cpu_netbsd_arm64.go
│ │ │ │ ├── cpu_openbsd_arm64.go
│ │ │ │ ├── cpu_openbsd_arm64.s
│ │ │ │ ├── cpu_other_arm.go
│ │ │ │ ├── cpu_other_arm64.go
│ │ │ │ ├── cpu_other_mips64x.go
│ │ │ │ ├── cpu_other_ppc64x.go
│ │ │ │ ├── cpu_other_riscv64.go
│ │ │ │ ├── cpu_other_x86.go
│ │ │ │ ├── cpu_ppc64x.go
│ │ │ │ ├── cpu_riscv64.go
│ │ │ │ ├── cpu_s390x.go
│ │ │ │ ├── cpu_s390x.s
│ │ │ │ ├── cpu_wasm.go
│ │ │ │ ├── cpu_windows_arm64.go
│ │ │ │ ├── cpu_x86.go
│ │ │ │ ├── cpu_zos.go
│ │ │ │ ├── cpu_zos_s390x.go
│ │ │ │ ├── endian_big.go
│ │ │ │ ├── endian_little.go
│ │ │ │ ├── hwcap_linux.go
│ │ │ │ ├── parse.go
│ │ │ │ ├── proc_cpuinfo_linux.go
│ │ │ │ ├── runtime_auxv.go
│ │ │ │ ├── runtime_auxv_go121.go
│ │ │ │ ├── syscall_aix_gccgo.go
│ │ │ │ ├── syscall_aix_ppc64_gc.go
│ │ │ │ └── syscall_darwin_x86_gc.go
│ │ │ ├── unix/
│ │ │ │ ├── .gitignore
│ │ │ │ ├── README.md
│ │ │ │ ├── affinity_linux.go
│ │ │ │ ├── aliases.go
│ │ │ │ ├── asm_aix_ppc64.s
│ │ │ │ ├── asm_bsd_386.s
│ │ │ │ ├── asm_bsd_amd64.s
│ │ │ │ ├── asm_bsd_arm.s
│ │ │ │ ├── asm_bsd_arm64.s
│ │ │ │ ├── asm_bsd_ppc64.s
│ │ │ │ ├── asm_bsd_riscv64.s
│ │ │ │ ├── asm_linux_386.s
│ │ │ │ ├── asm_linux_amd64.s
│ │ │ │ ├── asm_linux_arm.s
│ │ │ │ ├── asm_linux_arm64.s
│ │ │ │ ├── asm_linux_loong64.s
│ │ │ │ ├── asm_linux_mips64x.s
│ │ │ │ ├── asm_linux_mipsx.s
│ │ │ │ ├── asm_linux_ppc64x.s
│ │ │ │ ├── asm_linux_riscv64.s
│ │ │ │ ├── asm_linux_s390x.s
│ │ │ │ ├── asm_openbsd_mips64.s
│ │ │ │ ├── asm_solaris_amd64.s
│ │ │ │ ├── asm_zos_s390x.s
│ │ │ │ ├── auxv.go
│ │ │ │ ├── auxv_unsupported.go
│ │ │ │ ├── bluetooth_linux.go
│ │ │ │ ├── bpxsvc_zos.go
│ │ │ │ ├── bpxsvc_zos.s
│ │ │ │ ├── cap_freebsd.go
│ │ │ │ ├── constants.go
│ │ │ │ ├── dev_aix_ppc.go
│ │ │ │ ├── dev_aix_ppc64.go
│ │ │ │ ├── dev_darwin.go
│ │ │ │ ├── dev_dragonfly.go
│ │ │ │ ├── dev_freebsd.go
│ │ │ │ ├── dev_linux.go
│ │ │ │ ├── dev_netbsd.go
│ │ │ │ ├── dev_openbsd.go
│ │ │ │ ├── dev_zos.go
│ │ │ │ ├── dirent.go
│ │ │ │ ├── endian_big.go
│ │ │ │ ├── endian_little.go
│ │ │ │ ├── env_unix.go
│ │ │ │ ├── fcntl.go
│ │ │ │ ├── fcntl_darwin.go
│ │ │ │ ├── fcntl_linux_32bit.go
│ │ │ │ ├── fdset.go
│ │ │ │ ├── gccgo.go
│ │ │ │ ├── gccgo_c.c
│ │ │ │ ├── gccgo_linux_amd64.go
│ │ │ │ ├── ifreq_linux.go
│ │ │ │ ├── ioctl_linux.go
│ │ │ │ ├── ioctl_signed.go
│ │ │ │ ├── ioctl_unsigned.go
│ │ │ │ ├── ioctl_zos.go
│ │ │ │ ├── mkall.sh
│ │ │ │ ├── mkerrors.sh
│ │ │ │ ├── mmap_nomremap.go
│ │ │ │ ├── mremap.go
│ │ │ │ ├── pagesize_unix.go
│ │ │ │ ├── pledge_openbsd.go
│ │ │ │ ├── ptrace_darwin.go
│ │ │ │ ├── ptrace_ios.go
│ │ │ │ ├── race.go
│ │ │ │ ├── race0.go
│ │ │ │ ├── readdirent_getdents.go
│ │ │ │ ├── readdirent_getdirentries.go
│ │ │ │ ├── sockcmsg_dragonfly.go
│ │ │ │ ├── sockcmsg_linux.go
│ │ │ │ ├── sockcmsg_unix.go
│ │ │ │ ├── sockcmsg_unix_other.go
│ │ │ │ ├── sockcmsg_zos.go
│ │ │ │ ├── symaddr_zos_s390x.s
│ │ │ │ ├── syscall.go
│ │ │ │ ├── syscall_aix.go
│ │ │ │ ├── syscall_aix_ppc.go
│ │ │ │ ├── syscall_aix_ppc64.go
│ │ │ │ ├── syscall_bsd.go
│ │ │ │ ├── syscall_darwin.go
│ │ │ │ ├── syscall_darwin_amd64.go
│ │ │ │ ├── syscall_darwin_arm64.go
│ │ │ │ ├── syscall_darwin_libSystem.go
│ │ │ │ ├── syscall_dragonfly.go
│ │ │ │ ├── syscall_dragonfly_amd64.go
│ │ │ │ ├── syscall_freebsd.go
│ │ │ │ ├── syscall_freebsd_386.go
│ │ │ │ ├── syscall_freebsd_amd64.go
│ │ │ │ ├── syscall_freebsd_arm.go
│ │ │ │ ├── syscall_freebsd_arm64.go
│ │ │ │ ├── syscall_freebsd_riscv64.go
│ │ │ │ ├── syscall_hurd.go
│ │ │ │ ├── syscall_hurd_386.go
│ │ │ │ ├── syscall_illumos.go
│ │ │ │ ├── syscall_linux.go
│ │ │ │ ├── syscall_linux_386.go
│ │ │ │ ├── syscall_linux_alarm.go
│ │ │ │ ├── syscall_linux_amd64.go
│ │ │ │ ├── syscall_linux_amd64_gc.go
│ │ │ │ ├── syscall_linux_arm.go
│ │ │ │ ├── syscall_linux_arm64.go
│ │ │ │ ├── syscall_linux_gc.go
│ │ │ │ ├── syscall_linux_gc_386.go
│ │ │ │ ├── syscall_linux_gc_arm.go
│ │ │ │ ├── syscall_linux_gccgo_386.go
│ │ │ │ ├── syscall_linux_gccgo_arm.go
│ │ │ │ ├── syscall_linux_loong64.go
│ │ │ │ ├── syscall_linux_mips64x.go
│ │ │ │ ├── syscall_linux_mipsx.go
│ │ │ │ ├── syscall_linux_ppc.go
│ │ │ │ ├── syscall_linux_ppc64x.go
│ │ │ │ ├── syscall_linux_riscv64.go
│ │ │ │ ├── syscall_linux_s390x.go
│ │ │ │ ├── syscall_linux_sparc64.go
│ │ │ │ ├── syscall_netbsd.go
│ │ │ │ ├── syscall_netbsd_386.go
│ │ │ │ ├── syscall_netbsd_amd64.go
│ │ │ │ ├── syscall_netbsd_arm.go
│ │ │ │ ├── syscall_netbsd_arm64.go
│ │ │ │ ├── syscall_openbsd.go
│ │ │ │ ├── syscall_openbsd_386.go
│ │ │ │ ├── syscall_openbsd_amd64.go
│ │ │ │ ├── syscall_openbsd_arm.go
│ │ │ │ ├── syscall_openbsd_arm64.go
│ │ │ │ ├── syscall_openbsd_libc.go
│ │ │ │ ├── syscall_openbsd_mips64.go
│ │ │ │ ├── syscall_openbsd_ppc64.go
│ │ │ │ ├── syscall_openbsd_riscv64.go
│ │ │ │ ├── syscall_solaris.go
│ │ │ │ ├── syscall_solaris_amd64.go
│ │ │ │ ├── syscall_unix.go
│ │ │ │ ├── syscall_unix_gc.go
│ │ │ │ ├── syscall_unix_gc_ppc64x.go
│ │ │ │ ├── syscall_zos_s390x.go
│ │ │ │ ├── sysvshm_linux.go
│ │ │ │ ├── sysvshm_unix.go
│ │ │ │ ├── sysvshm_unix_other.go
│ │ │ │ ├── timestruct.go
│ │ │ │ ├── unveil_openbsd.go
│ │ │ │ ├── vgetrandom_linux.go
│ │ │ │ ├── vgetrandom_unsupported.go
│ │ │ │ ├── xattr_bsd.go
│ │ │ │ ├── zerrors_aix_ppc.go
│ │ │ │ ├── zerrors_aix_ppc64.go
│ │ │ │ ├── zerrors_darwin_amd64.go
│ │ │ │ ├── zerrors_darwin_arm64.go
│ │ │ │ ├── zerrors_dragonfly_amd64.go
│ │ │ │ ├── zerrors_freebsd_386.go
│ │ │ │ ├── zerrors_freebsd_amd64.go
│ │ │ │ ├── zerrors_freebsd_arm.go
│ │ │ │ ├── zerrors_freebsd_arm64.go
│ │ │ │ ├── zerrors_freebsd_riscv64.go
│ │ │ │ ├── zerrors_linux.go
│ │ │ │ ├── zerrors_linux_386.go
│ │ │ │ ├── zerrors_linux_amd64.go
│ │ │ │ ├── zerrors_linux_arm.go
│ │ │ │ ├── zerrors_linux_arm64.go
│ │ │ │ ├── zerrors_linux_loong64.go
│ │ │ │ ├── zerrors_linux_mips.go
│ │ │ │ ├── zerrors_linux_mips64.go
│ │ │ │ ├── zerrors_linux_mips64le.go
│ │ │ │ ├── zerrors_linux_mipsle.go
│ │ │ │ ├── zerrors_linux_ppc.go
│ │ │ │ ├── zerrors_linux_ppc64.go
│ │ │ │ ├── zerrors_linux_ppc64le.go
│ │ │ │ ├── zerrors_linux_riscv64.go
│ │ │ │ ├── zerrors_linux_s390x.go
│ │ │ │ ├── zerrors_linux_sparc64.go
│ │ │ │ ├── zerrors_netbsd_386.go
│ │ │ │ ├── zerrors_netbsd_amd64.go
│ │ │ │ ├── zerrors_netbsd_arm.go
│ │ │ │ ├── zerrors_netbsd_arm64.go
│ │ │ │ ├── zerrors_openbsd_386.go
│ │ │ │ ├── zerrors_openbsd_amd64.go
│ │ │ │ ├── zerrors_openbsd_arm.go
│ │ │ │ ├── zerrors_openbsd_arm64.go
│ │ │ │ ├── zerrors_openbsd_mips64.go
│ │ │ │ ├── zerrors_openbsd_ppc64.go
│ │ │ │ ├── zerrors_openbsd_riscv64.go
│ │ │ │ ├── zerrors_solaris_amd64.go
│ │ │ │ ├── zerrors_zos_s390x.go
│ │ │ │ ├── zptrace_armnn_linux.go
│ │ │ │ ├── zptrace_linux_arm64.go
│ │ │ │ ├── zptrace_mipsnn_linux.go
│ │ │ │ ├── zptrace_mipsnnle_linux.go
│ │ │ │ ├── zptrace_x86_linux.go
│ │ │ │ ├── zsymaddr_zos_s390x.s
│ │ │ │ ├── zsyscall_aix_ppc.go
│ │ │ │ ├── zsyscall_aix_ppc64.go
│ │ │ │ ├── zsyscall_aix_ppc64_gc.go
│ │ │ │ ├── zsyscall_aix_ppc64_gccgo.go
│ │ │ │ ├── zsyscall_darwin_amd64.go
│ │ │ │ ├── zsyscall_darwin_amd64.s
│ │ │ │ ├── zsyscall_darwin_arm64.go
│ │ │ │ ├── zsyscall_darwin_arm64.s
│ │ │ │ ├── zsyscall_dragonfly_amd64.go
│ │ │ │ ├── zsyscall_freebsd_386.go
│ │ │ │ ├── zsyscall_freebsd_amd64.go
│ │ │ │ ├── zsyscall_freebsd_arm.go
│ │ │ │ ├── zsyscall_freebsd_arm64.go
│ │ │ │ ├── zsyscall_freebsd_riscv64.go
│ │ │ │ ├── zsyscall_illumos_amd64.go
│ │ │ │ ├── zsyscall_linux.go
│ │ │ │ ├── zsyscall_linux_386.go
│ │ │ │ ├── zsyscall_linux_amd64.go
│ │ │ │ ├── zsyscall_linux_arm.go
│ │ │ │ ├── zsyscall_linux_arm64.go
│ │ │ │ ├── zsyscall_linux_loong64.go
│ │ │ │ ├── zsyscall_linux_mips.go
│ │ │ │ ├── zsyscall_linux_mips64.go
│ │ │ │ ├── zsyscall_linux_mips64le.go
│ │ │ │ ├── zsyscall_linux_mipsle.go
│ │ │ │ ├── zsyscall_linux_ppc.go
│ │ │ │ ├── zsyscall_linux_ppc64.go
│ │ │ │ ├── zsyscall_linux_ppc64le.go
│ │ │ │ ├── zsyscall_linux_riscv64.go
│ │ │ │ ├── zsyscall_linux_s390x.go
│ │ │ │ ├── zsyscall_linux_sparc64.go
│ │ │ │ ├── zsyscall_netbsd_386.go
│ │ │ │ ├── zsyscall_netbsd_amd64.go
│ │ │ │ ├── zsyscall_netbsd_arm.go
│ │ │ │ ├── zsyscall_netbsd_arm64.go
│ │ │ │ ├── zsyscall_openbsd_386.go
│ │ │ │ ├── zsyscall_openbsd_386.s
│ │ │ │ ├── zsyscall_openbsd_amd64.go
│ │ │ │ ├── zsyscall_openbsd_amd64.s
│ │ │ │ ├── zsyscall_openbsd_arm.go
│ │ │ │ ├── zsyscall_openbsd_arm.s
│ │ │ │ ├── zsyscall_openbsd_arm64.go
│ │ │ │ ├── zsyscall_openbsd_arm64.s
│ │ │ │ ├── zsyscall_openbsd_mips64.go
│ │ │ │ ├── zsyscall_openbsd_mips64.s
│ │ │ │ ├── zsyscall_openbsd_ppc64.go
│ │ │ │ ├── zsyscall_openbsd_ppc64.s
│ │ │ │ ├── zsyscall_openbsd_riscv64.go
│ │ │ │ ├── zsyscall_openbsd_riscv64.s
│ │ │ │ ├── zsyscall_solaris_amd64.go
│ │ │ │ ├── zsyscall_zos_s390x.go
│ │ │ │ ├── zsysctl_openbsd_386.go
│ │ │ │ ├── zsysctl_openbsd_amd64.go
│ │ │ │ ├── zsysctl_openbsd_arm.go
│ │ │ │ ├── zsysctl_openbsd_arm64.go
│ │ │ │ ├── zsysctl_openbsd_mips64.go
│ │ │ │ ├── zsysctl_openbsd_ppc64.go
│ │ │ │ ├── zsysctl_openbsd_riscv64.go
│ │ │ │ ├── zsysnum_darwin_amd64.go
│ │ │ │ ├── zsysnum_darwin_arm64.go
│ │ │ │ ├── zsysnum_dragonfly_amd64.go
│ │ │ │ ├── zsysnum_freebsd_386.go
│ │ │ │ ├── zsysnum_freebsd_amd64.go
│ │ │ │ ├── zsysnum_freebsd_arm.go
│ │ │ │ ├── zsysnum_freebsd_arm64.go
│ │ │ │ ├── zsysnum_freebsd_riscv64.go
│ │ │ │ ├── zsysnum_linux_386.go
│ │ │ │ ├── zsysnum_linux_amd64.go
│ │ │ │ ├── zsysnum_linux_arm.go
│ │ │ │ ├── zsysnum_linux_arm64.go
│ │ │ │ ├── zsysnum_linux_loong64.go
│ │ │ │ ├── zsysnum_linux_mips.go
│ │ │ │ ├── zsysnum_linux_mips64.go
│ │ │ │ ├── zsysnum_linux_mips64le.go
│ │ │ │ ├── zsysnum_linux_mipsle.go
│ │ │ │ ├── zsysnum_linux_ppc.go
│ │ │ │ ├── zsysnum_linux_ppc64.go
│ │ │ │ ├── zsysnum_linux_ppc64le.go
│ │ │ │ ├── zsysnum_linux_riscv64.go
│ │ │ │ ├── zsysnum_linux_s390x.go
│ │ │ │ ├── zsysnum_linux_sparc64.go
│ │ │ │ ├── zsysnum_netbsd_386.go
│ │ │ │ ├── zsysnum_netbsd_amd64.go
│ │ │ │ ├── zsysnum_netbsd_arm.go
│ │ │ │ ├── zsysnum_netbsd_arm64.go
│ │ │ │ ├── zsysnum_openbsd_386.go
│ │ │ │ ├── zsysnum_openbsd_amd64.go
│ │ │ │ ├── zsysnum_openbsd_arm.go
│ │ │ │ ├── zsysnum_openbsd_arm64.go
│ │ │ │ ├── zsysnum_openbsd_mips64.go
│ │ │ │ ├── zsysnum_openbsd_ppc64.go
│ │ │ │ ├── zsysnum_openbsd_riscv64.go
│ │ │ │ ├── zsysnum_zos_s390x.go
│ │ │ │ ├── ztypes_aix_ppc.go
│ │ │ │ ├── ztypes_aix_ppc64.go
│ │ │ │ ├── ztypes_darwin_amd64.go
│ │ │ │ ├── ztypes_darwin_arm64.go
│ │ │ │ ├── ztypes_dragonfly_amd64.go
│ │ │ │ ├── ztypes_freebsd_386.go
│ │ │ │ ├── ztypes_freebsd_amd64.go
│ │ │ │ ├── ztypes_freebsd_arm.go
│ │ │ │ ├── ztypes_freebsd_arm64.go
│ │ │ │ ├── ztypes_freebsd_riscv64.go
│ │ │ │ ├── ztypes_linux.go
│ │ │ │ ├── ztypes_linux_386.go
│ │ │ │ ├── ztypes_linux_amd64.go
│ │ │ │ ├── ztypes_linux_arm.go
│ │ │ │ ├── ztypes_linux_arm64.go
│ │ │ │ ├── ztypes_linux_loong64.go
│ │ │ │ ├── ztypes_linux_mips.go
│ │ │ │ ├── ztypes_linux_mips64.go
│ │ │ │ ├── ztypes_linux_mips64le.go
│ │ │ │ ├── ztypes_linux_mipsle.go
│ │ │ │ ├── ztypes_linux_ppc.go
│ │ │ │ ├── ztypes_linux_ppc64.go
│ │ │ │ ├── ztypes_linux_ppc64le.go
│ │ │ │ ├── ztypes_linux_riscv64.go
│ │ │ │ ├── ztypes_linux_s390x.go
│ │ │ │ ├── ztypes_linux_sparc64.go
│ │ │ │ ├── ztypes_netbsd_386.go
│ │ │ │ ├── ztypes_netbsd_amd64.go
│ │ │ │ ├── ztypes_netbsd_arm.go
│ │ │ │ ├── ztypes_netbsd_arm64.go
│ │ │ │ ├── ztypes_openbsd_386.go
│ │ │ │ ├── ztypes_openbsd_amd64.go
│ │ │ │ ├── ztypes_openbsd_arm.go
│ │ │ │ ├── ztypes_openbsd_arm64.go
│ │ │ │ ├── ztypes_openbsd_mips64.go
│ │ │ │ ├── ztypes_openbsd_ppc64.go
│ │ │ │ ├── ztypes_openbsd_riscv64.go
│ │ │ │ ├── ztypes_solaris_amd64.go
│ │ │ │ └── ztypes_zos_s390x.go
│ │ │ └── windows/
│ │ │ ├── aliases.go
│ │ │ ├── dll_windows.go
│ │ │ ├── env_windows.go
│ │ │ ├── eventlog.go
│ │ │ ├── exec_windows.go
│ │ │ ├── memory_windows.go
│ │ │ ├── mkerrors.bash
│ │ │ ├── mkknownfolderids.bash
│ │ │ ├── mksyscall.go
│ │ │ ├── race.go
│ │ │ ├── race0.go
│ │ │ ├── registry/
│ │ │ │ ├── key.go
│ │ │ │ ├── mksyscall.go
│ │ │ │ ├── syscall.go
│ │ │ │ ├── value.go
│ │ │ │ └── zsyscall_windows.go
│ │ │ ├── security_windows.go
│ │ │ ├── service.go
│ │ │ ├── setupapi_windows.go
│ │ │ ├── str.go
│ │ │ ├── svc/
│ │ │ │ ├── eventlog/
│ │ │ │ │ ├── install.go
│ │ │ │ │ └── log.go
│ │ │ │ ├── mgr/
│ │ │ │ │ ├── config.go
│ │ │ │ │ ├── mgr.go
│ │ │ │ │ ├── recovery.go
│ │ │ │ │ └── service.go
│ │ │ │ ├── security.go
│ │ │ │ └── service.go
│ │ │ ├── syscall.go
│ │ │ ├── syscall_windows.go
│ │ │ ├── types_windows.go
│ │ │ ├── types_windows_386.go
│ │ │ ├── types_windows_amd64.go
│ │ │ ├── types_windows_arm.go
│ │ │ ├── types_windows_arm64.go
│ │ │ ├── zerrors_windows.go
│ │ │ ├── zknownfolderids_windows.go
│ │ │ └── zsyscall_windows.go
│ │ ├── text/
│ │ │ ├── LICENSE
│ │ │ ├── PATENTS
│ │ │ ├── secure/
│ │ │ │ └── bidirule/
│ │ │ │ └── bidirule.go
│ │ │ ├── transform/
│ │ │ │ └── transform.go
│ │ │ └── unicode/
│ │ │ ├── bidi/
│ │ │ │ ├── bidi.go
│ │ │ │ ├── bracket.go
│ │ │ │ ├── core.go
│ │ │ │ ├── prop.go
│ │ │ │ ├── tables15.0.0.go
│ │ │ │ ├── tables17.0.0.go
│ │ │ │ └── trieval.go
│ │ │ └── norm/
│ │ │ ├── composition.go
│ │ │ ├── forminfo.go
│ │ │ ├── input.go
│ │ │ ├── iter.go
│ │ │ ├── normalize.go
│ │ │ ├── readwriter.go
│ │ │ ├── tables15.0.0.go
│ │ │ ├── tables17.0.0.go
│ │ │ ├── transform.go
│ │ │ └── trie.go
│ │ └── tools/
│ │ ├── LICENSE
│ │ ├── PATENTS
│ │ ├── go/
│ │ │ ├── ast/
│ │ │ │ ├── edge/
│ │ │ │ │ └── edge.go
│ │ │ │ └── inspector/
│ │ │ │ ├── cursor.go
│ │ │ │ ├── inspector.go
│ │ │ │ ├── iter.go
│ │ │ │ ├── typeof.go
│ │ │ │ └── walk.go
│ │ │ ├── gcexportdata/
│ │ │ │ ├── gcexportdata.go
│ │ │ │ └── importer.go
│ │ │ ├── packages/
│ │ │ │ ├── doc.go
│ │ │ │ ├── external.go
│ │ │ │ ├── golist.go
│ │ │ │ ├── golist_overlay.go
│ │ │ │ ├── loadmode_string.go
│ │ │ │ ├── packages.go
│ │ │ │ └── visit.go
│ │ │ └── types/
│ │ │ ├── objectpath/
│ │ │ │ └── objectpath.go
│ │ │ └── typeutil/
│ │ │ ├── callee.go
│ │ │ ├── imports.go
│ │ │ ├── map.go
│ │ │ ├── methodsetcache.go
│ │ │ └── ui.go
│ │ └── internal/
│ │ ├── aliases/
│ │ │ └── aliases.go
│ │ ├── event/
│ │ │ ├── core/
│ │ │ │ ├── event.go
│ │ │ │ ├── export.go
│ │ │ │ └── fast.go
│ │ │ ├── doc.go
│ │ │ ├── event.go
│ │ │ ├── keys/
│ │ │ │ ├── keys.go
│ │ │ │ ├── standard.go
│ │ │ │ └── util.go
│ │ │ └── label/
│ │ │ └── label.go
│ │ ├── gcimporter/
│ │ │ ├── bimport.go
│ │ │ ├── exportdata.go
│ │ │ ├── gcimporter.go
│ │ │ ├── iexport.go
│ │ │ ├── iimport.go
│ │ │ ├── predeclared.go
│ │ │ ├── support.go
│ │ │ └── ureader_yes.go
│ │ ├── gocommand/
│ │ │ ├── invoke.go
│ │ │ ├── invoke_notunix.go
│ │ │ ├── invoke_unix.go
│ │ │ ├── vendor.go
│ │ │ └── version.go
│ │ ├── packagesinternal/
│ │ │ └── packages.go
│ │ ├── pkgbits/
│ │ │ ├── codes.go
│ │ │ ├── decoder.go
│ │ │ ├── doc.go
│ │ │ ├── encoder.go
│ │ │ ├── flags.go
│ │ │ ├── reloc.go
│ │ │ ├── support.go
│ │ │ ├── sync.go
│ │ │ ├── syncmarker_string.go
│ │ │ └── version.go
│ │ ├── stdlib/
│ │ │ ├── deps.go
│ │ │ ├── import.go
│ │ │ ├── manifest.go
│ │ │ └── stdlib.go
│ │ ├── typeparams/
│ │ │ ├── common.go
│ │ │ ├── coretype.go
│ │ │ ├── free.go
│ │ │ ├── normalize.go
│ │ │ ├── termlist.go
│ │ │ └── typeterm.go
│ │ ├── typesinternal/
│ │ │ ├── classify_call.go
│ │ │ ├── element.go
│ │ │ ├── errorcode.go
│ │ │ ├── errorcode_string.go
│ │ │ ├── fx.go
│ │ │ ├── isnamed.go
│ │ │ ├── qualifier.go
│ │ │ ├── recv.go
│ │ │ ├── toonew.go
│ │ │ ├── types.go
│ │ │ ├── varkind.go
│ │ │ ├── varkind_go124.go
│ │ │ └── zerovalue.go
│ │ └── versions/
│ │ ├── features.go
│ │ ├── gover.go
│ │ ├── types.go
│ │ └── versions.go
│ ├── google.golang.org/
│ │ ├── genproto/
│ │ │ └── googleapis/
│ │ │ └── rpc/
│ │ │ ├── LICENSE
│ │ │ └── status/
│ │ │ └── status.pb.go
│ │ ├── grpc/
│ │ │ ├── AUTHORS
│ │ │ ├── LICENSE
│ │ │ ├── NOTICE.txt
│ │ │ ├── codes/
│ │ │ │ ├── code_string.go
│ │ │ │ └── codes.go
│ │ │ ├── connectivity/
│ │ │ │ └── connectivity.go
│ │ │ ├── grpclog/
│ │ │ │ ├── component.go
│ │ │ │ ├── grpclog.go
│ │ │ │ ├── internal/
│ │ │ │ │ ├── grpclog.go
│ │ │ │ │ ├── logger.go
│ │ │ │ │ └── loggerv2.go
│ │ │ │ ├── logger.go
│ │ │ │ └── loggerv2.go
│ │ │ ├── internal/
│ │ │ │ ├── experimental.go
│ │ │ │ ├── internal.go
│ │ │ │ ├── status/
│ │ │ │ │ └── status.go
│ │ │ │ ├── tcp_keepalive_others.go
│ │ │ │ ├── tcp_keepalive_unix.go
│ │ │ │ └── tcp_keepalive_windows.go
│ │ │ ├── serviceconfig/
│ │ │ │ └── serviceconfig.go
│ │ │ └── status/
│ │ │ └── status.go
│ │ └── protobuf/
│ │ ├── LICENSE
│ │ ├── PATENTS
│ │ ├── encoding/
│ │ │ ├── prototext/
│ │ │ │ ├── decode.go
│ │ │ │ ├── doc.go
│ │ │ │ └── encode.go
│ │ │ └── protowire/
│ │ │ └── wire.go
│ │ ├── internal/
│ │ │ ├── descfmt/
│ │ │ │ └── stringer.go
│ │ │ ├── descopts/
│ │ │ │ └── options.go
│ │ │ ├── detrand/
│ │ │ │ └── rand.go
│ │ │ ├── editiondefaults/
│ │ │ │ ├── defaults.go
│ │ │ │ └── editions_defaults.binpb
│ │ │ ├── encoding/
│ │ │ │ ├── defval/
│ │ │ │ │ └── default.go
│ │ │ │ ├── messageset/
│ │ │ │ │ └── messageset.go
│ │ │ │ ├── tag/
│ │ │ │ │ └── tag.go
│ │ │ │ └── text/
│ │ │ │ ├── decode.go
│ │ │ │ ├── decode_number.go
│ │ │ │ ├── decode_string.go
│ │ │ │ ├── decode_token.go
│ │ │ │ ├── doc.go
│ │ │ │ └── encode.go
│ │ │ ├── errors/
│ │ │ │ └── errors.go
│ │ │ ├── filedesc/
│ │ │ │ ├── build.go
│ │ │ │ ├── desc.go
│ │ │ │ ├── desc_init.go
│ │ │ │ ├── desc_lazy.go
│ │ │ │ ├── desc_list.go
│ │ │ │ ├── desc_list_gen.go
│ │ │ │ ├── editions.go
│ │ │ │ ├── placeholder.go
│ │ │ │ └── presence.go
│ │ │ ├── filetype/
│ │ │ │ └── build.go
│ │ │ ├── flags/
│ │ │ │ ├── flags.go
│ │ │ │ ├── proto_legacy_disable.go
│ │ │ │ └── proto_legacy_enable.go
│ │ │ ├── genid/
│ │ │ │ ├── any_gen.go
│ │ │ │ ├── api_gen.go
│ │ │ │ ├── descriptor_gen.go
│ │ │ │ ├── doc.go
│ │ │ │ ├── duration_gen.go
│ │ │ │ ├── empty_gen.go
│ │ │ │ ├── field_mask_gen.go
│ │ │ │ ├── go_features_gen.go
│ │ │ │ ├── goname.go
│ │ │ │ ├── map_entry.go
│ │ │ │ ├── name.go
│ │ │ │ ├── source_context_gen.go
│ │ │ │ ├── struct_gen.go
│ │ │ │ ├── timestamp_gen.go
│ │ │ │ ├── type_gen.go
│ │ │ │ ├── wrappers.go
│ │ │ │ └── wrappers_gen.go
│ │ │ ├── impl/
│ │ │ │ ├── api_export.go
│ │ │ │ ├── api_export_opaque.go
│ │ │ │ ├── bitmap.go
│ │ │ │ ├── bitmap_race.go
│ │ │ │ ├── checkinit.go
│ │ │ │ ├── codec_extension.go
│ │ │ │ ├── codec_field.go
│ │ │ │ ├── codec_field_opaque.go
│ │ │ │ ├── codec_gen.go
│ │ │ │ ├── codec_map.go
│ │ │ │ ├── codec_message.go
│ │ │ │ ├── codec_message_opaque.go
│ │ │ │ ├── codec_messageset.go
│ │ │ │ ├── codec_tables.go
│ │ │ │ ├── codec_unsafe.go
│ │ │ │ ├── convert.go
│ │ │ │ ├── convert_list.go
│ │ │ │ ├── convert_map.go
│ │ │ │ ├── decode.go
│ │ │ │ ├── encode.go
│ │ │ │ ├── enum.go
│ │ │ │ ├── equal.go
│ │ │ │ ├── extension.go
│ │ │ │ ├── lazy.go
│ │ │ │ ├── legacy_enum.go
│ │ │ │ ├── legacy_export.go
│ │ │ │ ├── legacy_extension.go
│ │ │ │ ├── legacy_file.go
│ │ │ │ ├── legacy_message.go
│ │ │ │ ├── merge.go
│ │ │ │ ├── merge_gen.go
│ │ │ │ ├── message.go
│ │ │ │ ├── message_opaque.go
│ │ │ │ ├── message_opaque_gen.go
│ │ │ │ ├── message_reflect.go
│ │ │ │ ├── message_reflect_field.go
│ │ │ │ ├── message_reflect_field_gen.go
│ │ │ │ ├── message_reflect_gen.go
│ │ │ │ ├── pointer_unsafe.go
│ │ │ │ ├── pointer_unsafe_opaque.go
│ │ │ │ ├── presence.go
│ │ │ │ └── validate.go
│ │ │ ├── order/
│ │ │ │ ├── order.go
│ │ │ │ └── range.go
│ │ │ ├── pragma/
│ │ │ │ └── pragma.go
│ │ │ ├── protolazy/
│ │ │ │ ├── bufferreader.go
│ │ │ │ ├── lazy.go
│ │ │ │ └── pointer_unsafe.go
│ │ │ ├── set/
│ │ │ │ └── ints.go
│ │ │ ├── strs/
│ │ │ │ ├── strings.go
│ │ │ │ └── strings_unsafe.go
│ │ │ └── version/
│ │ │ └── version.go
│ │ ├── proto/
│ │ │ ├── checkinit.go
│ │ │ ├── decode.go
│ │ │ ├── decode_gen.go
│ │ │ ├── doc.go
│ │ │ ├── encode.go
│ │ │ ├── encode_gen.go
│ │ │ ├── equal.go
│ │ │ ├── extension.go
│ │ │ ├── merge.go
│ │ │ ├── messageset.go
│ │ │ ├── proto.go
│ │ │ ├── proto_methods.go
│ │ │ ├── proto_reflect.go
│ │ │ ├── reset.go
│ │ │ ├── size.go
│ │ │ ├── size_gen.go
│ │ │ ├── wrapperopaque.go
│ │ │ └── wrappers.go
│ │ ├── protoadapt/
│ │ │ └── convert.go
│ │ ├── reflect/
│ │ │ ├── protoreflect/
│ │ │ │ ├── methods.go
│ │ │ │ ├── proto.go
│ │ │ │ ├── source.go
│ │ │ │ ├── source_gen.go
│ │ │ │ ├── type.go
│ │ │ │ ├── value.go
│ │ │ │ ├── value_equal.go
│ │ │ │ ├── value_union.go
│ │ │ │ └── value_unsafe.go
│ │ │ └── protoregistry/
│ │ │ └── registry.go
│ │ ├── runtime/
│ │ │ ├── protoiface/
│ │ │ │ ├── legacy.go
│ │ │ │ └── methods.go
│ │ │ └── protoimpl/
│ │ │ ├── impl.go
│ │ │ └── version.go
│ │ └── types/
│ │ └── known/
│ │ └── anypb/
│ │ └── any.pb.go
│ ├── gopkg.in/
│ │ └── natefinch/
│ │ └── lumberjack.v2/
│ │ ├── .gitignore
│ │ ├── .travis.yml
│ │ ├── LICENSE
│ │ ├── README.md
│ │ ├── chown.go
│ │ ├── chown_linux.go
│ │ └── lumberjack.go
│ └── modules.txt
└── windows/
├── service-install.bat
├── service-restart.bat
└── service-uninstall.bat
Showing preview only (9,324K chars total). Download the full file or copy to clipboard to get everything.
SYMBOL INDEX (110623 symbols across 1251 files)
FILE: dnscrypt-proxy/coldstart.go
type CaptivePortalEntryIPs (line 16) | type CaptivePortalEntryIPs
type CaptivePortalMap (line 18) | type CaptivePortalMap
method GetEntry (line 30) | func (ipsMap *CaptivePortalMap) GetEntry(msg *dns.Msg) (dns.RR, *Capti...
type CaptivePortalHandler (line 20) | type CaptivePortalHandler struct
method Stop (line 25) | func (captivePortalHandler *CaptivePortalHandler) Stop() {
function HandleCaptivePortalQuery (line 50) | func HandleCaptivePortalQuery(msg *dns.Msg, question dns.RR, ips *Captiv...
function handleColdStartClient (line 83) | func handleColdStartClient(clientPc *net.UDPConn, cancelChannel chan str...
function addColdStartListener (line 123) | func addColdStartListener(
function ColdStart (line 152) | func ColdStart(proxy *Proxy) (*CaptivePortalHandler, error) {
FILE: dnscrypt-proxy/common.go
type CryptoConstruction (line 22) | type CryptoConstruction
constant UndefinedConstruction (line 25) | UndefinedConstruction CryptoConstruction = iota
constant XSalsa20Poly1305 (line 26) | XSalsa20Poly1305
constant XChacha20Poly1305 (line 27) | XChacha20Poly1305
constant ClientMagicLen (line 31) | ClientMagicLen = 8
constant MaxHTTPBodyLength (line 35) | MaxHTTPBodyLength = 1000000
constant InheritedDescriptorsBase (line 55) | InheritedDescriptorsBase = uintptr(50)
function PrefixWithSize (line 58) | func PrefixWithSize(packet []byte) ([]byte, error) {
function ReadPrefixed (line 69) | func ReadPrefixed(conn *net.Conn) ([]byte, error) {
function Min (line 93) | func Min(a, b int) int {
function Max (line 100) | func Max(a, b int) int {
function StringReverse (line 107) | func StringReverse(s string) string {
function StringTwoFields (line 115) | func StringTwoFields(str string) (string, string, bool) {
function StringQuote (line 130) | func StringQuote(str string) string {
function StringStripSpaces (line 135) | func StringStripSpaces(str string) string {
function TrimAndStripInlineComments (line 144) | func TrimAndStripInlineComments(str string) string {
function ExtractHostAndPort (line 158) | func ExtractHostAndPort(str string, defaultPort int) (host string, port ...
function ReadTextFile (line 170) | func ReadTextFile(filename string) (string, error) {
function isDigit (line 180) | func isDigit(b byte) bool { return b >= '0' && b <= '9' }
function ExtractClientIPStr (line 183) | func ExtractClientIPStr(pluginsState *PluginsState) (string, bool) {
function ExtractClientIPStrEncrypted (line 198) | func ExtractClientIPStrEncrypted(pluginsState *PluginsState, ipCryptConf...
function FormatLogLine (line 207) | func FormatLogLine(format, clientIP, qName, reason string, additionalFie...
function WritePluginLog (line 238) | func WritePluginLog(logger io.Writer, format, clientIP, qName, reason st...
function ParseTimeBasedRule (line 253) | func ParseTimeBasedRule(line string, lineNo int, allWeeklyRanges *map[st...
function ParseIPRule (line 278) | func ParseIPRule(line string, lineNo int) (cleanLine string, trailingSta...
function ProcessConfigLines (line 304) | func ProcessConfigLines(lines string, processor func(line string, lineNo...
function LoadIPRules (line 321) | func LoadIPRules(lines string, prefixes *iradix.Tree, ips map[string]any...
function InitializePluginLogger (line 350) | func InitializePluginLogger(logFile, format string, maxSize, maxAge, max...
function reverseAddr (line 359) | func reverseAddr(addr string) (string, error) {
function fqdn (line 385) | func fqdn(name string) string {
FILE: dnscrypt-proxy/common_test.go
function TestExtractClientIPStr (line 8) | func TestExtractClientIPStr(t *testing.T) {
FILE: dnscrypt-proxy/config.go
constant MaxTimeout (line 21) | MaxTimeout = 3600
constant DefaultNetprobeAddress (line 22) | DefaultNetprobeAddress = "9.9.9.9:53"
type Config (line 25) | type Config struct
method GetRefusedFlag (line 532) | func (config *Config) GetRefusedFlag(configFile string) (bool, bool) {
method printRegisteredServers (line 570) | func (config *Config) printRegisteredServers(proxy *Proxy, jsonOutput ...
method loadSources (line 655) | func (config *Config) loadSources(proxy *Proxy) error {
method loadSource (line 699) | func (config *Config) loadSource(proxy *Proxy, cfgSourceName string, c...
function newConfig (line 113) | func newConfig() Config {
type StaticConfig (line 180) | type StaticConfig struct
type SourceConfig (line 184) | type SourceConfig struct
type QueryLogConfig (line 195) | type QueryLogConfig struct
type NxLogConfig (line 201) | type NxLogConfig struct
type BlockNameConfig (line 206) | type BlockNameConfig struct
type BlockNameConfigLegacy (line 212) | type BlockNameConfigLegacy struct
type WhitelistNameConfigLegacy (line 218) | type WhitelistNameConfigLegacy struct
type AllowedNameConfig (line 224) | type AllowedNameConfig struct
type BlockIPConfig (line 230) | type BlockIPConfig struct
type BlockIPConfigLegacy (line 236) | type BlockIPConfigLegacy struct
type AllowIPConfig (line 242) | type AllowIPConfig struct
type AnonymizedDNSRouteConfig (line 248) | type AnonymizedDNSRouteConfig struct
type AnonymizedDNSConfig (line 253) | type AnonymizedDNSConfig struct
type BrokenImplementationsConfig (line 259) | type BrokenImplementationsConfig struct
type LocalDoHConfig (line 264) | type LocalDoHConfig struct
type ServerSummary (line 271) | type ServerSummary struct
type TLSClientAuthCredsConfig (line 284) | type TLSClientAuthCredsConfig struct
type DoHClientX509AuthConfig (line 291) | type DoHClientX509AuthConfig struct
type DNS64Config (line 295) | type DNS64Config struct
type IPEncryptionConfig (line 300) | type IPEncryptionConfig struct
type CaptivePortalsConfig (line 305) | type CaptivePortalsConfig struct
type ConfigFlags (line 309) | type ConfigFlags struct
function findConfigFile (line 322) | func findConfigFile(configFile *string) (string, error) {
function ConfigLoad (line 339) | func ConfigLoad(proxy *Proxy, flags *ConfigFlags) error {
function configureBrokenImplementations (line 542) | func configureBrokenImplementations(proxy *Proxy, config *Config) {
function configureDNS64 (line 552) | func configureDNS64(proxy *Proxy, config *Config) {
function configureIPEncryption (line 558) | func configureIPEncryption(proxy *Proxy, config *Config) error {
function includesName (line 746) | func includesName(names []string, name string) bool {
function cdFileDir (line 755) | func cdFileDir(fileName string) error {
function cdLocal (line 759) | func cdLocal() {
function isIPAndPort (line 771) | func isIPAndPort(addrStr string) error {
FILE: dnscrypt-proxy/config_loader.go
function configureLogging (line 20) | func configureLogging(proxy *Proxy, flags *ConfigFlags, config *Config) {
function configureXTransport (line 66) | func configureXTransport(proxy *Proxy, config *Config) error {
function configureDoHClientAuth (line 142) | func configureDoHClientAuth(proxy *Proxy, config *Config) error {
function configureServerParams (line 166) | func configureServerParams(proxy *Proxy, config *Config) {
function configureLoadBalancing (line 190) | func configureLoadBalancing(proxy *Proxy, config *Config) {
function configurePlugins (line 226) | func configurePlugins(proxy *Proxy, config *Config) {
function configureEDNSClientSubnet (line 266) | func configureEDNSClientSubnet(proxy *Proxy, config *Config) error {
function configureQueryLog (line 281) | func configureQueryLog(proxy *Proxy, config *Config) error {
function configureNXLog (line 298) | func configureNXLog(proxy *Proxy, config *Config) error {
function configureBlockedNames (line 314) | func configureBlockedNames(proxy *Proxy, config *Config) error {
function configureAllowedNames (line 340) | func configureAllowedNames(proxy *Proxy, config *Config) error {
function configureBlockedIPs (line 366) | func configureBlockedIPs(proxy *Proxy, config *Config) error {
function configureAllowedIPs (line 392) | func configureAllowedIPs(proxy *Proxy, config *Config) error {
function configureAdditionalFiles (line 409) | func configureAdditionalFiles(proxy *Proxy, config *Config) {
function configureWeeklyRanges (line 416) | func configureWeeklyRanges(proxy *Proxy, config *Config) error {
function configureAnonymizedDNS (line 430) | func configureAnonymizedDNS(proxy *Proxy, config *Config) {
function configureSourceRestrictions (line 444) | func configureSourceRestrictions(proxy *Proxy, flags *ConfigFlags, confi...
function determineNetprobeAddress (line 480) | func determineNetprobeAddress(flags *ConfigFlags, config *Config) (strin...
function initializeNetworking (line 497) | func initializeNetworking(proxy *Proxy, flags *ConfigFlags, config *Conf...
FILE: dnscrypt-proxy/config_watcher.go
type ConfigWatcher (line 17) | type ConfigWatcher struct
method watchLoop (line 54) | func (cw *ConfigWatcher) watchLoop() {
method handleModifyEvent (line 77) | func (cw *ConfigWatcher) handleModifyEvent(path string) {
method checkFile (line 99) | func (cw *ConfigWatcher) checkFile(wf *WatchedFile) {
method AddFile (line 162) | func (cw *ConfigWatcher) AddFile(path string, reloadFunc func() error)...
method RemoveFile (line 217) | func (cw *ConfigWatcher) RemoveFile(path string) {
method Shutdown (line 237) | func (cw *ConfigWatcher) Shutdown() {
method checkAllFiles (line 271) | func (cw *ConfigWatcher) checkAllFiles() {
type WatchedFile (line 25) | type WatchedFile struct
function NewConfigWatcher (line 35) | func NewConfigWatcher(interval time.Duration) *ConfigWatcher {
function newPollingConfigWatcher (line 242) | func newPollingConfigWatcher(interval time.Duration) *ConfigWatcher {
function getFileHash (line 285) | func getFileHash(path string) ([]byte, error) {
function hashesEqual (line 301) | func hashesEqual(h1, h2 []byte) bool {
FILE: dnscrypt-proxy/config_watcher_test.go
function TestConfigWatcher (line 13) | func TestConfigWatcher(t *testing.T) {
function TestConfigWatcherPollingFallback (line 118) | func TestConfigWatcherPollingFallback(t *testing.T) {
FILE: dnscrypt-proxy/crypto.go
constant NonceSize (line 17) | NonceSize = xsecretbox.NonceSize
constant HalfNonceSize (line 18) | HalfNonceSize = xsecretbox.NonceSize / 2
constant TagSize (line 19) | TagSize = xsecretbox.TagSize
constant PublicKeySize (line 20) | PublicKeySize = 32
constant QueryOverhead (line 21) | QueryOverhead = ClientMagicLen + PublicKeySize + HalfNonceSize + TagSize
constant ResponseOverhead (line 22) | ResponseOverhead = len(ServerMagic) + NonceSize + TagSize
function pad (line 25) | func pad(packet []byte, minSize int) []byte {
function unpad (line 33) | func unpad(packet []byte) ([]byte, error) {
function ComputeSharedKey (line 47) | func ComputeSharedKey(
method Encrypt (line 75) | func (proxy *Proxy) Encrypt(
method Decrypt (line 134) | func (proxy *Proxy) Decrypt(
FILE: dnscrypt-proxy/dnscrypt_certs.go
type CertInfo (line 15) | type CertInfo struct
function FetchCurrentDNSCryptCert (line 23) | func FetchCurrentDNSCryptCert(
FILE: dnscrypt-proxy/dnsutils.go
function EmptyResponseFromMessage (line 17) | func EmptyResponseFromMessage(srcMsg *dns.Msg) *dns.Msg {
function TruncatedResponse (line 34) | func TruncatedResponse(packet []byte) ([]byte, error) {
function RefusedResponseFromMessage (line 47) | func RefusedResponseFromMessage(srcMsg *dns.Msg, refusedCode bool, ipv4 ...
function HasTCFlag (line 114) | func HasTCFlag(packet []byte) bool {
function TransactionID (line 118) | func TransactionID(packet []byte) uint16 {
function SetTransactionID (line 122) | func SetTransactionID(packet []byte, tid uint16) {
function Rcode (line 126) | func Rcode(packet []byte) uint8 {
function NormalizeRawQName (line 130) | func NormalizeRawQName(name *[]byte) {
function NormalizeQName (line 138) | func NormalizeQName(str string) (string, error) {
function getMinTTL (line 167) | func getMinTTL(msg *dns.Msg, minTTL uint32, maxTTL uint32, cacheNegMinTT...
function updateTTL (line 203) | func updateTTL(msg *dns.Msg, expiration time.Time) {
function hasEDNS0Padding (line 225) | func hasEDNS0Padding(packet []byte) (bool, error) {
function addEDNS0PaddingIfNoneFound (line 238) | func addEDNS0PaddingIfNoneFound(msg *dns.Msg, unpaddedPacket []byte, pad...
function removeEDNS0Options (line 258) | func removeEDNS0Options(msg *dns.Msg) bool {
function dddToByte (line 266) | func dddToByte(s []byte) (byte, bool) {
function PackTXTRR (line 274) | func PackTXTRR(s string) []byte {
type DNSExchangeResponse (line 305) | type DNSExchangeResponse struct
function DNSExchange (line 313) | func DNSExchange(
function _dnsExchange (line 402) | func _dnsExchange(
FILE: dnscrypt-proxy/estimators.go
type QuestionSizeEstimator (line 9) | type QuestionSizeEstimator struct
method MinQuestionSize (line 22) | func (questionSizeEstimator *QuestionSizeEstimator) MinQuestionSize() ...
method blindAdjust (line 29) | func (questionSizeEstimator *QuestionSizeEstimator) blindAdjust() {
method adjust (line 40) | func (questionSizeEstimator *QuestionSizeEstimator) adjust(packetSize ...
function NewQuestionSizeEstimator (line 15) | func NewQuestionSizeEstimator() QuestionSizeEstimator {
FILE: dnscrypt-proxy/fuzzing_test.go
function FuzzParseODoHTargetConfigs (line 12) | func FuzzParseODoHTargetConfigs(f *testing.F) {
function FuzzParseStampParser (line 23) | func FuzzParseStampParser(f *testing.F) {
FILE: dnscrypt-proxy/hot_reload.go
method InitHotReload (line 10) | func (proxy *Proxy) InitHotReload() error {
FILE: dnscrypt-proxy/ipcrypt.go
type IPCryptConfig (line 15) | type IPCryptConfig struct
method EncryptIP (line 81) | func (config *IPCryptConfig) EncryptIP(ip net.IP) (string, error) {
method EncryptIPString (line 134) | func (config *IPCryptConfig) EncryptIPString(ipStr string) string {
method DecryptIP (line 155) | func (config *IPCryptConfig) DecryptIP(encryptedStr string) (string, e...
function NewIPCryptConfig (line 22) | func NewIPCryptConfig(keyHex string, algorithm string) (*IPCryptConfig, ...
FILE: dnscrypt-proxy/ipcrypt_test.go
function TestNewIPCryptConfig (line 8) | func TestNewIPCryptConfig(t *testing.T) {
function TestIPCryptConfig_EncryptIP (line 99) | func TestIPCryptConfig_EncryptIP(t *testing.T) {
function TestIPCryptConfig_EncryptDecryptRoundTrip (line 162) | func TestIPCryptConfig_EncryptDecryptRoundTrip(t *testing.T) {
function TestIPCryptConfig_DisabledConfig (line 199) | func TestIPCryptConfig_DisabledConfig(t *testing.T) {
function TestExtractClientIPStrEncrypted (line 224) | func TestExtractClientIPStrEncrypted(t *testing.T) {
FILE: dnscrypt-proxy/local-doh.go
type localDoHHandler (line 16) | type localDoHHandler struct
method ServeHTTP (line 20) | func (handler localDoHHandler) ServeHTTP(writer http.ResponseWriter, r...
method localDoHListener (line 100) | func (proxy *Proxy) localDoHListener(acceptPc *net.TCPListener) {
function dohPaddedLen (line 116) | func dohPaddedLen(unpaddedLen int) int {
FILE: dnscrypt-proxy/logger.go
function Logger (line 11) | func Logger(logMaxSize int, logMaxAge int, logMaxBackups int, fileName s...
FILE: dnscrypt-proxy/main.go
constant AppVersion (line 19) | AppVersion = "2.1.15"
constant DefaultConfigFileName (line 20) | DefaultConfigFileName = "dnscrypt-proxy.toml"
type App (line 23) | type App struct
method Start (line 132) | func (app *App) Start(service service.Service) error {
method AppMain (line 137) | func (app *App) AppMain() {
method Stop (line 155) | func (app *App) Stop(service service.Service) error {
function main (line 29) | func main() {
FILE: dnscrypt-proxy/monitoring_ui.go
type MonitoringUIConfig (line 23) | type MonitoringUIConfig struct
type MetricsCollector (line 39) | type MetricsCollector struct
method generatePrometheusMetrics (line 453) | func (mc *MetricsCollector) generatePrometheusMetrics() string {
method collectResolverSnapshots (line 624) | func (mc *MetricsCollector) collectResolverSnapshots() ([]resolverSnap...
method collectCacheStats (line 691) | func (mc *MetricsCollector) collectCacheStats(cacheHitRatio float64, c...
method collectSourceRefresh (line 721) | func (mc *MetricsCollector) collectSourceRefresh() []map[string]any {
method invalidateCache (line 795) | func (mc *MetricsCollector) invalidateCache() {
method GetMetrics (line 802) | func (mc *MetricsCollector) GetMetrics() map[string]any {
type QueryLogEntry (line 81) | type QueryLogEntry struct
method EstimateMemoryUsage (line 93) | func (q *QueryLogEntry) EstimateMemoryUsage() int64 {
type resolverSnapshot (line 103) | type resolverSnapshot struct
type MonitoringUI (line 118) | type MonitoringUI struct
method Start (line 218) | func (ui *MonitoringUI) Start() error {
method Stop (line 263) | func (ui *MonitoringUI) Stop() error {
method UpdateMetrics (line 271) | func (ui *MonitoringUI) UpdateMetrics(pluginsState PluginsState, msg *...
method handleTestQuery (line 1019) | func (ui *MonitoringUI) handleTestQuery(w http.ResponseWriter, r *http...
method handleRoot (line 1046) | func (ui *MonitoringUI) handleRoot(w http.ResponseWriter, r *http.Requ...
method handleMetrics (line 1074) | func (ui *MonitoringUI) handleMetrics(w http.ResponseWriter, r *http.R...
method handleWebSocket (line 1115) | func (ui *MonitoringUI) handleWebSocket(w http.ResponseWriter, r *http...
method handleStatic (line 1204) | func (ui *MonitoringUI) handleStatic(w http.ResponseWriter, r *http.Re...
method handleStaticJS (line 1211) | func (ui *MonitoringUI) handleStaticJS(w http.ResponseWriter, r *http....
method handlePrometheus (line 1220) | func (ui *MonitoringUI) handlePrometheus(w http.ResponseWriter, r *htt...
method basicAuthMiddleware (line 1241) | func (ui *MonitoringUI) basicAuthMiddleware(next http.Handler) http.Ha...
method scheduleBroadcast (line 1263) | func (ui *MonitoringUI) scheduleBroadcast() {
method broadcastMetrics (line 1297) | func (ui *MonitoringUI) broadcastMetrics() {
function NewMonitoringUI (line 141) | func NewMonitoringUI(proxy *Proxy) *MonitoringUI {
function determineResolverStatus (line 571) | func determineResolverStatus(total uint64, successRate float64, lastUpda...
function resolverStatusRank (line 605) | func resolverStatusRank(status string) int {
function setCORSHeaders (line 999) | func setCORSHeaders(w http.ResponseWriter) {
function setDynamicCacheHeaders (line 1006) | func setDynamicCacheHeaders(w http.ResponseWriter) {
function setStaticCacheHeaders (line 1013) | func setStaticCacheHeaders(w http.ResponseWriter, maxAge int) {
FILE: dnscrypt-proxy/netprobe_others.go
function NetProbe (line 12) | func NetProbe(proxy *Proxy, address string, timeout int) error {
FILE: dnscrypt-proxy/netprobe_windows.go
function NetProbe (line 10) | func NetProbe(proxy *Proxy, address string, timeout int) error {
FILE: dnscrypt-proxy/oblivious_doh.go
constant odohVersion (line 13) | odohVersion = uint16(0x0001)
constant odohTestVersion (line 14) | odohTestVersion = uint16(0xff06)
constant maxODoHConfigs (line 15) | maxODoHConfigs = 10
type ODoHTargetConfig (line 18) | type ODoHTargetConfig struct
method encryptQuery (line 106) | func (t ODoHTargetConfig) encryptQuery(query []byte) (ODoHQuery, error) {
function encodeLengthValue (line 24) | func encodeLengthValue(b []byte) []byte {
function parseODoHTargetConfig (line 30) | func parseODoHTargetConfig(config []byte) (ODoHTargetConfig, error) {
function parseODoHTargetConfigs (line 65) | func parseODoHTargetConfigs(configs []byte) ([]ODoHTargetConfig, error) {
type ODoHQuery (line 99) | type ODoHQuery struct
method decryptResponse (line 133) | func (q ODoHQuery) decryptResponse(response []byte) ([]byte, error) {
FILE: dnscrypt-proxy/pattern_matcher.go
type PatternType (line 13) | type PatternType
constant PatternTypeNone (line 16) | PatternTypeNone PatternType = iota
constant PatternTypePrefix (line 17) | PatternTypePrefix
constant PatternTypeSuffix (line 18) | PatternTypeSuffix
constant PatternTypeSubstring (line 19) | PatternTypeSubstring
constant PatternTypePattern (line 20) | PatternTypePattern
constant PatternTypeExact (line 21) | PatternTypeExact
type PatternMatcher (line 24) | type PatternMatcher struct
method Add (line 54) | func (patternMatcher *PatternMatcher) Add(pattern string, val any, pos...
method Eval (line 125) | func (patternMatcher *PatternMatcher) Eval(qName string) (reject bool,...
function NewPatternMatcher (line 33) | func NewPatternMatcher() *PatternMatcher {
function isGlobCandidate (line 43) | func isGlobCandidate(str string) bool {
FILE: dnscrypt-proxy/permcheck_others.go
function WarnIfMaybeWritableByOtherUsers (line 5) | func WarnIfMaybeWritableByOtherUsers(p string) {
FILE: dnscrypt-proxy/permcheck_unix.go
function maybeWritableByOtherUsers (line 12) | func maybeWritableByOtherUsers(p string) (bool, string, error) {
function WarnIfMaybeWritableByOtherUsers (line 28) | func WarnIfMaybeWritableByOtherUsers(p string) {
FILE: dnscrypt-proxy/pidfile.go
function PidFileCreate (line 14) | func PidFileCreate() error {
function PidFileRemove (line 24) | func PidFileRemove() error {
FILE: dnscrypt-proxy/plugin_allow_ip.go
type PluginAllowedIP (line 15) | type PluginAllowedIP struct
method Name (line 32) | func (plugin *PluginAllowedIP) Name() string {
method Description (line 36) | func (plugin *PluginAllowedIP) Description() string {
method Init (line 40) | func (plugin *PluginAllowedIP) Init(proxy *Proxy) error {
method loadRules (line 65) | func (plugin *PluginAllowedIP) loadRules(lines string, prefixes *iradi...
method Drop (line 69) | func (plugin *PluginAllowedIP) Drop() error {
method PrepareReload (line 77) | func (plugin *PluginAllowedIP) PrepareReload() error {
method ApplyReload (line 92) | func (plugin *PluginAllowedIP) ApplyReload() error {
method CancelReload (line 113) | func (plugin *PluginAllowedIP) CancelReload() {
method Reload (line 120) | func (plugin *PluginAllowedIP) Reload() error {
method GetConfigPath (line 134) | func (plugin *PluginAllowedIP) GetConfigPath() string {
method SetConfigWatcher (line 139) | func (plugin *PluginAllowedIP) SetConfigWatcher(watcher *ConfigWatcher) {
method Eval (line 143) | func (plugin *PluginAllowedIP) Eval(pluginsState *PluginsState, msg *d...
FILE: dnscrypt-proxy/plugin_allow_name.go
type PluginAllowName (line 12) | type PluginAllowName struct
method Name (line 26) | func (plugin *PluginAllowName) Name() string {
method Description (line 30) | func (plugin *PluginAllowName) Description() string {
method Init (line 34) | func (plugin *PluginAllowName) Init(proxy *Proxy) error {
method loadPatterns (line 57) | func (plugin *PluginAllowName) loadPatterns(lines string, patternMatch...
method Drop (line 73) | func (plugin *PluginAllowName) Drop() error {
method PrepareReload (line 81) | func (plugin *PluginAllowName) PrepareReload() error {
method ApplyReload (line 92) | func (plugin *PluginAllowName) ApplyReload() error {
method CancelReload (line 109) | func (plugin *PluginAllowName) CancelReload() {
method Reload (line 114) | func (plugin *PluginAllowName) Reload() error {
method GetConfigPath (line 128) | func (plugin *PluginAllowName) GetConfigPath() string {
method SetConfigWatcher (line 133) | func (plugin *PluginAllowName) SetConfigWatcher(watcher *ConfigWatcher) {
method Eval (line 137) | func (plugin *PluginAllowName) Eval(pluginsState *PluginsState, msg *d...
FILE: dnscrypt-proxy/plugin_block_ip.go
type PluginBlockIP (line 15) | type PluginBlockIP struct
method Name (line 32) | func (plugin *PluginBlockIP) Name() string {
method Description (line 36) | func (plugin *PluginBlockIP) Description() string {
method Init (line 40) | func (plugin *PluginBlockIP) Init(proxy *Proxy) error {
method loadRules (line 65) | func (plugin *PluginBlockIP) loadRules(lines string, prefixes *iradix....
method Drop (line 69) | func (plugin *PluginBlockIP) Drop() error {
method PrepareReload (line 77) | func (plugin *PluginBlockIP) PrepareReload() error {
method ApplyReload (line 92) | func (plugin *PluginBlockIP) ApplyReload() error {
method CancelReload (line 113) | func (plugin *PluginBlockIP) CancelReload() {
method Reload (line 120) | func (plugin *PluginBlockIP) Reload() error {
method GetConfigPath (line 134) | func (plugin *PluginBlockIP) GetConfigPath() string {
method SetConfigWatcher (line 139) | func (plugin *PluginBlockIP) SetConfigWatcher(watcher *ConfigWatcher) {
method Eval (line 143) | func (plugin *PluginBlockIP) Eval(pluginsState *PluginsState, msg *dns...
FILE: dnscrypt-proxy/plugin_block_ipv6.go
type PluginBlockIPv6 (line 9) | type PluginBlockIPv6 struct
method Name (line 11) | func (plugin *PluginBlockIPv6) Name() string {
method Description (line 15) | func (plugin *PluginBlockIPv6) Description() string {
method Init (line 19) | func (plugin *PluginBlockIPv6) Init(proxy *Proxy) error {
method Drop (line 23) | func (plugin *PluginBlockIPv6) Drop() error {
method Reload (line 27) | func (plugin *PluginBlockIPv6) Reload() error {
method Eval (line 31) | func (plugin *PluginBlockIPv6) Eval(pluginsState *PluginsState, msg *d...
FILE: dnscrypt-proxy/plugin_block_name.go
type BlockedNames (line 12) | type BlockedNames struct
method check (line 28) | func (blockedNames *BlockedNames) check(pluginsState *PluginsState, qN...
constant aliasesLimit (line 20) | aliasesLimit = 8
type PluginBlockName (line 63) | type PluginBlockName struct
method Name (line 70) | func (plugin *PluginBlockName) Name() string {
method Description (line 74) | func (plugin *PluginBlockName) Description() string {
method Init (line 78) | func (plugin *PluginBlockName) Init(proxy *Proxy) error {
method loadRules (line 107) | func (plugin *PluginBlockName) loadRules(lines string, blockedNamesObj...
method Drop (line 123) | func (plugin *PluginBlockName) Drop() error {
method PrepareReload (line 131) | func (plugin *PluginBlockName) PrepareReload() error {
method ApplyReload (line 157) | func (plugin *PluginBlockName) ApplyReload() error {
method CancelReload (line 175) | func (plugin *PluginBlockName) CancelReload() {
method Reload (line 180) | func (plugin *PluginBlockName) Reload() error {
method GetConfigPath (line 194) | func (plugin *PluginBlockName) GetConfigPath() string {
method SetConfigWatcher (line 199) | func (plugin *PluginBlockName) SetConfigWatcher(watcher *ConfigWatcher) {
method Eval (line 203) | func (plugin *PluginBlockName) Eval(pluginsState *PluginsState, msg *d...
type PluginBlockNameResponse (line 222) | type PluginBlockNameResponse struct
method Name (line 227) | func (plugin *PluginBlockNameResponse) Name() string {
method Description (line 231) | func (plugin *PluginBlockNameResponse) Description() string {
method Init (line 235) | func (plugin *PluginBlockNameResponse) Init(proxy *Proxy) error {
method Drop (line 239) | func (plugin *PluginBlockNameResponse) Drop() error {
method Reload (line 243) | func (plugin *PluginBlockNameResponse) Reload() error {
method Eval (line 249) | func (plugin *PluginBlockNameResponse) Eval(pluginsState *PluginsState...
FILE: dnscrypt-proxy/plugin_block_undelegated.go
type PluginBlockUndelegated (line 158) | type PluginBlockUndelegated struct
method Name (line 162) | func (plugin *PluginBlockUndelegated) Name() string {
method Description (line 166) | func (plugin *PluginBlockUndelegated) Description() string {
method Init (line 170) | func (plugin *PluginBlockUndelegated) Init(proxy *Proxy) error {
method Drop (line 180) | func (plugin *PluginBlockUndelegated) Drop() error {
method Reload (line 184) | func (plugin *PluginBlockUndelegated) Reload() error {
method Eval (line 188) | func (plugin *PluginBlockUndelegated) Eval(pluginsState *PluginsState,...
FILE: dnscrypt-proxy/plugin_block_unqualified.go
type PluginBlockUnqualified (line 9) | type PluginBlockUnqualified struct
method Name (line 11) | func (plugin *PluginBlockUnqualified) Name() string {
method Description (line 15) | func (plugin *PluginBlockUnqualified) Description() string {
method Init (line 19) | func (plugin *PluginBlockUnqualified) Init(proxy *Proxy) error {
method Drop (line 23) | func (plugin *PluginBlockUnqualified) Drop() error {
method Reload (line 27) | func (plugin *PluginBlockUnqualified) Reload() error {
method Eval (line 31) | func (plugin *PluginBlockUnqualified) Eval(pluginsState *PluginsState,...
FILE: dnscrypt-proxy/plugin_cache.go
constant StaleResponseTTL (line 14) | StaleResponseTTL = 30 * time.Second
type CachedResponse (line 16) | type CachedResponse struct
type CachedResponses (line 21) | type CachedResponses struct
function computeCacheKey (line 28) | func computeCacheKey(pluginsState *PluginsState, msg *dns.Msg) [32]byte {
type PluginCache (line 49) | type PluginCache struct
method Name (line 51) | func (plugin *PluginCache) Name() string {
method Description (line 55) | func (plugin *PluginCache) Description() string {
method Init (line 59) | func (plugin *PluginCache) Init(proxy *Proxy) error {
method Drop (line 63) | func (plugin *PluginCache) Drop() error {
method Reload (line 67) | func (plugin *PluginCache) Reload() error {
method Eval (line 71) | func (plugin *PluginCache) Eval(pluginsState *PluginsState, msg *dns.M...
type PluginCacheResponse (line 105) | type PluginCacheResponse struct
method Name (line 107) | func (plugin *PluginCacheResponse) Name() string {
method Description (line 111) | func (plugin *PluginCacheResponse) Description() string {
method Init (line 115) | func (plugin *PluginCacheResponse) Init(proxy *Proxy) error {
method Drop (line 119) | func (plugin *PluginCacheResponse) Drop() error {
method Reload (line 123) | func (plugin *PluginCacheResponse) Reload() error {
method Eval (line 127) | func (plugin *PluginCacheResponse) Eval(pluginsState *PluginsState, ms...
FILE: dnscrypt-proxy/plugin_captive_portal.go
type PluginCaptivePortal (line 8) | type PluginCaptivePortal struct
method Name (line 12) | func (plugin *PluginCaptivePortal) Name() string {
method Description (line 16) | func (plugin *PluginCaptivePortal) Description() string {
method Init (line 20) | func (plugin *PluginCaptivePortal) Init(proxy *Proxy) error {
method Drop (line 26) | func (plugin *PluginCaptivePortal) Drop() error {
method Reload (line 30) | func (plugin *PluginCaptivePortal) Reload() error {
method Eval (line 34) | func (plugin *PluginCaptivePortal) Eval(pluginsState *PluginsState, ms...
FILE: dnscrypt-proxy/plugin_cloak.go
type CloakedName (line 19) | type CloakedName struct
type PluginCloak (line 30) | type PluginCloak struct
method Name (line 42) | func (plugin *PluginCloak) Name() string {
method Description (line 46) | func (plugin *PluginCloak) Description() string {
method Init (line 50) | func (plugin *PluginCloak) Init(proxy *Proxy) error {
method loadRules (line 71) | func (plugin *PluginCloak) loadRules(lines string, patternMatcher *Pat...
method Drop (line 155) | func (plugin *PluginCloak) Drop() error {
method PrepareReload (line 163) | func (plugin *PluginCloak) PrepareReload() error {
method ApplyReload (line 182) | func (plugin *PluginCloak) ApplyReload() error {
method CancelReload (line 198) | func (plugin *PluginCloak) CancelReload() {
method Reload (line 203) | func (plugin *PluginCloak) Reload() error {
method GetConfigPath (line 217) | func (plugin *PluginCloak) GetConfigPath() string {
method SetConfigWatcher (line 222) | func (plugin *PluginCloak) SetConfigWatcher(watcher *ConfigWatcher) {
method Eval (line 226) | func (plugin *PluginCloak) Eval(pluginsState *PluginsState, msg *dns.M...
function ptrEntryToQuery (line 146) | func ptrEntryToQuery(ptrEntry string) string {
function ptrNameToFQDN (line 150) | func ptrNameToFQDN(ptrLine string) string {
FILE: dnscrypt-proxy/plugin_dns64.go
constant rfc7050WKN (line 16) | rfc7050WKN = "ipv4only.arpa."
type PluginDNS64 (line 23) | type PluginDNS64 struct
method Name (line 31) | func (plugin *PluginDNS64) Name() string {
method Description (line 35) | func (plugin *PluginDNS64) Description() string {
method Init (line 39) | func (plugin *PluginDNS64) Init(proxy *Proxy) error {
method Drop (line 71) | func (plugin *PluginDNS64) Drop() error {
method Reload (line 75) | func (plugin *PluginDNS64) Reload() error {
method Eval (line 79) | func (plugin *PluginDNS64) Eval(pluginsState *PluginsState, msg *dns.M...
method fetchPref64 (line 197) | func (plugin *PluginDNS64) fetchPref64(resolver string) error {
method refreshPref64 (line 259) | func (plugin *PluginDNS64) refreshPref64() error {
function hasAAAAAnswer (line 174) | func hasAAAAAnswer(msg *dns.Msg) bool {
function translateToIPv6 (line 183) | func translateToIPv6(ipv4 net.IP, prefix *net.IPNet) net.IP {
FILE: dnscrypt-proxy/plugin_ecs.go
type PluginECS (line 12) | type PluginECS struct
method Name (line 16) | func (plugin *PluginECS) Name() string {
method Description (line 20) | func (plugin *PluginECS) Description() string {
method Init (line 24) | func (plugin *PluginECS) Init(proxy *Proxy) error {
method Drop (line 30) | func (plugin *PluginECS) Drop() error {
method Reload (line 34) | func (plugin *PluginECS) Reload() error {
method Eval (line 38) | func (plugin *PluginECS) Eval(pluginsState *PluginsState, msg *dns.Msg...
FILE: dnscrypt-proxy/plugin_firefox.go
type PluginFirefox (line 32) | type PluginFirefox struct
method Name (line 34) | func (plugin *PluginFirefox) Name() string {
method Description (line 38) | func (plugin *PluginFirefox) Description() string {
method Init (line 42) | func (plugin *PluginFirefox) Init(proxy *Proxy) error {
method Drop (line 47) | func (plugin *PluginFirefox) Drop() error {
method Reload (line 51) | func (plugin *PluginFirefox) Reload() error {
method Eval (line 55) | func (plugin *PluginFirefox) Eval(pluginsState *PluginsState, msg *dns...
FILE: dnscrypt-proxy/plugin_forward.go
type SearchSequenceItemType (line 21) | type SearchSequenceItemType
constant Explicit (line 24) | Explicit SearchSequenceItemType = iota
constant Bootstrap (line 25) | Bootstrap
constant DHCP (line 26) | DHCP
constant Resolvconf (line 27) | Resolvconf
type SearchSequenceItem (line 30) | type SearchSequenceItem struct
type PluginForwardEntry (line 37) | type PluginForwardEntry struct
type PluginForward (line 42) | type PluginForward struct
method Name (line 54) | func (plugin *PluginForward) Name() string {
method Description (line 58) | func (plugin *PluginForward) Description() string {
method Init (line 62) | func (plugin *PluginForward) Init(proxy *Proxy) error {
method parseForwardFile (line 103) | func (plugin *PluginForward) parseForwardFile(lines string) (bool, []P...
method Drop (line 206) | func (plugin *PluginForward) Drop() error {
method PrepareReload (line 214) | func (plugin *PluginForward) PrepareReload() error {
method ApplyReload (line 234) | func (plugin *PluginForward) ApplyReload() error {
method CancelReload (line 250) | func (plugin *PluginForward) CancelReload() {
method Reload (line 255) | func (plugin *PluginForward) Reload() error {
method GetConfigPath (line 269) | func (plugin *PluginForward) GetConfigPath() string {
method SetConfigWatcher (line 274) | func (plugin *PluginForward) SetConfigWatcher(watcher *ConfigWatcher) {
method Eval (line 278) | func (plugin *PluginForward) Eval(pluginsState *PluginsState, msg *dns...
function parseResolvConf (line 416) | func parseResolvConf(filename string) (servers []string, warnings []stri...
function normalizeIPAndOptionalPort (line 446) | func normalizeIPAndOptionalPort(addr string, defaultPort string) (string...
FILE: dnscrypt-proxy/plugin_get_set_payload_size.go
type PluginGetSetPayloadSize (line 5) | type PluginGetSetPayloadSize struct
method Name (line 7) | func (plugin *PluginGetSetPayloadSize) Name() string {
method Description (line 11) | func (plugin *PluginGetSetPayloadSize) Description() string {
method Init (line 15) | func (plugin *PluginGetSetPayloadSize) Init(proxy *Proxy) error {
method Drop (line 19) | func (plugin *PluginGetSetPayloadSize) Drop() error {
method Reload (line 23) | func (plugin *PluginGetSetPayloadSize) Reload() error {
method Eval (line 27) | func (plugin *PluginGetSetPayloadSize) Eval(pluginsState *PluginsState...
FILE: dnscrypt-proxy/plugin_nx_log.go
type PluginNxLog (line 13) | type PluginNxLog struct
method Name (line 19) | func (plugin *PluginNxLog) Name() string {
method Description (line 23) | func (plugin *PluginNxLog) Description() string {
method Init (line 27) | func (plugin *PluginNxLog) Init(proxy *Proxy) error {
method Drop (line 35) | func (plugin *PluginNxLog) Drop() error {
method Reload (line 39) | func (plugin *PluginNxLog) Reload() error {
method Eval (line 43) | func (plugin *PluginNxLog) Eval(pluginsState *PluginsState, msg *dns.M...
FILE: dnscrypt-proxy/plugin_query_log.go
type PluginQueryLog (line 14) | type PluginQueryLog struct
method Name (line 21) | func (plugin *PluginQueryLog) Name() string {
method Description (line 25) | func (plugin *PluginQueryLog) Description() string {
method Init (line 29) | func (plugin *PluginQueryLog) Init(proxy *Proxy) error {
method Drop (line 38) | func (plugin *PluginQueryLog) Drop() error {
method Reload (line 42) | func (plugin *PluginQueryLog) Reload() error {
method Eval (line 46) | func (plugin *PluginQueryLog) Eval(pluginsState *PluginsState, msg *dn...
FILE: dnscrypt-proxy/plugin_querymeta.go
type PluginQueryMeta (line 7) | type PluginQueryMeta struct
method Name (line 11) | func (plugin *PluginQueryMeta) Name() string {
method Description (line 15) | func (plugin *PluginQueryMeta) Description() string {
method Init (line 19) | func (plugin *PluginQueryMeta) Init(proxy *Proxy) error {
method Drop (line 29) | func (plugin *PluginQueryMeta) Drop() error {
method Reload (line 33) | func (plugin *PluginQueryMeta) Reload() error {
method Eval (line 37) | func (plugin *PluginQueryMeta) Eval(pluginsState *PluginsState, msg *d...
FILE: dnscrypt-proxy/plugins.go
type PluginsAction (line 14) | type PluginsAction
constant PluginsActionNone (line 17) | PluginsActionNone = 0
constant PluginsActionContinue (line 18) | PluginsActionContinue = 1
constant PluginsActionDrop (line 19) | PluginsActionDrop = 2
constant PluginsActionReject (line 20) | PluginsActionReject = 3
constant PluginsActionSynth (line 21) | PluginsActionSynth = 4
type PluginsGlobals (line 24) | type PluginsGlobals struct
type PluginsReturnCode (line 34) | type PluginsReturnCode
constant PluginsReturnCodePass (line 37) | PluginsReturnCodePass = iota
constant PluginsReturnCodeForward (line 38) | PluginsReturnCodeForward
constant PluginsReturnCodeDrop (line 39) | PluginsReturnCodeDrop
constant PluginsReturnCodeReject (line 40) | PluginsReturnCodeReject
constant PluginsReturnCodeSynth (line 41) | PluginsReturnCodeSynth
constant PluginsReturnCodeParseError (line 42) | PluginsReturnCodeParseError
constant PluginsReturnCodeNXDomain (line 43) | PluginsReturnCodeNXDomain
constant PluginsReturnCodeResponseError (line 44) | PluginsReturnCodeResponseError
constant PluginsReturnCodeServFail (line 45) | PluginsReturnCodeServFail
constant PluginsReturnCodeNetworkError (line 46) | PluginsReturnCodeNetworkError
constant PluginsReturnCodeCloak (line 47) | PluginsReturnCodeCloak
constant PluginsReturnCodeServerTimeout (line 48) | PluginsReturnCodeServerTimeout
constant PluginsReturnCodeNotReady (line 49) | PluginsReturnCodeNotReady
type PluginsState (line 68) | type PluginsState struct
method ApplyQueryPlugins (line 276) | func (pluginsState *PluginsState) ApplyQueryPlugins(
method ApplyResponsePlugins (line 337) | func (pluginsState *PluginsState) ApplyResponsePlugins(
method ApplyLoggingPlugins (line 390) | func (pluginsState *PluginsState) ApplyLoggingPlugins(pluginsGlobals *...
method InitPluginsGlobals (line 97) | func (proxy *Proxy) InitPluginsGlobals() error {
function parseBlockedQueryResponse (line 189) | func parseBlockedQueryResponse(blockedResponse string, pluginsGlobals *P...
type Plugin (line 236) | type Plugin interface
function NewPluginsState (line 245) | func NewPluginsState(
FILE: dnscrypt-proxy/privilege_linux.go
method dropPrivilege (line 17) | func (proxy *Proxy) dropPrivilege(userStr string, fds []*os.File) {
FILE: dnscrypt-proxy/privilege_others.go
method dropPrivilege (line 18) | func (proxy *Proxy) dropPrivilege(userStr string, fds []*os.File) {
FILE: dnscrypt-proxy/privilege_windows.go
method dropPrivilege (line 5) | func (proxy *Proxy) dropPrivilege(userStr string, fds []*os.File) {}
FILE: dnscrypt-proxy/proxy.go
type Proxy (line 22) | type Proxy struct
method registerUDPListener (line 114) | func (proxy *Proxy) registerUDPListener(conn *net.UDPConn) {
method registerTCPListener (line 120) | func (proxy *Proxy) registerTCPListener(listener *net.TCPListener) {
method registerLocalDoHListener (line 126) | func (proxy *Proxy) registerLocalDoHListener(listener *net.TCPListener) {
method addDNSListener (line 132) | func (proxy *Proxy) addDNSListener(listenAddrStr string) {
method addLocalDoHListener (line 213) | func (proxy *Proxy) addLocalDoHListener(listenAddrStr string) {
method StartProxy (line 262) | func (proxy *Proxy) StartProxy() {
method updateRegisteredServers (line 341) | func (proxy *Proxy) updateRegisteredServers() error {
method udpListener (line 437) | func (proxy *Proxy) udpListener(clientPc *net.UDPConn) {
method tcpListener (line 467) | func (proxy *Proxy) tcpListener(acceptPc *net.TCPListener) {
method udpListenerFromAddr (line 498) | func (proxy *Proxy) udpListenerFromAddr(listenAddr *net.UDPAddr) error {
method tcpListenerFromAddr (line 518) | func (proxy *Proxy) tcpListenerFromAddr(listenAddr *net.TCPAddr) error {
method localDoHListenerFromAddr (line 538) | func (proxy *Proxy) localDoHListenerFromAddr(listenAddr *net.TCPAddr) ...
method startAcceptingClients (line 558) | func (proxy *Proxy) startAcceptingClients() {
method prepareForRelay (line 573) | func (proxy *Proxy) prepareForRelay(ip net.IP, port int, encryptedQuer...
method exchangeWithUDPServer (line 583) | func (proxy *Proxy) exchangeWithUDPServer(
method exchangeWithUDPServerViaProxy (line 641) | func (proxy *Proxy) exchangeWithUDPServerViaProxy(
method exchangeWithTCPServer (line 676) | func (proxy *Proxy) exchangeWithTCPServer(
method clientsCountInc (line 718) | func (proxy *Proxy) clientsCountInc() bool {
method clientsCountDec (line 731) | func (proxy *Proxy) clientsCountDec() {
method getDynamicTimeout (line 746) | func (proxy *Proxy) getDynamicTimeout() time.Duration {
method processIncomingQuery (line 767) | func (proxy *Proxy) processIncomingQuery(
function NewProxy (line 912) | func NewProxy() *Proxy {
FILE: dnscrypt-proxy/query_processing.go
function validateQuery (line 15) | func validateQuery(query []byte) bool {
function handleSynthesizedResponse (line 26) | func handleSynthesizedResponse(pluginsState *PluginsState, synth *dns.Ms...
function processDNSCryptQuery (line 35) | func processDNSCryptQuery(
function processDoHQuery (line 106) | func processDoHQuery(
function processODoHQuery (line 146) | func processODoHQuery(
function handleDNSExchange (line 216) | func handleDNSExchange(
function processPlugins (line 251) | func processPlugins(
function sendResponse (line 299) | func sendResponse(
function updateMonitoringMetrics (line 347) | func updateMonitoringMetrics(
FILE: dnscrypt-proxy/reload_utils.go
type ReloadablePlugin (line 15) | type ReloadablePlugin interface
type ReloadSafeguard (line 33) | type ReloadSafeguard struct
method StartReload (line 49) | func (rs *ReloadSafeguard) StartReload() bool {
method FinishReload (line 59) | func (rs *ReloadSafeguard) FinishReload() {
method AcquireConfigRead (line 65) | func (rs *ReloadSafeguard) AcquireConfigRead() {
method ReleaseConfigRead (line 70) | func (rs *ReloadSafeguard) ReleaseConfigRead() {
method AcquireConfigWrite (line 75) | func (rs *ReloadSafeguard) AcquireConfigWrite() {
method ReleaseConfigWrite (line 80) | func (rs *ReloadSafeguard) ReleaseConfigWrite() {
method SafeReload (line 87) | func (rs *ReloadSafeguard) SafeReload(reloadFunc func() error) error {
function NewReloadSafeguard (line 41) | func NewReloadSafeguard() *ReloadSafeguard {
function RegisterPluginForReload (line 102) | func RegisterPluginForReload(plugin ReloadablePlugin, watcher *ConfigWat...
function SafeReadTextFile (line 143) | func SafeReadTextFile(filePath string) (string, error) {
function StandardReloadPattern (line 168) | func StandardReloadPattern(pluginName string, reloadFunc func() error) e...
function StandardPrepareReloadPattern (line 180) | func StandardPrepareReloadPattern(pluginName, configFile string, prepare...
function StandardApplyReloadPattern (line 196) | func StandardApplyReloadPattern(pluginName string, applyFunc func() erro...
FILE: dnscrypt-proxy/reload_utils_test.go
function TestReloadSafeguard (line 10) | func TestReloadSafeguard(t *testing.T) {
FILE: dnscrypt-proxy/resolve.go
constant myResolverHost (line 18) | myResolverHost string = "resolver.dnscrypt.info."
constant nonexistentName (line 19) | nonexistentName string = "nonexistent-zone.dnscrypt-test."
function resolveQuery (line 22) | func resolveQuery(server string, qName string, qType uint16, sendClientS...
function Resolve (line 74) | func Resolve(server string, name string, singleResolver bool) {
FILE: dnscrypt-proxy/serversInfo.go
constant RTTEwmaDecay (line 28) | RTTEwmaDecay = 10.0
type RegisteredServer (line 31) | type RegisteredServer struct
type ServerBugs (line 37) | type ServerBugs struct
type DOHClientCreds (line 41) | type DOHClientCreds struct
type ServerInfo (line 47) | type ServerInfo struct
method noticeFailure (line 1160) | func (serverInfo *ServerInfo) noticeFailure(proxy *Proxy) {
method noticeBegin (line 1166) | func (serverInfo *ServerInfo) noticeBegin(proxy *Proxy) {
method noticeSuccess (line 1172) | func (serverInfo *ServerInfo) noticeSuccess(proxy *Proxy) {
type LBStrategy (line 74) | type LBStrategy interface
type LBStrategyP2 (line 79) | type LBStrategyP2 struct
method getCandidate (line 81) | func (LBStrategyP2) getCandidate(serversCount int) int {
method getActiveCount (line 85) | func (LBStrategyP2) getActiveCount(serversCount int) int {
type LBStrategyPN (line 89) | type LBStrategyPN struct
method getCandidate (line 91) | func (s LBStrategyPN) getCandidate(serversCount int) int {
method getActiveCount (line 95) | func (s LBStrategyPN) getActiveCount(serversCount int) int {
type LBStrategyPH (line 99) | type LBStrategyPH struct
method getCandidate (line 101) | func (LBStrategyPH) getCandidate(serversCount int) int {
method getActiveCount (line 105) | func (LBStrategyPH) getActiveCount(serversCount int) int {
type LBStrategyFirst (line 109) | type LBStrategyFirst struct
method getCandidate (line 111) | func (LBStrategyFirst) getCandidate(int) int {
method getActiveCount (line 115) | func (LBStrategyFirst) getActiveCount(int) int {
type LBStrategyRandom (line 119) | type LBStrategyRandom struct
method getCandidate (line 121) | func (LBStrategyRandom) getCandidate(serversCount int) int {
method getActiveCount (line 125) | func (LBStrategyRandom) getActiveCount(serversCount int) int {
type LBStrategyWP2 (line 129) | type LBStrategyWP2 struct
method getCandidate (line 131) | func (LBStrategyWP2) getCandidate(serversCount int) int {
method getActiveCount (line 140) | func (LBStrategyWP2) getActiveCount(serversCount int) int {
type DNSCryptRelay (line 146) | type DNSCryptRelay struct
type ODoHRelay (line 151) | type ODoHRelay struct
type Relay (line 155) | type Relay struct
type ServersInfo (line 162) | type ServersInfo struct
method registerServer (line 180) | func (serversInfo *ServersInfo) registerServer(name string, stamp stam...
method registerRelay (line 193) | func (serversInfo *ServersInfo) registerRelay(name string, stamp stamp...
method refreshServer (line 206) | func (serversInfo *ServersInfo) refreshServer(proxy *Proxy, name strin...
method refresh (line 245) | func (serversInfo *ServersInfo) refresh(proxy *Proxy) (int, error) {
method estimatorUpdate (line 299) | func (serversInfo *ServersInfo) estimatorUpdate(currentActive int) {
method getOne (line 345) | func (serversInfo *ServersInfo) getOne() *ServerInfo {
method getWeightedCandidate (line 376) | func (serversInfo *ServersInfo) getWeightedCandidate(serversCount int)...
method calculateServerScore (line 412) | func (serversInfo *ServersInfo) calculateServerScore(server *ServerInf...
method updateServerStats (line 438) | func (serversInfo *ServersInfo) updateServerStats(serverName string, s...
method logWP2Stats (line 461) | func (serversInfo *ServersInfo) logWP2Stats() {
function NewServersInfo (line 171) | func NewServersInfo() ServersInfo {
function fetchServerInfo (line 482) | func fetchServerInfo(proxy *Proxy, name string, stamp stamps.ServerStamp...
function findFarthestRoute (line 493) | func findFarthestRoute(proxy *Proxy, name string, relayStamps []stamps.S...
function relayProtoForServerProto (line 570) | func relayProtoForServerProto(proto stamps.StampProtoType) (stamps.Stamp...
function route (line 581) | func route(proxy *Proxy, name string, serverProto stamps.StampProtoType)...
function fetchDNSCryptServerInfo (line 702) | func fetchDNSCryptServerInfo(proxy *Proxy, name string, stamp stamps.Ser...
function dohTestPacket (line 815) | func dohTestPacket(msgID uint16) []byte {
function dohNXTestPacket (line 831) | func dohNXTestPacket(msgID uint16) []byte {
function plainNXTestPacket (line 852) | func plainNXTestPacket(msgID uint16) *dns.Msg {
function fetchDoHServerInfo (line 864) | func fetchDoHServerInfo(proxy *Proxy, name string, stamp stamps.ServerSt...
function fetchTargetConfigsFromWellKnown (line 964) | func fetchTargetConfigsFromWellKnown(proxy *Proxy, url *url.URL) ([]ODoH...
function _fetchODoHTargetInfo (line 975) | func _fetchODoHTargetInfo(proxy *Proxy, name string, stamp stamps.Server...
function fetchODoHTargetInfo (line 1147) | func fetchODoHTargetInfo(proxy *Proxy, name string, stamp stamps.ServerS...
FILE: dnscrypt-proxy/service_android.go
function ServiceManagerStartNotify (line 5) | func ServiceManagerStartNotify() error {
function ServiceManagerReadyNotify (line 9) | func ServiceManagerReadyNotify() error {
FILE: dnscrypt-proxy/service_linux.go
constant SdNotifyStatus (line 10) | SdNotifyStatus = "STATUS="
function ServiceManagerStartNotify (line 12) | func ServiceManagerStartNotify() error {
function ServiceManagerReadyNotify (line 17) | func ServiceManagerReadyNotify() error {
function systemDWatchdog (line 22) | func systemDWatchdog() error {
FILE: dnscrypt-proxy/service_others.go
function ServiceManagerStartNotify (line 5) | func ServiceManagerStartNotify() error {
function ServiceManagerReadyNotify (line 9) | func ServiceManagerReadyNotify() error {
FILE: dnscrypt-proxy/service_windows.go
function ServiceManagerStartNotify (line 5) | func ServiceManagerStartNotify() error {
function ServiceManagerReadyNotify (line 15) | func ServiceManagerReadyNotify() error {
FILE: dnscrypt-proxy/setsockopts_darwin.go
method udpListenerConfig (line 8) | func (proxy *Proxy) udpListenerConfig() (*net.ListenConfig, error) {
method tcpListenerConfig (line 23) | func (proxy *Proxy) tcpListenerConfig() (*net.ListenConfig, error) {
FILE: dnscrypt-proxy/setsockopts_freebsd.go
method udpListenerConfig (line 8) | func (proxy *Proxy) udpListenerConfig() (*net.ListenConfig, error) {
method tcpListenerConfig (line 25) | func (proxy *Proxy) tcpListenerConfig() (*net.ListenConfig, error) {
FILE: dnscrypt-proxy/setsockopts_linux.go
method udpListenerConfig (line 8) | func (proxy *Proxy) udpListenerConfig() (*net.ListenConfig, error) {
method tcpListenerConfig (line 30) | func (proxy *Proxy) tcpListenerConfig() (*net.ListenConfig, error) {
FILE: dnscrypt-proxy/setsockopts_openbsd.go
method udpListenerConfig (line 8) | func (proxy *Proxy) udpListenerConfig() (*net.ListenConfig, error) {
method tcpListenerConfig (line 24) | func (proxy *Proxy) tcpListenerConfig() (*net.ListenConfig, error) {
FILE: dnscrypt-proxy/setsockopts_others.go
method udpListenerConfig (line 9) | func (proxy *Proxy) udpListenerConfig() (*net.ListenConfig, error) {
method tcpListenerConfig (line 13) | func (proxy *Proxy) tcpListenerConfig() (*net.ListenConfig, error) {
FILE: dnscrypt-proxy/setsockopts_windows.go
constant IPV6_TCLASS (line 9) | IPV6_TCLASS = 39
method udpListenerConfig (line 12) | func (proxy *Proxy) udpListenerConfig() (*net.ListenConfig, error) {
method tcpListenerConfig (line 26) | func (proxy *Proxy) tcpListenerConfig() (*net.ListenConfig, error) {
FILE: dnscrypt-proxy/signal_others.go
constant HasSIGHUP (line 5) | HasSIGHUP = false
function setupSignalHandler (line 8) | func setupSignalHandler(proxy *Proxy, plugins []Plugin) {
FILE: dnscrypt-proxy/signal_posix.go
constant HasSIGHUP (line 13) | HasSIGHUP = true
function setupSignalHandler (line 16) | func setupSignalHandler(proxy *Proxy, plugins []Plugin) {
FILE: dnscrypt-proxy/sources.go
type SourceFormat (line 21) | type SourceFormat
constant SourceFormatV2 (line 24) | SourceFormatV2 = iota
constant DefaultPrefetchDelay (line 28) | DefaultPrefetchDelay time.Duration = 24 * time.Hour
constant MinimumPrefetchInterval (line 29) | MinimumPrefetchInterval time.Duration = 10 * time.Minute
type Source (line 32) | type Source struct
method checkSignature (line 60) | func (source *Source) checkSignature(bin, sig []byte) error {
method fetchFromCache (line 68) | func (source *Source) fetchFromCache() (time.Duration, error) {
method updateCache (line 123) | func (source *Source) updateCache(bin, sig []byte) {
method parseURLs (line 149) | func (source *Source) parseURLs(urls []string) {
method fetchWithCache (line 164) | func (source *Source) fetchWithCache(xTransport *XTransport) (time.Dur...
method Parse (line 283) | func (source *Source) Parse() ([]RegisteredServer, error) {
method parseV2 (line 291) | func (source *Source) parseV2() ([]RegisteredServer, error) {
function getCurrentTime (line 54) | func getCurrentTime() time.Time {
function writeSource (line 100) | func writeSource(f string, bin, sig []byte) error {
function fetchFromURL (line 159) | func fetchFromURL(xTransport *XTransport, u *url.URL) ([]byte, error) {
function NewSource (line 216) | func NewSource(
function PrefetchSources (line 263) | func PrefetchSources(xTransport *XTransport, sources []*Source) time.Dur...
FILE: dnscrypt-proxy/sources_test.go
type SourceFixture (line 22) | type SourceFixture struct
type SourceTestState (line 29) | type SourceTestState
constant TestStateCorrect (line 32) | TestStateCorrect SourceTestState = iota
constant TestStateExpired (line 33) | TestStateExpired
constant TestStatePartial (line 34) | TestStatePartial
constant TestStatePartialSig (line 35) | TestStatePartialSig
constant TestStateMissing (line 36) | TestStateMissing
constant TestStateMissingSig (line 37) | TestStateMissingSig
constant TestStateReadErr (line 38) | TestStateReadErr
constant TestStateReadSigErr (line 39) | TestStateReadSigErr
constant TestStateOpenErr (line 40) | TestStateOpenErr
constant TestStateOpenSigErr (line 41) | TestStateOpenSigErr
constant TestStatePathErr (line 42) | TestStatePathErr
type SourceTestData (line 45) | type SourceTestData struct
type SourceTestExpect (line 59) | type SourceTestExpect struct
function readFixture (line 70) | func readFixture(t *testing.T, name string) []byte {
function writeSourceCache (line 78) | func writeSourceCache(t *testing.T, e *SourceTestExpect) {
function checkSourceCache (line 107) | func checkSourceCache(c *check.C, e *SourceTestExpect) {
function loadSnakeoil (line 126) | func loadSnakeoil(t *testing.T, d *SourceTestData) {
function loadTestSourceNames (line 135) | func loadTestSourceNames(t *testing.T, d *SourceTestData) {
function generateFixtureState (line 147) | func generateFixtureState(_ *testing.T, d *SourceTestData, suffix, file ...
function loadFixtures (line 172) | func loadFixtures(t *testing.T, d *SourceTestData) {
function makeTempDir (line 197) | func makeTempDir(t *testing.T, d *SourceTestData) {
function makeTestServer (line 205) | func makeTestServer(t *testing.T, d *SourceTestData) {
function checkTestServer (line 228) | func checkTestServer(c *check.C, d *SourceTestData) {
function setupSourceTest (line 233) | func setupSourceTest(t *testing.T) (func(), *SourceTestData) {
function prepSourceTestCache (line 283) | func prepSourceTestCache(t *testing.T, d *SourceTestData, e *SourceTestE...
function prepSourceTestDownload (line 298) | func prepSourceTestDownload(
function setupSourceTestCase (line 364) | func setupSourceTestCase(t *testing.T, d *SourceTestData, i int,
function TestNewSource (line 384) | func TestNewSource(t *testing.T) {
function TestPrefetchSources (line 451) | func TestPrefetchSources(t *testing.T) {
function TestMain (line 502) | func TestMain(m *testing.M) { check.TestMain(m) }
FILE: dnscrypt-proxy/static/js/monitoring.js
function handleError (line 2) | function handleError(error) {
function safeUpdateDashboard (line 71) | function safeUpdateDashboard(data) {
function formatUptime (line 259) | function formatUptime(seconds) {
function updateElementText (line 278) | function updateElementText(id, value) {
function formatNumber (line 286) | function formatNumber(value) {
function formatPercent (line 297) | function formatPercent(value) {
function formatMilliseconds (line 308) | function formatMilliseconds(value) {
function formatBoolean (line 319) | function formatBoolean(value) {
function formatStatus (line 326) | function formatStatus(status) {
function formatTimestamp (line 334) | function formatTimestamp(value) {
function formatAge (line 349) | function formatAge(seconds) {
function formatTTLRange (line 370) | function formatTTLRange(cacheStats) {
function formatSourceStatus (line 384) | function formatSourceStatus(status, error) {
function loadData (line 393) | function loadData() {
function connectWebSocket (line 466) | function connectWebSocket() {
function pollMetrics (line 556) | function pollMetrics() {
function initializeDashboard (line 592) | function initializeDashboard() {
FILE: dnscrypt-proxy/systemd_android.go
method addSystemDListeners (line 3) | func (proxy *Proxy) addSystemDListeners() error {
FILE: dnscrypt-proxy/systemd_free.go
method addSystemDListeners (line 5) | func (proxy *Proxy) addSystemDListeners() error {
FILE: dnscrypt-proxy/systemd_linux.go
method addSystemDListeners (line 13) | func (proxy *Proxy) addSystemDListeners() error {
FILE: dnscrypt-proxy/time_ranges.go
type TimeRange (line 10) | type TimeRange struct
type WeeklyRanges (line 15) | type WeeklyRanges struct
method Match (line 96) | func (weeklyRanges *WeeklyRanges) Match() bool {
type TimeRangeStr (line 19) | type TimeRangeStr struct
type WeeklyRangesStr (line 24) | type WeeklyRangesStr struct
function daySecsFromStr (line 28) | func daySecsFromStr(str string) (int, error) {
function parseTimeRanges (line 44) | func parseTimeRanges(timeRangesStr []TimeRangeStr) ([]TimeRange, error) {
function parseWeeklyRanges (line 63) | func parseWeeklyRanges(weeklyRangesStr WeeklyRangesStr) (WeeklyRanges, e...
function ParseAllWeeklyRanges (line 84) | func ParseAllWeeklyRanges(allWeeklyRangesStr map[string]WeeklyRangesStr)...
FILE: dnscrypt-proxy/timezone_android.go
function TimezoneSetup (line 9) | func TimezoneSetup() error {
FILE: dnscrypt-proxy/timezone_others.go
function TimezoneSetup (line 5) | func TimezoneSetup() error {
FILE: dnscrypt-proxy/udp_conn_pool.go
constant UDPPoolMaxConnsPerAddr (line 13) | UDPPoolMaxConnsPerAddr = 4
constant UDPPoolMaxIdleTime (line 14) | UDPPoolMaxIdleTime = 30 * time.Second
constant UDPPoolCleanupInterval (line 15) | UDPPoolCleanupInterval = 10 * time.Second
constant UDPPoolShards (line 16) | UDPPoolShards = 64
type pooledConn (line 19) | type pooledConn struct
type poolShard (line 24) | type poolShard struct
type UDPConnPool (line 29) | type UDPConnPool struct
method getShard (line 47) | func (p *UDPConnPool) getShard(addr string) *poolShard {
method cleanupLoop (line 55) | func (p *UDPConnPool) cleanupLoop() {
method cleanupStale (line 69) | func (p *UDPConnPool) cleanupStale() {
method Get (line 94) | func (p *UDPConnPool) Get(addr *net.UDPAddr) (*net.UDPConn, error) {
method Put (line 113) | func (p *UDPConnPool) Put(addr *net.UDPAddr, conn *net.UDPConn) {
method Discard (line 139) | func (p *UDPConnPool) Discard(conn *net.UDPConn) {
method Close (line 145) | func (p *UDPConnPool) Close() {
method Stats (line 165) | func (p *UDPConnPool) Stats() (totalConns int, addrCount int) {
function NewUDPConnPool (line 36) | func NewUDPConnPool() *UDPConnPool {
FILE: dnscrypt-proxy/udp_conn_pool_test.go
function TestUDPConnPool_Basic (line 11) | func TestUDPConnPool_Basic(t *testing.T) {
function TestUDPConnPool_MaxConns (line 49) | func TestUDPConnPool_MaxConns(t *testing.T) {
function TestUDPConnPool_Discard (line 74) | func TestUDPConnPool_Discard(t *testing.T) {
function TestUDPConnPool_Concurrent (line 93) | func TestUDPConnPool_Concurrent(t *testing.T) {
function TestUDPConnPool_MultipleAddresses (line 124) | func TestUDPConnPool_MultipleAddresses(t *testing.T) {
function TestUDPConnPool_Close (line 146) | func TestUDPConnPool_Close(t *testing.T) {
function BenchmarkUDPConnPool_GetPut (line 169) | func BenchmarkUDPConnPool_GetPut(b *testing.B) {
function BenchmarkUDPDial_NoPool (line 185) | func BenchmarkUDPDial_NoPool(b *testing.B) {
function BenchmarkUDPConnPool_Contention (line 195) | func BenchmarkUDPConnPool_Contention(b *testing.B) {
function BenchmarkUDPConnPool_MultiAddrContention (line 213) | func BenchmarkUDPConnPool_MultiAddrContention(b *testing.B) {
FILE: dnscrypt-proxy/xtransport.go
constant DefaultBootstrapResolver (line 39) | DefaultBootstrapResolver = "9.9.9.9:53"
constant DefaultKeepAlive (line 40) | DefaultKeepAlive = 5 * time.Second
constant DefaultTimeout (line 41) | DefaultTimeout = 30 * time.Second
constant ResolverReadTimeout (line 42) | ResolverReadTimeout = 5 * time.Second
constant SystemResolverIPTTL (line 43) | SystemResolverIPTTL = 12 * time.Hour
constant MinResolverIPTTL (line 44) | MinResolverIPTTL = 4 * time.Hour
constant ResolverIPTTLMaxJitter (line 45) | ResolverIPTTLMaxJitter = 15 * time.Minute
constant ExpiredCachedIPGraceTTL (line 46) | ExpiredCachedIPGraceTTL = 15 * time.Minute
constant resolverRetryCount (line 47) | resolverRetryCount = 3
constant resolverRetryInitialBackoff (line 48) | resolverRetryInitialBackoff = 150 * time.Millisecond
constant resolverRetryMaxBackoff (line 49) | resolverRetryMaxBackoff = 1 * time.Second
type CachedIPItem (line 52) | type CachedIPItem struct
type CachedIPs (line 58) | type CachedIPs struct
type AltSupport (line 63) | type AltSupport struct
type XTransport (line 68) | type XTransport struct
method saveCachedIPs (line 141) | func (xTransport *XTransport) saveCachedIPs(host string, ips []net.IP,...
method saveCachedIP (line 166) | func (xTransport *XTransport) saveCachedIP(host string, ip net.IP, ttl...
method markUpdatingCachedIP (line 174) | func (xTransport *XTransport) markUpdatingCachedIP(host string) {
method loadCachedIPs (line 187) | func (xTransport *XTransport) loadCachedIPs(host string) (ips []net.IP...
method rebuildTransport (line 220) | func (xTransport *XTransport) rebuildTransport() {
method resolveUsingSystem (line 439) | func (xTransport *XTransport) resolveUsingSystem(host string, returnIP...
method resolveUsingResolver (line 457) | func (xTransport *XTransport) resolveUsingResolver(
method resolveUsingServers (line 504) | func (xTransport *XTransport) resolveUsingServers(
method resolve (line 547) | func (xTransport *XTransport) resolve(host string, returnIPv4, returnI...
method resolveAndUpdateCache (line 594) | func (xTransport *XTransport) resolveAndUpdateCache(host string) error {
method Fetch (line 635) | func (xTransport *XTransport) Fetch(
method GetWithCompression (line 819) | func (xTransport *XTransport) GetWithCompression(
method Get (line 827) | func (xTransport *XTransport) Get(
method Post (line 835) | func (xTransport *XTransport) Post(
method dohLikeQuery (line 845) | func (xTransport *XTransport) dohLikeQuery(
method DoHQuery (line 863) | func (xTransport *XTransport) DoHQuery(
method ObliviousDoHQuery (line 872) | func (xTransport *XTransport) ObliviousDoHQuery(
function NewXTransport (line 92) | func NewXTransport() *XTransport {
function ParseIP (line 114) | func ParseIP(ipStr string) net.IP {
function uniqueNormalizedIPs (line 120) | func uniqueNormalizedIPs(ips []net.IP) []net.IP {
FILE: utils/generate-domains-blocklist/generate-domains-blocklist.py
function setup_logging (line 25) | def setup_logging(output_file=None):
function parse_trusted_list (line 31) | def parse_trusted_list(content):
function parse_list (line 62) | def parse_list(content, trusted=False):
function print_restricted_name (line 98) | def print_restricted_name(output_fd, name, time_restrictions):
function load_from_url (line 110) | def load_from_url(url, timeout):
function name_cmp (line 135) | def name_cmp(name):
function is_glob (line 141) | def is_glob(pattern):
function covered_by_glob (line 159) | def covered_by_glob(globs, name):
function has_suffix (line 171) | def has_suffix(names, name):
function allowlist_from_url (line 180) | def allowlist_from_url(url, timeout):
function load_url_with_retry (line 190) | def load_url_with_retry(url, timeout, tries=3, retry_delay=2):
function load_blocklists_parallel (line 209) | def load_blocklists_parallel(urls, timeout, ignore_retrieval_failure):
function blocklists_from_config_file (line 255) | def blocklists_from_config_file(
function main (line 361) | def main():
FILE: vendor/codeberg.org/miekg/dns/client.go
type Client (line 14) | type Client struct
method Exchange (line 60) | func (c *Client) Exchange(ctx context.Context, m *Msg, network, addres...
method ExchangeWithConn (line 74) | func (c *Client) ExchangeWithConn(ctx context.Context, m *Msg, conn ne...
function NewClient (line 21) | func NewClient() *Client {
function Exchange (line 30) | func Exchange(ctx context.Context, m *Msg, network, address string) (r *...
FILE: vendor/codeberg.org/miekg/dns/dane.go
function certificateToDANE (line 12) | func certificateToDANE(selector, matchingType uint8, cert *x509.Certific...
FILE: vendor/codeberg.org/miekg/dns/deleg/deleg.go
constant KeyServerIPv4 (line 16) | KeyServerIPv4 uint16 = iota + 1
constant KeyServerIPv6 (line 17) | KeyServerIPv6
constant KeyServerName (line 18) | KeyServerName
constant KeyIncludeDelegParam (line 19) | KeyIncludeDelegParam
constant KeyReserved (line 21) | KeyReserved uint16 = 65535
type Info (line 26) | type Info interface
function KeyToString (line 34) | func KeyToString(k uint16) string {
function StringToKey (line 52) | func StringToKey(s string) uint16 {
function KeyToInfo (line 66) | func KeyToInfo(k uint16) func() Info {
function InfoToKey (line 82) | func InfoToKey(i Info) uint16 {
type SERVERNAME (line 97) | type SERVERNAME struct
method String (line 101) | func (s *SERVERNAME) String() string { return strings.Join(s.Hostnames...
method Len (line 103) | func (s *SERVERNAME) Len() int {
method Clone (line 160) | func (s *SERVERNAME) Clone() Info { return &SERVERNAME{slices.C...
type INCLUDEDELEGPARAM (line 112) | type INCLUDEDELEGPARAM struct
method String (line 116) | func (s *INCLUDEDELEGPARAM) String() string { return strings.Join(s.Do...
method Len (line 118) | func (s *INCLUDEDELEGPARAM) Len() int {
method Clone (line 161) | func (s *INCLUDEDELEGPARAM) Clone() Info { return &INCLUDEDELEGPARAM{s...
type SERVERIPV4 (line 127) | type SERVERIPV4 struct
method Len (line 131) | func (s *SERVERIPV4) Len() int { return tlv + 4*len(s.IPs) }
method String (line 133) | func (s *SERVERIPV4) String() string {
method Clone (line 158) | func (s *SERVERIPV4) Clone() Info { return &SERVERIPV4{slices.C...
type SERVERIPV6 (line 142) | type SERVERIPV6 struct
method Len (line 146) | func (s *SERVERIPV6) Len() int { return tlv + 16*len(s.IPs) }
method String (line 148) | func (s *SERVERIPV6) String() string {
method Clone (line 159) | func (s *SERVERIPV6) Clone() Info { return &SERVERIPV6{slices.C...
constant tlv (line 156) | tlv = 4
FILE: vendor/codeberg.org/miekg/dns/deleg/delegpack.go
function Unpack (line 11) | func Unpack(s *cryptobyte.String) ([]Info, error) {
function Pack (line 33) | func Pack(infos []Info, msg []byte, off int) (off1 int, err error) {
FILE: vendor/codeberg.org/miekg/dns/deleg/pack.go
function _pack (line 14) | func _pack(i Info, msg []byte, off int) (int, error) {
function _unpack (line 29) | func _unpack(i Info, data *cryptobyte.String) error {
method pack (line 43) | func (s *SERVERIPV4) pack(msg []byte, off int) (int, error) {
method unpack (line 57) | func (s *SERVERIPV4) unpack(sc *cryptobyte.String) error {
method pack (line 68) | func (s *SERVERIPV6) pack(msg []byte, off int) (int, error) {
method unpack (line 82) | func (s *SERVERIPV6) unpack(sc *cryptobyte.String) error {
method pack (line 93) | func (s *SERVERNAME) pack(msg []byte, off int) (int, error) {
method unpack (line 107) | func (s *SERVERNAME) unpack(sc *cryptobyte.String) error {
method pack (line 118) | func (s *INCLUDEDELEGPARAM) pack(msg []byte, off int) (int, error) {
method unpack (line 132) | func (s *INCLUDEDELEGPARAM) unpack(sc *cryptobyte.String) error {
function packTLV (line 143) | func packTLV(p Info, msg []byte, off int) (off1 int, err error) {
FILE: vendor/codeberg.org/miekg/dns/deleg/scan.go
function Parse (line 10) | func Parse(i Info, b, o string) error {
method parse (line 24) | func (s *SERVERIPV4) parse(b string) error {
method parse (line 46) | func (s *SERVERIPV6) parse(b string) error {
method parse (line 68) | func (s *SERVERNAME) parse(b, o string) error {
method parse (line 87) | func (s *INCLUDEDELEGPARAM) parse(b, o string) error {
FILE: vendor/codeberg.org/miekg/dns/deleg/zdnsutil.go
function dnsutilLabels (line 19) | func dnsutilLabels(s string) (labels int) {
function dnsutilNext (line 36) | func dnsutilNext(s string, offset int) (i int, end bool) {
function dnsutilPrev (line 51) | func dnsutilPrev(s string, n int) (i int, start bool) {
function dnsutilFqdn (line 79) | func dnsutilFqdn(s string) string {
function dnsutilIsFqdn (line 88) | func dnsutilIsFqdn(s string) bool { return strings.HasSuffix(s, ".") }
function dnsutilCanonical (line 92) | func dnsutilCanonical(s string) string {
function dnsutilIsName (line 105) | func dnsutilIsName(s string) bool {
function compareLabel (line 147) | func compareLabel(a, b string) int {
function dnsutilTimeToString (line 176) | func dnsutilTimeToString(t uint32) string {
function dnsutilStringToTime (line 184) | func dnsutilStringToTime(s string) (uint32, error) {
function dnsutilAbsolute (line 197) | func dnsutilAbsolute(s, origin string) string {
constant maxSerialIncrement (line 217) | maxSerialIncrement = 2147483647
FILE: vendor/codeberg.org/miekg/dns/dns.go
constant DefaultMsgSize (line 30) | DefaultMsgSize = 1400
constant MinMsgSize (line 32) | MinMsgSize = 512
constant MaxMsgSize (line 34) | MaxMsgSize = math.MaxUint16
constant MsgHeaderSize (line 36) | MsgHeaderSize = 12
constant MaxSerialIncrement (line 38) | MaxSerialIncrement = math.MaxUint32 / 2
type RR (line 42) | type RR interface
type RDATA (line 57) | type RDATA interface
type Typer (line 74) | type Typer interface
type Comparer (line 80) | type Comparer interface
type Packer (line 85) | type Packer interface
type Parser (line 96) | type Parser interface
type Cloner (line 104) | type Cloner interface
type RRset (line 113) | type RRset
type Header (line 117) | type Header struct
method Len (line 123) | func (h *Header) Len() int { return len(h.Name) + 1 + 10 }
method Header (line 124) | func (h *Header) Header() *Header { return h }
method Data (line 125) | func (h *Header) Data() RDATA { return nil }
method Clone (line 126) | func (h *Header) Clone() RR { return &Header{h.Name, h.TTL, h.Cl...
method String (line 137) | func (h *Header) String() string {
type EDNS0 (line 156) | type EDNS0 interface
type DSO (line 166) | type DSO interface
type MsgHeader (line 173) | type MsgHeader struct
method String (line 270) | func (h *MsgHeader) String() string {
type Msg (line 221) | type Msg struct
type MsgOption (line 255) | type MsgOption
constant MsgOptionUnpack (line 258) | MsgOptionUnpack MsgOption = 0
constant MsgOptionUnpackHeader (line 259) | MsgOptionUnpackHeader MsgOption = 1 << iota
constant MsgOptionUnpackQuestion (line 260) | MsgOptionUnpackQuestion
constant MsgOptionUnpackAnswer (line 261) | MsgOptionUnpackAnswer
method ToRFC3597 (line 319) | func (rr *RFC3597) ToRFC3597(r RR) error {
method fromRFC3597 (line 338) | func (rr *RFC3597) fromRFC3597(r RR) error {
constant msgArcount (line 356) | msgArcount = 10
FILE: vendor/codeberg.org/miekg/dns/dnssec.go
constant _ (line 27) | _ uint8 = iota
constant RSAMD5 (line 28) | RSAMD5
constant DH (line 29) | DH
constant DSA (line 30) | DSA
constant _ (line 31) | _
constant RSASHA1 (line 32) | RSASHA1
constant DSANSEC3SHA1 (line 33) | DSANSEC3SHA1
constant RSASHA1NSEC3SHA1 (line 34) | RSASHA1NSEC3SHA1
constant RSASHA256 (line 35) | RSASHA256
constant _ (line 36) | _
constant RSASHA512 (line 37) | RSASHA512
constant _ (line 38) | _
constant ECCGOST (line 39) | ECCGOST
constant ECDSAP256SHA256 (line 40) | ECDSAP256SHA256
constant ECDSAP384SHA384 (line 41) | ECDSAP384SHA384
constant ED25519 (line 42) | ED25519
constant ED448 (line 43) | ED448
constant INDIRECT (line 44) | INDIRECT uint8 = 252
constant PRIVATEDNS (line 45) | PRIVATEDNS uint8 = 253
constant PRIVATEOID (line 46) | PRIVATEOID uint8 = 254
constant _ (line 84) | _ uint8 = iota
constant SHA1 (line 85) | SHA1
constant SHA256 (line 86) | SHA256
constant GOST94 (line 87) | GOST94
constant SHA384 (line 88) | SHA384
constant SHA512 (line 89) | SHA512
constant FlagSEP (line 103) | FlagSEP = 1
constant FlagREVOKE (line 104) | FlagREVOKE = 1 << 7
constant FlagZONE (line 105) | FlagZONE = 1 << 8
constant FlagDELEG (line 106) | FlagDELEG = 1 << 14
method KeyTag (line 110) | func (k *DNSKEY) KeyTag() uint16 {
method ToDS (line 151) | func (k *DNSKEY) ToDS(h uint8) *DS {
method ToCDNSKEY (line 208) | func (k *DNSKEY) ToCDNSKEY() *CDNSKEY {
method ToCDS (line 215) | func (d *DS) ToCDS() *CDS {
method Sign (line 226) | func (rr *RRSIG) Sign(k crypto.Signer, rrset []RR, options *SignOption) ...
function sign (line 305) | func sign(k crypto.Signer, hashed []byte, hash crypto.Hash, alg uint8) (...
method Verify (line 343) | func (rr *RRSIG) Verify(k *DNSKEY, rrset []RR, options *SignOption) error {
method ValidPeriod (line 447) | func (rr *RRSIG) ValidPeriod(t time.Time) bool {
method sigBuf (line 462) | func (rr *RRSIG) sigBuf() []byte {
type SignOption (line 471) | type SignOption struct
function isRRset (line 478) | func isRRset(rrset []RR) bool {
FILE: vendor/codeberg.org/miekg/dns/dnssec_keygen.go
method Generate (line 18) | func (k *DNSKEY) Generate(bits int) (crypto.PrivateKey, error) {
method setPublicKeyRSA (line 79) | func (k *DNSKEY) setPublicKeyRSA(E int, N *big.Int) bool {
method setPublicKeyECDSA (line 90) | func (k *DNSKEY) setPublicKeyECDSA(X, Y *big.Int) bool {
method setPublicKeyED25519 (line 106) | func (k *DNSKEY) setPublicKeyED25519(_K ed25519.PublicKey) bool {
function exponentToBuf (line 115) | func exponentToBuf(E int) []byte {
function curveToBuf (line 132) | func curveToBuf(_X, _Y *big.Int, intlen int) []byte {
FILE: vendor/codeberg.org/miekg/dns/dnssec_keyscan.go
method NewPrivate (line 21) | func (k *DNSKEY) NewPrivate(s string) (crypto.PrivateKey, error) {
method readPrivate (line 31) | func (k *DNSKEY) readPrivate(q io.Reader, file string) (crypto.PrivateKe...
function readPrivateKeyRSA (line 79) | func readPrivateKeyRSA(m map[string]string) (*rsa.PrivateKey, error) {
function readPrivateKeyECDSA (line 111) | func readPrivateKeyECDSA(m map[string]string) (*ecdsa.PrivateKey, error) {
function readPrivateKeyED25519 (line 129) | func readPrivateKeyED25519(m map[string]string) (ed25519.PrivateKey, err...
function parseKey (line 151) | func parseKey(r io.Reader, file string) (map[string]string, error) {
type klexer (line 176) | type klexer struct
method Err (line 201) | func (kl *klexer) Err() error {
method readByte (line 209) | func (kl *klexer) readByte() (byte, bool) {
method Next (line 236) | func (kl *klexer) Next() (dnslex.Lex, bool) {
function newKLexer (line 188) | func newKLexer(r io.Reader) *klexer {
FILE: vendor/codeberg.org/miekg/dns/dnssec_privkey.go
constant format (line 14) | format = "Private-key-format: v1.3\n"
method PrivateKeyString (line 22) | func (k *DNSKEY) PrivateKeyString(p crypto.PrivateKey) string {
FILE: vendor/codeberg.org/miekg/dns/dnssec_signer.go
function canonicalize (line 16) | func canonicalize(rr RR) {
type rrsigWireFmt (line 76) | type rrsigWireFmt struct
method pack (line 97) | func (sw *rrsigWireFmt) pack(buf []byte) (int, error) {
type dnskeyWireFmt (line 89) | type dnskeyWireFmt struct
method pack (line 130) | func (dw *dnskeyWireFmt) pack(buf []byte) (int, error) {
function intToBytes (line 148) | func intToBytes(i *big.Int, length int) []byte {
method publicKeyRSA (line 159) | func (k *DNSKEY) publicKeyRSA() *rsa.PublicKey {
method publicKeyECDSA (line 212) | func (k *DNSKEY) publicKeyECDSA() *ecdsa.PublicKey {
method publicKeyED25519 (line 237) | func (k *DNSKEY) publicKeyED25519() ed25519.PublicKey {
function rawSignatureData (line 249) | func rawSignatureData(buf []byte, rrset []RR, s *RRSIG, options SignOpti...
FILE: vendor/codeberg.org/miekg/dns/dso_types.go
constant StatefulNone (line 7) | StatefulNone uint16 = 0x0
constant StatefulKEEPALIVE (line 8) | StatefulKEEPALIVE uint16 = 0x1
constant StatefulRETRYDELAY (line 9) | StatefulRETRYDELAY uint16 = 0x2
constant StatefulDPADDING (line 10) | StatefulDPADDING uint16 = 0x3
constant StatefulSUBSCRIBE (line 11) | StatefulSUBSCRIBE uint16 = 0x40
constant StatefulPUSH (line 12) | StatefulPUSH uint16 = 0x41
constant StatefulUNSUBSCRIBE (line 13) | StatefulUNSUBSCRIBE uint16 = 0x42
constant StatefulRECONFIRM (line 14) | StatefulRECONFIRM uint16 = 0x43
type KEEPALIVE (line 23) | type KEEPALIVE struct
method String (line 28) | func (d *KEEPALIVE) String() string {
method Data (line 32) | func (d *KEEPALIVE) Data() RDATA { return d }
type RETRYDELAY (line 36) | type RETRYDELAY struct
method String (line 40) | func (d *RETRYDELAY) String() string {
method Data (line 44) | func (d *RETRYDELAY) Data() RDATA { return d }
type DPADDING (line 48) | type DPADDING struct
method String (line 52) | func (d *DPADDING) String() string {
method Data (line 56) | func (d *DPADDING) Data() RDATA { return d }
FILE: vendor/codeberg.org/miekg/dns/edns_types.go
constant CodeNone (line 16) | CodeNone uint16 = 0x0
constant CodeLLQ (line 17) | CodeLLQ uint16 = 0x1
constant CodeUL (line 18) | CodeUL uint16 = 0x2
constant CodeNSID (line 19) | CodeNSID uint16 = 0x3
constant CodeESU (line 20) | CodeESU uint16 = 0x4
constant CodeDAU (line 21) | CodeDAU uint16 = 0x5
constant CodeDHU (line 22) | CodeDHU uint16 = 0x6
constant CodeN3U (line 23) | CodeN3U uint16 = 0x7
constant CodeSUBNET (line 24) | CodeSUBNET uint16 = 0x8
constant CodeEXPIRE (line 25) | CodeEXPIRE uint16 = 0x9
constant CodeCOOKIE (line 26) | CodeCOOKIE uint16 = 0xA
constant CodeTCPKEEPALIVE (line 27) | CodeTCPKEEPALIVE uint16 = 0xB
constant CodePADDING (line 28) | CodePADDING uint16 = 0xC
constant CodeEDE (line 29) | CodeEDE uint16 = 0xF
constant CodeREPORTING (line 30) | CodeREPORTING uint16 = 0x12
constant CodeZONEVERSION (line 31) | CodeZONEVERSION uint16 = 0x13
constant CodeLOCALSTART (line 32) | CodeLOCALSTART uint16 = 0xFDE9
constant CodeLOCALEND (line 33) | CodeLOCALEND uint16 = 0xFFFE
type LLQ (line 40) | type LLQ struct
method Len (line 48) | func (o *LLQ) Len() int { return tlv + 18 }
method Data (line 49) | func (o *LLQ) Data() RDATA { return o }
method String (line 50) | func (o *LLQ) String() string {
type REPORTING (line 63) | type REPORTING struct
method Len (line 67) | func (o *REPORTING) Len() int { return tlv + len(o.AgentDomain) }
method Data (line 68) | func (o *REPORTING) Data() RDATA { return o }
method String (line 69) | func (o *REPORTING) String() string {
type COOKIE (line 89) | type COOKIE struct
method Len (line 93) | func (o *COOKIE) Len() int { return tlv + len(o.Cookie)/2 }
method Data (line 94) | func (o *COOKIE) Data() RDATA { return o }
method String (line 98) | func (o *COOKIE) String() string {
type NSID (line 110) | type NSID struct
method Len (line 114) | func (o *NSID) Len() int { return tlv + len(o.Nsid)/2 }
method Data (line 115) | func (o *NSID) Data() RDATA { return o }
method String (line 119) | func (o *NSID) String() string {
type PADDING (line 136) | type PADDING struct
method Len (line 140) | func (o *PADDING) Len() int { return tlv + len(o.Padding)/2 }
method Data (line 141) | func (o *PADDING) Data() RDATA { return o }
method String (line 142) | func (o *PADDING) String() string {
type EXPIRE (line 153) | type EXPIRE struct
method Len (line 158) | func (o *EXPIRE) Len() int { return tlv + 4 }
method Data (line 159) | func (o *EXPIRE) Data() RDATA { return o }
method String (line 160) | func (o *EXPIRE) String() string {
type DAU (line 176) | type DAU struct
method Len (line 180) | func (o *DAU) Len() int { return tlv + len(o.AlgCode) }
method Data (line 181) | func (o *DAU) Data() RDATA { return o }
method String (line 182) | func (o *DAU) String() string {
type DHU (line 200) | type DHU struct
method Len (line 204) | func (o *DHU) Len() int { return tlv + len(o.AlgCode) }
method Data (line 205) | func (o *DHU) Data() RDATA { return o }
method String (line 206) | func (o *DHU) String() string {
type N3U (line 224) | type N3U struct
method Len (line 228) | func (o *N3U) Len() int { return tlv + len(o.AlgCode) }
method Data (line 229) | func (o *N3U) Data() RDATA { return o }
method String (line 230) | func (o *N3U) String() string {
type TCPKEEPALIVE (line 248) | type TCPKEEPALIVE struct
method Len (line 253) | func (o *TCPKEEPALIVE) Len() int {
method Data (line 260) | func (o *TCPKEEPALIVE) Data() RDATA { return o }
method String (line 262) | func (o *TCPKEEPALIVE) String() string {
type EDE (line 279) | type EDE struct
method Len (line 284) | func (o *EDE) Len() int { return tlv + 2 + len(o.ExtraText) }
method Data (line 285) | func (o *EDE) Data() RDATA { return o }
method String (line 289) | func (o *EDE) String() string {
type SUBNET (line 310) | type SUBNET struct
method Len (line 317) | func (o *SUBNET) Len() int { return tlv + 2 + 2 + int((o.Netmask+7)...
method Data (line 318) | func (o *SUBNET) Data() RDATA { return o }
method String (line 319) | func (o *SUBNET) String() string {
type ESU (line 341) | type ESU struct
method Len (line 345) | func (o *ESU) Len() int { return tlv + len(o.URI) }
method Data (line 346) | func (o *ESU) Data() RDATA { return o }
method String (line 347) | func (o *ESU) String() string {
type ZONEVERSION (line 364) | type ZONEVERSION struct
method Len (line 370) | func (o *ZONEVERSION) Len() int { return tlv + 2 + len(o.Version) }
method Data (line 371) | func (o *ZONEVERSION) Data() RDATA { return o }
method String (line 374) | func (o *ZONEVERSION) String() string {
type ERFC3597 (line 396) | type ERFC3597 struct
method Len (line 401) | func (o *ERFC3597) Len() int { return tlv + len(o.Code)/2 }
method Data (line 402) | func (o *ERFC3597) Data() RDATA { return o }
method String (line 403) | func (o *ERFC3597) String() string {
constant ExtendedErrorOther (line 421) | ExtendedErrorOther uint16 = iota
constant ExtendedErrorUnsupportedDNSKEYAlgorithm (line 422) | ExtendedErrorUnsupportedDNSKEYAlgorithm
constant ExtendedErrorUnsupportedDSDigestType (line 423) | ExtendedErrorUnsupportedDSDigestType
constant ExtendedErrorStaleAnswer (line 424) | ExtendedErrorStaleAnswer
constant ExtendedErrorForgedAnswer (line 425) | ExtendedErrorForgedAnswer
constant ExtendedErrorDNSSECIndeterminate (line 426) | ExtendedErrorDNSSECIndeterminate
constant ExtendedErrorDNSBogus (line 427) | ExtendedErrorDNSBogus
constant ExtendedErrorSignatureExpired (line 428) | ExtendedErrorSignatureExpired
constant ExtendedErrorSignatureNotYetValid (line 429) | ExtendedErrorSignatureNotYetValid
constant ExtendedErrorDNSKEYMissing (line 430) | ExtendedErrorDNSKEYMissing
constant ExtendedErrorRRSIGsMissing (line 431) | ExtendedErrorRRSIGsMissing
constant ExtendedErrorNoZoneKeyBitSet (line 432) | ExtendedErrorNoZoneKeyBitSet
constant ExtendedErrorNSECMissing (line 433) | ExtendedErrorNSECMissing
constant ExtendedErrorCachedError (line 434) | ExtendedErrorCachedError
constant ExtendedErrorNotReady (line 435) | ExtendedErrorNotReady
constant ExtendedErrorBlocked (line 436) | ExtendedErrorBlocked
constant ExtendedErrorCensored (line 437) | ExtendedErrorCensored
constant ExtendedErrorFiltered (line 438) | ExtendedErrorFiltered
constant ExtendedErrorProhibited (line 439) | ExtendedErrorProhibited
constant ExtendedErrorStaleNXDOMAINAnswer (line 440) | ExtendedErrorStaleNXDOMAINAnswer
constant ExtendedErrorNotAuthoritative (line 441) | ExtendedErrorNotAuthoritative
constant ExtendedErrorNotSupported (line 442) | ExtendedErrorNotSupported
constant ExtendedErrorNoReachableAuthority (line 443) | ExtendedErrorNoReachableAuthority
constant ExtendedErrorNetworkError (line 444) | ExtendedErrorNetworkError
constant ExtendedErrorInvalidData (line 445) | ExtendedErrorInvalidData
constant ExtendedErrorSignatureExpiredBeforeValid (line 446) | ExtendedErrorSignatureExpiredBeforeValid
constant ExtendedErrorTooEarly (line 447) | ExtendedErrorTooEarly
constant ExtendedErrorUnsupportedNSEC3IterValue (line 448) | ExtendedErrorUnsupportedNSEC3IterValue
constant ExtendedErrorUnableToConformToPolicy (line 449) | ExtendedErrorUnableToConformToPolicy
constant ExtendedErrorSynthesized (line 450) | ExtendedErrorSynthesized
constant ExtendedErrorInvalidQueryType (line 451) | ExtendedErrorInvalidQueryType
function unpackOptionCode (line 493) | func unpackOptionCode(option EDNS0, s *cryptobyte.String) error {
function packOptionCode (line 533) | func packOptionCode(option EDNS0, msg []byte, off int) (int, error) {
constant tlv (line 573) | tlv = 4
FILE: vendor/codeberg.org/miekg/dns/errors.go
type Error (line 4) | type Error struct
method Error (line 8) | func (e *Error) Error() string { return "dns: " + e.err }
FILE: vendor/codeberg.org/miekg/dns/generate.go
method generate (line 22) | func (zp *ZoneParser) generate(l dnslex.Lex) (RR, bool) {
type generateReader (line 94) | type generateReader struct
method parseError (line 111) | func (r *generateReader) parseError(msg string, end uint16) *ParseError {
method Read (line 121) | func (r *generateReader) Read(p []byte) (int, error) {
method ReadByte (line 126) | func (r *generateReader) ReadByte() (byte, error) {
function modToPrintf (line 209) | func modToPrintf(s string) (string, int64, string) {
FILE: vendor/codeberg.org/miekg/dns/headerpack.go
function unpackHeader (line 13) | func unpackHeader(h *Header, msg *cryptobyte.String, msgBuf []byte) (typ...
method packHeader (line 29) | func (h Header) packHeader(msg []byte, off int, rrtype uint16, compress ...
FILE: vendor/codeberg.org/miekg/dns/internal/ddd/ddd.go
function IsDigit (line 3) | func IsDigit(b byte) bool { return b >= '0' && b <= '9' }
function IsLetter (line 4) | func IsLetter(b byte) bool { return (b >= 'a' && b <= 'z') || (b >= 'A' ...
function Is (line 5) | func Is[T ~[]byte | ~string](s T) bool {
function ToByte (line 9) | func ToByte[T ~[]byte | ~string](s T) byte {
constant escapedByteSmall (line 15) | escapedByteSmall = "" +
constant escapedByteLarge (line 20) | escapedByteLarge = `\127\128\129` +
function Escape (line 37) | func Escape(b byte) string {
function ShouldEscape (line 48) | func ShouldEscape(b byte) bool {
function Next (line 56) | func Next(s string, offset int) (byte, int) {
FILE: vendor/codeberg.org/miekg/dns/internal/dnslex/lex.go
type ScanError (line 12) | type ScanError struct
method Error (line 17) | func (e *ScanError) Error() string { return "" }
constant EOF (line 26) | EOF uint8 = iota
constant Error (line 27) | Error
constant String (line 28) | String
constant Blank (line 29) | Blank
constant Quote (line 30) | Quote
constant Newline (line 31) | Newline
constant Rrtype (line 32) | Rrtype
constant Owner (line 33) | Owner
constant Class (line 34) | Class
constant DirOrigin (line 35) | DirOrigin
constant DirTTL (line 36) | DirTTL
constant DirInclude (line 37) | DirInclude
constant DirGenerate (line 38) | DirGenerate
type Lex (line 41) | type Lex struct
constant asRR (line 51) | asRR uint8 = iota
constant asCode (line 52) | asCode
constant asStateful (line 53) | asStateful
type Lexer (line 58) | type Lexer struct
method SetKey (line 88) | func (zl *Lexer) SetKey(key uint8) { zl.keys |= key }
method ClearKey (line 89) | func (zl *Lexer) ClearKey(key uint8) { zl.keys &^= key }
method Key (line 90) | func (zl *Lexer) Key(key uint8) bool { return zl.keys&key != 0 }
method Err (line 111) | func (zl *Lexer) Err() error {
method readByte (line 120) | func (zl *Lexer) readByte() (byte, bool) {
method Blank (line 149) | func (zl *Lexer) Blank() bool { l, _ := zl.Next(); return l.Value == B...
method Peek (line 151) | func (zl *Lexer) Peek() Lex {
method Next (line 172) | func (zl *Lexer) Next() (Lex, bool) {
method typeOrCodeOrClass (line 485) | func (zl *Lexer) typeOrCodeOrClass(l *Lex) {
constant kQuote (line 79) | kQuote uint8 = 1 << iota
constant kSpace (line 80) | kSpace
constant kCommt (line 81) | kCommt
constant kRRtype (line 82) | kRRtype
constant kOwner (line 83) | kOwner
constant kNextL (line 84) | kNextL
constant kEOL (line 85) | kEOL
function New (line 93) | func New(r io.Reader, StringToType, StringToCode, StringToClass map[stri...
function classToInt (line 429) | func classToInt(token string) (uint16, bool) {
function TypeToInt (line 436) | func TypeToInt(token string) (uint16, bool) {
function Discard (line 442) | func Discard(c *Lexer) *ScanError {
function Tokens (line 459) | func Tokens(c *Lexer) []string {
function upperLookup (line 475) | func upperLookup(s string, m map[string]uint16) (uint16, bool) {
function directive (line 532) | func directive(s string) uint8 {
FILE: vendor/codeberg.org/miekg/dns/internal/dnsstring/reader.go
type Reader (line 11) | type Reader struct
method Read (line 25) | func (r *Reader) Read(p []byte) (int, error) {
function NewReader (line 17) | func NewReader(s string) *Reader {
FILE: vendor/codeberg.org/miekg/dns/internal/dnsstring/strconv.go
function AtoiUint8 (line 9) | func AtoiUint8(s string) (uint8, error) {
function AtoiUint16 (line 17) | func AtoiUint16(s string) (uint16, error) {
function AtoiUint32 (line 25) | func AtoiUint32(s string) (uint32, error) {
function ToTime (line 33) | func ToTime(s string) (int64, error) {
FILE: vendor/codeberg.org/miekg/dns/internal/dnsstring/types.go
constant TypeNone (line 8) | TypeNone uint16 = 0
constant TypeA (line 9) | TypeA uint16 = 1
constant TypeNS (line 10) | TypeNS uint16 = 2
constant TypeMD (line 11) | TypeMD uint16 = 3
constant TypeMF (line 12) | TypeMF uint16 = 4
constant TypeCNAME (line 13) | TypeCNAME uint16 = 5
constant TypeSOA (line 14) | TypeSOA uint16 = 6
constant TypeMB (line 15) | TypeMB uint16 = 7
constant TypeMG (line 16) | TypeMG uint16 = 8
constant TypeMR (line 17) | TypeMR uint16 = 9
constant TypeNULL (line 18) | TypeNULL uint16 = 10
constant TypePTR (line 19) | TypePTR uint16 = 12
constant TypeHINFO (line 20) | TypeHINFO uint16 = 13
constant TypeMINFO (line 21) | TypeMINFO uint16 = 14
constant TypeMX (line 22) | TypeMX uint16 = 15
constant TypeTXT (line 23) | TypeTXT uint16 = 16
constant TypeRP (line 24) | TypeRP uint16 = 17
constant TypeAFSDB (line 25) | TypeAFSDB uint16 = 18
constant TypeX25 (line 26) | TypeX25 uint16 = 19
constant TypeISDN (line 27) | TypeISDN uint16 = 20
constant TypeRT (line 28) | TypeRT uint16 = 21
constant TypeNSAPPTR (line 29) | TypeNSAPPTR uint16 = 23
constant TypeSIG (line 30) | TypeSIG uint16 = 24
constant TypeKEY (line 31) | TypeKEY uint16 = 25
constant TypePX (line 32) | TypePX uint16 = 26
constant TypeGPOS (line 33) | TypeGPOS uint16 = 27
constant TypeAAAA (line 34) | TypeAAAA uint16 = 28
constant TypeLOC (line 35) | TypeLOC uint16 = 29
constant TypeNXT (line 36) | TypeNXT uint16 = 30
constant TypeEID (line 37) | TypeEID uint16 = 31
constant TypeNIMLOC (line 38) | TypeNIMLOC uint16 = 32
constant TypeSRV (line 39) | TypeSRV uint16 = 33
constant TypeATMA (line 40) | TypeATMA uint16 = 34
constant TypeNAPTR (line 41) | TypeNAPTR uint16 = 35
constant TypeKX (line 42) | TypeKX uint16 = 36
constant TypeCERT (line 43) | TypeCERT uint16 = 37
constant TypeDNAME (line 44) | TypeDNAME uint16 = 39
constant TypeOPT (line 45) | TypeOPT uint16 = 41
constant TypeAPL (line 46) | TypeAPL uint16 = 42
constant TypeDS (line 47) | TypeDS uint16 = 43
constant TypeSSHFP (line 48) | TypeSSHFP uint16 = 44
constant TypeIPSECKEY (line 49) | TypeIPSECKEY uint16 = 45
constant TypeRRSIG (line 50) | TypeRRSIG uint16 = 46
constant TypeNSEC (line 51) | TypeNSEC uint16 = 47
constant TypeDNSKEY (line 52) | TypeDNSKEY uint16 = 48
constant TypeDHCID (line 53) | TypeDHCID uint16 = 49
constant TypeNSEC3 (line 54) | TypeNSEC3 uint16 = 50
constant TypeNSEC3PARAM (line 55) | TypeNSEC3PARAM uint16 = 51
constant TypeTLSA (line 56) | TypeTLSA uint16 = 52
constant TypeSMIMEA (line 57) | TypeSMIMEA uint16 = 53
constant TypeHIP (line 58) | TypeHIP uint16 = 55
constant TypeNINFO (line 59) | TypeNINFO uint16 = 56
constant TypeRKEY (line 60) | TypeRKEY uint16 = 57
constant TypeTALINK (line 61) | TypeTALINK uint16 = 58
constant TypeCDS (line 62) | TypeCDS uint16 = 59
constant TypeCDNSKEY (line 63) | TypeCDNSKEY uint16 = 60
constant TypeOPENPGPKEY (line 64) | TypeOPENPGPKEY uint16 = 61
constant TypeCSYNC (line 65) | TypeCSYNC uint16 = 62
constant TypeZONEMD (line 66) | TypeZONEMD uint16 = 63
constant TypeSVCB (line 67) | TypeSVCB uint16 = 64
constant TypeHTTPS (line 68) | TypeHTTPS uint16 = 65
constant TypeDSYNC (line 69) | TypeDSYNC uint16 = 66
constant TypeSPF (line 70) | TypeSPF uint16 = 99
constant TypeUINFO (line 71) | TypeUINFO uint16 = 100
constant TypeUID (line 72) | TypeUID uint16 = 101
constant TypeGID (line 73) | TypeGID uint16 = 102
constant TypeUNSPEC (line 74) | TypeUNSPEC uint16 = 103
constant TypeNID (line 75) | TypeNID uint16 = 104
constant TypeL32 (line 76) | TypeL32 uint16 = 105
constant TypeL64 (line 77) | TypeL64 uint16 = 106
constant TypeLP (line 78) | TypeLP uint16 = 107
constant TypeEUI48 (line 79) | TypeEUI48 uint16 = 108
constant TypeEUI64 (line 80) | TypeEUI64 uint16 = 109
constant TypeNXNAME (line 81) | TypeNXNAME uint16 = 128
constant TypeURI (line 82) | TypeURI uint16 = 256
constant TypeCAA (line 83) | TypeCAA uint16 = 257
constant TypeAVC (line 84) | TypeAVC uint16 = 258
constant TypeAMTRELAY (line 85) | TypeAMTRELAY uint16 = 260
constant TypeRESINFO (line 86) | TypeRESINFO uint16 = 261
constant TypeWALLET (line 87) | TypeWALLET uint16 = 262
constant TypeCLA (line 88) | TypeCLA uint16 = 263
constant TypeIPN (line 89) | TypeIPN uint16 = 264
constant TypeTKEY (line 91) | TypeTKEY uint16 = 249
constant TypeTSIG (line 92) | TypeTSIG uint16 = 250
constant TypeIXFR (line 95) | TypeIXFR uint16 = 251
constant TypeAXFR (line 96) | TypeAXFR uint16 = 252
constant TypeMAILB (line 97) | TypeMAILB uint16 = 253
constant TypeMAILA (line 98) | TypeMAILA uint16 = 254
constant TypeANY (line 99) | TypeANY uint16 = 255
constant TypeTA (line 101) | TypeTA uint16 = 32768
constant TypeDLV (line 102) | TypeDLV uint16 = 32769
constant TypeDELEG (line 103) | TypeDELEG uint16 = 65432
constant TypeDELEGPARAM (line 104) | TypeDELEGPARAM uint16 = 65433
constant TypeReserved (line 105) | TypeReserved uint16 = 65535
constant LOCEquator (line 110) | LOCEquator = 1 << 31
constant LOCPrimemeridian (line 111) | LOCPrimemeridian = 1 << 31
constant LOCHours (line 112) | LOCHours = 60 * 1000
constant LOCDegrees (line 113) | LOCDegrees = 60 * LOCHours
constant LOCAltitudebase (line 114) | LOCAltitudebase = 100000
constant _ (line 119) | _ uint8 = iota
constant RSAMD5 (line 120) | RSAMD5
constant DH (line 121) | DH
constant DSA (line 122) | DSA
constant _ (line 123) | _
constant RSASHA1 (line 124) | RSASHA1
constant DSANSEC3SHA1 (line 125) | DSANSEC3SHA1
constant RSASHA1NSEC3SHA1 (line 126) | RSASHA1NSEC3SHA1
constant RSASHA256 (line 127) | RSASHA256
constant _ (line 128) | _
constant RSASHA512 (line 129) | RSASHA512
constant _ (line 130) | _
constant ECCGOST (line 131) | ECCGOST
constant ECDSAP256SHA256 (line 132) | ECDSAP256SHA256
constant ECDSAP384SHA384 (line 133) | ECDSAP384SHA384
constant ED25519 (line 134) | ED25519
constant ED448 (line 135) | ED448
constant INDIRECT (line 136) | INDIRECT uint8 = 252
constant PRIVATEDNS (line 137) | PRIVATEDNS uint8 = 253
constant PRIVATEOID (line 138) | PRIVATEOID uint8 = 254
constant CertPKIX (line 163) | CertPKIX = 1 + iota
constant CertSPKI (line 164) | CertSPKI
constant CertPGP (line 165) | CertPGP
constant CertIPIX (line 166) | CertIPIX
constant CertISPKI (line 167) | CertISPKI
constant CertIPGP (line 168) | CertIPGP
constant CertACPKIX (line 169) | CertACPKIX
constant CertIACPKIX (line 170) | CertIACPKIX
constant CertURI (line 171) | CertURI = 253
constant CertOID (line 172) | CertOID = 254
FILE: vendor/codeberg.org/miekg/dns/internal/jump/jump.go
function Name (line 9) | func Name(msgBuf []byte, off int) int {
function Question (line 28) | func Question(msgBuf []byte, off int) int {
function RR (line 37) | func RR(msgBuf []byte, off int) int {
function To (line 55) | func To(i int, msgBuf []byte) int {
FILE: vendor/codeberg.org/miekg/dns/internal/pack/errors.go
type Error (line 6) | type Error struct
method Error (line 8) | func (e *Error) Error() string { return "dns packing: " + e.Err }
function Errorf (line 10) | func Errorf(format string, a ...any) *Error { return &Error{Err: fmt.Spr...
FILE: vendor/codeberg.org/miekg/dns/internal/pack/pack.go
constant maxCompressionOffset (line 15) | maxCompressionOffset = 2 << 13
function Uint8 (line 20) | func Uint8(i uint8, msg []byte, off int) (off1 int, err error) {
function Uint16 (line 28) | func Uint16(i uint16, msg []byte, off int) (off1 int, err error) {
function Uint32 (line 37) | func Uint32(i uint32, msg []byte, off int) (off1 int, err error) {
function Uint48 (line 46) | func Uint48(i uint64, msg []byte, off int) (off1 int, err error) {
function Uint64 (line 61) | func Uint64(i uint64, msg []byte, off int) (off1 int, err error) {
function StringAny (line 72) | func StringAny(s string, msg []byte, off int) (int, error) {
function Strings (line 81) | func Strings(s []string, msg []byte, off int) (int, error) {
function String (line 99) | func String(s string, msg []byte, off int) (int, error) {
function A (line 148) | func A(a netip.Addr, msg []byte, off int) (int, error) {
function AAAA (line 161) | func AAAA(aaaa netip.Addr, msg []byte, off int) (int, error) {
function Name (line 186) | func Name(s string, msg []byte, off int, compression map[string]uint16, ...
function StringBase32 (line 257) | func StringBase32(s string, msg []byte, off int) (int, error) {
function StringBase64 (line 270) | func StringBase64(s string, msg []byte, off int) (int, error) {
function Base32 (line 283) | func Base32(s []byte) (buf []byte, err error) {
function Base64 (line 297) | func Base64(s []byte) (buf []byte, err error) {
function StringHex (line 305) | func StringHex(s string, msg []byte, off int) (int, error) {
function Names (line 318) | func Names(names []string, msg []byte, off int, compress map[string]uint...
FILE: vendor/codeberg.org/miekg/dns/internal/reverse/reverse.go
function Map (line 4) | func Map[K uint8 | uint16](m map[K]string) map[string]K {
FILE: vendor/codeberg.org/miekg/dns/internal/unpack/errors.go
type Error (line 6) | type Error struct
method Error (line 8) | func (e *Error) Error() string { return "dns unpack: " + e.Err }
function Errorf (line 10) | func Errorf(format string, a ...any) *Error { return &Error{Err: fmt.Spr...
FILE: vendor/codeberg.org/miekg/dns/internal/unpack/unpack.go
constant maxNameWireOctets (line 16) | maxNameWireOctets = 255
constant maxNamePresentationLength (line 22) | maxNamePresentationLength = maxNameWireOctets - 1
function A (line 25) | func A(s *cryptobyte.String) (netip.Addr, error) {
function AAAA (line 33) | func AAAA(s *cryptobyte.String) (netip.Addr, error) {
function StringAny (line 42) | func StringAny(s *cryptobyte.String, len int) (string, error) {
function Strings (line 50) | func Strings(s *cryptobyte.String) ([]string, error) {
function String (line 62) | func String(s *cryptobyte.String) (string, error) {
function Name (line 107) | func Name(s *cryptobyte.String, msgBuf []byte) (string, error) {
function Offset (line 170) | func Offset(data, buf []byte) int { return len(buf) - len(data) }
function StringBase32 (line 172) | func StringBase32(s *cryptobyte.String, len int) (string, error) {
function StringBase64 (line 180) | func StringBase64(s *cryptobyte.String, len int) (string, error) {
function Base32 (line 188) | func Base32(b []byte) string {
function Base64 (line 191) | func Base64(b []byte) string { return base64.StdEncoding.EncodeToString(...
function StringHex (line 193) | func StringHex(s *cryptobyte.String, len int) (string, error) {
function Names (line 201) | func Names(s *cryptobyte.String, msgBuf []byte) ([]string, error) {
FILE: vendor/codeberg.org/miekg/dns/listen_no_socket_options.go
function listenTCP (line 10) | func listenTCP(network, addr string, reuseport, reuseaddr bool) (net.Lis...
function listenUDP (line 18) | func listenUDP(network, addr string, reuseport, reuseaddr bool) (net.Pac...
function checkReuseport (line 27) | func checkReuseport(_ uintptr) (bool, error) {
function checkReuseaddr (line 32) | func checkReuseaddr(_ uintptr) (bool, error) {
FILE: vendor/codeberg.org/miekg/dns/listen_socket_options.go
function reuseportControl (line 13) | func reuseportControl(network, address string, c syscall.RawConn) error {
function reuseaddrControl (line 25) | func reuseaddrControl(network, address string, c syscall.RawConn) error {
function reuseaddrandportControl (line 37) | func reuseaddrandportControl(network, address string, c syscall.RawConn)...
function listenTCP (line 46) | func listenTCP(network, addr string, reuseport, reuseaddr bool) (net.Lis...
function listenUDP (line 60) | func listenUDP(network, addr string, reuseport, reuseaddr bool) (net.Pac...
FILE: vendor/codeberg.org/miekg/dns/msg.go
function id (line 27) | func id() uint16 {
function packQuestion (line 81) | func packQuestion(rr RR, msg []byte, off int, compression map[string]uin...
function packRR (line 99) | func packRR(rr RR, msg []byte, off int, compression map[string]uint16) (...
function unpackRR (line 120) | func unpackRR(msg *cryptobyte.String, msgBuf []byte) (RR, error) {
method Reset (line 159) | func (m *Msg) Reset() {
method Pack (line 163) | func (m *Msg) Pack() error {
method unpackQuestion (line 299) | func (m *Msg) unpackQuestion(msg *cryptobyte.String, msgBuf []byte) (RR,...
method unpackQuestions (line 325) | func (m *Msg) unpackQuestions(cnt uint16, msg *cryptobyte.String, msgBuf...
function unpackRRs (line 342) | func unpackRRs(cnt uint16, msg *cryptobyte.String, msgBuf []byte) ([]RR,...
method Unpack (line 360) | func (m *Msg) Unpack() (err error) {
method String (line 458) | func (m *Msg) String() string {
method isPseudo (line 587) | func (m *Msg) isPseudo() int {
method Len (line 609) | func (m *Msg) Len() int {
method Hijack (line 650) | func (m *Msg) Hijack() { m.hijacked.Store(true) }
method Write (line 655) | func (m *Msg) Write(p []byte) (n int, err error) {
method Read (line 666) | func (m *Msg) Read(p []byte) (n int, err error) {
method WriteTo (line 686) | func (m *Msg) WriteTo(w io.Writer) (int64, error) {
method ReadFrom (line 736) | func (m *Msg) ReadFrom(r io.Reader) (int64, error) {
method RRs (line 780) | func (m *Msg) RRs() iter.Seq[RR] {
method Copy (line 814) | func (m *Msg) Copy() *Msg {
function NewMsg (line 829) | func NewMsg(z string, t uint16) *Msg {
FILE: vendor/codeberg.org/miekg/dns/nsecpack.go
function unpackNSEC (line 9) | func unpackNSEC(s *cryptobyte.String) ([]uint16, error) {
function typeBitMapLen (line 50) | func typeBitMapLen(bitmap []uint16) int {
function packNSEC (line 71) | func packNSEC(bitmap []uint16, msg []byte, off int) (int, error) {
FILE: vendor/codeberg.org/miekg/dns/opt.go
method parse (line 5) | func (*OPT) parse(c *dnslex.Lexer, origin string) *ParseError {
method Version (line 10) | func (rr *OPT) Version() uint8 { return uint8(rr.Hdr.TTL & 0x00FF0000 >>...
method SetVersion (line 13) | func (rr *OPT) SetVersion(v uint8) { rr.Hdr.TTL = rr.Hdr.TTL&0xFF00FFFF ...
method UDPSize (line 16) | func (rr *OPT) UDPSize() uint16 { return rr.Hdr.Class }
method SetUDPSize (line 19) | func (rr *OPT) SetUDPSize(size uint16) { rr.Hdr.Class = size }
method Security (line 22) | func (rr *OPT) Security() bool { return rr.Hdr.TTL&_DO == _DO }
method SetSecurity (line 25) | func (rr *OPT) SetSecurity(do bool) {
method CompactAnswers (line 34) | func (rr *OPT) CompactAnswers() bool { return rr.Hdr.TTL&_CO == _CO }
method SetCompactAnswers (line 37) | func (rr *OPT) SetCompactAnswers(co bool) {
method Delegation (line 46) | func (rr *OPT) Delegation() bool { return rr.Hdr.TTL&_DE == _DE }
method SetDelegation (line 49) | func (rr *OPT) SetDelegation(de bool) {
method Rcode (line 58) | func (rr *OPT) Rcode() uint16 {
method SetRcode (line 64) | func (rr *OPT) SetRcode(v uint16) {
method Z (line 69) | func (rr *OPT) Z() uint16 {
method SetZ (line 74) | func (rr *OPT) SetZ(z uint16) {
FILE: vendor/codeberg.org/miekg/dns/optpack.go
function unpackOPT (line 11) | func unpackOPT(s *cryptobyte.String) ([]EDNS0, error) {
function packOPT (line 35) | func packOPT(options []EDNS0, msg []byte, off int) (int, error) {
FILE: vendor/codeberg.org/miekg/dns/pkg/pool/pool.go
type Pooler (line 9) | type Pooler interface
type Pool (line 18) | type Pool struct
method Get (line 23) | func (p *Pool) Get() []byte { return p.pool.Get().([]byte) }
method Put (line 25) | func (p *Pool) Put(b []byte) {
function New (line 33) | func New(size int) *Pool {
type Noop (line 43) | type Noop struct
method Get (line 47) | func (n *Noop) Get() []byte { return make([]byte, n.size) }
method Put (line 48) | func (n *Noop) Put([]byte) {}
function NewNoop (line 51) | func NewNoop(size int) *Noop { return &Noop{size: size} }
type Builder (line 54) | type Builder struct
method Get (line 63) | func (s *Builder) Get() strings.Builder { return s.Pool.Get().(strin...
method Put (line 64) | func (s *Builder) Put(sb strings.Builder) { sb.Reset(); s.Pool.Put(sb) }
function NewBuilder (line 59) | func NewBuilder() *Builder {
FILE: vendor/codeberg.org/miekg/dns/rdata/rdata.go
type NULL (line 26) | type NULL struct
type CNAME (line 31) | type CNAME struct
type HINFO (line 36) | type HINFO struct
type MB (line 42) | type MB struct
type MG (line 47) | type MG struct
type MINFO (line 52) | type MINFO struct
type MR (line 58) | type MR struct
type MF (line 63) | type MF struct
type MD (line 68) | type MD struct
type MX (line 73) | type MX struct
type AFSDB (line 79) | type AFSDB struct
type X25 (line 85) | type X25 struct
type ISDN (line 90) | type ISDN struct
type RT (line 96) | type RT struct
type NS (line 102) | type NS struct
type PTR (line 107) | type PTR struct
type RP (line 112) | type RP struct
type SOA (line 118) | type SOA struct
type TXT (line 129) | type TXT struct
type IPN (line 134) | type IPN struct
type SRV (line 139) | type SRV struct
type NAPTR (line 147) | type NAPTR struct
type CERT (line 157) | type CERT struct
type DNAME (line 165) | type DNAME struct
type A (line 170) | type A struct
type AAAA (line 175) | type AAAA struct
type PX (line 180) | type PX struct
type GPOS (line 187) | type GPOS struct
type LOC (line 194) | type LOC struct
type RRSIG (line 205) | type RRSIG struct
type NSEC (line 218) | type NSEC struct
method Len (line 223) | func (rd NSEC) Len() int {
type DS (line 230) | type DS struct
type KX (line 238) | type KX struct
type TA (line 244) | type TA struct
type TALINK (line 252) | type TALINK struct
type SSHFP (line 258) | type SSHFP struct
type DNSKEY (line 265) | type DNSKEY struct
type RKEY (line 273) | type RKEY struct
type NSAPPTR (line 281) | type NSAPPTR struct
type NSEC3 (line 286) | type NSEC3 struct
method Len (line 297) | func (rd NSEC3) Len() int {
type NSEC3PARAM (line 304) | type NSEC3PARAM struct
type TKEY (line 313) | type TKEY struct
type RFC3597 (line 326) | type RFC3597 struct
type URI (line 332) | type URI struct
type DHCID (line 339) | type DHCID struct
type TLSA (line 344) | type TLSA struct
type SMIMEA (line 352) | type SMIMEA struct
type HIP (line 360) | type HIP struct
type NINFO (line 370) | type NINFO struct
type NID (line 375) | type NID struct
type L32 (line 381) | type L32 struct
type L64 (line 387) | type L64 struct
type LP (line 393) | type LP struct
type EUI48 (line 398) | type EUI48 struct
type EUI64 (line 403) | type EUI64 struct
type CAA (line 408) | type CAA struct
type UID (line 415) | type UID struct
type GID (line 420) | type GID struct
type UINFO (line 425) | type UINFO struct
type EID (line 430) | type EID struct
type NIMLOC (line 435) | type NIMLOC struct
type OPENPGPKEY (line 440) | type OPENPGPKEY struct
type CSYNC (line 445) | type CSYNC struct
method Len (line 451) | func (rd CSYNC) Len() int {
type ZONEMD (line 458) | type ZONEMD struct
type SVCB (line 466) | type SVCB struct
type DELEG (line 473) | type DELEG struct
type DSYNC (line 478) | type DSYNC struct
type TSIG (line 486) | type TSIG struct
function typeBitMapLen (line 500) | func typeBitMapLen(bitmap []uint16) int {
FILE: vendor/codeberg.org/miekg/dns/rdata/string.go
method String (line 14) | func (rd RRSIG) String() string {
method String (line 30) | func (rd LOC) String() string {
method String (line 78) | func (rd CERT) String() string {
method String (line 103) | func (rd NSEC3) String() string {
method String (line 119) | func (rd NSEC3PARAM) String() string {
method String (line 130) | func (rd NULL) String() string { return rd.Null }
method String (line 131) | func (rd CNAME) String() string { return rd.Target }
method String (line 132) | func (rd HINFO) String() string { return sprintTxt([]string{rd.Cpu, rd.O...
method String (line 133) | func (rd MB) String() string { return rd.Mb }
method String (line 134) | func (rd MG) String() string { return rd.Mg }
method String (line 135) | func (rd MR) String() string { return rd.Mr }
method String (line 136) | func (rd MF) String() string { return rd.Mf }
method String (line 137) | func (rd MD) String() string { return rd.Md }
method String (line 138) | func (rd X25) String() string { return rd.PSDNAddress }
method String (line 139) | func (rd NS) String() string { return rd.Ns }
method String (line 140) | func (rd PTR) String() string { return rd.Ptr }
method String (line 141) | func (rd EUI48) String() string { return euiToString(rd.Address, 48) }
method String (line 142) | func (rd EUI64) String() string { return euiToString(rd.Address, 64) }
method String (line 144) | func (rd MINFO) String() string {
method String (line 152) | func (rd MX) String() string {
method String (line 160) | func (rd AFSDB) String() string {
method String (line 168) | func (rd ISDN) String() string {
method String (line 176) | func (rd RT) String() string {
method String (line 184) | func (rd RP) String() string {
method String (line 192) | func (rd SOA) String() string {
method String (line 205) | func (rd TXT) String() string {
method String (line 213) | func (rd IPN) String() string {
method String (line 221) | func (rd SRV) String() string {
method String (line 231) | func (rd NAPTR) String() string {
method String (line 257) | func (rd DNAME) String() string { return rd.Target }
method String (line 259) | func (rd A) String() string {
method String (line 269) | func (rd AAAA) String() string {
method String (line 280) | func (rd PX) String() string {
method String (line 288) | func (rd GPOS) String() string {
method String (line 296) | func (rd NSEC) String() string {
method String (line 308) | func (rd DS) String() string {
method String (line 319) | func (rd KX) String() string {
method String (line 327) | func (rd TA) String() string {
method String (line 338) | func (rd TALINK) String() string {
method String (line 346) | func (rd SSHFP) String() string {
method String (line 356) | func (rd DNSKEY) String() string {
method String (line 367) | func (rd RKEY) String() string {
method String (line 378) | func (rd NSAPPTR) String() string { return rd.Ptr }
method String (line 381) | func (rd TKEY) String() string {
method String (line 397) | func (rd RFC3597) String() string {
method String (line 405) | func (rd URI) String() string {
method String (line 413) | func (rd DHCID) String() string {
method String (line 421) | func (rd TLSA) String() string {
method String (line 432) | func (rd SMIMEA) String() string {
method String (line 447) | func (rd HIP) String() string {
method String (line 459) | func (rd NINFO) String() string {
method String (line 467) | func (rd NID) String() string {
method String (line 484) | func (rd L32) String() string {
method String (line 496) | func (rd L64) String() string {
method String (line 513) | func (rd LP) String() string {
method String (line 521) | func (rd CAA) String() string {
method String (line 529) | func (rd UID) String() string {
method String (line 537) | func (rd GID) String() string {
method String (line 545) | func (rd UINFO) String() string {
method String (line 553) | func (rd EID) String() string {
method String (line 561) | func (rd NIMLOC) String() string {
method String (line 569) | func (rd OPENPGPKEY) String() string {
method String (line 577) | func (rd CSYNC) String() string {
method String (line 589) | func (rd ZONEMD) String() string {
method String (line 597) | func (rd SVCB) String() string {
method String (line 614) | func (rd DELEG) String() string {
method String (line 630) | func (rd DSYNC) String() string {
method String (line 650) | func (rd TSIG) String() string {
FILE: vendor/codeberg.org/miekg/dns/rdata/stringutil.go
function cmToM (line 15) | func cmToM(x uint8) string {
function sprintData (line 37) | func sprintData(sb *strings.Builder, sx ...string) {
function typeToString (line 46) | func typeToString(t uint16) string {
function saltToString (line 54) | func saltToString(s string) string {
function euiToString (line 61) | func euiToString(eui uint64, bits int) (hex string) {
function sprintTxt (line 75) | func sprintTxt(txt []string) string {
function writeTxtByte (line 99) | func writeTxtByte(sb *strings.Builder, b byte) {
function splitN (line 112) | func splitN(s string, n int) []string {
function tsigTimeToString (line 132) | func tsigTimeToString(t uint64) string {
FILE: vendor/codeberg.org/miekg/dns/rdata/zdnsutil.go
function dnsutilLabels (line 19) | func dnsutilLabels(s string) (labels int) {
function dnsutilNext (line 36) | func dnsutilNext(s string, offset int) (i int, end bool) {
function dnsutilPrev (line 51) | func dnsutilPrev(s string, n int) (i int, start bool) {
function dnsutilFqdn (line 79) | func dnsutilFqdn(s string) string {
function dnsutilIsFqdn (line 88) | func dnsutilIsFqdn(s string) bool { return strings.HasSuffix(s, ".") }
function dnsutilCanonical (line 92) | func dnsutilCanonical(s string) string {
function dnsutilIsName (line 105) | func dnsutilIsName(s string) bool {
function compareLabel (line 147) | func compareLabel(a, b string) int {
function dnsutilTimeToString (line 176) | func dnsutilTimeToString(t uint32) string {
function dnsutilStringToTime (line 184) | func dnsutilStringToTime(s string) (uint32, error) {
function dnsutilAbsolute (line 197) | func dnsutilAbsolute(s, origin string) string {
constant maxSerialIncrement (line 217) | maxSerialIncrement = 2147483647
FILE: vendor/codeberg.org/miekg/dns/rdata/zlen.go
method Len (line 10) | func (rd NULL) Len() int {
method Len (line 16) | func (rd CNAME) Len() int {
method Len (line 22) | func (rd HINFO) Len() int {
method Len (line 29) | func (rd MB) Len() int {
method Len (line 35) | func (rd MG) Len() int {
method Len (line 41) | func (rd MINFO) Len() int {
method Len (line 48) | func (rd MR) Len() int {
method Len (line 54) | func (rd MF) Len() int {
method Len (line 60) | func (rd MD) Len() int {
method Len (line 66) | func (rd MX) Len() int {
method Len (line 73) | func (rd AFSDB) Len() int {
method Len (line 80) | func (rd X25) Len() int {
method Len (line 86) | func (rd ISDN) Len() int {
method Len (line 93) | func (rd RT) Len() int {
method Len (line 100) | func (rd NS) Len() int {
method Len (line 106) | func (rd PTR) Len() int {
method Len (line 112) | func (rd RP) Len() int {
method Len (line 119) | func (rd SOA) Len() int {
method Len (line 131) | func (rd TXT) Len() int {
method Len (line 139) | func (rd IPN) Len() int {
method Len (line 145) | func (rd SRV) Len() int {
method Len (line 154) | func (rd NAPTR) Len() int {
method Len (line 165) | func (rd CERT) Len() int {
method Len (line 174) | func (rd DNAME) Len() int {
method Len (line 180) | func (rd A) Len() int {
method Len (line 186) | func (rd AAAA) Len() int {
method Len (line 192) | func (rd PX) Len() int {
method Len (line 200) | func (rd GPOS) Len() int {
method Len (line 208) | func (rd LOC) Len() int {
method Len (line 220) | func (rd RRSIG) Len() int {
method Len (line 234) | func (rd DS) Len() int {
method Len (line 243) | func (rd KX) Len() int {
method Len (line 250) | func (rd TA) Len() int {
method Len (line 259) | func (rd TALINK) Len() int {
method Len (line 266) | func (rd SSHFP) Len() int {
method Len (line 274) | func (rd DNSKEY) Len() int {
method Len (line 283) | func (rd RKEY) Len() int {
method Len (line 292) | func (rd NSAPPTR) Len() int {
method Len (line 298) | func (rd NSEC3PARAM) Len() int {
method Len (line 308) | func (rd TKEY) Len() int {
method Len (line 322) | func (rd RFC3597) Len() int {
method Len (line 328) | func (rd URI) Len() int {
method Len (line 336) | func (rd DHCID) Len() int {
method Len (line 342) | func (rd TLSA) Len() int {
method Len (line 351) | func (rd SMIMEA) Len() int {
method Len (line 360) | func (rd HIP) Len() int {
method Len (line 373) | func (rd NINFO) Len() int {
method Len (line 381) | func (rd NID) Len() int {
method Len (line 388) | func (rd L32) Len() int {
method Len (line 395) | func (rd L64) Len() int {
method Len (line 402) | func (rd LP) Len() int {
method Len (line 409) | func (rd EUI48) Len() int {
method Len (line 415) | func (rd EUI64) Len() int {
method Len (line 421) | func (rd CAA) Len() int {
method Len (line 429) | func (rd UID) Len() int {
method Len (line 435) | func (rd GID) Len() int {
method Len (line 441) | func (rd UINFO) Len() int {
method Len (line 447) | func (rd EID) Len() int {
method Len (line 453) | func (rd NIMLOC) Len() int {
method Len (line 459) | func (rd OPENPGPKEY) Len() int {
method Len (line 465) | func (rd ZONEMD) Len() int {
method Len (line 474) | func (rd SVCB) Len() int {
method Len (line 484) | func (rd DELEG) Len() int {
method Len (line 492) | func (rd DSYNC) Len() int {
method Len (line 501) | func (rd TSIG) Len() int {
FILE: vendor/codeberg.org/miekg/dns/response.go
type ResponseWriter (line 17) | type ResponseWriter interface
type ResponseController (line 38) | type ResponseController interface
type response (line 44) | type response struct
method SetWriteDeadline (line 51) | func (w *response) SetWriteDeadline() error {
method Conn (line 54) | func (w *response) Conn() net.Conn { return w.conn }
method Session (line 55) | func (w *response) Session() *Session { return w.sessi...
method Write (line 56) | func (w *response) Write(p []byte) (n int, err error) { return w.conn....
method Read (line 57) | func (w *response) Read(p []byte) (n int, err error) { return w.conn....
method LocalAddr (line 60) | func (w *response) LocalAddr() net.Addr {
method RemoteAddr (line 76) | func (w *response) RemoteAddr() net.Addr {
method Hijack (line 95) | func (w *response) Hijack() { w.hijacked.Store(true) }
method Close (line 97) | func (w *response) Close() error {
FILE: vendor/codeberg.org/miekg/dns/scan.go
constant maxIncludeDepth (line 21) | maxIncludeDepth = 7
constant zValue (line 31) | zValue uint8 = iota
constant zKey (line 32) | zKey
constant zExpectOwnerDir (line 34) | zExpectOwnerDir uint8 = iota
constant zExpectAny (line 35) | zExpectAny
constant zExpectAnyNoClass (line 36) | zExpectAnyNoClass
constant zExpectAnyNoTTL (line 37) | zExpectAnyNoTTL
constant zExpectRrtype (line 38) | zExpectRrtype
constant zExpectRdata (line 39) | zExpectRdata
constant zExpectDirTTL (line 40) | zExpectDirTTL
constant zExpectDirOrigin (line 41) | zExpectDirOrigin
constant zExpectDirInclude (line 42) | zExpectDirInclude
constant zExpectDirGenerate (line 43) | zExpectDirGenerate
type ParseError (line 48) | type ParseError struct
method Error (line 55) | func (e *ParseError) Error() (s string) {
method Unwrap (line 67) | func (e *ParseError) Unwrap() error { return e.wrappedErr }
constant asRR (line 70) | asRR uint8 = iota
constant asCode (line 71) | asCode
constant asStateful (line 72) | asStateful
type ttlState (line 76) | type ttlState struct
function New (line 103) | func New(s string) (RR, error) {
function Read (line 109) | func Read(r io.Reader) (RR, error) { return read(r, "") }
function read (line 111) | func read(r io.Reader, file string) (RR, error) {
function NewData (line 121) | func NewData(rrtype uint16, s string, origin ...string) (RDATA, error) {
function ReadData (line 126) | func ReadData(r io.Reader, rrtype uint16, origin ...string) (RDATA, erro...
function readData (line 130) | func readData(r io.Reader, rrtype uint16, origin ...string) (RDATA, erro...
type ZoneParser (line 160) | type ZoneParser struct
method SetDefaultTTL (line 226) | func (zp *ZoneParser) SetDefaultTTL(ttl uint32) {
method Err (line 231) | func (zp *ZoneParser) Err() error {
method setParseError (line 245) | func (zp *ZoneParser) setParseError(err string, l dnslex.Lex) (RR, boo...
method subNext (line 250) | func (zp *ZoneParser) subNext() (RR, bool) {
method Next (line 274) | func (zp *ZoneParser) Next() (RR, bool) {
method RRs (line 650) | func (zp *ZoneParser) RRs() iter.Seq2[RR, error] {
function NewZoneParser (line 206) | func NewZoneParser(r io.Reader, origin, file string) *ZoneParser {
function stringToTTL (line 665) | func stringToTTL(token string) (uint32, bool) {
function stringToCm (line 714) | func stringToCm(token string) (e, m uint8, ok bool) {
function locCheckNorth (line 760) | func locCheckNorth(token string, latitude uint32) (uint32, bool) {
function locCheckEast (line 774) | func locCheckEast(token string, longitude uint32) (uint32, bool) {
function stringToNodeID (line 788) | func stringToNodeID(l dnslex.Lex) (uint64, error) {
type IncludeAllowFunc (line 806) | type IncludeAllowFunc
function defaultIncludeAllowFunc (line 811) | func defaultIncludeAllowFunc(file, include string) bool {
function toParseError (line 823) | func toParseError(err *dnslex.ScanError) error {
FILE: vendor/codeberg.org/miekg/dns/scan_ednsrr.go
method parse (line 11) | func (o *ZONEVERSION) parse(c *dnslex.Lexer, _ string) error {
method parse (line 37) | func (o *EDE) parse(c *dnslex.Lexer, _ string) error {
method parse (line 76) | func (o *NSID) parse(c *dnslex.Lexer, _ string) error {
FILE: vendor/codeberg.org/miekg/dns/scan_rdata.go
function parseA (line 16) | func parseA(rd *rdata.A, c *dnslex.Lexer, o string) error {
function parseAAAA (line 26) | func parseAAAA(rd *rdata.AAAA, c *dnslex.Lexer, o string) error {
function parseNS (line 36) | func parseNS(rd *rdata.NS, c *dnslex.Lexer, o string) error {
function parsePTR (line 45) | func parsePTR(rd *rdata.PTR, c *dnslex.Lexer, o string) error {
function parseNSAPPTR (line 54) | func parseNSAPPTR(rd *rdata.NSAPPTR, c *dnslex.Lexer, o string) error {
function parseRP (line 63) | func parseRP(rd *rdata.RP, c *dnslex.Lexer, o string) error {
function parseMR (line 81) | func parseMR(rd *rdata.MR, c *dnslex.Lexer, o string) error {
function parseMB (line 90) | func parseMB(rd *rdata.MB, c *dnslex.Lexer, o string) error {
function parseMG (line 99) | func parseMG(rd *rdata.MG, c *dnslex.Lexer, o string) error {
function parseHINFO (line 108) | func parseHINFO(rd *rdata.HINFO, c *dnslex.Lexer, o string) error {
function parseISDN (line 131) | func parseISDN(rd *rdata.ISDN, c *dnslex.Lexer, o string) error {
function parseMINFO (line 153) | func parseMINFO(rd *rdata.MINFO, c *dnslex.Lexer, o string) error {
function parseMF (line 171) | func parseMF(rd *rdata.MF, c *dnslex.Lexer, o string) error {
function parseMD (line 180) | func parseMD(rd *rdata.MD, c *dnslex.Lexer, o string) error {
function parseMX (line 189) | func parseMX(rd *rdata.MX, c *dnslex.Lexer, o string) error {
function parseRT (line 206) | func parseRT(rd *rdata.RT, c *dnslex.Lexer, o string) error {
function parseAFSDB (line 225) | func parseAFSDB(rd *rdata.AFSDB, c *dnslex.Lexer, o string) error {
function parseX25 (line 244) | func parseX25(rd *rdata.X25, c *dnslex.Lexer, o string) error {
function parseKX (line 253) | func parseKX(rd *rdata.KX, c *dnslex.Lexer, o string) error {
function parseCNAME (line 270) | func parseCNAME(rd *rdata.CNAME, c *dnslex.Lexer, o string) error {
function parseDNAME (line 279) | func parseDNAME(rd *rdata.DNAME, c *dnslex.Lexer, o string) error {
function parseSOA (line 288) | func parseSOA(rd *rdata.SOA, c *dnslex.Lexer, o string) error {
function parseSRV (line 346) | func parseSRV(rd *rdata.SRV, c *dnslex.Lexer, o string) error {
function parseNAPTR (line 377) | func parseNAPTR(rd *rdata.NAPTR, c *dnslex.Lexer, o string) error {
function parseTALINK (line 462) | func parseTALINK(rd *rdata.TALINK, c *dnslex.Lexer, o string) error {
function parseLOC (line 480) | func parseLOC(rd *rdata.LOC, c *dnslex.Lexer, o string) error {
function parseHIP (line 612) | func parseHIP(rd *rdata.HIP, c *dnslex.Lexer, o string) error {
function parseCERT (line 660) | func parseCERT(rd *rdata.CERT, c *dnslex.Lexer, o string) error {
function parseOPENPGPKEY (line 691) | func parseOPENPGPKEY(rd *rdata.OPENPGPKEY, c *dnslex.Lexer, o string) er...
function parseCSYNC (line 697) | func parseCSYNC(rd *rdata.CSYNC, c *dnslex.Lexer, o string) error {
function parseZONEMD (line 741) | func parseZONEMD(rd *rdata.ZONEMD, c *dnslex.Lexer, o string) error {
function parseRRSIG (line 767) | func parseRRSIG(rd *rdata.RRSIG, c *dnslex.Lexer, o string) error {
function parseNSEC (line 845) | func parseNSEC(rd *rdata.NSEC, c *dnslex.Lexer, o string) error {
function parseNSEC3 (line 881) | func parseNSEC3(rd *rdata.NSEC3, c *dnslex.Lexer, o string) error {
function parseNSEC3PARAM (line 950) | func parseNSEC3PARAM(rd *rdata.NSEC3PARAM, c *dnslex.Lexer, o string) er...
function parseEUI48 (line 981) | func parseEUI48(rd *rdata.EUI48, c *dnslex.Lexer, o string) error {
function parseEUI64 (line 1007) | func parseEUI64(rd *rdata.EUI64, c *dnslex.Lexer, o string) error {
function parseSSHFP (line 1033) | func parseSSHFP(rd *rdata.SSHFP, c *dnslex.Lexer, o string) error {
function parseDNSKEY (line 1053) | func parseDNSKEY(rd *rdata.DNSKEY, c *dnslex.Lexer, o string) error {
function parseRKEY (line 1079) | func parseRKEY(rd *rdata.RKEY, c *dnslex.Lexer, o string) error {
function parseEID (line 1105) | func parseEID(rd *rdata.EID, c *dnslex.Lexer, o string) error {
function parseNIMLOC (line 1111) | func parseNIMLOC(rd *rdata.NIMLOC, c *dnslex.Lexer, o string) error {
function parseGPOS (line 1117) | func parseGPOS(rd *rdata.GPOS, c *dnslex.Lexer, o string) error {
function parseDS (line 1141) | func parseDS(rd *rdata.DS, c *dnslex.Lexer, o string) error {
function parseTA (line 1170) | func parseTA(rd *rdata.TA, c *dnslex.Lexer, o string) error {
function parseTLSA (line 1200) | func parseTLSA(rd *rdata.TLSA, c *dnslex.Lexer, o string) error {
function parseSMIMEA (line 1226) | func parseSMIMEA(rd *rdata.SMIMEA, c *dnslex.Lexer, o string) error {
function parseRFC3597 (line 1252) | func parseRFC3597(rd *rdata.RFC3597, c *dnslex.Lexer, o string) error {
function parseTXT (line 1272) | func parseTXT(rd *rdata.TXT, c *dnslex.Lexer, o string) error {
function parseNINFO (line 1280) | func parseNINFO(rd *rdata.NINFO, c *dnslex.Lexer, o string) error {
function parseIPN (line 1286) | func parseIPN(rd *rdata.IPN, c *dnslex.Lexer, o string) error {
function parseURI (line 1296) | func parseURI(rd *rdata.URI, c *dnslex.Lexer, o string) error {
function parseDHCID (line 1323) | func parseDHCID(rd *rdata.DHCID, c *dnslex.Lexer, o string) error {
function parseNID (line 1330) | func parseNID(rd *rdata.NID, c *dnslex.Lexer, o string) error {
function parseL32 (line 1347) | func parseL32(rd *rdata.L32, c *dnslex.Lexer, o string) error {
function parseLP (line 1364) | func parseLP(rd *rdata.LP, c *dnslex.Lexer, o string) error {
function parseL64 (line 1381) | func parseL64(rd *rdata.L64, c *dnslex.Lexer, o string) error {
function parseUID (line 1398) | func parseUID(rd *rdata.UID, c *dnslex.Lexer, o string) error {
function parseGID (line 1408) | func parseGID(rd *rdata.GID, c *dnslex.Lexer, o string) error {
function parseUINFO (line 1418) | func parseUINFO(rd *rdata.UINFO, c *dnslex.Lexer, o string) error {
function parsePX (line 1430) | func parsePX(rd *rdata.PX, c *dnslex.Lexer, o string) error {
function parseCAA (line 1454) | func parseCAA(rd *rdata.CAA, c *dnslex.Lexer, o string) error {
function parseTKEY (line 1481) | func parseTKEY(rd *rdata.TKEY, c *dnslex.Lexer, o string) error {
function parseSVCB (line 1523) | func parseSVCB(rd *rdata.SVCB, c *dnslex.Lexer, o string) error {
function parseDELEG (line 1624) | func parseDELEG(rd *rdata.DELEG, c *dnslex.Lexer, o string) error {
function parseDSYNC (line 1703) | func parseDSYNC(rd *rdata.DSYNC, c *dnslex.Lexer, o string) error {
function upperLookup (line 1732) | func upperLookup(s string, m map[string]uint8) (uint8, bool) {
FILE: vendor/codeberg.org/miekg/dns/scan_rr.go
method parse (line 10) | func (rr *A) parse(c *dnslex.Lexer, o string) error { return parseA(&...
method parse (line 11) | func (rr *AAAA) parse(c *dnslex.Lexer, o string) error { return parseAAA...
method parse (line 12) | func (rr *NS) parse(c *dnslex.Lexer, o string) error { return parseNS(...
method parse (line 13) | func (rr *PTR) parse(c *dnslex.Lexer, o string) error { return parsePTR...
method parse (line 14) | func (rr *NSAPPTR) parse(c *dnslex.Lexer, o string) error {
method parse (line 17) | func (rr *RP) parse(c *dnslex.Lexer, o string) error { return parseR...
method parse (line 18) | func (rr *MR) parse(c *dnslex.Lexer, o string) error { return parseM...
method parse (line 19) | func (rr *MB) parse(c *dnslex.Lexer, o string) error { return parseM...
method parse (line 20) | func (rr *MG) parse(c *dnslex.Lexer, o string) error { return parseM...
method parse (line 21) | func (rr *HINFO) parse(c *dnslex.Lexer, o string) error { return parseH...
method parse (line 22) | func (rr *ISDN) parse(c *dnslex.Lexer, o string) error { return parseI...
method parse (line 23) | func (rr *MINFO) parse(c *dnslex.Lexer, o string) error { return parseM...
method parse (line 24) | func (rr *MF) parse(c *dnslex.Lexer, o string) error { return parseM...
method parse (line 25) | func (rr *MD) parse(c *dnslex.Lexer, o string) error { return parseM...
method parse (line 26) | func (rr *MX) parse(c *dnslex.Lexer, o string) error { return parseM...
method parse (line 27) | func (rr *RT) parse(c *dnslex.Lexer, o string) error { return parseR...
method parse (line 28) | func (rr *AFSDB) parse(c *dnslex.Lexer, o string) error { return parseA...
method parse (line 29) | func (rr *X25) parse(c *dnslex.Lexer, o string) error { return parseX...
method parse (line 30) | func (rr *KX) parse(c *dnslex.Lexer, o string) error { return parseK...
method parse (line 31) | func (rr *CNAME) parse(c *dnslex.Lexer, o string) error { return parseC...
method parse (line 32) | func (rr *DNAME) parse(c *dnslex.Lexer, o string) error { return parseD...
method parse (line 33) | func (rr *SOA) parse(c *dnslex.Lexer, o string) error { return parseS...
method parse (line 34) | func (rr *SRV) parse(c *dnslex.Lexer, o string) error { return parseS...
method parse (line 35) | func (rr *NAPTR) parse(c *dnslex.Lexer, o string) error { return parseN...
method parse (line 36) | func (rr *TALINK) parse(c *dnslex.Lexer, o string) error { return parseT...
method parse (line 37) | func (rr *LOC) parse(c *dnslex.Lexer, o string) error { return parseL...
method parse (line 38) | func (rr *CERT) parse(c *dnslex.Lexer, o string) error { return parseC...
method parse (line 39) | func (rr *OPENPGPKEY) parse(c *dnslex.Lexer, o string) error {
method parse (line 42) | func (rr *HIP) parse(c *dnslex.Lexer, o string) error { return parseH...
method parse (line 43) | func (rr *CSYNC) parse(c *dnslex.Lexer, o string) error { return parseC...
method parse (line 44) | func (rr *ZONEMD) parse(c *dnslex.Lexer, o string) error { return parseZ...
method parse (line 45) | func (rr *SIG) parse(c *dnslex.Lexer, o string) error { return parseR...
method parse (line 46) | func (rr *RRSIG) parse(c *dnslex.Lexer, o string) error { return parseR...
method parse (line 47) | func (rr *NXT) parse(c *dnslex.Lexer, o string) error { return parseN...
method parse (line 48) | func (rr *NSEC) parse(c *dnslex.Lexer, o string) error { return parseN...
method parse (line 49) | func (rr *NSEC3) parse(c *dnslex.Lexer, o string) error { return parseN...
method parse (line 50) | func (rr *NSEC3PARAM) parse(c *dnslex.Lexer, o string) error {
method parse (line 53) | func (rr *EUI48) parse(c *dnslex.Lexer, o string) error { return parseE...
method parse (line 54) | func (rr *EUI64) parse(c *dnslex.Lexer, o string) error { return parseE...
method parse (line 55) | func (rr *SSHFP) parse(c *dnslex.Lexer, o string) error { return parseS...
method parse (line 56) | func (rr *DNSKEY) parse(c *dnslex.Lexer, o string) error { return parseD...
method parse (line 57) | func (rr *KEY) parse(c *dnslex.Lexer, o string) error {
method parse (line 60) | func (rr *CDNSKEY) parse(c *dnslex.Lexer, o string) error {
method parse (line 63) | func (rr *DS) parse(c *dnslex.Lexer, o string) error { return parseD...
method parse (line 64) | func (rr *DLV) parse(c *dnslex.Lexer, o string) error { return parseD...
method parse (line 65) | func (rr *CDS) parse(c *dnslex.Lexer, o string) error { return parseD...
method parse (line 66) | func (rr *RKEY) parse(c *dnslex.Lexer, o string) error { return parseR...
method parse (line 67) | func (rr *EID) parse(c *dnslex.Lexer, o string) error { return parseE...
method parse (line 68) | func (rr *NIMLOC) parse(c *dnslex.Lexer, o string) error { return parseN...
method parse (line 69) | func (rr *GPOS) parse(c *dnslex.Lexer, o string) error { return parseG...
method parse (line 70) | func (rr *TA) parse(c *dnslex.Lexer, o string) error { return parseT...
method parse (line 71) | func (rr *TLSA) parse(c *dnslex.Lexer, o string) error { return parseT...
method parse (line 72) | func (rr *SMIMEA) parse(c *dnslex.Lexer, o string) error { return parseS...
method parse (line 73) | func (rr *RFC3597) parse(c *dnslex.Lexer, o string) error {
method parse (line 76) | func (rr *SPF) parse(c *dnslex.Lexer, o string) error { return parse...
method parse (line 77) | func (rr *AVC) parse(c *dnslex.Lexer, o string) error { return parse...
method parse (line 78) | func (rr *TXT) parse(c *dnslex.Lexer, o string) error { return parse...
method parse (line 79) | func (rr *NINFO) parse(c *dnslex.Lexer, o string) error { return parse...
method parse (line 80) | func (rr *RESINFO) parse(c *dnslex.Lexer, o string) error { return parse...
method parse (line 81) | func (rr *WALLET) parse(c *dnslex.Lexer, o string) error { return parse...
method parse (line 82) | func (rr *CLA) parse(c *dnslex.Lexer, o string) error { return parse...
method parse (line 83) | func (rr *IPN) parse(c *dnslex.Lexer, o string) error { return parse...
method parse (line 84) | func (rr *URI) parse(c *dnslex.Lexer, o string) error { return parse...
method parse (line 85) | func (rr *DHCID) parse(c *dnslex.Lexer, o string) error { return parse...
method parse (line 86) | func (rr *NID) parse(c *dnslex.Lexer, o string) error { return parse...
method parse (line 87) | func (rr *L32) parse(c *dnslex.Lexer, o string) error { return parse...
method parse (line 88) | func (rr *LP) parse(c *dnslex.Lexer, o string) error { return parse...
method parse (line 89) | func (rr *L64) parse(c *dnslex.Lexer, o string) error { return parse...
method parse (line 90) | func (rr *UID) parse(c *dnslex.Lexer, o string) error { return parse...
method parse (line 91) | func (rr *GID) parse(c *dnslex.Lexer, o string) error { return parse...
method parse (line 92) | func (rr *UINFO) parse(c *dnslex.Lexer, o string) error { return parse...
method parse (line 93) | func (rr *PX) parse(c *dnslex.Lexer, o string) error { return parse...
method parse (line 94) | func (rr *CAA) parse(c *dnslex.Lexer, o string) error { return parse...
method parse (line 95) | func (rr *TKEY) parse(c *dnslex.Lexer, o string) error { return parse...
method parse (line 96) | func (rr *SVCB) parse(c *dnslex.Lexer, o string) error { return parse...
method parse (line 97) | func (rr *HTTPS) parse(c *dnslex.Lexer, o string) error {
method parse (line 100) | func (rr *DELEG) parse(c *dnslex.Lexer, o string) error { return parseDE...
method parse (line 101) | func (rr *DELEGPARAM) parse(c *dnslex.Lexer, o string) error {
method parse (line 104) | func (rr *DSYNC) parse(c *dnslex.Lexer, o string) error { return parseDS...
function escapedStringOffset (line 109) | func escapedStringOffset(s string, desiredByteOffset int) (int, bool) {
function remainder (line 144) | func remainder(c *dnslex.Lexer, errstr string) (string, error) {
function remainderSlice (line 162) | func remainderSlice(c *dnslex.Lexer, errstr string) ([]string, error) {
FILE: vendor/codeberg.org/miekg/dns/serve_mux.go
type Handler (line 19) | type Handler interface
function Zone (line 25) | func Zone(ctx context.Context) string {
type contextKey (line 33) | type contextKey
type HandlerFunc (line 39) | type HandlerFunc
method ServeDNS (line 42) | func (f HandlerFunc) ServeDNS(ctx context.Context, w ResponseWriter, r...
type ServeMux (line 51) | type ServeMux struct
method match (line 62) | func (mux *ServeMux) match(q string, t uint16) (Handler, string) {
method Handle (line 95) | func (mux *ServeMux) Handle(pattern string, handler Handler) {
method HandleFunc (line 108) | func (mux *ServeMux) HandleFunc(pattern string, handler func(context.C...
method HandleRemove (line 113) | func (mux *ServeMux) HandleRemove(pattern string) {
method ServeDNS (line 128) | func (mux *ServeMux) ServeDNS(ctx context.Context, w ResponseWriter, r...
function NewServeMux (line 57) | func NewServeMux() *ServeMux { return &ServeMux{z: map[string]Handler{}} }
function Handle (line 141) | func Handle(pattern string, handler Handler) { DefaultServeMux.Handle(pa...
function HandleRemove (line 144) | func HandleRemove(pattern string) { DefaultServeMux.HandleRemove(pattern) }
function HandleFunc (line 147) | func HandleFunc(pattern string, handler func(context.Context, ResponseWr...
function refuse (line 152) | func refuse(w ResponseWriter, r *Msg) {
FILE: vendor/codeberg.org/miekg/dns/server.go
constant MaxTCPQueries (line 15) | MaxTCPQueries = 1024
function ListenAndServe (line 18) | func ListenAndServe(addr, network string, handler Handler) error {
type MsgAcceptAction (line 27) | type MsgAcceptAction
constant MsgAccept (line 31) | MsgAccept MsgAcceptAction = iota
constant MsgReject (line 32) | MsgReject
constant MsgRejectNotImplemented (line 33) | MsgRejectNotImplemented
constant MsgIgnore (line 34) | MsgIgnore
type MsgAcceptFunc (line 40) | type MsgAcceptFunc
function DefaultMsgAcceptFunc (line 47) | func DefaultMsgAcceptFunc(m *Msg) MsgAcceptAction {
type InvalidMsgFunc (line 64) | type InvalidMsgFunc
function DefaultMsgInvalidFunc (line 67) | func DefaultMsgInvalidFunc(m *Msg, err error) {}
type Server (line 70) | type Server struct
method init (line 138) | func (srv *Server) init() {
method ListenAndServe (line 168) | func (srv *Server) ListenAndServe() error {
method Shutdown (line 221) | func (srv *Server) Shutdown(ctx context.Context) {
method listenTCP (line 239) | func (srv *Server) listenTCP(ln net.Listener) {
method serveTCP (line 271) | func (srv *Server) serveTCP(wg *sync.WaitGroup, conn net.Conn) {
method serveDNS (line 316) | func (srv *Server) serveDNS(w *response, r *Msg) {
function NewServer (line 132) | func NewServer() *Server {
constant BatchSize (line 268) | BatchSize = 20
FILE: vendor/codeberg.org/miekg/dns/server_no_recvmmsg.go
method listenUDP (line 13) | func (srv *Server) listenUDP(pc net.PacketConn) {
FILE: vendor/codeberg.org/miekg/dns/server_recvmmsg.go
method listenUDP (line 13) | func (srv *Server) listenUDP(pc net.PacketConn) {
FILE: vendor/codeberg.org/miekg/dns/sig0.go
function SIG0Sign (line 14) | func SIG0Sign(m *Msg, k SIG0Signer, options *SIG0Option) error {
function SIG0Verify (line 52) | func SIG0Verify(m *Msg, y *KEY, k SIG0Signer, options *SIG0Option) error {
type SIG0Option (line 77) | type SIG0Option struct
type SIG0Signer (line 80) | type SIG0Signer interface
function hasSIG0 (line 91) | func hasSIG0(m *Msg) *SIG {
FILE: vendor/codeberg.org/miekg/dns/sig0_signer.go
type CryptoSIG0 (line 13) | type CryptoSIG0 struct
method Key (line 20) | func (c CryptoSIG0) Key() *KEY { return c.PublicKey }
method Signer (line 21) | func (c CryptoSIG0) Signer() crypto.Signer { return c.CryptoSigner }
method Sign (line 23) | func (c CryptoSIG0) Sign(s *SIG, p []byte) ([]byte, error) {
method Verify (line 47) | func (c CryptoSIG0) Verify(s *SIG, p []byte) error {
FILE: vendor/codeberg.org/miekg/dns/smimea.go
method Sign (line 8) | func (rr *SMIMEA) Sign(usage, selector, matchingType int, cert *x509.Cer...
method Verify (line 18) | func (rr *SMIMEA) Verify(cert *x509.Certificate) error {
FILE: vendor/codeberg.org/miekg/dns/sort.go
function Compare (line 10) | func Compare(a, b RR) int {
method Len (line 38) | func (set RRset) Len() int { return len(set) }
method Less (line 39) | func (set RRset) Less(i, j int) bool { return Compare(set[i], set[j]) ==...
method Swap (line 40) | func (set RRset) Swap(i, j int) { set[i], set[j] = set[j], set[i] }
function CompareName (line 45) | func CompareName(a, b string) int {
function Equal (line 74) | func Equal(a, b RR) bool { return Compare(a, b) == 0 }
function EqualName (line 77) | func EqualName(a, b string) bool { return CompareName(a, b) == 0 }
function CompareSerial (line 81) | func CompareSerial(a, b uint32) int {
function EqualSerial (line 101) | func EqualSerial(a, b uint32) bool { return a == b }
FILE: vendor/codeberg.org/miekg/dns/sort_rdata.go
function comparename (line 17) | func comparename(a, b string) int {
function comparebase64 (line 45) | func comparebase64(a, b string) int {
function comparebase32 (line 58) | func comparebase32(a, b string) int {
function comparehex (line 71) | func comparehex(a, b string) int {
function comparepair (line 84) | func comparepair(a, b []svcb.Pair) int {
function compareinfo (line 97) | func compareinfo(a, b []deleg.Info) int {
FILE: vendor/codeberg.org/miekg/dns/string.go
function typeToString (line 10) | func typeToString(t uint16) string {
function codeToString (line 17) | func codeToString(t uint16) string {
function classToString (line 24) | func classToString(c uint16) string {
function rcodeToString (line 31) | func rcodeToString(r uint16) string {
function opcodeToString (line 38) | func opcodeToString(o uint8) string {
function sprintData (line 46) | func sprintData(sb *strings.Builder, sx ...string) {
function sprintHeader (line 56) | func sprintHeader(rr RR) *strings.Builder {
function sprintOptionHeader (line 81) | func sprintOptionHeader(rr EDNS0) *strings.Builder {
FILE: vendor/codeberg.org/miekg/dns/svcb/pack.go
function _pack (line 13) | func _pack(p Pair, msg []byte, off int) (int, error) {
function _unpack (line 40) | func _unpack(p Pair, data *cryptobyte.String) error {
method pack (line 66) | func (s *MANDATORY) pack(msg []byte, off int) (off1 int, err error) {
method unpack (line 79) | func (s *MANDATORY) unpack(sc *cryptobyte.String) error {
method pack (line 90) | func (s *ALPN) pack(msg []byte, off int) (off1 int, err error) {
method unpack (line 113) | func (s *ALPN) unpack(sc *cryptobyte.String) error {
method pack (line 124) | func (s *NODEFAULTALPN) pack(msg []byte, off int) (int, error) {
method unpack (line 129) | func (*NODEFAULTALPN) unpack(sc *cryptobyte.String) error {
method pack (line 136) | func (s *PORT) pack(msg []byte, off int) (off1 int, err error) {
method unpack (line 145) | func (s *PORT) unpack(sc *cryptobyte.String) error {
method pack (line 152) | func (s *IPV4HINT) pack(msg []byte, off int) (int, error) {
method unpack (line 166) | func (s *IPV4HINT) unpack(sc *cryptobyte.String) error {
method pack (line 177) | func (s *ECHCONFIG) pack(msg []byte, off int) (int, error) {
method unpack (line 189) | func (s *ECHCONFIG) unpack(sc *cryptobyte.String) error {
method pack (line 197) | func (s *IPV6HINT) pack(msg []byte, off int) (int, error) {
method unpack (line 211) | func (s *IPV6HINT) unpack(sc *cryptobyte.String) error {
method pack (line 222) | func (s *DOHPATH) pack(msg []byte, off int) (int, error) {
method unpack (line 230) | func (s *DOHPATH) unpack(sc *cryptobyte.String) (err error) {
method pack (line 235) | func (s *OHTTP) pack(msg []byte, off int) (int, error) {
method unpack (line 240) | func (*OHTTP) unpack(sc *cryptobyte.String) error {
method pack (line 247) | func (s *LOCAL) pack(msg []byte, off int) (int, error) {
method unpack (line 260) | func (s *LOCAL) unpack(sc *cryptobyte.String) error {
function packTLV (line 269) | func packTLV(p Pair, msg []byte, off int) (off1 int, err error) {
FILE: vendor/codeberg.org/miekg/dns/svcb/scan.go
function Parse (line 14) | func Parse(p Pair, b, o string) error {
method parse (line 40) | func (s *MANDATORY) parse(b string) error {
method parse (line 51) | func (s *ALPN) parse(b string) error {
method parse (line 96) | func (*NODEFAULTALPN) parse(b string) error {
method parse (line 103) | func (s *PORT) parse(b string) error {
method parse (line 112) | func (s *IPV4HINT) parse(b string) error {
method parse (line 134) | func (s *ECHCONFIG) parse(b string) error {
method parse (line 143) | func (s *IPV6HINT) parse(b string) error {
method parse (line 165) | func (s *DOHPATH) parse(b string) error {
method parse (line 174) | func (*OHTTP) parse(b string) error {
method parse (line 181) | func (s *LOCAL) parse(b string) error {
function pairToString (line 191) | func pairToString(s []byte) string {
function stringToPair (line 211) | func stringToPair(b string) ([]byte, error) {
FILE: vendor/codeberg.org/miekg/dns/svcb/svcb.go
constant KeyMandatory (line 18) | KeyMandatory uint16 = iota
constant KeyAlpn (line 19) | KeyAlpn
constant KeyNoDefaultALPN (line 20) | KeyNoDefaultALPN
constant KeyPort (line 21) | KeyPort
constant KeyIPv4Hint (line 22) | KeyIPv4Hint
constant KeyEchConfig (line 23) | KeyEchConfig
constant KeyIPv6Hint (line 24) | KeyIPv6Hint
constant KeyDohPath (line 25) | KeyDohPath
constant KeyOhttp (line 26) | KeyOhttp
constant KeyReserved (line 28) | KeyReserved uint16 = 65535
type Pair (line 33) | type Pair interface
function KeyToString (line 41) | func KeyToString(k uint16) string {
function StringToKey (line 64) | func StringToKey(s string) uint16 {
function KeyToPair (line 78) | func KeyToPair(k uint16) func() Pair {
function PairToKey (line 106) | func PairToKey(p Pair) uint16 {
type MANDATORY (line 150) | type MANDATORY struct
method String (line 154) | func (s *MANDATORY) String() string {
method Len (line 162) | func (s *MANDATORY) Len() int { return tlv + 2*len(s.Key) }
method Clone (line 376) | func (s *MANDATORY) Clone() Pair { return &MANDATORY{slices.Clone(s....
type ALPN (line 172) | type ALPN struct
method String (line 176) | func (s *ALPN) String() string {
method Len (line 221) | func (s *ALPN) Len() int {
method Clone (line 377) | func (s *ALPN) Clone() Pair { return &ALPN{slices.Clone(s.Alpn)} }
type NODEFAULTALPN (line 237) | type NODEFAULTALPN struct
method String (line 239) | func (*NODEFAULTALPN) String() string { return "" }
method Len (line 240) | func (*NODEFAULTALPN) Len() int { return tlv + 0 }
method Clone (line 378) | func (*NODEFAULTALPN) Clone() Pair { return &NODEFAULTALPN{} }
type PORT (line 246) | type PORT struct
method Len (line 250) | func (*PORT) Len() int { return tlv + 2 }
method String (line 251) | func (s *PORT) String() string { return strconv.FormatUint(uint64(s.Po...
method Clone (line 379) | func (s *PORT) Clone() Pair { return &PORT{s.Port} }
type IPV4HINT (line 266) | type IPV4HINT struct
method Len (line 270) | func (s *IPV4HINT) Len() int { return tlv + 4*len(s.Hint) }
method String (line 272) | func (s *IPV4HINT) String() string {
method Clone (line 385) | func (s *IPV4HINT) Clone() Pair {
type ECHCONFIG (line 289) | type ECHCONFIG struct
method String (line 293) | func (s *ECHCONFIG) String() string { return base64.StdEncoding.Encode...
method Len (line 294) | func (s *ECHCONFIG) Len() int { return tlv + len(s.ECH) }
method Clone (line 380) | func (s *ECHCONFIG) Clone() Pair { return &ECHCONFIG{slices.Clone(s....
type IPV6HINT (line 305) | type IPV6HINT struct
method Len (line 309) | func (s *IPV6HINT) Len() int { return tlv + 16*len(s.Hint) }
method String (line 311) | func (s *IPV6HINT) String() string {
method Clone (line 389) | func (s *IPV6HINT) Clone() Pair {
type DOHPATH (line 336) | type DOHPATH struct
method String (line 340) | func (s *DOHPATH) String() string { return pairToString([]byte(s.Templ...
method Len (line 341) | func (s *DOHPATH) Len() int { return tlv + len(s.Template) }
method Clone (line 382) | func (s *DOHPATH) Clone() Pair { return &DOHPATH{Template: s.Templ...
type OHTTP (line 356) | type OHTTP struct
method String (line 358) | func (*OHTTP) String() string { return "" }
method Len (line 359) | func (*OHTTP) Len() int { return tlv + 0 }
method Clone (line 381) | func (*OHTTP) Clone() Pair { return &OHTTP{} }
type LOCAL (line 368) | type LOCAL struct
method String (line 373) | func (s *LOCAL) String() string { return pairToString(s.Data) }
method Len (line 374) | func (s *LOCAL) Len() int { return tlv + len(s.Data) }
method Clone (line 383) | func (s *LOCAL) Clone() Pair { return &LOCAL{s.KeyCode, slices.C...
constant tlv (line 393) | tlv = 4
FILE: vendor/codeberg.org/miekg/dns/svcb/svcbpack.go
function Unpack (line 11) | func Unpack(s *cryptobyte.String) ([]Pair, error) {
function Pack (line 33) | func Pack(pairs []Pair, msg []byte, off int) (off1 int, err error) {
FILE: vendor/codeberg.org/miekg/dns/svcb/zdnsutil.go
function dnsutilLabels (line 19) | func dnsutilLabels(s string) (labels int) {
function dnsutilNext (line 36) | func dnsutilNext(s string, offset int) (i int, end bool) {
function dnsutilPrev (line 51) | func dnsutilPrev(s string, n int) (i int, start bool) {
function dnsutilFqdn (line 79) | func dnsutilFqdn(s string) string {
function dnsutilIsFqdn (line 88) | func dnsutilIsFqdn(s string) bool { return strings.HasSuffix(s, ".") }
function dnsutilCanonical (line 92) | func dnsutilCanonical(s string) string {
function dnsutilIsName (line 105) | func dnsutilIsName(s string) bool {
function compareLabel (line 147) | func compareLabel(a, b string) int {
function dnsutilTimeToString (line 176) | func dnsutilTimeToString(t uint32) string {
function dnsutilStringToTime (line 184) | func dnsutilStringToTime(s string) (uint32, error) {
function dnsutilAbsolute (line 197) | func dnsutilAbsolute(s, origin string) string {
constant maxSerialIncrement (line 217) | maxSerialIncrement = 2147483647
FILE: vendor/codeberg.org/miekg/dns/tlsa.go
method Sign (line 8) | func (rr *TLSA) Sign(usage, selector, matchingtype int, cert *x509.Certi...
method Verify (line 18) | func (rr *TLSA) Verify(cert *x509.Certificate) error {
FILE: vendor/codeberg.org/miekg/dns/transfer.go
type Envelope (line 12) | type Envelope struct
method TransferIn (line 47) | func (c *Client) TransferIn(ctx context.Context, m *Msg, network, addres...
method TransferInWithConn (line 59) | func (c *Client) TransferInWithConn(ctx context.Context, m *Msg, conn ne...
method transferInAXFR (line 102) | func (c *Client) transferInAXFR(ctx context.Context, m *Msg, ch chan<- *...
method transferInIXFR (line 192) | func (c *Client) transferInIXFR(ctx context.Context, m *Msg, ch chan<- *...
method TransferOut (line 315) | func (c *Client) TransferOut(w ResponseWriter, r *Msg, env <-chan *Envel...
FILE: vendor/codeberg.org/miekg/dns/transport.go
type Transport (line 14) | type Transport struct
method dial (line 46) | func (t *Transport) dial(ctx context.Context, network, address string)...
function NewTransport (line 39) | func NewTransport() *Transport {
function isEOFOrClosedNetwork (line 56) | func isEOFOrClosedNetwork(err error) bool {
type Transfer (line 69) | type Transfer struct
FILE: vendor/codeberg.org/miekg/dns/tsig.go
constant HmacSHA1 (line 14) | HmacSHA1 = "hmac-sha1."
constant HmacSHA224 (line 15) | HmacSHA224 = "hmac-sha224."
constant HmacSHA256 (line 16) | HmacSHA256 = "hmac-sha256."
constant HmacSHA384 (line 17) | HmacSHA384 = "hmac-sha384."
constant HmacSHA512 (line 18) | HmacSHA512 = "hmac-sha512."
constant HmacMD5 (line 20) | HmacMD5 = "hmac-md5.sig-alg.reg.int."
function TSIGSign (line 28) | func TSIGSign(m *Msg, k TSIGSigner, options *TSIGOption) error {
function TSIGVerify (line 80) | func TSIGVerify(m *Msg, k TSIGSigner, options *TSIGOption) error {
type TSIGOption (line 137) | type TSIGOption struct
type TSIGSigner (line 143) | type TSIGSigner interface
function hasTSIG (line 152) | func hasTSIG(m *Msg) *TSIG {
function setArcount (line 161) | func setArcount(m *Msg, isPseudo int) int {
FILE: vendor/codeberg.org/miekg/dns/tsig_signer.go
type HmacTSIG (line 16) | type HmacTSIG struct
method Key (line 20) | func (h HmacTSIG) Key() []byte { return h.Secret }
method Sign (line 22) | func (h HmacTSIG) Sign(t *TSIG, p []byte, options TSIGOption) ([]byte,...
method Verify (line 47) | func (h HmacTSIG) Verify(t *TSIG, p []byte, options TSIGOption) error {
method mac (line 63) | func (rr *TSIG) mac(m *Msg, options TSIGOption) ([]byte, error) {
type macWireFmt (line 112) | type macWireFmt struct
method pack (line 117) | func (mw *macWireFmt) pack(buf []byte) (int, error) {
type timerWireFmt (line 130) | type timerWireFmt struct
method pack (line 135) | func (tw *timerWireFmt) pack(buf []byte) (int, error) {
type tsigWireFmt (line 149) | type tsigWireFmt struct
method pack (line 164) | func (tw *tsigWireFmt) pack(buf []byte) (int, error) {
FILE: vendor/codeberg.org/miekg/dns/types.go
constant TypeNone (line 18) | TypeNone uint16 = 0
constant TypeA (line 19) | TypeA uint16 = 1
constant TypeNS (line 20) | TypeNS uint16 = 2
constant TypeMD (line 21) | TypeMD uint16 = 3
constant TypeMF (line 22) | TypeMF uint16 = 4
constant TypeCNAME (line 23) | TypeCNAME uint16 = 5
constant TypeSOA (line 24) | TypeSOA uint16 = 6
constant TypeMB (line 25) | TypeMB uint16 = 7
constant TypeMG (line 26) | TypeMG uint16 = 8
constant TypeMR (line 27) | TypeMR uint16 = 9
constant TypeNULL (line 28) | TypeNULL uint16 = 10
constant TypePTR (line 29) | TypePTR uint16 = 12
constant TypeHINFO (line 30) | TypeHINFO uint16 = 13
constant TypeMINFO (line 31) | TypeMINFO uint16 = 14
constant TypeMX (line 32) | TypeMX uint16 = 15
constant TypeTXT (line 33) | TypeTXT uint16 = 16
constant TypeRP (line 34) | TypeRP uint16 = 17
constant TypeAFSDB (line 35) | TypeAFSDB uint16 = 18
constant TypeX25 (line 36) | TypeX25 uint16 = 19
constant TypeISDN (line 37) | TypeISDN uint16 = 20
constant TypeRT (line 38) | TypeRT uint16 = 21
constant TypeNSAPPTR (line 39) | TypeNSAPPTR uint16 = 23
constant TypeSIG (line 40) | TypeSIG uint16 = 24
constant TypeKEY (line 41) | TypeKEY uint16 = 25
constant TypePX (line 42) | TypePX uint16 = 26
constant TypeGPOS (line 43) | TypeGPOS uint16 = 27
constant TypeAAAA (line 44) | TypeAAAA uint16 = 28
constant TypeLOC (line 45) | TypeLOC uint16 = 29
constant TypeNXT (line 46) | TypeNXT uint16 = 30
constant TypeEID (line 47) | TypeEID uint16 = 31
constant TypeNIMLOC (line 48) | TypeNIMLOC uint16 = 32
constant TypeSRV (line 49) | TypeSRV uint16 = 33
constant TypeATMA (line 50) | TypeATMA uint16 = 34
constant TypeNAPTR (line 51) | TypeNAPTR uint16 = 35
constant TypeKX (line 52) | TypeKX uint16 = 36
constant TypeCERT (line 53) | TypeCERT uint16 = 37
constant TypeDNAME (line 54) | TypeDNAME uint16 = 39
constant TypeOPT (line 55) | TypeOPT uint16 = 41
constant TypeAPL (line 56) | TypeAPL uint16 = 42
constant TypeDS (line 57) | TypeDS uint16 = 43
constant TypeSSHFP (line 58) | TypeSSHFP uint16 = 44
constant TypeIPSECKEY (line 59) | TypeIPSECKEY uint16 = 45
constant TypeRRSIG (line 60) | TypeRRSIG uint16 = 46
constant TypeNSEC (line 61) | TypeNSEC uint16 = 47
constant TypeDNSKEY (line 62) | TypeDNSKEY uint16 = 48
constant TypeDHCID (line 63) | TypeDHCID uint16 = 49
constant TypeNSEC3 (line 64) | TypeNSEC3 uint16 = 50
constant TypeNSEC3PARAM (line 65) | TypeNSEC3PARAM uint16 = 51
constant TypeTLSA (line 66) | TypeTLSA uint16 = 52
constant TypeSMIMEA (line 67) | TypeSMIMEA uint16 = 53
constant TypeHIP (line 68) | TypeHIP uint16 = 55
constant TypeNINFO (line 69) | TypeNINFO uint16 = 56
constant TypeRKEY (line 70) | TypeRKEY uint16 = 57
constant TypeTALINK (line 71) | TypeTALINK uint16 = 58
constant TypeCDS (line 72) | TypeCDS uint16 = 59
constant TypeCDNSKEY (line 73) | TypeCDNSKEY uint16 = 60
constant TypeOPENPGPKEY (line 74) | TypeOPENPGPKEY uint16 = 61
constant TypeCSYNC (line 75) | TypeCSYNC uint16 = 62
constant TypeZONEMD (line 76) | TypeZONEMD uint16 = 63
constant TypeSVCB (line 77) | TypeSVCB uint16 = 64
constant TypeHTTPS (line 78) | TypeHTTPS uint16 = 65
constant TypeDSYNC (line 79) | TypeDSYNC uint16 = 66
constant TypeSPF (line 80) | TypeSPF uint16 = 99
constant TypeUINFO (line 81) | TypeUINFO uint16 = 100
constant TypeUID (line 82) | TypeUID uint16 = 101
constant TypeGID (line 83) | TypeGID uint16 = 102
constant TypeUNSPEC (line 84) | TypeUNSPEC uint16 = 103
constant TypeNID (line 85) | TypeNID uint16 = 104
constant TypeL32 (line 86) | TypeL32 uint16 = 105
constant TypeL64 (line 87) | TypeL64 uint16 = 106
constant TypeLP (line 88) | TypeLP uint16 = 107
constant TypeEUI48 (line 89) | TypeEUI48 uint16 = 108
constant TypeEUI64 (line 90) | TypeEUI64 uint16 = 109
constant TypeNXNAME (line 91) | TypeNXNAME uint16 = 128
constant TypeURI (line 92) | TypeURI uint16 = 256
constant TypeCAA (line 93) | TypeCAA uint16 = 257
constant TypeAVC (line 94) | TypeAVC uint16 = 258
constant TypeAMTRELAY (line 95) | TypeAMTRELAY uint16 = 260
constant TypeRESINFO (line 96) | TypeRESINFO uint16 = 261
constant TypeWALLET (line 97) | TypeWALLET uint16 = 262
constant TypeCLA (line 98) | TypeCLA uint16 = 263
constant TypeIPN (line 99) | TypeIPN uint16 = 264
constant TypeTKEY (line 101) | TypeTKEY uint16 = 249
constant TypeTSIG (line 102) | TypeTSIG uint16 = 250
constant TypeIXFR (line 105) | TypeIXFR uint16 = 251
constant TypeAXFR (line 106) | TypeAXFR uint16 = 252
constant TypeMAILB (line 107) | TypeMAILB uint16 = 253
constant TypeMAILA (line 108) | TypeMAILA uint16 = 254
constant TypeANY (line 109) | TypeANY uint16 = 255
constant TypeTA (line 111) | TypeTA uint16 = 32768
constant TypeDLV (line 112) | TypeDLV uint16 = 32769
constant TypeDELEG (line 113) | TypeDELEG uint16 = 65432
constant TypeDELEGPARAM (line 114) | TypeDELEGPARAM uint16 = 65433
constant TypeReserved (line 115) | TypeReserved uint16 = 65535
constant ClassINET (line 118) | ClassINET = 1
constant ClassCSNET (line 119) | ClassCSNET = 2
constant ClassCHAOS (line 120) | ClassCHAOS = 3
constant ClassHESIOD (line 121) | ClassHESIOD = 4
constant ClassNONE (line 122) | ClassNONE = 254
constant ClassANY (line 123) | ClassANY = 255
constant RcodeSuccess (line 126) | RcodeSuccess = 0
constant RcodeFormatError (line 127) | RcodeFormatError = 1
constant RcodeServerFailure (line 128) | RcodeServerFailure = 2
constant RcodeNameError (line 129) | RcodeNameError = 3
constant RcodeNotImplemented (line 130) | RcodeNotImplemented = 4
constant RcodeRefused (line 131) | RcodeRefused = 5
constant RcodeYXDomain (line 132) | RcodeYXDomain = 6
constant RcodeYXRrset (line 133) | RcodeYXRrset = 7
constant RcodeNXRrset (line 134) | RcodeNXRrset = 8
constant RcodeNotAuth (line 135) | RcodeNotAuth = 9
constant RcodeNotZone (line 136) | RcodeNotZone = 10
constant RcodeStatefulNotImplemented (line 137) | RcodeStatefulNotImplemented = 11
constant RcodeBadSig (line 138) | RcodeBadSig = 16
constant RcodeBadVers (line 139) | RcodeBadVers = 16
constant RcodeBadKey (line 140) | RcodeBadKey = 17
constant RcodeBadTime (line 141) | RcodeBadTime = 18
constant RcodeBadMode (line 142) | RcodeBadMode = 19
constant RcodeBadName (line 143) | RcodeBadName = 20
constant RcodeBadAlg (line 144) | RcodeBadAlg = 21
constant RcodeBadTrunc (line 145) | RcodeBadTrunc = 22
constant RcodeBadCookie (line 146) | RcodeBadCookie = 23
constant OpcodeQuery (line 149) | OpcodeQuery = 0
constant OpcodeIQuery (line 150) | OpcodeIQuery = 1
constant OpcodeStatus (line 151) | OpcodeStatus = 2
constant OpcodeNotify (line 152) | OpcodeNotify = 4
constant OpcodeUpdate (line 153) | OpcodeUpdate = 5
constant OpcodeStateful (line 154) | OpcodeStateful = 6
constant ZONEMDSchemeSimple (line 161) | ZONEMDSchemeSimple = 1
constant ZONEMDHashSHA384 (line 163) | ZONEMDHashSHA384 = 1
constant ZONEMDHashSHA512 (line 164) | ZONEMDHashSHA512 = 2
constant _QR (line 169) | _QR = 1 << 15
constant _AA (line 170) | _AA = 1 << 10
constant _TC (line 171) | _TC = 1 << 9
constant _RD (line 172) | _RD = 1 << 8
constant _RA (line 173) | _RA = 1 << 7
constant _Z (line 174) | _Z = 1 << 6
constant _AD (line 175) | _AD = 1 << 5
constant _CD (line 176) | _CD = 1 << 4
constant _DO (line 179) | _DO = 1 << 15
constant _CO (line 180) | _CO = 1 << 14
constant _DE (line 181) | _DE = 1 << 13
constant LOCEquator (line 186) | LOCEquator = 1 << 31
constant LOCPrimemeridian (line 187) | LOCPrimemeridian = 1 << 31
constant LOCHours (line 188) | LOCHours = 60 * 1000
constant LOCDegrees (line 189) | LOCDegrees = 60 * LOCHours
constant LOCAltitudebase (line 190) | LOCAltitudebase = 100000
constant CERTPkix (line 195) | CERTPkix = 1 + iota
constant CERTSpki (line 196) | CERTSpki
constant CERTPgp (line 197) | CERTPgp
constant CERTIpix (line 198) | CERTIpix
constant CERTIspki (line 199) | CERTIspki
constant CERTIpgp (line 200) | CERTIpgp
constant CERTAcpkix (line 201) | CERTAcpkix
constant CERTIAcpkix (line 202) | CERTIAcpkix
constant CERTUri (line 203) | CERTUri = 253
constant CERTOid (line 204) | CERTOid = 254
type NULL (line 223) | type NULL struct
method String (line 228) | func (rr *NULL) String() string {
method parse (line 233) | func (*NULL) parse(_ *dnslex.Lexer, _ string) *ParseError {
type NXNAME (line 239) | type NXNAME struct
method Len (line 244) | func (rr *NXNAME) Len() int { return rr.Hdr.Len() }
method String (line 245) | func (rr *NXNAME) String() string { return rr.Hdr.String() }
method parse (line 247) | func (*NXNAME) parse(_ *dnslex.Lexer, _ string) *ParseError {
type CNAME (line 252) | type CNAME struct
method String (line 257) | func (rr *CNAME) String() string {
type HINFO (line 266) | type HINFO struct
method String (line 271) | func (rr *HINFO) String() string {
type MB (line 280) | type MB struct
method String (line 285) | func (rr *MB) String() string {
type MG (line 294) | type MG struct
method String (line 299) | func (rr *MG) String() string {
type MINFO (line 308) | type MINFO struct
method String (line 313) | func (rr *MINFO) String() string {
type MR (line 322) | type MR struct
method String (line 327) | func (rr *MR) String() string {
type MF (line 336) | type MF struct
method String (line 341) | func (rr *MF) String() string {
type MD (line 350) | type MD struct
method String (line 355) | func (rr *MD) String() string {
type MX (line 364) | type MX struct
method String (line 369) | func (rr *MX) String() string {
type AFSDB (line 378) | type AFSDB struct
method String (line 383) | func (rr *AFSDB) String() string {
type X25 (line 392) | type X25 struct
method String (line 397) | func (rr *X25) String() string {
type ISDN (line 406) | type ISDN struct
method String (line 411) | func (rr *ISDN) String() string {
type RT (line 420) | type RT struct
method String (line 425) | func (rr *RT) String() string {
type NS (line 434) | type NS struct
method String (line 439) | func (rr *NS) String() string {
type PTR (line 448) | type PTR struct
method String (line 453) | func (rr *PTR) String() string {
type RP (line 462) | type RP struct
method String (line 467) | func (rr *RP) String() string {
type SOA (line 476) | type SOA struct
method String (line 481) | func (rr *SOA) String() string {
type TXT (line 490) | type TXT struct
method String (line 495) | func (rr *TXT) String() string {
type SPF (line 504) | type SPF struct
method String (line 506) | func (rr *SPF) String() string {
type AVC (line 515) | type AVC struct
method String (line 517) | func (rr *AVC) String() string {
type WALLET (line 526) | type WALLET struct
method String (line 528) | func (rr *WALLET) String() string {
type CLA (line 537) | type CLA struct
method String (line 539) | func (rr *CLA) String() string {
type IPN (line 548) | type IPN struct
method String (line 553) | func (rr *IPN) String() string {
type SRV (line 562) | type SRV struct
method String (line 567) | func (rr *SRV) String() string {
type NAPTR (line 576) | type NAPTR struct
method String (line 581) | func (rr *NAPTR) String() string {
type CERT (line 590) | type CERT struct
method String (line 595) | func (rr *CERT) String() string {
type DNAME (line 603) | type DNAME struct
method String (line 608) | func (rr *DNAME) String() string {
type A (line 617) | type A struct
method String (line 622) | func (rr *A) String() string {
type AAAA (line 631) | type AAAA struct
method String (line 636) | func (rr *AAAA) String() string {
type PX (line 645) | type PX struct
method String (line 650) | func (rr *PX) String() string {
type GPOS (line 659) | type GPOS struct
method String (line 664) | func (rr *GPOS) String() string {
type LOC (line 673) | type LOC struct
method String (line 678) | func (rr *LOC) String() string {
type SIG (line 686) | type SIG struct
method String (line 688) | func (rr *SIG) String() string {
function NewSIG0 (line 696) | func NewSIG0() *SIG {
type RRSIG (line 702) | type RRSIG struct
method String (line 707) | func (rr *RRSIG) String() string {
function NewRRSIG (line 718) | func NewRRSIG(origin string, algorithm uint8, keytag uint16, incepexp .....
type NXT (line 732) | type NXT struct
method String (line 734) | func (rr *NXT) String() string {
type NSEC (line 743) | type NSEC struct
method String (line 748) | func (rr *NSEC) String() string {
method Len (line 756) | func (rr *NSEC) Len() int { return rr.Hdr.Len() + rr.NSEC.Len() }
type DLV (line 759) | type DLV struct
method String (line 761) | func (rr *DLV) String() string {
type CDS (line 770) | type CDS struct
method String (line 772) | func (rr *CDS) String() string {
type DS (line 781) | type DS struct
method String (line 786) | func (rr *DS) String() string {
type KX (line 795) | type KX struct
method String (line 800) | func (rr *KX) String() string {
type TA (line 809) | type TA struct
method String (line 814) | func (rr *TA) String() string {
type TALINK (line 823) | type TALINK struct
method String (line 828) | func (rr *TALINK) String() string {
type SSHFP (line 837) | type SSHFP struct
method String (line 842) | func (rr *SSHFP) String() string {
type KEY (line 851) | type KEY struct
method String (line 853) | func (rr *KEY) String() string {
type CDNSKEY (line 862) | type CDNSKEY struct
method String (line 864) | func (rr *CDNSKEY) String() string {
type DNSKEY (line 873) | type DNSKEY struct
method String (line 878) | func (rr *DNSKEY) String() string {
function NewDNSKEY (line 887) | func NewDNSKEY(z string, algorithm uint8) *DNSKEY {
type RKEY (line 898) | type RKEY struct
method String (line 903) | func (rr *RKEY) String() string {
type NSAPPTR (line 912) | type NSAPPTR struct
method String (line 917) | func (rr *NSAPPTR) String() string {
type NSEC3 (line 926) | type NSEC3 struct
method String (line 931) | func (rr *NSEC3) String() string {
method Len (line 938) | func (rr *NSEC3) Len() int { return rr.Hdr.Len() + rr.NSEC3.Len() }
type NSEC3PARAM (line 941) | type NSEC3PARAM struct
method String (line 946) | func (rr *NSEC3PARAM) String() string {
type TKEY (line 954) | type TKEY struct
method String (line 960) | func (rr *TKEY) String() string {
type RFC3597 (line 969) | type RFC3597 struct
method Data (line 974) | func (rr *RFC3597) Data() RDATA { return rr.RFC3597 }
method String (line 976) | func (rr *RFC3597) String() string {
method Type (line 996) | func (rr *RFC3597) Type() uint16 { return rr.RRType }
type URI (line 999) | type URI struct
method String (line 1004) | func (rr *URI) String() string {
type DHCID (line 1013) | type DHCID struct
method String (line 1018) | func (rr *DHCID) String() string {
type TLSA (line 1027) | type TLSA struct
method String (line 1032) | func (rr *TLSA) String() string {
type SMIMEA (line 1041) | type SMIMEA struct
method String (line 1046) | func (rr *SMIMEA) String() string {
type HIP (line 1055) | type HIP struct
method String (line 1060) | func (rr *HIP) String() string {
type NINFO (line 1069) | type NINFO struct
method String (line 1074) | func (rr *NINFO) String() string {
type NID (line 1083) | type NID struct
method String (line 1088) | func (rr *NID) String() string {
type L32 (line 1097) | type L32 struct
method String (line 1102) | func (rr *L32) String() string {
type L64 (line 1111) | type L64 struct
method String (line 1116) | func (rr *L64) String() string {
type LP (line 1125) | type LP struct
method String (line 1130) | func (rr *LP) String() string {
type EUI48 (line 1139) | type EUI48 struct
method String (line 1144) | func (rr *EUI48) String() string { return rr.Hdr.String() + rr.EUI48.S...
type EUI64 (line 1147) | type EUI64 struct
method String (line 1152) | func (rr *EUI64) String() string { return rr.Hdr.String() + rr.EUI64.S...
type CAA (line 1155) | type CAA struct
method String (line 1160) | func (rr *CAA) String() string {
type UID (line 1169) | type UID struct
method String (line 1174) | func (rr *UID) String() string {
type GID (line 1183) | type GID struct
method String (line 1188) | func (rr *GID) String() string {
type UINFO (line 1197) | type UINFO struct
method String (line 1202) | func (rr *UINFO) String() string {
type EID (line 1211) | type EID struct
method String (line 1216) | func (rr *EID) String() string {
type NIMLOC (line 1225) | type NIMLOC struct
method String (line 1230) | func (rr *NIMLOC) String() string {
type OPENPGPKEY (line 1239) | type OPENPGPKEY struct
method String (line 1244) | func (rr *OPENPGPKEY) String() string {
type CSYNC (line 1253) | type CSYNC struct
method String (line 1258) | func (rr *CSYNC) String() string {
method Len (line 1266) | func (rr *CSYNC) Len() int { return rr.Hdr.Len() + rr.CSYNC.Len() }
type ZONEMD (line 1269) | type ZONEMD struct
method String (line 1274) | func (rr *ZONEMD) String() string {
type OPT (line 1286) | type OPT struct
method Data (line 1293) | func (rr *OPT) Data() RDATA { return nil }
method String (line 1294) | func (rr *OPT) String() string { return "" }
method Len (line 1296) | func (rr *OPT) Len() int {
type RESINFO (line 1307) | type RESINFO struct
method String (line 1309) | func (rr *RESINFO) String() string { return rr.Hdr.String() + rr.TXT.T...
type SVCB (line 1312) | type SVCB struct
method String (line 1317) | func (rr *SVCB) String() string {
type HTTPS (line 1327) | type HTTPS struct
method String (line 1329) | func (rr *HTTPS) String() string {
type DELEG (line 1338) | type DELEG struct
method String (line 1343) | func (rr *DELEG) String() string {
type DELEGPARAM (line 1351) | type DELEGPARAM struct
method String (line 1353) | func (rr *DELEGPARAM) String() string {
type DSYNC (line 1362) | type DSYNC struct
method String (line 1367) | func (rr *DSYNC) String() string {
type ANY (line 1379) | type ANY struct
method Len (line 1383) | func (rr *ANY) Len() int { return rr.Hdr.Len() }
method String (line 1384) | func (rr *ANY) String() string { return rr.Hdr.String() }
method parse (line 1386) | func (*ANY) parse(c *dnslex.Lexer, origin string) *ParseError {
type AXFR (line 1391) | type AXFR struct
method Len (line 1395) | func (rr *AXFR) Len() int { return rr.Hdr.Len() }
method String (line 1396) | func (rr *AXFR) String() string { return rr.Hdr.String() }
method parse (line 1398) | func (*AXFR) parse(c *dnslex.Lexer, origin string) *ParseError {
type IXFR (line 1403) | type IXFR struct
method Len (line 1407) | func (rr *IXFR) Len() int { return rr.Hdr.Len() }
method String (line 1408) | func (rr *IXFR) String() string { return rr.Hdr.String() }
method parse (line 1410) | func (*IXFR) parse(c *dnslex.Lexer, origin string) *ParseError {
type TSIG (line 1423) | type TSIG struct
method String (line 1428) | func (rr *TSIG) String() string {
method parse (line 1455) | func (*TSIG) parse(c *dnslex.Lexer, origin string) *ParseError {
function NewTSIG (line 1438) | func NewTSIG(z, algorithm string, fudge uint16, timesigned ...int64) *TS...
FILE: vendor/codeberg.org/miekg/dns/udp.go
function parseFromOOB (line 26) | func parseFromOOB(oob []byte) net.IP {
function sourceFromOOB (line 46) | func sourceFromOOB(oob []byte) []byte {
FILE: vendor/codeberg.org/miekg/dns/udp_darwin.go
function setUDPSocketOptions (line 13) | func setUDPSocketOptions(conn *net.UDPConn) error {
FILE: vendor/codeberg.org/miekg/dns/udp_no_control.go
function setUDPSocketOptions (line 9) | func setUDPSocketOptions(*net.UDPConn) error { return nil }
function parseFromOOB (line 10) | func parseFromOOB([]byte, net.IP) net.IP { return nil }
function sourceFromOOB (line 11) | func sourceFromOOB([]byte) []byte { return nil }
FILE: vendor/codeberg.org/miekg/dns/udp_session.go
type Session (line 6) | type Session struct
FILE: vendor/codeberg.org/miekg/dns/udp_unix.go
function setUDPSocketOptions (line 12) | func setUDPSocketOptions(conn *net.UDPConn) error {
FILE: vendor/codeberg.org/miekg/dns/version.go
type v (line 8) | type v struct
method String (line 12) | func (v v) String() string {
FILE: vendor/codeberg.org/miekg/dns/zclone.go
method Clone (line 13) | func (rr *NULL) Clone() RR {
method Clone (line 22) | func (rr *CNAME) Clone() RR {
method Clone (line 31) | func (rr *HINFO) Clone() RR {
method Clone (line 41) | func (rr *MB) Clone() RR {
method Clone (line 50) | func (rr *MG) Clone() RR {
method Clone (line 59) | func (rr *MINFO) Clone() RR {
method Clone (line 69) | func (rr *MR) Clone() RR {
method Clone (line 78) | func (rr *MF) Clone() RR {
method Clone (line 87) | func (rr *MD) Clone() RR {
method Clone (line 96) | func (rr *MX) Clone() RR {
method Clone (line 106) | func (rr *AFSDB) Clone() RR {
method Clone (line 116) | func (rr *X25) Clone() RR {
method Clone (line 125) | func (rr *ISDN) Clone() RR {
method Clone (line 135) | func (rr *RT) Clone() RR {
method Clone (line 145) | func (rr *NS) Clone() RR {
method Clone (line 154) | func (rr *PTR) Clone() RR {
method Clone (line 163) | func (rr *RP) Clone() RR {
method Clone (line 173) | func (rr *SOA) Clone() RR {
method Clone (line 188) | func (rr *TXT) Clone() RR {
method Clone (line 197) | func (rr *IPN) Clone() RR {
method Clone (line 206) | func (rr *SRV) Clone() RR {
method Clone (line 218) | func (rr *NAPTR) Clone() RR {
method Clone (line 232) | func (rr *CERT) Clone() RR {
method Clone (line 244) | func (rr *DNAME) Clone() RR {
method Clone (line 253) | func (rr *A) Clone() RR {
method Clone (line 262) | func (rr *AAAA) Clone() RR {
method Clone (line 271) | func (rr *PX) Clone() RR {
method Clone (line 282) | func (rr *GPOS) Clone() RR {
method Clone (line 293) | func (rr *LOC) Clone() RR {
method Clone (line 308) | func (rr *RRSIG) Clone() RR {
method Clone (line 325) | func (rr *NSEC) Clone() RR {
method Clone (line 335) | func (rr *DS) Clone() RR {
method Clone (line 347) | func (rr *KX) Clone() RR {
method Clone (line 357) | func (rr *TA) Clone() RR {
method Clone (line 369) | func (rr *TALINK) Clone() RR {
method Clone (line 379) | func (rr *SSHFP) Clone() RR {
method Clone (line 390) | func (rr *DNSKEY) Clone() RR {
method Clone (line 402) | func (rr *RKEY) Clone() RR {
method Clone (line 414) | func (rr *NSAPPTR) Clone() RR {
method Clone (line 423) | func (rr *NSEC3) Clone() RR {
method Clone (line 439) | func (rr *NSEC3PARAM) Clone() RR {
method Clone (line 452) | func (rr *TKEY) Clone() RR {
method Clone (line 469) | func (rr *RFC3597) Clone() RR {
method Clone (line 479) | func (rr *URI) Clone() RR {
method Clone (line 490) | func (rr *DHCID) Clone() RR {
method Clone (line 499) | func (rr *TLSA) Clone() RR {
method Clone (line 511) | func (rr *SMIMEA) Clone() RR {
method Clone (line 523) | func (rr *HIP) Clone() RR {
method Clone (line 537) | func (rr *NINFO) Clone() RR {
method Clone (line 546) | func (rr *NID) Clone() RR {
method Clone (line 556) | func (rr *L32) Clone() RR {
method Clone (line 566) | func (rr *L64) Clone() RR {
method Clone (line 576) | func (rr *LP) Clone() RR {
method Clone (line 586) | func (rr *EUI48) Clone() RR {
method Clone (line 595) | func (rr *EUI64) Clone() RR {
method Clone (line 604) | func (rr *CAA) Clone() RR {
method Clone (line 615) | func (rr *UID) Clone() RR {
method Clone (line 624) | func (rr *GID) Clone() RR {
method Clone (line 633) | func (rr *UINFO) Clone() RR {
method Clone (line 642) | func (rr *EID) Clone() RR {
method Clone (line 651) | func (rr *NIMLOC) Clone() RR {
method Clone (line 660) | func (rr *OPENPGPKEY) Clone() RR {
method Clone (line 669) | func (rr *CSYNC) Clone() RR {
method Clone (line 680) | func (rr *ZONEMD) Clone() RR {
method Clone (line 692) | func (rr *SVCB) Clone() RR {
method Clone (line 709) | func (rr *DELEG) Clone() RR {
method Clone (line 724) | func (rr *DSYNC) Clone() RR {
method Clone (line 736) | func (rr *TSIG) Clone() RR {
method Clone (line 753) | func (rr *NXNAME) Clone() RR {
method Clone (line 759) | func (rr *SPF) Clone() RR {
method Clone (line 762) | func (rr *AVC) Clone() RR {
method Clone (line 765) | func (rr *WALLET) Clone() RR {
method Clone (line 768) | func (rr *CLA) Clone() RR {
method Clone (line 771) | func (rr *SIG) Clone() RR {
method Clone (line 774) | func (rr *NXT) Clone() RR {
method Clone (line 777) | func (rr *DLV) Clone() RR {
method Clone (line 780) | func (rr *CDS) Clone() RR {
method Clone (line 783) | func (rr *KEY) Clone() RR {
method Clone (line 786) | func (rr *CDNSKEY) Clone() RR {
method Clone (line 789) | func (rr *OPT) Clone() RR {
method Clone (line 796) | func (rr *RESINFO) Clone() RR {
method Clone (line 799) | func (rr *HTTPS) Clone() RR {
method Clone (line 802) | func (rr *DELEGPARAM) Clone() RR {
method Clone (line 805) | func (rr *ANY) Clone() RR {
method Clone (line 811) | func (rr *AXFR) Clone() RR {
method Clone (line 817) | func (rr *IXFR) Clone() RR {
method Clone (line 823) | func (rr *LLQ) Clone() RR {
method Clone (line 833) | func (rr *REPORTING) Clone() RR {
method Clone (line 839) | func (rr *COOKIE) Clone() RR {
method Clone (line 845) | func (rr *NSID) Clone() RR {
method Clone (line 851) | func (rr *PADDING) Clone() RR {
method Clone (line 857) | func (rr *EXPIRE) Clone() RR {
method Clone (line 863) | func (rr *DAU) Clone() RR {
method Clone (line 869) | func (rr *DHU) Clone() RR {
method Clone (line 875) | func (rr *N3U) Clone() RR {
method Clone (line 881) | func (rr *TCPKEEPALIVE) Clone() RR {
method Clone (line 887) | func (rr *EDE) Clone() RR {
method Clone (line 894) | func (rr *SUBNET) Clone() RR {
method Clone (line 903) | func (rr *ESU) Clone() RR {
method Clone (line 909) | func (rr *ZONEVERSION) Clone() RR {
method Clone (line 917) | func (rr *ERFC3597) Clone() RR {
method Clone (line 924) | func (rr *KEEPALIVE) Clone() RR {
method Clone (line 931) | func (rr *RETRYDELAY) Clone() RR {
method Clone (line 937) | func (rr *DPADDING) Clone() RR {
FILE: vendor/codeberg.org/miekg/dns/zcompare.go
function compare (line 10) | func compare(a, b RR) int {
method compare (line 191) | func (rr *NULL) compare(b RR) (x int) {
method compare (line 209) | func (rr *CNAME) compare(b RR) (x int) {
method compare (line 220) | func (rr *HINFO) compare(b RR) (x int) {
method compare (line 252) | func (rr *MB) compare(b RR) (x int) {
method compare (line 263) | func (rr *MG) compare(b RR) (x int) {
method compare (line 274) | func (rr *MINFO) compare(b RR) (x int) {
method compare (line 292) | func (rr *MR) compare(b RR) (x int) {
method compare (line 303) | func (rr *MF) compare(b RR) (x int) {
method compare (line 314) | func (rr *MD) compare(b RR) (x int) {
method compare (line 325) | func (rr *MX) compare(b RR) (x int) {
method compare (line 343) | func (rr *AFSDB) compare(b RR) (x int) {
method compare (line 361) | func (rr *X25) compare(b RR) (x int) {
method compare (line 379) | func (rr *ISDN) compare(b RR) (x int) {
method compare (line 411) | func (rr *RT) compare(b RR) (x int) {
method compare (line 429) | func (rr *NS) compare(b RR) (x int) {
method compare (line 440) | func (rr *PTR) compare(b RR) (x int) {
method compare (line 451) | func (rr *RP) compare(b RR) (x int) {
method compare (line 469) | func (rr *SOA) compare(b RR) (x int) {
method compare (line 522) | func (rr *TXT) compare(b RR) (x int) {
method compare (line 543) | func (rr *IPN) compare(b RR) (x int) {
method compare (line 554) | func (rr *SRV) compare(b RR) (x int) {
method compare (line 586) | func (rr *NAPTR) compare(b RR) (x int) {
method compare (line 653) | func (rr *CERT) compare(b RR) (x int) {
method compare (line 685) | func (rr *DNAME) compare(b RR) (x int) {
method compare (line 696) | func (rr *A) compare(b RR) (x int) {
method compare (line 707) | func (rr *AAAA) compare(b RR) (x int) {
method compare (line 718) | func (rr *PX) compare(b RR) (x int) {
method compare (line 743) | func (rr *GPOS) compare(b RR) (x int) {
method compare (line 789) | func (rr *LOC) compare(b RR) (x int) {
method compare (line 842) | func (rr *RRSIG) compare(b RR) (x int) {
method compare (line 909) | func (rr *NSEC) compare(b RR) (x int) {
method compare (line 927) | func (rr *DS) compare(b RR) (x int) {
method compare (line 959) | func (rr *KX) compare(b RR) (x int) {
method compare (line 977) | func (rr *TA) compare(b RR) (x int) {
method compare (line 1009) | func (rr *TALINK) compare(b RR) (x int) {
method compare (line 1027) | func (rr *SSHFP) compare(b RR) (x int) {
method compare (line 1052) | func (rr *DNSKEY) compare(b RR) (x int) {
method compare (line 1084) | func (rr *RKEY) compare(b RR) (x int) {
method compare (line 1116) | func (rr *NSAPPTR) compare(b RR) (x int) {
method compare (line 1127) | func (rr *NSEC3) compare(b RR) (x int) {
method compare (line 1187) | func (rr *NSEC3PARAM) compare(b RR) (x int) {
method compare (line 1226) | func (rr *TKEY) compare(b RR) (x int) {
method compare (line 1293) | func (rr *RFC3597) compare(b RR) (x int) {
method compare (line 1304) | func (rr *URI) compare(b RR) (x int) {
method compare (line 1336) | func (rr *DHCID) compare(b RR) (x int) {
method compare (line 1347) | func (rr *TLSA) compare(b RR) (x int) {
method compare (line 1379) | func (rr *SMIMEA) compare(b RR) (x int) {
method compare (line 1411) | func (rr *HIP) compare(b RR) (x int) {
method compare (line 1464) | func (rr *NINFO) compare(b RR) (x int) {
method compare (line 1485) | func (rr *NID) compare(b RR) (x int) {
method compare (line 1503) | func (rr *L32) compare(b RR) (x int) {
method compare (line 1521) | func (rr *L64) compare(b RR) (x int) {
method compare (line 1539) | func (rr *LP) compare(b RR) (x int) {
method compare (line 1557) | func (rr *EUI48) compare(b RR) (x int) {
method compare (line 1568) | func (rr *EUI64) compare(b RR) (x int) {
method compare (line 1579) | func (rr *CAA) compare(b RR) (x int) {
method compare (line 1618) | func (rr *UID) compare(b RR) (x int) {
method compare (line 1629) | func (rr *GID) compare(b RR) (x int) {
method compare (line 1640) | func (rr *UINFO) compare(b RR) (x int) {
method compare (line 1658) | func (rr *EID) compare(b RR) (x int) {
method compare (line 1669) | func (rr *NIMLOC) compare(b RR) (x int) {
method compare (line 1680) | func (rr *OPENPGPKEY) compare(b RR) (x int) {
method compare (line 1691) | func (rr *CSYNC) compare(b RR) (x int) {
method compare (line 1716) | func (rr *ZONEMD) compare(b RR) (x int) {
method compare (line 1748) | func (rr *SVCB) compare(b RR) (x int) {
method compare (line 1773) | func (rr *DELEG) compare(b RR) (x int) {
method compare (line 1784) | func (rr *DSYNC) compare(b RR) (x int) {
method compare (line 1816) | func (rr *TSIG) compare(b RR) (x int) {
method compare (line 1883) | func (rr *NXNAME) compare(b RR) (x int) {
method compare (line 1887) | func (rr *SPF) compare(b RR) (x int) {
method compare (line 1891) | func (rr *AVC) compare(b RR) (x int) {
method compare (line 1895) | func (rr *WALLET) compare(b RR) (x int) {
method compare (line 1899) | func (rr *CLA) compare(b RR) (x int) {
method compare (line 1903) | func (rr *SIG) compare(b RR) (x int) {
method compare (line 1907) | func (rr *NXT) compare(b RR) (x int) {
method compare (line 1911) | func (rr *DLV) compare(b RR) (x int) {
method compare (line 1915) | func (rr *CDS) compare(b RR) (x int) {
method compare (line 1919) | func (rr *KEY) compare(b RR) (x int) {
method compare (line 1923) | func (rr *CDNSKEY) compare(b RR) (x int) {
method compare (line 1927) | func (rr *OPT) compare(b RR) (x int) {
method compare (line 1931) | func (rr *RESINFO) compare(b RR) (x int) {
method compare (line 1935) | func (rr *HTTPS) compare(b RR) (x int) {
method compare (line 1939) | func (rr *DELEGPARAM) compare(b RR) (x int) {
method compare (line 1943) | func (rr *ANY) compare(b RR) (x int) {
method compare (line 1947) | func (rr *AXFR) compare(b RR) (x int) {
method compare (line 1951) | func (rr *IXFR) compare(b RR) (x int) {
FILE: vendor/codeberg.org/miekg/dns/zdnstest.go
function dnstestNew (line 13) | func dnstestNew(s string) RR {
function dnstestRead (line 22) | func dnstestRead(r io.Reader) RR {
FILE: vendor/codeberg.org/miekg/dns/zdnsutil.go
function dnsutilLabels (line 19) | func dnsutilLabels(s string) (labels int) {
function dnsutilNext (line 36) | func dnsutilNext(s string, offset int) (i int, end bool) {
function dnsutilPrev (line 51) | func dnsutilPrev(s string, n int) (i int, start bool) {
function dnsutilFqdn (line 79) | func dnsutilFqdn(s string) string {
function dnsutilIsFqdn (line 88) | func dnsutilIsFqdn(s string) bool { return strings.HasSuffix(s, ".") }
function dnsutilCanonical (line 92) | func dnsutilCanonical(s string) string {
function dnsutilIsName (line 105) | func dnsutilIsName(s string) bool {
function compareLabel (line 147) | func compareLabel(a, b string) int {
function dnsutilTimeToString (line 176) | func dnsutilTimeToString(t uint32) string {
function dnsutilStringToTime (line 184) | func dnsutilStringToTime(s string) (uint32, error) {
function dnsutilAbsolute (line 197) | func dnsutilAbsolute(s, origin string) string {
constant maxSerialIncrement (line 217) | maxSerialIncrement = 2147483647
FILE: vendor/codeberg.org/miekg/dns/zdsolen.go
method Len (line 5) | func (rr *KEEPALIVE) Len() int {
method Len (line 12) | func (rr *RETRYDELAY) Len() int {
method Len (line 18) | func (rr *DPADDING) Len() int {
FILE: vendor/codeberg.org/miekg/dns/zdsorr.go
method Header (line 5) | func (rr *KEEPALIVE) Header() *Header { return &Header{Name: "."} }
method Stateful (line 6) | func (rr *KEEPALIVE) Stateful() bool { return true }
method Header (line 7) | func (rr *RETRYDELAY) Header() *Header { return &Header{Name: "."} }
method Stateful (line 8) | func (rr *RETRYDELAY) Stateful() bool { return true }
method Header (line 9) | func (rr *DPADDING) Header() *Header { return &Header{Name: "."} }
method Stateful (line 10) | func (rr *DPADDING) Stateful() bool { return true }
function RRToStateful (line 20) | func RRToStateful(rr DSO) uint16 {
FILE: vendor/codeberg.org/miekg/dns/zednspack.go
method pack (line 15) | func (o *LLQ) pack(msg []byte, off int) (off1 int, err error) {
method unpack (line 39) | func (o *LLQ) unpack(s *cryptobyte.String) error {
method unpack (line 58) | func (o *NSID) unpack(s *cryptobyte.String) error {
method pack (line 63) | func (o *NSID) pack(msg []byte, off int) (int, error) {
method pack (line 67) | func (o *COOKIE) pack(msg []byte, off int) (int, error) {
method unpack (line 71) | func (o *COOKIE) unpack(s *cryptobyte.String) error {
method unpack (line 76) | func (o *PADDING) unpack(s *cryptobyte.String) error {
method pack (line 81) | func (o *PADDING) pack(msg []byte, off int) (int, error) {
method pack (line 85) | func (o *DAU) pack(msg []byte, off int) (off1 int, err error) {
method unpack (line 94) | func (o *DAU) unpack(s *cryptobyte.String) error {
method pack (line 103) | func (o *DHU) pack(msg []byte, off int) (off1 int, err error) {
method unpack (line 112) | func (o *DHU) unpack(s *cryptobyte.String) error {
method pack (line 121) | func (o *N3U) pack(msg []byte, off int) (off1 int, err error) {
method unpack (line 130) | func (o *N3U) unpack(s *cryptobyte.String) error {
method unpack (line 139) | func (o *EDE) unpack(s *cryptobyte.String) (err error) {
method pack (line 149) | func (o *EDE) pack(msg []byte, off int) (int, error) {
method unpack (line 158) | func (e *REPORTING) unpack(s *cryptobyte.String) (err error) {
method pack (line 166) | func (e *REPORTING) pack(msg []byte, off int) (int, error) {
method pack (line 170) | func (o *EXPIRE) pack(msg []byte, off int) (int, error) {
method unpack (line 177) | func (o *EXPIRE) unpack(s *cryptobyte.String) error {
method pack (line 188) | func (o *TCPKEEPALIVE) pack(msg []byte, off int) (int, error) {
method unpack (line 195) | func (o *TCPKEEPALIVE) unpack(s *cryptobyte.String) error {
method pack (line 205) | func (o *SUBNET) pack(msg []byte, off int) (int, error) {
method unpack (line 258) | func (o *SUBNET) unpack(s *cryptobyte.String) (err error) {
method pack (line 303) | func (o *ESU) pack(msg []byte, off int) (int, error) {
method unpack (line 307) | func (o *ESU) unpack(s *cryptobyte.String) (err error) {
method pack (line 312) | func (o *ZONEVERSION) pack(msg []byte, off int) (int, error) {
method unpack (line 324) | func (o *ZONEVERSION) unpack(s *cryptobyte.String) (err error) {
method pack (line 336) | func (o *ERFC3597) pack(msg []byte, off int) (int, error) {
method unpack (line 340) | func (o
Copy disabled (too large)
Download .json
Condensed preview — 1785 files, each showing path, character count, and a content snippet. Download the .json file for the full structured content (17,234K chars).
[
{
"path": ".ci/allowed-names.txt",
"chars": 19,
"preview": "tracker.debian.org\n"
},
{
"path": ".ci/blocked-ips.txt",
"chars": 8,
"preview": "8.8.8.8\n"
},
{
"path": ".ci/blocked-names.txt",
"chars": 322,
"preview": "##################\n# Test blocklist #\n##################\n\nad.*\nads.*\nbanner.*\nbanners.*\ncreatives.*\noas.*\noascentral.* "
},
{
"path": ".ci/ci-build.sh",
"chars": 9862,
"preview": "#! /bin/sh\n\nPACKAGE_VERSION=\"$1\"\n\ncd dnscrypt-proxy || exit 1\n\ngo clean\nenv GOOS=windows GOARCH=386 go build -mod vendor"
},
{
"path": ".ci/ci-package.sh",
"chars": 1424,
"preview": "#! /bin/sh\n\nPACKAGE_VERSION=\"$1\"\n\ncd dnscrypt-proxy || exit 1\n\n# setup the environment\n\nsudo apt-get update -y\nsudo apt-"
},
{
"path": ".ci/ci-test.sh",
"chars": 7130,
"preview": "#! /bin/sh\n\nDNS_PORT=5300\nHTTP_PORT=3053\nTEST_COUNT=0\n\nexec 2>error.log\n\nt() {\n TEST_COUNT=$((TEST_COUNT + 1))\n ec"
},
{
"path": ".ci/cloaking-rules.txt",
"chars": 229,
"preview": "cloakedunregistered.* one.one.one.one\n*.cloakedunregistered2.* one.one.one.one # inline comment\n=www.dnscrypt-t"
},
{
"path": ".ci/forwarding-rules.txt",
"chars": 56,
"preview": "darpa.mil 4.2.2.2\ndownload.windowsupdate.com $BOOTSTRAP\n"
},
{
"path": ".ci/test-odoh-proxied.toml",
"chars": 386,
"preview": "server_names = ['odohtarget']\nlisten_addresses = ['127.0.0.1:5300']\n\n[query_log]\nfile = 'query.log'\n\n[static]\n [static."
},
{
"path": ".ci/test2-dnscrypt-proxy.toml",
"chars": 2087,
"preview": "server_names = ['public-scaleway-fr']\nlisten_addresses = ['127.0.0.1:5300']\nrequire_dnssec = true\ndnscrypt_ephemeral_key"
},
{
"path": ".ci/test3-dnscrypt-proxy.toml",
"chars": 486,
"preview": "server_names = ['myserver']\nlisten_addresses = ['127.0.0.1:5300']\nrequire_dnssec = true\ndnscrypt_ephemeral_keys = true\nt"
},
{
"path": ".gitattributes",
"chars": 202,
"preview": "* text=auto\n*.go text diff=golang\n*.bat text eol=crlf\ngo.mod t"
},
{
"path": ".github/ISSUE_TEMPLATE/bugs.md",
"chars": 1493,
"preview": "---\nname: \"Bug Report\"\nabout: Report a bug you've encountered\ntitle: ''\nlabels: ''\nassignees: ''\n\n---\n\nThanks for taking"
},
{
"path": ".github/ISSUE_TEMPLATE/suggestions.md",
"chars": 908,
"preview": "---\nname: \"Feature Request\"\nabout: Suggest an idea or improvement\ntitle: ''\nlabels: ''\nassignees: ''\n\n---\n\nGot an idea f"
},
{
"path": ".github/dependabot.yml",
"chars": 318,
"preview": "version: 2\n\nupdates:\n # Maintain dependencies for GitHub Actions\n - package-ecosystem: \"github-actions\"\n directory:"
},
{
"path": ".github/workflows/autocloser.yml",
"chars": 685,
"preview": "name: Autocloser\non: [issues]\njobs:\n autoclose:\n runs-on: ubuntu-latest\n steps:\n - name: Autoclose issues that"
},
{
"path": ".github/workflows/codeql-analysis.yml",
"chars": 582,
"preview": "name: \"CodeQL scan\"\n\non:\n push:\n pull_request:\n schedule:\n - cron: '0 14 * * 6'\n\njobs:\n analyze:\n name: Analyz"
},
{
"path": ".github/workflows/releases.yml",
"chars": 4118,
"preview": "on:\n push:\n paths:\n - \"**.go\"\n - \"go.*\"\n - \"**/testdata/**\"\n - \".ci/**\"\n - \".git*\"\n - "
},
{
"path": ".gitignore",
"chars": 258,
"preview": "#*#\n*.dll\n*.dylib\n*.exe\n*.out\n*.so\n*.swp\n*.test\n*~\ndnscrypt-proxy/dnscrypt-proxy2\ndnscrypt-proxy/dnscrypt-proxy\n.idea\n.c"
},
{
"path": "ChangeLog",
"chars": 35874,
"preview": "# Version 2.1.15\n - The proxy now dynamically reduces timeouts as the connection limit is\napproached, improving performa"
},
{
"path": "LICENSE",
"chars": 772,
"preview": "ISC License\n\nCopyright (c) 2018-2026, Frank Denis <j at pureftpd dot org>\n\nPermission to use, copy, modify, and/or distr"
},
{
"path": "README.md",
"chars": 5890,
"preview": "# \n\n[![Financial Contributors on Op"
},
{
"path": "contrib/msi/Dockerfile",
"chars": 757,
"preview": "FROM ubuntu:latest\nMAINTAINER dnscrypt-authors\n\nRUN apt-get update && \\\n apt-get install -y wget wine dotnet-sdk-6.0 "
},
{
"path": "contrib/msi/README.md",
"chars": 276,
"preview": "# Scripts and utilities related to building an .msi (Microsoft Standard Installer) file.\n\n## Docker test image for build"
},
{
"path": "contrib/msi/build.sh",
"chars": 954,
"preview": "#! /bin/sh\n\nversion=0.0.0\ngitver=$(git describe --tags --always --match=\"[0-9]*.[0-9]*.[0-9]*\" --exclude='*[^0-9.]*')\nif"
},
{
"path": "contrib/msi/dnscrypt.wxs",
"chars": 2935,
"preview": "<?xml version=\"1.0\"?>\n\n<?if $(var.Platform)=\"x64\" ?>\n <?define Program_Files=\"ProgramFiles64Folder\"?>\n<?else ?>\n <"
},
{
"path": "dnscrypt-proxy/coldstart.go",
"chars": 4963,
"preview": "package main\n\nimport (\n\t\"fmt\"\n\t\"net\"\n\t\"net/netip\"\n\t\"strings\"\n\t\"sync\"\n\t\"time\"\n\n\t\"codeberg.org/miekg/dns\"\n\t\"codeberg.org/m"
},
{
"path": "dnscrypt-proxy/common.go",
"chars": 10964,
"preview": "package main\n\nimport (\n\t\"bytes\"\n\t\"encoding/binary\"\n\t\"errors\"\n\t\"fmt\"\n\t\"io\"\n\t\"net\"\n\t\"os\"\n\t\"strconv\"\n\t\"strings\"\n\t\"sync\"\n\t\"t"
},
{
"path": "dnscrypt-proxy/common_test.go",
"chars": 1675,
"preview": "package main\n\nimport (\n\t\"net\"\n\t\"testing\"\n)\n\nfunc TestExtractClientIPStr(t *testing.T) {\n\ttests := []struct {\n\t\tname "
},
{
"path": "dnscrypt-proxy/config.go",
"chars": 26860,
"preview": "package main\n\nimport (\n\t\"encoding/json\"\n\t\"errors\"\n\t\"fmt\"\n\t\"math/rand\"\n\t\"os\"\n\t\"path\"\n\t\"path/filepath\"\n\t\"strconv\"\n\t\"string"
},
{
"path": "dnscrypt-proxy/config_loader.go",
"chars": 17643,
"preview": "package main\n\nimport (\n\t\"errors\"\n\t\"fmt\"\n\t\"net\"\n\t\"net/http\"\n\t\"net/url\"\n\t\"os\"\n\t\"strconv\"\n\t\"strings\"\n\t\"time\"\n\n\t\"github.com/"
},
{
"path": "dnscrypt-proxy/config_watcher.go",
"chars": 6951,
"preview": "package main\n\nimport (\n\t\"crypto/sha256\"\n\t\"errors\"\n\t\"io\"\n\t\"os\"\n\t\"path/filepath\"\n\t\"sync\"\n\t\"time\"\n\n\t\"github.com/fsnotify/fs"
},
{
"path": "dnscrypt-proxy/config_watcher_test.go",
"chars": 4463,
"preview": "package main\n\nimport (\n\t\"fmt\"\n\t\"os\"\n\t\"path/filepath\"\n\t\"sync/atomic\"\n\t\"testing\"\n\t\"time\"\n)\n\n// TestConfigWatcher tests the"
},
{
"path": "dnscrypt-proxy/crypto.go",
"chars": 5121,
"preview": "package main\n\nimport (\n\t\"bytes\"\n\tcrypto_rand \"crypto/rand\"\n\t\"crypto/sha512\"\n\t\"errors\"\n\n\t\"github.com/jedisct1/dlog\"\n\t\"git"
},
{
"path": "dnscrypt-proxy/dnscrypt_certs.go",
"chars": 5961,
"preview": "package main\n\nimport (\n\t\"bytes\"\n\t\"encoding/binary\"\n\t\"errors\"\n\t\"strings\"\n\t\"time\"\n\n\t\"codeberg.org/miekg/dns\"\n\t\"github.com/"
},
{
"path": "dnscrypt-proxy/dnsutils.go",
"chars": 12670,
"preview": "package main\n\nimport (\n\t\"encoding/binary\"\n\t\"errors\"\n\t\"net\"\n\t\"net/netip\"\n\t\"strings\"\n\t\"time\"\n\t\"unicode/utf8\"\n\n\t\"codeberg.o"
},
{
"path": "dnscrypt-proxy/estimators.go",
"chars": 1462,
"preview": "package main\n\nimport (\n\t\"sync\"\n\n\t\"github.com/VividCortex/ewma\"\n)\n\ntype QuestionSizeEstimator struct {\n\tsync.RWMutex\n\tmin"
},
{
"path": "dnscrypt-proxy/example-allowed-ips.txt",
"chars": 250,
"preview": "##############################\n# Allowed IPs List #\n##############################\n\n#192.168.0.*\n#fe80:53:* "
},
{
"path": "dnscrypt-proxy/example-allowed-names.txt",
"chars": 1133,
"preview": "\n###########################\n# Allowlist #\n###########################\n\n## Rules for allowing queries base"
},
{
"path": "dnscrypt-proxy/example-blocked-ips.txt",
"chars": 601,
"preview": "##############################\n# IP blocklist #\n##############################\n\n## Rules for blocking DNS "
},
{
"path": "dnscrypt-proxy/example-blocked-names.txt",
"chars": 1188,
"preview": "\n###########################\n# Blocklist #\n###########################\n\n## Rules for name-based query bloc"
},
{
"path": "dnscrypt-proxy/example-captive-portals.txt",
"chars": 1654,
"preview": "###########################################\n# Captive portal test names #\n################################"
},
{
"path": "dnscrypt-proxy/example-cloaking-rules.txt",
"chars": 1550,
"preview": "################################\n# Cloaking rules #\n################################\n\n# The following exam"
},
{
"path": "dnscrypt-proxy/example-dnscrypt-proxy.toml",
"chars": 38531,
"preview": "##############################################\n# #\n# dnscrypt-proxy co"
},
{
"path": "dnscrypt-proxy/example-forwarding-rules.txt",
"chars": 2306,
"preview": "##################################\n# Forwarding rules #\n##################################\n\n## This is use"
},
{
"path": "dnscrypt-proxy/fuzzing_test.go",
"chars": 1329,
"preview": "//go:build gofuzzbeta\n\npackage main\n\nimport (\n\t\"encoding/hex\"\n\t\"testing\"\n\n\tstamps \"github.com/jedisct1/go-dnsstamps\"\n)\n\n"
},
{
"path": "dnscrypt-proxy/hot_reload.go",
"chars": 3377,
"preview": "package main\n\nimport (\n\t\"time\"\n\n\t\"github.com/jedisct1/dlog\"\n)\n\n// InitHotReload sets up hot-reloading for configuration "
},
{
"path": "dnscrypt-proxy/ipcrypt.go",
"chars": 6070,
"preview": "package main\n\nimport (\n\t\"crypto/rand\"\n\t\"encoding/hex\"\n\t\"fmt\"\n\t\"net\"\n\t\"strings\"\n\n\t\"github.com/jedisct1/dlog\"\n\tipcrypt \"gi"
},
{
"path": "dnscrypt-proxy/ipcrypt_test.go",
"chars": 7082,
"preview": "package main\n\nimport (\n\t\"net\"\n\t\"testing\"\n)\n\nfunc TestNewIPCryptConfig(t *testing.T) {\n\ttests := []struct {\n\t\tname s"
},
{
"path": "dnscrypt-proxy/local-doh.go",
"chars": 3512,
"preview": "package main\n\nimport (\n\t\"encoding/base64\"\n\t\"fmt\"\n\t\"io\"\n\t\"net\"\n\t\"net/http\"\n\t\"strings\"\n\t\"time\"\n\n\t\"codeberg.org/miekg/dns\"\n"
},
{
"path": "dnscrypt-proxy/localhost.pem",
"chars": 2807,
"preview": "-----BEGIN PRIVATE KEY-----\nMIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDb7g6EQhbfby97\nk4oMbZTzdi2TWFBs7qK/QwgOu+L"
},
{
"path": "dnscrypt-proxy/logger.go",
"chars": 1148,
"preview": "package main\n\nimport (\n\t\"io\"\n\t\"os\"\n\n\t\"github.com/jedisct1/dlog\"\n\t\"gopkg.in/natefinch/lumberjack.v2\"\n)\n\nfunc Logger(logMa"
},
{
"path": "dnscrypt-proxy/main.go",
"chars": 4689,
"preview": "package main\n\nimport (\n\tcrypto_rand \"crypto/rand\"\n\t\"encoding/binary\"\n\t\"flag\"\n\t\"fmt\"\n\t\"math/rand\"\n\t\"os\"\n\t\"os/signal\"\n\t\"ru"
},
{
"path": "dnscrypt-proxy/monitoring_ui.go",
"chars": 39980,
"preview": "package main\n\nimport (\n\t\"crypto/subtle\"\n\t\"encoding/json\"\n\t\"fmt\"\n\t\"html\"\n\t\"net\"\n\t\"net/http\"\n\t\"os\"\n\t\"runtime\"\n\t\"sort\"\n\t\"st"
},
{
"path": "dnscrypt-proxy/netprobe_others.go",
"chars": 1041,
"preview": "//go:build !windows\n\npackage main\n\nimport (\n\t\"net\"\n\t\"time\"\n\n\t\"github.com/jedisct1/dlog\"\n)\n\nfunc NetProbe(proxy *Proxy, a"
},
{
"path": "dnscrypt-proxy/netprobe_windows.go",
"chars": 1511,
"preview": "package main\n\nimport (\n\t\"net\"\n\t\"time\"\n\n\t\"github.com/jedisct1/dlog\"\n)\n\nfunc NetProbe(proxy *Proxy, address string, timeou"
},
{
"path": "dnscrypt-proxy/oblivious_doh.go",
"chars": 5487,
"preview": "package main\n\nimport (\n\t\"crypto/subtle\"\n\t\"encoding/binary\"\n\t\"fmt\"\n\n\t\"github.com/jedisct1/dlog\"\n\thpkecompact \"github.com/"
},
{
"path": "dnscrypt-proxy/pattern_matcher.go",
"chars": 4750,
"preview": "package main\n\nimport (\n\t\"fmt\"\n\t\"path/filepath\"\n\t\"strings\"\n\n\t\"github.com/k-sone/critbitgo\"\n\n\t\"github.com/jedisct1/dlog\"\n)"
},
{
"path": "dnscrypt-proxy/permcheck_others.go",
"chars": 93,
"preview": "//go:build !unix\n\npackage main\n\nfunc WarnIfMaybeWritableByOtherUsers(p string) {\n\t// No-op\n}\n"
},
{
"path": "dnscrypt-proxy/permcheck_unix.go",
"chars": 1016,
"preview": "//go:build unix\n\npackage main\n\nimport (\n\t\"os\"\n\t\"path\"\n\n\t\"github.com/jedisct1/dlog\"\n)\n\nfunc maybeWritableByOtherUsers(p s"
},
{
"path": "dnscrypt-proxy/pidfile.go",
"chars": 542,
"preview": "package main\n\nimport (\n\t\"flag\"\n\t\"os\"\n\t\"path/filepath\"\n\t\"strconv\"\n\n\t\"github.com/dchest/safefile\"\n)\n\nvar pidFile = flag.St"
},
{
"path": "dnscrypt-proxy/plugin_allow_ip.go",
"chars": 5866,
"preview": "package main\n\nimport (\n\t\"errors\"\n\t\"io\"\n\t\"net\"\n\t\"sync\"\n\n\t\"codeberg.org/miekg/dns\"\n\tiradix \"github.com/hashicorp/go-immuta"
},
{
"path": "dnscrypt-proxy/plugin_allow_name.go",
"chars": 4674,
"preview": "package main\n\nimport (\n\t\"errors\"\n\t\"io\"\n\t\"sync\"\n\n\t\"codeberg.org/miekg/dns\"\n\t\"github.com/jedisct1/dlog\"\n)\n\ntype PluginAllo"
},
{
"path": "dnscrypt-proxy/plugin_block_ip.go",
"chars": 5944,
"preview": "package main\n\nimport (\n\t\"errors\"\n\t\"io\"\n\t\"net\"\n\t\"sync\"\n\n\t\"codeberg.org/miekg/dns\"\n\tiradix \"github.com/hashicorp/go-immuta"
},
{
"path": "dnscrypt-proxy/plugin_block_ipv6.go",
"chars": 1599,
"preview": "package main\n\nimport (\n\t\"strings\"\n\n\t\"codeberg.org/miekg/dns\"\n)\n\ntype PluginBlockIPv6 struct{}\n\nfunc (plugin *PluginBlock"
},
{
"path": "dnscrypt-proxy/plugin_block_name.go",
"chars": 7672,
"preview": "package main\n\nimport (\n\t\"errors\"\n\t\"io\"\n\t\"sync\"\n\n\t\"codeberg.org/miekg/dns\"\n\t\"github.com/jedisct1/dlog\"\n)\n\ntype BlockedNam"
},
{
"path": "dnscrypt-proxy/plugin_block_undelegated.go",
"chars": 4307,
"preview": "package main\n\nimport (\n\t\"codeberg.org/miekg/dns\"\n\t\"github.com/k-sone/critbitgo\"\n)\n\nvar undelegatedSet = []string{\n\t\"0.0."
},
{
"path": "dnscrypt-proxy/plugin_block_unqualified.go",
"chars": 1061,
"preview": "package main\n\nimport (\n\t\"strings\"\n\n\t\"codeberg.org/miekg/dns\"\n)\n\ntype PluginBlockUnqualified struct{}\n\nfunc (plugin *Plug"
},
{
"path": "dnscrypt-proxy/plugin_cache.go",
"chars": 3509,
"preview": "package main\n\nimport (\n\t\"crypto/sha512\"\n\t\"encoding/binary\"\n\t\"fmt\"\n\t\"sync\"\n\t\"time\"\n\n\t\"codeberg.org/miekg/dns\"\n\t\"github.co"
},
{
"path": "dnscrypt-proxy/plugin_captive_portal.go",
"chars": 1043,
"preview": "package main\n\nimport (\n\t\"codeberg.org/miekg/dns\"\n\t\"github.com/jedisct1/dlog\"\n)\n\ntype PluginCaptivePortal struct {\n\tcapti"
},
{
"path": "dnscrypt-proxy/plugin_cloak.go",
"chars": 8990,
"preview": "package main\n\nimport (\n\t\"errors\"\n\t\"fmt\"\n\t\"math/rand\"\n\t\"net\"\n\t\"net/netip\"\n\t\"strings\"\n\t\"sync\"\n\t\"time\"\n\t\"unicode\"\n\n\t\"codebe"
},
{
"path": "dnscrypt-proxy/plugin_dns64.go",
"chars": 6788,
"preview": "package main\n\nimport (\n\t\"context\"\n\t\"errors\"\n\t\"net\"\n\t\"net/netip\"\n\t\"sync\"\n\t\"time\"\n\n\t\"codeberg.org/miekg/dns\"\n\t\"codeberg.or"
},
{
"path": "dnscrypt-proxy/plugin_ecs.go",
"chars": 1572,
"preview": "package main\n\nimport (\n\t\"math/rand\"\n\t\"net\"\n\t\"net/netip\"\n\n\t\"codeberg.org/miekg/dns\"\n\t\"github.com/jedisct1/dlog\"\n)\n\ntype P"
},
{
"path": "dnscrypt-proxy/plugin_firefox.go",
"chars": 2410,
"preview": "// Firefox DoH Canary Domain Plugin\n//\n// This plugin prevents Firefox from bypassing dnscrypt-proxy and using external "
},
{
"path": "dnscrypt-proxy/plugin_forward.go",
"chars": 12787,
"preview": "package main\n\nimport (\n\t\"context\"\n\t\"errors\"\n\t\"fmt\"\n\t\"math/rand\"\n\t\"net\"\n\t\"os\"\n\t\"path/filepath\"\n\t\"strings\"\n\t\"sync\"\n\t\"sync/"
},
{
"path": "dnscrypt-proxy/plugin_get_set_payload_size.go",
"chars": 1386,
"preview": "package main\n\nimport \"codeberg.org/miekg/dns\"\n\ntype PluginGetSetPayloadSize struct{}\n\nfunc (plugin *PluginGetSetPayloadS"
},
{
"path": "dnscrypt-proxy/plugin_nx_log.go",
"chars": 1894,
"preview": "package main\n\nimport (\n\t\"errors\"\n\t\"fmt\"\n\t\"io\"\n\t\"time\"\n\n\t\"codeberg.org/miekg/dns\"\n\t\"github.com/jedisct1/dlog\"\n)\n\ntype Plu"
},
{
"path": "dnscrypt-proxy/plugin_query_log.go",
"chars": 3461,
"preview": "package main\n\nimport (\n\t\"errors\"\n\t\"fmt\"\n\t\"io\"\n\t\"strings\"\n\t\"time\"\n\n\t\"codeberg.org/miekg/dns\"\n\t\"github.com/jedisct1/dlog\"\n"
},
{
"path": "dnscrypt-proxy/plugin_querymeta.go",
"chars": 779,
"preview": "package main\n\nimport (\n\t\"codeberg.org/miekg/dns\"\n)\n\ntype PluginQueryMeta struct {\n\tqueryMetaRR *dns.TXT\n}\n\nfunc (plugin "
},
{
"path": "dnscrypt-proxy/plugins.go",
"chars": 12527,
"preview": "package main\n\nimport (\n\t\"errors\"\n\t\"net\"\n\t\"strings\"\n\t\"sync\"\n\t\"time\"\n\n\t\"codeberg.org/miekg/dns\"\n\t\"github.com/jedisct1/dlog"
},
{
"path": "dnscrypt-proxy/privilege_linux.go",
"chars": 2676,
"preview": "package main\n\nimport (\n\t\"os\"\n\t\"os/exec\"\n\t\"os/user\"\n\t\"path/filepath\"\n\t\"runtime\"\n\t\"strconv\"\n\t\"syscall\"\n\n\t\"golang.org/x/sys"
},
{
"path": "dnscrypt-proxy/privilege_others.go",
"chars": 2507,
"preview": "//go:build !windows && !linux\n\npackage main\n\nimport (\n\t\"os\"\n\t\"os/exec\"\n\t\"os/user\"\n\t\"path/filepath\"\n\t\"runtime\"\n\t\"strconv\""
},
{
"path": "dnscrypt-proxy/privilege_windows.go",
"chars": 96,
"preview": "package main\n\nimport \"os\"\n\nfunc (proxy *Proxy) dropPrivilege(userStr string, fds []*os.File) {}\n"
},
{
"path": "dnscrypt-proxy/proxy.go",
"chars": 27511,
"preview": "package main\n\nimport (\n\t\"context\"\n\tcrypto_rand \"crypto/rand\"\n\t\"encoding/binary\"\n\t\"net\"\n\t\"os\"\n\t\"runtime\"\n\t\"strings\"\n\t\"syn"
},
{
"path": "dnscrypt-proxy/query_processing.go",
"chars": 10831,
"preview": "package main\n\nimport (\n\t\"math/rand\"\n\t\"net\"\n\t\"time\"\n\n\t\"codeberg.org/miekg/dns\"\n\t\"github.com/jedisct1/dlog\"\n\tclocksmith \"g"
},
{
"path": "dnscrypt-proxy/reload_utils.go",
"chars": 6391,
"preview": "package main\n\nimport (\n\t\"errors\"\n\t\"fmt\"\n\t\"sync\"\n\t\"sync/atomic\"\n\t\"time\"\n\n\t\"codeberg.org/miekg/dns\"\n\t\"github.com/jedisct1/"
},
{
"path": "dnscrypt-proxy/reload_utils_test.go",
"chars": 3475,
"preview": "package main\n\nimport (\n\t\"sync\"\n\t\"testing\"\n\t\"time\"\n)\n\n// TestReloadSafeguard tests the ReloadSafeguard functionality\nfunc"
},
{
"path": "dnscrypt-proxy/resolve.go",
"chars": 9684,
"preview": "package main\n\nimport (\n\t\"context\"\n\t\"errors\"\n\t\"fmt\"\n\t\"net\"\n\t\"net/netip\"\n\t\"os\"\n\t\"strings\"\n\t\"time\"\n\n\t\"codeberg.org/miekg/dn"
},
{
"path": "dnscrypt-proxy/serversInfo.go",
"chars": 35421,
"preview": "package main\n\nimport (\n\tcrypto_rand \"crypto/rand\"\n\t\"crypto/sha256\"\n\t\"encoding/hex\"\n\t\"errors\"\n\t\"fmt\"\n\t\"math/bits\"\n\t\"math/"
},
{
"path": "dnscrypt-proxy/service_android.go",
"chars": 145,
"preview": "//go:build android\n\npackage main\n\nfunc ServiceManagerStartNotify() error {\n\treturn nil\n}\n\nfunc ServiceManagerReadyNotify"
},
{
"path": "dnscrypt-proxy/service_linux.go",
"chars": 754,
"preview": "//go:build !android\n\npackage main\n\nimport (\n\t\"github.com/coreos/go-systemd/daemon\"\n\tclocksmith \"github.com/jedisct1/go-c"
},
{
"path": "dnscrypt-proxy/service_others.go",
"chars": 156,
"preview": "//go:build !linux && !windows\n\npackage main\n\nfunc ServiceManagerStartNotify() error {\n\treturn nil\n}\n\nfunc ServiceManager"
},
{
"path": "dnscrypt-proxy/service_windows.go",
"chars": 251,
"preview": "package main\n\nimport \"golang.org/x/sys/windows/svc/mgr\"\n\nfunc ServiceManagerStartNotify() error {\n\tmgr, err := mgr.Conne"
},
{
"path": "dnscrypt-proxy/setsockopts_darwin.go",
"chars": 1098,
"preview": "package main\n\nimport (\n\t\"net\"\n\t\"syscall\"\n)\n\nfunc (proxy *Proxy) udpListenerConfig() (*net.ListenConfig, error) {\n\treturn"
},
{
"path": "dnscrypt-proxy/setsockopts_freebsd.go",
"chars": 1434,
"preview": "package main\n\nimport (\n\t\"net\"\n\t\"syscall\"\n)\n\nfunc (proxy *Proxy) udpListenerConfig() (*net.ListenConfig, error) {\n\treturn"
},
{
"path": "dnscrypt-proxy/setsockopts_linux.go",
"chars": 1496,
"preview": "package main\n\nimport (\n\t\"net\"\n\t\"syscall\"\n)\n\nfunc (proxy *Proxy) udpListenerConfig() (*net.ListenConfig, error) {\n\treturn"
},
{
"path": "dnscrypt-proxy/setsockopts_openbsd.go",
"chars": 1262,
"preview": "package main\n\nimport (\n\t\"net\"\n\t\"syscall\"\n)\n\nfunc (proxy *Proxy) udpListenerConfig() (*net.ListenConfig, error) {\n\treturn"
},
{
"path": "dnscrypt-proxy/setsockopts_others.go",
"chars": 308,
"preview": "//go:build !freebsd && !openbsd && !windows && !darwin && !linux\n\npackage main\n\nimport (\n\t\"net\"\n)\n\nfunc (proxy *Proxy) u"
},
{
"path": "dnscrypt-proxy/setsockopts_windows.go",
"chars": 1151,
"preview": "package main\n\nimport (\n\t\"net\"\n\t\"syscall\"\n)\n\nconst (\n\tIPV6_TCLASS = 39 // Not defined in Go's syscall package for Windows"
},
{
"path": "dnscrypt-proxy/signal_others.go",
"chars": 228,
"preview": "//go:build windows || (js && wasm) || wasip1\n\npackage main\n\nconst HasSIGHUP = false\n\n// setupSignalHandler sets up a SIG"
},
{
"path": "dnscrypt-proxy/signal_posix.go",
"chars": 828,
"preview": "//go:build unix && !(js && wasm) && !wasip1\n\npackage main\n\nimport (\n\t\"os\"\n\t\"os/signal\"\n\t\"syscall\"\n\n\t\"github.com/jedisct1"
},
{
"path": "dnscrypt-proxy/sources.go",
"chars": 10019,
"preview": "package main\n\nimport (\n\t\"bytes\"\n\t\"fmt\"\n\t\"math/rand\"\n\t\"net/url\"\n\t\"os\"\n\t\"path/filepath\"\n\t\"strings\"\n\t\"sync\"\n\t\"time\"\n\n\t\"gith"
},
{
"path": "dnscrypt-proxy/sources_test.go",
"chars": 16624,
"preview": "package main\n\nimport (\n\t\"bytes\"\n\t\"fmt\"\n\t\"net/http\"\n\t\"net/http/httptest\"\n\t\"net/url\"\n\t\"os\"\n\t\"path/filepath\"\n\t\"strconv\"\n\t\"s"
},
{
"path": "dnscrypt-proxy/static/js/monitoring.js",
"chars": 25765,
"preview": "// Error handling function with fallback to static content\nfunction handleError(error) {\n console.error('Error:', err"
},
{
"path": "dnscrypt-proxy/static/templates/dashboard.html",
"chars": 10096,
"preview": "<!DOCTYPE html>\n<html lang=\"en\">\n<head>\n <meta charset=\"UTF-8\">\n <meta name=\"viewport\" content=\"width=device-width"
},
{
"path": "dnscrypt-proxy/staticcheck.conf",
"chars": 28,
"preview": "checks = [\"all\", \"-ST1005\"]\n"
},
{
"path": "dnscrypt-proxy/systemd_android.go",
"chars": 78,
"preview": "package main\n\nfunc (proxy *Proxy) addSystemDListeners() error {\n\treturn nil\n}\n"
},
{
"path": "dnscrypt-proxy/systemd_free.go",
"chars": 97,
"preview": "//go:build !linux\n\npackage main\n\nfunc (proxy *Proxy) addSystemDListeners() error {\n\treturn nil\n}\n"
},
{
"path": "dnscrypt-proxy/systemd_linux.go",
"chars": 1372,
"preview": "//go:build !android\n\npackage main\n\nimport (\n\t\"net\"\n\t\"slices\"\n\n\t\"github.com/coreos/go-systemd/activation\"\n\t\"github.com/je"
},
{
"path": "dnscrypt-proxy/templates.go",
"chars": 242,
"preview": "package main\n\nimport (\n\t_ \"embed\"\n)\n\n// MainHTMLTemplate - templates and static files using go:embed\n//\n//go:embed stati"
},
{
"path": "dnscrypt-proxy/testdata/snakeoil.key",
"chars": 262,
"preview": "untrusted comment: minisign encrypted secret key\nRWRTY0IyhB6jk0BvB9YnhvXfyLkbKj5CSoL4jZtHw7qidhhNW3sAAAACAAAAAAAAAEAAAAA"
},
{
"path": "dnscrypt-proxy/testdata/snakeoil.pub",
"chars": 113,
"preview": "untrusted comment: minisign public key 956181C0EA8BF961\nRWRh+YvqwIFhlRUdNGI/u+EDEmFip5BjgHY/z1yQkmRUcLfeIDWBCxnP\n"
},
{
"path": "dnscrypt-proxy/testdata/sources/empty.md",
"chars": 43,
"preview": "# Minimal example of an empty source list\n\n"
},
{
"path": "dnscrypt-proxy/testdata/sources/empty.md.minisig",
"chars": 296,
"preview": "untrusted comment: signature from minisign secret key\nRWRh+YvqwIFhlQu0PHH9BqqxLYYwmhA4TFMNmfj11kkEYZvu8atPqYVEEyEnLIZLUh"
},
{
"path": "dnscrypt-proxy/testdata/sources/minimal_relay.md",
"chars": 72,
"preview": "# Minimal example of a relay source list\n\n## Blank address\n\nsdns://gQA\n\n"
},
{
"path": "dnscrypt-proxy/testdata/sources/minimal_relay.md.minisig",
"chars": 304,
"preview": "untrusted comment: signature from minisign secret key\nRWRh+YvqwIFhlR1wqxlVLJr+fgAwghbLrJXEykPosJGxWusxKQKOplS5R6XF1cJe5w"
},
{
"path": "dnscrypt-proxy/time_ranges.go",
"chars": 2832,
"preview": "package main\n\nimport (\n\t\"fmt\"\n\t\"strconv\"\n\t\"strings\"\n\t\"time\"\n)\n\ntype TimeRange struct {\n\tafter int\n\tbefore int\n}\n\ntype W"
},
{
"path": "dnscrypt-proxy/timezone_android.go",
"chars": 324,
"preview": "package main\n\nimport (\n\t\"os/exec\"\n\t\"strings\"\n\t\"time\"\n)\n\nfunc TimezoneSetup() error {\n\tout, err := exec.Command(\"/system/"
},
{
"path": "dnscrypt-proxy/timezone_others.go",
"chars": 78,
"preview": "//go:build !android\n\npackage main\n\nfunc TimezoneSetup() error {\n\treturn nil\n}\n"
},
{
"path": "dnscrypt-proxy/udp_conn_pool.go",
"chars": 3313,
"preview": "package main\n\nimport (\n\t\"net\"\n\t\"sync\"\n\t\"sync/atomic\"\n\t\"time\"\n\n\t\"github.com/jedisct1/dlog\"\n)\n\nconst (\n\tUDPPoolMaxConnsPer"
},
{
"path": "dnscrypt-proxy/udp_conn_pool_test.go",
"chars": 4805,
"preview": "package main\n\nimport (\n\t\"fmt\"\n\t\"net\"\n\t\"sync\"\n\t\"testing\"\n\t\"time\"\n)\n\nfunc TestUDPConnPool_Basic(t *testing.T) {\n\tpool := N"
},
{
"path": "dnscrypt-proxy/xtransport.go",
"chars": 27834,
"preview": "package main\n\nimport (\n\t\"bytes\"\n\t\"compress/gzip\"\n\t\"context\"\n\t\"crypto/sha512\"\n\t\"crypto/tls\"\n\t\"crypto/x509\"\n\t\"encoding/bas"
},
{
"path": "go.mod",
"chars": 2118,
"preview": "module github.com/dnscrypt/dnscrypt-proxy\n\ngo 1.25.0\n\nexclude google.golang.org/genproto v0.0.0-20230410155749-daa745c07"
},
{
"path": "go.sum",
"chars": 9552,
"preview": "codeberg.org/miekg/dns v0.6.64 h1:xzvVDL4qhFvU+scxZ2TlV0zhPlCYIps8sUncz2RR7ok=\ncodeberg.org/miekg/dns v0.6.64/go.mod h1:"
},
{
"path": "utils/generate-domains-blocklist/domains-allowlist.txt",
"chars": 1115,
"preview": "163.com\na-msedge.net\namazon.com\napp.link\napple.com\nappsflyer.com\nazurewebsites.net\nbaidu.com\nbankofamerica.com\ncdn.cloud"
},
{
"path": "utils/generate-domains-blocklist/domains-blocklist-local-additions.txt",
"chars": 747,
"preview": "\n# Local set of patterns to block\n\nad.*\nads.*\nbanner.*\nbanners.*\ncreatives.*\noas.*\noascentral.*\ntag.*\ntelemetry.*\ntracke"
},
{
"path": "utils/generate-domains-blocklist/domains-blocklist.conf",
"chars": 7762,
"preview": "##################################################################################\n# "
},
{
"path": "utils/generate-domains-blocklist/domains-time-restricted.txt",
"chars": 352,
"preview": "## Rules to be applied at specific times\n##\n## This requires a time schedule to be defined in the\n## dnscrypt-proxy.toml"
},
{
"path": "utils/generate-domains-blocklist/generate-domains-blocklist.py",
"chars": 13339,
"preview": "#! /usr/bin/env python3\n\n# run with python generate-domains-blocklist.py > list.txt.tmp && mv -f list.txt.tmp list\n\nfrom"
},
{
"path": "vendor/codeberg.org/miekg/dns/.changelog.go.tmpl",
"chars": 673,
"preview": "# Changelog\n\nThis is the generated changelog for codeberg.org/miekg/dns.\n{{range .}}\n{{if eq (len .Logs) 0 -}}\n {{con"
},
{
"path": "vendor/codeberg.org/miekg/dns/CHANGELOG.md",
"chars": 6583,
"preview": "# Changelog\n\nThis is the generated changelog for codeberg.org/miekg/dns.\n\n\n## v0.6.21 - 2026-01-06\n\n8 commits.\n\n\n## v0.6"
},
{
"path": "vendor/codeberg.org/miekg/dns/CONTRIBUTORS",
"chars": 149,
"preview": "Alex A. Skinner\nAndrew Tunnell-Jones\nAsk Bjørn Hansen\nDave Cheney\nDusty Wilson\nMarek Majkowski\nPeter van Dijk\nOmri Bahum"
},
{
"path": "vendor/codeberg.org/miekg/dns/COPYRIGHT",
"chars": 385,
"preview": "Copyright 2009 The Go Authors. All rights reserved. Use of this source code is governed by a BSD-style license\nthat can "
},
{
"path": "vendor/codeberg.org/miekg/dns/LICENSE",
"chars": 1567,
"preview": "BSD 3-Clause License\n\nCopyright (c) 2009, The Go Authors. Extensions copyright (c) 2011, Miek Gieben.\nAll rights reserve"
},
{
"path": "vendor/codeberg.org/miekg/dns/Makefile.release",
"chars": 1005,
"preview": "# Makefile for releasing.\n#\n# The release is controlled from version.go. The version found there is used to tag the git "
},
{
"path": "vendor/codeberg.org/miekg/dns/README.md",
"chars": 9314,
"preview": "[](https://godoc.org/codeberg.org/miekg/dns)\n[![Build Stat"
},
{
"path": "vendor/codeberg.org/miekg/dns/client.go",
"chars": 3939,
"preview": "package dns\n\n// A DNS client implementation, modelled after http.Client\n\nimport (\n\t\"context\"\n\t\"fmt\"\n\t\"io\"\n\t\"net\"\n\t\"time\""
},
{
"path": "vendor/codeberg.org/miekg/dns/dane.go",
"chars": 1019,
"preview": "package dns\n\nimport (\n\t\"crypto/sha256\"\n\t\"crypto/sha512\"\n\t\"crypto/x509\"\n\t\"encoding/hex\"\n\t\"errors\"\n)\n\n// certificateToDANE"
},
{
"path": "vendor/codeberg.org/miekg/dns/deleg/deleg.go",
"chars": 4213,
"preview": "// Package deleg deals with all the intricacies of the DELEG RR. All the sub-types ([Info]) used in the RR are defined h"
},
{
"path": "vendor/codeberg.org/miekg/dns/deleg/delegpack.go",
"chars": 1019,
"preview": "package deleg\n\nimport (\n\t\"slices\"\n\n\t\"codeberg.org/miekg/dns/internal/pack\"\n\t\"codeberg.org/miekg/dns/internal/unpack\"\n\t\"g"
},
{
"path": "vendor/codeberg.org/miekg/dns/deleg/pack.go",
"chars": 3280,
"preview": "package deleg\n\nimport (\n\t\"fmt\"\n\n\t\"codeberg.org/miekg/dns/internal/pack\"\n\t\"codeberg.org/miekg/dns/internal/unpack\"\n\t\"gola"
},
{
"path": "vendor/codeberg.org/miekg/dns/deleg/scan.go",
"chars": 2224,
"preview": "package deleg\n\nimport (\n\t\"errors\"\n\t\"fmt\"\n\t\"net/netip\"\n\t\"strings\"\n)\n\nfunc Parse(i Info, b, o string) error {\n\tswitch x :="
},
{
"path": "vendor/codeberg.org/miekg/dns/deleg/zdnsutil.go",
"chars": 5691,
"preview": "// Code generated by \"go run dnsutil_generate.go\"; DO NOT EDIT.\n\npackage deleg\n\nimport (\n\t\"strings\"\n\t\"time\"\n\n\t\"codeberg."
},
{
"path": "vendor/codeberg.org/miekg/dns/dns.go",
"chars": 14091,
"preview": "package dns\n\nimport (\n\t\"encoding/hex\"\n\t\"math\"\n\t\"strconv\"\n\t\"strings\"\n\t\"sync/atomic\"\n\n\t\"codeberg.org/miekg/dns/pkg/pool\"\n)"
},
{
"path": "vendor/codeberg.org/miekg/dns/dnssec.go",
"chars": 12304,
"preview": "package dns\n\nimport (\n\t\"crypto\"\n\t\"crypto/ecdsa\"\n\t\"crypto/ed25519\"\n\t\"crypto/rand\"\n\t\"crypto/rsa\"\n\t_ \"crypto/sha1\" // nee"
},
{
"path": "vendor/codeberg.org/miekg/dns/dnssec_keygen.go",
"chars": 3172,
"preview": "package dns\n\nimport (\n\t\"crypto\"\n\t\"crypto/ecdsa\"\n\t\"crypto/ed25519\"\n\t\"crypto/elliptic\"\n\t\"crypto/rand\"\n\t\"crypto/rsa\"\n\t\"math"
},
{
"path": "vendor/codeberg.org/miekg/dns/dnssec_keyscan.go",
"chars": 6376,
"preview": "package dns\n\nimport (\n\t\"bufio\"\n\t\"crypto\"\n\t\"crypto/ecdsa\"\n\t\"crypto/ed25519\"\n\t\"crypto/rsa\"\n\t\"fmt\"\n\t\"io\"\n\t\"math/big\"\n\t\"strc"
},
{
"path": "vendor/codeberg.org/miekg/dns/dnssec_privkey.go",
"chars": 2398,
"preview": "package dns\n\nimport (\n\t\"crypto\"\n\t\"crypto/ecdsa\"\n\t\"crypto/ed25519\"\n\t\"crypto/rsa\"\n\t\"math/big\"\n\t\"strconv\"\n\n\t\"codeberg.org/m"
},
{
"path": "vendor/codeberg.org/miekg/dns/dnssec_signer.go",
"chars": 6986,
"preview": "package dns\n\nimport (\n\t\"crypto/ecdsa\"\n\t\"crypto/ed25519\"\n\t\"crypto/elliptic\"\n\t\"crypto/rsa\"\n\t\"math/big\"\n\t\"sort\"\n\n\t\"codeberg"
},
{
"path": "vendor/codeberg.org/miekg/dns/doc.go",
"chars": 5021,
"preview": "/*\nPackage dns implements a full featured interface to the Domain Name System. Both server- and client-side programming "
},
{
"path": "vendor/codeberg.org/miekg/dns/dso_types.go",
"chars": 2219,
"preview": "package dns\n\nimport \"fmt\"\n\n// DSO option codes. All DSO types and constants in this package carry the Stateful prefix.\nc"
},
{
"path": "vendor/codeberg.org/miekg/dns/edns_types.go",
"chars": 16899,
"preview": "package dns\n\nimport (\n\t\"encoding/binary\"\n\t\"encoding/hex\"\n\t\"fmt\"\n\t\"net/netip\"\n\t\"strconv\"\n\n\t\"codeberg.org/miekg/dns/intern"
},
{
"path": "vendor/codeberg.org/miekg/dns/errors.go",
"chars": 1073,
"preview": "package dns\n\n// Error represents a DNS error.\ntype Error struct {\n\terr string\n}\n\nfunc (e *Error) Error() string { return"
},
{
"path": "vendor/codeberg.org/miekg/dns/generate.go",
"chars": 5205,
"preview": "package dns\n\nimport (\n\t\"bytes\"\n\t\"fmt\"\n\t\"io\"\n\t\"strconv\"\n\t\"strings\"\n\n\t\"codeberg.org/miekg/dns/internal/dnslex\"\n)\n\n// Parse"
},
{
"path": "vendor/codeberg.org/miekg/dns/headerpack.go",
"chars": 1329,
"preview": "package dns\n\nimport (\n\t\"codeberg.org/miekg/dns/internal/pack\"\n\t\"codeberg.org/miekg/dns/internal/unpack\"\n\t\"golang.org/x/c"
},
{
"path": "vendor/codeberg.org/miekg/dns/internal/ddd/ddd.go",
"chars": 2225,
"preview": "package ddd\n\nfunc IsDigit(b byte) bool { return b >= '0' && b <= '9' }\nfunc IsLetter(b byte) bool { return (b >= 'a' &&"
},
{
"path": "vendor/codeberg.org/miekg/dns/internal/dnslex/lex.go",
"chars": 10699,
"preview": "package dnslex\n\nimport (\n\t\"bufio\"\n\t\"io\"\n\t\"strconv\"\n\t\"strings\"\n)\n\n// ScanError is a scanning error, it has no presentatio"
},
{
"path": "vendor/codeberg.org/miekg/dns/internal/dnsstring/reader.go",
"chars": 882,
"preview": "package dnsstring\n\nimport (\n\t\"io\"\n\t\"strings\"\n)\n\n// Reader wraps a string and guarantees the stream ends with a '\\n'.\n// "
},
{
"path": "vendor/codeberg.org/miekg/dns/internal/dnsstring/strconv.go",
"chars": 1213,
"preview": "package dnsstring\n\nimport (\n\t\"errors\"\n\t\"strconv\"\n\t\"time\"\n)\n\nfunc AtoiUint8(s string) (uint8, error) {\n\ti, err := strconv"
},
{
"path": "vendor/codeberg.org/miekg/dns/internal/dnsstring/types.go",
"chars": 4778,
"preview": "package dnsstring\n\n// Wire constants and supported types.\nconst (\n\n\t// If you add one here, also add internal/dnsstrings"
},
{
"path": "vendor/codeberg.org/miekg/dns/internal/dnsstring/zrr.go",
"chars": 2301,
"preview": "// Code generated by \"go run rr_generate.go\"; DO NOT EDIT.\n\npackage dnsstring\n\n// TypeToString is a map of strings for e"
},
{
"path": "vendor/codeberg.org/miekg/dns/internal/jump/jump.go",
"chars": 1801,
"preview": "// Package jump contain mini pack function that quick jumping through a binary message.\npackage jump\n\nimport \"encoding/b"
},
{
"path": "vendor/codeberg.org/miekg/dns/internal/pack/errors.go",
"chars": 381,
"preview": "package pack\n\nimport \"fmt\"\n\n// Error represents a packing error.\ntype Error struct{ Err string }\n\nfunc (e *Error) Error("
},
{
"path": "vendor/codeberg.org/miekg/dns/internal/pack/pack.go",
"chars": 7477,
"preview": "package pack\n\nimport (\n\t\"encoding/base32\"\n\t\"encoding/base64\"\n\t\"encoding/binary\"\n\t\"encoding/hex\"\n\t\"net\"\n\t\"net/netip\"\n\t\"st"
},
{
"path": "vendor/codeberg.org/miekg/dns/internal/reverse/reverse.go",
"chars": 196,
"preview": "package reverse\n\n// Map reverses a uint8 or uint16 map.\nfunc Map[K uint8 | uint16](m map[K]string) map[string]K {\n\tn := "
},
{
"path": "vendor/codeberg.org/miekg/dns/internal/unpack/errors.go",
"chars": 449,
"preview": "package unpack\n\nimport \"fmt\"\n\n// Error represents an unpacking error.\ntype Error struct{ Err string }\n\nfunc (e *Error) E"
},
{
"path": "vendor/codeberg.org/miekg/dns/internal/unpack/unpack.go",
"chars": 5795,
"preview": "package unpack\n\nimport (\n\t\"encoding/base32\"\n\t\"encoding/base64\"\n\t\"encoding/hex\"\n\t\"net\"\n\t\"net/netip\"\n\n\t\"codeberg.org/miekg"
},
{
"path": "vendor/codeberg.org/miekg/dns/listen_no_socket_options.go",
"chars": 787,
"preview": "//go:build !aix && !darwin && !dragonfly && !freebsd && !linux && !netbsd && !openbsd\n\npackage dns\n\nimport (\n\t\"fmt\"\n\t\"ne"
},
{
"path": "vendor/codeberg.org/miekg/dns/listen_socket_options.go",
"chars": 1601,
"preview": "//go:build aix || darwin || dragonfly || freebsd || linux || netbsd || openbsd\n\npackage dns\n\nimport (\n\t\"context\"\n\t\"net\"\n"
},
{
"path": "vendor/codeberg.org/miekg/dns/msg.go",
"chars": 23368,
"preview": "package dns\n\nimport (\n\t\"crypto/rand\"\n\t\"encoding/binary\"\n\t\"fmt\"\n\t\"io\"\n\t\"iter\"\n\t\"net\"\n\t\"strconv\"\n\n\t\"codeberg.org/miekg/dns"
},
{
"path": "vendor/codeberg.org/miekg/dns/nsecpack.go",
"chars": 2975,
"preview": "package dns\n\nimport (\n\t\"codeberg.org/miekg/dns/internal/pack\"\n\t\"codeberg.org/miekg/dns/internal/unpack\"\n\t\"golang.org/x/c"
},
{
"path": "vendor/codeberg.org/miekg/dns/opt.go",
"chars": 2568,
"preview": "package dns\n\nimport \"codeberg.org/miekg/dns/internal/dnslex\"\n\nfunc (*OPT) parse(c *dnslex.Lexer, origin string) *ParseEr"
},
{
"path": "vendor/codeberg.org/miekg/dns/optpack.go",
"chars": 1398,
"preview": "package dns\n\nimport (\n\t\"fmt\"\n\n\t\"codeberg.org/miekg/dns/internal/pack\"\n\t\"codeberg.org/miekg/dns/internal/unpack\"\n\t\"golang"
},
{
"path": "vendor/codeberg.org/miekg/dns/pkg/pool/pool.go",
"chars": 1576,
"preview": "package pool\n\nimport (\n\t\"strings\"\n\t\"sync\"\n)\n\n// Pooler is an interface that mimics a sync.Pool, but allows for different"
},
{
"path": "vendor/codeberg.org/miekg/dns/rdata/rdata.go",
"chars": 11015,
"preview": "// Package rdata contains the rdata elements of all the resource records, each type that implements\n// [codeberg.org/mie"
},
{
"path": "vendor/codeberg.org/miekg/dns/rdata/string.go",
"chars": 15140,
"preview": "package rdata\n\nimport (\n\t\"fmt\"\n\t\"strconv\"\n\t\"strings\"\n\n\t\"codeberg.org/miekg/dns/deleg\"\n\t\"codeberg.org/miekg/dns/internal/"
},
{
"path": "vendor/codeberg.org/miekg/dns/rdata/stringutil.go",
"chars": 2648,
"preview": "package rdata\n\nimport (\n\t\"fmt\"\n\t\"strconv\"\n\t\"strings\"\n\t\"time\"\n\n\t\"codeberg.org/miekg/dns/internal/ddd\"\n\t\"codeberg.org/miek"
},
{
"path": "vendor/codeberg.org/miekg/dns/rdata/zdnsutil.go",
"chars": 5691,
"preview": "// Code generated by \"go run dnsutil_generate.go\"; DO NOT EDIT.\n\npackage rdata\n\nimport (\n\t\"strings\"\n\t\"time\"\n\n\t\"codeberg."
},
{
"path": "vendor/codeberg.org/miekg/dns/rdata/zlen.go",
"chars": 7329,
"preview": "// Code generated by \"go run len_generate.go\"; DO NOT EDIT.\n\npackage rdata\n\nimport (\n\t\"encoding/base64\"\n\t\"net\"\n)\n\nfunc ("
},
{
"path": "vendor/codeberg.org/miekg/dns/response.go",
"chars": 3445,
"preview": "package dns\n\nimport (\n\t\"crypto/tls\"\n\t\"io\"\n\t\"net\"\n\t\"sync/atomic\"\n\t\"time\"\n)\n\n// A ResponseWriter interface is used by an D"
},
{
"path": "vendor/codeberg.org/miekg/dns/reverse.go",
"chars": 1030,
"preview": "package dns\n\nimport \"codeberg.org/miekg/dns/internal/reverse\"\n\n// StringToType is the reverse of [TypeToString].\n// Basi"
},
{
"path": "vendor/codeberg.org/miekg/dns/router",
"chars": 261,
"preview": "tcp up\n\nudp conns, make it fit in buffer, see what we need other tc\n\ncache, use the btree, with Msg, without buffer and "
},
{
"path": "vendor/codeberg.org/miekg/dns/scan.go",
"chars": 23303,
"preview": "package dns\n\nimport (\n\t\"fmt\"\n\t\"io\"\n\t\"io/fs\"\n\t\"iter\"\n\t\"math\"\n\t\"os\"\n\t\"path\"\n\t\"path/filepath\"\n\t\"strconv\"\n\t\"strings\"\n\n\t\"code"
},
{
"path": "vendor/codeberg.org/miekg/dns/scan_ednsrr.go",
"chars": 2551,
"preview": "package dns\n\nimport (\n\t\"encoding/binary\"\n\t\"strconv\"\n\t\"strings\"\n\n\t\"codeberg.org/miekg/dns/internal/dnslex\"\n)\n\nfunc (o *ZO"
},
{
"path": "vendor/codeberg.org/miekg/dns/scan_rdata.go",
"chars": 47733,
"preview": "package dns\n\nimport (\n\t\"encoding/base64\"\n\t\"net/netip\"\n\t\"strconv\"\n\t\"strings\"\n\n\t\"codeberg.org/miekg/dns/deleg\"\n\t\"codeberg."
},
{
"path": "vendor/codeberg.org/miekg/dns/scan_rr.go",
"chars": 10370,
"preview": "package dns\n\nimport (\n\t\"strings\"\n\n\t\"codeberg.org/miekg/dns/internal/ddd\"\n\t\"codeberg.org/miekg/dns/internal/dnslex\"\n)\n\nfu"
},
{
"path": "vendor/codeberg.org/miekg/dns/serve_mux.go",
"chars": 5636,
"preview": "package dns\n\nimport (\n\t\"context\"\n\t\"io\"\n\t\"sync\"\n)\n\n// Handler is implemented by any value that implements ServeDNS. The m"
},
{
"path": "vendor/codeberg.org/miekg/dns/server.go",
"chars": 10725,
"preview": "package dns\n\nimport (\n\t\"context\"\n\t\"crypto/tls\"\n\t\"io\"\n\t\"net\"\n\t\"sync\"\n\t\"time\"\n\n\t\"codeberg.org/miekg/dns/pkg/pool\"\n)\n\n// De"
},
{
"path": "vendor/codeberg.org/miekg/dns/server_no_recvmmsg.go",
"chars": 955,
"preview": "//go:build windows\n\npackage dns\n\nimport (\n\t\"net\"\n\t\"sync\"\n\n\t\"golang.org/x/net/ipv4\"\n)\n\n// listenUDP starts a UDP listener"
},
{
"path": "vendor/codeberg.org/miekg/dns/server_recvmmsg.go",
"chars": 1587,
"preview": "//go:build unix\n\npackage dns\n\nimport (\n\t\"net\"\n\t\"sync\"\n\n\t\"golang.org/x/net/ipv4\"\n)\n\n// listenUDP starts a UDP listener fo"
},
{
"path": "vendor/codeberg.org/miekg/dns/sig0.go",
"chars": 2555,
"preview": "package dns\n\nimport (\n\t\"crypto\"\n\t\"fmt\"\n\n\t\"codeberg.org/miekg/dns/internal/pack\"\n\t\"codeberg.org/miekg/dns/internal/unpack"
},
{
"path": "vendor/codeberg.org/miekg/dns/sig0_signer.go",
"chars": 1956,
"preview": "package dns\n\nimport (\n\t\"crypto\"\n\t\"crypto/ecdsa\"\n\t\"crypto/ed25519\"\n\t\"crypto/rsa\"\n\t\"math/big\"\n\n\t\"codeberg.org/miekg/dns/in"
},
{
"path": "vendor/codeberg.org/miekg/dns/smimea.go",
"chars": 694,
"preview": "package dns\n\nimport (\n\t\"crypto/x509\"\n)\n\n// Sign creates a SMIMEA record from an SSL certificate.\nfunc (rr *SMIMEA) Sign("
},
{
"path": "vendor/codeberg.org/miekg/dns/sort.go",
"chars": 2550,
"preview": "package dns\n\nimport (\n\t\"sort\"\n)\n\n// Compare returns an integer comparing two RRs according to \"Canonical Form and Order "
},
{
"path": "vendor/codeberg.org/miekg/dns/sort_rdata.go",
"chars": 2621,
"preview": "package dns\n\nimport (\n\t\"bytes\"\n\t\"encoding/base32\"\n\t\"encoding/base64\"\n\t\"encoding/hex\"\n\n\t\"codeberg.org/miekg/dns/deleg\"\n\t\""
},
{
"path": "vendor/codeberg.org/miekg/dns/string.go",
"chars": 1938,
"preview": "package dns\n\nimport (\n\t\"strconv\"\n\t\"strings\"\n\n\t\"codeberg.org/miekg/dns/pkg/pool\"\n)\n\nfunc typeToString(t uint16) string {\n"
},
{
"path": "vendor/codeberg.org/miekg/dns/svcb/pack.go",
"chars": 6554,
"preview": "package svcb\n\nimport (\n\t\"errors\"\n\t\"fmt\"\n\n\t\"codeberg.org/miekg/dns/internal/pack\"\n\t\"codeberg.org/miekg/dns/internal/unpac"
},
{
"path": "vendor/codeberg.org/miekg/dns/svcb/scan.go",
"chars": 5080,
"preview": "package svcb\n\nimport (\n\t\"errors\"\n\t\"fmt\"\n\t\"net/netip\"\n\t\"strconv\"\n\t\"strings\"\n\n\t\"codeberg.org/miekg/dns/internal/ddd\"\n\t\"cod"
},
{
"path": "vendor/codeberg.org/miekg/dns/svcb/svcb.go",
"chars": 12553,
"preview": "// Package svcb deals with all the intricacies of the SVCB/HTTPS RR. All the sub-types ([Pair]) used in\n// the RR are de"
},
{
"path": "vendor/codeberg.org/miekg/dns/svcb/svcbpack.go",
"chars": 1016,
"preview": "package svcb\n\nimport (\n\t\"slices\"\n\n\t\"codeberg.org/miekg/dns/internal/pack\"\n\t\"codeberg.org/miekg/dns/internal/unpack\"\n\t\"go"
}
]
// ... and 1585 more files (download for full content)
About this extraction
This page contains the full source code of the DNSCrypt/dnscrypt-proxy GitHub repository, extracted and formatted as plain text for AI agents and large language models (LLMs). The extraction includes 1785 files (18.2 MB), approximately 4.1M tokens, and a symbol index with 110623 extracted functions, classes, methods, constants, and types. Use this with OpenClaw, Claude, ChatGPT, Cursor, Windsurf, or any other AI tool that accepts text input. You can copy the full output to your clipboard or download it as a .txt file.
Extracted by GitExtract — free GitHub repo to text converter for AI. Built by Nikandr Surkov.