search

DNSCrypt / dnscrypt-proxy

dnscrypt-proxy 2 - A flexible DNS proxy, with support for encrypted DNS protocols.
https://dnscrypt.info
ISC License
11.44k stars 1.01k forks source link

Crash if dns64 prefix enabled #2391

Closed bmeirellesRJ closed 1 year ago

bmeirellesRJ commented 1 year ago

2023-05-11T14:45:30.766067-03:00 router systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. 2023-05-11T14:45:30.852355-03:00 router dnscrypt-proxy[2488]: [2023-05-11 14:45:30] [NOTICE] dnscrypt-proxy 2.1.4 2023-05-11T14:45:30.887797-03:00 router dnscrypt-proxy[2488]: [2023-05-11 14:45:30] [NOTICE] Network connectivity detected 2023-05-11T14:45:30.888146-03:00 router dnscrypt-proxy[2488]: [2023-05-11 14:45:30] [NOTICE] Now listening to [::]:53 [UDP] 2023-05-11T14:45:30.888420-03:00 router dnscrypt-proxy[2488]: [2023-05-11 14:45:30] [NOTICE] Now listening to [::]:53 [TCP] 2023-05-11T14:45:30.889733-03:00 router dnscrypt-proxy[2488]: [2023-05-11 14:45:30] [NOTICE] Source [public-resolvers] loaded 2023-05-11T14:45:30.890181-03:00 router dnscrypt-proxy[2488]: [2023-05-11 14:45:30] [NOTICE] Source [relays] loaded 2023-05-11T14:45:30.892988-03:00 router dnscrypt-proxy[2488]: [2023-05-11 14:45:30] [NOTICE] Firefox workaround initialized 2023-05-11T14:45:30.893139-03:00 router dnscrypt-proxy[2488]: [2023-05-11 14:45:30] [NOTICE] Loading the set of blocking rules from [blocked-names.txt] 2023-05-11T14:45:30.893340-03:00 router dnscrypt-proxy[2488]: [2023-05-11 14:45:30] [NOTICE] Loading the set of cloaking rules from [cloaking-rules.txt] 2023-05-11T14:45:30.893837-03:00 router dnscrypt-proxy[2488]: [2023-05-11 14:45:30] [INFO] Registered DNS64 prefix [64:ff9b::/96] 2023-05-11T14:45:31.006206-03:00 router dnscrypt-proxy[2488]: [2023-05-11 14:45:31] [INFO] [cloudflare-ipv6] TLS version: 304 - Protocol: h2 - Cipher suite: 4865 2023-05-11T14:45:31.006449-03:00 router dnscrypt-proxy[2488]: [2023-05-11 14:45:31] [NOTICE] [cloudflare-ipv6] OK (DoH) - rtt: 23ms 2023-05-11T14:45:31.059139-03:00 router dnscrypt-proxy[2488]: [2023-05-11 14:45:31] [INFO] [cloudflare] TLS version: 304 - Protocol: h2 - Cipher suite: 4865 2023-05-11T14:45:31.059522-03:00 router dnscrypt-proxy[2488]: [2023-05-11 14:45:31] [NOTICE] [cloudflare] OK (DoH) - rtt: 11ms 2023-05-11T14:45:31.060074-03:00 router dnscrypt-proxy[2488]: [2023-05-11 14:45:31] [NOTICE] Sorted latencies: 2023-05-11T14:45:31.060500-03:00 router dnscrypt-proxy[2488]: [2023-05-11 14:45:31] [NOTICE] - 11ms cloudflare 2023-05-11T14:45:31.060743-03:00 router dnscrypt-proxy[2488]: [2023-05-11 14:45:31] [NOTICE] - 23ms cloudflare-ipv6 2023-05-11T14:45:31.061160-03:00 router dnscrypt-proxy[2488]: [2023-05-11 14:45:31] [NOTICE] Server with the lowest initial latency: cloudflare (rtt: 11ms) 2023-05-11T14:45:31.061463-03:00 router dnscrypt-proxy[2488]: [2023-05-11 14:45:31] [NOTICE] dnscrypt-proxy is ready - live servers: 2 2023-05-11T14:45:53.388510-03:00 router dnscrypt-proxy[2488]: panic: runtime error: invalid memory address or nil pointer dereference 2023-05-11T14:45:53.389885-03:00 router dnscrypt-proxy[2488]: [signal SIGSEGV: segmentation violation code=0x1 addr=0x8 pc=0x8f1fbf] 2023-05-11T14:45:53.389989-03:00 router dnscrypt-proxy[2488]: goroutine 41 [running]: 2023-05-11T14:45:53.390094-03:00 router dnscrypt-proxy[2488]: main.(PluginQueryLog).Eval(0xc0000829c0, 0xc00023c460, 0x1a?) 2023-05-11T14:45:53.390198-03:00 router dnscrypt-proxy[2488]: #011/home/runner/work/dnscrypt-proxy/dnscrypt-proxy/dnscrypt-proxy/plugin_query_log.go:62 +0x11f 2023-05-11T14:45:53.390297-03:00 router dnscrypt-proxy[2488]: main.(PluginsState).ApplyLoggingPlugins(0xc00023c460, 0xc000097900) 2023-05-11T14:45:53.390404-03:00 router dnscrypt-proxy[2488]: #011/home/runner/work/dnscrypt-proxy/dnscrypt-proxy/dnscrypt-proxy/plugins.go:396 +0x1d1 2023-05-11T14:45:53.390507-03:00 router dnscrypt-proxy[2488]: main.(Proxy).processIncomingQuery(0xc000097900, {0xa22c00, 0xa}, {0xa200c2, 0x3}, {0xc0002ae2d0, 0x44, 0x45}, 0x0, {0x0, ...}, ...) 2023-05-11T14:45:53.390619-03:00 router dnscrypt-proxy[2488]: #011/home/runner/work/dnscrypt-proxy/dnscrypt-proxy/dnscrypt-proxy/proxy.go:868 +0x180f 2023-05-11T14:45:53.390718-03:00 router dnscrypt-proxy[2488]: main.(PluginDNS64).Eval(0xc0001170e0, 0xc00023c1c0, 0xc000024ab0) 2023-05-11T14:45:53.390844-03:00 router dnscrypt-proxy[2488]: #011/home/runner/work/dnscrypt-proxy/dnscrypt-proxy/dnscrypt-proxy/plugin_dns64.go:93 +0x1c5 2023-05-11T14:45:53.390943-03:00 router dnscrypt-proxy[2488]: main.(PluginsState).ApplyResponsePlugins(0xc00023c1c0, 0xc000097900, {0xc0000fa800, 0x1d4, 0x200}, 0x0) 2023-05-11T14:45:53.391045-03:00 router dnscrypt-proxy[2488]: #011/home/runner/work/dnscrypt-proxy/dnscrypt-proxy/dnscrypt-proxy/plugins.go:356 +0x424 2023-05-11T14:45:53.391143-03:00 router dnscrypt-proxy[2488]: main.(Proxy).processIncomingQuery(0xc000097900, {0xa200c2, 0x3}, {0xa200c2, 0x3}, {0xc000276000, 0x2b, 0xfff}, 0xc000118020, {0xb08300, ...}, ...) 2023-05-11T14:45:53.391246-03:00 router dnscrypt-proxy[2488]: #011/home/runner/work/dnscrypt-proxy/dnscrypt-proxy/dnscrypt-proxy/proxy.go:796 +0x18f7 2023-05-11T14:45:53.391348-03:00 router dnscrypt-proxy[2488]: main.(Proxy).udpListener.func1() 2023-05-11T14:45:53.391699-03:00 router dnscrypt-proxy[2488]: #011/home/runner/work/dnscrypt-proxy/dnscrypt-proxy/dnscrypt-proxy/proxy.go:403 +0x132 2023-05-11T14:45:53.391822-03:00 router dnscrypt-proxy[2488]: created by main.(Proxy).udpListener 2023-05-11T14:45:53.391919-03:00 router dnscrypt-proxy[2488]: #011/home/runner/work/dnscrypt-proxy/dnscrypt-proxy/dnscrypt-proxy/proxy.go:401 +0x20c 2023-05-11T14:45:53.396218-03:00 router systemd[1]: dnscrypt-proxy.service: Main process exited, code=exited, status=2/INVALIDARGUMENT 2023-05-11T14:45:53.396474-03:00 router systemd[1]: dnscrypt-proxy.service: Failed with result 'exit-code'.

jedisct1 commented 1 year ago

Do you have a way to reproduce this? What changes have to be made to the default configuration?

bmeirellesRJ commented 1 year ago

Hi,

I just uncommented the line " prefix = ['64:ff9b::/96'] " anda restarted the service.

lifenjoiner commented 1 year ago

Reproducible snippets/descriptions are always welcomed. That will accelerate problem solving.

Here are mine to reproduce your panic message:

example-dnscrypt-proxy.toml diff ```diff diff --git "a/example-dnscrypt-proxy.toml" "b/dns64.toml" index f6f6c458..dff97995 100644 --- "a/example-dnscrypt-proxy.toml" +++ "b/dns64.toml" @@ -39,7 +39,7 @@ ## To listen to all IPv4 addresses, use `listen_addresses = ['0.0.0.0:53']` ## To listen to all IPv4+IPv6 addresses, use `listen_addresses = ['[::]:53']` -listen_addresses = ['127.0.0.1:53'] +listen_addresses = ['127.0.0.1:57053'] ## Maximum number of simultaneous client connections to accept @@ -161,7 +161,7 @@ keepalive = 30 ## Log level (0-6, default: 2 - 0 is very verbose, 6 only contains fatal errors) -# log_level = 2 +log_level = 1 ## Log file for the application, as an alternative to sending logs to @@ -481,7 +481,7 @@ cache_neg_max_ttl = 600 ## Path to the query log file (absolute, or relative to the same directory as the config file) ## Can be set to /dev/stdout in order to log to the standard output. -# file = 'query.log' +file = '/dev/stdout' ## Query log format (currently supported: tsv and ltsv) @@ -861,7 +861,7 @@ skip_incompatible = false ## Static prefix(es) as Pref64::/n CIDRs -# prefix = ['64:ff9b::/96'] +prefix = ['64:ff9b::/96'] ## DNS64-enabled resolver(s) to discover Pref64::/n CIDRs ## These resolvers are used to query for Well-Known IPv4-only Name (WKN) "ipv4only.arpa." to discover only. ```

And the requirements are:

  1. enabling prefix = ['64:ff9b::/96'] and query_log,
  2. query the AAAA record of an host that has only IPv4. Example: dig -p 57053 -t aaaa github.com.
bmeirellesRJ commented 1 year ago

Hi,

2023-05-12 15:41:29] ::1 e.d.5.2.0.0.0.0.c.0.0.b.e.c.a.f.3.8.2.0.5.0.1.f.0.8.8.2.3.0.a.2.ip6.arpa PTR PASS 13ms cloudflare [2023-05-12 15:41:29] ::1 e.d.5.2.0.0.0.0.c.0.0.b.e.c.a.f.3.8.2.0.5.0.1.f.0.8.8.2.3.0.a.2.ip6.arpa PTR PASS 0ms - [2023-05-12 15:41:30] ::1 e.d.5.2.0.0.0.0.c.0.0.b.e.c.a.f.3.8.2.0.5.0.1.f.0.8.8.2.3.0.a.2.ip6.arpa PTR PASS 0ms - [2023-05-12 15:41:31] ::1 e.d.5.2.0.0.0.0.c.0.0.b.e.c.a.f.3.8.2.0.5.0.1.f.0.8.8.2.3.0.a.2.ip6.arpa PTR PASS 1ms - [2023-05-12 15:41:32] ::1 e.d.5.2.0.0.0.0.c.0.0.b.e.c.a.f.3.8.2.0.5.0.1.f.0.8.8.2.3.0.a.2.ip6.arpa PTR PASS 1ms - [2023-05-12 15:41:33] ::1 e.d.5.2.0.0.0.0.c.0.0.b.e.c.a.f.3.8.2.0.5.0.1.f.0.8.8.2.3.0.a.2.ip6.arpa PTR PASS 0ms -

root@router:~# dig -t aaaa github.com ;; communications error to ::1#53: timed out ;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused ;; communications error to 127.0.0.1#53: connection refused

; <<>> DiG 9.18.12-1-Debian <<>> -t aaaa github.com ;; global options: +cmd ;; no servers could be reached

2023-05-11T19:00:34.144021-03:00 router systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. 2023-05-11T19:00:34.230957-03:00 router dnscrypt-proxy[969]: [2023-05-11 19:00:34] [NOTICE] dnscrypt-proxy 2.1.4 2023-05-11T19:00:34.266193-03:00 router dnscrypt-proxy[969]: [2023-05-11 19:00:34] [NOTICE] Network connectivity detected 2023-05-11T19:00:34.266536-03:00 router dnscrypt-proxy[969]: [2023-05-11 19:00:34] [NOTICE] Now listening to [::]:53 [UDP] 2023-05-11T19:00:34.266853-03:00 router dnscrypt-proxy[969]: [2023-05-11 19:00:34] [NOTICE] Now listening to [::]:53 [TCP] 2023-05-11T19:00:34.267715-03:00 router dnscrypt-proxy[969]: [2023-05-11 19:00:34] [NOTICE] Source [relays] loaded 2023-05-11T19:00:34.268669-03:00 router dnscrypt-proxy[969]: [2023-05-11 19:00:34] [NOTICE] Source [public-resolvers] loaded 2023-05-11T19:00:34.271907-03:00 router dnscrypt-proxy[969]: [2023-05-11 19:00:34] [NOTICE] Firefox workaround initialized 2023-05-11T19:00:34.272056-03:00 router dnscrypt-proxy[969]: [2023-05-11 19:00:34] [NOTICE] Loading the set of blocking rules from [blocked-names.txt] 2023-05-11T19:00:34.272253-03:00 router dnscrypt-proxy[969]: [2023-05-11 19:00:34] [NOTICE] Loading the set of cloaking rules from [cloaking-rules.txt] 2023-05-11T19:00:34.272763-03:00 router dnscrypt-proxy[969]: [2023-05-11 19:00:34] [INFO] Registered DNS64 prefix [64:ff9b::/96] 2023-05-11T19:00:34.376559-03:00 router dnscrypt-proxy[969]: [2023-05-11 19:00:34] [INFO] [cloudflare-ipv6] TLS version: 304 - Protocol: h2 - Cipher suite: 4865 2023-05-11T19:00:34.376775-03:00 router dnscrypt-proxy[969]: [2023-05-11 19:00:34] [NOTICE] [cloudflare-ipv6] OK (DoH) - rtt: 27ms 2023-05-11T19:00:34.466128-03:00 router dnscrypt-proxy[969]: [2023-05-11 19:00:34] [INFO] [cloudflare] TLS version: 304 - Protocol: h2 - Cipher suite: 4865 2023-05-11T19:00:34.466643-03:00 router dnscrypt-proxy[969]: [2023-05-11 19:00:34] [NOTICE] [cloudflare] OK (DoH) - rtt: 21ms 2023-05-11T19:00:34.467083-03:00 router dnscrypt-proxy[969]: [2023-05-11 19:00:34] [NOTICE] Sorted latencies: 2023-05-11T19:00:34.467451-03:00 router dnscrypt-proxy[969]: [2023-05-11 19:00:34] [NOTICE] - 21ms cloudflare 2023-05-11T19:00:34.467943-03:00 router dnscrypt-proxy[969]: [2023-05-11 19:00:34] [NOTICE] - 27ms cloudflare-ipv6 2023-05-11T19:00:34.468081-03:00 router dnscrypt-proxy[969]: [2023-05-11 19:00:34] [NOTICE] Server with the lowest initial latency: cloudflare (rtt: 21ms) 2023-05-11T19:00:34.468519-03:00 router dnscrypt-proxy[969]: [2023-05-11 19:00:34] [NOTICE] dnscrypt-proxy is ready - live servers: 2 2023-05-11T19:00:48.921330-03:00 router dnscrypt-proxy[969]: panic: runtime error: invalid memory address or nil pointer dereference 2023-05-11T19:00:48.921771-03:00 router dnscrypt-proxy[969]: [signal SIGSEGV: segmentation violation code=0x1 addr=0x8 pc=0x8f1fbf] 2023-05-11T19:00:48.922953-03:00 router dnscrypt-proxy[969]: goroutine 39 [running]: 2023-05-11T19:00:48.923058-03:00 router dnscrypt-proxy[969]: main.(PluginQueryLog).Eval(0xc0000829c0, 0xc00023c380, 0x1a?) 2023-05-11T19:00:48.923166-03:00 router dnscrypt-proxy[969]: #011/home/runner/work/dnscrypt-proxy/dnscrypt-proxy/dnscrypt-proxy/plugin_query_log.go:62 +0x11f 2023-05-11T19:00:48.923266-03:00 router dnscrypt-proxy[969]: main.(PluginsState).ApplyLoggingPlugins(0xc00023c380, 0xc000097900) 2023-05-11T19:00:48.923363-03:00 router dnscrypt-proxy[969]: #011/home/runner/work/dnscrypt-proxy/dnscrypt-proxy/dnscrypt-proxy/plugins.go:396 +0x1d1 2023-05-11T19:00:48.923467-03:00 router dnscrypt-proxy[969]: main.(Proxy).processIncomingQuery(0xc000097900, {0xa22c00, 0xa}, {0xa200c2, 0x3}, {0xc0002ae2d0, 0x44, 0x45}, 0x0, {0x0, ...}, ...) 2023-05-11T19:00:48.923569-03:00 router dnscrypt-proxy[969]: #011/home/runner/work/dnscrypt-proxy/dnscrypt-proxy/dnscrypt-proxy/proxy.go:868 +0x180f 2023-05-11T19:00:48.923690-03:00 router dnscrypt-proxy[969]: main.(PluginDNS64).Eval(0xc0004f7090, 0xc00023c000, 0xc000024a20) 2023-05-11T19:00:48.923887-03:00 router dnscrypt-proxy[969]: #011/home/runner/work/dnscrypt-proxy/dnscrypt-proxy/dnscrypt-proxy/plugin_dns64.go:93 +0x1c5 2023-05-11T19:00:48.923986-03:00 router dnscrypt-proxy[969]: main.(PluginsState).ApplyResponsePlugins(0xc00023c000, 0xc000097900, {0xc0000fa800, 0x1d4, 0x200}, 0x0) 2023-05-11T19:00:48.924089-03:00 router dnscrypt-proxy[969]: #011/home/runner/work/dnscrypt-proxy/dnscrypt-proxy/dnscrypt-proxy/plugins.go:356 +0x424 2023-05-11T19:00:48.924186-03:00 router dnscrypt-proxy[969]: main.(Proxy).processIncomingQuery(0xc000097900, {0xa200c2, 0x3}, {0xa200c2, 0x3}, {0xc000122000, 0x2b, 0xfff}, 0xc000120000, {0xb08300, ...}, ...) 2023-05-11T19:00:48.924289-03:00 router dnscrypt-proxy[969]: #011/home/runner/work/dnscrypt-proxy/dnscrypt-proxy/dnscrypt-proxy/proxy.go:796 +0x18f7 2023-05-11T19:00:48.924390-03:00 router dnscrypt-proxy[969]: main.(Proxy).udpListener.func1() 2023-05-11T19:00:48.924486-03:00 router dnscrypt-proxy[969]: #011/home/runner/work/dnscrypt-proxy/dnscrypt-proxy/dnscrypt-proxy/proxy.go:403 +0x132 2023-05-11T19:00:48.924581-03:00 router dnscrypt-proxy[969]: created by main.(Proxy).udpListener 2023-05-11T19:00:48.924735-03:00 router dnscrypt-proxy[969]: #011/home/runner/work/dnscrypt-proxy/dnscrypt-proxy/dnscrypt-proxy/proxy.go:401 +0x20c 2023-05-11T19:00:48.929476-03:00 router systemd[1]: dnscrypt-proxy.service: Main process exited, code=exited, status=2/INVALIDARGUMENT 2023-05-11T19:00:48.929688-03:00 router systemd[1]: dnscrypt-proxy.service: Failed with result 'exit-code'.