mirror of
https://github.com/safing/portmaster
synced 2025-09-02 18:49:14 +00:00
100 lines
2.3 KiB
Go
100 lines
2.3 KiB
Go
package resolver
|
|
|
|
import (
|
|
"crypto/tls"
|
|
"net"
|
|
"sync"
|
|
"time"
|
|
|
|
"github.com/miekg/dns"
|
|
)
|
|
|
|
var (
|
|
localAddrFactory func(network string) net.Addr
|
|
)
|
|
|
|
// SetLocalAddrFactory supplies the intel package with a function to get permitted local addresses for connections.
|
|
func SetLocalAddrFactory(laf func(network string) net.Addr) {
|
|
if localAddrFactory == nil {
|
|
localAddrFactory = laf
|
|
}
|
|
}
|
|
|
|
func getLocalAddr(network string) net.Addr {
|
|
if localAddrFactory != nil {
|
|
return localAddrFactory(network)
|
|
}
|
|
return nil
|
|
}
|
|
|
|
type clientManager struct {
|
|
dnsClient *dns.Client
|
|
factory func() *dns.Client
|
|
|
|
lock sync.Mutex
|
|
refreshAfter time.Time
|
|
ttl time.Duration // force refresh of connection to reduce traceability
|
|
}
|
|
|
|
func newDNSClientManager(_ *Resolver) *clientManager {
|
|
return &clientManager{
|
|
ttl: 0, // new client for every request, as we need to randomize the port
|
|
factory: func() *dns.Client {
|
|
return &dns.Client{
|
|
Timeout: 5 * time.Second,
|
|
Dialer: &net.Dialer{
|
|
LocalAddr: getLocalAddr("udp"),
|
|
},
|
|
}
|
|
},
|
|
}
|
|
}
|
|
|
|
func newTCPClientManager(_ *Resolver) *clientManager {
|
|
return &clientManager{
|
|
ttl: 0, // TODO: build a custom client that can reuse connections to some degree (performance / privacy tradeoff)
|
|
factory: func() *dns.Client {
|
|
return &dns.Client{
|
|
Net: "tcp",
|
|
Timeout: 5 * time.Second,
|
|
Dialer: &net.Dialer{
|
|
LocalAddr: getLocalAddr("tcp"),
|
|
KeepAlive: 15 * time.Second,
|
|
},
|
|
}
|
|
},
|
|
}
|
|
}
|
|
|
|
func newTLSClientManager(resolver *Resolver) *clientManager {
|
|
return &clientManager{
|
|
ttl: 0, // TODO: build a custom client that can reuse connections to some degree (performance / privacy tradeoff)
|
|
factory: func() *dns.Client {
|
|
return &dns.Client{
|
|
Net: "tcp-tls",
|
|
TLSConfig: &tls.Config{
|
|
MinVersion: tls.VersionTLS12,
|
|
ServerName: resolver.VerifyDomain,
|
|
// TODO: use portbase rng
|
|
},
|
|
Timeout: 5 * time.Second,
|
|
Dialer: &net.Dialer{
|
|
LocalAddr: getLocalAddr("tcp"),
|
|
KeepAlive: 15 * time.Second,
|
|
},
|
|
}
|
|
},
|
|
}
|
|
}
|
|
|
|
func (cm *clientManager) getDNSClient() *dns.Client {
|
|
cm.lock.Lock()
|
|
defer cm.lock.Unlock()
|
|
|
|
if cm.dnsClient == nil || cm.ttl == 0 || time.Now().After(cm.refreshAfter) {
|
|
cm.dnsClient = cm.factory()
|
|
cm.refreshAfter = time.Now().Add(cm.ttl)
|
|
}
|
|
|
|
return cm.dnsClient
|
|
}
|