For cached or singleflight messages, the edns0 cookie is currently
shared among all of them, causing mismatch cookie warning from clients.
The ctrld proxy should re-set client cookies for each request
separately, even though they use the same shared answer.
To guard ctrld from possible DoS to remote upstreams, this commit
implements following things:
- Optimizing multiple queries with the same domain and qtype to use
singleflight group, so there's only 1 query to remote upstreams at
any time.
- Adding a hot cache with 1 second TTL, so repeated queries will re-use
the result from cache if existed, preventing unnecessary requests to
remote upstreams.
There's a bug in wmi library which causes race condition when getting
wmi instance manager concurrently. The new tests for setup bootstrap ip
concurrently thus failed unexpectedly.
There's going to be a fix sent to the upstream, in the meantime, disable
the parallel test temporary.
See: https://github.com/microsoft/wmi/issues/165
As part of v1.4.0 release, reading DNS from /etc/resolv.conf file is
only available for Macos. However, there's no reason to prevent this
function from working on other *nix systems.
This commit unify the function to *nix, so it could be added as DNS
source for Linux and Freebsd.
So on system where there's no available DNS, non-ControlD upstreams
could be bootstrapped like before.
While at it, also improving lookupIP to not initializing OS resolver
anymore, removing the un-necessary contention for accquiring/releasing
OS resolver mutex.
If the socket file does not exist, it means that "ctrld start" was never
run. In this case, the warning message should not be printed to avoid
needless confusion.
Generally, using /jffs/scripts/dnsmasq.postconf is the right way to add
custom configuration to dnsmasq on Merlin. However, we have seen many
reports that the postconf does not work on their devices.
This commit changes how dnsmasq config manipulation is done on Merlin,
so it's expected to work on all Merlin devices:
- Writing /jffs/scripts/dnsmasq.postconf script
- Copy current dnsmasq.conf to /jffs/configs/dnsmasq.conf
- Run postconf script directly on /jffs/configs/dnsmasq.conf
- Restart dnsmasq
This way, the /jffs/configs/dnsmasq.conf will contain both current
dnsmasq config, and also custom config added by ctrld, without worrying
about conflicting, because configuration was added by postconf.
See (1) for more details about custom config files on Merlin.
(1) https://github.com/RMerl/asuswrt-merlin.ng/wiki/Custom-config-files
So using "ctrld stop" or service manager to stop ctrld will end up with
the same result, stopped ctrld with a working DNS, and deactivation pin
code will always have effects if set.
Since requests are mostly originated from the machine itself, so all
necessary metadata is local to it.
Currently, the desktop platforms are Windows desktop and darwin.
netmon provides ipv6 availability during network event changes, so use
this metadata instead of wasting on polling check.
Further, repeated network errors will force marking ipv6 as disable if
were being enabled, catching a rare case when ipv6 were disabled from
cli or system settings.
Currently, custom config is only validated against invalid syntax, not
the validating rules for each configuration value. It causes ctrld
process fatal instead of disregarding as expected.
To fix this, force the validating rule after fetching remote config.
While at it, also add the default network value if non-existed.
When ctrld performs upgrading tasks, the current binary would be moved
to different file, thus the executable will return this new file name,
instead of the old "/path/to/ctrld".
The config path on FreshTomato is located in the same directory with
ctrld binary, with ".startup" suffix. So when the binary was moved
during upgrading, the config path is located wrongly.
To fix it, read the binary path from service config first, then only
fallback to the current executable if the path is empty (this is the
same way ctrld is doing for other router platforms).
So the "ctrld start" should know earlier that "ctrld run" failed to
listen on certain port, and terminate earlier instead of waiting for
timeout happened.
Since application may need SRV record for public domains, which could be
blocked by OS resolver, but not with remote upstreams.
This was reported by a Minecraft user, who seeing thing is broken after
upgrading to v1.4.0 release.
The log ip connection may be nil, since it was not created if blocked by
firewall/VPN apps.
While at it, also add warning when the ipc connection could not be created.
Currently, ctrld requires the default route interface existed to be
functional correctly.
However, on systems where default route is non existed, or point to a
virtual interface (like ipsec based VPN), the fact that the OS is using
this interface as default gateway and doesn't actually send things to
127.0.0.1 is not ctrld's problem.
In this case, ctrld should just start normally, without worrying about
the no default route interface problem.
postRun should not restore static settings
put back validInterface check
better debug logs for os resolver init, use mutex to prevent duplicate initializations
use WMI instead of registry keys for static DNS data on Windows
use WMI instead of registry keys for static DNS data on Windows
use winipcfg DNS method
use WMI with registry fallback
go back to registry method
restore saved static configs on stop and uninstall
restore ipv6 DHCP if no saved static ipv6 addresses
do not save loopback IPs for static configs
handle watchdog interface changed for new interfaces
dont overwrite static file on start when staticdns is set to loopback
dont overwrite static file on start when staticdns is set to loopback
dont overwrite static file on start when staticdns is set to loopback
no need to resetDNS on start, uninstall already takes care of this
