TCP size-stamping works fine for type A queries but not for CNAME/NS and possibly others

fantuz / DNSProxy

DNSProxy listens for incoming DNS requests, parses and encapsulates such queries into HTTP requests towards DoH resolvers as per RFC-8484. Upon valid response from DoH HTTP service DNSProxy will craft and send RFC-1035 compliant DNS responses back to calling client. DNSProxy protects you from privacy leaks, with option to store raw response packets

https://tools.ietf.org/html/rfc8484

MIT License

15 stars 4 forks source link

TCP size-stamping works fine for type A queries but not for CNAME/NS and possibly others #6

Closed fantuz closed 4 years ago

fantuz commented 5 years ago

Unfortunately, more work is due with regards to TCP size calculations and stamping. A new algorithm is needed to predict size and dynamically change "window" value. Issue affects only TCP listeners.

fantuz commented 4 years ago

Given that the whole application was migrated to ONLY support RFC8484 format, udpwirreformat, we can now assume that the improved TCP algorithm for leght calculation haz NO ISSUE anymore, as no manupulation of packet is done anymore

(no response packet manipulation except for transaction ID and TCP length, indeed)